Explore This Page

Talk to Us Today

We’re here to help with your legal needs. Reach out to us today and let’s start the conversation.

By 2026 the headline on EncroChat evidence is that the courts have settled it: the messages are admissible, the appeals have failed, and there is nothing left to argue. That is a misreading, and a dangerous one. The Court of Appeal has upheld the admissibility of the EncroChat evidence, but admissibility is not the same as proof, and a dataset is not the same as the case against you.

The real defence in most EncroChat cases is rarely about whether the material gets in. It is about attribution of user handles, reliability of the evidence and disclosure. Those are some examples of fights the prosecution does not always win.

At a glance

  • Admissibility is largely settled: the Court of Appeal held the EncroChat material was obtained from device storage rather than live interception, so it is admissible as evidence rather than barred intercept evidence.
  • That is not the end of the case: admissibility of the dataset says nothing about whether a particular handle, and particular messages, can safely be attributed as yours in a fair trial.
  • Attribution is the battleground: the prosecution has to prove you were the user of an EncroChat phone, at the time of 'incriminating evidence' found. Where that evidence is thin, cases fall apart.
  • Reliability and disclosure matter: the harvested data can be incomplete, and expert analysis has questioned how far it can be relied on.
  • The same is true of Sky ECC and Anom: admissibility resolved at the network level, attribution contested at the individual level.
  • Pre-charge engagement counts: early advice, expert analysis and attribution challenges land hardest before a charging decision is made.

The EncroChat hack and Operation Venetic

Most EncroChat cases in England and Wales flow from Operation Venetic, the National Crime Agency operation launched in 2020. It followed the infiltration of the EncroChat network, an encrypted messaging service used on modified handsets, by European law enforcement agencies, led by the French authorities.

In 2020 the French gendarmerie, working with Dutch investigators, placed a form of malware on EncroChat devices that allowed messages to be collected from the phones. Data from that operation was then shared with UK authorities, and Operation Venetic was launched in response. Hundreds of prosecutions followed, with significant drug and firearm seizures, and the typical charges are serious: conspiracy to supply controlled drugs, conspiracy offences linked to organised crime groups, and other serious organised crime allegations. These are document-heavy cases in which the prosecution often relies almost entirely on message data recovered from the EncroChat hack.

Where the law stands on admissibility

The single most litigated question has been whether the harvested EncroChat evidence was lawfully obtained and whether such evidence can be put before a jury in the Crown Court.

The interception versus storage distinction

The distinction that decided the point is technical. Communications intercepted in the course of their transmission generally cannot be used as intercept evidence in a criminal trial. Data obtained from a device under a Targeted Equipment Interference warrant can. In R v A, the Court of Appeal held that the EncroChat material had been extracted from stored data on the handsets rather than intercepted while being transmitted, which rendered is admissible encrochat evidence, obtained under a Targeted Equipment Interference warrant issued under the Investigatory Powers Act 2016. A court treats material obtained in that way as ordinary evidence. The trial court determines encrochat evidence admissibility.

In criminal proceedings, specific legal challenges can question the admissibility of encrochat data and whether such evidence in the Crown Court proceedings could be safely excluded. The court declined to exclude the evidence under section 78 of the Police and Criminal Evidence Act 1984, and rejected the argument that the way it had been obtained amounted to an abuse of process and that by utilising such encrochat data would lead to an unfair trial.

The appeals since

The position has held. Later appeals, considered on their own facts in cases such as Stokes and Murray, have not dislodged the core ruling, and the Court of Appeal has continued to treat the admissibility of the dataset as established. Separate proceedings before the Investigatory Powers Tribunal examined the warrant regarding the incercept material without changing the trial position. For the person facing an EncroChat prosecution today, a challenge aimed purely at keeping the whole dataset out is unlikely to succeed on its own before a court. However, the relevant legislation provides several grounds to properly challenge stored communications and encrypted data as the case develops.

The French and European dimension

As the EncroChat hack was a French-led operation, its lawfulness has also been tested in the French courts and in the European Union. Under French law, the way the data was collected and retained has been examined at the highest level. The French Court of Cassation, through its criminal chamber, and the Court of Justice of the European Union have both ruled on the lawfulness of that data under French law and on how it may be shared and used in criminal proceedings across the EU. Those rulings do not bind a UK court after the United Kingdom’s departure from the European Union, but they matter in criminal cases in the UK, because defence teams use them to frame legal arguments about the integrity and provenance of the same underlying data that UK proceedings so confidently rely on.

Why “admissibility is settled” is a misreading

Here is the error that costs defendants. “The evidence is admissible” is read as “the case is proved.” It is nothing of the kind. Admissibility decides only that a court may put the material before a jury. It says nothing about what the material shows, whether it is complete, or, most importantly, whether it belongs to the defendant at all, which is what a court still has to decide and can very much be influenced at the early stages.

An EncroChat case is not a case about a network. It is a case about a person, a handle, and a set of messages and multimedia that the Crown says that person sent/received or in some way was involved in a larger agreement to commit criminal offences. Every one of those links has to be proved, and the prosecution proves them with evidence that can be tested. Treating admissibility as the end of the argument concedes the very ground on which these cases are actually won and lost.

Attribution: the fight the prosecution can still lose

Attribution is the process of proving that a particular EncroChat handle was used, at a specific time, by a particular person. It is the heart of almost every serious EncroChat defence.

How the Crown attributes a handle to a person

The prosecution rarely has an admission that a defendant owned a handle which they positively link to criminal activity. They build attribution from circumstantial threads: self-referential messages that mention a name, a nickname, an address or a family detail; photographs sent from the EncroChat phone that show a face, a location or a possession; the correlation of the handle’s activity with a person’s known movements via ANPR, or with cell-site data from a personal phone; and links between what the messages describe and items later seized. In recent cases, the Crown also make stylistic links to how an individual speaks or sends particular word messages, supoorting attribution evidence. Individually, each thread is arguable. Together, the Crown says, they identify the user beyond reasonable doubt.

Where attribution breaks down

That case is only as strong as its weakest thread, and the threads are often weaker than they first appear. Handles and EncroChat devices are shared, sold and passed on. A photograph proves who was in front of the camera, not who pressed send. Movement correlation can be coincidental, and it depends on data that may itself be incomplete. Self-referential detail can be second-hand, boastful or simply wrong. In many EncroChat cases, the honest position is that the Crown has proved activity on a handle, but has not proved that the defendant was the person behind it. That gap, properly exposed, is where these cases collapse in court.

Reliability, completeness and disclosure

Two further issues sit alongside attribution:

  • The first, being reliability and completeness. The harvested data is not always a full record. Messages recovered can be partial, out of sequence or missing, and a selective picture can look very different from the whole extract. Expert analysis of the EncroChat data, including the widely cited conclusions of Professor Anderson, has questioned how far the collected material can safely be relied on as a complete and accurate record. Professor Anderson’s conclusions go to the reliability of the digital evidence itself, and a defence should be putting that analysis to the court rather than accepting it. Where Professor Anderson and other experts are right that message data may be missing, a conviction built on an incomplete record is unsafe.
  • The second issue is disclosure. Much of the method behind the operation, and the material that would allow it to be tested, has been withheld on public interest and related grounds. A defence that presses properly for disclosure, and that instructs its own experts to examine what has been served, is doing the work that turns an apparently overwhelming case into a contestable one.

Sky ECC, Anom and the same playbook

EncroChat was the first of these networks to be taken down at scale, not the last. Prosecutions arising from Sky ECC and from Anom, the platform run as part of the international Operation Trojan Shield, raise the same legal issues in the same order. Admissibility tends to be resolved against the defence at the network level, and the case then turns on attribution, completeness and disclosure at the individual level. The label on the private network changes, the shape of the real defence does not.

Where pre-charge engagement changes the outcome

These are long, document-heavy investigations, and the temptation is to wait until a charge forces the issue. That is the wrong instinct. The period before a charging decision is when a forensic expert can be instructed to test the served material, when the weaknesses in attribution can be identified and put in writing, and when focused representations can be made to the Crown Prosecution Service about whether the evidence really meets the test for a charge. Early advice, in other words, is where much of the value lies. We have seen EncroChat cases narrowed, and charging decisions influenced, by work done in exactly this window.

How we defend EncroChat cases

We treat admissibility as the starting point, not the contest. Our defence strategy is to instruct forensic experts to test the completeness and reliability of the served data, to take the attribution case apart thread by thread, and to press for the disclosure that lets us do it. Where the facts support it, we make the case to the prosecutor before charge that attribution cannot be proved. These are among the most serious allegations a criminal court hears, and they are defended on detail, not on slogans. You can read more about our approach to serious and financial crime defence, and where money laundering runs alongside an EncroChat case, our guide on money laundering under POCA offers further support.

We offer confidential consultations, in person at our London offices or remotely by secure call. Initial enquiries are handled discreetly and quickly.

If you are facing an EncroChat, Sky ECC or Anom investigation, speak to us before a charging decision is made.

Frequently asked questions

Can EncroChat evidence be used in court in the UK?

Broadly, yes. The Court of Appeal has held that the EncroChat material was obtained from stored data on the devices under a Targeted Equipment Interference warrant, rather than by interception, which makes it admissible in UK courts. Appeals have reinforced that position. What remains open, and often decisive, is whether the prosecution can prove that a particular handle and its messages belong to the defendant.

What was Operation Venetic?

Operation Venetic was the National Crime Agency operation launched in 2020 after European law enforcement agencies infiltrated the EncroChat network. Data from the EncroChat hack was shared with UK authorities and used to bring hundreds of prosecutions, most involving serious organised crime and conspiracy to supply controlled drugs.

If the evidence is admissible, is there any point defending?

Yes. Admissibility only means the jury can see the material. The prosecution still has to prove attribution, and that the messages mean what it says they mean. Where the attribution evidence is thin, or the data is incomplete, a properly run defence can and does succeed.

Do EncroChat, Sky ECC and Anom raise the same issues?

Largely, yes. Admissibility is usually resolved at the network level, and the individual case then turns on attribution, the completeness of the data, and disclosure. A defence built for one of these platforms transfers to the others.

I think I may be under investigation in an EncroChat case. What should I do?

Take advice before a charge is brought. Early expert analysis of the served material and early attribution challenges are far more effective before a charging decision than after it. We can also have cases reviewed after charge, to influence a dismissal. You can contact our team directly for a confidential discussion.

Lex Vindico Group is regulated by the Solicitors Regulation Authority. We represent individuals and businesses nationally across England and Wales in criminal, regulatory, and parallel-proceedings defence at every stage, and most decisively, at the pre-charge stage.
This article is written by Akram Mula, LLM, Solicitor Advocate and CPS-approved Prosecutor, founder of Lex Vindico Group. It is general legal information about the admissibility and defence of EncroChat evidence, not legal advice on any specific case. For advice on your individual circumstances, contact our team directly.

Recognised & Regulated

We’re proud to be recognised by the UK’s leading legal and professional bodies. With decades of experience across criminal defence, regulatory law, and litigation, our clients trust our lawyers to deliver results with discretion, precision, and integrity.

Time Matters.
Speak to Our Team Now

Your next step could make all the difference. Speak to our expert legal team now and protect your future.

Request a Callback