Fight against Cybercrime

Convention on Cybercrime

Concerned by the risk, computer networks pose to society when they are used for committing crimes and coordinating terrorist activities the Council of Europe member states created the Convention on Cybercrime (CETS No. 185). This Convention is the first international treaty on crimes committed via the Internet and other computer networks.

The Convention was opened for signature in Budapest and is, therefore, also known as Budapest Convention. It entered into force in 2004, provides guidelines for the development of national legislation and serves as a framework for international co-operation.

Parties to the Convention are required to adopt appropriate legislation in order to penalise certain offences, like:

  • offences against network security like illegal access to computer data, interception of data, interference with data, misuse of hard- and software for the purpose of committing a crime
  • computer-related forgery and fraud
  • child pornography
  • infringements of copyright

Signatory states are obliged to foster international co-operation by:

  • assisting the competent authorities of other Parties to the convention in the collection of stored data as well as in the recording of content data in real-time
  • affording each other mutual assistance and, for that purpose, designating a point of contact available on a 24/7 basis
  • extraditing criminals

Since the Cybercrime Convention is not only open to all Council of Europe member states, but to all States, which have participated in its elaboration, a number of non-European countries – among them the USA, Japan and Australia – have become members.

Additional Protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems

A proper balance between freedom of expression – as guaranteed in the European Convention on Human Rights (ECHR) – and an effective fight against acts of a racist and xenophobic nature is essential.

Therefore, the Council of Europe member states drafted the Additional Protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems (CETS No. 189).
The Protocol entered into force in 2006 and is open to all States, which have signed the Cybercrime Convention. Signatory States are required to penalise certain offences, such as:

  • dissemination of racist and xenophobic material through computer systems
  • racist and xenophobic motivated threat
  • racist and xenophobic motivated insult
  • denial, gross minimisation, approval or justification of genocide or crimes against humanity

Definition of “racist and xenophobic material”

The Protocol defines racist and xenophobic material as “any written material, any image or any other representation of ideas or theories, which advocates, promotes or incites hatred, discrimination or violence, against any individual or group of individuals, based on race, colour, descent or national or ethnic origin, as well as religion if used as a pretext for any of these factors”.

The Cybercrime Convention Committee T-CY

Each State Party to the Cybercrime Convention is represented in the Cybercrime Convention Committee T-CY with a delegation of specialists. The T-CY

  • exchanges information on significant legal, policy or technological developments
  • assesses the implementation of the Convention and identifies problems and good practices
  • drafts opinions, guidance notes and legal instruments such as conventions, protocols, agreements or recommendations
  • establishes working groups to research or otherwise address specific questions

Plenary meetings of the T-CY

The T-CY holds two plenary meetings a year. Each State Party to the Cybercrime Convention has one vote in the T-CY. Invited to take part in the plenary meetings as observers are representatives of States which have signed or have been invited to accede to the Cybercrime Convention; Council of Europe member states which haven’t signed the treaty as well as representatives of intergovernmental organisations like Interpol, the African Union, the European Union (EU), the Organisation of American States, the International Telecommunication Union (ITU), the Organization for Security and Co-operation in Europe (OSCE) or the United Nations Office on Drugs and Crime (UNODC).

The Bureau of the T-CY

The Bureau acts as a board to the T-CY. It draws up the T-CY’s workplan and coordinates the work of the T-CY. The Bureau is composed of the acting Chair, the former Chair, the Vice-Chair and at least four elected T-CY members. All Bureau members are elected for a two-year term of office and can serve as many terms as they wish. The Chair and Vice-Chair can only serve two terms of office. In all administrative matters, the Bureau is assisted by a secretariat, headed by an Executive Secretary.

Assessments based on questionnaires

The Convention on Cybercrime does not provide for a monitoring-mechanism. In 2013, however, the T-CY started to carry out assessments regarding the implementation of the Convention by the Parties, based on questionnaires (Observer States may volunteer to participate in the assessments):

  • the T-CY decides which provisions of the Convention on Cybercrime are to be
  • assessed
  • a questionnaire, prepared by the T-CY bureau and the secretariat, is sent to the T-CY members for comments and adoption
  • the T-CY members coordinate with their respective domestic authorities to collect comprehensive replies
  • the T-CY Bureau prepares a draft assessment report, which is sent to T-CY members for comments and is then reviewed at a plenary meeting
  • the final assessment report has to be unanimously adopted and may include recommendations addressed to a specific State
  • the T-CY reviews progress made in the implementation of recommendations within 18 months of the adoption of the report

Capacity Building Programmes on Cybercrime
The Council of Europe assists countries worldwide in the strengthening of their criminal justice capacities on cybercrime on the basis of the Cybercrime Convention.

An example of these efforts is a joint programme between the Council of Europe and the European Union called GLACY+ which aims to prevent and fight organised crime by enabling criminal justice authorities to engage in international cooperation on cybercrime and electronic evidence.

Another one is the Cybercrime@Octopus project, which brings together a large number of cybercrime experts from all over the world, organises the annual Octopus conference on cybercrime and runs the Octopus Cybercrime Community, an online forum for cybercrime experts, data protection authorities and professionals from civil society, industry and academia.



Photos Council of Europe; CyberCrimeScene © Europe’s Human Rights Watchdog