A Cybercrime Treaty Born in Russia Just Became Global Law — and Critics Call It a Surveillance Charter
The UN Cybercrime Convention — proposed by Russia, signed in Hanoi, and shunned by the US — is now the first global cybercrime treaty. Rights groups are alarmed.
Cybercrime is borderless, but the laws against it have never been. That gap is what the United Nations Convention against Cybercrime, the first global treaty of its kind, was written to close. Yet within months of its signing, the agreement has become one of the most divisive instruments in modern internet governance.
Born in Russia, adopted by the UN
The convention was first proposed by Russia in 2017 and adopted by the UN General Assembly in December 2024. It opened for signature at a ceremony in Hanoi, Vietnam, on 25 October 2025, which is why it is often called the Hanoi Convention. Its stated goal is to help countries cooperate across borders to investigate and prosecute cybercrime, sharing electronic evidence that today gets stuck behind mismatched national laws.
Signed in Hanoi — but not yet binding
Signing a treaty signals intent; it does not make it binding. As of May 2026 the convention had 76 signatories but only three ratifications: Qatar, Azerbaijan and Vietnam. It will only enter into force once 40 states formally ratify it, so the real test is still ahead.
The list of who did not sign is as telling as who did. The United States, Canada and New Zealand were notably absent from the early signatories, and the Hanoi ceremony drew sparse attendance from the private sector and civil society compared with the broad participation seen during negotiations.
Why rights groups call it a surveillance treaty
Human Rights Watch and a coalition of NGOs, academics and technology companies have urged governments not to sign or ratify. Their core concern is that the treaty expands the surveillance and data-collection powers of governments, including authoritarian ones, without firm human-rights safeguards. They point to its broad definition of cybercrime, which can sweep in almost any offence committed with a computer, and to the way it leaves it to each country to decide how rights are protected.
Supporters counter that without a common framework, criminals exploiting the seams between national laws will keep winning, and that a flawed treaty is better than none. Both can be true. The convention is a genuine step toward global cooperation against cyber criminals, and a genuine risk to privacy and free expression if implemented by states with poor records.
For businesses and internet users worldwide, the practical takeaway is that cross-border data requests and digital evidence sharing are set to expand, and the rules governing them will increasingly be shaped by this treaty, even in countries that have not yet signed.
Sources
- UN Office of Legal Affairs: Convention opens for signature in Hanoi
- UNODC: United Nations Convention against Cybercrime
- Human Rights Watch: Joint statement on the signing
- Background: United Nations Convention against Cybercrime
Hero photo: the United Nations General Assembly Hall, by Mojnsen via Wikimedia Commons, licensed CC BY-SA 4.0.