UN Convention against Cybercrime: History and legal prospects

As a result of the rapid development of information technology and associated increase in cybercrime, the need to ensure international information security has become a critical challenge for the global community. This article analyzes the prospects of the UN Convention against Cybercrime adopted on 24 December 2024 as a mechanism for coordinating the efforts of states in the field of international information security. The aim was to evaluate this international treaty as a basis for cooperation between states in the field of international information security and combating cybercrime. Particular attention is paid to the provisions of the Convention concerning the obligation of states to criminalize the list of acts established by the treaty, as well as ensuring human rights compliance in connection with its application. in the course of the study, the author used historical-legal, formal-legal, and comparative-legal methods to assess certain aspects of international and regional regulation of cybercrime. The empirical basis of the article comprises normative legal acts and those of a recommendatory nature in the field of international information security, as well as legal doctrine devoted to the problems of this industry. The findings can be summarized as follows: the adoption of the international treaty under analysis is an attempt to balance the opposing positions of the participants in the negotiation process regarding the need for universal regulation of cybersecurity with concerns about human rights violations. While the Convention sets out to resolve controversial issues, several significant shortcomings are identified, including a high probability of quickly becoming obsolete due to the complexity of carrying out amendments and the risk of permitting the broad interpretation of certain provisions, which hinders the unification of practice. In particular, the Convention lacks an effective control mechanism for monitoring the fulfilment of obligations. While noting these shortcomings and associated legal risks, the Convention represents the first universal international treaty in the field of international information security and can be recommended for adoption into force.

1. Abashidze A. Kh., & Koneva A. E. (2015). Dogovornye organy po pravam cheloveka: uchebnoe posobie [Human rights treaty bodies: A study guide] (2nd ed.). RUDN.

2. Assaf, A. (2023). Violations of sovereignty in “cyberspace” under the United Nations Charter. Zhurnal VSHÉ po Mezhdunarodnomu Pravu [HSE University Journal of International Law], 1(3), 4–20. https://doi.org/10.17323/jil.2023.18848

3. Boyko, S. M. (2023). Mezhdunarodnaya informatsionnaya bezopasnost’: Rossiya v OON. Nachalo istorii (1998-2009 gg.) [International information security: Russia at the United Nations. The beginning of the story (1998–2009)]. Mezhdunarodnaya Zhizn’, (11), 8–23.

4. Danel’yan, A. A. (2020). Mezhdunarodno-pravovoe regulirovanie kiberprostranstva [International legal regulation of cyberspace]. Obrazovanie i Pravo, (1), 261–269. https://doi.org/10.24411/2076-1503-2020-10140

5. Donnedieu de Vabres, H. (1928). Les principes modernes du droit pénal international [Modern principles of international criminal law]. Librairie du Recueil Sirey.

6. Gorelik, I. b. (2022). Rol’ mezhdunarodnykh organizatsiy v protsesse protivodeystviya kiberprestupnosti [The role of international organizations in the process of countering cybercrime]. Mezhdunarodnoe Pravo, (3), 28–41. https://doi.org/10.25136/2644-5514.2022.3.38585

7. Krutskikh, A. V., Biryukov A. V., Boyko, S. M., Volkova, S. G., Zinovieva, E. S., Zinchenko, A. V., Matyukhin, D. V., & smirnov, A. i. (2021). Mezhdunarodnaya informatsionnaya bezopasnost’: Teoriya i praktika: Uchebnik v trekh tomakh. T. 2. [International information security: Theory and practice: Textbook (Vol. 2; 2nd ed.)]. Aspekt Press.

8. McCarthy, J. G. (1989). The passive personality principle and its use in combatting international terrorism. Fordham International Law Journal, 13(3), 298–327.

9. Ryngaert, C. M. J. (2015). Jurisdiction in international law (2nd ed.). Oxford University Press.

10. Scher-Zagier, E. (2025). Jurisdictional creep: The UN Cybercrime Convention and the expansion of passive personality jurisdition. Yale Journal of Law & Technology, 27(1), 327–389.

11. shtodina, D. D. (2025). Konventsiya Organizatsii Ob’yedinennykh Natsiy protiv kiberprestupnosti 2024 goda — itog “kiberkompromissa”? [United Nations Convention against Cybercrime, 2024 — the outcome of «cyber compromise»?] Moskovskij Zhurnal Mezhdunarodnogo Prava, (1), 110–124. https://doi.org/10.24833/0869-0049-2025-1-110-124

12. Tennant, I., & Oliveira, A. P. (2024). Applying the right lessons from the negotiation and implementation of the UNTOC and the UNCAC to the implementation of the newly agreed UN ‘cybercrime’ treaty. Journal of Cyber Policy, 9(2), 221–238. https://doi.org/10.1080/23738871.2024.2428655

13. Tropina T. (2024). ‘This is not a human rights convention!’: The perils of overlooking human rights in the UN cybercrime treaty. Journal of Cyber Policy, 9(2), 200–220. https://doi.org/10.1080/23738871.2024.2419517

14. Volevodz, A. G. (2007). Konventsiya o kiberprestupnosti: novatsii pravovogo regulirovaniya [The Convention on cybercrime: Innovations in legal regulation]. Pravovye Voprosy Svyazi, (2), 17–25.

15. Watson, G. R. (1993). The passive personality principle. Texas International Law Journal, 28(1), 1–46.