CYBERCRIME AND THE EROSION OF MULTILATERAL GOVERNANCE
The signing of the United Nations Convention against Cybercrime in 2025 was meant to signal progress in an area long marked by fragmentation. Instead, it has exposed the deep fractures shaping global governance in the digital age. That several major democracies — including India, the United States, Japan and Canada — chose not to sign the Convention underscores the difficulty of building consensus on cyberspace regulation at a time when geopolitical rivalry, technological asymmetry, and institutional distrust dominate international relations.
On paper, the Convention represents the first multilateral criminal justice instrument on cybercrime negotiated in over two decades. In practice, it reflects the limits of contemporary multilateralism. The fact that it secured the support of only 72 countries, despite years of negotiation, signals not merely disagreement over text but a deeper crisis in how global rules are made, implemented, and enforced.
Competing Frameworks and Strategic Distrust
The roots of this impasse lie in competing visions of cyber governance. For years, global cybercrime regulation revolved around the Budapest Convention, a European-led framework that excluded Russia and China and limited accession to invited states. Moscow and Beijing viewed this arrangement as exclusionary and sought to reshape the global order through a UN-led process that was formally inclusive.
Yet inclusion did not translate into convergence. While Russia and China pushed for broader definitions of cybercrime, Western states and civil society actors warned that vague formulations could be weaponised by authoritarian regimes to criminalise dissent, journalism, and political opposition. The Americans remained sceptical of the Convention’s origins and intent, while Europeans supported it largely because it mirrored existing Budapest standards and allowed them early influence in implementation.
India’s reluctance to sign reflects a different calculation. Unlike the Budapest Convention, New Delhi actively participated in negotiations, seeking stronger safeguards for data sovereignty and institutional autonomy. When these proposals failed to find place in the final text, India withheld endorsement. This hesitation is emblematic of a broader erosion of India’s influence in global rulemaking over the last two decades, particularly compared to its leadership role in early climate negotiations.
What emerges is not a binary divide between East and West, but a complex web of overlapping alignments. Even plurilateral groupings such as the Quad or intelligence-sharing arrangements like the Five Eyes reveal internal differences on cyber governance, underscoring how technological regulation resists neat geopolitical categorisation.
Principles, Practice, and the Illusion of Consensus
At the heart of the Convention lies a familiar dilemma: agreement on abstract principles masking divergence in implementation. The definition of cybercrime adopted is broad, leaving significant discretion to domestic authorities. Procedural safeguards, including judicial oversight, are tethered to national legal systems, producing uneven protection of civil liberties across signatories.
This principles–practice gap is not unique to cyber law but is particularly dangerous in digital governance, where enforcement tools are powerful and opaque. India’s own regulatory trajectory illustrates this tension. Recent rulemaking efforts on watermarking AI-generated content invoke the universally accepted principle of user safety, yet propose compliance mechanisms that place disproportionate burdens on private platforms. The result is prescriptive regulation that stretches the very principles it claims to uphold.
Such contradictions highlight a core weakness of contemporary multilateralism: consensus is easier to achieve at the level of norms than at the level of enforceable, rights-respecting practice. As a result, international agreements risk becoming symbolic frameworks that legitimise divergent domestic actions rather than constrain them.
Polycentrism and the Burden on the State
The cybercrime debate unfolds against a backdrop of broader global governance breakdown. The weakening of the UN system, paralysis of the Security Council, and long-standing dysfunction of the World Trade Organization’s dispute settlement mechanism have pushed international cooperation towards smaller, issue-specific groupings. Multilateralism increasingly operates at the level of principles, while delivery shifts to bilateral or plurilateral arrangements.
This polycentric order poses particular challenges for countries like India. While there is near-universal agreement that cross-border data flows should occur among trusted partners, institutional mechanisms to operationalise this remain underdeveloped. Cybercrime governance, like data governance, now depends on overlapping forums with inconsistent mandates and limited coordination.
For India, the cost of this fragmentation is high. Retaining institutional autonomy while engaging effectively across multiple governance layers requires significant technical capacity, regulatory coherence, and diplomatic agility. Domestically, it demands parallel reforms in criminal law, digital regulation, and administrative capability. Internationally, it requires sustained engagement across competing platforms without overreliance on any single framework.
The UN Convention on Cybercrime thus stands less as a solution than as a symptom. It reveals a world struggling to govern technology through institutions designed for a different era. Whether India can navigate this environment will depend not on formal signatures alone, but on its ability to build capacity, shape norms, and act decisively in a governance landscape that is increasingly fragmented and unforgiving.
Tags: cybercrime, global governance, UN Convention, cyberspace regulation, digital sovereignty, multilateralism, international law, current affairs
Sources:
- https://www.thehindu.com/opinion/op-ed/cybercrime-and-thecrisis-of-global-governance/article70553038.ece
- https://link.springer.com/article/10.1186/s40711-025-00252-0