Agenda item 5: discussions on substantive issues contained in paragraph 1 of General Assembly resolution 75/240/2/OEWG 2025

Summary

This discussion focused on how international law applies to the use of information and communication technologies (ICTs) by states. Participants reaffirmed that existing international law, including the UN Charter and international humanitarian law, applies to cyberspace. Many emphasized the importance of state sovereignty, non-intervention, and peaceful dispute settlement in the cyber domain. There was broad agreement on the need to protect critical infrastructure and civilian populations from cyber attacks.

Several countries highlighted the progress made in developing national and regional positions on how international law applies to cyberspace, with over 30 countries and two regional groups having published such positions. Many supported reflecting this progress in the Open-Ended Working Group’s (OEWG) final report, including language on international humanitarian law drawn from recent Red Cross resolutions.

While most countries saw no need for new binding cyber-specific laws, some advocated for developing new legal instruments to address perceived gaps. There was widespread support for continued capacity building to help all states engage meaningfully on these issues. Many countries backed proposals to integrate international law discussions into thematic working groups on resilience, cooperation and stability in the future permanent mechanism.

Overall, the discussion demonstrated growing convergence on many aspects of how international law applies to ICTs, while also highlighting some remaining areas of disagreement. Participants emphasized the importance of continuing this dialogue to build common understanding and promote responsible state behavior in cyberspace.

Keypoints

Major discussion points:

– Applicability of existing international law, including the UN Charter and international humanitarian law, to cyberspace

– Need for clarity on how specific principles of international law apply in the cyber context

– Debate over whether new legally binding instruments are needed for cyberspace

– Importance of capacity building to enable all states to participate in discussions on international law in cyberspace

– Proposals for how to structure discussions on international law in the future permanent mechanism

Overall purpose/goal:

The purpose of this discussion was to review progress made in understanding how international law applies to state use of ICTs, identify areas of convergence and divergence, and consider how to structure future work on this topic.

Tone:

The overall tone was constructive and collaborative, with most states emphasizing areas of agreement and progress made. There was a shared desire to capture common understandings in the final report. Some disagreements emerged over the need for new legal instruments, but the tone remained diplomatic throughout.

Speakers

– Chair

– Sweden

– Thailand (speaking on behalf of a cross-regional group of states)

– African group – Nigeria

– El Salvador

– Brazil

– Senegal

– Singapore

– Malawi

– Mauritius

– Mexico

– Canada

– Cuba

– Japan

– United Kingdom

– United States

– Islamic Republic of Iran

– Republic of Korea

– China

– Russian Federation

– Algeria

– South Africa

– Albania

– North Macedonia

– France

– Colombia

– Kingdom of the Netherlands

– Portugal

– Pakistan

– Indonesia

– Czechia

– Mozambique

– Tonga (speaking on behalf of the Pacific Island Forum members)

– Vanuatu

– Switzerland

– Australia

– ICRC

Additional speakers:

– European Union (mentioned as having made a statement)

– Ms. Nakamitsu (mentioned as having spoken previously)

Revised Summary of Discussion on International Law in Cyberspace

This discussion focused on how international law applies to the use of information and communication technologies (ICTs) by states. The dialogue demonstrated growing convergence on many aspects of how international law applies to ICTs, while also highlighting some remaining areas of disagreement.

Applicability of Existing International Law

There was broad agreement among participants that existing international law, including the UN Charter and international humanitarian law (IHL), applies to cyberspace. Thailand, Brazil, Japan, Singapore, the Kingdom of the Netherlands, and many others affirmed this position. Specific principles highlighted as applicable to cyberspace included state sovereignty, non-intervention, peaceful settlement of disputes, and state responsibility.

International Humanitarian Law (IHL)

Many countries, including Brazil, El Salvador, and Switzerland, emphasized the importance of including IHL language in the final report. Several speakers referenced the 34th International Conference of the Red Cross and Red Crescent as an important development in this area. The International Committee of the Red Cross (ICRC) offered to share two short papers on legal protection during armed conflicts and mentioned the Global Initiative on International Humanitarian Law.

Human Rights in Cyberspace

Portugal, Mexico, and others emphasized that human rights law applies both online and offline. There was widespread agreement on the need to protect critical infrastructure and civilian populations from cyber attacks. The discussion highlighted the tension between security measures and democratic rights in countering cybercrime and misinformation, as noted by Malawi.

Need for New Legally Binding Instruments

One of the most significant areas of disagreement centered on whether new legally binding instruments are needed for cyberspace. Countries like Japan, the Republic of Korea, and the United Kingdom argued against the need for new cyber-specific laws, contending that existing international law is sufficient. In contrast, Cuba, China, Pakistan, and the Russian Federation advocated for developing new legal instruments to address perceived gaps in the current framework.

Progress in Developing National Positions

Several countries highlighted the progress made in developing national and regional positions on how international law applies to cyberspace. The Chair noted that 32 countries plus two regional groupings have now published national or regional positions on this topic. Colombia’s newly published national position was mentioned by several speakers as a positive development.

Cross-Regional Working Paper

Thailand presented a cross-regional working paper on behalf of 14 countries, which was referenced by multiple speakers as an important contribution to the discussion.

Capacity Building

There was widespread support for continued capacity building to help all states engage meaningfully on these issues. Speakers from various regions emphasized the importance of capacity building in enabling states to participate in legal discussions and develop their own national positions. Specific initiatives mentioned included technical attribution capabilities (Thailand), scenario-based exercises and workshops (Switzerland), and support for developing national positions (various countries).

Structuring Future Discussions

Many countries backed proposals to integrate international law discussions into the future permanent mechanism, though there were differing views on the exact structure. The United Kingdom suggested integrating international law into cross-cutting thematic groups, while France supported a dedicated thematic group on international law and norms. Switzerland advocated for a dedicated forum for in-depth international law discussions. An unexpected difference emerged between France and Czechia on whether discussions on norms and international law should be combined or separated in future mechanisms.

Reflecting Progress in the OEWG Final Report

There was broad support for the OEWG final report to accurately reflect the progress made in discussions, particularly on international humanitarian law. The United States, Colombia, Australia, and the ICRC all emphasized this point. Switzerland and Brazil offered specific language proposals for the final report.

State Responsibility and Attribution

The discussion touched on the challenges of state responsibility and attribution in cyberspace, with several countries emphasizing the need for further dialogue on these issues.

Conclusion

The discussion demonstrated significant progress in developing common understandings of how international law applies to cyberspace. However, it also revealed ongoing challenges, particularly regarding the need for new legally binding instruments and how to structure future discussions. The emphasis on capacity building, the inclusion of IHL and human rights considerations, and the desire to reflect progress in the OEWG’s final report suggest a commitment to continued engagement and development in this area. As states continue to grapple with these complex issues, the balance between security and individual freedoms, the application of specific legal concepts to cyberspace, and the potential development of new legal frameworks remain key areas for future consideration and debate.

Chair: Distinguished delegates, the fourth meeting of the tenth substantive session of the Open-Ended Working Group on Security of and the Use of ICTs is now called to order. We’ll now begin our discussion on the topic of how international law applies to the use of ICTs by states. And I’d like to open the floor once again, inviting all delegations that wish to take the floor to press the button. And we are in time and in schedule in accordance with our program of work. And I hope that we’ll be able to finish this segment by the end of the day. But that depends on the number of speakers. But I have no intention to discourage all your interventions. We’d like to hear as many of you as possible. Once again, please be as succinct as possible in terms of how we can capture the progress we have made in this particular topic of how international law applies, how we can capture that in the final progress report. So with those remarks, I’ll open the floor now, giving the floor first to Sweden, to be followed by Thailand.

Sweden: Mr. Chair, thank you for giving me the floor. Sweden fully outlined itself for the statement made by the European Union, and I will make some brief additional remarks in my national capacity. We are approaching July 2025 and thus the end of the mandate of the Open-Ended Working Group. We look forward to the final report, including on how international law applies to the use of ICT. by states. Furthermore, it will be important to continue the discussion in an appropriate format on international law and cyberspace also after the end of the mandate of the Open-Ended Working Group. As has been stated before, Sweden does not see a need for new legally binding rules regulating cyber activities. All states have already agreed that existing international law is applicable also to cyberspace. This includes inter alia the UN Charter International Humanitarian Law and international human rights law. Negotiating new legally binding rules would not only be unnecessary, but also risk opening up for a debate on well-established rules of international law, which we already agreed on. Instead of diverting time and resources to discuss new rules, we should focus on efforts on continuing the discussion on how existing international law applies to cyber activities. A better understanding of how international law applies in cyberspace will contribute to the strengthening of an open, secure, stable, accessible and peaceful cyber environment. Many states and some regional organizations, including Sweden and the European Union, have developed positions and declarations on this issue. We see a value in more states developing national positions and welcome further discussions in different fora. The recently concluded 34th International Conference of the Red Cross and the Red Crescent was an excellent example of such discussion. Sweden had hoped that the adopted resolution on ICT would have been more ambitious, but we are pleased with the outcome. We stand fully behind it and see it as a step in the right direction. as regards international humanitarian law and cyber activities. As was recalled in the resolution, in situations of armed conflict, the rules and principles of international humanitarian law serve to protect civilian population and other protected persons and objects, including against the risks arising from ICT activities. It is Sweden’s strong conviction that the final report should include a clear reference to the applicability of international humanitarian law in the cyber context. Finally, Mr. Chair, it is essential not to confuse the discussion on binding international law in cyberspace, which every state is obligated to comply with, with discussions on norms of responsible state behavior in cyberspace. While these discussions should be seen as complementary, we believe that they should be treated as two distinct elements. In this regard, Sweden believes that the cross-cutting working groups proposed by France for the POA will provide sufficient space for discussions on how international law and non-binding norms apply in cyberspace and how they will be applied to specific policy issues and situations. Thank you so much, Chair.

Chair: Thank you very much, Sweden, for kicking off the discussions. And of course, we also take note of the statement made by the European Union earlier in the morning on the same topic. I give the floor now to… Thailand, to be followed by Nigeria, speaking on behalf of the African group.

Thailand: Thank you, Chair, I am delivering this statement on behalf of a cross-regional group of states that includes Australia, Chile, Colombia, the Dominican Republic, El Salvador, Estonia, Fiji, Kiribati, Moldova, the Netherlands, Papua New Guinea, Thailand, Uruguay, and Vietnam. Over the past year, states have engaged in focused discussions and made substantive interventions on international law, and we have been impressed by the number of states delivering such detailed statements on how international law applies to cyberspace. We welcome the increasing number of national and regional positions that are being developed, which will further contribute to the deepening collective understanding of how international law applies in cyberspace. Chair, our cross-regional group presented a working paper on international law in December last year, with the paper offering convergence language for the 2025 final report of this OEWG. Building upon previous discussions and acknowledging the momentum gained in our recent sessions, we are pleased to announce that we have republished the paper, now with more co-sponsors, indicating the widespread level of support our proposals enjoy. The paper draws attention to areas of emerging convergence on international law that have been reflected in discussions and national and regional positions over the past year, including recognition that states must respect and protect human rights and fundamental freedoms, both online and offline, in accordance with their respective obligations. States must meet their international obligations regarding internationally wrongful acts attributable to them under international law. And international humanitarian law applies to cyber activities in situations of armed conflict, including where applicable the established international legal principle of humanity, necessity, proportionality, and distinction. The paper also reaffirms that states have recognized that in addition to Article 2.3 and 33, Chapter 6 of the Charter of the United Nations more broadly provides for the pacific settlement of disputes, which is applicable to states’ conduct in cyberspace. We acknowledge the importance of continuing discussion on how international law applies in cyberspace within the OEWG, as well as the importance of building capacity on international law so that all states can participate meaningfully in these critical discussions that are key to preventing conflicts and maintenance of peace and security. We also acknowledge that cooperation and capacity building are crucial for building states’ technical cyber capabilities for the purposes of determining the source of malicious cyber activities and attributing internationally wrongful acts. We support continuing dialogue on this topic. It is important to continue to discuss and exchange ideas to build common understandings of how international law applies to cyberspace. The future permanent mechanism to advance the responsible behavior of states in the use of ICTs in the context of international security could offer a framework to accommodate this informed and structured discussion and assist with capacity building on international law. Dedicated thematic groups which incorporate scenario-based exercises on international law issues would be a useful part of an action-oriented future mechanism for the purposes of facilitating substantive exchanges on international law as well as capacity building. We welcome support from other states for the tech show. proposals in our paper and hope to see the text reflected in the 2025 final report of this OEWG. Mr. Chair, now please allow me to deliver the following statement on behalf of Thailand in its national capacity. Mr. Chair, we agree with you that we have made a lot of progress during this working group, particularly in deepening the discussion on international laws application in cyberspace. We recall the OEWG’s mandate to continue to study with a view to promoting common understandings how international law applies in the use of ICTs by states. We believe our working group has achieved that goal. While current geopolitics sometimes complicate our discussion on international law, the OEWG has facilitated constructive legal debate. Many countries have shared or updated their national positions on application of international law in cyberspace. Two regional groups have shared their common perspectives. More and more states, including Thailand, have joined the substantive discussion and shared their views through interventions during previous OEWG sessions. We have listened closely to the extensive discussion and hope that the final report of the OEWG accumulate and reflect views and discussions of states on the topic of international law thus far. We believe that the final report should include additional layers of converging understanding that emerge from the discussion as identified in the cross-regional working paper presented to you. This includes peaceful settlement of disputes, respect for international human rights obligations, the principle of state responsibility, and application of international humanitarian law to ICT activities during armed conflicts. Recognizing these emerging common understandings does not in any way preclude discussions on the potential development of new legally binding instruments, as some members propose. Establishing a shared understanding of existing legal frameworks is an essential first step toward any progressive development of international law in any field. Mr. Chair, the extensive discussions on international law within this OEWG are a testament to its success. Capacity-building programs, including workshops, training, scenario-based exercises, have enabled Thailand and many developing countries to participate in in-depth legal discussions on this important issue. Thailand is also currently in the advanced stage of drafting its national position on the application of international law in cyberspace. Thailand would like to extend our gratitude to UNIDIR for hosting a regional workshop on international law, norms, and cyberspace in January this year in Bangkok. We would also like to thank the Government of Australia for sponsoring the workshop. The workshop played a crucial role in building capacity and confidence with over 20 participants from nine different Southeast Asian countries. Thailand will continue its commitment to working on building capacity in the region, and we look forward to partnering with Stimson Centre for hosting a regional workshop on cyber accountability in April this year. Mr. Chair, despite the progress made, continued discussions are necessary to build a common understanding of how international law applies to cyberspace. In this regard, Thailand supports the establishment of a dedicated thematic group on international law. Such a group, incorporating scenario-based exercises, would provide a value platform for action-oriented dialogue, facilitate substantive exchanges on international law, and enhance capacity-building efforts. We look forward to continued engagement and cooperation in this important endeavour. Thank you.

Chair: Thailand for your statement. I give the floor now to Nigeria on behalf of the African group to be followed by El Salvador. Microphone for Nigeria, please. Microphone for Nigeria, please. Thank you. Microphone is still not given to Nigeria. The light has to turn red so that we can hear you. OK, please do. I apologize. No, no reason to apologize. We apologize. Please, you have the floor. Thank you.

African group – Nigeria: I’m reading the statements in our national capacity. The guiding principles of international law is a product of multilateral efforts in ensuring responsible state behavior. And this also should be applicable in cyberspace. Nigeria believes the territorial sovereignty of all member states is applicable in cyberspace and rejects all forms of external interference or aggression under the pretext of exercising enforcement in response to unlawful cyber activities that emanates from the territory of another state. States must uphold high standard against sponsoring cyber attacks, particularly against critical infrastructure and critical information infrastructure in other territories. The preservation of lives and provision of basic amenities are sacrosanct. Attacks against such facilities that cater for such provision is inhumane and should be avoided at all costs. The application of international law in cyberspace serves as a deterrence to existing and potential malicious actors, particularly when culprits are convicted of their crimes. The obligation therefore falls on states to ensure that their territories are not used for belligerent cyberattacks while enforcing relevant law against unlike criminal activities within their territories. The enforcement of relevant laws against malicious actors would aid the sustenance of an open, secure, stable, accessible and peaceful use of the Internet, which protects basic human rights and fundamental freedom of individuals and people. Mr. Chair, Nigeria validates due diligence as a process that promotes openness, accessibility, safety and security of the cyberspace. Due diligence is crucial in investigating the source of malicious cyber activities and it would prevent escalation of conflicts between or among perpetrators and victims. My delegation believes that international cooperation amongst states reinforces the objective of combating a common enemy through a consensus-based legal framework, which may be used for peaceful settlement of disputes on IC-related issues. It is therefore pertinent to state that attainment of a common legal position is premised on states’ willingness to compromise divergent views to achieve the ultimate goal of safeguarding the cyberspace. The complexities of international law require a platform for discussion of best practices as it relates to ICT. Such a platform bridges the gap in the application of international law in cybersecurity and empowers states with requisite knowledge to make well-informed decisions during deliberations on cybersecurity. Nigeria is of the view that acquisition of requisite knowledge through the extent of expertise, capacity building and technical assistance should respect state sovereignty and must be tailored towards specific needs of the recipient country. Capacity building and other forms of cooperation in the application of international law in cybersecurity should also respect the integrity and security of recipients’ critical infrastructure, critical information infrastructure, and protect the confidentiality of national policies and plans. In conclusion, Mr. Chair, Nigeria wishes to reiterate its flexibility and continued support for the ongoing process to reach a consensus on the application of international law in cyberspace. I thank you all.

Chair: Thank you, Nigeria, for your statement in your own national capacity. I had said on behalf of the African group, but I think I was mistaken. All right. El Salvador, to be followed by Brazil. Thank you.

El Salvador: Chairman, El Salvador aligns itself with the statement made by Thailand on behalf of a group of countries. As we have expressed throughout the work of this group, discussions on international law are extremely important. My delegation, of course, recognizes the huge value of established humanitarian laws applicable to armed conflicts and the need to respect these norms in all circumstances provided under relevant international instruments, as well as in customary international law in force. My country has repeatedly reaffirmed the fact that international law, in particular international humanitarian law, is fully applicable to cyberspace. This includes essential things like sovereignty and sovereign equality. As expressed in the December session and looking towards the… final report of the OEWG in July, we reiterate our interest in this report containing meaningful language on the application of IHL to cyberspace. We particularly underscore its applicability to activities that use ICTs in the context of an armed conflict, including, where applicable, the fundamental legal principles of humanity, neutrality, necessity, proportionality, and distinction. These principles are grounded in protecting the civilian population, as well as other persons and projected objects, including when it comes to the risk stemming from ICTs. Said protection is essential in order to ensure that basic goods and services can be provided, including medical services, humanitarian operations, information on physical security, the provision of essential resources for survival, and communication with family members. That’s why one of the main obligations that El Salvador identifies within this discussion is the duty of parties to develop complementary norms, in particular to strengthen the protection of civilians and of civilian infrastructure against the effects of cyber operations. We further reiterate the importance of protecting critical infrastructure and critical information infrastructure, guaranteeing the availability and integrity of ITCs in this context. This includes the protection of undersea cables and communication networks in orbit, like the 2024 progress report states. Similarly, we underscore the need to implement adequate data protection mechanisms, in particular when it comes to personal data in context of armed conflict. Furthermore, we wish to warmly welcome the recent resolution on protection for the civilian population against the humanitarian consequences of the misuse of digital technologies in armed conflict within the framework of the 34th International Red Cross and Red Crescent Conference that gave a clear signal to member states and national societies, the Red Cross and Red Crescent, calling upon them to recognize the human cost of malicious activities using information and communications technologies. And they commit to protecting the civilian population and essential infrastructure against cyber attacks. At the same time, we wish to underscore that going into further depth into the analysis on how IHL laws and norms are applied when it comes to cyberspace in no case implies legitimizing or promoting cyber warfare or the militarization of the cyberspace. That’s why we launch an appeal to continue to build common understandings on this matter. Thank you very much, Chair.

Chair: Thank you very much, El Salvador, for your contribution. Brazil, to be followed by Senegal.

Brazil: Thank you very much, Mr. Chair. International law is an essential part to the maintenance of international peace and security and therefore to an open, secure, stable, peaceful, accessible and interoperable ICT environment. The General Assembly rightfully recognized over a decade ago that international law, including the Charter, international human rights law and international humanitarian law, is fully applicable to states’ use of ICTs. That, of course, was only the beginning of our work on this issue. Since then, subsequent GGEs, the previous OEWG and this one have extensively debated how to apply existing rules of international law to cyberspace. Though we have made important progress, the complexity of this endeavor will require further in-depth discussions to reach additional common understanding in this regard. One important process, sorry, one important step in this process is, as recognized in previous APRs, having a wide and diverse range of national views on how international law applies. As one of the first countries to publish its national position on the applicability of international law in cyberspace, Brazil welcomes the increasing number of national and regional positions that have been published and hope to see many more in the future, especially from the developing world. The capacity building initiatives that have been taking place in this area have been particularly important. We have both benefited from and contributed to those initiatives by sharing our experience with the development of our own national position. As we approach the end of the Open Networking Group’s mandate and look to the establishment of a permanent mechanism, adequately reflecting the wealth of our discussions in our final report becomes paramount. That has not been the case in our APRs, particularly with regards to international humanitarian law. As we have repeatedly stated, IHL applies to situations amounting to armed conflict independently of its classification as such by the parties. It does not matter whether the armed conflict is lawful or not, because its objective is to minimize human suffering and provide a minimum level of protection to civilians in any scenario of hostilities. Therefore, the recognition that international humanitarian law applies to cyberspace does not in any way endorse its militarization or legitimize cyber warfare. If that were the case, the very existence of IHL would legitimize the use of force. In this regard, Brazil, as many other delegations in this room, strongly supported the adoption by the 34th Conference of the International Red Cross and Red Crescent of the resolution protecting civilians and other protected persons and objects against the potential human cost of ICT activities during armed conflict. which constituted a groundbreaking contribution on the subject. While we acknowledge that the resolution does not constitute a direct precedent to UN processes, it was adopted by consensus in an inclusive process involving both states and national Red Cross and Red Crescent societies, and contains elements that have also been extensively discussed in this room. In this regard, we propose that our final report include, in addition to the previously agreed language, a paragraph inspired by operative paragraph four of that resolution, such as, and I quote, states recalled that in situations of armed conflict, international humanitarian law rules and principles serve to protect civilian populations and other protected persons and objects, including against the risks arising from ICT activities, end quote. Mr. Chair, even though we must continue to make progress in finding common understandings on how existing rules of international law apply to ICTs, we recognize that as our debates evolve, we might find a need for specific legally binding obligations to bring greater clarity to all states on international law application to cyberspace. As we have repeatedly stated, there is no contradiction between the applicability of current international law and an eventual ex-specialist on the subject, or between binding obligations and voluntary norms which are complementary and mutually reinforcing. This is why we appreciate your inclusion in the RID discussion paper of a thematic group on international law and on norms, rules, and principles. However, we are open to continuing our discussions on this, and once again reiterate that international legal obligations and voluntary norms do not hold any equivalent status and discussing them interdependently does not mean honing them at the same level. I thank you.

Chair: Thank you very much, Brazil, for your contribution. Senegal to be followed by Singapore.

Senegal: Thank you very much, Mr. Chair. It’s the first time. that I’m taking the floor. I would like to say that my delegation is pleased with the excellent results of this group under your leadership since the beginning of this process and the effective spirit that we have all been showing. We officially welcome the drafting of a catalog of ICT measures, the establishment of a voluntary contribution fund of the UN to strengthen capacity building and the Indian Initiative for the Global ICT Cooperation Portal. We also welcome the operationalization of the Global Points of Contact Directory in May 2024, which already has 116 countries’ contact points. At the outset of this session and this second-to-last session, my delegation would like to call on all parties to show the same constructive spirit as we seek a consensus, especially on modalities for the future permanent mechanism and the structure of the thematic groups. As for international law and its relation to cyberspace activities, Senegal and South Africa have made by Nigeria on behalf of the African group, and we see the following international capacity. Certain issues such as the adoption of a new legally binding international instrument as well as the maintaining positive international law to govern cyberspace have not yet been resolved. We believe it is necessary to continue discussions to avoid misunderstandings and foster improved understanding on how international law ought to apply to cyber activities. Senegal echoes the African – the common African position on the way in which international law applies to the use of ICTs in cyberspace adopted in February 2024. This position reaffirms Africa’s commitment to maintain the principles of sovereignty, noninterference in internal affairs of states, peaceful dispute settlement, and the prohibition of the use of threats and use of force in cyberspace. We believe two points are especially important. The first has to do with the application of international humanitarian law. We recall that the application of IHL is not – should never be interpreted as a way of justifying war, but here we ought to promote strict adherence to the fundamental principles of this law in all cyber activities. during armed conflicts. Senegal recalls that observing these norms will reduce the risk of potential damages done to civilians, civilian infrastructure, and combatants during conflicts in the cybersphere, but does not in any way justify the use of ICTs in these conflicts. For the group of friends, on the application of IHL, on the way in which the principles of military necessity and humanity, such as distinction, proportionality, and precaution, are to apply to the use of ICTs, these principles are the foundation of all pressure on civilians during cyber operations. The second point has to do with the use of countermeasures to respond to cyberattacks, including collective countermeasures. Here it’s crucial to arrive at a consensus that can guarantee a balance between recognition of their legality to protect countries that do not have heterological competencies and ensuring that they have remedies so that they do not – and regulating their use so they do not lead to further cyber conflicts. As for the outcome report of this group, my delegation believes that, first of all, the outcome report of the group ought to faithfully reflect the coherent and continued discussions we’ve had on this topic, including strides made in our common understanding as well as the main divergences. We advocate for strong language on the principles of military necessity and humanity, such as distinction, proportionality, and precaution, and how they apply to the use of ICTs during armed conflict. Secondly, we must work to expand our knowledge on this issue, including the common understanding of what cybernetic operations include as well as the legal status of civilian data, especially when their destruction or deletion may be considered to be a violation of international law. Thirdly, we must pay attention to the issue of civilian protections, and we must – it is important for various actors of cyberspace, as far as possible, to protect civilians, including the fundamental – principles of IHL. It’s crucial to uphold and protect human rights and fundamental freedoms online and offline, especially the right to privacy, to freedom of expression, to non-discrimination, freedom of association, to effective legal remedies and other provisions in the International Covenant on Civil and Political Rights. Fourthly, we must recognize the current trend toward the presentation of national and regional positions on the issue. After the presentations of the regional positions of the African Union and the European Union, Senegal is pleased with this exercise. It has become well-established and is an excellent opportunity to take into account the entirety of the problem and to make it one of the common priorities in cybersecurity governance. My country is working to draft a national document with a holistic position on the general applicability of international law in cyberspace, which recommends both comprehensively applying international law and creating new norms on cybersecurity. Fifthly, we ought to identify relevant capacity-building measures to consolidate a common and overall comprehension of understanding on this issue. The UND workshop on this question, which I personally took part in, is an excellent initiative in this area. In closing, we recall the equal importance and relevance of the five pillars of the group’s mandate. My country would like to be willing to reconsider, without prejudice to the conclusion of this discussion, adding a pillar on the application of international law. As we discuss the future mechanism, we will engage in further exchanges on the proposal of having three thematic groups, including one on legal questions that would involve the application of international law and the issue of norms for responsible behavior. Senegal reiterates this availability and its commitment within the OEWG to engage in frank and positive discussions. Thank you.

Chair: Thank you very much, Senegal, for your contribution. Singapore to be followed by Malawi.

Singapore: Thank you, Mr Chair, for giving us the floor. Singapore sees international law as a crucial component of the OEWG’s work. As a firm believer in rules-based international order, Singapore’s view is that fostering common understanding among states in the application of international law to the ICT context will contribute to greater peace, security and trust among states. Singapore remains heartened by the progress made at the OEWG thus far and views paragraph 37 of the third APR as being illustrative of an additional layer of understanding. It provides a degree of clarity which is helpful for all states to understand how international law applies to cyberspace. Paragraph 37 of the third APR provides the foundation for states to build upon and engage in further elaboration of international law so as to foster greater common understanding on topics such as what uses of ICT violate states’ sovereignty or amount to the use of force and armed attacks under the UN Charter, etc. Singapore also sees considerable value in states issuing national statements or regional ones such as what the African Union and the European Union have done. Such statements would contribute to the key of states’ understanding on how international law applies in cyberspace that assists not only our work at the OEWG but even beyond in the future mechanism. Mr Chairman, Singapore remains open to engaging and participating in discussions on the application of international law including in the identification of gaps, if any, in existing international law. in the context of cyberspace, both within the OEWG in the remaining time, or in the future mechanism. Scenarios-based exercises would be a useful avenue for such discussions, as they provide a platform for states’ legal experts to discuss and apply international law rules to possible real-world scenarios. Such discussions allow states to appreciate and understand any differences in their perspectives and application of international law principles in a tangible and more granular manner. This would in turn then increase the chances of states finding common ground amongst themselves. Thank you, Mr Chairman.

Chair: Thank you very much, Singapore. Malawi, to be followed by Mauritius.

Malawi: Distinguished Chair and esteemed delegates, in regards to Agenda Item No. 5, the role of international law in regulating state conduct in ICTs, Malawi reaffirms its dedication to the principles of international law in governing state activities in cyberspace. As digital landscapes evolve, it remains crucial that legal frameworks safeguard national security while upholding human rights. Ensuring the resilience of critical information infrastructure is not just a matter of state security but also of protecting individuals from emerging cyber threats, including those posed by malicious actors. The UN Charter provides essential guidance on this regard. Article 2, subsection 4, prohibits threats or uses of force against the sovereignty of nations, a principle that is equally relevant in cyberspace. Article 1, subsection 1, further underscores the collective duty of states to promote peace and security, necessitating that cyber operations remain aligned. with established legal norms. Additionally, international humanitarian law offers key principles applicable to cyberspace. The obligations of distinction, proportionality, and necessity must inform cyber activities to ensure that civilian populations and essential services are not unjustly impacted. The Geneva Conventions and their additional protocols provide indispensable protections, which remain relevant in mitigating the risks associated with cyber conflicts. Moreover, the convergence of cybersecurity and human rights warrants careful consideration. Instruments such as the Universal Declaration of Human Rights and the International Convenant on Civil and Political Rights enshrine fundamental freedoms, including privacy, expression, and access to information. While it is the responsibility of states to encounter cybercrime and misinformation, to counter cybercrime and misinformation, security measures should be structured to preserve democratic rights and prevent overreach. At the national level, Malawi is strengthening its cybersecurity governance through legislative and strategic advancements. Beyond the Constitution of Malawi of 1994, which was revised in 2017, that addresses and clearly states every citizen’s and resident’s rights. My delegation has the Electronic Transactions and Cybersecurity Act of 2016 and is in the process of drafting a cybersecurity bill and cybercrimes bill. A Data Protection Act is already in force to safeguard personal information. While a national cybersecurity strategy is undergoing review to enhance resilience, a dedicated cybersecurity policy is in development to guide regulatory. regulatory enforcement. Rather than solely, rather than focusing solely on expanding regulations, Malawi believes the primary question at hand is how to achieve an effective balance between security and individual freedoms. Addressing this challenge requires first crafting cyber security legislation that integrates human rights consideration while effectively mitigating cyber risks. Second, enhancing cooperation through national and regional certs to bolster information sharing and cross-border response mechanisms. Third, encouraging international engagement to share best practices in implementing legal frameworks that protect both digital infrastructures and civil liberties. Fourth, and last but not least, preventing excessive restrictions that could impede innovation or limit freedoms in the name of security. Malawi remains committed to fostering an approach that harmonizes security with rights-based governance. We urge all states to support this endeavor through sustained collaboration, legal clarity, and knowledge exchange to build a secure and open digital future. Thank you so much, Chair.

Chair: Thank you very much, Malawi. Mauritius to be followed by Mexico.

Mauritius: Chair, thank you for giving me the floor. Please be assured that I will keep my remarks as succinct as possible. As cyberspace becomes an increasingly integral domain for national security, economic development, and international relations, the question of how international law applies to state behavior in this domain is of paramount importance. While differences in legal interpretation remain, there is a shared commitment to preventing conflicts, and promoting stability. Strengthening legal clarity, fostering dialogue on state practice, and enhancing cooperative approaches to cyber threats will be essential in ensuring that international law continues to serve as a foundation for responsible state behavior in the digital era. Aligned with the common African position on international law, Mauritius is in the early stages of developing its national position on this pillar. This effort seeks to contribute to global stability while ensuring that our legal interpretations align with both legal interests and the broader principles of international peace and security. We remain committed to engaging in constructive dialogue with the international community. We recognize the value of ongoing discussions within the OEWG and in the future permanent mechanism in shaping a shared understanding of how international law applies to cyberspace. Our approach will be guided by the principles of transparency, cooperation, and the promotion of a rules-based international order in cyberspace. In conclusion, our national position on international law in cyberspace will seek to strike a balance between upholding existing legal principles, addressing emerging cyber threats, and ensuring that international law remains fit for purpose in the digital age. In this regard, we look forward to further engagement with UNIDIR to formalize our national position before the final session in July. We also take note of the valuable contributions by other states and groups of states on this matter. Thank you, Chair.

Chair: Thank you very much, Mauritius. Mexico to be followed by Canada, please.

Mexico: Muchas gracias, Presidente. Thank you very much, Chairman. Mexico reiterates its support to the consolidation of a framework that promotes responsible behavior of states in the use of information and communication technologies. We reaffirm that international law, including the United Nations Charter and international humanitarian law, are applicable to cyberspace. In this regard, Mexico endorses the approach proposed for a thematic group to be devoted to debating the rules, norms and principles, and international law, recognizing its complementary nature in the promotion of risk and tension reduction and the fostering of an open, safe and peaceful cyberspace. Likewise, we underscore the importance of keeping open a space for ongoing dialogue that would enable us to identify possible loopholes and areas of opportunity in the application of international law to cyberspace without prejudging the outcome of these conversations. This process must fully respect the fundamental principles of sovereignty, non-interference, the prohibition of the use of force and the peaceful settlement of disputes. Furthermore, Mexico emphasizes the need to firmly integrate the protection of human rights in digital environments, reaffirming our commitment to the defense of privacy, freedom of expression and other fundamental rights in the digital realm. Finally, we underscore the importance of the capacity-building efforts to enable states to participate in a meaningful way in these discussions, and this in order to improve or, rather, to ensure that we have a shared understanding and effective implementation of the principles of international law applicable to cyberspace. Thank you very much.

Chair: Thank you very much. Mexico, Canada to be followed by Cuba.

Canada: Chair, thank you for giving Canada the floor. Chair, looking today at the mandate of this open-ended working group with respect to international law, we can only echo Thailand, which spoke earlier to conclude that this group has succeeded. To recall the mandate called for states to continue to study with the view to promoting common understandings how international law applies to the use of information and communications technologies by states. This is precisely what our OEWG has done for the past four and a half years. Not only did we promote common understandings, but through exchanges, discussions and capacity building exercises, member states together have built additional understandings, providing greater and greater clarity on how international law applies to cyberspace and building trust while doing so. Chair, under your leadership, we have maintained momentum on international law. Our progress and this momentum should be documented in our final report. To be clear, the report should comprehensively and accurately describe the range of activities and substantive topics addressed by member states and stakeholders. Wherever possible, common understandings on substantive international law topics should be captured in the final report. A key achievement of our work to reflect in the report is certainly the wealth of national and regional positions presented here at the OEWG. Chair, as you pointed out at the ninth substantive sessions Many more states, including smaller states, now feel comfortable engaging on international law. This OEWG has created an inclusive platform for our discussion. This must be reflected in our final report. We congratulate Columbia for the publication today of their national paper. Columbia’s paper represents an important and eloquent addition to the corpus of national positions. This is a great step forward, and Canada is proud to have provided capacity-building support to Columbia in its endeavour. This development shortly follows the EU’s declaration, which was the second regional statement published after the African Union’s common position, which Canada also supported. Chair, these many statements reveal a number of common understandings on how international law applies, including notably on IHL, reflecting a growing convergence of views that this OEWG has been fostering. Another key achievement is the wealth of capacity-building activities involving so many Member States. The scope and variety of these activities have responded to the diverse and concrete needs expressed by Member States. Canada this month held the last in a series of capacity-building courses with Cyber Law International. In total, more than 600 foreign officials from 87 Member States took part in the 17 courses held since 2022, building national and global expertise on international law and cyber. This is but one effort amongst many other successful initiatives, such as those by UNIDIR. the University of Exeter, the CCDCOE, Japan and Estonia on national and regional positions, and others by the OAS, Chatham House, the African Union, Oxford Process and the Stimson Centre. Chair, the ongoing capacity building has undoubtedly contributed to the increased participation in and richness of our OEWG discussions on international law. International humanitarian law has clearly been much discussed in our OEWG and is an area of common understanding. For our final report, Chair, Canada supports the many states who have spoken previously and today, Brazil, Thailand, El Salvador, Senegal, Colombia and many others, in building on the consensus language found in GA resolutions and in past OEWG reports. And also in capturing the progress made at the 34th Conference of the Red Cross and Red Crescent in the adoption of Resolution 341C slash 24 slash R2. And I refer here to the text previously read by our colleague from Brazil. This can inspire us to come up with meaningful language to reflect the common understandings that have developed on international humanitarian law. This would be in line with the cross-regional statement on IHL presented by Senegal last year on behalf of a group of states, including Canada. We today reiterate our support for that statement. Today, Canada also welcomes the other cross-regional paper on the application of international law presented most recently by Thailand. And we note that this paper continues to gain additional co-sponsors. Canada hopes to see the multiple areas of convergence identified in that cross-regional paper. reflected in our final report. Chair, turning to the future, we should ensure that our ongoing work on international law evolves with the future mechanism to become more action-oriented. To this end, Canada has considered the best approach, and we have arrived at the view that integrating international law into each of the first three thematic working groups set out in your discussion paper would best ensure our continued progress. Concretely, Canada would highlight these priorities. The focus on international law in the thematic groups should be to build common understandings on how international law applies to practical policy challenges. Such discussions would be inclusive and would advance continued capacity-building on international law, both by expanding expertise of participants and identifying future capacity-building needs on international law. Agendas for the three thematic groups could be shared in advance so that contributions on international law can be prepared in advance by the legal teams of each delegation. Thematic group meetings could include expert briefings on technical and legal topics, followed by scenario-based discussions. This would help identify challenges and address practical solutions, including how relevant legal rules apply. Recommendations from the thematic groups could be brought back to the plenary for further discussion, including under the core pillar of international law. Chair, in conclusion, in our past discussions on international law, Canada has compared the work of our OEWG to the way Indigenous people in Canada patiently build a birchbark canoe. Today, Chair, after four and a half years, our canoe is nearly built. Spring is coming. It’s true it’s cold outside today, but spring is coming and it will soon be time to complete our canoe and launch it. It will be to the future mechanism to steer our common canoe so that it fulfills its purpose in an action-oriented manner, navigating different scenarios, whether small creeks, large rivers, or lakes. But by paddling together, we will ensure stability in cyberspace. Thank you.

Chair: Thank you very much, Canada, and thank you for that metaphor of the birchbark canoe, for which I was waiting. It’s good to be reminded of that metaphor because we are all in the same boat, and the canoe made of birchbark is all the more an appropriate metaphor because of how fragile it is and how it is made by human hand, human endeavor, human hope. And because we are in the same boat or birchbark canoe, we all have a deep interest in making sure that this canoe doesn’t capsize. But at the same time, we know that we have to keep everyone in the boat, we have to leave no one behind, and we have to sail through the waters. The waters are getting rough, the undercurrents are strong, the rocks facing us are huge, and perhaps, hopefully not immovable. I mean, I can go on with this metaphor for the rest of the afternoon. But it is very appropriate that we all think about how we are all in this together, not just with regard to the question of international law, but across the board. So hope to see you on the other side of the river, although the weather today does feel like Canadian spring, I have to say. Let’s wish ourselves good luck as we embark on this final journey across the river. I give the floor now to Cuba, to be followed by Japan.

Cuba: Chairman, our position on how international law applies to the use of ICTs is very well known by everyone, and it is still the same as it always has been, and we’ve been emphatic on this, increasing our considerations consistently throughout the conversations at the OEWG. We’ve made clear what issues do not benefit from consensus. Now in line with the President’s request to focus on the final report of the Open-Ended Working Group in the design of the future mechanism for periodic institutional dialogue, we’d like to underscore that said mechanism must adhere to the five pillars, the five areas that were agreed on in July 2024. These include continuing to study how international law applies to the use of ICTs, bearing in principles on the validity of international law vis-à-vis cyberspace, in particular the principles of sovereignty, territorial integrity and non-interference in the internal affairs of states, it could be possible to continue and to go into further depth on to guaranteeing the application of these to the use of ICTs, information and communication technologies. It looks like it might not be possible to limit the malicious use of ICTs by automatically applying existing tools of international law. The challenges that are generated by the unique nature of the use of ICTs were not known decades ago and therefore they cannot be dealt with, with the different capacities that national jurisdictions have and the voluntary norms of good states’ behaviour that are easy to ignore without any type of legal consequence. So sticking to these will generate legal ambiguity that can be exploited to people’s convenience and can be used by states when they commit internationally illicit acts. Therefore we believe that it’s essential for the future mechanism for periodic dialogue, look at setting up a legally binding instrument, a broad one, that would address the legal leap holes in terms of security in the use of ICTs and establish clear obligations for all states. Rather than debating how to prevent conflicts, we would encourage focusing on the essential focus of preserving ICTs for their exclusively peaceful use. focused on development. That’s why we will insist, since the statement that our delegation made on Monday during the debate on threats, we will insist on the need for these to establish a clear global obligation. We have warned repeatedly that accepting, tacitly accepting the possibility of conflicts would lead us to an unbridled and unacceptable race for the militarization of cyberspace as yet another battlefield. Additionally, we would reiterate our proposal that the final report includes, among its recommendations, the needs to work to achieve common terminology in order to reach a collective understanding in relation to basic concepts, such as, for example, cybercrime, a cyber incident, information operations, or what would be the precise terms for the misuse of ICTs. The definition of common terms could be part of specific debates in the future mechanism for institutional dialogue, the periodic mechanism. Thank you very much.

Chair: Thank you very much, Cuba, for your statement. Japan, to be followed by the United Kingdom.

Japan: Thank you, Mr. Chair. With regards to international law, we would like to reiterate the importance of the agreed GDG reports of 2013 and 2015, which were also endorsed by consensus at the General Assembly. These reports affirmed that existing international law, in particular, the UN Charter in its entirety, is applicable to cyber operations. Japan highly values continuous efforts of implementation of existing international law, and hopes that formulation and announcement of a basic position on international law applicable to cyber operations by the governments of many states, and the application of international law in international and domestic courts and tribunals will deepen the shared international understanding on how international law applies to cyber operations. Japan also hopes that the deepening of a shared understanding will deter malicious activities in cyberspace. In addition, Japan is committed to continuing initiatives to deepen understanding of existing international law, such as working with Estonia to support the development of a handbook for practitioners in countries concerning the formulation of new positions of states. It is also beneficial to deepen our understanding through our discussions on a specific case. In order to further accelerate the understanding and the following actions by each country, we should focus on action-oriented implementation rather than dividing resources to seek for new international law simultaneously. Those discussions on international law are policy-oriented, tool-focused ones, like those on norms and best suited to a policy forum, such as this plenary meeting. I thank you.

Chair: Thank you very much, Japan. United Kingdom, to be followed by the United States.

United Kingdom: Thank you, Chair. The UK would like to focus our intervention on opportunities to progress our work on international law in the future permanent mechanism. Before doing so, the UK would like to congratulate Columbia on publishing its national position on the application of international law in cyberspace. It is an excellent contribution to our work on this topic, and we enjoyed learning more about the process at this afternoon’s side event. The UK also agrees. with a statement by Thailand on behalf of a cross-regional group of states, identifying further areas of convergence in our common understanding. We look forward to seeing this progress reflected in this year’s annual progress report. Turning to the role of international law in the future mechanism, the UK continues to support an approach that allows states to ground these discussions in a more practical context, aligning with our shared cross-cutting priorities. A thematic group on resilience, focused on the protection of critical national infrastructure, would necessarily involve discussing the protection that international law affords to critical infrastructure. For example, the non-intervention principle protects important sectors against unlawful cyber operations, for example the healthcare or energy sectors. A thematic group on stability and the prevention of conflict would necessarily have to consider the application of the UN Charter, especially its prohibition on the use of force. And a thematic group on coordination would require consideration of the role of the law on state responsibility in managing cyber incidents, as well as the UN Charter’s obligation relating to the peaceful settlement of disputes. Mr Chair, these are just some examples of how international law could be relevant to the three thematic groups on cooperation, resilience and stability. In our view, these groups would allow discussions on international law to be directed towards and focused on our shared cross-cutting priorities. Additionally, they would allow us to discuss how the other elements of the Framework for Responsible Behaviour sit alongside and complement international law. Finally, Chair, The UK remains deeply concerned at the prospect, supported by only a small number of states, of rushing into discussions on new, legally binding obligations. As we have just illustrated, the rules of international law that apply in cyberspace apply to the behaviour of states in all other domains. Indeed, they apply to all aspects of states’ international relations. If there are discrete gaps in how these existing rules apply in cyberspace, then we should consider them. But a rush to develop new, legally binding obligations would not only fail to advance our work to promote responsible behaviour in cyberspace, but more fundamentally would risk undermining the application of core, foundational rules of international law, including the UN Charter. Thank you.

Chair: Thank you very much, United Kingdom. United States, to be followed by the Islamic Republic of Iran.

United States: Thank you, Chair. This group has made enormous progress in its agenda item on international law over the past three and a half years, and the final report should reflect this, including our robust discussions of international humanitarian law. The fact that some states argue, whether due to misunderstanding or for some political reason, that international legal obligations may not apply to the use of ICTs, or that acknowledging the existence and applicability of IHL would somehow justify the use of force in violation of the UN Charter, should not discourage us from producing a report that fully captures our deliberations. We also need to integrate these discussions into our practical work on specific cyber challenges, replicating the siloed structure we had in the GGEs and OECDs. OEWGs would be a huge missed opportunity to advance our work and put the framework into greater practice. It is important for every state to articulate how they implement their international obligations in the context of ICTs. That work needs to continue, including through increased and sustained capacity building, and we have heard today from states who are doing just that. But that work does not need to be, and should not be, the focus of these discussions in the Future Permanent Mechanism. Abstract statements on how legal obligations apply will only get us so far. What we need now, and what the United States believes states are ready for, is to integrate that discussion into practical, thematic working groups oriented toward addressing specific, real-world concerns to international peace and stability. Focusing on the practical tools this discussion brings to international cooperation and problem-solving in this context will empower all states to hold others to account when necessary and work more effectively together to enhance resilience and promote peace. To ensure that we do not engender confusion in this endeavor, we must be careful to continue to distinguish between voluntary norms and binding international legal obligations. For this reason, too, we respectfully disagree with the proposal in the Chair’s paper that there should be a thematic group on norms, rules, and principles in international law. In response to proposals made by some delegations, it is possible the Future Permanent Mechanism could benefit from expert briefings from the ILC or other outside experts, but any such briefing should be targeted in scope and oriented toward addressing the real-world problems that I just mentioned. Thank you very much, and we look forward to continuing the work on this topic and its integration across the work going forward.

Chair: Thank you, United States, for your statement. Islamic Republic of Iran to be followed by Republic of Korea.

Islamic Republic of Iran: Thank you, Mr. Chair. We are convinced that the applicability of universally accepted principles of international law alongside the purposes and principles of the UN Charter to the ICT domain is a common position within the international community. Nonetheless, the distinctive technical and legal characteristics of the ICT environment, such as its cross-border nature, user anonymity, and the challenge of reliably identifying sources of malicious activities, are imperative to acknowledge the certain gaps in the existing international legal framework, which is inadequate for ensuring global peace and security in the ICT realm. We emphasize the voluntary non-binding norms cannot replace legally binding instruments for guaranteeing international information security and promoting the exclusively peaceful use of international information and communication technologies. According to international law, states are bound solely by the legal obligations to which they have explicitly consented. Therefore, it is untenable to elevate any concept above international law. The challenge of reliably identifying the sources of harmful activities and the political attribution of cyberattacks remain critical issues. We advocate for comprehensive discussions to explore and develop effective solutions to the complexities associated with cyberattribution. It is essential to reach an agreement on definitions and technical mechanisms. that will enable the objective identification of the sources of cyber attacks. The risk of politically motivated and fabricated attributions, as well as false flag operations, remains a significant concern. Iran firmly advocates for establishment of a legally binding instrument on the security of and in the use of ICTs. Such an instrument is crucial for creating mechanisms that promote accountability among states, attributing responsibility for actions taken in the ICT environment and prohibiting malicious uses of these technologies. As our esteemed colleague from Pakistan highlighted in his statement during this morning session, non-binding norms lose their effectiveness in crisis or armed conflicts, as their voluntary implementation rests with member states lacking the legal responsibility that a binding instrument would impose. Our priority is to initiate a substantive discussion on developing legally binding obligations in the ICT field, including the parameters and scope of such instruments, within a dedicated thematic group on international law under the Future Permanent Mechanism. It is imperative that our reached discussions are accurately and fully captured in the OEWG final report. Despite existing differences, many states have highlighted certain gaps in the current international legal framework and have supported the negotiation and conclusion of a legally binding instrument to ensure international information security. We trust that this reality will be duly reflected in the final report of the group. Mr. Chair, distinguished colleagues, The question we raise in this OEWG remains unanswered after five years. Why is there significant opposition to developing a binding instrument on ICT security, while numerous treaties and conventions exist in other areas? If international law and the United Nations Charter are sufficient, why then are there so many conventions and treaties in various fields? We continue to await a satisfactory response to this question from the countries opposing the idea of a legally binding instrument on ICT security. I thank you, Mr. Chair.

Chair: Thank you very much, Islamic Republic of Iran, for your statement. Republic of Korea, to be followed by China.

Republic of Korea: Thank you, Mr. Chair. We believe that universally recognized international norms, international customary law, and the UN Charter are applicable to cyberspace. As the majority of states have already affirmed, both in written and oral statements, that existing international law applies to cyberspace as well, we see little need to establish a new legally binding obligation at this stage. The process of establishing new legal obligations tailored to the unique characteristics of cyberspace cannot keep pace with the rapid advancement of technology. Therefore, we believe that states should gradually form state practices regarding specific issues in the evolving international cyber environment through the implementation of a checklist of 11 norms in the third APR based on the application of existing international law. The same logic extends to the application of international humanitarian law in cyberspace. For example, states have underscored that, just as in the application of IHL in the physical domain, its application in cyberspace does not justify or encourage armed conflict. Instead, it serves to ensure a minimum level of safeguards. in situations of armed control. Given the importance of this issue, the ongoing discussion on the application of international humanitarian law within the OEWG should be explicitly reflected in the final report. Thank you.

Chair: Thank you, Republic of Korea. China, to be followed by the Russian Federation.

China: Thank you, Mr. Chair. On the issue of international law, China believes that the final report should include the following elements. First is to emphasize that discussions on issues of international law are all about the maintenance of peace and security in cyberspace. Any proposal that might encourage or legitimize cyber conflict must be treated with utmost caution. Second is to reaffirm that the UN Charter and its established principles, including sovereign equality, the prohibition of the use or threat of use of force, the peaceful settlement of disputes, and noninterference in internal affairs are applicable in cyberspace and are the cornerstone of ensuring peace, security, and stability in cyberspace. We need to emphasize on the obligation of states under international law to protect critical infrastructure, especially the security of critical ICT infrastructure. Third is to prudently consider the application of the law of armed conflict to cyberspace and oppose covertly formulating rules of cyber warfare so as to prevent cyberspace from becoming a new battlefield. Now, some countries suggest inviting more international law experts to participate in OEWG discussions and using a scenario simulation approach. China believes that such an approach will increase the burden of developing countries and should be more appropriate for classrooms of universities and law schools rather than UN conference rooms with mostly diplomats present. Information security is a major issue that bears on international peace and security and state sovereignty and national security. This is not just a technical or legal issue, but also a major political, economic, and social issue. Therefore, simply treating political issues as technical ones will not help advance discussions on international law. Fourth is to develop new codes of conduct and international legal instruments according to the characteristics of cyberspace and the changing landscape. China supports the discussion and formulation of new international legal instruments on the basis of universal participation by all parties. The Russian Draft Convention on International Information Security provides a good basis for such discussions. China supports member states conducting focused discussions on this topic to formulate a new legal instrument. Thank you.

Chair: Thank you, China, for your statement. Russian Federation to be followed by Algeria.

Russian Federation: Mr. Chair, in December 2024, the international community made an important step toward establishing a fair, equitable system of international information security. Through a GA decision, the first universal agreement in this area was adopted, the Convention Against Cybercrime. And here I’d like to call on all member states to accede to this treaty at the recognition ceremony in Hanoi this year. This Convention Against Cybercrime was an indisputable step forward toward a comprehensive regulation of cyberspace. It is a unique and technical agreement that does not allow for the automatic application of existing international law. Similarly to this Convention Against Cybercrime, there’s a need for legally binding obligations on other areas of international information security based on upholding the fundamental principles of the UN Charter. We believe that meaningful discussion of this topic should take place in the future mechanism in the dedicated thematic group. The rules of responsible behavior are, of course, important and should be an important part of our work. But for effectively discussing this topic, we must make further efforts. We must guarantee that all states are implementing the agreements reached, and we must minimize the possibility of misinterpretation. To reach this goal, we must adopt a universal international legal instrument or instruments that could help to prevent interstate conflicts in cyberspace and would contribute to strengthening cooperation in this area. The future agreement should be based on the principles of respect for sovereignty of states and peaceful dispute settlement. The concept of this agreement was presented by Russia and a group of like-minded states as an official document of the 77th Session of General Assembly. We would like to point out that this document reflects an understanding of the applicability of the overall principles of international law to this sphere and also contains provisions based on the recommendations of yearly GA resolutions on the relevant agenda item, that is, progress in the fields of information technology for international security, as well as consensus-based documents of the OEWG and the GGE of 2010, 2013, 2015, and 2021. We propose looking at this initiative in detail during these discussions and examining the rules and obligations of states and bringing them into the legal space. Thank you.

Chair: Thank you very much, Russian Federation, for your statement. Algeria, to be followed by South Africa.

Algeria: Thank you, Mr. Chair. On the subject of our debate on how international law applies to the use of information and communication technologies, ICT. my delegation wishes to make the following points. One, Algeria stresses the importance of ensuring that the use of information and communication technologies is fully compatible with the principles and purposes of international law and the Charter of the UN, foremost among them the principle of respect of state sovereignty and non-interference in their internal affairs, as well as the principle of peaceful coexistence between states. Two, Algeria sees the benefit of voluntary norms of responsible state behavior in cyberspace and supports the idea of establishing additional norms to address the ever-evolving elements of this field. And as Ms. Nakamitsu pointed out yesterday, technological advances are accelerating beyond the capacity of government structures to cope with them, which is particularly true to artificial intelligence and its models. Some of these models are used in creating false data that include images, videos, and human language mimicking reality that are sometimes used for disinformation purposes, underscoring the importance of setting guidelines and norms that would be a framework for their use and verification and tracking their sources. Three, Algeria considers that the discussion of voluntary norms and the need to continue this debate on the application of international law in cyberspace would derive its meaning when seen as an essential necessary stage to bring opinions closer and build consensus among member states, paving the way towards binding international instruments that set clear basis and monitoring mechanisms and cooperation that address the concerns of states in the area of cyber security in a sustainable, transparent and comprehensive manner. In this regard, my delegation would like to refer to the very significant importance expressed by the composition by the member states of the African Union on the application of international law in cyberspace, which discusses many of the topics mentioned in relevant UN reports, particularly paragraph 36 of the third APR that includes topics like sovereignty, due diligence, the peaceful settlement of disputes and refraining from the threat or use of force. This initiative is a model to be followed and a significant and direct contribution by regional forums to the work of this working group. I thank you.

Chair: Thank you very much, Algeria. South Africa to be followed by Albania, please.

South Africa: Thank you, Chairperson. South Africa believes that the question of how international law applies to cyberspace is an area of law where few concrete principles and prescripts have yet crystallized. Member states are largely in the nascent stages of formulating their national positions on how international law applies to cyberspace. Some have started to assess whether existing international law is sufficient to deal with contemporary and emerging threats posed by the cyberspace domain, or whether new rules of international law may have to be developed to regulate cyberspace. The nature of cyberspace is such that it is difficult to simply transpose existing laws into the cyber domain, as traditional international law is state-centric and contemplates concepts such as territorial integrity, sovereignty, non-intervention, and aggression by armed forces in the terrestrial sphere. Cyberspace, on the other hand, is a global borderless domain which poses unique challenges for Member States. Chairperson, Member States have reaffirmed in both the first and second OEWGs that international law, in particular the Charter of the United Nations, is applicable and essential to maintaining peace, security, and stability, and promoting an open, secure, stable, accessible, and peaceful ICT environment. The principle of non-intervention, directly or indirectly in the affairs of other States, is one of the foundations of the UN Charter. In addition to this, the link to international humanitarian law and international human rights law should be the impetus for the understanding that the protection of the integrity of the supply chain for ICT devices is important to ensure that hidden functions and detrimental consequences are avoided. Chairperson, the safeguarding of CI and CII are fundamental government responsibilities, and we support the recommendation in the third APR to continue discussions between Member States on the permanent mechanism, and include presentations by academic and research institutions. institutions in developing further understandings of how international law applies to cyberspace. We also support reference to the International Law Commission in the third APR and still support a request to the ILC to provide a legal opinion on the application of international law to cyberspace. Finally, South Africa recalls that while we note the value of the common African position on the applicability of international law to cyberspace as an important reference tool to assist AU member states to develop their national positions. It is non-exhaustive, subject to further development and elaboration by individual AU member states and thus it does not preclude AU member states from evolving their national positions on international law. I thank you.

Chair: Thank you very much, South Africa, for your contribution. Albania to be followed by North Macedonia.

Albania: Thank you, Chair. The United Nations has long been the guardian of international law, ensuring that it serves as a foundation for global peace, security and stability. International law, shaped through treaties, conventions and customary principles, provide the essential legal framework that governs state behavior in all domains, including cyberspace. The UN Charter remains a cornerstone of this framework, upholding sovereign equality, non-interventional and the peaceful resolution of disputes. Albania reaffirms that existing international law, including the UN Charter, international humanitarian law and human rights law, applies fully to cyberspace. The principles of sovereignty, non-intervention and the prohibition of use of force remain as critical in the digital domain as they are in the physical world. While information and communication technologies have driven even innovation and progress, they have also been exploited for malicious purposes. State-sponsored cyber operations, attacks on critical infrastructures, disinformation campaigns, and cyber-enabled threats to democratic processes undermine global stability. To effectively counter these threats, international law must be served as both a preventive measure and a mechanism for ensuring accountability. The growing prevalence of cyber operations presents new challenges to the traditional legal frameworks that the United Nations have diligently worked to establish. Cyber activities, whether offensive or defensive, have the potential to undermine sovereignty, peace, and security if conducted outside the bounds of international law. Albania firmly upholds the principles of state sovereignty and non-intervention in cyberspace. No state should engage in cyber operations that infringe upon other nations’ sovereignty, whether through attacks on government systems, interference in electoral processes, or disinformation campaigns designed to destabilize societies. We strongly condemn all forms of malicious cyber activities that target national security and democratic institutions. Albania’s own experience with state-sponsored cyber attacks in 2022 is a stark reminder of the urgent need for stronger legal frameworks and collective international actions. Those actions aimed at crippling governmental infrastructures highlight the growing risk that cyber operations pose to national and global security. Cyber operations must not serve as instruments of aggression. A cyber attack targeting critical infrastructures, such as power grids, health systems, financial institutions, violates international laws that threaten the fundamental stability of the state. Such actions carry severe humanitarian and economic consequences, disrupting essential services, endangering lives, and undermining trust in governance. If left unchecked, they could destabilize not only the affected state, but also the broader international order. We support Canada’s proposal to integrate the application of international law to every thematic group. I would like also to quote again U.N. Secretary General Antonio Guterres. The United Nations exists because states have chosen to come together in a collective effort to build a better world. It is in the interest of all nations to uphold the rules of principles established by the United Nations, principles that are essential to global peace, security, and cooperation. The United Nations is our collective conscience. It is where we make commitment to our own people and to each other, pledging to respect the laws, principles, and agreements that bind us together. Albania remains resolute in its commitment to working within the United Nations framework to strengthen international law in cyberspace, reinforce accountability mechanisms, and promote a secure, stable, and resilient digital future for all. I thank you.

Chair: Thank you very much, Albania. North Macedonia, to be followed by France.

North Macedonia: We would like to express our appreciation for your leadership in guiding the intersessional work. We also extend our gratitude to the UN Secretariat for its inevitable support in these discussions. North Macedonia aligns itself with the EU statement delivered in this agenda item. In our national capacities, we would like to highlight the following points. We reaffirm that international law, including human rights law, fully applies in activities in cyberspace. In situations of armed conflict, international humanitarian law must be upheld. The UN Charter establishes binding obligations that are equally relevant in the digital domain, serving as a cornerstone for maintaining stability and promoting responsible state behavior in cyberspace. A clear, widely recognized, and inclusively legal framework is essential to strengthening international peace, security, and stability in our interconnected digital world. Mr. Chair, we acknowledge the significance of digital sovereignty, both at the national and international level, enabling states to govern their digital spaces, straightening resilience, fostering trust, and promoting active participation in the global digital ecosystem. At the same time, we must ensure that digital sovereignty does not lead to fragmentation, but instead contributes to global stability. State responsibility remains a critical issue. As reliance on ICTs grows, cyber operations increasingly have the potential to disrupt societies without causing physical damage. This underscores the need for greater clarity on due diligence, obligations, and attribution standards to deter malicious cyber activities and ensure accountability. Furthermore, as AI and other emerging and disruptive technologies continue to reshape the cyber landscape, it is crucial to advance discussions on accountability and private entities in enabling cyber operations. The meaningful participation of stakeholders beyond UN member states is essential in these discussions, ensuring a more comprehensive and more informed approach to addressing cyber challenges. We support the ongoing dialogue and the significant progress made over the years. As this process nears its conclusion, it is vital to establish a clear and well-defined understanding of how international law applies to the use of ICTs by states, while also ensuring continuous capacity-building efforts in enhancing cyber resilience. Finally, we express our gratitude to the donor countries supporting the Women in Cyber Fellowship and GFC to facilitate a program that empowers women, enhances participation in the field, and straightens global capacity-building efforts. We look forward to continued collaboration and meaningful efforts. I thank you, Mr. Chair.

Chair: Thank you very much. North Mestonia, France, to be followed by Colombia.

France: Thank you, Chair. I would like to conclude with a statement made by the European Union and would like to add the following in its national capacity. The full applicability of international law to cyberspace and to the use of ICTs is a crucial pillar. of the responsible behavior of states. We can all agree that international law is applicable to cyberspace and is crucial for maintaining international peace, security, and stability. This is why discussions on this pillar must be maintained during the plenary discussions on the future program of action. These discussions have and will have the ultimate goal of debating how international law applies to the use of ICTs by states. But it is also in the interest of all states to add a narrower objective that is connecting these discussions to the reality of the challenges that we are facing in order to strengthen our collective resilience, our cooperation, and the stability of cyberspace. That is what we’d like to do as part of our proposal for the POA. Conversely, failing to connect our discussions to concrete challenges that we are encountering could lead us toward a program of inaction. These action-oriented discussions could take place in each of the cross-cutting thematic groups that we have proposed. The working program of these discussions, therefore, would be complementary to disciplinary discussions on the international law pillar. It ought to complement and strengthen these discussions. The question at hand is, how do we foster common understandings of international law and its applicability in cyberspace? This question can be articulated as follows. These are just a few examples, of course, with the goal of providing food for thought. For the resilience group, which we proposed, we could, for example, examine how international law applies in the context of the protection of critical infrastructure. In the cooperation group, we could, of course, consider the applicability of international law in the context of cooperation between states in the event of a cyber incident. And lastly, in the stability group, we could examine the applicability of the principle of the responsibility of states in cyberspace and the principle of non-use of force. The thematic groups, therefore, will be a priceless tool for fostering discussion on the way in which international law applies, as well as to identify any potential gaps in international law, and this is very important, and address these gaps if needed. The contributions of legal experts to these discussions could allow for an unprecedented convergence between our discussions on the applicability of international law and the concrete challenges that we are facing in implementation. These discussions could be held based on scenarios and practical cases, which would allow – and we would allow legal experts to take part, including to enrich our reflections on capacity building in our national ecosystems. Mr. Chair, in closing, I’d like to note that the outcome report of this group cannot stall when it comes to international humanitarian law. Ignoring this important aspect in our discussions would undermine the strength of our common framework. Therefore, we commend the work carried out by the International Movement of the Red Cross and Red Crescent during the 34th International Conference of this movement last October, and especially the resolution that was adopted. Following that conference, France recognizes the full applicability of international humanitarian law to cyberspace and supports all of the relevant initiatives. This resolution, which recalls that the rules and principles of international humanitarian law contribute to protecting the persons and property that are protected against the risks stemming from digital activity, would be an additional step in the right direction. We therefore would like to recall that the consensus-based resolution states clearly that in situations of armed conflict, IHL rules and principles serve to protect civilian populations and other protected persons and objects, including against the risks arising from ICT activities. We hope that this will be noted in the outcome report of this working group as a complement to previous reports that recognized the applicability of IHL. Thank you.

Chair: Thank you very much, France, for your statement. Colombia to be followed by the Kingdom of the Netherlands.

Colombia: Thank you, Chairman. My delegation would like to begin our statement by underscoring once again that this working group as an essential forum within the UN system offers up a unique opportunity to address the issue of the security and use of ICTs. In this regard, Colombia recognizes and particularly values the progress made in our joint deliberations on international law. We note, for example, how we have reached common understandings on some of the key principles of international law, such as sovereignty, sovereign equality, and the peaceful settlement of disputes. However, it is necessary to continue to make headway and focus our discussions on the building of agreements on additional principles. For this reason, Colombia, alongside a group of countries, has been developing a working document, an inter-regional one, on the applicability of international law to the use of ICTs. In this, we reflect areas of emerging convergence between the opinions of states on this matter in relation to the non-exhausted list of themes from paragraphs 36 to 38 of the IPR 2024. We submit to your consideration, bearing in mind the language contained in this working document, that seeks to contribute constructively to the strengthening of common understandings on this important theme. Additionally, when it comes to international humanitarian law, my delegation believes that it is the right time to consider the inclusion of language adopted in other scenarios within the final report, such as, for example, the resolution adopted within the framework of the 34th International Conference of the Red Cross and Red Crescent movements, on protection of civilians and other persons and protected objects against the possible human cost of the use of ICTs during armed conflicts. Chairman, for Colombia, ensuring a scenario of discussion on these matters in a future mechanism would be the way forward that will enable us to continue to make headway, as we have been doing so far, on a common understanding on the applicability of international law to ICT, including voluntary norms. In this regard, as we have already mentioned, we welcome your proposal to include in the future mechanism a thematic group devoted to the norms, principles and rules of responsible behaviour of states in international law. My delegation believes that this proposal is in line with the idea to establish a space that enables us to structure these discussions and to guarantee a coherent application of our global legal frameworks to cyberspace. There, we could take a look at relevant principles, looking at ways for implementation and identify whether there are any… loopholes, among other things. For Colombia, the voluntary non-binding frameworks are complementary regimes, like we’ve already said, that could be addressed within the thematic group. However, we wouldn’t have any objections to dealing with other topics, too. My delegation wishes to underscore the importance and relevance of capacity building and resources for IHL in cyberspace. We believe that it’s beneficial to build on capacities offered up by other states and organizations and these will not only lead to a higher level of participation of Colombia on these matters, but also establishing solid national positions on this. This type of cooperation contributes to states having the capacity to implement the rules and principles of international law in cyberspace, working towards a higher level of global stability and security. We support the creation of cooperation mechanisms that facilitate access to capacity building programs, in particular for developing countries, and we believe that an adequate environment for addressing this type of cooperation is within the framework of the Future Permanent Mechanism, promoting interdisciplinary dialogue, including participants from diverse sectors of society. Finally, Chair, as we announced this morning, Colombia has just launched its national position on the applicability of international humanitarian law to cyberspace. During the framework of the side event that was organized alongside Canada and UNIDIR, we’d like to thank all of those that came and listened. This document that will be available for publication over the next few days seeks to contribute to the development of a robust and inclusive framework for the application of international law to the use of ICTs in order to avoid misunderstandings and to promote a higher level of predictability and stability in cyberspace. In this process, Colombia has considered the recommendations of the OEWG, inviting states to share on a voluntary basis their opinions and national positions on this. We invite states to continue to share their positions since cooperation and exchange of perspectives are essential to strengthen a common understanding and to engage in collective actions that enable us to effectively and responsibly address emerging challenges in cyberspace. Thank you very much. Chair.

Chair: Thank you very much, Columbia, for your statement. Based on a very quick calculation that I had asked the Secretary to make, 32 countries have published their national positions on the applicability of international law, plus two regional groupings, which is the European Union and the African Union, and that includes Colombia as well. Of course, this is a very significant contribution to understanding how international law applies, and certainly it will be good to have more and more countries doing so. And I think it’s worth reflecting that at least X number of countries have published their national positions with regard to the applicability of international law in the final report. Of course, we can update these numbers between now and July, but I thought I would share that piece of data with all of you. Let’s move on to now the Kingdom of the Netherlands to be followed by Portugal. Netherlands, please.

Kingdom of the Netherlands: Chair, the Kingdom of the Netherlands aligns itself with the statements delivered by the European Union and the Statement of Thailand on behalf of the co-sponsors of the working paper on the application of international law in the use of ICTs areas of convergence, and would like to add the following in a national capacity. An increasing number of states have spoken out on how international law applies. to state activities in cyberspace. As also mentioned by the EU, we would like to highlight the progress on this we made as a regional organization by adopting the Declaration on a Common Understanding of International Law in Cyberspace of the European Union and its 27 members. We also welcome other states and regional organizations in their efforts to publish their national or regional positions, including the recent national position of Colombia in this regard. Chair, building on the consensus understanding that international law applies in cyberspace, the Netherlands believes that the final report of this OEWG should incorporate the progress that has been made over the past few years, including on the peaceful settlement of disputes, the principles of sovereignty and non-intervention, and the prohibition on the use of force. In addition, we also believe it would be important for the final report to reflect the perspectives of the many states that shared their views on the important topics of international humanitarian law, international human rights law, and the law of state responsibility. My delegation is of the view that we can further build on existing consensus language in the final report in this area, and has three proposals for this. On international humanitarian law, inspiration could be drawn, as suggested by several delegations today, from the ICRC resolution that was adopted at the 34th International Conference of the Red Cross and the Red Crescent. In particular, we echo Brazil in the inclusion of language from this resolution on the protection of civilian populations and other protected persons and objects from risks arising from ICT activities. The Netherlands would also welcome additional language on the protection of medical personnel. …units and transports, and on the protection of humanitarian personnel and objects during armed conflicts… …as they often rely on ICTs to carry out their work. On human rights law, the use of ICTs have a direct impact on humans and in particular persons in vulnerable situations. According to human rights law, which states have affirmed as applicable in cyberspace… …states must respect and protect human rights and fundamental freedoms both online and offline. Any restrictions to these rights must meet well-established human rights principles. States not only have a negative obligation to respect human rights… …but also have a positive obligation to protect their citizens against human rights violations. On the law of states’ responsibilities, states have called attention… …to numerous cyber threats and called for accountability for malicious behavior. The law of states’ responsibility already contains rules on attribution… …and provides states with tools to respond to violations of international law. We propose incorporating language from the cross-regional paper presented by Thailand on this topic. Recently, the Netherlands became one of the co-sponsors of this paper… …and we support incorporating language of this paper in the final report… …including the language on state responsibility. In particular, the notion that states must meet their international obligations… …regarding internationally wrongful acts attributable to them under international law… …which includes reparations for the injury caused. Finally, my delegation would again like to emphasize the importance of capacity building on international law. Scenario-based exercises, workshops and trainings are great examples… …on how to progress discussions on how international law applies to cyberspace. These activities also function as capacity building exercises. and show the importance of expert and stakeholder participation. I thank you, Chair.

Chair: Thank you very much, Madeleine. Portugal to be followed by Pakistan.

Portugal: Mr. Chairman, Portugal subscribes the Declaration on Applicability of International Law in Cyberspace, which was approved by the European Union Foreign Affairs Council last November, and aligns itself with the EU statement delivered this morning on the subject, but would like to briefly reiterate the centrality to stability in cyberspace of the binding duty to protect the right to freedom of expression. It is worth remembering in this regard that Article 19 of the Universal Declaration asserts the fundamental freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media regardless of borders, and that Article 19 of the International Covenant on Civil and Political Rights asserts that these rights shall include freedom to seek, receive and impart information and ideas of all kinds regardless of frontiers, either orally, in writing or in print, in the form of art or through any other media of choice. When we reaffirm the applicability of international law in cyberspace, we therefore also mean the binding state duty to protect freedom of digital expression, including anonymous expression. State responsibilities, sovereignty, peaceful settlement of disputes and non-intervention are, of course, pillars of international peace and security, also in cyberspace. But states, according to precedent and jurisprudence, must also uphold and protect the freedom of expression across borders of their citizens, including anonymous expression, because that is part of their binding obligations under international law. Therefore, in our view, scenario-based discussions in the framework of the three cross-cutting working groups of the Future Permanent Mechanism, namely on how binding state obligations apply in cyberspace, should give adequate attention to the duty to protect freedom of expression, including anonymous expression and regardless of borders. Thank you, Mr. Chairman.

Chair: Thank you, Portugal, for your statement. Pakistan, to be followed by Indonesia.

Pakistan: Thank you, Mr. Chair. Pakistan’s position on this important topic is well-established and has been explained at length in the position paper submitted in March 2023. In our view, the most important responsibility for this process is to develop a binding mechanism to ensure the responsible use of ICTs. The continued discussion on norms and principles of responsible behavior is complementary to consistent view on the need for legally binding framework. However, while voluntary norms play an important role in fostering trust and transparency, they cannot substitute for a legally binding instrument as it can address unique challenges posed by cyberspace and ensure accountability under international law. In this respect, let me make following three points. First, we need to reiterate that the principles enshrined in the UN Charter, such as sovereign equality, non-interventionism, prohibition of the use of force, and peaceful settlement of disputes, also equally apply to cyberspace. Second, considering the unique attributes of cyberspace and the transnational nature of cyber technologies, international law has certain gaps which must be addressed. For example, the application of concepts of sovereignty, self-defense, use of force, and attribution in cyberspace demands further clarity and in-depth discussions within the UN. Third, these gaps should be addressed through a legally binding framework, which may include provisions for protecting critical infrastructure, securing cross-border data exchanges, ensuring supply chain security, and addressing emerging threats, such as disinformation and AI-driven cyber attacks. Pakistan acknowledges that member states hold diverging views on the development of legally binding instruments for cyberspace governance. In this regard, we propose that further dedicated discussions be conducted under the proposed thematic group to be established within the future permanent mechanism. Such discussions should aim to build consensus and address gaps in international law related to cyberspace. We urge that views concerning legally binding instrument be comprehensively reflected in the final report. This will ensure that all perspectives are duly considered and are of the way for meaningful progress in future deliberations. Thank you.

Chair: Thank you very much, Pakistan. Indonesia to be followed by Czechia.

Indonesia: Mr. Chair, building on our last substantive session, Indonesia recognizes persistent gaps in applying international law to cyberspace that must be addressed through practical measures. Key areas requiring further exploration include implementation of state sovereignty in cyberspace, state responsibility to prevent cyber threats originating from their territories, dispute resolution mechanisms, clarification of legal ambiguities, and non-intervention in countering cyber influence campaigns. To bridge these gaps, we emphasize the importance of capacity building exercises to ensure a shared understanding and effective application of international law in cyberspace. Indonesia welcomes initiatives that strengthen legal and technical capacities, including the Regional Workshop on International Law, Norms, and Cyberspace co-hosted by the United Nations Institute for Disarmament Research, Australia, and Thailand in Bangkok in January 2025. We underscore the need for legal clarity in cybersecurity and stand ready to collaborate with member states in identifying key principles and advancing international law in cyberspace. Furthermore, capacity building must be a core element of any future permanent mechanism to ensure equitable access to legal knowledge and tools for all states. Indonesia follows and takes note of various inputs regarding the proposed dedicated thematic group on rules, norms, and principles of responsible state behavior and on international law. We believe that both norms and international law can be housed within the same dedicated group considering the resource constraints of delegations, with differing agendas within the groups to discuss deeper into each aspect. Indonesia remains committed to constructive dialogue and collaboration to establish international law as a reliable foundation for global cybersecurity governance. We look forward to shaping an inclusive, effective, and legally sound approach to cyberspace security. I thank you.

Chair: Thank you very much, Indonesia, for your statement. Chekya to be followed by Mozambique.

Czechia: Thank you, Mr. Chair, distinguished colleagues. The Czech Republic aligns itself with the EU statement and wishes to deliver additional remarks in its national capacity. Mr. Chair, since the establishment of this open-ended working group, we have made tremendous progress in our discussions on international law. The depth and breadth of these deliberations demonstrate a growing commitment of the international community to addressing how concrete international law provisions apply to the use of ICTs. We have moved from general statements to substantive discussions, and the number of delegations engaging in the applicability of international law to cyberspace has increased significantly. Such meaningful engagement in strengthening and clarifying our collective understanding of how existing international law applies in this domain. However, we must also ensure that the substance of these discussions is adequately reflected in our reports, especially in the final report. We regret that some of the most significant issues raised in our exchanges have not been properly captured in the latest APR, and we urge an accurate and comprehensive reflection of our work in the final report. For example, the reference to international humanitarian law in the latest APR remains largely unchanged from our first APR, and merely reiterates the conclusions of the 2021 GGE report. This does not do justice to the substantive progress this group has made. We shouldn’t simply repeat the conclusion of past expert groups. Therefore, the Czech Republic supports the Brazilian proposal to include a reference inspired by the OP4 of the 34th ICRC Conference. …resolution called Protecting Civilians and Other Protected Personnel, Persons and Objects… …against the Potential Human Cost of ICT Activities During Armed Conflict. This groundbreaking resolution, adopted by consensus last October in Geneva… …underscores the importance of protecting civilians and critical infrastructure… …from malicious cyber operations and emphasizes the humanitarian implications… …of digital technologies in armed conflict. Regarding the topics that also should be included in the final report… …the Czech Republic supports the cross-regional statement presented today by Thailand. Mr. Chair, unfortunately, while we have been engaging in substantive discussions… …on the applicability of international law to cyberspace… …some states continue to disregard their international legal obligations… …undermining international peace and security. This highlights the fundamental importance of ensuring respect for international law… …in all domains, including cyberspace. The Czech Republic remains firmly committed to upholding the rule of law… …and emphasizes that our final report must reaffirm the centrality of international law… …in maintaining international peace and security. A secure, stable and peaceful cyberspace cannot be achieved… …if states fail to uphold their international legal obligations. Mr. Chair, since the establishment of this group… …we have seen a significant increase in the number of national positions… …on the applicability of international law in cyberspace… …including the most recent contribution by Colombia, as well as two regional positions. In total, national and regional positions now represent the view of over 100 states… …and another commendable achievement that has been strongly supported by the work of this group… …as well as by workshops and activities outside these forums. We are also delighted to hear that Thailand is developing its national position. Mr. Chair, as our discussions have evolved… …we must consider how this progress informs the future mechanism as well. Regarding your proposal on thematic groups… …the Czech Republic cannot support a suggestion… …to merge discussions on norms and international law into a single group. as this could create confusion. International law is legally binding, whereas norms are voluntary and politically binding. Combining these discussions risks conflating distinct legal and policy concepts, which could hinder our progress in both areas. In this regard, we support a proposal by France for cross-cutting groups that would integrate international law discussions throughout our work. This would ensure a more action-oriented and issue-specific approach, while maintaining dedicated focus on the legal aspects of the topics to be discussed. Lastly, with regard to the possibility of discussing additional legally binding obligation, we emphasize that only a small number of states advocate for such discussions, rushing into the development of new legally binding obligations without first determining whether there are any gaps in the existing legal framework, and addressing them risks undermining the existing legal framework and the UN Charter. To conclude, Mr. Chair, we would like to express our appreciation for your guidance throughout this process, and assure you of our full support as we work towards a meaningful and substantive outcome. Thank you.

Chair: Thank you, Czechia, for your statement. Mozambique to be followed by Tonga.

Mozambique: Mr. Chair, thank you for giving us the floor. With regard to application of international law to the use of information and communication technology by states, in general, Mozambique aligns itself with statement delivered by most of the representative of member states that delivered their statement before us, and wish to emphasize the following points in our national capacity. We reaffirm our commitment to the responsible and peaceful use of information communication technology in accordance with international law. As digital transformation accelerates worldwide, it is imperative that states work together to ensure that cyberspace remains a domain of security, stability, and cooperation. My delegation recognizes that international law, including the UN Charter, applies to cyberspace, and that states must uphold the principles of sovereignty, non-intervention, the prohibition of the use of force, respect for the human right, and respect for the humanitarian law. Therefore, we underscore the importance of the principle of proportionality in responding to cyber incidents. Any countermeasure should be necessary, proportionate, and in full compliance with international law to prevent escalation and ensure stability in cyberspace. We also emphasize the need to strengthen global and regional frameworks to address cyber threats while upholding the right to privacy, freedom of expression, and access to information in digital era. As a country, in enhancing its cybersecurity and digital governance, Mozambique acknowledges the critical role of international cooperation in combating cybercrime and building national capacity. We have adopted the Malabo Convention on Cybersecurity and Personal Data Protection, and we are currently in the process of assailing the Budapest Convention on Cybercrime to align our legal framework with international standards. And also, in this regard, we call for stronger multilateral dialogue to develop clear frameworks on ICT use by states, ensuring peace, security, and accountability in cyberspace. A ninth, capacity-building technical assistance to support developing nations like ours in strengthening their cybersecurity infrastructure and legal frameworks. A robust cooperation mechanism for intelligence sharing, incident response, and persecution in cybercriminals. Protection of critical infrastructure from malicious cyber activities to ensure the resilience of essential services, including healthcare, water, finance, energy, and others. Protection of responsible state behavior in cyberspace, including adherence to UN-endorsed norms, rules, and principles. Mozambique reaffirms and is fully committed to regional and international partnership to build a secure, resilient, digital future for all. We urge international community to work collectively to ensure that ICT serves as a tool for development, innovation, and inclusion, rather than conflict and division. We also take this opportunity to express our profound gratitude to Global Affairs Canada and also German Mission for the training we receive on the application of law in cyberspace. The week of knowledge exchange, which included real-world cyber threats exercise, was invaluable. We strongly encourage the continuation of such initiatives, which help enhance our collective capacity to navigate the evolving digital landscape. Mr. Chair, Mozambique looks forward to continued engagement in shaping a safe, stable and rule-based cyberspace, aligning with the principles of international law. I thank you, Mr. Chair.

Chair: Thank you very much, Mozambique, for your statement. Tonga, to be followed by Vanuatu, please.

Tonga: Chair, Tonga takes the floor on behalf of the Pacific Island Forum members with a presence here in New York. The Pacific Island Forum countries would like to offer appreciation and continued support to the Chair for your efforts to ensure that the OEWG progresses its work, including on international law. As we approach the final stretch of our discussions within this OEWG, we are committed to continue working with you to deepen common understanding of how international law applies to state conduct in cyberspace, identify convergences between state positions and build consensus within the international community. The Pacific Island Forum countries reaffirm that international law, including the Charter of the United Nations in its entirety, is applicable and essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful cyber environment. Applicable principles including state sovereignty, sovereign equality, the peaceful settlement of disputes, non-intervention in the internal affairs of other states and the prohibition on the threat or use of force against territorial integrity or political independence of any state or in any manner inconsistent with the purpose of the United Nations. We affirm that international humanitarian law applies to cyber activities within an armed conflict, including, where applicable, the established international legal principles of humanity. necessity, proportionality, and distinction. We also emphasize that human rights and fundamental freedoms, including the rights to privacy, freedom of expression, and non-discrimination, apply online as they do offline. We welcome the 2024 APR’s recognition of the importance of capacity-building efforts in international law, including the recommendation for tailored capacity-building to support countries to develop independent national views and positions on the application of international law to cyberspace. We are encouraged by the increasing number of states that have engaged with discussions on international law at the OEWG and have published national or regional positions. We underline the importance of supporting states to continue sharing views and developing positions in order to bridge gaps in understanding, avoid misconceptions, and prevent conflicts, and to enable active participation of all states on an equal footing in these important discussions, clarifying how international law applies to cyberspace, both in the OEWG and beyond. There have been a range of existing efforts, including those of the UNIDIR, which have been useful for international law capacity-building, and we hope these efforts can continue and be built upon. We would also welcome further capacity-building efforts that have been suggested by states, which could include scenario-based exercises, workshops, training courses, conferences, exchanging best practices, as well as drawing on the experience of relevant regional organizations and the expertise of international legal experts. These efforts are key to all states’ better understanding of how international law applies to cyberspace and contributes to the promotion of peace, security, and stability in cyberspace. We look forward to working with you and all members on progressing work on the application of international law in cyberspace throughout the remainder of this OEWG and beyond, including under the Future Permanent Mechanism. We hope that we can further elaborate on common understanding of international law in this OEWG final report in July 2025. We thank you, Chair.

Chair: Thank you very much, Tonga, for your contribution. Vanuatu to be followed by Switzerland.

Vanuatu: Thank you, Mr. Chair, for giving us the floor. Mr. Chair, Vanuatu aligns with the statement delivered by Tonga on behalf of the Pacific Islands Forum and adds the following in our national capacity. This is the very first time Vanuatu has ever spoken on the application of international law in this forum. This is a good example of how the OEWG helps us move closer to a shared understanding of this important topic. Vanuatu firmly believes that existing international law, including the Charter of the United Nations and international humanitarian law, applies to state contact in cyberspace. These laws and principles crafted to guide states in maintaining international peace and security remain highly relevant in the digital age. Key among these are the principles of sovereignty, non-intervention, and the prohibition of the use of force, which we regard as vital to promoting stability, trust, and peace in the cyber domain. Chair, the principle of sovereignty, a cornerstone of international law, governs the rights and responsibilities of states within their territories. In the digital realm, this principle grants each state the right to govern its own ICT infrastructure as well as to ensure the security of its citizens from cyber threats. Sovereignty in cyberspace means states retain authority over their digital infrastructure, data and activities mirroring their rights over physical territory. However, with this right comes the obligation to ensure that activities within a state’s ICT infrastructure do not harm other states. This includes taking steps to prevent the misuse of domestic systems to launch cyber operations or contact malice activities targeting another country. Vanuatu advocates for a balanced approach, one that respects national sovereignty while emphasizing international cooperation to mitigate transboundary cyber risks. The principle of non-intervention prohibits states from interfering in the internal affairs of other nations. In the context of cyberspace, this principle applies to activities that undermine the political, economic or technological stability of another state. Vanuatu underscores the need for clear guidelines and consensus on what constitutes a violation of this principle in cyberspace, as clarity will force the trust and reduce the risk of conflicts. Mr. Chair, the prohibition of the use of force enshrined in Article 2.4 of the UN Charter is equally applicable to cyberspace. Cyber operations that result in significant harm to critical infrastructure, loss of life or severe economic damage may be considered equivalent to the use of force in the physical world. Vanuatu supports ongoing international efforts to define thresholds and criteria for such actions to ensure states have a shared understanding. of these principles’ application in cyberspace. Recognizing the importance of these principles, Vanuatu is actively developing its national position on the application of international law in cyberspace. This document will outline our interpretation of these principles, articulate our national priorities, and contribute to the broader international dialogue on these issues. We anticipate publishing this position before the July session of the Open-Ended Working Group. As we undertake this important work, my delegation acknowledges the critical role of capacity building support, particularly Australia and UNIDIR. Their assistance has enabled us to engage meaningfully in these discussions and to enhance our understanding of the complex legal, technical, and policy considerations involved. For small island developing states like Vanuatu, such support is essential for active and effective participation in the global conversation on cybersecurity. Thank you, Mr. Chair.

Switzerland: Thank you, Chair, for giving us the floor. Over the past four years, we have discussed and learned a lot in the process. We also learned that you appreciate short and clear statements. Accordingly, I will try to be brief in what follows. Whilst we have learned a lot about you, we have also learned a lot about each other. During the mandate of this OEWG, 12 countries and the African Union and the European Union have published or amended their positions on the application of international law in cyberspace. We have passed the milestones of 100 states that have done so individually or collectively. We are therefore very pleased that Colombia officially presented its position on the application of international law in cyberspace today and celebrated it with a wonderful side event and a free lunch. Thank you. Switzerland has always been an advocate of national positions, which is why we are particularly pleased about the growing number of published positions. The positions make it possible to engage in dialogue, to better understand each other, and to find common legal understandings. We are also delighted to hear that Thailand and Vanuatu are working on their national position and looking forward to read them. In view of the topics of international law discussed over the past four years and also today, one area stands out in particular, international humanitarian law. The number of states that have expressed their views on how IHL applies to ICT activities during armed conflicts has risen steadily. However, it is not only the number of statements that I want to highlight, but even more the content and progress of these rich discussions. International positions, working papers, and statements, including the cross-regional working paper on international humanitarian law, which Switzerland and 12 other states presented last March, testify to the growing common understanding on how the rules and principles of IHL govern operations in cyberspace and how they contribute to the protection, notably of civilian objects and persons, against the threats from ICT activities during armed conflicts. Not only here in New York, but also at the 34th Conference of the Red Cross and Red Crescent, the progress of the discussion is evident. The adopted resolution is a case in point. This progress in our discussions must be recorded and reflected in the final report. It is a top priority for Switzerland, as this session is the last one before the final session in July, where the final report is going to be negotiated. We already would like to present the following language proposal on IHL for inclusion in the final report. Start quote. States affirmed that in the context of the use of ICTs, international humanitarian law applies only in situations of armed conflict. They recalled the established international legal principles, including the principles of humanity, necessity, proportionality, and distinction, and underscored that recalling these principles by no means legitimizes or encourages conflict. States underlined that international humanitarian law applies to ICT activities executed in the context of and in relation to an armed conflict. They reiterated their shared commitment to protect, in particular, civilian objects, such as critical civilian infrastructure, as well as medical and humanitarian facilities. States recognized the need for further study on how international humanitarian law applies to ICT operations in situations of armed conflict, acknowledging the particularities of the digital domain.” We also welcome the proposals by other delegations, and would support in particular the proposition by Brazil and others to take up language, highlighting the purpose of IHL. We will send our proposal to the Secretariat later today. A second priority for Switzerland is to highlight that states have continuously affirmed the need to respect and protect human rights and fundamental freedoms, both online and offline, in accordance with their respective obligations. It is important to recall that under international human rights law, states have obligations to respect and to ensure the human rights of all individuals in their territory and subject to their jurisdiction, including where those rights are exercised or realized through ICTs or through new and emerging digital technologies. These include, amongst others, the right to privacy. freedom of expression, non-discrimination, freedom of association, the right to an effective remedy, and other relevant provisions of the International Covenant on Civil and Political Rights. In this context, we would like to highlight especially the cross-regional working paper that was presented from Thailand and is co-sponsored by Thailand and 13 other states on the application of international law in the use of ICTs that points out areas of convergence and proposes text for the final report. The working paper? Yeah. On a second last note, I would like to highlight the numerous scenario-based discussions and other events and capacity-building activities organized by UNITEER, Estonia, and other countries which have enabled us to discuss the concrete application of international law in exemplary cases have been of particular benefit. This approach should be retained and implemented in the new permanent mechanism. Mr. Chair, allow me to close with a few remarks on international law and the future permanent mechanism. We will comment on your discussion paper more extensively later this week, but share a few remarks already now. First, it will come as no surprise that for Switzerland, international law will be a priority for the future permanent mechanism. This mechanism must enable us to engage in in-depth discussions on the specific application of international law and to make progress, moving on from general statements to finding common understanding on its application. Such discussions could take place in the thematic and cross-cutting working groups as proposed by France. However, we think that this might not be sufficient for in-depth discussions on international law and appreciate the prominent place that you give international law in the discussion paper. We find it, however, better if the discussion on the implementation of norms would take place in the cross-cutting working groups. whereas the discussion on the application of international law should benefit of a specific forum. The thematic working group you propose could be such a forum. Alternatively, or in addition to the three dedicated and cross-cutting working groups presented by France, a subgroup could be created. This group could be a standing or ad hoc group or committee that is asked by the plenary or a thematic working group to discuss and analyze a specific topic of international law with the participation of experts in detail and to report back at the next meeting. This could be done, for example, on the basis of a report or a working paper. The plenary or thematic working group would then continue the discussion on this basis. We have mentioned this idea already in December of last year. Thank you, Mr. Chair. I hope I was brief enough.

Chair: Thank you very much, Switzerland. Brevity, like beauty, is in the eye of the beholder. But, yes, thank you for your statement. Australia, to be followed by Egypt.

Australia: Thank you, Chair. Australia is pleased to join the statement made by Tonga on behalf of the Pacific Islands Forum, as well as the statement made by Thailand on behalf of a cross-regional group comprised of Australia, Chile, Colombia, the Dominican Republic, El Salvador, Estonia, Fiji, Kiribati, Moldova, the Netherlands, Papua New Guinea, Thailand, Uruguay, and Vietnam. We will now make some additional comments in our national capacity. Over ten sessions, we have seen many more states making substantive interventions on international law in the OAWG. in addition to the increasing number of national and regional positions that have been published. These developments have resulted in the building of evolved common understandings on how international law applies to cyberspace. Last December, a cross-regional group of states submitted an updated paper on proposed convergence language for the OEWG’s final report, and today we are very pleased to see the cross-regional group grow in size to 14 co-sponsors. Our cross-regional paper aims to identify convergences on the application of international humanitarian law, international human rights law, and the law of state responsibility to cyberspace. We seek specific and meaningful references to international law in the OEWG’s final report and hope that the ongoing efforts of our expanded cross-regional group demonstrates the considerable momentum behind the common denominator language from this cross-regional paper. Calls for clear references to the application of international humanitarian law to cyber activities within an armed conflict simply demonstrate a desire for our report to accurately reflect our discussions here in the OEWG. Delegates from every region of the world have highlighted in the OEWG, as well as in other forums such as the 34th International Conference of the Red Cross and Red Crescent, that IHL applies in cyberspace and that it does not legitimise or encourage conflict. We echo the calls from Brazil and others for this work to be reflected and hope that the final report will faithfully capture the common understandings reached in the OEWG and evidence elsewhere. We join many states including Albania, Malawi, Mexico, Mozambique, North Macedonia, Senegal, Switzerland and Thailand in wanting to see strong language on international human rights law reflected in the final report, as well as language on the law of state responsibility and the applicability of the UN Charter in its entirety. On capacity building, Australia actively supports capacity building efforts on international law, which is critical in our view to enable more states to be part of this important conversation. Last month, Australia sponsored regional UNIDIR workshops on norms, the application of international law to cyberspace and the development of national positions in partnership with the governments of Fiji and Thailand. We’re very pleased to hear from others in the room today that such training has been valuable. Finally, we agree with others in the room that we must build on the consensus aqui that we have agreed regarding international law by having a future permanent mechanism that provides space and time for meaningful discussions on how international law applies to cyberspace. Cross-cutting dedicated thematic groups on resilience, cooperation and stability could help build capacity on international law, for example, by facilitating briefings from experts, including from international organisations, states, academia and others with relevant expertise. These briefings could provide a scene setter for working group discussions on the application and evolution of our framework on important policy issues. Cross-cutting thematic groups could also help us to discuss the applicability of international law to specific challenges. For example, in a thematic group on resilience, states could discuss threats to critical infrastructure and use the toolkit of international law to understand what states can do to protect themselves and what response options are available at international law. In this dedicated thematic group, states could also consider other elements. to address threats to critical infrastructure, such as how the implementation of specific norms would increase the cyber resilience of critical infrastructure, and provide options to request assistance in mitigating the effects of an incident. Applying international law to concrete scenarios will, in our view, better equip states to address threats and help us move away from making general statements of law and rather move towards concrete and practical consideration of how specific rules and principles of international law apply in cyberspace. The work of the dedicated thematic groups could feed into the plenary discussions, which would provide yet a further opportunity to discuss and consolidate international law, including on issues common to all thematic groups. We consider that this structure would also be the most accessible, allowing all states to meaningfully participate, regardless of whether they have published a national position. Chair, Australia remains committed to furthering our discussions on the application of international law to cyberspace, both in this OEWG and beyond. We look forward to continuing to work with the Chair and other states to ensure that emerging convergences reached in the OEWG on international law are reflected in the final report for 2025, and that the future permanent mechanisms discussions are as action-oriented and practical as possible. Thank you.

Chair: Thank you very much, Australia. I still have about five or six more speakers, so we certainly would have to continue with the remaining speakers tomorrow morning, and then we’ll transition to the subsequent agenda item, which is confidence-building measures. But I think I can take one more speaker today, and I’d like to give the floor to the ICRC.

ICRC: Thank you Mr. Chair. Excellencies, dear colleagues, the ICRC is grateful for the opportunity to address this open-ended working group on the question of how international law applies to the use of ICTs. To build on the working group’s precise description of existing ICT requirements, the ICRC would like to encourage delegations to also elaborate further on the existing international legal rules that seek to prevent or mitigate the harm caused by malicious ICT activities, in particular during armed conflict. Over the past four years, states have expressed a diversity of views on how international humanitarian law applies to ICT activities during armed conflict. Clearly, further study is needed to build common understandings. Yet, it is encouraging to see that significant progress has been achieved. Shared understandings on the application of international humanitarian law to ICT activities in situations of armed conflicts are found, for example, in common regional positions. In addition, in October 2024, the 31st International Conference of the Red Cross and Red Crescent, which brings together all states, adopted by consensus a resolution on ICT activities during armed conflict, which called on states and parties to armed conflict to uphold international humanitarian law protection for civilian populations, civilian critical infrastructure, medical and humanitarian personnel, facilities and activities, and cultural property, including against the risks arising from ICT activities. The ICRC agrees that discussions on IHL in the Open-Ended Working Group should not be held in isolation of other rules of international law. In particular, the prohibition against the threat or use of force and the obligation to settle disputes peacefully. In this context, it is important to recall that when in 1977 states codified many of the IHL rules that are most relevant to ICT, delegations were careful to reiterate that nothing in IHL can be construed as legitimizing or authorizing any act of aggression or any other use of force inconsistent with the Charter of the UN. This is part of the existing law, and it has been explicitly reiterated with regard to the ICT environment in the 2021 Group of Governmental Experts report. Against this background, the ICRC strongly commends and supports the proposal by delegations to include in the final report a clear statement reaffirming that, I quote, in situations of armed conflict, IHL rules and principles serve to protect civilian populations and other protected persons and objects, including against the risks arising from ICT activities, end quote. In our view, this statement is legally accurate and reflects states’ shared commitment to uphold the existing protection under international law in light of rapidly evolving armed conflicts. Likewise, it is today agreed that medical personnel, units and transports, as well as humanitarian operations, must be respected and protected in times of armed conflicts, including with regard to ICT activities. This agreement is significant, but common understandings should also be built on what this means, for example, for the protection of medical or humanitarian data. To facilitate building common understandings, the ICRC is pleased to share with this working group two short papers. explaining the legal protection of medical, as well as humanitarian operations, against ICT activities during armed conflict. Reaffirming the principle that cyber operations in times of armed conflict are subject to the existing rules of international law can only be the starting point of further discussion, including in a future institutional mechanism. The ICRC stands ready to support future discussions on the use of ICTs in situations of armed conflict. In this regard, let me draw your attention to the ICTs workstream of the Global Initiative on International Humanitarian Law, which the ICRC and six states have jointly launched last year. In complementarity with other processes, this workstream will provide a humanitarian platform for in-depth exchanges and fostering convergence of views on how international humanitarian law protects civilian populations against malicious ICT activities. We hope the outcome of this workstream will also inform future multilateral discussions, including at the UN. Mr. Chair, common understandings of how IHL applies to the use of ICTs can be achieved. In fact, they already exist and should be built on. We encourage delegations to reflect these common understandings in the final report. Thank you very much.

Chair: Thank you very much, ICRC, for your contribution and please do share with us your inputs. We’re happy to put them on the website. So friends, I have eight more delegations and I intend to close the speakers list for international law. I’ll take these eight speakers tomorrow morning. Germany, Fiji, Republic of Moldova, Ireland, Vietnam, Egypt, Kenya, Ghana, Austria. for international law will be closed, and then tomorrow morning after having heard these speakers we’ll go straight into CBMs for the rest of the morning. I do not intend to summarize the discussion. It’s been a rich discussion, not entirely entirely new, but with many interesting ideas and proposals, and certainly a very constructive discussions. So I thank you all very much, I wish you a pleasant evening, and the meeting is adjourned.

Agreement Points

Existing international law applies to cyberspace

speakers

– Sweden
– Thailand
– Brazil
– Japan
– Singapore
– Kingdom of the Netherlands
– Republic of Korea
– United Kingdom
– Portugal
– African group – Nigeria
– El Salvador
– Mexico
– Algeria
– Albania

arguments

Existing international law fully applies to cyberspace

UN Charter principles like sovereignty and non-intervention apply to cyberspace

International humanitarian law applies to cyber activities in armed conflicts

International law provides sufficient framework without need for new cyber-specific laws

Peaceful settlement of disputes principle applies to cyberspace

State responsibility principles apply to cyber activities

New legally binding obligations not necessary at this stage

Human rights law applies both online and offline

Territorial sovereignty applies in cyberspace

International humanitarian law fully applies to cyberspace

International law and UN Charter principles apply to cyberspace

ICT use must be compatible with international law principles

Existing international law fully applies to cyberspace

summary

There is broad agreement that existing international law, including the UN Charter, international humanitarian law, and human rights law, applies to cyberspace. This includes principles such as sovereignty, non-intervention, and peaceful settlement of disputes.

Importance of capacity building for effective participation in cyber discussions

speakers

– Thailand
– Mozambique
– Tonga
– Indonesia
– Vanuatu
– Switzerland

arguments

Capacity building crucial for technical attribution capabilities

Importance of capacity building to enable states to participate in legal discussions

Support for tailored capacity building on developing national positions

Need for legal capacity building to address gaps in applying law to cyberspace

Capacity building essential for small island states to participate effectively

Support scenario-based exercises and workshops on international law

summary

Many speakers emphasized the critical role of capacity building in enabling states, particularly developing nations and small island states, to participate effectively in discussions on international law in cyberspace and develop their own national positions.

Similar Viewpoints

These speakers argue against the need for new legally binding instruments specific to cyberspace, contending that existing international law is sufficient to govern cyber activities.

speakers

– Sweden
– Japan
– Republic of Korea
– United Kingdom

arguments

No need for new legally binding rules specific to cyberspace

International law provides sufficient framework without need for new cyber-specific laws

New legally binding obligations not necessary at this stage

Rushing into new binding obligations risks undermining existing law

These speakers advocate for the development of new legally binding instruments for cyberspace, arguing that such instruments are necessary to address gaps in existing law and the unique challenges posed by the cyber domain.

speakers

– Cuba
– Islamic Republic of Iran
– China
– Pakistan
– Russian Federation
– Algeria

arguments

Legally binding instrument needed to address gaps in existing law

Gaps exist in applying international law to unique aspects of cyberspace

Support developing new legally binding instrument on ICT security

Legally binding framework needed to ensure responsible ICT use

Support thematic group to build consensus on legally binding instrument

Support for binding international instruments on cybersecurity

Unexpected Consensus

Reflection of IHL progress in OEWG final report

speakers

– United States
– Colombia
– Australia
– ICRC
– Czechia
– Brazil
– El Salvador

arguments

Final report should reflect progress made in IHL discussions

Report should capture common understandings on international law

Need to reflect convergences on human rights law in final report

Report should include language on protection of civilians under IHL

Accurate reflection of IHL progress missing from current draft

International humanitarian law applies to cyber activities in armed conflicts

International humanitarian law fully applies to cyberspace

explanation

Despite differing views on other aspects of international law in cyberspace, there appears to be unexpected consensus among these diverse speakers on the need for the OEWG final report to accurately reflect the progress made in discussions on international humanitarian law (IHL) in cyberspace. This consensus is notable as it includes both Western and non-Western states, as well as the ICRC.

Overall Assessment

Summary

The main areas of agreement include the applicability of existing international law to cyberspace, the importance of capacity building for effective participation in cyber discussions, and the need for accurate reflection of progress on IHL in the OEWG final report. However, there is a clear division between states that believe existing law is sufficient and those advocating for new legally binding instruments.

Consensus level

Moderate consensus on broad principles, but significant disagreement on specific implementation and the need for new legal instruments. This split implies ongoing challenges in developing a universally accepted legal framework for cyberspace, potentially impacting global cyber governance efforts.

Different Viewpoints

Need for new legally binding instruments

speakers

– Sweden
– Cuba
– Republic of Korea
– China
– Pakistan
– United Kingdom

arguments

No need for new legally binding rules specific to cyberspace

Legally binding instrument needed to address gaps in existing law

New legally binding obligations not necessary at this stage

Support developing new legally binding instrument on ICT security

Legally binding framework needed to ensure responsible ICT use

Rushing into new binding obligations risks undermining existing law

summary

There is significant disagreement on whether new legally binding instruments are necessary for governing cyberspace. Some countries argue that existing laws are sufficient, while others advocate for new binding frameworks to address perceived gaps.

Applicability of existing international law to cyberspace

speakers

– Sweden
– Islamic Republic of Iran
– Japan
– South Africa

arguments

Existing international law fully applies to cyberspace

Gaps exist in applying international law to unique aspects of cyberspace

International law provides sufficient framework without need for new cyber-specific laws

Cyberspace poses unique challenges for applying traditional international law

summary

While most countries agree that international law applies to cyberspace, there are differing views on whether existing law is sufficient or if there are significant gaps due to the unique nature of the cyber domain.

Unexpected Differences

Combining discussions on norms and international law

speakers

– France
– Czechia

arguments

Support thematic group on international law and norms

Norms and international law should be in separate groups

explanation

While many countries focus on the applicability of international law, there is an unexpected disagreement on whether discussions on norms and international law should be combined or separated in future mechanisms. This highlights the complexity of distinguishing between legally binding and voluntary principles in cyberspace.

Overall Assessment

summary

The main areas of disagreement revolve around the need for new legally binding instruments, the sufficiency of existing international law for cyberspace, and the structure of future mechanisms for discussing these issues.

difference_level

The level of disagreement is significant, particularly on the need for new legally binding instruments. This has important implications for the future of cyber governance, as it affects how states will approach regulation and cooperation in cyberspace. The lack of consensus on these fundamental issues could hinder the development of a unified global approach to cybersecurity and may lead to fragmented policies and practices across different countries or regions.

Partial Agreements

These speakers agree on the need for focused discussions on international law in the future mechanism, but disagree on the specific structure. Some advocate for integration into thematic groups, while others prefer dedicated forums or action-oriented approaches.

speakers

– United Kingdom
– France
– Switzerland
– United States

arguments

Integrate international law into cross-cutting thematic groups

Support thematic group on international law and norms

Need dedicated forum for in-depth international law discussions

International law discussions should be action-oriented in future mechanism

Similar Viewpoints

These speakers argue against the need for new legally binding instruments specific to cyberspace, contending that existing international law is sufficient to govern cyber activities.

speakers

– Sweden
– Japan
– Republic of Korea
– United Kingdom

arguments

No need for new legally binding rules specific to cyberspace

International law provides sufficient framework without need for new cyber-specific laws

New legally binding obligations not necessary at this stage

Rushing into new binding obligations risks undermining existing law

These speakers advocate for the development of new legally binding instruments for cyberspace, arguing that such instruments are necessary to address gaps in existing law and the unique challenges posed by the cyber domain.

speakers

– Cuba
– Islamic Republic of Iran
– China
– Pakistan
– Russian Federation
– Algeria

arguments

Legally binding instrument needed to address gaps in existing law

Gaps exist in applying international law to unique aspects of cyberspace

Support developing new legally binding instrument on ICT security

Legally binding framework needed to ensure responsible ICT use

Support thematic group to build consensus on legally binding instrument

Support for binding international instruments on cybersecurity

Key Takeaways

There is broad agreement that existing international law applies to cyberspace, including the UN Charter, international humanitarian law, and human rights law.

Many states have published national positions on how international law applies to cyberspace, with over 100 states now represented through national or regional positions.

Capacity building on international law is seen as crucial to enable all states to participate meaningfully in discussions.

There are divergent views on whether new legally binding instruments are needed for cyberspace, with some states arguing for them and others opposing.

Many states want the OEWG final report to reflect progress made in discussions, particularly on international humanitarian law.

There is debate over how to structure international law discussions in the future permanent mechanism.

Resolutions and Action Items

The final OEWG report should accurately reflect the progress and common understandings reached on international law, particularly IHL.

Continue capacity building efforts to support states in developing national positions and participating in discussions.

Consider how to integrate international law discussions into the structure of the future permanent mechanism.

Unresolved Issues

Whether new legally binding instruments are needed specifically for cyberspace

How exactly to structure international law discussions in the future permanent mechanism

Specific language to be included in the final OEWG report on international law topics

How to address perceived gaps in applying existing international law to unique aspects of cyberspace

Suggested Compromises

Integrating international law discussions across thematic working groups in the future mechanism, while also potentially having a dedicated forum for in-depth legal discussions

Reflecting progress made on IHL in the final report without implying endorsement of cyber warfare

Continuing to build common understandings on how existing law applies before considering new binding instruments

We believe it is necessary to continue discussions to avoid misunderstandings and foster improved understanding on how international law ought to apply to cyber activities.

speaker

Senegal

reason

This comment acknowledges the complexity of applying existing international law to cyberspace and emphasizes the need for ongoing dialogue.

impact

It set a tone of openness to further discussion and negotiation, rather than taking a hardline stance. Several subsequent speakers echoed this sentiment of needing continued dialogue.

While it is the responsibility of states to encounter cybercrime and misinformation, to counter cybercrime and misinformation, security measures should be structured to preserve democratic rights and prevent overreach.

speaker

Malawi

reason

This comment highlights the tension between security and civil liberties in cyberspace regulation, introducing nuance to the discussion.

impact

It prompted other speakers to address the balance between security and human rights in their comments, deepening the analysis of how international law should be applied.

We propose that further dedicated discussions be conducted under the proposed thematic group to be established within the future permanent mechanism. Such discussions should aim to build consensus and address gaps in international law related to cyberspace.

speaker

Pakistan

reason

This comment offers a concrete proposal for how to structure future discussions on international law in cyberspace.

impact

It shifted the conversation towards considering the structure and format of future mechanisms, with several subsequent speakers commenting on thematic groups and the future permanent mechanism.

Scenario-based exercises would be a useful avenue for such discussions, as they provide a platform for states’ legal experts to discuss and apply international law rules to possible real-world scenarios.

speaker

Singapore

reason

This comment introduces a practical method for deepening understanding of how international law applies to specific cyber situations.

impact

It sparked interest in more concrete, applied discussions of international law, with several later speakers endorsing scenario-based exercises or similar practical approaches.

We emphasize the need for clear guidelines and consensus on what constitutes a violation of this principle in cyberspace, as clarity will force the trust and reduce the risk of conflicts.

speaker

Vanuatu

reason

This comment pinpoints a key challenge in applying international law to cyberspace – the lack of clear definitions and thresholds.

impact

It highlighted the need for more specific, detailed discussions on how to define and apply legal principles in cyberspace, influencing subsequent comments on the need for clarity and consensus.

Overall Assessment

These key comments shaped the discussion by moving it from general statements of principle towards more nuanced considerations of how to practically apply and develop international law in cyberspace. They highlighted the need for ongoing dialogue, the tension between security and civil liberties, the importance of concrete mechanisms for future discussions, the value of scenario-based exercises, and the need for clear definitions and thresholds. This led to a more action-oriented conversation focused on specific next steps and challenges in developing a shared understanding of international law in cyberspace.

How to achieve an effective balance between security and individual freedoms in cyberspace?

speaker

Malawi

explanation

This is crucial for developing cyber security legislation that protects both digital infrastructures and civil liberties.

What are the gaps in existing international legal frameworks for ensuring global peace and security in the ICT realm?

speaker

Islamic Republic of Iran

explanation

Identifying these gaps is important for potentially developing new legally binding instruments for cybersecurity.

How do concepts of sovereignty, self-defense, use of force, and attribution apply specifically in cyberspace?

speaker

Pakistan

explanation

Further clarity on these concepts is needed to address the unique challenges posed by cyberspace.

How can international humanitarian law be applied to protect medical or humanitarian data in cyberspace during armed conflicts?

speaker

ICRC

explanation

This is important for building common understandings on protecting humanitarian operations in the digital realm during conflicts.

What would be the parameters and scope of a potential legally binding instrument on ICT security?

speaker

Islamic Republic of Iran

explanation

This is important for those advocating for new binding obligations in the ICT field.

How can capacity building efforts be enhanced to enable more states to develop national positions on the application of international law to cyberspace?

speaker

Multiple speakers including Australia, Mozambique, and Vanuatu

explanation

This is crucial for increasing meaningful participation of all states in discussions on international law in cyberspace.

How can scenario-based exercises and practical case studies be integrated into future discussions on the application of international law to cyberspace?

speaker

Multiple speakers including France, Switzerland, and Australia

explanation

This approach could help ground abstract legal concepts in concrete, real-world challenges.