X (Twitter) Law Enforcement Data Request: Police & Government Data Request Guide
How authorised police and government agencies obtain user data from X Corp.: the legal request portal, data tiers, EDR process, and India's MLAT route.
X (formerly Twitter), operated by X Corp. and headquartered in Bastrop, Texas, is a recurring subject in investigations involving impersonation accounts, online harassment, credible threats, cryptocurrency and investment-fraud promotion, and foreign influence operations. Because X permits pseudonymous and anonymous sign-ups, the platform’s back-end records — registration email, phone number, IP login history, and device fingerprints — are often the only thread available to link an online actor to a real identity. This guide covers the lawful process by which authorised law-enforcement and government agencies obtain those records from X Corp.
- Portal, not email: Submit through X’s Legal Request Submissions (LRS) site at legalrequests.x.com; only government and law-enforcement officials may access it. Postal submissions are accepted but significantly slower.
- Identifiers accepted: @username with full profile URL (e.g.,
https://x.com/username), the account’s permanent numeric user ID (UID), or a Tweet URL to anchor a specific-content request. - Data provided: a subpoena yields basic subscriber information (registration email, phone, sign-up IP, recent login IPs); a court order adds non-content activity logs; a search warrant or equivalent is required for content — direct messages and protected posts.
Identifiers for a data request
Each request must identify the target account precisely. X accepts the following identifiers:
- @username and profile URL — e.g.,
https://x.com/username. Usernames can be changed; where possible, also supply the numeric UID. - Numeric user ID (UID) — X’s permanent internal identifier. It does not change even if the user changes their handle. Free public tools can convert a handle to its UID using X’s public API.
- Tweet URL — used to identify a specific post for content requests or associated metadata.
- Registration email or phone number — include if known; it helps match accounts where the handle is disputed or has been changed.
What data X provides
X applies a three-tier disclosure framework keyed to the level of legal process served:
| Legal process | What X may disclose |
|---|---|
| Subpoena (or equivalent) | Basic subscriber information: registered email address, phone number, account creation date and IP address, recent login IP addresses and timestamps. |
| Court order (e.g., 18 U.S.C. § 2703(d) or equivalent) | The above, plus additional account activity records and non-content transactional data: login history, device and application identifiers, browser type, referring domain. |
| Search warrant (or equivalent judicial order showing probable cause) | Content of communications: posts (including protected/non-public posts), direct messages, and associated media. Content always requires a warrant or equivalent. |
Retention note: IP and log data is volatile. X’s current Privacy Policy does not commit to a fixed retention period for log data, and any given record may be available for a limited window only — do not assume IP or login logs will still exist when you file. The retention periods X applies are set out in its current Privacy Policy. File a preservation request immediately to lock records in place before they age out.
How to submit a request
The standard channel is X’s Legal Request Submissions portal at legalrequests.x.com — the address X publishes in its current law-enforcement guidance. The legacy legalrequests.twitter.com address redirects to the same site. Only government agencies and law-enforcement officials may create accounts on the LRS site.
- Navigate to legalrequests.x.com and confirm you hold government or law-enforcement authority.
- Enter your official agency email address. Personal or commercial email domains are rejected. An authorisation link is sent to that address to verify identity before submission.
- Select the request type: account information, content removal, or emergency disclosure.
- Attach the legal process document — subpoena, court order, or search warrant — as a PDF. Documents not in English must include a certified translation.
- State the target account identifier(s), specify the exact data sought, and explain the nexus to your investigation. Vague or overbroad requests are more likely to be returned for clarification.
- Provide your agency name, your name, badge or ID number, and official contact details.
Preservation requests can be filed through the same portal without a court order. X will preserve — but not disclose — a snapshot of the relevant account records for 90 days, extendable once for a further 90 days on a formal written request. File the preservation request as early as possible in any investigation involving IP logs or login history.
Emergency disclosure requests
Where there is an imminent risk of death or serious physical injury, law enforcement may submit an emergency disclosure request (EDR) through the same LRS portal at legalrequests.x.com. No advance court order is required. X evaluates each EDR on a case-by-case basis: if it has a good-faith belief that an exigent emergency exists, it may disclose account data necessary to prevent the harm, as applicable law permits.
Every emergency request must:
- Come from a sworn law-enforcement official using an official government or law-enforcement email domain.
- Describe the nature of the emergency, the specific threat to life, and why X data is necessary to address it.
- Identify the target account(s) and specify the data required.
Submitting false or misleading emergency requests may constitute a criminal offence in the requesting jurisdiction.
For India
Indian agencies investigating X accounts face a cross-border data-access constraint: X Corp. is a US entity, and Indian domestic legal process does not automatically compel a foreign company in the way it compels a domestically registered intermediary.
What Indian law provides domestically:
- BNSS 2023, Section 94: Courts and officers in charge of a police station may issue a summons — physical or electronic — compelling any person to produce a document, electronic communication, or other item needed for investigation or trial. A Section 94 order addressed to X Corp. constitutes valid Indian legal process; however, X Corp. is under no US law obligation to comply with it as it would a US court order.
- IT Rules 2021, Rule 3(1): Significant social media intermediaries — including X — must observe due-diligence obligations and respond to government orders within prescribed timelines. Rule 3(1)(d) governs government content-removal orders.
- IT Act 2000, Section 69: Authorises central and state government agencies to intercept, monitor, or decrypt information through any computer resource on national security, public order, or related grounds.
Practical routes for Indian agencies:
- Direct portal request (non-content): Indian law-enforcement officials may submit requests for basic subscriber information through legalrequests.x.com, attaching a certified translated court order or notarised police request as the legal basis. X assesses these against its own guidelines; compliance is not guaranteed but occurs in practice for non-content data.
- MLAT route (content & compelled compliance): For direct messages, protected posts, or where X declines a direct request, the formal channel is a Mutual Legal Assistance Treaty (MLAT) request. India and the United States have a bilateral MLAT, in force since 2005. Requests are routed through the Ministry of Home Affairs (MHA) to the US Department of Justice (DOJ). The process typically takes several months to over a year; file a preservation request through the portal at the same time to hold the data.
- CLOUD Act: India has not yet concluded a CLOUD Act executive agreement with the United States. Once such an agreement is in place, Indian agencies will be able to serve legally binding requests on US providers directly for content data, bypassing MLAT. Until then, MLAT remains the formal compulsory route for content.
What you will need
- An official government or law-enforcement email address (requests from personal email domains are rejected by the portal).
- The target account’s @username, profile URL, and/or numeric UID.
- A description of the investigation, the specific data requested, and the nexus between the two — broad or unsupported requests are returned for clarification.
- The appropriate legal process document (subpoena, court order, or search warrant) as a PDF.
- For non-English documents: a certified English translation.
- Your agency name, your name, badge or ID number, and official contact details.
Will the user be told?
X’s default policy is to notify an account holder before disclosing their data. Exceptions apply where notice is legally prohibited (e.g., by a court-issued non-disclosure order), would jeopardise an active investigation, or would put a person at risk. If your investigation requires delayed or suppressed notice, state that explicitly in the request and cite the legal basis.
See also
- LERS portal hub — all law-enforcement data-request guides in one place
- Platform-by-platform LERS guide — WhatsApp, Instagram, TikTok, Telegram, and more