On October 3, 2022, the U.S. Department of Justice (“DOJ”) announced that the agreement between the U.S. Government and the UK Government on Access to Electronic Data for the Purpose of Countering Serious Crime (the “CLOUD Act Agreement”) entered into force, effective the same day. The CLOUD Act Agreement, which is authorized by the U.S. Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, is the first of its kind and will allow each country’s investigators to gain access to data held by service providers in the other country, for the purpose of combating serious crime. According to DOJ, this “will greatly enhance the ability of the United States and the United Kingdom to prevent, detect, investigate and prosecute serious crime, including terrorism, transnational organized crime, and child exploitation, among others.”
To invoke the CLOUD Act Agreement, numerous requirements must be met, including that a data request made under the Agreement must be related to a serious crime and must not target persons located in the country where the request is being sent. Both the U.S. and UK have designated authorities responsible for the implementation of the CLOUD Act Agreement, namely DOJ’s Office of International Affairs and the Investigatory Powers Unit of the UK Home Office, respectively.