Cybercrime Ad Hoc Committee

The open-ended Cybercrime Ad Hoc Committee is an intergovernmental committee composed of experts and representatives of all regions, mandated with drafting a new cybercrime convention by 2023. The committee was proposed by the Russian Federation and 17 co-sponsors in 2019, and established by the UN GA Resolution 74/247 under the auspices of the Third Committee of the UN General Assembly.

The committee’s modus operandi


In plain language: The ad-hoc committee is tasked with drafting a new cybercrime convention by 2023. In UN language: the committee is tasked with elaborating a comprehensive international convention on countering the use of information and communications technologies for criminal purposes. The work of the committee will be concluded once it presents a draft convention to the General Assembly at its seventy-eighth session in September 2024.


The organisational session was originally scheduled to take place in August 2020, but was postponed to 10-12 May 2021 in New York, due to the impact of the COVID-19 pandemic. There, it was decided that the Ad Hoc Committee shall convene at least six sessions, each lasting ten days. The first session will be held 17–28 January 2022.

The Ad Hoc Committee will meet in Vienna and New York. It will hold its first, third, and sixth sessions in New York and the second, fourth and fifth sessions in Vienna. The consultations among member states of the committee on the meeting schedule are ongoing. The UN Secretary-General’s ‘Proposed programme budget for 2022’ estimates that 3 negotiating sessions of the Ad Hoc Committee will be held in 2022, 3 in 2023 and the final concluding session in 2024.


On substantive matters, the committee will first exhaust every effort to reach agreement by consensus. However, should a consensus not be possible, the Bureau will decide that the decisions shall be taken by a two-thirds majority of present voting representatives. The chair will then inform the committee that every effort to reach a consensus has been exhausted.


At its organisational session, the Ad Hoc Committee elected its officers. The committee is chaired by Algeria, while its 13 vice chairs are Egypt, Nigeria, China, Japan, Estonia, Poland, Russian Federation, Dominican Republic, Nicaragua, Suriname, Australia, Portugal, and the USA. Indonesia was appointed the committee’s rapporteur.

The organisational session of the committee was participated by 178 UN member states.


The chair can invite, as observers, global and regional intergovernmental organisations, representatives of United Nations bodies, and representatives of functional commissions of the Economic and Social Council (ECOSOC). Representatives of NGOs with ECOSOC consultative status can attend the sessions.

The chair and the United Nations Office on Drugs and Crime (UNODC) can draw up a list of relevant NGOs, civil society organizations, academic institutions, and the private sector representatives with expertise in cybercrime, and present it to member states who will then decide on who could participate.

The call for applications for stakeholders to participate as observers in the committee is open. The deadline is 1 December 2021, midnight EST.

The chair is encouraged to hold intersessional consultations with different stakeholders to gather inputs on the draft convention.

Member states are urged to make financial contributions to the UNODC to help representatives of developing countries participate in the committee’s work.

Existing instruments

One of the main questions in the negotiations under the UN auspices is  how the new draft Convention will interplay with the already existing major instruments – the Budapest Convention in particular.

The Budapest Convention, formally known as the Convention on Cybercrime, is the most comprehensive and widely accepted instrument, adopted by the Council of Europe (CoE) in November 2001 and entered into force on 1 July 2004. The Convention includes a list of crimes that each signatory state must introduce into its law. Put in plain language, it requires the criminalisation of activities such as illegal hacking (including the production, sale, or distribution of hacking tools), acts relating to child pornography, and infringements of copyright and related rights. The CoE is currently working on an Additional Protocol which would also address the challenges of sovereignty and jurisdiction.

With 66 signatory parties – 20 of which not being members of the CoE (including the USA, Japan, Australia, and, most recently, Argentina, Cabo Verde, Peru, Colombia, and Ghana) – the Budapest Convention is de facto the international agreement on combating cybercrime, which has inspired numerous regional and national cybercrime regulations. On the other hand, Russia, which is a CoE member, objects, believing that some of the articles (namely Art. 32b) cross the line of state sovereignty, while other major players like China, Brazil, and India do not wish to accept an agreement negotiated by European countries only.

Tabled drafts

The only draft Convention proposed so far has been submitted by Russia. In its proposal, Russia wishes to see the list of internationally designated cybercrimes – 9 categories as per the Budapest Conventionexpanded to 23 cybercrimes. The Russian draft also omits the disputed provision of the Budapest Convention which enables cross-border access to stored computer data during cybercrime investigations.

The next steps

The next step in the process is gathering of the national views on the scope, objectives, and structures (elements) of the new convention. Member states are responding to an invitation from the Chair of the Ad Hoc Committee to do so. The first session of the Ad Hoc Committee, held 17-28 January 2022, will follow.

What to expect in cybercrime in 2022? 

1. The UN Ad Hoc Committee will be in focus as negotiations of the UN Cybercrime Convention advance. The main question will be how to reconcile the text proposed by Russia with the solutions developed by the Budapest Convention. 

2. Russia has crossed the rubicon (even if formally) by going after REvil; this may impact the cybercrime milieu.

3. The US-led coalition with ‘defence forward’, information sharing, and prosecution may show some results.

4. UN discussions may raise cooperation awareness among states.

5. UN processes on cybersecurity and cybercrime have an important capacity development component. More and more developing countries are gaining human and institutional capacities to deal with cybersecurity challenges. This trend will intensify in 2022.