The world’s first universal legislative framework to combat cybercrime has moved a step closer to become legally binding after at least 72 of the 193 member states signed the United Nations Convention against Cybercrime in Hanoi, Vietnam, on Saturday, October 25.
The 41-page UN cybercrime treaty proposes a legislative framework to boost international cooperation among law enforcement agencies and offer technical assistance to countries that lack adequate infrastructure for combating cybercrime. It also contains provisions addressing illegal interception, money laundering, hacking, and online child sexual abuse material.
The final draft of the treaty was adopted by member states of the UN General Assembly (UNGA) in December 2024, following years of extensive negotiations led by the UN Office on Drugs and Crime (UNODC).
At least 40 countries have to sign and ratify a treaty, following which the provisions of the agreement will come into effect 90 days after the 40th nation ratifies it. It comes at a time when digital threats are rising sharply, with global cybercrime costs projected to reach $10.5 trillion annually by 2025, according to a report by Cybersecurity Ventures.
However, several tech companies and digital rights activists have criticised the treaty over concerns that it could end up criminalising legitimate online activity and lead to potential human rights abuses.
In 2022, the Indian government’s submissions on the UN cybercrime treaty contained measures similar to the controversial Section 66A of the Information Technology Act, 2000, which was struck down by the Supreme Court as being “unconstitutional”. However, India’s proposal asking countries to make it illegal to share “offensive messages” on social media did not find any support at the global forum.
According to the UN , a country becomes legally bound by a treaty only after it has signed it and ratified the agreement, following the signing process. It is unclear if India is one of the 72 member states that signed the cybercrime treaty in Hanoi, though the signing process is expected to remain open till next year.
Story continues below this ad
‘No country will be left defenceless against cybercrime’
“The UN Cybercrime Convention is a powerful, legally binding instrument to strengthen our collective defences against cybercrime. It is a testament to the continued power of multilateralism to deliver solutions. And it is a vow that no country, no matter their level of development, will be left defenceless against cybercrime,” Antonio Guterres, the Secretary-General of the United Nations, said in his remarks at the signing ceremony in Hanoi.
Ahead of the signing ceremony, 19 digital rights organisations, including Access Now, Electronic Frontier Foundation (EFF), Human Rights Watch, and others, urged UN member states to refrain from signing and ratifying the treaty.
“The Convention, the first global treaty of its kind, extends far beyond addressing cybercrime – malicious attacks on computer networks, systems, and data. It obligates states to establish broad electronic surveillance powers to investigate and cooperate on a wide range of crimes, including those that don’t involve information and communication systems. It does so without adequate human rights safeguards,” read a joint statement dated October 24, 2025.
Should India join others in signing the treaty?
Four years ago, Prime Minister Narendra Modi, in his Independence Day speech, said that India would have a new cybersecurity strategy. However, the national cybersecurity strategy is yet to be updated. “As a result, it is not clear who is in charge of what and who should take responsibility when an incident occurs,” Raman Jit Singh Chima, the Asia Pacific policy director of digital rights organisation Access Now, had told The Indian Express in an interview last year.
Story continues below this ad
Asked if India should sign and ratify the UN cybercrime treaty, Chima had said that the text of the treaty does not match Indian law in terms of the requirements for privacy put in place by the Supreme Court in the Puttaswamy judgment.
“So, it is a legally grey question as to whether India can actually sign and ratify this treaty because unless India puts in place strong voluntary commitments about how to implement the treaty, the current treaty text may not satisfy the Indian Supreme Court’s requirements on the right to privacy,” he had stated.
Steady rise of cybercrime in India
The number of cases registered under the cybercrimes category surged by 31.2 per cent in 2023 to 86,420, up from 65,893 cases recorded in 2022, as per the latest data released by the National Crime Records Bureau (NCRB) in September 2025.
Fraud, extortion and sexual exploitation accounted for the majority of cybercrime cases in India, with Karnataka reporting the highest number of cybercrime cases (21,889) among all the states.
Story continues below this ad
The Indian Express has previously reported that an increasing number of Indians are also being targeted by cyber scams originating from Southeast Asian countries such as Myanmar, Cambodia, Vietnam, Laos, and Thailand, according to data compiled by the Indian Cyber Crime Coordination Centre (I4C), a unit under the Union Ministry of Home Affairs (MHA).
“In January, Rs 1,192 crore was lost to Southeast Asia-based countries, Rs 951 crore in February, Rs 1,000 crore in March, Rs 731 crore in April and Rs 999 crore in May,” an official said, citing the data from the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS), I4C’s facilty to help citizens report and manage financial cyber fraud incidents.
