Opening of the session

7 Jul 2025 14:00h - 17:00h

Session at a glance

Summary

This transcript captures the opening session of the 11th and final substantive meeting of the UN Open-Ended Working Group (OEWG) on Security of and in the Use of ICTs, chaired by Ambassador Gafoor. The session began with a video message from UN Under-Secretary-General Izumi Nakamitsu, who praised the working group’s achievements over five years, including establishing a global intergovernmental directory with 115+ states, eight global confidence-building measures, and common understandings on ICT security threats. She emphasized the critical importance of finalizing the future permanent mechanism to ensure seamless transition from the current OEWG.


Chair Gafoor reflected on the working group’s progress since 2021, highlighting three consensus annual progress reports achieved despite challenging international circumstances. He outlined key accomplishments including reinforcing the normative framework for responsible state behavior in cyberspace, raising ICT security awareness, widening participation especially among developing countries, and building confidence among member states. The chair stressed that success requires incremental progress and flexibility from all delegations.


The main discussion focused on sections A (Overview) and B (Existing and Potential Threats) of the draft final report. Multiple regional groups and individual countries provided detailed feedback on the revised draft. The European Union emphasized preserving the UN framework for responsible state behavior and avoiding language that could weaken existing commitments. The African Group highlighted threats particularly relevant to African states, including attacks on critical infrastructure, supply chains, and misinformation campaigns targeting governance during political transitions.


Several delegations raised concerns about specific language in the threat section, particularly regarding “exclusively peaceful purposes” of ICTs and the relationship between criminal cyber activities and international peace and security. Countries like the United States, Canada, and Australia opposed the “exclusively peaceful purposes” language, arguing it contradicts the reality that ICTs are already used in armed conflicts and should be regulated by international humanitarian law. A like-minded group led by Nicaragua advocated for legally binding agreements and expressed concerns about stakeholder participation modalities in the future permanent mechanism.


The session demonstrated both convergence and divergence among member states, with broad agreement on the need for consensus while revealing substantive disagreements on key issues that will require intensive negotiations throughout the week to achieve the seamless transition to a permanent mechanism.


Keypoints

## Major Discussion Points:


– **Transition to Future Permanent Mechanism**: The primary focus is finalizing the 11th and final session of the Open-Ended Working Group (OEWG) and ensuring a seamless transition to a future permanent mechanism for ICT security discussions, with emphasis on reaching consensus on the final report by the end of the week.


– **ICT Threat Landscape Assessment**: Extensive discussion of evolving cyber threats including ransomware attacks, critical infrastructure vulnerabilities, commercially available intrusion capabilities, emerging technologies (AI, quantum computing), cryptocurrency theft, and threats to undersea cables and cross-border infrastructure.


– **Framework for Responsible State Behavior**: Debate over maintaining and strengthening the existing UN framework of norms, rules, and principles for responsible state behavior in cyberspace, with some delegations emphasizing implementation over creating new obligations, while others seek additional legally binding agreements.


– **Stakeholder Participation and Institutional Design**: Disagreement over modalities for non-governmental stakeholder participation in the future mechanism, with some supporting expanded inclusion and others insisting on maintaining the intergovernmental nature of the process.


– **Capacity Building and Regional Cooperation**: Strong emphasis on capacity building as a foundational pillar, particularly for developing countries, and recognition of the important role of regional organizations in implementing cybersecurity frameworks and fostering cooperation.


## Overall Purpose:


The discussion aims to finalize the OEWG’s four-year mandate by adopting a consensus final report that consolidates achievements in international cybersecurity cooperation and establishes the framework for a future permanent mechanism to continue this work under UN auspices.


## Overall Tone:


The tone began very positively and constructively, with the Chair commending delegations for focused, specific interventions rather than general statements. Speakers expressed appreciation for the Chair’s leadership and demonstrated commitment to reaching consensus. However, some tension emerged with the like-minded group statement highlighting significant concerns about various aspects of the draft report, though even this maintained a constructive commitment to finding consensus. The Chair emphasized the collaborative nature of the process and the need for all delegations to feel ownership of the final outcome.


Speakers

**Speakers from the provided list:**


– Chair – Ambassador Gafoor, Chair of the Open-Ended Working Group on Security of and in the Use of ICTs


– Izumi Nakamitsu – Undersecretary General and High Representative for Disarmament Affairs


– European Union – Speaking on behalf of the European Union and its member states, as well as candidate countries and aligned states (37 states total, representing 20% of UN membership)


– Nigeria – Speaking on behalf of the African Group


– Fiji – Speaking on behalf of the Pacific Islands Forum


– Islamic Republic of Iran –


– Russian Federation –


– Mauritius –


– Canada –


– United States –


– Indonesia –


– El Salvador –


– Qatar –


– Egypt – Aligning with the African Group statement


– Ghana – Aligning with the African Group statement, also speaking in national capacity


– Singapore –


– Republic of Moldova – Aligning with the European Union statement


– Malawi – Aligning with the African Group statement


– France –


– South Africa – Aligning with the African Group statement


– Thailand –


– Japan –


– Turkey –


– Cuba – Aligning with the like-minded group statement


– Croatia – Aligning with the European Union statement


– Switzerland –


– Colombia –


– Australia – Aligning with the Pacific Islands Forum statement


– Argentina –


– Rwanda – Aligning with the African Group statement


– Nicaragua – Speaking on behalf of a group of like-minded states including Belarus, Venezuela, Burkina Faso, Cuba, Eritrea, Iran, China, and Russia


**Additional speakers:**


None identified beyond those in the provided speakers names list.


Full session report

# Report: 11th Session of the UN Open-Ended Working Group on ICT Security


## Executive Summary


The 11th session of the UN Open-Ended Working Group (OEWG) on Security of and in the Use of ICTs convened under the chairmanship of Ambassador Gafoor to advance negotiations on the draft final report and discuss the framework for a future permanent mechanism. The session demonstrated broad consensus on preserving the UN Framework for Responsible State Behaviour in cyberspace while revealing persistent disagreements on key issues including the use of ICTs in armed conflict, stakeholder participation, and institutional design of future mechanisms.


## Opening Remarks and Procedural Matters


### UN Leadership Perspective


Under-Secretary-General Izumi Nakamitsu delivered a video message highlighting the OEWG’s achievements over its mandate, including the establishment of a global intergovernmental directory with over 115 participating states, development of eight global confidence-building measures, and creation of common understandings on ICT security threats. She emphasized the critical importance of finalizing the future permanent mechanism to ensure seamless transition from the current OEWG.


### Chair’s Framework


Ambassador Gafoor reflected on the working group’s progress since his election as Chair in June 2021, noting the achievement of three consensus annual progress reports. He outlined four key accomplishments: reinforcing the normative framework for responsible state behaviour in cyberspace, raising ICT security awareness globally, widening participation particularly among developing countries, and building confidence among member states through practical cooperation measures.


The Chair established expectations for constructive engagement, noting that while the distance to travel in negotiations was not large, it represented the most challenging part requiring flexibility from all delegations.


### Procedural Arrangements


The Chair announced the adoption of the provisional program of work and explained the fluid implementation approach based on the nature of discussions. He introduced time management measures, including the use of timers for interventions, and noted that technical issues with UN Web TV access had been resolved.


## Regional Group Positions


### European Union and Aligned States


The European Union, speaking on behalf of 37 states, emphasized preserving and building upon the UN Framework for Responsible State Behaviour in cyberspace. The EU stated: “We should not conclude on a report that makes us lose the work we have done so far. We should not conclude on a report that diminishes the value of the UN framework and prioritises new discussions on new norms and obligations over taking action and implementing those commitments we have made thus far.”


The EU advocated for dedicated attention to ransomware due to its severity and impact on international peace and security, particularly effects on healthcare systems and critical infrastructure. They also highlighted concerns about threats to cross-border critical infrastructure, including undersea cables and orbital communication networks.


### African Group


Nigeria, speaking for the African Group, emphasized growing threats to critical infrastructure in healthcare, energy, and financial sectors. The Group highlighted vulnerabilities relevant to African states, including supply chain attacks and misinformation campaigns targeting governance structures during political transitions.


Egypt called for more equitable representation of the global threat landscape, arguing that threat assessments should capture realities in all regions, not just developed nations.


### Pacific Islands Forum


Fiji, representing the Pacific Islands Forum, focused on capacity building as a foundational cross-cutting pillar enabling implementation across all framework areas. The Forum emphasized particular vulnerabilities of small island developing states to cyber threats and highlighted concerns about threats to undersea cables critical for island nations’ connectivity.


### Like-Minded Group


Nicaragua, speaking for like-minded states including Belarus, Venezuela, Burkina Faso, Cuba, Eritrea, Iran, China, and Russia, advocated for legally binding agreements as the most effective measure to counter challenges in the digital environment. This group raised concerns about stakeholder participation modalities, insisting on maintaining the intergovernmental nature of the process, and supported creating a dedicated thematic group on capacity building.


## Key Areas of Convergence


### Preservation of Existing Framework


Multiple speakers, including the European Union, France, Croatia, and Republic of Moldova, emphasized the need to preserve and build upon the existing UN Framework for Responsible State Behaviour in cyberspace as a foundational principle.


### Recognition of Evolving Threats


Delegations showed consensus on several key threat areas:


**Ransomware**: The European Union, Mauritius, Qatar, and Colombia recognized ransomware as a severe and growing threat requiring comprehensive treatment.


**Emerging Technologies**: Countries including Mauritius, Qatar, Indonesia, Rwanda, and El Salvador showed consensus on addressing risks from emerging technologies like artificial intelligence and quantum computing.


**Critical Infrastructure**: Multiple speakers highlighted concerns about attacks on critical infrastructure, particularly healthcare systems, energy networks, and financial services.


### Capacity Building


There was broad support across diverse political alignments for capacity building as a foundational pillar. Argentina, Mauritius, Indonesia, Fiji, and Rwanda emphasized capacity building as a cross-cutting enabler for cybersecurity.


### Gender Inclusion


Multiple speakers, including Mauritius, Republic of Moldova, Colombia, and Australia, supported promoting gender inclusion and ensuring meaningful participation of women in ICT-related decision-making processes.


## Major Areas of Disagreement


### Use of ICTs in Armed Conflict


The most significant disagreement centered on language regarding ICT use in armed conflict. The United States argued against “exclusively peaceful purposes” language, stating: “We cannot support the draft report’s reference to promoting the use of ICTs for ‘exclusively peaceful purposes’… states are already using ICTs in the context of armed conflict. It is all the more important, therefore, that states reaffirm their commitment to applying principles of international humanitarian law to their use of ICTs in armed conflict.”


This position was supported by Australia, Switzerland, and Canada, while Cuba and other like-minded states supported stronger peaceful use language.


### Stakeholder Participation


Western states, including Australia, Croatia, and Turkey, advocated for more inclusive stakeholder participation, citing the importance of stakeholder expertise. Conversely, the like-minded group insisted on maintaining current restrictive modalities to preserve the intergovernmental character of the process.


### Terminology and Scope


The like-minded group, through Iran and Russia, insisted on using “security of and in the use of ICTs” rather than “ICT security” throughout the text. Iran and other like-minded states also questioned including Group of Governmental Experts (GGE) reports as foundational documents while seeking removal of references to the 2021 chair’s summary.


## Specific Proposals and Amendments


### Threat Assessment Proposals


Iran suggested the UN Secretariat compile a non-exhaustive list of threats as proposed by states during OEWG deliberations to serve as reference for future mechanisms.


### Technical Issues


Several delegations proposed specific amendments:


France suggested language addressing commercially available ICT intrusion capabilities with appropriate safeguards and oversight.


Australia proposed alternative language for ICT use in armed conflict, suggesting states stress “the need to promote the responsible use of ICTs by states in accordance with international law.”


### Institutional Design


The like-minded group opposed the current thematic group structure and advocated for a separate norms group, while others supported the proposed three-group structure with a cross-cutting approach.


## Technical and Operational Discussions


### Specific Threats


**Supply Chain Security**: Ghana emphasized security by design throughout the ICT lifecycle.


**Commercial Intrusion Tools**: Australia and Iran raised concerns about proliferation of commercial cyber intrusion tools.


**Advanced Persistent Threats**: Thailand highlighted the importance of including APTs in threat assessments.


**Cryptocurrency Theft**: Mauritius and Japan advocated for including cryptocurrency theft in the international peace and security context.


### Regional Cooperation


Singapore emphasized enhanced Computer Emergency Response Team (CERT) cooperation and public-private partnerships. Switzerland highlighted the role of regional organizations in implementing the responsible state behaviour framework.


## Side Events and Additional Matters


Qatar announced a side event on “Securing Cyberspace: Building Partnerships for a Safer Digital Future” scheduled for the following day, with details to be circulated via the Secretariat.


## Conclusion


The 11th session revealed both the significant progress achieved by the OEWG and the challenges remaining in reaching consensus on contentious issues. While there was broad agreement on preserving the UN Framework and addressing evolving cyber threats, fundamental disagreements on the use of ICTs in armed conflict, stakeholder participation, and institutional design require continued negotiation.


The Chair’s emphasis on focusing on specific amendments rather than general statements, and the need for flexibility from all delegations, will be critical for achieving consensus on the final report and establishing the future permanent mechanism. The success of these negotiations will determine the framework for international cybersecurity cooperation within the UN system for years to come.


Session transcript

Chair: Good morning, Excellencies, Distinguished Delegates. The first meeting of the 11th and final substantive session of the Open-Ended Working Group on Security of and in the Use of ICTs established pursuant to General Assembly Resolution 75 slash 240 is now called to order. I extend a very warm welcome to all Delegations attending this meeting. and to those watching the meeting on UN Web TV. I’d like to now invite delegations to hear a video message from Ms. Izumi Nakamitsu, Undersecretary General and High Representative for Disarmament Affairs, to give us her message.


Izumi Nakamitsu: Mr. Chair, Distinguished Delegates, Dear Colleagues, I regret that I cannot address you in person, but I am grateful for the opportunity to deliver this video message. I thank you, Ambassador Gafoor, for your tremendous leadership of this process. We are all appreciative of the singular dedication you have shown over the last five years. From day one, this open-ended working group has been a demonstration of what is possible in multilateralism, not only progress but consensus. I have consistently commended this working group for proving its value over and over again. In doing so, I have highlighted its many achievements. A global intergovernmental directory with the participation of more than 115 states. Eight global confidence-building measures that enhance trust and predictability between states, reducing tensions and misunderstandings. Common understandings on the ICT security threat landscape, from critical infrastructure vulnerabilities to incidents involving malicious software. And a whole range of initiatives in the area of capacity building, including the convening of the first-ever Global Roundtable discussion. Achieving these outcomes would have been challenging in the best of circumstances, but we know the international security landscape has been anything but ideal. While conflicts rage and divisions deepen, this working group has managed to maintain a positive record of success. Throughout the life of this group, I have lamented that challenges to international peace and security arising from state use of ICTs are growing. My concern remains unabated. In particular, recent conflicts demonstrate the serious dangers posed to civilians by malicious ICT activity, particularly that targets infrastructure essential for public services. As the United Nations celebrates its 80th anniversary, we must assess the suitability of the organization. A critical part of this assessment will be answering the question, how will the organization respond to emerging dynamic challenges for which we do not have the luxury of time? Advances in technology are a case in point. Today’s cutting-edge technology is considered absolute just months later. On the other hand, inclusive deliberation among states takes time. But despite the difficulty of addressing these fast-moving issues, we know that states’ consistent, dedicated engagement makes a difference. ICT intergovernmental work on ICT security over more than two decades has proven just that. This brings me to the critical matter of the future permanent mechanism on ICT security, the final modalities of which will be considered. this week. I remarked in February that the groundwork has laid last year with agreement on the fundamentals of the mechanism, functions in scope, and decision-making. This is a strong starting point. But we know that delegations must still find consensus on several difficult issues, particularly stakeholder modalities and dedicated thematic working groups. I am keenly aware of ongoing divergences of views, but I am also confident that a balance can be struck. From my perspective, diverse stakeholders have much to contribute to any future process, and it is my sincere hope that modalities for their meaningful participation will be finalized. Regarding the thematic groups, having space for focused exchanges with a view to action-oriented recommendations is essential. Shaping the groups in a way that allows for a diversity of focused discussions is a task at hand. All that said, we must draw encouragement from the baseline understanding that states are firmly invested in a seamless transition from this OEWG to a single-track permanent mechanism. On that, there is no disagreement. The issue of ICT security is too important to allow any lag in consideration of it. I appeal to all delegations to continue in the spirit of constructive engagement, which has been a defining quality of this working group from the start. The OEWG’s past achievements must be met with shared commitment to the future. Rest assured that the Secretariat will be your dedicated partner and looks forward to working closely with delegations in the framework of a future mechanism. As we cross the finishing line of this mechanism, mechanism, let us ensure we are ready for the next race. I wish you great success in your negotiations in this week, and thank you very much for your attention.


Chair: I thank the High Representative for Disarmament Affairs for her statement. First Delegates, at this stage I would like to offer some remarks in my capacity as Chair of this process. And once again, I would like to warmly welcome all Delegations to this 11th and final substantive session of the OEWG. It is good to see so many familiar faces in this process. Some of you have been involved in this process for the last five years, some even prior to that, but also this process has regenerated itself by having so many new faces who have joined the process. I think over the years, we have built a community of practitioners who are deeply committed to continuing the exercise that we began not just five years ago, but I think decades ago. Ultimately, this is what diplomacy is truly about, building a community, building a base level of confidence and trust so that we can work together to find common ground and make progress in a manner that is mutually beneficial. I want to take a moment to step back and reflect on how far we have come. This Working Group was established by the General Assembly almost five years ago in December 2020. I was elected as Chair in June 2021. At the time, many Delegations were unsure about what this new open-ended Working Group could do or achieve. I want to take a moment to reflect on how far we have come. This Working Group was established by the General Assembly almost five years ago in December 2021. At the time, many Delegations were unsure about what this new open-ended Working Group could do or achieve. I want to take a moment to reflect on how far we have come. Since then, we have adopted three consensus annual progress reports, each building on the other, each taking a small step forward in an incremental manner. And we have done this even in the face of a very challenging and tense international security landscape and an increasingly tensed and polarized atmosphere here at the United Nations in New York. From the beginning of this process, I had emphasized the need to make concrete action-oriented progress in a step-by-step manner. That is what we must continue to do this week. In the past four years, we have made good progress and achieved some concrete outcomes. Under-Secretary-General Izumi Nakamitsu highlighted some of them. I would like to highlight what I regard to be some positive outcomes of this process. First, we have reinforced and mainstreamed the normative framework of norms, rules and principles of responsible state behavior in the field of ICTs. This framework was decades in the making, and this is a framework that has been reinforced as a result of this process. Make no mistake about that. Second, we have raised the level of awareness with regard to ICT security. And equally important, we have widened the circle of engagement and participation in this process. And it is particularly heartening to see that so many small countries and developing countries have now become actively engaged in this process, which previously was not always the case. This is an achievement that we must build on so that the process is not only open-ended and universal, but also inclusive with a sense of ownership felt by every single member of the United Nations. Thirdly, we have made out of this process an exercise in building confidence with each other. Many of you have said this again and again in this process, that the open-ended working group was itself a CBM. And if that is the case, we need to continue the CBM beyond this process into a future permanent mechanism so that the confidence building can continue, and so too the trust building among all countries. These are some intangible outcomes that are difficult to quantify, but the three positive outcomes that I have identified are nevertheless, in my view, important ones that require some serious reflection on the part of all UN members. In terms of specific outcomes, the open-ended working group took some concrete steps forward with regard to the POC directory. Undersecretary General Izumi Nakamitsu mentioned that. But the work is not done. We need to make it truly universal as a mechanism for countries to engage each other, build partnerships, and build confidence. We also adopted eight new global CBMs from ground zero, because prior to this process, there was no notion of a voluntary global CBM within the framework of the UN. So that is an outcome that is full of potential for the future. Thirdly, and again as Undersecretary General Nakamitsu mentioned, we convened the first ever global round table on ICT security capacity building, which was the first time that such a discussion was held here at the UN. Additionally, with regard to the various sections of the mandate, I think we have reached additional layers of understanding. We have reached common understanding with regard to some emerging issues. For example, we have identified a range of new ICT threats appearing in the rapidly evolving threat landscape and we have tried to capture them and record them in consensus UN documents for the first time. And our shared assessment of the evolving threat landscape provides the basis and foundation for continued collective discussion and collective action. And some of these threats include threats relating to ransomware, commercially available ICT intrusion capabilities, and new and emerging technologies such as AI and quantum computing, just to name a few. And of course, we have also agreed in principle to establish the Future Permanent Mechanism as a single-track universal process. We have agreed to establish this mechanism and we have some unfinished business that we need to address at this session. The good progress we have made over the past five years reflects the urgency that you have felt, the commitment that you have given to this process. Now it is true that there are many differences between delegations on the approach we should take, but it is also clear to me from the podium that there is an overwhelming sense of commitment to this process and that all delegations are united by their commitment to making progress and achieving concrete outcomes in a spirit of flexibility. That’s my sense. That’s what I hear when people talk to me. Looking back on all that we have achieved, I think there are some lessons we can draw. Firstly, it is important that as a collective we are united in making progress. concrete steps forward in an incremental, step-by-step way. And this applies to all processes. The challenge before us at the UN is an overwhelming one, not just with regard to this Committee but across the board. But in each of the UN processes, it is important that we focus on making small steps, taking small steps forward in an incremental way to strengthen and build on what we already have. The second lesson that I think we can draw from this process is that when states are ready to work together, talk to each other in a spirit of mutual cooperation, and when they are ready to exercise flexibility in order to achieve a compromise, consensus is possible, progress is possible. My sense is that these two factors remain very much in place for our process this week. In other words, there is an overwhelming sense of commitment to this process, which I sense. And second, states are ready to work together in a spirit of mutual cooperation. We will need every ounce of that in the next few days ahead in order to reach an agreement. The second point that I wanted to address is that it is important that we bring the work of this Working Group to a conclusion this week in order to ensure a smooth and seamless transition to the Future Permanent Mechanism. And we need to do this by Friday this week. The good news is that a successful outcome is within our grasp. From the podium, I can see… a pathway forward for us to reach consensus. The pathway is visible and consensus is entirely attainable, provided countries engage in this process over the next few days in a spirit of flexibility and in a spirit of open-mindedness. This opportunity to make progress is something that we cannot afford to miss. The other good news is that we have a foundation of three annual progress reports, which provides the framework of common understandings that we have reached over the years. So what we need to do this week is to take a few additional steps – a few additional small steps, if I may add – to reach a balanced outcome that every delegation can embrace and own, and that will lead to a strengthening of what we have already built as a foundation. There are quite a number of things that are on my remarks, but let me abbreviate my remarks in the interest of time. Even as we discuss our work this week, the ICT security threat landscape continues to evolve at an accelerating rate. And this just underlines the need for us to continue our work and make some progress. It’s also important that as we look at what we need to do, we have to think of continuing our efforts to broaden participation in the global POC directory and see how we can implement what we have already agreed, for example, the global CBMs. And capacity building is something that has become very cross-cutting in nature, and as many of you have also said, capacity building is also an exercise in building confidence. And this is an area where we need to be very careful. where we have to take another step forward. There is a considerable amount of expectations in this area, and here, too, we have to take a step forward. Finally, the permanent mechanism that we have agreed to establish will provide a permanent venue for us to continue the work that we need to do. And as we enter these final hours of our work, I hope that delegations will continue to channel the spirit of flexibility and understanding that has been built up in this process over the last few years. And in this process, I wanted to say that each one of you have a role to play. Each one of you have agency and autonomy to make a difference. So I ask each one of you to see how you can contribute to this process over the next few days in order for us to reach an outcome at the end of the week. I’m very confident that all of you are committed to doing your part. I want to let you know that I’m committed to doing everything that’s possible, but I cannot produce miracles. The UN process is such that, ultimately, what is agreed requires the support and consensus of every single member. In that sense, success is in your hands, and failure is not an option. So with those remarks, distinguished delegates, I thank you very much for your attention. We will now move to agenda item three, which is organization of work. And this is also listed in accordance with the provisional program of work. Delegations are reminded that the group will continue to conduct its work in accordance with the decisions taken at its organizational session held on the 1st of June, 2021. And these decisions include the adoption of the working group’s agenda as contained in document A/AC 292 2021/1, an agreement that the work of the group will be conducted in accordance with the rules of procedure of the main committees of the General Assembly, while acting on a consensus basis. Now I’d like to draw the attention of the working group to the provisional program of work of the 10th substantive session as contained in document A /AC 292/2025/4, which has been structured in accordance with the agenda of the working group. And this structure of the provisional program of work is in keeping with all the previous provisional programs of work that we have adopted. May I take it that the working group wishes to proceed in accordance with the provisional program of work. of the 10th substantive session as contained in document A-AC292-2025-4. I see no objections, it is decided. Let me say that the adoption of the Provisional Programme of Work must not be taken for granted. Remember the early days when we used to have very lively debates about the Provisional Programme of Work. So I think we are making good progress. Thanks to all of you, of course. And as all of you know, the process is going to be very fluid and in implementing the Provisional Programme of Work, which is now adopted as the Programme of Work, we will apply it in a very flexible way so that we can do everything that we need to do by the end of this week. I would now like to address the attendance or the question of the participation and attendance of stakeholders at this 11th substantive session. Delegates would recall that the Working Group adopted the modalities for the participation of stakeholders in the Working Group at its third substantive session. And following the latest round of accreditation conducted ahead of this session, in accordance with that decision, an updated list of non-governmental entities is contained in document A-AC.292-2025-INF-3. May I take it that the Open-Ended Working Group approves the attendance of the non-governmental entities as contained in document A-AC.292-2025-INF-3. I hear no objection. It is so decided. Thank you very much for that. Finally, I’d like to inform delegations that the draft final report of the group outlining all organizational matters relating to the working group has been circulated as document A slash AC.292 slash 2025 slash L1. And just to let you know, the draft final report is the procedural report, which is separate from the final report, which is the document that has been circulated as REV1 to you. So the draft final report that I’m referring to is the procedural report that has been circulated as document A slash AC.292 slash 2025 slash L1. And the working group will take up this draft document in L1 at our final meeting on Friday, the 11th of July. Now having completed agenda item 3, we will now move to agenda item 5, discussions on substantive issues contained in paragraph 1 of General Assembly Resolution 75 slash 240. We will now begin our consideration of agenda item 5 on the substantive issues. And in this regard, I wanted to recall that in my letter dated 23 May 2025, I circulated the zero draft of the final report. Subsequently, during virtual open-ended informal town halls held on the 2nd and 16th of June, delegations provided initial views on the zero draft. And following these informal virtual consultations, I circulated a revised version of the final progress report in a letter dated 25 June. And I’d also like to inform you that additionally, I convened an informal dialogue with stakeholders just last week on the 3rd of July. As I stated in my letter dated the 3rd of July, it is important that we finalize all outstanding issues within the limited time that we have, and this requires all of us to use the available time efficiently. I’ve therefore in my letter requested that all delegations refrain from delivering general statements. And in the event you have prepared general statements, I kindly request that you share these statements in advance with me and the Secretary. The intention is not to prevent you from making your statements, but the intention is to manage our time effectively and efficiently so that we can address the key issues that will be required to attain consensus. And as I also explained in my letter dated the 3rd of July, we will go through the document in Rev. 1, starting with Sections A and B, and then Sections C and D, and then Sections E and F. And I therefore invite all delegations to make a single statement on these Sections A and B to start with. And on Tuesday, tomorrow, it’s my intention to begin discussions on regular institutional dialogue, which, as all of you can understand, will require sufficient time to address the various issues. And it is important that we devote sufficient time for these issues as well. And it is therefore important for us to make progress through the various sections in a rapid way. Finally, as I said in my letter as well, I hope that delegations will look at Rev. 1 in a spirit of flexibility, compromise, and constructive cooperation, and use this meeting this morning and this afternoon and also tomorrow with regard to addressing the key issues from the point of view of your delegation. And I would also particularly welcome proposals for compromises, proposals for bridging text that can help all of us get to consensus. And it’s really important that we go beyond a restating of your preferred… positions and your national positions, because a restatement or reiteration of your preferred positions or issues is in itself not sufficient to get us to convergence and consensus. So my friends, my apologies for these lengthy opening remarks, but I wanted to situate the meeting as to where we are, the context in terms of how far we have come, and most importantly the challenge as to where we need to go. The distance to travel in the next few days is not large but it’s the hardest part that we need to traverse, but it can be done. A pathway to progress is visible, success is within reach, and I count on each one of you for your cooperation. So there’s no established list of speakers. Please press the buttons if you’d like to request for the floor, and we’ll ask for, we’ll ask, we’ll ask all delegations to be as succinct as possible, and I’ve also requested the Secretary to put a timer on the screen so that you can see for yourself how much time you’re taking. It’s not intended to pressure you in any way, but it’s to encourage every one of you to do your best in terms of being concise and brief in your interventions. So we’ll start with the European Union which is, which is asked for the floor, to be followed by Nigeria.


European Union: Good morning Chair, good morning colleagues. I have the honour to speak on behalf of the European Union and its member states, as well as the candidate countries North Macedonia, Montenegro, Serbia, Albania, Ukraine, the Republic of Moldova, Bosnia and Herzegovina, and Georgia. The EFTA country Norway, member of the European Economic Area, as well as San Marino, aligned themselves with this statement. That means that I will be speaking on behalf of 37 states. I will do this for all of my statements this week. That means 20% of the UN membership. I promise I won’t take 20% of the time. But please allow me to maybe go a bit over the three minutes for some of the statements and some of the points that we want to make. Dear chairs, this is the first time I’m taking the floor this week. Please allow me to start by thanking you and your team for the continuous effort throughout this process. The UN’s member states continue to be committed to the open-ended working group discussions, as we have shown over the last years. And we will work this week constructively with you and all UN member states to ensure a smooth transition to the future permanent mechanism, a mechanism that will allow us to walk the talk, to take real action against the real challenges that we are facing in cyberspace, challenges that affect our security, affect our economies and democracies. And we look forward to concluding a report this week that will allow us to take the next step building on the framework for responsible, safe behavior in cyberspace. And this is an important principle, Mr. Chair. We should not conclude on a report that makes us lose the work we have done so far. We should not conclude on a report that diminishes the value of the UN framework and prioritizes new discussions on new norms and obligations over taking action and implementing those commitments we have made thus far. We cannot risk weakening the UN framework, as we cannot risk the international stability and security that those commitments offer us. And I invite every delegate in this room to just pause for a moment and think about what it would actually mean for our stability and security to not have those commitments strongly grounded in this final Open-Ended Working Group report. What raising doubts about the application of the UN framework would mean for your national security, for your economy and for your political system. In this light, we strongly suggest to ensure that the work by the international community done so far is well reflected in this report. And that we use this report to put in place the tools to effectively implement the UN framework, notably on capacity building. We therefore welcome the reference made in paragraph 13, but suggest to add the further references to the UN framework, its pillars and the work of the Open-Ended Working Group, as well as the UN GGEs in this context. And we welcome them to add them throughout the text, particularly for instance, in paragraph seven and eight. We also welcome in section C, paragraph N, the clarification on the appropriate role that norms play in the UN framework and the important reiteration that norms do not replace or alter states’ obligations and rights under international law, which are binding. We ask, however, to move this to the chapeau and to use agreed language in this context. We also suggest that all sections are clearly organized in a way that separates the paragraphs on the UN framework, its elements and its applicability, as well as the consensus interpretations of the Open-Ended Working Group from new proposals that have not garnered consensus, but could be potentially part of future discussions. By clearly making that separation, we leave no doubt that there are rules, norms and principles in place that states should abide by, and that additional proposals might build on them, but should never try to replace them. Let me then. and move to the threat section, Chair. We welcome the thorough reflection of the threat landscape, acknowledging that this is the basis for our discussion on responsible state behavior in cyberspace and the implementation of the UN framework in this regard. And I’m happy you referred to that as well. In this light, we clearly suggest to reflect the connection between the threat section and the other sections. For instance, linked to paragraph 15 in the threat chapter that recognizes the reality of the use of cyber capabilities in armed conflicts, the international law section should reflect the discussion on IHL. We would like to see the international law section clearly stating the elements of IHL as developed by a cross-regional group in a working paper. And we regret that in paragraph 15, the language has been changed for exclusively peaceful purposes, which diverts from agreed language and obligations and rights under international law. We therefore ask for its deletion. On paragraph 16, we regret the deletion of the blurred lines between state and non-state and criminal actors, as in particular, we see an increase of non-state actors engaging in light with state interest or engaging from the state’s territory with impunity. We strongly support the explicit recognition of ICT threats against international humanitarian organizations. And as well, we support the reference in paragraph 27 on the need to better understanding the risks associated with new and emerging technologies, including AI and quantum computing. We, however, suggest a caution in paragraph 27 for potential duplication of discussions under the future permanent mechanism on addressing threats stemming from new and emerging technologies, considering other ongoing processes, for instance, on AI addressing these type of threats. We also continue to be concerned about the use of malicious software, especially ransomware, and the expanding market for commercial intrusion capabilities, the increase of cryptocurrency as well as intellectual property theft, and welcome those references in the threat section. As regards ransomware, for instance, the healthcare section has over recent years become a prime target for ransomware actors due to the vast amount of sensitive patient data and the criticality of its operations. In this slide, we would welcome a separate paragraph on ransomware, as well as the recommendation to highlight the risk that ransomware poses to national security and the developments of state’s digital economy, and the need to further discuss and develop action-oriented measures under the cross-cutting dedicated thematic groups building on the commitments of the five pillars of the UN framework to address this threat appropriately. We see the UN framework of particular relevance here as criminal groups operating from the territory of certain states have increasingly sought to disrupt public entities and critical services in other states. Also, additional considerations of what might differentiate criminal and national security dimension of ransomware would require further attention under our discussions under the future permanent mechanism. We reaffirm also the need to include threats to cross-border critical infrastructure, including undersea cables. In the July APR of last year, states noted for the first time the need to secure undersea cables and orbital communication networks from malicious cyber activities, acknowledging that this could cause significant damage or disruption to telecommunications. and potentially affect the infrastructure essential to the availability and integrity of the Internet. Again, given the importance of these critical infrastructure and essential services for all states as the backbone of every country, we suggest to include a recommendation that highlights the need to secure cross-border critical infrastructures such as undersea cables and orbital communication networks and the need to develop action-oriented measures under the cross-cutting DTGs building on the commitments under the five pillars of the UN Framework to address this threat appropriately. We also welcome paragraph 18 that mentions cyber activities targeting critical infrastructure related to democratic institution and electoral processes as these significantly undermine trust and confidence between states and risk international stability. And finally, we welcome the language at the end of paragraph 32 setting out concrete tools to combat threats, including capacity building and public-private partnerships, as well as the multidisciplinary or cross-cutting dialogue among technical, diplomatic and legal experts which could be made effective under the cross-cutting DTGs. Let me please make one final remark as regards paragraph 33 as we would suggest to rephrase the language here, acknowledging that we should not only discuss cooperative measures but we should also discuss the application of the UN Framework in relation to threats as you mentioned yourself, taking into account paragraph 14 to 32. Here we reiterate that the UN Framework reflects the rules, norms and principles in place that should guide states’ behavior in cyberspace. Thank you very much, Chair.


Chair: Thank you very much, European Union. Could you kindly share the statement with us, please? Thank you very much. Nigeria for African Group to be followed by Fiji.


Nigeria: Thank you, Mr. Chair. I wish to deliver this statement on behalf of the African Group. The African Group wishes to express its deep appreciation to the Chair for his stewardship and thank him and his team for the progress made. made in this process since its inception in 2021. The group further wishes to highlight the successful adoption of the three annual progress reports of the Open Area Working Group by a concessor and the fruitful deliberation that took place during the past four and a half years. The group welcomes the annual progress report first reverse draft presented by the chair and the recommendation therein as we consider this initiative as a constructive contribution aimed at bringing us closer to a seamless transition from the current Open Area Working Group to the future permanent mechanism. The African group calls on all members to show a strong political will and a determination to promote compromise as a fundamental principle of negotiation to achieve a consensual adoption of the annual progress report for reaffirming the imperative for a single track. At this 11th and final session, the African group would like to highlight the following view in relation to different aspects of discussion. But first, let me go into the pillar on threat. Mr. Chair, the group underscored the importance of addressing the risk and the threat associated with malicious use of ICT, including attack on critical infrastructure and critical information infrastructure, which is a form of threat increasingly relevant to African country, given the valuable investment put in such infrastructure, which are located from a limited pool of resources. I’m bearing in mind the trajectory of digitalization that several African states are pursuing in support of their sustainable development aspiration. Similarly, it is our view that there are other equally important and relevant ICT security threat and risk that target our nation, which should be addressed on an equal footing. This include, but is not limited to, targeting supply chain, undersage cable, Business may compromise the misuse of new and emerging technologies such as AI, IoT, cloud computing, and quantum computing, widespread misinformation and disinformation campaigns, including deepfakes, particularly targeting state institutions and designed to influence public opinion and destabilize governance during phases of post-conflict recovery and political crisis, ransomware attack, and cyber attack-destructing workflow in state institutions and or regional organizations. We wish to reiterate that this type and form of threat emanating from the cyber space are not only harmful by definition, but also impair the ability of African states to pursue their developmental path, compromising the credibility and functionality of state institutions, reducing the public confidence and trust, as well as general safety and societal harmony. We therefore reiterate our call for more in-depth discussion on this form of threat in our deliberation as well as in the future permanent mechanism. Thank you so much.


Chair: Thank you, Nigeria, for the African group, Fiji for the Pacific Islands Forum, to be followed by the Islamic Republic of Iran.


Fiji: Thank you, Chair. Chair, I have the honor to speak on behalf of the Pacific Islands Forum with a presence here in the United Nations, namely Australia, the Cook Islands, Kiribati, the Federated States of Micronesia, the Republic of Marshall Islands, Nauru, New Zealand, Palau, Papua New Guinea, Samoa, Solomon Islands, Tonga, Tuvalu, Vanuatu, and my island home, Fiji. Chair, as we reach the culmination of these open Ended Working Group’s mandate, the Pacific Islands Forum reaffirms its support for consensus outcomes and inclusive global cooperation on international cybersecurity. We commend your efforts, Chair, and the contributions of all of the delegations. Throughout this process, the Pacific has consistently advocated for a cumulative and evolving framework that addresses threats and builds resilience through the application of international law, voluntary and non-binding norms, confidence building measures, capacity building, and regular institutional dialogue. These pillars are not standalone silos. They must be advanced coherently and implemented effectively. We emphasize the adoption of the Pact of the Future that was adopted by our leaders last year and its annexes in relation to the Global Digital Compact, where international collaboration and cooperation are key, and request that the reference to this important multilateral process is captured in the final report. Chair, from the Pacific’s perspective, our greatest priority now is to ensure the future permanent mechanism is fit for purpose, accessible to all states, and capable of delivering practical outcomes. This mechanism must be inclusive and balanced, not only in participation, but in agenda setting, working modalities, and outcomes. And we appreciate the Chair’s effort to consolidate the structure of the proposed dedicated thematic groups. At the same time, we share the view that this approach may not allow us to meet these goals effectively. The OEWG has delivered meaningful dialogue. And moving forward, it is important that the future permanent mechanism be action-oriented and focused on delivering real results for all countries. We emphasize the importance of capacity building as an enabler across all areas of the framework. Cyber capacity building should not be siloed. It is foundational to implementing norms, to meaningfully engaging in international legal dialogue, and to sustaining confidence-building measures. The OEWG principles remain a strong foundation. But we regret that the Pacific Islands Forum’s regional capacity building paper, a major regional contribution, as well as other similar regional papers, are not meaningfully reflected in Rev. 1. And we look forward to working with you. forward to seeing this incorporated in the next iteration of the draft. The future mechanism must help identify national and regional needs and match them with appropriate support. And this includes supporting the technical implementation, the legislative development, workforce development and public awareness, and cyber hygiene education. And noting the role of these regional papers will set the appropriate foundation for the future permanent mechanism. On threats, Chair, our region continues to be impacted by malicious cyber activity. Ransomware remains a severe and growing concern as are threats against critical infrastructure and critical information infrastructure. We welcome the paragraphs that reflect this in our Rev. 1 report. The integrity of our undersea cable infrastructure, which is vital to our economic and social resilience, is increasingly at risk from both natural hazards and malicious activity. And Chair, in closing, in line with the work program, we will provide our regional comments on the other sections when those comments are open for deliberation and also seek your indulgence that we will request for the floor at a later time to deliver remarks in our national capacity. Thank you, Chair.


Chair: Thank you, Fiji, Iran, to be followed by the Russian Federation.


Islamic Republic of Iran: Thank you, Mr. Chair. First, we would like to express our appreciation to you and your team for dedicated and tireless efforts in preparing the draft final report of the OEWG. The document provides an appropriate foundation for our deliberations this week. At the same time, we are of the view that further improvements are necessary to ensure the broadest possible support and to pave the way for consensus adoption. In this regard, our proposals on the first draft are guided by the overarching objective of enhancing the dedicated balance of the text, an important principle that you, Mr. Chair, have rightly emphasized as a key consideration in our deliberations. We remain committed to engaging constructively with all delegations under your leadership to ensure that the final report accurately reflects the views and concerns of all member states, enjoys the widest possible endorsement, and fosters a genuine sense of collective ownership. My delegations fully align itself with the joint statement of the LMG Group, which will be delivered later today. On the overview section, we have minor amendments to propose. With regard to paragraph 13, which refers to building the final report upon the first, second, and third annual progress report, we recommend retaining the language contained in the zero draft and omitting the reference to the GGE reports, as these reports were developed by a limited number of countries and don’t reflect the inclusive and consensus-based nature of the OEWG process. We also suggest that the term ICT security, which captures only a limited dimension of the OEWG comprehensive mandate, be replaced throughout the text, including in the overview section, with the more accurate and widely accepted formulation, which is security of and in the use of ICTs. This would better reflect the full scope and intent of the group’s work. On existing and potential threats, we are of the view that the section on threats in the first draft remains unbalanced. This is primarily due to the fact that certain threats highlighted by member states, including my own, over the course of the OEWG work in the past five years have not been adequately reflected in the current text. In order to help address this shortcoming, we would like to offer the following constructive and compromised proposal for consideration. To request the UN Secretariat to compile a non-exhaustive list of existing and emerging threats as proposed by states during the OEWG deliberations. Such a list could serve as a valuable reference to inform further discussion and study within the framework. of the future permanent mechanism. We welcome the reference in paragraph 15 to the use of ICTs exclusively for peaceful purposes and we underscore the importance of retaining this language in the final report. We would like to recall that OEWG’s mandate is to consider threats arising from the use of ICT, especially in the context of international peace and security. As such, the identification of existing and emerging threats should be approached through this specific lens. In this context, we are concerned that the final sentence of paragraph 16 appears to equate ICT-related criminal activity with issues of international peace and security. As this goes beyond the OEWG agreed scope, we would recommend that the sentence be deleted to maintain alignment with the group’s mandate. In the same vein, and based on the same rationale, we cannot support the change made to the agreed language of the third annual progress report in the last part of paragraph 24 regarding cyber, regarding cryptocurrency theft. We propose reverting the formulation in the zero draft, which reflected the agreed language of the third APR. Paragraph 25 has undergone significant changes compared to the zero draft. While we welcome the addition of the final sentence highlighting the importance of ensuring access to these tools by states, particularly developing countries, for lawful purposes, we would suggest a refinement of the last phrase to read, to access and utilize such capabilities for legitimate and lawful purposes. We believe this formulation provides greater clarity and precision. At the same time, we note with concerns the inclusion of newly added languages in this paragraph that we are unable to support. First, the reference to the use of such capabilities in a manner inconsistent with the framework for responsible state behavior in the use of ICTs appears to equate voluntary norms with binding obligations under international law. To preserve the integrity of this distinction, we would recommend the deletion of the newly added sentence. Second, the revised text introduced specific measures, such as establishment of safeguards and oversight related to the market of these capabilities as potential responses to the risk posed by intrusive ICT tools. We note that these measures. have not been subject of focused discussion within the OEWG, and we therefore suggest that these elements be reconsidered for possible future deliberation rather than incorporated at this stage. We would like to recall that the understanding reached at the time of the adoption of the third annual progress report concerning the content now reflected in paragraph 31 of the zero draft. It was explicitly stated at that time that this paragraph would remain open to further consideration. Our first and foremost preference is the deletion of paragraph 31 from the final report as it does not accurately reflect established hierarchy and nature of the international legal framework. Should deletion not possible, the paragraph must be substantially revised to address this fundamental legal issue. To this end, we propose the following alternative wording for paragraph 31. States recall that any use of ICTs by states that is gravely inconsistent with their obligations under international law undermines international peace and security. The use of ICTs in a manner inconsistent with voluntary commitments under the framework of responsible state behavior in the use of ICTs, including voluntary norms and confidence-building measures, undermines security, trust, and stability among states. I thank you, Mr. Chairman.


Chair: Thank you very much, Islamic Republic of Iran. Russian Federation, to be followed by Mauritius.


Russian Federation: Distinguished Chair, distinguished colleagues. First of all, we would like to note the efforts of Ambassador Gafoor and his team to prepare the draft final report of the Open-Ended Working Group and to organize meetings to negotiate on it during the intersessional period. Currently, a great deal of work has been done, but much remains to be done during this week to ensure that this text can serve as a basis for consensus. We would like to emphasize that we are not talking about an imposed consensus, but rather about a result that will be achieved through a balanced consideration of the views of all parties and not at the expense of the interests of any of the states participating in the group. We agree with the structure of the draft report. At the same time, in terms of its content, Russia has a number of concrete, targeted proposals that are fundamentally important for our country. These guidelines are reflected, as well, in the joint statement of a group of like-minded states presented today that will be presented later today. Mr. Chair. In our view, the key task of agreeing on this – 50 pages of the report in a very short timeframe is overly ambitious. We call on the chair to consider shortening the text and preparing the next version of the report. This could be done by deleting or shortening paragraphs that duplicate agreements previously reached in the OEWG, as well as those containing issues that are not related to the mandate of the group – for example, cryptocurrency, information crime, gender issues, etc. I’d like to present the specific considerations of the Russian delegation on Sections A and B. First of all, we believe it’s important throughout the text to replace the term ICT security, which is narrow in its scope, with the phrase security of and in the use of ICTs. That includes the entire range of issues considered by the group. This same proposal applies to the title of the future permanent mechanism. The word stakeholders should also be replaced by other interested parties, as enshrined in the mandate of the group. The overview section, we believe, contains excessive commentary on the current geopolitical situation in paragraph 1, which we recommend removing in order to emphasize the depoliticized nature of the OEWG meetings. We insist on including in the text a call for the future mechanism to rely, in its work, upon the modalities of interaction between the OEWG and other stakeholders agreed upon in April 2022. That’s paragraph 10. In the section on threats, we believe it is necessary to reflect in the recommendations, first and foremost, the task of developing legally binding agreements as the most effective measure to counter challenges in the digital environment. It is reasonable to emphasize, as well, the role of the global intergovernmental points of contact directory for the exchange of information on computer attacks and incidents established for these purposes in the OEWG, which allows for the cooperation between the competent authorities of states to prevent conflicts in information space, taking into account the voluntary nature of the Framework for Responsible Behavior and Use of ICTs, we insist on the deletion of the wording on the commitment to their implementation by all states. That’s paragraph 33. We believe it’s sufficient to indicate the importance of observing this framework. In paragraph 25, in the context of commercially available ICT intrusion capabilities, it is more correct to refer to a violation of international law, especially the UN Charter, rather than the aforementioned framework of behavior. In paragraph 25, it is unclear what possibilities of using commercially available ICT intrusion capabilities for unauthorized access to ICTs in accordance with international law are being referred to. This language should be deleted. In addition, it would be more correct to replace the term illegitimate with illegal. Unreasonable emphasis is placed on the possible impact of ICT criminal activity, that is paragraph 16, hidden malicious functions, paragraph 23, and ransomware attacks, paragraph 24, on international peace and security. We assume that all issues discussed in the OEWG by default may have an impact on peace and security. Considering that the malicious use of ICTs poses a threat to all types of critical infrastructure and critical information infrastructure, we see no reason to single out, in paragraph 17, individual vulnerable sectors such as health care, maritime transport, aviation, finance, and so on. The draft pays excessive attention, we believe, to issues of artificial intelligence, in paragraphs 26 to 27, ransomware, paragraph 24, quantum computing, and the Internet of Things, paragraph 28, which we believe should be combined and we should significantly shorten the relevant paragraphs. We propose deleting paragraph 20 altogether. We believe it is to remove vague provisions on a human-centric approach to ransomware, in paragraph 24, and effective risk management in relation to ICTs, that is paragraph 27, as well as premature conclusions on the importance of developing post-quantum cryptographic solutions, in paragraph 26. Thank you for your attention.


Chair: Thank you, Russian Federation. Please do give me an English version of your statement and also share it with all delegations. Thank you for that. Mauritius, to be followed by Canada.


Mauritius: Chair, distinguished delegates, good morning. The Mauritian delegation extends its sincere appreciation to you, Ambassador Gaffour, for your steadfast leadership throughout the OEWG’s mandate. We also express our gratitude to the Chair’s dedicated team and the UN Secretariat, in particular the ODA, whose combined efforts have been instrumental during the life cycle of the OEWG. We commend your initiative in convening two town hall meetings ahead of this final substantive session. These open and candid exchanges provided a valuable space for delegations to clarify positions, hear concerns from Member States, and collectively explore pathways towards convergence. We believe this contributed meaningfully to a shared sense of direction to building confidence at a critical moment in our work. As we convene for this concluding session, we reaffirm our commitment to a secure, stable, and peaceful ICT environment. We welcome the Chair’s final report, dated 25 June 2025, which encapsulates the progress achieved. and outlines a path forward. In this context, we offer the following reflections on agenda items A and B. Starting with agenda item A, we support paragraph three in its entirety, and we strongly believe that taken together, the three annual progress reports and the final report represent a carefully constructed foundation that will inform and support the continuation of dialogue on ICT security in the context of international security within the framework of the future permanent mechanism. Reflecting the language of paragraph seven, we express our support for the view that the FPM should be integrated, policy-oriented, and cross-cutting in its approach. Turning to paragraph nine, we strongly support the emphasis placed by states on capacity building as a foundational pillar for strengthening national resilience and ICT security. We conquer that building the necessary resources, skills, policies, and institutions is essential not only for addressing evolving cyber threats, but also for advancing digital transformation and supporting the implementation of the 2030 agenda for sustainable development. Coming to paragraph 12, we welcome the increasing participation of women delegates in the OEWG and commend the growing integration of agenda perspective in its deliberations. We share the view that narrowing the gender digital divide and promoting the full, equal, and meaningful participation and leadership of women in ICT-related decision-making, particularly in the context of international peace and security, is both essential and overdue. We reaffirm our commitment to advancing gender inclusion as a core element of effecting an equitable cyber diplomacy. We now wish to address the elements contained in section B, existing and potential threats, with a view to supporting consensus. My delegation aligns itself with the concerns expressed in the latest chair’s report regarding the increasingly complex and evolving ICT threat landscape. We fully support the emphasis placed by states in paragraph 17 on the growing risks posed to critical infrastructure and critical information infrastructure from malicious ICT activities. In particular. Together we share the concern over incidents targeting vital sectors such as health, energy, financial services, maritime, aviation, and water, recognizing that disruption in these domains can result in cascading effects across borders and regions with serious implications for international peace and security. We also echo the alarm raised about the vulnerabilities of emerging digital ecosystems, including industrial systems, 5G networks, Internet of Things devices, cloud computing, virtual private networks, and firewalls, which are increasingly exposed to exploitation. The growing use of advanced cyber tools such as ransomware, wiper malware, trojans, phishing, and distributed denial-of-service attacks further exacerbates this threat environment. We also share the view that the growing incidence of cryptocurrency theft linked to ICT threats demands urgent and coordinated international attention. We further recognize that while technologies are inherently neutral, the rapid advancement and convergence of emerging technologies such as artificial intelligence and quantum computing introduce new risks that may amplify the speed, scale, and targeting capabilities of malicious ICT activities. We support the emphasis in paragraph 27 on the need to strengthen AI and quantum governance, including through the development of post-quantum cryptographic solutions and by addressing safety and security concerns across the technology lifecycle. Particular attention must also be paid to the dual-use nature of these technologies, including the risks posed by large-language models, deepfakes, and other synthetic content, as well as AI-generated malware. As highlighted by states, the growth and aggregation of data, especially through AI, IoT, and cloud computing underscore the increasing importance of robust… data protection and cyber security practices. We therefore affirm the need for enhanced risk management frameworks and responsible innovation in the use of these technologies for preventing escalation of cyber threats. Finally, referring to paragraph 32, we support the continued call to address capacity gaps that make states more vulnerable to cyber threats. No state is immune. We underline the importance of raising awareness, strengthening national coordination among technical, diplomatic, and legal sectors, and fostering cooperation between CERTs and CSERTs. We also support deepening public-private partnerships and expanded targeted capacity-building initiatives to improve early detection, response, and resilience against evolving ICT threats. We also lay emphasis on the importance of cross-regional collaboration, which is key to address cyber threats at regional level. I thank you for your attention, Chair.


Chair: Thank you. Mauritius, Canada, to be followed by the United States.


Canada: Thank you, Chair. We thank you for your efforts in seeking to devote tomorrow to the discussions that are necessary to allow us to agree on a future permanent mechanism. Canada will therefore today focus on the improvements that we believe are needed in order to find consensus, and we will be brief. In general, we note that the report and Annex III are helping to shape the mandate and the work of our future mechanism. Our work in recent years and our future work under the future mechanism ought to recognize the foundations laid by the Framework for Responsible State Behaviour in Cyberspace. Our final report should clearly recall this solid foundation, upon which we have already agreed. Just like the EU, we are concerned by the fact that Annex I does not sufficiently recall the importance of this existing framework. As regards the text, in the overview section of the report, we particularly support paragraph 7, which refers to our consensus that the future mechanism will work in a cross-cutting and public policy-oriented manner. We consider that paragraph 2 should note the involvement of stakeholders when it refers to our platform as seeking to be inclusive. inclusive and transparent. Finally, and this is a point that we will reiterate in relation to several sections, Canada urges the Chair to remove references to the 2021 summary, given that this document does not, in fact, represent consensus. References to this 2021 document are confusing because they give the impression that this summary has a status that it has not, in fact, earned. Moving now to the section on threats. Canada supports paragraphs 20, 25, and 32. We share the concerns of the EU about paragraph 16, and Canada also has serious concerns about the last sentence of paragraph 15, and we would call for deletion of the last sentence of paragraph 15. We welcome the content of paragraph 24. Nevertheless, this list of threats does not do justice to the major trend that was echoed throughout our OEWG, which was specifically to deal with ransomware. In our view, this particular threat deserves its own paragraph. We support the reference to cryptocurrencies at the end of paragraph 24, and we suggest that we change the reference to post-quantum cryptography at the end of paragraph 26 to focus it more on cybersecurity with an emphasis on implementation of solutions related to these developments. Finally, together with the African group, we welcome the idea that we work more on threats to critical infrastructure under the future mechanism. And this concludes our brief remarks. Thank you very much, Chair.


Chair: Thank you, Canada. United States, to be followed by Indonesia.


United States: Thank you, Chair. The United States has been clear that the UN must return to its founding purpose to maintain international peace and security. The United States helped found the UN after World War II to prevent future global conflicts and promote international peace and security. But some of the UN’s agencies and bodies have drifted from this mission and instead act contrary to the interests of the United States. And it is in that context that we enter these negotiations. With the OEWG coming to a close, we have an opportunity to cement the good work we’ve done to promote common-sense cybersecurity approaches while ensuring that the discussions that follow continue on this productive path and do not get mired in UN bureaucracy or distracted by controversial or divisive issues. To that end, the United States has reviewed the chair’s draft final OEWG report and has significant concerns. The United States firmly believes that the final OEWG report should serve as a record of consensus achieved in this process and, as a priority, provide a roadmap for a seamless transition to the next discussion forum. Unnecessary details that do not serve that purpose and in the inclusion of a controversial or underdeveloped proposal should not distract from this overall intended purpose of the report. Further, Chair, we emphasize our concern about the draft’s reports over-referencing the 2021 chair’s summary in the 2021 OEWG report. We underscore to all states, as others have mentioned, that this is not a consensus document and should not be treated as such in this draft report. Chair, we ask you to review all references to that summary with this context in mind and remove them where they are inappropriate. In the overview section, we welcome the references to the GGE reports in paragraph 13. These reports represent the foundation of our work, were adopted by consensus by all U.N. member states, and should be referenced in the report. On the threat section of the draft report, we appreciate the draft’s continued acknowledgment that ICTs are already being used in conflict in paragraph 15. Its recognition of the severe threat to international peace and security posed by ransomware activity in paragraph 24, and its general focus on cyber threats to critical infrastructure. The United States has been the repeated victim of ransomware attacks and significant cyber intrusions into our critical infrastructure from foreign adversaries and criminal actors. And as you have heard, we are not alone in this regard. UN member states must do more to combat these threats. In that vein, we support the European Union’s text proposal highlighting the need to secure cross-border critical infrastructure. We are also pleased to see language added in paragraph 24 on concern about rising cryptocurrency theft and the threat to international peace and security posed by the illicit financing of malicious cyber activity. However, we cannot support the draft’s report’s reference to promoting the use of ICTs for quote, exclusively peaceful purposes, unquote, in paragraph 15. As every state in this room is aware, states are already using ICTs in the context of armed conflict. It is all the more important, therefore, that states reaffirm their commitment to applying principles of international humanitarian law to their use of ICTs in armed conflict. The robust discussions of IHL during this OEWG are not adequately reflected in this draft, and we should not compound that failure by including the confusing text in paragraph 15. Further, while we understand some states are eager to discuss emerging technologies, we believe discussion of those topics and their portrayal in the report need to be carefully kept within the OEWG’s existing mandate. In that vein, we see much of the language on this topic as unnecessarily detailed and as such overemphasizing risk over opportunity. Finally, the United States has raised in each session the serious threat that pre-positioning poses to critical infrastructure, and we are disappointed that that has not been included in REV-1. Thank you, Chair.


Chair: Thank you, United States, for your statement. Indonesia to be followed by El Salvador.


Indonesia: Thank you, Mr. Chair. At the outset, Indonesia wishes to express its sincere appreciation to you, Mr. Chair, for your continued leadership throughout the OEWG process. Indonesia comments you and your team for the hard work for producing the REV-1 of the final report, which in our view broadly reflects the progress achieved in promoting a common understanding of responsible state behavior in cyberspace. We are fully guided by your approach in discussing the final report, as mentioned in the letter dated 3 July 2025. In this regard, allow us to share with you our reflections on Section B, Existing and Potential Threats. First, Indonesia notes the concern on the continued intensification and evolution of cyber threats, as outlined in paragraph 14, as well as the vulnerabilities of ICT infrastructure on paragraph 20, an issue of relevance to Indonesia. Hence, we would like for the those two paragraphs to be retained. Second, Indonesia hopes further discussion on emerging technologies can be continued on the future permanent mechanism. We welcome the inclusion of peaceful uses of ICTs as reflected in paragraph 15 and 27, and elements on emerging technologies, such as AI and quantum computing in paragraph 26 and 27. Third, we believe that capacity building must remain central to our deliberations on this pillar. Paragraph 32 has emphasized this notion, and we are of the view that discussions on threats shall be followed on efforts to strengthen state’s capacity in preventing and mitigating such risks. Therefore, Indonesia believes this paragraph must be retained in the final report. Mr. Chair, in closing, Indonesia reiterates its full support for your leadership and the process ahead. We remain committed to exercise our utmost flexibility on this matter, and working constructively with all delegations towards consensus. I thank you, Mr. Chair.


Chair: Thank you very much, Indonesia, for your two-minute statement. I think you get the prize this morning. El Salvador, to be followed by Qatar.


El Salvador: Senor President, Chair, allow me to begin by expressing the thanks of El Salvador for the hard, preparatory work ahead of this final session of the OEWG. We have noted with appreciation your efforts, those of the team and the Secretariat, in producing a document that facilitates an effective transition towards a permanent mechanism on the basis of the work that we have done so far and that reaffirms the framework for responsible state behavior in cyberspace. My country looks forward to the adoption by consensus the final annual progress report. We hope that the revised version a solid basis for discussions today. Allow me now to deliver a few specific remarks based on the previous informal meeting on existing and potential threats. El Salvador feels that this is one of the most comprehensive sections of the report. We welcome the reference to the threat landscape in information security. Nevertheless, we consider that paragraphs 15 and 16 of the Zero Draft reflected more accurately the relationship between hybrid use of ICT and conventional weapons, and also the criminal activities related to ICT and how they can represent a threat to international peace and security. This is why we would request that you consider returning to the language of the Zero Draft in this area. On paragraph 27, we are grateful that you have included El Salvador’s suggestion on post-quantum cryptographic solutions, and we would ask you, therefore, to keep this language. We also echo what was said by Mauritius in relation to equal meaningful participation of women in decision-making processes related to the use of ICT in the context of international security. We will come back on future sections at a later time. Thank you.


Chair: Thank you very much, El Salvador, for also keeping within time. No pressure on Qatar to be followed by Egypt.


Qatar: We will also express our appreciation to you and to the Secretariat and everyone who has prepared the draft final report, which captures the work of the OEWG. Mr. Chairman, we would like to mention Section B on existing and potential threats. The State of Qatar has previously reiterated the need to discuss the threats and security gaps as a result of the increased use of AI and modern technology. We emphasize paragraphs 20 and 26. This is an important measure to bridge views on the threats landscape. We also welcome paragraph 24 on the comprehensive treatment of increased threats from ransomware and malicious software. On Section C, we agree with paragraph 35 that includes a recommendation to continue exchanging views within a permanent mechanism. On paragraph 37, Qatar continues to share best practices, and we would like to invite you to a side event on the successful experience of Qatar in applying the norms of responsible state behavior in the use of ICT, and this will be today from 1.30 to 2.30 p.m. in Conference Room 12. With regards to Section E on CBMs and paragraph 46E on the template for communication, we emphasize the need to maintain the voluntary and flexible nature of the template, and we also emphasize paragraph 46H on the initial list of global CBMs, and here we would like to thank the organizing partners of the simulation exercise on the points of contacts directory as well as the ping test every six months because these are very useful for the preparedness of the points of contact. Mr. Chairman, on Section F on capacity building, we welcome paragraph 52F on the Global Security Cooperation. and capacity building portal. The portal is important to promote the cooperation between states, and we also welcome that it shall evolve over time to cater to the needs of states. We also emphasize the importance of the roundtables that provide a forum to exchange national, regional and international experiences. Mr. Chairman, the report highlights and reflects the work of our group, and the state of Qatar reiterates that it will continue to share best practices and will remain committed to achieving our shared objectives. Thank you, Mr. Chairman.


Chair: Thank you very much, Qatar, for your statement and also for the announcement on your side event. Egypt, to be followed by Ghana, please.


Egypt: Thank you, Excellency Chairperson. Chairperson, we align with the statement delivered by the African group. Chairperson, we continue to resolutely stand behind your leadership and supportive of your appreciated and relentless endeavors. We acknowledge the wide sense of commitment and political will among member states to honor the hard work undertaken at this OEWG with a meaningful, balanced and impactful conclusion. Egypt is not planning to deliver a general statement, neither now nor during the course of the week. We reiterate that our utmost priority is to ensure a consensus that allows smooth and seamless transition towards a future permanent mechanism, and to ensure that the gains and milestones achieved through the course of the work of this open-ended working group and previous UN-relevant processes are safeguarded and built upon. This will be an instrumental step in reinforcing the role of the UN in itself as a mean of confidence building. As indicated by the African group, albeit potential room for enhancements and strengthening, REV.1 provides a very promising, balanced and constructive point of departure that delegations are are encouraged to engage with an open mind and sense of purpose. We acknowledge that the report, including its annexes, responded positively to a number of the priorities and concerns of our delegation and parameters suggested previously by both the African and Arab groups during previous sessions. Any divergence of views concerning the substantive content of the report under its five sections, particularly since it mostly does not endorse any new conclusions or recommendations, can be addressed in the most factual manner or through effective yet prudent streamlining. For these reasons, we will exercise self-restraint and keep our comments and suggestions on the report itself to the most minimal level. We encourage all delegations to consider to do the same, to allow ample room to consider Annex III on the additional elements of the open-ended, action-oriented permit mechanism on ICT security in the context of international security that supplements the agreements included in Annex C of the third APR, and further allow for the needed time to consider RF2 as early as possible during this week. We have three text-based suggestions on Section B with a view of further reinforcing the element of a more equitable, diverse, and representative threats landscape, as portrayed in previous statements and interventions. As a better informed and more precise understanding of the forms and types of threats contribute to building and maintaining more resilient digital ecosystems. First, to add in the end of paragraph 14 the following sentence, states recognize the need to continue to capture and address the widest and most diverse landscape and range of risks and threats in a manner that equitably represents realities in all countries and regions. In paragraph 15, and also to capture the present reality in a more precise and realistic manner, in the middle we suggest the editing that would read as follows. The use of ICT in current army conflicts is increasing and is becoming more and more likely in future conflicts. between states. Finally, in paragraph 22, we suggest an addition at the very end of this paragraph to read as follows. States recognize the disproportionate impact of such malicious activities, including through misinformation on states in transitional phases or emerging from armed conflicts, particularly in Africa and other developing countries, and may subject them to heightened risk of relapse and increase their fragility. I thank you, Chairperson.


Chair: Thank you very much, Egypt, for your statement, but also for your reference to the fact that you have exercised self-restraint. I think that’s a virtue that I would command to all of us, and I wanted to give you a stocktake as to where we are. I think we have about 20 delegations that have asked for the floor under this section, but first I want to say that it has been a very positive and very constructive beginning to our discussions, so thank you very much for that. Second, I like the fact that all of you are zeroing in on very specific amendments and suggestions. I like that as well, so let’s keep that in mind. Thirdly, if you agree with a statement that has been previously made by another delegation with regard to a particular proposal, say so very briefly. You don’t need to elaborate the reasons, so that the room has a sense of where everyone stands with regard to proposals made, and the proposals could be with reference to additions or deletions, so that everyone has a sense of how the proposals are being received. Again, you don’t need to elaborate your reasons if indicating that you are in line with a proposal previously made. I think that will be helpful to all of us. And of course, self-restraint is good. You can send us your full text, but if you’d like to particularly focus on proposals that you think are important, then please put it forward, and I would also encourage others to react to it. I mean, this process is not a collection or collation of statements. If it was, then at the end of the week I could ask, chat GPT, or deep seek. to prepare a summary and then you know put it to you but it is more than that it is more than a compilation you need to interact with each other by responding to the different proposals that have been made so so I would encourage of course brevity focus and I’m not intending to cut off any statement but that really depends on each one of you being focused so that we give everyone a chance to come in with very brief statements to indicate where they stand so I seek your cooperation with that but having said that my thanks to all of you for what I would consider to be a very good start to our discussions plus the fact that the tone has been positive and constructive I’m very very grateful for that so let’s keep moving before the lunch break I give the floor to Ghana to be followed by Singapore


Ghana: Mr. chair thank you for giving me the floor my delegation has actively participated in the work of this open-ended working group and appreciates the significance progress made since the beginning of its mandate in 2021 we welcome the ref one draft of the final report as a substantial milestone that reflects the collective efforts undertaking over the past five years to achieve our shared objectives in this final stretch mr. chair Ghana remains fully committed to supporting the successful conclusion of the group’s work we align with a statement delivered on behalf of the African group and wish to make the following remarks in our national capacity there’s a chair on this section B which addresses existed and potential threats we welcome the inclusion in paragraph 17 of language recognizing the sovereign prerogative of states to determine which infrastructure they consider critical as well as the importance of protecting critical infrastructure and critical information infrastructure we also appreciate the reference in paragraph 23 to concern regarding the exploitation of ICT product vulnerabilities and the threats posed to the integrity of supply chains. However, Ghana believes this paragraph would benefit from the inclusion of a reference to security by design, a concept consistently emphasized by our delegation and others in previous sessions of the OEWG. We therefore propose that the following sentence be added to paragraph 23 immediately after the last sentence of that paragraph. So the last line in paragraph 23 reads, states also noted the significant ICT threats posed to the integrity of supply chains. And after this paragraph, we propose adding this line. In this context, states highlighted the critical importance of security by design throughout the life cycle of ICTs as a fundamental measure to mitigate such risks. Mr. Chair, this addition is important as it reflects the understanding that supply chain integrity cannot be fully ensured without the consistent application of security by design principles by all actors involved. Mr. Chair, with respect to paragraph 25, which notes the growing markets for commercially available ICT intrusion capabilities as well as the proliferation of hardware and software vulnerabilities, including those accessible via the dark web, my delegation supports the inclusion of this important issue. We believe it is vital to address the increasing risk posed by the proliferation and irresponsible use of such commercial intrusive capabilities. In this regard, Ghana wishes to reiterate its support for the joint statement submitted by the Palmaul Group and aligns itself with the recommendations put forward therein. The Palmaul process, as we understand, represents an ongoing international and multi-stakeholder dialogue aimed at developing joint policy and technical solutions to address the challenges associated with commercial cyber intrusion capabilities. Mr. Chair, my delegation also welcomes the language in paragraph 32 concerning the need to strengthen cooperation between computer emergency response teams and computer security incidents response teams. We equally support the emphasis on enhancing public-private partnerships, which are essential for improving resilience and promoting timely, coordinated responses to ICT. related threats. I thank you.


Chair: Thank you very much. Ghana, Singapore please. Mr.


Singapore: Chair, my delegation would like to thank and express our appreciation to you and your team for the hard work in preparing this draft final progress report and in facilitating this week’s discussions. On existing and potential threats, given the transboundary nature of these threats, Singapore welcomes the draft report’s comprehensive focus on the diverse cyber threats faced by states as outlined in Paris 16 to 29. These threats provide an up-to-date and very useful snapshot of the cyber threats that the majority of states around the room today have to deal with and also in doing so provide a roadmap of concrete and meaningful for the concrete and meaningful implementation of the normative framework and the areas we need to further discuss in strengthening this framework as well as cooperation initiatives and capacity building we need to strengthen at the international, regional and sub-regional levels to build our collective resilience against them. We support the inclusion of Paris 26, 27 and 29 which acknowledge the risks of emerging tech especially on AI. We need to continue to build our understanding on the opportunities as well as risks posed by such technologies especially to small and developing states. It is vital that we continue our conversations on emerging threats in the future permanent mechanism. Mr. Chair, noting the evolving nature of the cyber threat landscape, we support Paris 32 on the importance of further encouraging cooperation dialogue particularly at the CERT level. To further enhance this we should ensure that CERT related information sharing and cooperation occurs in a timely manner to ensure that we can appropriately respond to cyber incidents. From our region the ASEAN regional CERT and information sharing mechanism we have recently established provide useful examples of how such information sharing and cooperation can help advance these efforts. Given above we support the recommendation in Paris 33 to continue exchanging views at the future permanent mechanism to identify cooperative measures to address these common challenges. It is more important than ever that we maintain dialogue on cyber issues and cyber security as cyber threats affect us all. It is in all our interests to continue our cooperation. Thank you Mr. Chair.


Chair: Thank you very much Singapore for your statement. Friends I’ve been told that the Russian Federation wishes to take a… floor to make a procedural point. So I’ll give them an opportunity to do so, but I request them to be as brief as possible. Russian Federation.


Russian Federation: Thank you, Chair. I’d like to touch on an organizational and procedural issue that’s very important. Unfortunately, my colleagues from Russia do not have access to the interpretation or the webcast of the session. So could you please address this issue with the technical service and rectify the situation and prevent it from being repeated? This could potentially be linked with the political activity of certain states and take part in the work of the OEWG. Thank you.


Chair: Thank you, Russian Federation. Just to clarify, are you saying that the UN web TV cannot be seen, or it can be seen, but there’s no access to interpretation? Can you clarify, please?


Russian Federation: Chair, the website UN web TV can be opened, but there’s no access to the webcast.


Chair: Well, thank you very much, Russian Federation. These sort of technical website issues are not uncommon, especially the UN website, which, by the way, requires a lot of funding for improvement, but that’s a separate issue. So it’s a pretty archaic system, and I think they’re doing their best. So let’s assume that these are technical issues. I don’t think we need to impute anything more sinister at this stage, but I will ask the secretariat to check with the technicians to see, and I hope that we can fix the problem, because the idea is that anyone can access it, and I’m very happy to hear that people around the world are watching our meeting. It is so exciting, very obviously. But it also is an instrument for transparency and inclusiveness. So it is a very important issue. So let’s hope that we can fix it. Secretary, can you take it up? Yeah, I will. All right, we’ll give you an update later, later in the afternoon. So Republic of Moldova to be followed by Malawi, please.


Republic of Moldova: Chair, Excellency, distinguished delegates, the Republic of Moldova aligns itself with the statement delivered by the European Union and its member states. In this regard, we reaffirm our strong support for the consensus-based work of the YWG and the foundational role it has played in reinforcing international peace and security in cyberspace. Chair, first, I would like to express my delegation’s appreciation for your leadership and for the sustained efforts of your team in guiding this process over the past years. We also acknowledge the valuable contributions of all delegations in navigating this complex, yes, vital agenda. As a smaller state committed to the multilateral rules-based order, Moldova places a high premium on the stability and predictability that the existing UN framework on responsible state behavior in the use of ICTs provides. This framework rooted in international law and voluntary norms, confidence building measures and capacity building remains essential to safeguarding our digital future. We echo the EU’s call that this final YWG report must not only preserve the progress achieved so far, but also act as a launchpad for implementation. Any attempt to dilute the consensus reached or to blur the applicability of international law in cyberspace risks undermining global stability for. Moldova and many countries in similar positions. Such uncertainty would pose serious challenges to national security, economic development and democratic governance. In this context, we support the clear differentiation in the report between agreed norms and proposals still under discussion. This distinction is critical to maintaining coherence and credibility in the UN framework. Chair, we would like to highlight three complementary points. First, capacity building must remain at the heart of international cooperation. The Republic of Moldova particularly values the recognition of its cross-cutting role in the OEWG work. We see capacity building not only as a technical priority, but as a strategic enabler of our national resilience, our cyber diplomacy and our ability to meaningfully engage in international processes. We welcome paragraph 9’s emphasis on the need for accelerated needs-based and sustainable approaches and call for the future permanent mechanism to operationalize these principles with inclusivity and transparency. Second, we underscore the importance of regional cooperation. In our region, cyber threats often transcend borders and institutional capacities. My delegation, therefore, supports stronger cooperation between the UN and regional or sub-regional organizations, including those not traditionally focused on ICT security. Enhanced cross-regional exchanges would help ensure that regional diversity is reflected in global norms and practices. Third, we appreciate the OEWG’s efforts to promote gender inclusion and the increasing participation of women in cyber diplomacy, and we remain committed. to reducing the gender digital divide and enabling the full and meaningful participation of women in ICT policies both domestically and internationally. Chair, in conclusion, the Republic of Moldova remains firmly committed to an open, secure, stable, accessible and peaceful ICT environment. We view the transition to a future permanent mechanism not as the end of a process but as a renewed commitment to responsible behavior, dialogue and practical cooperation. We thank you once again for your leadership and assure you of our continuing constructive engagement. Thank you very much.


Chair: Thank you very much, Moldova, for your statement. I give the floor now to Malawi to be followed by France.


Malawi: Mr. Chairman, Excellencies and Delegates, the Republic of Malawi aligns itself with the principles of consensus, cooperation and constructive dialogue as emphasized in your letters dated 23rd May, 4th June and 25th of June 2025. My delegation commends your leadership and guidance during this critical final stage of the OEWG final process and reiterates our unmervering commitment to the successful adoption of a consensus-based final report that ensures a seamless transition to the future permanent mechanism. The Republic of Malawi will structure its interventions in this session around the five key pillars of the OEWG as reflected in REV1, draft final report with first the existing and potential threats. The Republic of Malawi supports the statement by the African group and acknowledges the growing complexity and sophistication of ICT related threats including ransomware, data breaches and the malicious use of AI. My delegation reaffirms its concern regarding cyber incidents that target critical infrastructure and critical information infrastructure. such as the 2024 breach of Malawi’s passport issuance system. We strongly support the report’s recognition of ransomware and cryptocurrency-related fraud as major threats. In line with the REV1 report, we stress that a human-centric and capacity-focused response to ransomware is essential. The Republic of Malawi has experienced an increase in mobile money fraud, SIM swaps scams, and phishing attacks, especially as we are approaching our general elections this September. Many of these threats leverage social engineering and undermine public trust in digital systems. In response, the Republic of Malawi is enhancing its national threat monitoring capacity through our national search and is in the process of finalizing its national cybersecurity policy to further address these threats. Just like Mauritius, Ghana, and Singapore, the Republic of Malawi echoes the call for enhanced cooperation between CERTs, improved public-private partnerships, and regional response frameworks. And we also underline the urgent need to address vulnerabilities in undersea cables and satellite communications. In conclusion, Chair, my delegation supports the OEWG’s efforts to identify and prioritize the most urgent threats to international ICT security. We commit to strengthening our threat landscape, mechanisms, and call on member states to continue sharing their threats, intelligence, tools, and best practices. I thank you.


Chair: Thank you very much, Malawi, for your contribution. France to be followed by South Africa.


France: Thank you, Mr. Chair, your team, and the Secretariat for your work throughout the OEWG process. We assure you of our support in reaching a consensus on all the sections of the report and its annexes, and in ensuring the transition toward a future permanent mechanism, a topic on which my delegation, as you know, has worked tirelessly and in a constructive manner since our initial proposal of a program of action five years ago. I’d like to – the discussions that we’ve been having on growing and multifaceted threats in cyberspace, whether this is ransomware, cyber threats linked to AI, or the commercial market for cyber intrusion capabilities, demonstrates one thing. It is urgent to implement the Framework for Responsible Behavior by States through an action-oriented mechanism. This is our best asset for dealing with these threats. However, Mr. Chair, we still have work to do to reach a consensus, as the revised draft report remains unbalanced. For each section, my delegation will focus on the main stumbling blocks and will send its detailed comments in writing for the sake of time. For the section on threats, we will limit ourselves to two points. I’d like, first and foremost, to support the delegations that have raised the issue of paragraph 15 containing problematic and nonconsensual language on uses of cyberspace by states. And secondly, I’d like to point out that paragraph 25 could be improved, in our view, and we will send a written proposal in this regard to replace the end of the last sentence by, quote, to access and utilize ICT tools for legitimate and necessary purposes consistent with international law. international law where appropriate safeguards and oversight are in place. So that’s the end of paragraph 25. Thank you.


Chair: Thank you very much, France, for your statement and for your very focused proposals, and I look forward to receiving them in writing. South Africa, to be followed by Thailand.


South Africa: Thank you, Chair. South Africa aligns with the statement delivered by Nigeria on behalf of the African group. In our national capacity, we would like to express our appreciation to you, your team, and the Secretariat for your tireless efforts in preparing for the 11th and final session of the OEWG. We reaffirm our full support and commitment to working with all states to achieve consensus on the fourth and final report of the OEWG. We also support the Chair’s approach to discussions and negotiations as outlined in the letter dated 3 July 2025. Recognizing that time is of essence, we commend your efforts to encourage delegations to provide more specific interventions on the draft report rather than general statements as we work together to finalize the outstanding issues. We believe that the text of Ref 1 of the final report is balanced and provides a solid foundation for negotiation, reflecting the diverse viewpoints and discussions held over the past four and a half years. We are confident that consensus can be achieved on these elements, ensuring a seamless transition from the current OEWG to the future Permanent Mechanism. Turning to Sections A and B, we fully support the Chair’s proposed text in the Overview and Threat Sections, which are drawn from the consensus already achieved in the three OEWG APRs. We welcome the revisions made to paragraph 25. based on the discussions held during the two town hall meetings. Thank you, Chair.


Chair: Thank you very much, South Africa, for your statement and also for your message of hope and optimism that we can get to consensus. I think this is what we need as we embark on this intense week. Thailand to be followed by Japan.


Thailand: Mr. Chair, since this is the first time Thailand is taking the floor, I would like to thank the Chair for the preparation of the draft final report and all the work leading up to it. On existing and potential threats section, Thailand would like to highlight the following points. First, we welcome the clear and thorough overview of the evolving threat landscape in the draft. We agree that growing threats in the use of ICTs, particularly in terms of conflict and political tension, present serious risk to international peace and security. Second, Thailand agrees with the inclusion of the concern over the rising number and growing sophistication of cyber attacks worldwide, particularly those targeting critical infrastructure and critical information infrastructure. Among these, we would like the draft report to specifically include threats from advanced persistent threats or APTs, which are especially alarming due to their complex and sustained nature, and can disrupt essential services and threaten national security, economic stability, and public safety. These risks are even more serious for developing countries with limited cyber security capacity. Third, Thailand agrees with the inclusion of paragraph 16, which states the current trend that some non-states have demonstrated ICT capabilities previously only available to states. We would like to note our concerns about the challenge of determining whether such sophisticated cyber activities are carried out by state or non-state actors and the importance of relevant capacity building, which I will continue to address later in this meeting. Fourth, Thailand also agrees with the inclusion of the increasing importance of emerging technologies such as artificial intelligence, quantum computing, and cloud-based systems. To fully benefit from these technologies while addressing their potential risks, we stress the need to strengthen cooperation at all levels. Lastly, Thailand believes that preventing and addressing cyber threats requires both strong domestic measures and enhanced regional and international cooperation. Recognizing that cyber threats can affect privately-owned infrastructure or systems that operate across borders, Thailand underscores the importance of both interstate and public-private sector cooperation. In this regard, Thailand supports continued engagement within the Future Permanent Mechanism to address existing and potential threats through focused discussions on cooperative measures and strengthen collaboration at the regional and international level. Thank you, Mr. Chair.


Chair: Thank you very much, Thailand. Japan, to be followed by Turkey.


Japan: Thank you, Mr. Chair. First of all, I’d like to thank you and your team for all the efforts already put into date for the draft final report. Although there still remains… issues which need to be addressed to achieve the right balance, Japan concurs with you about the importance of reaching consensus this week in this room. Regarding the overview section in paragraphs such as 8 and 13 for example, a reference to the work of GGE is necessary because our discussions at the UN are based on a series of discussions and efforts done both by the OEWG and GGE. Therefore it is necessary to mention not only the OEWG’s work but also the GGE’s work if not mentioned yet and retained if already mentioned in relevant paragraphs. My second point is that regarding the threat section, threats from cross-border cyber attacks and intrusions have unfortunately been on continuous upward trend and it is crucial that all member countries share the right landscape on the existing and potential threats and risks. In this regard we highly value the Red One mentions the issue of cryptocurrency theft in the context of international peace and security in paragraph 24 and despite what I heard today in this room, Japan requests that text be maintained as it stands in the Red One. Thank you.


Chair: Thank you Japan for your statement. Turkey to be followed by Cuba.


Turkey: Mr. Chair, distinguished delegates, let me begin by expressing Turkey’s appreciation for your dedicated leadership and the inclusive manner in which this process has been conducted. The draft final report before us marks a critical step in consolidating our collective efforts and shaping the contours of the failed future permanent mechanism. As we prepare to transition to this new phase Turkey would like to offer the following reflections. First, we attach great importance to the security and resilience of global ICT supply chains. As highlighted in paragraph 23 and 34G of the draft, the development of shared standards and best practices is essential. However, these must be complemented by practical implementation frameworks that respect the diversity of national capacities and foster trust across jurisdictions. Second, we wish to underscore the centrality of data governance in today’s digital environment. As noted in paragraph 28, the risks posed by data misuse and breaches of privacy are growing. We see merit in sustained dialogue on secure cross-border data flows, personal data protection, and mechanisms for preventing the exploitation of sensitive data. Chair, Turkey believes that the UN Technology Bank for Least Developed Countries plays a vital role in strengthening the science, technology, and innovation ecosystems of LDCs. In this context, we see significant value in expanding the Bank’s mandate and partnerships to include targeted support for capacity building in ICT security. As digital threats increasingly affect national development and stability, it’s essential that cybersecurity be mainstreamed into broader digital transformation strategies. The Technology Bank, through its established networks and expertise, is well positioned to facilitate the transfer of secure digital technologies, support cyber skills training, and promote regional cooperation in cyber resilience. Turkey stands ready to support initiatives that leverage the Bank’s convening power to build by cybersecurity capacities aligned with the needs and priorities of the LDCs. Third, we acknowledge the growing role of the private sector in securing the digital ecosystem. However, we note that responsibilities remain insufficiently defined. The future mechanism should support reflection on how private actors can cooperate with states in addressing systemic ICT vulnerabilities and mitigating the consequences of major incidents. Chair, on the application of international law, Turkey reiterates that the UN Charter and other relevant instruments apply in cyberspace. Yet, as reflected in paragraphs 38 to 42, ambiguity remains concerning thresholds such as the use of force, intervention, and state responsibility. We support the proposal to dedicate a thematic group under the future mechanism to this issue as outlined in Annex 3. We also believe that effective cooperation between sources and affected states in responding to cross-border ICT incidents should be prioritized. Developing operational modalities for such coordination will be key to preventing escalation and fostering mutual confidence. Finally, with respect to stakeholder engagement under the future permanent mechanism, Turkey reaffirms its support for transparency and inclusiveness. That said, this must not come at the expense of the intergovernmental character of the process, which Turkey views as red line. We urge clear affirmation that participation will be strictly based on accredited status in full accordance with established UN practice and the principle of non-objection. Chair, Turkey remains committed to the successful conclusion of this process and to the establishment of a future mechanism that builds on our shared achievements. We will continue to support efforts that ensure an open, secure, stable, accessible, and peaceful ICT environment rooted in international law, cooperation, and collective responsibility. Thank you.


Chair: Thank you very much. Turkey, Cuba, to be followed by Croatia.


Cuba: Gracias, Senor President. Thank you, Chair. Chair, we have reached the final meeting, the final session, rather, of this OEWG following four weeks of work, four years of work, and you have demonstrated the value of your stewardship. It is now time for us to achieve a final progress report that keeps all states united in the establishment of a new mechanism for periodic institutional dialogue. Our delegation stands ready to work arduously to achieve this outcome. The current version of the report needs some major modifications. We align ourselves with the statement to be delivered by the like-minded group. We support the call to be cautious in terms of the specific use of terminology throughout the final report in order to ensure coherence with the mandate handed down to the OEWG. Chair, my delegation wishes to refer to sections A and B of the draft report. We note that section A, overview, is largely based on previously agreed language, while there is still room for perfection. In section B, on existing and potential threats, we are pleased to note that paragraph 15 has been modified to refer to the need to promote the use of ICTs for exclusively peaceful purposes, even though we would have preferred the language to be even more explicit, to reflect an unequivocal commitment by all states. We could not accept some of the formulas proposed this morning in the meeting that could use to legitimising the use of force in this area. We note that in paragraph 16, reference is made to cybercrime, and we believe that this should be kept separate from questions under the work of this working group. The reference to cybercrime is covered in a different platform, specifically based on adoption of the International Convention in 2024. This should be separate. In paragraph 25, we would insist on the elimination of the reference to the supposed neutrality of technology. technologies. This is a notion that we do not share. Let us recall that a reference in this regard was included for the first time in the final version of the third annual progress report of the G3A without prior discussion, and that was rejected by our delegation. There is no common understanding in the OEWG on this notion. In paragraph 33 on recommendations, it concludes with a view to discussion to handle threats. The next line following this is not useful. It sort of undermines this proposal, and this is an idea that has been reflected numerous other times throughout the report. My delegation will deliver statements about the other sections of the report at the appropriate time. Thank you.


Chair: Thank you, Cuba, for your statement. Croatia, to be followed by Switzerland.


Croatia: Mr. Chair, Croatia aligns itself with the statement delivered by the European Union and wishes to add the following remarks in its national capacity. As we are entering in the last week of the OEWG, please allow me to express our appreciation for all the work and energy you and your team have invested throughout this process. We look forward to constructive and consensus-driven conclusion that reflects the collective efforts of all delegations and paves the way towards a future permanent mechanism. We believe this mechanism will help structure discussion, deliver concrete outcomes, and translate experience into its useful results. It will also strengthen trust and cooperation among diplomats and experts by highlighting both success and improvements. As the threat landscape continues to evolve, it is clear that we need to make use of all the expertise available to us. So far, unfortunately, we’ve been trying to respond to these threats with one hand tied behind our backs. It is strange that we have recognized, or at least we are discovering, the value of involving other stakeholders in our other fields of work, but we are still reluctant to involve them in this one. Last week’s town hall meeting showcased an abundance of interest by multi-stakeholders. While we would also like to see geographical diversity among them, we do not believe others should be punished for the lack of it. On the contrary, seeing the positives provided at the greatest stage can be the best inspiration for new and emerging actors in cybersecurity around the globe. Also, we hope to see more and more diversity within that community in terms of different areas of expertise. We are satisfied with the draft report recognizing that ransomware goes beyond criminal behavior, although a number of improvements can and should be made with it as well to properly reflect realities. Similarly, we hope that vulnerability of critical infrastructure can be reflected better. This is an indiscriminate threat that does not target only developed countries. In fact, non-state and criminal actors are being increasingly enticed to go after a proverbial low-hanging fruit, where the risk-reward ratio goes in their favor, and no one wants to be so-called easy-picking. There is really no reason to allow for another gap to develop between developed and developing states, especially since there is a resolute will to offer capacity-building services, including in terms of critical infrastructure protection, including ones of cross-boarding importance such as undersea cables. Chair, as we look to the future, we rely heavily on results achieved. Agreed consensus-based rules, norms, and principles are amongst our greatest results. We strongly value and support the established UN framework of responsible state behavior. This is our final step, the final OEWG, which needs to properly reflect this in its final report. Finally, as we understand your delicate position and your willingness to reflect various ideas, proposals, and suggestions given by delegations, and as far as possible to incorporate them in a draft final report, in order for us to reach consensus by the end of the week and achieve an overall balance, it will be vital to differentiate those ideas that have already reached consensus from those that have yet to reach that status, and at this time deserve to be listened in some sort of footnote or an annex at maximum, and be left for the future permanent mechanism discussion. I thank you.


Switzerland: Thank you, Mr. Chair, and thank you for your commitment and all the hard work of you and your team. Let me assure you of Switzerland’s full support in finding a way to adopt a strong final progress report at the end of this week that reflects the discussions and findings over the last five years and that paves the way for the future. Switzerland would like to thank you for the revised draft of the final annual progress, of the final report. We see many good elements in the draft one. However, we also see room for improvement. that the report needs to reflect what a significant number of states have said, discussed, or handed in as working papers, often with broad cross-regional support. However, this is not always the case. For example, in the section on international law, and in particular on international humanitarian law. On section A, or review, we propose to delete the words could continue to in the first sentence of paragraph 11. Regional and sub-regional organizations have demonstrated on many occasions, in our sessions and through their work, that they play an important role in implementing the framework for responsible state behavior in the use of ICTs, not least in the field of capacity building. In this context, I would like to refer to the non-paper on the role of regional organizations in implementing the framework, which was circulated to all delegations at the request of my delegation two weeks ago. Regional organizations act as an incubator, supporter, and facilitator for national implementation of the UN Framework for Responsible State Behavior in cyberspace. Moreover, regional organizations have developed their own innovative ideas on how to address some of the international cybersecurity policy challenges. The non-paper contains concrete examples of the work of regional organizations, namely ASEAN, African Union, the Economic Community of West African States, European Union, Pacific Island Forum, the OAS, and the OSCE. Furthermore, it also contains recommendations for the future mechanism, as, for example, recognize the regional efforts in implementing the UN Framework, have an opportunity for regional organizations to contribute to the discussions and share their experiences in the future for a mechanism, both in plenary sessions and the relevant dedicated thematic groups. The provision of a venue and modalities for regular inter-regional exchanges between regional organizations. Inter-regional exchanges on the margins of the plenary meetings could take place with the participation of interested representatives of the respective secretariats and member participating states of the regional organizations and could serve as a forum for interested representatives of UN member states not part of regional arrangements. Having annual meetings, preferably on the margins of the plenary meetings or as part of one of the dedicated thematic groups to be established as appropriate. Let me make now some comments on Section B of potential and existing threats. With regards to paragraph 15, we do not agree with the changes made in the last sentence. I mean exclusively. This should be deleted. And we would strongly recommend, however, that this paragraph not only notes that civilians might be affected, but also recall states shared commitment to safeguard civilians from harm. This could be done by adding the following half sentence of rigid language from the resolution protecting civilians and other protected persons and objects against potential human costs of ITC activities during armed conflict adopted by the 34th International Conference of the Red Cross and Red Crescent on the 31st October 2024 at the end of the paragraph. So this paragraph would read then of this sentence. In this regard, states stressed the need to promote the peaceful use of ICTs by states and reiterated their shared commitment to protect the civilian populations in situations of conflict, including against the risks arising from malicious ICT activities. In paragraph 16, we do not support the deletion of the sentence mentioning the blurring the lines. This blurring of lines is a reality and is unfortunately becoming increasingly widespread with corresponding risks for international peace and security. Recent developments show that state-backed groups are leveraging the expansion of the cyber-criminal ecosystem for their own benefit. State-backed activity can no longer be evaluated in isolation from financially motivated intrusions. The vast cyber-criminal ecosystem acts as an accelerant for state-sponsored operation, providing malware, vulnerabilities, and in some cases full-spectrum operations to states. In our view, it would be negligent of this group to turn a blind eye to this worrying development. Maybe just a final comment on a distinguished delegate from Cuba who mentioned that he cannot support the neutrality of technology, just to mention that this is an agreed language of APRs we adopted by consensus last time in 2024 to be found in paragraph 22 of the third APR. Thank you, Mr. Chair.


Chair: Thank you very much, Switzerland, for your statement. happy news to announce. I think the U.N. Web TV is working well around the world, including in Moscow. I think the issue has been resolved, so it’s accessible to everyone who wishes to follow the discussions. So the matter has been resolved. We move now to Colombia, to be followed by Australia.


Colombia: Thank you, Chair. As we have expressed repeatedly, we are grateful for your efforts in leading the work of this OEWG towards consensus. We should not take it for granted. It is fragile, and the current circumstances requires a commitment and flexibility from all here present. In this same spirit, my delegation wishes to express the following comments in relation to the Rev. 1 of the draft final report. In the overview section, we agree with the reference in paragraph 2 that the OEWG has made a positive contribution to common understanding and served as a vehicle for building trust and confidence. On paragraph 7, the three annual progress reports are complementary, and together with the final report will represent the foundation for future discussions on ICT in relation to international security under the Permanent Future Mechanism. We also welcome the reference in paragraph 13 to the governmental group of experts and their work. On paragraph 8, the swift development and the need for continuous building on this is important. It’s important for all states to be benefiting from digital technologies. As expressed by other states, we think it’s fundamental that we keep the references in paragraph 2 on the inclusion of women and a gender perspective in discussions on these topics, and also the reference in paragraph 11 on the role of regional regional organisations, taking into account the complementary work that they have been undertaking in the area of capacity building and regional efforts. In section B, existing potential threats, we highlight the reference in paragraph 24 on the need to comprehensively address all elements under ransomware, a human-centred approach. For us, this is what affects us most internationally. We also welcome the references in paragraph 26 on new and emerging technologies. These have expanding development opportunities and they could potentially have implications for the use of ICTs. We also highlight the inclusion of the gender perspective in paragraph 30, including these in addressing ICT threats and also the needs of persons in vulnerable situations. Also, paragraph 32, capacity building aimed at detecting threats. Finally, we’d like to point out that our delegation supports the reference by the Ghanaian delegation of security by design. Thank you.


Chair: Thank you, Columbia, for your statement. Australia to be followed by Argentina.


Australia: Good morning. Thank you to the Chair and Secretariat for your longstanding commitment to the OEWG process and for your efforts in drafting the Rev. 1 of the final report. It is great to be in New York with everyone in person rather than in my pyjamas after midnight in Canberra. Columbia looks forward to engaging constructively with all delegations to work towards consensus on the final report and seek a seamless transition to the future permanent mechanism. We align with the Pacific Islands Forum statement and underscore the importance of focusing on the consolidation and implementation of the framework for responsible state behaviour in the final report while continuing to exchange views on enhancing the framework in the future permanent mechanism. We wish to make some additional remarks in our national capacity. At the outset, Australia wishes to express its disappointment that a number of stakeholders have again been denied accreditation to the final session of the OEWG due to the exclusionary use of stakeholder modalities. This reduces the ability of member states to benefit from the indispensable expertise that stakeholders provide our discussions and we strongly support the Canada Chile paper to improve stakeholder modalities in the future permanent mechanism. On the final report, Australia was pleased to see some additions in Rev. 1 that provide a more accurate reflection of OEWG discussions and strike a better balance in the text. We would also like to suggest some areas for improvement for the final report. On the overview, we strongly support the comments from Columbia, Moldovia and Mauritius on the importance of the full, equal and meaningful engagement of women in the OEWG process as well as efforts to narrow the gender digital divide. We also welcome in paragraph 13, the reference to the consensus reports of the GGEs and agree with others that references to the OEWG 2021 chair’s summary should be reconsidered given it’s not consensus. On threats, together with Qatar and Japan, we support paragraph 24’s addition of cryptocurrency and we also support in 27, the reference to effective risk management of AI. In paragraph 15 we do not support the reference to exclusively peaceful purposes as just outlined by Switzerland. There is a serious disconnect between recognizing the reality that cyber is already being used in conflict situations and promoting the use of ICTs for exclusively peaceful purposes. This reference does not recognize that cyber has already been and can legitimately be used in conflict including in ways that would better allow parties to a conflict to distinguish between civilian objects and military objectives. It is important to recognize that the use of cyber in conflict is regulated by international humanitarian law. We propose deleting the last sentence of paragraph 15 and replacing it with the following. States highlighted with concern the potential for ICTs to be used in a manner that violates international humanitarian law. In this regard states stressed the need to promote the responsible use of ICTs by states in accordance with international law. On paragraph 25 and the growing market for commercially available ICT intrusion capabilities we appreciate the addition on the need to establish appropriate safeguards and oversight efforts. However we support France in making an amendment to the final line by replacing lawful purposes with consistent with international law. This would also make it consistent with the earlier reference in the same paragraph. Thank you chair.


Chair: Thank you very much Australia for your statement. Argentina to be followed by Rwanda.


Argentina: We are grateful to you for circulating the draft final report and we thank you for your efforts and those of the Secretariat in facilitating a transparent and constructive negotiation process. As regards paragraph 9 we reaffirm that capacity building represents an essential pillar for strengthening the resilience of states in the area of cyber security. We agree that these efforts should be adapted to the specific reality and vulnerabilities in each state and fully respect each state’s sovereignty, we welcome the fact that the text reaffirms the principles that were previously adopted in the progress reports. We believe that this represents a strong basis for future work in this area. As regards the proposals for language, in paragraph 12, for greater clarity, we suggest replacing the term gender for women and simplifying the terminology in the paragraph. We will submit this proposal in writing. Rather than the rights of women, we would prefer references to women specifically as opposed to gender. These sorts of terms make women invisible and actually prevent women from affirming their rights. And we have similar suggestions for other parts of the text where there are references to gender. In paragraph 30, we could end this with growing digital divide and remove the rest of the text. Every state is free and sovereign to implement agenda 2030. We prefer to avoid references to this to avoid divergences. The same logic applies to the rest of the document where similar references are found, especially in 42E2 and 52A. Chair, by way of conclusion, we wish to highlight that Argentina especially values the fact that this report has a central axis, the promotion of capacity building. In this regard, we wish to underscore that strengthening cyber resilience for states constitutes not only a technical tool but a substantial contribution to the maintenance of international peace and security and to the creation of open, secure, peaceful and interoperable cyberspace. I thank you.


Chair: Argentina for your statement. Rwanda to be followed by Nicaragua.


Rwanda: Thank you, Chair, for this opportunity to speak. At the outset, allow me to express our deep appreciation to you, Chair, for your leadership and for the progress made in this process since 2021. We recognize these moments represent not just the culmination of the four years of negotiations but the foundation of more secure, inclusive and cooperative digital future for all member states. Mr. Chair, Rwanda supports and aligns itself with the statement delivered on behalf of African group and wish to highlight the flowing in our national capacity. We commend the comprehensive scope of the final report and acknowledge the significant milestone it represents. We appreciate the Chair’s efforts to steer this process in particular challenging context and underscore the importance of reaching consensus and preserving the validity of previous annual progress reports. We regard the APR4 as a constructive contribution that brings us closer to a smooth and effective transition towards the future permanent mechanism. Mr. Chair, cyber threats recognize no borders. They demand responses that transcend boundaries and unite us in a common purpose. As we navigate an increasingly interconnected digital world, the security of our information and communication technologies have become fundamental to international peace, stability and sustainable development. We gather here today, not merely as separate regions, but as partners united in recognizing that our digital destinies are Mr. Chair, I want to commend these three proposed dedicated thematic groups that creates a framework that balances focus with comprehensiveness. We acknowledge the interconnected nature of these peers, allowing each dedicated thematic group to meet jointly with others to facilitate holistic discussions on the linkages between issues. As we stand at the threshold of unprecedented technological advancement, we must acknowledge that innovation is a double-edged sword, bringing transformative opportunities while simultaneously introducing new vulnerabilities that we are only beginning to understand. This is why the international cooperation on emerging technologies standards is not merely desirable but essential. Mr. Chair, to conclude, the future of ICT’s security lies not in building digital worlds but in constructing bridges of cooperation, trust, and shared responsibility. And I thank you.


Chair: Thank you very much, Rwanda, for your statement. Nicaragua, please.


Nicaragua: Thank you very much, Chair. I speak on behalf of a group of like-minded states, the Republic of Belarus, the Bolivarian Republic of Venezuela, Burkina Faso, the Republic of Cuba, the State of Eritrea, the Islamic Republic of Iran, the People’s Republic of China, the Russian Federation, and my own country, the Republic of Nicaragua. We also know that other countries will align themselves to this statement at a later stage. stage. We appreciate efforts made by the chair and his team in crafting the draft final OEWG report that will serve as a basis for upcoming discussions at the 11th session of the group. We consider, however, that further efforts are needed in order to reach the compromises that would allow us to adopt this document by consensus. We are convinced that terminology must be aligned with the mandate of the OEWG defined by UNGA Resolution 75-240. In this regard, ICT security, which reflects a narrow aspect of the OEWG’s scope, should be substituted with security of and in the use of ICTs throughout the entire text. We also propose to edit the title of Annex 3 by substituting ICT security with security of and in the use of ICTs following the same logic. Mr. Chair, on the future permanent mechanism, as the third annual progress report explicitly mentioned, the dedicated thematic groups are to be established by decisions of the future permanent mechanism as required. Dedicated thematic groups are not a must for achieving success of the final session. The top priority of this session is to achieve a smooth transition from the current OEWG to the future permanent mechanism by a concise report. Meanwhile, dedicated thematic groups of the future permanent mechanism must not undermine the five pillars of its mandate, namely threats, norms, international law, business building measures, capacity building. Going beyond the mandate or distorting it is unacceptable and has the potential to undermine concrete practical results already achieved by the OEWG. Therefore, we cannot support dedicated thematic group 1 in the current draft. Also, being guided by this, as well as by the spirit of maintaining balance between norms and international law, we propose to create a separate dedicated thematic groups on norms. We support the creation of a dedicated thematic group on capacity building, a consistent demand of developing countries. We advocate for sticking to the current modalities of stakeholders’ participation within the Future Permanent Mechanism adopted in April 2022, since they represent a delicate balance that ensures both inclusivity and intergovernmental nature of the process. It has included one dedicated segment for NGOs to present their views in each substantive session, a valuable practice that should be replicated in the Future Permanent Mechanism. With a view to preserve the intergovernmental nature of both the United Nations and this very process, we are not in a position to support giving floor to NGOs after States at the plenaries and review conferences, as well as the concept of so-called consultations. We also urge to facilitate verification of the relevance of the ECOSOC-accredited NGOs to the scope and functions of the Future Permanent Mechanism by its chair and the secretariat. Guided by the same rationale, we cannot support participation of stakeholders in dedicated thematic groups, which should provide venue for detailed discussions among governmental experts. With regard to the powers of the chair of the Future Permanent Mechanism, we consider that this should not be overstretched in terms of appointment of co-facilitators of dedicated thematic groups. Since this issue might have political implications, it is more appropriate, in our view, to follow the principle of consensus while appointing the co-facilitators. Authorities of co-facilitators should be clearly defined as well, leaving no space for submitting recommendations to plenaries without prior transparent and inclusive discussions. Mr. Chair, on the main body of the draft report, we insist on adding language on the of elaborating legally binding agreements which would reflect positions voiced by member states since the start of the OEWG’s work. We also insist on the balance between norms and international law, as well as between implementing existing rules and formulating new rules, which has always been the key to reaching consensus. This should be reflected not only in the design of the future permanent mechanism, but also in the agenda and arrangement for future discussions. Contentious topics, including the applicability of international humanitarian law on which there is a clear disagreement, should be removed altogether, precisely in the interest of building consensus. At this stage, we are in no position to support the adoption of voluntary checklists containing Annex I, since this was not thoroughly discussed during the final year cycle of the OEWG. Therefore, we call for the removal of Annex I from the report and recommend to continue discussions on the voluntary checklist within the future permanent mechanism. We believe that Annex II still needs further discussion and refinement, specifically to meet the needs of technical POCs, which could be discussed and adopted in the future permanent mechanism. We also urge to reflect that Member States, while welcoming the UNODA efforts to organize the POC directory simulation exercise, took note of the shortcomings of the mentioned exercise and highlighted the need to refine any future drills as well. We take note of an excessive focus on the issue of critical information infrastructure, including concepts that were not discussed within the OEWG, which should be removed, such as, and I quote, the culture of continuous improvement in order to adapt to evolving ICT threats to critical infrastructure and critical… information infrastructure.” End of quote. The reference to the supposed neutrality of technologies should also be removed as this has not been discussed within the OEWG and there is not a common understanding about it. We believe that ICT criminal activity is different from malicious cyber activity that impact international peace and security. There is a designated platform to discuss issues on cyber crime. The final report should not mix these two kinds of activities. Finally, Mr. Chair, we affirm our commitment to work in a constructive manner with the chair and his team as well as with all national delegations in order to produce consensus report based on a fair balance of interest. We proceed from the understanding that concerns of each and every member state should be treated equally. I thank you.


Chair: Thank you very much, Nicaragua, for your statement. I believe on behalf of the like-minded group. Friends, we are almost one o’clock. Just a few quick comments. First of all, it’s very heartening to see that there are different kinds of like-minded groups in our process. And so we have just had one statement. Nicaragua, I kindly request that you make available the statement to all of us and me a copy as well. We’ll put it on the website. And our exercise or our goal is to converge the different clusters and groups of like-minded members so that at the end of the week, we are all like-minded on a set of issues, recommendations, and outcomes. And that indeed is how we have worked over the last few years because the three annual progress reports reflects a certain like-mindedness in terms of the outcomes of the process. So that’s the first point I wanted to make. Second, yes, of course, it’s my intention to treat every single delegation. equally. And I’d like to give every single delegation that wishes to speak an opportunity to speak. This is the United Nations. And therefore, how we manage the time is going to be very critical. I would like to avoid cutting off microphones, because that’s a terrible practice, because I don’t want to muzzle you. And also because the final outcome must reflect all your views, inputs, aspirations. And the final outcome must be embraced and owned by all of you. It’s not the chair’s outcome. And it’s not going to be a consensus imposed from the podium. It must be owned from all of you. It must emanate and germinate from the floor. And that’s why it’s important to hear everyone. And this leads me to my last point, last two points, actually. I think this morning has been an excellent start. The statements have been very focused and specific. The tone is very positive and constructive, including from our very last speaker, Nicaragua, which has expressed its commitment to working with all member states to achieve consensus. I think everyone is committed to that. I think that sets a great tone and framework for our work for the rest of the day and week. But we have about 20 speakers left. And we are in the first section or clusters of section, section A and B. So this is how I would like to proceed in the afternoon. This afternoon, we will begin sections C and D. Already some of you have delved into regular institutional dialogue, which is a statement from a group that went into some detail on RID. So I think there is a certain eagerness to get into that challenging discussion. And I think it’s important that we get there. So this afternoon, I’ll take the rest of the speakers, but we will also begin. discussions on section C and D. So for the remaining speakers I urge them to collapse their statements to section not only A and B but also C and D and I will also take other comments from groups if they wish to speak on sections C and D and in keeping with UN practice I’ll let those who are speaking on behalf of a group to go first. This is the only way to proceed if we are going to get to sections E and F tomorrow and then to regular institutional dialogue. So I urge your patience and I seek your flexibility and but most of all I appeal for your brevity this afternoon as you make your statements. I wish you all a pleasant and productive lunch and the meeting is now adjourned. See you at 3 p.m.


E

European Union

Speech speed

174 words per minute

Speech length

1455 words

Speech time

501 seconds

Need to preserve and build upon the UN Framework for Responsible State Behavior in cyberspace

Explanation

The EU emphasized that the final report should not diminish the value of the UN framework and should prioritize implementation of existing commitments over new discussions on norms and obligations. They stressed the importance of maintaining the framework’s strong grounding in the final report to ensure international stability and security.


Evidence

Referenced the framework’s pillars and previous work of the Open-Ended Working Group and UN GGEs


Major discussion point

Final Report Structure and Content


Topics

Cybersecurity | Legal and regulatory


Agreed with

– United States
– Japan

Agreed on

Importance of including GGE reports as foundational consensus documents


Disagreed with

– Canada
– United States
– Japan
– Islamic Republic of Iran

Disagreed on

References to 2021 chair’s summary and GGE reports


Report should clearly separate consensus achievements from new proposals still under discussion

Explanation

The EU proposed organizing all sections to clearly distinguish between paragraphs on the UN framework and consensus interpretations from new proposals that haven’t garnered consensus. This separation would leave no doubt about existing rules, norms and principles that states should abide by.


Evidence

Suggested moving certain clarifications to the chapeau and using agreed language


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory | Cybersecurity


Ransomware deserves dedicated paragraph due to its severity and impact on international peace and security

Explanation

The EU highlighted that ransomware has become a prime threat, particularly to healthcare sectors due to sensitive patient data and critical operations. They emphasized the need for action-oriented measures under dedicated thematic groups to address this threat appropriately.


Evidence

Noted that healthcare has become a prime target for ransomware actors and that criminal groups operating from certain states’ territories seek to disrupt public entities in other states


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Human rights


Agreed with

– Mauritius
– Qatar
– Colombia

Agreed on

Recognition of ransomware as major threat requiring dedicated attention


I

Islamic Republic of Iran

Speech speed

148 words per minute

Speech length

986 words

Speech time

399 seconds

Terminology should be “security of and in the use of ICTs” rather than “ICT security” throughout the text

Explanation

Iran argued that “ICT security” captures only a limited dimension of the OEWG’s comprehensive mandate, while “security of and in the use of ICTs” better reflects the full scope and intent of the group’s work. They requested this change throughout the text including in the overview section.


Evidence

Referenced the OEWG’s comprehensive mandate and the need for accurate terminology


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory | Cybersecurity


Disagreed with

– Russian Federation
– Nicaragua

Disagreed on

Terminology: ‘ICT security’ vs. ‘security of and in the use of ICTs’


C

Canada

Speech speed

137 words per minute

Speech length

435 words

Speech time

189 seconds

References to 2021 chair’s summary should be removed as it’s not a consensus document

Explanation

Canada urged the Chair to remove references to the 2021 summary throughout the report, emphasizing that this document does not represent consensus and should not be treated as such. They argued these references are confusing because they give the impression the summary has a status it hasn’t earned.


Evidence

Noted that references to the 2021 document are confusing and give false impression of consensus status


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory


Agreed with

– Australia
– United States

Agreed on

Need to remove references to 2021 chair’s summary as non-consensus document


Disagreed with

– United States
– Japan
– Islamic Republic of Iran

Disagreed on

References to 2021 chair’s summary and GGE reports


U

United States

Speech speed

137 words per minute

Speech length

664 words

Speech time

290 seconds

Report should include references to GGE reports as foundational consensus documents

Explanation

The US welcomed references to GGE reports in paragraph 13, emphasizing that these reports represent the foundation of the work and were adopted by consensus by all UN member states. They argued these foundational documents should be properly referenced in the report.


Evidence

Noted that GGE reports were adopted by consensus by all UN member states and represent the foundation of the work


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory | Cybersecurity


Agreed with

– Canada
– Australia

Agreed on

Need to remove references to 2021 chair’s summary as non-consensus document


Disagreed with

– Canada
– Japan
– Islamic Republic of Iran

Disagreed on

References to 2021 chair’s summary and GGE reports


Cannot support “exclusively peaceful purposes” language as ICTs are already used in conflicts

Explanation

The US argued that states are already using ICTs in armed conflict contexts, making the “exclusively peaceful purposes” reference confusing and disconnected from reality. They emphasized the importance of reaffirming commitment to applying international humanitarian law principles to ICT use in armed conflict.


Evidence

Noted that every state is aware that ICTs are already being used in the context of armed conflict


Major discussion point

Use of ICTs in Armed Conflict


Topics

Cybersecurity | Legal and regulatory


Disagreed with

– Australia
– Switzerland
– Cuba

Disagreed on

Use of ICTs for ‘exclusively peaceful purposes’ vs. recognition of legitimate use in armed conflict


Emerging technologies discussions should remain within OEWG mandate and avoid overemphasizing risks

Explanation

The US cautioned that while some states are eager to discuss emerging technologies, these discussions need to be carefully kept within the OEWG’s existing mandate. They viewed much of the language on emerging technologies as unnecessarily detailed and overemphasizing risk over opportunity.


Major discussion point

Emerging Technologies and AI


Topics

Cybersecurity | Development


R

Russian Federation

Speech speed

132 words per minute

Speech length

931 words

Speech time

423 seconds

Text needs to be shortened and streamlined to focus on essential elements

Explanation

Russia argued that agreeing on 50 pages of report in a short timeframe is overly ambitious and called for shortening the text. They suggested deleting or shortening paragraphs that duplicate previous agreements or contain issues not related to the group’s mandate, such as cryptocurrency, information crime, and gender issues.


Evidence

Cited examples of issues they consider outside the mandate: cryptocurrency, information crime, gender issues


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory


Disagreed with

– Japan
– Cuba
– Mauritius

Disagreed on

Inclusion of cybercrime and cryptocurrency theft in international peace and security context


S

South Africa

Speech speed

123 words per minute

Speech length

243 words

Speech time

117 seconds

Report provides balanced foundation for negotiations and reflects diverse viewpoints

Explanation

South Africa expressed confidence that the Rev 1 text is balanced and provides a solid foundation for negotiation, reflecting diverse viewpoints and discussions held over the past four and a half years. They believed consensus can be achieved on these elements to ensure seamless transition to the future permanent mechanism.


Evidence

Referenced the four and a half years of discussions and diverse viewpoints reflected in the text


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory


N

Nigeria

Speech speed

125 words per minute

Speech length

479 words

Speech time

229 seconds

Growing threats to critical infrastructure, especially healthcare, energy, and financial sectors

Explanation

Speaking for the African Group, Nigeria emphasized the importance of addressing risks and threats to critical infrastructure and critical information infrastructure, which are increasingly relevant to African countries given valuable investments in such infrastructure. They highlighted that these threats impair African states’ ability to pursue their developmental path and compromise state institutions’ credibility.


Evidence

Mentioned valuable investment in infrastructure from limited pool of resources and trajectory of digitalization in African states


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Development


F

Fiji

Speech speed

147 words per minute

Speech length

592 words

Speech time

240 seconds

Support for single-track permanent mechanism with cross-cutting approach

Explanation

Speaking for the Pacific Islands Forum, Fiji emphasized that the future permanent mechanism must be inclusive and balanced, not only in participation but in agenda setting, working modalities, and outcomes. They stressed the importance of the mechanism being action-oriented and focused on delivering real results for all countries.


Evidence

Referenced the OEWG’s delivery of meaningful dialogue and the need for practical outcomes


Major discussion point

Future Permanent Mechanism Structure


Topics

Legal and regulatory


Disagreed with

– Nicaragua
– Rwanda

Disagreed on

Structure and scope of dedicated thematic groups


T

Thailand

Speech speed

112 words per minute

Speech length

372 words

Speech time

198 seconds

Importance of including Advanced Persistent Threats (APTs) in threat assessment

Explanation

Thailand highlighted that APTs are especially alarming due to their complex and sustained nature, capable of disrupting essential services and threatening national security, economic stability, and public safety. They noted these risks are more serious for developing countries with limited cybersecurity capacity.


Evidence

Emphasized the complex and sustained nature of APTs and their particular impact on developing countries with limited capacity


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Development


M

Mauritius

Speech speed

116 words per minute

Speech length

852 words

Speech time

440 seconds

Cryptocurrency theft linked to ICT threats demands urgent international attention

Explanation

Mauritius expressed concern over the growing incidence of cryptocurrency theft linked to ICT threats, emphasizing that this issue demands urgent and coordinated international attention. They supported the emphasis in the report on addressing this growing threat to international peace and security.


Major discussion point

Cyber Threats Landscape


Topics

Economic | Cybersecurity


Agreed with

– European Union
– Qatar
– Colombia

Agreed on

Recognition of ransomware as major threat requiring dedicated attention


Disagreed with

– Japan
– Cuba
– Russian Federation

Disagreed on

Inclusion of cybercrime and cryptocurrency theft in international peace and security context


AI and quantum computing introduce new risks that amplify speed and scale of malicious activities

Explanation

Mauritius recognized that while technologies are inherently neutral, the rapid advancement and convergence of emerging technologies like AI and quantum computing introduce new risks that may amplify the speed, scale, and targeting capabilities of malicious ICT activities. They emphasized the need for strengthened governance and responsible innovation.


Evidence

Referenced dual-use nature of technologies including risks from large-language models, deepfakes, synthetic content, and AI-generated malware


Major discussion point

Emerging Technologies and AI


Topics

Cybersecurity | Development


Importance of full, equal, and meaningful participation of women in ICT decision-making

Explanation

Mauritius strongly supported the emphasis on narrowing the gender digital divide and promoting full, equal, and meaningful participation and leadership of women in ICT-related decision-making, particularly in international peace and security contexts. They viewed this as both essential and overdue, reaffirming commitment to advancing gender inclusion as core to effective cyber diplomacy.


Evidence

Referenced the increasing participation of women delegates in the OEWG and growing integration of gender perspective in deliberations


Major discussion point

Gender Inclusion and Participation


Topics

Gender rights online | Human rights principles


Agreed with

– Republic of Moldova
– Colombia
– Australia

Agreed on

Importance of gender inclusion and women’s participation in ICT decision-making


G

Ghana

Speech speed

142 words per minute

Speech length

503 words

Speech time

212 seconds

Supply chain integrity requires security by design principles throughout ICT lifecycle

Explanation

Ghana proposed adding language emphasizing the critical importance of security by design throughout the lifecycle of ICTs as a fundamental measure to mitigate supply chain risks. They argued that supply chain integrity cannot be fully ensured without consistent application of security by design principles by all actors involved.


Evidence

Referenced consistent emphasis by Ghana and other delegations in previous OEWG sessions on security by design


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Infrastructure


A

Australia

Speech speed

148 words per minute

Speech length

568 words

Speech time

229 seconds

Need to recognize reality of ICT use in conflicts while promoting responsible use under international law

Explanation

Australia argued there is a serious disconnect between recognizing that cyber is already being used in conflict situations and promoting ICTs for “exclusively peaceful purposes.” They emphasized that cyber can legitimately be used in conflict in ways that help parties distinguish between civilian and military objectives, regulated by international humanitarian law.


Evidence

Noted that cyber has already been and can legitimately be used in conflict including in ways that better allow distinction between civilian objects and military objectives


Major discussion point

Use of ICTs in Armed Conflict


Topics

Cybersecurity | Legal and regulatory


Agreed with

– United States
– Switzerland

Agreed on

Rejection of ‘exclusively peaceful purposes’ language for ICT use


Disagreed with

– United States
– Switzerland
– Cuba

Disagreed on

Use of ICTs for ‘exclusively peaceful purposes’ vs. recognition of legitimate use in armed conflict


Threats from commercially available ICT intrusion capabilities need appropriate safeguards

Explanation

Australia appreciated the addition of language on the need to establish appropriate safeguards and oversight efforts regarding commercially available ICT intrusion capabilities. They supported France’s amendment to ensure consistency with international law references throughout the paragraph.


Evidence

Referenced the growing market for commercially available ICT intrusion capabilities and supported France’s proposed amendment


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Legal and regulatory


Disappointment over denied accreditation of stakeholders due to exclusionary modalities

Explanation

Australia expressed disappointment that stakeholders were again denied accreditation to the final OEWG session due to exclusionary use of stakeholder modalities. They argued this reduces member states’ ability to benefit from indispensable stakeholder expertise and strongly supported improving stakeholder modalities in the future permanent mechanism.


Evidence

Referenced the Canada-Chile paper to improve stakeholder modalities in the future permanent mechanism


Major discussion point

Stakeholder Engagement


Topics

Legal and regulatory


Agreed with

– Canada
– United States

Agreed on

Need to remove references to 2021 chair’s summary as non-consensus document


Disagreed with

– Croatia
– Turkey
– Nicaragua

Disagreed on

Stakeholder participation modalities in future permanent mechanism


E

El Salvador

Speech speed

125 words per minute

Speech length

285 words

Speech time

136 seconds

Need for post-quantum cryptographic solutions to address quantum computing threats

Explanation

El Salvador welcomed the inclusion of their suggestion on post-quantum cryptographic solutions in paragraph 27 and requested that this language be maintained. They viewed this as important for addressing emerging technological threats and vulnerabilities.


Evidence

Noted that El Salvador’s suggestion was included in paragraph 27 of the draft


Major discussion point

Emerging Technologies and AI


Topics

Cybersecurity | Infrastructure


I

Indonesia

Speech speed

150 words per minute

Speech length

297 words

Speech time

118 seconds

Continued dialogue on emerging technologies needed in future permanent mechanism

Explanation

Indonesia hoped that further discussion on emerging technologies could continue in the future permanent mechanism. They welcomed the inclusion of peaceful uses of ICTs and elements on emerging technologies such as AI and quantum computing in the relevant paragraphs.


Evidence

Referenced paragraphs 15, 26, and 27 addressing peaceful uses and emerging technologies


Major discussion point

Emerging Technologies and AI


Topics

Cybersecurity | Development


Q

Qatar

Speech speed

123 words per minute

Speech length

368 words

Speech time

179 seconds

Dual-use nature of technologies including AI-generated malware requires attention

Explanation

Qatar emphasized the need to discuss threats and security gaps resulting from increased use of AI and modern technology. They welcomed comprehensive treatment of increased threats from ransomware and malicious software, highlighting the importance of addressing the dual-use nature of emerging technologies.


Evidence

Referenced paragraphs 20, 24, and 26 addressing AI threats and ransomware


Major discussion point

Emerging Technologies and AI


Topics

Cybersecurity | Development


Agreed with

– European Union
– Mauritius
– Colombia

Agreed on

Recognition of ransomware as major threat requiring dedicated attention


C

Cuba

Speech speed

100 words per minute

Speech length

440 words

Speech time

262 seconds

Support for “exclusively peaceful purposes” language to prevent legitimizing use of force

Explanation

Cuba supported the modification in paragraph 15 referring to the need to promote ICTs for exclusively peaceful purposes, though they would have preferred even more explicit language reflecting unequivocal commitment by all states. They could not accept formulas that could legitimize the use of force in this area.


Evidence

Referenced their preference for more explicit language and rejection of formulas legitimizing use of force


Major discussion point

Use of ICTs in Armed Conflict


Topics

Cybersecurity | Legal and regulatory


Disagreed with

– Japan
– Russian Federation
– Mauritius

Disagreed on

Inclusion of cybercrime and cryptocurrency theft in international peace and security context


S

Singapore

Speech speed

152 words per minute

Speech length

364 words

Speech time

143 seconds

Need for enhanced CERT cooperation and public-private partnerships

Explanation

Singapore supported the importance of encouraging cooperation and dialogue particularly at the CERT level, emphasizing that CERT-related information sharing and cooperation should occur in a timely manner to ensure appropriate response to cyber incidents. They provided examples from their region of successful information sharing mechanisms.


Evidence

Referenced the ASEAN regional CERT and information sharing mechanism as useful examples of cooperation


Major discussion point

Capacity Building and Regional Cooperation


Topics

Cybersecurity | Infrastructure


A

Argentina

Speech speed

137 words per minute

Speech length

324 words

Speech time

141 seconds

Capacity building should be needs-based, sustainable, and respect state sovereignty

Explanation

Argentina reaffirmed that capacity building represents an essential pillar for strengthening state resilience in cybersecurity, emphasizing that efforts should be adapted to specific realities and vulnerabilities of each state while fully respecting sovereignty. They viewed strengthening cyber resilience as both a technical tool and substantial contribution to international peace and security.


Evidence

Referenced previously adopted principles in progress reports as strong basis for future work


Major discussion point

Capacity Building and Regional Cooperation


Topics

Development | Capacity development


Prefer specific references to “women” rather than broader “gender” terminology

Explanation

Argentina suggested replacing the term “gender” with “women” for greater clarity, arguing that gender terms make women invisible and prevent women from affirming their rights. They proposed similar changes throughout the document where gender references are found.


Evidence

Indicated they would submit written proposals for terminology changes


Major discussion point

Gender Inclusion and Participation


Topics

Gender rights online | Human rights principles


M

Malawi

Speech speed

121 words per minute

Speech length

362 words

Speech time

179 seconds

Cross-regional collaboration essential for addressing cyber threats

Explanation

Malawi emphasized the urgent need to address vulnerabilities in undersea cables and satellite communications, calling for enhanced cooperation between CERTs, improved public-private partnerships, and regional response frameworks. They highlighted their own experience with cyber incidents and the need for strengthened national threat monitoring capacity.


Evidence

Referenced the 2024 breach of Malawi’s passport issuance system and increase in mobile money fraud, SIM swap scams, and phishing attacks


Major discussion point

Capacity Building and Regional Cooperation


Topics

Cybersecurity | Development


R

Republic of Moldova

Speech speed

124 words per minute

Speech length

522 words

Speech time

252 seconds

Need to address gender digital divide and promote women’s leadership

Explanation

Moldova appreciated the OEWG’s efforts to promote gender inclusion and increasing participation of women in cyber diplomacy. They remained committed to reducing the gender digital divide and enabling full and meaningful participation of women in ICT policies both domestically and internationally.


Evidence

Referenced the increasing participation of women in cyber diplomacy within the OEWG process


Major discussion point

Gender Inclusion and Participation


Topics

Gender rights online | Development


Agreed with

– Mauritius
– Colombia
– Australia

Agreed on

Importance of gender inclusion and women’s participation in ICT decision-making


C

Colombia

Speech speed

124 words per minute

Speech length

368 words

Speech time

176 seconds

Growing integration of gender perspective in OEWG deliberations should be maintained

Explanation

Colombia welcomed the reference to inclusion of women and gender perspective in discussions on ICT topics, emphasizing this as fundamental. They supported maintaining references to equal meaningful participation of women in decision-making processes related to ICT use in international security contexts.


Evidence

Referenced paragraphs 2 and 30 addressing gender perspectives and women’s participation


Major discussion point

Gender Inclusion and Participation


Topics

Gender rights online | Human rights principles


Agreed with

– Mauritius
– Republic of Moldova
– Australia

Agreed on

Importance of gender inclusion and women’s participation in ICT decision-making


N

Nicaragua

Speech speed

137 words per minute

Speech length

1059 words

Speech time

463 seconds

Dedicated thematic groups should not undermine the five pillars of the mandate

Explanation

Speaking for the like-minded group, Nicaragua argued that dedicated thematic groups must not undermine the five pillars of the mandate (threats, norms, international law, confidence building measures, capacity building). They could not support dedicated thematic group 1 in the current draft and proposed creating a separate dedicated thematic group on norms.


Evidence

Referenced the third annual progress report’s explicit mention that dedicated thematic groups are to be established by decisions of the future permanent mechanism as required


Major discussion point

Future Permanent Mechanism Structure


Topics

Legal and regulatory


Disagreed with

– Rwanda
– Fiji

Disagreed on

Structure and scope of dedicated thematic groups


Stakeholder participation should maintain intergovernmental nature of the process

Explanation

The like-minded group advocated for maintaining current stakeholder participation modalities from April 2022, arguing they represent a delicate balance ensuring both inclusivity and intergovernmental nature. They opposed giving floor to NGOs after states in plenaries and the concept of consultations, as well as stakeholder participation in dedicated thematic groups.


Evidence

Referenced the April 2022 modalities that included one dedicated segment for NGOs to present views in each substantive session


Major discussion point

Stakeholder Engagement


Topics

Legal and regulatory


Disagreed with

– Australia
– Croatia
– Turkey

Disagreed on

Stakeholder participation modalities in future permanent mechanism


Consensus-based appointment of co-facilitators for dedicated thematic groups

Explanation

The like-minded group argued that the chair’s powers should not be overstretched in terms of appointing co-facilitators of dedicated thematic groups. Since this issue might have political implications, they considered it more appropriate to follow the principle of consensus while appointing co-facilitators.


Evidence

Emphasized that authorities of co-facilitators should be clearly defined with no space for submitting recommendations without prior transparent discussions


Major discussion point

Future Permanent Mechanism Structure


Topics

Legal and regulatory


T

Turkey

Speech speed

127 words per minute

Speech length

571 words

Speech time

269 seconds

UN Charter and international law apply in cyberspace with need for clarity on thresholds

Explanation

Turkey reiterated that the UN Charter and other relevant instruments apply in cyberspace, but noted that ambiguity remains concerning thresholds such as use of force, intervention, and state responsibility. They supported dedicating a thematic group under the future mechanism to address these issues.


Evidence

Referenced paragraphs 38 to 42 and proposed thematic group in Annex 3


Major discussion point

International Law Application


Topics

Legal and regulatory | Cybersecurity


Need for operational modalities for cross-border ICT incident cooperation

Explanation

Turkey emphasized the importance of effective cooperation between source and affected states in responding to cross-border ICT incidents. They argued that developing operational modalities for such coordination will be key to preventing escalation and fostering mutual confidence.


Major discussion point

International Law Application


Topics

Cybersecurity | Legal and regulatory


Clear affirmation needed that participation based on accredited status and non-objection principle

Explanation

Turkey supported transparency and inclusiveness in stakeholder engagement but emphasized this must not come at the expense of the intergovernmental character of the process, which they viewed as a red line. They urged clear affirmation that participation would be strictly based on accredited status in accordance with established UN practice.


Evidence

Referenced established UN practice and the principle of non-objection


Major discussion point

Stakeholder Engagement


Topics

Legal and regulatory


Disagreed with

– Australia
– Croatia
– Nicaragua

Disagreed on

Stakeholder participation modalities in future permanent mechanism


S

Switzerland

Speech speed

137 words per minute

Speech length

797 words

Speech time

347 seconds

Regional organizations play important role in implementing responsible state behavior framework

Explanation

Switzerland emphasized that regional and sub-regional organizations have demonstrated they play an important role in implementing the framework for responsible state behavior in ICTs, particularly in capacity building. They provided concrete examples of regional organizations’ work and recommendations for the future mechanism.


Evidence

Referenced non-paper on role of regional organizations with examples from ASEAN, African Union, ECOWAS, EU, Pacific Island Forum, OAS, and OSCE


Major discussion point

Capacity Building and Regional Cooperation


Topics

Development | Legal and regulatory


International humanitarian law should be clearly reflected in discussions on ICT use in conflicts

Explanation

Switzerland argued that robust discussions of IHL during the OEWG are not adequately reflected in the draft and should not be compounded by confusing text. They proposed adding language from Red Cross resolutions about states’ shared commitment to protect civilian populations in conflict situations.


Evidence

Referenced resolution from 34th International Conference of Red Cross and Red Crescent on protecting civilians from ICT activities during armed conflict


Major discussion point

Use of ICTs in Armed Conflict


Topics

Legal and regulatory | Human rights principles


Disagreed with

– United States
– Australia
– Cuba

Disagreed on

Use of ICTs for ‘exclusively peaceful purposes’ vs. recognition of legitimate use in armed conflict


C

Croatia

Speech speed

132 words per minute

Speech length

566 words

Speech time

255 seconds

Stakeholder expertise is indispensable for informed discussions

Explanation

Croatia argued that the threat landscape’s continued evolution requires making use of all available expertise, noting it’s strange to recognize the value of involving stakeholders in other fields while remaining reluctant in cybersecurity. They emphasized that seeing positives at the greatest stage can inspire new and emerging actors in cybersecurity globally.


Evidence

Referenced last week’s town hall meeting that showcased abundance of stakeholder interest


Major discussion point

Stakeholder Engagement


Topics

Cybersecurity | Development


Disagreed with

– Australia
– Turkey
– Nicaragua

Disagreed on

Stakeholder participation modalities in future permanent mechanism


C

Chair

Speech speed

120 words per minute

Speech length

5001 words

Speech time

2493 seconds

Consensus is possible when states work together in spirit of mutual cooperation

Explanation

The Chair emphasized that when states are ready to work together and talk to each other in a spirit of mutual cooperation, and when they exercise flexibility to achieve compromise, consensus is possible and progress is achievable. They noted these factors remain in place for the current process.


Evidence

Referenced the successful adoption of three annual progress reports and the positive, constructive tone of the current discussions


Major discussion point

Consensus Building and Process


Topics

Legal and regulatory


E

Egypt

Speech speed

154 words per minute

Speech length

572 words

Speech time

222 seconds

Need for more equitable and diverse representation of threats landscape across all countries and regions

Explanation

Egypt proposed adding language to ensure the threats landscape captures and addresses the widest and most diverse range of risks and threats in a manner that equitably represents realities in all countries and regions. They emphasized that a better informed understanding of threats contributes to building more resilient digital ecosystems.


Evidence

Suggested specific text additions to paragraphs 14, 15, and 22 to better capture present reality and disproportionate impacts on transitional states


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Development


Recognition of disproportionate impact of malicious activities on states in transitional phases

Explanation

Egypt highlighted that states in transitional phases or emerging from armed conflicts, particularly in Africa and other developing countries, face disproportionate impacts from malicious activities including misinformation. These states may be subject to heightened risk of relapse and increased fragility.


Evidence

Proposed specific language addition to paragraph 22 addressing impacts on states in transitional phases or emerging from armed conflicts


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Development | Human rights


Support for consensus-based approach and seamless transition to future permanent mechanism

Explanation

Egypt emphasized their commitment to ensuring consensus that allows smooth transition to the future permanent mechanism while safeguarding gains and milestones achieved through the OEWG work. They encouraged delegations to engage with an open mind and sense of purpose, exercising self-restraint in comments to allow ample time for considering the future mechanism.


Evidence

Referenced the wide sense of commitment and political will among member states and the promising, balanced nature of REV.1


Major discussion point

Consensus Building and Process


Topics

Legal and regulatory


I

Izumi Nakamitsu

Speech speed

103 words per minute

Speech length

679 words

Speech time

394 seconds

OEWG has demonstrated value of multilateralism through consensus achievements despite challenging circumstances

Explanation

Nakamitsu highlighted that the OEWG has been a demonstration of what is possible in multilateralism, achieving not only progress but consensus. She emphasized that achieving outcomes would have been challenging in the best of circumstances, but the group managed to maintain a positive record of success while conflicts raged and divisions deepened.


Evidence

Cited specific achievements including global intergovernmental directory with 115+ states, eight global confidence-building measures, common understandings on ICT security threats, and first-ever Global Roundtable discussion


Major discussion point

OEWG Achievements and Legacy


Topics

Legal and regulatory | Development


Growing concerns about malicious ICT activity targeting civilian infrastructure in conflicts

Explanation

Nakamitsu expressed unabated concern about challenges to international peace and security from state use of ICTs. She particularly highlighted that recent conflicts demonstrate serious dangers posed to civilians by malicious ICT activity, especially targeting infrastructure essential for public services.


Evidence

Referenced recent conflicts and their demonstration of dangers to civilians from malicious ICT activity targeting essential infrastructure


Major discussion point

Cyber Threats Landscape


Topics

Cybersecurity | Human rights


Need for balance between inclusive stakeholder participation and focused thematic discussions

Explanation

Nakamitsu emphasized that diverse stakeholders have much to contribute to future processes and expressed hope that modalities for meaningful participation would be finalized. She also stressed the importance of having space for focused exchanges with action-oriented recommendations through thematic groups.


Evidence

Referenced ongoing divergences of views on stakeholder modalities and dedicated thematic working groups


Major discussion point

Stakeholder Engagement


Topics

Legal and regulatory | Development


J

Japan

Speech speed

127 words per minute

Speech length

223 words

Speech time

104 seconds

GGE work must be referenced alongside OEWG work as foundation for UN discussions

Explanation

Japan emphasized that UN discussions are based on a series of discussions and efforts done by both the OEWG and GGE. They argued it is necessary to mention not only the OEWG’s work but also the GGE’s work in relevant paragraphs, retaining existing references and adding them where missing.


Evidence

Referenced paragraphs 8 and 13 as examples where GGE work should be mentioned or retained


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory | Cybersecurity


Agreed with

– United States
– European Union

Agreed on

Importance of including GGE reports as foundational consensus documents


Disagreed with

– Canada
– United States
– Islamic Republic of Iran

Disagreed on

References to 2021 chair’s summary and GGE reports


Cryptocurrency theft in context of international peace and security should be maintained in report

Explanation

Japan highly valued that REV.1 mentions cryptocurrency theft in the context of international peace and security in paragraph 24. Despite hearing contrary views in the room, Japan specifically requested that this text be maintained as it stands in REV.1.


Evidence

Referenced paragraph 24 and the upward trend of cross-border cyber attacks and intrusions


Major discussion point

Cyber Threats Landscape


Topics

Economic | Cybersecurity


Disagreed with

– Cuba
– Russian Federation
– Mauritius

Disagreed on

Inclusion of cybercrime and cryptocurrency theft in international peace and security context


R

Rwanda

Speech speed

99 words per minute

Speech length

351 words

Speech time

212 seconds

Cyber threats demand responses that transcend boundaries and unite states in common purpose

Explanation

Rwanda emphasized that cyber threats recognize no borders and require responses that transcend boundaries, uniting states in common purpose. They highlighted that as the world becomes increasingly interconnected, ICT security has become fundamental to international peace, stability and sustainable development.


Evidence

Referenced the interconnected nature of the digital world and the fundamental importance of ICT security


Major discussion point

International Cooperation and Unity


Topics

Cybersecurity | Development


Support for three proposed dedicated thematic groups with interconnected approach

Explanation

Rwanda commended the three proposed dedicated thematic groups, viewing them as creating a framework that balances focus with comprehensiveness. They acknowledged the interconnected nature of these pillars and supported allowing each dedicated thematic group to meet jointly with others to facilitate holistic discussions on linkages between issues.


Evidence

Referenced the balanced framework and interconnected nature of the pillars


Major discussion point

Future Permanent Mechanism Structure


Topics

Legal and regulatory


Disagreed with

– Nicaragua
– Fiji

Disagreed on

Structure and scope of dedicated thematic groups


International cooperation on emerging technologies standards is essential not merely desirable

Explanation

Rwanda acknowledged that innovation is a double-edged sword, bringing transformative opportunities while introducing new vulnerabilities that are only beginning to be understood. They emphasized that international cooperation on emerging technologies standards is not merely desirable but essential as states stand at the threshold of unprecedented technological advancement.


Evidence

Referenced unprecedented technological advancement and new vulnerabilities from innovation


Major discussion point

Emerging Technologies and AI


Topics

Cybersecurity | Development


F

France

Speech speed

127 words per minute

Speech length

293 words

Speech time

138 seconds

Urgent need to implement Framework for Responsible Behavior through action-oriented mechanism

Explanation

France argued that discussions on growing and multifaceted threats in cyberspace demonstrate the urgency to implement the Framework for Responsible Behavior by States through an action-oriented mechanism. They viewed this framework as the best asset for dealing with cyber threats, emphasizing the need for implementation over new discussions.


Evidence

Referenced growing threats including ransomware, AI-linked cyber threats, and commercial market for cyber intrusion capabilities


Major discussion point

Framework Implementation


Topics

Cybersecurity | Legal and regulatory


Agreed with

– European Union
– Croatia
– Republic of Moldova

Agreed on

Need to preserve and build upon existing UN Framework for Responsible State Behavior


Report remains unbalanced and needs clear separation between consensus and non-consensus elements

Explanation

France stated that the revised draft report remains unbalanced and requires work to reach consensus. They emphasized the need to clearly separate paragraphs on the UN framework and consensus interpretations from new proposals that have not garnered consensus, ensuring no doubt about existing rules that states should abide by.


Evidence

Referenced the need to differentiate consensus achievements from proposals that could be part of future discussions


Major discussion point

Final Report Structure and Content


Topics

Legal and regulatory


Problematic language on ICT uses by states needs revision for international law consistency

Explanation

France supported delegations raising issues with paragraph 15 containing problematic and non-consensual language on uses of cyberspace by states. They proposed specific language for paragraph 25 to ensure consistency with international law, suggesting states should access and utilize ICT tools for legitimate and necessary purposes with appropriate safeguards.


Evidence

Proposed specific text: ‘to access and utilize ICT tools for legitimate and necessary purposes consistent with international law where appropriate safeguards and oversight are in place’


Major discussion point

International Law Application


Topics

Legal and regulatory | Cybersecurity


Agreed with

– United States
– Australia
– Switzerland

Agreed on

Rejection of ‘exclusively peaceful purposes’ language for ICT use


Agreements

Agreement points

Need to preserve and build upon existing UN Framework for Responsible State Behavior

Speakers

– European Union
– France
– Croatia
– Republic of Moldova

Arguments

Need to preserve and build upon the UN Framework for Responsible State Behavior in cyberspace


Urgent need to implement Framework for Responsible Behavior through action-oriented mechanism


Support for established UN framework of responsible state behavior


Strong support for consensus-based work and foundational role in reinforcing international peace and security


Summary

Multiple speakers emphasized the critical importance of maintaining and implementing the existing UN Framework for Responsible State Behavior in cyberspace rather than creating new frameworks or undermining existing consensus


Topics

Cybersecurity | Legal and regulatory


Rejection of ‘exclusively peaceful purposes’ language for ICT use

Speakers

– United States
– Australia
– Switzerland

Arguments

Cannot support ‘exclusively peaceful purposes’ language as ICTs are already used in conflicts


Need to recognize reality of ICT use in conflicts while promoting responsible use under international law


Problematic language on ICT uses by states needs revision for international law consistency


Summary

These speakers agreed that the ‘exclusively peaceful purposes’ language is problematic because it fails to recognize the reality that ICTs are already being used in armed conflicts and should be regulated by international humanitarian law


Topics

Cybersecurity | Legal and regulatory


Importance of including GGE reports as foundational consensus documents

Speakers

– United States
– Japan
– European Union

Arguments

Report should include references to GGE reports as foundational consensus documents


GGE work must be referenced alongside OEWG work as foundation for UN discussions


Need to preserve and build upon the UN Framework for Responsible State Behavior in cyberspace


Summary

These speakers agreed that the Group of Governmental Experts (GGE) reports represent foundational consensus documents that should be properly referenced in the final report alongside OEWG work


Topics

Legal and regulatory | Cybersecurity


Need to remove references to 2021 chair’s summary as non-consensus document

Speakers

– Canada
– Australia
– United States

Arguments

References to 2021 chair’s summary should be removed as it’s not a consensus document


Disappointment over denied accreditation of stakeholders due to exclusionary modalities


Report should include references to GGE reports as foundational consensus documents


Summary

These speakers agreed that the 2021 chair’s summary should not be referenced in the final report because it does not represent consensus and gives a false impression of agreed status


Topics

Legal and regulatory


Recognition of ransomware as major threat requiring dedicated attention

Speakers

– European Union
– Mauritius
– Qatar
– Colombia

Arguments

Ransomware deserves dedicated paragraph due to its severity and impact on international peace and security


Cryptocurrency theft linked to ICT threats demands urgent international attention


Dual-use nature of technologies including AI-generated malware requires attention


Reference to comprehensive treatment of increased threats from ransomware


Summary

Multiple speakers recognized ransomware as a severe and growing threat that requires comprehensive treatment and dedicated attention in international cybersecurity discussions


Topics

Cybersecurity | Economic


Importance of gender inclusion and women’s participation in ICT decision-making

Speakers

– Mauritius
– Republic of Moldova
– Colombia
– Australia

Arguments

Importance of full, equal, and meaningful participation of women in ICT decision-making


Need to address gender digital divide and promote women’s leadership


Growing integration of gender perspective in OEWG deliberations should be maintained


Support for full, equal and meaningful engagement of women in the OEWG process


Summary

These speakers shared strong support for promoting gender inclusion, narrowing the gender digital divide, and ensuring meaningful participation of women in ICT-related decision-making processes


Topics

Gender rights online | Human rights principles


Similar viewpoints

These speakers, representing the like-minded group, shared concerns about maintaining the comprehensive mandate scope, streamlining the text, and ensuring the future mechanism doesn’t undermine established pillars

Speakers

– Islamic Republic of Iran
– Russian Federation
– Nicaragua

Arguments

Terminology should be ‘security of and in the use of ICTs’ rather than ‘ICT security’ throughout the text


Text needs to be shortened and streamlined to focus on essential elements


Dedicated thematic groups should not undermine the five pillars of the mandate


Topics

Legal and regulatory | Cybersecurity


These speakers emphasized the particular vulnerabilities of developing countries to cyber threats and the need for more comprehensive, equitable representation of the global threat landscape

Speakers

– Nigeria
– Thailand
– Malawi
– Egypt

Arguments

Growing threats to critical infrastructure, especially healthcare, energy, and financial sectors


Importance of including Advanced Persistent Threats (APTs) in threat assessment


Cross-regional collaboration essential for addressing cyber threats


Need for more equitable and diverse representation of threats landscape across all countries and regions


Topics

Cybersecurity | Development


These speakers supported meaningful stakeholder engagement while maintaining the intergovernmental nature of the process, though with different emphases on inclusivity versus control

Speakers

– Australia
– Croatia
– Turkey

Arguments

Disappointment over denied accreditation of stakeholders due to exclusionary modalities


Stakeholder expertise is indispensable for informed discussions


Clear affirmation needed that participation based on accredited status and non-objection principle


Topics

Legal and regulatory


These speakers emphasized the importance of technical cooperation, regional collaboration, and public-private partnerships in building cybersecurity resilience

Speakers

– Singapore
– Ghana
– Switzerland

Arguments

Need for enhanced CERT cooperation and public-private partnerships


Supply chain integrity requires security by design principles throughout ICT lifecycle


Regional organizations play important role in implementing responsible state behavior framework


Topics

Cybersecurity | Development


Unexpected consensus

Broad support for capacity building as foundational pillar

Speakers

– Argentina
– Mauritius
– Indonesia
– Fiji
– Rwanda

Arguments

Capacity building should be needs-based, sustainable, and respect state sovereignty


Support for emphasis on capacity building as foundational pillar for strengthening national resilience


Continued dialogue on emerging technologies needed in future permanent mechanism


Support for single-track permanent mechanism with cross-cutting approach


International cooperation on emerging technologies standards is essential not merely desirable


Explanation

Despite different regional and political alignments, there was unexpected broad consensus across diverse countries on the fundamental importance of capacity building as a cross-cutting enabler for cybersecurity


Topics

Development | Capacity development


Recognition of emerging technologies risks across political divides

Speakers

– Mauritius
– Qatar
– Indonesia
– Rwanda
– El Salvador

Arguments

AI and quantum computing introduce new risks that amplify speed and scale of malicious activities


Dual-use nature of technologies including AI-generated malware requires attention


Continued dialogue on emerging technologies needed in future permanent mechanism


International cooperation on emerging technologies standards is essential not merely desirable


Need for post-quantum cryptographic solutions to address quantum computing threats


Explanation

Countries from different regions and political alignments showed unexpected consensus on the need to address risks from emerging technologies like AI and quantum computing, suggesting this is seen as a universal challenge


Topics

Cybersecurity | Development


Overall assessment

Summary

The discussion revealed strong consensus on preserving existing frameworks, addressing ransomware threats, promoting gender inclusion, and building capacity. However, significant divisions emerged on the scope of ICT use in conflicts, stakeholder participation modalities, and the structure of future mechanisms.


Consensus level

Moderate to high consensus on technical and capacity-building issues, but lower consensus on political and governance questions. The broad agreement on foundational principles suggests potential for successful transition to a permanent mechanism, though key political disagreements about stakeholder roles and conflict-related ICT use remain unresolved.


Differences

Different viewpoints

Use of ICTs for ‘exclusively peaceful purposes’ vs. recognition of legitimate use in armed conflict

Speakers

– United States
– Australia
– Switzerland
– Cuba

Arguments

Cannot support “exclusively peaceful purposes” language as ICTs are already used in conflicts


Need to recognize reality of ICT use in conflicts while promoting responsible use under international law


International humanitarian law should be clearly reflected in discussions on ICT use in conflicts


Support for “exclusively peaceful purposes” language to prevent legitimizing use of force


Summary

Western states argue that ‘exclusively peaceful purposes’ language is unrealistic since ICTs are already used in conflicts and should be regulated by international humanitarian law, while Cuba supports stronger peaceful use language to prevent legitimizing force


Topics

Cybersecurity | Legal and regulatory


Terminology: ‘ICT security’ vs. ‘security of and in the use of ICTs’

Speakers

– Islamic Republic of Iran
– Russian Federation
– Nicaragua

Arguments

Terminology should be “security of and in the use of ICTs” rather than “ICT security” throughout the text


Text needs to be shortened and streamlined to focus on essential elements


Dedicated thematic groups should not undermine the five pillars of the mandate


Summary

Like-minded group insists on broader terminology to reflect comprehensive mandate, while others appear comfortable with ‘ICT security’ terminology


Topics

Legal and regulatory | Cybersecurity


Stakeholder participation modalities in future permanent mechanism

Speakers

– Australia
– Croatia
– Turkey
– Nicaragua

Arguments

Disappointment over denied accreditation of stakeholders due to exclusionary modalities


Stakeholder expertise is indispensable for informed discussions


Clear affirmation needed that participation based on accredited status and non-objection principle


Stakeholder participation should maintain intergovernmental nature of the process


Summary

Western states want more inclusive stakeholder participation citing expertise needs, while like-minded group wants to maintain current restrictive modalities to preserve intergovernmental character


Topics

Legal and regulatory


References to 2021 chair’s summary and GGE reports

Speakers

– Canada
– United States
– Japan
– Islamic Republic of Iran

Arguments

References to 2021 chair’s summary should be removed as it’s not a consensus document


Report should include references to GGE reports as foundational consensus documents


GGE work must be referenced alongside OEWG work as foundation for UN discussions


Need to preserve and build upon the UN Framework for Responsible State Behavior in cyberspace


Summary

Western states want GGE reports included as foundational but 2021 summary removed, while Iran questions GGE inclusion as not reflecting inclusive OEWG nature


Topics

Legal and regulatory


Structure and scope of dedicated thematic groups

Speakers

– Nicaragua
– Rwanda
– Fiji

Arguments

Dedicated thematic groups should not undermine the five pillars of the mandate


Support for three proposed dedicated thematic groups with interconnected approach


Support for single-track permanent mechanism with cross-cutting approach


Summary

Like-minded group opposes current thematic group structure and wants separate norms group, while others support proposed three-group structure with cross-cutting approach


Topics

Legal and regulatory


Inclusion of cybercrime and cryptocurrency theft in international peace and security context

Speakers

– Japan
– Cuba
– Russian Federation
– Mauritius

Arguments

Cryptocurrency theft in context of international peace and security should be maintained in report


Support for “exclusively peaceful purposes” language to prevent legitimizing use of force


Text needs to be shortened and streamlined to focus on essential elements


Cryptocurrency theft linked to ICT threats demands urgent international attention


Summary

Some states support including cryptocurrency theft as international security issue, while others view cybercrime as separate from OEWG mandate with designated platforms for discussion


Topics

Economic | Cybersecurity


Unexpected differences

Gender terminology preferences

Speakers

– Argentina
– Mauritius
– Colombia

Arguments

Prefer specific references to “women” rather than broader “gender” terminology


Importance of full, equal, and meaningful participation of women in ICT decision-making


Growing integration of gender perspective in OEWG deliberations should be maintained


Explanation

Unexpected disagreement on terminology within states supporting women’s participation – Argentina wants ‘women’ instead of ‘gender’ terms, while others support broader gender perspective language


Topics

Gender rights online | Human rights principles


Technology neutrality concept

Speakers

– Cuba
– Switzerland

Arguments

Support for “exclusively peaceful purposes” language to prevent legitimizing use of force


International humanitarian law should be clearly reflected in discussions on ICT use in conflicts


Explanation

Unexpected disagreement over technology neutrality – Cuba rejects the concept while Switzerland notes it’s agreed language from previous APRs, revealing different interpretations of past consensus


Topics

Cybersecurity | Legal and regulatory


Overall assessment

Summary

Main disagreements center on: 1) Use of ICTs in armed conflict vs. exclusively peaceful purposes, 2) Stakeholder participation levels, 3) Report structure and foundational references, 4) Thematic group organization, 5) Scope of cybercrime inclusion


Disagreement level

Moderate to significant disagreements that could impede consensus. The fundamental divide between Western states and like-minded group on stakeholder inclusion, terminology, and conflict-related ICT use represents structural challenges. However, broad agreement exists on threats landscape, capacity building importance, and need for future mechanism, suggesting consensus possible with compromise.


Partial agreements

Partial agreements

Similar viewpoints

These speakers, representing the like-minded group, shared concerns about maintaining the comprehensive mandate scope, streamlining the text, and ensuring the future mechanism doesn’t undermine established pillars

Speakers

– Islamic Republic of Iran
– Russian Federation
– Nicaragua

Arguments

Terminology should be ‘security of and in the use of ICTs’ rather than ‘ICT security’ throughout the text


Text needs to be shortened and streamlined to focus on essential elements


Dedicated thematic groups should not undermine the five pillars of the mandate


Topics

Legal and regulatory | Cybersecurity


These speakers emphasized the particular vulnerabilities of developing countries to cyber threats and the need for more comprehensive, equitable representation of the global threat landscape

Speakers

– Nigeria
– Thailand
– Malawi
– Egypt

Arguments

Growing threats to critical infrastructure, especially healthcare, energy, and financial sectors


Importance of including Advanced Persistent Threats (APTs) in threat assessment


Cross-regional collaboration essential for addressing cyber threats


Need for more equitable and diverse representation of threats landscape across all countries and regions


Topics

Cybersecurity | Development


These speakers supported meaningful stakeholder engagement while maintaining the intergovernmental nature of the process, though with different emphases on inclusivity versus control

Speakers

– Australia
– Croatia
– Turkey

Arguments

Disappointment over denied accreditation of stakeholders due to exclusionary modalities


Stakeholder expertise is indispensable for informed discussions


Clear affirmation needed that participation based on accredited status and non-objection principle


Topics

Legal and regulatory


These speakers emphasized the importance of technical cooperation, regional collaboration, and public-private partnerships in building cybersecurity resilience

Speakers

– Singapore
– Ghana
– Switzerland

Arguments

Need for enhanced CERT cooperation and public-private partnerships


Supply chain integrity requires security by design principles throughout ICT lifecycle


Regional organizations play important role in implementing responsible state behavior framework


Topics

Cybersecurity | Development


Takeaways

Key takeaways

The 11th and final session of the Open-Ended Working Group (OEWG) on ICT security represents the culmination of 5 years of multilateral negotiations with significant achievements including three consensus annual progress reports, establishment of a global POC directory with 115+ states, and eight global confidence-building measures


There is broad consensus among member states on establishing a Future Permanent Mechanism as a single-track universal process, though key modalities remain to be finalized including stakeholder participation and dedicated thematic groups structure


The UN Framework for Responsible State Behavior in cyberspace must be preserved and strengthened as the foundation for future work, with clear distinction between consensus achievements and new proposals still under discussion


The cyber threat landscape continues to evolve rapidly with particular concerns about ransomware, threats to critical infrastructure (especially undersea cables), commercially available intrusion capabilities, and risks from emerging technologies like AI and quantum computing


Capacity building is recognized as a foundational cross-cutting pillar that enables implementation across all framework areas, with emphasis on needs-based, sustainable approaches that respect state sovereignty


There are fundamental disagreements on the use of ICTs in armed conflict, with some states supporting ‘exclusively peaceful purposes’ language while others argue this ignores the reality of ICT use in conflicts and the need for international humanitarian law application


Regional organizations and stakeholder engagement are viewed as important for implementation, though there are differing views on the extent and modalities of their participation in the future mechanism


Resolutions and action items

Chair requested all delegations to share written statements and specific textual proposals to facilitate consensus-building


Technical issues with UN Web TV access were identified and resolved during the session


Chair announced Qatar’s side event on responsible state behavior implementation scheduled for 1:30-2:30 PM in Conference Room 12


Chair outlined structured approach for remainder of week: afternoon session to cover sections C and D, Tuesday to focus on regular institutional dialogue discussions


Delegations agreed to proceed according to the provisional program of work and approved attendance of non-governmental entities as listed in document A-AC.292-2025-INF-3


Unresolved issues

Terminology dispute between ‘ICT security’ versus ‘security of and in the use of ICTs’ throughout the final report


Disagreement over inclusion of ‘exclusively peaceful purposes’ language regarding ICT use by states


Debate over references to 2021 chair’s summary which some view as non-consensus document


Unresolved modalities for stakeholder participation in the Future Permanent Mechanism


Structure and mandate of dedicated thematic groups under the future mechanism


Treatment of contentious topics like international humanitarian law applicability in cyberspace


Inclusion/exclusion of Annex I (voluntary checklists) which some argue was not thoroughly discussed


Balance between preserving intergovernmental nature while enabling meaningful stakeholder contributions


Specific language around commercially available ICT intrusion capabilities and appropriate safeguards


References to technology neutrality concept which some delegations dispute


Suggested compromises

Iran proposed UN Secretariat compile non-exhaustive list of threats as proposed by states during OEWG deliberations to serve as reference for future mechanism


Iran suggested alternative wording for paragraph 31 to address concerns about hierarchy between international law and voluntary norms


France proposed specific language for paragraph 25 ending: ‘to access and utilize ICT tools for legitimate and necessary purposes consistent with international law where appropriate safeguards and oversight are in place’


Australia proposed replacing problematic language in paragraph 15 with: ‘States highlighted with concern the potential for ICTs to be used in a manner that violates international humanitarian law. In this regard states stressed the need to promote the responsible use of ICTs by states in accordance with international law’


Egypt suggested adding language to paragraph 14 recognizing need to ‘capture and address the widest and most diverse landscape and range of risks and threats in a manner that equitably represents realities in all countries and regions’


Ghana proposed adding sentence on ‘security by design throughout the life cycle of ICTs’ to paragraph 23 on supply chain integrity


Switzerland proposed deleting ‘could continue to’ from paragraph 11 to better reflect the established role of regional organizations


Chair emphasized need for delegations to focus on specific amendments rather than general statements and to indicate support/opposition to proposals made by others to gauge consensus


Thought provoking comments

We should not conclude on a report that makes us lose the work we have done so far. We should not conclude on a report that diminishes the value of the UN framework and prioritizes new discussions on new norms and obligations over taking action and implementing those commitments we have made thus far.

Speaker

European Union


Reason

This comment crystallized a fundamental tension in the negotiations between preserving existing consensus achievements versus pursuing new normative developments. It highlighted the risk of regression and established a clear red line for a major bloc of countries.


Impact

This framing influenced subsequent speakers to explicitly address the balance between existing frameworks and new proposals. Multiple delegations (Canada, France, Croatia) echoed this concern, making it a central theme that shaped how other participants positioned their statements regarding consensus language versus new initiatives.


We believe it is necessary to reflect in the recommendations, first and foremost, the task of developing legally binding agreements as the most effective measure to counter challenges in the digital environment.

Speaker

Russian Federation


Reason

This comment introduced a fundamentally different approach to cybersecurity governance, advocating for legally binding instruments rather than voluntary frameworks. It represented a significant departure from the consensus-based voluntary approach that had dominated the OEWG process.


Impact

This position was later reinforced by the like-minded group statement through Nicaragua, creating a clear divide in the room between those supporting voluntary frameworks and those pushing for legally binding agreements. It forced other delegations to either explicitly support or distance themselves from this approach.


The final report should not mix these two kinds of activities [ICT criminal activity versus malicious cyber activity that impact international peace and security]. There is a designated platform to discuss issues on cyber crime.

Speaker

Nicaragua (for like-minded group)


Reason

This comment challenged the scope and mandate of the OEWG by arguing for strict separation between cybercrime and cybersecurity issues. It raised fundamental questions about jurisdictional boundaries and the appropriate forums for different types of cyber threats.


Impact

This jurisdictional challenge created a new axis of debate, with several delegations having to clarify their positions on whether ransomware, cryptocurrency theft, and other criminal activities belonged in the OEWG’s purview. It forced a more precise definition of what constitutes threats to international peace and security.


We cannot support the draft’s report’s reference to promoting the use of ICTs for ‘exclusively peaceful purposes’… states are already using ICTs in the context of armed conflict. It is all the more important, therefore, that states reaffirm their commitment to applying principles of international humanitarian law to their use of ICTs in armed conflict.

Speaker

United States


Reason

This comment directly confronted idealistic language with operational reality, arguing that acknowledging current state practice in cyber warfare is essential for developing realistic governance frameworks. It highlighted the tension between aspirational goals and practical implementation.


Impact

This position was supported by multiple delegations (Switzerland, Australia, Canada) and created a clear divide with countries supporting ‘exclusively peaceful purposes’ language. It shifted the discussion toward the practical application of international humanitarian law in cyberspace rather than abstract peaceful use principles.


The distance to travel in the next few days is not large but it’s the hardest part that we need to traverse, but it can be done. A pathway to progress is visible, success is within reach, and I count on each one of you for your cooperation.

Speaker

Chair


Reason

This comment provided crucial leadership by acknowledging the difficulty of the remaining negotiations while maintaining optimism. It set realistic expectations while encouraging collaborative problem-solving rather than positional bargaining.


Impact

This framing influenced the tone of subsequent interventions, with many delegations explicitly referencing their commitment to flexibility and consensus-building. It established a constructive atmosphere that encouraged delegations to focus on bridging differences rather than hardening positions.


We propose to create a separate dedicated thematic groups on norms… We support the creation of a dedicated thematic group on capacity building, a consistent demand of developing countries.

Speaker

Nicaragua (for like-minded group)


Reason

This comment restructured the proposed institutional architecture by advocating for separate treatment of norms and capacity building, challenging the integrated approach proposed by the Chair. It reflected developing country priorities and concerns about balanced representation.


Impact

This institutional design challenge forced other delegations to consider alternative structures for the future permanent mechanism. It highlighted the tension between integrated cross-cutting approaches versus pillar-specific focused discussions, influencing how subsequent speakers addressed the institutional framework.


Overall assessment

These key comments fundamentally shaped the discussion by establishing three major fault lines: (1) the tension between preserving existing consensus versus pursuing new normative developments, (2) the divide between voluntary frameworks and legally binding approaches, and (3) the scope and institutional design of future cybersecurity governance. The European Union’s opening salvo about protecting existing achievements set a defensive tone that influenced many Western delegations, while the like-minded group’s comprehensive alternative vision created a clear negotiating dynamic. The Chair’s leadership comments were crucial in maintaining a constructive atmosphere despite these fundamental disagreements. The discussion evolved from initial position-stating to more nuanced engagement with specific textual issues, but the underlying structural tensions remained evident throughout, setting the stage for intensive negotiations on the future permanent mechanism.


Follow-up questions

How to effectively implement the UN framework for responsible state behavior in cyberspace through action-oriented measures

Speaker

European Union


Explanation

The EU emphasized the need to move beyond discussing new norms to actually implementing existing commitments, highlighting this as crucial for international stability and security


How to develop action-oriented measures under cross-cutting dedicated thematic groups to address ransomware threats

Speaker

European Union


Explanation

Given ransomware’s impact on healthcare and critical services, the EU called for specific measures building on the five pillars of the UN framework


How to secure cross-border critical infrastructure such as undersea cables and orbital communication networks

Speaker

European Union


Explanation

These infrastructures are vital for all countries as the backbone of internet connectivity and economic resilience


How to differentiate between criminal and national security dimensions of ransomware

Speaker

European Union


Explanation

This distinction is important for developing appropriate responses and understanding when ransomware crosses from criminal activity into national security threats


How to address the widest and most diverse landscape of ICT threats in a manner that equitably represents realities in all countries and regions

Speaker

Egypt (African Group)


Explanation

This is needed to ensure threat assessments are comprehensive and representative of global experiences, not just developed countries


How to address the disproportionate impact of malicious ICT activities on states in transitional phases or emerging from armed conflicts

Speaker

Egypt (African Group)


Explanation

These states face heightened risks and increased fragility from cyber threats, requiring targeted attention and support


How to compile a non-exhaustive list of existing and emerging threats as proposed by states during OEWG deliberations

Speaker

Islamic Republic of Iran


Explanation

This would serve as a valuable reference for future discussions and ensure all member state concerns about threats are captured


How to establish appropriate safeguards and oversight related to the market of commercially available ICT intrusion capabilities

Speaker

Islamic Republic of Iran


Explanation

These measures were introduced in the text but have not been subject to focused discussion within the OEWG


How to develop legally binding agreements as the most effective measure to counter challenges in the digital environment

Speaker

Russian Federation


Explanation

Russia emphasized this as a priority for addressing cyber threats, suggesting current voluntary frameworks may be insufficient


How to ensure security by design throughout the lifecycle of ICTs as a fundamental measure to mitigate supply chain risks

Speaker

Ghana


Explanation

This concept was consistently emphasized but needs further development for practical implementation in supply chain security


How to address challenges associated with commercial cyber intrusion capabilities through joint policy and technical solutions

Speaker

Ghana (referencing Pall Mall Group)


Explanation

The Pall Mall process represents ongoing international dialogue that needs continued development


How to ensure CERT-related information sharing and cooperation occurs in a timely manner for appropriate incident response

Speaker

Singapore


Explanation

Timely information sharing is crucial for effective cyber incident response and building collective resilience


How to expand the UN Technology Bank for Least Developed Countries’ mandate to include targeted support for ICT security capacity building

Speaker

Turkey


Explanation

This would mainstream cybersecurity into broader digital transformation strategies for LDCs


How to develop operational modalities for coordination between source and affected states in responding to cross-border ICT incidents

Speaker

Turkey


Explanation

This is key to preventing escalation and fostering mutual confidence in international cyber incident response


How to better reflect the role of regional organizations in implementing the UN Framework for Responsible State Behavior in cyberspace

Speaker

Switzerland


Explanation

Regional organizations act as incubators and facilitators for national implementation and have developed innovative approaches


How to address the blurring lines between state-backed groups and the cyber-criminal ecosystem

Speaker

Switzerland


Explanation

State-backed activity can no longer be evaluated in isolation from financially motivated intrusions, creating new risks for international peace and security


How to ensure that cyber capacity building is not siloed but serves as a foundational enabler across all areas of the framework

Speaker

Fiji (Pacific Islands Forum)


Explanation

Capacity building should support implementation of norms, international legal dialogue, and confidence-building measures in an integrated manner


How to identify national and regional needs and match them with appropriate support through the future permanent mechanism

Speaker

Fiji (Pacific Islands Forum)


Explanation

This includes technical implementation, legislative development, workforce development, and public awareness programs


Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.