Convention on Cybercrime (Budapest Convention)

The Convention includes a list of crimes that each signatory state must introduce into its own law. Put in plain language, it requires the criminalisation of activities such as illegal hacking (including the production, sale, or distribution of hacking tools) and of acts relating to child pornography; it also expands criminal liability to unlawful content such as intellectual property violations. The Additional Protocol from 2003 extends the coverage to racist and xenophobic content. 

The Convention also requires each signatory state to implement specific procedural mechanisms for digital investigations. For example, law enforcement authorities must be granted the power to compel an Internet service provider (ISP) to monitor traffic in real time (Article 20). Furthermore, the Convention requires signatory states to provide international co-operation to the ‘widest extent possible’ for investigations and proceedings, or for the collection of electronic evidence (Article 23). In a nutshell, the Convention calls on states to pursue a common policy, to adopt appropriate legal frameworks, to raise awareness, and to develop mechanisms for international co-operation against cybercrime and for digital investigations. 

The CoE is currently working on an Additional Protocol which would also address the challenges of sovereignty and jurisdiction.