Convention on Cybercrime

"Budapest Convention" redirects here. For the 1877 Austro-Hungarian and Russian agreement on the future of the Balkans, see Budapest Convention 1877.
Convention on Cybercrime
CET 185
Countries that have ratified the treaty (in red) and countries that have signed but not ratified it (in orange)
Signed23 November 2001
LocationBudapest
Effective1 July 2004
ConditionRatification by 3 Council of Europe States
Signatories50
Parties76
DepositarySecretary General of the Council of Europe
LanguagesEnglish and French

The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or the Budapest Convention, is the first international treaty seeking to address Internet and computer crime (cybercrime) harmonizing national laws, improving investigative techniques, and increasing cooperation among nations.[1][2] It was drawn up by the Council of Europe in Strasbourg, France, with the active participation of the Council of Europe's observer states Canada, Japan, the Philippines, South Africa and the United States.

The Convention and its Explanatory Report was adopted by the Committee of Ministers of the Council of Europe at its 109th Session on 8 November 2001. It was opened for signature in Budapest, on 23 November 2001 and it entered into force on 1 July 2004.[3] As of April 2023, 68 states have ratified the convention, while a further two states (Ireland and South Africa) have signed the convention but not ratified it.[4]

Since it entered into force, important countries like India have declined to adopt the Convention on the grounds that they did not participate in its drafting. Russia opposes the Convention, stating that adoption would violate Russian sovereignty, and has usually refused to cooperate in law enforcement investigations relating to cybercrime. It is the first multilateral legally binding instrument to regulate cybercrime.[5] Since 2018, India has been reconsidering its stand on the Convention after a surge in cybercrime, though concerns about sharing data with foreign agencies remain.[6]

On 1 March 2006, the Additional Protocol to the Convention on Cybercrime came into force. Those States that have ratified the additional protocol are required to criminalize the dissemination of racist and xenophobic material through computer systems, as well as threats and insults motivated by racism or xenophobia.[7]

On 8 August 2024, a UN committee approved the first global treaty on cybercrime despite significant opposition from human rights groups and tech companies. The treaty included provisions to criminalize unauthorized access to information systems, online child exploitation, and the distribution of non-consensual explicit content. However, critics argued that it compromised human rights and press freedom, with concerns over data privacy and expanded definitions of cybercrime.[8]

  1. ^ Convention on Cybercrime, Budapest, 23 November 2001.
  2. ^ Star, Arizona Daily. "All Headlines". Arizona Daily Star. Archived from the original on 2019-12-14. Retrieved 2020-12-18.
  3. ^ Staff. The COE International Convention On Cybercrime Before Its Entry Into Force Archived 2016-09-25 at the Wayback Machine, UNESCO, January–March 2004
  4. ^ "Chart of signatures and ratifications of Treaty 185". CoE Treaty Office.
  5. ^ "Assets" (PDF). April 30, 2016. Archived from the original (PDF) on 2016-04-30.
  6. ^ "Home Ministry pitches for Budapest Convention on cyber security". January 18, 2018.
  7. ^ "Frequently asked questions and answers Council of Europe Convention on cybercrime Archived February 9, 2006, at the Wayback Machine", by the United States Department of Justice
  8. ^ Desmarais, Anna (9 August 2024). "UN committee approves first cybercrime treaty despite widespread opposition". Archived from the original on 11 August 2024. Retrieved 12 August 2024.