Information and communications technologies (ICTs) have revolutionized our world, empowering individuals with unprecedented capabilities for communication, innovation, and commerce. However, the omnipresence of ICT systems, such as computers and smartphones, equally presents new opportunities for criminals to exploit technology for criminal purposes.
Operating anonymously through digital networks, criminals can remotely corrupt electronic data or ICT systems, steal data and financial assets, or engage in child sexual exploitation, causing massive financial damage and profound personal harm to individuals, businesses, and governments worldwide. While criminals operate without legal or geographic constraints, law enforcement must respect jurisdictional boundaries. This creates significant obstacles: electronic evidence often is scattered across multiple countries and can disappear before legal assistance processes are completed, while differences in national laws further complicate investigation and prosecution efforts. Cybercrime is therefore among the most critical global challenges of our time.
Find out how each chapter of the United Nations Convention against Cybercrime addresses these challenges.
The Convention unites States parties in a common purpose: to prevent and combat cybercrime, strengthen international cooperation, and promote technical assistance and capacity-building, in particular for developing countries.
The chapter on general provisions forms the foundation for a comprehensive response against cybercrime and sets out the ground rules applicable to the entire Convention. It establishes a common terminology used in the Convention, such as “information and communications technology system” (e.g. computers or smartphones), “electronic data” (e.g. metadata, or e-mail communications), or “serious crime” (any offence that carries a prison sentence of at least four years).
Importantly, the general provisions also define the scope of the Convention, which is to prevent and combat the offences established by the Convention, recover the proceeds of these offences, and strengthen international cooperation, particularly in sharing electronic evidence across borders for both Convention-related offences and for other serious crimes. To facilitate international cooperation, the Convention also requires its States parties to ensure that all traditional “offline” crimes defined in other United Nations conventions and protocols are also criminalized when committed “online”.
In implementing the Convention, States parties must adhere to their obligations under international law. This requires the respect for human rights and fundamental freedoms, such as the freedoms of expression, conscience, opinion, religion or belief, peaceful assembly and association as well as the respect for the sovereign equality and territorial integrity of all States.
Criminalizing the most prevalent forms of cybercrime is essential to efforts of preventing and combating this growing threat and address its pervasive effects on society. Effective prosecution and accountability of cybercriminals serves as a crucial deterrent against the use of ICTs for criminal purposes, which is essential to overcome the perception of virtual impunity that emboldens malicious actors.
The Convention’s chapter on criminalization requires that States parties establish a comprehensive framework targeting crimes committed through ICT systems.
It requires the criminalization of “cyber-dependent crimes” – commonly known as “illegal hacking” – which target the confidentiality, integrity, and availability of electronic data and ICT systems. These include:
This chapter also includes certain “cyber-enabled crimes”, which are traditional crimes whose scale, speed and scope have been significantly increased through the misuse of ICT systems. These include:
Through harmonizing criminal laws across jurisdictions, the Convention paves the way for international cooperation, including with regard to dual criminality where required, as well as for concerted actions among cooperating States.
The chapter on criminalization also addresses the liability of legal persons for contributing to the Convention offences, addresses the criminalization of participation and attempt, and provides for specific rules for prosecution, adjudication and sanctions, including on aggravating circumstances. Additionally, it ensures the protection of the rights and guarantees of persons accused of the offences, with special measures safeguarding children’s rights.
ICTs are designed to operate across borders, making cybercrime inherently transnational, which creates unique jurisdictional challenges.
The chapter on jurisdiction establishes clear and flexible rules to prevent criminals from exploiting jurisdictional gaps to escape punishment, while delineating the legal spheres that States parties can regulate. Under these rules, States must establish jurisdiction if Convention offences are committed in their territory. They may also claim jurisdiction when such offences affect their nationals, are committed by their citizens, or target the State itself, even when committed abroad. Furthermore, they may take measures to establish jurisdiction over Convention offences when the alleged offender is present in their territory and they do not extradite such person on the ground that the person is one of its nationals. When jurisdictions overlap, States parties must consult with each other.
States parties must assist other States parties in criminal investigations when evidence or suspects are located within their territory. This cooperation includes extradition, mutual assistance in locating and preserving data, and mutual legal assistance in supporting collecting and sharing evidence. For electronic evidence spread across multiple jurisdictions, States parties must respond to requests for mutual legal assistance to acquire electronic data to enable effective investigations. States retain the right to refuse cooperation in certain circumstances, such as where requests for assistance would prejudice their sovereignty, public order or other essential interests. Other grounds for refusing cooperation include situations where data protection requirements cannot be met, or where requests could lead to discrimination based on characteristics such as race, religion, ethnic origin, or political opinions.
Criminal investigations, particularly in cybercrime cases, increasingly depend on electronic evidence. Electronic evidence includes any information stored or transmitted in electronic form that may be used in court, such as email communications, social media posts, phone location or camera footage. Such evidence presents unique challenges: it is inherently volatile as it can easily be modified or destroyed, it may be held by service providers or other private sector entities and may be stored across multiple jurisdictions. This means that, in most cases, States depend on service providers for obtaining the evidence needed for their investigations and the cooperation with those States in which these service providers are established.
The chapter on procedural measures and law enforcement empowers States parties to address these challenges, adjusting traditional means and methods of investigation to the ICT environment. These measures enable the effective collection of electronic evidence while protecting human rights and supporting both domestic criminal proceedings and international cooperation.
States parties must empower their authorities to rapidly secure and obtain electronic data for any criminal investigation. These procedural powers ensure that electronic data is protected from loss or alteration and remains admissible as evidence in court. These include the expedited preservation, search and seizure of stored electronic data, production orders for electronic data or subscriber information, and the interception of traffic or content data in transit.
When investigating and prosecuting cybercrime through using these procedural measures, law enforcement officers must respect fundamental human rights. The Convention requires States parties to put in place appropriate safeguards when using investigative powers, tailored to both the specific crime and the type of power being used. These protections include independent judicial oversight, clear justification requirements, defined limits on scope and duration, and the right to an effective remedy.
Effective law enforcement depends on international cooperation when evidence, suspects, or criminal proceeds cross borders. This is particularly critical for prosecuting cybercriminals, who operate across different jurisdictions. Moreover, in today’s digital world, virtually every crime leaves digital traces, making access to electronic evidence crucial for investigations of both cybercrime and traditional crimes.
The chapter on international cooperation therefore establishes a global framework that enables its Parties to assist each other in investigations, prosecutions, asset recovery, and judicial proceedings across borders.
Measures of cooperation include the extradition of persons accused of Convention offences, the transfer of sentenced persons and of criminal proceedings, joint investigations and law enforcement cooperation. Moreover, the chapter also establishes international procedures for preserving and acquiring electronic data, which are similar to those under the chapter on procedural measures. This enables States parties to request other parties to preserve electronic evidence, access data or intercept traffic or content data.
To ensure rapid response capabilities, the Convention establishes a network of 24/7 contact points in each State party. These points of contact will facilitate immediate assistance, for instance, in preserving electronic evidence, identifying relevant service providers, or locating suspects.
In the collection and sharing of electronic evidence, the Convention's scope extends beyond the offences that it establishes. It includes also electronic evidence arising from any “serious crime”, which is defined as any crime that carries a prison sentence of four years or more. Thereby, the Convention also creates a global mechanism for electronic evidence exchange for serious crimes, including those covered by other UN conventions and protocols, such as the United Nations Convention against Transnational Organized Crime and its Protocols, or the United Nations Convention against Corruption. The Convention thus creates a dual framework for international cooperation: it provides specific measures for cybercrime cooperation while also complementing existing criminal justice instruments through its provisions for the exchange of electronic evidence for serious crimes.
The chapter on preventive measures is designed to contribute to reducing and managing the risks and threats of cybercrime. Successfully preventing cybercrime requires active participation from and coordination of all stakeholders – governments, private sector, academia, civil society organizations, and the public as a whole.
Key preventive measures include strengthening cooperation between law enforcement and stakeholders, promoting public awareness of the causes and the threat of cybercrime, and strengthening criminal justice systems through training activities for criminal justice officials. Prevention also requires harnessing technical expertise by recognising the crucial contribution of security researchers in maintaining a resilient cybersecurity environment, while promoting the legitimate development of digital skills and supporting offender reintegration programmes. The preventive measures contained in the Convention also place a special emphasis on the protection of persons in vulnerable situations, including through preventing gender-based violence, safeguarding children against child sexual abuse or exploitation and advancing victim support programmes.
In order to ensure the effectiveness of preventive measures against evolving threats, States parties are required to regularly evaluate their legal frameworks. In addition, States parties must ensure that their authorities for the prevention of cybercrime are publicly known and accessible and ensure safe and anonymous reporting. At the international level, each State party is required to designate authorities to assist other Parties with preventive measures, creating a global network for cybercrime prevention.
Given cybercrime's transnational nature and its ability to strike at any time or location, strengthening capacity for preventing and combating cybercrime worldwide is essential to developing an effective global response that protects vulnerable communities and regions from exploitation.
The chapter on technical assistance and information exchange therefore establishes extensive measures for technical assistance, capacity-building and information exchange between States parties, with particular attention to developing countries' needs. This cooperation is aimed at strengthening global capabilities in the prevention, detection, investigation, and prosecution of cybercrime, while contributing to closing the digital divide and ensuring that no country is left behind in the fight against cybercrime.
These activities include essential methods and techniques for preventing, detecting, investigating, and prosecuting cybercrime. They cover practical aspects like the handling of electronic evidence, forensic analysis, and the use of modern law enforcement equipment. They also encompass the preparation of mutual legal assistance requests, tracking cybercrime proceeds, and protecting victims and witnesses.
Moreover, States parties are encouraged to analyse domestic cybercrime trends and share their findings internationally to develop common standards and approaches. This includes exchanging best practices, monitoring policy effectiveness, and sharing updates on legal and technological developments to build collective expertise in combating cybercrime. Finally, the chapter encourages collaboration between governments, NGOs, civil society, academia, financial institutions and the private sector.
As cybercrime is highly adaptable and rapidly evolving, the review of Member States’ measures to implement the Convention and ensuring evolving guidance on its implementation are particularly important.
The chapter on the Mechanism of implementation therefore establishes the Conference of the States Parties to the Convention. The Conference serves as the primary mechanism to oversee the Convention’s implementation and improve the capacity of and cooperation between States parties to achieve the Convention’s objectives.
States parties are required to submit reports to the Conference regarding their implementation measures, on the basis of which the Conference conducts periodic reviews and makes recommendations to improve the implementation of the Convention.
Other core functions of the Conference encompass facilitating the exchange of information on legal, policy and technological developments in cybercrime and the collection of electronic evidence, patterns and trends and successful practices for preventing and combatting cybercrime, and elaborating and adopting supplementary protocols to the Convention. To fulfil its mandate, the Conference may establish review mechanisms and subsidiary bodies as it deems necessary.
In obtaining information on cybercrime developments and measures implementing the Convention, the Conference may also collaborate with relevant stakeholders, including international organizations, non-governmental organizations, civil society, academic institutions, and private sector entities.
The first Conference will be convened by the Secretary-General of the United Nations within one year after the Convention has entered into force. The Conference will adopt the rules of procedure and rules governing its activities and the participation of observers, which will be prepared by the Ad Hoc Committee. The United Nations Office on Drugs and Crime will serve as the secretariat to the Conference.
The chapter on final provisions include the rules and modalities on how States may become parties to and withdraw from the Convention, on the entry into force of the Convention, its effects, related settlement of disputes, and potential amendment procedure and supplementation by protocols.
The Convention will be opened for signature in Ha Noi, Viet Nam, and remain open at UN Headquarters in New York, until 31 December 2026. Signature is typically a requirement for a State to proceed with ratification. States will also be able to become Parties by accession, approval or acceptance. The Convention will enter into force, and become legally binding, 90 days after 40 States have expressed their consent to be bound by the Convention through depositing their instruments of ratification, acceptance, approval or accession. Regional economic integration organizations may also join if at least one of their member States is a Party.
After five years in force, States parties may propose amendments to the Convention. Once the Convention has 60 States parties, the Conference of the States Parties may also adopt protocols supplementing the Convention. The adoption of amendments and protocols require consensus or a two-thirds majority vote by the Conference.
Disputes concerning the interpretation or application of the Convention are settled primarily through negotiations or any other peaceful means, including through arbitration or, subsidiarily by request of the parties involved, by the International Court of Justice.
States parties may withdraw from the Convention through written denunciation, which takes effect one year after notification.
The Convention is equally authentic in Arabic, Chinese, English, French, Russian, and Spanish, with the Secretary-General of the United Nations serving as depositary.