The United Nations Ad Hoc Committee has approved a landmark, yet controversial, treaty on cybercrime. The agreement marks the first global effort to establish a comprehensive legal framework against cyber-related offences.
Initiated by Russia in 2017, the treaty faced significant opposition from digital rights groups, tech companies, and various UN member states. However, it was adopted after three years of negotiation and will enter into force once ratified by at least 40 member states.
The treaty introduces broad powers for law enforcement agencies, including the ability to compel service providers to disclose electronic data and facilitate international cooperation in cybercrime investigations. While it aims to tackle serious crimes, such as child sexual abuse, money laundering, and online exploitation, the treaty has raised significant concerns among human rights organisations.
Critics argue that authoritarian regimes could exploit it to suppress freedom of expression and crack down on dissidents, journalists, and activists. The treaty’s provisions allowing cross-border data requests without robust safeguards may lead to abuses and heightened state surveillance. Industry should consider practical steps to ensure they are informed about the treaty’s potential impact on their operations.
Key elements of the treaty
- Global Legal Framework: Establishes the first comprehensive international legal framework for combating cybercrime, focusing on enhancing global cooperation among member states.
- Criminalisation of Cyber Offences: Mandates member states to criminalise activities such as illegal access to information systems, data interference, system interference, misuse of devices, and cyber-enabled forgery and fraud.
- Protection of Children Online: Includes specific provisions against online child sexual abuse and exploitation, including the production, distribution, and possession of such material, as well as solicitation and grooming for sexual offences.
- International Cooperation: Facilitates cross-border collaboration, including sharing of electronic evidence, mutual legal assistance, and expedited preservation of data for investigations.
- Human Rights Safeguards: Contains provisions to ensure that the implementation of the treaty does not infringe on fundamental human rights, including freedoms of expression, privacy, and data protection.
- Jurisdictional Rules: Establishes guidelines for member states to assert jurisdiction over cybercrimes, including crimes committed within their territory or affecting their nationals.
- Real-Time Data Collection: Empowers states to implement measures for the real-time collection and interception of traffic data and content data during investigations.
- Legal and Procedural Measures: Requires member states to adopt legal frameworks that allow for the seizure, freezing, and confiscation of assets related to cybercrime.
- Liability of Legal Entities: Stipulates that both individuals and legal entities can be held liable for committing or participating in cybercrimes.
- Capacity Building and Technical Assistance: Emphasises the need to provide technical assistance and capacity-building to help developing countries combat cybercrime effectively.
Practical steps for industry
- Review and Assess Compliance: Companies, particularly in the tech sector, should closely examine the treaty’s requirements to ensure compliance, especially regarding data preservation and cooperation with law enforcement across borders.
- Monitor Legislative Developments: As the treaty progresses to ratification, it is essential to monitor how individual countries incorporate its provisions into national law, as this will impact enforcement practices and potential liabilities.
- Engage in Advocacy: Companies should consider joining industry coalitions or engaging with policymakers to advocate for stronger safeguards that protect human rights and privacy, ensuring that any domestic implementation of the treaty does not lead to overreach or misuse.
Access Partnership works closely with businesses and governments to drive innovation and ensure fit-for-purpose regulation. To learn how your business can capitalise on the implications of the UN’s new cybercrime treaty, please contact Mark Smitham at [email protected], Ethan Mudavanhu at [email protected], or Christopher Martin at [email protected].