By: Alex Wagenberg
On October 25 and 26, 2025, Vietnam hosted more than 100 countries for a United Nations cybersecurity-focused conference held in Hanoi. The nations gathered for the signing of a cybercrime prevention and defense treaty titled “United Nations Convention against Cybercrime: Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes.” The event marked a milestone: it was the first time the UN established a comprehensive legal instrument to address crimes committed via information and communications technologies (ICT). It was also a big moment for Vietnam, as it was the first time the country hosted the signing of an international treaty of this caliber, and the first convention named after a Vietnamese city. The selection of Hanoi as host is significant, as it further establishes Vietnam as part of a growing digital footprint in the region and as a leading “middle power” on the geopolitical stage. The convention was seen as a success in Hanoi by its signees for its ability to grant better evidence sharing, extradition rights, and global cooperation. But detractors claim it can open a can of worms for surveillance and persecution by the signees against their own people.
Cybercrime presents serious threats to the digital infrastructure of nations, along with the online integrity of the world’s users. Crimes like phishing, ransomware, illicit trafficking, misuse of data and systems, and cyberterrorism are hazards to the safety of individuals, organizations, and states around the globe. Cybercrimes have cost the global economy upward of a trillion dollars annually, and this treaty could help curb some of this disruption.
The treaty was designed to outline the present and future dangers of these crimes and establish a forward method of defense and prevention to be uniformly utilized by the signees. This is, of course, solely a treaty by the UN, so at most it provides a framework for the implementation of laws and processes that should be followed. For it to be binding, the signees must integrate the treaty into their own respective legal systems. In total, 72 nations signed on to this treaty, which was agreed upon in December 2024 but only signed during this convention. The United States, under the Biden administration, voted in favor of the final draft in 2024 but withheld its signature in Hanoi.
Critiques of this treaty are not hard to find. First, much of the language in the treaty is vague and oversimplified, which can allow governments to persecute their constituents. For example, “unauthorized access” is used without a clear definition, putting the safety of whistleblowers and legitimate researchers at risk. The convention also leaves unclear the safeguards of transparency and oversight, which can allow governments to take advantage of the system in their collection of data.
Russia – the drafter of the treaty – is at the forefront of many of these concerns. Its human rights record regarding online censorship, weaponization of the internet, and virtual propaganda is a factor that has many concerned. It is arguably the source of a majority of the world’s cybercrime, with attacks spanning nearly the entire 21st century. Since the initiation of the discussion by Russia in 2019 to convene regarding cybercrime, it became obvious to many in the West that something nefarious might have been afoot—but in the interest of an actual solution to a genuine issue, other nations followed suit. In fact, the reason for the long title mentioned at the beginning is due to Russia’s unwillingness to agree to a definition for simply “cybercrime.”
Vietnam as a host country has its detractors, however. The Southeast Asian nation has been criticized for human rights violations relating to online freedom of expression. According to Human Rights Watch, around 40 individuals were arrested just last year in the country for online postings critical of the state’s government—a severe human rights violation. Additionally, Vietnam’s censorship decree, dubbed “Decree 147,” compels social media platforms operating in the country to store local user data, hand it over to government authorities upon request, and remove within 24 hours any content the state deems “illegal” or objectionable.
Many critics also cite the signees of the treaty, including Laos, China, Libya, Greece, and Chile, as examples of nations that may have dangerous objectives with the new “internationally approved” oversight of their citizens’ online usage. The Cybersecurity Tech Accord, a coalition founded to promote the safety of online use with members such as Meta, Oracle, and Google, have dubbed this agreement a “surveillance treaty” because of its inherent permission to allow dangerous governments access to data.
Overall, while the convention can be seen as a step forward in controlling a damaging trend, many are concerned about the potential abuse of weak authorship and bad actors using the treaty as a crutch to defend their behavior as in compliance with the agreement. When states are given greater powers to access data, coordinate across borders, and crack down on digital “offenses,” the risk of those powers being turned against civil liberties—especially in more authoritarian regimes—is high. The view of whether this treaty is a net good or net risk depends heavily on how it will be implemented: whether countries adopt it, how they write their laws to comply with it, what safeguards are built in, and whether their interests align with internet users at home and around the world.
