The Budapest Convention on Cyber Crime

Cyber crime is any criminal activity using computer technology as a tool to commit an offence. It could be used to access business secrets, personal information ( hacking, spamming, phishing) and may also be used for exploitative purposes( child pornography, hate crimes). Also known as computer crime it may be carried out by individuals with little technical skills or highly organised groups, targeting either personal or corporate data. According to the National Crime Records Bureau, 9,622 incidents of cyber crime were recorded in 2014 in India itself. It is important to have strong cyber crime laws in place as it makes it more difficult for the hacker due to the  increase in chances of detection and prosecution. The convenience, anonymity, lack of borders all contribute to the growing rate of cyber crime, making it important to provide protection against online predatory crimes, fraud and more serious crimes like cyber terrorism. Having a major impact on national security countries also strengthen their security and resilience of cyberspace to combat this crime- in the united states, the cyber division or the FBI is an agency of top priority within the department of justice.

The Budapest Convention on Cyber Crime

The Convention on Cyber crime, also known as the Budapest Convention on Cyber crime or the Budapest Convention, is the first International treaty dealing with cyber or computer crime. Drawn up by the council of Europe in Strasbough, France, it came into force on the 1st of July 2004. 63 states as of now have ratified it including Japan, Canada, South Africa and the United States. Countries like India and Brazil who weren’t participants in the drafting process refused to adopt it but recently have been rethinking their stance due to the increase in cyber crime.

The convention is also supplemented by additional protocols added on 1st march 2006. States who have ratified this are required to criminalize any xenophobic (dislike and prejudice for foreign countries) and racist (belief in the superiority of one race over another leading to prejudice and discrimination) material online.


According to the global forum of cyber expertise – The Budapest Convention provides the States with

  • the criminalisation of a list of attacks by means of computers;
  • (ii)  tools to make the investigation and the securing of electronic evidence effective; and
  • (iii) international police and judicial cooperation

The main objective of the convention provided in the preamble talks about “pursuing a common criminal policy aimed at the protection of society against cyber crime, especially by adopting appropriate legislation and fostering international co-operation” With a set of powerful procedures like lawful interception the convention also boasts of 24/7 network for speedy assistance and provision for protection of human rights.

According to the European unions press releases, the Convention delivers in three areas by:

  • harmonising aspects of criminal law in the area of cyber crime; 
  • providing for criminal procedural tools needed for the investigation and prosecution of attacks against information systems – as well as other offences committed by means of a computer system or electronic evidence in relation to those offences;
  • fostering a fast and effective regime of international cooperation.

Main Features of the convention

Mutual legal assistance

Article 25 The Convention imposes an obligation upon the Parties to provide mutual assistance “to the widest extent possible” for proceedings of criminal offences related to computer systems and data. it is also subject to the conditions prescribed by the domestic law and the mutual assistance treaties of the parties.

Jurisdiction and Access to Stored Data

Article 21 and 22: There exists a principle of non-intervention regarding the access to data from another jurisdiction. Unless provided with proper consent, it might end up in the violation of the states sovereignty. There are two situations in which a Party may access computer data stored in another Party’s jurisdiction; (i) when it is publicly available (ii) when it is done through a computer system located in its own territory after obtaining the “lawful and voluntary consent of the person who has the lawful authority to disclose the data to the Party through that computer system”.

Production Order

According to Article 18, computer data can only be asked from a person when it is (including a service provider) located within the territory of the ordering Party even if the data is stored in the territory of a third Party but subscriber information can be ordered from a service provider even if it is not located within the territory of the ordering Party as long as it is offering its services in the territory of that Party and the subscriber information relates to the service offered in the ordering Party’s territory.

The Budapest Convention on Cyber Crime


To avoid delayed and costly translations, The Cyber crime Committee suggested that requests be sent by Parties in English in urgent cases since most States accepted a request in English and an additional protocol added for this particular purpose.

 24/7 Network

Article 35 talks about how Parties are required to have trained and equipped personnel attend the point of contact designated on a 24 hour seven days a week basis for immediate assistance on collection of evidence, investigation etc

The cyber crime convention committee

The Cyber crime Convention Committee (T-CY) represents the State Parties to the Budapest Convention on Cyber crime along with 10 international organisations including INTERPOL, European union, UN office on drugs and crime, commonwealth secretariat. According to Article 46 The Committee facilitates the implementation of the Convention by the Parties, looks into future amendments while keeping the convention up to date.

 Capacity building

The need for capacity building was stated in February 2013 by the United Nations Intergovernmental Expert Group and the European union, making it the focus of the Global Cyber Space Conference in Seoul, Korea in 2013. The joint project on ‘Global Action on Cyber crime’ (GLACY) was signed along with a cyber crime programme office C-PROC resulting in a series of capacity building projects in regions like Georgia, Armenia, Turkey and Ukraine.

Article 15  of the convention discusses the following Conditions and safeguards –

1.  Each Party shall ensure that the establishment, implementation and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall provide for the adequate protection of human rights and liberties, including rights arising pursuant to obligations it has undertaken under the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights, and other applicable international human rights instruments, and which shall incorporate the principle of proportionality.

2. Such conditions and safeguards shall, as appropriate in view of the nature of the procedure or power concerned, inter alia, include judicial or other independent supervision, grounds justifying application, and limitation of the scope and the duration of such power or procedure.

3.  To the extent that it is consistent with the public interest, in particular the sound administration of justice, each Party shall consider the impact of the powers and procedures in this section upon the rights, responsibilities and legitimate interests of third parties.


Though the first and only multilateral treaty dealing with cyber crime, it does come with a few drawbacks such as delays  and inefficiency in mutual assistance due to procedural lapses and problems in cost and quality of translation of language . There is a need for legal awareness , standardization and proper training. Convention’s request for an additional protocol is yet to be worked out. The 12th plenary of the T-CY talked about how the mutual legal assistance facilitation was too complex and lengthy leading to inefficiency. The outdated nature of provisions and some of them (particularly article 32) infringing on state sovereignty are some of the major drawbacks which prevented countries like Russia to back out and avoid the attack on its sovereignty.


A main global instrument to combat cyber crime, it also acts as a mechanism which lays out international cooperation in the field of cyber terrorism. A product of  four years of work by Council of Europe experts and countries like the United States, Canada and Japan, this convention is a distinctive and all encompassing instrument that safeguards against cyber crime. Though a need for all countries to ratify, expanding the convention to address the drawbacks mentioned above may just act as an incentive for the non-signatories to become party and help in the efficient performance.