Cybercrime and a global governance crisis

Source: The post “Cybercrime and a global governance crisis” has been created, based on “Cybercrime and a global governance crisis” published in “The Hindu” on 27th January 2026.

UPSC Syllabus: GS Paper-2- Governance

Context: Cybercrime governance has become a central issue of global governance in the digital era, as digital dependence grows and cyber threats escalate. The adoption of the UN Convention against Cybercrime (2024) has exposed deep geopolitical divisions, showing how difficult it is to achieve global consensus. For India, this poses challenges in protecting digital sovereignty, upholding human rights, and maintaining institutional autonomy while participating effectively in global rule-making. The crisis reflects the limitations of traditional multilateral frameworks in responding to emerging technologies and cross-border cyber threats.

Global Governance Crisis in Cyberspace

1. The UN Cybercrime Convention (2024) is the first major multilateral criminal justice treaty in over two decades, marking a significant attempt to set international cyber norms.
2. It was proposed by Russia in 2017 and strongly supported by China, aiming to challenge the status quo of Western-led cyber governance frameworks like the Budapest Convention (2001).
3. Key powers including India, the US, Japan, and Canada did not sign, reflecting mistrust of the Convention’s intentions and divergent national priorities.
4. The lack of universal adoption underscores fragmentation in global governance, weakening the ability to create enforceable, uniform standards for cyberspace.

Competing Power Blocs and Interests

1. Russia-China: Advocate for stronger state control over the internet, legitimising national cyber laws and authoritarian regulatory approaches.
2. Europe: Signed to retain influence in shaping global norms and ensure an early voice in the implementation process.
3. USA: Skeptical of the broad definitions, concerned that the Convention could be used to suppress free speech and target journalists or activists.
4. India: Chose not to sign to protect control over citizen data and ensure regulatory sovereignty, while still actively participating in negotiations.
5. The divisions highlight how cyber governance is a reflection of geopolitical competition, making unified global solutions extremely difficult.

Gap Between Principles and Practice

1. While the Convention addresses urgent issues such as child sexual abuse material and online fraud, its broad definitions allow states to stretch “cybercrime” to suppress dissent or political opposition.
2. Procedural safeguards like judicial oversight are tied to domestic law, resulting in inconsistent human rights protections across countries.
3. Similar patterns are visible in AI governance, where countries agree on high-level principles like safety, security, and human-centric design, but implementation becomes highly prescriptive, e.g., India’s draft AI watermarking rules covering 10% of content.
4. This shows a recurrent global challenge: consensus on principles does not automatically translate to consensus on practical enforcement.

Rise of Polycentric Governance

1. Traditional multilateral institutions are weakening:
   1. UN faces financial and political constraints.
   2. Security Council is ineffective in modern conflicts (e.g., Ukraine, Gaza).
   3. WTO dispute settlement system is paralyzed since 2019.
2. Governance is increasingly handled through plurilateral, bilateral, or regional forums, creating overlapping rules and fragmented enforcement.
3. This polycentric system places additional pressure on states, requiring them to navigate multiple, sometimes conflicting, regulatory regimes.

Implications for India

1. India’s proposals for protecting citizen data and retaining control over cyber regulation were largely ignored, showing declining influence in global rule-making.
2. Staying outside major frameworks risks isolation in cyber cooperation, cross-border investigations, and international data-sharing agreements.
3. Over time, this may weaken India’s strategic autonomy, affect regulatory control, and reduce leverage in shaping global cyber norms.

Capacity Deficit in India

1. India lacks sufficient skilled professionals in cyber law, digital forensics, and cyber diplomacy.
2. Regulatory institutions are fragmented across ministries and agencies, leading to poor policy coordination.
3. Limited collaboration with private sector and civil society reduces innovation and enforcement efficiency.
4. Insufficient investment in technical infrastructure and research undermines India’s ability to respond to sophisticated cyber threats and participate effectively in global governance forums.

Way Forward

1. Build specialised cadres in cyber law, digital diplomacy, and technical cybersecurity.
2. Strengthen institutional coordination between the MEA, IT Ministry, Home Ministry, and security agencies.
3. Develop robust domestic cybersecurity and data protection frameworks.
4. Promote public-private partnerships to enhance threat intelligence sharing and response capabilities.
5. Ensure policies balance national security, innovation, and human rights.
6. Invest in AI, cyber infrastructure, and research, as well as training human resources.
7. Engage proactively in plurilateral and multilateral forums to influence the drafting of international cyber norms.

Conclusion: The UN Cybercrime Convention reflects the broader breakdown of global consensus in digital governance. In a polycentric, fragmented world, India must strengthen technical capacity, institutional coherence, and diplomatic engagement. Enhancing these capacities is critical to safeguard sovereignty, protect citizen rights, and remain an influential player in global digital governance.