I. MAIN CONTENT OF THE CONVENTION
1. In Resolution 79/243 of the United Nations General Assembly, dated December 24, 2024, which adopted the Convention, as well as according to the report of the Third Committee of the UN General Assembly, the signing of the Convention includes a package for both (i) The full text of the Convention and (ii) The Interpretative Notes, aimed at affirming the authority of States regarding the flexible application of the Convention's provisions.
In terms of textual drafting, aside from specialized content and computer techniques, 37 out of 68 articles of the Convention overlap with existing provisions in UNTOC and UNCAC. Specifically, these include 05 basic definitions in Article 2, Article 3, and Article 5 of Chapter I (General provisions); Articles 17, 18, 19, 20, and 21 of Chapter II (Criminalization); all of Chapter III (Jurisdiction); Articles 31, 32, 33, and 34 of Chapter IV (Procedural measures and law enforcement); Articles 35, 37, 38, 39, 40, 47, 48, 49, 50, 51, and 52 of Chapter V (International cooperation); all of Chapter VI (Preventive measures), Chapter VII (Technical assistance and information exchange); Chapter VIII (Implementation mechanism); and Articles 59, 61, 63, 64, 65, 66, 67, and 68 of Chapter IX (Final provisions). For specialized and computer-technical provisions, the Convention utilizes existing provisions from the Budapest Convention and the Malabo Convention.
Compared to the UN Convention against Transnational Organized Crime (UNTOC) and the UN Convention Against Corruption (UNCAC), the Convention on Countering Cybercrime has several new elements as follows:
First, it affirms national sovereignty in cyberspace and the responsibility to carry out international cooperation in preventing and countering cybercrime (such as mutual legal assistance, joint investigations, asset recovery, etc.), linked to the requirement of ensuring that the fundamental human rights in cyberspace are not impeded, in accordance with the state's international commitments on human rights (in Articles 5 & 6).
Second, it provides unified definitions for basic specialized terms related to cybercrime, with updates on digital currency; standardizes 06 offenses related to high-tech crime and 03 offenses related to child abuse and personal images; and standardizes 05 operational investigative measures related to data access (including both stored data and real-time data) (in Article 2, Articles 7-16 of Chapter II, Articles 25-30 of Chapter III).
Third, it establishes a 24/7 contact network for all States Parties with functions suitable for the fight against cybercrime, such as the "freezing" (expedited preservation) of domestic electronic data upon request, supporting the handling of emergencies, and collecting electronic evidence (Article 41, Chapter V).
Fourth, the Convention only enters into force after 40 States have become party to it, and the adoption of an Additional Protocol can only occur after more than 60 States have become party to the Convention. (Article 62 and Article 65, Chapter IX).
2. In terms of structure, the full text of the Convention and the Interpretative Notes have the following content:
Chapter I – General provisions (Articles 01 – 05): Stipulates the objectives and scope of application of the Convention; basic terminology used; and principles of sovereignty protection and respect for human rights. The terms defined in points (h)-(n) of Article 2, and Articles 3, 4, and 5 are drawn from UNTOC and UNCAC.
Chapter II – Criminalization of offenses (Articles 06 – 21): Stipulates the criminal offenses covered by the Convention (including traditional offenses committed through information and communication technology systems and offenses in cyberspace); statute of limitations; and obligations regarding prosecution, adjudication, and sanctions. Articles 17, 18, 19, 20, and 21 of this Chapter are drawn from UNTOC and UNCAC.
Chapter III – Jurisdiction (Article 22): Stipulates the obligations in establishing jurisdiction to handle, investigate, and adjudicate cybercrime offenses. This provision is drawn from UNTOC and UNCAC.
Chapter IV – Procedural measures and law enforcement (Articles 23 – 34): Stipulates the scope of and measures for criminal proceedings and law enforcement that national authorities must implement or require relevant individuals and organizations to implement, including data storage and disclosure; collection of connection data; interception of content data; freezing, seizure, and confiscation of proceeds of crime; criminal records; witness protection; and victim support and protection; it also provides for conditions and measures to protect human rights when executing official duties. Articles 31, 32, 33, and 34 are drawn from UNTOC and UNCAC.
Chapter V – International cooperation (Articles 35 – 52): Stipulates the principles, forms, and measures for international cooperation in countering crime, including activities on: personal data protection; extradition; transfer of sentenced persons; transfer of criminal proceedings; cooperation through the 24/7 network of law enforcement agencies; cooperation in data storage; mutual legal assistance in accessing, collecting, and intercepting data; joint investigations; asset recovery mechanisms; cooperation in asset confiscation; and cooperation in the return of proceeds of crime. Articles 35, 37-40, and 47-52 are drawn from UNTOC and UNCAC.
Chapter VI – Preventive measures (Article 53): Stipulates measures for crime prevention through forms such as cooperation among law enforcement agencies, raising public awareness, strengthening the capacity of the criminal justice system, and enhancing coordination between the public and private sectors. The content of this Article is drawn from UNTOC and UNCAC.
Chapter VII – Technical assistance and information exchange (Articles 54 – 56): Stipulates the principles and forms of technical assistance and information sharing to enhance the capacity of law enforcement agencies and improve the effectiveness of crime prevention activities. Forms of technical assistance include: training in methods and techniques for investigation, prosecution, and adjudication, and policymaking for crime prevention; capacity building for data collection, storage, and sharing; support with law enforcement equipment; training on mutual legal assistance; training and equipment support for preventing, detecting, and monitoring the movement of proceeds of crime; training on methods for victim and witness protection; language training; other forms of financial and technical assistance and training; and activities for sharing information, experiences, and best practices in countering cybercrime. The entirety of Chapter VII is drawn from UNTOC and UNCAC.
Chapter VIII – Implementation mechanism (Articles 57 – 58): Stipulates the functions, duties, and powers of the Conference of the States Parties to the Convention, including organizing periodic reviews of the Convention's implementation by States Parties; and the role of the Secretariat. The entirety of Chapter VIII is drawn from UNTOC and UNCAC.
Chapter IX – Final provisions (Articles 59 – 68): Stipulates the order, procedures, and conditions for entry into force, amendment, accession, and withdrawal from the Convention. Articles 59, 61, and 63-68 are drawn from UNTOC and UNCAC.
Interpretative Note: Clarifies the scope of authority of States regarding the flexible application of certain provisions of the Convention. Accordingly, the definitions in Article 2 of the Convention do not require States to have corresponding concepts or norms; rather, this depends on the provisions of the national laws of the States Parties, as long as these legal provisions are sufficient to cover the definitions in a manner consistent with the principles and objectives of the Convention.
II. SUMMARY OF CHAPTER CONTENTS
1. General provisions
The Convention unites States Parties for a common purpose: preventing and combating cybercrime, including through strengthening international cooperation, and promoting technical assistance and capacity-building, especially for developing countries. The chapter on general provisions lays the foundation for a comprehensive response against cybercrime and sets out the basic rules that apply to the entire Convention. This chapter establishes a common terminology used in the Convention, such as “information and communications technology (ICT) system” (e.g., a computer or smartphone), “electronic data” (e.g., metadata, or email exchanges), or “serious crime” (any offense punishable by a minimum of 4 years of imprisonment).
Importantly, the general provisions also define the scope of the Convention, which is the prevention and countering of offenses established by the Convention, the recovery of proceeds of crime, and the strengthening of international cooperation, especially in sharing cross-border electronic evidence for both Convention-related offenses and other serious crimes. To facilitate international cooperation, the Convention also requires States Parties to ensure that all traditional "offline" offenses defined in other UN conventions and protocols are also criminalized when committed "online."
When implementing the Convention, States Parties must comply with their obligations under international law. This requires respect for human rights and fundamental freedoms, such as freedom of expression, conscience, opinion, religion or belief, peaceful assembly and association, as well as respect for the equal sovereignty and territorial integrity of all States.
2. Criminalization
Criminalizing the most common forms of cybercrime is essential for efforts to prevent and counter this growing threat and address its widespread impacts on society. Effective prosecution and accountability for cybercrime serve as a crucial deterrent against the use of ICT for criminal purposes, which is necessary to overcome the perception of virtual impunity that emboldens malicious actors.
The Convention's chapter on criminalization requires States Parties to establish a comprehensive framework targeting crimes committed through ICT systems. This includes the criminalization of “cyber-dependent crimes” (commonly known as “hacking”), which target the confidentiality, integrity, and availability of electronic data and ICT systems, as well as “cyber-enabled crimes,” which are traditional offenses whose scale, speed, and scope have been significantly increased through the use of connected devices. States Parties must criminalize the following acts under the Convention:
- Illegal access to an ICT system,
- Illegal interference with non-public electronic data transmissions,
- Interference with electronic data or ICT systems,
- Misuse of devices that facilitate the commission of offenses,
- Forgery related to an ICT system,
- Theft or fraud related to an ICT system,
- Offenses related to online child sexual abuse or child sexual exploitation material,
- Grooming or solicitation for the purpose of committing a sexual offense against a child,
- Non-consensual dissemination of sensitive images,
- Money laundering from the aforementioned offenses.
3. Jurisdiction
The cross-border nature of information technology makes cybercrime transnational, which creates special jurisdictional challenges. The chapter on jurisdiction establishes clear and flexible rules to prevent criminals from exploiting jurisdictional gaps to evade the law, while also delineating the legal spheres within which States Parties can govern.
Under these rules, States must establish jurisdiction if the offenses under the Convention are committed within their territory. They may also claim jurisdiction when such offenses affect their nationals, are committed by their nationals, or are directed against the State itself, even if committed abroad. Furthermore, they may take measures to establish jurisdiction over offenses under the Convention when the alleged offender is present in their territory and they do not extradite that person on the grounds that the person is their national. When jurisdictions overlap, States Parties must consult with each other.
Procedural measures and law enforcement
Criminal investigations, especially in cybercrime cases, increasingly rely on electronic evidence. Electronic evidence includes any information stored or transmitted in electronic form that can be used in court, such as email exchanges, social media posts, phone locations, or camera footage. This type of evidence poses unique challenges: it is inherently volatile as it can be easily modified or destroyed, it may be held by service providers or other private sector entities, and it may be stored across multiple jurisdictions.
The chapter on procedural measures and law enforcement empowers States Parties to address these challenges, adapting traditional investigative means and methods to the ICT environment.
States Parties must empower their competent authorities to quickly preserve and collect electronic data for any criminal investigation. These procedural powers include the expedited preservation, search, and seizure of stored electronic data, production orders for electronic data or subscriber information, and the interception of traffic or content data in transmission. When investigating and prosecuting cybercrime using these procedural measures, law enforcement personnel must respect fundamental human rights.
International cooperation
Effective law enforcement depends on international cooperation when evidence, suspects, or proceeds of crime cross borders. This is especially important for prosecuting cybercriminals, who operate across different jurisdictions. Furthermore, in today's digital world, almost every crime leaves a digital footprint, making access to electronic evidence crucial for investigations into both cybercrime and traditional crime.
Therefore, the chapter on international cooperation establishes a global framework enabling Parties to assist each other in investigations, prosecutions, asset recovery, and cross-border judicial proceedings. Cooperation measures include the extradition of persons accused of offenses under the Convention, the transfer of sentenced persons and criminal proceedings, joint investigations, and law enforcement cooperation. To ensure rapid response capabilities, the Convention establishes a network of 24/7 points of contact in each State Party.
6. Preventive measures
The chapter on preventive measures is designed to contribute to mitigating and managing the risks and threats of cybercrime. Successful cybercrime prevention requires the active and coordinated participation of all stakeholders: government, the private sector, academia, civil society organizations, and the general public. Key preventive measures include strengthening cooperation between law enforcement and stakeholders, raising public awareness of the causes and threats of cybercrime, and strengthening the criminal justice system through training activities for criminal justice officials.
7. Technical assistance and information exchange
Given the transnational nature of cybercrime and its ability to strike at any time and anywhere, strengthening the capacity to prevent and counter cybercrime worldwide is essential for developing an effective global response to protect vulnerable communities and regions from exploitation. Therefore, the chapter on technical assistance and information exchange establishes extensive measures for technical assistance, capacity-building, and information exchange among States Parties, paying special attention to the needs of developing countries.
8. Implementation mechanism
As cybercrime is highly adaptive and rapidly evolving, reviewing the measures taken by States Parties to implement the Convention and ensuring there is updated guidance on implementation are particularly important. Therefore, the chapter on the Implementation Mechanism establishes the Conference of the States Parties to the Convention. The Conference serves as the primary mechanism for monitoring the implementation of the Convention and improving the capacity and cooperation among States Parties to achieve the objectives of the Convention.
9. Final provisions
The chapter on final provisions includes the rules and modalities for how States can become parties to and withdraw from the Convention, on the Convention's entry into force, its effects, the settlement of related disputes, and procedures for potential amendments and additions through protocols. The Convention will be open for signature on October 25, 2025, in Hanoi, Vietnam, and will remain open for signature at the United Nations Headquarters in New York until December 31, 2026. The Convention will enter into force, and become legally binding, 90 days after 40 States have accepted to be bound by the Convention through the deposit of their instruments of ratification, acceptance, approval, or accession.