From Budapest to Hanoi: Combatting cybercrime to build trust in the digital transformation

When we open an email, shop online, or connect with friends on social media, we rarely think about international treaties. Yet behind the scenes, these legal agreements can determine whether law enforcement authorities are able to cooperate across borders to stop cybercriminals. 

This month, governments from around the world will gather in Hanoi, Viet Nam to sign the first-ever United Nations Convention against Cybercrime—a journey that began decades ago and is now reaching the global stage. 

If backed by robust implementation support, this agreement could contribute to unlock the promise of the digital age–empowering people to seize online opportunities without looking over their shoulder for fraud, abuse, or harm.

International cooperation is essential to combatting cybercrime

Without common definitions and tools—like mutual legal assistance—efforts to combating cybercrime would fall short, eroding online safety. The “Hanoi Convention” builds on more than two decades of international initiatives to streamline judicial and law-enforcement cooperation against cybercrime.

The Budapest Convention on Cybercrime, adopted in 2001, established the first binding international framework in this field. It provided a common definition of what constitutes cybercrime, strengthened investigative powers and made it easier for countries to cooperate across borders, while also protecting human rights through robust safeguards. Today, more than 80 countries are parties to the Budapest Convention, and about half are from outside Europe. It demonstrates that the need for digital trust transcends regional boundaries.

Since then, other regions have developed common legal frameworks to address cybercrime, such as the African Union Convention on Cybersecurity and Personal Data Protection (Malabo Convention). Four other international agreements on cybercrime are currently in force*.  

Together, these frameworks have created a growing base of shared rules and practical experience. The UN convention draws on these lessons while offering, for the first time, a universal legal platform to fight cybercrime. It also creates new provisions, including for the recovery of stolen digital assets. At the same time, the UN convention is not without debate. For instance, some experts argue that it could benefit from stronger safeguards for human rights such as privacy.

From adoption to implementation

Signing a treaty is the first step but what really determines impact is implementation. First, countries must update their national laws so that crimes defined internationally can be prosecuted at home. Investigators, prosecutors and judges also need to be trained and equipped with the right tools to apply the law. Institutions such as Computer Security Incident Response Teams (CSIRTs), the digital equivalent of firefighters, must be adequately resourced to be able to cooperate effectively with each other.

This is where the World Bank can contribute as a development partner. We help governments translate international commitments into effective safeguards, through financing, technical support, capacity building and knowledge sharing.  

In Bangladesh, Bhutan and Ghana, we helped the government establish their national CSIRT with dedicated financing and technical assistance.  

The World Bank Toolkit on Combatting Cybercrime provides guidance on international good practices, as well as an online assessment tool that supports countries in identifying priority areas for capacity-building.  

The webinar we hosted earlier this year was an opportunity for key experts from the World Bank, UNODC, the Council of Europe and the African Union to share lessons learned on implementation across regions.

Delivering on digital resilience

Ultimately, the journey “from Budapest to Hanoi” is less about treaties than it is about people and resilience. It is about whether a student in Dakar can take online classes without fear of their data being stolen, or whether a small business in Tashkent can expand through e-commerce with confidence.

Of course, legal frameworks against cybercrime are just one piece of the puzzle. Enhancing cyber resilience also requires developing an effective national cybersecurity strategy. It means investing in “security-by-design” for Digital Public Infrastructure (DPI)—think of multi-factor authentication for digital IDs and payment systems. In addition, it requires protecting essential sectors (such as energy and healthcare) and building institutional capacity to detect, respond, and quickly recover from cybersecurity incidents.

The signing of the UN Convention against Cybercrime in Hanoi will certainly be a milestone. But the journey does not end there. Implementation will be the true measure of success, and development partners have a key role to play in supporting this process. While international agreements set the stage, national uptake and local action will determine whether they deliver.

*The ECOWAS Directive on Fighting Cybercrime, the Commonwealth of Independent States Agreement, the Shanghai Cooperation Organization Agreement, and the League of Arab States Convention on Combating Information Technology Offences.