The EU as a Promoter of Preventive Criminal Justice and the Internal Security Context

ABSTRACT

This paper discusses the current tendency in the EU to promote a criminal justice model focusing on prevention. In doing so, I examine the EU's internal security agenda with regard to criminal law and assess the extent to which this strategy fits the picture of an European Area of Freedom, Security and Justice placing equal value on freedom, security and justice. I also consider the external dimension to the EU's security program by examining the extent to which the EU benefits from the dual layer of security action provided for in the Treaty on the Functioning of the European Union and the Treaty of the European Union, or whether such double action creates unnecessary complexity. I contrast the current aspirations for more security and prevention in EU criminal law with the Commission's recent communication on the effective implementation of EU policies through criminal law. This communication stresses the importance of ensuring coherence in EU criminal law, while also respecting national diversity and serving the citizens. In addition, I discuss the extent to which the EU's promotion of preventive criminal justice risks turning the EU into a disintegrator instead of an agent of European values (depending on what these values are intended to mean in practice).

KEY WORDS:

• EU
• law
• criminal justice
• area of freedom
• security
• justice
• international security
• external
• prevention

1. Introduction

This paper takes as its starting point the claim that there is currently too much security on the agenda in the European Area of Freedom, Security and Justice (AFSJ) and too little justice-oriented thinking at the EU level. The EU's presence on the security stage has for a long time been turbulent, as evidenced by the well-documented events of 9/11 and the EU's ongoing fight against terrorism. It has been turbulent not only because of the thin legal basis that has often been employed as legislative justification for EU action, but also and particularly because of the apparent one-sided focus on preventive measures to increase the internal security of the EU. Admittedly this almost exclusive concentration on prevention is not unique to the EU, as the global war on terror has demonstrated security's very wide-ranging and dangerously broad potential for justifying action. The key point is that although society has to be kept secure, the security agenda can easily and always be manipulated to fit ‘what is needed in a democratic society’ (Murphy, 2012).

Over the past decade the internal security mission has gone hand in hand with the development of EU criminal law, while we have also seen the emergence of a European criminal law space, largely built on the virtues of pre-emption and prevention. The prime example of this has been in the EU's fight against money laundering and the financing of terrorism, as well as the more general fight against organized crime.¹ But there are many other examples, too. The recent Directive on the freezing and confiscation of criminal assets is just one of the latest endeavors in the EU's internal security strategy.² The notion of cybercrime, and the establishment of a European Cybercrime Centre,³ is yet another clear example of the elasticity of the security concept in this internal context. This paper focuses on how the EU's security mission is shaping the internal face of criminal justice and what this means for the EU's involvement as a criminal law legislator.

I first briefly discuss the current tendency in the EU to promote a criminal justice model focusing on prevention. In doing so, I examine the EU's internal security agenda with regard to criminal law and discuss the extent to which this strategy fits the picture of an AFSJ placing equal value on freedom, security and justice. I also consider the external dimension to the EU's security programme by examining the extent to which the EU benefits from the dual layer of security action provided for in the Treaty on the Functioning of the European Union (TFEU) and the Treaty of the European Union (TEU), or whether such double action creates unnecessary complexity. I contrast the current aspirations for more security and prevention in EU criminal law with the Commission's communication on the effective implementation of EU policies through criminal law.⁴ This communication stresses the importance of ensuring coherence in EU criminal law, while also respecting national diversity and serving the citizens. In addition, I discuss the extent to which the EU's promoting of preventive criminal justice risks turning the EU into a disintegrator instead of an agent of European values (depending on what these values are intended to mean in practice).

2. Emerging Polity of a European Criminal Law Space Built on Security: More Than Black Letter Law Implications

The AFSJ is rapidly expanding and becoming one of the newest policy domains in contemporary EU integration. Any discussion of the constitutional basis of an AFSJ means first examining Article 3 TEU. This sets out the EU's mission in this area by promising that the EU will offer its citizens an AFSJ. Article 4j TFEU confirms this mission by explicitly acknowledging the EU's competence and the fact that, in seeking to achieve such a constitutional space, the EU shares its competence with the Member States. Article 67 TFEU adds to this by setting out the AFSJ objectives in further detail. This latter Article, which is the portal provision for the AFSJ, states that the Union will ‘endeavour to ensure a high level of security’ and that this is to be achieved through

measures to prevent and combat crime, racism and xenophobia, and through measures for coordination and cooperation between police and judicial authorities and other competent authorities, as well as through the mutual recognition of judgments in criminal matters and, if necessary, through the approximation of criminal laws.

The Lisbon Treaty changed the institutional battleground by abolishing the complex pillar structure and extending the Court of Justice's previously constrained jurisdiction to include the former third pillar. The changes brought about by this Treaty are of great importance for the credibility of the AFSJ project as they enhance its democratic legitimacy. All is not well, however, with AFSJ law. The problem is that the main driver in this area has so far evidently been preventive action, whereas the creation of the AFSJ was closely associated with the more general promotion of EU values at the EU level. I have previously argued that the EU's ongoing fight against crime, and in particular money laundering and the financing of terrorism, is an example of a risk-based approach where linking effectiveness with security is problematic because of too much emphasis being placed on preventive regulation (Herlin-Karnell, 2011). This argument derives from the idea that a risk-based approach in EU criminal law goes far beyond the legal duty of lawyers and banks to report irregular activities as required by the Third and Fourth Money Laundering Directives⁵ and that the application of risk in contemporary EU criminal law is in many ways equated with security (Herlin-Karnell, 2012). There is also a clear connection between the concept of ‘risk’ and the principle of effectiveness in EU criminal law in the way in which these principles are invoked; in other words, as axioms that are taken for granted. These principles also appear to play a significant role in the constitutional process of justifying EU action in the first place. The EU's internal security strategy, as set out in the previous Stockholm Programme and the new Security Agenda for Europe⁶, needs to be viewed in the light of recent legislative developments,⁷ while this paper also seeks to place them in context by looking firstly at the meaning of security within the AFSJ and then at some recent legislative initiatives (e.g. Kaunert & Leonard, 2010).

2.1. Security Dogma in AFSJ law

The AFSJ sphere is becoming ever-more securitized, with an increasing mixing and mingling of the internal and external (Monar, 2010). This security mission also follows from the ambitions set out in Article 3 TEU and Article 67 TFEU. While Article 3 TEU sets out the objectives of the EU, including the objective to establish an AFSJ, Article 67 TFEU states that the Union shall not only constitute an AFSJ as such (as provided for in Title V of the TFEU), but that it shall also ‘endeavour to ensure a high level of security’. Security, however, is rarely defined in EU law (Lavenex & Wagner, 2007).

As far as EU law is concerned, security has traditionally been regarded as an external relations issue in the Common Foreign and Security Policy (CFSP) or the Common Security and Defence Policy, or as an internal market issue by means of derogation from EU law (public policy, public security and so on).⁸ This implies a European internal security space interacting with the external space. Indeed, it has been said that the notion of security knows no borders,⁹ and this seems particularly true in the EU context, where there is no clear division between internal and external security. Den Boer, however, points to the shift that is being seen in the security landscape, where factors previously regarded as threats have been replaced by a series of interconnected factors – such as globalization, climate change and migration – that have resulted in policymakers adopting a preventive approach (Den Boer, 2011). She also argues that the fusion between the internal and external seems to be leading to an increased focus on extraterritorial engagement at an EU level, where it is difficult to draw any exact dividing line between the two. Yet the problem the EU faces in its current approach to internal security is its uncritical ‘copycat’ approach with regard to the international forum (contrast De Goede, 2012). This is a dangerous path as it means opting for minimum transparency and a strong preventive focus, as demonstrated by international actors such as the Financial Action Task Force (e.g. Gilmore, 2011). The main issue for the EU in this respect is its one-sided focus on prevention and enforcement, while it has largely ignored the need to ensure adequate protection of the individual. In short, the focus on international security has overshadowed the need to ensure due process rights. Lucia Zedner meanwhile emphasizes the identity-building power of security and how the events of 9/11 have shaped Europe with regard to security governance at the interface between hard (i.e. border controls) and soft (i.e. information technology) security (Zedner, 2009). The point these scholars make is that the security discourse requires a more elaborate vocabulary and a more nuanced approach to what is actually at stake.

It goes far beyond the scope of this paper to delve into the EU's security agenda in general, a subject which has fascinated legal scholars for quite some time and has become a niche in legal writing. (e.g. Walker & Loader, 2007). After all, there has been a tendency to use ‘security’ as an almost blanket term to justify action in the EU AFSJ sphere. This is dangerous as security is a very capacious concept and perilously capable of meaning all things to all comers (Zedner, 2003). The general problem in the AFSJ discourse is that the security agenda has been pursued at the expense of the concepts of freedom and justice and that the EU has consequently concentrated almost exclusively on the prevention aspect.

2.2. Different Shades of Security: Why the Internal Still Matters

The Lisbon Treaty draws somewhat artificial dividing lines between internal and external EU security, as well as the issue of national – Member State – security. As mentioned earlier, Title V of the TFEU sets out the AFSJ mission. Although the merging of the pillars has done away with the former Article 47 of the EU Treaty (‘EU’) as the master provision of the treaties and the portal provision for delimiting powers between the pillars, the legal reality is considerably more complicated. This is because Article 47 EU has now been replaced by 40 TEU, which constitutes the ‘non-affect clause’ and states that no activity within the Treaties may affect the other TEU vis-à-vis the TFEU. The Lisbon Treaty seems therefore to raise as many questions as it seeks to resolve, given that the only jurisdiction over the TEU that has been granted to the Court is to police Article 40 TFEU (e.g. Van Elsuwege, 2010). It can legitimately be questioned whether the EU's security agenda benefits from this dual layer of security action within the TFEU and the TEU, or whether such double action in practice creates unnecessary complexity. In addition to this complexity, national security remains the competence of the Member States (Article 4(2) TEU and Article 73 TFEU). More specifically, the question to be asked is whether such a clear distinction can be made between internal and external security, given that there is clearly an external dimension to the AFSJ and vice versa. This issue is important as it has implications for the Court's jurisdiction, which is largely excluded from the TEU.

A recent example of the difficulty in distinguishing between the internal and external in the fight against terrorism is the recent judgment in Case C-130/10.¹⁰ In this ruling the European Parliament challenged Council Regulation 1286/2009 amending Council Regulation 881/2002 imposing certain specific restrictive measures directed against targeted persons and entities associated with the Al-Qaida network.¹¹ The Parliament argued that, having regard to the aim and content of the Regulation, the correct legal basis should have been Article 75 TFEU and not Article 215 TFEU. Article 75 TFEU would guarantee a larger role in the legislative process for the Parliament and also ensure the jurisdiction of the Court of Justice.

Advocate General Bot pointed out in paragraph 76 of his opinion that

Terrorism does not recognise borders. … Furthermore, if a terrorist group which usually operates within the European Union decides at a given point in time to collaborate with other terrorist groups pursuing similar objectives located outside the European Union, do the persons and entities associated with the first group then lose their status as ‘internal’ terrorists and become ‘external’ terrorists or even ‘international’ terrorists? These considerations alone are sufficient, in my view, to demonstrate that it is impossible in practice to implement such a distinction.

With regard to the contested regulation, the Court of Justice made it clear that this was based on a Security Council measure and intended to preserve international peace and security, which implies that the measure at stake had a clear CFSP character. In addition, the Court stated that the argument that it is impossible to distinguish between the combating of ‘internal’ terrorism on the one hand and the combating of ‘external’ terrorism on the other did not matter for the choice of legal basis and for the scope of Article 215(2) TFEU as the legal basis of the contested regulation. The Court therefore stressed the political considerations behind the drafting of the Lisbon Treaty and accepted that, when choosing between legal bases, it is not only the role of the European Parliament and the increased democratic input that are the decisive factors, as was traditionally the case under the classic Titanium dioxide case law template.¹²

Nevertheless, it is cautiously suggested that although the EU's security agenda may be too complex in theory, it may be too simple in practice. The reason why it is too complex in theory is because the Treaties do not make clear how the EU's competences in this area should be distributed, while the reason why it is too simple in practice is because it does not really matter which legal basis is applied as they all seek to achieve the same goal: more security. Surely it would be desirable to have clearer guidelines and a clearer focus on what the EU wants to achieve and on how that fits the picture of an AFSJ. Although it is commonly emphasized today that the AFSJ needs to be balanced, how this is to be done in concrete terms is still largely unresolved (Herlin-Karnell & Fichera, 2013).

Discussions of the EU's internal security agenda always draw a thin dividing line between the internal and external dimensions of security, and this is particularly relevant to the EU's constitutional competence with regard to the AFSJ.

But what does the EU's security mission tell us more generally about the identity of an AFSJ? The AFSJ is not clearly defined in the Treaty. The real guidance on what exactly is meant by an AFSJ is found in Title V of the TFEU and Article 67 TFEU rather than in Article 3 TEU, which merely draws up the framework for the AFSJ as an objective of the EU. As explained above, Article 67 TFEU specifies that the Union will constitute an AFSJ that respects the fundamental rights and the different legal systems and traditions of the Member States. It also states that the Union shall ensure the absence of internal border controls, as well as a high level of security through measures to prevent and fight crime, racism and xenophobia, and through measures for coordination and cooperation between police and judicial authorities and other competent authorities, as well as through the mutual recognition of judgments in criminal matters and, if necessary, through the approximation of criminal laws. If the above is taken literally, it could be argued that the security mission is of very high importance (perhaps even of greatest importance) for the establishment of the AFSJ.

One question that automatically arises in this context of security and when discussing the identity of the AFSJ is the extent to which this identity mission is more broadly tied to the EU's expressive function. It could be argued that criminal law offers one of the most interesting case studies of what is meant by ‘expressive’. European criminal law also and arguably offers a particularly clear example of where the legislative often relies on expressive justification when proposing new legislation. In other words, there is a clear symbolic dimension at stake (Turner, 2012). It has been argued, for example, that the fight against racism and xenophobia provides an example of where measures were justified mainly on the basis of the symbolic rather than the actual need for them (Turner, 2012). Although these measures may have been adopted on an expressive basis, i.e. that is why they were adopted, it is still the EU legislator who – according to the constitutional structure of the Lisbon Treaty (conferral, subsidiarity and proportionality) – has the burden of proof for justifying them. Hence, the burden of proof for justifying the need for new legislation at a supranational level, if ‘expression’ as such is not enough, lies with the EU.

While it seems clear that symbolism has a role to play in EU integration, given, for example, the lack of an EU demos, we need to reflect critically on what we mean by symbolism, particularly when it interacts with the preventive dimension of security. This is because terms such as ‘expressive’ and ‘social’ are at risk of being used in an overly broad way. To avoid confusion, we need to specify exactly what we mean by these terms, given that they may further enhance the focus on security (Adler, 2000). We need, therefore, to clarify the security concept in further detail and to explain why it has a substantial impact on the criminal law landscape.

3. Internal Security and Preventive Criminal Justice

When discussing the notion of internal security with regard to criminal law and justice, the first question to be asked is what is meant by ‘preventive’ justice? I am not so concerned here with the use of preventive orders such as sanctions with strict liability and no guarantee of a fair trial, which undoubtedly constitute a serious human rights issue (Ashworth & Zedner, 2010). Instead, in referring to preventive models, I predominantly mean the use of EU harmonization of criminal law as a means of pre-empting future crimes. Such an approach is most evident in the fight against terrorism, the financing of terrorism, money laundering and organized crime. Much of this current discussion in EU criminal law focuses on whether there is currently an over-criminalization in EU legal practice. However, the other side of the coin also involves certain dangers, namely decriminalization and the problems that such an approach can cause for the guarantees of due process provided for under Article 6 of the European Convention of Human Rights. As well as Article 48 of the Charter of Fundamental Rights.¹³

The Lisbon Treaty strengthens the EU's preventive focus in the AFSJ in that Article 84 TFEU states that the European Parliament and the Council may establish measures to promote and support the action of Member States in the field of crime prevention, excluding any harmonization of the laws and regulations of Member States. It is difficult, however, to assess the importance of this statement since Article 83 TFEU provides a rather sweeping competence for the EU in criminal matters. Not only for crimes such as money laundering, organized crime and drug trafficking, but also for any other crime policy area that is relevant for the effective implementation of existing Union policies. Surely this indicates a preventive aspect. Alternatively, Article 84 TFEU can be interpreted as meaning that the EU will have its own crime prevention programme – if such an agenda can in fact be distinguished from national laws and regulation. Moreover, Article 71 TFEU requires a standing committee to be set up within the Council in order to improve and strengthen operational cooperation on internal security within the Union. The Council consequently established an internal security committee shortly after the Lisbon Treaty entered into force. This committee facilitates and ensures effective operational cooperation and coordination in internal security, evaluates the efficiency of its operational cooperation, and assists the Council in reacting to terrorist attacks and other disasters under Article 222 TFEU. Rather than being involved in the legislative procedure, its aim is to implement the EU's internal security strategy.¹⁴

The questions arising are how to reconcile the EU's security dialogue with the Commission's promise of a more coherent EU criminal law system, and how the security discourse translates into how EU criminal law is dealt with in practice.

3.1. Examples from Practice

This section assesses three recent legislative initiatives in which the distinction between internal and external is blurred and in which there is a strong security focus.

The first example is the proposal for a directive on the freezing of the proceeds of crime. In this legislative instrument, the EU justifies its presence on the security scene by a simple reference to Article 67 TFEU and the proclamation that the Union shall provide citizens with a high level of security by preventing and combating crime.¹⁵ It also states that confiscating criminal assets is increasingly recognized as an important tool in combating organized crime, which is very often transnational in nature and thus needs to be tackled on a joint basis. According to the Commission, the EU is better placed than individual Member States to regulate the freezing and confiscation of criminal assets – subsidiarity arguments simply do not bite here. This proposal also has its starting point in the EU's internal security strategy. It is based on a dual legal basis (Article 82 (2) and Article 83 TFEU) and also covers criminal activities not specifically listed in Article 83(1) if those activities are committed by participants in a criminal organization, as defined in Framework Decision 2008/841/JHA on the fight against organized crime. This is because it has been suggested that the main achievements of the EU in combating money laundering and terrorism should be sought in the former intergovernmental sphere, while they are also to be found in related areas such as that of the confiscation of criminal proceeds rather than in the money laundering/terrorism instruments themselves. (Kaye, 2006).

The proposal for a ‘European terrorist finance tracking system’ is a second recent example of the EU's internal security agenda in interaction with the external sphere. The proposal specifically concerns EU–US cooperation and the collection of data in the fight against terrorism and its financing. It illustrates the difficulties faced by the EU with regard to the adequate protection of data in the security context.¹⁶ To date, agreement has been limited to the right to request data from providers of international financial messaging services, i.e. those services used for effecting transnational financial transactions, including between EU Member States, but not including financial messaging data related to the Single Euro Payments Area.

The third and final example of the EU's internal security agenda is the EU's fight against cybercrime which is the latest security buzz although the need to fight cybercrime has been around since the internet was invented and took phase in the last 10 year period. The recent Directive tackling such threat appears closely linked to the EU's fight against organized crime.¹⁷ The Commission had indicated early on that its intention to create a European Cybercrime Centre was a priority of the Internal Security Strategy.¹⁸ Thus, the new Directive is based on Article 83 (1) TFEU which covers computer crime in its broad sense.¹⁹ For the past ten years the EU has made important efforts to develop a framework capable of dealing with cyber security in the EU space. The new directive on attacks against information systems and the recent establishment of the European Cybercrime centre established by Europol represent important steps in the EU's anti cyber-crime strategy.

Keeping the security focus in mind and acknowledging the EU's apparent desire to establishing an internal security framework: this paper argues for the need to reconcile it with the EU's promise to deliver justice.

4. On the Need for Justice

The current EU focus on prevention and security prompts the more fundamental question of what this focus means for the concept of justice within the AFSJ. Douglas-Scott recently argued that the rule of law can be reflected in the justice paradigm in the AFSJ if its meaning can be extended beyond the empty assertion stated in the Treaty. In doing so she invokes a critical legal justice model (Douglas-Scott, 2012). The key to understanding justice, according to Douglas-Scott, is a holistic view that makes it more than an empty notion and substantiates the democratic values it embodies. She refers in this respect to the current injustice within the EU, particularly with regard to the AFSJ (Williams, 2010).

It may be argued that a security approach, such as the EU's fight against terrorism, money laundering and the proceeds of crime, may be problematic, not only because of the constitutional dimension of what these concepts mean – security and effectiveness (and their slippery nature) – but also because it may harm other interests, such as human rights, that the Union seeks to protect at an EU level. It could therefore be claimed that a tendency of EU colonization through vague concepts such as security, prevention and risk are not only harmful to the identity of the Union, but also jeopardize the true meaning of an AFSJ by stressing the risk aspect too strongly. The EU is slowly evolving into a criminal justice actor; that makes it all the more important, therefore, for it to adopt a critical stance on how to successfully manage the AFSJ in the future. The point here is that ‘security’ is very ambiguous and that blindly focusing on security risks not only making the EU's proclamation of the value of human rights meaningless, but also risks undermining the legitimacy of any action taken.

It has been observed that the EU has been, and continues to be, a ‘norm taker’ in these matters (Ripoll Servent & MacKenzie, 2012). Here, too, the EU has largely copied the Council of Europe framework and applied it beyond the unique concept of the European area of freedom, security and justice (Herlin-Karnell, 2013). The EU has also, however, used international fora to extend global norms into the domestic setting. How can such an approach be reconciled with the Commission's recent ambition of ensuring consistency and, therefore, a degree of integrity? The question is, however, what does this actually mean? After all, if consistent and coherent are always taken to mean ‘more EU legislation’ then the added value of the Communication is less impressive if the EU also wishes to recognize diversity as promised in the Communication. In any case, the Commission concludes by stating that there should be a common understanding of the guiding principles underlying EU criminal law legislation, such as the interpretation of basic legal concepts used in EU criminal law; and how criminal law sanctions can provide most added value at the EU level. If this is seriously embraced in practice, it is undoubtedly a very welcome development.

5. Concluding Remarks: Security and Europe's Raison d’être

While it could be argued that Europe's raison d’être should turn on its ability to uphold certain values, most prominently the rule of law and respect for human rights in line with the EU's approach to the outside world, its current security agenda appears to be in sharp contrast with this. This paper has examined the question of a preventive criminal justice model linked to the broader question of internal security in the EU by tying it to the wider debate on the meaning and function of an AFSJ and its internal security dimension. I have discussed the strong focus on security and asked how such an approach can be reconciled with an EU model of an AFSJ that places equal value on freedom, security and justice. I specifically set out to emphasize the strong and evident focus on crime prevention and the possible problems that such an approach may cause at a legislative level. I also addressed the external dimension to the EU's security programme by questioning the extent to which the EU benefits from this dual layer of security action within the TFEU and TEU, or whether such a double action creates unnecessary complexity (which, of course, is a highly political question). I conclude that the Commission's recent communication (COM 2011, 573 final)²⁰ on the effective implementation of EU policies through criminal law represents a remarkable example of how the Commission is adopting a more sophisticated approach to the EU criminal law project. The legal toolbox is there; it is just the tools that need developing and refining.

Acknowledgements

Thanks to the participants and the organizers for useful comments as well as to the anonymous reviewer for helpful suggestions, with the usual disclaimer.

Disclosure Statement

No potential conflict of interest was reported by the author.

Additional information

Funding

The research for this article was made possible with the kind support of a VENI grant from the Dutch Research Council.

Notes

1. Directive 2015/849 EU, of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

2. Directive 2014/42/EU, of the European Parliament and of the Council of 3 April 2014 on the freezing and confiscation of instrumentalities and proceeds of crime in the European Union.

3. Communication from the Commission to the Council and the EP – Tackling Crime in our Digital Age: Establishing a European Cybercrime Centre, COM (2012) 140 final.

4. COM (2011) 573 final.

5. Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (2005) OJ L309, superseded by Directive 2015/849 EU, of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

6. Most recently COM(2015) 185 final, The European Agenda on Security.

7. COM (2010) 0673 final.

8. See, for example, Article 45 (3) and (4) TFEU.

9. The EU Internal Security Strategy (2010-12) 17th report, House of Lords.

10. Case C-130/10, European Parliament v Council, Opinion of AG Bot delivered on 31 January 2012.

11. Case C-130/10, European Parliament v Council, judgment of 19 July 2012 (not yet reported).

12. Case C-300/89 Commission v Council [1991] ECR I-2867.

13. Engel and others v. Netherlands, Series A, No. 22, [1979-1980]1 ECHR 647, 20/04/1977.

14. http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/internal-security/cosi/index_en.htm (last accessed 29 January 2013).

15. COM (2012) 85 final, on the freezing and confiscation of proceeds of crime in the European Union.

16. COM (2011) 429 final, a European terrorist finance tracking system.

17. Proposal for a directive on attacks against information systems COM (210) 517.

18. The EU Internal Security Strategy in action: five steps towards a more secure Europe, COM (2010) 673 final, 22 November 2010.

19. Directive 2013/40/EU, L 218/8 directive on attacks against information systems and repealing Council Framework Decision 2005/222/JHA.

20. Towards an EU Criminal Policy: Ensuring the effective implementation of EU policies through criminal law.