Civil-society groups warn UN cybercrime treaty could threaten human rights

A coalition of digital rights and human rights organisations has issued a joint statement expressing concern over the newly signed UN Convention on Cybercrime, urging governments not to sign or ratify the treaty without stronger safeguards. The convention, the first global treaty focused on cybercrime, opened for signature in Hanoi on 25–26 October.

Concerns over surveillance and cross-border powers

The organisations argue that the treaty grants broad surveillance and data-sharing powers to states, extending beyond cyber-attacks to cover any serious crime punishable by at least four years in prison under national law. They warn that, because some governments criminalise activities such as peaceful protest, journalism, same-sex relationships or criticism of authorities, the treaty could be used to target individuals engaged in protected activities.

The statement also highlights risks for security researchers and whistleblowers, noting that the treaty’s language could allow prosecution of people conducting legitimate work that helps identify vulnerabilities and safeguard systems.

Lack of safeguards and oversight

According to the signatories, the treaty contains insufficient human-rights protections. They cite weak domestic safeguards in the procedural chapter and note the absence of strong, treaty-wide guarantees based on principles such as legality, necessity, and proportionality.

The groups also point to provisions allowing cross-border sharing of personal data and monitoring systems, saying these could undermine secure communications and enable intrusive surveillance.

Another concern is the lack of a mechanism to suspend states that violate human rights, raising fears that governments with poor records could use the treaty to extend their reach and exert pressure on international service providers.

Risks to vulnerable groups

The signatories warn that the treaty could inadvertently harm those it intends to protect. For example, they say vague provisions could lead to criminalisation of consensual behaviour between minors of similar age, and argue that insufficient attention to gender issues could expose women and LGBTQ+ people to further risk.

The statement notes that the signing ceremony took place in Vietnam, where authorities have been criticised for restricting dissent and cracking down on online expression.

Call for safeguards and stakeholder engagement

The organisations call on states not to sign or ratify the treaty unless they commit to strong protections, including:

• consulting civil society and other independent experts
• ensuring national laws meet international human-rights standards
• placing limits on cross-border cooperation and refusing requests likely to result in abuses
• reserving the right to decline cooperation where human-rights risks are present
• providing transparency about treaty implementation and cooperation requests
• ensuring international assistance under the treaty is tied to human-rights compliance

They also urge delegations to publicly address digital repression concerns at the signing event and highlight cases where governments use digital tools to silence critics.

Who signed the statement?

The joint statement is supported by more than 20 organisations, including Access Now, Human Rights Watch, the Electronic Frontier Foundation, ARTICLE 19, the Association for Progressive Communications, Fundación Karisma, Privacy International, IFEX, EngageMedia, and several regional digital-rights groups.

The coalition emphasises that, while tackling cybercrime is important, global cooperation should not come at the expense of fundamental rights and freedoms.