Abstract
Cybercrime is global. But legal approaches to combating cybercrime have been fragmented. The first such multilateral legal mechanism, the Budapest Convention on Cybercrime, was launched in 2001 and positioned by its primarily Western drafters as a global instrument. But it has struggled to achieve full international uptake. Instead, many states have used regional organizations to create their own legal mechanisms addressing cybercrime and cybersecurity threats. More recently, the UN Convention on Cybercrime has emerged as an alternative to this fragmented landscape. But the emergence and significance of this “convergent” option cannot be understood without the context of the deep fragmentation that preceded it.
This Article examines that fragmentation. In doing so, it also offers the first law review analysis of all regional cybercrime conventions together. Through this comparative legal analysis of the texts, this piece establishes that multilateral mechanisms for governing cybersecurity and cybercrime are divergent. It then categorizes the approaches taken, providing structured ways of viewing differences between the conventions’ details. Three distinct views of cybercrime and cybersecurity emerge: an ordinary crimes approach, a high politics approach, and a domestic management approach. The Article argues that each region leverages its chosen approach in service of the concept of sovereignty its member states prioritize in the international system, both online and offline. These broader political goals help explain the high degree of fragmentation in this issue area. These cybercrime conventions were never just about cybercrime. The stakes are higher: these conventions are tools in contesting the broader political global order, a contestation that informs what is now happening at the United Nations.
Recommended Citation
Mailyn Fidler, Fragmentation of International Cybercrime Law, 2025 ULR 737 (2025).