In the United Kingdom, section 2 of the Criminal Justice Act 1987 gives the Serious Fraud Office (SFO) powers to serve a notice on companies or individuals compelling them to produce documents relevant to an SFO investigation.

The English courts have not decided whether the extraterritorial application of the section 2 powers require a company to disclose relevant documents it holds outside the United Kingdom. SFO practice has varied over time. More recently, the SFO has adopted a more expansive interpretation of its powers in international cases.

In October 2017, as part of a GIR Live exchange, former SFO Director David Green responded to criticism of the SFO's approach to section 2 by welcoming litigation on its extraterritorial reach 'in the right circumstances, brought at the right time'.1 And, indeed, on 17 April 2018, the High Court heard the ongoing judicial review challenge of KBR v. Director of the SFO.2 The SFO had served a section 2 notice compelling KBR to provide data that had been archived on its US servers, but had initially been held in the United Kingdom. KBR argued that Parliament 'had not intended section 2 notices to have extraterritorial application.' The SFO responded that a narrow interpretation would mean that the SFO is 'less able to investigate matters under its remit'.3 Judgment is currently awaited, which should clarify this important point around the SFO's exercise of its section 2 powers.

The United States has seen similar uncertainty in relation to the power that law enforcement possesses to order the production of documents across borders. For several years, practitioners had watched as Microsoft's challenge to a law enforcement subpoena wound its way through the US courts. Although US v. Microsoft made its way to the United States Supreme Court, the Court ultimately determined the case had become moot as a result of recently enacted legislation.4 Specifically, on 23 March, President Donald J Trump signed a US$1.3 trillion appropriations bill which was ultimately passed by Congress.

That 2,232-page spending measure included a bill called the 'Clarifying Lawful Overseas Use of Data' or CLOUD Act.5 Passage of the CLOUD Act resolved the issue that was before the US Supreme Court in US v. Microsoft – the Stored Communications Act now explicitly applies to data held by US communications and cloud providers regardless of location.6 Other provisions of the CLOUD Act, however, may significantly alter how non-US law enforcement officials seek and obtain electronic communications and data in the hands of US cloud service providers.


1. Roger Hamilton-Martin, 'David Green on section 2 judicial review: "Bring it on"', Global Investigations Review, vol. 5, Issue 4, p. 26.

2. KBR Inc v. Director of the SFO (2018), available at⟨=en.

3. Waithera Junghae, Global Investigations Review, (17 April 2018) 'KBR fights SFO on extraterritorial application of section 2 notices', available at


5. A copy of the CLOUD Act is available at

6. Indeed, just days after the CLOUD Act was passed the DOJ abandoned its original warrant and served a new warrant for the same data. The DOJ asked the Supreme Court to vacate and remand the case for dismissal because it was now moot, and Microsoft agreed, though the Court has not yet issued a ruling.

Originally published by Global Investigations Review.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.