The EU is taking steps to transform Europol into an active law enforcement agency as digital crime increases.

      Brussels aims to double the staff of Europol and expand its data capabilities. Rights organizations have claimed that the surveillance measures have been established before adequate safeguards have been put in place. The European Commission has proposed giving Europol a significantly larger role as part of its initiative to strengthen the EU against organized, internet-based, and financial crime. The plan seeks to transform the EU's police agency from merely facilitating national forces into a more autonomous operational body, with increased staff, funding, and enhanced data access.

      The proposed changes are substantial. The Commission has indicated plans to double the personnel at Europol and allocate around €3 billion for the agency in the upcoming budget cycle, in addition to nearly €12 billion for the border agency Frontex. This restructuring aims to enhance the agency’s support for member states through Operational Task Forces and Joint Investigation Teams, strengthen its strategic collaborations with non-EU nations and private entities, and introduce what the Commission describes as enhanced oversight and accountability mechanisms to manage this expansion.

      This initiative is part of the Commission's broader internal security agenda known as the ProtectEU strategy, which promises a significant reform of Europol's role to make it "a truly operational police agency." A public consultation took place from late October to January, with the Commission indicating that the proposal would be presented to Members of the European Parliament (MEPs) in the second quarter of 2026. The proposal now begins the usual legislative process through the European Parliament and the Council, where detailed discussions and debates will occur.

      A significant portion of the proposal focuses on digital matters. The Commission intends for Europol to establish itself as a hub of operational expertise in digital forensics and has included a technology roadmap aimed at identifying lawful means for law enforcement to access encrypted data, with future funding for next-generation decryption anticipated by the end of the decade. Additionally, Brussels plans to seek improved cross-border cooperation on lawful interception by 2027.

      The issue of encryption is likely to be contentious, considering the intense debates within the bloc over message scanning regulations and the strong warnings from privacy advocates that any backdoor could potentially be exploited by anyone. This concern represents the core of opposition to the reform. Digital rights organizations perceive this proposal as a continuation of a troubling trend rather than a departure from it. European Digital Rights, along with the Protect Not Surveil coalition, argues that the reform would expand Europol’s powers while providing minimal safeguards for fundamental rights, granting the agency access to extensive personal data databases without sufficient accountability.

      This apprehension extends beyond campaigners. The European Data Protection Supervisor, the EU's privacy regulator, has previously criticized Europol for its management of personal data belonging to Europeans, including a dispute over a large amount of data retained on individuals with no connection to any criminal activity. The issue of biometric data processing adds another layer of complexity, as lawmakers have endorsed regulations that expand the agency's ability to handle biometric data, a move that critics argue could lead to the normalization of facial recognition databases.

      As is typical, Brussels has established structures before determining what limitations should be enacted. The timing of this reform is also notable, occurring alongside a surveillance industry in Europe that has frequently surpassed the regulations designed to rein it in, with incidents ranging from spyware controversies to leaks exposing lax export controls applied to firms selling interception tools to authoritarian governments.

      Despite the Commission's intentions for Europol to delve deeper into data, there remains a challenge in overseeing the companies providing interception technologies to oppressive regimes. This backdrop does not guarantee that the proposal will remain unchanged. It serves as a baseline, and the European Parliament has a history of modifying internal affairs proposals it believes have overstepped, similar to its discussions regarding the scope and timing of the bloc's AI Act.

      Commissioner Magnus Brunner, who oversees home affairs, has presented the redesign as a means of equipping national forces with technological capabilities that they cannot achieve independently. The subsequent steps are procedural: the proposal will go to co-legislators, the European Data Protection Supervisor will provide its opinion, and negotiations regarding data access, biometric powers, and oversight will continue through trilogue discussions. Reporting the numbers is straightforward; the more complex issue is determining who will oversee the agency once it gains such expansive capabilities.