EU Joins International Cybercrime Convention: Parliament Greenlights Transnational Framework

The European Parliament gave its formal consent in Strasbourg this week to the European Union’s accession to a wide-ranging international cybercrime convention, in what officials described as one of the most consequential digital security votes of the May plenary session. The text creates an international framework for cooperation aimed at preventing and tackling cybercrime, which is by its nature transnational, while setting out parameters for law enforcement and the provision of global technical assistance.

A response to a borderless threat

The convention answers a problem that EU institutions have wrestled with for years: cybercrime is rarely confined within national borders, yet the tools available to police and prosecutors have long been national in scope. Ransomware groups operating from third countries, cross-border financial fraud, and large-scale phishing operations have all exposed the limits of fragmented national responses. Parliament’s consent, which followed years of negotiation at multilateral level, allows the Union to act collectively within a binding international legal architecture rather than relying on a patchwork of bilateral arrangements.

What the framework covers

The convention establishes procedures for the preservation and disclosure of electronic evidence across jurisdictions, harmonises core offences such as illegal access to information systems, system interference and computer-related fraud, and creates dedicated channels for mutual legal assistance specifically designed for the digital environment. It also includes a global technical assistance component, recognising that many third countries lack the institutional capacity to investigate and prosecute the cybercrimes that increasingly affect European citizens and businesses.

Parliamentary debate and oversight

The plenary debate exposed familiar fault-lines between MEPs prioritising security cooperation and those concerned about safeguards for fundamental rights. Liberal and Green members pressed for stronger guarantees on data protection, judicial oversight of cross-border data requests, and clear limits on the scope of cooperation with regimes whose rule of law standards fall short of European norms. Centre-right and Renew rapporteurs argued, in turn, that the convention contains its own safeguards and that abstaining from the framework would leave Europe more exposed, not less.

An institutional turning point

For Roberta Metsola‘s Parliament, the vote fits into a broader pattern of asserting an EU-level role in matters historically reserved to member states. Combined with the NIS2 directive, the Cyber Solidarity Act and the ongoing review of the Cybersecurity Act, the consent represents a further consolidation of a recognisably European cybersecurity stack. Commission officials have made clear that the framework is intended not only as a defensive instrument but as a platform for projecting European regulatory standards into multilateral negotiations.

Next steps and implementation

With parliamentary consent secured, the Council can now proceed to conclude the EU’s accession on behalf of the Union. Member states will then need to align certain elements of their national procedural law with the convention’s requirements, a process that will be coordinated through the Council’s Standing Committee on Operational Cooperation on Internal Security. Implementation reports are expected to be tabled at regular intervals, and Parliament has signalled that it intends to monitor closely how cross-border requests for electronic evidence are handled in practice, particularly where third-country authorities are involved.

The wider European digital agenda

The vote comes against a backdrop of intensified digital regulation across the Union. The Digital Services Act and the Digital Markets Act are now in full enforcement phase, the AI Act’s high-risk provisions are being phased in, and the May plenary itself has dealt with foreign investment screening, AI in trade policy, and the Union’s response to ongoing crises in the Middle East. Within that landscape, cybercrime cooperation is increasingly framed not as a technical issue for ministries of interior but as a strategic dimension of European sovereignty.