At UN headquarters in New York on 25 October 2025, Brazil became one of the first 60 signatories of the new UN Convention on Cybercrime. The Federal Police, representing the Brazilian government, said the treaty will standardise procedures for real-time electronic evidence sharing and harmonise definitions of digital offences, including identity theft and child-exploitation imagery.
While primarily a law-enforcement instrument, the convention has mobility implications: airlines operating to Brazil will gain clarity on data-retention requirements for Passenger Name Records (PNRs), and business travellers carrying encrypted devices could face more predictable inspection protocols. The PF noted that the pact includes human-rights safeguards designed to prevent indiscriminate data harvesting at airports.
For multinational employers, the treaty may shorten timelines for cross-border investigations, easing the compliance burden when staff are implicated in cyber incidents abroad. In the short term, corporate IT and travel teams should update device-search guidelines to ensure encryption keys can be produced if requested; failure to comply could still result in temporary device seizure under Brazil’s existing border authority.
Ratification now moves to Brazil’s Congress, where leaders of the centrist bloc signalled support, citing the need to protect the COP 30 summit from cyber threats. Once enacted, Brazil will align with EU evidence-sharing standards, facilitating smoother cooperation for companies operating in multiple jurisdictions.
While primarily a law-enforcement instrument, the convention has mobility implications: airlines operating to Brazil will gain clarity on data-retention requirements for Passenger Name Records (PNRs), and business travellers carrying encrypted devices could face more predictable inspection protocols. The PF noted that the pact includes human-rights safeguards designed to prevent indiscriminate data harvesting at airports.
For multinational employers, the treaty may shorten timelines for cross-border investigations, easing the compliance burden when staff are implicated in cyber incidents abroad. In the short term, corporate IT and travel teams should update device-search guidelines to ensure encryption keys can be produced if requested; failure to comply could still result in temporary device seizure under Brazil’s existing border authority.
Ratification now moves to Brazil’s Congress, where leaders of the centrist bloc signalled support, citing the need to protect the COP 30 summit from cyber threats. Once enacted, Brazil will align with EU evidence-sharing standards, facilitating smoother cooperation for companies operating in multiple jurisdictions.
