Sky ECC – Does the hack justify the means?

In recent years, various providers of supposedly tap-proof mobile phones – especially EncroChat and Anom mobile phones – as well as encrypted messenger services been hacked by the investigating authorities. Sky ECC is one such messenger service, which was operated by the Canadian-based company Sky Global. The company advertised the instant messenger as being particularly anonymous and protected from external access The service was distributed as a subscription on specially modified devices.

In March 2021, it was announced that a team of Belgian, French and Dutch Investigators had managed to hack the messenger. The underlying investigations apparently began in 2016. According to investigators, around 170,000 devices were affected, a five-digit number of which were located in Germany or had connections to Germany. Data was obtained over a period of 21 months; in total, this involves approximately 1 billion chat messages. It is said that the amount of data is three to four times larger than that from the previous hack of the messenger EncroChat. In particular, the surveillance period here was much longer than was the case with EncroChat. In the weeks before the hack became known, up to 70,000 devices were reportedly monitored live.

German investigative authorities are said to have been involved in the hack itself, but French and Dutch authorities were. However, the Federal Criminal Police Office (BKA) had already initiated an investigation a year before the hack became known. Investigation against all Sky ECC users in Germany Following the hack, the BKA received the data through European mutual legal assistance. The work of the German investigative authorities currently consists of Data on criminal behavior to check and the to identify users.

Sky ECC is not simply the successor to EncroChat. Besides the data volume, there are a number of other special features. For example, Sky ECC often no complete chat histories Investigators did not obtain any information, but rather only the chat messages of one of the two users involved. The assignment of the phones to the respective users is also relevant here, and often questionable; such devices were often used and shared by multiple people.

The legal core of the discussion – as with the data obtained via EncroChat and Anom mobile phones – is collection and utilization issues. Preparation and pre-sorting of data became by the French investigators before they were sent to Germany. Since this is not the complete data set, the so-called Raw data, but rather filtered and processed data, the current German and European jurisprudence to Utilization of insights from the hack against the communications provider EncroChat cannot be easily transferred to cases or the data from the Messenger Sky ECC.

However, in a first decision on this matter dated January 9, 2025 (case no. 1 StR 142/24), the Federal Court of Justice (BGH) held that the use of Sky ECC data did not violate essential constitutional principles. Because the surveillance was targeted at criminals, it therefore – in the BGH’s opinion – did not constitute mass surveillance without cause Nor can there be any prohibition on the use of evidence because, contrary to the provisions of Article 31 of the Directive on the European Investigation Order in criminal matters The German authorities were not notified by the French investigators. While this standardized duty to inform also serves the rights of the accused, the state's interest in solving serious crimes is of paramount importance.

Interestingly, courts in other European countries see things differently. On August 15, 2025, a court in Zurich ruled that the Sky ECC data was "absolutely unusable" under Swiss law. The court also based this on the fact that the requirements for suspicion of a crime, which under Swiss law must be based on "concrete circumstances and findings," were not met at the time of the surveillance measure. It also emphasized the importance of access to raw data for the defense and questioned the extraterritorial nature of the data collection.

A Europe-wide, uniform clarification of the legal issues by the European Court of Justice remains to be seen. Until then, law enforcement authorities are still busy evaluating the Sky ECC data. From the European investigators, via the Federal Criminal Police Office (BKA), these have now reached the public prosecutors' offices and the State Criminal Police Office (LKA). The Hamburg Public Prosecutor's Office announced in early 2025 that, „in the fight against international drug smuggling“ a „Country package with 570 cases“ to be expected.

Recent developments

By a decision dated October 31, 2025, Switzerland became the second country in the world to declare Sky ECC's chat data inadmissible. New York District Court “In a case concerning the importation of 20 tons of cocaine, the US District Court for the Eastern District of New York ruled that SkyECC data was inadmissible as evidence. The reason given was that the European investigative practices from which the data originated were incompatible with the Requirements of US evidentiary law Furthermore, the district court found that the data would not have been usable even if it had been lawfully collected, because its storage did not meet forensic standards and there was no comprehensible documentation proving its authenticity.

The Supreme Court of Austria However, the court has repeatedly ruled that data from SkyECC chats is admissible in criminal proceedings. The most recent ruling on this matter was issued on January 7, 2026 (13 Os 118/25i, 13 Os 119/25m): The appeal and the plea of nullity filed by a defendant convicted of large-scale drug trafficking as a member of a criminal organization pursuant to Section 28a of the Narcotics Act were dismissed. The Austrian court assumes that the Utilization Sky ECC chat data obtained through international cooperation permissible be and no prohibition on the use of evidence under Austrian law The lower court's rejection of motions to admit evidence was lawful because they were either unsubstantiated, aimed at gathering evidence for the purpose of investigation, or sought evidence that was doomed to failure. In particular, the use of the Sky ECC chat data was lawful because it was obtained by foreign authorities under a European Investigation Order and not through a surveillance measure unlawful in Austria. Therefore, there was no prohibition on the use of evidence under Section 140 Paragraph 1 of the Austrian Code of Criminal Procedure or Section 55a Paragraph 1 Item 13 of the EU Law on the Protection of Criminal Proceedings. 

Even the Federal Court of Justice The court continues to assume that the data is usable: This is demonstrated, for example, in a decision dated June 4, 2025 (Case No. 2 StR 557/24), concerning a case in which the conviction was largely based on the evaluation of the Sky ECC chat history. 

It remains to be seen how the European Court of Justice The European Court of Justice (ECJ) will decide on the admissibility of Sky ECC data. On September 16, 2025, the French Court of Cassation (cour de cassation) submitted specific questions regarding Sky ECC to the ECJ. However, a final decision is still pending.