EDITORIAL: A global instrument to fight digital crime can also widen the state’s reach. That is the core tension in the UN cybercrime convention signed in Hanoi. More than 60 countries have put their names to a framework designed to strengthen cooperation against offences that have clearly outpaced existing mechanisms: child pornography, transnational cyber scams and money laundering.
The UN Secretary-General called the signing an “important milestone”, linking it to scams that “destroy families” and “drain billions of dollars”. The demand for better tools is obvious; but so is the need for restraint.
Rights groups have warned throughout the negotiations that the treaty’s broad language could enable abuses. Their letter described its safeguards as “weak” and flagged the danger of cross-border repression of government critics.
Policy voices also raised a specific operational concern: provisions that may compel companies to share user data across borders, formalising practices already used against journalists in some jurisdictions. Location matters in diplomacy, and the choice of Hanoi drew scrutiny, given Vietnam’s record of crackdowns on dissent, a point noted by Human Rights Watch.
Technology companies pushed back as well. The Cybersecurity Tech Accord delegation, representing more than 160 firms including Meta, Dell and Infosys, declined to attend the signing. During the talks it warned that the text risks criminalizing cybersecurity researchers and “allows states to cooperate on almost any criminal act they choose”, with potential overreach that poses “serious risks to corporate IT systems relied upon by billions of people every day”.
Whether one agrees with the firms’ broader interests or not, these are specific, testable objections about how the new powers could operate in practice.
Context from the negotiating history matters. The convention was first proposed by Russian diplomats in 2017 and was approved by consensus last year after lengthy talks. That origin has shaped criticism from some quarters, alongside reminders that significant volumes of cybercrime are associated with Russia and that political will – not legal texts – has often been the real constraint.
The article’s sources also point to an existing international accord, the Budapest Convention on Cybercrime, which includes guidance on rights-respecting implementation; companies have contrasted its approach with the new instrument.
Set against these concerns is the practical case for action. Digital crime is a transnational business with victim lists that span jurisdictions and regulatory regimes. Evidence and proceeds move faster than mutual legal assistance can follow. The UN’s framing is straightforward: “We need a strong, connected global response.” Countries want quicker, clearer pathways to share data and coordinate investigations, and many see the convention as the vehicle to do it.
What happens next will decide whether this treaty becomes a shield or a sword. Signatures are only the start; the text will go into force once ratified by those states, and domestic legislation will determine how general clauses become operating procedures. Precision in defining covered offences, proportionality in data requests, independent judicial oversight, transparent logging of cooperation, and protection for bona fide security research are the practical guardrails that will separate legitimate enforcement from abuse. Without them, breadth becomes a liability.
This is a double-edged matter and should be treated as such. The facts recorded at Hanoi show both an urgent need to curb cross-border digital harm and a clear set of warnings from civil society and industry about overreach. A balanced implementation can align the two: faster cooperation on clearly defined crimes, stronger due process where rights are at stake. Countries will decide that balance in their ratification laws; companies will be tested by lawful demands; rights groups will probe the boundaries in courts and public debate.
The treaty answers a real problem. It also creates real risks. If states use it to reduce scams, protect victims and disrupt laundering networks, it will deserve credit. If it normalises expansive surveillance or suppresses dissent, it will confirm the critics’ case. The responsibility now lies with those who signed to prove that security can be advanced without dimming the digital rights they have pledged to uphold.
Copyright Business Recorder, 2025
Comments
Comments are closed for this article.