When we asked Betania Allo (Founder and Principal Consultant, BA Cyber Law & Policy) to share her perspective on the new UN Convention Against Cybercrime, she told us how it might align with existing cybersecurity agreements and regional differences in cyber law.
“Generally speaking, while international and regional frameworks provide a general structure, local regulations must be adapted to the specific legal, cultural, and technological contexts of each country,” Betania said. “Together with investment in capacity building, it ensures that the regulations are practical and enforceable.”
But when the convention must be integrated into national regulations in a localised way, how can we measure its success?
How do you perceive the alignment between the new UN Cybercrime Convention and existing regulations, like the EU’s AI Act, in addressing AI-driven cyber threats?
“Once ratified, the provisions of the Convention must be incorporated into the national legal framework. This involves drafting and enacting new laws or amending existing ones to align with the convention’s requirements. But what happens with existing legislation?
“Regional regulations, like the European Union’s AI Act, play a crucial role in complementing and enhancing the effectiveness of international instruments like the UN Cybercrime Convention. The AI Act is significant because it categorises AI systems into different risk levels, with stringent regulations for high-risk applications like deepfakes and autonomous cyber-attacks.
“This creates a robust legal framework that not only addresses AI-related threats but also sets a precedent for other regions and countries to follow.
“I also think that the EU has done it again by being at the forefront in regulating AI and providing a model for others, encouraging harmonisation of standards and practices across borders. This helps prevent regulatory gaps that could be exploited by cybercriminals, ensuring a more unified approach to tackling AI-driven cyber threats globally.
“The good news is that its provisions on AI-related crimes align with and support the goals of the UN Cybercrime Convention. By criminalising specific AI-driven activities, such as the non-consensual dissemination of intimate images through deepfakes, the AI Act strengthens the convention’s effectiveness at the local level.
“This alignment between regional and international regulations ensures that there are comprehensive measures in place to protect individuals and societies from the malicious use of AI technologies.”
How do we measure success, knowing that Member States will have to develop local regulations that reflect the goals of this Convention?
“The success of international conventions and regional regulations depends on the ability of each individual state to develop local regulations that reflect the spirits of these frameworks.
“Generally speaking, while international and regional frameworks provide a general structure, local regulations must be adapted to the specific legal, cultural, and technological contexts of each country. Together with investment in capacity building, it ensures that the regulations are practical and enforceable.
“Now, given the cross-border nature of cyber threats, international cooperation is essential. States must work together, sharing information and best practices, to address cybercrime effectively. This alignment ensures that evolving cyber threats are effectively managed at both the national and international levels, protecting individuals and promoting a safer global digital environment.
“States are encouraged to develop local regulations that embody the principles of these frameworks, fostering a cohesive and resilient response to the challenges of modern cybersecurity.”
Digital evidence is the cornerstone of cybercrime investigations. Why is it so crucial and what does the Convention reveal about this?
“The Convention represents a fundamental advancement in the global effort to address the complexities of cross-border digital evidence. It is particularly noteworthy for its attempts to create a cohesive and cooperative international framework that complements and enhances existing local and regional regulations.
“One of the most important advances in the Convention is the establishment of comprehensive mechanisms for the mutual legal assistance (MLA) process in relation to cross-border digital evidence. Articles 28 to 30 discussed before are critical because they set out the procedures for obtaining and sharing digital evidence across national borders, ensuring that such processes are carried out in a manner consistent with international standards.
“The inclusion of these articles reflects a recognition of the need for greater international cooperation in cybercrime investigations, where evidence often spans multiple jurisdictions.
“Naturally, these advances are designed to complement and integrate with existing local and regional regulations. For instance, the European Union’s General Data Protection Regulation (GDPR) and the European Investigation Order (EIO) provide a robust framework for the protection of personal data and the sharing of evidence within the EU. The UN Convention builds on these principles by extending similar protections and cooperation mechanisms to a global scale. Upon ratification, the Convention’s provisions could enhance the effectiveness of these existing regulations by facilitating more streamlined and legally consistent cross-border evidence sharing.
“Other regions with their own legal frameworks would benefit from the Convention’s standardised procedures for handling cross-border data requests. The Convention also emphasises the importance of capacity-building and technical assistance, particularly for developing countries, to ensure that all Member States can effectively participate in and benefit from these advanced mechanisms.
“This focus on capacity-building is essential for bridging the gap between nations with varying levels of technological and legal infrastructure, fostering a more inclusive and effective global cybercrime response.”
P.S. - Mark your calendars for the return of Black Hat MEA in November 2024. Want to be a part of the action? Register now!