Contact Join Member Login
Home » Cyber Security Issues » Convention on Cybercrime

Council of Europe's Convention on Cybercrime: Get the Facts

What is the Council of Europe's Convention on Cybercrime?

The Council of Europe's Convention on Cybercrime is the first and only international, multilateral treaty specifically addressing the need for cooperation in the investigation and prosecution of computer network crimes. It promotes global law enforcement cooperation with respect to searches and seizures and provides timely extradition for computer network-based crimes covered under the treaty.

What is the Council of Europe?

The Council of Europe is a negotiating forum established in 1949 to uphold and strengthen human rights, and promote democracy and the rule of law in Europe. Its 44 sovereign state members include all the European Union. For years, the United States has participated in many Council-sponsored conventions related to criminal matters.

What does the Cybercrime Convention require?

The Cybercrime Convention requires parties to establish laws against cybercrime to ensure that their law enforcement officials have the necessary procedural authority to investigate and prosecute computer-related offenses, and to provide international cooperation to other parties in the fight against cybercrime. Like other multi-lateral conventions, the framework is flexible to allow for adaptation by a variety of legal systems.

What is the current status of the Cybercrime Convention?

The Cybercrime Convention entered into force on July 1, 2004. As of July 2007, the Convention has been signed by 39 Member States of the Council of Europe and 4 Non-Member States. 21 countries have ratified the Convention and entered it into force, including the U.S. Current information on signatures and ratifications can be found here:;=&DF;=&CL;=ENG

Why is the Cybercrime Convention important?

Cybercrime poses a huge threat to global society. One reason is the profound, fundamental change by technology in the way people live, work and communicate. Cybercrime is more far-reaching than traditional crime because it transcends geographical and national boundaries. In recent years, fast-moving computer viruses and worms have temporarily disrupted business operations and emergency services worldwide.

Cybercrime is also challenging existing legal concepts, particularly since it transcends sovereign borders. Cyber-criminals are often in places other than where their crime hits victims. The Council of Europe engineered the Cybercrime Convention to resolve these legal issues and promote a common, cooperative approach to prosecuting people who commit cybercrime.

The Convention on Cybercrime minimizes the barriers to international cooperation that currently impede investigations and prosecutions of computer-related crimes, making it an important tool in the global fight against those who seek to disrupt computer networks, misuse sensitive or private information, or commit traditional crimes using Internet-enabled technologies.

Did the U.S. contribute to the Cybercrime Convention's development?

The idea for the Convention on Cybercrime grew from studies by the Council of Europe in 1989 and 1995. The Council established a committee to draft the Convention, which was finished in May 2001 and opened for signing and ratification on November 23, 2001.

The United States was invited as an "observer" to the two studies and helped develop the final Convention, which included several drafts made available for public comment. Active U.S. participants in the development process included representatives from the Departments of Justice, State and Commerce who closely worked with other U.S. government agencies and interested private parties. U.S. government representatives also met with members of the U.S. technology and communications industry plus public interest groups during 2000 and 2001 to gather and incorporate comments on draft provisions of the Convention. Based on this feedback, the U.S. sought and obtained important revisions to the Convention and its Explanatory Report.

Does the Convention on cybercrime require new legislation in the U.S.?

There is no new legislation required by the United States after its ratification of the Convention on Cybercrime. The Convention allows reservations and declarations by signatories for exemption from particular provisions that contradict national law. The U.S. had a number of reservations and declarations attached to its ratification that protect the Constitutional rights of American citizens.

What has been the role of the European Union and its Member States?

The European Commission participated as an observer in the negotiations on the Cybercrime Convention. The Convention was signed by all EU Member States; however, not all of them have ratified it. For example, ratification is still pending in countries like Belgium, Germany, Spain and the United Kingdom. In its recent Communication "Towards a general policy on the fight against cyber crime," adopted in May 2007, the European Commission calls upon EU Member States and relevant third countries to ratify the Convention. In addition, the European Commission commits itself to looking into the possibility for the European Community to become a party to the Convention.

Are there limits on assistance in investigations and prosecutions in other countries?

The Convention provides for limitations on assistance to other countries. This enables its parties to deny assistance in a variety of circumstances. For instance, the U.S. could deny assistance if an investigation would violate its First Amendment guarantees.

What is CSIA's position on the Cybercrime Convention?

CSIA joined other industry organizations as an active supporter of the Cybercrime Convention and was instrumental to achieving U.S. ratification of the Convention in September 2006. CSIA urges other participating countries to consider ratification of the Convention and further expand international cooperation in the fight against cybercrime.