A Leaky Registry: What’s Wrong with Full Access to Court Decisions

The problem of unauthorized use of data obtained through full access to court decisions is growing — and it needs to be fixed.

Pre-trial investigations must remain strictly confidential up to a certain point. Suspects, the public, and uninvolved state bodies should have no visibility into what the prosecution is doing or planning. The logic is simple: keep outsiders away from the evidence before it’s secured. 

That’s what information security systems are for. Yet suspects will always try to stay one step ahead of law enforcement, covering their tracks and shielding themselves from prosecution. Which is why we keep seeing reports of attempts to extract information during the “closed” stages of an investigation, before a formal suspicion notice is ever served. 

One tool they’ve exploited is access to the Unified State Register of Court Decisions (USRCD) — not the public version available to everyone, but full access: the kind that reveals names, addresses, and even rulings from closed hearings, including search warrants, temporary access orders, and asset freezes. Some people have turned this into a business. Last year, NABU served suspicion notices to lawyers involved in schemes for illegally accessing sealed court rulings. 

Further evidence of the problem surfaced at a parliamentary anti-corruption committee session on February 26, when the NABU and the SAPO leadership disclosed that a number of officials — from the SSU, ARMA, SBI, PGO, and the National Police — had searched and viewed HACC rulings in the so-called Midas operation: warrants and procedural orders, some of which were still confidential at the time. According to anti-corruption authorities, none of this activity could be explained by professional necessity. 

This article examines the root causes and potential solutions. 

How does register access work?

The USRCD operates under two access tiers. 

General access is open to the public via the official web portal. All published decisions are depersonalized — names, addresses, and other sensitive data are stripped out. 

Full access is a restricted, service-use instrument available exclusively to judges, court staff, and authorized personnel of law enforcement and state bodies (NABU, SAPO, SSU, SBI, ARMA, etc.). This tier displays unredacted documents in their entirety. Authorization requires login through the Electronic Court system using personal digital keys or tokens.

Under the USRCD Maintenance Procedure, the administrator — state enterprise Judicial Information Systems — is required to track and log all actions by authorized users. In other words: there’s a paper trail for who searched what, and when.

What’s the problem?

Debate over the unauthorized dissemination of information obtained through full register access intensified following several NABU cases, most notably the Borzykh case. More recently, the Midas operation disclosure revealed officials from multiple agencies browsing sealed rulings without legitimate cause. And during HACC judicial selection interviews, it emerged that candidates — themselves authorized registry users — had conducted searches impossible to justify on professional grounds. 

As we can see, last year alone saw no shortage of unjustified searches in the USRCD. The mechanisms enabling these leaks fall into three categories.

Use of others’ credentials. Various authorities have confirmed cases where third parties (typically lawyers) accessed the sealed register using judges’ login credentials. In one case from the Kyiv Region, a lawyer allegedly logged in under a judge’s credentials to retrieve rulings concerning his clients (operators of fraudulent call centers) and tipped them off about planned investigative actions. This was prosecuted as unauthorized interference with automated systems under Article 361(5) of the Criminal Code.

Court staff acting as insiders. Schemes have also been uncovered where court employees systematically supply information to outside clients. In Dnipro, a judge’s assistant allegedly conducted targeted searches twice a week on behalf of criminal actors and lawyers, printed search warrants (including those in money-laundering cases) and handed them over for payment.

Unjustified searches under full access. Log analysis during HACC selection interviews revealed widespread misuse of service-level credentials for personal purposes. It was established that candidates (sitting judges) had run hundreds of queries on former family members, their businesses, or their own cases. One candidate’s login was linked to 240 queries unrelated to their caseload, including 75 searches on their sister’s ex-husband, who was under investigation. System logs show recurring searches by name on prominent figures in anti-corruption investigations (Alperin, for example), conducted by individuals with no procedural connection to those cases whatsoever. Candidates routinely explain this away as “general professional curiosity,” but for investigators it creates a real risk of prematurely exposing prosecutorial strategy.

Technical logging can trace activity tied to a specific digital key over years. Yet users frequently claim no knowledge of the individuals searched or simply can’t explain the queries — strongly suggesting either credential-sharing or deliberate concealment.

What’s the current legal framework?

The Law of Ukraine on Access to Court Decisions, the primary statute governing the USRCD, specifies when general access may be restricted — but says nothing about restricting full access to particular categories of decisions. 

The assumption, apparently, was that all authorized users would handle the information responsibly. The record shows otherwise.

In response, the High Council of Justice adopted amendments in July 2023, at NABU’s request, permitting investigators and prosecutors to restrict (or delay) general access to certain rulings. The Supreme Court struck those amendments down.

On top of all preventive measures, criminal liability applies to unauthorized actions involving register data. The relevant offenses include: unauthorized interference with the operation of information and communication systems and networks (Article 361 of the Criminal Code); illegal sale or distribution of restricted-access information stored in computer systems (Article 361-2); deliberate entry of false information or failure to timely enter data into judicial automated systems (the UJITC, etc.), as well as unauthorized actions involving data in such systems — whether committed by authorized users or outsiders (Article 376-1).

But criminal liability is reactive — it responds to leaks that have already occurred. It does not deter effectively, nor does it protect ongoing investigations.

The USRCD Maintenance Procedure does authorize Judicial Information Systems to revoke full access from users who violate the law, including by disclosing register information. 

Tellingly, the gaps in USRCD access regulation are acknowledged by the expert community as well. The draft Anti-Corruption Strategy 2026–2030 lists as an expected result the establishment of effective mechanisms to prevent, detect, and respond to abuse in automated case distribution and register access — including audit and automated monitoring of full-access user activity (para. 2.1.5.4). It also requires that any restriction on access to court decisions be justified, proportionate, and based on legally established procedures (para. 2.1.5.5). The message is clear: the current framework is inadequate and the need for changes is already overdue.

What needs to change?

One step has already been taken: as of March 1, 2025, USRCD authorization requires tokens through the Electronic Court system, eliminating simple username-and-password logins. This makes it possible to establish that full access was obtained from a specific judge — not as a result of negligence.

Legislative reform is the other piece of the puzzle. Earlier attempts to amend the law on access to court decisions, including to prevent unauthorized disclosure of information available under full access, have already been made. Last year, MPs actively pushed Draft Law No. 7033-d, which drew public criticism for proposals that would have restricted general access to the USRCD as well — a disproportionate and unacceptable overreach. A revised version is now back before the relevant committee. 

There have also been calls to close off all pre-trial decisions from the register entirely. But it bears repeating: unauthorized dissemination occurs precisely through full access — the tier that is, by design, limited to a narrow circle of users. Moreover, many pre-trial rulings are issued in open hearings, some of which are even broadcast. Blanket restriction on general access to such rulings would undermine public oversight — and that is unacceptable.

It is also worth acknowledging that full access to the register can, in certain cases, be a genuinely effective tool. Quick access to information helps resolve conflicts of interest, prevent attempts to resell assets after a freeze, and address other operational needs. But calibrating the scope of accessible rulings to the actual mandate of the official holding full access would go a long way toward eliminating the risks of unauthorized disclosure.

To protect particularly sensitive pre-trial information, we support legislative proposals to restrict full access as well, so that officials would be unable to retrieve information on search warrants, covert investigative measures, asset freezes, and temporary access orders. Critically, these restrictions should apply specifically to decisions issued in closed hearings. 

The closed-hearing mechanism under Article 27 of the Criminal Procedure Code allows for the publication of rulings with targeted redaction of information whose disclosure could harm either individual rights or the interests of the pre-trial investigation. Blanket restriction on general access to decisions issued in open proceedings, such as pre-trial detention rulings or extensions of investigation periods, would erode accountability and public monitoring, including the ability to track the progress of corruption investigations. Post-indictment asset freeze decisions, reviewed with the participation of property owners, allow the public to monitor whether confiscation actually follows conviction. That oversight function must be preserved.

Even now, a troubling pattern is visible: access to certain plea agreement verdicts is being restricted from general view, despite judges having the tools to redact only the sensitive portions. However important the interests of an investigation may be, the mechanisms of accountability and transparency must not be sacrificed — they are among Ukraine’s hard-won achievements on the road to democratic law enforcement.

Finally, having reviewed the recordings of joint PCIE and HJCJ qualification sessions on HACC judicial selection, we can confirm that the technical capacity to monitor USRCD activity already exists. What is now needed is a legal obligation to use it: regular audits of search activity, with clear and enforceable consequences — disciplinary action for unjustified queries, and criminal liability where the elements of an offense are present.

***

Unauthorized access to the court register has become a systemic problem — and criminal liability alone will not solve it. Addressing it requires a comprehensive approach combining technical, legislative, and organizational measures.

First, the scope of full register access must be reviewed against the actual mandate of each official who holds it. Where clear criteria can be established, that access should be narrowed accordingly.

Second, legislation must restrict full access to specific categories of decisions: search warrants, asset freezes, and other rulings issued in closed hearings. These should be unavailable in full mode for a defined period, or until a specified trigger — such as the delivery of a verdict in the case.

The closed-hearing mechanism under Article 27 of the Criminal Procedure Code should in turn be applied consistently — with targeted redaction of sensitive information, not wholesale closure of entire decisions.

Third, the existing technical logging capacity must become the foundation for regular audits of search activity, with clear consequences for unjustified queries — disciplinary or criminal, depending on whether the elements of an offense are present.

Throughout all of this, any restrictions must leave the principle of open justice intact. Unjustifiably closing off access to plea agreement verdicts or pre-trial rulings, such as detention decisions, would undermine the democratic oversight of law enforcement that Ukraine has been building.