As we move into 2025, the United Nations General Assembly has just adopted the world’s first comprehensive international treaty to combat cybercrime, the United Nations Cybercrime Convention. This landmark agreement has been heralded as a historic step forward in addressing the global scourge of cybercrime, but it has also raised significant concerns about potential abuse by authoritarian states. Despite its promise to foster international cooperation and establish a unified framework for combating cybercrime, the treaty’s contentious origins and potential for misuse continue to spark debate.
While the treaty cleared its final hurdle in December with the United States and the United Kingdom both backing the measure, its roots are worth scrutiny. Originally introduced by Russia, with support from China, North Korea, and Venezuela, the treaty’s language has prompted fears of potential human rights violations, extraterritorial surveillance, and the misuse of its provisions to justify oppressive actions by restrictive regimes.
The treaty has been positioned by UN officials as a mechanism to combat cybercrime by fostering cross-border cooperation, facilitating information sharing, and streamlining extradition procedures. Its proponents have also emphasized a potential to address crimes ranging from online child exploitation to sophisticated financial fraud, while citing the trillions of dollars lost annually to cybercrime. However, its provisions may lack critical safeguards to ensure its implementation does not undermine fundamental freedoms.
Without transparent and enforceable measures to penalize misuse, the UN treaty risks becoming a tool for oppression rather than for justice.
Human rights activists, leading tech firms, and cybersecurity experts have criticized the new UN treaty for its potential to enable authoritarian regimes to repress dissent. The failure to include robust language protecting privacy, freedom of expression, and cybersecurity research amplifies these concerns The previous U.S. administration had pledged to create mechanisms to monitor for any abuses of the treaty, emphasizing the importance of accountability. Countries are also empowered to reject information-sharing requests from nations with poor human rights records, but questions remain about the enforceability of these provisions.
One solution may lie in mandatory public reporting, where signatory nations would openly disclose their domestic statutes, judicial processes, and enforcement actions under the treaty. Independent oversight bodies could further enhance transparency and deter abuses. However, the treaty’s current structure does not mandate these critical accountability measures.
There is an alternative already in place for free nations dedicated to human rights and economic transparency.
For the significant majority of western-aligned nations, the Budapest Convention is the gold standard for international cybercrime cooperation, with 96 nations either acceding to or signing its robust framework. Unlike the UN treaty, the Budapest Convention explicitly incorporates protections for human rights and privacy. The UN treaty’s adoption raises the question of why China and Russia, who championed the new UN agreement, have refused to join the Budapest Convention’s information-sharing network. Their reluctance to join Budapest may indicate that revisionist geopolitical motivations lay beneath the new UN agreement.
The UN Cybercrime Convention’s success hinges on balancing enforcement with ethical governance. To prevent the treaty from becoming a tool of repression, it must be adaptable, transparent, and subject to rigorous oversight. Collaborative forums involving governments, private sector stakeholders, and human rights organizations could play a vital role in refining its implementation. Periodic audits and independent review mechanisms could also mitigate risks while preserving operational efficiency.
While the work of the UN represents a significant opportunity to address the growing threat of cybercrime, its potential for misuse cannot be ignored. As nations prepare to implement this historic agreement, they must remain vigilant to ensure it fosters a secure and equitable digital future for all. If the UN treaty falters in practice, the Budapest Convention offers a proven framework to uphold global cybersecurity standards and protect fundamental rights.
