Agenda item 5: discussions on substantive issues contained inparagraph 1 of General Assembly resolution 75/240 (continued)/ part 2

Summary

This discussion represents the continuation of the first reading of the final report from the Open-Ended Working Group (OEWG) on cybersecurity, focusing on sections A through F covering norms, international law, confidence-building measures, and capacity building. The Chair opened by announcing they would hear comments from multiple countries on these critical sections before moving to regular institutional dialogue later.

France began by emphasizing the need to strengthen implementation of existing 11 cybersecurity norms rather than developing new ones, requesting deletion of certain paragraphs that overemphasize new norm development. The United States strongly supported this position, arguing the report doesn’t reflect good faith efforts and places undue emphasis on elaborating additional norms when no consensus exists for such development. Multiple countries including Estonia, New Zealand, and Canada echoed concerns about premature focus on new norms before properly implementing existing frameworks.

On international law, several delegations stressed that existing international law, including the UN Charter and International Humanitarian Law, applies to cyberspace. There was significant discussion about whether to include references to IHL application in armed conflicts, with countries like Mexico, Switzerland, and Luxembourg advocating for stronger humanitarian protections in cyber operations. However, some delegations objected to automatic IHL applicability, creating tension around this issue.

Regarding confidence-building measures, countries generally supported the Global Points of Contact Directory but emphasized focusing on implementing existing eight measures rather than developing new ones. The capacity building section generated extensive discussion, with developing countries strongly supporting UN-sponsored fellowship programs and voluntary funds, while some developed nations expressed concerns about duplication and fiscal constraints under UN budget limitations.

The Chair repeatedly urged brevity due to time constraints, noting 40 speakers were registered and emphasizing the need to reach regular institutional dialogue discussions to inform the next revision of the report for achieving consensus.

Keypoints

**Overall Purpose/Goal:**

This is a formal UN Open-Ended Working Group (OEWG) session focused on reviewing and reaching consensus on the final report regarding ICT security in international contexts. The Chair is guiding delegations through sections A-F of REV.1 of the final report, with the goal of gathering feedback to produce REV.2 and ultimately achieve consensus before transitioning to a future permanent mechanism.

**Major Discussion Points:**

– **Norms Implementation vs. New Norms Development**: Significant debate over whether to prioritize implementing the existing 11 consensus norms of responsible state behavior or to develop additional new norms. Many delegations (France, US, Estonia, New Zealand) called for deletion of paragraphs 34R and 36 that emphasize new norm development, arguing it’s premature without consensus and would burden states.

– **International Law Application in Cyberspace**: Extensive discussion on how existing international law, particularly International Humanitarian Law (IHL), applies to cyber activities. Key tensions around paragraph 41’s reference to legally binding obligations and whether IHL automatically applies in cyberspace, with some delegations supporting explicit IHL language while others resist.

– **Capacity Building Structure and Funding**: Debate over proposed UN capacity building initiatives including a Global ICT Security Portal, UN Voluntary Fund, and Cyber Resilience Academy. Concerns raised about duplication of existing programs, fiscal constraints under UN80, and whether the UN should play an operational vs. coordinating role.

– **Confidence Building Measures (CBMs) Implementation**: Focus on operationalizing the Global Points of Contact Directory and conducting simulation exercises, with discussions about templates, hybrid formats, and whether to develop new CBMs or concentrate on implementing the existing eight agreed measures.

– **Procedural Concerns and Time Management**: The Chair repeatedly urged delegations to be more concise and telegraphic in their statements, expressing concern about covering all agenda items including the crucial Regular Institutional Dialogue section scheduled for the afternoon.

**Overall Tone:**

The discussion maintained a diplomatic and professional tone throughout, though there was underlying tension regarding substantive disagreements on key issues. The Chair showed increasing urgency and mild frustration about time management, repeatedly asking for brevity while remaining respectful. Delegations generally showed flexibility and willingness to compromise, with many expressing alignment with group positions while adding specific national concerns. The tone became more focused and efficient toward the end as the Chair’s time warnings took effect.

Speakers

Based on the transcript, here are the speakers who participated in the discussion:

**Speakers from the provided list:**

– Chair – Role: Chair of the Open-Ended Working Group (OEWG), from Singapore

– France – Representative/delegation speaking on behalf of France, aligns with European Union positions

– United States – Representative/delegation speaking on behalf of the United States

– Singapore – Representative/delegation speaking on behalf of Singapore

– Sierra Leone – Representative/delegation speaking on behalf of Sierra Leone

– Estonia – Representative/delegation speaking on behalf of Estonia, aligns with European Union

– New Zealand – Representative/delegation speaking on behalf of New Zealand

– Brazil – Representative/delegation speaking on behalf of Brazil

– Venezuela – Representative/delegation speaking on behalf of Venezuela (Bolivarian Republic of Venezuela), aligns with like-minded countries group

– European Union – Representative speaking on behalf of the European Union and its 27 member states plus additional aligned countries (37 states total)

– Malaysia – Representative speaking on behalf of Association of Southeast Asian Nations (ASEAN)

– Nigeria – Representative speaking on behalf of the African Group

– Ghana – Representative speaking on behalf of the Open Informal Cross-Regional Group of the OEWG Confidence Builders

– Canada – Representative/delegation speaking on behalf of Canada

– Algeria – Representative/delegation speaking on behalf of Algeria, aligns with African Group

– Poland – Representative/delegation speaking on behalf of Poland, aligns with European Union

– Egypt – Representative/delegation speaking on behalf of Egypt

– Israel – Representative/delegation speaking on behalf of Israel

– Thailand – Representative/delegation speaking on behalf of Thailand

– China – Representative/delegation speaking on behalf of China

– Papua New Guinea – Representative/delegation speaking on behalf of Papua New Guinea

– Fiji – Representative speaking on behalf of the Pacific Islands Forum

– Japan – Representative/delegation speaking on behalf of Japan

– Vanuatu – Representative/delegation speaking on behalf of Vanuatu, aligns with Pacific Islands Forum

– Malawi – Representative/delegation speaking on behalf of Malawi (Republic of Malawi)

– Islamic Republic of Iran – Representative/delegation speaking on behalf of Islamic Republic of Iran

– Mozambique – Representative/delegation speaking on behalf of Mozambique, aligns with African Group

– Indonesia – Representative/delegation speaking on behalf of Indonesia, aligns with ASEAN

– Russian Federation – Representative/delegation speaking on behalf of Russian Federation

**Additional speakers:**

– Mexico – Representative speaking on behalf of Mexico as co-chair of the ICT workstream (along with Luxembourg and Switzerland) under the Global Initiative to Galvanize Political Commitment for International Humanitarian Law

# Comprehensive Report: Open-Ended Working Group on Cybersecurity – First Reading of Final Report (Sections A-F)

## Executive Summary

This report documents a session of the United Nations Open-Ended Working Group (OEWG) on cybersecurity, focusing on the first reading of REV.1 of the final report covering sections A through F, which address norms, international law, confidence-building measures, and capacity building. The session, chaired by Singapore, featured interventions from numerous countries and regional groups reviewing the draft text with the goal of achieving consensus before transitioning to a future permanent mechanism.

The discussion revealed significant divisions between states emphasizing implementation of existing cybersecurity frameworks versus those supporting parallel development of new norms and mechanisms. Key areas of disagreement included the scope of future norms development, the application of international humanitarian law in cyberspace, and the appropriate role of the United Nations in capacity building initiatives.

## Opening and Procedural Framework

The Chair opened the session by announcing that delegations would provide comments on sections A through F of REV.1 of the final report before proceeding to discussions on Section G (Regular Institutional Dialogue) at 3 PM. With 40 speakers registered, the Chair repeatedly emphasized the need for brevity and focused comments on specific textual issues rather than general statements, expressing concern about covering all agenda items within the allocated timeframe.

The Chair’s interventions became increasingly direct throughout the session, at one point noting that delegates seemed to “love the OEWG so much” that they were making general statements rather than focusing on specific amendments to the text.

## Norms Development and Implementation: Competing Approaches

### Focus on Implementation of Existing Norms

France led countries arguing for prioritizing implementation of the existing 11 consensus norms of responsible state behaviour over developing new ones. France, aligning with EU statements, specifically requested deletion of paragraphs 34R and 36, which emphasize the development of additional norms, arguing that the focus should be on strengthening implementation rather than expanding the normative framework.

The United States provided strong support for this position, stating that “the norms section of the report does not reflect a good faith effort to accurately reflect the conversation of the OEWG over the past four years” and “places undue emphasis on the elaboration of new norms in the future at the expense of the fulsome discussions that took place on the implementation of the existing consensus norms.”

Estonia, Canada, New Zealand, and Israel echoed these concerns, with Estonia noting that “the existing norms constitute a comprehensive framework” and that priority should be given to implementation with capacity building support. Canada specifically suggested that discussions should be “action-oriented” rather than focused on theoretical expansion of normative frameworks.

### Support for Parallel Development

Singapore and Indonesia represented a different perspective, arguing that implementation of existing norms and discussion of new norms should not be mutually exclusive. Singapore advocated for an “incremental approach” that would allow for both implementation and parallel consideration of additional norms where necessary to address evolving cyber threats.

Indonesia emphasized the role of regional mechanisms in advancing norms discussions, suggesting that regional organizations could serve as platforms for developing and testing new normative approaches.

### Convergence on Implementation Tools

Despite disagreements about new norms development, there was strong consensus on the value of practical implementation tools. Multiple speakers, including France, Thailand, Singapore, and Estonia, supported the voluntary checklist of practical actions for implementing existing norms as an important step forward in operationalizing consensus agreements.

## International Law Application in Cyberspace

### Support for International Humanitarian Law Application

The application of international law, particularly International Humanitarian Law (IHL), in cyberspace generated extensive discussion. Poland, Mexico (speaking on behalf of Luxembourg, Mexico, and Switzerland), and Canada strongly advocated for explicit confirmation that IHL applies to cyberspace.

Mexico stated that “cyberspace is not a lawless space, whether in peace or in war” and emphasized that “the long-standing rules of international humanitarian law protect civilian populations and other protected persons and objects against all forms of warfare and against all kinds of weapons, be they old or new, kinetic or cybernetic.”

Multiple countries congratulated Thailand and the Republic of Korea for publishing national positions on international law application in cyberspace. Estonia mentioned the handbook “Developing a National Position on International Law and Cyber Activities” developed by Estonia, Japan, NATO CCDCOE, and the University of Exeter.

### Resistance to Automatic IHL Application

Venezuela explicitly rejected what they characterized as false consensus on IHL application, stating there was “insistence on the existence of consensus, which in our view does not exist, as regards the automatic applicability of international humanitarian law to the cyber sphere.”

The Islamic Republic of Iran similarly resisted automatic IHL application, instead advocating for the principle of “exclusively peaceful purposes” of ICTs and supporting strengthening this language in the report.

### Concerns About Non-Consensus References

The United States and Japan raised concerns about paragraph 41 inappropriately mixing documents of varying legal status, specifically objecting to references to non-consensus documents like the 2021 Chair’s summary. They argued that such references should be removed to maintain the integrity of a consensus-based report.

## Confidence-Building Measures: Building on Success

### Global Points of Contact Directory

There was remarkable consensus that the Global Points of Contact Directory represents one of the most important practical outcomes of the OEWG process. Singapore, the Russian Federation, Fiji, and Indonesia all emphasized the directory’s practical value and the need for smooth transition to the future permanent mechanism.

The Russian Federation noted that the directory requires “smooth transition” and suggested that simulation exercises could help identify problems and improve effectiveness. China provided specific technical suggestions, including changing “manager” to “facilitator” in simulation exercises and ensuring “more open and transparent modalities with member state consultation.”

### Cross-Regional Confidence Building Initiative

Ghana, speaking for the Cross-Regional Group of Confidence Builders (comprising Ghana, Estonia, Uruguay, Philippines, and Kenya), presented a working paper on confidence-building measures and announced plans for a side event to discuss practical implementation approaches.

### Implementation Focus

Canada argued for focusing on implementing the existing eight confidence-building measures rather than developing new ones, stating that “focus should be on implementing existing 8 CBMs rather than developing new ones.” This aligned with the broader theme of prioritizing implementation over expansion.

## Capacity Building Approaches

### Coordination Versus Operational Roles

The European Union, France, Japan, and Canada advocated for the UN playing primarily a coordinating role in capacity building rather than taking on operational responsibilities. France argued that “the UN should play its coordinating role without uselessly duplicating existing initiatives, but rather by adapting to the real needs of countries and providing concrete solutions.”

Canada expressed fiscal concerns, stating they “cannot accept the creation of a sponsorship program before having understood all of the costs entailed by this proposal,” noting that preliminary estimates were much higher than what states could manage independently.

### Support for UN-Led Initiatives

Nigeria, speaking for the African Group, Brazil, and Iran strongly supported establishing new UN-led capacity building mechanisms, including voluntary funds and fellowship programs. Nigeria argued that “establishment of UN Voluntary Fund for capacity building is important proposal,” emphasizing developing country needs.

Brazil supported retaining references to “equitable access to ICT security goods and services” as a way to bridge the digital divide. Iran welcomed the UN Singapore Cyber Fellowship as a “valuable initiative” and supported expanding such programs.

### Cross-Cutting Nature of Capacity Building

Sierra Leone argued that “bridging the digital divide must be treated as a security imperative, not just a development objective.” Fiji emphasized that “capacity building should be cross-cutting issue and standing item in all discussions,” arguing for integration across all aspects of the future permanent mechanism.

### Women in Cyber Fellowship

An area of consensus emerged around the Women in Cyber Fellowship program. Vanuatu, Malawi, and Mozambique specifically highlighted this as a “best practice model” that should be acknowledged and potentially expanded.

## Regional Perspectives

### ASEAN Coordination

Malaysia, speaking for ASEAN, emphasized the importance of international cooperation for developing countries and affirmed the practical value of regional mechanisms in supporting cybersecurity cooperation. Indonesia noted that regional mechanisms play a crucial role in advancing norms discussions.

### African Group Priorities

Nigeria, representing the African Group, emphasized the need for “robust international cooperation against cyber threats” and strongly supported UN-led capacity building initiatives. Algeria highlighted the “growing market for commercially available ICT intrusion capabilities” as posing a “destabilizing threat.”

### Pacific Islands Forum Challenges

Fiji, speaking for the Pacific Islands Forum, raised unique concerns about practical challenges facing small island developing states, including time zone issues where “10 a.m. meeting in New York occurs in the middle of the night across the Pacific.” Fiji emphasized the need for “hybrid and virtual options” while noting these “must not substitute for in-person diplomacy.”

## Emerging Threats and Technologies

Several speakers addressed evolving cyber threats. Mozambique advocated for including “artificial intelligence in the list of emerging digital technologies” and provided detailed analysis of critical infrastructure vulnerabilities, noting that “undersea cables and data centers are strategically important for national survival.”

Papua New Guinea emphasized that “ransomware attacks cause significant harm and disruption to essential public services,” highlighting the real-world impact of cyber threats on essential services in developing countries.

## Future Permanent Mechanism Considerations

Venezuela emphasized the need to “maintain governmental nature of mechanism and existing modalities for non-state actor participation,” while Fiji advocated for a “multi-stakeholder approach essential for incorporating diverse expertise.”

Fiji suggested a “manageable number of dedicated thematic groups with clear objectives,” expressing concern about creating an overly complex structure. Canada suggested streamlining the proposed structure “while focusing on discussions on capacity building that are action-oriented.”

## Key Areas of Consensus

Despite significant disagreements, several areas of strong agreement emerged:

– **Implementation Priority**: Broad agreement on the importance of implementing existing norms, with widespread support for the voluntary implementation checklist

– **Global POC Directory Value**: Universal recognition of the directory as a key practical achievement requiring smooth transition

– **Capacity Building as Cross-Cutting**: Agreement that capacity building should be foundational across all discussions

– **IHL Application**: Strong majority support for confirming that international humanitarian law applies to cyberspace

## Persistent Disagreements

Several fundamental disagreements remained unresolved:

– **Scope of Future Norms Development**: Division between implementation-focused and parallel development approaches

– **UN Role in Capacity Building**: Tension between coordination and operational involvement

– **Legal Framework References**: Disagreements about including non-consensus documents

– **Exclusively Peaceful Purposes**: Debate over characterizing ICTs as exclusively peaceful

## Conclusion

This session revealed both progress and challenges in achieving global consensus on cybersecurity governance. While significant agreement exists on practical measures like the Global POC Directory and implementation tools, fundamental disagreements persist about the scope of future norm development and institutional arrangements.

The Chair announced that feedback from this session would be incorporated into a revised version of the final report, followed by afternoon discussions on the Regular Institutional Dialogue. The depth of disagreements on fundamental issues suggests that achieving consensus will require significant compromise and creative solutions as the OEWG works toward establishing the future permanent mechanism.

The discussion demonstrated the complex intersection of technical expertise, legal frameworks, and political sovereignty that characterizes cybersecurity governance, highlighting the continued need for diplomatic engagement and practical cooperation to navigate these challenges effectively.

Chair: at item five, we will continue our first reading of ref one of the final report, and we will take comments on sections A, B, C, and D, as well as E and F this morning. I will start with the speaker’s list. Based on the remaining list from yesterday, we’ll start with the first speaker, France, to be followed by U.S., Singapore, Sierra Leone, Estonia, New Zealand, and then the list goes on. So, France, you have the floor, please.

France: Thank you, Mr. Chair. In the interest of time, as you mentioned, I will limit my comments to the most problematic points and will refer to the statements of the European Union, which my delegation aligns itself with, for the entirety of the paragraphs that are to be amended in sections C, D, E, and F of the report. For the section on norms, France notes that there is still a strong emphasis on the development of new norms, even though those are not at the core of our work in paragraphs 34 and O to Q. The priority of the future mechanism must be to strengthen the capacities of states, in particular to implement the 11 standards already approved, and that would entail deleting paragraph 34R and paragraph 36. On the other hand, we do not think paragraph 34N to be a new standard, but rather an important and useful clarification for norm 13I of the report of 2015, the OEWG. Lastly, Mr. Chair, and this is to your credit and that of your team, the adoption of a checklist on practical and voluntary actions for implementing these standards seems to us to be an important step forward. On international law, I will limit myself to pointing out two major difficulties in addition to the changes requested by the EU on behalf of more than 30 states in paragraph 39, 40C, 42F, and 43. First of all, my delegation would like to point out that the final report must reflect all of the discussions held by member states during the OEWG process over the past five years. In particular, we support taking into full consideration the work on international humanitarian law. of Resolution on Protection of Civilians of the 34th Conference of the Red Cross and Red Crescent Movement. I was surprised to hear the Russian delegation mention yesterday that the work on protection of civilians was not consensus-based. On the contrary, we commend the fact that this work was carried out under the Global Initiative of the ICRC, the progress made under which could inform the work of the future mechanism over the next few years. Secondly, the section on international law, we believe, lacks clarity because it combines different elements that ought to be reorganized or deleted in order not to erode the framework of responsible behavior of states. Here’s just one example. In paragraph 39B and I, paragraph 80 of the final report of the OEWG, which was referred to, presents concluding observations, not recommendations. So the text here introduces confusion. Paragraph 41 is even more troubling when it comes to its clarity because it ought to be severely edited. We believe that here it also introduces confusion. A letter supported by a very small number of states should not, we believe, be referred to in a report that is supposed to be held by consensus in order to reflect five years of discussions on the important issue of the way in which international law ought to apply in practice to cyberspace. As for the proposal contained in this letter, my delegation fully supports the eloquent arguments put forth by the Ukrainian delegation yesterday. On confidence-building measures, we support the progress made by the OEWG. However, we underscore that having too many proposals runs the risk of diluting progress and might prejudge discussions on the future mechanism, and that is the case of the Global Points of Contact Directory, for example, in paragraph 46B. We support the principle of this, but we would like the development of this to take place in a gradual way to prevent certain states from using it irresponsibly. We believe that the final report ought, first and foremost, to concentrate on the implementation of the eight already adopted confidence-building measures, and therefore we suggest not including in the report proposals that have not been adequately discussed in paragraphs 46, 50, and 46I. final section on capacity building, we’d like to raise a question to help guide our discussions. How can this report help lay the groundwork for improved capacity building that would be more efficient and effective? Capacity building, as you know, is of crucial importance in our proposed program of action to make cyberspace safer. Coming to this end, we must ensure that the UN plays its coordinating role without uselessly duplicating existing initiatives, but rather by adapting to the real needs of countries and providing concrete solutions. This requires, we believe, two different pillars. The first pillar is to focus on mature initiatives and take the time that we need to produce really viable solutions in the long term. For example, the idea of creating a UN-level sponsorship in paragraph 56. We are currently financing a sponsorship together with Ireland in our national capacity, which is further proof of our commitment to participation of all in UN discussions. However, given that there are other sponsorships that also exist and work quite well – for example, women in cyber – we should not assume the outcome of discussions under the Future Mechanism discussions that are based on a feedback that we need to still carry out. Secondly, improved capacity building requires an action-oriented structure for the Future Mechanism. In this regard, we thank the group states of the LAC region and the Pacific Island Forum for their feedback, which helped inform the proposal that we will develop on the RID section later today, especially with regard to a thematic group on resilience, which will be based on a roundtable on capacity building in order to foster exchanges between experts. This proposal, dear colleagues, has already been published online in the form of a working paper on the OEWG site, which was published a few days ago. And during our statement on RID, we will provide more detail on that. Thank you very much, Chair.

Chair: Thank you very much, France. Please do share your statement with all delegations, including with me. Thank you very much. The United States, followed by Singapore.

United States: Good morning, Chair and all colleagues. I will take the direction to address the various sections today, beginning with norms, I think. If I can do it. Okay. Here, let me trade with you. There we go. Chair, we believe that the norms section of the report does not reflect a good faith effort to accurately reflect the conversation of the OEWG over the past four years. It places undue emphasis on the elaboration of new norms in the future at the expense of the fulsome discussions that took place on the implementation of the existing consensus norms. As we have heard from several delegates over the past day, no consensus exists on the need to elaborate additional norms. For this reason, we require the deletion of paragraphs 34R and 36, as requested by the Netherlands and, as you have heard from other states. And in addition, as also raised by other states, 34Q should also be deleted. given its reliance on the non-consensus 2021 Chair’s summary. Paragraphs 34.0 and P already discuss the potential for elaborating new norms. And the addition of paragraphs Q and R unacceptably tilts this balance of this section toward the development of new norms. And along those lines, we support others who have called for paragraphs 34.0 and P to be combined. As observed by the Republic of Korea yesterday, we still have much work to do to implement the 11 consensus norms. We should not overburden states by prioritizing the development of new norms when there is no consensus that there are gaps that need to be filled. With respect to paragraph 34.N, we support others who have requested that it be incorporated into the chapeau portion of paragraph 34, as the text in N itself is not appropriately characterized as a proposal, quote unquote. We also support the proposal put forward by the UK yesterday for the addition of to the chapeau of consensus language from the 2021 GGE report, referencing the 11 norms. In lieu of the current paragraph 36, we propose the following text. States agree to continue supporting and furthering efforts to implement the 11 consensus norms, including through the incorporation of relevant stakeholders in future discussions and the exchange of best practices, end quote. Finally, paragraph 35 will require adjustment to reflect the deletion of paragraphs 34.Q and R. Moving now to the topic of international law, the report should reflect the progress made in discussions of how existing international legal obligations apply. to state behavior in cyberspace, including our robust discussions of international humanitarian law. We also think it would be appropriate for the report to acknowledge the consensus resolution on IHL and the use of ICTs adopted at the 34th International Conference of the Red Cross and Red Crescent, just as we heard from the French just now. Contrary to some assertions we heard yesterday, the UN is not the only, or even the primary place where discussion of international law and ICTs can or should occur. Indeed, the Red Cross movement has long played an important role in promoting IHL and its implementation. Its efforts to do so with respect to new technology should be commended, not silenced. Discussions in this group have also demonstrated that states do not agree that there is a need for new binding obligations. The United States cannot accept any language calling for the creation of new binding international legal obligations, including within the mandate of the Future Mechanism. Furthermore, draft text in the report conflating documents of varying legal status is unhelpful and unacceptable. Specifically, in paragraph 38, we request the removal of the reference to the 2021 OEWG report summary, which was, as we’ve stated before, not a consensus document. That reference is repeated throughout this section, and we object to those repeated references to a non-consensus document from a previous working group. Paragraph 39bii is about norms and has no place in the international law section. We realize this error was made in a previous report, but we do not see the need to confuse future generations of it with its repetition here. We regret that language in paragraph 40c that stated an ICT operation may constitute a use of force when its effects are comparable to a non-ICT incident meeting, that threshold was deleted. We request the reinsertion of that language reflecting this. We cannot accept paragraph 41 as currently drafted. This paragraph includes a long list of documents with varying legal status, not all of which pertain to how international law applies to the use of ICTs in the context of international security, and not all of which have been submitted to the OEWG for discussion. We regret that the report continues to elevate more extreme proposals by a small group of states over those that have enjoyed widespread and cross-regional support. We request deletion of paragraph 42F. That text is already included in Annex C of the 2024 APR, and repeating only that text as violence to the carefully constructed compromise that paragraph represents. In paragraph 43, we request the removal of all of the text after, quote, in the use of ICTs, end quote, to include the non-exhausted list in paragraphs 39 to 42 above. And once again, the 2021 OEWG Chair Summary for the reasons we’ve already noted. Moving on to addressing confidence-building measures. As I mentioned in my remarks yesterday, the United Nations must focus on its core mission, promoting peace and security, and in this regard, we encourage continued confidence-building measures as we look to establish the future permanent mechanism. We appreciate the draft report’s reference to the simulation exercise carried out by UNIDIR in March, as well as its recommendations for future ping tests and simulation exercises. It is inappropriate for the final report to prematurely commit the future future mechanism to devoting time to specific measures, for instance, through the references to the template in paragraph 46E. In this regard, we appreciate that paragraph 50 has been edited to remove adoption. With respect to the points of contact network, we appreciate the work the Chair and the Secretariat team have put into its development. We also note the importance of ensuring that it is used for its intended purpose and does not duplicate other mechanisms. And finally, for the section in paragraph 46L, we do not support the inclusion of the text saying, quote, including relating to the facilitation of access for all states to the market for ICT security goods and services, end quote. There is no need to highlight one specific CBM proposal in this context, particularly when others are not mentioned and when it does not enjoy consensus. Moving now to capacity building, the OEWG’s focus on capacity building is for a specific purpose, implementing the framework and drawing attention to the specific needs that states have in their efforts to implement the framework’s recommendations. Capacity building discussions within the OEWG have served as a powerful demonstration of all the work happening around the world in this regard, and the report should reflect that fact. At the same time, the OEWG is not principally a venue to address cyber assistance matters writ large. In the context of UN80 and the UN’s financial crisis, we cannot support an operational role for the UN in capacity building measures or initiatives that would require additional resources. We also do not think that the topic should overwhelm our other priorities in these final negotiations. Instead, the report’s capacity building discussions should demonstrate the depth of and progress in our discussions, but should not at this stage in the OEWG create new processes or mechanisms for capacity building, particularly those that have not been adequately discussed in the group. For example, the function of the proposed global ICT security cooperation and capacity building portal, as outlined in paragraph 52F, seems to be much broader than anticipated and it remains unclear how it would avoid duplication with existing portals like the UNIDIR cyber policy portal and the GFC civil portal. We would support a more incremental approach to establishing the GSTCP, particularly with a view toward its role as a platform for the future permanent mechanism. Proposals such as the Cyber Resilience Academy in paragraph 52IB, which have not been discussed at length within the OEWG, should not be elevated to the same level as those in the GSTCP, which states have discussed for over a year. We do not support the development of the UN fund mentioned in paragraph 52J. Many similar sponsorships programs already exist, as so elegantly articulated by our French colleagues just now, and involving the UN in an operational role in this regard, particularly in a time of increasing fiscal constraints, will only serve to create additional overhead with minimal value added. States affirmed in the third annual progress report, as well as in statements throughout the last year, that capacity building will be a key cross-cutting discussion topic in the future permanent mechanism. However, it is not appropriate to overburden the future mechanism with capacity building items at this stage, and for all of these reasons, we do not support the operationalization of proposals in paragraph 55 to 57. Thank you, Chair.

Chair: Thank you. United States, Singapore, to be followed by Sierra Leone.

Singapore: Thank you, Mr. Chair. and Principles section, Singapore supports Paragraph 34.0, which recalls the mandate of the OEWG on the further development of the rules, norms and principles of responsible State behaviour, including the ways for their implementation and, if necessary, to introduce changes to them or elaborate additional rules of behaviour. We also support Paragraph 34.p, which states that additional norms could continue to develop over time, and the implementation of existing norms were not mutually exclusive but could take place in parallel. Chair, given the rapidly evolving and dynamic cyber-threat landscape, we need to carefully consider if and what new norms, in addition to the existing ones, are needed to respond to these new and emerging threats. The effective implementation of existing norms is necessary to better understand what new norms are needed, especially for small and developing countries, which have to decide on how best to implement norms based on their national priorities and resources. In our view, the implementation of existing norms and the discussion of new norms, where necessary, do not need to be mutually exclusive. This should be done through an incremental approach that first builds on implementing the existing norms we have today, identifying the gaps which exist, and tying the development of new norms to clear guidance that can help States understand and implement these norms, taking into account their own national priorities and resources, together with capacity-building activities needed for such implementation to be effective. The Voluntary Checklist of Practical Actions for the Implementation of Voluntary Non-Binding Norms of Responsible State Behaviour in the Use of ICTs at NX1 is also a useful guide towards this outcome. Singapore further supports a recommendation in Paragraph 36 for the UN Secretariat to compile and circulate a non-exhaustive list of proposals from States on rules, norms and principles of responsible behaviour of States for discussion purposes in this context. This non-exhaustive list will provide a concrete and comprehensive base for discussions for the future permanent mechanism, particularly in the areas of norms implementation, norms elaboration. International law. Singapore views international law as a key component of the OEWG’s work. The fostering of common understanding among states in the application of international law to the ICT context will help contribute to greater peace, security and trust among states. Singapore sees considerable value in states issuing national statements or regional statements which contribute to the aki of states understanding on how international law applies in cyberspace. We agree with the observation in paragraphs 42C and D as well as the recommendation at paragraph 44. There have been robust discussions in the OEWG on the application of international law to ICTs. The key principles set out in paragraph 40 of the draft report form an important foundation upon which deeper understanding can be built. Singapore remains willing and open to engaging in future discussions on the application of international law in the ICT environment. We believe the scenarios-based exercises would be a useful avenue for such discussions. Chair, capacity-building, as reflected by many delegations in international law, is an essential part of fostering common understanding on how international law applies in the use of ICTs. We agree with the urgent need to continue capacity-building efforts with the aim of ensuring that every state has access to the necessary expertise and is able to participate in such discussions on an equal footing. In this regard, Singapore welcomes and supports the inclusion of paragraph 42E as well as the recommendation in paragraph 45. Conference building measures on this section we agree with paragraphs 46B and C, which outline the need to take a step-by-step approach for the smooth transition of the global POC directory to the future permanent mechanism. On capacity-building, the draft report captures our extensive discussion over the course of the OEWG. In this regard, Singapore supports the draft text and recommendations in the capacity-building section, including the call for states to support and sponsor the participation of developing countries in the meetings of future permanent mechanism and other capacity-building programs on a voluntary basis where feasible. Singapore continues to support action-oriented capacity-building and ICT security, as it is key in supporting states across all pillars of the OEWG’s work and future mechanisms, and welcomes the recommendations in paragraph 45. 53. Singapore also welcomes the inclusion of the need for multidisciplinary, needs-based capacity building and capacity at the leadership level in REF 1 of the draft. Finally, Chair, coordination of global capacity building efforts is important so as to reduce duplication and ensure that our resources are maximised. To this end, we look forward to the establishment of the Global ICT Security Cooperation and Capacity Building Portal and to the update from the UN Secretariat, as mentioned in PARA 55. Thank you, Chair.

Chair: Thank you very much, Singapore, for your statement. Sierra Leone, to be followed by the European Union.

Sierra Leone: Thank you, Mr Chair. As this is the first time Sierra Leone is taking the floor, the delegation of Sierra Leone expresses its thanks and appreciation to you for your continued able stewardship of the OEWG since 2021. We also commend the Secretariat for its tireless efforts in facilitating this important process. We believe that the current draft report represents a balance towards building consensus for Member States. We align ourselves fully with the statement delivered by the Distinguished Representative of Nigeria on behalf of the African Group and wish to add the following in our national capacity. Sierra Leone welcomes recognition in paragraph 9 of the draft report regarding the importance of capacity building as both a cross-cutting element and a foundational pillar for strengthening international ICT security and advancing responsible state behaviour in cyberspace. We particularly support emphasis on sustainable, effective solutions and the call for a needs-based, inclusive approach that reflects the realities of all Member States. As a developing country, we underscore that bridging the digital divide is not only a matter of development, but also a matter of peace, security and digital stability. sovereignty. We must stress that the current levels of ICT infrastructure, skilled human resources and institutional capacity of developing countries remain significantly below those of more digitally advanced states. Therefore, for capacity building to be truly effective and equitable, it must be tailored long-term and responsive to national context. We also particularly support proposals in paragraphs 55 to 58 in this regard. We would like to recommend the inclusion of the text. Quote, targeted support for developing countries with limited ICT infrastructure and expertise is essential to enable their effective participation in the international ICT security framework and to avoid deepening existing digital inequalities. This includes the option of technology transfer as appropriate. End quote. We therefore reiterate a core that the future permanent mechanism must prioritize the needs of developing countries and build on capacity building principles already agreed in the 2021 OEWG report and subsequent annual progress reports. Chair, we further express serious concern about the increasing frequency and sophistication of malicious ICT activities that target critical infrastructure and critical information infrastructure. We welcome the emphasis in paragraph 17 of the report on the cross-border and cascading effects of such attacks, particularly those targeting healthcare, energy, and financial sectors. In many developing countries, the digital divide amplifies our vulnerability to such threats. Limited national capacity to prevent detect or respond to attacks on CI and CII puts essential services, economic stability and public trust at grave risk. We therefore call for the draft report to reflect increased focus on protecting the CI and CII of developing countries through strengthened international cooperation, information sharing, capacity building and technology transfer as applicable. We also stress the need for greater accountability for actors engaged in malicious cyber activity targeting essential public systems. We emphasize that building the digital divide must be treated as a security imperative, not just a development objective. Finally, we urge that the future permanent mechanism also includes provisions for equitable access to threat intelligence, early warning systems and technical assistance, ensuring that no state is left behind in the pursuit of a safe, secure, stable and inclusive cyberspace. I thank you, Mr. Chair.

Chair: Thank you very much, Ghana, for your statement. I give the floor now to the European Union, to be followed by Malaysia.

European Union: Good morning, Chair. Let me deliver my statement, indeed, on cyber capacity building. I have the honor for this statement to speak on behalf of the European Union and its 27 member states, as well as the candidate countries North Macedonia, Montenegro, Serbia, Albania, Ukraine, Republic of Moldova, Bosnia-Herzegovina and Georgia, the EFTA country Norway, member of the European Economic Area, as well as San Marino, align themselves with this statement, 37 states. Chair, over the past five years, delegations, including our own, have voiced the importance of capacity building for security and stability in cyberspace, and also for the need for our new mechanism’s core function to be, as also agreed in Annex C last year, as supporting states in building cyber resilience and secure our growing digital economies. We need to add a more practical dimension to the United Nations’ work through capacity building that is effective and sustainable, and supports states that are adhering to their international obligations. It is therefore important that the report outlines a solid global framework and eco-friendly ecosystem on capacity building that addresses the needs of UN member states and enables those that provide and receive capacity building to understand, design, and implement these efforts together. As ICT-related capacity building is an issue that extends beyond the context of the United Nations, many UN organizations as well as individual UN member states and regional organizations are already conducting ICT capacity building. Therefore we need to make sure that we do not duplicate our efforts at an additional cost, but rather make the best use of all the existing initiatives. The EU and its member states have been at the forefront of building capacities of partners all around the globe, and today the EU is running a portfolio of an estimated volume of €135 million throughout 26 projects with new programs being implemented in all regions. Other regional organizations are also active contributors to cyber capacity building efforts in their regions, and we would therefore suggest to add a paragraph on the role of regional organizations in delivering and coordinating capacity building efforts, as well as a paragraph on all the existing fellowships and sponsorship programs, acknowledging these efforts already taking place in line also with the non-paper on interregional cooperation, as well as the Pacific Island foreign paper on connecting regional priorities to the UN framework. While we certainly recognize the UN’s role as an inclusive convening platform to continue exchanging views, ideas and best practices related to capacity building, we also need to be mindful of the position that the UN is currently in. We must carefully consider the approach to any new financial structures at a time when there is a request to reflect on efficiency and effectiveness of even existing mandates, in particular as the activities envisioned are in some cases implemented already by actors outside of the UN. We therefore need to ensure that the report is realistic and puts an emphasis on an ecosystem that is needs-based, action-oriented. as well as implementable. In the EU’s vision, also laid down since 2020 in our proposal for a UN Cyber Program of Action, the permanent mechanism will place a capacity building at the heart of its work. In addition to continued discussions on capacity building in the plenary sessions, the permanent mechanism would include cyber capacity building as a standing item of each of the programs of work of each of the dedicated thematic groups, enabling states to identify and match their needs based on the cross-cutting discussions taking into account all of the dimensions of the UN framework, ensuring with that a holistic approach to capacity building in the context of ICT security. This space could also be used to share experiences, lessons learned, and best practices on capacity building relevant to the topic of discussion of that thematic working group. Furthermore, an action-oriented round table on cyber capacity building could complement these efforts by providing a dedicated capacity building structure as called upon. This dedicated structure would bring together experts on capacity building to discuss, to identify, and to open up opportunities for further international, regional, bilateral, and multi-stakeholder cooperation, exchange information on capacity building programs and initiatives, and to make action-oriented recommendations to the plenary on how to further coordinate and improve capacity building practices, including on the UN tools we have at hand. Finally, the global ICT security cooperation and capacity building portal could function as a central hub for information, expertise, and input, including from non-governmental entities, such as businesses, non-governmental organizations, and academia, noting their efforts in the delivery of capacity building as well, while avoiding duplication. With this ecosystem outlined, we aim to integrate capacity building into all of the different elements of the Permanent Mechanism as a key pillar of the framework of responsible state behavior. With action-oriented discussions, with map-making and network opportunities, information resources that would systematically discuss and address needs, we can create solutions and allow for the exchange of best practices and strong international cooperation. in building and the actual delivery of capacities. It is important that the final report there represents an ecosystem that provides such coherence among the various components of the permanent mechanism, how they function as a unified whole, and how they address the needs of the international community concretely. This approach will ensure that the UN continues to strengthen its role in galvanizing capacity-building ecosystem while minimizing the risk of duplication, existing delivery mechanisms. Thank you very much, Chair.

Chair: Thank you very much, European Union. And my apologies to Sierra Leone, which had made the statement earlier, and I had thanked Ghana instead of Sierra Leone. So keeping up with the long list here, and the electronic list has multiple names here, which is difficult to keep track. My apologies once again. Thank you also to Sierra Leone. I give the floor now to Malaysia, to be followed by Nigeria.

Malaysia: Mr. Chair, I have the honor to deliver this statement on behalf of Association of Southeast Asian Nations on capacity-building. ASEAN values the robust and constructive engagement demonstrated throughout the work of this open-ended working group. With regards to capacity-building, ASEAN stresses the importance of international cooperation and capacity-building in the field of ICTs in enabling states, especially developing countries, to effectively address evolving threat in cyberspace. The inclusive nature of the OEWG has been particularly valuable in underscoring capacity-building as a fundamental pillar of cyber resilience and in bridging the global digital divide. digital divide. Over the years, ASEAN has proudly played its part and contributed to this topic by highlighting our efforts to enhance regional capacity. By sharing what works for us, we hope others can learn from our experiences too, so that all digital economies, big and small, can grow safely and securely together. Mr Chair, we must not only preserve this momentum of capacity-building discussions, but also elevate it by translating them into concrete, result-driven actions. Equally important is retaining the prominence of the element of capacity-building in the future permanent mechanism. Therefore, ASEAN supports the development of practical capacity-building tools, as well as institutionalising cyber capacity-building within the UN framework. We hope these critical elements will be maintained in the final report. Overall, Mr Chair, ASEAN is fully committed to engaging constructively with all partners within the OEWG, as we work towards reaching consensus on the final report, and to advance our shared vision of an open, safe, secure, stable, accessible, interoperable, peaceful and resilient cyberspace. Thank you.

Chair: Thank you very much, Malaysia, speaking for ASEAN. And I give the floor now to Nigeria, to be followed by Ghana.

Nigeria: Thank you, Mr Chair. I’m pleased to deliver this statement on behalf of the African group. Thank you, Mr Chair. I’m pleased to deliver this statement on behalf of the African group. The statement is as follows on capacity building. The African group wishes to highlight the extraterritorial nature of cyber attack and malicious ICT activities as well as the increase in targeting of critical information infrastructure and ransomware attack through territories of member states by third parties. Therefore we reiterate the importance of ensuring that the use of ICT is fully in accordance with the purpose and principles of the Charter of the United Nations, international law and especially the principle of sovereignty, non-interference in internal affairs and the well-established principle of peaceful coexistence among states. We also wish to note the involvement of non-state actor and criminal group in such activities which entail a specific emphasis on the importance of national sovereignty, equality and security which by extension require robust and effective international cooperation. This will ensure that all states regardless of their level of development have the necessary capacity and capability to enable them to protect and defend themselves against threats on the basis of national ownership irrespective of degree of economic development. It is imperative to state that one useful tool in this regard is the operationalization of the global intergovernmental POC directory to improve the level of information sharing and transparency between states in a way that enhances our collective ability to mitigate threats and develop tools to protect the security of ICT network and applications. The African group supports the establishment of a dedicated ICT security cooperation and capacity building portal and further underlines the need to develop and improve the ICT security a separate fellowship program under the auspices of the United Nations, similar to that of Small Arms and Light Weapons. We also align with the joint fellowship by Singapore and the UN, both with extended scope and coverage to provide the necessary tools for diplomats and other official practitioners. We equally believe that the establishment of a UN Voluntary Final dedicated to capacity building is a proposal that should be advanced and given adequate attention. Finally, Mr Chair, the African Group wishes to stress that capacity building is an issue that should be dealt with in a pragmatic manner rather than a theoretical approach and should be part and parcel of discussion on a common understanding of the threats, the tools to prevent them, and the ability to provide – an ability to respond norm and CBM implementation and how international law applies in the use of ICT. Thank you, Mr Chair.

Chair: Thank you very much, Nigeria, speaking for the African Group. Please do share your statement with everyone and also with the Chair’s office. Ghana to be followed by Estonia.

Ghana: Thank you, Mr Chair. It’s an honour to deliver the statement on behalf of the Open Informal Cross-Regional Group of the OEWG Confidence Builders. Over the years, we’ve grown into one of the biggest cross-regional groups now comprising the following states – Australia, Brazil, Canada, Chile, Colombia, Czech Republic, Dominican Republic, Fiji, Ghana, Germany, Israel, Republic of Korea, Mexico, the Netherlands, and Singapore. We have published a final working paper titled Confidence Building Measures, a Recap, and a Vision for the Future Permanent Mechanism. The paper recalls how the group took a step-by-step approach to support the development, the move towards consensus, and subsequent launch and operationalization of the initial list of voluntary confidence-building measures, including the Global Points of Contact Directory. The Confidence Builders Group intends to continue contributing in the future permanent mechanism to guide the inclusive operationalization and implementation of the eight global confidence-building measures. We seek to advance the understanding of how cyber confidence-building measures contribute to addressing policy challenges together with other pillars of the framework of responsible states’ behavior in the use of ICTs. The paper suggests which specific CBMs could be used to address specific policy challenges, such as the protection of critical infrastructure or the management of ICT-related incidents. Finally, the final report should focus on capturing the significance achievements under your leadership, Mr. Chair, and strengthen our commitment to the implementation of the eight consensus confidence-building measures. As a group, we look forward to building on that legacy and carrying it forward. I thank you, Mr. Chair.

Chair: Thank you very much, Ghana, for your statement on behalf of the Cross-Regional Group of Confidence Builders, and also for the submission of a joint working paper, which is very useful and very constructive. Thank you to you and to all members of your group. Friends, we have about 37 delegations with us to speak on Sections A to F, essentially. I would like to give all of you a chance to speak, so once again I urge you to be telegraphic in your points, and highlight the key points that you would like everyone to know about. And if your positions have been covered by group statements already made in the discussions, you can just align with the statement and make any points not already made. I think we are at a stage where we need to know where delegations stand and what their expectations are, and so this discussion is important. I do not intend to muzzle you, but time is a constraint, because I would like to get to RID this afternoon. I mean, that is the plan. So we’ll continue with the speakers list, now starting with Estonia, to be followed by New Zealand.

Estonia: Let me begin by thanking the Chair and his team for their efforts and steady leadership throughout this important process. Estonia aligns itself with the statements by the European Union, and that’s the following in its national capacity, focusing only on the most essential points. Firstly, we would like to support under the threats section those who have argued for amending paragraph 15, that in Rev 1 refers to exclusively peaceful purposes of ICTs. Current wording does simply not correspond to the reality, nor to the previous discussions within the different OEWG sessions. We would support the Australian amendment in this regard, or any other similar compromise solution like the one voiced by Ukraine. We would like to briefly address the chapter on norms. We believe that the existing norms constitute a comprehensive framework to govern the responsible state, behavior, and cyberspace. It is imperative to prioritize the effective implementation of these established norms, accompanied with targeted capacity building initiatives, to ensure their practical application. We welcome the voluntary norms implementation checklist, as it provides a clear roadmap for states in that process. So far, the deliberations within the OEWG concerning the formulation of new norms have remained predominantly theoretical and have not gathered consensus. Therefore, at this stage, we do not support the calls for new norms, and we think that such calls in the final report are unwarranted and should be deleted. We support those who have suggested to merge paragraphs 34-O and 34-P, and to delete paragraphs 34-Q and 34-R. Estonia highly appreciates the opportunity to engage in discussions about the applicability of international law in cyberspace. We reiterate that the existing international law, including the UN Charter, International Humanitarian Law, and International Human Rights Law, is applicable also in cyberspace. The current rules are technologically neutral, and they underline that the state behavior and the development of new transformative technologies do not change the applicability of international law. The draft report reaffirms the prohibition of the threat or use of force, a well-known fundamental rule enshrined in the UN Charter. However, unlike the zero draft, the current revision does not highlight that. that an ICT operation may constitute a use of force when its scale and effects are comparable to a use of force by a non-ICT operation. We request that the text of paragraph 40C is reverted back to its previous form. We welcome that the draft final report refers to international humanitarian law, but it could address the subject matter more substantially. It is not enough to acknowledge that international humanitarian law, including the principles of military necessity, humanitarian distinction, and proportionality apply in armed conflicts. We need to link the discussion to state behavior in cyberspace. We would refer here to the wording suggestions presented by the EU. In paragraph 41, we cannot support the reference to a convention on ensuring international information security as it moves too far from the UN framework, and we think that there were no substantial discussions in the Open and Working Group on that proposal for additional legally binding obligations. We believe that reference should be deleted. We welcome the active participation of an increasing number of states in the deliberations about the application of international law in cyberspace. Over time, we have witnessed that states have become more aware about the legal aspects of the use of ICTs, and a significant convergence has happened among states regarding their perspectives. To enable all states to meaningfully participate in these critical conversations, states have reiterated the importance of developing national positions about international law in cyberspace, and have endorsed the continued voluntary sharing of national views on related issues. So far, 33 states have prepared individual national positions. Sorry, with yesterday’s statements by Thailand and the Republic of Korea, the number is now 35. Recently, an important resource was published to guide states through the process of developing their national position. It’s called a Handbook on Developing a National Position on International Law and Cyber Activities, a Practical Guide for States, which was. was the result of a project co-sponsored by Estonia, Japan, the NATO Cooperative Cyber Defense Center of Excellence, and the University of Exeter. The handbook offers concrete guidance on key motivations, procedural steps, legal issues, and presentation strategies for states developing or reviewing their national positions. On capacity building, Estonia has been very active in various capacity building activities throughout the years, and we remain committed to it. We acknowledge the valuable role of the UN as a platform for sharing experiences and good practices on capacity building. At the same time, we should be very mindful of UN’s limitations and creating of new financial structures without considering budgetary implications, especially when similar activities are already being carried out by other actors. Capacity building will clearly be an important pillar of the future permanent mechanism, and it is essential to engage with it in a practical, action-oriented, and substantive manner, while also strengthening international cooperation in this era. When it comes to the Global ICT Security Cooperation and Capacity Building Portal, we believe it could function as a central information hub for the future permanent mechanism. It should include information, expertise, and information on ongoing capacity building initiatives, as well as lessons learned, including the Global Roundtable on Capacity Building, future players, academia, and non-governmental entities. This would help to further coordinate and improve capacity building activities. However, the portal needs to make sure not to duplicate already existing mappings, such as the GFC’s civil portal or the EU Cybernetics mapping of EU member states’ capacity building projects. Finally, one of the examples of how Estonia, together with the European Union, is contributing to advancing free, open, safe, and secure cyberspace is the Italian Cyber Diplomacy Summer School. The latest iteration of the summer school took place in Tallinn from 20th to 26th of June this year, and welcomed 60 diplomats from 54 countries across the globe for a five-day program of cyber diplomacy. We are grateful also for the insightful introductory address of the chair of the Open Ended Working Group at our school. The summer school is now complemented also by a three-day winter school. and webinars for the alumni of the summer school as well as two-week fellowship program designed to foster a gender-balanced network of cyber diplomacy experts across the globe. This is not just training experts, but also building a community. Thank you very much.

Chair: Thank you very much, Estonia, for your contribution. New Zealand to be followed by Brazil.

New Zealand: Thank you, Chair. We align ourselves with the statements delivered by Fiji on behalf of the Pacific Islands Forum and offer the following in our national capacity. As this is our first intervention, we’ll take up your suggestion that we speak to our key concerns across sections A to F of the report altogether. On threats, we agree with the concerns raised by a number of delegations around the last sentence of paragraph 15. As others have noted, the new proposed language on exclusively peaceful purposes is inconsistent with previous language and does not reflect current reality. It also fails to reflect the fundamental relevance of international humanitarian law, which in situations of armed conflict applies to cyber activities. On norms, the existing framework for responsible state behavior, if fully implemented, provides a solid foundation for states to collaborate in maintaining a stable and peaceful cyberspace. The report should more clearly acknowledge this fact. The possibility of new norms, if necessary, logically flows from identification of gaps, if any, that are found when implementing the framework. As the UK has noted, we have not seen any discernible progress on this issue over the past 12 months. We’ve also heard that for many states, their priority is implementing existing norms rather than diverting resources to consider new norms. The statement yesterday from the Pacific Islands Forums speaks directly to this perspective. We therefore do not support the proposal that secretariat resources should be invested in preparing the list. outlined in paragraphs 34R and 36. We acknowledge that there is a desire among some to explore new norms. We don’t dismiss that desire, nor is our mind closed to the possibility. Indeed, this is recognised in Annex C from last year’s annual report. We simply think it makes more sense to take a deliberate, step-by-step approach. In this respect, the proposed list exercise is premature and would be better left for the permanent mechanism to consider in due course. On international law, we are unsure of the intention of paragraph 43. This paragraph seems to articulate the permanent mechanism’s function and scope when it comes to discussions on how international law applies in the use of ICTs. But Annex C from last year’s annual report already outlines the permanent mechanism’s function and scope, including on the question of how international law applies. We are therefore unsure how to reconcile Annex C with what is proposed in paragraph 43. On such an important issue, this uncertainty is not helpful, and we’re concerned that it risks disrupting the delicate consensus reached in Annex C. We therefore support the suggestion that paragraph 43 be streamlined by deleting everything that comes after the phrase, quote, how international law applies in the use of ICTs, end quote. On paragraph 41, we have reservations about an approach which highlights a, quote, variety of perspectives, end quote, on the topic of how international law applies. This variety approach necessarily involves highlighting some perspectives and not others, which introduces a challenging dynamic to this discussion. We encourage a rethink of the approach of this paragraph. If the report is going to list a variety of perspectives on how international law applies, then at a minimum, those perspectives should actually relate to the issue of how international law applies. For this reason, the reference to additional legally binding obligations and reference to a letter submitted by a small number of states regarding a convention do not warrant inclusion in the report. this paragraph. Finally on international law, I take this opportunity to note that two weeks ago New Zealand issued an updated position statement on the application of international law to state activity in cyberspace. This is available as a working paper of the OEWG. On confidence building measures, we think that the permanent mechanism’s priority should be to support the implementation of CBMs that have already been agreed, rather than trying to develop specific new CBMs as proposed in paragraph 46L. A longer list of CBMs which are not implemented risks diminishing confidence rather than building it. Of course, in due course the permanent mechanism could decide for itself when the time is right to develop new CBMs. Finally on capacity building, we highlight the important regional contribution made by the Pacific Islands Forum in its recent working paper. This contains a range of principles and priorities from a Pacific perspective, including the importance of treating capacity building as a cross-cutting issue. While there’s strong agreement on the importance of capacity building, the report seems to be struggling to deliver on this aspiration in practice. New Zealand can be flexible on this, but is looking for an outcome that is coherent, calibrated and constructive. It should be coherent by responding to identified needs and avoiding duplication. It should be calibrated to the UN’s current fiscal context. And most importantly, it should be constructive by actually delivering practical support and improved outcomes. Thank you.

Chair: Thank you, New Zealand. Fiji to be followed by Mexico.

Fiji: Thank you, Chair Bulavanaka and good morning, dear colleagues. I have the honour to deliver this statement on behalf of the Pacific Islands Forum with a presence in the United Nations, namely Australia, the Cook Islands, Fiji, Kiribati, the Federated States of Micronesia, the Republic of the Marshall Islands, Nauru, New Zealand, Palau. Papua New Guinea, Samoa, Solomon Islands, Tonga, Tuvalu, and Vanuatu. Chair, on confidence-building measures, we commend the successful operationalization of the Global Points of Contact Directory. It is important that this mechanism is maintained and strengthened in the future permanent mechanism. CBMs play a critical role in building trust, especially in regions with limited capacity. We would welcome greater support for regional-level CBMs, including set-to-set cooperation and national exercises. Similarly to norms, at this stage, we are focused on implementing the existing CBMs as a region. Chair, if I may, we’d also like to give our comments on the regular institutional dialogue. And we support the establishment of a future permanent mechanism that is consensus-based, inclusive, transparent, and technically robust. We underline the need for practical participation measures. Hybrid and virtual options must be available, but they are no substitute for in-person diplomacy. The challenge of time zones for Pacific delegations must be taken seriously. A 10 a.m. meeting in New York occurs in the middle of the night across the Pacific. And to ensure equal footing, we welcome efforts to support the participation of developing country delegations with due regard for geographical representation and gender balance. We also call for a manageable number of dedicated thematic groups with clear and coherent objectives and with strong support from the U.N. Secretariat and regional organizations. This structure must enable smaller delegations to participate meaningfully, not overload them. Above all, the mechanism must have a mandate to support practical implementation of commitments, and all recommendations should be based on consensus. Our view remains that capacity building is a cross-cutting issue that should be a standing item on any discussion under the future permanent mechanism. And we are pleased to hear similar calls from other delegations, including at the chair’s informal town halls. Capacity building is crucial. to sustain our collective digital developments. Siloing those important discussions does not help us move closer to our goal of an action-oriented and practical permanent mechanism, and the same applies to discussions on international law. Chair, the Pacific emphasizes the importance of a multi-stakeholder approach which enriches our discussions by incorporating the diverse expertise, research and resources of academia, civil society, the private sector, and the technical community to improve our collective cybersecurity and resilience. For the future permanent mechanism to meaningfully include stakeholders, we need to improve accreditation and participation modalities. Stakeholders’ input will be essential both in formal and informal meetings. Chair, in conclusion, we stand ready to work with you and all delegations in a spirit of partnership to bring this OEWG to a successful close and ensure a strong and practical foundation for the future. We remain committed to a secure, stable, open and peaceful ICT environment and to ensuring that all countries, regardless of geography or capacity, can help shape their future. Thank you, Chair.

Chair: Thank you very much, Fiji, for your statement. I give the floor now to Mexico to be followed by Brazil.

Mexico: Ambassador Gaffour. Ambassador Gaffour, Excellencies, in September 2024, Brazil, China, France, Jordan, Kazakhstan and South Africa, together with the ICRC, launched the Global Initiative to Galvanize Political Commitment for International Humanitarian Law. They called on all high-contracting parties to the Geneva Conventions to reaffirm sustained political will to respect, implement and strengthen international humanitarian law, IHL. As co-chairs of the ICT workstream, Luxembourg, Mexico, and Switzerland, we have answered this call, and we are heartened that many others have joined us in the work of the Global Initiative. This statement is delivered on our behalf as co-chairs of the ICT workstream. Excellencies, the malicious use of ICTs is a reality in today’s armed conflicts. While cyber operations disrupt essential services such as electricity, water, communications, banking, hospitals, and humanitarian operations, they endanger civilian lives, and they exacerbate the hardships suffered by civilian populations. When civilian infrastructure is disabled, essential services cannot be delivered, and we, as states, cannot fulfill our fundamental responsibility to protect our populations. For five years, this OEWG has provided a central intergovernmental forum for the examination of the security of and in the use of ICTs. By adopting a consensus report, we will take an important step towards safeguarding civilian populations, economies, and governments against malicious ICT activities. Excellencies, we share the commitment to maintain international peace and security. We have all committed to protect the civilian population and other protected persons and objects in situations of armed conflict, including against the risks arising from malicious ICT-related activities. Today, we are painfully aware of the strong tensions that exist in the geopolitical environment. If these tensions were to escalate, death and destruction will follow, as we have seen in the unprecedentedly high number of armed conflicts around the world today. Warfare is changing. State and non-state actors are using ICTs to harm their enemies. They target civilian infrastructure, potentially encouraged by the assumption that the legal lines are blurred and they can avoid responsibility. It is, therefore, our collective responsibility to stand together and to send a clear signal. Cyberspace is not a lawless space, whether in peace or in war. The long-standing rules of international humanitarian law protect civilian populations and other protected persons and objects against all forms of warfare and against all kinds of weapons, be they old or new, kinetic or cybernetic. In other words, civilians and civilian objects must not be attacked or targeted. The principles of proportionality and precaution should be respected and medical facilities must be protected. The final report that we are seeking to adopt this week must reflect this basic common understanding. Excellencies, drawing a clear humanitarian red line in the ICT environment is only the first step. We remain committed to carrying this work forward through whatever future mechanism may be established and to carrying over humanitarian principles and translating them into concrete measures. The OEWG and the work of the ICT Workstream under the Global Initiative are two complementary processes. The OEWG charts the broader security landscape, while the Global Initiative develops humanitarian-driven guidance. To this end, we also invite all delegations to join us in the work of the ICT Workstream under the Global Initiative, building on the significant progress achieved in the OEWG and on the ICT resolution of the 34th International Conference of the Red Cross and Red Crescent. This work stream fosters focus, solution-oriented dialogue with the aim of building shared understandings as to how international humanitarian law sets limits on ICT activities during armed conflict in order to protect civilians from the evolving threats of digitalized warfare. Let us seize this moment by adopting a robust consensus report here. We will be reinforcing protections for civilian populations against the harms caused by malicious ICT activities in current and future armed conflicts. I thank you.

Chair: Thank you very much, Mexico. Brazil, to be followed by Venezuela.

Brazil: Thank you very much, Mr. Chair. My delegation on the issue of CBMs aligns itself with the statement made by the Group of Confidence Builders. We are overall supportive of the CBM section of EUREV1, particularly the references to the implementation of the POC directory and the measures for further implementation within the future permanent mechanism. And we are also supportive of the reference in 46L related to access to technology, as bridging digital divide is a key element to enhancing our collective security in the ICT domain. Moving on to capacity building, we would like to, of course, highlight that we, along with a number of Latin American countries, presented a joint working paper on the issue of capacity building and how we see that in the future mechanism, though we won’t get into that here as my statement will stick to E and F. We are also overall very happy with the text, happy to see the emphasis that has been duly given to the issue of capacity building within our OEWG deliberations. And on to some specific paragraphs. On paragraph 54, Brazil was very supportive of the Global Roundtable, and we were represented at the vice ministerial level at the time. However, we would recommend striking high level from the paragraph just to keep a more a more flexible approach to the participation, also acknowledging that while, of course, higher level participation always gives a higher profile to our discussions, having expert participation on a more technical level can allow for deeper discussions. So maybe having a mix of those could be good and just not having a specific reference to the level could give us more flexibility in designing it. On paragraphs 56 and 57, our delegation would very much like to express our support for both proposals, both for establishing a fund that will promote in-person participation and a voluntary fund on capacity building. As my distinguished colleague from Fiji just highlighted, hybrid events cannot be our main solution to ensure inclusivity and meaningful participation of developing countries in these discussions. While when it comes to New York meetings, Brazil does not have the same issue with time differences we have had in others. And the truth is for issues that can be as sensitive as the ones that we discussed here, in-person contact is essential to establishing the needed confidence and the relationships to really ensure consensus in our negotiations. And of course, while we recognize that many other countries and organizations have been promoting sponsorship programs in this regard, we do believe that the UN should play a higher role, a larger role in this to ensure access to all delegations on equal footing and with clear eligibility criteria for those funds. For similar reasons, we are also very supportive of the establishment of the Voluntary Fund on Capacity Building. We see that the UN should continue to play an even larger role in this issue, while of course we welcome and recognize all initiatives being promoted by a number of stakeholders. I would like to highlight that we have had always very positive experiences as beneficiaries and contributors of capacitability initiatives that have been made through multilateral organizations, whether the UN itself or the ITU or regional organizations such as the OAS, which have always been very collaborative in nature and very demand driven. And so, of course, while it would be important to ensure that there is a synergy between the initiatives promoted by these different organizations and particularly within the UN system, we very much support the proposal and would like to see it retained in the text. We will speak on the later session on RID. Thank you very much.

Chair: Thank you very much, Brazil, for your contribution. Venezuela to be followed by Algeria. Thank you.

Venezuela: Thank you, Chairman. I shall try to be brief. Presidente, the Bolivarian Republic of Venezuela aligns itself with the statement delivered by Nicaragua on behalf of the group of like-minded countries. The Bolivarian Republic of Venezuela wishes to take this opportunity to thank the chair of the OEWG for his efforts together with those of his team over these last five years. We consider that the town hall meetings were extremely successful and very useful. We underscore our aim of achieving consensus in the context of the current deliberations with a view to achieving a successful transition from the OEWG, the current working group, to the potential permanent mechanism for security in and the use of ICTs. To this end, we propose maintaining containing the use of the original name given to this group, which was security of and in the use of ICT technologies. Now, the Bolivarian Republic of Venezuela considers that the following points in the proposal for the latest draft of the final report should not be too far distant from these points if we are to achieve consensus. Firstly, thematic groups, dedicated thematic groups that do not fit the five pillars in the original mandate of the OEWG, loss of balance between norms and international law, abandonment of the existing consensus on the modalities for participation of non-state actors, the so-called stakeholders, that were adopted in April 2022, underscoring Venezuela’s interest in maintaining the governmental nature of this action and the future permanent mechanism, insistence on the existence of consensus, which in our view does not exist, as regards the automatic applicability of international humanitarian law to the cyber sphere, and finally, rejecting the necessary development of new legally binding norms or considering those that do not receive the same support in consideration of other actions such as implementation. In this regard, Venezuela, with a view to achieving consensus, stands ready to be flexible on those aspects that do not contravene the interests and principles of the Bolivarian Republic of Venezuela, provided that we can count on this same flexibility from our counterparts. However, we are of the view that, in the interest of advancing and achieving consensus in the limited time available, we should avoid the inclusion of elements that, over the course of the past five years, have shown themselves to be problematic and lacking consensus. Thank you.

Chair: Thank you very much, Venezuela, for your contribution. Algeria, to be followed by Poland.

Algeria: Thank you, Mr. Chair. Mr. Chair, since it’s the first time my delegation takes the floor, allow me to express our deep appreciation for your efforts and skillful stewardship of this critical process. We also thank your team and the Secretariat for their dedication and valuable efforts. Algeria remains fully committed to supporting your leadership in achieving consensus and ensuring a smooth and seamless transition to the future permanent mechanism. To this end, my delegation approaches our deliberation with the spirit of flexibility and constructive cooperation, recognizing that the adoption of the final report of the OEWG by consensus will be reached only through our collective commitment to refine the text through dialogue and a great sense of compromise. Before proceeding, Algeria aligns itself with the statements delivered by Nigeria on behalf of the African group. Accordingly, and as recommended by the Chair, my delegation will not reiterate the same elements expressed by the African group and will focus its intervention on practical improvements of the text only when needed. Mr. Chair, since we continue to consider Sections A and B, I would like to briefly outline the following points. At the outset, Algeria welcomes the revised draft final report circulated on June 25th. As a solid foundation for the future for a balanced outcome. The draft effectively captures how our discussions have evolved over the past five years. We particularly acknowledge that the draft has incorporated different perspectives, concerns, and proposals expressed by member states during the last 10 sessions. Specifically, my delegation has constantly expressed concerns regarding the growing and destabilizing threat posed by intrusion capabilities. Therefore, we welcome the inclusion of paragraph 25 that highlights and identifies how these capabilities could lead to escalation and threaten international peace and security. However, we would like to see in this paragraph references about specific categories of intrusion capabilities publicly known and discussed in our working group. In the same way expressed in paragraph 24 about malicious software, we propose the following reading for the first part of the paragraph 25. States noted growing market for commercially available ICT intrusion capabilities such as spyware, remote access trojans, and network penetration tools, as well as hardware and software vulnerabilities including on the dark web. Nevertheless, in the same paragraph, we have serious concerns about the sentence emphasizing that such capabilities could be used in a manner consistent with international law. The reason is that such language contradicts the main message conveyed by the paragraph and weakens the emphasis on the dangers of ICT intrusion capabilities. Furthermore, it could be seen as endorsing the use of such capabilities. Therefore, we suggest the deletion of this sentence. This complex issue deserves further discussion and offers a topic for the dedicated thematic group on how international law applies to cyberspace as proposed in annex three of the draft final report. I thank you, Mr. Chair.

Chair: Thank you very much, Algeria, for your statement. Poland to be followed by Egypt.

Poland: Mr. Chair, as this is the first time Poland takes the floor, we want to thank you and your team for preparing rev one of the report. We appreciate your efforts in seeking a consensual way forward, a task that is, to say the least, complex. Poland wishes to align itself with the statements delivered by the European Union while providing additional remarks in national capacity regarding international law. The discussion regarding international law we have held under your capable stewardship have been rich and deep. However, we must observe that the current draft of the report does not give justice to the richness and depth of these exchanges. To our mind, the report, in some aspects, lacks balance and misses an opportunity to address several crucial points. We offer the following suggestions in the hopes they will be reflected in the final text. The report should explicitly confirm that international humanitarian law applies to cyberspace. This position has been expressed by the vast majority of states and affirmed beyond the OEWG context, as has been noted by some other colleagues. The issue of application of IHL in the cyberspace is one of the topics where the deepening of our discussions has been particularly visible. Opposition from a small minority should not prevent the group from taking a clear stance on this matter. we want to stress that the first APR stated that discussions, I quote, should focus on identifying areas of convergence and consensus. While some could argue that consensus has not yet been reached at OEWG, there is a clear and growing convergence toward the view that IHL applies to cyberspace. This development deserves to be properly recognized in the text. We emphasize that the arguments against applying IHL to cyberspace remain unconvincing. To suggest that regulating online activities under IHL leads to militarization of the cyberspace is akin to blaming the existence of traffic signs for car accidents. Sadly, seldom in human history a lack of legal norms has led to a more restrained and civilized conduct in any field, let alone a battlefield. Whether we like it or not, cyberwarfare is an integral part of modern warfare with significant implications for civilians. Regarding IHR, we appreciate that it is mentioned in the context of non-binding norms in the Annex I, but we would like to see it properly reflected in the International Section II. After all, these are legally binding obligations. Hence, it is only appropriate to affirm that IHR applies both online and offline. The language we could use is already in the report. In Annex I, in the part regarding the norm E, the text says that states should respect and protect human rights and fundamental freedoms both online and offline. We should build on this language in the section on international law, while adding that rights such as freedom of expression and opinion, the right to privacy and the principle of discrimination apply online as well. We also support calls to include language on states’ responsibility for internationally wrongful acts. In paragraph 40C, you would like to see the deleted sentence on scale and effects back in the text. It was an important addition to our delegation. Like others, we oppose the listing of documents in paragraph 41 as currently presented. The list mixes instruments of varying legal standing and support among states. In particular, we do not believe that positions of individual states or groups of states should be listed alongside the consensus resolution adopted by the 34th ICRC. Moreover, since General Assembly document A-77-984 does not even address how international law applies in cyberspace, we would like to see it deleted from the report. To our mind, more fitting to the list would be references to the Constitutional Human Rights Council or UNGA resolutions regarding digital or cyber matters. Finally, we have a small linguistic suggestion in paragraphs 40A, B and C. While we acknowledge that this is an agreed language from the 3rd APR, we would nevertheless suggest to add the phrase, after the word reaffirmed. With this addition, it would be clear that the OEWG does not reaffirm the well-established principles of international law or articles of the UN Charter, but rather reaffirm the commitment of states to uphold them. As for other sections, we support the Australian suggestion in paragraph 15 and the French one in paragraph 25. In the section C, we support moving paragraph 34N to the Chapeau. Mr. Chair, we conclude by stressing that you can count on our continued support and constructive engagement in the final phase of the negotiations. I thank you.

Egypt: Egypt is taking the floor to react to Sections C and D. International law is indispensable to ensuring that cyberspace remains open, secure, stable, accessible and peaceful. International law is essential to protect human rights and fundamental freedoms online and to upholding humanitarian law during armed conflicts so as to prevent turning cyberspace into a lawless battle space. International law is also necessary to ensure that conduct in cyberspace respects general principles and foundational rules on international law, including state sovereignty, the rules relating to the exercise of jurisdiction by states, due diligence, the prohibition on the threat or use of force, nonintervention, and the obligation to settle disputes peacefully, in addition to secondary rules relating to attribution, countermeasures, and the plea of necessity. In short, international law is one of the core components of our collective normative toolbox to protect the rule of law in cyberspace and to promote the common interest of humankind. Over the past years, as recognized by paragraph 41 of the draft final report, the OEWG has been a principal platform for the exchange of views among states and other stakeholders such as the ICRC and UNIDIR on the application of international law in cyberspace. The OEWG has provided space for states to express views on the scope and content of many rules of international law. This forum has also become a catalyst for developing common understandings on how international law applies in cyberspace, including by encouraging states to issue national and regional position papers on the application of international law in cyberspace. Of course, we do not have complete consensus on each and every question of law. That is natural. There are numerous areas of uncertainty that remain regarding how specific rules of law apply to certain forms of conduct by states and non-state actors in cyberspace. And that is precisely why Egypt enthusiastically supports the view expressed in annex 3.8 bullet 2 of the draft final report, which expresses the view that the future permanent mechanism should include a thematic group that is dedicated to continuing exchanges of views on the application of international law in cyberspace. We firmly believe that international law is a vehicle to ensure that cyberspace remains an indispensable locomotive of prosperity. And it is a topic that requires both a dedicated theoretical discussion and a cross-cutting discussion among other pillars of the future permanent mechanism. This thematic group should not irrevocably commit us to any particular outcome, nor should it prematurely foreclose any particular proposal on the conclusion of this discussion. Rather, this thematic group should be viewed as a space for regular, in-depth, and doctrinally robust debates on the application of international law, and that are also informed by a greater appreciation of technical aspects of the operation of cyberspace. This thematic group would also complement other components of the permanent mechanism. Discussions on norms of responsible state behavior and debates on international law would be mutually reinforcing. Scenario-based discussions would benefit and would be informed by discussions on the application of international law. Furthermore, discussions on the application of international law would benefit from continuing capacity-building efforts at the national and regional levels that deepen understandings of many of the outstanding doctrinal questions that remain. And let me ask you, colleagues, consider the message that we would send if after five years of discussions on international law and the OEWG, the future permanent mechanism is established without a dedicated thematic group on international law? The message, in our view, would not be in favor of promoting the rule of law in cyberspace and beyond. Our view is also without prejudice to our agreement with the need to follow up on the effective implementation of existing norms. Moreover, we believe that proponents of different approaches, including the proposal to proceed towards a legally binding instrument, and those advocating continued discussions on voluntary measures and norms, both sides, need to recognize that there are dozens of other states who approach this conversation with an open mind and do not see a contradiction between focusing on implementation and identifying possible gaps and finding ways to address them. At the end, and reflecting on some of the interventions made yesterday on different sides of the aisle, we want to… register an observation on paragraph 34 under the norms section, which is self-explanatory in introducing itself as a non-exhaustive list of proposals with varying levels of support without endorsing or issuing concluding views on them. The same applies to paragraphs 40, 41, and 42 under the international law section, which factually reflect questions and issues that were raised during the meetings, as well as additional proposals that were made. We are keen to maintain a consistently factual approach in reflecting the discussions and proposals. Disagreeing with a proposal does not negate the fact that a proposal was made. As long as it is not subject for consideration and endorsement, the only party that can amend, edit, or withdraw a proposal is a member state or the group of states that submitted such proposal. Otherwise, all matters discussed and proposals made should be captured factually in an equitable and inclusive manner. To further reinforce the factual character of the relevant subparagraphs, they can base themselves on the idea or the proposal included therein without attribution to states at the beginning of each subparagraph, and possibly with a disclaimer that whatever is mentioned is without prejudice to the current and future positions of member states. Thank you, Chair.

Chair: Thank you very much, Egypt, for your contribution. Israel, to be followed by Malawi.

Israel: Thank you, Chair, for giving us the floor. In the interest of time and the spirit of compromise, I intend to focus my comments to the most important aspects for Israel, mainly in Sections D and F. Before making comments on specific paragraphs, allow me to say three broader points. The first is that Israel supports the interventions voiced up until this point on the need to focus on the implementation of the norms we have. before developing new norms, be it legally binding obligations or norms of responsible state behavior. For this reason, Israel finds merit in the view voiced yesterday that it might be premature to compile proposals for new norms. Secondly, Mr. Chair, from the comments yesterday and from our discussions throughout the Open-Ended Working Group, there clearly is a lack of consensus on developing legally binding obligations. Thirdly, and on the issue of IHL, Israel generally supports the suggestions to add acknowledging the applicability of IHL in the context of armed conflict. But in seeking compromise, we could also suggest doing so without completely duplicating the language of the ICT resolution from the 34th ICRC. Although we have supported this document, we recognize that at the time of its adoption, certain states felt it necessary to disassociate from it. And now, Mr. Chair, moving on some specific paragraphs. Israel welcomes the new version of paragraph 40C in Rev. 1 and the deletion of language specifying when an ICT operation may amount to use of force under international law. The zero-draft language was inconsistent with Israel’s published national position on how the law of the use of force applies to ICT operations, and we are therefore not in a position to accept it. Yet, being cognizant of the views of other delegations and in the spirit of compromise, we would accept a formulation that is based on the former language subject to the following revision, and I quote, an ICT operation may constitute a use of force if it is expected to cause physical damage, injury, or death, which would establish the use of force if caused by kinetic means. On paragraph 41, we support comments made by other colleagues to remove the reference to the letter dated 15th of May, 2023, for the same reasons mentioned previously. For paragraph 42B, we request that the words, as well as data, in the fifth line be omitted. The protection of data may relate to a large number of branches of international law, creating ambiguity as to what protection we are envisaging. It is also a topic we have considered far less than the protection of critical infrastructure, and coupling them together gives the protection of data, as such, undue weight in our discussions. As for paragraph 42D, we suggest adding language that will acknowledge the rich variety of perspectives shared in the group’s discussion that can serve as an important reminder of the current state of diverging views on how international law applies to ICT activities. For example, this could be achieved by adding, at the end of the second line, a comma, reflecting a wide range of perspectives on the issue. As for paragraph 42F, it is clear from yesterday’s discussion that it does not reflect consensus, and it is our view that it should be deleted. Moving on to section F, we suggest inserting, where appropriate, in the second part of paragraph 52D, so it reads, in this regard, states also proposed strengthening cooperation between CERTs and CSERTs, including where appropriate. Recalling our previous comment on the myriad of considerations that affect the ability of states to share information, as well as comments made from the floor, we believe that this surgical addition can accommodate the concerns of many states. Finally, Mr. Chair, Israel also wishes to support the intervention made by Ghana on behalf of the Confidence Buildings Cross-Regional Group, and in our national capacity on this issue of CBMs, we wish to emphasize that the notion of viewing vulnerability disclosure as a CBM mischaracterizes our discussions. We have not deliberated this matter sufficiently, and we certainly have not reached any meaningful consensus on this matter. Accordingly, we join others in requesting that all references to vulnerability disclosures be removed from this section of the draft. I thank you, Chair, and we will also present to the Secretariat with a written version of our suggestions.

Chair: Thank you, Israel, for your statement. Thailand, to be followed by Canada.

Thailand: Thank you, Mr. Chair. Thank you, Mr. Chair. My delegation will now address Section C, D, E, and F. On Section C, Thailand welcomes the draft final report of the OEWG that reflects the constructive discussion in the areas of norms, rules, and principle of responsible state behavior. In this section, we would like to make the following points. First, as we are facing common security challenges regarding the malicious use of ICTs, we need an even closer cooperation for solutions that go beyond national borders. It is important to include a reflection on the needs for states to fully observe these norms, to reduce risk to international peace, security, and stability, and build mutual trust and confidence among states. Second, Thailand welcomes the voluntary checklist of practical action contained in Annex I of the draft report as a comprehensive and adaptable roadmap to guide states in advancing the implementation of norms in line with national priorities and specific needs. This is in line with the efforts in ASEAN in developing its norm implementation checklist. Lastly, Thailand support the state that state continue to exchange views and best practices on the implementation of norms and its relevant capacity-building effort in new permanent action-oriented mechanism to deepen practical cooperation and sustain momentum on this issue. On section D, international law, Thailand reaffirms the long-standing consensus that international law, particularly the UN Charter, applies to the use of ICT. On paragraph 40C, we join other member states who wish to see reinstatement of the last sentence in the serial draft on the use of force. On paragraph 41, we are pleased that the draft report acknowledges the growing engagement of states on this very important topic. We also welcome that the REF 1 draft reflects the deepened discussion that took place at the OEWG on various principles and areas of international law, such as sovereignty, non-intervention, peaceful settlement of disputes, state responsibility, due diligence, and international humanitarian law, among others. As Thailand gradually builds our own understanding on how international law applies in cyberspace, we have benefited immensely from the deepened discussions at the OEWG, as well as from the various capacitive programs that have taken place precisely because we have had such deepened discussion here. In this regard, the report should capture the progress we have made. Therefore, we support the proposal made by Vietnam and Australia to make additional substantive references from the cross-regional groups’ working paper on application of international law in the use of ICT areas of convergence into paragraph 40 of the draft. report. Finally, I’m pleased to announce that after an 18-month process involving over 20 agencies, Thailand has just published its national position on application of international law in cyberspace. We will host a side event to launch our national position today during the lunch break in Conference Room 12. It is our hope that this national position will further contribute to the development of common understanding on this issue. We also congratulate the Republic of Korea for releasing its national position this week. On CBMs, first, Thailand recognizes the essential and constructive roles of CBMs. We express our support to the implementation of the Global Points of Contact Directory and its relevant capacity-building activities. On the standardized template for communication, we suggest incorporating elements such as urgency and confidentiality to help states identify operational needs in sensitive situations. Second, regarding CERT, we would like to include the importance of establishment of regional CERTs as well as the possible establishment of the Global CERT to CERT Cooperation to promote cross-regional cooperation and serve as a vital CBM. On capacity building, first, we welcome proposals outlined in the draft, including the dedicated Global ICT Security Cooperation and Capacity Building Portal as a one-stop shop platform and the integration of the need-based ICT Security Capacity Building Catalog into the platform. We further welcome regular high-level roundtables and the sponsorship program to be funded by voluntary contribution. We also support the initiative to explore the potential establishment of a UN Cyber Resilience Academy under UNIDIR. Second, in the final report of the previous OEWG, which includes a sustainable, neutral, inclusive, gender-responsive, and need-based approach to capacity building, these principles have been fully observed in Thailand’s continued engagement with a variety of partners in the past few years. Mr. Chair, lastly, we would like to note that it is important to continue our dialogue on all these issues in the future permanent mechanism to enhance mutual trust and build necessary capabilities to address emerging cyber threats. Thank you, Mr. Chair.

Chair: Thank you very much, Thailand. Congratulations on publishing your national position and also to ROK, which has also published its national position. I’m not sure who else has published their national positions recently, especially these past few weeks, but I think this is a very good indication of the value of this process that has encouraged countries to come forward, to think deeply about their own national positions and to share it with the international community. I mean, that’s a very significant step forward by these countries, and this is what I think we need to encourage in this process for all countries to share their national position. But that in turn requires support, partnership, capacity building, which in turn contributes to confidence building, which is a virtuous cycle of interactions that strengthens the entire system that we have here at the UN. So I thought I should mention that before we move on to the next few speakers. Canada to be followed by Malawi, China, and the list goes on. But before I give the floor to Canada, it’s midday, 12, we have 40 speakers registered, so the list has grown. This is a good sign. but it’s going to be impossible to manage the time. I’m having the feeling that you love the OEWG so much that you’re getting into the mode of making general statements, and it seems to me that you’re going to miss the OEWG when it doesn’t exist any longer. But I assure you there’s a future permanent mechanism waiting for all your general statements in the future. So you don’t need to compel yourself to unburden all your thoughts in this mechanism or in this process. I may have to resort to limiting your statements, but I’m reluctant to do that because this is what we do at the UN, to share our views. But if each of you go on like this, we will not be able to get to regular institutional dialogue. And if you’re not able to share your views on that matter, then I will not be able to have a sense of how I should revise REV.1 to produce REV.2. And you need REV.2, we need REV.2 in order to get to consensus, so that everyone can see what’s going to be in REV.2. And I can’t give you REV.2 on Friday morning. So I plead with you. For those of you who, of course, who have not made a statement, and some of you have made your first statement this morning, and I think that’s important, we should hear them. Some of you have made several statements, and that’s also important. But I do ask you to jump to the essentials, because otherwise we will not be able to cover all the issues. And the option is that we’ll have to cut off the debate at the end of the day, depending on wherever we are on the speaker’s list, and then I take all your remaining statements in writing, and then I have to start working on on REVTU, but of course, I’d like to hear all of you before I produce REVTU. So hence the need to be very succinct and telegraphic. So I’ve said this a few times, but obviously, your love of the OEWG process is encouraging you to make great substantive statements. But we need telegraphic statements that focuses on REVTU 1, the essential amendments or modifications that you need from your point of view, and the key points that you think we need to address to get to consensus. So that’s where we are, friends. We go to Canada for a telegraphic statement. And everyone, please watch the timer, henceforth. To be followed by Malawi.

Canada: Thank you, Mr. Chair. And I will do my best to be brief, albeit in both official languages. Canada regrets that the norms in international law sections of REVTU 1 do not fully reflect the balance of interest expressed by states over the last four years and do not sufficiently highlight the importance of the existing framework. We recognize our framework is not static and that a future mechanism will look not only at norms implementation, but examine over time whether new norms are needed. However, asking the Secretariat to compile a list of new norms that do not command consensus and have not been fully discussed as premature. Thus, we join the call of multiple states for the deletion of Para 34R and Para 36, a reference to the future mechanism addressing implementation of the 11 agreed norms and the possibility of developing additional voluntary norms as a chapeau would suffice. In keeping with the focus on highlighting the achievements of this group, we welcome Para 37 to adopt a voluntary checklist. We support Paras 34B, F and H. We agree that consensus. language under para 34n should be placed in the chapeau. Turning to international law, our OEWG can claim success in fulfilling its mandate. Our mandate, to be clear, was to study with a view to promote common understandings on how international law applies in the use of information and communications technologies by states. Through many initiatives, discussions, and capacity building activities, we have successfully advanced common understandings, fostered trust, built confidence, and greater clarity on how international law applies to cyberspace. Any proposals to seek to water down this achievement by changing the scope of our mandate would be unacceptable. Chair, under your continued leadership, we have maintained strong cross-regional momentum on international law, which must now be captured in the final report. We share the concerns expressed by many that the text of paragraph 41 should not include reference to the possibility of additional legally binding obligations under a paragraph referring to how international law applies. We request its removal here. We welcome the references in paragraph 41 to the AU and EU regional positions and the two cross-regional working papers. Also in paragraph 41, echoing Vietnam, Fiji, and others, we consider that international humanitarian law as a key area of convergence and support the joint statement made by Mexico, Switzerland, and Luxembourg. We make two proposals. The final report should welcome the adoption of the consensus resolution of the 34th International Conference, and as proposed by Brazil and supported by many others, the text should incorporation of the text of OP4 of the resolution on the protection of civilian populations and other protected persons and objects in the final report. This text would build on consensus language found notably in paragraph 71F of the 2021 GGE report. A key achievement would be fully reflected in the final report, the wealth of capacity-building activities that you just pointed out on international law. The scope and variety of these activities have answered concrete needs of member states. Canada has trained over 70,000 people in international law. 600 foreign officials from 87 member states since 2022. Other successful initiatives include those from UNIDIR, the ICRC, University of Exeter, CCD, COE, Japan and Estonia and others. All of these have complimented the OEWG’s work and deserve mention in our report. We also support the EU proposal in relation to Para 43. We wish to congratulate Thailand and the Republic of Korea on the publication of their national positions. This helps further our understandings, including on IHL and reinforces the call for language in the report. Turning to the future, we strongly believe that continuing dialogue and capacity building on international law and cyberspace are essential in a future mechanism. Monsieur the President. Mr. Chair, we support your efforts to breathe life into the eight agreed CBMs, including simulation exercises and ping tests for the global points of contact directory. There are seven other CBMs. Our experience within various regional organizations confirms that it will be important for the permanent mechanism to focus on the implementation of these CBMs in a step-by-step manner before developing further ones. Therefore, we call on the Chair to delete references to new CBMs or to further developing the global points of contact directory in paragraphs 46B, L47, and 48. On capacity building, we support paragraphs 52A, H, L, and M, and 58. We remain concerned by the large number of fora for discussing capacity building under the future mechanism. For now, there are plenaries. The DTG number one, the thematic group. on capacity building, the TG3, as well as roundtables. In light of the fiscal context of optimizing resources under UN80, we suggest that these four be streamlined while focusing on discussions on capacity building that are action-oriented. The role and mandate of the different groups must be clearly defined to guarantee the development of a future mechanism that addresses capacity gaps and problems with concrete implementation. The current text risks duplicating the many bodies that discuss the importance of capacity building without creating any real capacity. We suggest that a possible roundtable could be modified to address the needs of recipient countries by being more focused on practical discussions, including with stakeholders that often implement capacity building activities. We underscore the importance of the text, which clearly states that the portal will only use existing resources and thus prevents duplication of existing portals. We cannot accept the creation of a sponsorship program before having understood all of the costs entailed by this proposal, especially in light of the preliminary estimates. These estimates are much higher than what the states could carry out themselves, for example, through the Women in Cyber program. In light of UN80, it is crucial for every penny to be used as effectively as possible. Therefore, we call for caution when it comes to replicating what has already been delivered. Mr. Chair, during our last session in February, our canoe had almost been finished, and now summer has come. Together we have been able to build this canoe, and it is now prepared to handle the challenges put by cyberspace in the future. To guarantee the stability of our canoe, it is essential for us to all be on board. Thanks to a consensus, we will be able to navigate the waters of dialogue, trust, and common understanding. Thank you, Chair.

Chair: Thank you, Canada. Malawi, to be followed by China.

Malawi: Mr. Chairman, Excellencies, and Delegates, The Republic of Malawi thanks you for giving us the floor and would like to share in its national capacity its statement and views on Section C, D, and F of the report. With first, Section C on Rules, Norms, and Principles of Responsible State Behavior. The Republic of Malawi supports, just like other states that previously shared their statements, the voluntary, non-binding norms outlined in the report and stresses the importance of their implementation at national and regional levels. We just, like Ghana, particularly highlight the relevance of Norms F, G, and H on the protection of critical infrastructure, and Norm C, emphasizing that states should not allow their territory to be used for wrongful cyber acts. We support the adoption of the Voluntary Checklist of Practical Actions as a valuable tool for developing nations. In our national context, the Data Protection Act of 2024 and the Electronic Transactions and Cybersecurity Act 2016, our soon-to-be-finalized cybersecurity policy and revised strategy, demonstrate our commitment to implementing norms through legislation, institutional frameworks, and national coordination. My delegation has also integrated norm implementation in its Child Online Protection Strategy and Women in Cyber initiatives. We stress that implementation of these norms must reflect inclusivity, particularly gender considerations. Promoting gender equity in digital policy and cybersecurity practices is not only just, but essential for building holistic and resilient cyber governance structures. In regards to Section D on international law, the Republic of Malawi reaffirms its alignment with the position of the African Group, which underscores the need for such discussions to enhance our collective understanding and ensure that the use of ICTs remains a priority. remains in accordance with the purposes and principles of the Charter of the United Nations and international law, especially in reinforcing sovereignty and peaceful coexistence among states. We note the growing consensus that ICT operations with impacts equivalent to conventional uses of force must be addressed under Article 2, Section 4 of the UN Charter. My delegation also supports the integration of international humanitarian and human rights obligations, including the rights to privacy and freedom of expression in the application of international law to cyberspace. Importantly, my delegation is currently in the process of drafting its national position on the applicability of international law in cyberspace, which will serve as a basis for harmonizing international practice with international norms and ensuring clarity for implementation. In this regard, we welcome initiatives to build capacity on international law and encourage the continued sharing of national views to advance legal clarity and convergence. Finally, on Section F on capacity building. Chair, I would like to remind all member states present the overarching mission of the United Nations, start of court, to maintain international peace and security, promote human rights, deliver humanitarian aid, support sustainable development, and uphold international law, end of court. Capacity building remains foundational to cybersecurity resilience. My delegation, just like Sierra Leone, calls for capacity building initiatives that are sustainable, needs-based, gender-responsive, and locally led. Chair, we can all attest to the great impact capacity building initiatives, such as the WIC Fellowship has brought to the UN. Malawi, therefore, strongly supports the establishment. of a voluntary global capacity-building fund and the proposed global ICT security cooperation and capacity-building portal. We believe that promotion of gender inclusion should be a priority and the future permanent mechanism and can be reflected in inclusive and targeted outreach, scholarship opportunities, and promotion of female engagements in digital policy. We believe capacity-building should not only address governance, leadership, and policy development, but also technical training for the responders, which will in turn directly and indirectly support our efforts in setting up of the POC directory. I thank you, Chair.

Chair: Thank you very much, Malawi, for your contribution. China, to be followed by Papua New Guinea.

China: Thank you, Mr. Chair. Mr. Chair, China will be very brief about Section ENF. In terms of simulation exercise, China has emailed and expressed our opinions on the simulation exercise conducted in March 2025 in terms of the modality and content. We’ve expressed our concern to the Secretary in this email. We hope that the Secretary can, in a more open and transparent manner, improve its follow-up in simulation exercises in terms of the content and modalities so that POC can focus on the realities on what is happening around us and play an active part to effectively improve collaborative responses across the world in response to cyberspace incidents. As a result, China suggests deleting 46G. And in Paragraph 49. After convening working exercises in simulation exercises, in hybrid format, I think the following. In consultation with member states on modalities of such exercises in advance. In addition, in terms of the role of the secretariat in the simulation exercises, China suggests that we change manager in the first line of paragraph 49 to facilitator. In addition, China suggests – China supports retaining 46L. As for other proposals, China has already submitted in written forms. Thank you.

Chair: Thank you, China, for your contribution and also for being within the time limit. Papua New Guinea, to be followed by Vanuatu.

Papua New Guinea: Mr. Chair, excellencies and distinguished delegates, on behalf of my delegation, I would like to firstly extend our sincere gratitude to you, Mr. Chair, and your distinguished delegation of Singapore for your sterling leadership, commitment, and for the manner in which you have carried out your mandate impressively since your election as chair. Let me also thank the secretariat for their valued support to you, Mr. Chair, and the process. Papua New Guinea has taken careful note of your instructive guidance in our final session this week. My delegation welcomes the draft report of the OEWG on security and is of the view that this is a good basis for our work going forward. We will constructively – we will work constructively with you, Mr. Chair, and all other delegations and stakeholders. In this spirit, Papua New Guinea aligns itself with the statement delivered by Fiji on behalf of the Pacific Islands Forum. We wish to make the following points in our national capacity. On Part B, Existing and Potential Threats, Papua New Guinea highlights the following feedback to the proposed text in Rev. 1. My delegation agrees with the Chair’s comments on the increasingly complex and an evolving ICT threat landscape. This includes the text in Paris 17 on critical infrastructure and critical information infrastructure. Cybersecurity issues have become a central part of national security concerns in view of our national digital transformation efforts. Strengthening the resilience of critical infrastructure and critical information infrastructure, therefore, is integral to safeguarding ICT systems against cyberattacks, enabling uninterrupted delivery of essential services during cyber incidents. Papua New Guinea also agrees with the text in Para 24 in reference to the increasing frequency, scale, and severity of ransomware attacks as a cause of harm and disruption to essential services to the public. A recent example of this includes the ransomware attack which took place in February of 2025 on Papua New Guinea’s Internal Revenue Commission. On Part F, capacity building, we are also in support of the text in Para 52, subsection B, emphasizing tailored capacity building according to states’ needs. This underscores the importance of designing and implementing cybercapacity building initiatives that tackle both existing and emerging gaps across policy, technology, legal, regulatory, and institutional frameworks with activities customized to states’ unique context and absorption capacity. Cybercapacity building investments and programs must also take into account the prevalent cybersecurity skills gap and its gender dimension and adapt as necessary to include relevant and context-based education, skilling, reskilling, and upskilling activities, components, or standalone initiatives that are sensitive to the needs of women and girls, the youth, persons with disabilities, rural and remote communities, vulnerable and marginalized groups. Finally, Mr. Chair, be rest assured of my delegation’s constructive support to your leadership of this process and to also work with all delegations and other stakeholders for a consensus outcome that facilitates this process. facilitates a safer and secure cyber world. Thank you.

Chair: Thank you very much, Papua New Guinea. Vanuatu, to be followed by Japan.

Vanuatu: Thank you, Chair. Vanuatu aligns itself with the statement delivered on behalf of the Pacific Islands Forum and appreciates the inclusive efforts made to reach consensus on this final stage of the OEWG’s mandate. We are going to intervene on norms, but in the interest of time, we’ll refer you to the joint page statement on the matter. To capacity building, Chair, we were pleased to see the Women in Cyber Fellowship acknowledged in paragraph 52M. This is a positive step, and we believe WIC is a best practice for the type of sponsorship modality envisioned in paragraph 56. Not only has the program supported women’s participation in OEWG sessions, but its structure should also encourage further state support for sponsorship in future meetings. We are conscious that creating a new sponsorship program will not automatically bring new funding and would support the extension of women in cyber, a program that has already proven itself. We also note that some capacity building programs can present high entry barriers for resource-constrained states. Vanuatu encourages all capacity building providers to ensure that their offerings are accessible and tailored to the realities of smaller developing states, especially those with limited personnel and infrastructure. We also note with interest the proposal for a Cyber Resilience Academy hosted in UNIDIR. We are appreciative of the work that UNIDIR is doing, and they would be a natural and successful host. for such an academy. We would stress, however, that developing states, particularly small island developing states, should be consulted throughout the lifecycle of the academy to ensure that its program is serving the interests of some of the most remote and vulnerable nations. We would also need to ensure that there is no duplication with other existing training programs. Additionally, we are hopeful that any interest in further training, both in part of donor states, but also in recipient states, is matched with investment in the actual implementation of the training programs. The goal, after all, is not the training, but stronger cybersecurity on the ground. With respect to paragraph 52K, we are conscious about the characterization of ICT capacity building as a, quote, high-level policy issue. While we understand the intent, our view is that awareness and implementation in this area benefit most from focused technical engagement. For example, the proposed global roundtable could be more impactful if designed for senior-level or technical-level participants. Thank you, Chair.

Chair: Thank you. Thank you, Vanuatu. Japan, to be followed by Islamic Republic of Iran.

Japan: Thank you, Mr. Chair. So for the Section C and D, the OEWG has stressed importance of accumulated discussions on the application of existing international law and norms. And a lot of states advocated for further exploring that issue in a scenario-based and cross-cutting manner to be practical and effective in responding to threats and risks in the cyberspace. In this context, there are some points Japan considers. necessary to be amended in the referendum. For example, in paragraph 36 of the norms section, references are made to documents which have not reached consensus such as the 2021 Chair’s Summary, and items which have not been sufficiently discussed to reach maturity, such as about the new norms. Japan does not rule out the possibility of discussing such issues in future, but we consider it is premature at this stage to include them as it is in the draft report, and suggest therefore striking them out this paragraph. As for the voluntary checklist for the implementation of norms in paragraph 37, where it is mentioned, we support attaching it to the final report for the reasons already laid out by many delegations. About paragraph 41 in the international law section, Japan shares the spirit of elaborating further discussions based on the documents prepared by various groups of countries, but the criteria for selecting those to be cited in the report is not clear to our eyes, and we are not very supportive of it. Japan does not support inclusion of documents and references regarding a new legally binding instrument in a way reflected in actual version, when the issue has not gained wide support during past discussions. The same spirit applies to paragraph 42, and we hope to see amendments in the next version. For section E and F, especially the capacity building, Japan puts a lot of importance in capacity building, since building resilience to cyber security cannot be achieved alone. In fact, Japan has been offering and conducting tangible and practical efforts for many countries, and is willing to continue exploring what can be done at the UN level too. In this context, we should be mindful of the fact that there are already so many existing and ongoing capacity-building efforts in the globe, bilaterally and regionally, and resources are limited as well. We should therefore avoid duplication of efforts to be both effective and efficient as a whole. We believe such voices have been expressed in the past discussion in the OEWG and Japan wishes some text to be added telling the necessity of UN and other actors being complementary in the role, as well as being mindful of limitation of resources leading naturally to the necessity to the efficiency of the UN. Before I end, I would like to join those who have congratulated the publication of national positions on international law, such as by Republic of Korea and Thailand. In this duration, like the Estonian and Canadian colleagues did, I would like to invite you all also, regardless of publication of national positions on the IAO, to have a look on the handbook on developing a national position on international law and cyber activities, which has just been published as a fruit of a collaboration among Estonia, Japan, NATO CCDCOE, and the University of Exeter. It’s not too long, but it is practical and useful. Thank you, Mr. Chairman.

Chair: Thank you, Japan. Islamic Republic of Iran, to be followed by Mozambique.

Islamic Republic of Iran: Thank you, Mr. Chair. On CBMs, in paragraph 46L, we welcome the reference to facilitating equitable access for all states to the market for ICT security goods and services. We urge that this reference be retained in the final report, as it plays a vital role in addressing the technological gap between developed and developing countries. The important issue of technical ICT terms and terminologies need to continue to be addressed within the future permanent mechanism. Therefore, we propose adding a sentence at the end of paragraph 51 to reflect the ongoing consideration and further development of this matter in the future mechanism. On capacity building section we welcome and appreciate the comprehensive reflection of the extensive discussions on capacity building within the OEWG. At the same time, we would like to offer a few comments aimed at further strengthening this section, which is of utmost importance, particularly for developing countries. Like other delegations that spoke before me, including Brazil, we welcome the inclusion of paragraphs 56 and 57, which respectively address the Sponsorship Program and UN Voluntary Fund. We underscore the importance of these provisions and strongly encourage their retention in the final report. The later part of paragraph 52B appropriately reflects the views expressed by many delegations regarding the importance of the Fellowship Program. It rightly notes that states underline the need to enhance the availability of capacity building and leadership programs on ICT security aimed at senior officials and decision makers at the national level. The paragraph also accurately highlights the recognition by states of the UN Singapore Cyber Fellowship Program as a valuable initiative contributing to this objective. In this regard, we propose the addition of a new paragraph 57B in the recommendation section as follows. States agree to establish a standing dedicated Fellowship Training Program to support the capacity building of states on the security of and in the use of ICTs, and request the Secretariat to prepare options, including funding and administrative arrangements for consideration by states within the framework of the future permanent mechanism. Mr. Chair, if we accept the perspective expressed by some countries that current uninclusive capacity building initiatives are sufficient and that the UN should only take a coordinating rule, then a critical question arises for the international community, what has been the tangible outcome of seven years of extensive discussions within the first and second OEWG on capacity building under the auspices of the United Nations. This long-standing dialogue was intended to develop truly inclusive, multilateral capacity building initiatives that address the diverse needs of all member states, particularly those of developing countries. To overlook these efforts risks undermining the progress made and disregards the unique role of the United Nations in promoting equitable and comprehensive capacity building initiatives globally. Mr. Chair, yesterday and today we heard calls to delete the later part of paragraph 15, which refers to the exclusively peaceful use of ICT. In this connection, we would like to express our support for the comments made by our distinguished colleague from China.

China: Given the paramount importance of upholding the principle of exclusively peaceful use of ICTs, we would like to offer the following points. While it is true that the paragraph acknowledged the development and use of ICT for military purposes, this acknowledgement is descriptive, not normative. It reflects the reality of current trends and risks in the international security landscape. However, the reference at the end of the paragraph to promoting the exclusively peaceful use of ICTs serves a different and complementary function. It reflects the normative aspiration of the international community to reverse or mitigate these concerning trends. Recognizing a problematic reality does not equate to endorsing it. On the contrary, it is precisely because such military developments and uses exist that there is an urgent need to reaffirm and promote the principle that ICTs should be used exclusively for peaceful purposes. The later part of paragraph 15 articulates a shared commitment to a more stable and peaceful ICT. environment. Accordingly, my delegation not only does not support its deletion or any alternative proposals that we can eat, but like Cuba, we would also welcome efforts to further strengthen its language. I thank you, Mr. Chair.

Chair: Thank you very much, Iran, for your contribution. Mozambique, to be followed by Indonesia.

Mozambique: Thank you, Mr. Chair, for giving us the floor. At the outset, allow me to express our profound appreciation for your outstanding leadership in guiding us into this final and defining stage of open-ended working group. Mozambique aligns itself with the statement delivered by Nigeria on behalf of African group, and in our national capacity, we would like to highlight the following points. On existing and potential threats, Mozambique strongly supports your proposed language and joins others in emphasizing that malicious ICT activities targeting critical infrastructure, including undersea cables and data centers, constitute a gross violation of international law. And we also emphasize that as a coastal state, we are culturally aware that the strategic importance of undersea cable and digital infrastructures for our nation’s survival and regional connectivity, they are very important. Their protection must be clearly and unequivocally reflected in our commitment. Furthermore, we take note of paragraph 20 of the draft report, which highlights increasing vulnerability in industrial system operational technology. 5G network, Internet of Things, cloud computing and edge technology such as VPN and firewalls. These technologies are becoming integral to critical services, yet they remain highly exposed to cyber threat. We also joined Ghana and other member states in emphasizing the need to adopt secure by design approach across all digital infrastructures. On the list of emerging digital technologies in paragraph 20, we would like to propose the inclusion of artificial intelligence. These technologies are now being used to expose the vulnerability of networks and IT infrastructure such as data centers. The deep fake threats associated to artificial intelligence application in fake news, misinformation, hate speech and targeted social campaign are today major risk for democracy, peace and stability in many countries. On the rules, norms and principles of responsive state behavior, we reaffirm our strong support to volunteer non-binding norms of responsive state behavior in cyberspace. As outlined in paragraph 34P of REF1 draft report, we hold the view that continued development of norms must go hand to hand with their practical implementation. It is against this backdrop that we welcome the volunteer checklist of practical action state on paragraph 33 and use member states to use it as a tool to turn political consensus in measurable impact. On international law, Mozambique welcomed reaffirmation of international law in particular to the UN Charter. that applies in the use of ICT. We commend the OEWG continued effort to deepen discussion on core principles, such as sovereignty, non-intervention, and due diligence. We particularly note with appreciation the reference to national and regional position, including the common African position on the application of international law in cyberspace, as well as AU declaration and other working papers. This contribution enriched the dialogue and offer foundation and progressive convergence on these key issues. Mozambique encouraged the future permanent mechanism to build on this discussion through structured, inclusive format that move beyond reaffirmation towards shared understanding on complex areas, such as attribution, state responsibility, and legal thresholds. We also highlight the importance of dedicated capacity building international law, particularly in developing countries to ensure equal participation in shaping legal norms and digital domain. And also the tailored program delivered in partnership with our regional legal institution in multiple language will be greatly enhanced impacts. On confidence building measure, Mozambique welcomed the Open-Ended Working Group continuous emphasis on confidence building measure as means of enhanced trust, reducing tension, and promoting cooperation in cyberspace. We support the development of operationalization of global points of contact, and also comment the simulation exercise that have helped and tested effectiveness. On capacity building. Capacity building lays at the core of our national and regional effort to enhance cyber security and digital resilience. As reaffirmed on paragraph 9.52, sustainable capacity building is a key enabler for digital transformation, special for developing countries such as Mozambique. We strongly support inclusive and high-impact initiatives such as Women in International Security and Cyberspace Fellowship, which has proven to be a powerful platform for building leadership and institutional capacity. Likewise, acknowledge to value initiatives such as UN Singapore Cyber Fellowship and Italian Summer and Winter School, which many of us have benefited from first-hand. These are not merely training programs, they are practical confidence-building measures. We therefore advocate for their consolidation and expansion under the Future Permanent Mechanism. In this context, paragraph 12 holds particular importance, and we emphasize that gender perspective must be systematically embedded in the design and operation of the Future Mechanism. Meaningful participation of women in cyber governance is not optional, it is essential. Mr. Chair, as I conclude, I would like to reiterate Mozambique delegation commitment to a forward-looking, inclusive and action-oriented outcome. We stand ready to work constructively with all delegations to ensure that the final report serves as a launchpad for meaningful implementation and that the Future Mechanism is equipped to respond to the evolving digital landscape. I thank you, Mr. Chair.

Chair: Thank you, Mozambique, for your statement. Indonesia, followed by Russian Federation.

Indonesia: Thank you, Mr. Chair. Indonesia would like to share our reflections on Section C through F, which we view as central to building a secure and inclusive cyberspace. On Section C, our position is fully guided by our commitment to the 11 norms of responsible We are committed to the implementation of the 11 norms and to the implementation of the 11 norms in the digital and cyberspace, while remaining open to the development of additional norms. There are several points that our delegations would like to share. First, we support paragraph 34B, which recognizes the uniqueness of each member state’s technical capacity, diverse national system, and regional specificity in the implementation of the 11 norms. Second, we support the inclusion of paragraph 34N, which recognizes the importance of the implementation of the 11 norms, therefore, we support the retention of paragraph 34M on the value of developing targeted ICT security capacity building programs. In line with that spirit, Indonesia also welcomes the inclusion of paragraph 34N that further clarifies the linkage between states’ obligation under international law and the implementation of the 11 norms in cyberspace. Third, we support the inclusion of paragraph 34N to enhance transparency and accountability among member states. Indonesia can support the adoption of the voluntary checklist at annex 1 of this report, as has been discussed and agreed in the third APR. Third, on regional mechanism could also play a crucial role in advancing discussions on norms in cyberspace. In addition, we support the inclusion of paragraph 34K, which recognizes the importance of regional efforts in supporting the implementation of voluntary norms in fostering regional cooperation and trust. Moving to section D, Indonesia believes that cyberspace must not be limited to the implementation of the 11 norms in cyberspace. Therefore, we support the inclusion of paragraph 34K, as it acknowledges the important role of regional efforts in supporting the implementation of voluntary norms in fostering regional cooperation and trust. Next, we report on the current text which reflects Indonesia’s stance towards lasting transparency and transparency on international law. Indonesia has unaccepting of the firstly from Indonesia. We reaffirm our support to equality of international law and UN charter. Indonesia is open to fertilizations on international law, included in the UN Charter. Indonesia is open to international law and UN charter. Mr. Chair, now allow me to turn to section E and F. On section E, Indonesia supports the continued development of practical initiatives to enhance transparency, trust, and cooperation in the cyber domain. In this regard, we affirm the global point of contact directories’ practical value in facilitating timely cooperation in the cyber domain, and we affirm the continued development of practical initiatives to enhance transparency, trust, and cooperation in the cyber domain. as a part of broader CBM efforts, including through ensuring the smooth transition of the global POC directory from under the auspice of the OEWG to the future permanent mechanism as outlined in paragraph 46B. On section F, Indonesia aligns itself with ASEAN statement as delivered by Malaysia. In our national capacity, Indonesia would like to reiterate our beliefs that capacity building is foundational to narrowing capability gaps in digital divide and state’s capacity in addressing cyber threats. Our comments on this section as follow. First, to ensure sustainability, Indonesia supports the establishment of a dedicated thematic group on capacity building as reflected on paragraph 52M and also sponsorship through voluntary contribution as outlined in paragraph 56. Second, in line with the spirit of effectiveness, Indonesia believes the importance of need assessment prior to capacity building initiative to ensure such programs are demand-driven and adaptive to present challenges, including but not limited to the development of guidelines to ensure such initiatives are tailored and effective to the needs of states. We also support paragraph 55 as the proposed establishment of a dedicated global ICT security cooperation and capacity building portal that will provide a trusted global platform to share timely and accurate information on ICT threats, foster transparency, and enhance coordinated responses. That also incorporates a specific section for stakeholders to share best practices. Third, Indonesia also underlines the value of collaborative approaches, particularly with private sectors and regional partners. Therefore, we would like to see paragraph 52C to be retained. In closing, Mr. Chair, we hope that the spirit of cooperation that has guided our discussion will continue to lead us towards consensus on the final report. I thank you, Mr. Chair.

Russian Federation: 24 of the Global Intergovernmental Points of Contact Directory for exchange of information on computer attacks and incidents is one of the most important practical outcomes of the OEWG’s work. At the same time, we are convinced that the final report should provide objective information about the current status of the directory. In particular, it’s important to further develop it and to eliminate existing problems related to states’ interaction within its framework. In paragraph 46C, we consider it appropriate in the context of its capacity-building to add a mention of the UNIDIR workshop that took place on the margins of the 10th OEWG session, a workshop on the POC directory. This workshop helped raise awareness among developing countries about the directory and the procedure of admitting the national POCs. In addition, it is important to use the exact name of this instrument supplementing the phrase Global POC Directory with the term Intergovernmental. We believe that it would be very useful, as mentioned in paragraph 46C, to hold POC meetings within the framework of the Future Mechanism. We believe that it deserves a separate and detailed reflection in the context of the modalities of the Future Permanent Mechanism, NX3. To guarantee convenience and inclusive participation, such informal meetings could be held in a hybrid format. We also support our colleague that suggested adding in paragraph 46C a reference to equitable access of all member states to the market of goods and services in the area of ICT. As for paragraph 46E, we note that the use of templates and exchange of messages should certainly be of a voluntary nature, but their format should be fixed. This kind of scheme could undermine… effective interaction within the directory as it contradicts the very logic of having a single template if the format is flexible. When it comes to paragraph 46G, we believe that the positions of states are not correctly reflected with regard to the simulation exercises that took place. It is worth adding in this paragraph language stating that the exercises made it possible to identify problems in the functioning of the POC directory and identify ways to eliminate them, as well as point out any imperfections in past exercises and the need to improve and refine scenarios in order to increase the effectiveness of the exercises by consulting on the matter with states. In the recommendations section, paragraph 49, we believe that the involvement of relevant UN entities in the organization of simulation exercises ought to be optional, adding the words where appropriate. In the same paragraph, it is important to consolidate the assertion about the readiness of the UN Office for Disarmament Affairs to take into account the recommendations of states to conduct further simulation exercises. To ensure a clearer structure in the report, we recommend that the wording of the threats section related to confidence-building measures be moved to this section. This refers in particular to provisions of paragraph 32 on strengthening cooperation between CERTs and CSERTs. As the initiator of the launch of the POC directory, Russia has consistently advocated for the unification of information exchange mechanisms, including first and foremost the development of a template with the goal of improving the effectiveness of the directory. Exercises conducted by UNODA only confirm the need to develop a single template here. We support the relevant efforts of UNODA. to Annex 2 requires serious revision. Even if this template can be used by diplomatic POCs, it does not meet the needs of technical POCs. They need a form for transmitting specific technical data related to computer incidents. Since the template was distributed shortly before the final OEWG sessions, states had the opportunity to discuss it. It’s also obvious that we will not have time to properly consider this template this week. In this regard, without questioning the priority of developing a single template for exchanging information, we suggest moving its more detailed discussion to the future permanent mechanism. As for capacity building, this is one of the most important issues within the framework of the OEWG and the future permanent mechanism. We are convinced that this topic should be given special attention in the final report. We welcome the assertion in the text that capacity building programs should address the special needs and priorities of developing countries while respecting national sovereignty, as laid out in paragraph 58. At the same time, we consider it important to adhere to a balanced approach and to avoid including concepts and initiatives that were not properly discussed within the OEWG. In this regard, we propose deleting the following provisions that were not previously discussed at substantive sessions of the group on standardization of curriculum or capacity building programs, paragraph 52C, on digital tools to support states’ implementation of the voluntary and nonbinding norms of responsible state behavior, paragraph 52I, and on the establishment of a UN Cyber Resilience Academy within UNIDIR. With regard to this academy, I’d like to emphasize that the future permanent mechanism is being established as a central platform for all aspects of security of and in the use of ICTs, including capacity building. We will be able to further elaborate on the need for additional efforts in this field only after the launch of the future mechanism. The implementation of initiatives such as the above-mentioned academy at the current stage would only lead to duplication of efforts within the future permanent mechanism. We cannot agree with the statement that capacity-building needs of states can be best met by individual states and stakeholders, as stated in paragraph 52M. This wording unduly diminishes the role of the UN. In the same paragraph, we consider it excessive to single out distinct initiatives such as women in international security and cyberspace, not to mention that this topic is already covered by paragraph 12. In order to optimize the text, we also propose to combine and shorten subparagraphs E and F of paragraph 52 as related to the same topic. In paragraph 52 recommendations, we suggest replacing the term action-oriented with practical. Another proposal is to transfer the provisions related to the topic of capacity-building from paragraph 42E – subparagraphs, remunerals 1 to 4 – of the section international law to the capacity-building section. Thank you.

Chair: Thank you very much, Russian Federation. A few comments we need to break soon. First, my thanks and deep appreciation to the interpreters. I am very grateful for the extra time that they have given us. Second, we will meet at 3 p.m. sharp this afternoon. Third, at 3 p.m. this afternoon, we will shift our discussion to section G, regular institutional dialogue and the related Annex III of the REP 1, which is additional elements for the open-ended action-oriented permanent mechanism on ICT security in the context of international security. So, section G and Annex III. Fourth point, there are still about 20 speakers who have pressed the buttons, and there was some degree of pressing the buttons soon after one speaks as a way to line up for the future. So what I would like to do this afternoon is set aside this current list of speakers. At 3 p.m., I will only be inviting comments on RID, and I’ll invite everyone to press the buttons afresh at 3 p.m. sharp, which is another incentive for all of you to be on time. Not that that was ever in question, because I have partly been the cause of starting the meetings late as a result of other meetings and informal consultations. And 3 p.m. interventions focus entirely on Section G and Annex III. Again, my appeal for brevity, and I have the sense also that some of you have coordinated your interventions such as – with an aim to persuade others that there is a wave of momentum for your particular position. I mean, this is to be understood. And there are group positions as well. But I would urge you to repeat positions, especially if they have been covered by your group positions, unless you have a particular element with which you disagree with the group that you are aligned with. And that will be interesting to hear. Or if you have a new element that your group has not been able to, for one reason or another, have a common position on. So I think we really need to be efficient in the use of time. And after we have exhausted the list of speakers for RID, Regular Institutional Dialogue and Annex III, we will come back to the remaining speakers in one way or another. We’ll need to find a way to do that. But much depends on how we progress this afternoon. So on that note, I wish you a pleasant afternoon. See you exactly at 3 p.m. this afternoon. The meeting is adjourned. Thank you. Yeah.

Agreement points

Priority on implementing existing 11 consensus norms rather than developing new ones

Speakers

– France
– United States
– Estonia
– Canada
– New Zealand
– Israel

Arguments

Priority should be on implementing existing 11 consensus norms rather than developing new ones

Delete paragraphs 34R and 36 calling for new norms development as they lack consensus

Existing norms constitute comprehensive framework, prioritize implementation with capacity building

Focus should be on implementing existing 8 CBMs rather than developing new ones

Existing norms framework provides solid foundation, new norms discussion is premature

Support implementation of existing norms before developing new legally binding obligations

Summary

Multiple speakers agree that the focus should be on implementing the existing 11 consensus norms rather than developing new ones, with several calling for deletion of specific paragraphs that emphasize new norms development

Topics

Cybersecurity

Support for voluntary checklist of practical actions for norms implementation

Speakers

– France
– Thailand
– Singapore
– Estonia

Arguments

The adoption of a checklist on practical and voluntary actions for implementing these standards seems to us to be an important step forward

Support for voluntary checklist of practical actions as valuable implementation tool

Implementation and discussion of new norms should not be mutually exclusive but done incrementally

We welcome the voluntary norms implementation checklist, as it provides a clear roadmap for states in that process

Summary

Speakers consistently support the voluntary checklist as a practical tool for implementing existing norms, viewing it as an important step forward in operationalizing consensus agreements

Topics

Cybersecurity

International humanitarian law applies to cyberspace and should be reflected in the report

Speakers

– Poland
– Mexico
– Canada

Arguments

International humanitarian law applies to cyberspace and should be explicitly confirmed in report

Malicious ICT use in armed conflicts endangers civilian lives and violates IHL

We share the concerns expressed by many that the text of paragraph 41 should not include reference to the possibility of additional legally binding obligations

Summary

There is strong agreement that international humanitarian law applies to cyberspace and should be explicitly acknowledged in the final report, with emphasis on protecting civilians in armed conflicts

Topics

Cybersecurity

Need for capacity building to be cross-cutting and foundational pillar

Speakers

– Sierra Leone
– Fiji
– European Union
– Nigeria
– Malaysia

Arguments

Capacity building is foundational pillar requiring sustainable, needs-based approach

Capacity building should be cross-cutting issue and standing item in all discussions

Support for Global ICT Security Cooperation and Capacity Building Portal as central hub

Establishment of UN Voluntary Fund for capacity building is important proposal

ASEAN stresses importance of international cooperation for developing countries

Summary

Speakers agree that capacity building should be treated as a cross-cutting, foundational element rather than a siloed discussion, with emphasis on supporting developing countries

Topics

Development

Global Points of Contact Directory is important practical achievement requiring smooth transition

Speakers

– Singapore
– Russian Federation
– Fiji
– Indonesia

Arguments

Support step-by-step approach for POC directory transition to future mechanism

Global Points of Contact Directory is important practical outcome requiring smooth transition

CBMs play critical role in building trust, especially for regions with limited capacity

We affirm the global point of contact directories’ practical value in facilitating timely cooperation in the cyber domain

Summary

There is consensus that the Global Points of Contact Directory represents a significant practical achievement that should be maintained and smoothly transitioned to the future permanent mechanism

Topics

Cybersecurity

Similar viewpoints

These speakers share concern about including non-consensus documents and references to proposals by small groups of states in the final report, emphasizing the need for balanced representation of views

Speakers

– United States
– New Zealand
– Israel

Arguments

Remove references to non-consensus documents like 2021 Chair’s summary

Language on exclusively peaceful purposes of ICTs is inconsistent and fails to reflect reality

Remove reference to letter on convention from small number of states

Topics

Cybersecurity

These speakers support maintaining language about equitable access to ICT security goods and services as a way to bridge the digital divide and ensure fair access to cybersecurity resources

Speakers

– Brazil
– China
– Islamic Republic of Iran

Arguments

Support for retaining reference to equitable access to ICT security goods and services

Support for retaining language on equitable access to ICT security goods and services

We welcome the reference to facilitating equitable access for all states to the market for ICT security goods and services

Topics

Development

These speakers emphasize the need to avoid duplication of existing capacity building efforts and be mindful of resource constraints, advocating for coordination rather than creation of new overlapping programs

Speakers

– European Union
– Japan
– Canada

Arguments

UN should play coordinating role without duplicating existing initiatives

Need to avoid duplication with existing capacity building efforts and be mindful of resource limitations

We cannot accept the creation of a sponsorship program before having understood all of the costs entailed by this proposal

Topics

Development

Both speakers emphasize the serious threats posed by malicious ICT activities, particularly targeting critical infrastructure, and view these as violations of international law requiring strong responses

Speakers

– Algeria
– Mozambique

Arguments

Growing market for commercially available ICT intrusion capabilities poses destabilizing threat

Malicious ICT activities targeting critical infrastructure constitute gross violation of international law

Topics

Cybersecurity

Unexpected consensus

Support for Women in Cyber Fellowship as best practice model

Speakers

– Vanuatu
– Malawi
– Mozambique

Arguments

Women in Cyber Fellowship should be acknowledged as best practice model

Strong support for voluntary global capacity-building fund and portal

We therefore advocate for their consolidation and expansion under the Future Permanent Mechanism

Explanation

Despite different regional backgrounds, these speakers specifically highlighted the Women in Cyber Fellowship as a successful model, showing unexpected consensus on gender-focused capacity building initiatives across Pacific and African regions

Topics

Human rights | Development

Need for manageable structure in future permanent mechanism

Speakers

– Fiji
– Venezuela
– Canada

Arguments

Need manageable number of dedicated thematic groups with clear objectives

Maintain governmental nature of mechanism and existing modalities for non-state actor participation

We suggest that these four be streamlined while focusing on discussions on capacity building that are action-oriented

Explanation

Despite different political orientations, these speakers share concern about creating an overly complex future mechanism structure, emphasizing the need for manageable, clear arrangements

Topics

Cybersecurity

Overall assessment

Summary

There is strong consensus on prioritizing implementation of existing norms over developing new ones, supporting practical tools like the voluntary checklist, maintaining the Global POC Directory, and treating capacity building as cross-cutting. Agreement also exists on IHL applicability to cyberspace and avoiding duplication in capacity building efforts.

Consensus level

High level of consensus on core operational issues, with main disagreements centered on the scope of new norms development and the balance between coordination versus creation of new UN capacity building mechanisms. The consensus suggests a pragmatic approach focused on implementation and practical cooperation rather than expanding normative frameworks.

Different viewpoints

Development of new norms versus implementation of existing norms

Speakers

– France
– United States
– Estonia
– Canada
– New Zealand
– Israel
– Singapore
– Indonesia

Arguments

Priority should be on implementing existing 11 consensus norms rather than developing new ones

Delete paragraphs 34R and 36 calling for new norms development as they lack consensus

Existing norms constitute comprehensive framework, prioritize implementation with capacity building

Support for both implementation of existing norms and parallel development of new norms where necessary

Regional mechanisms play crucial role in advancing norms discussions

Summary

Major divide between countries wanting to focus exclusively on implementing the 11 existing consensus norms (France, US, Estonia, Canada, New Zealand, Israel) versus those supporting parallel development of new norms alongside implementation (Singapore, Indonesia). The first group argues there’s no consensus for new norms and resources should focus on implementation, while the second group believes the evolving cyber threat landscape requires consideration of additional norms.

Topics

Cybersecurity

Application of International Humanitarian Law in cyberspace

Speakers

– United States
– Poland
– Mexico
– Venezuela
– Islamic Republic of Iran

Arguments

Support for reinserting language on ICT operations constituting use of force when scale and effects are comparable

International humanitarian law applies to cyberspace and should be explicitly confirmed in report

Malicious ICT use in armed conflicts endangers civilian lives and violates IHL

Insistence on the existence of consensus, which in our view does not exist, as regards the automatic applicability of international humanitarian law to the cyber sphere

Summary

Clear disagreement on whether international humanitarian law automatically applies to cyberspace. Poland, Mexico, and the US strongly support explicit confirmation of IHL application, while Venezuela explicitly rejects what they see as false consensus on automatic IHL applicability. This represents a fundamental legal disagreement about the scope of international law in cyber operations.

Topics

Cybersecurity

Exclusively peaceful use of ICTs

Speakers

– New Zealand
– Estonia
– Islamic Republic of Iran
– China

Arguments

Language on exclusively peaceful purposes of ICTs is inconsistent and fails to reflect reality

Support for exclusively peaceful use of ICT principle and strengthening its language

Summary

Fundamental disagreement about whether ICTs should be characterized as exclusively for peaceful purposes. New Zealand and Estonia argue this language is inconsistent with reality and fails to acknowledge IHL relevance in armed conflict, while Iran and China strongly support maintaining and even strengthening language promoting exclusively peaceful use of ICTs.

Topics

Cybersecurity

Role of UN in capacity building versus existing initiatives

Speakers

– European Union
– Japan
– Canada
– Nigeria
– Brazil
– Islamic Republic of Iran

Arguments

UN should play coordinating role without duplicating existing initiatives

Need to avoid duplication with existing capacity building efforts and be mindful of resource limitations

Establishment of UN Voluntary Fund for capacity building is important proposal

Support for UN Singapore Cyber Fellowship as valuable initiative

Summary

Disagreement over whether the UN should take a more operational role in capacity building or primarily coordinate existing efforts. EU, Japan, and Canada emphasize avoiding duplication and being mindful of fiscal constraints, while Nigeria, Brazil, and Iran support establishing new UN-led capacity building mechanisms including voluntary funds and fellowship programs.

Topics

Development

References to non-consensus documents in the report

Speakers

– United States
– Japan
– Egypt

Arguments

Remove references to non-consensus documents like 2021 Chair’s summary

Paragraph 41 inappropriately mixes documents of varying legal status and support

Disagreeing with a proposal does not negate the fact that a proposal was made

Summary

Disagreement over whether the report should reference documents that lack consensus. The US and Japan want to remove references to non-consensus documents like the 2021 Chair’s summary, arguing they shouldn’t be elevated in a consensus report. Egypt argues that all proposals made should be captured factually regardless of support level, as long as they’re not endorsed.

Topics

Legal and regulatory

Unexpected differences

Governmental nature of the mechanism versus multi-stakeholder approach

Speakers

– Venezuela
– Fiji

Arguments

Maintain governmental nature of mechanism and existing modalities for non-state actor participation

Multi-stakeholder approach essential for incorporating diverse expertise

Explanation

Unexpected disagreement on stakeholder participation, with Venezuela strongly emphasizing maintaining governmental nature while Fiji advocates for enhanced multi-stakeholder approach. This represents a fundamental disagreement about the nature of cyber governance that wasn’t prominently featured in earlier discussions.

Topics

Legal and regulatory

Artificial intelligence as emerging threat requiring specific attention

Speakers

– Mozambique

Arguments

Artificial intelligence should be included in list of emerging digital technologies

Explanation

Mozambique’s specific focus on AI as a cyber threat requiring inclusion in the emerging technologies list represents an unexpected area of concern not widely discussed by other speakers, highlighting emerging technological threats beyond traditional cyber security concerns.

Topics

Cybersecurity

Time zone challenges for meaningful participation

Speakers

– Fiji

Arguments

Hybrid and virtual options must be available but not substitute for in-person diplomacy

Explanation

Fiji’s specific concern about time zone challenges for Pacific delegations (10 a.m. New York meetings occurring in middle of night across Pacific) represents an unexpected practical barrier to participation that other speakers didn’t address, highlighting geographic inequities in global governance processes.

Topics

Legal and regulatory

Overall assessment

Summary

The discussion reveals significant disagreements on fundamental issues including the scope of international law application in cyberspace, the balance between implementing existing norms versus developing new ones, the role of the UN in capacity building, and the nature of stakeholder participation. There are also procedural disagreements about referencing non-consensus documents and the characterization of ICTs as exclusively peaceful.

Disagreement level

High level of disagreement with major implications for the future permanent mechanism. The disagreements are not merely technical but represent fundamental differences in legal interpretation, institutional roles, and governance approaches. These disagreements could significantly impact the consensus-building process and the effectiveness of any future permanent mechanism, as they touch on core issues of international law, institutional design, and resource allocation.

Partial agreements

Similar viewpoints

These speakers share concern about including non-consensus documents and references to proposals by small groups of states in the final report, emphasizing the need for balanced representation of views

Speakers

– United States
– New Zealand
– Israel

Arguments

Remove references to non-consensus documents like 2021 Chair’s summary

Language on exclusively peaceful purposes of ICTs is inconsistent and fails to reflect reality

Remove reference to letter on convention from small number of states

Topics

Cybersecurity

These speakers support maintaining language about equitable access to ICT security goods and services as a way to bridge the digital divide and ensure fair access to cybersecurity resources

Speakers

– Brazil
– China
– Islamic Republic of Iran

Arguments

Support for retaining reference to equitable access to ICT security goods and services

Support for retaining language on equitable access to ICT security goods and services

We welcome the reference to facilitating equitable access for all states to the market for ICT security goods and services

Topics

Development

These speakers emphasize the need to avoid duplication of existing capacity building efforts and be mindful of resource constraints, advocating for coordination rather than creation of new overlapping programs

Speakers

– European Union
– Japan
– Canada

Arguments

UN should play coordinating role without duplicating existing initiatives

Need to avoid duplication with existing capacity building efforts and be mindful of resource limitations

We cannot accept the creation of a sponsorship program before having understood all of the costs entailed by this proposal

Topics

Development

Both speakers emphasize the serious threats posed by malicious ICT activities, particularly targeting critical infrastructure, and view these as violations of international law requiring strong responses

Speakers

– Algeria
– Mozambique

Arguments

Growing market for commercially available ICT intrusion capabilities poses destabilizing threat

Malicious ICT activities targeting critical infrastructure constitute gross violation of international law

Topics

Cybersecurity

Key takeaways

There is a fundamental divide between states prioritizing implementation of existing 11 consensus norms versus those supporting parallel development of new norms

Strong consensus exists that international humanitarian law applies to cyberspace, despite opposition from a small minority of states

Capacity building is recognized as a foundational, cross-cutting pillar that should be integrated into all aspects of the future permanent mechanism

The Global Points of Contact Directory is viewed as one of the most important practical outcomes of the OEWG process

There is broad agreement on the need for a future permanent mechanism that is consensus-based, inclusive, and action-oriented

Regional and cross-regional cooperation is essential for effective cybersecurity governance

Time constraints and the need for consensus are creating pressure to focus on essential amendments rather than comprehensive revisions

Resolutions and action items

Chair to produce REV.2 of the final report incorporating feedback from delegations

Afternoon session at 3 PM to focus specifically on Section G (Regular Institutional Dialogue) and Annex III

Fresh speaker list to be established for the afternoon session on RID discussions

Delegations requested to share written statements with Chair’s office and other delegations

Thailand announced publication of national position on international law application in cyberspace

Republic of Korea congratulated for publishing its national position on international law

Side event scheduled during lunch break to launch Thailand’s national position

Unresolved issues

Disagreement over deletion of paragraphs 34R and 36 regarding new norms development

Dispute over inclusion of references to non-consensus documents like 2021 Chair’s summary

Lack of consensus on establishing new UN financial structures for capacity building

Disagreement over language regarding ‘exclusively peaceful purposes’ of ICTs in paragraph 15

Unresolved questions about the scope and mandate of dedicated thematic groups

Ongoing debate over appropriate level of detail for international humanitarian law references

Uncertainty about resource allocation and duplication concerns for capacity building initiatives

Disagreement over inclusion of references to legally binding obligations in paragraph 41

Suggested compromises

Combine paragraphs 34.O and 34.P on norms development rather than deleting them entirely

Move paragraph 34.N to chapeau section instead of treating it as a new proposal

Use Australian amendment or similar compromise solution for paragraph 15 on peaceful purposes

Streamline paragraph 43 by deleting text after ‘how international law applies in the use of ICTs’

Extend existing Women in Cyber Fellowship program rather than creating new sponsorship mechanisms

Focus on incremental approach for Global ICT Security Cooperation and Capacity Building Portal

Replace ‘high-level’ with more flexible language for roundtable participation levels

Add ‘where appropriate’ qualifier to strengthen cooperation between CERTs and CSERTs

Combine and shorten related subparagraphs in capacity building section to optimize text

How can this report help lay the groundwork for improved capacity building that would be more efficient and effective? Capacity building, as you know, is of crucial importance in our proposed program of action to make cyberspace safer. Coming to this end, we must ensure that the UN plays its coordinating role without uselessly duplicating existing initiatives, but rather by adapting to the real needs of countries and providing concrete solutions.

Speaker

France

Reason

This comment reframes the entire capacity building discussion from a theoretical exercise to a practical implementation challenge. It introduces the critical tension between UN coordination versus duplication of existing efforts, forcing delegates to think beyond just agreeing on principles to actually considering operational effectiveness.

Impact

This comment established a recurring theme throughout the discussion where multiple delegations (EU, Canada, New Zealand, Estonia) began explicitly addressing the duplication concern and fiscal constraints. It shifted the conversation from ‘what should we do’ to ‘how can we do it efficiently without wasting resources.’

The report should not reflect a good faith effort to accurately reflect the conversation of the OEWG over the past four years. It places undue emphasis on the elaboration of new norms in the future at the expense of the fulsome discussions that took place on the implementation of the existing consensus norms.

Speaker

United States

Reason

This comment challenges the fundamental balance and accuracy of the report itself, questioning whether it truly represents four years of multilateral negotiations. It introduces a meta-critique about how consensus processes should be documented and what constitutes fair representation of diverse views.

Impact

This critique prompted multiple delegations (France, Estonia, Canada, New Zealand) to echo similar concerns about premature norm development, creating a clear divide in the room between those favoring implementation of existing norms versus those supporting new norm elaboration. It fundamentally shifted the debate from content to process legitimacy.

Bridging the digital divide must be treated as a security imperative, not just a development objective.

Speaker

Sierra Leone

Reason

This comment reframes the traditional development-security divide by arguing that digital inequality itself creates security vulnerabilities. It challenges the conventional separation between development assistance and security cooperation, suggesting they are inseparable in cyberspace.

Impact

This perspective influenced subsequent speakers to view capacity building through a security lens rather than just a development assistance framework. It helped justify stronger UN involvement in capacity building by linking it directly to international peace and security mandates.

If we accept the perspective expressed by some countries that current uninclusive capacity building initiatives are sufficient and that the UN should only take a coordinating rule, then a critical question arises for the international community, what has been the tangible outcome of seven years of extensive discussions within the first and second OEWG on capacity building under the auspices of the United Nations.

Speaker

Iran

Reason

This comment forces delegates to confront the potential futility of their seven-year process if it doesn’t result in concrete UN-led initiatives. It challenges the legitimacy of limiting UN involvement and questions whether the entire multilateral process has been worthwhile if it only results in coordination rather than action.

Impact

This intervention created a defensive response from several delegations who had to justify why coordination rather than operational involvement might still be valuable. It highlighted the fundamental tension between those wanting an active UN role versus those preferring existing bilateral/regional mechanisms.

Cyberspace is not a lawless space, whether in peace or in war. The long-standing rules of international humanitarian law protect civilian populations and other protected persons and objects against all forms of warfare and against all kinds of weapons, be they old or new, kinetic or cybernetic.

Speaker

Mexico (on behalf of Luxembourg, Mexico, and Switzerland as co-chairs of the ICT workstream)

Reason

This comment directly confronts the notion that cyberspace exists in a legal gray area, particularly during armed conflict. It bridges the gap between traditional warfare law and emerging cyber capabilities, making a clear humanitarian argument for legal clarity in cyberspace.

Impact

This intervention strengthened the position of those advocating for explicit recognition of international humanitarian law in cyberspace, influencing subsequent speakers to reference civilian protection and the need for clear legal boundaries in cyber operations during conflicts.

Chair’s intervention about time management and the need for telegraphic statements: ‘I’m having the feeling that you love the OEWG so much that you’re getting into the mode of making general statements, and it seems to me that you’re going to miss the OEWG when it doesn’t exist any longer. But I assure you there’s a future permanent mechanism waiting for all your general statements in the future.’

Speaker

Chair

Reason

This humorous but pointed intervention reveals the emotional attachment delegates have developed to this process while simultaneously managing the practical challenge of time constraints. It demonstrates sophisticated diplomatic leadership by using humor to redirect behavior while acknowledging the underlying sentiment.

Impact

This intervention immediately changed the tone and pace of subsequent interventions, with speakers becoming noticeably more concise and focused. It also revealed the psychological dimension of multilateral negotiations – that delegates can become attached to processes themselves, not just outcomes.

Overall assessment

These key comments fundamentally shaped the discussion by introducing three critical tensions that ran throughout the session: (1) the balance between norm implementation versus new norm development, (2) the appropriate role of the UN in capacity building (coordination versus operational involvement), and (3) the challenge of translating years of multilateral dialogue into concrete, efficient action. The Chair’s time management intervention also revealed how process dynamics can become as important as substantive content in multilateral negotiations. Together, these comments moved the discussion from abstract policy positions toward practical implementation challenges, forcing delegates to confront the gap between diplomatic consensus and operational reality.

How can this report help lay the groundwork for improved capacity building that would be more efficient and effective?

Speaker

France

Explanation

This question was raised to guide discussions on capacity building, emphasizing the need for the UN to play a coordinating role without duplicating existing initiatives while adapting to real needs of countries

How would the proposed global ICT security cooperation and capacity building portal avoid duplication with existing portals like the UNIDIR cyber policy portal and the GFC civil portal?

Speaker

United States

Explanation

This question addresses concerns about the function and scope of the proposed portal being much broader than anticipated and the need to prevent duplication of existing resources

What are the costs entailed by the sponsorship program proposal?

Speaker

Canada

Explanation

Canada expressed concern about accepting the creation of a sponsorship program before understanding all costs, especially given preliminary estimates being much higher than what states could carry out themselves

How to reconcile Annex C from last year’s annual report with what is proposed in paragraph 43 regarding the permanent mechanism’s function and scope on international law?

Speaker

New Zealand

Explanation

New Zealand expressed uncertainty about the intention of paragraph 43 and how it relates to the already established framework in Annex C, noting this uncertainty is not helpful for such an important issue

What has been the tangible outcome of seven years of extensive discussions within the first and second OEWG on capacity building under the auspices of the United Nations?

Speaker

Islamic Republic of Iran

Explanation

This question challenges the perspective that current capacity building initiatives are sufficient and questions what concrete results have emerged from extensive UN discussions on this topic

How to improve simulation exercises in terms of modalities and content to make them more effective?

Speaker

China

Explanation

China expressed concerns about simulation exercises and suggested improvements to make POCs focus on realities and play active roles in collaborative responses to cyberspace incidents

How to develop a single template for exchanging information through the POC directory that meets the needs of both diplomatic and technical POCs?

Speaker

Russian Federation

Explanation

Russia noted that the current template may work for diplomatic POCs but doesn’t meet the needs of technical POCs who need forms for transmitting specific technical data related to computer incidents

What specific categories of intrusion capabilities should be referenced in paragraph 25?

Speaker

Algeria

Explanation

Algeria proposed adding references to specific categories of intrusion capabilities that are publicly known and discussed, similar to how malicious software is addressed in paragraph 24