Rules, norms and principles of responsible behaviour of states

Event report

The discussions on norms, rules, and principles of state behaviour in cyberspace and their applicability in cyberspace were closely related to the nature of the 2015 and 2021 UN GGE reports and the 2021 OEWG reports. 

The majority of the states – Australia, Colombia, Costa Rica, the EU on behalf of its member states, the candidate countries Montenegro, the Republic of North Macedonia, and Albania the country of the stabilisation and association process, and potential candidate Bosnia-Herzegovina as well as Ukraine, the Republic of Moldova and Georgia (EU), Egypt, Estonia, France, Fiji, Germany, India, Indonesia, Italy, Japan, Malaysia, Mexico, the Netherlands, Nigeria, Republic of Korea, Singapore, South Africa, Switzerland, Ukraine (in national capacity), and the UK, agreed that the previous UN GGE and OEWG reports, including corresponding UN GA resolutions adopted by consensus build an aquis for further discussions on the position, role, and implementation of the voluntary non-binding norms, rules and principles of state behaviour in cyberspace (norms). 

Australia, Colombia, the EU, Estonia, France, Germany, India, Indonesia, Italy, Japan, Malaysia, Mexico, the Netherlands, Nigeria, Republic of Korea, Singapore, Switzerland, Ukraine and the UK would like to build upon this aquis in the OEWG and perceive enhancing the understanding of, and implementing the existing norms as the best way forward . 

According to this group of states, norms are based in the international law and do not replace states binding obligations under the international law. Norms play an essential role in introducing predictability and transparency in inter-state behaviour, therefore these states consider implementation of norms a confidence building measure. As expressed by the Netherlands, the order of priority should be first to implement the existing norms, clarify, and elaborate them, then only when inevitable, create new norms. The UK pointed out that the starting point for any proposals for new norms must find consensus and not duplicate, rewrite, or undercut already agreed upon norms. This group of states recognised the need for capacity building on national and regional levels for the norm implementation. Many states shared their national initiatives, policies, and regulatory measures already in place to implement the norms.

India expressed the need for the development of mechanisms for ensuring adherence and implementation of the norms. According to India, the current acquis forms an excellent foundation to build upon the superstructure for responsible behaviour of states.

Iran referred to its previous statement on the matter stating that the norms are ambiguous, that there needs to be an agreement on terminology, and that the implementation of norms is premature.

Iraq and Pakistan voiced support of the OEWG work to further elaborate norms, South Africa would like the states to exchange their views on the need for further development of norms through evaluating, updating, and refinement of the existing norms, while Jordan called for strengthening the capacity to be able to elaborate norms. 

Egypt calls for elaboration, implementation of norms, and related capacity building. However, the result of the OEWG should be, according to Egypt, an agreement on recommendations where the existing norms may be codified into binding rules. 

China, Cuba, Pakistan, Syria, Russian Federation and are of the opinion that norms need to become  legally binding regulations. While China, Cuba, Pakistan and Syria see the current norms being transformed into binding ones, Russia would like to undertake efforts to broaden the list of norms to create a foundation for a new universal legally binding instrument. Cuba does not see the 2015 UN GGE report as a basis for the work of OEWG, as it was not approved by all UN member states. 

Two countries – Costa Rica and Fiji – spoke about the intersection of cybersecurity and cybercrime. Costa Rica referred to recent ransomware attacks by private or non-state actors operating on foreign territory. As cybercrime and cybersecurity are connected, Costa Rica took note of the UNIDIR’s Report on connections and engagement between the UN’s First and Third committee processes. Fiji highlighted cybercrime regulation on national and international level, specifically The Budapest Convention Against Cybercrime, as an approach to lend predictability and stability, and a tool for states to manage the use of ICTs and confront cybercrime. Fiji also took note of work by the Ad Hoc Committee on Cybercrime. 

WIth respect to the upcoming work within the OEWG, states mentioned the following as the most pressing issues needing attention: attribution (Pakistan, Switzerland, India), due diligence (France, Germany, Republic of Korea), respect for human rights (France, the UK, the Netherlands). India also specifically mentioned the need to protect the public core of the internet. 

Many delegates, such as the EU, Estonia, Indonesia, Italy, Malaysia, Mexico, South Africa supported the use of the national survey of implementation of norms as proposed by Australia and Mexico.