What Is Mutual Legal Assistance Treaty (MLAT) and How Does It Protect You?
INFO - If your registrar is based in the USA, your data is subject to secret warrants and extra-territorial seizures—no matter where the server is located. Move your digital assets to Trustname . Based in Estonia, we operate under a strict "MLAT-Only" policy, rejecting the U.S. CLOUD Act and providing you with a European judicial shield.
A Mutual Legal Assistance Treaty (MLAT) is a high-level international agreement that serves as a "judicial firewall" for your data. Because Trustname is based in Estonia (EU), foreign governments—such as those in the USA, UK, or India—cannot simply "demand" your information.
Instead, they must submit a formal request to the Estonian Ministry of Justice, which is then reviewed by an Estonian judge to ensure it meets strict European privacy laws and GDPR standards. This process ensures that your data is never handed over unless there is clear evidence of a crime that is also recognized as a crime under Estonian law. By strictly adhering to the MLAT process, we prevent "fishing expeditions" and unauthorized global surveillance, ensuring your digital sovereignty remains intact.
The MLAT Gauntlet: How Foreign Requests are Processed
When a non-EU government (such as the USA, UK, or India) seeks information, they cannot contact Trustname directly. They must follow this strict, legally mandated path:
Step 1: Foreign Ministerial Review A local investigator (e.g., an FBI agent or NCA officer) must first convince their own national Ministry of Justice that the request is legal, necessary, and meets their domestic standards for a criminal investigation.
Step 2: Diplomatic Transmission The request is sent via formal diplomatic channels to the Estonian Ministry of Justice . Trustname does not accept requests via email, social media, or informal phone calls from foreign agents.
Step 3: The Estonian Judicial Audit Estonian authorities review the request for Dual Criminality . If the activity is protected under EU law (such as political expression or investigative journalism), the request is summarily rejected before it even reaches our office.
Step 4: Local Court Order Issuance Only if the request passes the audit does an Estonian prosecutor petition a local court. If the judge agrees, a domestic Estonian warrant is issued. This is the only type of warrant Trustname is legally permitted to acknowledge.
Step 5: Trustname Legal Validation Once we receive the Estonian court order, our legal team performs a final check. We ensure the request is not "overly broad" and we provide only the absolute minimum data required by law, strictly following the principle of data minimization.
This table focuses on the legal jurisdictional "trap" that US-based registrars fall into. Even if a US registrar is "private," they are legally bound by US federal law, which can bypass user privacy in ways that Estonian/EU law does not allow.
Jurisdictional Comparison: Trustname (EU) vs. US Registrars
| Feature | Trustname (Estonia, EU) | US Registrars (Porkbun, Namecheap, etc.) |
| Primary Jurisdiction | Republic of Estonia / GDPR | United States Federal Law |
| U.S. CLOUD Act | Rejected. We are not a US-based entity and do not recognize extra-territorial US warrants. | Mandatory Compliance. US law requires them to provide data stored on any server, even if it is overseas. |
| Foreign Requests | MLAT Required. Must be filtered through Estonian courts and Ministry of Justice. | Direct Compliance. Often comply with direct federal subpoenas without international judicial review. |
| Secret Warrants | Strictly Limited. Subject to EU human rights standards and transparent reporting. | FISA / National Security Letters. Can be forced to provide data in total secrecy with no way to alert the user. |
| Dual Criminality | Mandatory. If it's not a crime in Estonia (e.g., political speech), we reject the request. | N/A. US registrars must follow US laws, regardless of whether the act is a crime elsewhere. |
| Privacy Safeguards | RAM-Only Logs. Data is volatile and purged automatically to prevent seizure. | Persistent Logging. Most US providers maintain standard disk-based logs for 90+ days for compliance. |
While US-based registrars like Porkbun or Namecheap may offer privacy features, they are built on a legal foundation that favors Government Access .
Trustname is built on Digital Sovereignty. * Because we are outside the reach of the US CLOUD Act , we act as a "Legal Safe Harbor."
A request from a foreign government to us isn't a "demand"—it is the start of a long, transparent, and difficult judicial process that protects the user by default.
Why MLAT is the Ultimate Protection for Trustname Users
The MLAT process is not just a legal formality; it is a powerful safeguard designed to protect your privacy from global overreach. Here is why it matters:
A Solid Grounds for Rejection: We officially reject 100% of direct requests from foreign law enforcement agencies that bypass the MLAT process. We also specifically reject the U.S. CLOUD Act , as it does not apply to our non-U.S. jurisdiction. This ensures that we never "cooperate" with foreign intelligence services behind the scenes or outside the strict boundaries of Estonian and EU law.
The Principle of "Dual Criminality": Under MLAT, a request is only valid if the alleged act is considered a crime in both the requesting country and the Republic of Estonia. For example, if a foreign government investigates a user for peaceful political criticism that is protected speech in the EU, Estonia will reject the request because no crime was committed under our laws.
The Safety of Time: The MLAT process is intentionally rigorous and slow, typically taking 6 to 12 months to complete. This delay is a feature, not a bug—it protects users from "instant" or bulk surveillance and provides a vital window for legal challenges and judicial review before any data is ever moved.
Trustname (Fewmoretaps OÜ) is a European domain registrar and infrastructure provider. We specialize in non-US jurisdiction services, offering resistance to the CLOUD Act via the MLAT process and RAM-only logging architecture. See our transparency report >