Sceptics point to potential privacy issues that could emerge from UN's cybercrime treaty

Representatives from dozens of countries have signed the world’s first global treaty on cybercrime this week in Hanoi — the United Nations Convention on Cybercrime, informally known as the “Hanoi Convention.” The agreement, which seeks to curb offences costing the global economy trillions of dollars each year, is being described as a landmark in international cooperation, though some experts caution that its sweeping provisions could raise privacy and surveillance concerns.

The Convention underscores the growing threat of cybercrime, with global losses from illicit online activity estimated at around US $8 trillion in 2023 and projected to reach US $10.5 trillion by 2025, according to Tech Policy.

Originally proposed by Russia in 2017 and unanimously approved by the UN General Assembly in 2023, the treaty is meant to serve as the first universal legal framework to combat cybercrime through harmonized definitions, improved cross-border collaboration, and streamlined access to electronic evidence.

During the signing ceremony’s first day, 64 nations signed the treaty, including Azerbaijan, with five more joining on the second day. While the signatures reflect broad international support for the UNCC, several key nations — including Canada, New Zealand, and the United States — notably declined to sign.

Many delegates emphasized that the Convention sets “a shared baseline for defining cybercrime,” establishing consistency in the global fight against digital offences and ensuring that “no state is left behind.”

However, the composition of participants at the ceremony reflected a largely state-centric approach. Most attendees represented governments, while participation from the private sector, academia, and civil society remained limited.

Whether the UNCC fulfills its promise of effectively addressing cybercrime — or instead enables censorship, excessive surveillance, or transnational repression — will depend on how states ratify it, implement its provisions, and whether its scope is later expanded through a supplementary protocol.

Critics argue that certain articles of the treaty could significantly expand government powers without sufficient oversight — particularly articles 28 to 31 on electronic evidence access, articles 43 to 45 on cross-border cooperation, and article 22(2), which could allow for extraterritorial overreach and inconsistent national enforcement.

By contrast, the Budapest Convention on Cybercrime, adopted in 2001 by the Council of Europe, already provides a similar international framework with stronger human rights protections, clearer implementation guidance, and institutional oversight through bodies such as the European Court of Human Rights. Supported by the Cybercrime Convention Committee (T-CY), the Budapest Convention has been joined by more than 70 countries worldwide and remains open to non-European states.

By Nazrin Sadigova