UN Cyber Dialogue: Shaping the future global mechanisms for cyber-stability (report)

Context
DiploFoundation hosted a webinar on 11 September 2025 as the second part of a two-part series discussing the outcomes of the UN Open-ended Working Group (OEWG) on cybersecurity and the future of international cyber negotiations. The session brought together diplomatic representatives, academics, and cybersecurity experts to explore what structural platform would be needed for future international cyber dialogue and cooperation. The discussion occurred following the conclusion of the OEWG’s work and ahead of the expected establishment of a permanent global mechanism for cyber negotiations scheduled to begin in March 2026.

Why it matters
This discussion is significant as it addresses how the international community will structure its ongoing negotiations on cybersecurity matters at a time of increasing geopolitical tensions and rapid technological evolution. The transition from a time-limited working group to a permanent mechanism represents an institutionalisation of cyber diplomacy within the UN system. The webinar provided early insights into how different stakeholders view the priorities and challenges for this new mechanism, which will be responsible for maintaining momentum in implementing agreed cyber norms while addressing emerging threats. The discussion matters particularly for developing countries seeking to ensure their voices are heard in cyber negotiations and for all stakeholders interested in maintaining stability in cyberspace.

What was discussed
The webinar focused on the proposed permanent global mechanism for cyber negotiations that is expected to be established following the OEWG process. Speakers examined how this mechanism could balance different state priorities, particularly between those advocating for focused implementation of existing agreements and those calling for new binding commitments.

Discussions covered the appropriate scope of work for the new mechanism, including potential focus on deeper examination of how international law applies to cyberspace, particularly regarding self-defence under Article 51 of the UN Charter. Participants suggested the mechanism might review and potentially adapt the 11 agreed cyber norms from 2015 to reflect technological changes and geopolitical shifts that have occurred over the past decade.

The conversation highlighted the importance of the proposed global ICT Security Cooperation and Capacity Building portal, with suggestions for funding models that would involve both states and private sector contributors. Speakers emphasised the need to connect this portal with existing UN mechanisms like the Office of South-South Cooperation.

Participants discussed the appropriate level of multistakeholder participation in the future mechanism, recognising the value of non-state actor input while acknowledging that security-focused discussions traditionally fall under state authority. The role of regional organisations in advancing cyber discussions was also highlighted as valuable.

Unique and non-expected insights
A notable insight emerged regarding the perception that the dichotomy between states advocating for implementation versus those seeking new binding rules may be oversimplified. Analysis suggested that most states have mixed positions, wanting both effective implementation of existing norms and development of new guidelines where necessary, such as for emerging threats like AI-enabled cyber operations.

The discussion revealed unexpected connections to other UN processes, including the upcoming review of the Tunis Agenda and the work of the Internet Governance Forum, suggesting that the cyber stability discussions should not occur in isolation from broader digital governance conversations.

Another interesting perspective challenged the notion that the 11 agreed norms need substantial revision, instead advocating for a ‘ratchet principle’ approach where existing consensus is maintained while allowing flexibility in implementation according to national circumstances.

Follow-up and next steps
Participants suggested several follow-up actions for the new mechanism, including producing guideline-style deliverables rather than only policy documents, establishing a system of ‘supportive countries’ to assist the chair in building agreement, and creating stronger connections with other UN processes addressing related issues like cybercrime and artificial intelligence.

The immediate next step identified was the expected UN General Assembly resolution later in 2025 that would formally establish the permanent mechanism, followed by its inaugural session in March 2026 where procedural matters and modalities would be addressed.

Speakers recommended that the mechanism should find ways to demonstrate its relevance to people’s daily lives to overcome perceptions of being a ‘UN talk shop’, and that non-state actors should take more responsibility for amplifying the discussions within their own countries and sectors.

Anastasiya Kazakova (moderator), DiploFoundation

• The OEWG concluded with a proposed single-track permanent mechanism for cyber negotiations
• Different state priorities need balancing in the new mechanism, particularly between implementation focus and development of new rules
• Questions remain about how to ensure inclusivity for smaller states with limited cyber capacities
• The new mechanism’s informal discussion components could either amplify fragmented discussions or enhance the formal process

Asoke Mukerji, Former Indian Ambassador to the UN

• The future mechanism should examine Article 51 of the UN Charter regarding self-defence in cyberspace, particularly the definition of ‘armed attack’ and the Security Council’s role
• Article 62(3) of the UN Charter provides a model for developing legal conventions through the Economic and Social Council
• The right to development under Article 55 of the UN Charter should inform cyber capacity building discussions
• The 11 agreed cyber norms from 2015 should be reviewed and potentially adapted to reflect technological and geopolitical changes
• The proposed global capacity building portal should be funded through multiple sources including existing UN South-South cooperation funds

Isaac Morales Tenorio, FTI Consulting

• The OEWG process represents a successful layer-by-layer approach to building a multilateral agreement
• Cyber diplomacy has evolved from an aspirational concept to a practical implementation over the past decade
• The consensus-based approach provides minimal agreements but may limit ambitious proposals from developing countries
• Informal discussions, side events and expert meetings provide valuable contributions alongside formal negotiations
• The new mechanism should produce guideline-style deliverables rather than only policy documents

Fan Yang, Xiamen University

• The narrative distinguishing ‘implementation’ versus ‘new treaty’ camps is oversimplified as most states have mixed positions
• The existing 11 cyber norms should be maintained under a ‘ratchet principle’ that prevents backsliding while allowing implementation flexibility
• High-politics security issues should remain primarily with states while technical issues can involve more multistakeholder participation
• The international community needs more time to develop legal precision in cyber matters, similar to the 40-year process for nuclear weapons
• Discussion should focus not only on what international law applies but how states should make legal cases regarding cyber incidents

Katherine Getao, Cyber diplomacy expert

• Good rules require practical implementation tools to be effective
• The OEWG process successfully increased participation compared to earlier exclusive expert groups
• Norms represent an important common culture that guides behaviour and identifies misbehaviour
• The best rules are those consistent with cultural values rather than imposed without cultural foundation

---

List of speakers with affiliation and word count

Speaker	Affiliation	Word count
Anastasiya Kazakova	moderator DiploFoundation	1,842
Asoke Mukerji	Former Indian Ambassador to the UN	2,345
Isaac Morales Tenorio	FTI Consulting	2,012
Fan Yang	Xiamen University	1,876
Katherine Getao	Cyber diplomacy expert	728

---

Speaker demographics

• Continental representation:
• Asia: 2 speakers
• Europe: 2 speakers
• Africa: 1 speaker
• Latin America: 1 speaker

• Gender representation:
• Female: 2 speakers
• Male: 4 speakers
• Note: Demographic information is approximate based on available speaker affiliations and names. Some details like exact nationalities or organisational types were not explicitly stated in the transcript.

Agreements

Support for continuing cyber negotiations through a permanent mechanism: All speakers expressed support for establishing a permanent global mechanism to continue cyber discussions under the UN First Committee. Speakers agreed this represents an important institutionalisation of cyber diplomacy.

Importance of implementing agreed norms: There was agreement that implementing existing agreed norms is crucial, though speakers differed on whether this should be the exclusive focus or complemented with new norm development.

Value of multistakeholder participation: Speakers concurred that non-state actors have an important role to play, particularly in implementation efforts, capacity building, and technical expertise, though views differed on the appropriate level of participation in security-focused discussions.

Need for capacity building support: Participants agreed that capacity building, particularly for developing countries, is essential, with support expressed for the proposed global ICT Security Cooperation and Capacity Building portal.

Role of regional organisations: Speakers acknowledged the value of regional organisations in advancing cyber discussions and implementing agreements at the regional level.

Disagreements

Balance between implementation and new rules: Some speakers emphasised focusing primarily on implementing existing agreements, while others argued for developing new rules to address emerging threats like AI-enabled cyber operations.

Appropriate level of multistakeholder participation: Differences emerged regarding how extensively non-state actors should participate in security-focused discussions, with some advocating for robust inclusion and others suggesting more limited roles for non-state actors in high-politics security matters.

Adaptation of existing norms: Some speakers suggested reviewing and potentially adapting the 2015 cyber norms while others advocated for maintaining the existing norms unchanged under a ‘ratchet principle’.

Establish a supportive country system: Isaac Morales Tenorio proposed creating a system where countries formally support the chair of the new mechanism to help build agreement on specific issues.

Produce guideline-style deliverables: Isaac Morales Tenorio suggested the new mechanism should focus on producing practical guidelines rather than only policy-level documents.

Connect with other UN processes: Multiple speakers recommended connecting the cyber mechanism with other UN processes, including the Sixth Committee, Human Rights Council, Economic and Social Council, and cybercrime negotiations.

Interface capacity building portal with South-South cooperation: Asoke Mukerji proposed linking the proposed capacity building portal with the UN Office of South-South Cooperation to access existing funds and needs assessments.

Revive global cyber conferences: Asoke Mukerji suggested reviving the Global Conference on CyberSpace series to provide informal discussion spaces alongside formal negotiations.

• “ten years have passed since that decision of the United Nations General Assembly” – Asoke Mukerji
• “four out of five people in the world live in developing countries” – Katherine Getao
• “two-thirds of the world’s population has access to the internet” – Katherine Getao

---

Linguistic devices

Metaphor

• “ray of light” – Asoke Mukerji (referring to countries coming together on cyber issues)
• “diplomatic fog” – Chat participant (referring to attribution challenges)
• “toothless dog” – Katherine Getao (referring to norms without implementation)

Analogy

• “ratchet principle” – Fan Yang (comparing cyber norm development to a tool that only moves forward)

Rhetorical question

• “how do we use these technologies in a human-centric manner?” – Asoke Mukerji

Tech dichotomies

Dichotomy	Explanation	Quotes
Opportunity vs risk	Tension between beneficial uses of cyber technologies and their weaponization	“how do we use these technologies in a human-centric manner? But we are also aware that these technologies are getting weaponised” – Asoke Mukerji
Implementation vs new development	Balance between implementing existing agreements and developing new rules	“do you think that would be possible in this future global mechanism to address different priorities of states, especially those who ask for new or stronger commitments?” – Anastasiya Kazakova
Multilateral vs multistakeholder	Tension between state-led and inclusive governance approaches	“governance of the internet is both multiple stakeholders and multilateral” – Asoke Mukerji

---

Word frequency

Single words

Word	Frequency
mechanism	42
norms	38
cyber	35
implementation	28
discussion	25

Bigrams

Phrase	Frequency
global mechanism	18
capacity building	15
international law	12
cyber norms	11
multistakeholder approach	9

---

Trigrams

Phrase	Frequency
open ended working	7
group on cybersecurity	5
application of international	5
international law applies	4

Thought-provoking comments

• “Right now, the biggest cyber-security headache isn’t the whiz-bang malware itself; it’s the diplomatic fog.” – Chat participant
• “Norms become enforceable only when someone owns each task.” – Chat participant

Anastasiya Kazakova: So hello everyone. And again, welcome. Thank you so much for joining us for today’s discussion. This session is the second part of our two-part webinar series that we organise at DiploFoundation. In the first session, we reflected on the achievements and the challenges of the UN Open-ended working group. The OEWG, the main forum for the state-led UN cyber negotiations. You could also find the link, and I think we’ll also share this in the chat today. So you could access the recording from the first part.

Today, however, we will look at and the main goal, which is to explore what actually comes next, what kind of a structural platform is needed for the future of international cyber dialogue and cooperation? How do we sustain momentum, build trust, and what is actually possible to improve trust in the current geopolitical realities? What are the possible challenges that we can already outline for the process that is expected to start in March next year? My name is Anastasia Kazakova. I’m a Geneva dialogue project coordinator, cyber diplomacy knowledge fellow at Diplofoundation, and it’s also my pleasure to introduce my colleague.

Many of you know very well Vladimir Radenovic, director of cybersecurity and e-diplomacy programs at Diplo. Vlad is also with us today to lead the discussion in the chat and hopefully to provoke us and to reflect on the future. We are joined by the three distinguished speakers. I’m also happy to introduce them. Ambassador Ashok Mukherjee, former Indian Ambassador to the United Nations in New York. Isaac Morales, managing director of cybersecurity and security issues at FTI Consulting.

Anastasiya Kazakova: And Isaac was also formerly a representative of Mexico to the group of states to discuss the implementation of the Agreed Framework, including agreed cyber norms and application of international law to cyberspace. And professor, assistant professor and Deputy Director of Cyberspace International Law Centre, and deputy director of International Law Department and School of Law, Xiamen University.

Thank you very much, everyone, for being here. So the OEWG concluded its work, and the idea of a single-track permanent mechanism is already on the table. It’s not officially adopted yet, as we understand, and everyone is waiting for the resolution. However, there are many questions already for the stakeholders who were initially involved in this process. In the previous process, the OEWG and the questions are how to balance different priorities of states and stakeholders, how to ensure inclusivity, how to link it also with possibly other processes, and discussions on related issues, such as cybercrime, if possible, the use of artificial intelligence in cyber operations and overall digital development. And that’s exactly what we will explore together today.

Before we ask our experts, we would like to hear your views. Everyone in the room. We prepared one question, one poll. So please look at the screen. The question is straightforward. So if you had a magic button to shape the future process for cyber negotiations, what would you like to deliver first? And we put some of our suggestions on our side. That’s a multiple-choice question. So, go to menti.com and use the code that you see on the screen.

Anastasiya Kazakova: If none of these options work for you, please vote for another one, and if possible, share with us your ideas in the chat. I think that would be extremely useful. We’ll try to feed in the comments and questions from the chat in our discussion with the experts. So we’ll just give you a moment to vote. We’ll keep this open. And also put the code in the chat. We’ll keep it open, and we’ll get back to the results later in the discussion. And we’ll see some of the reflections already.

So in the meantime, while everyone shares the views, let me start the first round of the questions and probably start with Ambassador Mukherjee with Ashok. And I wanted to ask first about the different priorities of states, as it was quite evident in the latest sessions of the OEWG, especially since the proposed single-track Future mechanism mainly aims to put the existing framework into practice.

And as it was, the clash between groups of states who wanted to solely focus on the implementation of the Agreed Framework, while some other countries called for the development of new and even binding commitments. So my question to you is, do you think that would be possible in this future global mechanism to address different priorities of states, especially those who ask for new or stronger commitments? And what’s your overall personal take on the necessity of moving towards new and stronger rules and for stability in cyberspace?

Asoke Mukerji: Well, thank you for that question. And I thank Diplo for inviting me to this webinar. We have followed these last five years of discussions in the OEWG with a lot of interest, those of us who have been involved with cyber issues for almost 20 years. And I think that the signals that have come out in the final report of the OEWG show that there is a willingness among member states to take these discussions forward. While the political focus will be on this mechanism, which is to be created by that resolution, I think the areas of activity are now quite clear and important in the Mentimeter survey that you are doing, you have put the broad areas which are of interest to member states.

And I think in that context, I would just like to give some of my thoughts on three areas that are before us. The first is, of course, an area where, in 2013 and then of course, 2015, when the GGE norms were unanimously adopted, there was a statement that international law applies to cyberspace. You know, for a lot of states, that was a very significant recommendation and outcome.

And I think that has to be built upon by the mechanism. Now, there are three separate areas where the mechanism, in my view, would do well to focus. The first is the discussions under this area of Article 51 on the right to self-defence. I think that for a lot of participants in these discussions, it has been a fairly monochromatic statement that there is the right to self-defence in the UN charter.

Asoke Mukerji: But in the work of the mechanism. We need to go a bit deeper into what this really means, especially when you have a plain reading of Article 51 of the UN charter. You notice that it is triggered by an armed attack. Therefore, it’s not a prospective, but a reactive measure.

The second, and a lot of people, I think, haven’t really talked about it, is that Article 51 does not allow any state to take over the mandate given by the UN charter and international law to the Security Council. It, in fact, requires the state to report immediately. And I emphasise the word immediately, the measure it has taken. And then the Security Council has its responsibility under international law to regularise or comment or respond to that measure within the overall framework of maintaining international peace and security. So that’s one set of issues.

And I think the recent paper tabled by Mexico in the UN General Assembly and the Security Council on Article 51, and it’s linked with Article 2.4 of the charter, should be incorporated into the work programme of the mechanism when it discusses the subject of how international law applies to cyberspace. There are two related issues from the UN charter that I do not find are getting much sort of prominence in the OEWG discussions, but I think that they would need to now come in if there is a permanent mechanism.

Asoke Mukerji: And these two areas both flow out of Article 62, paragraph three of the UN charter, which empowers the Economic and Social Council to propose legal conventions which become international law under the charter. Now, we have already seen one set of such examples in the area of international humanitarian law, which began with the Economic and Social Council mandating the negotiation and adoption of the Universal Declaration of Human Rights. Between 1946 and 1948, and after the UDHR was adopted in 1948, until today.

The UN member states have adopted nine major international legal instruments which form the body of international humanitarian law, and I think that this has to be brought into the discussions on how and international law applies to cyberspace. The second is something even more invisible, if I may call it that, in the OEWG process. And that is a reference which is important for all the developing countries which are participating in the mechanism. The reference to the right to development.

Again, this is not a declaratory statement which has been made in the meetings of the UN. The right to development originates from Article 55 of the UN Charter. It was developed by the Economic and Social Council, building on the idea of the right first proposed by the Senegalese jurist Mbaye in 1972, which brought it into the African Charter on Human and Peoples Rights, the Banjul Charter, and then the UN General Assembly’s declaration of December 1986, which universalised the right to development.

Asoke Mukerji: Now, the right to development is important for developing countries to to keep in mind when talking of the application of international law to cyberspace, because it deals with their sovereign rights over their own natural resources and their wealth. And it also upholds their political identity as sovereign states in the multilateral system. This is something that is extremely important.

And I think that this should come into the work of the mechanism on international law applying to cyberspace. In the other area, which is again on the Mentimeter survey that we are doing about the cyber norms. I remember when the cyber norms were unanimously agreed to in 2015, and we must recognise that ten years have passed since that decision of the United Nations General Assembly.

There is therefore need to review the agreed 11 norms in these past ten years to see whether they need to be Adapted or amended to take into account both the changes in cyber and digital technologies that have taken place between 2015 and today and the very, very significant changes in international relations since 2015, which for many of us was the golden apogee of multilateralism after 2015. Multilateralism has been under a lot of challenge. So when we consider the norms, we’ll have to look at the impact of these challenges on the norms.

Asoke Mukerji: There is an interesting question which has been posed in the EU, and obviously, there is no answer as yet, which is, can the norms become legally binding standards? And from my experience of dealing with these issues in the UN, I can think of one precedent which may be relevant to those in the mechanism who want to move ahead on making legally binding standards out of the norms.

And that area in the United Nations has been the work done by the United Nations legally in terms of responding to terrorism, while the United Nations General Assembly continues to debate and discuss the Comprehensive Convention on International Terrorism, which has not prevented the General Assembly from authorising the negotiation and adoption of sectoral legal instruments to counter terrorism. These include conventions on the suppression of terrorist bombings, which were adopted in the 1997 Convention on the Financing of Terrorism, adopted in 1999, and the Convention on the Suppression of Nuclear Terrorism in 2005.

So if we have seen the adoption of a sectoral approach, then I think the option of looking at the norms not as one composite box of 11 norms, but in terms of clusters becomes possible. The cluster is becoming the sectoral approach, and in some of our states, we have experience of two kinds of approaches to legal approaches to to such norms or principles when we want to make them into legally binding provisions.

Asoke Mukerji: One approach is to restrict or limit, meaning a state shall not do something or the other. Now, in the norms, you have norm three preventing the misuse of ICTs in that state’s territory. Norm seeks that the state should not harm critical infrastructure. Norm seven states that they are obliged to protect critical infrastructure. Norm made for request for assistance. Norm ten for reporting vulnerabilities and Norm 11 requires them not to harm.

And then you have another set of norms which could become declaratory in India. In our Constitution, we have, you know, a whole section in our Constitution, which is of a declaratory nature. And in that context, this would apply to norm one for international cooperation, norm two on providing relevant information, and norm three on cooperation to prevent crimes or terrorism. Norm. Norm for norm five on upholding human rights and norm nine on ensuring supply chain integrity. So this is how I would position this topic in terms of the future work of the mechanism.

The third and last point that I would like to make refers to the CCP or the global ICT Security Cooperation and Capacity Building portal, which has been proposed and unanimously recommended, and I assume would be implemented as soon as the resolution is adopted. This is interesting for a lot of countries, including developing countries, because the idea of supporting capacity building is contained in the UN’s Tunis Agenda, which was adopted in 2005, and also in the discussions of the Global Conference on Cyberspace, beginning with the London conference in 2011.

Asoke Mukerji: And in fact, the Hague-based Global Forum on Cyber Expertise came out of the global conference held in The Hague in 2015, and the objective of the Hague GFC is to develop skills and capacity that address threats and vulnerabilities arising from cyberspace. By strengthening cyber capacity and expertise globally through international collaboration and cooperation, this is a quotation from their mission statement.

Now, in the EU, the issue of financing was raised. I think in the report, the issue of financing was not addressed; it was left open. I think in terms of our own experience that financing has to be linked to two things. One is that it must take into account the model of cyberspace, which is a partnership model between the state and private entities. And if that model is, is adopted and and looked at then in terms of the capacity building portal the financing, should come both from states which can contribute financially as well as from the private sector.

Participants in the proposed portal and the issue of how this can be regulated or governed actually is not such a complicated issue, because if we just look at one of the specialized agencies of the United Nations, the International Labour Organization, they have managed from 1921 onwards to operate a multiple stakeholder governance structure and a person who’s come from there into the United Nations system, Mr.Guy Ryder can be the best guide for the mechanism to advise on how this can be implemented on the ground.

Asoke Mukerji: And finally, there is in the United Nations system, an Office of South-South cooperation. And I think that the portal must get linked with the office of South-South cooperation for two reasons. One is that the office of South-South cooperation actually has available to it the requirements of member states from developing countries, including least developed countries, which would include requirements for cyberspace, for capacity building in cyberspace.

And therefore, there is already an existing platform in the UN system with which this portal can be interfaced. The second is that funding for activities under the office of South-South cooperation is also taking place. There are at least three identifiable funds for South-South cooperation, which can be made available for capacity building in cyberspace.

And this includes the UN fund for South-South cooperation, the Perez Guerrero Trust Fund for South-South cooperation and the India UN Development Fund. So there are three specific funds which are available in addition to funds which are contributed by member states. There is a China fund as well. I know in the UN system, and that also, I’m sure can be made available if there is this interface between the UN’s South-South cooperation platform and the proposed portal. So these are the points I’d like to make. And I thank you once again for your patience in listening to me.

Anastasiya Kazakova: Thank you very much, ambassador, for outlining a really broad agenda already for the future process, and also to giving us references to the other UN processes and bringing in the portal, which was initially the proposal from the Indian delegation. And indeed it seems that was agreed, and the final report, and we need to wait for the final resolution to see how this will be further implemented. I’d like to now turn to you and bring in your experience.

Overall, what do you think about the same question about the different priorities of states and what would be possible to address them in the future process? And if I may add, if the single-track mechanism focuses mainly on implementation, do you think there might be a risk of diplomatic fatigue or loss of ambition? So how could the mechanism stay dynamic over time?

Isaac Morales Tenorio: Thank you. Thank you very much, Anastasia, for giving me the floor. And just let me express my deep gratitude for the organisation of this discussion. It’s a real pleasure to to join my colleagues and, of course very, very timely having this kind of multistakeholder from a multistakeholder platform having this kind of conversations. So congratulations to Diplo to advancing these Efforts.

Let me just begin to to to to try to put on the table the idea, also to see the result coming from the open-ended working group after this year, at least two open-ended working groups and the previous as a result of a layer-by-layer multilateral process. I mean, we had at the very beginning some very precise goals coming from the DG, and then additional topics, additional even mandates and elements were added to the initial process. What we do have now is something more robust. What we do have now is a broader and more comprehensive conversation coming from the process and from the open-ended working group, concretely, and a more delivering or expected to deliver process from this multilateral track. I think this is relevant because, in the end, this is a very concrete multilateral product.

And considering the context and considering the, the the situation of the diplomatic discussions at the UN level, etc., it is relevant, relevant to recognize that having a result having and a consensus result, it is it is also relevant to recognize by saying so I also want to emphasize that perhaps now we we had we, we, we have been advancing what it is called cyber diplomacy, cyber diplomacy in practice when when starting this kind of discussions at the DG level ten years ago as Concretely say just I mean, take focus that we have now ten years with the framework at least with the with the rules, with the norms.

Isaac Morales Tenorio: And if we take into account discussions, those days, this concept of cyber diplomacy was a little, I would say not concrete, but actually, as an aspiration, it was like an aspirational idea. And nowadays, we can say at all levels, even in various small developing countries, that we do have cyber diplomats, and then we do have cyber diplomacy in practice.

And again, I think this is relevant because coming from the multilateral result, we will see this as a general goal of advancing and keep advancing, not only maintaining the framework and the advancements, but actually to push forward. So when we talk about implementation from my point of view and considering this layer-by-layer approach, we need to take into account not only putting into practice what we already have within the different reports, within the different resolutions approved by the General Assembly.

Isaac Morales Tenorio: Concretely, the first committee related to cyber discussions, but actually to implement these aspirational ideas. So keeping the, the, the, the door open to have a global mechanism, then with a plenary session and then thematic groups developing and giving the chance to to maintain the discussions will keep us in the logic of not also implementing the norms, not also implementing the cbms, not only implementing what we already have, but then discovering, advancing, discussing and further going deeper in order to implement what? What I mean.

Could get the consensus in the coming years. I think also from a more procedural consideration, it is relevant to take into account that countries have decided delegations have decided to maintain the consensus formula. Some discussions were in the room. In the room. Considering adopting a future mechanism, the General Assembly rules, which means the possibility of both, nevertheless, it was decided in the end to to maintain as a core element the consensus formula.

And this is again something relevant to to see and to analyse. Because some countries, particularly developing countries, put on the table some very concrete ideas, such as a cyber multilateral fund, cooperation between the International Law Commission and the first committee, some countries put on the table some ideas of new norms or new CBMs, etc. we’re basically dismissed because they, they didn’t receive the, the, the, the echo enough and, and then some discussions taking into account the possibility to have a vote.

Isaac Morales Tenorio: Where, where, where there in the end, keeping in mind the process, the procedures of the consensus formula will bring us to, to a continuation basically of the kind of discussions that we have seen during the open-ended working group, which is not bad, by the way. I mean, it’s the consideration of the minimal understanding, even when we do want and at the level of discussions, we do want to be very aspirational.

We also need to keep to the realistic approaches of the consensus formula. And that is why maybe I mean, if we see the result, the report we we don’t see those mentions, strong mentions that previously had on international humanitarian law, for instance. There was no space for the idea of a checklist of advancements on their rules, which was proposed by the chair of the open-ended working group, by the way.

We see a few elements related to critical infrastructure protection, cross-border infrastructure, which were mentioned during the discussions in a very high detail. And but for me, I mean having all these elements at this stage out from the, from the report means that we can do and we can still discuss them in the, in the future mechanism under the consideration of these thematic groups.

Isaac Morales Tenorio: Also, it’s relevant to answer your question, Anastasia. to implement, we really need to consider real-world challenges and implementation related to those challenges, even when they are very complex elements and situations. We do need to take advantage of the informal arrangements. What I want to say is it’s not only the consideration of having a global mechanism, it’s not only the the global mechanism per se, the formal one, but actually the possibility to still have and to continue to push forward through informal discussions, through side events, through experts meetings, through implementation workshops, through I mean, having the mechanism. It is key.

As I mentioned, it is the result of a concrete multilateral Product to advance the discussion. But all around the mechanism, as we saw with the open-ended working group, were very, very substantive discussions during side events, discussions during expert meetings, not necessarily officially incorporated into the open-ended working group discussions, but on the sides, where very substantive and actually some ideas came from these kinds of informal arrangements, informal, informal discussions. Then to put it on the table, of course, when the element to better delivered to better implement. It will be to have a strong multistakeholder departure point.

Isaac Morales Tenorio: We do know you, you mentioned very well, Anastasia. It has not been adopted yet. I mean, we don’t have the resolution. We expect to have the resolution in the terms that it was, and we approved the report. And then that means that in March next year, to 2026, we will have this discussion, initial discussion, initial session, more on the procedural side, more on the processes and modalities and then the discussions, the intense discussion expected for further discussion on the multistakeholder possibility.

So, as mentioned by me, I do believe that by having a multi-stakeholder departure point, it is key to better deliver, to better implement some of the efforts considered under the Cbms ideas under the norms framework and international capacity building. And it means that we do need the private sector. We do need the service providers.

We do need not only governments, but actually international organizations, academia, etc. so I hope that at least the same level of relevance that other similar processes have put on the idea of taking as a starting point a multistakeholder approach will be there in March next year and there then to to to advance better on the implementation, taking into account this the breaking point. I will let her, and maybe I can get back on some of the points mentioned also by my colleagues. Thank you.

Anastasiya Kazakova: Thank you very much for highlighting this; indeed, it is a new feature in the global mechanisms. This is the possibility for informal discussions. The question is what stakeholders will be able to reorganise themselves and how this will happen. And would it actually amplify, you know, the fragmented discussions and smaller groups with a different pace?

I think that would be really interesting to see how this would be further developed and how this would imply interplay with the key official substantive sessions in the process, whether there was influence or not. That’s really an interesting dynamic that could be a result of this new structure of the future process. I’d like to now to turn to you, Professor Yang, and also ask you how you see the outcomes of the OEWG and the agreement on the future process?

And maybe also to ask, given today’s geopolitical tensions and realities overall, do you see the risk of the mechanism becoming hostage to the rivalries between the great powers and whether you see some possibilities to avoid that?

Fan Yang: Thank you. Thank you, Nastia, for the question. And also thanks to Diplo for having me at this timely event. Just now I was listening very carefully to to my panellists. I come from a different background than they do. So my expertise and my experience are mainly with international legal research related to cyberspace.

So that means we’ve been following closely on the questions like application of existing international law to cyberspace and new treaty negotiation, and also how to come up with the relevant cyber norms. So that means my personal observation and my interpretation of the final report and the envisaged global mechanism are mainly from my international legal background. So this is my international lawyer speaking.

So, I think my answer to Anastasia’s first question is quite straightforward. So, regarding my thoughts on whether the global mechanism will provide sufficient space to accommodate the diverse priorities of states. I’m quite positive about that. So here’s my thought process. Firstly, I think we should either abandon or we should be very careful about the oversimplified narrative, which is quite misleading, that is to distinguish the negotiating states into two camps, say the implementation camp versus the new treaty camp. So if you go to a very nuanced level, you will you will find that most of the states have mixed feelings towards this problem.

Fan Yang: So take China, for example. So, a lot of people think the first impression is that China favours more of a new treaty approach with regard to the negotiations. But if you go to the Chinese official positions in each and every session, including the final session, you’ll find that the Chinese representative delegation will firmly advocate for the implementation of the existing consensus. And on top of that, they are quite open about the future possibility and necessity to include new topics. So that’s the Chinese approach. Moving to the, let’s say, the pan western approach, which is, you know, usually interpreted as the implementation camp.

But I, I find that many Western countries also put emphasis on the new threat that comes to the cyber sphere. So for the past 1 to 2 years, we have constantly heard new concepts like how do we deal with cyber pre-positioning, this sort of activity? So, this kind of act should be distinguished from, like, a cyber-armed attack or cyber espionage. It seems sort of in between these two categories. So how do we make sense of it? Do we perceive this as a new threat? Do we have to discuss and negotiate a specific new norm towards this new threat?

Fan Yang: Right. Also, more and more people talk about AI-related security problems. So this is also an example. So if we all admit that AI security becomes a new threat in the sphere of cyberspace, for example, states can now wage AI empowered cyber operations, which goes to a scale and a speed to an extent we have never seen before. So this means we have to also come up with maybe new norms. So. Right.

So that’s the first point I want to make. No, oversimplified narrative here. And then this leads me to the analysis of implementation and further development. So if we think of this as a diplomatic negotiation, bargaining chips. So both of both of both are bargaining chips. And quite likely they can form or they can function through issue linkage or through a package deal. Right.

So if one group of states has an idea of further implementation of existing norms, and the other group has the idea of further developing new norms, maybe they can come up with a package deal or issue linkage to to push forward the whole process. But of course, which exactly which issue to include in the diplomatic discussion is another problem. It requires a lot of diplomatic Coordination. So, basically, that concludes my quite straightforward analysis to Anastasius’ question.

Fan Yang: And now I’d like to go to maybe one point that our colleague Ashok mentioned in his presentation regarding cyber norms. So because I, I have a slightly different personal viewpoints here. So instead of you know, allocating for a timely review of the established norms, I think what’s needed here is to push forward the implementation of these norms because the, the most important lessons, as I see it from from the past 20 years of cyber diplomacy, is what I, and perhaps many others, would call the ratchet principle. So ratchet is a tool that only moves forward. It locks in place and prevents backsliding.

So I think we should we should stick to this guidance strategy. If we apply this guidance strategy to cyber norms, it means that we keep our consensus on the 11 established cyber norms. And we, we encourage states to implement those norms. But, you know, we should also allow them an extent of flexibility because different states, they have they have different realities to face. So they have different capacities. So basically, that’s also one of the Chinese official positions, which I personally endorse. So, so that’s one point I want to share before I. Conclude my presentation for this round. Anastasiya.

Anastasiya Kazakova: Thank you very much. Professor Yang. I think that’s really helpful as well. Also, for highlighting the threats. I think the threat actions at the last session were indeed one of the longest sections that we had looked at and tried to analyse. And it was really interesting whether the fact that the states highlight new threats would actually pivot to new rules and the discussion of new rules, new rules or new norms, that’s the big question.

But thank you also for highlighting this. Definitely. We see that different angles and perspectives have already been highlighted by all three speakers. I think that’s getting a really interesting discussion before we move into round two. Maybe we could also bring the results to this, to this screen.

Let’s see how you all actually voted. So the majority of people voted for stronger global rules and commitments from states. Interesting that nobody picked the other section. But I guess that those who had a different view already shared it with us in the chat. I see that a lot’s going on, and also a lot of thanks a lot for sharing the summary of the speakers. Inputs. That’s very, very helpful.

Anastasiya Kazakova: Please also and Professor Janicek whether you could also elaborate and add more, I think that’s really helpful to better understand the different perspectives here. I’d like to move now to round two and again get back to you, Ambassador Mukherjee. Also, Ashok, if you would also like to reflect on the inputs from Isaac and Professor Young and also on the vote. Please, please do so.

But my question, the main question, would be that I think there have been a lot of discussions about the OEWG format’s success to balancing different voices from the global North and global South. The question is, how do you think the future mechanism could do better in this regard? And what could be better to ensure smaller states, especially those with limited cyber capacities, have a real voice in the new mechanism, especially, as Isaac mentioned, that it is highly likely to be a highly multi-stakeholder discussion with a lot of informal processes taking place. And evidently, not each small estate has a big team of negotiators to be involved everywhere. So I think that can be really challenging for such states.

Asoke Mukerji: Well, yeah. Thank you. And it was a real pleasure to listen to Isaac and Second to Professor Feynman. Thank you for your perspectives. I keep getting educated constantly on this subject. Listening to you all in terms of I agree with Professor Yang that it’s a mixed response on the ground. It was our experience that even when we did the first ten-year review of the Tunis Agenda in 2015, when there was a huge controversy over how the internet is governed, and there were two camps: one was the multiple stakeholder camp, and the other was the multilateral or state-dominated camp.

But you remember at the end, 3:00 in the morning, we arrived at a compromise in which we put both of them into one sentence, which actually shows the reality on the ground that the governance of the internet is both multiple stakeholders and multilateral. That was the formulation of 2015. Now, I mentioned this because a lot of the issues that we are talking about today will also come up in the second ten-year review of the Tunis Agenda, which is due this year.

Everybody seems to have put that off their radar screen. I don’t see much literature on that, but I do hope that the process is under way and that we are going to address some of these issues, which have been mentioned by the other speakers in the context of the Tunis agenda, because it’s a while the mechanism and the OEWG are from 2015 onwards the broader framework of why is there a global multilateral interest in cyberspace goes back to 2003 and 2005 to Geneva and Tunis. And what we do and what we want to do is as much influenced by what we agree on in the review of the Tunis Agenda as by what we do in the new permanent mechanism.

Asoke Mukerji: We cannot separate the two. They are part of an integrated framework. And I mention it because if you remember the first resolution in the General Assembly in 1998 on securing cyberspace, the focus was on the human dimension. It is my fear, as I listen to various people and read various bits of literature on cybersecurity, that we have moved to a bit too far away from the human dimension.

And in the chat, I see some of the specific examples that have been thrown up. And I agree with them on how to deal with real-life issues which are impacted by digital technologies? And it’s not only article 51 and you know how to respond to threats, but also how do we use these technologies in a human-centric manner? And I think that this is something that I would hope the global community, which meets in a multiple stakeholder format, the Internet Governance Forum, which was also extended in 2015 for ten years.

The Tunis Agenda review that this will all come together, that we are not going to deal with a fractured new child born in 2025, in the permanent mechanism. And forget the parents who are the Tunis agenda and the work that went on before the permanent mechanism was created. And I say this also because of the you know, when we teach courses on cyber diplomacy, there is a lot of interest in developing country students and participants on how to respond to the challenges they face in a world in which the new technologies dominate our lives.

Asoke Mukerji: I mean, there is today in many countries I know in my country, in India, we are now completely dependent on our biometric digital identities for everything. If we don’t have that, we don’t exist. So, you know, this is something that needs to be kept in sight of the human-centric dimension of this work that we are doing.

I like Isaac’s reference to the availability of meeting spaces. And this is something that we need to actually you know, those of us who can encourage more such meeting spaces without the formal framework of a OEWG or a process in which delegates are coming and are sort of interacting, but always aware that what they say may lock them in their countries and their entities in two positions which they may not be able to sustain.

So, how do we have an open-ended informal meeting space? I think that’s something that’s important to consider. The global conferences did provide that. I mean, those of us who participated, we remember from London to the call to Budapest to The Hague, and then to New Delhi after New Delhi, there’s been nothing. So, can we revive a new kind of global conversation on cyberspace at a time when cyber technologies and digital technologies are getting weaponised? You know, that’s the other side of the picture that a lot of us are using these technologies for our human-centric activities. But we are also aware that these technologies are getting weaponised.

Asoke Mukerji: And how do we sort of find a balance between these two, you know, in the recent Shanghai Cooperation Summit in Tianjin? It was interesting because we are a party to the final declaration, as a member state of the SEO. And there is a commitment to continued development on a voluntary basis within the UN of universally accepted rules for cybersecurity. So it’s not that people have pushed to one or the other option.

There is a there’s a commitment to a continued process. And I think that this continued process needs to also bring in the bodies which are right now outside. I hope the mechanism will find a way through the informal format that Isaac mentioned of bringing the Human Rights Council, bringing the Economic and Social Council, bringing those people in, because without them, this discussion is going to go only into the weaponisation of technologies. We are not going to get into the human dimension at all. So this is something that is important.

And the final point is the legal issues which are related to the international law discussion; we must include the Sixth Committee, the Legal Committee, and the people. When we negotiated the UN charter, we had the International Committee of Jurists, and they went through every provision that was negotiated by the states. The member states were put to these jurists, and then it came back to become the final provision of the UN charter. So if this mechanism is going to work on how international law applies to cyberspace, we should have a way of bringing those specialists into this process. Thank you.

Anastasiya Kazakova: Thank you very much. Ashok. About the legal committee. That was a really interesting outcome of the OEWG, that the separate thematic group on international law was not agreed on. It was probably really an expectation from many stakeholders that such a committee or such a thematic group where stakeholders, especially international law experts from various countries, could help to move the discussions, really complicated discussions, forward.

So let’s see, maybe that could still be a part of one of those thematic groups. Thank you so much for highlighting this. To sort of sites between the weaponization of cyber technologies and still the necessity and the aspiration of many to see how the first committee process and the other processes in the UN and cyber could help to amplify the opportunities from cyber positive opportunities for many people, from many communities and for those who are not really involved in cyber diplomacy, that might be really interesting and unusual. To understand how the first committee probably narrowly deals with the state behaviour, why there are so many multifaceted and interconnected issues.

But that’s also an open question. Let’s see how the final resolution would formulate the mandate for the global mechanism. I’d like to now turn to Professor Young and ask about the modalities they call the modalities. Because that was also one of the difficult topics. Many stakeholders felt frustrated. And specifically, yesterday there was an interesting meeting organised by Canada.

And it was an opportunity to hear really different views. Some stakeholders were quite positive that the new mechanism could really lead through the informal sessions, while other stakeholders were a bit frustrated that, essentially, substantively, the global mechanism doesn’t really change in terms of multi-stakeholder participation. So I wonder how you see this picture, and whether you see a way to to actually allow non-statistical, there has been more meaningfully integrated into this global mechanism in the future.

Fan Yang: Okay. Thank you for the second round of questions. Again, my very simple and straightforward answer to this question is, I think it makes sense that the GM inherits the modality that was used by the OEWG period. So to explain this, I also want to start from the initial debates between multistakeholderism and multilateralism, which I showcased just now, and also mentioned, so because of this, I would say, is almost one of the first generation cyber debates in both China and the international arena.

So the Chinese view and probably also my personal view, is that if we are discussing high politics issues related to state sovereignty, security, probably we. Probably, these kinds of issues are better left in the hands of the sovereign states. But we also admit that cyber is a very complex and tech-reliant area. So this means for other issues like the management of internet resources, for example and also the development of new technical protocols. These kinds of issues could be left to the hands of the private sector, adopting the multilateral, multistakeholder approach.

But in the track of a negotiation, we see that they’ve managed to strike a balance there. Right. So although this, this track of cyber diplomacy, diplomatic dialogue is addressing a high politics issue. So, that’s why it is under the auspices of the first committee of the UNGA, which deals with international peace and security. But we also admit that to address this, these issues in a sensible way, in a, in a fully informed way, we also need to learn from the wisdom and the experience of private sectors. So I believe that’s, that’s like the ultimate rationale to include Multi-stakeholder in the UNGA First Committee cyber dialogue.

Fan Yang: Because we’re not discussing, you know, low politics issues. Right. So I want to emphasise this again. And to prove my point, you can also maybe compare the inclusion of non-state actors in other international forums related to cyber issues, like the cybercrime convention negotiation under the Third Committee of the UNGA. So they’ve adopted a slightly different approach of multistakeholderism, with this rationale being explained.

So, I think it is quite blatant that for the global mechanism to continue the dialogue on high politics issues related to cybersecurity. I think the current modality is still the most balanced. With this being said, I think we can also figure out maybe nuanced ways to improve the efficacy of the involvement of non-state actors. Right. So I believe I once heard from one of my cyber diplomat colleagues, he he he he told me that in one of the sessions, he, he witnessed that there were occasions that non-state actors abused the opportunity to, you know, address the session in the, in the formal sessions.

So, like this, this is like a loophole that we should patch. Maybe we need to come up with a more useful mechanism to bring in non-state parties, and the role of non-state parties is also closely related to the topics that are addressed in the future global mechanism.

To my mind, I think that the analysis on cyber threats and probably capacity building, these two pillars, should rely more on the contribution from non-state parties because these two have much to do with the technical capability, which is monopolised to a large extent by the tech sector. So, I think I’ll end my sharing here. Thank you. Nastya.

Anastasiya Kazakova: Thank you very much. Professor Jung. Is that the same question to you as well about the stakeholder participation? Maybe you could also bring in the perspective of what the regional organisations can be, those who would provide the space for also parallel meaningful participation of the stakeholders, because we heard that some of the countries within the OWG have repeatedly highlighted the positive effect of the regional organisations.

Isaac Morales Tenorio: Thank you. And thank you to the comments made by my colleagues. Actually, I will elaborate on some of the points that they have mentioned in order to build upon. And first, just let me say that my view is that the global mechanism will also be an enabler. An enabler, at least in three categories, one and very, very visible.

As you mentioned, Nestea enabler of regional advancements. I mean, once you have these multilateral-level discussions, then you take some homework from these discussions and these advancements at the UN level to be implemented at the regional level. Also, the more you engage in a diplomatic understanding, the more you engage in the UN level diplomatic considerations, discussions through a global mechanism, the better it is to come back and a foreign policy, national foreign policy view, than to implement through other ways. If you cannot advance through the global mechanism, then regional organisations have been enabled by previous discussions, both and open-ended working group, even when they are not mandated.

I mean, it is not necessarily perhaps to have the global mechanism mandating or suggesting some mandates to the regional organisations, but actually, countries’ delegations, the regions, the regional groups deciding then to advance some elements that they cannot advance clearly at the global mechanism, then through the regional organisations.

And I do believe we have relevant experiences of this formula with the recent open-ended working group, for instance, a very close region to me, the Latin American region and the Americas region through the OAS, the Organisation of American States, where it was possible to advance concrete development of Cbms.

Isaac Morales Tenorio: Some CBMS were initially proposed or discussed at the UN level in the open-ended working group, but then approved only through the regional challenge. One of these, for instance, is the possibility to bringing junior diplomats and incorporating cyber diplomacy into the whole diplomatic training. And it has been advancing through the regional challenge. So this is, this is the first possibility of the global mechanism to be enabled.

The second element, I do believe that a global mechanism could be this enabler, which is on the first committee’s mandate. It is relevant to mention, by the way, that it was decided I mean, in terms of the report to maintain this global mechanism, not at, at, at other level, but under the first committee framework, this is relevant because then we do have the possibility to continue our work, our discussions at the UN level on peace and security related all related to cyber and this is this is particularly relevant when we see the global mechanism, not in isolation, in isolation.

And I will build upon what Asoka mentioned regarding, for instance, the global conferences, the, the the the the, the, the, the, the information society, global conferences or the internet, Global Forum, etc., etc. because then we have the possibility to identify what has been happening, which is a lot in other, in other, in other discussions, particularly for me, it will be relevant for the next mechanism to take into account the, the, the very substantive discussions that have been organized by the UN Security Council in recent years.

Isaac Morales Tenorio: We have had some thematic discussions or Arria Formula discussions at the UN Security Council level, where some elements have been delivered, and some experiences have been shared that can then be accommodated into the discussions of the future global mechanism. And we can also see the same in order to try not to see the global mechanism in isolation, but to consider the advancements of the second Committee and ICTs for development, particularly where some arrangements regarding the participation of a multistakeholder approach, etc., have been made.

And of course, the very visible new convention coming from the Committee as an element also to provide or to promote a cross-cutting understanding of such element, such elements and threats, for instance, the ransomware, the intense discussions about ransomware, both at the open ended working group level, and that then at the committee level at the future convention because it was it was decided then not to include at this stage the very concrete elements to threats that not that doesn’t mean that we cannot incorporate it in into the general discussions. And of course, also to take into account the new AI Forum and Expert Advisory Group. I mean, this recent General Assembly approved resolution creating a global forum that will be working year by year and and and to support an expert advisory group.

Isaac Morales Tenorio: So, creating synergies is also always a goal for all the cyber processes. Nevertheless, even when synergies may be possible to create in a realistic manner, because of the concrete mandates, etc.. And the territorialised bodies at the UN level at least take into account what the discussions are taking form in each of them. It is a responsibility of the delegations. It is a responsibility of the Secretariat and it is a such responsibility of multistakeholder interested to participate, to take into account this whole approach, then to see what exactly if I’m if I’m discussing and advancing, for instance, ransomware decisions or incident response decision in second committee and third committee, then perhaps I do need to be more specific and more strategic.

And what exactly I want to discuss under the first committee mandate, which will be the global mechanism. I do believe that very sensitive issues such as international law attribution that has been mentioned are not right there with a, with a with a formula of of a group. I mean, we don’t have this international law group working group under the global mechanism. But that, again, doesn’t mean that we cannot discuss these very sensitive and core issues through this first committee mandate. Actually, it will be the correct forum. It is a pending question to respond to. But at least it will be then the possibility to advance.

Anastasiya Kazakova: Thank you very much. Isaac. Also, actually highlights a practical way forward for those who are involved in cyber diplomacy. And we see with this global mechanism, cyber diplomacy really becomes very much mature and complex in terms of the structure, how different dynamics may unfold. And for those who are involved from both state and non-state actors, it just it would imply actually more necessity to develop the necessary skills and expertise.

But definitely, thank you so much for highlighting this practical way forward. I think it sounds good for me, as I hear it sounds very much practical and positive that there’s a lot of work, and it’s the way to essentially to continue the dialogue, which is really important, especially today. I’d like to bring Vlada to help us summarise the discussions going on in the chat, because I see a lot of really interesting questions and topics. So a lot of if you could help us as well.

Vladimir Radunovic: It’s not going to be easy, but trying to run briefly to a couple of points that were raised initially, in the discussion about the need to have practical tools for cooperation, incident response. One of the options in the poll particularly helping developing countries and probably not only to learn on what are the optimal ways for cooperation and interdependence among various actors. Then the concern of the dominance of big tech influence in the whole process and negotiations of cybersecurity.

Then we had a very interesting emphasis on the issue of attribution as a key obstacle to anything and everything when it comes to implementation of the rules, and not only cyber, but probably also in the AI context and so on. So what do we do with the attribution? There were discussions about the global portal, mainly supporting, but also how to integrate other existing portals, by the multistakeholder community and then the finances for that, including for capacity building, which are lacking.

And as one of the participants also mentioned, there was no agreement on establishing the funding mechanism. There were comments about cyber norms that are basically the only agreed-upon set of rules and should be protected by all means as a common ground, and shouldn’t be scrapped, because that would lead to a disaster.

There was a comment that the final report does not mention the involvement of the International Legal Commission in international law discussions. And the final one is again, an emphasis on the role of regional organisations, which may actually unite the fragmented positions and help reach a consensus. I’ll stop there and get back to you.

Anastasiya Kazakova: Thank you so much. Thank you so much. Indeed. I also personally, like someone said in the chat, that big security headache isn’t a malware but a diplomatic folk. I think that’s really nicely said. My my provoke others to agree or disagree. But anyway, thank you so much as well. And I’d like at this stage to also invite Katherine Getao again. Many of you may know Catherine very well. She is a cyber diplomacy expert and former head of the ICT authority in Kenya, and formerly a representative of Kenya in the Group of Governmental Experts and one of the knowledgeable experts in this field. So, Catherine, over to you, maybe to share some reflections and comments, and maybe to provoke us further.

Katherine Getao: Thank you very much, Anastasia. And it’s really a pleasure to be here and to see old friends and new, a very, very rich discussion. I almost want to step back and just say. I just want to reflect on all the things that Ashok, Isac, Professor Young and you have said because they’re very thought-provoking. I will start with the questions that were in the Menti poll.

And I usually don’t think of them as separate things, but as things that are part of this successful solution that we’re all looking for. Good rules. Yes, but if there are no practical tools for making them a reality in every country, they might just remain on the shelf. And the inclusion of the private sector and stakeholders. I was checking some statistics, and I saw that four out of five people in the world live in developing countries, and two-thirds of the world’s population has access to the internet. And interestingly this is about the same number as have or the same proportion that have access to clean water or nutritious food. So this is a basic, and it’s something that is touching the majority of the world’s population in their homes, in their offices, in their school settings.

And therefore, I can see why many people feel that it cannot be just the states that are talking about this. And indeed, I remember very well that during the 20 1617 session of the United Nations Group of Governmental Experts, it was actually where the idea of the open-ended working group was born, and it came from a desire that more of the world’s states should participate in this process.

Katherine Getao: And more stakeholders should have a voice. And I think it’s been at least much more successful than the UN in this, as you know, because I remember this is the main question as I walked around that people used to sort of collar me and just say, you know what’s going on there? It seems to be a very exclusive group.

I don’t see that as much. Countries are participating. They’re actually investing in being able to participate in the AU, and other stakeholders are speaking out. But of course, any process that becomes larger also becomes messier. However, the success of the UAW in coming up with reports and direction for the future shows that even in this messier environment, where more people and more types of stakeholders have a voice, more states have a voice.

We do get commonalities that help us to move forward. Now, I’d say the other thing I noticed from the graph is that, you know, most people chose the rules as being the priority. And that’s another question which often comes up, you know, norms are too weak, like a Toothless dog is just barking.

Katherine Getao: But everybody knows it can’t really do anything. If push comes to shove. But I believe that gnomes are about forming a common culture, and it’s extraordinary that so many states have agreed that these 11 simple points of culture are things that we can all agree on, and which can guide our behaviour and identify or reveal our misbehaviour.

So this is very important, and I believe even strong rules are built on a foundation of good culture, which people believe in. Indeed, we are seeing around the world attention between rules and culture. We’ve seen it in very strong developed countries like the US and smaller countries like Kenya. And I’d asked myself, you know, how the rules came about, where people don’t really seem to accept those rules, and they want to push against them.

So I think culture and rules should not only coexist, but the best rules are consistent with culture. So I’ll stop there because I don’t want to take up the time. I know there are many people who want to speak, but I do want to thank the panellists and also colleagues for a very rich and timely discussion and something that I hope will continue. Because culture is not only built in meeting rooms, it’s also built in informal settings through artefacts and through respect for one another and frequent discussion. Thank you so much.

Anastasiya Kazakova: Thank you so much, Catherine. Someone sent the heart, and I would join here. Thank you so much for the wisdom indeed, reminding us that 198 countries from the UN managed to agree on these 11 norms. It is really an important achievement. And it reflects how really diverse different views are. But anyway, these 11 norms somehow set the expectations for this culture. And definitely, implementation goes on and has its own national and regional specificities.

So, a global mechanism will probably help us to learn more about how different countries approach us. Approach the implementation. We are running out of time to close the session. So my final question would be to all three speakers. Finally, looking ahead briefly, what would be your main sort of advice for the next phase of the UN negotiations, cyber negotiations to deliver meaningful and tangible results? So if possible, in a very brief answer, I would start with a shock first, and then we’ll turn to Isaac and Professor Young. So, ambassador, please.

Asoke Mukerji: Well, I think in the mechanism and the process, we need to maintain the spirit with which the final report came out, which means that we all compromised, in a certain sense, to take this process forward. That’s going to be very important at a time when international relations are facing a lot of challenges.

And this will be like a ray of light that these 193 countries, as you mentioned, can come together and take this process forward. I think that implementing and showing to people that this work is directly related to their daily lives is going to be one of the biggest challenges and also the biggest opportunities for this mechanism, because it shouldn’t be seen as a UN talk shop, which has no impact on people’s lives. And that’s why the multiple stakeholder dimension is so important.

And I think that a little bit of work has to be done to make the multiple stakeholders who are non-governmental entities actually speak more in their own countries, in their own states, about this work that is being done. There is very little that comes out in a large number of countries, and people are only dependent and reliant on what is put out by the United Nations. That should not be the only source of information, and it should be an interactive process, because I think the time has come for multiple stakeholders who are not government entities, to also take some of the responsibility for creating a positive outcome of this one. Thank you.

Anastasiya Kazakova: Thank you so much. Ashok. Yes, sir.

Isaac Morales Tenorio: Thank you very much for the question. And thanks all for the elements. Put it on the table. Actually I will, I will, I will imagine at least three recommendations or three ideas for the, for, for, for trying to get more successful results and or to continue at least with, with with the results that we have have layer by layer in this year with the open ended working group for the new global mechanism, I believe the first recommendation will be to consider the possibility to have guidelines, style deliverables. I mean, not only policy level strategic very strategic level reports basically reporting what the discussions were and came etc., but actually guidelines types like giving giving are and making visible some practical recommendations.

That will be the very first recommendation, because we need to address this expectation of transitioning from a very policy to a more practical deliverable, and that was very present in the whole discussions of the future mechanism. And we do need to attend it. The second idea is more procedural, perhaps taking into account previous experiences to think about supportive countries, to the chair, to the future, and to the future as a governing body to imagine the possibility of having supportive countries or delegations.

Isaac Morales Tenorio: This can be developed in a very informal way, as it was during the last open-ended working group discussions, where some countries just raised their hands and mentioned I do want to help. In order to try to get a consensus on a particular issue. This idea will be continued in a more continuous way. It will be great then, because the appropriation of the delegations and concrete stakeholders of some topics is relevant for the process, because it will not be the future chairs’ process, but actually the whole delegation supportive delegations process.

And the final element is, is basically to to insist and to and to concretely recommend to look at other processes, what the discussions are taking form in the other fora, what the discussions are taking for at the regional level, then to be more strategic on what specifics we can advance Bands at the first committee mandate. Global mechanism. That will be the elements. Thank you.

Anastasiya Kazakova: Thank you very much. And, Professor Yang, please.

Fan Yang: Thank you, Nazia, for this final opportunity to share my perspective. So the first very general advice I have is that maybe we can use more realism and patience with what we expect to achieve with the future global mechanism. So by this, I mean if we look at, for example, the maybe not very appropriate example, but I’ll use it anyway. So the example of regulating nuclear weapons, not in the sense of arms control or disarmament, but in the sense of applying international law to to this particular weapon.

So it’s almost 40 years before the authoritative juridical body of the international society, namely the ICJ, issued an advisory opinion on the application of international law to nuclear weapons. That is in the year 1996. So now we’re talking about regulating cyberspace, regulating state behaviour in cyberspace. And it’s only like 20 years. So, maybe we need, you know, to give the process some time. And this helps to maybe reduce some of our idealism or some of our inappropriate passion about seeking a maybe premature legal precision, so that that is like the overall general recommendation. And in addition, I have two, maybe more concrete recommendations, both again, related to the international law aspect.

So first, from my own experience, I think it’s very important for us all and especially for the global mechanism to find a way to deepen our understanding of the nature of state behaviour in cyberspace and also to understand the harm this sort of behaviour inflicts. If again, if you look at the past 20 years, our understanding of these two things is developing, is evolving. But I think we can still use more energy and devotion to to this topic. Otherwise, you know, a lot of discussion or debate will be caught in a situation where, like the victim, potentially victim states, they, they, they have, you know, the potential to exaggerate the harm that cyber operations inflict, while the allegedly perpetrating states, they will find a way to, you know, argue otherwise.

Fan Yang: So, but that’s my first concrete recommendation. The second recommendation is that, in addition to discussing what international law applies, how this international law applies, I think we could also benefit from a detailed discussion on how we, as responsible states, should go about applying the law. How should we make a case as per international law? I mean, is there a common framework that we can go to? Because this is quite important. It can if we have a consensus on that framework; it can benefit us all, even if we still have different understandings on the substantive level of the legal obligations.

Right? I mean, we have to admit that even if we live in a perfectly legalised world, we have a lot of detailed international laws regulating state behaviour in cyberspace. We would still find legal disputes in front of international courts. Right. Where one party argues this way and the other party argues differently. So that is the question the Substantive discussion of international law cannot solve. It’s a result that it cannot deliver. But we can go look at the framework, for example. The framework could include steps. Steps like maybe a factual assessment and attribution, standard legal characterisation of the act and the harm, review of available response options, things like this. So it gives us another new set of reference points, helping us to, you know, try to make a case as per international law. So these are the two of my two concrete recommendations. Thank you.

Anastasiya Kazakova: Thank you so much. I would echo indeed, this is an interesting combination of calls for rules and stronger commitments, but at some point, a lack of a deeper and deeper understanding of what actually states and non-state actors do in cyberspace, and the lack of universal, at least access to the actual activities there and overall understanding of harms, as you highlighted. So hopefully the global mechanism could be the place where this deeper understanding could be developed and shared more widely, and also with the help of the stakeholders who actually have access to the technologies and infrastructure. I’d like to conclude at this point and just to highlight that it’s not the stop that is not the end, of course, it’s the continuing conversation.

Today’s session hopefully helps you as well to look forward with more clarity and ideas. It certainly helped me to get more educated. As Ambassador Mukherjee highlighted, it’s always a pleasure to learn from other experts, and thank you very much to all our speakers and participants. Unfortunately, we had a lot of really interesting comments and we didn’t have the time to to actually focus on each of those comments and questions. So we will prepare the report with the help of our AI, AI, AI tools.

And that would be really quickly. And we will share this with everyone, as well as this recording. Please follow the updates from the digital watch on the global mechanism and also the developments from the resolution later this year and on the Geneva dialogue for those also coming from the private sector and civil society who are interested in a more practical implementation. So thank you again for joining us, and we look forward to continuing this dialogue in the months ahead and wish you a really good rest of the day.