top of page
lady justice statue and eu flag

AUGUST 18, 2026. THAT'S YOUR DEADLINE. 

EU e-Evidence & e-CODEX Compliance for Telecom Operators

Still pulling siloed data manually when an EPO arrives? REX replaces that fragmented chain with a single automated workflow. From e-CODEX intake to compliant delivery, without human intervention.

The EU e-Evidence Compliance Guide for Telecom Operators

What every operator must do to navigate the new regulatory landscape. Includes the 5 operational weaknesses most operators have right now, a full compliance checklist across legal, technology, security, and operational readiness, and a blueprint for a compliant architecture.

Includes: Compliance Checklist | Key Deadlines | 5 Compliance Traps to Avoid

Subtonomy Compliance guide cover

Why e-Evidence matters

The 2026 compliance deadline

From 18 August 2026, all telecom operators in the EU must comply with the new e-Evidence Regulation (EU 2023/1543) and Directive (EU 2023/1544)

New rules for cross-border lawful requests

Law enforcement authorities will be able to issue direct cross-border orders for subscriber or traffic data. Operators must respond within 10 days — or within 8 hours in urgent cases — and all requests must be handled through the EU’s e-CODEX platform. Failure to comply can lead to fines of up to 2% of global turnover.

Woman looking at Carl Nilsson's name tag, with white text, in office

Four Compliance Challenges for Telecom Service Providers. 
One Deadline.

STRICT DEADLINES AND EMERGENCY CASES

Manual processes can't meet an 8-hour clock. Compliance requires full automation and 24/7 readiness — no exceptions.

MANDATORY E-CODEX COMMUNICATION

Email and local portals are out. Every lawful data exchange must flow through e-CODEX. If you're not integrated, you're non-compliant.

LEGAL REPRESENTATIVE AND ACCOUNTABILITY

The regulation requires a designated legal representative with authority, resources, and cross-team integration. This role must be defined and operational before the deadline.

AUDITABILITY, GDPR AND DATA PROTECTION

Every disclosure must be logged, traceable, and GDPR-aligned. Speed without integrity isn't compliance — it's a liability.

How REX Meets Every Requirement

REX is purpose-built for this regulation — consolidating mirrored data, automating case management, and connecting natively to e-CODEX so you meet every deadline, every time.

E-CODEX READY &
SEAMLESS INTEGRATIONS

REX is fully E-CODEX-ready, ensuring compliance with the EU’s mandatory digital platform. It is built on open APIs, enabling seamless integration with all your existing OSS, BSS, CRM, billing, and storage systems — removing silos and minimizing deployment complexity.

EXTREME SPEED TO MEET
8-HOUR DEADLINES

REX consolidates subscriber, network, and billing data into a single platform, delivering accurate results in minutes or seconds — well inside the 8-hour emergency window.

CASE MANAGEMENT FOR END-TO-END CONTROL

To further streamline compliance, REX Case Management automatically pre-populates incoming requests, assigns unique case IDs, prioritizes and manages them through to completion. It ensures every step is traceable, integrates with billing, and provides a defensible audit trail — reducing manual workload while strengthening compliance integrity.

CENTRALIZED, SECURE AND AUDIT-PROOF

Every request handled in REX is fully logged and traceable. The platform enforces strict access controls, GDPR alignment, and security standards, ensuring lawful requests are processed with accuracy, speed, and transparency.

Partner with Subtonomy for
e-Evidence Compliance

Subtonomy already supports operators across Europe in handling lawful data requests securely and efficiently. With a 100% satisfied client base, REX is proven in real-world deployments.

TRUSTED BY LEADING EUROPEAN OPERATORS

REX gives us a completely different workday in terms of easiness of use and query response time. Reports we previously had to wait several hours for are now generated in minutes or even seconds. 

TERJE RUDIN
Product Manager Police Response Center & NOC @Telenor Norway

Frequently Asked Questions (FAQ) on EU e-Evidence & e-CODEX Compliance

Your Questions, Answered.

We understand that data retention involves complex technical, legal, and security details. To provide clarity, we've gathered straightforward answers to the most common questions about the REX platform, its capabilities, and its compliance.

  • The primary challenge is the combination of extreme speed and mandatory technical integration. The regulation demands a response to emergency requests within just 8 hours, a deadline that is impossible to meet with traditional, manual processes. Furthermore, all communication must go through the secure e-CODEX platform, not email or portals. Most telecom operators' current workflows are fragmented across multiple systems (billing, network, CRM), creating bottlenecks that represent a direct and costly compliance risk.

  • Most existing data retention or lawful intercept (LI) systems were designed for national requirements, not for the specific demands of this new EU regulation. The e-Evidence framework introduces new complexities they weren't built for: the 8-hour emergency deadline, the cross-border nature of orders, and the mandatory, complex technical integration with the e-CODEX infrastructure. Attempting to "bolt on" an e-CODEX interface to a legacy system will not solve the underlying bottleneck — it cannot automate and accelerate the data consolidation needed to meet the 8-hour SLA.

  • e-CODEX is far more than a portal; it is a decentralized, secure digital infrastructure that acts as the mandatory channel for all cross-border judicial data exchange in the EU. For an operator, a compliant telecom data retention solution must integrate natively with this architecture. This involves using e-CODEX "Gateways" and "Connectors" to create a fully automated, end-to-end workflow — from securely receiving a European Production Order (EPO) to validating it, executing the query, and delivering the secure report back through the e-CODEX channel.

  • The only viable way is through automation. Meeting this deadline requires a fundamental shift from reactively searching for data to having it proactively prepared. An automated lawful request processing platform, like Subtonomy REX, continuously ingests and indexes data from all relevant sources (signaling, billing, IP records, CRM) before a request arrives. When an order is received via e-CODEX, the system can execute automated queries in seconds, compiling and delivering the report without human intervention, ensuring the 8-hour deadline is met every time

  • This is critical. Compliance requires integrity, not just speed. A modern platform must be "audit-proof by design". This is achieved with strict safeguards, such as mandatory search justification, where no query can be run without a valid, logged case number. Every action, from an authorized user's login to the final data delivery, must be recorded in a comprehensive, unalterable audit trail. This provides a defensible, step-by-step evidentiary chain for every request, proving to regulators that the data is accurate and was handled lawfully.

  • While August 2026 is the final implementation date, the timeline to readiness is long and complex. Key deadlines, like appointing a legal representative, are much earlier (February 2026). The procurement, integration, and testing of a new EU telecom data solution across multiple, complex data sources can take many months. Starting now is the only way to de-risk the project, run simulations, and ensure you have a robust, tested, and fully compliant platform operational before the deadline arrives and penalties of up to 2% of global turnover apply.

Explore the Full Subtonomy REX Platform

While REX ensures your E-Evidence compliance, it's designed to solve challenges across your entire operation. See what else our unified platform can do for your business.

Man working on database loading, Searching database, 2025-03-30 at 02:35:00 loading bar, data access

Telecom Data Retention Solution –
comply with national and EU regulations

Subtonomy REX is the industry’s most advanced platform for handling lawful telecom data retention requests, enabling secure, automated, and lightning-fast responses that are fully compliant with GDPR and upcoming national regulations.

A yellow helicopter lowers a rescuer with a person in need of rescue.

Search and Rescue Operations – real-time location access when lives are at stake

Subtonomy REX empowers telecom providers to comply with lawful SAR requests swiftly, securely, and with pinpointed accuracy, enabling search and rescue teams to act faster and save lives.

Woman working at desk, reading "Personal Information Sale Number # 13596" message.

Case Management System 
add-on to streamline lawful requests end-to-end

Case Management System is a purpose-built module designed to bring structure, automation, and accountability to how telecom operators handle lawful requests — from initial intake to final delivery. 

bottom of page