Strategic topics were discussed, such as the consolidation of the Budapest Convention, including the accession of São Tomé and Príncipe and Vanuatu to the treaty on cybercrime and digital evidence collection. This brings the total number of States Parties to 80, consolidating the Convention as the central instrument in the investigation and cross-border sharing of electronic evidence. This expansion reflects growing global acceptance and reinforces the Convention’s position as an essential normative framework in combating cybercrime.
The Second Additional Protocol to the Convention (CETS 224) was another key issue discussed. This protocol establishes standardised and expedited procedures for obtaining electronic evidence stored in foreign jurisdictions. It provides greater legal certainty for judicial authorities, law enforcement, and service providers, ensuring that cross-border information requests are efficient, transparent, and legally sound. Ratification of this protocol was highlighted as a critical priority for all signatories, requiring immediate domestic adaptation.
The New Hanoi Convention (UN), scheduled to be signed on 25 October 2025, complements the Budapest Treaty by allowing states that are not parties to the latter to join a global cooperation network. The aim is to expand the reach of international cooperation against cybercrime, always with respect for human rights guarantees and the rule of law.
Digital Manipulation emerged as a growing concern. Democracies are increasingly under siege, with digital election interference posing a direct threat to contemporary democratic systems. The conference highlighted the urgent need to regulate online political advertising, strengthen electoral infrastructure protection, and create swift mechanisms to investigate and penalise criminal interference with democratic integrity.
Artificial Intelligence was a key focus, recognised for its dual role: a powerful tool in analysing and gathering digital evidence, but also a driver of sophisticated fraud, such as deepfakes and financial crimes. Experts warned of the urgent need for specific training and regulatory policies that clearly define responsibilities and mitigate the risks associated with the abusive use of AI.
Financial Crimes and Crypto-assets - fraudulent financial schemes linked to crypto-assets, particularly the so-called "pig-butchering" scams – were identified as major emerging threats. Often associated with human trafficking and transnational criminal networks, these crimes require intense cooperation between law enforcement, financial authorities, and digital asset companies to trace, freeze, and recover illicit assets.
The conference also emphasised that cyber-attacks carried out during armed conflicts may constitute war crimes, requiring strict application of the international humanitarian law principles of distinction and proportionality. The collection of digital evidence in this context, in line with the Budapest Convention, remains essential to ensure effective accountability.
In conclusion, the Octopus Conference 2025 reaffirmed that, given the global nature of cybercrime, only strong international cooperation, underpinned by robust treaties and specialised capabilities, can ensure effective digital security and the protection of fundamental rights in the digital space.
Some operational recommendations:
-
Urgent harmonisation of national procedures with the Second Protocol (CETS 224).
-
Thorough review of internal policies for the preservation of digital records.
-
Reinforcement of "zero trust" policies for critical systems, especially electoral infrastructure.
-
Advanced technical and legal training on AI, crypto-assets, and digital financial investigations.
-
Creation and strengthening of specialised units for juvenile cybercrime and digital violence, with preventive and restorative approaches.
More details about the Octopus Conference 2025 here:: https://www.coe.int/en/web/cybercrime/octopus-conference-2025
