Should India be a signatory to the Budapest Convention? A Way Forward

Authored by Rimsha Riyaz, Student at JLU School of Law, Bhopal


Along with the growth of technology and the enhanced role of the internet in the daily life of an individual, is the ever-increasing number of cybercrimes in the world today. As more and more tasks of people are done via the internet like mailing, social networking, researching, shopping, transactions, banking, dating, etc., crimes committed via the Internet are increasing in the manifold, Unfortunately, the facilities the internet provides, are accompanied by the risk of cybercrimes. The internet has made the world a global village where people across the globe are connected and hence, crimes committed are no longer country-specific. This called for a convention to regulate cybercrimes and tackle them on an international level. Thus, the Council of Europe had drawn up the Council of Europe Convention on Cybercrime in Strasbourg, France. It is the only binding international treaty that seeks to address the issue of cybercrimes, improve national laws and investigation techniques, and foster cooperation among nations. [1] The treaty was signed in Budapest, Hungary by the members of the Council of Europe along with its observers like Canada, Japan, the Philippines, South Africa, and the United States of America. A total of sixty-six countries are parties to the treaty. However, countries like Brazil and India, Russia, and China have not signed the treaty due to their concerns related to the treaty. [2]

This article will highlight the significance of the Budapest Convention. It will also brief the readers about the condition of cybercrimes in India and the laws regulating it. Furthermore, it will analyze India’s stand on the said Convention, as well as its concerns and challenges, in order to determine whether or not India should sign it.

Significance of the Convention

The Budapest Convention came into force in 2004. Since then, the vulnerability of nations to cybercrimes has increased considerably. Thus, the Budapest convention sought to bring nations together to combat cybercrime and harmonize cyber laws. The Convention has set out an international framework that aligns laws of member countries covering cybercrimes, to secure lawful access to electronic evidence. It puts forward basic policies and each member has to balance the implementation of those policies with its domestic security law. It plays a significant role in cross-border investigations without leading to a deadlock over the laws of the respective countries. What makes the convention a common platform for the countries involved, is its binding nature. The provisions of the treaty are equally binding on all signatories making sure that all of them are on the same page and data is exchanged in an unbiased manner.

The parties shall cooperate to the “widest extent possible for the purpose of investigations and accessing evidence”. [3] The cooperation of countries has enabled sharing of data across borders by signing the Mutual Legal Assistance Treaty (MLAT). The treaty allows the exchange of evidence and information about criminal matters among member states. It is a bilateral agreement for easier access to information and extradition of criminals that curb international crimes like terrorism. The MLATs between the signatories of the Budapest Convention also cover cybercrimes and enable the transmission of electronic evidence and information for wider usage. If an MLAT has not been signed between parties, then the requested party may exchange information on the condition that the data shall remain confidential and its usage is limited to the purpose specified in the request. [4]

The treaty which is almost two decades old has proved to be insufficient for the current age, given the technological advances like the internet of things, cloud computing since then. Hence, some countries are coming up with their bilateral agreements to fight cybercrime, for instance, the CLOUD Act of the United States and COPOA Act of the United Kingdom. [5]However, bilateral agreements between nations prove to be insufficient when cybercrimes involve a number of countries as service providers are distributed worldwide and servers are obtained from many sources. Thus, an international treaty is preferable because of its larger outreach. 

Cybercrimes in India and Laws regulating them

Cybercrimes are a challenge for every nation and India is no exception. Cybercrimes in India are of two types:

  • Where the computer is a target: these include hacking, virus or worms attack, DOS attacks, etc.
  • Where the computer is a weapon: these include cyber terrorism, IPR fraud, credit card frauds, pornography, etc. [6]

The National Crime Records Bureau (NCRB), the government agency that analyses crime data, showed a 63.5% increase in cybercrimes in 2019 than in 2018.[7]  The data stated that the maximum number of cybercrimes were computer-related offenses under section 66 of the IT Act, 2000 [8]. Cybercrimes in India are regulated by the Information Technology Act, 2000 that contains provisions regarding cyber and IT laws in India. The IT Act, 2000 also regulates breach of privacy by disclosing personal information punishable under section 72A. [9] The IT Act, 2000 was amended with the cooperation of the Council of Europe in 2008, and hence, it covers a large number of cybercrimes mentioned in the Budapest Convention. Therefore, India’s cyberlaw has been in compliance with the provisions of the Budapest Convention substantially, even though India has not signed it. [10] However, the investigation of cybercrimes requires the collection of electronic evidence that has to be acquired from more than one source. With the introduction of cloud computing, where data is stored in the cloud and distributed to different services and locations, it is all the more difficult to access evidence. Thus, for tackling cybercrimes and acquiring evidence, cross-border exchange of information is necessary and hence, an international treaty is needed. India is confronted with these problems yet it has not decided to sign the Budapest Convention.

India’s stand on the Convention and Concerns

Although India was invited by the Council of Europe to sign the convention, India did not sign it. India is reluctant to sign the treaty due to some very grave concerns it has about the convention. One of the reasons for not signing the treaty is that India did not participate in the drafting of the treaty and hence should not sign it. The stakeholders feel that India’s priorities are not fully reflected in the treaty. However, this problem is not unique to India and India can prove to be helpful in the evolution of the treaty which can be done only by signing it.

Secondly, India has concerns over its national security. Article 32 of the Convention allows trans-border access to publicly available open-source data or data stored on a computer. The data stored on a computer can be accessed with the consent of the service provider companies, without involving the state and thus, violates the nation’s security. [11]

Thirdly, India refused to sign the treaty also because it felt that the MLAT of the Convention was not effective and the promise of cooperation was not firm enough. In 2014, a series of recommendations were made to address the issue by the Cloud Evidence Group. [12] Like all treaties, the Budapest Convention also has its shortcomings and there is always scope for improvement.

Lastly, India should support an UN-level treaty with a wider scope of cooperation and stronger backing. Though such a treaty is currently non-existent, efforts are being made by countries like China and Russia to come up with an UN-backed international anti-cybercrime treaty that protects the national sovereignty, human rights, and privacy of the citizens along with fighting cybercrime.[13]

To sign or not to sign?

India faces a dilemma, as it is confronted by the challenge of combating cybercrime yet it doesn’t want to sign the treaty. The question is should India sign the treaty. This question can be answered by answering the question: Do the benefits of signing the treaty outweigh the risks it poses? If the answer to this question is “yes”, then India should sign the treaty. Nonetheless, a firm answer to these questions may not be possible at a time when several measures to address the shortcomings of the treaty are underway. Even though the convention needs serious reforms, it would be incorrect to call it ineffective. The Budapest Convention is still the only legally binding anti-cybercrime treaty. Even if India stays aloof from the treaty, it still needs a bilateral agreement or an international treaty to facilitate the exchange of electronic evidence between countries to investigate cybercrime. Even if agreements cannot unite all countries in the world, they have a “significant potential for positive progress towards greater sufficiency and harmonization of national laws and in the long run enhanced international cooperation against a global challenge”. [14]

Conclusion and Way forward

As discussed before in the article, India desires a balance between the fight against cybercrime and protecting its national interests. India believes that the Budapest convention might not be able to address its concerns and India, by signing the treaty, would have to settle for a bargain. Though there is no clarity on how India will achieve better outcomes by not signing the treaty, India maintains its status as a non-member of the Budapest Convention and is looking out for alternatives elsewhere. This is evident from the fact that India voted in favor of the Russian-led UN resolution titled “Countering the use of information and communications technology for criminal purposes” that was passed in the United Nations General Assembly (UNGA). [15] However, many American and human rights groups are opposed to this resolution by calling it a promotion of ‘state-controlled internet’. Nevertheless, this resolution has tried to combat cybercrime and at the same time, resolve national security issues thereby favoring India’s interests.


[1] New Zealand Government Cybersecurity, What is the Budapest Convention?, p.179,

[2] Chart of signatures and ratifications,

[3]. Convention on Cybercrime, Article 23,

[4]. Article 28 of Convention on Cybercrime.

[5]. Dan Swinhoe, What you need to know about the US CLOUD Act and the UK COPOA Act,

[6]. Cyber laws of India,

[7]. Neeta Sharma, Digital India sees 63.5% increase in Cybercrime Cases, Shows data,

[8]. The Information Technology Act 2000, sect. 66, p.19

[9]. Vikay Pal Dalmia, India: Data Protection Laws in India,

[10]. Vipul Kharbanda, Budapest Convention and the Information Technology Act, 20-11-2018,

[11]. Convention on Cybercrime, Article 32, Para. B,

[12]. Alexander Seger, Evidence in the cloud and rule of law in cyberspace: Avoiding the ‘jungle’,

[13]. Joyce Hakmeh, A New UN Cybercrime Treaty? The Way Forward for the supporters of Open, Free, and Secure Internet,

[14]. Anna Kovacs, India and Budapest Convention: To sign or not? Considerations for Indian stakeholders,

[15]. Karisma Mehrotra, On global cybercrime, India votes in favor of Russian-led resolution,

Edited By: Subhadeepa Sen

*Disclaimer: The content of this article is intended to provide a piece of general information. The views are expressed by the Author solely and BFTLR may or may not subscribe to the views of the Author.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button