By contrast, the Budapest Convention has 81 states parties (meaning they have ratified or acceded to the Convention) and 2 countries have signed but not ratified (Ireland and South Africa).

www.coe.int/en/web/conve...

Breakdown by UN region: 21 African states, 19 Asia-Pacific states, 7 Eastern European states, 11 Latin American and Caribbean states, 12 Western European and Other states.

While there are human rights safeguards built into the treaty, these are widely viewed by civil society and industry as insufficient to address the risks posed by the instrument.

You can read a much more detailed analysis by @eff.org here: www.justsecurity.org/98738/cyberc...

There are also deeply concerning provisions relating to data preservation and disclosure, as well as secrecy around these requests, that could threaten proprietary systems, tech workers, and privacy in general.

There are also concerns some of the offenses required to be adopted in national law could threaten the work of good faith security researchers whose work is dedicated to finding vulnerabilities.

The extremely broad scope - where serious crime is defined by national laws, creating an impossible to predict patchwork - could facilitate domestic and transnational repression, pulling in other countries to abusive practices through cooperation.

The UN Convention not only requires states parties to criminalize specific offenses under their domestic systems, but seeks to establish a cooperation mechanism between parties to facilitate investigations and prosecution of “serious crimes” with digital evidence - cybercrime or not.

Of course - this treaty was initially proposed by Russia, which refused to join the Council of Europe’s Budapest Convention on cybercrime, claiming it was a European instrument that excluded much of the rest of the world (ironically, many global majority countries have since joined Budapest).

Signing the Convention is only the first step towards becoming a Party, with the concomitant obligations and risks that will carry. Ratification takes years, and now is the time to ascertain what mitigation measures are needed before the UNCC comes into force.

Many civil society organizations and private sector companies will not be in attendance, given their continuing opposition to the Convention due to the risks it poses to human rights and cybersecurity.

Neither the ceremony nor any of the planned side events will be livestreamed, so it will be difficult to keep track of which states sign and what kind of statements they make in person. We will depend on public statements shared by governments and others in attendance.