The world’s first universal legislative framework to combat cybercrime has moved a step closer to become legally binding after at least 72 countries signed the United Nations Convention against Cybercrime in Hanoi, Vietnam, on Saturday, October 25.
The 41 page-long UN cybercrime treaty proposes a legislative framework to boost international cooperation among law enforcement agencies and offer technical assistance to countries that lack adequate infrastructure for combating cybercrime. It also contains provisions addressing illegal interception, money laundering, hacking, and online child sexual abuse material.
The final draft of the treaty was adopted by member states of the UN General Assembly (UNGA) in December 2024, following years of extensive negotiations led by the UN Office on Drugs and Crime (UNODC).
At least 40 countries have to sign and ratify a treaty, after which the provisions of the agreement will go into effect 90 days after the fortieth country ratifies it. It comes at a time when digital threats are rising sharply with global cybercrime costs projected to reach $10.5 trillion annually by 2025, according to a report by Cybersecurity Ventures.
However, several tech companies and digital rights activists have criticised the treaty over concerns that it could end up criminalising legitimate online activity and lead to potential human rights abuses.
In 2022, the Indian government’s submissions on the UN cybercrime treaty contained measures similar to the controversial Section 66A of the the Information Technology Act, 2000, which was struck down by the Supreme Court as being “unconstitutional”. However, India’s proposal asking countries to make it illegal to share “offensive messages” on social media did not find any support at the global forum.
It is unclear if India is one of the 72 member states that signed the cybercrime treaty in Hanoi, though the signing process is expected to remain open till next year’s ceremony in New York, United States.
Story continues below this ad
“The UN Cybercrime Convention is a powerful, legally binding instrument to strengthen our collective defences against cybercrime. It is a testament to the continued power of multilateralism to deliver solutions. And it is a vow that no country, no matter their level of development, will be left defenceless against cybercrime,” Antonio Guterres, the secretary general of the United Nations, said in his remarks at the signing ceremony in Hanoi.
Ahead of the signing ceremony, 19 digital rights organisations including Access Now, Electronic Frontier Foundation (EFF), Human Rights Watch, and others urged UN member states to refrain from signing and ratifying the treaty.
“The Convention, the first global treaty of its kind, extends far beyond addressing cybercrime – malicious attacks on computer networks, systems, and data. It obligates states to establish broad electronic surveillance powers to investigate and cooperate on a wide range of crimes, including those that don’t involve information and communication systems. It does so without adequate human rights safeguards,” read a joint statement dated October 24, 2025.
Should India join others in signing the treaty?
Four years ago, Prime Minister Narendra Modi, in his Independence Day speech, said that there would be a new cybersecurity strategy for India. However, the national cybersecurity strategy is yet to be updated. “As a result, it is not clear who is in charge of what and who should take responsibility when an incident occurs,”Raman Jit Singh Chima, the Asia Pacific policy director of Access Now, had told The Indian Express in an interview last year.
Story continues below this ad
When asked if India should sign and ratify the UN cybercrime treaty, Chima said that the text of the treaty does not match Indian law in terms of the requirements for privacy put in place by the Supreme Court in the Puttaswamy judgment.
“So, it is a legally grey question as to whether India can actually sign and ratify this treaty because unless India puts in place strong voluntary commitments about how to implement the treaty, the current treaty text may not satisfy the Indian Supreme Court’s requirements of the right to privacy,” he said.