The Crime (Overseas Production Orders) Act 2019 (the “Act”) received Royal Assent on 12 February 2019. The Act allows UK law enforcement agencies including the Serious Fraud Office, HMRC and the Financial Conduct Authority, to apply for a court order with extra-territorial effect (an Overseas Production Order or “OPO”) to obtain data stored electronically, directly from communications service providers (“CSPs”) based outside the UK, in order to assist with domestic investigations and prosecutions of serious crime.


Before the Act was passed, UK legislation allowing law enforcement and prosecuting authorities to access electronic data was not explicitly extra-territorial and so only effective when the company or individual possessing or controlling the information was based in the UK. Accordingly, prior to the Act, law enforcement agencies had to primarily rely on Mutual Legal Assistance (“MLA”) channels when the required electronic data was held by a company based outside the UK. However, the MLA process can take between six months and two years, resulting in delayed or abandoned investigations or prosecutions. The Act provides an alternative, expedited procedure.


The OPO can be served in a foreign jurisdiction where a designated international cooperation agreement exists between that country and the UK. The UK is in the process of negotiating a data access agreement with the United States, where the world’s largest CSPs are based. Draft terms of the agreement are not yet publically available.

The judge considering the application for an OPO from a representative of a relevant law enforcement agency or prosecutor must be satisfied that there are reasonable grounds for believing that:

  • the person against whom the OPO is sought is based in or operates in a territory outside the UK which is a party to, or participates in, the designated international cooperation agreement specified in the application;
  • an indictable offence has been committed and that proceedings in respect of that offence have been instituted or the offence is being investigated, or alternatively, that the OPO is sought for the purposes of a terrorist investigation;
  • the person against whom the OPO is sought has possession or control of all or part of the data;
  • the data is likely to be of substantial value to the criminal proceedings or investigation in relation to which it is requested;
  • all or part of the data is likely to be relevant evidence in respect of the offence (this is not a requirement in respect of terrorist investigations); and
  • production of the data would be in the public interest.

If the OPO is granted, the CSP has seven days in which to produce the data, beginning with the day on which the OPO is served. This is unless the judge deems that a shorter or longer time period would be appropriate. Any person affected by the OPO may apply to vary or revoke the OPO. However, the OPO may include a non-disclosure requirement preventing the CSP from disclosing the fact or content of the OPO, except with leave of the judge or the relevant law enforcement authority or prosecutor that applied for the order. Even if an OPO is later revoked, the non-disclosure requirement could be maintained. This means that the underlying subject of the OPO – the person, for example, whose email mailbox will be accessed or produced as the result of an OPO – may never know that the OPO has been made and that their data has been made available to a law enforcement agency.

Neither legally privileged information nor confidential personal records (e.g. medical records) would have to be provided by CSPs (though confidential personal records are not excepted in the context of terrorism investigations). However, it appears that, at least initially, the person who decides what data falls into these categories, is the CSP, who may have just seven days to make that determination. How CSPs will navigate the evaluation of issues of legal professional privilege and identify confidential personal information in such a short period, remains to be seen.

KBR Inc. v Director of the Serious Fraud Office

On September 6, 2018, the English High Court handed down its judgment (here) in the application for judicial review brought by US company KBR Inc. (“KBR”) against the Director of the Serious Fraud Office (“SFO”). The judgment confirmed the SFO’s ability to require foreign companies to produce documents held outside the UK in accordance with section 2(3) of the Criminal Justice Act 1987, provided that there is a “sufficient connection” between the company and the jurisdiction. It was held that the existence of MLAs did not curtail the SFO’s ability to invoke its section 2 powers in this way. The KBR decision is a reminder of the ways in which the SFO, and other enforcement agencies, could seek to obtain documentation directly from companies and third party service providers, prior to the passage of the Act. The OPO is a further tool by which law enforcement agencies can directly obtain data located outside the UK from foreign companies.


The key practical impact of the Act is that UK law enforcement agencies, including the SFO, could have much quicker access to data generated and/or stored abroad by CSPs. Where enforcement agencies need access to data held outside the UK by other foreign companies, e.g. one that might be the subject of an investigation, the SFO’s section 2 powers – as opposed to MLAs – will most likely be the fallback.

Companies with data stored outside the UK need to be conscious that such data will in principle now be far easier to access by the UK authorities, as well as the related impact this may have on expectations when seeking to cooperate with such authorities. Likewise, CSPs holding data outside the UK should be alert to the possibility that the UK authorities could serve a binding order on them, which could require compliance within 7 days. Appropriate processes and procedures will need to be put into place to deal with such a possibility.

Charles Thomson

Charles Thomson is a partner in the Baker McKenzie Dispute Resolution team based in London. Charles has substantial experience of managing a broad range of high value, multijurisdictional commercial disputes and investigations, particularly those involving fraud and white collar crime, contentious trusts and complex banking and finance disputes. He also has experience of resolving disputes through alternative means of dispute resolution, including mediation and conventional negotiation. Chambers cite clients in describing Charles as "extremely knowledgeable, user-friendly and always willing to go the extra mile," while Legal 500 similarly enthuse that he is "a great strategic thinker and a thorough pleasure to work with." Charles is also listed as a Rising Star in Litigation by Legal Week and is also listed in Global Investigations Review as a leading expert in conducting investigations.

Joanna Ludlam

Joanna Ludlam is a partner in the Dispute Resolution team in Baker McKenzie's London office, where she leads the market-leading Regulatory, Public & Media law team and also co-leads the office's Compliance & Investigations Practice Group. At an international level, she co-chairs Baker McKenzie's Global Compliance & Investigations Steering Committee. In 2016, Joanna was named as one of The Lawyer’s “Hot 100” for her practice, and is recognised by Legal 500 and Chambers & Partners.

Jonathan Peddie

Jonathan Peddie is a partner in Baker McKenzie's Dispute Resolution team, based in the London office. Jonathan advises clients, primarily in the banking and financial services sector, in relation to corporate investigations, regulatory enforcement, financial crime, and civil and criminal litigation. Jonathan uses his substantial in-house experience to frame advice in a way that puts clients' strategic commercial objectives at the heart of the matter.

Tristan Grimmer

Tristan Grimmer is a partner in Baker McKenzie's London office. He is a member of the Compliance & Investigations and the International Trade and Competition practice groups. Tristan joined the Firm as a trainee in March 2004, qualifying in March 2006. He has advised on parallel investigations by authorities in the United States, Switzerland, Brazil, Japan, and has spent time working in Baker McKenzie's Chicago office. Tristan was recently named as a "Next Generation Lawyer" in the UK Legal 500 2017 directory.


Henry Garfield is a senior associate in the Dispute Resolution team in the London office of Baker & McKenzie and a member of the Compliance and Investigations group. Henry is an English qualified solicitor. Henry also worked in the San Francisco office for an extended period and has been seconded to the litigation and regulatory investigations team of a well known bank. During his secondment, Henry played a leading role in the internal legal team on a number of high profile investigations and disputes. Henry has also been seconded to the UK Serious Fraud Office, during which he was the Case Lawyer on a high profile and significant multi million pound investigation.


Yindi Gesinde is a senior associate and solicitor-advocate in the Baker McKenzie Dispute Resolution team in London. Yindi’s practice includes a broad spectrum of complex and high-value international and domestic commercial litigation for multinational clients, with specialist expertise in anti-bribery and corruption investigations, compliance and trust disputes.