Whose interests does the document truly protect?

In December 2024, the UN General Assembly adopted the Convention on Cybercrime, marking the first international treaty in criminal justice in over twenty years.

This document aims to establish a legal framework for faster and more coordinated responses to digital crimes. Alongside mutual assistance procedures in international investigations, it sets obligations for member states to criminalize certain acts committed using information and communication technologies.

We seek to understand the purpose behind the Hanoi Convention: is it genuinely aimed at combating online wrongdoers, or is it a means of tightening control in the digital space?

Core Concepts and Goals

The Convention is a 55-page document consisting of 68 articles, intended to serve as a unified international legal foundation for combating cybercrime. Its provisions can be summarized into three main goals: unification, cooperation, and protection of vulnerable groups.

The document identifies 11 categories of actions that all participating countries are required to criminalize in their local legislation.

This list includes both technical offenses (such as unauthorized access to systems, data interception, and interference with ICT operations) and broader crimes like online fraud and the illegal distribution of sexualized materials.

The Hanoi Convention also aims to eliminate the fragmentation that has plagued the cybersecurity sector for decades. Prior to its introduction, cooperation was based on bilateral agreements or regional documents, such as the Council of Europe’s Budapest Convention from 2001.

Now, the UN offers a global alternative: the new initiative mandates that each participating country establish a 24/7 contact center to assist in investigations and sets common procedures for exchanging electronic evidence.

Additionally, the Convention emphasizes support for victims and the protection of particularly vulnerable groups, especially children. It is one of the first international treaties to criminalize not only the distribution of illegal content but also online harassment of minors.

Russia's Role

The ideological and political driving force behind the cybercrime convention has long been Russia. Russian diplomacy has been working towards its adoption for about 15 years.

Initially, Russia, along with China and other countries, insisted on expanding the list of cybercrimes to include the dissemination of extremist content and the use of ICT for terrorist purposes.

Such proposals faced sharp criticism from several Western jurisdictions, which feared that these definitions could open the door to the persecution of dissent.

Ultimately, a compromise was reached: the scope of the Convention was narrowed to classic computer crimes. However, Russia has not abandoned its ambitions.

According to RBC, citing experts, Moscow has already announced plans to work on additional provisions that will expand the list of criminal activities in the digital realm. It is unlikely that Western countries will join these efforts, but such initiatives may find support among several African and Asian nations.

Ideological Divide

The vote in the UN General Assembly in December 2024 starkly highlighted the global divide. The Convention was adopted not by consensus but by majority vote: 79 in favor, 60 against, and 33 abstentions.

The votes were distributed approximately as follows:

  • In favor: Russia, other BRICS and CIS countries, as well as several nations from the Middle East, Africa, and Latin America (Saudi Arabia, Algeria, Venezuela);
  • Against: the USA, Canada, the UK, Australia, EU countries, Ukraine, Georgia, South Korea, and Israel;
  • Abstaining: countries such as Argentina, Mexico, Chile, and Singapore.

The Convention will come into force after ratification by 40 countries.

Russia and its allies view the document as a historic milestone — the first universal tool that enshrines the principle of state sovereignty in cyberspace and fair regulation "in the interests of the global community."

Critics, however, reject its provisions in their current form. The main argument is the threat to human rights. Western diplomats point out vague definitions, simplified extradition procedures, and data exchange that could legitimize transnational repression.

"Ideologically, the Hanoi Convention reflects the approach promoted by countries that previously refused to join the Budapest Convention — it is focused on state sovereignty and security. The Budapest Convention has always been embedded in the European system of human rights protection with established guarantees and control mechanisms," noted cyber lawyer and RKS Global and VPN Guild expert Sarkis Darbinyan in a comment to ForkLog.

Application Methods

On one hand, the document is beneficial as it creates a common legal language for countries that previously lacked mutual agreements. It will be harder for criminals to find a "grey" jurisdiction for hiding if major countries in the region agree to classify phishing or botnet creation as crimes.

On the other hand, the Convention contains broad exceptions. A country may refuse legal assistance if it believes that fulfilling the request threatens its sovereignty, security, or fundamental interests. Therefore, in the current realities, cooperation between conflicting countries seems unlikely.

According to Sarkis Darbinyan, in practice, the Convention will be applied not only to traditional cross-border cybercrime investigations but also to a significantly broader range of cases.

For instance, interpretations of its provisions could be used in cases related to online speech, journalism, and political activism, especially in countries where national legislation allows such actions to be classified as cybercrimes.

"In some cases, this could be the dissemination of false information, in others, extremist activity, or the insult of national or religious symbols on social media. Such an approach significantly increases the risk of abuse, including through mechanisms of international legal assistance and cross-border data requests," clarified Darbinyan.

The expert believes that besides criminal activity, the Convention will most significantly impact:

  • cybersecurity research and vulnerability testing;
  • investigative journalism and whistleblower activities;
  • digital activism and online expression;
  • the operations of tech companies handling user data.

Cybersecurity researchers regularly access systems without formal permission to identify vulnerabilities, Darbinyan explained. At the same time, investigative journalists often work with leaked or hacked data.

"In the absence of clear protective mechanisms, both of these groups could face criminal prosecution, including through the use of international cooperation mechanisms. This creates a chilling effect and undermines activities necessary for public safety and accountability of power," warned the cyber lawyer.

Need for Revisions

Many countries involved in drafting the provisions disagreed with certain points. However, the document was still approved on the principle that it is better to adopt a flawed text and seek amendments later.

Darbinyan believes that to reduce the risk of abuse, the Convention needs to:

  • narrow its scope to basic cybercrimes;
  • provide direct and unequivocal guarantees of protection for cybersecurity researchers, journalists, and whistleblowers;
  • develop mandatory and specific standards for ensuring human rights in surveillance, data access, and international cooperation;
  • implement strict data protection requirements and limit the purposes for which data can be used;
  • establish effective oversight mechanisms to prevent politically motivated requests.

"Without these clarifications, there is a risk that the Convention will become a global tool for digital repression rather than an effective international mechanism for combating cybercrime," emphasized the expert.

***

The dual nature of the document — aiding in the genuine fight against crime while also holding potential for abuse — makes the Hanoi Convention one of the most contentious yet significant international agreements for the digital space.

Future practices of its application will reveal how effective this international initiative is in combating crime without infringing on human rights. Until then, potentially vulnerable groups will need to be more cautious about their online actions, even if they believe those actions to be entirely legal.