EU signs UN Convention on Cybercrime

The European Union has officially signed the United Nations Convention on Cybercrime, a landmark treaty adopted by the UN General Assembly on 24 December 2024 and opened for signatures on 25 October 2025. The signing ceremony took place in Hanoi, Vietnam, on 27 October 2025 after the EU Council gave its approval on 13 October 2025. The convention expands the framework established by the Budapest Convention, extending legal harmonisation and cooperative mechanisms to more than 115 UN member states that were previously outside the European regime.

Key provisions of the new treaty strengthen the criminalisation of ransomware attacks, child sexual exploitation online, and large‑scale fraud, while setting universal standards for the preservation and exchange of electronic evidence. Chapter VII introduces a technical assistance network aimed at bolstering the investigative capacities of countries with limited resources, creating a 24‑hour cooperation hub for cross‑border cyber investigations. By committing to share electronic evidence and coordinate prosecutions, signatories aim to close the safe havens that cybercriminals have exploited for years.

The ratification process now moves to the EU institutions. After the Council’s decision, the European Parliament must give its final approval, and each member state will follow its national legislative procedures. The convention will enter into force ninety days after the fortieth instrument of ratification, acceptance, approval or accession is deposited. This timeline gives the EU a clear pathway to become a full party to the treaty and to encourage other regional blocs to join.

For the private sector, the convention promises a more predictable legal environment for multinational corporations and cybersecurity firms. Companies can rely on clearer rules for data breach notification, cross‑border data requests, and coordinated takedown actions. At the same time, civil‑society organisations warn that the treaty must safeguard fundamental rights and avoid becoming a tool for excessive surveillance. The text explicitly includes safeguards to protect privacy and freedom of expression, but implementation will be closely monitored by watchdogs.

Strategically, the EU’s signature signals a determination to lead global cyber governance. By aligning with the UN framework, Europe seeks to complement its own cyber‑defence initiatives, such as the EU Cybersecurity Act and the European Cybercrime Centre (EC3). The broader goal is to diminish the jurisdictional gaps that have allowed criminal networks to operate across borders with impunity. If the convention proves effective, it could become the backbone of a coordinated international response to the escalating cost of cybercrime, projected to exceed $10 trillion annually by 2025.

In summary, the EU’s endorsement of the UN Convention on Cybercrime marks a historic step toward unified global action against digital threats. The success of the treaty will depend on swift ratification, robust implementation, and continuous oversight to balance security objectives with the protection of individual liberties.

Sources:

• https://www.consilium.europa.eu/en/press/press-releases/2025/10/13/fighting-cybercrime-eu-to-sign-un-convention-on-cybercrime/

• https://www.eubusiness.com/crime/eu-signs-un-convention-on-cybercrime/

• https://www.eeas.europa.eu/hanoiconvention-eudeclaration_en?s=184