United Nations Convention on Cybercrime: Opportunities, Challenges, and Recommendations for Vietnam

Abstract: The United Nations Convention against was prepared to establish a common legal framework for cooperation among states in sharing information, coordinating investigations, and collecting evidence related to cybercrime and high-tech crime. However, the factors that influenced the negotiation process are expected to continue affecting its future implementation. These include risks of politicization, disparities in technological capacity among states, difficulties in cooperating with private technology corporations, and the evolving nature of international law in the cyber domain. Although the Convention has not yet been officially opened for signature, preparations for its eventual implementation pose challenges and demands. The article addresses the demands that Vietnam needs to consider in refining its national legal system to ensure effective compliance with the Convention’s obligations.

Keywords: Cybercrime; Hanoi Convention, United Nations, cyber security.

1. Introduction

Cybersecurity has become one of the foremost concerns of the international community in the context of the rapid development of information and communication technology, particularly under the impact of the global digital transformation process. Alongside the significant benefits brought by cyberspace, threats to cybersecurity and cybercrime are increasingly rising at an alarming scale. Cyberattacks continue to expand in both form and scope, often crossing borders, causing serious harm to economic, political, and social stability, while also threatening national sovereignty and undermining trust between states.

In response to this situation, since the 2010 Salvador Declaration, United Nations member states have actively promoted discussions aimed at establishing a global cooperation mechanism to prevent and combat cybercrime. This effort stems from the inadequacies of existing conventions, which do not fully reflect the interests and legitimate concerns of the majority of countries, particularly developing nations, whose political, social, legal, and scientific-technological conditions differ significantly. More than four years after the adoption of Resolution 74/247 in 2019, the United Nations Special Intergovernmental Committee officially approved the draft United Nations Convention on Cybercrime—the first international legal instrument of the UN to lay the foundation for a global cooperation framework in areas such as information sharing, coordinated investigation, and evidence collection concerning criminal acts in cyberspace and high-tech environments.

Although the adoption of the draft Convention marks an important milestone, it represents only the initial step in developing regulations governing activities in cyberspace. The challenge lies in continuing to promote cooperation among countries within the UN framework to build a secure cyber environment that does not compromise national security or public order and safety, while also protecting the rights and legitimate interests of agencies, organizations, and individuals. According to the plan, the Convention will be opened for signature at the official signing ceremony to be held in Hanoi in 2025, and subsequently at the United Nations Headquarters in New York until December 31, 2026. The instrument will enter into force once the 40th country completes its ratification, acceptance, or accession procedures[1].

2. Negotiation Process and Key Content of the United Nations Convention on Cybercrime

2.1. Negotiation Process of the Convention

On December 27, 2019, the United Nations General Assembly (UNGA) adopted Resolution 74/247 establishing a Special Ad hoc Committee (AHC) to study the feasibility of drafting an international Convention on the use of information and communication technology for criminal purposes (the Convention)[2]. On May 26, 2021, based on the first organizational meeting of the AHC, the UNGA adopted Resolution 75/282, authorizing the AHC to convene meetings to discuss and negotiate the draft Convention under the chairmanship of Ambassador Faouzia Boumaiza Mebarki of Algeria.

After multiple delays due to the impact of COVID-19, and ongoing disagreements among countries regarding the roadmap (comprising three rounds of consultations and three rounds of textual negotiations), location (alternating between New York, USA, and Vienna, Austria[3]), and meeting format (a hybrid of in-person and online sessions), the negotiation process officially commenced with the first meeting held from February 28 to March 11, 2022, in New York, USA, to finalize the organization of the subsequent five sessions[4]. Another notable aspect of this negotiation process was the significant financial contributions from the United States, China, Russia, and the European Union in funding the Secretariat and nearly 70 delegations participating in the sessions.

During the discussions, countries increasingly displayed clear divergences in positions between groups regarding the scope of the Convention on criminalization and international cooperation. This created challenges for the Algerian Chair and the UN Secretariat in effectively managing and organizing the sessions to maintain progress. For the first time at the UN, the negotiation process involved major technology corporations such as Microsoft, Meta, Google, Amazon, as well as organizations representing the business community, including the International Chamber of Commerce (ICC). These organizations and corporations continuously submitted written inputs during the AHC sessions[5].

In addition to six expert-level discussion sessions, the AHC Chair organized five intersessional consultations to bridge gaps among parties. Starting from the fourth session (January 9–20, 2023) and the fifth session (April 11–21, 2023), the AHC Chair prepared the first consolidated draft and authorized facilitators to promote discussion by dividing provisions into smaller groups[6].

According to the initial plan, the negotiation session to adopt the draft Convention for submission to the UNGA was scheduled in New York from January 29 to February 9, 2024. During this session, the AHC Chair requested continuous negotiations—morning, afternoon, and evening—for the final five days. However, due to substantial remaining differences[7], the AHC decided to temporarily suspend the session to avoid a breakdown in negotiations. From July 29 to August 9, 2024, by reconvening the final session with the participation of more than 154 countries, after two weeks of intense negotiations that at times seemed on the verge of collapse, the AHC reached consensus on August 8, 2024, on the full package: the draft Convention, the Explanatory Document for certain provisions, and the draft UNGA Resolution. The Explanatory Document aims to clarify the scope of states’ flexibility in applying certain provisions, and the UNGA Resolution allows the AHC to continue its work to initiate negotiations on a supplementary Protocol to the Convention two years after the adoption of the Resolution. Accordingly, the full title of the Convention is: United Nations Convention on Cybercrime: Enhancing International Cooperation to Combat Crimes Involving the Use of Information and Communication Technology and Sharing Electronic Evidence Related to Serious Offenses[8]. This title reflects a compromise between countries advocating for a “comprehensive” Convention covering all types of cyber-related or cyber-enabled crimes, and countries participating in the Council of Europe’s Cybercrime Convention (also called the ‘Budapest Convention’), which focus solely on crimes committed in cyberspace. However, prior to the full adoption, several provisions of the draft Convention had to undergo voting at the request of certain countries.

2.2. Key Contents of the Convention

The draft Convention consists of 9 Chapters and 68 provisions, with the main contents as follows:

First, it establishes uniform definitions for basic cybercrime terminology, including updates on virtual currency; standardizes six high-tech crime offenses and three offenses related to child abuse and personal images; and standardizes five investigative measures related to data access (covering both stored and online data). These terms, offenses, and measures are developed with reference to the Budapest Convention and other regional conventions on high-tech crime to ensure interoperability among these international legal instruments.

Second, it affirms national sovereignty in cyberspace and the responsibility to engage in international cooperation in preventing and combating cybercrime (such as mutual legal assistance, joint investigations, asset recovery), while ensuring that such measures do not infringe on fundamental human rights in cyberspace. This represents a balance between the rights and obligations of state and individual actors in cyberspace today.

Third, it establishes a 24/7 contact network among all member states with functions suited to combating cybercrime, such as “freezing” domestic electronic data upon request, supporting emergency responses, and collecting electronic evidence. This requirement reflects the cross-border nature of cybercrime, which is not limited by space or time.

Fourth, it promotes preventive measures against cybercrime by requiring businesses to ensure the security and safety of their products to protect users, safeguard children online, and raise community awareness of cybercrime risks. The responsibility of technology companies to coordinate with authorities is a distinctive feature of cyberspace, as technical infrastructures and service platforms are primarily managed by private enterprises.

Fifth, it provides for technical assistance and capacity building through the United Nations Office on Drugs and Crime (UNODC), including activities such as improving the legal framework for cyberspace, enhancing capacities for digital evidence storage and management, and providing and training on modern equipment. These supports are a prerequisite to enable less developed and underdeveloped countries to participate effectively in international cooperation on cybercrime.

Sixth, the Convention will enter into force only after ratification by 40 countries, and the adoption of any supplementary Protocol may occur only after more than 60 countries have acceded to the Convention. This represents a compromise among states to ensure broad participation of UN members while limiting premature expansion of the Convention through Protocols.

3. Factors Affecting the Negotiation Process of the Convention

The consensus reached in adopting the Convention can be regarded as an unexpectedly successful outcome[9], raising questions about why countries compromised despite significant differences, the limits of parties during negotiations, and the factors likely to influence the implementation of the Convention.

3.1. Factors Promoting the Negotiation of the Convention

The negotiation process clearly demonstrates that combating cybercrime is a very new issue, combining traditional criminal law with rapidly evolving information and communication technology, making the negotiation process highly complex, involving both legal-technical and high-tech aspects. At the same time, there were inevitable suspicions among countries regarding the goodwill and commitment to combating cybercrime; some even accused each other of tolerating cybercrime aimed at undermining economic activities or political stability. In this context, it was extremely complicated for countries with opposing legal-political positions and interests to agree on an acceptable document, requiring time, mutual compromise, and political determination from all parties. The active promotion of the Convention by countries, especially the four with the greatest technological influence—the United States, China, Russia, and the European Union—may be attributed to several reasons:

First, cybersecurity issues and cybercrime activities have increased alarmingly over the past decade. Cyberattacks have rapidly evolved in form and scale, seriously affecting the economic, political, and social stability of countries, threatening sovereignty, and eroding trust among states due to the cross-border and anonymous nature of cyberspace. Meanwhile, the UN lacked a common legal framework for countries to cooperate in information sharing, joint investigations, and evidence collection related to cybercrime. Therefore, the development and early signing of a UN Convention on preventing and combating cybercrime were considered highly necessary.

Second, the draft Convention is expected to create a legal framework to enhance the effectiveness of international cooperation in combating cybercrime, demonstrating the international community’s collective determination and commitment to addressing this new type of crime. The draft Convention affirms the sovereignty and responsibility of each country in combating cybercrime, coupled with a 24/7 cooperation mechanism among law enforcement agencies, ensuring timely and effective mutual legal assistance; it encourages coordination with experts, associations, and technology companies for prevention and deterrence of cybercrime; and it allows early discussions on developing a supplementary Protocol to keep pace with rapid technological developments and new types of crime.

Third, as the first global international legal instrument on cyberspace, the successful development of the Convention underscores the role and importance of the UN in promoting international law to establish a global cooperation framework to address common challenges faced by the international community. The Convention will also further consolidate and improve the UN’s international legal instruments for crime prevention, such as the United Nations Convention against Corruption (UNCAC) and the United Nations Convention against Transnational Organized Crime (UNTOC). The consensus on the draft Convention continues to affirm the value and contribution of multilateralism at the UN in addressing global issues.

The draft Convention is the result of negotiation and compromise surrounding different, and sometimes conflicting, national perspectives, interests, and practices regarding the scope of the Convention, principles of law enforcement and international cooperation, and technology transfer. Therefore, the success of the draft Convention negotiations is highly encouraging, particularly for developing countries, contributing to narrowing the digital capacity gap among nations.

3.2. Factors Causing Divergence in the Negotiation Process of the Convention

The negotiation process of the Convention encountered numerous obstacles and difficulties, as follows:

First, regarding influence competition, China–Russia and the US–EU continuously and frequently clashed over directing the negotiation process. Russia and China had the advantage of being the primary promoters of the negotiation mechanism, as well as presenting the first draft for the Ad Hoc Committee (AHC) to discuss the structure of the Convention, with the goal of establishing a new international rulebook on cybercrime, affirming national sovereignty over cyberspace, rejecting the value of the Budapest Convention[10], requesting the addition of more than 20 new offenses, and expanding international cooperation in cyberspace[11]. Conversely, after initial hesitation, the US and the EU actively engaged to limit the influence of Russia–China, seeking to harmonize the UN Convention with the Budapest Convention in terms of both text and structure, as well as investigative measures; they only cooperated in promoting existing UN conventions on crime, namely the United Nations Convention against Transnational Organized Crime (UNTOC) and the United Nations Convention against Corruption (UNCAC). Negotiations showed that Russia and China struggled to maintain sufficient influence and lead the forum as desired due to Russia’s international isolation over the Ukraine situation, and their limited practical experience and resources to promote cybercrime cooperation. Meanwhile, the US and EU leveraged the existing network of Budapest Convention members, expanded participation by funding delegations from smaller countries, and drew on expert opinions from technology corporations and non-governmental organizations in the negotiations. Additionally, this group had technological capacity, resources, and practical experience in cyberspace governance. Therefore, in practice, the Convention represents a compromise between Russia–China’s desire for a UN initiative and the US–EU’s aim to expand the Budapest framework[12].

Second, in terms of maintaining competitive advantage, Russia–China sought a Convention with broad jurisdiction, direct law enforcement measures, comprehensive international cooperation responsibilities, and coverage of crimes affecting national security (e.g., terrorism, incitement of violence, hate crimes), thereby compelling the US–EU to share access to global technology infrastructure data and requiring US technology corporations to cooperate in filtering harmful content online. In contrast, the US–EU only agreed to address basic types of cybercrime (such as computer attacks, data theft, malware production, cyberattack tools), limited content coverage (only including child abuse and personal images), established grounds for non-cooperation, and required a 24/7 cooperation mechanism similar to Budapest to minimize resource costs[13] during implementation. Moreover, the US–EU accepted technical assistance and provision of personal data only based on agreements, compelling countries to sign direct agreements with the US for access to data held by US companies[14], while prioritizing capacity-building cooperation in alignment with US policy. Throughout negotiations, the US–EU considered protection of critical technology infrastructure, as well as the transfer of encryption/decryption technologies, as “red lines.” They also imposed high standards for cooperation in electronic evidence collection and data transfer, minimized obligations of technology companies in cooperating with foreign law enforcement, and required human rights standards in cyber law enforcement to align with the Budapest framework. These conditions allowed the US–EU to maintain preferential levels of cooperation with willing countries.

Third, there was competition over the social governance model in cyberspace. Motivated by the promotion of Western liberal values, particularly individual freedom, including freedom online, the US–EU group pushed for specific provisions protecting human rights in cyberspace and clear criteria for investigative agencies in safeguarding individual privacy online. Conversely, countries following traditional cultural values, such as Russia–China and many Islamic states with restricted self-expression in terms of identity, gender, and sexuality, demanded sovereign authority to implement stringent societal management measures. For matters requiring compromise with the US–EU, traditional states insisted that Convention criteria be consistent with domestic law, to prevent external pressure from interfering with internal affairs.

Fourth, differences existed in national governance practices and legal frameworks for cyberspace. During negotiations, Russia–China proposed numerous provisions concerning standardization and mutual recognition of electronic evidence, criminalization of abuse behaviors, and special investigative measures in cyberspace. However, discussions revealed that although countries supported the general principles, they lacked sufficient practical experience to legislate these provisions at the present time[15]. Nonetheless, the US, Russia, and China all promoted regulation of digital/virtual assets, even though many countries (including Vietnam) do not yet have legal frameworks to handle such specialized assets. Notably, the transfer of personal data under the Convention was of concern to countries but could only achieve agreement in principle[16], leaving detailed arrangements to be negotiated among the directly concerned parties. These issues may continue to evolve during the implementation of the Convention.

3.3. Some Challenges Affecting the Implementation of the Convention

From the above analysis, it is clear that the current draft of the Convention represents a temporary compromise among major country groups. The effectiveness and enforceability of the Convention once it comes into force will depend on the following four factors:

First, maintaining the guiding principles set out in the Convention, including the principle of national sovereignty and territorial integrity, the principle of non-intervention in the internal affairs of other states, and the principle ensuring that obligations under this Convention are consistent with a state’s obligations under international human rights law. Implementing, maintaining, and exercising sovereignty in cyberspace is critically important and requires technical, legal, and institutional capacity; otherwise, countries with weak technological and human resources may become dependent or even reliant on foreign powers when addressing cybercrime issues, posing risks to national security[17].

Second, transparent use of the tools provided by the Convention, such as international cooperation in investigations, evidence provision, and capacity-building support. Major powers such as the US, China, Russia, and the EU have differing views on Internet governance, data security, and user privacy. This creates inconsistency in defining common standards for implementing the Convention. Some countries possess financial and technical resources far exceeding others, particularly the disparity between developed and developing countries, which may lead to inequalities in the ability to enforce the Convention’s provisions. Consequently, technologically advanced states may leverage their advantages to impose favorable policies during implementation, using political and economic influence to promote Convention activities benefiting themselves or to pressure the removal of actions contrary to national interests, thereby weakening the Convention’s unity and comprehensiveness. Therefore, when states implement cooperative activities under UN coordination via UNODC or negotiate bilateral agreements to implement the Convention, transparency must be ensured, avoiding politicization of the Convention and the use of the Convention as a tool to create unjustified divisions or power consolidation.

Third, the process of developing international legal frameworks for cyberspace, including cybersecurity, has unique characteristics as it encompasses both inter-state relations and relations involving organizations and individuals, rather than merely a framework agreement between sovereign states[18]. This limitation does not fully address the concerns of countries, particularly major powers, regarding cybersecurity, especially the risks of espionage and targeted cyberattacks from adversarial states. Geopolitical competition may make states reluctant to share intelligence or fully cooperate in investigating cybercrime cases. More critically, in a context of strategic competition, major powers could use cyberattacks as tools in military and diplomatic strategy. This complicates the distinction between cybercrime and state-sponsored cyber warfare, making Convention implementation more difficult. Therefore, further refinement of the legal framework for cyberspace is essential to maintain peace and stability in cyberspace.

Fourth, the ability of governments to monitor and control technology corporations early and remotely. Large technology corporations play a crucial role in implementing the Convention because they control digital infrastructure, which is often a target of cybercrime. With advanced technologies and vast resources, these corporations can develop strong cybersecurity tools and lead in detecting and responding to emerging threats, thereby shaping global cybersecurity standards and influencing the enforcement of the Convention’s provisions. Additionally, technological competition between countries and among major corporations may lead to technology protectionism and tech wars, particularly in areas such as artificial intelligence (AI), 5G telecommunications, and cybersecurity. Consequently, countries and corporations may refuse to cooperate or share advanced technology, including security-related technologies, reducing the Convention’s global enforceability, particularly regarding technology transfer. Furthermore, due to market competition, service providers may avoid cooperating with foreign law enforcement agencies. Therefore, states will need dialogue and consensus on approaches to cooperation between technology corporations and law enforcement to balance the need for cybersecurity and social order in cyberspace with the normal activities of individuals, organizations, and businesses online, ensuring that regulations are applied fairly, transparently, and reasonably.

4. Vietnam’s Participation in the Hanoi Convention and Its Implications

4.1. Vietnam’s Negotiation Process

Vietnam has been an active participant in the negotiation of the Convention, demonstrating a willingness to listen and share its perspectives, which has earned the trust and high regard of the United Nations and partner countries[19]. Based on the policy of elevating multilateral diplomacy and actively participating in the development of international legal frameworks at the UN, and pursuant to the directives of the Prime Minister, during 2022 and 2023, an inter-ministerial delegation[20] attended six sessions of the Ad Hoc Committee (AHC) and informal consultation sessions within the AHC framework. The delegation’s positions focused on asserting national sovereignty in cyberspace, promoting international cooperation on cybercrime to the maximum extent, enhancing technical support and capacity building, and combining these with effective preventive measures.

During participation in the sessions, based on the approved policy, the Vietnamese delegation made substantive and proactive contributions, supporting the AHC Chair and Secretariat in drafting the Convention. Additionally, the Vietnamese delegation successfully coordinated the group of provisions under the theme “Law Enforcement Measures” at Session 5, where certain high-level operational measures, such as interception of connection data and direct content data, faced significant debate regarding feasibility from technology corporations, privacy risks for multiple countries, and the perspective of not limiting the investigative authority of countries with advanced technological infrastructure.Under the authorization of the President to appoint the Ambassador and Head of the Vietnamese Delegation to the UN as Chief Negotiator, the Ministry of Foreign Affairs led and coordinated with relevant ministries, sectors, and agencies[21] to participate in the Convention negotiation sessions held from 29 January to 9 February 2024 and from 29 July to 9 August 2024 at the UN Headquarters in New York, USA. The Vietnamese delegation also participated in a joint statement of 35 countries expressing views on certain contents of the draft Convention (introduced by Egypt), which called for ensuring a balance between human rights protection and law enforcement authority, emphasizing technical support and technology transfer. After the voting and the adoption of the draft Convention, the Vietnamese delegation made a statement expressing its positions on several provisions of the document[22].

It can be said that choosing Hanoi as the first site for the signing of the Convention demonstrates Vietnam’s efforts and new developments in foreign affairs. As the host country of the signing ceremony, Vietnam can leverage this event to promote cooperative initiatives within ASEAN and globally, creating momentum to advance the national digital transformation strategy—not only in technology but also in establishing a modern legal and digital governance environment consistent with international standards[23].

4.2. Some Recommendations for Vietnam in the Implementation of the Convention

Vietnam is among the countries with one of the highest levels of Internet penetration worldwide, with 78.44 million Internet users as of early 2024, equivalent to 79.1% of the population[24]. The “Global Cybercrime Index” report published by a team of experts from UNSW Canberra on 10 April 2024 highlighted that Vietnam falls into the “Red Alert” category, with its World Cybercrime Index (WCIs) ranking first in Southeast Asia, among the top six in the Asia-Pacific (APAC) region, and 22nd globally[25].

According to official statistics, in 2023, nearly 16,000 reports related solely to online fraud were recorded, causing losses of 390,000 billion VND, an increase of 64.78% compared to 2022[26].

The report prepared by Viettel Cyber Security, based on data from the Viettel Threat Intelligence System regarding the cybersecurity landscape in Vietnam in 2024, shows that the volume of data encrypted by cyberattacks reached 10 terabytes, causing an estimated total loss of 11 million USD. These attacks not only encrypted data but also combined data theft to increase pressure for ransom demands. Data breaches have increased sharply in Vietnam, with 14.5 million accounts leaked, accounting for 12% of the global total, resulting in the widespread sale of personal information and corporate documents on online platforms[28]. In addition, the report also highlights cyberattack trends expected to develop in 2025. Accordingly, criminals are likely to increasingly exploit AI to create more sophisticated malware, use deepfake technology to impersonate voices, images, or videos in more advanced ways. IoT devices and blockchain platforms are emerging targets for hackers, particularly poorly secured devices and cryptocurrency trading platforms[29]. Therefore, the signing of the Convention is of great significance and opens many opportunities and channels for international cooperation in combating cybercrime in Vietnam. As analyzed above, in the process of implementing the Convention, Vietnam will need to focus on the following issues:

First, promptly selecting and establishing a network of Convention enforcement partners between Vietnam and certain countries, international organizations, and key technology corporations. In particular, intergovernmental cooperation between countries requires a framework for collaboration, information-sharing agreements, and the establishment of mechanisms for periodic dialogue and consultation. The Convention provides an opportunity for Vietnam to participate in, receive, and develop mechanisms, networks for technical assistance, capacity building, and technology transfer with bilateral partners. These mechanisms and networks will enhance the ability to forecast, prevent, and respond to cybercrime, while also deepening and bringing Vietnam’s bilateral relations with partner countries into practical effect.

Second, building a national legal framework for implementing the Convention is a crucial process to ensure compliance with and full enforcement of its provisions, including international cooperation in combating cybercrime. Vietnam needs to promptly designate a 24/7 focal mechanism with sufficient authority to engage in international cooperation. Vietnam also needs to establish regulations to manage virtual/digital assets and new forms of digital technology in order to comply with the Convention and exercise national sovereignty in cyberspace. Simultaneously, regulations related to cooperation and information exchange between competent authorities and service providers in telecommunications, internet, and digital services must be completed in accordance with the principles of the Convention.

Third, the key to the successful and effective implementation of the Convention is preparing the infrastructure to operationalize it. Investment in technical technologies is crucial to ensure the investigative and preventive capacity of specialized cyber forces; Vietnamese authorities need to master modern, advanced technologies to keep pace with sophisticated tactics and methods of cybercriminals. In addition to technology, human factors also play a decisive role in enforcing the Convention. Combating cybercrime requires a diverse and specialized workforce, including state agencies such as law enforcement (cyber police), emergency response centers (CERT), judicial authorities such as judges, lawyers, legal experts in cybercrime, and extending to technology corporations and all participants in cyberspace.

Fourth, Vietnam needs to continue actively participating in the process of completing the international legal framework on cyberspace. It is evident that the intersection between cybercrime and cybersecurity may reduce the effectiveness of combating cybercrime until a new cybersecurity legal framework is established. Accordingly, countries need to affirm and enforce legally binding commitments regarding rights and legitimate interests in cyberspace. This process will continue to be a tense struggle at the United Nations in the coming period, requiring Vietnam’s active involvement.

5. Conclusion

The fact that the draft Convention, after a prolonged and challenging negotiation process, was ultimately adopted by consensus demonstrates that despite profound differences in many areas, the international community shares a strong need to establish a legal framework as a foundation for international cooperation in combating cybercrime. This also reaffirms the role and importance of multilateralism and international law at the United Nations in promoting global collaboration to address common challenges. The factors that influenced the negotiation process will continue to affect the effectiveness of the Convention’s implementation, including risks of politicization, disparities in technological capacity, the ability to cooperate with technology corporations, and the ongoing evolution of international law in cyberspace.

In the future, implementing the Convention will also present several requirements for Vietnam, such as developing infrastructure and networks of Convention enforcement partners and establishing a domestic legal framework to operationalize the Convention. Nevertheless, the negotiation, signing, accession, and eventual implementation of the Convention will further strengthen Vietnam’s cooperation in combating high-tech crime with countries in the region and worldwide. It will also provide opportunities to access technical assistance programs, training for capacity building, and technology transfer, enhancing the capabilities of law enforcement agencies, contributing to national security, improving the effectiveness of crime prevention, and deepening bilateral relations between Vietnam and other countries.

1. “ Viettel Cyber Security Publishes 2024 Cybersecurity Situation Report in Vietnam ”, https://viettel.com.vn/vi/tin-tuc-va-su-kien/tin-tuc/viettel-cong-bo-bao-cao-tinh-hinh-an-ninh-mang-tai-viet-nam-nam-2024/, Accessed on 16/4/2025

2. Bruce M, Lusthaus J, Kashyap R, Phair N, Varese F (2024) Mapping the global geography of cybercrime with the World Cybercrime Index. PLoS ONE 19(4): e0297312. https://doi.org/10.1371/journal.pone.0297312,Accessed on 20/5/2025

3.Communist Party of Vietnam Electronic Portal, “Hanoi Convention Signing Ceremony: A New Development Step for Vietnam in Multilateral Diplomacy,” https://dangcongsan.org.vn/bongoaigiao/lists/tinhoatdong/view_detail.aspx?itemid=2806, Accessed on 16/4/2025

4. Do Viet Cuong & Nguyen Quang Ha, Vietnam is considered an active participant in the treaty negotiation process, demonstrating a willingness to listen and share its perspectives, which has earned the trust and high appreciation of the United Nations and partner countries. Vietnam Law and Legal Forum, https://vietnamlawmagazine.vn/hanoi-convention-against-cybercrime-a-milestone-for-the-world-and-vietnam-73746.html, truy cập ngày 20/6/2025

5. General Assembly, United Nations Convention against Cybercrime; Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes, https://documents.un.org/doc/undoc/gen/n24/426/74/pdf/n2442674.pdf, truy cập ngày 20/5/2025

6. Tran Trong Hoan, Ngo Anh Hoang, Identifying Fraud and Asset Misappropriation Methods on Social Media and Some Preventive and Combative Measures, https://www.sbv.gov.vn/webcenter/portal/m/menu/trangchu/ddnhnn/nctd/nctd_chitiet?centerWidth=100%25&dDocName=SBV615294&leftWidth=0%25&rightWidth=0%25&showFooter=false&showHeader=false&_adf.ctrl-state=iwho0yrkz_9&_afrLoop=20293597510991755#%40%3F_afrLoop%3D20293597510991755%26centerWidth%3D100%2525%26dDocName%3DSBV615294%26leftWidth%3D0%2525%26rightWidth%3D0%2525%26showFooter%3Dfalse%26showHeader%3Dfalse%26_adf.ctrl-state%3D17lfptauw0_4, Accessed on 16/4/2025

* Dr. Nguyen Minh Vu, Ministry of Foreign Affairs, Deputy Head of the Convention Negotiation Delegation. Approved for publication on 23/01/2025. Email: nguyen_minhvu@yahoo.com

** M.d. Nguyen Huu Phu, member of the Negotiation Delegation

*** Assoc. Prof. Dr. Nguyen Thi Hong Yen, Hanoi Law University

[1] General Assembly, United Nations Convention against Cybercrime; Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes, https://documents.un.org/doc/undoc/ gen/n24/426/74/pdf/n2442674.pdf, truy cập ngày 16/4/2025

[2] Russia is the country that initiated the development of the International Convention on Combating the Use of Information and Communication Technology for Criminal Purposes.

[3] According to the parties’ calculations, negotiations in New York would allow all 193 UN member states to send representatives (though not specialized in crime), while negotiations in Vienna, Austria would leverage expertise in crime-fighting cooperation (but only about 125 countries have permanent missions there, with many African and Latin American countries lacking representation in Vienna).

[4] https://www.unodc.org/documents/Cybercrime/AdHocCommittee/Website/AHC_Road_map.pdf

[5] Microsoft submitted written opinions for all eight negotiation sessions and played a role in coordinating the positions of the Big Tech group at the AHC.

[6] The AHC Chair selected 20 groups of provisions with significant differing opinions and appointed 20 facilitators; Vietnam was chosen as the facilitator for Group 6 (Regulations on investigative operational measures).

[7] Includes issues such as: (i) the name of the Convention; (ii) provisions on the protection of human rights; (iii) the scope of criminalization under the Convention; (iv) the scope of international cooperation under the Convention; (v) conditions for conducting investigative operations; (vi) the initiation of negotiations on a Protocol for additional criminalization under the Convention.

[8] General Assembly, United Nations Convention against Cybercrime; Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes, https://documents.un.org/doc/undoc/ gen/n24/426/74/pdf/n2442674.pdf, truy cập ngày 16/4/2025

[9] When adopting Resolution 74/247, the UN General Assembly held a vote with a narrow margin: 79 in favor (from Russia, China, most of Asia and Africa); 60 against (the U.S., Europe); and 33 abstentions (mainly from South America).

[10] The Budapest Convention of the Council of Europe on Cybercrime was signed in 2001 and currently has over 65 member countries; participation in the Budapest Convention requires the consensus of all current members. The U.S. and Russia participated in the negotiations of this Convention as observers, but only the U.S. signed (2001) and ratified (2007), while Russia objected, noting that the Convention does not recognize national sovereignty over cyberspace.

[11] China and Russia consistently proposed that international cooperation, especially the exchange of digital evidence, should apply to all types of crimes in all countries, not just those crimes recognized by the Convention.

[12] After achieving the goal of harmonization with the Budapest Convention, and to avoid losing control over the UN-level implementation process, the U.S. and EU continued to require that the development of the Convention proceed only when 60 countries are members (calculating that Russia and China could not push it alone and would have to wait for U.S.-EU participation).

[13] According to plans, countries that have participated in Budapest would not need to invest additional resources to implement the Convention and could apply it directly; the information that the U.S. could provide to foreign countries would only include connection data (of small volume), not content data (which is the main data repository of tech corporations).

[14] In practice, the U.S. applies this measure based on the Clarifying Lawful Overseas Use of Data Act (CLOUD Act); to date, the UK and EU are negotiating directly with the U.S. to allow authorities to request U.S. tech companies to provide data, instead of going through a central agency.

[15] Unlike Vietnam, countries with federal systems (such as the U.S., Brazil, Australia…) have multiple internal regulations on cyberspace; only some technology-advanced states, like California and New York, have specific laws on cyberspace, such as data protection or digital evidence. Even among EU countries, there is no unified regulation on digital evidence standards.

[16] The U.S. and EU have different views on personal data protection—while the EU seeks to impose GDPR standards, the U.S. has no federal law on personal data protection and thus refuses to support this proposal.

[17] Recently, the U.S. has implemented the Counter Ransomware Initiative (CRI), directly supporting many cases in Latin American countries, but creating a dependency risk for these countries on U.S. technological capabilities.

[18] Such as the 1982 UN Convention on the Law of the Sea or the Convention on the Peaceful Uses of Outer Space (COPOUS).

[19] By Viet Cuong & Nguyen Quang Ha, Vietnam is considered an active participant in the treaty negotiations, showing willingness to listen and share views, which earned the trust and high appreciation of the United Nations and partner countries, Vietnam Law and Legal Forum, https://vietnamlawmagazine.vn/hanoi-convention-against-cybercrime-a-milestone-for-the-world-and-vietnam-73746.html,Accessed on 20/6/2025

[20] Led by the Ministry of Foreign Affairs, in coordination with the Ministry of Public Security, Ministry of National Defense, Ministry of Justice, Ministry of Information and Communications, the Supreme People’s Procuracy, and the Supreme People’s Court.

[21] The negotiation delegation, led by the Ministry of Foreign Affairs, included participation from the Ministries of Public Security, National Defense, Justice, Information and Communications, the Supreme People’s Procuracy, and the Supreme People’s Court. During negotiations, Vietnam proposed several content suggestions, which were recorded and reflected in the draft Convention, such as the role of cybersecurity experts and procedures for the Convention’s effectiveness.

[22] Including Article 2 on virtual asset management, Article 6.2 on human rights protection, and Article 16 on acts of distributing sensitive images.

[23] Vietnam Communist Party Electronic Portal, Hanoi Convention Signing Ceremony: A New Step Forward for Vietnam in Multilateral Diplomacy, https://dangcongsan.org.vn/bongoaigiao/lists/tinhoatdong/view_detail.aspx?itemid= 2806,Accessed on 16/4/2025

[24] Source: https://vecom.vn/nhung-con-so-ve-digital-tai-viet-nam-2024-ma-ban-phai-biet, Accessed on 15/4/2025

[25] Bruce M, Lusthaus J, Kashyap R, Phair N, Varese F (2024) Mapping the global geography of cybercrime with the World Cybercrime Index. PLoS ONE 19(4): e0297312. https://doi.org/10.1371/journal.pone.0297312

[26] Tran Trong Hoan, Ngo Anh Hoang, Identifying Fraud and Asset Misappropriation Schemes on Social Media and Some Prevention and Control Measures, https://www.sbv.gov.vn/webcenter/portal/m/menu/trangchu/ddnhnn/nctd/nctd_ chitiet?centerWidth=100%25&dDocName=SBV615294&leftWidth=0%25&rightWidth=0%25&showFooter=false&showHeader=false&_adf.ctrl-state=iwho0yrkz_9&_afrLoop=20293597510991755#%40%3F_afrLoop%3D20293597510991755%26centerWidth%3D100%2525%26dDocName%3DSBV615294%26leftWidth%3D0%2525%26rightWidth%3D0%2525%26showFooter%3Dfalse%26showHeader%3Dfalse%26_adf.ctrl-state%3D17lfptauw0_4, Accessed on 16/4/2025

[27] “Viettel Announces the 2024 Cybersecurity Situation Report in Vietnam”, https://viettel.com.vn/vi/tin-tuc-va-su-kien/tin-tuc/viettel-cong-bo-bao-cao-tinh-hinh-an-ninh-mang-tai-viet-nam-nam-2024/, Accessed on 16/4/2025

[28] “Viettel Announces the Cybersecurity Situation Report in Vietnam 2024”, https://viettel.com.vn/vi/tin-tuc-va-su-kien/tin-tuc/viettel-cong-bo-bao-cao-tinh-hinh-an-ninh-mang-tai-viet-nam-nam-2024/, Accessed on 16/4/2025

[29]As above