The Second Additional Protocol to the Convention on Cybercrime (Budapest Convention), on enhanced co-operation and disclosure of electronic evidence, was opened for signature on 12 May in Strasbourg, France within the framework of a hybrid international conference (www.coe.int/cyber2AP) organised jointly with the Italian Presidency of the Council of Europe Committee of Ministers. Around 250 participants from about 75 countries attended the event in person, while 130 followed online.
The new Protocol was signed on 12 May by ministers, ambassadors and senior officials from 22 Parties to the Convention: Austria, Belgium, Bulgaria, Chile, Colombia, Estonia, Finland, Iceland, Italy, Japan, Lithuania, Luxembourg, Montenegro, Morocco, Netherlands, North Macedonia, Portugal, Romania, Serbia, Spain, Sweden and the United States of America. A strong commitment to sign and ratify the Second Additional Protocol was expressed by numerous other delegates attending the event in Strasbourg.
“Cybercrime is growing and changing at an increasing rate. It disrupts everything from businesses to hospitals to the critical infrastructure we all depend on. Today, we are making a major contribution to the worldwide effort to fight online crime. The Second Protocol brings the Budapest Convention up to date with current, technological challenges, so that it remains the most relevant and effective international framework for combating cybercrime in the years ahead. It is the gateway to a safer, more secure future,” said the Secretary General Marija Pejčinović Burić.
“The use of ICT (Information and Communication Technologies) by organised crime in all “sectors” (sexual exploitation, drug trafficking, smuggling, terrorism) represents a further challenge for our judicial authorities and for our institutions. Our governments must respond properly and effectively to all those crimes, in line with the technological evolution. The Second Additional Protocol, therefore, responds to the need for greater and more efficient co-operation between States and between the States and the private sector, clarifying the cases in which the “service providers” will be able to provide the data in their possession directly to the competent authorities of other countries. The relevance of this Protocol is a hope for the victims of cybercrime,” said Justice Minister of Italy, Marta Cartabia.
As pointed out by the Secretary General of the Council of Europe and a number of other speakers, the event was overshadowed by the war of aggression by the Russian regime against Ukraine. This aggression is accompanied by cyberattacks. While a distinction must be made between cybercrime as a matter of criminal justice and cyberattacks as a matter of international security, the means to investigate and attribute responsibility for such attacks are often similar, and criminal justice co-operation on cybercrime helps build confidence more broadly. Also, evidence of war crimes is often in digital form, which is now highly important in connection with the Russian aggression against Ukraine.
With the Second Additional Protocol a more effective criminal justice response to the question of cybercrime (attacks against and by means of computer systems) is expected, as well as to any crime that involves electronic evidence.
“The Second Additional Protocol provides the tools to deal more effectively with cybercrime and other offences involving electronic evidence. These tools will help protect society and individuals against crime, help victims obtain justice, and strengthen the rule of law. These tools are backed up by a strong system of safeguards, including for the protection of personal data. With these tools, the Internet can remain free, open and global, and sufficiently secure at the same time. With this Protocol the mechanism of the Convention on Cybercrime – the Convention with its Protocols, the Cybercrime Convention Committee (T-CY), and capacity buiding by C-PROC – will remain the most relevant international framework for a criminal justice response to cybercrime for many years to come,” said Alexander Seger, Head of the Cybercrime Division.