Will The New UN Cybercrime Treaty Be a Help or a Hindrance?

A new UN cybercrime treaty that has been deliberated for half a decade now appears to be on pace to go into force, possibly in very early 2026. It breaks new ground in formally defining cyber crimes at an international level and empowering cross-border enforcement capability, but there is also a strong current of criticism that sees it as a potential positive development for authoritarian governments and even for criminals themselves.

65 nations sign on to UN cybercrime treaty, 40 ratifications activates it

At this point, 72 nations have at least agreed in principle to the cybercrime treaty and 65 have signed on to it as of the formal adoption ceremony in Hanoi last week. 40 of these will need to formally ratify before it goes into effect, however, at which point it will become active in 90 days. That would likely have it going active no earlier than February 2026.

The UN does not make public exactly who has signed the cybercrime treaty, at least not at this stage. Some individual countries have verified their status independently, however, such as China and Iran. One notable known holdout is the United States. The US has only said that the State Department is still reviewing the treaty’s terms, but resistance from both Big Tech and privacy advocates points to why it might not yet be on board.

Vagueness in terms seems to be the common thread among all groups critical of the cybercrime treaty. There are concerns that overly broad definitions of what constitute crimes could lead to various abuses by more authoritarian governments, and that these governments might also shut down vulnerability testing and disclosure by threatening ethical hackers under the newly available terms. Another worry in the “vagueness” category is that data protection terms for the cross-border sharing that the treaty promotes are not well-defined, leading to natural concerns about leaks and inappropriate sharing.

There is also the history of the cybercrime treaty to consider. Two of the central driving forces behind it have been China and Russia, spurred primarily by their discontent with the existing Budapest Convention on Cybercrime. Some critics have also cast a side-eye at the choice of Vietnam as the host of the signing ceremony, given it is regularly flagged by human rights organizations and other nations for speech suppression by the  government.

UN cybercrime treaty likely to be new reality regardless of reception

The cybercrime treaty is groundbreaking and goes beyond prior international agreements in criminalizing a broad variety of cyber offenses. It also formalizes an “always on” cooperation network between member nations, allowing suspects to be tracked and evidence to be shared much more quickly than before.

But in addition to human rights and privacy groups, the tech industry is generally none too fond of this idea. Big names such as Microsoft, Meta and Cisco have already registered objections to the terms, with one of the major industry lobbying groups calling it a “surveillance treaty.”

Regardless of the substantial dissent, potentially impacted organizations will have to prepare for the new rules becoming a reality sometime in early 2026. In practice this could mean a greater volume of cross-border data requests from foreign nations, new restrictions on vulnerability testing, and a compliance review of privacy frameworks with an eye toward international human rights obligations, among other possibilities.