Cyber-Sovereignty Beyond Boundaries: Why the Hanoi Convention is India’s Answer to the Budapest Dilemma

Author: Vinayak S.
Prof. NR Madhava Menon Interdisciplinary Centre for Research Ethics and Protocols- CUSAT, Ernakulam
——————————————————————————————————————————————————————
💡 3 Quick Takeaways
- India’s current reliance on Mutual Legal Assistance Treaties (MLATs) and bilateral arrangements is insufficient to effectively combat transnational cybercrime.
- India’s reluctance to join the Budapest Convention stems primarily from concerns relating to sovereignty, reciprocity, and cross-border data access.
- The United Nations Convention against Cybercrime (Hanoi Convention) offers a more inclusive and future-oriented framework that aligns more closely with India’s legal and strategic interests.
Introduction
Cyberspace is constantly evolving, with technological advancements profoundly influencing the lives of billions. As societies increasingly shift from physical infrastructure to accessible virtual ecosystems, the internet has become indispensable. It facilitates everyday activities such as shopping, communication, and entertainment while also supporting sophisticated functions including financial transactions, governance, and critical infrastructure management.
Despite enabling connectivity beyond territorial boundaries, the internet has simultaneously created a space where personal privacy is increasingly vulnerable. The latest Global Risks Report published by the World Economic Forum identifies cybercrime and the adverse consequences of artificial intelligence among the world’s most significant emerging concerns. These developments underscore the necessity of establishing robust regulatory frameworks capable of protecting internet users.
The challenge, however, lies in the inherently borderless nature of cyberspace. Cyber offences are frequently committed by actors operating outside the territorial jurisdiction where the harm occurs. Consequently, even the most comprehensive domestic legal frameworks face limitations when dealing with transnational cybercrime.
In India, cyber offences are principally governed by the Information Technology Act, 2000. Section 75 of the Act extends extraterritorial jurisdiction to offences committed outside India if the act involves a computer, computer system, or computer network located within India. Although this provision theoretically empowers Indian courts to adjudicate matters involving foreign nationals, its effectiveness remains limited without international cooperation mechanisms capable of facilitating investigation, evidence collection, and enforcement.
Accordingly, meaningful responses to cybercrime require not merely domestic legislation but international consensus and coordinated legal frameworks.
India’s Current Strategy
Cybercrime has emerged as a significant concern in India. According to official statistics, more than one lakh cybercrime cases were registered in 2024, reflecting a substantial increase over the previous year. Moreover, senior officials associated with the Indian Cyber Crime Coordination Centre (I4C) have observed that a considerable proportion of cybercrime incidents affecting India involve transnational elements, particularly connections with Southeast Asian jurisdictions.
To address these challenges, India has relied extensively on Mutual Legal Assistance Treaties (MLATs). These treaties facilitate cooperation between states in areas such as evidence collection, service of judicial documents, and criminal investigations. India currently maintains MLAT arrangements with numerous countries across Asia, Europe, Africa, and the Americas.
However, the effectiveness of MLATs remains questionable. Requests often involve lengthy bureaucratic processes, resulting in significant delays. In many cases, evidence may be altered, deleted, or rendered inaccessible before requests are processed. Furthermore, India lacks MLAT arrangements with several jurisdictions frequently associated with cybercrime activities, including certain major source countries. Cooperation in such instances often depends upon non-binding Memoranda of Understanding, which provide limited legal certainty and enforceability.
India has also pursued bilateral cybersecurity partnerships with technologically advanced nations such as Israel and Russia. Recent initiatives, including proposals for an India-Israel Centre of Excellence in Cybersecurity, demonstrate a growing emphasis on technological cooperation and capacity building.
While such bilateral arrangements strengthen cybersecurity preparedness, they cannot independently address the jurisdictional complexities of transnational cybercrime. Technological solutions alone are insufficient when legal authority, evidence collection, and prosecution require cooperation across multiple sovereign jurisdictions.
These limitations highlight the need for broader international legal frameworks capable of facilitating effective cooperation and harmonising cybercrime responses across borders.
The Budapest Convention on Cybercrime
The Budapest Convention on Cybercrime, adopted in 2001 under the auspices of the Council of Europe, represents the first binding international treaty specifically designed to address cybercrime. Its principal objectives include harmonising domestic cybercrime laws, improving investigative techniques, and facilitating international cooperation.
Given the transnational nature of cyberspace, determining where a cyber offence has occurred can be exceptionally difficult. Data may originate in one jurisdiction, be hosted in another, and cause harm in a third. The Budapest Convention attempts to address these complexities through coordinated legal standards and cooperation mechanisms.
Although originally developed within a European framework, the Convention is open to accession by non-European states under Article 37. Consequently, several countries beyond Europe have joined the Convention over time.
Nevertheless, important countries including India, Russia, and China have consistently declined to accede to the treaty. India’s reluctance is particularly significant given its status as both a major victim of cybercrime and an increasingly important digital economy.
A central concern relates to Article 32 of the Convention, which permits certain forms of cross-border access to publicly available data without requiring prior authorisation from another state. Indian stakeholders have repeatedly expressed concerns that such provisions may compromise national sovereignty.
Additionally, India has highlighted the absence of an explicit reciprocity requirement in certain cooperation mechanisms. Since reciprocity remains a foundational principle in international legal assistance processes, including the issuance of Letters Rogatory, these concerns have contributed significantly to India’s hesitation regarding accession.
The United Nations Convention Against Cybercrime (Hanoi Convention)
Over the past two decades, technological developments have transformed both legitimate digital activity and cybercriminal methods. Cybercrime has evolved from isolated offences into sophisticated transnational operations involving organised criminal networks, artificial intelligence, and advanced technological tools.
Recognising these developments, the United Nations General Assembly adopted the United Nations Convention against Cybercrime on 24 December 2024, commonly referred to as the Hanoi Convention. The Convention represents the first legally binding United Nations treaty specifically focused on cybercrime and international cooperation in digital investigations.
Under Article 65, the Convention will enter into force following the deposit of the fortieth instrument of ratification, acceptance, approval, or accession. Until that threshold is reached, the treaty remains inactive despite attracting a significant number of signatories.
The Convention has nevertheless generated considerable debate. Critics have raised concerns regarding potential implications for human rights, privacy, and freedom of expression. At the same time, supporters view it as an opportunity to establish a truly global framework capable of addressing contemporary cybercrime challenges.
Practical Advantages over the Budapest Convention
A significant distinction between the Budapest Convention and the Hanoi Convention lies in their respective foundations.
The Budapest Convention was drafted primarily within a European institutional framework and is often perceived as reflecting Western legal priorities. By contrast, the Hanoi Convention emerged through a United Nations process involving broader participation from developing countries and non-Western states.
The Convention adopts technologically neutral language, focusing on unlawful conduct rather than specific methods used to commit offences. This approach enhances its adaptability to future technological developments.
Such neutrality is particularly important in the age of artificial intelligence. By criminalising conduct rather than technological mechanisms, the Convention retains relevance regardless of whether offences are committed through conventional digital means or AI-enabled systems. This characteristic arguably makes the framework more resilient to future technological change.
Another practical advantage is its compatibility with recent legislative reforms in India’s criminal justice system, particularly the Bharatiya Nagarik Suraksha Sanhita (BNSS). Such alignment facilitates greater harmony between domestic and international legal frameworks.
Additionally, Articles 54 and 56 encourage developed countries to support developing nations through technical assistance, capacity-building initiatives, and technology transfer. These provisions may assist countries such as India in strengthening cybersecurity infrastructure and investigative capabilities.
Should India Pursue the Hanoi Convention or the Budapest Convention?
Considering current geopolitical and legal realities, India appears more likely to support the United Nations Convention against Cybercrime than the Budapest Convention.
Although concerns regarding privacy and human rights remain important, the Hanoi Convention offers several advantages that align with India’s strategic interests. The Convention’s broader international legitimacy, emphasis on sovereignty, compatibility with domestic reforms, and technologically neutral drafting make it a more attractive option.
Furthermore, India’s influence within multilateral United Nations processes provides opportunities to shape the future interpretation and implementation of the Convention in ways that protect national interests.
Perhaps most importantly, the Convention’s focus on conduct rather than technological methods provides an adaptable framework capable of addressing emerging threats, including those enabled by artificial intelligence. This feature enhances its potential as a future-proof legal instrument in an increasingly dynamic digital environment.
For these reasons, the Hanoi Convention currently appears to offer India the most practical avenue for achieving meaningful international consensus on cybercrime governance.
Conclusion
The borderless nature of cybercrime has exposed the limitations of traditional territorial legal frameworks. While Section 75 of the Information Technology Act, 2000 provides a basis for asserting extraterritorial jurisdiction, its practical effectiveness remains dependent upon international cooperation.
India’s existing reliance on MLATs, bilateral arrangements, and non-binding Memoranda of Understanding has produced mixed results. Delays, jurisdictional barriers, and limited enforcement mechanisms continue to hinder effective responses to transnational cybercrime.
The Hanoi Convention offers an alternative model based on broader multilateral participation, greater sensitivity to national sovereignty, and adaptability to emerging technologies. Its compatibility with recent domestic legal reforms further strengthens its relevance for India.
As cybercrime continues to evolve alongside artificial intelligence and increasingly sophisticated digital technologies, India requires legal frameworks that extend beyond symbolic commitments and fragmented cooperation mechanisms. The transition from isolated arrangements towards a comprehensive multilateral approach may provide the foundation necessary for building a safer, more secure, and more reliable digital ecosystem.
Disclaimer: The views expressed in this article are those of the author and do not necessarily reflect the views of The Lawscape.
The Lawscape — clear, practical legal insight for students and future lawyers.
