The Limits of Multilateral Legitimacy in the Age of Digital Repression

By Alliance for Vietnam’s Democracy

When the United Nations opened its new Convention on Cybercrime for signature in October 2025, it did so under the lofty banner of global cooperation against digital threats. The choice of Hanoi—a capital city emblematic of tight information control and state-led censorship—as host for the signing ceremony was already a cause for concern among many civil society observers. The treaty’s leading proponents, the Socialist Republic of Vietnam and the Russian Federation, have both long positioned themselves as defenders of “digital sovereignty,” a euphemism that often masks sweeping internet surveillance and the criminalization of dissent.

Despite the solemn rhetoric at the UN and the orchestrated enthusiasm at the Hanoi event, the treaty’s debut was marked by a conspicuous absence: a surprisingly low number of signatories. This lukewarm reception did not occur in a vacuum. Rather, it reflects a growing international anxiety about the erosion of human rights under the guise of multilateral legal frameworks, particularly in the cyber domain.

A Familiar Pattern: From Migrant Rights to Digital Rights

This phenomenon is not without precedent. In 1990, the United Nations adopted the International Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families (MWC), addressing a deeply urgent issue in the global economy. And yet, over three decades later, the MWC remains the least-ratified of all core human rights treaties. As of 2021, only 56 countries had ratified it—mostly countries of origin, not destination. Major economies and host states, concerned about sovereignty, legal obligations, and immigration control, stayed away.

The fate of the MWC offers a cautionary lesson for the UN Cybercrime Convention. Although the treaty addresses a seemingly universal concern—cybercrime—it has thus far failed to generate broad international trust. With only 65 states signing at its launch, the Convention risks following the MWC’s path: an early show of limited support, followed by prolonged stagnation in ratification, particularly among democratic nations that maintain higher standards for civil liberties, privacy protections, and judicial oversight.

A Treaty of High Ambition, Low Trust

In theory, the Convention aspires to unify global efforts against serious cyber offenses, including hacking, fraud, child exploitation, and the misuse of digital platforms for organized crime. However, the devil lies in the implementation—and in the treaty’s vague language and permissive architecture.

Many states and civil society coalitions have raised the alarm. Broadly defined offenses, such as “propaganda” or “serious crimes” involving digital evidence, create the risk that governments may exploit the treaty to pursue peaceful dissenters and exiled critics. Articles 22 and 35, in particular, expand extraterritorial powers and mandate cross-border cooperation without requiring that offenses be cyber-specific or universally recognized as crimes. This opens the door for politically motivated surveillance, extradition, and digital censorship under the thin veil of legality.

These concerns are not theoretical. In recent years, authoritarian regimes have used domestic cybersecurity laws to detain online dissidents, silence journalists, and demand that tech platforms hand over user data without due process. Vietnam’s 2018 Law on Cybersecurity stands as a textbook case, allowing security forces—without judicial review—to compel global platforms to remove content and disclose private data. That very model now risks being exported globally through the UN treaty, with the stamp of multilateral legitimacy.

Why the World Isn’t Signing On

Despite vigorous lobbying from its principal sponsors, the UN Cybercrime Convention has struggled to gain meaningful momentum. Its reception on the international stage has been cautious at best—reflecting a constellation of concerns that transcend politics and strike at the core of global legal trust.

Foremost among these concerns is a profound deficit of trust. The leading champions of the treaty—most notably the Russian Federation and the Socialist Republic of Vietnam—possess some of the worst records in the world when it comes to freedom of expression, respect for privacy, and adherence to due process. When regimes with long histories of repressing digital dissent take center stage in shaping global legal frameworks for cyberspace, other governments cannot help but ask: Cui bono? Who benefits?

Compounding this unease is the absence of credible oversight mechanisms. Unlike established international human rights instruments, the treaty lacks any independent supervisory body. There is no requirement to notify individuals who may be targeted under its provisions, nor is there any pathway for legal redress if these expansive powers are misapplied. This institutional vacuum marks a significant departure from global norms of transparency and accountability.

Furthermore, the treaty faces serious headwinds at the domestic level, particularly in democratic nations. In these systems, ratification requires not only parliamentary approval, but also alignment with constitutional safeguards and national legal frameworks. The burden of legal reform is steep—and civil liberties groups, digital rights advocates, and segments of the technology industry are already mobilizing in opposition, warning that the treaty could endanger fundamental rights online.

There is also a deeper normative rift at play. States remain divided over the very purpose of cyber governance. Some see it primarily as a tool of state control—an instrument to monitor populations and suppress dissent. Others believe cyberspace must be protected as a domain for innovation, free expression, and human rights. The treaty, as currently drafted, fails to reconcile this divide. Instead, it appears to lean toward legitimizing digital authoritarianism.

In sum, the world’s hesitancy to embrace the UN Cybercrime Convention is neither accidental nor unfounded. It reflects principled resistance to a legal instrument that—if adopted without reform—could do more to empower authoritarian surveillance than to curb genuine cybercrime.

What Kind of Internet Will the UN Endorse?

The stakes could not be higher. A treaty of this magnitude, if ratified and weaponized by repressive regimes, risks entrenching an illiberal digital order. Instead of empowering cooperation to combat true cybercrime, it may facilitate the criminalization of peaceful expression, the global reach of state censorship, and the persecution of activists in exile.

Advocates for democracy and human rights have recognized this danger early. Legal analyses and advocacy briefings—some quietly circulated by transnational pro-democracy networks such as the Alliance for Vietnam’s Democracy—have drawn attention to the Convention’s most vulnerable provisions. These efforts aim to push democratic governments to issue binding interpretive declarations, opt out of abusive clauses, and condition ratification on the establishment of human rights safeguards.

This is not merely a legal debate; it is a defining moment for the future of the internet. If the United Nations lends its name to a treaty that enables repression under the guise of cyber cooperation, it will forfeit its credibility as a guardian of human rights in the digital age. That is why many in the international community, from elected officials to human rights lawyers to dissident-led organizations, are calling for a pause—a moment to reflect, revise, and resist.

What Counts Is Not the Ceremony, But the Consequence

The Hanoi ceremony may have produced headlines and handshakes. But ceremonies do not equate to consensus—and signatures do not guarantee ratification. The real measure of this treaty’s legitimacy will not be how many diplomats inked it in October 2025, but how many parliaments ratify it with meaningful safeguards, and how many governments apply it in ways that protect—not punish—human dignity online.

As history has shown, treaty-making is not a mere technical exercise. It is a political act that reflects values, trust, and long-term vision. In the end, the Convention on Cybercrime will either stand as a bulwark against digital chaos—or as a monument to the failure of global governance in the face of authoritarian opportunism. Whether the world walks the former path or the latter depends, in no small part, on whether civil society continues to speak truth to power—and whether democratic states listen.

Published 14 November 2025

---

About the Organization