On Nov. 6, 2025, pirates attacked the tanker Hellas Aphrodite approximately 560 nautical miles off the coast of Somalia, in international waters. Under fire, the crew implemented its security measures and sheltered in the ship’s citadel (a reinforced or fortified secure room designed to protect against entry and protect the ship’s crew). Within 30 hours, naval forces in the region rescued the crew and secured the tanker. The pirates slipped away toward Somali territorial waters.
A similar pattern played out in the Gulf of Guinea, but with one critical difference: the violence occurred much closer to shore. In March 2025, pirates carried out abductions in quick succession. Specifically, on March 17, ten crew members were kidnapped from the tanker Bitu River approximately 40 nautical miles from São Tomé and Príncipe. The ship’s citadel was breached, and the pirates likely moved the hostages to a camp in the Niger Delta. Ten days later, the fishing vessel Mengxin 1 was attacked approximately 16 nautical miles south of Accra. Around the same period, there was separate reporting of seven crew abducted from three Ghana-flagged fishing vessels operating off Ghana.
These are not isolated events. The International Maritime Bureau (IMB), one of the major organizations that compiles statistical data on piracy and armed robbery against ships at sea, recorded 116 incidents from January to September 2025. Seventy-three of those occurred in the territorial waters of the Singapore Strait. This is not a backwater you would expect. It is one of the world’s busiest waterways, exactly the kind of place where security ought to be strongest, and where the consequences of “routine” maritime crime ripple quickly into commercial risk. And yet, a majority of criminal incidents took place there in the covered time period. This pattern—serious maritime crime clustering near-shore—exposes a gap in the law of the sea framework.
Piracy is not a historical curiosity. It is a modern and recurring operational risk that adapts quickly. The core legal framework is the 1982 United Nations Convention on the Law of the Sea (UNCLOS). Often called the constitution of the oceans, this treaty sets the legal boundaries of maritime zones and the enforcement authorities that come with them, including when piracy triggers universal jurisdiction. In other words, it draws the lines that determine who can do what, where, and when – and pirates have learned to operate in the spaces that press on the weaknesses of the framework.
What UNCLOS Gets You—and What It Doesn’t
UNCLOS’s piracy articles made assumptions about where piracy occurs and how states can enforce against it. UNCLOS divides ocean space into zones, and the rules change by distance. In territorial waters (0–12 nautical miles from the baseline), the coastal state exercises the strongest authority. Inside these 12 miles, the coastal state sets the rules (subject to international law) and can enforce them by boarding ships, arresting suspects, and bringing cases in its courts. This makes coastal state jurisdiction clear. Farther out through the exclusive economic zone (EEZ), generally out to 200 nautical miles, states have defined rights and limited jurisdictions, but not the same blanket control they have close to shore. Beyond the EEZ lie the high seas, where piracy can trigger universal jurisdiction and any state can act.
UNCLOS defines piracy as illegal acts of violence, detention, or depredation committed “for private ends” against another ship (see Article 101). It also limits piracy to acts committed on the high seas or outside the jurisdiction of any state.
Put plainly, the treaty’s piracy definition does not capture attacks committed in territorial waters (however, I use “piracy” as shorthand throughout this article, including for near-shore armed robbery against ships at sea). UNCLOS’s piracy provisions (Articles 100–107) allow states to seize pirate ships and arrest suspects on the high seas, and to then impose penalties on them through their courts, in effect, a rare grant of universal jurisdiction. This could, in theory, offer a powerful legal tool for anti-piracy enforcement. But the treaty limits piracy to a high-seas crime, and modern attacks cluster near-shore. This geographic mismatch forces states and industry into workarounds—regional compacts, consent-based operations in another state’s territorial seas, private security and parallel treaties—rather than a coherent enforcement regime.
Modern pirates have adapted to this structure. Many attacks occur close to shore where response depends on coastal states that in many instances, lack patrol boats, persistent surveillance, or prosecution capacity. In the Gulf of Guinea, for example, many coastal states are not sufficiently equipped to defend their territorial waters. In such cases, suppressing piracy does not rely on the UNCLOS piracy articles alone. It relies on add-ons such as regional compacts and private security measures, discussed further below. From a risk management perspective, that patchwork isn’t a strategy; it’s a symptom of an unresolved problem.
The Hellas Aphrodite case highlights what the drafters of UNCLOS envisioned would happen in a well-functioning system: coordination. When an attack occurs beyond national jurisdiction, the treaty’s high-seas piracy articles allows naval forces of any state operating in the area to respond, and effective cooperation between operational forces and law enforcement can turn response into results. Coordination and cooperation along these lines is practical and repeatable, allowing for shared maritime domain awareness, common reporting, rapid handoffs, and evidence and custody procedures that hold weight in domestic courts. The private sector is a supporting actor through reporting, best practices, and (where lawful) onboard security. But the core cooperation is state-to-state. But that smooth picture depends on what happens: whether attackers remain on the high seas, where interdiction is comparatively straightforward, or slip into territorial waters, where action becomes a question of coastal-state capacity and consent.
Under UNCLOS, the coastal state is the primary enforcement authority in its territorial sea. That idea works in theory, but not always in practice. In many places, states cannot sustain adequate coastal security. As noted above, patrol presence, surveillance capacity, investigative capability, and prosecution capacity are uneven—and pirates plan around the gaps.
Hot Pursuit and the Hard Stop at Territorial Seas
Hot pursuit exposes the lopsidedness. This concept serves as a legal bridge that allows a chase that begins in a coastal state’s territorial waters to continue onto the high seas, but the pursuit stops as soon as the target reaches any territorial sea beyond the pursuer’s own jurisdiction—because hot pursuit ceases once the fleeing vessel enters the territorial sea of either its own state or a third state (UNCLOS Art. 111). When suspects cross into another state’s territorial sea, foreign forces need coastal-state consent or a specific United Nations authorization to continue operations. This is why the jurisdictional seam becomes an operational tactic: criminals flee into near-shore waters where response slows, coordination becomes complicated, and the probability of capture drops. This matters in two ways: sometimes the attack begins beyond national jurisdiction and ends with flight into territorial waters; other times the crime occurs inside the territorial sea from the start, where authority is clear, but capacity is uneven.
In these instances, an international response requires not just naval presence, but additional and exceptional channels—United Nations Security Council authorizations, consent-based operations, or law enforcement cooperation with a neighboring state, precisely because the UNCLOS piracy definition stops at the territorial sea boundary. These channels are useful, but they also highlight the limitations of the treaty framework, demonstrating that UNCLOS’s piracy provisions are not wrong in concept, but incomplete in the modern threat environment.
And this is not unique to one region. In congested maritime environments like Southeast Asia, where coastlines are close and maritime boundaries sit tight against major routes, the seams matter even more. Those lines are not theoretical. They are navigational reality. And criminals use them.
The treaty’s piracy provisions reflect older patterns: ship-on-ship violence for private gain on the high seas outside state jurisdiction, where universal jurisdiction makes sense as an enforcement tool. Technology has changed the picture considerably since the treaty was negotiated. Fast boats, GPS, communications, and chokepoints did the rest. In the 1980s imagination, pirates vanished into distance. Today, piracy is less about disappearing into the open ocean and more about exploiting dense corridors close to shore and then moving people and profits inland.
The piracy definition is also a product of compromise. It is narrow by design, and its language invites interpretation. Some gaps are well-known. Article 101 assumes a two-ship scenario, which doesn’t capture every form of modern maritime seizure. The “private ends” language also carries its own ambiguity, which has led to debates over “private ends” and “political ends.” The “private ends” requirement is ambiguous because motive is rarely pure. Profit can mix with political intimidation, militia control, or coercion, and that makes it harder to classify an incident and therefore harder to know which enforcement tools apply.
And when a legal framework doesn’t map cleanly onto the threat, the system compensates. That is what counter-piracy looks like today: a stack of workarounds layered on top of UNCLOS, useful in practice but revealing in what they have to “work around.”
The Patchwork That Proves the Point
The IMB Piracy Reporting Centre helps fill an information gap the UNCLOS framework leaves out. The IMB’s Piracy Reporting Center serves to provide an answer to the classic risk management question: what is happening and where? To do so, the Piracy Reporting Center gathers reports from businesses and ships, sends out alerts, and releases trend data on strategies and hotspots. This operational picture enhances maritime awareness, lowers underreporting, and helps states, private companies and patrols.
However, the IMB must track two categories: piracy on the high seas and armed robbery against ships in territorial waters. That dual categorization reflects the mismatch between UNCLOS’s definition and the geography of modern-day attacks. It is another patch designed to make available data operationally useful to states and shipping companies to compensate for the treaty’s limits. A piracy-only dataset would omit many of the incidents that matter most in practice. The IMB result is a more operationally useful picture of maritime insecurity, but not a solution to the underlying legal problem.
Then comes the operational layer: cooperation. UNCLOS contains an obligation to cooperate against piracy on the high seas, but it doesn’t provide a practical mechanism to make that cooperation routine in the zones where modern incidents actually cluster. The result is that states build regional arrangements outside the treaty’s piracy articles—codes of conduct, information-sharing centers, and coordination structures tailored to the geography of the threat. The Djibouti and Yaoundé Codes of Conduct, along with Asia’s Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships in Asia (ReCAAP) framework and patrols such as the Malacca Straits Patrol (MSP), exist because near-shore piracy and armed robbery against ships require day-to-day coordination that UNCLOS doesn’t provide for on its own. In practice, regional cooperation becomes a substitute for the universal jurisdiction UNCLOS reserves only for the high seas.
And when cooperation isn’t enough, when pirates run for territorial waters, the system falls back on a different patch: permission for one state to operate in another’s territorial seas. It helps to separate two ideas that often get blurred. Coordination involves states working together within their own jurisdictions, sharing information and handoffs. Consent-based operations are different: they involve one state’s forces operating inside another state’s territorial sea (and only with the authorization of the host coastal state or, in rare cases, the U.N. Security Council). Somalia is the most visible case. Pirates operating off the Horn of Africa pushed the international community toward consent-based operations and United Nations backed authorizations, exceptional pathways to enable action inside territorial waters where the piracy definition under UNCLOS cannot simply follow. That is not how a seamless legal framework is supposed to operate. It is how a framework behaves when it needs an exception channel to function against a predictable tactic.
At the same time, the shipping industry has built its own set of mitigations, because commercial risk doesn’t pause while governance catches up. Private contracted armed security personnel became part of the toolbox in certain contexts not as a philosophical preference, but as an operational control, one more way to buy time, deny access, and keep crews alive long enough for help to arrive, particularly when the risk is high and public enforcement was uneven or delayed.
Finally, the legal system created a parallel regime to cover what UNCLOS leaves out. As discussed above, UNCLOS’s piracy definition assumes a classic “two-ship” scenario—one vessel attacking another—which does not capture every modern unlawful act at sea. For incidents that fall outside that box, the international community negotiated the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation (SUA), which criminalizes serious violence and interference against ships, including acts that don’t fit the two-ship model.
Taken together, these measures reduce harm. But they also prove the point. Counter-piracy today is not a single coherent legal regime. It is an ecosystem of reporting categories, regional compacts, consent-based exceptions, private security controls, and parallel treaties. That patchwork is perhaps workable, but it is also evidence that the core framework doesn’t map cleanly onto the modern piracy threat.
What To Do Now
So, what can be done now?
First, coastal states and their regional partners should expand consent-based enforcement support but make it predictable. Many incidents occur in territorial waters, exactly where enforcement depends on coastal-state capacity. The problem is that consent is often slow, bespoke, and operationally uneven. What’s needed are clear, pre-negotiated pathways for coastal states to request operational assistance, paired with guardrails that protect sovereignty and accountability. The goal is not to dilute coastal-state jurisdiction. It is to make cooperation operationally reliable when capacity gaps are the constraint pirates plan around.
Second, donors and maritime partners should fund capacity where it actually changes outcomes. Boats matter, but so do surveillance systems, maritime domain awareness, trained investigators, and prosecutorial capability. Without a credible prosecution pipeline, interdiction becomes disruption rather than deterrence. That is a governance problem, not a tactical one.
Third, coastal states and the shipping industry should formalize the role of private security for shipping companies rather than leaving it in a gray zone. Private contracted armed security personnel are already part of the market response to uneven protection. The question isn’t whether companies will use them, it’s whether states will set clear rules, oversight expectations, and accountability standards so private controls reduce risk rather than create new liabilities.
Longer term, the core mismatch needs to be addressed directly. UNCLOS’s piracy provisions codified a model rooted in older piracy patterns that don’t match today’s near-shore threat. Today, piracy is a recurring, adaptive threat that clusters close to shore where the treaty’s high-seas piracy definition is least usable. One route is formal amendment under UNCLOS’s procedures in Part XVII (Articles 312–316). Another, perhaps more politically realistic route is to negotiate a supplemental, opt-in protocol linked to UNCLOS that standardizes consent-based enforcement support for piracy-like attacks in territorial waters under agreed conditions.
Alongside that, the most durable model is standing regional capability: predictable coordination, shared maritime domain awareness, and pre-negotiated operating procedures that don’t have to be reinvented during each crisis. States can already do this bilaterally, but bilateral deals don’t scale. Each agreement comes with its own permissions, oversight, and evidentiary rules, forcing operators to improvise during fast-moving incidents, giving criminals seams to exploit. A multilateral opt-in instrument would reduce costs and improve interoperability by creating a shared playbook across a region: common triggers for requesting assistance, standardized operating procedures, evidence and custody rules that hold up in court, and clear accountability. Pirates already know where the law gets thin; the response has to stop relying on improvisation and start closing the gap where risk actually concentrates.
