Opening session (2 September, 09:00, Hemicycle)

opening speech by Gianluca Esposito, Director General

Distinguished guests,

Dear participants,

Ladies and gentlemen,

Welcome to the 2025 edition of the Underground Economy Conference,

I am very happy to open this important event, hosted for the fifth time by the Council of Europe here in the historic hemicycle room.

I would like to extend the Council of Europe’s sincere appreciation to our longstanding partners at Team Cymru for the excellent co-operation in the organisation of this event.

This conference remains a cornerstone of our shared mission to foster meaningful engagement between criminal justice practitioners, the cybersecurity industry, the private sector and academia. The aim is an efficient global response against cybercrime. By bringing these communities together, the conference creates a platform for dialogue, strategic and operational co-operation, and the development of concrete, cross-sector solutions to one of the defining threats of our time: cybercrime.

The Underground Economy Conference has evolved over the years into a prime venue for showcasing impactful cross-border operations, sharing insights from landmark investigations, and exploring advanced investigative forensic tools and techniques.

It has also served to strengthen international and inter-agency co-operation, which is an essential pillar in the fight against cybercrime.

This year, that momentum is continuing. With more than 80 workshops, presentations and practitioner-led sessions, delegates will delve into evolving threat landscapes, new investigative tools and the deepening role of public-private partnerships.

The strong interest from online and technology providers attending reflects a growing consensus: co-operation is not optional, it is indispensable.

Cybercrime is no longer confined to traditional offences such as hacking or online fraud. It has become a transversal threat that intersects with nearly every form of serious criminal activity, from terrorism and organised crime to human trafficking, child exploitation and drug trafficking.

Digital tools are increasingly exploited to plan, facilitate and conceal illicit activities, blurring the boundaries between online and offline threats.

Moreover, cybercrime strikes not only at infrastructure, but also at the core values of democratic societies, human rights, public trust and the rule of law. From ransomware campaigns to online disinformation and interference in democratic processes, the consequences are profound and far-reaching.

Electronic evidence - whether stored on mobile devices, cloud servers, or dispersed across jurisdictions - is now critical in investigating and prosecuting virtually all serious crimes. Data such as communications, location tracking, online transactions, and metadata can reveal key insights into criminal activities and networks.

Yet the volatile, borderless and technically complex nature of e-evidence poses persistent challenges. Ensuring timely access, admissibility and preservation of such evidence requires robust domestic legislation, interoperable legal frameworks and sustained capacity building, especially in cross-border contexts.

Moreover, election interference and disinformation campaigns pose growing threats to democracy. These challenges require adapting electoral laws to the realities of the digital age, including rules around political advertising and campaign financing.

The tools provided by the Convention on Cybercrime, also known as Budapest Convention, and its Protocols can support investigations and prosecutions in cases of interference.

However, such responses must be carefully designed to uphold freedom of expression and align with general human rights standards of legality, necessity and proportionality.

Only by balancing democratic integrity with fundamental freedoms can we build resilient electoral systems and public trust.

Adding another layer of complexity, is the increasing intersection between AI and cybercrime. AI is now leveraged both as a weapon by offenders and a tool by law enforcement to detect and investigate crimes.

This dual-use raises pressing legal and ethical questions: how do we apply existing criminal laws to AI-generated threats? Are our domestic legal frameworks equipped to respond? Do we risk unintentionally undermining our existing rules and principles by using the technologies that we are at the same time up against in the fight on serious crime?

The Council of Europe’s Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law lays down common principles to guide the development and use of AI in a way that is ethical, human-centered and respectful of fundamental rights.

It provides a legal framework for state parties to ensure accountability, transparency and non-discrimination in AI systems. The aim of this first-of-its-kind international treaty is to ensure that AI technologies serve the public interest and uphold democratic values, including across borders.

Furthermore, in response to AI and cybercrime, the Council of Europe Cybercrime Convention Committee, the T-CY, has established a Working Group on Artificial Intelligence to explore these issues, so as to offer practical guidance on adapting legal systems and investigative practices. Capacity building must keep pace to ensure that justice systems remain capable and accountable in this rapidly evolving environment.

Meanwhile, the misuse of virtual assets continues to expand and accelerate. From ransomware payments to crypto laundering, cybercriminals exploit digital currencies to finance and obscure their activities.

This trend underscores the urgent need for strengthened co-operation between criminal justice authorities, virtual asset service providers, and financial intelligence units. The T-CY’s mapping study on applying the Budapest Convention to virtual assets is a timely initiative.

Ensuring that tools like search, seizure and confiscation are adapted and consistently applied is also crucial. Encouragingly, increased VASP co-operation, growing compliance and deepening international partnerships are making progress despite significant legal and jurisdictional hurdles.

Another area demanding urgent action is the fight against cyberviolence, especially the non-consensual dissemination of intimate images. Addressing this form of abuse requires harmonised legal frameworks that criminalise non-consensual dissemination of intimate images in line with international standards, while ensuring proportionate and survivor-centered justice.

Authorities must be equipped with the tools to investigate and prosecute these offences effectively. Co-operation with online platforms is essential to ensure swift content removal, evidence preservation and legal enforcement. That kind of co-ordinated approach helps to protect victims, while balancing due process and fundamental rights.

These challenges are further magnified in times of conflict. This conference takes place amid the ongoing war of aggression of the Russian Federation against Ukraine, a conflict that has been accompanied by waves of cyber-attacks and digital warfare. Cyber operations have extended beyond criminal conduct, becoming weapons of war.

We are seeing how such attacks may constitute war crimes, with electronic evidence playing a crucial role in ensuring accountability. The Council of Europe Action Plan for Ukraine 2023-2026 includes cybercrime and e-evidence among its priorities . Through this action we are assisting Ukraine in the defence against cyber-attacks, securing e-evidence and training magistrates on how to use electronic evidence in the investigation and prosecution of war crimes. Continued international support is essential to upholding justice and international law in times of war. 

The Cybercrime Convention provides a vital framework for cross-border co-operation and evidence sharing in these extraordinary circumstances. Its global reach continues to expand, with 80 States now having acceded to it, and more expected to follow.  I welcome New-Zealand accession on 1 December 2025.

Its Second Additional Protocol, opened for signature in 2022, represents a major step forward by introducing new tools for cross-border access to electronic evidence, emergency co-operation procedures and partnerships with service providers. With 51 countries having already signed it, we are working with the relevant national authorities to implement it, such as through legislative reforms.

Among its many innovations, the Protocol allows for direct co-operation with service providers to obtain domain registration and subscriber data, bypassing what may be insufficiently fast mutual legal assistance channels. These enhancements make the Protocol a vital instrument in modern cybercrime investigations.

With a view to ensuring the necessary sustainability of these global efforts, the Council of Europe established the Cybercrime Programme Office in Bucharest in 2014. Since then, the cybercrime team has delivered more than 2400 capacity building activities, benefiting some 140 countries, and aimed at developing legislation, training professionals, and fostering international co-operation.

The 2025 Octopus Conference stands as a powerful example of capacity building in action. Held this June in Strasbourg, the event convened over 500 cybercrime experts from more than 100 countries, spanning governments, international organisations, the private sector, civil society, and academia.

The overarching message of the Octopus Conference 2025 was clear: strengthened international co-operation, supported by robust legal frameworks and operational capacity, is essential for achieving justice in the digital age.

As we look ahead, additional instruments will soon complement the existing frameworks. The United Nations treaty against cybercrime, expected to be open for signature in Hanoi in October 2025, will offer a new avenue for co-operation with countries not Parties to the Budapest Convention. Governments are encouraged to sign and implement this new treaty in ways consistent with the Budapest Convention and its safeguards so as to ensure harmonised and rights-based global responses to cybercrime.

I wish to underline in closing that we should remember that cybercrime is not an isolated threat. It is a global challenge with serious consequences for individuals, families, business and many areas of our societies. It also increasingly affects the integrity of our democratic processes and the trust of the public in those processes.

The Underground Economy Conference is more than an annual event, it is a manifestation of our collective commitment to justice, the rule of law and digital security. Let us use this week to deepen our co-operation, expand our understanding of the issues, and look at what kind of action we can take going forward.

On behalf of the Council of Europe, I wish you an enjoyable and productive conference.

Thank you.