So, hello everyone and again, welcome. Thank you so much for joining us for today’s discussion. This session is the second part of our two-part webinar series that we organized at Dipler Foundation.

In the first session, we reflected on the achievements and the challenges of the UN Open-Ended Working Group, the OWG, the main forum for state-led UN cyber negotiations. You can also find the link, and I think we’ll also share this in the chat today, so you could access the recording from the first part. Today, however, we will look ahead, and the main goal is to explore what actually comes next, what kind of a structural platform is needed for the future of international cyber dialogue and cooperation, how do we sustain momentum, build trust, whether it is actually possible to improve trust in the current geopolitical realities, what are possible challenges that we can already outline for the process that is expected to start in March next year.

My name is Anastasia Kozakova, I’m a Geneva Dialogue Project Coordinator, Cyber Diplomacy Knowledge Fellow at Dipler Foundation, and it’s also my pleasure to introduce my colleague, many of you know very well, Vladimir Radonovich, Director of Cyber Security and E-Diplomacy Programs at Dipler.

Vlad is also with us today to lead the discussion as well in a chat and hopefully to provoke us. And to reflect about the future, we are joined by the three distinguished speakers. I’m also happy to introduce them.

Ambassador Asoke Mukerji, former Indian ambassador to the United Nations in New York. Isaac Morales Tenorio, Managing Director on Cybersecurity and Security Issues at Aftia Consulting. And Isaac was also formerly a representative of Mexico to the group of states to discuss the implementation of the AGRI framework, including AGRI cyber norms and application of international law to cyberspace.

And Professor Fan Yang, Assistant Professor and Deputy Director of Cyberspace International Law Center and Deputy Director of International Law Department at School of Law, Xiamen University. Thank you very much everyone for being here. So the OWG concluded its work and the idea of a single track permanent mechanism is already on the table.

It’s not officially adopted yet, as we understand, and everyone is waiting for the resolution. However, there are many questions already for the stakeholders who were initially involved in this process, in the previous process, the OWG. And the questions are how to balance different priorities of states and stakeholders, how to ensure inclusivity, how to link it also with possibly other processes and the discussions and related issues such as cybercrime, if possible, the use of artificial intelligence in cyber operations and overall digital development.

And that’s exactly what we will explore together today. Before we ask our experts, we actually like to hear your views, everyone in the room. We prepared one question, one poll.

So please look at the screen. The question is straightforward. So if you had a magic button to shape the future process for cyber negotiations, what would you like to deliver first?

And we put some suggestions from outside. That’s a multiple choice question. So go please to menti.com and use the code that you see on the screen.

If none of these options work for you, please vote either. And if possible, share with us your ideas in the chat. I think that would be extremely useful.

We’ll try to feed in the comments and questions from the chat in our discussion with the experts. So we’ll just give you a moment to vote. We’ll keep this open and also put the code in the chat.

We’ll keep it open and we’ll get back to the results later in the discussion. And we’ll see some of the reflections already. So in the meantime, while everyone shares their views, let me start the first round of the questions and probably start with Ambassador Mukerji with Asoke.

And I wanted to ask first about the different priorities of states, as it was quite evident in the latest sessions of the OWG especially. So the proposed single track future mechanism mainly aims to put the existing framework into practice. And as there was the clash between groups of states who wanted to solely focus on the implementation of the GRIF framework, while some other countries called for the development of new and even binding commitments.

So my question to you, do you think that would be possible in this future global mechanism to address different priorities of states? especially those who ask for new or stronger commitments? And what’s your overall personal take on the necessity of moving towards new and stronger rules for stability in cyberspace?

Well, thank you, Nastya, for that question. And I thank Diplo for inviting me for this webinar. We have followed these last five years of discussions in the OEWG with a lot of interest.

Those of us who have been involved with cyber issues for now almost 20 years. And I think that the signals that have come out in the final report of the OEWG show that there is a willingness among member states to take these discussions forward. While the political focus will be on this mechanism which is to be created by that resolution, I think the areas of activity are now quite clear and important.

In the Mentimeter survey that you’re doing, you have put the broad areas which are of interest to member states. And I think in that context, I would just like to give some of my thoughts on three areas that are before us. The first is, of course, an area where in 2013 and then, of course, 2015, when the GGE norms were unanimously adopted, there was a statement that international law applies to cyberspace.

For a lot of states, that was a very significant recommendation and outcome. And I think that that has to be now built upon by the mechanism. There are three separate areas where the mechanism, in my view, would do well to focus.

The first is the discussions under this area of Article 51, the right to self-defense. I think that for a lot of participants in these discussions, it has been a fairly monochromatic statement that there is the right to self-defense in the UN Charter. But in the work of the mechanism, we need to go a bit deeper into what this really means, especially when you have a plain reading of Article 51 of the UN Charter.

You notice that it is triggered by an armed attack, so therefore it’s not a prospective but a reactive measure. The second, and a lot of people I think haven’t really talked about it, is that Article 51 does not allow any state to take over the mandate given by the UN Charter and international law to the Security Council.

It in fact requires the state to report immediately, and I emphasize the word immediately, the measure it has taken. And then the Security Council has its responsibility under international law to regularize or comment or respond to that measure within the overall framework of maintaining international peace and security.

So that’s one set of issues. And I think the recent paper tabled by Mexico in the UN General Assembly and the Security Council on Article 51 and its link with Article 2.4 of the Charter should be incorporated into the work program of the mechanism when it discusses the subject of how international law applies to cyberspace.

There are two related issues from the UN Charter that I do not find getting much sort of prominence in the OEWG discussions, but I think that they would need to now come in if there’s a permanent mechanism.

These two areas both flow out of Article 62, Paragraph 3 of the UN Charter which empowers the Economic and Social Council to propose legal conventions which become international law under the Charter. Now we have already seen one set of such examples in the area of international humanitarian law which began with the Economic and Social Council mandating the negotiation and adoption of the Universal Declaration of Human Rights between 1946 and 1948.

And after the UDHR was adopted in 1948 and till today, the United Nations Member States have adopted nine major international legal instruments which form the body of international humanitarian law. And I think that this has to be brought into the discussions on how international law applies to cyberspace. The second is something even more invisible, if I may call it that, in the OEWG process.

And that is a reference which is important for all the developing countries which are participating in the mechanism, the reference to the right to development. Again, this is not a declaratory statement which has been made in the meetings of the United Nations. The right to development originates from Article 55 of the UN Charter.

It was developed by the Economic and Social Council, building on the idea of the right first proposed by the Senegalese jurist Keba Mbaye in 1972, which brought it into the African Charter on Human and People’s Rights, the Banjul Charter, and then the UN General Assembly’s Declaration of December 1986, which universalized the right to development.

Now, the right to development is important for developing countries to keep in mind when talking of the application of international law to cyberspace, because it deals with their sovereign rights over their own natural resources and their wealth, and it also upholds their political identity as sovereign states in a multilateral system.

This is something that is extremely important, and I think that this should come into the work of the mechanism on international law applying to cyberspace. In the other area, which is again on the Mentimeter survey that we are doing, about the cyber norms, I remember when the cyber norms were unanimously agreed to in 2015, and we must recognize that 10 years have passed since that decision of the United Nations General Assembly.

There is, therefore, a need to review the agreed 11 norms in these past 10 years to see whether they need to be adapted or amended to take into account both the changes in cyber and digital technologies that have taken place between 2015 and today, and the very, very significant changes in international relations since 2015, which for many of us was the golden apogee of multilateralism.

After 2015, multilateralism has been under a lot of challenge. So, when we consider the norms, we’ll have to look at the impact of these challenges on the norms. There is an interesting question which has been posed in the OEWG, and obviously there is no answer as yet, which is, can the norms become legally binding standards?

And I, from my experience of dealing with issues in the United Nations, can think of one precedent which may be relevant to those in the mechanism who want to move ahead on making legally binding standards out of the norms.

And that area in the United Nations has been the work done by the United Nations legally in terms of responding to terrorism. While the United Nations General Assembly continues to debate and discuss the Comprehensive Convention on International Terrorism, that has not prevented the General Assembly from authorizing the negotiation and adoption of sectoral legal instruments to counter terrorism.

These include conventions on the suppression of terrorist bombings, which was adopted in 1997, a convention on the financing of terrorism adopted in 1999, and the Convention on the suppression of nuclear terrorism in 2005.

So if we have seen the adoption of a sectoral approach, then I think the option of looking at the GGE norms, not as one composite box of 11 norms, but in terms of clusters becomes possible, the cluster becoming the sectoral approach.

And in some of our states, we have experience of two kinds of legal approaches to such norms or principles when we want to make them into legally binding provisions. One approach is of restricting or limiting, meaning a state shall not do something or the other. If you look at the GGE norms, you have norm 3, preventing misuse of ICTs in that state’s territory, norm 6, that states should not harm critical infrastructure, norm 7, that they are obliged to protect critical infrastructure, norm 8 for requests for assistance, norm 10 for reporting vulnerabilities.

and Norm 11, requiring them not to harm CERTs. And then you have another set of norms which could become declaratory. In India, in our constitution, we have a whole section in our constitution which is of declaratory objectives.

And in the GG context, this would apply to Norm 1 for international cooperation, Norm 2 on providing relevant information, Norm 3 on cooperation to prevent crimes or terrorism, Norm 4, Norm 5 on upholding human rights and Norm 9 on ensuring supply chain integrity.

So this is how I would position this topic in terms of the future work of the mechanism. The third and last point that I would like to make refers to the GSCCP, or the Global ICT Security Cooperation and Capacity Building Portal, which has been proposed and unanimously recommended and I assume would be implemented as soon as the resolution is adopted.

This is interesting for a lot of countries, including developing countries, because the idea of supporting capacity building is contained in the UN’s Tunis Agenda, which was adopted in 2005, and also in the discussions of the Global Conferences on Cyberspace, beginning with the London Conference in 2011.

And in fact, the Hague-based Global Forum on Cyber Expertise came out of the Global Conference held in The Hague in 2015. The objective of the Hague GFCE is to develop skills and capacity that address threats and vulnerabilities arising from cyberspace by strengthening cyber capacity and expertise globally through international collaboration and cooperation.

This is a quotation from their mission statement. Now, in the OEWG, the issue was raised of financing. I think in the report, the issue of financing was not addressed and it was left open.

I think in terms of our own experience, that financing has to be linked to two things. One is it must take into account a model of cyberspace, which is a partnership model between the state and private entities. And if that model is adopted and looked at, then in terms of the capacity building portal, the financing should come both from states which can contribute financially as well as from the private sector participants in the proposed portal.

And the issue of how this can be regulated or governed actually is not such a complicated issue because if we just look at one of the specialized agencies of the United Nations, the International Labor Organization, they have managed from 1921 onwards to operate a multiple stakeholder governance structure.

And a person who has come from there into the United Nations system, Mr. Guy Ryder, can be the best guide for the mechanism to advise on how this can be implemented on the ground. And finally, there is in the United Nations system an Office of South-South Cooperation.

And I think that the portal must get linked with the Office of South-South Cooperation for two reasons. One is that the Office of South-South Cooperation actually has available to it the requirements of member states from developing countries, including least developed countries, which would include requirements for cyberspace, for capacity building in cyberspace.

And therefore, there is already an existing mechanism. platform in the UN system which this portal can be interfaced with. The second is that funding for activities under the Office of South-South Cooperation is also taking place and there are at least three identifiable funds for South-South Cooperation which can be made available for capacity building in cyberspace and this includes the UN Fund for South-South Cooperation, the Perez Guerrero Trust Fund for South-South Cooperation and the India UN Development Fund.

So there are three specific funds which are available in addition to funds which are contributed by member states. There’s a China fund as well I know in the UN system and that also I’m sure can be made available if there’s this interface between the UN’s South-South Cooperation platform and the proposed portal. So these are the points I’d like to make and I thank

you once again for your patience in listening to me. Thank you very much Ambassador for outlining a really broad agenda already for the future process and also to giving us references to the other UN processes and bringing in the portal which was initially the proposal from Indian Delegation and indeed it was seems that was agreed in the final report and we need to wait for the final resolution to see how this will further be hopefully implemented.

Isaac I’d like to now turn to you and bring in your experience overall what do you think about the same question about the different priorities of states and whether it would be possible to address them in the future process and if I may add if the single track mechanism focuses mainly on implementation do you think there might be risk of diplomatic fatigue or a loss of ambition?

So how could the mechanism stay dynamic over time? Thank you, thank you very much Anastasia for giving me the floor

and just let me express my deep gratitude for the organization of this. of this discussion. It’s a real pleasure to join my colleagues and, of course, very, very timely having this kind of multi-stakeholder, from a multi-stakeholder platform, having this kind of conversation.

So congratulations to Diplo to advance these efforts. Let me just begin to try to put on the table the idea also to see the result coming from the open-ended working group. After these years, at least two open-ended working groups and the previous GGEs, as a result of a layer-by-layer multilateral process.

I mean, we had at the very beginning some very precise goals coming from the GGE and then additional topics, additional even mandates and elements were added to the initial process. What we do have now is something more robust. What we do have now is a more broader and comprehensive conversation coming from the process and from the open-ended working group concretely and a more delivering or expected to deliver process from this multilateral track.

I think this is relevant because, in the end, this is a very concrete multilateral product and considering the context and considering the situation of the diplomatic discussions at the UN level, etc., it is relevant to recognize that having a result, having a consensus result, it is also relevant to recognize.

By saying so, I also want to emphasize that perhaps now we have been advancing what is called cyber diplomacy. Cyber Diplomacy in Practice. When starting these kind of discussions at the GGE level 10 years ago, as Asoke concretely said, just, I mean, take focus that we have now 10 years with the framework, at least with the rules, with the norms.

And if we take into account discussions those days, this concept of cyber diplomacy was a little, I would say, not concrete, but actually a suspiration. It was like a suspirational idea. And nowadays we can say at all levels, even in various small developing countries, that we do have cyber diplomats, and then we do have cyber diplomacy in practice.

And again, I think this is relevant because coming from the multilateral result, we will see this in general goal of advancing and keep advancing, not only maintaining the framework and the advancements, but actually to pushing forward.

So when we talk about implementation from my point of view and considering this layer by layer, we need to take into account, not only put into practice to implement what we already have within the different reports, within the different resolutions approved by the General Assembly, the first committee related to cyber discussions, but actually to implement these aspirational ideas.

So keeping the door open. to have a global mechanism, then with a plenary session and then thematic groups developing and giving the chance to maintain the discussions will keep us in the logic of not also implementing the norms, not also implementing the CVMs, not also implementing what we already have, but then discovering, advancing, discussing, and further going deeper in order to implement what, I mean, could get the consensus in coming years.

I think also from a more procedural consideration, it is relevant to take into account that countries have decided, delegations have decided to maintain the consensus formula. Some discussions were at the room, in the room, considering to adopt for the future mechanism, general assembly rules, which means the possibility of both. Nevertheless, it was decided in the end to maintain as a core element, the consensus formula.

And this is, again, something relevant to see and to analyze because some countries, particularly developing countries, putting on the table some very concrete ideas, such as a cyber multilateral fund, such as cooperation between international law commission and the first committee.

Some countries putting on the table some ideas of new norms or new CVMs, et cetera, were basically dismissed because they didn’t receive the echo enough. And then some discussions taking into account the possibility to have a vote were there. In the end, keeping in mind the process, the procedures of the consensus formula will bring us to a continuation, basically.

of the kind of discussions that we have seen during the open-ended working group. Which is not bad, by the way. I mean, it’s this consideration of the minimal understanding.

Even when we do want, and at the level discussions, we do want to be very aspirational, we need to keep also under the realistic approaches of the consensus formula. And that is why maybe, I mean, if we see the result, the report, we don’t see those mentions, the strong mentions that previously had on international humanitarian law, for instance. There was not a space for the idea of a checklist of advancements on their rules, which was proposed by the chair of the open-ended working group, by the way.

We see a few elements related to critical infrastructure protection, cross-border infrastructure, which were mentioned during the discussions in a very high detail. But for me, I mean, having all these elements at this stage out from the report means that we can do, and we can still discuss them in the future mechanism under the consideration of these thematic groups.

Also, it’s relevant in order, regarding your question, Anastasia, in order to implement, to really consider real-world challenges and implementation related to those challenges, even when they are very complex elements.

situations, we do need to take advantage of the informal arrangements. What I want to say is it’s not only the consideration of having a global mechanism, it’s not only the global mechanism per se, the formal one, but actually the possibility to still have and to continue to push forward through informal discussions, through side events, through experts’ meetings, through implementation workshops, through, I mean, having the mechanism, it is key, as I mentioned, it is a result of a concrete multilateral product to advance the discussion.

But all around the mechanism, as we saw with the open-ended working group, was very, very substantive. Discussions during side events, discussions during expert meetings, not necessarily officially incorporated into the open-ended working group discussions, but on the sides were very substantive, and actually some ideas came from this kind of informal arrangements, informal discussions, then to be put it on the table.

Of course, one element to better deliver, one element to better implement, it will be to have a strong multi-stakeholder departing point. We do know, you mentioned very well, Anastasia, it is not adopted yet, I mean, we don’t have the resolution, we expect to have the resolution in the terms that it was approved, the report, and then that means that in March next year, 2026, we will have this discussion, initial discussion, initial session, more on the procedural side, more on the processes and the modalities.

And then the discussion, the intense discussion expected for further discussion on the multi-stakeholder possibility. So as mentioned by Asoke, I do believe that having a multi-stakeholder departing point, it is key to better deliver, to better implement. Some of the efforts considered under the CBM’s ideas, under the norms framework and international capacity building, it means that we do need the private sector.

We do need the service providers. We do need not only governments, but actually international organizations, academia, et cetera. So I hope that at least the same level of relevance that other similar processes have put on the idea of taking as a departing point, a multi-stakeholder approach, will be there in March next year and there then to advance better on the implementation taking into account this departing point.

I will end here and maybe I can back on some of the points mentioned also by my colleagues.

Thank you. Thank you very much, Isaac. For highlighting this indeed a new feature in the global mechanisms, this is the possibility of informal discussions.

The question is whether stakeholders will be able also to reorganize themselves and how this will happen. And would it actually would amplify the fragmented discussions in smaller groups with a different pace? I think that might be really interesting to see how this would be further developing, how this would interplay with the key official substantive sessions in the process, whether there was influence or not.

That’s really an interesting dynamics that could be as a result of this new structure of the future process. I’d like to now to turn to Professor Yang and also ask you how do you see the outcomes of the OEWG? and the agreement on the future process and maybe also to ask, given today’s geopolitical tensions and realities overall, do you see the risk of the mechanism to become the hostage of the rivalries between the great powers and whether you see some possibilities to avoid that?

Thank you. Thank you, Nastia, for the question. And also, thanks to the diplo for having me with this timely event.

Just now I was I was listening very carefully to the to my panelists. I come from a different background than them. So my expertise and my experience is mainly with the international legal research on related to cyberspace.

So that means we we’ve been following closely on the questions like application of existing international law to cyberspace and new treaty negotiation. And also how to come up with relevant cyber norms. So that means my personal observation and my interpretation of the OEWG final report and envisage global mechanism is mainly from my international legal background.

So this is my international lawyer part speaking. So so I think. So my answer to Anastasia’s first question is is quite straightforward.

So regarding my thought on whether the global mechanism will provide sufficient space to accommodate the diverse priorities of states, I’m quite positive about that. So here’s my thought process. Firstly, I think we should abandon or we should be very careful about the oversimplified narrative which is quite misleading, that is to distinguish the negotiating states into two camps, say the implementation camp versus the new treaty camp So if you go to a very nuanced level, you will find that most of the states, they have mixed feelings towards this problem So take China for example, so a lot of people think, their first impression is that China favours more of a new treaty approach with regard to the OEWG negotiations But if you go to China’s official positions in each and every OEWG session, including the final session, you’ll find that Chinese representatives, Chinese delegations they will firmly advocate for the implementation of existing consensus.

And on top of that, they are quite open about the future possibility and necessity to include new topics So that’s the Chinese approach. Moving to the, let’s say, the pan-Western approach, which is usually interpreted as the implementation camp But I find that many Western countries, they put emphasis on the new threat that comes to the cyber sphere So for the past one to two years, we constantly hear new concepts like How do we deal with cyber pre-positioning, this sort of activity?

So this kind of act should be distinguished from like cyber armed attack or cyber espionage It sits sort of in between of these two categories So how do we make sense of it? Do we perceive this as a new threat? Do we have to discuss and negotiate a specific new norm towards this new threat, right?

So also more and more people talk about AI-related security problem So this is also an example So if we all admit that AI security becomes a new threat in this field of cyberspace For example, states can now wage AI-empowered cyber operations which goes to a scale and a speed to an extent we have never seen before So this means we have to also come up with maybe new norms So that’s the first point I want to make No oversimplified narrative here And then this leads me to the analysis on implementation and further development If we think of this as a diplomatic negotiation bargaining chips So both are bargaining chips And quite likely they can form or they can function through issue linkage or through package deals, right?

So if one group of states, they have an idea of further implementation of existing norms and the other group have the idea of further develop new norms Maybe they can come up with a package deal or issue linkage to push forward the whole process But, of course, exactly which issue to include in the diplomatic discussion is another problem.

It requires a lot of diplomatic coordination. So basically, that concludes my quite straightforward analysis to Anastasia’s question. And now I’d like to go to maybe one point that our colleague Asoke mentioned in his presentation regarding cyber norms.

So because I have a slightly different personal viewpoint here. So instead of, you know, advocating for a timely review of the established 11 norms, I think what’s needed here is to push forward the implementation of these norms. Because the most important lessons, as I see, from the past 20 years of cyber diplomacy is what I and perhaps many others would call the Ratchet principle.

So Ratchet is a tool that only moves forward. It locks in place and prevents backsliding. So I think we should stick to this guidance strategy.

If we apply this guidance strategy to cyber norms, it means that we keep our consensus on the 11 established cyber norms and we encourage states to implement those norms. But, you know, we should also allow them an extent of flexibility, because different states, they have. they have different realities to face, so they have different capacities, so basically that’s also one of Chinese official positions which I personally endorse, so that’s one point I want to share before I conclude my presentation for this round.

Nastya.

Thank you very much, Professor Yang. I think that’s really helpful as well also for highlighting the threats. I think the threat sections at the last session was indeed one of the lengthiest sections that we at Diplo looked at and tried to analyze, and it was really interesting whether the fact that the states highlight new threats would actually pivot to new rules in the discussion, new rules or new norms.

That’s the big question, but thank you also for highlighting this. Definitely, we see that different angles and perspectives have been already highlighted by all three speakers. I think that’s getting really interesting discussion.

Before we move into the round two, maybe we could also bring the results, Vlada, to the screen. Let’s see how you all actually voted. So, the majority of people voted for stronger global rules and commitments from states.

Interesting that nobody picked other section, but I guess that those who had different view already shared with us in the chat. I see that a lot is going on. Also, Vlada, thanks a lot for sharing the summary of the speakers’ inputs.

That’s very, very helpful. Please also, Isaya Kashok and Professor Janček, whether you could also elaborate and add more. I think that’s really helpful to better understand the different perspectives here.

I’d like to move now to the round two and, again, get back to Ambassador Mukerji. Also, Asoke, if you’d also like to reflect on the inputs from Isaac and Professor Yang, also on the vote, please do so. But my question, the main question would be that I think there have been a lot of discussions about how OWG format succeeded to balance differing voices from the Global North and Global South.

The question, how do you think the future mechanism could do better in this regard? And what practically could be taken better to ensure smaller states, especially those with limited cyber capacities, have a real voice in the new mechanism? Especially, as Isaac mentioned, that it highly likely will be highly multi-stakeholder discussion with a lot of informal processes taking place.

And evidently, not each smaller state has a big team of negotiators to be involved everywhere. So I think that can be really challenging for such states.

Well, yeah, thank you. And it was a real pleasure to listen to Isaac and to Professor Fan Yang. Thank you for your perspectives.

I keep getting educated constantly on this subject, listening to you all. In terms of, I agree with Professor Fan Yang that it’s a mixed response on the ground. It was our experience even when we did the first 10-year review of the Tunis agenda in 2015, when there was a huge controversy over how the Internet is governed.

And there were two camps. One was the multiple stakeholder camp, and the other was the multilateral or state-dominated camp. And I remember at the end, at 3 o’clock in the morning, we arrived at a compromise in which we put both of them into one sentence, which actually shows the reality on the ground, that the governance of the Internet is both multiple stakeholder and multilateral.

That was the formulation of 2015. Now, I mention this because a lot of the issues that we are talking of today will also come up in the second 10-year review of the Tunis agenda, which is due this year. Everybody seems to have put that off their radar screen.

I don’t see much literature on that, but I do hope that the process is underway and that we are going to address some of these issues which have been mentioned by the other speakers in the context of the Tunis agenda.

Because while the mechanism and the OEWG are from 2015 onwards, the broader framework of why is there a global multilateral interest in cyberspace goes back to 2003 and 2005 to Geneva and Tunis. What we do and what we want to do is as much influenced by what we agree on in the review of the Tunis agenda as what we do in the new permanent mechanism. We cannot separate the two.

They are part of an integrated framework. And I mention it because if you remember the first resolution in the General Assembly in 1998 on securing cyberspace, the focus was on the human dimension. It is my fear, as I listen to various people and I read various bits of literature on cybersecurity, that we have moved a bit far away from the human dimension.

And in the chat, I see some of the specific examples that have been thrown up. And I agree with them. How do we deal with real-life issues which are impacted by digital technologies?

And it is not only Article 51 and how to respond to threats, but also how do we use these technologies in a human-centric manner? And I think this is something I hope the global community, which meets in a multiple stakeholder format, Internet Governance Forum, which was also extended in 2015 for 10 years, the Tunis Agenda Review, that this will all come together, that we are not going to deal with a fractured new child born in 2025 in the permanent mechanism and forget the parents, which are the Tunis Agenda and the work that went on before the permanent mechanism was created.

And I say this also because of the, you know, when we teach courses with Vlada on cyber diplomacy, there is a lot of interest in developing country students and participants on how to respond to the challenges they face in a world in which the new technologies dominate our lives.

I mean, today in many countries, I know in my country, India, we are now completely dependent on our biometric digital identities for everything. If we don’t have that, we don’t exist. So, you know, this is something that needs to be kept sight of the human centric dimension of this work that we are doing.

I like Isaac’s reference to the availability of meeting spaces. And this is something that we need to actually, you know, those of us who can encourage more such meeting spaces without the formal framework of a OEWG or a process in which delegates are coming and are sort of interacting, but always aware that what they say may lock them and their countries and their entities into positions which they may not be able to sustain.

So, how do we have an open-ended informal meeting space? I think that’s something that’s important. to consider.

The global conferences did provide that. I mean, those of us who participated, we remember from London to Seoul, to Budapest, to The Hague, and then to New Delhi. After New Delhi, there’s nothing.

So can we revive a new kind of global conversation on cyberspace at a time when cyber technologies and digital technologies are getting weaponized? You know, that’s the other side of the picture, that a lot of us are using these technologies for our human-centric activities. But we are also aware that these technologies are getting weaponized.

And how do we sort of find a balance between these two? You know, in the recent Shanghai Cooperation Summit in Tianjin, it was interesting because we are party to the final declaration as a member state of the SCO. And there is a commitment to continue development on a voluntary basis within the United Nations of universally accepted rules for cybersecurity.

So it’s not that people have pushed to one or the other option. There’s a commitment to a continued process. And I think that this continued process needs to also bring in the bodies which are right now outside.

I hope the mechanism will find a way through the informal format that Isaac mentioned of bringing the Human Rights Council, bringing the Economic and Social Council, bring those people in. Because without them, this discussion is going to go only into weaponization of technologies. We are not going to get into the human dimension at all.

So this is something that is important. And the final point is the legal. For issues which are related to the international law discussion, we must include the Sixth Committee, the legal committee people.

When we negotiated the UN Charter, we had the International Committee of Jurists. And they went through every provision that was negotiated by the states. the member states was put to these jurists and then it came back to become the final provision of the UN Charter.

So if this mechanism is going to work on how international law applies to cyberspace, we should have a way of bringing those specialists into this process. Thank you.

Thank you very much, Asoke. About the legal committee, there was a really interesting outcome that the separate thematic group on the international law was not agreed on. It was probably really an expectation from many stakeholders that such a committee or such a thematic group where stakeholders especially international law experts from various countries could help to move the discussions, really complicated discussions forward.

So let’s see maybe that could be still a part of the one of those thematic groups. Thank you so much for highlighting these two sort of sides between the weaponization of cyber technologies and still the necessity and the aspiration of many to see how the first committee process and the other processes in the UN on cyber could help to amplify the opportunities from cyber, positive opportunities for many people from many communities.

And for those who are not really involved in cyber diplomacy, that might be really interesting and unusual to understand how the first committee is probably narrowly deals with the state behavior, why there’s so many multifaceted and interconnected issues.

But that’s also an open question. Let’s see how the final resolution would formulate the mandate for the global mechanism. I’d like to now turn to probably Professor Young and ask about the modalities, they call them modalities, because that was also one of the difficult topics many stakeholders felt frustrated.

And specifically, yesterday, there was an interesting meeting organized by Canada. And it was an opportunity to hear really different views. Some stakeholders were quite positive that the new mechanism could allow to really lead through the informal sessions, while other stakeholders were a bit, again, frustrated that essentially, substantively, the global mechanism doesn’t really change in terms of multi-stakeholder participation.

So I wonder, how do you see this picture? And whether you see the way to, to actually allow non-custodial there has been more meaningfully integrated into this global mechanism in the future?

Okay, Nastya, thank you for the second round of question. Again, my very simple and straightforward answer to this question is, I think it makes sense that the GM inherits the modality that was used by the OEWG period. So to explain this, I also want to start from the initial debates between multi-stakeholderism versus multilateralism, which Asoke just now also mentioned.

So because this, I would say, is almost one of the first generation cyber debates in both in China and in the international arena. So the Chinese view, and probably also my personal view is that if we are discussing high politics issue related to state sovereignty, the security, probably we, probably this kind of issues be better left to the hands of the sovereign states.

but we also admit that cyber is a very complex and tech-reliant area, so this means for other issues like the management of internet resources, for example, and also the development of new technical protocols, this kind of issues could be left to the hands of private sectors adopting the multilateral multi-stakeholder approach.

But in the track of OEWG negotiation, we see that they’ve managed to strike a balance there, so although this track of cyber diplomacy, diplomatic dialogue is addressing a high politics issue, so that’s why it is under the auspices of the first committee of the UNGA, which deals with international peace and security, but we also admit that to address these issues in a sensible way, in a fully informed way, we also need to learn from the wisdom and experience of private sectors, so I believe that’s like the ultimate rationale to include multi-stakeholder in the UNGA first committee cyber dialogue, because we’re not discussing low politics issues, so I want to emphasize this again, and to prove my point, you can also maybe compare the inclusion of non-state actors in other international fora related to cyber issues, like the cyber crime convention negotiation under the third committee of the UNGA, so they’ve adopted a slightly different approach of multi-stakeholderism.

With this rationale being explained, I think it is quite blatant that for the global mechanism to continue the dialogue on high politics issues related to cyber security, I think the current modality is still the most balanced.

With this being said, I think we also can figure out maybe nuanced ways to improve the efficacy of the involvement of non-state actors. I believe I once heard from one of my cyber diplomat colleagues, he told me that in one of the OEW sessions, he witnessed that there were occasions that non-state actors abused the opportunity to address the session in the formal sessions.

This is a loophole that we should patch. Maybe we need to come up with a more useful mechanism to bring in non-state parties. The role of non-state parties are also closely related to the thematic topics that are addressed in the OEWG or the future global mechanism.

To my mind, I think the analysis on cyber threats and probably capacity building, these two pillars, they should rely more on the contribution from non-state parties. have much to do with the technical capability which are monopolized to a large extent by this tech sector. So I think I’ll end my sharing here.

Thank you, Nastya.

Thank you very much, Professor Yang. Isaac, the same question to you as well about the stakeholder participation. Maybe you could also bring in the perspective whether regional organizations can be those who would provide the space for also parallel meaningful participation of the stakeholders.

Because we heard that some of the countries within the OWG have repeatedly highlighted the positive effect of the regional organizations.

Thank you, Nastya. And thank you to the comments made by my dear colleagues. Actually, I will elaborate on some of the points that they have mentioned in order to build upon.

And first, just let me say that my view is that the global mechanism will be also an enabler. An enabler, at least in three categories. One, and very, very visible, as you mentioned, Nestia, enabler of regional advancements.

I mean, once you have these multilateral UN level discussions, then you take some homework from these discussions and these advancements at the UN level to be implemented at the regional level. Also, the more you engage from a diplomatic understanding, the more you engage in the UN level diplomatic considerations discussions through a global mechanism, the better then to come back and… on a foreign policy, national foreign policy view, than to implement through other ways if you cannot advance through the global mechanism.

Then regional organizations have been enabled by previous discussions, both GGE and Open-Ended Working Group. Even when they are not mandated, I mean, it is not necessarily perhaps to have the global mechanism mandating or suggesting some mandates to the regional organizations, but actually countries, delegations, the regions, the regional groups deciding then to advance some elements that they cannot advance clearly at the global mechanism, then through the regional organizations.

And I do believe we have relevant experiences of this formula with the recent Open-Ended Working Group. For instance, a very close region to me, the Latin American region and the Americas region, through the OAS, the Organization of American States, was possible to advance concrete development of CBMs. Some CBMs initially proposed or discussed at the UN level in the Open-Ended Working Group, but then approved only through the regional challenge.

One of these, for instance, is as a CBM, the possibility to bring junior diplomats and incorporate into the whole diplomatic training cyber diplomacy. And it has been advancing through the regional challenge. So this is the first possibility of the global mechanism to be enabled.

The second element, I do believe that global mechanism could be this enabler, is on the first committee mandates. It is relevant to mention, by the way, that it was decided, I mean, in terms of the report, to maintain this global mechanism, not at another level, but under the first committee framework. This is relevant because then we do have the possibility to continue our work, our discussions at the UN level on peace and security related, all related to cyber.

And this is particularly relevant when we see the global mechanism not in isolation. And I will build upon what Asoke mentioned regarding, for instance, the global conferences, the information society, global conferences, or the internet, global forum, etc., etc. Because then we have the possibility to identify what has been happening, which is a lot in other UN discussions.

Particularly for me, it will be relevant for the next mechanism to take into account the very substantive discussions that have been organized by the UN Security Council in recent years. We have had some thematic discussions or area formula discussions at the UN Security Council level where some elements have been delivered, some experience have been shared that then can be accommodated into the discussions of the future global mechanism.

And we can see also the same in order then to try to not see in isolation the global mechanism, but to consider the advancements of the second committee and ICTs for development particularly. where some arrangements regarding the participation on multi-stakeholder approach, et cetera, have been there. And of course, the very visible new convention coming from the third committee as an element also to provide or to promote a cross-cutting understanding of such elements and threats.

For instance, the ransomware, the intense discussions about ransomware, both at the open-ended working group level and that then at the third committee level at the future convention, because it was decided then not to include at this stage the very concrete elements to threats that doesn’t mean that we cannot incorporate it into the general discussions.

And of course, also to take into account the new AI forum and expert advisory group. I mean, this recent general assembly approved a resolution creating both a global forum will be working year by year and a support expert advisory group. So creating synergies is always like a goal for all these cyber processes.

Nevertheless, even when synergies maybe it’s not necessarily possible to create or in a more realistic manner because of the concrete mandates, et cetera, and the territorialized bodies of the UN level, at least take into account what the discussions are taking form in each of them.

It is a responsibility of the delegations. It is a responsibility of the secretariat and it is a responsibility of multi-stakeholder interested to participate, to take into account this whole approach. then to see what exactly, if I’m discussing and advancing, for instance, ransomware decisions or incident response decision in second committee and third committee, then perhaps I do need to be more specific and more strategic in what exactly I want to discuss under the first committee mandate, which will be the global mechanism.

I do believe that very sensitive issues such as international law, attribution, that has been mentioned are not right there with a formula of a group. I mean, we don’t have this international law group, working group under the global mechanism, but that again doesn’t mean that we cannot discuss these very sensitive and core issues through this first committee mandate.

Actually, it will be the correct forum. It is a pending to respond question, but at least it will be then the possibility to advance.

Thank you very much, Isaac. Also, actually highlighting practical way forward for those who are involved in cyber diplomacy. And we see with this global mechanism, cyber diplomacy really becomes very much mature and complex in terms of the structure, how different dynamics may unfold.

And for those who are involved from both state and non-state actors, it just, it would imply actually more necessity to develop the necessary skills and expertise, but definitely thank you so much for highlighting this practical way forward.

I think it sounds, for me at way, as I hear, it sounds very much practical and positive. That there’s a lot of work and as the way to, essentially to continue the dialogue, which is really important, especially today. I’d like to bring in Vlada to help us summarize the discussions going on in the chat, because I see a lot of really interesting questions and topics, so Vlada.

If you could, help us as well.

It’s not going to be easy, but trying to run briefly through a couple of points that were raised. Initially, a discussion about the need to have practical tools for cooperation and incident response, one of the options in the poll, particularly helping developing countries, and probably not only, to learn on what are the optimal ways for cooperation and interdependence among various actors.

Then, the concern of the dominance of big tech influence in the whole process and negotiations on cybersecurity. Then we had a very interesting emphasis on the issue of attribution as a key obstacle to anything and everything when it comes to implementation of the rules, and not only in cyber, but probably also in AI context and so on.

So what do we do with the attribution? There were discussions about the global portal, mainly support, but also how to integrate other existing portals by the multi-stakeholder community. And then the finances for that, including for capacity building, which are lacking.

And as one of the participants also mentioned, there was no agreement on establishing the funding mechanism. There were comments about cyber norms that are basically the only agreed upon set of rules and should be protected by all means as a common ground and shouldn’t be scrapped because that would lead to a disaster.

There was a comment that the final report does not mention involving international legal commission, international law discussions. And the final one is, again, an emphasis on the role of regional organizations, which may actually unite the fragmented positions and help reaching the consensus. I’ll stop there and back to you, Nastya.

Thank you so much. Thank you so much, indeed. I also personally liked someone said on the chat that big security headache isn’t a malware, but a diplomatic fork.

I think that’s really nicely said. It might provoke others. agree or disagree, but anyway thank you so much as well.

And I’d like at this stage to also invite Katherine Getao. Again, many of you may know Katherine very well. She is a cyber diplomacy expert and former head of ICT authority in Kenya and formerly representative of Kenya in a group of governmental experts and one of the also knowledgeable experts in this field.

So Katherine , over to you maybe to share some reflections and comments and maybe to provoke us further.

Thank you very much Anastasiya and it’s really a pleasure to be here and to see old friends and new. A very, very rich discussion. I almost want to step back and just say I just want to reflect on all the things that Asoke, Isaac, Professor Yang and Vlada yourself have said because they’re very thought-provoking.

I will start maybe with the questions that were in the mentee poll and I usually don’t think of them as separate things but as things that are part of this successful solution that we’re all looking for.

Good rules, yes, but if there are no practical tools for making them a reality in every country, they might just remain on the shelf. And inclusion of the private sector and stakeholders. I was checking some statistics and I saw that four out of five people in the world live in developing countries and two-thirds of the world’s population has access to the internet and interestingly, this is about the same number as have or the same proportion that have access to clean water or nutritious food.

So this is a basic and it’s something that is touching the majority of the world’s population in their homes, in their offices, in their school settings and therefore I can see why many people feel that it cannot be just states that are talking about this and indeed I remember very well that during the 2016-17 session of the United Nations group of governmental experts is actually where the idea of the open-ended working group was born and it came from a desire that more of the world’s states should participate in this process and more stakeholders should have a voice and I think it’s been at least much more successful than the UNGG in this as your OEWG because I remember this is the main question as I walked around that people used to sort of call on me and just say you know what’s going on there it seems to be a very exclusive group.

I don’t see that as much. Countries are participating, they’re actually investing in being able to participate in the OEWG and other stakeholders are speaking out but of course any process that becomes larger also becomes messier.

However, the success of the OEWG in coming up with reports and direction for the future shows that even in this messier environment where more people and more types of stakeholders have a voice Most states have a voice.

We do get commonalities that help us to move forward. Now I’d say the other thing I noticed from the graph is that most people chose the rules as being the priority. And that’s another question which often comes up.

You know, norms are too weak, like a toothless dog. It’s just barking. But everybody knows it can’t really do anything if push comes to shove.

But I believe that norms are about forming a common culture. And it’s extraordinary that so many states have agreed that these 11 simple points of culture are things that we can all agree on and which can guide our behavior and identify or reveal our misbehavior.

So this is very important. And I believe even strong rules are built on a foundation of good culture, which people believe in. Indeed, we’re seeing around the world a tension between rules and culture.

We’ve seen it in very strong developed countries like the US and smaller countries like Kenya. And I’d ask myself, you know, how did the rules come about where people don’t really seem to accept those rules and they want to push against them? So I think culture and rules should not only coexist, but the best rules are consistent with culture.

So I’ll stop there because I don’t want to take up the time. I know there are many people who want to speak, but I do want to thank the panelists and also. Duplo colleagues for a very rich and timely discussion and something that I will hope will continue because culture is not only built in meeting rooms, it’s also built in informal settings, through artifacts and through respect for one another and frequent discussions.

Thank you so much. Thank you so much, Katherine Someone sent a heart and I would join here. Thank you so much for the wisdom.

Indeed, reminding us that the fact that 198 countries from the UN managed to agree on these 11 norms, it is a really important achievement and it reflects how really diverse different views are. But anyway, these 11 norms somehow set the expectations on this culture and definitely implementation goes on and has its own national or regional specifics. So global mechanism will probably help us to learn more how different countries approach the implementation.

We’re running out of the time closing the session, so my final question would be to all three speakers. Finally, looking ahead briefly, what would be your main sort of the advice for the next phase of the UN negotiations, cyber negotiations, to deliver meaningful and tangible results? So, if possible, in a very brief answer, I would start with Asoke first and then we’ll turn to Isaac and Professor Yang.

So, Ambassador, please. Well, I think in the mechanism and the process, we need to

maintain the spirit with which the final report came out, which means that we all compromised in a certain sense to take this process forward. That’s going to be very important at a time when international relations is facing a lot of challenges. And this will be like a ray of light that these 193 countries, as you mentioned, can come together and take this process forward.

I think that implementing and showing to people that this work is directly related to their daily lives is going to be one of the biggest challenges and also the biggest opportunities for this mechanism.

Because it shouldn’t be seen as a UN talk show which has no impact on people’s lives. And that’s why the multiple stakeholder dimension is so important. And I think that a little bit of work has to be done to make the multiple stakeholders who are non-governmental entities actually speak more in their own countries, in their own states about this work that is being done.

There is very little that comes out in a large number of countries and people are only dependent and reliant on what is put out by the United Nations. That should not be the only source of information and it should be an interactive process. Because I think the time has come for multiple stakeholders who are not government entities to also take some of the responsibility for creating a positive outcome of this work.

Thank you.

Thank you so much, Asoke. Isaac?

Thank you very much, Nastya, for the question and thanks all for the elements put on the table. Actually, I will imagine at least three recommendations or three ideas for trying to get more successful results or to continue at least with the results that we have layer by layer in these years with the Open-Ended Working Group.

For the new global mechanism, I believe the first recommendation will be to consider the possibility to have Guidelines-style deliverables. I mean, not only policy-level, strategic, very strategic-level reports, basically reporting what the discussions were and came, etc., but actually guidelines styles, like giving, giving, and making visible some practical recommendations.

That will be the very first recommendation, because we need to attend this expectation of transitioning from a very policy to a more practical deliverable. And that, that was very present in the whole discussions of the future mechanism, and we do need to attend it. The second idea, and more procedural, more perhaps taking into account previous experiences, to think on supportive countries to the chair, to the future chair, to the future as a governing body, to imagine the possibility to have supportive countries or delegations.

This can be developed in a very informal way, as it was during the last open-ended working group discussions, where some countries just raised the hand and mentioned, I do want to help in order to try to get consensus on a particular issue.

This idea in a more continued way, it will be, it will be great. Then, because the appropriation of the delegations and concrete stakeholders of some topics, it’s relevant for the process, because it will be not the future chair’s process, but actually the whole delegation, supportive delegations process.

And, and the final element is, is basically to, to insist and to, and to concretely recommend to look at other processes, what the discussions are taking form in the other UN fora. what the discussions are taking for in the regional level, then to be more strategic on what specifics we can advance at the first committee mandate global mechanism. That will be the three elements.

Thank you.

Thank you very much. And Professor Yang, please.

Thank you, Nastya, for this final opportunity to share my perspective. So the first very general advice I have is that maybe we can use more realism and patience with what we expect to achieve with the future global mechanism. So by this, I mean, if we look at, for example, the maybe not very appropriate example, but I’ll use it anyway.

So the example of regulating nuclear weapons, not in the sense of arms control or disarmament, but in the sense of applying international law to this particular weapon. So it’s almost 40 years before the authoritative juridical body of the international society, namely the ICJ, that issued an advisory opinion on application of international law to nuclear weapons. That is in the year 1996.

So now we’re talking about regulating cyberspace, regulating state behavior in cyberspace, and it’s only like 20 years. So maybe we need to give the process some time. And this helps to maybe reduce some of our idealism or some of our, how to say, the inappropriate passion about seeking for…

and maybe premature legal precision. So that is like the overall general recommendation. And in addition, I have two maybe more concrete recommendations, both again related to international law aspects.

So first, from my own experience, I think it’s very important for us all, and especially for the global mechanism, to find a way to deepen our understanding of the nature of state behavior in cyberspace, and also to understand the harms this sort of behaviors inflict.

Again, if you look at the past 20 years, our understanding of these two things are developing, are evolving, but I think still we can use more energy and devotion to this topic. Otherwise, a lot of discussion or debate will be caught in a situation where the potentially victim states, they have the potential to exaggerate the harm that cyber operations inflict, while the allegedly perpetrating states, they will find a way to argue otherwise.

So that’s my first concrete recommendation. The second recommendation is that, in addition to discussing what international law applies, how this international law applies, I think we could also benefit from a detailed discussion on how should we as responsible states go about applying the law?

How should we make case as per international law? I mean, is there a common framework that we can go to? Because this is quite important.

If we have consensus on that framework, it can benefit us all, even if we still have a different understanding on the substantive level of the legal obligations, right? I mean, we have to admit that even if we live in a perfectly legalized world, that we have a lot of detailed international laws regulating state behavior in cyberspace, we would still find legal disputes in front of international courts, right, where one party argues this way and the other party argues differently.

So that is the question the substantive discussion of international cannot solve. It’s a result that it cannot deliver, but we can go to go look at the framework. For example, the framework could include steps like maybe a factual assessment and attribution standard, legal characterization of the acts and the harm, review of available response options, things like this.

So it gives us another new set of reference points, helping us to, you know, trying to make a case as per international law. So these are my two concrete recommendations. Thank you.

Thank you so much. I would echo indeed this interesting combination of a cause for rules and a stronger commitment, but at some time a lack of a deeper understanding of what actually states and non-state actors do in cyberspace, and the lack of universal, at least, access to the actual activities there.

and overall understanding of harms as you highlighted. So hopefully the global mechanism could be the place where this deeper understanding could be developed and shared motive further. And also with the help of the stakeholders who actually have the access to the technologies and infrastructure.

I’d like to conclude at this point and just to highlight that it’s not the stop, it’s not the end of course, it’s the continuing conversation. Today’s session hopefully help you as well to look forward with the more clarity and ideas. It certainly helped me to get more educated as Ambassador Mukerji highlighted.

It’s always a pleasure to learn from other experts. And thank you very much to all our speakers and participants. Unfortunately, we had a lot of really interesting comments and we didn’t have the time to actually focus on each of those comments and questions.

So we will prepare the report with the help of our AI, deep layer AI tools. And that would be really quickly. And we will share this with everyone as well as this recording.

Please follow the updates from the digital watch on the global mechanism and also the developments from the resolution later this year. And on the Geneva Dialogue for those also coming from the private sector and civil society who are interested in a more practical norms implementation. So thank you again for joining us and we look forward to continuing this dialogue in the months ahead and wish you a really good rest of the day.

Thank you all. Bye bye.