Access Alert: UN Adopts Controversial Cybercrime Convention

The United Nations Ad Hoc Committee has adopted a groundbreaking, but controversial, treaty on cybercrime. The agreement marks the first global attempt to create a comprehensive legal framework against cyber-related crimes.

The treaty, initiated by Russia in 2017, faced significant opposition from digital rights groups, tech companies and several UN member states. However, it was adopted after three years of negotiations and will enter into force once it has been ratified by at least 40 member states.

The treaty introduces broad powers for law enforcement agencies, including the ability to compel service providers to disclose electronic data and to facilitate international cooperation in cybercrime investigations. Although the treaty is aimed at tackling serious crimes such as child sexual abuse, money laundering and online exploitation, it has raised significant concerns among human rights organisations.

Critics argue that authoritarian regimes could abuse it to stifle freedom of expression and crack down on dissidents, journalists and activists. The treaty’s provisions that allow cross-border data requests without robust safeguards could lead to abuse and increased state surveillance. Industry should consider practical steps to ensure they are informed about the potential impact of the treaty on their operations.

Main elements of the treaty

• Global legal framework: Establishes the first comprehensive international legal framework for combating cybercrime, with a focus on enhancing global cooperation among Member States.
• Criminalization of cybercrimes: Instructs Member States to criminalise activities such as illegal access to information systems, data disruption, system disruption, misuse of devices and cyber counterfeiting and fraud.
• Protecting children online: Contains specific provisions against child sexual abuse and exploitation online, including the production, distribution and possession of such material, as well as the recruitment and enticement of children for sexual offences.
• International cooperation: Enables cross-border cooperation, including sharing of electronic evidence, mutual legal assistance and expedited data preservation for investigations.
• Safeguards for human rights: Contains provisions to ensure that the implementation of the Convention does not infringe on fundamental human rights, including freedom of expression, privacy and data protection.
• Jurisdiction rules: Establishes guidelines for Member States to exercise jurisdiction over cybercrime, including crimes committed on their territory or affecting their nationals.
• Real-time data collection: Gives states the authority to implement measures for the real-time collection and interception of traffic and content data during investigations.
• Legal and procedural measures: Requires Member States to adopt legal frameworks enabling the seizure, freezing and confiscation of assets related to cybercrime.
• Liability of legal entities: Provides that both natural persons and legal entities can be held liable for committing or participating in cybercrime.
• Capacity building and technical assistance: Stresses the need to provide technical assistance and capacity building to help developing countries effectively combat cybercrime.

Practical steps for the industry

• Assess and review compliance: Companies, particularly in the technology sector, should carefully consider the treaty’s requirements to ensure compliance, particularly with regard to data retention and cooperation with law enforcement authorities across borders.
• Follow the developments in legislation: As the treaty is ratified, it will be important to monitor how individual countries incorporate its provisions into their domestic legislation, as this will have implications for enforcement practices and potential liabilities.
• Join the lobby: Companies should consider joining industry coalitions or working with policymakers to advocate for stronger safeguards to protect human rights and privacy, to ensure that any national implementation of the treaty does not lead to overreach or abuse.

Access Partnership works closely with businesses and governments to drive innovation and ensure appropriate regulation. Contact Mark Smitham at to find out how your business can benefit from the implications of the new UN Cybercrime Convention. (email address)Ethan Mudavanhu at (email address)or Christopher Martin at (email address).