Technical Skills Required for Cybercrime Investigation

Skill Area Purpose

Digital Forensics Recovery and analysis of digital evidence

Network Traffic Analysis Tracing cyberattack activity

Malware Reverse Engineering Understanding malicious software behaviour

Cryptocurrency Tracing Tracking illicit financial transactions

4.5 Insufficient International Cooperation Mechanisms

The architecture of international police and judicial cooperation remains poorly adapted to the
demands of cybercrime investigation. Mutual legal assistance treaties (MLATs), the principal formal
mechanism for obtaining evidence abroad, are slow, formalistic, and politically contingent.
Informal police-to-police cooperation through Interpol and Europol’s mechanisms is faster but has
limited reach, particularly with non-member states or states that decline to participate in specific
investigations. The absence of a comprehensive multilateral treaty with universal or near-universal
participation—a deficiency that the UN Convention process has attempted to address—means that
cooperation depends heavily on bilateral relationships and the political will of individual states
(Gercke, 2012).

Attribution in cyberspace presents a further cooperation challenge. State-sponsored cyberattacks,

which constitute an increasing proportion of the most serious cyber incidents, implicate
international law beyond the criminal justice framework—including the law of state responsibility,
countermeasures, and the jus ad bellum. The absence of agreed international norms on state
behaviour in cyberspace, despite the efforts of the UN Group of Governmental Experts (GGE) and
the Open-Ended Working Group (OEWG), creates a normative vacuum that enables states to
engage in malicious cyber operations with limited accountability (Schmitt, 2017).

International Cooperation Limitations

 Slow cross-border evidence-sharing mechanisms.

 Political dependence of international cooperation.

 Limited participation in international cybercrime treaties.

 Weak coordination in state-sponsored cyberattack investigations.

 Lack of universally accepted cyber norms.

Major International Cooperation Bodies and Challenges

 Institution/Mechanism Primary Limitation

MLAT Frameworks Slow and bureaucratic procedures

Interpol Cooperation Limited enforcement authority

Europol Mechanisms Restricted global reach

UN Cyber Norm Initiatives Lack of binding obligations

The current cybercrime legal framework suffers from substantial jurisdictional, legislative,
evidentiary, institutional, and cooperative deficiencies. Rapid technological evolution continues to
outpace legal reform, while fragmented international cooperation mechanisms hinder effective
enforcement. Addressing these structural gaps requires harmonised legislation, faster
international evidence-sharing procedures, enhanced institutional capacity, and stronger global
consensus on cyber norms and state responsibility in cyberspace.

Comparative Analysis Of Cybercrime Legal Frameworks

5.1 Budapest Convention vs. UN Ad Hoc Committee Process

The tension between the Budapest Convention and the UN convention process is the defining
dynamic in international cybercrime law at present. The Budapest Convention’s proponents argue
that it provides a tested, technically sophisticated, and operationally effective framework that has
successfully facilitated thousands of cross-border investigations. Its critics counter that it was
developed without adequate participation from the Global South, reflects the interests and values
of its primary authors (Council of Europe members and their close partners), and fails to address
the conduct of states in cyberspace (Daskal, 2015).

The UN Convention, adopted in principle in 2024 following the Ad Hoc Committee process, seeks
to achieve universal participation but at the cost of a significantly more minimalist substantive
framework. The Convention’s definitional scope is narrower than Budapest’s in some respects,
reflecting compromises between states with divergent views on what constitutes criminal conduct
online.

Civil society organisations have expressed particular concern about provisions that could be used
by authoritarian governments to characterise:

 Political dissent

 Investigative journalism

 Security research

These activities may potentially be treated as cybercrime. The UN High Commissioner for Human
Rights issued a formal note expressing concern about the Convention’s potential for misuse prior
to its adoption (OHCHR, 2023).
From a comparative perspective, the two instruments reflect fundamentally different theories of
international cooperation:

Framework Primary Objective Key Approach Main Trade-Off

Operational Detailed legal

Budapest Convention effectiveness harmonisation Lower inclusivity

UN Convention Reduced technical

Model Universal participation Minimalist harmonisation uniformity

The Budapest model seeks to harmonise law at a relatively high level of detail, prioritising
interoperability and technical effectiveness. In contrast, the UN model prioritises universal
participation, accepting a lower level of harmonisation as the price of inclusivity.

Neither model is inherently superior. Rather, they represent different trade-offs between
effectiveness and legitimacy that the international community must negotiate.

5.2 GDPR And The NIS2 Directive: A Model For Integrated Regulation

The EU’s integrated approach to cybersecurity and data protection offers important lessons for
other jurisdictions and for international framework development. Rather than treating cybercrime
as purely a criminal law matter, the EU has developed a layered regulatory architecture that
combines:

 Preventive obligations on organisations (GDPR, NIS2, Cyber Resilience Act)

 Harmonised criminal law provisions (Directive 2013/40/EU)

 Operational cooperation mechanisms such as:

 European Union Agency for Cybersecurity (ENISA)

 Europol’s European Cybercrime Centre (EC3)

 European Cyber Diplomacy Toolbox

This multi-track approach addresses the full cybercrime lifecycle:

Cybercrime Lifecycle Stage Regulatory Focus

Prevention Security and compliance obligations

Detection Monitoring and reporting mechanisms

Response Operational coordination and mitigation

Prosecution Criminal law harmonisation

The EU model therefore integrates prevention, detection, response, and prosecution in a
coordinated manner (von Solms & van Niekerk, 2013).

The GDPR’s extraterritorial effect—applying to any organisation that processes the personal data
of EU residents, regardless of where the organisation is established—represents an innovative use
of market power as a regulatory lever.

By effectively requiring global businesses to comply with EU data protection standards as a

condition of accessing the EU market, the GDPR has had a significant harmonising effect on global
data protection law. Scholars have termed this phenomenon the “Brussels Effect” (Bradford, 2020).

A similar dynamic could theoretically be ha