This summer, the UN Member States made significant progress by agreeing on a draft for the first international convention against cybercrime. This momentous step, however, brings forth vital questions about how this new convention will interact with the longstanding Budapest Convention, which has already been ratified by 76 countries. A thorough comparison of these two frameworks sheds light on their key similarities and differences, providing insight into how they may coexist in the realm of cybercrime legislation.

Status and Parties

The UN Convention Against Cybercrime, officially titled “United Nations Convention Against Cybercrime; strengthening international cooperation for combating certain crimes committed by means of information and communications technology systems and for the sharing of evidence in electronic form of serious crimes,” is currently not formally adopted. The draft has been agreed upon by the Ad Hoc Committee but is still subject to further review by the UN General Assembly. Once ratified by a minimum of 40 member states, it will come into effect.

In contrast, the Budapest Convention, established by the Council of Europe, is a legally binding treaty that has been ratified by 76 states, encompassing both member and non-member nations of the Council. Additionally, this convention includes two protocols aimed at enhancing cooperation and addressing cyber-related offences. The first protocol, dealing with xenophobia and racism, was introduced in 2003, while the second protocol, focusing on electronic evidence disclosure, was finalised in 2022.

Purposes and Scope

Both conventions share the overarching aim of addressing cybercrime, but they employ different scopes. The Budapest Convention concentrates on the criminalisation of specific offences, such as illegal access, data interference, and online fraud. It also enhances international cooperation through a framework that encourages cross-border access to electronic evidence.

Conversely, the UN Convention adopts a broader approach, emphasizing international cooperation and the provision of technical assistance, particularly to developing nations. While the Budapest Convention covers a wide range of specific offences, the UN Convention focuses primarily on “serious crimes,” defined as those punishable by a maximum of four years of imprisonment or more.

Definitions

While definitions in the UN Convention largely mirror those in the Budapest Convention, notable differences exist. The UN Convention adopts terminology that encompasses a broader range of technologies, like using “ICT systems” instead of “computer systems.” Such changes, while intended to expand applicability, have drawn some criticism for their potential overreach, given that the references to “any criminal offence” may blur the lines regarding what constitutes cybercrime.

Criminalisation

The scope of criminalisation in the UN Convention is broader than in the Budapest Convention. While both conventions define illegal access similarly, the UN Convention extends its coverage to additional cyber-enabled crimes, such as money laundering and solicitation offenses against children. Notably, the UN framework emphasizes preventative measures targeting conduct preceding offenses, rather than merely criminalizing content-based activities like possession or distribution of illegal material.

Procedural Powers

Regarding procedural powers, both conventions present similarities in core conditions and safeguards. The UN Convention, however, incorporates additional measures not found in the Budapest Convention, such as provisions for confiscating crime proceeds. This broader scope, particularly appealing to member states, may provide improved tools for combating serious crimes.

International Cooperation

International cooperation presents another pivotal difference between the two conventions. The Budapest Convention facilitates cooperation for collecting electronic evidence in relation to any criminal offence, highlighting a broad approach to cross-border collaboration. In contrast, the UN Convention limits its purview to “serious crimes,” presenting a narrower framework for international assistance.

The Budapest Convention also includes advanced cooperation tools for obtaining electronic evidence, reinforcing its emphasis on rapid data sharing. On the other hand, critiques of the UN Convention point to concerns regarding confidentiality and transparency, particularly in how data is shared between states.

Conclusion

As the two conventions evolve, the coexistence of the UN Cybercrime Convention and the Budapest Convention will likely shape global policies around cybercrime. The Budapest Convention has provided a foundational framework for addressing cyber offenses and aligning with human rights standards. However, the UN’s broader approach to serious crimes poses potential challenges, particularly as nations grapple with differing legal definitions of cybercrimes domestically.

The effectiveness of these conventions may ultimately hinge on collaborative efforts to ensure they work in complement to one another. Balancing both frameworks in a way that respects existing international norms while enabling robust cybersecurity measures will be essential in preventing legal fragmentation and fostering effective global countermeasures against cybercrime.