Agenda item 5: discussions on substantive issues contained inparagraph 1 of General Assembly resolution 75/240 (continued) – session 2

Global cybersecurity discussions continue at the OEWG with focus on the Annual Progress Report

The third meeting of the eighth substantive session of the Open-Ended Working Group (OEWG) on Security of and in the Use of Information and Communication Technologies 2021-2025 continued with discussions under Agenda Item 5, focusing on the first reading of the Annual Progress Report. The Chair opened the floor to the list of speakers, urging succinct contributions and specific amendments or suggestions for the drafting of the report.

Albania, speaking for the first time, expressed support for the OEWG’s efforts towards cybersecurity and thanked various nations for enabling their participation. Emphasizing the importance of international cooperation and collaboration, Albania supported the current draft of the Annual Progress Report (APR) and stressed the need to focus on applying existing rules and norms before developing new ones. The delegation highlighted the significance of addressing ransomware attacks and the misuse of cryptocurrency in cyberattacks.

Georgia welcomed the draft APR and stressed the importance of transparency, cooperation, and trust among Member States. The delegation suggested explicit references to the existing norms of responsible state behavior and the need for states to protect critical infrastructure and information infrastructure (CI and CII), including through public-private partnerships.

The Netherlands, aligning with the EU, focused on norms and law, welcoming the checklist of practical actions in Annex A. The delegation suggested improvements to the report’s text, particularly concerning the implementation of existing norms and the application of international law. The Netherlands proposed amendments to paragraphs related to the possibility of additional norms and the role of the International Law Commission.

The Russian Federation commented on various sections, emphasizing the priority of developing and implementing norms of responsible behavior online. The delegation expressed concerns about the current drafting of the report and proposed specific textual amendments, particularly regarding the POC directory and the need for consensus on any new confidence-building measures (CBMs).

Republic of Korea welcomed the checklist for implementing voluntary nonbinding norms and supported the protection of CI and CII. The delegation suggested that discussions on new norms and the application of existing norms are not mutually exclusive but could take place in parallel.

Thailand focused on the need for clear language distinguishing legally binding elements from non-binding ones. The delegation proposed minor amendments to ensure consistency with international law and the voluntary nature of norms.

France, aligning with the EU, commented on sections B and C, supporting additions that capture progress in discussions on threats, particularly concerning humanitarian organizations and malicious use of ICT capabilities. France also supported the mention of security products and the role of the private sector in supply chain security.

Bangladesh emphasized the importance of addressing disinformation and the dark web as threats. The delegation supported the inclusion of the financial sector as critical infrastructure and stressed the need for a concise report to distinguish between high-priority issues and less important elements.

Pakistan commented on sections C, D, E, and F, proposing amendments to enhance the text on norms, international law, CBMs, and capacity building. The delegation highlighted the need for timely disclosure of vulnerabilities and measures to guarantee safe cross-border data exchanges.

Australia provided detailed feedback on sections C and D, suggesting amendments to align with previous consensus texts and to clarify the application of international law, including international humanitarian law, in cyberspace.

Spain, aligning with the EU, emphasized the importance of implementing the existing norms and the role of regional organizations in cybersecurity. The delegation called for a clear clause on the full application of international law to cyberspace.

Bangladesh, Pakistan, Australia, Spain, Finland, Estonia, the Democratic People’s Republic of Korea, New Zealand, Mauritius, Bangladesh, Germany, the United Kingdom, Mexico, Indonesia, Ghana, Armenia, El Salvador, Vietnam, Argentina, China, and Kazakhstan also provided their perspectives, with many echoing the need for a balanced approach to implementing existing norms and developing new ones, the importance of capacity building, and the application of international law in cyberspace.

The Chair noted the diversity of views, particularly on the applicability of international humanitarian law, and encouraged further discussion and sharing of written proposals. The meeting adjourned with the intention to continue discussions on the remaining sections of the APR, including regular institutional dialogue, in the afternoon session.

Chair:
The third meeting of the eighth substantive session of the Open-Ended Working Group on Security of and in the Use of Information and Communication Technologies 2021-2025 is now called to order. Distinguished Delegates, we’ll continue with our discussions this morning under Agenda Item 5, which is the first reading of the Annual Progress Report, and as I indicated yesterday before we adjourned, we will continue to look at Sections A, B, C and D, as well as open the discussions to confidence-building measures and capacity-building Sections E and F. We’ll begin with the speakers who remain on the list from yesterday. I have a list of about 20 speakers and I would invite those speakers to be succinct, to focus on issues of high priority to their delegations and where they have very specific amendments to put forward or suggestions with regard to the drafting of the third Annual Progress Report. I would welcome them to share it. And delegations would also have the option of sharing more detailed interventions directly with the Secretariat and the Chair’s team. as a way of ensuring that interventions made by delegations are not too long so that we give everyone a chance to intervene and put forward the most important issues from their point of view with regard to the drafting of the third annual progress report. So with these preliminary comments, we’ll get started. The first speaker on my list is Albania, to be followed by Georgia, and then the Kingdom of the Netherlands. So Albania, you’re the floor, please.

Albania:
Chairman, good morning. Thank you for giving me the floor. This is the first time Albania is speaking, and since we are opening the floor today, I have the chance to wish good luck to this open-ended working group section, and thank you, your team, for an incredible work in supporting this group efforts. I’m happy to be here as part of a Women in Cyber Fellowship, and I have the chance to thank United States for making possible the participation of Albania to OEWG sessions in over two years now. And also thanking Australia, Canada, the Netherlands, and the UK for supporting a big group of women who are substantial voices in the discussion on cybersecurity. The Ministry for Europe and Foreign Affairs and the Authority for Cybersecurity of Albania has received the IPR1, and it is on the position that the current draft is a good base for a constructive discussion. Our goal is to contribute to the UN OEWG efforts and join the efforts to a peaceful world in cybersecurity domain. To us, OEWG is a forum which can discuss disagreements and find a balance to move forward. Albania expresses its full support in finding a common way forward in the dialogue of cyber security, with the understanding that this requires the cooperation of all the states. The OEWG meetings have achieved building a community which talks to each other and makes efforts to cooperate, which have increased the confidence and trust among us. We have to materialize this cooperation in the report of this week. Albania is fully engaged to cooperate to good and balanced outcome before the end of the week. We recognize the importance of international cooperation and collaboration to address cyber security challenges effectively. In this regard, we believe that APR report has provided the framework for international cooperation and dialogue on cyber security, including exchange of best practices, development of norms and principles, and strengthening of capabilities and capacities. For the purpose of time, please allow me to stop only to the point of special importance for us. We believe that at a time when technological advances are dramatically impacting international peace and security, as a country which is hardly hit from a persistent state-sponsored cyber attack, understanding the potential for misuse by states or not-state sponsors of those cyber attacks is significantly growing, a permanent mechanism which will, quote, further develop and operationalize an action-oriented program to advance the cumulative and evolving framework for responsible state behavior in the use of ICT, close the quotes. This mechanism will be instrumental in bringing resilience and stability to cyberspace. This mechanism should be the future of UN debate after 2025. Albania supports the report in the format it is presented. it, which includes, but not for another round of discussion, notions and statements agreed in the previous reports. We should be focused on the new paragraphs and move forward. We believe that this group should be focused in the application of existing rules, norms and principles of responsible state behavior before we move forward to new ones. Russia believes that capacity building, technical capacities and in human resources should remain in the core of efforts of this group in order to secure the ICT networks, and this is why we support Article 7. Ransomware attacks against state and private organizations might bring destabilization situation in different states and open new conflicts. Addressing the ransomware issues and not allowing use of cryptocurrency as a mean of payment in cyberattacks is a priority of the work of Albania, and this is why Article 19 remains very important to us. It is important also that the opportunities to small and developing countries should be offered whenever possible, so all states can participate at the UN discussions in the future. States should be part of those discussions also to build trust and confidence in working together and also to understand the arguments behind the positions of other countries. We also deem as very important that women are key importance in the process of peace and security, and the participation of women in the cyber security discussions are very important for us. That is why we support Article 10. Albania believes that confidence building measures are of a very importance in building the mutual trust between the states, and for us, we recommend that the recommendation 43 also remains. State continue to exchange the views on OEWG on ICT capacity building in the context of international cooperation. security. Mr. Chair, allow me to reiterate Albania’s firm position for a global, open, free, stable and secure cyberspace, where international law rules, norms and principles of responsible state behavior, the respect for human rights and fundamental freedoms fully apply, supporting social, political and economic development. Thank you.

Chair:
Thank you very much, Albania, for your contribution. I give the floor now to Georgia, please, to be followed by Netherlands.

Georgia:
Thank you. Thank you, Mr. Chair. Georgia welcomes the draft Third Annual Progress Report of the Open-Ended Working Group and expresses the support to the Chair. In the era where information and communication technologies are increasingly pivotal to national security, the UN framework should underscore the necessity for transparency, cooperation and trust among Member States. Mr. Chair, my remarks address Section C and E of APR. Regarding rules, norms and principles of responsible state behavior, we suggest that the Section should explicitly reference the existing norms of responsible state behavior, as agreed upon by all UN Member States. It is essential to emphasize the unanimous and ongoing consensus supporting the UN framework of responsible state behavior. Implementation of the existing voluntary non-binding norms of responsible state behavior play a crucial role in maintaining international peace and security. They establish a framework for predictable and responsible actions, reflect the collective standards of the global community, and provide a means for assessing and enhancing state conduct. The existing norms serve as a benchmark against which state behavior can be measured. and assessed. We welcome this segment which highlights the critical need for states to strengthen measures to protect critical infrastructure and critical information infrastructure from ICT threats. CI and CII are often managed by a combination of public and private entities. The segment should explicitly mention the involvement of the private sector in the protective measures. Encouraging public-private partnership and multi-stakeholder collaborations can lead to more comprehensive and resilient protection strategies. Regarding the section on CBMs, Georgia welcomes the establishment of the POC directory which is a tool of the CBM encouraging states to engage in regular communication and information exchange. We believe that the POC directory could enhance coordination and communication among states, particularly during urgent or significant ICT incidents. The POC directory could expedite CBM implementation by promoting information sharing, organizing global simulation exercises, and facilitating interstate consultations. We welcome the mechanism of the regular information sharing and multilateral cyber exercises through the POC directory. Sharing information about threat perceptions can help build trust and reduce uncertainty. We see the POC directory as a platform of engagement in continuous dialogue and a step to build a foundation of trust and mutual understanding, reducing the likelihood of ICT-related conflicts, and contributing to global cyber stability. We strongly support the engagement of regional POC networks and highlight that the UN directory will incorporate lessons learned from their establishment. the segment on the participation of the regional organizations. Engaging regional organizations is vital for addressing issues that transcend national borders. The segment could underline that these organizations possess a deeper understanding of local dynamics and regional geopolitical landscapes. Involving a broad range of stakeholders ensures that multiple perspectives are considered, leading to more comprehensive and sustainable solutions. Academia, business and NGOs can contribute research and evidence-based approaches. By implementing the CBMs, the international community can reduce the risks associated with the use of ICTs in military and other contexts, fostering a more secure and cooperative global cyber environment. The collective effort to build confidence in ICT security is crucial for maintaining peace and stability in an increasingly interconnected world. I thank you, Mr. Chair.

Chair:
Thank you very much, Georgia. Netherlands, to be followed by the Russian Federation.

Netherlands:
Good morning. With your indulgence, Chair, I will focus my intervention on norms and law and come back to capacity building and regular institutional dialogue later. The Netherlands aligns itself with the statement of the European Union and I will make a few additional remarks in a national capacity. Norms continue to be a key component of our cumulative and evolving framework, and with this in mind we welcome the checklist of practical actions in Annex A, which contains common understandings and practical guidance drawn from previous reports and other useful resources. Like South Africa, El Salvador and others, we welcome the specific focus in the APR on critical infrastructure and critical information infrastructure, as many of the identified threats relate to to or can impact these infrastructures. Chair, we do see room for improvement in the text of the report, especially to give appropriate weight to the rich discussions on the implementation of existing norms as was well articulated by Switzerland yesterday. On paragraph 30A, we would prefer this paragraph to be consistent with paragraph 23A of the second APR, in that it solely reflects the mandate of the OEWG as it pertains to norms. The second and the third sentences of this paragraph on the possibility of additional norms, sentences that are not part of the mandate of the OEWG, are already captured in para 30I. So for the purpose of brevity and consistency, we propose not to reflect this in para 30A. And if this sounded very complicated, we will definitely share our comments in writing, so you can track that. On paragraph 30B, we support the US proposal to add an additional sentence at the end of the paragraph. In para 30C, we support the UK proposal for inclusion of an additional sentence at the end of that paragraph. And in relation to paragraph 30C, paragraph 32 and paragraph 2 of the annex contained in the checklist, the Netherlands proposes to add a sentence that would clarify that the checklist is primarily aimed at providing additional guidance on the implementation of norms in line with the recommendations in the second APR that gave rise to this checklist. In relation to paragraph 30I and J and paragraph 33, the Netherlands is of the view that these paragraphs focus on new norms in a way that goes beyond the convergence we have observed in our discussions over the past year. In this regard, we support the proposed rewording of paragraph 30J. We also consider that the proposal to submit working papers on additional norms was not widely supported or sufficiently discussed, and therefore does not merit inclusion, as was also highlighted by Canada and Ireland. Similarly, in large part, the proposals of new norms that were put forward by experts and stakeholders do not necessarily enjoy support by a sufficient number of states to merit inclusion in this paragraph. Turning to international law. Over the past year, an increasing number of states have actively participated in discussions on how international law applies to cyberspace. The Netherlands welcomes that this has been reflected in the report. And to further reflect these discussions, we wish to include consensus language on human rights law and the law of state responsibility in the report. Considering the rich discussions on these topics, we are of the view that clear and unambiguous language on IHL also merits inclusion in the report. In paragraph 36, we share the view expressed by other delegations that the language on sovereignty should be identical to consensus language from the 2021 GGE report. With regard to paragraph 36B, the Netherlands is of the view that the POC directory did not feature prominently in our discussions on international law and would support the comments made by Switzerland and others on this. And instead of a reference to the POC directory, the Netherlands proposes to add the following language. Additionally, states recognized that chapter 6 of the UN Charter provides for the Pacific settlement of disputes, unquote. On the topic of IHL, the Netherlands would like to highlight the cross-regional paper on this topic, as well as the many other proposals and comments on the applicability of IHL, including by Brazil and many others. As mentioned by Canada, we support the clarification of the obligations highlighted in paragraph 36F and G, and to frame the obligations to protect civilians and civilian objects through lens of IHL. We support the concrete proposals made by Switzerland and others in this regard. Similarly the Netherlands fully supports a proposal on the inclusion of human rights language and the law of state responsibility, and here we would also like to highlight the cross-regional paper that was put forward. In paragraph 37A we are of the view that specific expertise on the application of international law in cyberspace can be found in a wide range of different institutions, including in academia or NGOs, and not solely in the International Law Commission. In paragraph 37B we propose to delete the word specificities from the first sentence, and we concur with others that trans-border activity is already addressed by international law, and that anonymity represents a technical issue. Finally, the Netherlands sees merit in the organization of a specific intersessional or dedicated meeting involving scenario-based exercise on international law within the OEWG, and suggests that this could be included in the recommended next steps. Thank you, Chair.

Chair:
Thank you very much, Netherlands, to give us your intervention so we can keep track of the suggested changes that you have proposed. I give the floor now to the Russian Federation to be followed by the Republic of Korea.

Russian Federation:
Chair, I would like to comment on the section on international law and rules, norms and principles of responsible state behaviour and CBMs. On capacity building, I will come back later to that, because otherwise I will have to speak for too long. The OEWG mandate provides us with a priority to continue to develop the norms and principles of responsible behaviour online, and also ways of implementing it. We must state, then, that the current drafting of the report, this position of principle, has been violated. unjustified angle in terms of these voluntary norms, this is paragraph 30b, c, and 32. At the same time, the proposal for states to develop new norms and these proposals were, we’ve heard a few times at this OEWG meeting, are mentioned in 30g. Compared with the previous version of the report, the number of instructions to the secretary at OEWG to publish reports on the website. Chair, we’re not against the idea of the implementation of norms and not against the checklist that you prepared for Annex A. Russia is ready to, is preparing a detailed document on this for experience of implementation of existing norms in national legislation for, and we’ll do this for the December session of OEWG. It’s also important to bear in mind that the checklist requires to be worked on in capitals, in depth, and then can’t easily be approved very quickly. Bearing in mind the priorities of this session for identifying the parameters of the format of the, what will come after the group means that we need to agree on the document for the next negotiation cycle. In the draft report for this year, in paragraph 30C and 32, we could have a formula of the states, states considered the chair’s initial draft of a voluntary checklist through implementation of voluntary non-binding norms and principles of responsible behaviour. This provision fully complies with the recommendations from the OEWG’s report last year, paragraph 23, and because we were talking about ways of implementation of these voluntary norms, then the checklist should be voluntary as well. So I’ll say immediately that the questions of the content of the checklist, even in, there are a lot of questions that arise about this. For example, the document is fully underpinned on recommendations from the report of the GGE from 2021, and the majority of the group didn’t participate in negotiations of this. So then when, why was the initial list from ignored, the list of international rules of responsible state behaviour as contained in the General Assembly Resolution 7327. So then why lodging the Global Register of Points of Conflict is not referred to sufficiently and then the list of computer attacks in line with existing channels of the CERT group? So in terms of balance between development and implementation of norms, the Chair has prepared a similar document generalising proposals from states on new norms presented as the framework from the first OEWG. We would also prefer to propose to add to 30B a provision saying that accusations against states for carrying out unlawful acts online should be justified. Indication that some of the activities using ICTs is happening from the territory of some state is not sufficient to ascribe responsibility of a given state for this act. This is because of arbitrary accusations of some countries about computer attacks. On the international law section now, we would insist on 3070 reference made to the concept of the UN Convention on Ensuring International Information Security presented at the OEWG by a group of states as a possible option for future treaty. In absence of consensus among the international community regarding the applicability of international humanitarian law in the digital sphere, we are against reference to the obligations of states in this report to protect civilians in line with international law. We do not see any added value in the recommendations on the implementation of an exchange of positions of regional groups on the topic of international law. That’s 37C and 39. We think the proposal to involve UN and non-state structures in preparing national positions on this would be damaging to the, and undermine the sovereignty of states in online. That’s paragraph 39. We would like to delete this part of this report. On the section of international law, the aspect on capacity building is detailed, is set out in detail, that’s 37D. It would be sufficient to simply have recommendations to support these efforts under the UN, on the basis of OEWG approved principles for provision of assistance. It’s also unacceptable to note the efforts of academia and research institutions to study international law and how it applies to the ICTs, because in terms of studies carried out there. On section on confidence building measures now, Chair, we believe it’s unacceptable to narrow the general focus of confidence building measures to, before the implementation of what else is contained in the report. These are aimed at reducing tension between states, and this is the aim that should be reflected in the report. In May 2024, the global intergovernmental register of contact points, points of contact for exchange of information on computer attacks is a crucial and practical result of OEWG negotiating process and a key achievement in terms of confidence building measures. This decision was possible following lengthy negotiations and we believe it’s counterproductive. to try now when this is already up and running to rewrite previously reached agreements in Terralia focusing on focusing the register only on serious incidents of ICE for ICTs. We would insist that the register in 42B and detail that in line with the parameters of the register that were agreed by consensus for the POC. We welcome work to update the register including templates available and we should not lose sight of one important thing. These templates should be developed on the basis of views of states and with the participation of national experts and it should enjoy consensus of all OEWG member states. That’s for paragraph 45. In terms of new confidence-building measures we should note in this section that any existing or future measures should not be used to interfere in internal affairs of states and carry out an unjustified political assessments of their activities in the information space. We should also delete the paragraph on cooperation between regional organizations and non-state actors that’s 42G because these are already reflected in the preamble and doesn’t have a direct link with confidence-building measures between states. On annex B once again we would say that CBM 7 duplicates the provision on critical information structure in the conduct in the state behavior section so we would replace this with exchange of experience and information on information resources as a whole. Moreover giving the content of the section on threats we would propose to add to the list of CBMs another measure pertaining to exchange of information applicable on a national level regarding efforts to not to prevent free access to instruments for carrying out. We will send our specific text suggestions to the Secretariat. Thank you.

Chair:
Thank you very much Russian Federation. Please send it to the chair’s team as well your intervention. Republic of Korea to be followed by Thailand.

Republic of Korea:
welcomes the inclusion of the Checklist of Practical Actions for the Implementation of Voluntary Nonbinding Norms of Responsible State Behavior as an Annex of this year’s APR. As many delegations, including ours, have pointed out during previous sessions, we are of the view that this checklist would serve as a useful guideline to facilitate implementation of the 11 norms of the Group of Governmental Experts. And we would also like to give our support to the revision of the Netherlands on this section as well. As noted in paragraph 30D, the protection of critical infrastructure and critical information infrastructure is ultimately linked to the protection of human rights and the prevention of conflict escalation. In this regard, we welcome the mention of the specific international cooperation and protection measures in paragraph 30E. It is necessary to continue emphasizing the implementation of norms related to the protection of CI and CII in future discussions of the OEWG. As a supporter of the multi-stakeholder approach in the OEWG, we welcome paragraph 30H, which acknowledges the stakeholders’ contribution to improving cybersecurity. On paragraph 30I, we agree in principle that the implementation of existing norms and further development of norms are not mutually exclusive, but could take place in parallel. Nevertheless, my delegation is of the view, which was also pointed out by Japan, that submitting working papers on potential additional norms on a voluntary basis could be done without being mentioned in the APR. Thus, we find it unnecessary to include such text. On international law sections, we support Switzerland and other delegations that the cross-regional working paper on IHL be reflected in this year’s APR. Regarding 37B and F, my delegation believes that paragraph 36 demonstrates that the ICT environment is not a distinct domain and that there is growing consensus among countries that international law can be improved. can indeed be applied to cyberspace, thereby reducing the necessity for creating new legally binding obligations. Thank you.

Chair:
Thank you very much, Korea, for your succinct remarks. Thailand, to be followed by France.

Thailand:
Thank you, Mr. Chair. On behalf of my delegation, I would like to thank you and your team for preparing a very comprehensive draft APR. We are of the view that the REF-1 draft captures the essence of our discussion so far and the progress we have made as a group. I will be brief and will focus on the issue of our priorities in Section A to D. We wish to see clear distinction in the languages used for legally binding elements and non-binding elements throughout the draft report, as mentioned earlier by the U.S. Therefore, in Section A, paragraph 5, we would like to support the proposal made by the U.S., Switzerland, Australia, and others regarding changing the term adherence to compliance. In Section B, we know that you didn’t want us to reopen the agreed text in paragraph 26. However, we cannot help but to ask if you can kindly consider a minor amendment which would make this paragraph work, which is to delete only three words in the first line, their obligations under. This is based on the fact that states cannot have obligations from something that is non-binding. Hopefully, that will help the lawyers, both in capitals and in this room, to be more at ease with that paragraph as we move forward. We also would like to support Australia’s proposal to add a language in paragraph 14 to the effect that it is the sovereignty of each country to determine its designation of CIs and CIIs. In Section C, Thailand supports the inclusion of the checklist of practical actions for the implementation of voluntary non-binding norms of responsible state behavior in the use of ICT as contained in Annex A as a voluntary capacity building tool which states States may use to implement those norms. Thailand also supports the inclusion of paragraph 30A as we view that the further development of norms to address evolving threat and the implementation of existing norms are not mutually exclusive but can take place in parallel. We do not object the proposal to move paragraph 30A by the U.S. and the EU to better reflect the weight of the discussion that we have had. In section D, paragraph 36B, we would like to see deletion of the last sentence of the paragraph because while the point of contact directory could be very useful for building and coordination among states on technical issues which can help prevent a dispute, it is not an avenue for dispute settlement within the meaning of article 33 of the UN Charter. We would also like to see further clarification of paragraph 36G on obligation of states regarding the protection of critical infrastructure and critical information infrastructure under international law as we are not sure which area of international law such obligations arise from. Thank you very much.

Chair:
Thank you very much, Thailand, for your contribution. France to be followed by Bangladesh.

France:
Monsieur le Président. Thank you, Chair. My delegation aligns itself with the statements made by the European Union yesterday and we would like to make the following comments in a national capacity on sections B and C. On section B, threats, France supports the additions allowing for progress made to be captured as part of our discussions in recent meetings, particularly paragraph 16 on the protection of humanitarian international organisations. The wording of this paragraph as proposed by the delegations could be improved by replacing hamper with dispute. disrupt and adding at the end of the paragraph an undermined trust in their work. On paragraph 20 on the question of the malicious use and in choosing capacities available on the market, here we support the proposal from the Netherlands yesterday for an alternative wording to keep the important mention of legitimate uses. This was in the initial draft report. This wording would provide flexibility compared with the initial version and we hope that it will respond to the questions raised by states who had asked for a modification to this. The proposal in question would be there was acknowledgement that these tools can have legitimate purposes when used in a manner consistent with international law. We also support paragraph 22 on the security of AI systems. This is an issue we’ve raised on several occasions within this group and also the Internet of Things in paragraph 24. On the norms section, France supports a balanced approach sharing in this connection the proposal of a checklist on practical actions to implement for the implementation of voluntary and non-binding norms is a solid foundation in our view. The steps that are described there means that we should work collectively towards a satisfactory level of implementation of these norms and we think that this checklist should be a living document. As part of this step-by-step approach, discussions on best practices, existing best practices on the implementation of norms could be furthered and in particular we’d like to propose an addition to Norm 13C which was mentioned on several occasions during our work this year. This addition will be worded as follows. States have reaffirmed that states should not knowingly allow their territory to be used for… for internationally wrongful acts using ICTs and would welcome further discussions in order to continue building common understandings in this regard, including through exchanges on national and regional experiences. France also supports the mention of security products in paragraph 30F and paragraph 30H. We welcome to mention the role of private sections on several occasions to guarantee the integrity and security of the supply chain. Indeed, stakeholders, in particular the private sector, they don’t only have rights, but they also have responsibilities. These are underscored in this paragraph. We therefore support the text proposal for paragraph 30H from the UK on the role of the private sector to prevent the introduction of nefarious hidden functionalities and exploitation of vulnerabilities in digital projects, which compromise the confidentiality, integrity, and availability of systems and networks, including critical infrastructure. We think that 30I could be more written out in sequence to not prejudge the discussion on gap identification, which would justify potentially the development of new norms. In paragraph 32, we approach the proactive approach that’s been taken to guide the implementation of the checklist. However, we need to make sure that we’re not creating an overabundance of documents and various recommendations, which could create confusion. And it could therefore be relevant to task the secretariat with summarizing the national proposals. Currently, well then, on international law now, we welcome the mention made in paragraph 36B of the peaceful resolution. disputes. This is a fundamental objective of our work, preventing conflicts that could stem from or be increased by the use of ICTs. We wish these efforts to continue within the future mechanism post-July 2025 and we welcome the addition of a mention of a future mechanism in paragraph 36b. On international humanitarian law, France would also support, as referred to indeed by the EU and by Switzerland, we would support a mention of international humanitarian law following the work carried out on this topic, which was done across different regions over last year. On paragraph 36f, like Canada, we would like this to be clarified further and 36g, we would like the legal basis that is being referred to to be clarified. Indeed, the concept of critical infrastructure is used often regarding ICTs and linked to voluntary norms. It has not been agreed on in international law. If there’s no clarity on this, then it would be better to delete this paragraph. 37b now, promoting through an agreed and vague wording of some claims specific natures, for example the cross-border nature and the anonymization of operations, doesn’t, as we see it, seem justified. Now, on the dedicated session mentioned in the 39 version of the zero draft, we support the participation of a session with legal experts being able to participate. This, as you said yesterday, Chair, your explanation on the time that these specific meetings require, this however is necessary, as we see it, to further our discussions and it would be very welcome within the future mechanism. Thank you.

Chair:
Thank you very much, France. I think the discussion on dedicated sessions have been swinging in a pendulum-like manner. I think there is a clear desire and demand for it, but it’s also a question of making time available and looking at our timeline and schedule. So let me give some thought to that. If anyone has any objections to dedicated intersessionals, please let me know. But as I said yesterday, if we were to have dedicated intersessional meetings, it cannot be on issue X or issue Y. It has to be on the basis of a balanced approach across the board. So that is the balance that we need to achieve if we are going to invest in dedicated intersessionals meeting. But in the meantime, if there’s anyone who has any objections to the idea of dedicated intersessional meetings, please let it be known if you are taking the floor and share your views on that specific question. So let me continue with the speaker’s list. Bangladesh to be followed by Finland.

Bangladesh:
Good morning, Excellency. I am having a technical issue, so can I come back later? Thank you.

Chair:
Sure. Bangladesh. We’ll go to Finland to be followed by Estonia.

Finland:
Mr. Chair, Finland fully allies with statement delivered by the European Union and would like to make the following brief remarks in its national capacity. Regarding section B on threats. During our discussions in this open-ended working group over the past year, a number of member states have flagged the potential new threats emerging from quantum technologies. Quantum technologies is considered as one of the most disruptive innovations on the horizon. Quantum computing impact on cyber security will be profound. Quantum technologies can represent a serious threat to international peace and security if handled by malicious actors. As artificial intelligence, of course, quantum technologies will have positive transformative impact on many domains, including improving cyber security. We would like to suggest include a reference to quantum technologies in paragraphs 21 or 22 dealing with emerging technologies. Moreover, Finland supports the proposals made by Belgium on the development of a methodology to measure the harms and impacts of cyber attacks and incidents to increase knowledge and focus on the harms to victims and leverage this within this open-ended working group and carrying this focus forward into the future regular institutional dialogue. I thank you, Mr. Chair.

Chair:
Thank you. Finland, Estonia, to be followed by the Democratic People’s Republic of Korea.

Estonia:
Thank you, Mr. Chair, for giving me the floor. Estonia aligns itself with the statements by the European Union, and that’s the following in its national capacity. We believe that the APR serves as a good basis for further discussion, and we would like to thank the chair and his team for their great efforts. On threats, Estonia has We have continuously advocated more open discussions on threats. This is especially important as geopolitical tensions continue to affect our daily lives. However, in the interest of being brief, I will refrain from repeating our concerns relating to our geographic part of the world. We continue to support the inclusion of ransomware in the threat section as this underlines an imminent challenge to countries across the globe, which many countries, including us, have raised repeatedly. In fact, yesterday, we held a fruitful side event on strengthening regional cyber norms guidance through practice-based approaches in the case of ransomware. This discussion convened together with Chile, the Dominican Republic, EU Cybernet and Seroussi focused on the LAC region and highlighted that not only is ransomware an ongoing problem, but we can also make very practical use of the implementation of norms of responsible state behavior in addressing this threat. On international law, we reiterate that the current rules are technologically neutral and underline that state behavior and the deployment of new transformative technologies do not change the applicability of existing international law. Together with Australia, Colombia, El Salvador and Uruguay, we have submitted a cross-regional working paper which has proposed convergence language on the application of international law in the use of the ICTs with the references to international humanitarian law, international humanitarian rights law and law of state responsibility. We believe that the careful wording proposed by our cross-regional group draws from the nuanced discussions held between member states during the last year and we would suggest including the proposed language in the APR. In particular, we would like to draw attention to IHL, which has been discussed at length in the open-ended working group. Group. We appreciate that the APR reflects the efforts to include references to the protection of civilians and infrastructure in Para 36G, which seems to be connected with 36F. We would suggest to amend the language of these two paras to frame the wording in the context of IHL, referring to the wording of the cross-regional group that several delegations have mentioned. The respective proposed wording is as follows. Quote, states have recalled that international humanitarian law applies to activities using ICTs within an armed conflict, including where applicable they establish international legal principles of humanity, necessity, proportionality and distinction. Consistent with international humanitarian law, states must not use ICTs to direct attacks against civilian objects, including critical civilian infrastructure in armed conflict. Applying international humanitarian law to the use of ICTs does not in any way encourage or legitimize conflicts. Unquote. At the same time, we would also like to express support to the Swiss proposal on IHL language that includes the main key features reflected in the open-ended working group discussions. Among other proposals, we support the Netherlands proposal on referencing Chapter 6 of the UN Charter. We continue to support taking further the discussions on how international law applies in cyberspace, for example, via inter-stational meetings, scenario-based exercises and with the contribution of experts. Thank you.

Chair:
Thank you very much, Estonia, for your proposal. Please do submit it as well. I think on international humanitarian law, which has been a point of contention in this working group for some time, there’s a clear division of view that I see. There is, of course, the cross-regional paper and proposals. Quite a number of proposals have been made. to either amend or make a very specific reference to IHL and that the existing references in paragraph F and G, 36F and G, are not clear enough. It’s a point that I have well noted. At the same time, there is also a very specific request or objection to a reference to IHL in the text. So the divide is there. I need to reflect on how we can capture this. And if any delegation has any good ideas, please let me know. This has been an issue that has been with us for some time, and I’m not sure that we can find a solution that will allow everyone to join consensus. So let’s continue the discussion. I have Democratic People’s Republic of Korea to be followed by New Zealand.

Democratic People’s Republic of Korea:
Thank you, Mr. Chair. At the outset, my delegation would like to appreciate Chair and your team for the tireless efforts for the successful convening of the eighth substantive session of the OEWG. Mr. Chair, my delegation aligns itself with a joint comment made by the delegation of Nicaragua on behalf of the like-minded group. On that note, my delegation would like to briefly make the following observations on the draft APR. Although we commend Chair’s dedicated efforts to elaborate a draft APR aimed at charting the way for future work of the OEWG, we find that the draft leaves much to be desired. First, the draft must be streamlined for the sake of a focused negotiation in a relatively short period. In this regard, we echo the delegation of the Russian Federation in terms of deleting a number of paragraphs. Second, the rationale behind establishing the OEWG is primarily to further develop rules, norms, and principles of responsible behavior of states in the ICT sector. In this context, the draft should be strictly balanced, consistent with the group’s mandate. However, we find that development of new norms has been watered down. Instead, the paper has been worked out in favor of implementing existing norms. We hold the view that the paper should be redrafted in a balanced manner, not to rule out development of new norms and strict adherence to the group’s mandate. By the same token, we suggest postponing consideration of a checklist of practical actions to the next year’s cycle, given the fact that it was not thoroughly discussed within the group and it requires more time for further consideration. Third, on the section of international law, there are still divergent views among the member states. Against the backdrop of a rapidly evolving nature of ICTs and legal gaps, there is an urgent need to elaborate a legally binding arrangement. In this regard, we suggest reflecting the concept of a UN Convention on International Information Security, co-sponsored by a number of member states. Last but not the least, in terms of security in the ICT domain, the cardinal principle of respect for sovereignty and non-interference in internal affairs must be strictly observed. We share the deep concerns of a number of delegations concerning disinformation, false flags and politically motivated attributes, which will inevitably lead to confrontation and conflict. In this context, we echo a number of delegations to reflect the relevant language in the section on existing and potential threats. Mr. Chair, we are committed to the adoption of the APR by consensus, and to this end we are ready to constructively engage with the Chair. and your team in the coming days. I thank you, Mr. Chair.

Chair:
Thank you very much, DPRK, for your contribution. New Zealand, to be followed by Mauritius.

New Zealand:
Thank you, Chair, and kia ora, everyone. Firstly, I will address Section C on rules, norms, and principles, and international law, followed by some brief comments on Sections E and F. On paragraphs 30A, 30I, 30J, and 33, we do not support reference to the unique attributes of ICTs. This is because the focus of this OEWG is firmly on responsible state behavior, not on the technology itself. It is only by implementing the framework that we can assess whether additional norms could be developed over time. However, until now, there has been no in-depth discussion by states on the need for additional norms, and any suggested proposals have not gained traction. We therefore request deletion of the new text in paragraph 30A. Paragraph 30I, in our view, should therefore revert to consensus text on new norms, and the APR should not make a specific call for papers on new norms, as this does not reflect the weight of OEWG discussions this year, which have emphasized a need to first implement the framework. In our view, the permanent mechanism, the POA, is the logical place to examine how we are collectively implementing the framework, and subsequently, the question of gaps, and if necessary, new norms. Paragraph 32, we appreciate the work that has gone into the checklist of practical actions. While this has added to the length of the text, we acknowledge that this is annexed, and being voluntary in nature is a helpful tool for states to use if they wish. We therefore welcome its inclusion as a valid marker of the progress. we have made. In paragraph 36E, international law confers obligations on states, and this obligation to comply with international law or rules should be restored. We also agree with Canada, Switzerland, and others who have requested clarity on which paragraphs relate to international law generally and which specifically refer to IHL. We note several helpful suggestions by Switzerland, the ICRC, and others in this regard. In response to the delegate who questioned applicability of IHL, we affirm that international law applies online as it does offline, and in situations of armed conflict, states have an obligation to protect civilians and civilian objects. We can therefore also support Estonia in the cross-regional group’s text suggestions on this matter. Paragraph 38, we agree with others who have identified problems with merging consensus language from the 2021 OEWG report and the chair’s summary and suggest reference to the summary is removed to resolve this confusion. Paragraph 41, we support reference to scenario-based exercises, but we do not understand the new text confining such capacity building to supporting the role of the UN. Rather, scenario-based exercises should support implementation of the framework by states. We therefore suggest this text is removed. Chair, as a small state, we do understand the anxiety about the hosting of additional inter-sessional meetings. However, from our discussions over the past year, there is a clear desire by many states for dedicated sessions on international law and on how the future action-oriented mechanism can work in practice. In our view, support for holding selected inter-sessional meetings in these areas does not minimize the importance of the other pillars. It rather demonstrates that these are the areas where we need and want to focus our discussion, including with input. by relevant technical experts to help us reach common understandings. I will now briefly turn to CBMs and capacity building. Paragraphs 42B and 45, we very much welcome operationalization of the POC directory, and we’re pleased to nominate national POCs and take part in the first ping test. However, in our view, the OEWG has not held deep enough discussions on the proposal to expand the role of the POC directory for CBM implementation, and we judge this will be best omitted at this juncture for further discussion in the next substantive session. We are still considering the value of standardized templates and therefore request paragraph 45 add in as appropriate to the sentence on development of templates. We echo the Netherlands, Estonia, the U.S. and others who have identified that article six of the U.N. charter as the appropriate mechanism for peaceful settlement of disputes and support removal of the POC directory in the international law section. Paragraph 48C, we remain open to further discussion on a global portal, but note that this proposal has not been developed further over the past 12 months. We welcome further information about how this proposal can be distinguished from existing portals and also how it would be funded, whether from existing contributions or from sponsoring states. Paragraph 51, while we recognize the value in drawing together senior officials and ministers for the global roundtable in May, we are not sure that convening high-level discussions are needed or sustainable on an ongoing basis. Rather, we need more engagement at working level to support implementation of the framework. Paragraph 52, we would welcome further discussion on the proposed voluntary trust fund, but are not ready to agree to this in principle. What we can agree is that more resources to support capacity-building efforts will. contribute to strengthening responsible state behavior in cyberspace. But first, we would like to better understand the range of funds that are already available, along with the numerous dedicated funding streams for cyber capacity building initiatives and activities that many donors, including New Zealand, are already implementing. Finally, after attending the very insightful side event yesterday on measuring the harms arising from malicious cyber behavior, which was hosted by Belgium with case studies from Australia, Costa Rica, and Finland, we would like to support Belgium and Finland’s suggestion that this important issue be considered by the OEWG in our discussions on threats. Thank you.

Chair:
Thank you, New Zealand. Mauritius to be followed by Bangladesh.

Mauritius:
Good morning, Chair. Thank you for giving me the floor. The Republic of Mauritius would like to share its views with regards to section C of the report on rules, norms, and principles of responsible state behavior, and section E on confidence building measures. As stated by other delegations, we are equally of the opinion that states should pay particular attention to the implementation of the 11 existing rules, norms, and principles of state behavior in cyberspace before developing new ones. We firmly believe that states should prerequisitely reach a certain level of maturity in the implementation of the existing norms before attempting to go beyond that. We appreciate that not all states are on the same wavelength when it comes to the understanding and realization of these norms, and that due consideration should be given to those states that are still facing difficulties in that respect. In the same breath, we wish to point out that we are strong supporters of the annexed checklist of practical actions as a tool for assessing and therefore strengthening the capacities. needed to reinforce cyber resilience in developing and small states. Chair, states rely on critical infrastructures to protect their nation, maintain a strong economy, and enhance quality of life. These infrastructures have become increasingly complex, connected, and continue to be vulnerable to cyber attacks. Thus, securing these systems is of utmost importance in this day and age, although it can be a challenging task as attacks become more sophisticated, persistent, and destructive. In this context, our delegation welcomes the language in paragraph 30E on the need to continue to strengthen measures to protect all critical infrastructure and critical information infrastructure from ICT threats. In relation to supply chain security, we appreciate the recognition of developing and implementing globally interoperable common rules and standards and fostering transparency in the development of ICT products in paragraph 30F. We additionally wish to emphasize that public-private partnership remains a critical component in the supply chain security equation. And therefore, we welcome paragraph 30H. Moving on to section E on confidence-building measures. Chair, we cannot deny the fact that CBMs are the stepping stones for promoting mutual trust and predictability between states. This OEWG and other meetings or gatherings, whether formal or informal, serve as building trust and assurance between states. As you rightly said yesterday, the reception at the Singapore mission was one of those CBMs. And we are indeed very much grateful to you for organizing that event. We appreciate mention of the Global Points of Contact Directory launched in May this year. And we wish to point out that we are presently in the process of nominating our national POCs. Furthermore, referring to paragraph 42B, we share the views of other states that the Global POC Directory could facilitate CBM implementation through information sharing between companies. at authorities of states and conducting regular regional and international cyber exercises. Coming from a small island developing state, we also welcome paragraph 42C, which talks about providing support to POCs from developing countries to attend OEWG POC meetings. Lastly, we firmly believe that the sharing of national views on technical ICT terms and terminologies could enhance transparency and understanding between states. Common definitions and taxonomy around cyber are absolutely essential to promoting cyber security resilience and greater convergence in cyber incident reporting. In this respect, we propose a minor addition to paragraph 42F, so the last sentence in this paragraph to be read as, states could develop national cyber lexicons and continue to share their views on such technical terms and technologies and terminologies for further consideration within the OEWG. Before ending, we would like to indicate that we will provide our remarks in connection with other sections of the report later during the day if time permits. Thank you for your attention, Chair.

Chair:
Thank you very much, Mauritius. Bangladesh, please.

Bangladesh:
Thank you, Mr. Chair. My delegation expresses deep appreciation to you and your excellent team for presenting the REV-1 of the third APR, which we view as a strong basis for building consensus. We will try to be very brief in highlighting our priorities for section A to D. On section A, we express our strong support for paragraph 7, which mentions capacity building as the foundational pillar that cut across all other pillars. Regarding Section B, my delegation views the increasing weaponization of misinformation and disinformation driven by cutting artificial intelligence technologies such as deepfakes as a pressing threat. This threat jeopardizes social harmony, democratic processes, and the very existence of humanity itself. ICT delegations, including my delegation, have consistently highlighted these concerns during past sessions. We regret that this important threat has been missed in the draft APR which is before us. Therefore we strongly advocate for its inclusion in the APR as a recognized existing and potential threat. We would also like to highlight that the dark web serves as the marketplace for sophisticated hacking tools, effectively lowering the barriers to entry for malicious activities in the ICT domain. Therefore we believe that referring the dark web as a potential threat in the APR is warranted and merits serious consideration. In both the cases, we are flexible about the placement and we leave it to your wisdom. Regarding paragraph 14, we propose including the financial sector alongside health care, maritime, aviation, and energy sector as critical infrastructure. On section C, Bangladesh supports the inclusion of capacity building initiatives as a core component for the implementation of the rules, norms, and principles. Given the ever-evolving nature of ICTs, we see the necessity of continuous evaluation, testing, and recalibration of existing norms and principles rather than viewing this as a one-time endeavor. In view of that, we should not rule out the possibility of developing new norms or principles. In this regard, we support the paragraph 30J. We find the attached checklist in Annex A to be a valuable resource for states. It provides practical suggestions for implementing voluntary non-binding norms. States can choose to utilize these. document based on their individual capabilities and circumstances. Additionally, we encourage interested states and regional organizations to share their experience in applying these norms further in reaching this resource. Moving to Section D, we emphasize that principles of international law including respect for sovereign equality, non-aggression, the peaceful settlement of international disputes, the prohibition of the threat or use of force inconsistent with the purpose of the UN, respect for human rights and fundamental freedoms, as well as non-intervention and non-interference in the internal affairs of a state must apply in the cyber domain. We appreciate the inclusion of paragraph 30A of a reference to international law commission. 37B, we propose to include a state responsibility threshold or due diligence and proportionality as well as alongside trans-border nature and anonymity. On 37F, we feel that it is imperative that any future legally binding obligations or treaty addressing ICT related issues must be universally inclusive and non-discriminatory in nature. Therefore, we propose an additional sentence at the end of the paragraph which would read states emphasize that such future legally binding obligations must be universally inclusive and non-discriminatory in nature. Chair, a general comment on overall APR. We would like to flag that the text is too lengthy to digest properly for delegations like us that do not have expert lawyers or even one, so to speak. When we have such a lengthy document, there is a risk of missing the distinction between important and less important elements. As you mentioned yesterday, when everything is a high priority, perhaps nothing truly is. In terms of intersessional meetings, we find it extremely difficult to attend too many meetings, especially at a time when numerous processes are underway at the UN. So we must consider that perspective for the smaller delegation as well when we propose any inter-sessional meetings. That said, let me assure that, Mr Chair, my delegation will remain engaged constructively to achieve consensus on this APR. I thank you.

Chair:
Thank you very much, Bangladesh, for your contribution. Pakistan, to be followed by Australia.

Pakistan:
Thank you, Chair. Pakistan would like to comment on Sections C, D, E and F. Pakistan supports Paragraph 30D and E, which emphasises upon the need to protect critical infrastructure and critical information infrastructure, and the prohibition of ICT activity that intentionally damages CEI and CII. In addition to this, Pakistan supports the formulation of language in Paragraph 30G regarding the supply chain security and the disclosure of ICT vulnerabilities. However, Pakistan proposes certain amendments in the Section C. We propose a minor amendment through the addition of word timely disclosure in the Paragraph 30G last line, which could be read as, quote, enhance the trust of end users and facilitate the swift identification and the timely disclosure of vulnerabilities, unquote. Considering the importance of cross-border data exchanges and the growing incidence of theft of critical data and its ramifications for national security, Pakistan would like to propose an amendment as subparagraph 30K, which could be read as, quote, states, in view of rising trends of data theft, acknowledge the importance of data security and placed strong emphasis on the need for measures to guarantee the safe and secure cross-border data exchanges, unquote. Similarly, we propose the addition of subparagraph 30L, which could be read as, quote, states, emphasise the need for the formulation of a possible glossary of technical ICT terms and terminologies that could assist states in developing common understanding on rules, norms, and principles,” unquote. Coming to the checklist of critical actions for the implementation of voluntary non-binding norms of responsible state behavior in the use of ICTs, Pakistan in general supports the voluntary nature of the checklist. However, we are of the view that considering the technical and capacity-related gaps among states, further discussion is required on the draft checklist within the OEWG. Moreover, relevant national authorities in Pakistan also need more time to analyze the draft checklist. Therefore, we propose that instead of adding it as an annexure, the third API may take note of this proposal. Turning to the international law section, Chair, Pakistan agrees with the formulation of the language in paragraph 35 about the possibility of additionally legally binding instruments, and in paragraph 36 regarding the applicability of UN Charter, including its core principles such as non-use of force, sovereignty, sovereign equality, non-interventionism, and peaceful settlement of international disputes. Similarly, Pakistan supports the language of paragraph 37 regarding further discussions in view of existing gaps on how international law applies to the use of ICTs as we believe that there is a need for further neutral and objective debate and discussions on this topic within the UN to build a common understanding among states. And these discussions should also be including the formulation of a legally binding instrument. Furthermore, Pakistan firmly believes that the OEWG must discuss and find ways to address the intricate matter of attribution. We would like to highlight the importance of discussions on attribution in view of the references to state responsibility and due diligence in APR paragraph 35A. On CBN section, Chair, Pakistan welcomes establishment of the POC directory and took part in the PING test as well. We have already nominated our technical and diplomatic POCs for the directory. However, Pakistan proposes that the POC directory may be further abrogated into a real-time threat sharing platform. Such platforms shall be instrumental in making the global cyberspace more safe, secure, and stable. Turning to the capacity building section, Pakistan in general supports the formulation of the language. However, we propose an amendment in line 3 of paragraph 48A, which could be read as, quote, states underline the need to ensure fair, equitable, and unconditional access to cyber. trainings, products and technologies, unquote. We will be submitting our amendments in written as well. I thank you, Chair.

Chair:
Thank you very much, Pakistan, for your contribution. I look forward to hearing your written statement as well. Australia to be followed by Spain.

Australia:
Thank you very much, Chair. In the interest of time, I will jump straight in to our rules, norms and principles chapter and go through paragraph by paragraph a couple of proposals and responses to some proposals that have been made on the floor yesterday afternoon and this morning. Jumping straight in then to paragraph 30, subparagraph A, the second sentence here that’s been added in our rev one from the zero draft, we consider this duplicates existing points already made in this APR and gives unnecessary focus on the creation of new norms because many of the discussions throughout this year have focused on the need for greater implementation as an essential precursor step in any consideration of whether any new norms might be required in future. And therefore we support Canada’s proposal for the deletion of this sentence because I think it’s really important for us to look at our consensus and Australia can’t support proposals that cherry pick bits and pieces of previous texts and amalgamate them into something which in aggregate is entirely new and then call that consensus. Turning to paragraph B, we heard earlier this morning the Russian Federation proposed to add additional text on the verification of attributions. While we understand the concern that’s been raised, if Russia is referring to legal attribution of activities of states, we consider that this is addressed in the law of state responsibility, which provides guidance on when particular acts may be attributable to a state. And we would welcome a reference to the law of state responsibility in the international law chapter. Secondly, on this subparagraph Australia… would support the United States proposal to include an additional BIS paragraph here, reflecting the consensus text of paragraph 27 of the 2021 GGE report. Turning to subparagraph D, we see an issue across paragraphs 30D, F and G, and we consider it useful to clarify which of the norms we are referencing in these paragraphs. Noting that this text comes from the 2021 GGE report, the paragraphs there appear underneath a very clear heading that includes the full text of the norm. So for paragraph 30D in our APR, this is norm G, and for paragraphs 30F, G and H, that is our norm I. We wouldn’t suggest loading up this report with additional subheadings, but to accurately reflect the consensus text from which this paragraph is drawn, Australia suggests that we include the phrase, as set out in norm G, with a footnote to the text of norm G in paragraph 30D. And similarly, we would include, as set out in norm I, with a footnote to the text of that norm in paragraph 30F, and then H and I would flow from 30F there. Turning to paragraph 30E, we would like to propose a technical amendment similar to the amendment we proposed in the threats chapter regarding paragraphs 14 and 15 and the designation of critical infrastructure. We would simply ask to include voluntary designation rather than classification of CI and CII in that paragraph. This is reflected, the word voluntary designation is in the 2021 OEWG report and 2021 GGE report. Secondly, we note that not all states will have national regulation, which is important norms implementation and confidence building mechanism. So we would suggest replacing the reference to adherence to relevant national regulatory requirements and guidelines with the word development of. to be more inclusive of all the different states that countries find themselves in. Third, we find the reference to the term support here, unclear, and we would suggest aligning with more generally understood language on capacity building. So we would suggest that the final sentence read, states recognize that capacity building can assist CI and CII operators in this regard. Finally, we would support the United Kingdom proposal to add a reference to the 21 GGE norms guidance in this paragraph. Turning to paragraph, sorry, I’m scrolling now, 32, and turning to the proposal of an annex norms checklist, Australia really does see this checklist as a concrete marker of the progress that we’ve made in this open-ended working group. We have, over the past year and three years, discussed many of the norms in detail. We’ve discussed what they mean, how they apply, how they apply to new threats and new technologies, how countries can implement them, how this implementation is an ongoing act. It’s not a once and done, and the policies for norms implementation are often updated to reflect the evolving threats and evolving cybersecurity practices. We’ve heard several states suggest that this checklist hasn’t had the time and the focus for discussion needed in this group for us to adopt it as it stands. And while we have sympathy for this, this argument could be made for many of the issues and the initiatives that we have set out under this report. And we take to heart your point, Chair, that we can’t push off all our work and deliberations until we get to a later date. So I think we need to find a balance on what we can agree now and what needs more discussion, noting that many of these issues are inherently linked, and we would be concerned as Australia if we upset the many interrelated balances upon which our consensus is based. We support the… framing of this checklist that was made by Malaysia yesterday, that is that it should be a living document. Just like the norms implementation is ongoing, it’s a living and evolving process, we think that this checklist could be a living document as well. It could be updated after, fingers crossed, we have a 2024 APR and also a final report next year to add more depth and details to this AKI and adding additional consensus language as we agree that consensus language. And we consider it very important that we make sure that it belongs to and has a home within our future regular institutional dialogue mechanism. We also agree with the point that was raised by South Africa and I think also the Russian Federation that we need to be very clear on the face of our report that the checklist itself is a voluntary tool, so Australia would propose inserting the word voluntary before the references to the checklist in 30C, 32 and as well in the annex itself. And finally on the norms chapter, Australia would support the proposal from Japan and the United States to delete paragraph 33. Concerning to international law, in paragraph 36A, in the second sentence, we would request the text be amended to read, additionally states reaffirmed that state sovereignty and the international norms and principles that flow from sovereignty apply to the conduct of states. And then the paragraph continues as it’s written. This amendment is to align with the consensus text contained in paragraph 71B of the 2021 GGE report. We also would propose that footnote 36 therefore be moved from the end of the paragraph up to the third sentence. On paragraph 36B, we support the proposal by Thailand to delete the last sentence here. On paragraph 36E, we find that this is an incredibly important premise, but we would propose deleting the last phrase of the last clause of this paragraph, that is deleting the words especially. the principle of state sovereignty or the prohibition on the interference in the internal affairs of states. We see that there are a large number of international law principles that could be applicable, not just these two that have been listed, and in this regard we think it would be preferable to remove the reference to two specific principles, which are also separately addressed in the paragraphs above, so as not to privilege some international law principles over others. On 36H, Australia agrees with Canada and Switzerland and the ICRC that paragraphs 36F and G require clarification. We would propose recombining these paragraphs as they were in the zero draft and tweaking the language to accurately reflect the relevant international law obligations that exist under international humanitarian law, given that there is no general obligation under international law to protect civilians or critical infrastructure and critical information infrastructure. We would propose that this paragraph read, highlighted the obligations of states consistent with international humanitarian law to not use ICTs to direct attacks against civilians and civilian objects, including critical civilian infrastructure in armed conflict. We further propose including at the end of this paragraph the proposal contained in the cross-regional paper submitted by Australia, Colombia, El Salvador, Estonia and Uruguay on 30 May 2024, and this is in point four of that paper. We would also propose including additional subparagraphs in paragraph 36 on states obligations to protect human rights and fundamental freedoms and also on international responsibility for internationally wrongful acts, and these are contained in points two and three of that cross-regional paper of Australia, Colombia, El Salvador and Estonia. We think that this language reflects important emerging consensus. and it is drawn from language contained in the 2021 GGE report. On paragraph 37b, we would propose amending this paragraph so that the second sentence would read discussions may include issues such as inter alia, how international law applies with respect to the transport of nature of some ICT operations. We would also seek reinclusion of the language from the previous zero draft that states or when malicious ICT activity rises to the level of an armed attack under international law. And I understand that this proposal to refer back to armed attack was also proposed by El Salvador and Switzerland. We consider that these tweaks better emphasize the crucial premise that these two examples, that is transported nature and armed attack, are already addressed under existing international law and discussion should focus on how they’re addressed under international law. In our view, discussions regarding anonymity of cyberspace are technical issues best addressed through cooperation and capacity building. Finally, on international law, turning to the recommended next steps. In paragraph 39, we have welcomed reference throughout this paragraph to regional views. We think that’s a very important step that this OEWG has taken. And we would suggest addition of that reference to regional statements be included in paragraph 39 as well as in the previous text for consistency. And finally, in paragraph 41, I want to note that Australia is very supportive of this paragraph and the reference to continued scenario-based exercises. We have found those organized by UNIDIR to be a very inclusive and constructive contribution to our discussions. I will finish there and come back later on our chapters E and F. and F, because I have been talking for a very long time. Thank you, Chair.

Chair:
Thank you very much, Australia, for your statement. Spain, to be followed by Croatia.

Spain:
Muchas gracias, señor. Thank you very much, Chair. I wanted to refer briefly to principles in international law. Spain aligns itself with the statement by the EU and wishes to make the following remarks in staff capacity. We welcome the work on the checklist on norms, and we look forward to implementing the 11 norms of responsible behavior. However, in line with the position of the EU, we feel that new norms would be useful. The application of existing norms requires more work, and so our focus should not be on creating new norms, but rather on implementing what we already have. The existing norms that could also be amended, 13C, F, G, and H, require the protection of all critical infrastructure that provide essential services to the public, especially medical and health installations, as indicated in the Spain strategy of 2023-2026. We also welcome the excellent work by regional organizations to guarantee implementation of the norms, specifically the OSCE, on the protection of critical infrastructure, the OEA, on the constant improvement of the resiliency of its members. A number of countries have said they wish to enhance their cooperation with the private sector. The norm checklist could be improved by taking advantage of public-private partnerships because there are many synergies that have not yet been explored or harnessed. The Spanish public-private cooperation platform allows us to update our norms in the area of cybersecurity, and we do all of this with the aim of improving cyber resilience as our ultimate goal. We can continue working on the norms checklist that we hope will contribute to making this OEWG more effective. when it comes to our final goal. As we have said previously, cyberspace is not an exception, nor is it unique in international law. International law is, without a doubt, fully applicable to cyberspace. Specifically, we give special attention to developing the principle of due diligence applied to cyberspace, as well as the principles of humanity, necessity, proportionality, and discrimination between civilian and military targets in the use of ICTs in armed conflicts. In this regard, we request a clear clause to establish the full application of international law to cyberspace in the APR. In the Spanish Diplomatic Strategy 23226, there is clear reference to protecting medical and health installations from cyberattacks. We welcome new national positions on the applicability of international law to cyberspace as a broad-reaching CBM. We look forward to, Spain looks forward to publishing our own policy paper on the matter by the end of the year. We hope that there will be efforts to bring national positions together, and we favor greater convergence on the wording relating to international law. We welcome the efforts to capacity building through specific training or sessions with experts. These are a decisive step forward towards making up for interoperative gaps in existing norms. We hope that the. conference that is taking place, the cyber security boot camp in Spain, our national cyber security entity, will contribute to all of these efforts. I thank you, Chair.

Chair:
Thank you very much, Spain, for your contribution. Croatia, to be followed by Cuba.

Croatia:
Thank you, Chair. And since it’s our first intervention in the session, allow me also to thank you and your whole team for the draft annual progress report, which quite well reflects our discussions from the last 12 months. And with some additional fine-tuning, we could reach smoothly not just a new APR, but also have a good basis for next year final report, as well as guidance for the future mechanism. Let me begin by stating that Croatia align itself with all interventions of the European Union, and in national capacity, we would like to stress some additional elements. Like Brazil, we would like to emphasize the importance of acknowledging previous UNGGE and open-ended working group reports, which were endorsed by the consensus of all states in General Assembly, and which represent a great framework and baseline for our discussions. Therefore, those funding elements should be prominently mentioned in the overview. Second, the gender balance in this working party didn’t come overnight. Lots of work lies behind, including those from the Women in Cyber Fellowship, and we should be proud that this working party is forerunner within the first committee on women participation. To be able to reflect this balance and equal opportunities in other areas, gender perspective should be taken into account in all chapters of the APR. We would also like to propose deleting quotation marks on gender digital divide in PARA 10, and I can gladly provide numerous of studies confirming that the gender digital divide is a real thing, which should be addressed. We can also support Netherlands on adding reference on women, peace, and security in PARA 25. We welcome PARA 8 and 9 on participation of stakeholders and important role of regional and sub-regional organizations, since their valuable contribution is added value to our work. And we do agree with Mauritius that states and stakeholders need to work together in order to accomplish the development goals. ICT is not a tango for one dancer, for states, because you need two to dance a tango, states and multi-stakeholder community. So the role of stakeholders should be acknowledged more prominently in the text. When it comes to threats, Croatia has recently experienced numerous DDoS attacks on financial and business sector and ransomware attack on health sector. Many of countries nowadays are faced with rising number and increasing sophistication of malicious cyber activities which are jeopardizing national security and impacting the international peace and security. State-sponsored attacks don’t shy from using cyber criminals for hire and hacktivists as proxies or decoys for attacks on civilian infrastructure and services. Therefore, we would like to suggest adding in part 13 reference to hacktivists. So when we talk about state and non-state actors, including terrorist, criminal group, we would like to also add hacktivists here. In part 14, we can support proposal from Bangladesh to add financial sector among those sectors mostly jeopardized. In part 22, we can also support proposal from Malaysia and USA which will make the text more balanced. Technology is neutral in its nature and we, the people, are responsible how it’s going to be used. Therefore, we would like to suggest at the end of part 22 adding a reference to a human-centric approach and human rights. So at the end of the sentence, after peaceful purposes, adding while respecting human rights and human-centric approach. We can also support Finland and mentioning quantum technology in this para. Dear colleagues, it has been said that before you start to run, you need to learn how to walk. So let’s start by engaging in the implementation of existing 11 norms before we start to run with additional one. In this context, we can support U.S. proposal for adding additional para after 30B. As many others, we consider the checklist to be an excellent tool for developing mutual understanding and capacities, but it also serves as a CBM in some way. Sharing information on national experiences with implementation and lessons learned can be beneficiary for states in their efforts to improve cybersecurity at national, regional, and global level. And we can later discuss, for example, within the future mechanisms such as POA, if those voluntary non-binding norms could be enhanced or complemented with additional ones. In this chapter, we would like to support Belgian proposal for para 28 and reference on harms caused to individuals and societies, as well as French proposal for para 30 regarding the responsibility of states not to normally allow their territories for malicious cyber activities. Dear Chair, distinguished colleagues, with a view of protecting and enhancing the quality of life for its citizens and enabling its economy to strive, the European Union and its 27 member states have been at the forefront of regulatory actions. With 32,000 experts at the European Commission, which is an executive body of the EU, we strive to regulate. a broad spectrum of policies and areas, from business to health, privacy, and environment. We have rules on size of cucumbers, composition of chocolate products, but also on protection of data, cyber security by design for products with digital elements, and cyber security of critical infrastructure, as well as the world’s first AI act, the first ever regulation on artificial intelligence. But among all that legislation, just last year we have adopted 1,795 legal acts. The European Union doesn’t have a legally binding instrument regulating responsible state behavior in cyberspace. Because we strongly believe that existing international law and UN charter adequately cover this area like any other area of responsible state behavior. And although so far we didn’t hear any concrete example where international law would not be applicable, we are open for discussion, also within the future mechanism like POA, if such gaps may exist. In this chapter, as many others, we would like to give more credit and place for proposals from excellent working papers on international law and international humanitarian law submitted by cross-regional groups of states. And we support Swiss and Estonian proposals for clear reference on IGEL in PARA-36F and G. Although we, like you, Chair, and the rest of the colleagues, have great expectation from the POC directory, we need to keep in mind that not all member states have nominated national POCs, and some have nominated technical level, which cannot be used for diplomatic dispute settlements. So we would like to suggest to wait and give POC time to grow trust and become more familiar with all initial tasks before giving them the new additional tasks as foreseen in PARA-36B. And before concluding, Croatia would like to thank Republic of Korea for conducting valuable high-level open debate in the Security Council on Cybersecurity last month. Thank you, Chair, and good luck.

Chair:
Thank you, Croatia. Thank you, Chair. Good luck to all of us, indeed. Give the floor now to Cuba, followed by Syrian Arab Republic.

Cuba:
Gracias. Thank you, Chair. In Section C on norms, rules, and principles, we propose the following. Firstly, as we… he said yesterday, it is of concern the general balance of the report in favour of implementing the voluntary norms of the responsible behaviour of state and to the detriment of the development of new norms, including those of a binding nature. And this is also a part of the mandate of the OEWG. We support that there should be factual inclusion of the work to draft a UN Convention on International Information Security. This was presented to the OEWG. Equal importance should be given to all of the initiatives presented. The third, APR, should explicitly include the option to develop new legally binding norms that will make the responsibility of states obligatory. Various delegations, including the Cuban delegation, have highlighted the need for this since the very beginning of the OEWG. The dynamic of the development of ICT and their impact on almost all areas of human life is an unquestionable topic, and so referring only to existing norms denies the possibility for other discussions on additional norms, including potentially legally binding obligations. In paragraph 30C, we propose taking note of the proposal of the chair of the OEWG of a list of practical actions for the implementation of voluntary non-binding norms. of responsible behaviour of states in the use of ICT in Annex A. We suggest that this APR should clearly express consideration of this proposal would be postponed until the next year’s work cycle, so that exhaustive analysis can be carried out by the relevant bodies in each country, and so that this can be discussed in depth in the OEWG before being approved by member states. In a consistent way, we also suggest the same reference in paragraph 32 of the recommendations. Paragraph 30G, we support the proposal of China to substitute security by design, which has not been used by consensus, rather by security of the life cycle. Under international law, it should be reflected that a UN Convention on International Information Security has been proposed and sponsored by a number of delegations. Ignoring references by states on the provisions of legally binding norms and some of the provisions in this section go far beyond the consensus that has been reached within this OEWG, especially section 36F, and we would request that this be deleted together with the comments made by Nicaragua yesterday on behalf of a group of countries. We agree that all states should respect international law and international humanitarian law and ensure that it is respected, that it is only applied in situations of armed conflict. There is no agreement in the OEWG of the automatic import of IHL, which only seems to apply to civilians in the area of ICTs, and so the recommendations for future discussions of states on how IHL applies to ICT should include the debate on a proposal for new legally binding voluntary norms. In section E on confidence building measures, we support the idea of including experts from developing countries in OEWG sessions in paragraphs 42C and 44, but this would be better done through an appropriate and transparent mechanism, such as a fund of the UN or a fund similar to those used in other disarmament procedures, in order to avoid the sponsors affecting the opinions of the beneficiaries. This also applies to paragraph 51 of the section on capacity building. In this section, we agree with other delegations on the fact that capacity building is an important confidence building measure or CBM. Explicit references should be made on the need to apply measures to reduce the digital divide and to to ensure universal, inclusive and non-discriminatory access to information, science, knowledge, technology and services linked to ICTs for peaceful ends. Finally, we reiterate the negative impact of unilateral coercive measures on universal access to the benefits of ICTs.

Syrian Arab Republic:
My delegation aligns itself to those delegations that have expressed concern due to the bias of the draft report to apply the existing norms of responsible behaviour instead of developing new ones. This is inconsistent with the mandate of the OEWG and fails to accurately reflect the spirit of discussions within the group. Several delegations have stressed the inadequacy of the normative framework for responsible behaviour because of its voluntary and non-inclusive nature. They stress the need to develop new norms, including legally binding principles and arrangements to reach a global checklist of legally binding norms and principles. To ensure balance, we believe that we need to develop a preliminary draft to establish new norms. Moreover, we hope that the draft report would reflect, as hoped, some important norms emphasised by a number of delegations, particularly those relating to the right of each state to ensure the security of its national information space. national mechanisms for its governance in accordance with its national laws and norms. We should not prevent countries from having access to the necessary resources, technologies and knowledge to support detecting and responding effectively to cyber threats. We must also prevent the use of information space or cyber capacity to undermine the state’s sovereignty or spread misinformation and disinformation that fuels extremism and terrorism. Turning to international law, the draft report prioritizes deepening the understanding of how international law applies to cyberspace. It focuses on the progress achieved in some aspects of the discussion. Without due regard to the development of binding legal arrangements on the specificity of international cyberspace, such an approach does not fairly reflect the group’s discussions. Four many delegations stressed the need to refer to a legally binding instrument to ensure that we all abide by it. Thus, we must build on the concept of a United Nations Convention on International Information Security submitted by the Russian Federation, along with a number of like-minded states. We should also give priority to setting a general framework to promote the general understanding of the principles of sovereignty and sovereign equality and the non-interference in the internal affairs of other states, as this is the main umbrella for any endeavor aimed at ensuring greater stability in the cyberspace. And we should ensure that this is an important principle and basic principle of the Charter of the United Nations to maintain international peace and security. We stress that the simplistic approach calling for the application of international law suffers from shortcomings. It opens the door for the introduction of explanations of legal rules without controls and standards that guarantee objectivity and non-abuse. Such explanations may be driven by certain political reasons which might not be in the interest of international peace and security. There are many multifaceted challenges posed by international information security that must be addressed. Thank you, Mr.

Chair:
Thank you very much, Syrian Arab Republic, for your contribution. Israel to be followed by Germany, please.

Israel:
Thank you, Chair. We will now present our remarks and some edits we have for the paragraphs in Section C and D dealing with norms and with international law. At the outset, Israel wishes to point that although the issue of developing additional norms over time has been raised by few delegations, it was also evident, like mentioned by Netherlands and many others and Israel among them in the past, that we expressed clearly that we don’t see any need for the development of new norms at this point and we wish to see more emphasis on an equal and more broad implementation of the existing 11 World Voluntary Norms and therefore we would ask to change the language to better reflect this in the APR in front of us. And as an example, we support the Canadian suggestion to delete subparagraph 30A. Furthermore, we have strong reservations regarding the reference made in few paragraphs of the Rev. 1 draft to additional legally binding obligations. In our view, current international law in its entirety provides the legal and normative framework for our discussions and the focus should be on understanding how the current framework applies to cyberspace rather than on creating any new rules or any new legal obligations. We wish to support the Republic of Korea and others that requested to make this better reflected in the APR language. As for the checklist on norms implementation, we can see the merit of having it as an annex on a voluntary basis, hence we are suggesting deleting references made in the text itself that can be interpreted that implementation of norms should be done through adherence to international law, as it can create some confusion since we We have agreed that the norms of responsible state behavior in cyberspace are voluntary in nature and are complementary to existing international law and do not detract from them. In this regard, we can also show support to the U.K. proposal to insert reference to the 11 voluntary norms in the 2021 GGE report. It can be done in this norms section or in the preamble. Now I will move to some specific edits. In paragraph 30, subparagraph A, 36A, we see some major issues there and we have the suggestion to do the following, to delete the phrase saying additionally state sovereignty applies and to before it to add the phrase and their general relevance and in the continuing sentence to end it with end to states and erase end to there, leave jurisdiction over ICT infrastructure and then delete all the rest of the paragraph. In paragraph 36, subparagraph E, we are concerned that there might be an interpretation that sovereignty is more than just a principle, therefore we suggest the following amendment to erase the words especially the principle of state sovereignty and to replace it with such as in 36G. In our view, it refers to a rule of the international law that doesn’t exist by itself. So we suggest amending it and deleting it, and if there is a request to have a reference to a protection of critical infrastructure, we can suggest adding the following, highlighted that some obligations of states under international law may be relevant to how states protect critical infrastructure or critical information infrastructure. I move to subparagraph 37, subparagraph B. It discusses also the issue of anonymity, but it’s not really clear to us how it’s connected to international law. We would like to get some clarification on that and possibly to erase it. Moving to subparagraph F, 37F, in our view, again, it’s suggesting creating a new legally binding obligations, and we would like to delete the last sentence of the paragraph and to add instead how those gaps may be addressed by states. And we will submit also our intervention in writing, so it will be easy to follow our suggestion. I thank you, Chair.

Chair:
Thank you very much, Israel. Look forward to getting your inputs. I think your last specific proposal was deleting 37F, which calls for the noting the possibility of future elaboration of additional binding obligations, which was part of the previously agreed language. That comes back to the earlier point I think I made yesterday, that it’s going to be very challenging to delete previously agreed language, especially if they have appeared as they have here in this draft, but they have also appeared in previous annual progress reports. So I’m just flagging that as an example of the challenge we are facing, and once again I would appeal to delegations to avoid the temptation to delete or rewrite or redraft what has been previously agreed. Now, let me continue with the speaker’s list. Germany to be followed by the United Kingdom.

Germany:
Honourable Chair, Germany is fully aligned with the statement of the European Union and wishes to make the following remarks on Norms International Law and CBMs in a national capacity. On Norms, Germany fully supports the checklists contained in Annex A which are answering the call of a wide range of UN member states for structured guidance to assist with Norms implementation. Russia has pointed out that these Norms were developed by the GGE process, but in contrast to what was suggested, this does not affect their universal significance since they have been endorsed by the General Assembly. On international law, Germany welcomes the structure of the draft APR which emphasises concrete action-oriented proposals on international law and suggests next steps for us to take. As has been pointed out by a number of delegations, discussions on the application of international humanitarian law have been an important part of our discussions, particularly since July last year. At the seventh substantive session in March, a working paper on the application of international humanitarian law to the use of ICT in situations of armed conflict was published. was presented by Senegal on behalf of a cross-regional group, including Germany. These discussions and the strong cross-regional support for this topic should be more clearly reflected in the report. We therefore fully support proposals for a wording that better reflects the substance of our discussions this year. With this in mind, we propose amending paragraph 36F to refer explicitly to international humanitarian law when referring to the obligations of states regarding the protections of civilians and international law as to our understanding these obligations arise from international humanitarian law in the event of an armed conflict. In relation to paragraph 37B, we would suggest to more clearly emphasize that existing international law already applies to ICT operations and provides solutions for addressing the transport and nature of some ICT operations. We would like to commend Australia, Colombia, El Salvador, Estonia, and Uruguay for their efforts in drafting the working paper mentioned this morning by Australia on the application of international law in the use of ICTs. We fully support their tax proposals for the 2024 API international law section and believe that these could form a solid basis for this week’s tax negotiations. Now on CBMs, being a member of the open cross-regional group of confidence builders, Germany cares a lot about making the exercise of our newly formulated cyber CBMs at the UN level a success. Germany is convinced that exercising the already existing set of CBMs in a focused and dedicated manner is the most effective way forward, bearing in mind that these CBMs have been adopted in 2023 in order to make a tangible contribution to peace, security, and stability in cyberspace. This has also been the focus of this morning’s side event hosted by Australia on behalf of the confidence builders. as part of our joint attempt to refocus our discussions on CBMs as an action element of international security policy, not a fix-all solution to a wide range of shortcomings of our digital age. Therefore, our focus at this very early stage of cyber confidence building at the UN level should be on advancing the implementation of the Global POC Directory, which as of today connects national POCs from 103 UN member states, already more than half of the UN community, as well as on implementing the already agreed set of CBMs just as set out in PARA 44. This is also where Germany would like to see the focus of the work of the Secretariat on the CBM front. Hence, Germany does not support the development of standardized templates by the Secretariat as mentioned in PARA 45 as a recommended next step. Germany would like to caution that the adoption of such templates has proven to be a complex and potentially lengthy exercise in other contexts where CBMs are being used. In addition, the use of templates, even if they are marked as voluntary, may further raise the barrier for states to actually exercise CBMs. Germany sees little merit in sharing national views on technical ICT terms and terminology as mentioned in PARA 42F and as a recommended next step in PARA 47. These suggestions should be deleted in order to allow us to make progress on what is at the core of confidence building, namely engaging in information sharing and mobilizing for the active use of the POC Directory. In order to allow states to familiarize themselves with the existing set of CBMs and to focus on activating the Global POC Directory, Germany also decided not to put forward further CBMs for adoption. If additional CBMs are to be adopted, as suggested in Annex B, their wording should be aligned with our standing practice of formulating CBMs in an action-oriented way. Applying that rule, the list of additional CBMs in Annex B would read as follows. CBM 5. Promote information exchange on cooperation and partnership between states to strengthen capacity and ICT security and to enable active CBM implementation. CBM 6. Engage in regular organization of seminars, workshops, and training programs on ICT security. CBM 7. Exchange information and best practice on the protection of critical infrastructure and critical information infrastructure, including through related capacity building. CBM 8. Strengthen public-private sector partnerships and cooperation on ICT security. Germany looks forward to working together constructively to finalize the substantive progress report by the end of this week. Thank you, Mr. Chair.

Chair:
Thank you, Germany, for your remarks. United Kingdom to be followed by Mexico.

United Kingdom:
Thank you, Chair. First, we would like to extend our gratitude to you, Chair, for incorporating a diverse range of views into this Rev. 1 draft and for giving us a promising international law text on which to build. In paragraph 36A, we support the proposal suggested by the Netherlands and the United States to bring the text in line with the language which has previously been agreed by the group of governmental experts. In paragraph 36B, we agree with the comments made by several states regarding the unsuitability of the POC directory as a dispute resolution mechanism. Regarding paragraphs 36F and 36G, the UK echoes the position of Switzerland and several other delegations in calling for more specificity in relation to the applicable law being referred to in these paragraphs. The UK reiterates the widely held view that international humanitarian law applies to operations in cyberspace conducted during armed conflict in the same way as to an attack by any other means. This includes prohibitions on using ICTs to direct attacks against civilian objects, including critical civilian infrastructure, in armed conflict. The UK therefore supports the proposal from Australia on these sub-paragraphs, which is included from a cross-regional paper. Regarding paragraph 37A, we would like to include as appropriate in this paragraph, so that it would read, including as appropriate experts from the International Law Commission. The UK supports the suggestion for briefings from legal experts, and we would welcome individual members of the International Law Commission to contribute to this. We note, however, that not all of the 36 members of the ILC are experts in the issues relevant to this OEWG, and experts from outside the ILC will often be equally valuable to our work. Finally, we welcome the introduction of paragraph 41 in this revision, and the opportunity to support scenario-based exercises by academic and research institutions, contributing to the development of shared understandings in international law. On CBMs, we very much welcome paragraph 42B to reaffirm annex A of the second APR, and restate the purpose of the POC directory to facilitate secure and direct communications between the competent authorities of states, including in the event of an urgent or significant ICT incident. In paragraph 42C, we propose changing the first line to states highlighted that a step-by-step approach could be taken to developing the POC directory based on experience from its operationalization. My delegation would like to better understand the impact of the POC directory to build confidence and lessons learned from implementing the POC directory before expanding its scope. In our view, the Global Cybersecurity Cooperation Portal discussed in the Capacity Building section would be a more suitable mechanism for sharing information in an equitable manner. As is reflected in the rest of that paragraph, there is further work to be done to boost participation and deliver training on the POC directory. For the same reason, we would like to delete the last sentence of paragraph 42B, which reads, it was emphasized that regular information sharing should be established as soon as possible. Without further qualifying the type of information envisaged, there is a risk this duplicates existing cert-to-cert information sharing. Thank you, Chair.

Chair:
Thank you. UK, Mexico, to be followed by Indonesia.

Mexico:
Thank you, Chair. On Section C, my country sees positively that REV.1 maintains the proposal of the checklist of practical actions to guide implementation of these norms, while highlighting the importance of protecting critical infrastructure and the need for them to be improved and adapted continuously as threats evolve. On paragraph 33, Mexico considers that in addition to working documents to be introduced on proposals for developing new norms for the responsible behaviour of state, we could also invite collective proposals to be developed aimed at strengthening and implementing the existing framework, and this with a view to recognising major efforts undertaken by regional organisations such as the Organisation of American States, the OAS, and ASEAN, for example. Under Section D, we note that in the revised draft, the reference has been removed, to when malicious activity in cyberspace can be considered an armed attack under the principles of international law. However, we think that this was a useful concept that helped us advance the discussion, as well as national positions on the subject. On paragraph 37, from our perspective, the content of this paragraph is very relevant. a sign of concrete action, action that, in accordance with the outcomes of the intersessional meetings, is aimed at advancing the discussion on the subject. More specifically, it is timely, we think, to incorporate the reference to the expertise of the ILC, the International Humanitarian Law Commission. This, in fact, is a proposal that Mexico has promoted on a number of occasions. In relation to the references to the application of international humanitarian law, IHL Mexico supports maintaining the language in the revised text, at the same time as we reiterate that the principles and provisions of international humanitarian law in no way legitimise nor support conflict or the escalation of tensions in cyberspace. Quite to the contrary, we note that in the APR3 draft, we have here an opportunity to promote a deeper discussion on how the principles of IHL could be applied to a case of armed conflict and how states can develop their own national positions on this aspect. We note also that in the most recent text, there are specific obligations relating to the protection of civilian objects and critical infrastructure under international law. In this regard, Mexico would support reincorporating critical infrastructure into the revised text. Similarly, Mexico welcomes the inclusion of proposals to support holding and convening intersessional meetings, additional intersessional meetings, in order to support support discussions on IHL and international law in cyberspace, and supporting and enhancing exchanges of views and national positions, while at the same time we can drive forward cooperation strategies for capacity building and initiatives based on tabletop exercises. Indeed, Mexico has participated in these together with the support of the OAS, UNIDIR, and other bodies. My delegation will offer remarks on the remaining sections at a later intervention. However, as regards the question of convening dedicated intersessional meetings, Mexico would support this. From our perspective, it has been clear that at the previous intersession meeting, dedicated international law was extremely valuable. Nevertheless, at present, given the clear timeframe for the conclusion of the work of this OEWG in 2025, Mexico feels that any intersessional meeting should be devoted to permanent institutional dialogue. We feel that in this area, there are still significant divergences that we need to address. I thank you.

Chair:
Thank you very much, Mexico. Indonesia to be followed by Ghana.

Indonesia:
Thank you, Mr. Chair. Indonesia has observed comments and constructive inputs on the floor yesterday. We are confident all member states are keeping their spirits to achieve consensus by the end of this week. In this opportunity, we wish to share our views for the draft of the third APR for sections A, B, C, E, and F. On the section A, Indonesia sees capacity building as fundamental to narrow digital divide. digital divide on ICT security. Therefore, we support PARA 6 and 7 as a foundation to a more detailed approaches for other sections. On the section B, Indonesia welcomes PARA 19 that highlights concerns over the use of malicious software such as ransomware that experienced by Indonesia recently. Thus, Indonesia encourages to implement PARA 28 as recommended next steps. A continued focused discussion on possible cooperative measures can also cover how to combat ransomware attacks. On section C, we welcome PARA 30B, which states voluntary nonbinding norms of responsible state behavior can reduce risks to international peace, security, and stability. To guide the implementation of norms, including the possibility of using the checklist of practical actions as contained in Annex A, Indonesia is of the views that reaching consensus on this matter is more crucial. Therefore, we shall count on the good faith of each member state in practicing the 11 norms. On section D, Indonesia welcomes PARA 42B on the launch of the Global POC Directory. We further are delighted to inform that Indonesia has nominated its National Diplomatic and Technical POC as well as joined the PING test. We believe the Global POC Directory could facilitate communication and coordination among states, strengthen CBMs, improve the ability to respond to the ICT incidents, and support capacity building and information sharing. To further maximize the function of the POC Directory, still at the same PARA, we are of the views that the scope of information sharing shall not be limited to the momentum when incidents happen, but also serve as a preventive measure, particularly information sharing on the findings of current and possible kinds of cyber threats. This activity could give opportunities for member states to learn the experience from each other and further prevent recurring incidents. On PARA 42D and PARA 45, we welcome the possibility on the development of standardized templates to optimize communication between states through the POC Directory. On the Section F, Indonesia sees narrowing digital divide between developed and developing countries can be achieved through capacity building and transfer of knowledge, skills, and technology. Noting there is no one-size-fits-all solution to capacity building, we welcome PARA 48B to enhance efforts to tailor capacity building to a recipient state’s needs, including through voluntary national assessments. Therefore, Indonesia also welcomes the initiative to develop a needs-based ICT security capacity building dialogue, including the discussion for Global Cyber Security Cooperation Portal as stated on PARA 48C and a mapping exercise as in PARA 48G. To comment on PARA 48G and PARA 52, Indonesia supports the idea for additional avenues of funding, including to establish a United Nations Voluntary Trust Fund on security in the use of ICTs to support the participation of national representatives and experts, particularly from developing states. Finally, Mr. Chair, in addition, we also welcome PARA 48I, in particular to strengthen coordination and cooperation between states and business, and further encourage business sectors in partaking capacity building efforts. I thank you, Mr. Chair.

Chair:
Thank you, Indonesia, for your contribution. Ghana to be followed by Armenia.

Ghana:
Mr. Chair, as this is the first time my delegation is taking the floor, I would like to begin by commending the progressive nature of this open-ended working group. and your leadership throughout the process. The concrete outcomes of the OEWG, including the launch of the Global Points of Contact Directory, are laudable milestones. Mr. Chair, my delegation welcomes the latest version of the drafts of the third APR. Like South Africa and other delegations, we particularly appreciate the reference in paragraph 10 to the equal and meaningful participation and leadership of women in decision-making processes related to the use of ICTs in the context of international security. On existing and potential threats, in paragraph 14, sorry about that, in paragraph 14, we support the proposal by Australia and other delegations concerning the need for states to determine for themselves what they consider as critical information infrastructure. We also welcome the emphasis in paragraph 22 on understanding and mitigating the risk associated with AI and ICT systems, while also recognizing the potential benefits these technologies can offer. Additionally, Ghana supports the proposals made by the United States and supported by other delegations to include the benefits of AI in boosting and increasing the resilience of cybersecurity systems, as well as the UK’s language proposal in this regard. My delegation further supports the mention of autonomous ICT attacks and strengthening of security by design approaches in paragraph 22, and the need to strengthen security by design approaches throughout the life cycle of ICTs. In paragraph 27, we appreciate that the report highlights the need for further developing and implementing cooperative measures and capacity-building initiatives. We also support paragraph 30A-I and J, as currently reflected. We believe that while it is important to implement existing norms, it is equally crucial to further develop the rules, norms, and principles of responsible states’ behavior in the use of ICTs, given the rapid advancement in technology and the increasing complexity of cyber threats. Mr. Chair, regarding the section on CBMs, my delegation supports paragraph 47 in line. with previous submissions that my delegation has made for there to be standardized protocols to enhance transparency and understanding between states. We would like to reiterate the need for development of a feedback mechanism and propose its inclusion in the annual progress report. Additionally, in accordance with earlier proposals made for the need for member states to develop communication protocols, we believe it is important to outline the extent to which the POC should be utilized and the circumstances under which member states should reach out to their counterparts. Clear and coherent guidelines will ensure consistency and clarity in information exchange, ensuring timely communication and responsiveness. Having such protocols in place will ensure that the benefits of the directory are effectively utilized. These elements can be discussed in the future mechanisms. On the issue of intersessional sessions, we support the convening of these meetings and urge the need for smaller delegations to be taken into account when scheduling such proposals. We also deem it important to consider a hybrid format incorporating both online and in-person participation to enable the involvement of experts who may be unable to attend in person. To conclude, Ghana remains dedicated to the success of this OEWG and we assure you of our commitment to engaging constructively in this substantive session towards the adoption of the third annual progress report. I thank you, Mr. Chair.

Chair:
Thank you very much, Ghana, for your contribution. Armenia, to be followed by El Salvador.

Armenia:
Mr. Chair, thank you for giving me the floor. We would like to express our appreciation to you and your team for hard work. Armenia is committed to supporting the efforts of the international community in mitigating the risk and counter the threats, stating from the use of information and communication technologies. Development of ICTs is critical for the well-being of humanity and and promotion of peace, sustainable development, and human rights. Armenia is firmly commitment to their global, open, free, stable, and secure cyberspace. We support the efforts within the framework on the UN aimed at promoting rules and norms for responsible state behavior and governance building measures. Digital technologies provide a new means to advocate, defend, and exercise human rights, but they can also be used to suppress, limit, and violate human rights. Hence, it is important not to overlook the implication of the malicious use of ICTs for the enjoyment of human rights, in particular, the right to seek, receive, and import information and ideas regardless of frontiers as enshrined in the International Covenant on Civil and Political Rights. Giving much importance to capacity building, we welcome Women in International Security and Cyberspace Fellowship Program. The original organization have an important role in implementing the framework for responsible state behavior in the use of ICTs. We underscore in the importance of respect for the human rights and fundamental freedoms in use of information and communication technologies. I thank you, Mr. Chair.

Chair:
Thank you very much, Armenia, for your contribution. El Salvador, to be followed by Vietnam.

El Salvador:
Thank you very much, Chair. On confidence building measures, we commend the launch of the global directory of POCs, and we will continue working collaboratively to operationalize it. And the operationalization and continuity is critical for it to fulfill its functions. On capacity building, as we’ve said before, this is a cross-cutting effort across all areas of the remit of the OEWG, and so we must adapt to the needs and specificities of countries on the basis. of voluntary assessments that allow us to develop resilience in the area of ICTs. For my country, the inclusion of the proposal on the capacity building catalogue for security in ICTs could be integrated into the cooperation development portal for capacity and global cyber security, and we support this action. The future iterations of the global roundtable on ICT security development and capacity should take place, however, under no circumstances should we support this under the framework of the high-level week of the GA. This would only create an additional workload for small delegations that are already divided with the general debate and would detract from that. We should not support side events during that week in line with the mandate to revitalise the GA, and so we request that we return to language in the previous draft on a biannual basis and not at the high-level week. Finally, we support the proposal for a voluntary fund to support the capacity building programme. This has been suggested by a number of countries, including my own, and we think that it could be an opportunity to make efforts in this regard operational. On regular institutional dialogue, we are grateful for the revised chair’s document on the permanent mechanism for security in the ICT in the context of international security. This is a good basis for adopting the report by consensus. For my delegation, the most important thing is to have a single mechanism that can provide an institutionalised framework that can address the urgent needs of the international community for international cooperation and assistance in the area of information security, continuing to make progress in a common understanding of the implementation of the existing framework for responsible behavior of states in cyberspace based on the applicability of international law, also continuing to address real and potential and emerging threats and promoting CBM in cyberspace and capacity building and generating a favorable environment to reduce the digital divide. We welcome the proposal of the chair and the substantive changes in the proposal and we hope that we will be able to achieve agreement and consensus soon, I thank you.

Chair:
Thank you, El Salvador, for your contribution. Vietnam to be followed by Argentina.

Vietnam:
Thank you, Mr. Chair, for giving me the floor. What’s happening with my? Thank you, Mr. Chair, for giving me the floor. My delegation would like to have a brief comment on section D on international law. Vietnam reaffirms that the use of ICTs must be in line with international law and the United Nations Charter, including the principles of respect for national law, national sovereignty and non-interference in others’ internal affairs, non-use of force or threat to use of force. Vietnam views that trans-border nature and anonymity are the two prominent attributes of ICT operations and strongly supports further discussion and research on how trans-border nature and anonymity of ICT operations can be addressed under international law. In this regard, we would like to retain it in 37B. We can support Australia’s proposal to add research of these attributes in capacity building and propose to add it into 37D. We would like to add a paragraph to take notes of state’s expectation to the early conclusion of the international convention on countering the use of ICTs for criminal. This is the first international legal framework under the auspice of the United Nations, encountering cybercrime that can help enhance understanding of the international community on how international law applies to the cyberspace. We would like also to suggest adding a proposal that has been made in previous sections by my delegation, that the international community embark on early discussion on the establishment of the United Nations International Legal Framework for the Governments of Artificial Intelligence and Other Emerging Technologies based on researching relevant international practices. I thank you, Chair.

Chair:
Thank you very much. Vietnam, Argentina, to be followed by Kazakhstan.

Argentina:
Muchas gracias. Thank you very much, Chair. We would like to refer to Section C, Rules, Norms and Responsible Behaviour, specifically 30A, where there is a need for more norms and principles for responsible behaviour and that states agreed to develop additional norms and the implementation of existing norms are not mutually exclusive but can take place in parallel. Relating to this wording, we want to highlight that my delegation, together with other delegations who are developing countries, have on a number of occasions highlighted the need to focus on the implementation of existing norms before we move to drafting new norms. We want to clarify that while we do not oppose the drafting of new norms of responsible behaviour, we feel that efforts should be devoted to capacity building so that lesser developed countries can implement existing norms before we move to creating new norms. And we would like the APR to more accurately reflect the discussions that we’ve had within the group. We would propose, therefore, the removal of the last section of paragraph 30A, removal that states, also concluded that the further development of norms and the implementation of existing norms were not mutually exclusive, but could take place in parallel. We, therefore, request the removal of this last sentence. 30H, Argentina is grateful for the reference to the crucial role of the private sector and especially PPPs for the development and promotion of best practices in supply chain security and encouraging information sharing and best practices between states as well as with the involvement of relevant stakeholders. On this section, we also want to support what has been said by Brazil and other delegations who requested that we replace proliferation in 20 and 30H with dissemination, for instance, on the use of ICTs for malicious purposes. In section F on the capacity building, here my delegation wishes to reiterate its position that capacity building should be interpreted broadly, which means that capacity building is not just about holding workshops and skills, but also technical transfers and technology transfer. Now we want to refer to paragraph 52. to the creation of a voluntary fund under the auspices of the United Nations to support capacity building measures. There’s paragraph 52. We want to support the creation of a fund. It should lead to better democratization of these resources and dissemination of a culture of cyber security globally. It should ultimately benefit the entire international community given the interoperable nature of cyberspace. The only thing with this paragraph is that the voluntary fund under the auspices of the United Nations should be aimed at capacity building, as we said, in a broad sense rather than being limited to capacity building for states so that these capacities are aimed only at fulfilling the norms, rules, and principles for responsible state behavior. We have a number of times highlighted that capacity building is not subordinate to responsible behavior of states. Rather, it is cross-cutting and, therefore, any fund aimed at capacity building should reflect the cross-cutting nature of this. The fund should also be aimed, therefore, at closing the digital gap and building cyber resilience in those countries that most need it. I thank you.

Chair:
Thank you very much, Argentina, for your contribution. China, to be followed by Netherlands.

China:
Thank you, Chair. Regarding the rules, regarding the rules, norms, paragraph 30C and paragraph 33 about the checklist for practical actions for the implementation of norms of responsible states’ behavior, China is of view that the checklist should be based on the existing consensus, avoid the inclusion of non-consensual elements outside of the UN information security process. At the same time, we recommend that according to consensus, we should change the name to observation and implementation of the framework. Reference to paragraph 32 of the Regulation of Interests of States and Regional Organizations Regarding 30 on supply chain security, China has repeatedly emphasized in the meeting that the issue of supply chain security encompasses both the physical security but also its openness and stability. Therefore, PPP part should reflect the all-encompassed connotation of the security supply chain. China suggests that we change the integrity to the promoting integrity. In addition, it may involve the transparency of the security supply chain and confidentiality of commercial information and intellectual property rights. China requests the traditional relevant expression. On 30i, China does not support the further discussion on the need for the development of additional norms because in accordance with the mandate of OEWG, we should continue to develop the rules and norms and the principles. What we need to discuss is not the need but how. In the same vein, for 30i and 33, paragraph 33, as stated regarding 30b, norms are the international community s expectations and standards for state behavior. And therefore, statehoods are not the subject of the framework for responsible state behavior. And therefore, we request the addition of the requirement for statehood to submit working papers. If they have any comment or suggestion, they can submit through member states. The secretariat should also make the working papers for member states available online for access to other states. On international law, China appreciates the text that reaffirms, enriches, and improves the principle of sovereignty and non-interference international affairs. We request the retaining of those. Recently, the 70th anniversary of the Five Principles of Peaceful Coexistence was held by China. President Xi Jinping delivered the important speech, comprehensively expounding the spirit and the contemporary value of the Five Principles of Peaceful Coexistence, including the mutual trust for sovereignty, territorial integrity, and noninterference into each other’s internal affairs. China supports the further exploration, the purpose and principle, the implementation of the purpose and principle of the UN Charter in our further discussions. This is the foundation prerequisite for the maintenance of the peace, liberty, and security of cyber security. In terms of specific text, we strongly request a balanced treatment of norms and international laws. In particular, regarding discussion this year and the agenda for future discussions, the relevant wording must be consistent. In view of this, China requested addition of paragraph 37A, and in paragraph 38, a change of the wording, engaging folks’ discussion to exchanging views. Regarding paragraph 36E, a country’s foreign affairs are also part of its internal affairs. Therefore, China requests addition of word external. Regarding paragraph 37A, the ethnics of countries participating in this working group are mostly diplomats. Inviting the so-called legal experts will make the relevant discussions focus more on legal details, which will increase the burden on delegates, in particular on those from developing countries. That’s affecting the discussion process. China believes that the legal experts should not be invited to attend the meeting. On paragraph 37B, on the international law of vice news of ICT, we recommend changing it to consensual language. of the United Nations is applicable and essential to maintaining peace and stability and for promoting an open, secure, stable, accessible, and peaceful ICT environment. Regarding – the other thing I want to emphasize is about the traceability. Traceability is the foundation of the application of international law. How we solve this core issue of traceability? The application on conflict and the state’s right to self-defense, a rational application of these laws will only make a few number of countries that are strong are able to provoke conflicts at a lower cost and provide pretext to them. Yesterday, in my statement, I shared a case of a misinformation in traceability. My point was to note the importance of this issue of traceability. Therefore, we do not agree that traceability is just a technical issue. We request to retain 37B. We believe we need to talk about an amenity and the traceability of the ICT. On 37C and 39, China believes that the top priority now is for the international community to have an in-depth discussion on the application of the law in cyberspace and reach a common understanding rather than to interpret it in their own ways so that differences will be increased and mistrust will be weakened. China believes that the submission of a country-specific – a regional specific positions on international law runs count to the promotion of a common standing of international law by the international community. Therefore, we request the petition of reference to encourage and assist in other countries serving their country-specific positions. Regarding Para 41, efforts made by academic research institutions, we believe, include not only scenario-based exercises and not only limited to the application of international law. In this June, the seminar organized by the UNIDIR covered the various pillars of the framework for responsible state behavior. Therefore, China suggests to give comprehensive information and support to the efforts of academic and research institutions to promote the framework, rather than the partial and balanced approach. Therefore, we request the change of organizing efforts, the organizing of scenario-based exercise to efforts, and the change of, in the area of international law, to in the framework of responsible state behavior, and the paragraph as a whole should be moved to the capacity building section, regarding the CABMs. On 42H, we think that the platform for the initiative for exercising of CABMs does not have a clear definition. We suggest to delete it or clarify it. On capacity building, we believe that Para 48B should go with the consensus language. Adhering to in the sixth line should be changed to implementing. And the C, para C, we believe that the definition of evolving with the needs of states is not clear either, and we request its addition. For E, para E, it overlaps with the function of checklist. So we also suggest its addition. Thank you, Chair.

Chair:
Thank you very much, China. China, can I request that you share the text of your proposals in English with my team? I think there were quite a number of comments on the translation, and the interpretation was quite rapid. So I would like very much to receive your text. And please share it with everyone as well. We can take one more speaker, and I apologize to Kazakhstan. I think I’ve skipped them from the earlier list, and I had mentioned their name, but didn’t give them the floor. So my apologies to Kazakhstan. You have the floor, please.

Kazakhstan:
Thank you, Chair, for giving the floor. Kazakhstan wants to comment on section E and F for CBM. First and foremost, we emphasize that the OEWG itself serves as the CBM, ensuring an open, secure, stable, accessible, and peaceful ICT environment. On paragraph 42B, we express our support for the POC directory as a CBM in ensuring the secure use of ICT. In this context, Kazakhstan has already appointed its POCs accordingly. Regarding the initial list of the CBMs within CBM 5, we believe it’s important not only to exchange information and the best practices, but also to share information. on national structures, strategies, policies, and the programs, as well as national views on various aspects of national and the transnational threats related to use of ICTs. Furthermore, in the context of information sharing, we believe it’s important to recognize the role of the sharing information on vulnerabilities in ICT systems after states have addressed the issues. Such practices help to prevent cyber incidents through threat information sharing, aiding the prevention, detection, and the response. Within CBM 8, we consider public awareness to be a key component of strengthening CBM in cooperation with the private sector. Additionally, we value the role of the regional organizations, particularly the OSCE, in strengthening CBMs as they play a crucial role on fostering cyber resilience. In this section, we underscore the important roles of the various stakeholders, including business, non-governmental organizations, and academia. At the end of the – as noted in draft report, as an action-oriented proposal, since we have the POC directory and the list of CBMs, we consider it important to note that the possibility of curating CBMs by the states and accompanying the work in this direction, which will reflect the work of the POCs. Such a measure would be an excellent conclusion to the work of the building cyber resilience upon the completion of the OEWG and its continuation. As for capacity building, capacity building is crucial for enhancing cyber security in developing states. By providing education, fostering awareness and cooperation, capacity building initiatives can help establish more – robust and sustainable cyber security program that effectively protects individuals, organizations and the national security interests. On Paragraph 48i, we propose to highlight the role of the developing countries in capacity building efforts. Developing states frequently need of the cyber security expertise, including qualified personnel capable of the designing, implementing and maintaining effective cyber security programs. Capacity building efforts can address this issue by educating and training local professionals. On Paragraph 48g, it’s also important to emphasize capacity building not only for existing specialists in this field, but also for various stakeholders, including government, private sector organization and civil society groups. As an example, law enforcement officers and the judge play a crucial role in ensuring the legal protection of countering in this regard. Additionally, on Paragraph 48b, we highlight the importance of incorporating capacity building directives into cyber security policies, as this is a fundamental to addressing these challenges. Thank you, Chair.

Chair:
Thank you very much, Kazakhstan, for your contribution. We have still about 20 speakers, so we’ll continue this afternoon, starting with the Netherlands to be followed by the European Union. This afternoon, we will also transition to looking at the section on regular institutional dialogue as well, Section G. So delegations are welcome to also comment on that section and we’ll continue with the speakers, please. Thank you very much. I wish you a pleasant afternoon. Thank you.