Support Our Work Mailing list About / Contact
  • Home /
  • News /
  • 2025 /
  • October /
  • EU wants more transparency in implementation of new global cybercrime convention

EU wants more transparency in implementation of new global cybercrime convention

Topic
Policing Privacy Encryption Data retention
Country/Region
EU UN

16 October 2025

The UN Convention on Cybercrime was adopted on 24 December 2024. Signatory states must introduce a range of criminal offences related to cybercrime, as well as powers for the prevention, detection, investigation and prosecution of those offences. Rules of procedure will set out mechanisms for oversight and monitoring of the Convention, but a draft set of rules has been criticised by civil society groups for their “weak procedures”. An EU paper calls for improvements.

Support our work: become a Friend of Statewatch from as little as £1/€1 per month.


Image: Tianyi Ma, Unsplash

UN Convention on Cybercrime

The UN Convention on Cybercrime requires that all signatory states have legislation to enable the prevention, detection, investigation and prosecution of cybercrime offences.

Those offences includes, for example, illegal access to informations and communications systems; or the illegal interception of electronic data.

The EU is due to sign the treaty, which will apply to areas of law within its competences. Member states, if they are to sign it, will do so separately.

A number of organisations, including Statewatch, previously warned that "the proposed Convention's use of broad or undefined concepts opens up the risk of widescale human rights violations against civil society."

Cybercrime laws have often been used by states to target human rights defenders and other critics.

Rules of procedure

Article 57 of the Convention requires that signatory states agree on rules of procedure for a "Conference of the States Parties to the Convention".

That Conference is supposed to "improve the capacity of and cooperation between States Parties to achieve the objectives set forth in this Convention and to promote and review its implementation."

Comments from the EU and its member states on the draft rules of procedure (pdf), circulated in the Council of the EU on 3 September, call for the draft rules to be amended.

The introduction to the comments says the rules should "preserve and enhance the level of involvement and participation" of "multistakeholders".

That includes "relevant non-government organizations, civil society organizations, academic institutions and the private sector."

In July, three organisations and an individual involved in the negotiations on the Convention published an open letter on the draft rules.

They warned that the draft rules included "weak procedures for monitoring, oversight, accreditation and engagement by non-governmental actors."

Documentation

Our work is only possible with your support.
Become a Friend of Statewatch from as little as £1/€1 per month.

Further reading

13 June 2025

Document: Access to data for effective law enforcement

The Council of the EU's proposed priorities for law enforcement access to data, covering: measures to be implemented immediately; priorities for the European Commission's upcoming "roadmap to ensure lawful and effective access to data"; and ideas for ways to "foster a constructive public discourse."

Policing Surveillance Privacy Data protection EU
01 October 2024

European data protection authorities urged to take action on new cybercrime convention

A letter signed by Statewatch and a number of other organisations calls for the European Data Protection Board to issue an opinion on the new UN Convention on Cybercrime, due to the "serious risks" it poses to human rights. Those risks include provisions that would empower national authorities to obtain access to encrypted communications and force communications service providers to retain large amounts of user data.

Policing Law Privacy Encryption Data retention UN EU
12 January 2022

EU: Cybersecurity and law enforcement authorities

Cybersecurity is an issue of growing importance in EU institutions, with negotiations on a renewed Directive on network and information security underway. Documents published here show that last September, the Slovenian Presidency of the Council started a discussion on stepping up the role of law enforcement agencies in cybersecurity affairs, and this month the EU will launch a cybersecurity exercise seeking to test its "resilience" to a cyber-attack by a hostile state actor on vital economic supply chains.

Policing EU

 Previous article

Slovenia demands EU reponse to US attacks on judicial indepencence and the rule of law

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error

Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.

About | Contact | Privacy Policy