Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In Cyber Cybersecurity, Data and Tech Digital Evolution

The Hanoi Convention: How the World is Combatting Cybercrime and What the Global Treaty Means for Businesses

by , and 6 Mins Read

In October 2025, governments from around the world convened in Hanoi, Vietnam, to sign the United Nations Convention against Cybercrime—now referred to as the “Hanoi Convention.” As the first global treaty dedicated to preventing, investigating, and prosecuting cybercrime, the Hanoi Convention marks a pivotal moment for global cooperation to prevent and combat cybercrime. Although with increased geopolitical pressures, global cooperation may be challenging. This article explains what the Hanoi Convention does, the procedure for its implementation, and its anticipated impact on multinational businesses.

The History of the United Nations Convention Against Cybercrime

In the wake of destructive and malicious activities by cyber criminals around the world, the United Nations Convention against Cybercrime was adopted by the General Assembly of the United Nations on December 24, 2024 in New York. The Convention opened for signature on October 25, 2025 at a signing ceremony held in Hanoi, Vietnam where 72 nations signed the treaty. To date, 74 countries have signed and the treaty will remain open for signatures until December 31, 2026.

The Hanoi Convention was initially sponsored by Russia in 2019 (Resolution 74/247) who sought a global treaty other than the 2001 Convention on Cybercrime of the Council of Europe (“Budapest Convention”). Opponents of the Resolution raised concerns that a broad definition of cybercrime could be used to criminalize dissent/disinformation and censor/undermine human rights. Between 2019 and 2024, multiple negotiations and revisions to the treaty took place.

What is the Hanoi Convention?

The Hanoi Convention is the world’s first comprehensive global framework for the collection, preservation, sharing, and use of electronic evidence across borders—an area historically hindered by inconsistent national laws and slow mutual legal assistance procedures. For businesses, this represents a shift toward tighter, more harmonized cyber laws, breach reporting, cooperation with law enforcement, and documentation of cybersecurity practices.

Nations that sign this multilateral treaty agree to enact domestic laws to address cybercrime as follows:

  • Criminalizing Cybercrime. The Convention requires states to criminalize certain cybercrimes under their domestic laws including: illegal access to computer systems; interference with data or systems; online fraud and related financial crimes; and offenses involving online child sexual exploitation material.
  • Electronic Evidence & Cross Border Data Transfers. The first universal treaty to address cross-border access and cooperation on electronic evidence, establishing global standards for handling electronic evidence, including: preservation of electronic data; lawful search and seizure of digital information; and real-time collection of traffic data in serious criminal investigations.
  • International Cooperation. The Convention sets up mechanisms for: mutual legal assistance (MLA) in cybercrime cases; extradition related to cybercrime offenses; and 24/7 network of national contact points to enable rapid cooperation.

What Happens Now that the Hanoi Convention is Signed?

Following signature, nations will complete their internal domestic processes to implement the Convention. Once concluded, States will file a ratification, acceptance, or approval with the Secretary-General of the U.N. to formally become States Parties to the Convention. States that did not sign the Convention may also become Parties by filing an instrument of accession. The Convention will enter into force 90 days after the 40th instrument of ratification, acceptance, approval or accession is filed.

After entry into force, a Conference of the States Parties (COSP) will convene periodically to improve the capacity of and cooperation among States Parties to achieve the objectives of the Convention and to promote and review its implementation.

The Ad Hoc Committee—the expert group that originally drafted the Convention—had convened in late January 2026 to draft operational rules for the COSP. It will then negotiate a protocol in late 2026, potentially expanding the Convention by adding more criminal offenses or other enhancements. The final draft goes to the COSP for consideration and possible adoption, allowing for future proofing by covering newer threats.

What are the Implications for Global Businesses?

Governments alone cannot combat cybercrime. A vitally important part of the success of the Hanoi Convention will require private sector engagement. Below are some things private sector businesses will want to consider following the Hanoi Convention:

  1. Global Cybersecurity Program Alignment. Businesses operating across borders (particularly in jurisdictions that have signed the Hanoi Convention) will want to align cybersecurity programs from a global perspective, moving beyond national frameworks to withstand international scrutiny.
  2. Cyber Governance Enhancement. Enterprises will need stronger protocols for digital forensics readiness, secure log retention, data localization review, and cross-border data transfer to meet evidence-sharing requirements.
  3. Incident Response Plan Review. Businesses in critical infrastructure will have to align their global reporting obligations with regulatory disclosures (NIS-2 and CIRCIA reporting requirements), law enforcement disclosures, customer notices, policy updates, incident response plans, vendor contracts, and global compliance frameworks. With national security focused cyber laws like NIS-2 and CIRCIA taking effect around the world, many private sector businesses have new reporting obligations for cyber incidents.
  4. Local Public/Private Partnership Checklist. Businesses will want to create a checklist for law enforcement engagement, including pros/cons, jurisdictional considerations, attorney-client privilege, information types, and internal protocols for sharing threat intelligence.
  5. Preparation for Human Rights Safeguards. Companies should prepare for and anticipate increased scrutiny related to data access requests and integrate human rights safeguards into compliance models to mitigate potential abuses.

The Essential Role of Public–Private Partnership in Combating Cybercrime

The Hanoi Convention emphasizes that cybercrime cannot be addressed by governments alone. Public–private cooperation—including information sharing, collaborative threat intelligence, and capacity building—is indispensable to global cyber resilience. The Hanoi Convention is an opportunity for global law enforcement leaders to build trust with the private sector and open up a two-way means of communication:

  • For law enforcement and governments to inform private sector businesses about threat intelligence and share aggregated information about supply chain attacks and attacks on sectors; and
  • For private sector to share with law enforcement critical information like indicators of compromise, malicious IP addresses, tactics, techniques and protocols used by cyber criminals to attack their businesses.

The Future

The Hanoi Convention marks a historic milestone in the international fight against cybercrime and signals a new chapter in global cyber governance. Despite ratification, increasing geopolitical pressures present unique challenges to private sector participation that could delay global cybersecurity standards and cooperation.

Categories:
Tags:
Author

Justine focuses her practice on both proactive and reactive cybersecurity and data privacy services, representing clients in matters related to information governance, diligence in acquisitions and investments, incident preparedness and response, the California Consumer Privacy Act, privacy litigation, and cyber litigation.

Author

Hung Tran is the managing partner of BMVN International LLC (strategic alliance of Baker McKenzie Vietnam) and the chair of the Commercial, Data, IPTech and Trade Practice of Baker McKenzie Asia Pacific offices. For years, he has been constantly ranked as a leading IP, TMT, and Data Protection lawyer by numerous researchers such as Chambers Global, Chambers Asia, Legal 500 Asia Pacific. He regularly writes articles concerning pressing legal issues in both English and Vietnamese, and his works have been published regularly in various reputable publications. He has assisted the government in reviewing and revising the IP Law, the IP provisions under the country’s criminal code, the draft e-Transaction Law, and the first draft Personal Data Protection Decree, etc. He is also a respected presenter in the area of IP, Franchising, Data Privacy, and Entertainment Laws. In addition to authoring many publications, Mr. Tran has lectured at Waseda University School of Law (Japan), Vietnam-German University, Hanoi Law University, Diplomatic Academy of Vietnam, Foreign Trade University, an international MBA Program (CFVG) and IP laws for the Professional Training School of the Ministry of Industry and Trade. He used to serve as the Chairman of the Legal Committee of Hanoi American Chamber of Commerce.

Author

Alex Do, CIPP/E, is an IPTech executive cum patent coordinator at BMVN International, in alliance with Baker McKenzie Vietnam

Related Posts