The Quest for a Universal Regulation on Cyber Crime

Pallavi SinghLaw

The Quest for a Universal Regulation on Cyber Crime

The twentieth century has introduced some of the greatest inventions humankind has seen. The internet is one such invention. There is barely any area untouched by its very presence in our daily lives. Due to its intangible and boundaryless nature, it is complicated to establish its actual haven, which hosts a plethora of cyber criminals. In such circumstances, unified legislation is called for to address the cross-jurisdictional nature of crimes committed on the internet.

The Convention on Cybercrime is an important development towards a unified cyber crime regulation. Considered the Council of Europe‘s brainchild, it is the first regulation of its kind. While it formulates a unified policy, it has its own shortcomings. This article discusses the Convention’s subject matter, background, the changes introduced, and the challenges it faces today.

What is the Convention on Cybercrime?

The Convention on Cybercrime, or the Budapest Convention, is the only multilateral binding agreement to date to regulate cyber crimes. It also seeks to harmonise national laws on this subject to smoothly handle cross-border criminal offences. It was signed in Budapest, Hungary, on November 23, 2001, and it subsequently came into force on July 01, 2004. As of January 2024, 69 states have ratified the Convention, while Ireland and South Africa have signed it but not ratified it. There are 22 observer states have been invited to sign and accede to the Convention.

The Convention features 48 articles, further divided into four chapters. Types of criminal offences covered in the Convention can be categorised into the following four heads:

  1. Offences related to confidentiality, integrity, and availability of computer data and systems,
  2. Computer-related offences,
  3. Content-related offences, and
  4. Offences related to infringements of copyright and related rights.
Background and Objective

With the rapid adoption of the internet in the early 1990s, the Council of Europe felt the need to draft a binding regulation on cybercrime. As a result, they started drafting a binding framework to regulate cyber crime in 1996. This draft laid down the substantive law and the procedures for investigating cyber crimes. After deliberate negotiations, many developed countries came together and signed the Convention in 2001.

As set out in its preamble, the Convention seeks to unify different national laws to combat cyber crime. While the first chapter lists definitions, Chapter II lists measures to be taken at the national level, Chapter III focuses on international cooperation, and Chapter IV consists of final provisions related to enforcing the Convention. Article 22 requires signatory states to adopt measures to establish jurisdiction over offences committed in their territories or by their nationals. In a way, it suggests that this Convention is not enforceable until a signatory state brings in a proper legislation.

What did this Convention change?

This Convention was the first international legal framework on cyber crime. It paved the way for other countries to draft their cyber crime laws accordingly. For example, Pakistan’s Electronic Transaction Ordinance 2002 aligns with the Convention. To this day, it continues to be the only binding international instrument for cyber crimes.

The Convention facilitates the sharing of vital information to investigate cyber crimes among signatory states. Moreover, it also streamlines the procedure for extraditing criminals. Over the years, we have seen that the transboundary nature of cyber space provides a safe harbour for cyber criminals. With international cooperation among countries, this Convention targets ending this perceived safe harbour.

Thus, the very existence of the Convention is a huge success. The primary reason is that it is difficult to gather diverse viewpoints from stakeholders around the world. Moreover, ensuring that states sign the Convention is another humongous task. It appears that the Budapest Convention partially handled these burdens with success.


Countries like India and Russia have not signed and ratified the Convention. Russia has vehemently opposed it because it would impact its sovereignty. On the other hand, India declined to sign the Convention since it was not part of its drafting process. Other challenges towards the successful adoption of this Convention include data sharing concerns among the signatory member states and its intermingling with individuals’ right to privacy, along with the Convention being perceived as outdated in 2o24. However, a periodical revisit to the Convention with easy amendment provisions can motivate more member states to sign and ratify.

While there are drawbacks, one cannot deny its emergence when no international binding instrument exists. As the dynamic nature of technology continues to challenge the Convention provisions, flexibility in amendments must allow for keeping pace with ever-evolving technology. Will we have a working international regulation on cyber crimes? That remains questionable.