The European Union has announced that it will sign the new UN Convention Against Cybercrime. In doing so, the EU is taking an important step in the international fight against online crime and digital attacks. The convention - which will be officially opened for signature in Hanoi on Oct. 25, 2025 - is the first global treaty to establish common rules for cooperation, detection and evidence sharing in the cyber world.
The new UN Convention Against Cybercrime contains agreements on international cooperation, collection and exchange of electronic evidence, and better alignment of national laws. The convention includes nine chapters and provides a broad legal framework to help countries tackle cybercrime more effectively.
These include various forms of online crimes: from ransomware attacks and digital fraud to violations of democratic processes and online hate speech.
While the EU welcomes the treaty as an important international milestone, there is also strong criticism. Privacy regulators, civil rights groups and technology companies warn that the treaty is too broadly worded, which could jeopardize fundamental rights.
The European Data Protection Supervisor (EDPS) stresses that any exchange of data with "third countries" must be tested against European privacy laws (AVG). The scope of digital evidence collection and personal data sharing is also under fire: critics fear the convention could lead to mass surveillance and curtailment of citizens' rights if insufficient safeguards are built in.
For the Netherlands and other EU member states, signing means preparing for new obligations around international cooperation and data sharing in cyber investigations. These agreements come on top of existing European and national legislation, such as the AVG and the Data Processing by Collaborative Agencies Act.
Member states will have to carefully balance security interests and protection of fundamental rights in implementation, especially in handling international investigation requests.
The EU's signing of the UN Convention marks a new phase in the global approach to cybercrime, but at the same time highlights the need to maintain European safeguards for data and privacy.
The debate on the right balance between security and human rights will thus remain high on the agenda in the years to come.
