Remarks to be Presented at the Plenary Session
United Nations Convention against Cybercrime (Hanoi Convention) Signing Ceremony

By Nima Binara, Counsel, Global Data Disclosure Strategy, Google LLC
October 26, 2025
Hanoi, Vietnam

Mr. Chair,

Distinguished delegates,

Ladies and gentlemen.

I have the honor to deliver this statement on behalf of Google.

Yesterday’s opening for signature of the Hanoi Convention was a historic political development. And I would like to applaud the openness and transparency of the Ad Hoc Committee’s process, which saw many non-state stakeholders – including Google – participate in the discussions leading up to yesterday.

For Google, the protection of human rights online is inseparable from our mission to organize the world’s information and make it universally accessible and useful. In our engagements in the Cybercrime Convention process, we have consistently advocated that this Convention must advance human rights and fundamental freedoms. And we look forward to continuing to engage on this important issue.

Accordingly, as state parties begin to contemplate implementation of the treaty, it is vital to close the gaps in protections and safeguards, and Google believes the following three areas should feature strongly in any discussion:
–
First, the continued, robust involvement of multi-stakeholders is vital at all further stages of the Convention.
–
Second, it’s vital that substantive human rights protections in the Convention be strengthened.

The inclusion of human rights in Article 6 (Respect for human rights) is a laudable development.

However, we continue to be concerned that the Article 6 reference to a state party’s “obligations under international human rights law”, and a limitation of the protection of human rights and fundamental freedoms to, quote, “applicable international human rights law,” unquote, leaves a potentially significant gap. Similarly, the due process protections in Article 21 are limited to a state’s domestic law and affirmative international commitments.

Rather than settle for a lowest common denominator approach, we hope the Convention instead looks for inspiration to the Budapest Convention, which expressly cites the International Covenant on Civil and Political Rights and other instruments. To achieve this, we recommend that “applicable international human rights law” be interpreted broadly, not just based on what instruments a particular state may have ratified.

There are also areas where we think the Convention could clarify criminalization requirements, to prevent overbroad criminalization:

We continue to be concerned that the “illegal access” provision does not adequately protect the legitimate activity of cybersecurity researchers – even as Article 53 contains a helpful reference to the “legitimate activities of security researchers”.

Finally, both Articles 18 (Liability of legal persons) and 19 (Participation and attempt) lack an express intent requirement, which could potentially sweep up third-party platforms like companies engaged in good faith content moderation.
–
Third, we believe it’s equally vital that procedural safeguards should be strengthened:

The powers listed in Article 23 (Scope of procedural measures) lay out a broad array of powers which may be used for any “criminal offences committed by means of an [ICT] system.” To prevent the risk of abuse, these powers should be interpreted as limited to the offenses specifically criminalized in the Hanoi Convention.

The safeguards in Article 24 (Conditions and safeguards) contain a laudable set of human rights guardrails – like judicial review and the right to an effective remedy – but these safeguards should be interpreted to be mandatory, not up to a state party to decide whether or not to invoke.
–
Distinguished delegates, we should also recognize that the Hanoi Convention is not a replacement of, but a complement to, the Budapest Convention. States that are party to Budapest can continue leveraging that trusted framework.

The Budapest Convention continues to be relevant, not only because many of its provisions were directly incorporated into the Hanoi Convention, and may be looked to when states seek to understand the commitments set out in the UN instrument.

Beyond that, the Budapest Convention’s Second Additional Protocol contains innovative mechanisms like the Article 7 direct request mechanism from a government to a service provider located in a third country – which the Hanoi Convention notably does not include. So while the Hanoi Convention sets important baseline standards for government-to-government cooperation, the Budapest Convention breaks new ground on direct government-to-provider interactions.
–
Distinguished delegates, this Convention is not the finish line; it is the starting line. Its success depends on its implementation—which must be transparent, inclusive, and focused on preserving human rights and a free and open internet.

Google remains committed to partnering with governments, civil society, and the private sector to build capacity, share best practices, and ensure the operationalization of these standards aligns with international human rights law.

We must ensure the technologies we use to fight crime are deployed ethically and in compliance with human rights norms. We are hopeful that the Hanoi Convention can rise to this challenge.

Thank you.