United Nations Convention against Cybercrime: Strengthening International Cooperation for Combating Certain Crimes Committed by Means of Information and Communications Technology Systems and for the Sharing of Evidence in Electronic Form of Serious Crimes

Speech by Mr. Waruna Sri Dhanapala, Secretary (Actg.) of the Ministry of Digital Economy and Head of Delegation, Government of Sri Lanka

Greetings!

His Excellency the President of Vietnam, Excellencies, Heads of States and other distinguished delegates from UN Member States, United Nations Secretary-General, officials of UNODC and other UN entities, Ladies and Gentlemen,

Sri Lanka stands at a pivotal juncture: by harnessing digital technologies across government and industry, the nation can unlock substantial economic, social and productivity gains especially with multilateral and bilateral cooperation including of the relevant United Nations forums.

In a hyper-connected digital economy, robust cybersecurity and a foundation of trust are non-negotiable. Combating all forms of crimes is a public good that any government should fulfil, so the advancements of technology, including digitalization, create both opportunities and challenges that a single nation cannot manage by its own resources. However, given the evolving nature of cyber threats, there is a need for broader and deeper multilateral engagement to ensure resilience and security in the digital era.

Therefore, as a country which took part in the negotiations, Sri Lanka welcomes the adoption of the United Nations Convention against Cybercrime (UNCC) in December 2024 (Resolution No. 79/243) by the United Nations General Assembly at its 55th plenary meeting. Sri Lanka recognizes the tireless efforts made by the UN Ad Hoc Committee (AHC) since May 2021 (Resolution No. 75/282), including the contributions made by its Chair, Vice Chairs, the UNODC (which functioned as the Secretariat) and individual Member States and Working Groups, all of who made an invaluable effort to negotiate this Convention. .

I am happy to announce that Sri Lanka is signing this Convention in this beautiful city of Ha Noi especially with the generous hospitality of the Government of Viet Nam. We believe that this Convention, as the comprehensive global treaty on cybercrime under United Nations auspices, will lead to establishing a globally accessible treaty designed to address a comprehensive range of serious cyber-enabled crimes.

Distinguished delegates, ladies and gentlemen,

The rapid digital transformation of Sri Lanka’s economy and society has been accompanied by a marked escalation in conventional crimes using information and communication technology, including cyber fraud, online exploitation, and terrorism financing. Strategic, organizational and technical measures that safeguard digital assets, ensure uninterrupted operations and reinforce citizen confidence in online services is therefore imperative.

In response, at the domestic level, Sri Lanka has strengthened its legal and regulatory framework through key domestic legislation such as the Computer Crimes Act No. 24 of 2007, Payment Devices Frauds Act No. 30 of 2006, and through several Amendments to the Penal Code (since 2006), Criminal Procedure Code and Mutual Assistance in Criminal Matters Act. Further safeguards for processing of personal data for criminal justice purposes were introduced through Personal Data Protection Act No. 9 of 2022.

Sri Lanka became a state party to the Budapest Convention on Cybercrime in September 2015, the first country in South Asia to join this landmark treaty. In November 2022, Sri Lanka also became the first country in South Asia to sign the Second Additional Protocol to the said Convention, for enhanced international cooperation and cross-border sharing of electronic evidence. Becoming a State Party to the Budapest Convention has provided a strong framework for harmonizing national cybercrime laws, strengthening investigative capacity, and fostering cooperation with more than eighty (80) other States Parties. Since then, Sri Lanka has further enhanced its ability to combat cybercrime through several Capacity building programs for Judges, Prosecutors, FIU, Sri Lanka Police through the GLACY initiatives of the Council of Europe.

According to the submission to the United Nations Office for Disarmament Affairs (UNODA) on the “Dedicated Global ICT Security Cooperation and Capacity Building Portal”, Sri Lanka indicated its priorities for resilient infrastructure, awareness and cooperation and in the use of information and communications technologies as a confidence-building measure to strengthen interaction and cooperation between States. It builds on existing regional initiatives and aims to promote an open, secure, stable, accessible, and peaceful cyberspace

The Digital Economy Blueprint of the Government of Sri Lanka provides a unified roadmap that weaves together universal connectivity, robust public infrastructure, advanced platforms, inclusive policies and targeted investment was introduced a vision and strategy with ambitious objectives to step into the upper quartiles of global digital competitiveness indices.

Distinguished delegates, ladies and gentlemen,

Sri Lanka adopted its first national “Information and Cyber Security Strategy” (2018‑2023) in April 2018, prepared by Sri Lanka CERT, which set out six strategic thrusts: governance framework; legislation / policies; workforce capacity; resilient digital government infrastructure/public‑private partnerships; awareness & empowerment; international cooperation.

More recently, the government introduced a new strategy — the “National Cyber Protection Strategy of Sri Lanka – 2025‑2029” — in July 2025. This strategy places emphasis on six pillars: upgrading the legal/regulatory framework; enhancing public awareness and knowledge; improving readiness; strengthening incident response; fostering national and international cooperation.

This strategy shows that Sri Lanka is focused on governance framework, establishing institutional mechanism such as Cyber Security Operations Centre (NCSOC), National Certification Authority (NCA) in consultation with relevant stakeholders, and learning lessons of other countries.

Sri Lanka CERT is the primary national Computer Emergency Response / Coordination body and plays a central role in incident‑response, risk and forensic assessments, awareness and training as well as implementing key infrastructure such as NCSOC for 24×7 monitoring and the proposed malware and threat hunting lab.

These policy and strategic engagements have placed Sri Lanka in reasonably higher ranking & global index. For example, in the International Telecommunication Union (ITU) Global Cybersecurity Index (GCI) 2024, Sri Lanka was recognized as a “Tier 2 – Advancing” country with a score of ~85‑95).

Distinguished delegates, ladies and gentlemen,

While legal frameworks are being updated, passage and full implementation may lag. For example, draft Cyber Security Act and regulatory structures are in progress.  The government has also taken the initiative to review existing laws and make suitable amendments to comply with international obligations , including a comprehensive review of Online Safety Act, No. 9 of 2024 (though Ministry of Justice). A comprehensive cybersecurity act is being drafted to accommodate regulatory requirements of this ecosystem.

The Ministry of Digital Economy will coordinate an inter ministerial framework to follow up of the signing of this historic convention and prepare for its readiness to ratify the same. It will include the Ministry of Defence, Ministry of Justice and National Integration, Attorney General’s Department, Sri Lanka Police, Commission to Investigate Allegations of Bribery or Corruption and Police Proceeds of Crime Investigation Division (National Assets Recovery Agencies) and other relevant stake holders to harmonize the relevant domestic legislation and administrative processes with the offences under Chapters II, III, and IV of UNCC with special attention to Article 19,41, 55 and 56, and to facilitate capacity building and technical assistance to enforcing authorities.

The Ministry in charge of Foreign Affairs, will manage all diplomatic and treaty-related matters, ratification of the UNCC with relevant reservations, if any (Articles 37(6)(a), 63(3)) and the depositing and timely updating of the information related to Central Authorities for MLA, Prison Transfer, and Extradition, National Assets Recovery Agencies, Points of Contacts under the UNCC, etc. and with the Secretariat.

In conclusion, as Sri Lanka pushes forward its digital economy agenda and to make it a safer country for all, cybersecurity readiness and digitally enabled mechanism to combat all forms of crimes is vital to ensure trust, continuity, and secure growth. Enhancing cyber resilience helps protect critical infrastructure, financial systems, citizen data and national reputation.

Being part of global cyber cooperation frameworks helps Sri Lanka in cross‑border cybercrime investigations and shared threat intelligence. Building the skill‑base supports economic opportunities in cybersecurity services, IT‑BPM exports etc is also important in this journey.

Thank you.