At the end of 2024, the United Nations gave consensus final approval to a new multilateral Convention Against Cybercrime. The Convention obliges State Parties to criminalize a range of cyber-dependent offenses and to assist each other in obtaining electronic evidence for criminal investigations and prosecutions. The UN Convention has many similarities to – but also some differences from -- the Council of Europe (COE) Cybercrime Convention (Budapest Convention). Many countries are expected to sign the UN Convention in 2025, because of its law enforcement benefits.  

Human rights groups and providers of internet services, however, strongly opposed elements of the UN Convention, and urge countries not to sign it. One prominent concern is that the Convention’s rule of law safeguards might not prove sufficient against attempts by authoritarian governments to obtain foreign-located personal data in efforts to suppress free speech and dissent. The critics also believe that the Convention could: endanger the legitimate activities of cybersecurity researchers; force service providers to retain large amounts of data for long periods of time; impose liability on service providers that store data; and allow demands for breaking encryption. This panel will explore the UN Convention’s potential law enforcement benefits, its added value in relation to the Budapest Convention, and the sufficiency of its protections against misuse.