A Commission staff working document published on 26 June 2026, accompanying a proposal for a new Europol Regulation, sets out plans to transform the agency into a 'truly operational police agency,' affecting EU Member States, EU bodies such as Eurojust, the European Public Prosecutor's Office (EPPO), OLAF, and Frontex, as well as national law enforcement authorities. The document, transmitted to the Council on 9 July 2026, argues that Europol's current mandate, established by Regulation (EU) 2016/794 and last amended in 2022 and 2025, suffers from structural limitations due to exponential multi-source data growth and faster-than-expected technological change. The revision aligns with the ProtectEU strategy and parallel reforms of Frontex, Eurojust, EPPO, and the EU data protection framework under Chapter IX of Regulation 2018/1725. The proposal amends Regulations (EU) 2018/1726 and (EU) 2024/982, and repeals Regulation (EU) 2016/794.
legal constraints preventing Europol from processing large datasets in real time, operational limitations in supporting Member States' cross-border investigations, and structural gaps in cooperation with other EU justice and home affairs agencies. The Commission notes that 64% of EU citizens worry about EU security, and that in 2024 Europol supported over 3,300 operations and enabled more than 2 million secure information exchanges. The document argues that the current legal framework cannot keep pace with converging cyber, financial, and terrorist threats, and that Europol must be empowered to provide proactive operational support and seamless cooperation across EU security bodies.
Policy orientations and trade-offs
The proposal seeks to expand Europol's data-processing capabilities, allowing it to handle large and complex datasets for analytical purposes, and to strengthen its role in operational coordination. This would involve granting Europol greater access to national law enforcement databases and enabling it to request the initiation of investigations in Member States. The trade-off lies between enhancing operational effectiveness and safeguarding fundamental rights and data protection. The impact assessment acknowledges that increased data access and processing powers could raise privacy concerns, but argues that safeguards, including oversight by the European Data Protection Supervisor (EDPS), would mitigate risks. Another tension exists between national sovereignty and EU-level operational capacity: Member States may resist ceding control over sensitive investigations, while the Commission argues that cross-border threats require a centralized response.
Stakeholder impact
EU law enforcement authorities would benefit from faster information sharing and analytical support, but may face new obligations to share data and comply with Europol requests. EU citizens could gain improved security, but also face increased surveillance and data processing by a more powerful agency. EU bodies such as Eurojust and EPPO would see enhanced cooperation, but may need to adapt their workflows to align with Europol's expanded role. Technology providers and data processors would face new compliance requirements if Europol's data-handling rules change. The impact on business is indirect but could include increased scrutiny of financial transactions and cyber activities if Europol gains broader access to private-sector data.
Institutional follow-up
The proposal now passes to the Council and the European Parliament for negotiation under the ordinary legislative procedure. The Council is expected to examine the impact assessment and the draft regulation in its law enforcement working party, with a view to reaching a general approach. The European Parliament's Committees on Civil Liberties, Justice and Home Affairs (LIBE) and on Budgets (BUDG) will lead the parliamentary scrutiny. The EDPS will also issue an opinion on data protection implications. The Commission aims for adoption before the end of the current legislative term.