The United States and the United Kingdom entered into the world’s first ever CLOUD Act Agreement that will allow American and British law enforcement agencies, with appropriate authorization, to demand electronic data regarding serious crime, including terrorism, child sexual abuse, and cybercrime, directly from tech companies based in the other country, without legal barriers.

The current legal assistance process can take up to two years, but the Agreement will reduce this time period considerably, while protecting privacy and enhancing civil liberties. The historic agreement was signed by U.S. Attorney General William P. Barr and UK Home Secretary Priti Patel at a ceremony at the British Ambassador’s residence in Washington, D.C.

Attorney General William Barr said: “This agreement will enhance the ability of the United States and the United Kingdom to fight serious crime — including terrorism, transnational organized crime, and child exploitation — by allowing more efficient and effective access to data needed for quick-moving investigations. Only by addressing the problem of timely access to electronic evidence of crime committed in one country that is stored in another, can we hope to keep pace with twenty-first century threats. This agreement will make the citizens of both countries safer, while at the same time assuring robust protections for privacy and civil liberties.”

Home Secretary Priti Patel said: “Terrorists and paedophiles continue to exploit the internet to spread their messages of hate, plan attacks on our citizens and target the most vulnerable. As Home Secretary I am determined to do everything in my power to stop them. This historic agreement will dramatically speed up investigations, allowing our law enforcement agencies to protect the public. This is just one example of the enduring security partnership we have with the United States and I look forward to continuing to work with them and global partners to tackle these heinous crimes.”

Both governments agreed to terms which broadly lift restrictions for a broad class of investigations, not targeting residents of the other country, and assure providers that disclosures through the Agreement are compatible with data protection laws. Each also committed to obtain permission from the other before using data gained through the agreement in prosecutions relating to a Party’s essential interest—specifically, death penalty prosecutions by the United States and UK cases implicating freedom of speech.

The novel U.S.-UK Bilateral Data Access Agreement will dramatically speed up investigations by removing legal barriers to timely and effective collection of electronic evidence. Under its terms, law enforcement, when armed with appropriate court authorization, may go directly to tech companies based in the other country to access electronic data, rather than going through governments, which can take years. The current Mutual Legal Assistance (MLA) request process, which sees requests for electronic data from law enforcement and other agencies submitted and approved by central governments, can often take many months. Once in place, the Agreement will see the timeline obtaining evidence significantly reduced.

The Agreement will accelerate dozens of complex investigations into suspected terrorists and pedophiles, such as Matthew Falder who was convicted in 2018 in the UK of 137 offenses after an eight-year campaign of online child sexual abuse, blackmail, forced labor and sharing of indecent images, which highlighted the need to speed up these investigations.

The United States will have reciprocal access, under a U.S. court order, to data from UK communication service providers. All requests for access to data will be subject to independent judicial authorization or oversight.

In March 2018, Congress passed the CLOUD Act, which authorizes the United States to enter into bilateral executive agreements with rights-respecting partners that lift each party’s legal barriers to the other party’s access to electronic data for certain criminal investigations. The Agreement was facilitated by the UK’s Crime (Overseas Production Orders) Act 2019, which received Royal Assent in February this year. The Agreement will enter into force following a six-month Congressional review period mandated by the CLOUD Act, and the related review by UK’s Parliament.