The Legal Pitfalls to Ratification of the United Nations Convention Against Cybercrime

Abstract

A safe and secure digital space benefits all countries. The growth and development of information and communication technologies (ICTs) are now moving at such a fast pace that keeping up with the threats that ICTs present to businesses, governments, and individuals necessitate a response on an international level. As far back as the early 2000’s, the Council of Europe recognised the threat that cybercrime presents to a safe and secure internet. It adopted a multilateral Convention on Cybercrime (Budapest Convention) in 2001 which came into effect in 2004. Since its adoption 68 countries have ratified it, but the Budapest Convention never achieved ratification on a global level, with the unfortunate consequence that a void existed on international level. As the risks to the cybersecurity landscape escalated, it became apparent that critical issues such as international consensus on which behaviour in cyberspace should be criminalised, how cooperation in the investigation of crime and sharing of evidence should be achieved, had to be addressed by the United Nations (UN). It is against this background that the first international Convention against Cybercrime is explored. The Convention traces its roots back to a United Nations General Assembly (UNGA) vote in 2019, when Russia challenged the Budapest Convention calling for an international framework to address cybercrime. Such a call was supported by BRICS nations and other developing countries but some Western countries were not enthusiastic. Following an arduous 5 year negotiation process, the UNGA adopted the Convention  against Cybercrime on 24 December 2024. The adoption of the Convention may be a landmark achievement, but it cannot be considered a victory if the key players do not ratify it. For example, the United States’ (US) tech sector holds most of the world’s data and if the US does not ratify it, it will impact negatively on the operational value of the Convention. Furthermore, if countries decide not to ratify, it may heighten geo-political tension. The discussion highlights the objections and reservations to the Convention against Cybercrime, whether the concerns are justifiable and the possible impact of non-ratification.