References to decades-old computer software are included in the new Brexit agreement, including a description of Netscape Communicator and Mozilla Mail as being "modern" services.
Experts believe officials must have copied and pasted chunks of text from old legislation into the document.
The references are on page 921 of the trade deal, in a section on encryption technology.
It also recommends using systems that are now vulnerable to cyber-attacks.
The text cites "modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x."
The latter two are now defunct - the last major release of Netscape Communicator was in 1997.
Just in case you forget what Netscape Communicator 4.0 looked like ... pic.twitter.com/573xNdN3ZH— Prof B Buchanan OBE (@billatnapier) December 26, 2020
The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks.
"It's clear that something is amiss in the drafting of this treaty, and we'd go so far as to venture the opinion that a tired civil servant simply cut-and-pasted from a late-1990s security document," news site Hackaday commented.
Several people have suggested the words were copied from a 2008 EU law, which includes the same text.
Prof Bill Buchanan, a cryptography expert at Edinburgh Napier University, said there was "little excuse" for the outdated references.
"I believe this looks like a standard copy-and-paste of old standards, and with little understanding of the technical details.
"The text is full of acronyms, and it perhaps needs more of a lay person's explanation to define the requirements."
Although SHA-1 and 1024-bit RSA "were a good selection a decade or so ago, they are no longer up to modern security standards," he added.
The Brexit negotiations finally ended on Christmas Eve, with a deal which was more than 1,200 pages long.
Ambassadors from the 27 EU member states have unanimously approved the EU-UK post-Brexit trade deal.
The UK Parliament is expected to approve it on Wednesday, paving the way for it to take effect provisionally on 1 January ahead of a European Parliament vote.
The Home Office said the paragraphs "set out the legally prescribed measures for cooperation."
"We currently use the latest technology to share this data, which is properly protected and in line with the guidance from the National Cyber Security Centre," a spokesman added.