“We live in a digital world, one where information and communications technologies have enormous potential for the development of societies, but also increases the potential threat of cybercrime.”
– Philemon Yang, President of the UN General Assembly
On Tuesday 24 December 2024 the United Nations General Assembly announced a long-in-development convention against cybercrime. Aimed at strengthening international cooperation to combat cybercrime and protect countries from digital threats, the convention, which consists of nine “chapters”, has been in the works since 2021.
The convention will provide member states the tools and infrastructure to share information, resources, evidence, and data, and support needed to combat cyber-dependent and cyber-enabled crime. As described by Ghada Waly, Director of the UN Office on Drugs and Crime, “It is a crucial step forward in our efforts to address crimes like online child sexual abuse, sophisticated online scams and money laundering”.
What is the Convention?
The UN Convention Against Cybercrime is a comprehensive, nine-chapter global treaty that lays out a comprehensive framework for identifying and resolving the inherent legal, jurisdictional, geographical, political, and technological challenges posed by contemporary cybercrime. As INTERPOL Secretary General Valdecy Urquiza explained, “the UN cybercrime convention provides a basis for a new cross-sector level of international cooperation we desperately need”.
How Will It Work?
As there is at present no internationally agreed-upon definition of what constitutes a cybercrime, the convention instead uses it as an umbrella term to discuss and criminalise cyber-enabled crimes (criminal activity conducted online that doesn’t necessarily require a computer, such as identity theft or drug trafficking) and cyber-dependent crimes (which can only be committed online and using a computer or digital device, such as a denial of service attack or deepfaking).
Data Sharing and Information
The convention sets up rules and systems for sharing data and information amongst state signatories, including services such as 24/7 contact points who can assist in finding appropriate service providers or locating local suspects.
Providing Training and Support
The convention also seeks to provide state signatories with access to training for both the private and public sectors, various recovery and victim support services, and rehabilitation/reintegration programs. It is in some ways similar to the information-sharing features available to INTERPOL member states.
Convention Chapters
The convention consists of nine chapters which cover its framework, challenges, technologies, requirements, and more.
- General Provisions
- Criminalisation
- Jurisdiction
- Procedural Measures and Law Enforcement
- International Cooperation
- Preventive Measures
- Technical Assistance and Information Exchange
- Mechanism of Implementation
- Final Provisions
General Provisions
General provisions “forms the foundation for a comprehensive response against cybercrime and sets out the ground rules applicable to the entire convention”.
Criminalisation
This chapter establishes a “comprehensive framework targeting crimes committed through ICT systems”.
Jurisdiction
The third chapter, Jurisdiction, establishes “clear and flexible rules to prevent criminals from exploiting jurisdictional gaps to escape punishment, while delineating the legal spheres that State parties can regulate”.
Procedural Measures and Law Enforcement
Chapter 4 addresses the means and methods of investigation in an information and communications technology environment.
International Cooperation
This chapter establishes a “global framework that enables its Parties to assist each other in investigations, prosecutions, asset recovery, and judicial proceedings across borders”.
Preventive Measures
Chapter 6 looks at how to reduce and manage the “risks and threats of cybercrime”.
Technical Assistance and Information Exchange
Chapter 7 establishes “extensive measures for technical assistance, capacity-building and information exchange between State parties”.
Mechanism of Implementation
Mechanism of Implementation establishes the Conference of the State Parties in the Convention, whose function is to oversee the “convention’s implementation and improve the capacity of cooperation between State parties to achieve the Convention’s objectives”.
Final Provisions
The final chapter of the convention discusses the rules and modalities as to how many States may “become parties to and withdraw from the Convention”, its entry into force, effects, “related settlements of disputes, and potential amendment procedures and supplementation by protocols”.
State of Play
To enter into force, the convention will require a minimum of 40 signatories, and upon reaching that requirement will pass into force 90 days later. The convention will officially become open for signature in September 2025 in Hanoi, Vietnam, at a formal UN ceremony.
Amending the Convention
Should the convention go into force later this year, five years will need to pass before any State parties can request amendments to the convention. And as laid out in Final Provisions: “Once the Convention has 60 States parties, the Conference of the States Parties may also adopt protocols supplementing the Convention”.
Key Takeaways
With 5.6 billion people online as of February 2025, or 67.9% of the Earth’s population, we are truly becoming a global community – one that will need access to the data, educational resources, and tools needed to protect ourselves from criminals who would take advantage of others for personal gain. This convention is a step in the right direction towards achieving that goal.
