Agenda item 5: discussions on substantive issues contained inparagraph 1 of General Assembly resolution 75/240 part 4

Summary

This transcript covers a meeting of the Open-Ended Working Group on Security of and the Use of ICTs, focusing on how international law applies to the use of ICTs by states. Delegates from various countries presented their views on the applicability of existing international law to cyberspace and the need for potential new legal frameworks. There was broad consensus that international law, including the UN Charter, applies to cyberspace, but disagreement on whether new legally binding instruments are necessary. Many countries emphasized the importance of capacity building and sharing national positions to develop common understandings. Several delegates highlighted recent progress, such as regional position papers from the African Union and European Union, and a resolution on protecting civilians from ICT activities during armed conflict. The chair noted positive developments in deepening discussions and increasing transparency, but also pointed out tensions between different positions. He urged delegates to move beyond repeating established talking points and to consider how to make substantive progress in the final report and future mechanism. Key areas of debate included the applicability of international humanitarian law, human rights law, and state responsibility in cyberspace. The chair concluded by calling for creative thinking to overcome contradictions and move discussions forward.

Keypoints

Major discussion points:

– Applicability of existing international law to cyberspace and how it applies

– Need for new legally binding instruments vs. sufficiency of existing international law

– Importance of capacity building and sharing national/regional positions on international law in cyberspace

– Role of international humanitarian law and human rights law in cyberspace

– Structure and focus of discussions on international law in the future permanent mechanism

Overall purpose:

The purpose of this discussion was to continue examining how international law applies to the use of ICTs by states, identify areas of convergence and divergence, and consider how to move forward on this topic in future work.

Overall tone:

The tone was generally constructive and diplomatic, with many delegations offering detailed statements on their positions. However, the Chair’s closing remarks highlighted underlying tensions and contradictions between different viewpoints. The tone shifted to be more critical and urgent at the end, with the Chair pushing delegations to move beyond entrenched positions and find ways to make concrete progress.

Speakers

– Chair: Chairperson of the meeting

– North Macedonia

– Indonesia

– Poland

– Japan

– Republic of Korea

– Sri Lanka

– Italy

– Mexico

– Paraguay

– Sweden

– Kingdom of the Netherlands

– Thailand

– Cuba: Speaking on behalf of Cuba, Venezuela and Nicaragua

– Switzerland

– South Africa

– Brazil

– Estonia

– United Kingdom

– Chile

– Ireland

– Czechia

– Malaysia

– Mozambique

– New Zealand

– China

– Tonga: Speaking on behalf of Pacific Islands Forum member states

– Colombia

– Canada

– Germany

– Russian Federation

– Philippines

– Peru

Additional speakers:

– Pakistan

– Fiji: Mentioned as delivering a statement on behalf of a cross-regional group of states

– African Union: Mentioned as having published a common position paper

– European Union: Mentioned as having published a declaration

Expanded Summary of the Open-Ended Working Group on Security of and the Use of ICTs Discussion

Introduction:

This summary covers a meeting of the Open-Ended Working Group (OEWG) on Security of and the Use of Information and Communications Technologies (ICTs), focusing on how international law applies to the use of ICTs by states. Delegates from various countries presented their views on the applicability of existing international law to cyberspace and the need for potential new legal frameworks. The discussion aimed to identify areas of convergence and divergence, and consider how to move forward on this topic in future work.

Key Areas of Discussion:

1. Applicability of International Law to Cyberspace:

There was broad consensus that international law, including the UN Charter, applies to cyberspace. However, disagreements emerged on whether existing international law is sufficient for addressing cyber challenges. Some delegations argued that existing law is fit for purpose in the digital age, while others called for new legally binding instruments or a cyber-specific treaty.

2. Capacity Building on International Law in Cyberspace:

Strong agreement emerged on the importance of capacity building initiatives to enhance understanding and participation in international cyber law discussions, particularly for developing countries. Proposals included developing national positions, bridging the digital divide, expanding partnerships with think tanks and academia, supporting scenario-based exercises and workshops, facilitating access for developing countries, and encouraging development of national and regional positions.

3. International Humanitarian Law (IHL) in Cyberspace:

The application of IHL to cyber operations, particularly in the context of armed conflicts, was a contentious area of discussion. While several delegations agreed that IHL applies to cyberspace, emphasizing the importance of protecting civilians from cyber operations during conflicts, others advocated for a more cautious approach, warning of potential escalation. Some called for further clarification on IHL application to cyber operations.

4. Human Rights in Cyberspace:

There was consensus that human rights principles apply in cyberspace, with emphasis on specific rights like privacy and freedom of expression. Delegates affirmed that human rights and fundamental freedoms apply online as they do offline, and that states must comply with human rights obligations in cyberspace.

5. Future Discussions on International Law:

Many delegates advocated for dedicated discussions or groups focused on international law within the future permanent mechanism, although they proposed slightly different formats or approaches. Suggestions included a dedicated thematic group, focused discussions, technical meetings, and integration of debates on international law and norms.

6. Regional Positions and Coordination:

Several speakers highlighted the importance of regional positions in building a common understanding of how international law applies in cyberspace. References were made to regional position papers and declarations, such as those from the African Union and the European Union.

7. UN Convention Against Cybercrime:

The adoption of the UN Convention Against Cybercrime was noted as a significant development in the international legal landscape related to ICTs.

Chair’s Closing Remarks:

The Chair provided extensive closing remarks, highlighting important tensions and challenges in the discussions. Key points included:

– Acknowledgment of the increased number of group positions and national statements

– Recognition of the positive aspects of the discussion, including more substantive engagement

– A call for delegates to move beyond repeating established positions and to think creatively about overcoming contradictions

– Emphasis on the need for more concrete progress, stating that the status quo in discussions on international law and norms is becoming untenable

– Announcement of upcoming stakeholder sessions and the continuation of discussions

Conclusion:

The discussion revealed areas of both consensus and disagreement on the application of international law to cyberspace. While there is broad agreement that international law applies to the digital domain, significant differences remain on whether new legally binding instruments are needed and how to structure future discussions. The importance of capacity building, particularly for developing countries, emerged as a key area of consensus. The applicability of IHL and human rights law to cyberspace was generally accepted, though with some caution and calls for further clarification.

Moving forward, the OEWG faces the challenge of reconciling divergent views on key issues while maintaining momentum in developing a shared understanding of how international law applies in cyberspace. The Chair’s call for more substantive progress and creative thinking to overcome contradictions underscores the need for continued engagement and innovative approaches in future discussions, including through the proposed permanent mechanism and various formats of focused deliberations on international law.

Chair: Mr. Delegates, dear friends, the fifth meeting of the ninth substantive session of the Open-Ended Working Group on Security of and the Use of ICTs, pursuant to General Assembly Resolution 75-240, is now called to order. We’ll now continue our consideration of Agenda Item 5, covering the topic of how international law applies to the use of ICTs by states. And as I indicated yesterday evening, before we adjourn, we do have a list of speakers. Once again, I invite all speakers to give us their written full text of their statement, which will be put on the website of the Open-Ended Working Group, which also, therefore, becomes a way for each one of you to share your national position and perspective, and to some extent to formalize it by publicizing it on the website of the OEWG. That in itself serves a very useful purpose of making your positions understood in a very open and transparent way, and that is helpful to build a greater understanding of each other’s position within this process. So in the context of this morning’s discussion, I would invite you to be focused on delivering perhaps the essential points of your position, so that we can get through the list of speakers. Hopefully by the end of the morning’s session, I hope we can wrap up the cluster on how international law applies to the use of ICTs by states. So with those preliminary comments, I now invite North Macedonia to make its statement, to be followed by Indonesia, Pakistan. on Poland, Japan, and the list goes on. North Macedonia, you have the floor, please.

North Macedonia: The distinguished chair, esteemed delegates, since this is the first time our delegation is taking the floor, we would like to thank you for the dedicated efforts and leadership in coordinating the intersessional work. We also extend our gratitude to the UN Secretariat for its inevitable support in facilitating these important discussions. North Macedonia aligns itself with the EU statement delivered on this agenda item. In our national capacity, we would like to make the following remarks. We greatly value the work of the OEWG in fostering these important conversations and affirm our commitment to upholding these frameworks as a cornerstone to a stable, secure, and inclusive digital environment. A legal framework, including international human rights law and international humanitarian law, is essential for guiding responsible behavior and addressing challenges in cyberspace effectively. Small-sized states like North Macedonia, with growing digital economy, recognizes the vital importance of the digital sovereignty concept, both nationally and internationally, empowering states to govern their digital spaces, straightening resilience, fosters trust, and enables active participation in the global digital ecosystem. As a staunch supporter of the rule-based international order, we fully support the Declaration on a Common Understanding of International Law in Cyberspace. of the EU and its member states. This declaration highlights the importance of international human rights law and international humanitarian law in fostering responsible state behavior and ensuring stability and cooperating in cyberspace. These principles are crucial for safeguarding sovereignty, promoting non-intervention and ensuring the peaceful resolution of disputes. Moreover, respecting these principles is fundamental for preserving the integrity of the international legal frameworks and encouraging the responsible use of ICTs even during times of conflict or crisis. Together they provide a strong foundation of navigating the complexity of cyberspace while upholding global stability and security. Greater clarity is needed on state responsibility, particularly regarding the attribution of cyber incidents and the prevention of malicious activities originating from state territories. States have an obligation to ensure that their digital infrastructure is not exploited in ways that violate international law. Despite facing challenges such as limited technical capacities and resources, my country stresses the importance of different initiatives. These efforts should integrate international legal and ethical norms, particularly concerning the responsible use of artificial intelligence, synthetic media, and ensuring transparency, accountability, and fairness. Addressing foreign information manipulations and interference and domestic information manipulations and interference is equally critical. Both undermine democratic processes and collective trust. especially when advancing technologies amplify disinformation. Straightening capacities in these areas is essential to enhance resilience and trust in digital systems and underpin stability and governance. Chair, as we enter the final year of discussion, we recognize that much focus has been placed on managing crisis. However, we underscore the importance of prevention through the application of minimum measures for cyber hygiene. These measures can enhance resilience, reduce vulnerabilities, and foster a proactive approach to address cyber risks effectively. We advocate for continued dialogue and collaboration to build mutual trust, share best practices, and establish shared understanding on the application of international law in cyberspace. And finally, a word of gratitude for the Initiative Women in Cybersecurity Fellowship, which empowers women to promote greater participation in the field. We look forward to continued discussions and meaningful progress in the year ahead. I thank you, Mr. Chair.

Chair: Thank you very much, North Macedonia, for your statement. Indonesia, to be followed by Pakistan.

Indonesia: Thank you, Mr. Chair. Indonesia reaffirms the importance of international law and understanding it, and how it applies to the use of ICTs. We also recognize the urgent need to deepen and expand our collective capacity to engage with this critical pillar of discussion. Therefore, to contribute to the additional layers of understanding referenced in paragraph 39 of the third APR, Indonesia identifies several key areas for further exploration. First, state sovereignty. A deeper examination of how the principle of state sovereignty applies to ICT-related activities is needed. including policy formulation and the safeguarding of critical ICT infrastructure with national jurisdictions. Second, state responsibility. We need to clarify the responsibility of states to prevent malicious cyber activities emanating from their territories that could harm other states. Third, dispute resolution mechanisms. We also need to explore potential mechanisms to address disputes arising from ICT-related activities, ensuring peaceful resolution and adherence to international law. Fourth, gaps in legal application. Addressing ambiguities in how international law applies to scenarios such as armed conflicts or use of force or emerging technologies is also crucial. And fifth, non-intervention principle. Discussing the application of the principle of non-intervention, particularly in countering cyber-influenced campaigns targeting political systems of other states, is imperative for us. In this context, Indonesia also welcomes capacity-building programs and initiatives in international law that leave us understood more of these matters. We also acknowledge the capacity-building initiatives and programs conducted by, among others, UNIDIR, the ASEAN-Singapore Cybersecurity Centre of Excellence, and the European Union. These have served as valuable platforms for knowledge-sharing and practical insights. Mr. Chair, Indonesia emphasizes the importance of expanding and enhancing access to capacity-building in the area of international law. To achieve this, we propose the following steps. First, to conduct regular workshops on international law that involve legal practitioners and academics blending practical experience with theoretical insights. Second, developing online training courses and modules, as well as resource libraries on international law and its application in cyberspace, to improve accessibility and promote wider participation. Third, strengthening collaboration with academics, civil society, and private sector stakeholders to tailor capacity-building programs to the evolving cybercrisis. landscape. And lastly, partnering with regional entities to implement capacity-building initiatives that address localized needs and leverage regional expertise. Indonesia is confident that these efforts will support Member States in advancing their approach to capacity-building and international law in the use of ICTs, thereby fostering a more inclusive, accessible, and effective dialogue. Thank you, Mr. Chair.

Chair: Thank you very much, Indonesia. Pakistan, to be followed by Poland. Let’s go to Poland, to be followed by Japan.

Poland: Thank you, Chair, for giving me the floor. Poland wishes to align itself with the statement delivered by the European Union and to provide additional remarks in national capacity. At the outset, Poland would like to welcome the growing ranks of states and regional organizations who have expressed their views on how international law applies to cyberspace. We greatly appreciate the initiatives aiming at collecting and facilitating access to this position, such as the UNIDIR Cyber Policy Portal and the Cyber Law Toolkit. Sharing national or regional positions and exchanging views on how international law applies to cyberspace in multilateral settings helps states to understand where convergences and divergences among them lie. As we noted in our national position paper in 2022, the practice of publicly presenting positions in key matters concerning international law increases the level of legal certainty and transparency, at the same time contributing to strengthening respect for international law commitments and offers an opportunity to develop customary law. Speaking about national and regional positions, we are pleased to refer to the EU Declaration on a Common Understanding of the Application of International Law to Cyberspace, which was adopted only two weeks ago. The document proves that it is possible to find an agreement on a detailed and robust position, even among many countries, with sometimes diverging legal opinions on certain specific issues. We are convinced that the Declaration will contribute to moving forward the discussion on the application of international law to cyberspace. We also hope that, together with the common position of the African Union, it will inspire other regional groups to consider issuing their statements. What is clear from the analysis of many national and regional statements, as well as the reports adopted both by OEWG and UNGG, is that international law, including UN Charter, applies to cyberspace. Moreover, there is a broad consensus regarding the application of some specific international law principles and rules in cyberspace, such as the principle of non-intervention, prohibition of the use of force, state sovereignty and sovereignty equality, and the peaceful settlement of disputes. It does not mean that the application of international law in cyberspace is not problematic. Because of its specific character, the speed with which the actions can be carried out in it, and its relative anonymity, cyberspace requires us to look into its potential impact on existing norms of international law. Yet the question we are facing in relation to the application of international law to cyberspace is not whether, but how. While national and regional positions in their attempts to answer these questions are often rich in detail and shed light on many important legal norms, the reports adopted at the UN level usually are quite general. Of course, to some extent, it results from a number of states participating in the discussions and the need to find a compromise. Yet to our mind, we could and we should be more ambitious in this regard. Mr. Chair, in one of your guiding questions for this discussion, you ask about the additional level of understanding regarding the application of international law to cyberspace. In our opinion, there are several issues that we should focus on. We will touch upon three of them. First of all, given the fact that cyberattacks have become a part and parcel of the modern warfare, we should try to progress our common understanding of how IHL applies to cyberspace. The questions such as what kind of cyber operation constitutes an attack, how does the principle of distinction apply to cyberspace, how to assess when an ICT infrastructure is civilian, require in-depth discussions. Application of IHL in a cyber context is therefore an issue that can have real-life implications for thousands of people worldwide. Yet exactly in this complex area of international law, we have the proof that it is possible to adopt an ambitious and consensual text regarding the application of international law to the cyberspace. On 31st of October 2024, the International Conference of the Red Cross and Red Crescent adopted by consensus the resolution on protecting civilians and other protected persons and objects against the potential human cost of ICT activities during armed conflict. The text of the resolution corresponds with two of your guiding questions for the discussion concerning both the additional level of understanding regarding application of international law to cyberspace and the promising areas of progress made in the other fora. The resolution covers a number of issues including the threats caused by the use of ICT in armed conflict and the need to protect civilians and other protected persons from the risk arising from ICT activities. Notably, the resolution touches upon the issue of the role of social media in inciting violations of IHL as well as potential private… tech companies’ involvement in armed conflict. All in all, the careful reading of the resolution leaves no doubt that the rules and principles of IHL are relevant in the cyber context. It is crystal clear now that this position enjoys support of an overwhelming majority of countries. Still, it is never enough to remind that the applicability of IHL does not legitimize or authorize any use of force inconsistent with the Charter of the United Nations. This is clearly expressed in the preamble protocol additional to the Geneva Convention of 12 August 1949, Additional Protocol 1. Recognizing the applicability of IHL to cyber therefore does not legitimize war in cyberspace any more than it legitimizes war in other domains. Secondly, we need to continue consideration regarding threshold-triggering violations of most relevant principles and rules of international law, be it the principle of sovereignty, the principle of non-intervention, or the prohibition of the use of force. Ideally, we should agree on what kind of cyber operations violate a given principle or rule of international law, but even if differences in positions persist, understanding views of different countries would play an important role as a confidence-building measure and can be beneficial for international peace and security. The third topic that requires international communities’ attention is impact of cyberspace on the international human rights law. This topic has been already touched upon by a number of relevant Human Rights Council and UNGA resolutions. We should build on this work. The most relevant issues here include the right to freedom of opinion and expression, the right to privacy, and the problem of Internet shutdowns. Moreover, we should look into the role of private tech companies in enjoyment of human rights. The question of interplay between human rights and technical standards is also worth reflection on. We hope that these issues can be reflected to the fullest extent possible in the final OEWG report. Of course, the future permanent mechanists should provide a platform for exploring these topics too. Mr. Chair, we would like to conclude by thanking you for organizing and leading this important discussion. You can count on our continuous support and constructive engagement in the work of the OEWG. Thank you.

Chair: Thank you very much, Poland, for your statement. Japan, to be followed by the Republic of Korea.

Japan: Thank you, Mr. Chair. Japan would like to reiterate its position that existing international law, including the UN Charter, fully applies to cyberspace. With regard to the guiding question on additional layers of understanding, Japan believes that it is critical for the international community to focus on deepening the understanding on how international law applies to specific challenges in cyberspace. For example, which activities in cyberspace constitute a violation of international law, and which tools are available under international law for states whose legal interest has been infringed by cyber operations. A common understanding on these issues could help better prevent malicious activities. It would be helpful to further discussion on some basic points to see if we can all concur, such as the more serious the effect of a cyber operation by one state in another state’s territory is, the likelier it is to violate the latter state’s sovereignty. The cyber operation by one state against another state’s critical infrastructure, i.e., infrastructure which is critical to the state’s basic function, causing its physical damage or loss of functionality is likely to constitute a violation of the latter state’s sovereignty. Japan would also like to emphasize that the formulation by each state of basic national position on international law applicable to cyberspace, as well as the application of international law in international and national courts and tribunals, will deepen the common international understanding on how international law applies to cyber operations. In this regard, Japan welcomes the recent publication of position papers of states. Mr. Chair, regarding the last question, Japan believes that it is important for each country to develop legal experts who have a good understanding of how existing international laws should be applied in cyberspace through capacity building. Such efforts would promote the accumulation of national practices and exchanges among experts from various countries. I would like to present our efforts with stakeholders in this regard. Japan has been conducting seminars on international law and public policy for strengthening cybersecurity, including seminars by our development agency, Japan International Cooperation Agency, JICA. In addition to our individual contributions, Japan and Estonia, in cooperation with the University of Exeter, Chatham House, and the NATO CCDCOE, are supporting the development of a handbook for practitioners in countries concerning the formulation of new positions of states. Such initiatives to deepen understanding of existing international law are valuable, and Japan remains committed to continuing these efforts. Thank you. Mr. Chair.

Chair: Thank you very much. Japan, Republic of Korea, to be followed by Pakistan.

Republic of Korea: Thank you, Chair. The Republic of Korea would like to reiterate that the existing international law including the entirety of the UN Charter, International Humanitarian Law, and International Human Rights Law applies to cyberspace. On the application of International Humanitarian Law in cyberspace, states have emphasized that this does not justify or encourage armed conflict. Rather, it is intended to ensure minimum safeguards in situations of armed conflict. Therefore, the continued discussions on IHL within the OEWG should be reflected in the final report, which was also mentioned during the eighth substantive session. In response to the guiding questions, we would like to introduce to the group a case that could contribute to the discussions within the OEWG. In September, the Republic of Korea co-hosted the fourth Interregional Conference on Cyber ICT Security with the OSCE. The first session, titled International Law in Cyberspace, underscored the importance of developing national positions on the applicability of international law in cyberspace, reflecting key themes of discussions within the OEWG. It was encouraging to note a growing alignment among experts from government, academia, and technology sectors on the value of interdisciplinary engagement in drafting these national position papers. Such collaboration not only enriches the discourse, but also enhances capacity-building efforts, contributing to a more cohesive and practical application of international law in cyberspace. We believe this example illustrates how states can collectively strengthen global discussions and capacity-building in this domain, advancing shared objectives under the OEWG framework. Thank you.

Chair: Thank you very much, Republic of Korea. Pakistan, to be followed by Sri Lanka.

Pakistan: Thank you, Chair. The topic of the application of international law in cyberspace is one of the most significant issues for the working group. as the security and stability of cyberspace fundamentally depends on it. Recognizing the myriad threats that arise from an unregulated digital environment, Pakistan firmly advocates for the establishment of a legally binding instrument on security of and in the use of ICT. Such an instrument is essential for creating mechanisms that promote accountability among states, attributing responsibility for actions taken in cyberspace and prohibiting malicious uses of these technologies. Pakistan maintains a consistent position concerning the application of international law in cyberspace. This position is thoroughly articulated in the position paper submitted by Pakistan during the first substantive session. In this paper, Pakistan elaborated on the necessity of formulating a legally binding instrument to address the unique challenges posed by cyberspace, thereby fostering a secure and stable digital environment for all nations. We believe that the UN Charter’s core tenets, such as the non-use of force, sovereign equality, non-intervention in domestic affairs, and peaceful dispute resolution, are equally applicable in cyberspace-like physical world. Our commitment extends to advocating for a rules-based cyberspace that is open to all, fostering economic benefits for the global community. Recognizing the distinctive features of cyberspace, its transnational nature, anonymity, and utilization by both state and non-state actors, it is imperative to acknowledge the certain gaps in the existing international legal framework and international humanitarian law. Therefore, we propose focused discussions among member states on applying international law in cyberspace, aiming to identify areas of common ground. Moreover, we propose the development of a shared lexicon to provide clear definitions for various cybersecurity-related terminologies. We emphasize the necessity to address capacity-building needs in cyber policymaking and regulatory mechanisms among member states, applauding initiatives by the EU and the Republic of Singapore in this regard. Lastly, Pakistan underscores the imperative for the OEWG to tackle the challenge of cyber attribution. While acknowledging the difficulty of this task, we believe it is not insurmountable. We advocate for comprehensive discussions within the OEWG to explore and devise effective solutions to the complexities associated with cyber attribution. As recommended in the Para 39 of the 3rd Annual Progress Report, if agreed by the member states, we will support focused discussions on the topic of applying international law in cyberspace. Furthermore, in order to build the capacity of member states, especially developing countries in applying international law in cyberspace, can be approached through arranging workshops, seminars, online courses, and sharing of knowledge and best practices, and international collaboration. I thank you, Chair.

Chair: Thank you, Pakistan. Sri Lanka, to be followed by Italy.

Sri Lanka : Thank you, Mr. Chair. Mr. Chair, Sri Lanka echoes other delegations regarding the applicability of international law, in particular the Charter of the United Nations, in maintaining peace, security, and stability to promote an open, secure, stable, accessible, and peaceful ICT environment. It is important, therefore, to advance discussion on the application of international law in the ICT domain to address complexities of cyberspace effectively. The unique nature of cyberspace requires nuanced interpretation of principles like sovereignty, non-intervention, and state responsibility. In the interconnected world of ICTs, failure to uphold international humanitarian law with respect to military cyber capabilities could endanger people, infrastructure, and societies globally, including in nations that lack such capabilities or have no involvement in the conflict. As a result, ensuring respect for IHL in the ICT environment should be a collective responsibility for all states. Mr. Chair, it is important to develop a common understanding on how international law applies in the ICTs. Sri Lanka considers that existing provisions for mutual legal assistance and international cooperation under regional legal framework can be considered as effective tools to enhance this required understanding. With regard to the areas of progress in the other related fora where international law issues have been discussed, we wish to refer to UNIDIR cyber stability conferences that have fostered multi-stakeholder dialogues on the practical application of international law in cyber operations. Thank you, Mr. Chair.

Chair: Thank you very much. Sri Lanka. Italy, to be followed by Mexico.

Italy: Thank you, Mr. Chair, for giving me the floor. Italy fully aligns itself with the statement delivered by the European Union. At the national level, we emphasize the importance of deepening our collective understanding of how international law applies to cyberspace. As noted by the European Union and other delegations before, international law is fully applicable and relevant in the digital age. International law includes the UN Charter, the law of state responsibility, international human rights law, and international humanitarian law. We wish to stress that, referencing to IHL in this context, neither legitimized nor encouraged armed conflicts. Italy publicly shared its national position in 2021, and we encourage other states to continue to do the same. Promoting transparency by publishing national and regional positions is in the collective interest, as it reduces uncertainty and the risk of miscalculation in interstate relations, as well as establishes a global baseline for the application of international law in cyberspace. The EU Common Understanding of the application of international law to cyberspace demonstrates that it is possible to achieve consensus on principles such as state sovereignty, the principle of non-intervention, the prohibition on the use of force, and compliance with international humanitarian law, international human rights law, and state responsibility laws. In this regard, we also greatly value the Common African position on the application of international law to ICTs, and would welcome the recognition of the importance of regional perspectives by the OEWG. We regret that scenario-based exercises conducted by academics and research institutions have been excluded from the last annual progress report. Structured discussions involving state representatives and legal experts remain crucial for advancing on the application of international law. Italy holds the work of UNIDIR in high regard, and found the workshop on the application of international law in cyberspace, held in Geneva in November 2023, to be highly useful and inclusive. At the same time, trainings on international law in cyberspace, which has been organized by the Institute as a capacity-building activity during the last months, also provided useful instruments to enhance capacity in navigating such matters. We also reiterate that the OEWG finance report should acknowledge the views expressed by many Member States, including EU members, that international humanitarian law applies to cyber operations conducted in the context of armed conflict. 2024 marks the 17th anniversary of the Geneva Conventions, which have been freely and voluntarily accepted by all States. This presents an opportunity to reaffirm the important role of such conventions and of other relevant sources of IHL in protecting civilians and civilian objects from any threats, disregarding if originated in the physical or virtual domain. The resolution on protecting civilians and other protected persons and objects against the potential human costs of ICT during armed conflict, adopted by consensus at the 34th International Conference of the Red Cross and Red Crescent last October, represent an important milestone in this field. Finally, fostering convergence among states remains a priority. We emphasize the importance of further enhancing our shared understanding of the application of international law as a foundational step, prior to considering the feasibility of new international binding instruments. Thank you.

Chair: Thank you, Italy. Mexico, to be followed by Paraguay.

Mexico: Thank you, Chairman. My country listened very carefully to the interventions of other delegations at this session and other substantive sessions of the Open-Ended Working Group, and it is clear that there is a consensus on the way international law applies to cyberspace. However, there are some differences of view as to how it should apply. With this in mind, our country considers it very important that states work on developing their national positions on how they consider that the principles of international law apply to cyberspace. Now exercises of practical scenarios have demonstrated to be very useful tools. In particular, they help us evaluate the applicability of the bodies of specialized law such as international humanitarian law and international human rights law. Mexico applauds and supports continuing efforts of entities such as UNIDIR, which explore existing gaps in the application of international law to cyberspace. Bearing this in mind, and as part of regional efforts to make progress in conversations on this topic, Mexico promoted last November the holding of the – meeting of a commission of hemispheric security and the commission of legal and political affairs of the OAS with the goal of considering the current status of global discussions regarding the application of international law to cyberspace. While there were some – was some convergence regarding the applicability of international law, including the UN Charter, to cyberspace and emerging technologies, that meeting also highlighted the need to continue discussions in order to address challenges such as cybersecurity and the ethical use of artificial intelligence. This is why we would like to confirm our readiness to continue promoting opportunities for dialogue and regional and international cooperation to develop an international legal system that is resilient and fair and that promotes a digital environment that is secure, stable, inclusive, and peaceful. With that in mind, Mexico considers it very important to promote inclusion of a section dedicated to the applicability of international law to cyberspace in a future standing dialogue mechanism, and we should base that on progress achieved by the group of governmental experts and the Open-Ended Working Group of 2021. In those – for those discussions, states could also take advantage of the experience and knowledge of other relevant actors. particularly those who have, at times, developed technology and facilitated activities in cyberspace. Thank you very much.

Chair: Thank you very much, Mexico. Paraguay, to be followed by Sweden.

Paraguay: Mr. Chairman, the delegation of Paraguay would like to express its position on this item of the agenda, the way international law applies to the use of ICTs. In an era where technologies are essential for all aspects of our lives, it’s important for states to apply, in addition to the norms and principles that have been previously agreed upon, also international law to ensure a digital environment that is accessible and fair for all. International law and the UN Charter have been fundamental to maintain international peace and security in our nations. Its application to the ICTs is also very important to promote a digital environment that is secure, stable, and peaceful. The principles of sovereignty, non-intervention in internal affairs, peaceful resolution of disputes, and the refraining from the threat or the use of force are essential to guide state conduct in a digital environment and in the use of ICTs. We’d like to reaffirm that respect and protection of human rights and fundamental freedoms must be part and parcel of any environment or regulatory framework for technologies of information and communication. This implies that at the heart of all our policies and norms should be the human being, not only states. We also consider that the principles of international humanitarian law are applicable in the digital context. Principles such as proportionality, humanity, necessity, and distinction must be carefully analyzed and adapted to address the unique challenges of the digital environment. In addition to this and other topics regarding application and national position, we believe that national capacity building at different levels, technical and political ones, through training and continued discussions could help us achieve a common understanding. Paraguay likes to express our commitment to continue these discussions at different regional and international forums with the goal of, together, building a digital environment that is more secure and equitable for all. Thank you very much.

Chair: Thank you, Paraguay. Sweden, to be followed by Netherlands.

Sweden: Thank you, Chair. I speak on behalf of Sweden in national capacity. We also fully align ourselves with the statement made by the European Union. The applicability of existing international law in cyberspace has been confirmed by the Open-Ended Working Group in earlier reports adopted by the General Assembly. The current discussion focuses primarily on how international law applies. The Swedish position is well known, but let me again reiterate that it is our view that the new legally binding instruments are not necessary. Our efforts should instead be directed towards finding interpretation of the existing law, increasing number of national and regional positions on international law and cyber contribute to the common understanding as well as capacity building. A better understanding on how international law applies in cyberspace contributes to the strengthening of an open, secure, stable, accessible and peaceful cyber environment. Sweden contributed to the discussion by publishing a national position paper on application of international law in cyberspace in July 2022. It contains an overview of key issues such as use of force, state responsibility, international humanitarian law and human rights in the cyber context. We are pleased that we now, two years later, also have been able to reach a position within the European Union. The recently published declaration on a common understanding of the application of international law in cyberspace shows that a large number of states can agree that international law is fit for purpose for the digital age. The African Union paper is a well-noted and very much welcome contribution to this important discussion that affects us all globally. New technologies present both opportunities and risks, including in the context of armed conflict. Sweden and the EU’s position is clear. International humanitarian law applies to cyberspace as it does elsewhere. International humanitarian law is not concerned with the legality of war and does not, as such, legitimize the use of force between states. We very much welcome the adoption of the resolution on ICT at the recently concluded 34th International Conference of the Red Cross and the Red Crescent. Sweden said from the outset that we wanted the ICT-related resolution to have a strong language reflecting not only the urgency of addressing the issue but also form a basis for common understanding, and we are very much pleased with the result. Therefore, we highly appreciate a clear stance by the Open-Ended Working Group in its final report on the fact that international humanitarian law applies to cyberspace. Thank you.

Chair: Thank you very much.

Kingdom of the Netherlands: law applies to states’ activity in cyberspace. Just recently, the European Union and its 27 members joined an ever-growing number of states and regional organizations by publishing a declaration on a common understanding of international law in cyberspace. This declaration, alongside the African Union’s position and the positions of many individual states, including my own, demonstrate that clear progress on the key question of how international law applies in cyberspace is being made. This should remain our priority for the coming year. Chair, on your question regarding the additional layers of understandings we can reach, my delegation is of the view that we should build on existing consensus language with regard to international human rights law, international humanitarian law, and the law of state responsibility. These have been mentioned by many delegations in past sessions, as well as today. On human rights, it remains of the utmost importance to recognize that cyber activities can have a profound human impact. Yesterday, the Netherlands organized a side event on the human impact of cyber incidents, specifically focusing on the case of ransomware. And we did this with Ghana and GPD and others. Through a number of cross-regional examples, it became clear that ransomware attacks on institutions providing key public services, like hospitals or financial institutions, have a direct or indirect impact on human lives. At the same time, when states implement the framework, take measures to ensure their own cybersecurity or respond to malicious cyber activities, they must do so with regard for the human rights of those within their jurisdiction. The right to privacy, freedom of expression, and freedom of association are of particular relevance in the cyber context. For my delegation, it is key to reflect that states have both negative and positive obligations. to respect and ensure respect for human rights both online and offline and in relation to their ICT activities. On international humanitarian law, in the third APR, states recalled that ICTs have already been used in armed conflict and expressed concern regarding malicious ICT activity targeting international humanitarian organizations. Such concerns are of no less relevance during armed conflict. Building on the progress made during the 34th conference of the Red Cross and Red Crescent, we should be able to reach an additional layer of understanding with regard to the limits that IHL poses on cyber operations in the context of armed conflict. In particular, states could recognize their obligations under international humanitarian law to respect and protect humanitarian personnel, including in relation to ICT activities, to allow and facilitate impartial humanitarian activities during armed conflict, and to respect and protect medical personnel units and transports, including those that rely on ICTs. Finally, we echo the joint statement delivered by Fiji and the U.S. and others on the law of state responsibility. Chair, turning to your question on whether there are any promising areas of progress that have been made in other related fora, let me again highlight the consensus resolution of the 34th International Conference of the Red Cross and Red Crescent, and this resolution shows clear areas of convergence and increasing common understanding on the key rules and principles of IHL that are relevant to cyber activities in armed conflict. And further progress is being made through scenario-based exercises, workshops, and trainings, and some examples that are worth mentioning, as well as many others, was the side event organized this morning by Australia, Uruguay, and the Philippines, the various UNIDIR workshop, and the Senior European Expert Working Group on International Law, and these also function as capacity-building exercises and show the importance of expert and stakeholder participation. Thank You chair

Chair: Thank You Netherlands Thailand to be followed by Cuba

Thailand: Thailand allies itself with a statement made by Fiji On behalf of the cross-stational group of states and would like to make the following remarks in the conventional capacity Since this is the first time my delegation takes the floor on behalf of my delegation I would like to extend our sincere appreciation for your leadership and your team’s dedication throughout the OEWG sessions which led to the success of the consensus adoption of the third annual progress reports in July this year Thailand appreciates continue this discussion during the six seven and eight substantive sessions of the OEWG in particular the topic of international law with more states joining the Discussion and a number of capacity-building programs provided by international organizations and academic institutions Such as Unidea, Alco, the Oxford process and many universities We begin to see emerging convergences of view among states Affirming that international law such as the UN Charter, the law of states responsibility international human rights law and International humanitarian law applying cyberspace at the same time It is noted that there are still some areas of international law that need to be further discussed including the question on thresholds which indicates how and when each Obligation under international law can be violated by cyber operations as well as the challenges of attribution My delegation is of the view that the distinction of technical attribution and legal attribution should be considered in order to prevent false accusation and Accessible attention. However, it should be the prerogative of states to make such attribution when the situation violates it In this light, Thailand initialized its support on the call for dedicated thematic discussion on the application of international law in cyberspace in the future permanent mechanism that will succeed the OEWG. This future forum will play a significant role towards building a common understanding of states in the area of international law. Therefore, we support the call of the course regional group of states and other distinguished delegates who spoke before me to reflect short progress in the obvious discussion in the final annual progress report. Thailand also supports the annual progress report call on states to voluntarily share their views on how international law applies in cyberspace. As we are progressively moving forward to formulation of our own national position, it is our belief that sharing national views on this issue will encourage the identification of international law applicable in cyberspace and potentially formulate commonly acceptable international rules and principle governing states’ behavior in cyberspace through exploration of state practice and opinion juries. Moreover, Thailand attaches great importance of capacity building to boost capacity of states to enrich the gap of understanding between technicians and lawyers. Thailand is pleased to co-host the UNEDI training workshop on international law norms in cyberspace in January 2025 in Bangkok. This program would give opportunities for countries representatives to build common understanding and confidence and also promote the proliferation of national position in Southeast Asia regions. Lastly, my delegation would like to reaffirm our commitment to work with you and international community to promote open, secure, and accessible cyberspace. Thank you, Mr. Chair.

Chair: Thank you, Thailand. Cuba, to be followed by Switzerland. Gracias.

Cuba: Thank you, Chairman. I’m honoured to intervene on behalf of the delegations of the Bolivarian Republic of Venezuela, Nicaragua, and on behalf of my own delegation, that of Cuba. In our analysis of how international law applies to the use of ICTs, we start from the premise that the security of cyberspace, while involving other actors, is the preserve and responsibility of states. Following debates in the context of the Open-Ended Working Group, we agree on the validity of the principles of international law and the Charter of the United Nations in cyberspace, particularly those pertaining to sovereignty, territorial integrity, and non-intervention in the internal affairs of states in the use of information and communications technologies. Nevertheless, we remain convinced that it is not possible to counter and mitigate rising threats linked to the malicious use of ICTs by automatically applying the tools at our disposal of existing international law. Among other difficulties, we would note the wide range of actors which interact in cyberspace, the rapid development of that field, the adverse cross-border effects of actions which take place within it, and the non-existence of a multilateral mechanism which impartially and unequivocally can ascertain the origin of cyber incidents. These challenges cannot be addressed with the fragmented and varied rules of national jurisdictions. or with voluntary norms of so-called good conduct. These can be easily disregarded without any legal bearing whatsoever. Maintaining that international law which is in force or voluntary provisions suffice is to guarantee legal ambiguity which allows each actor to proceed as they best see fit, eluding international responsibility which is created by states when they deliberately commit unlawful acts or omissions. This reaffirms the inescapable need for a legally binding instrument. Meanwhile, in answering the question of the Chair on what more we might do to reach convergence, we believe it is essential to start by defining a common terminology. There is not even consensus on basic understandings or concepts such as cybercrime, cyberincident, information operations or what the improper uses of ICTs might be. It is vital to reiterate the existence of two themes related to each other where it is most certain that there is no agreement. These are firstly concepts which seek to equate a cyberattack to a traditional armed attack to try and justify the alleged applicability of self-defence under Article 51 of the Charter of the United Nations as a measure for the use of force Consistent with international rules in force, a cyberaction does not constitute an armed attack as understood in Article 2.4 of the Charter of the United Nations as long as it lacks the physical… characteristics and other requirements defining such military attacks, their effects and legal consequences. Secondly, attempt to impose the idea of the applicability of international humanitarian law vis-a-vis the use of ICTs in the context of international security. We would do well to recall that international humanitarian law only applies in situations of armed conflict. Let us then reflect on the following. Considering the improper use of ICTs as an act of aggression should perforce lead to granting the same status to other contemporary practices such as the application of sanctions or unilateral coercive measures which exert financial, economic and political pressure. Unlike the possible and very often hypothetical scenarios causing harm because of the undue use of ICTs, international evidence does show the evidence, the existence rather, of the devastating effects caused by the application of unilateral coercive measures. And if we follow this line of reasoning, there are no legal elements of substance which consistently and non-selectively justify the attempt to change the scope of legal concepts of war, crime of aggression or armed attack, merely to justify the use of force as means of self-defense in light of a so-called cyber attack and to ignore more urgent situations. Chair, rather than tacitly consenting to the possibility of an armed conflict scenario in cyberspace, we should focus our efforts on the essential purpose of preserving ICTs for exclusively peaceful uses which are geared towards development. If we do otherwise, we would open the sluice gates towards an unacceptable, frenzied rush towards the militarization of cyberspace. Thank you.

Chair: Thank you, Cuba. Switzerland followed by South Africa.

Switzarlend: Thank you, Chair, for giving us the floor. Switzerland would like to take a look back and a look forward based on the key questions you provided, starting with the question of additional layers of understanding. First, we would like to mention the European Union’s newly adopted declaration on a common understanding of application of international law to cyberspace. Switzerland has always advocated for more states to take a position on the application of international law. With the EU’s declaration, the very encouraging number of over a hundred states that have individually or collectively published their position on international law has now been reached. With regard to your second question about promising areas of progress that have been made in other related fora where international law issues have been discussed, Switzerland would like to refer, like many others, to the discussions at the 34th International Conference of the Red Cross and Red Crescent and the adopted resolution on protecting civilians and other protected persons and objects against the potential human cost of ICT activities during armed conflict. It was the first time that states were able to exchange views in such detail on important issues concerning the protection of persons and objects during conflicts. and how IHL rules and principles serve to protect them also against risks arising from ICT activities. We particularly welcome the different calls on states and parties to armed conflicts to protect civilian populations and other protected persons and objects and to respect and protect medical personnel, units and transports as well as humanitarian persons and objects in accordance with their international legal obligations including with regard to ICT activities. The resolution recognizes the need for further study on how and when these principles apply to the use of ICTs. Switzerland has been calling for many years for more in-depth discussions on how IHL applies to ICT operations in situations of armed conflict and the obligations of IHL imposes, acknowledging the particularities of the digital domain. This will help to develop common understanding on how to best protect civilians and civilian objects and to attain clarity on what actions are prohibited or required during armed conflict. In the view of Switzerland, it is high time to do also in this format and as Switzerland has pledged at the 34th International Conference we will continue to raise the issue and to support the clarification of the application of IHL in relevant forums. We would like to take this opportunity to invite states to subscribe to this pledge with the aim of contributing to further clarification in this area. At the same time, these resolutions and the ongoing substantive discussions on IHL show that there is a need for discussion but there is also in particular a steadily growing common understanding of the principles of IHL in cyberspace. This is not a new finding. The discussions on this and the contributions from dozens of states were especially prominent in the last reporting period and yesterday and today. It is therefore difficult to understand, even months after the negotiations for the third progress report, that these discussions have not been included in the report. Another forum that Switzerland wants to mention is the Sino-European Expert Working Group on the application of international law. The fourth annual meeting took place in Rome in September this year and was supported by Switzerland. Just last week, the Geneva Centre for Security Policy published two reports that came out of the discussions between Chinese and European international law academics, where they discussed countermeasures and jurisdiction. Switzerland would also like to lay the spotlight on human rights. Just a couple of weeks ago, Estonia hosted a workshop on international human rights law in cyberspace that raised awareness for the importance of it. Not only in this workshop, but also here in the OEWG, an increasing number of states have highlighted the importance of human rights in cyberspace today and in recent sessions. We therefore want to recall that under international human rights law, states have obligations to respect and to ensure the human rights of all individuals within their territory and subject to their jurisdiction, where those rights are exercised or realized through ICTs or through new and emerging digital technologies. These include the rights to privacy, freedom of expression, non-discrimination, freedom of association, the right to an effective remedy, and other relevant provisions of the International Covenant on Civil and Political Rights. When looking ahead, it is of utmost priority for Switzerland that the substantial contributions of states, either in form of statements or especially in form of working papers, are included in the final report. This applies particularly to the working papers that have received broad cross-regional support such as the one on IHL in March this year. But it is not only IHL that was inadequately reflected in the last year report and that needs to find its way into the final report. The wish of many states for scenario-based discussions was also deleted, although it was initially included in the drafts. We would like to suggest a bolder approach for the final report here as well. If these discussions increase the understanding of states among and with each other, then this is important and should be recorded. However, we do not just want to make demands but also continue to contribute. On the one hand, concrete working papers that contain text for inclusion in reports have been submitted, like the one from Australia, Colombia, El Salvador, Estonia, Fiji, Kiribati, Thailand and Uruguay today – actually yesterday. On the other hand, we will also work on new proposals and submit them in the coming year. With regard to the last question about additional measures that can promote capacity building in the field of international law, I refer to the comments just made on scenario-based discussions. And I would like to finish by echoing Egypt’s and Finland’s call for active participation of legal experts in the future permanent mechanism. Thank you, Mr. Chair.

Chair: Thank you, Switzerland. South Africa to be followed by Brazil.

South Africa: Thank you, Chairperson. South Africa believes that this open-ended working group and the future permanent mechanism are central for discussing the applicability of international law to cyberspace. Through constant engagement in the working group, Member States have reaffirmed in successive annual progress reports that international law In particular, the Charter of the United Nations, in its entirety, is applicable and essential to maintaining peace, security and stability, and promoting an open, secure, stable, accessible and peaceful ICT environment. In furtherance of efforts to better understand divergent and common positions on this matter, we believe that further reflections on international law in the ICT environment should take place within the context of the future permanent mechanism to move towards a common understanding on the applicability of international law in the use of ICTs. Throughout our engagement in the OEWG, we have already derived benefit from confidence building and listening to the views of other Member States in this area. As the third APR noted, States agreed that the principle of non-intervention, directly or indirectly in the affairs of other States, is one of the foundations of the UN Charter. In addition to this, the link to international humanitarian law is critical to our understanding of how a State should conduct themselves in the context of ICTs under international law. We would like to add, however, that safeguarding of CI and CII are fundamental government responsibilities and are areas of international law that we believe links to the discussion in IHL. And as we have heard from several delegations, the integrity of the supply chain for ICT devices could be an additional measure that could be elaborated upon in the context of human rights and the right to privacy. Our delegation has proposed that the OEWG request a legal opinion from the International Law Commission to assist in bridging our understanding of the applicability of international law. While we acknowledge that the matter has yet to gain greater priority and prominence in such forums, we would like to emphasize the need to remain proactive and display the necessary foresight in dealing with our evolving threat landscape. In line with this, we believe that in the context of the working group and the permanent mechanism, states could engage on the basis of presentations by international legal experts and academia in dedicated sessions on this thematic area of engagement. Finally, Chairperson, South Africa once again acknowledges the adoption of the Common African Position on the Application of International Law in the Use of Information and Communication Technologies in Cyberspace by the African Union Peace and Security Council in January this year. We would like to highlight the concluding paragraphs of the document, which state that this common position is non-exhaustive, subject to further development and elaboration, including by individual AU member states, in light of technological developments and ongoing discussions. Therefore, this position does not preclude member states from evolving discussions on this complex matter in the current OEWG and the future permanent mechanism under the auspices of the United Nations. We continue to maintain the right to provide our national views on international law and engage in a constructive manner to move towards a common understanding of the applicability of international law as it pertains to ICTs and international security. I thank you.

Chair: Thank you very much, South Africa. Brazil to be followed by Estonia.

Brazil: Thank you very much, Mr. Chair. International law is essential to maintaining peace and stability and promoting an open, secure and sustainable world. a peaceful, accessible, and interoperable ICT environment. The General Assembly rightfully recognized over a decade ago that international law, including the United Nations Charter, international human rights law, and international humanitarian law are fully applicable to states’ use of information and communications technologies. That, of course, was only the beginning of her work on this issue. Determining exactly how existing rules of international law, designed long before current ICTs existed, apply to cyberspace is far from straightforward. It is essential that we continue our debates and reach common understandings in this regard. One important step towards that process is having a wide and diverse range of national and regional views on how international law applies. Brazil published its national position on the applicability of international law in cyberspace in 2021. And we welcome the ever-increasing number of national positions that have been published since then. We hope to see many more in the near future, especially from the developing world. We welcome, in particular, the capacity-building initiatives that have been taking place in this area. This year, my country benefited both from international norms and international law training promoted by UNIDIR and from an OAS Chatham House initiative to deepen our internal debates on this issue, with a view to eventually updating our national position. We have also, when requested, shared our experience with the development of our own national position in the hopes they will be useful to other countries in developing their own. Having a broad and diverse range of state views is particularly important when thinking of eventual customary law rules, which, as we all know, require both opinion duties and state practice. And as we have expressed in our national position, the mere fact that a certain behavior has not been formally protested against cannot be interpreted as acquiescence. In this process, we also recognize the contribution the International Law Commission could make in this regard, and we take note with interest of South Africa’s proposal. We agree with the countries that have expressed their regret that our reports have not managed to capture the wealth of our discussions on this issue within the group, particularly on international humanitarian law. We hope this changes in our final report in July. As we have previously stated, IHL applies to situations amounting to armed conflict independently of its classification as such by the parties. It does not matter whether the armed conflict is lawful or not, because its objective is to minimize human suffering and provide a minimum level of protection to civilians in any scenario of hostilities. The recognition that international humanitarian law applies to cyberspace does not in any way endorse its militarization or legitimize cyber warfare, but only ensures a minimum level of protection if an armed conflict arises. In this regard, Brazil, as many other delegations in this room, strongly supported the adoption by the 34th Conference of the International Red Cross and Red Crescent of the Resolution Protecting Civilians and Other Protected Persons and Objects Against the Potential Human Cost of ICT Activities During Armed Conflict. This is an extremely valuable contribution on the subject, and we hope it will make a positive impact on our debates within the OEWG. Nevertheless, even though we must continue to make progress in finding common understanding on how existing rules of international law apply to ICTs, we recognize that, as our debates evolve, we might find a need for a specific legally binding instrument to bring greater clarity to all states on how international law applies to cyberspace. As we have repeatedly said, we do not see any contradiction between the applicability of current international law and an eventual lax speciales on the subject, or between binding obligations and voluntary norms, which are complementary and mutually reinforcing. This is why we propose that a future mechanism should, within its thematic groups, integrate debates on international law and on norms, rules, and principles, given the latter’s status as soft law. We look forward to continuing to contribute to this subject. Thank you very much, Mr. Chair.

Chair: Thank you, Brazil, for your statement. Estonia, to be followed by the United Kingdom.

Estonia: Thank you, Mr. Chair. Estonia aligns itself with the statement by the European Union and adds the following in its national capacity. Estonia highly appreciates the opportunity to engage in discussions here about the applicability of international law in cyberspace and firmly supports the application of international law to state behavior in cyberspace. We reiterate that the existing international law, including the UN Charter, the international humanitarian law and international human rights law, is applicable also in cyberspace. The current rules are technologically neutral and underline that state behavior and the deployment of new transformative technologies do not change the applicability of international law. Mr. Chair, as you mentioned, international law is a challenging area. However, we see multiple areas of convergence in the context of states’ perspectives on how international law applies in the use of ICTs. In May this year, a group of states, Australia, Colombia, El Salvador, Uruguay and Estonia presented a working paper which underlines the areas of convergence on application of international law in the use of ICTs, with references to international humanitarian law, international human rights law and law of state responsibility. Yesterday, we published an updated version of the paper and we are pleased to see that our working paper has received increased support and is now also co-sponsored by Fiji, Kiribati and Thailand. Having more cross-regional support, our paper offers convergent language what we are hoping to see in the final report of current Open Ended Working Group. Estonia welcomes the efforts by many states and regions presenting their views on the application of international law. To this end, Estonia is participating in a project aimed at creating the Handbook on Developing a National Position on International Law in Cyberspace, a Practical Guide for States. The project is run by a consortium of institutions that includes the University of Exeter, the Ministry of Foreign Affairs of Estonia, the Ministry of Foreign Affairs of Japan, and the NATO Cooperative Cyber Defence Centre of Excellence. The Practical Handbook will offer guidance on developing national or common positions on international law as it applies in cyberspace and complements the efforts made by UNIDIR on the collection of good practices and national experiences in developing a national position on the interpretation of international law in cyberspace. To this end, the project has conducted regional workshops in 2024 in Washington, Singapore, and Addis Ababa with the goal to gather experiences and challenges on a global scale. We would also like to emphasize the importance of regional positions in building a common understanding of how international law applies in cyberspace. In addition to the common position of the African Union, the declaration of the European Union is aiming to create more transparency and comprehension. Estonia considers such kind of regional declaration on the application of international law in cyberspace as a useful tool for establishing common understanding and reinforcing the existing legal framework. Finally, Estonia supports capacity building efforts in the area of international law. and for the development of common understanding on how international law applies in the use of ICTs through scenario-based discussions and exercises. For this purpose, Estonia initiated in 2022 a scenario-based workshop called the TALIM workshops on international law and cyber operations. The main objective of these scenario-based workshops is to create a forum for informal discussions between partners, as well as offer the opportunity to examine the most pertinent international law issues related to state conduct in cyberspace. This year, Estonia organized the fifth TALIM workshop on international law and cyber operations, which focused on human rights, freedom of expression and shutting down the Internet, both in peacetime and in armed conflict, and the right to privacy, including cyber espionage, where it is discussed in more detail. Our current focus on human rights aligns well with Estonia’s chairmanship of the Freedom Online Coalition that we will take over from the Netherlands at the beginning of 2025. We look forward to the opportunity of further focused discussions on international law. Thank you.

Chair: Thank you very much, Estonia. United Kingdom, to be followed by Chile.

United Kingdom: Thank you, Chair. The United Kingdom welcomes this discussion on the application of international law in cyberspace. With respect to your first guiding question, the UK echoes the intervention made by Fiji on behalf of a cross-regional group of states, which clearly identifies areas of further convergence in our common understanding. The UK also congratulates the EU and its member states on the recent publication of the Common EU position. The UK would like to focus on your second guiding question. It is right that we recognise that this OEWG is not the only forum in which the application of international law in cyberspace is discussed. Think tanks, academics and international and regional organisations play a vital contribution to our understanding of international law in this area. As noted by a number of delegations, the ICRC’s 34th International Conference brought together states and national Red Cross and Red Crescent societies to discuss the application of international humanitarian law in cyberspace. That resolution makes an important contribution to fostering our common understanding. In particular, paragraph 2 of the resolution recalls that IHL applies to situations of armed conflict. Paragraph 3 underscores that the application of IHL by no means legitimises or encourages conflict. And paragraph 4 reiterates that, in situations of armed conflict, IHL rules and principles serve to protect civilian populations and other protected persons and objects, including against the risks arising from ICT activities. The UK commends the ICRC for its important work on this topic and we are pleased that the resolution was able to pass by consensus. We look forward to it informing our work in the OEWG and for this progress to be reflected in our final report. Chair, this is just one example of the rich discussion and debate that takes place outside of the OEWG on international law and cyberspace. The Oxford Process on International Law Protections in Cyberspace is another excellent example of the contributions that stakeholders make. That process has generated a number of statements which outline how existing international law protects key sectors against cyber operations. For example, the healthcare sector and electoral processes. Similarly, the recent 5th TALIM workshop on international law and cyber operations considered the practical application of international human rights law in cyberspace, guided by expert academics and with reference to real world scenarios. Projects such as these provide a rich and authoritative source of material that can and should contribute to our discussions within the OEWG. They also demonstrate the progress that can be made in fostering our common understanding when we move away from abstract concepts of international law and focus instead on its practical application. Finally, Chair, the UK was pleased to co-sponsor a side event at Legal Week alongside Brazil, Egypt, and Canada, which provided a forum for legal advisors to engage with our work in the OEWG. Echoing the intervention made yesterday by Egypt, the UK considers that such attempts to engage the wider legal community in our work, including here in New York, can only serve to enrich our discussions and further develop our common understanding. Thank you, Chair.

Chair: Thank you very much, UK. Chile, to be followed by Ireland.

Chile: Thank you. Thank you, Mr. Chairman. As we have stated on previous occasions, Chile considers that international law, and particularly the UN Charter, establish a normative framework that should regulate the use of ICTs, including international humanitarian law and human rights, which should regulate the responsibility of states. This is essential for maintaining peace and promoting a secure, stable, and accessible and peaceful cyberspace. In addition to complying with the Charter, states using ICTs should fulfill the principles contained in it, including a peaceful resolution of conflicts, not putting in danger international peace and security and justice. and refrain from the use or the threat of the use of force against the territorial integrity or independence of any state, regarding respect for human rights also and fundamental freedoms, and non-intervention in the internal affairs of states. This is the basic foundation, and we’re sure that we will help us reach common understandings on how we can protect the civilian population and have clarity on which actions are prohibited or unacceptable in a situation of conflict. We affirm once again that international humanitarian law applies to cyberspace, and explanation of how it should apply to cyber operations in the framework of armed conflict is a priority for future discussions. As was mentioned by other delegations, we’d like to highlight the recent resolution on the protection of civilian population and other persons and protected property in the face of possible human costs regarding activity using ICTs during armed conflict, proposed by Switzerland and recently adopted during the 34th International Conference of the Red Cross and Red Crescent. Chile supports this strongly because it expresses a commitment to protect the civilian population and other persons and protected property in situation of armed conflict, in particular against risks caused by malicious activities related to the ICTs. We consider that it’s important that countries continue to develop their national positions on the application of international law in cyberspace, and we advocate for this process to be continued at the national or regional level. Our country is working on this at the national level, and we hope to contribute to generate opportunities for dialogue to exchange opinions. We also consider that countries that have advanced on this topic can also support and guide other countries. and conducting the same exercise. As far as your guiding questions regarding capacity building, as we have stated earlier, we believe that we should consider aspects such as sovereignty, the use of force, the non-intervention, due diligence, attribution, among other relevant elements regarding the application of international law to cyberspace, including the application of the principles of international humanitarian law. With a view to how we transition towards a future standing mechanism, we believe that it should be oriented towards action to continue promoting common understandings on norms and how international law applies. For the use of ICTs, we believe we agree with Brazil on the virtue of joint analysis to identify gaps in understanding and application. For this, sharing concrete examples of implementation, interpretation through case studies could contribute to contextualizing how this can apply to specific scenarios, highlighting best practices and lessons learned. A approach based on synergy, the various pillars in its application to specific cases will help us achieve constructive dialogue and progressively reduce gaps and move towards common understanding. Capacity building should include understanding and training of political decision-makers and officials who carry out operational and technical work and should include institutions that have a direct relationship to cybersecurity, cyber defense, and cyber intelligence. Also, it would be important to promote programs that not only focus on training specialists but also an internal discussion at the national level among experts. Institutions to build capacities could be an element that promotes, that fosters states to develop their national position on this topic. So we believe that it’s important to recognize the important role that our region is playing in the area of cybersecurity, the Organization of American States, also the initiative mentioned by Mexico, and the Joint Session of Commissions on Legal and Political Affairs, and the Commission on Hemispheric Security. And that opportunity, Chile was a panelist to discuss advances that could be, that have been made in this open-ended working group. Also at the regional level, the OAS has developed an intense work on training government officials on the application of international law to cyberspace, the most recent development of national positions on international law and joint cyberspace of the OAS and Chatham House. Also it will be very important in the context of our group for states to identify their specific needs in terms of capacity building in this area. This could contribute to guide both regional and global programs on training specialists. And this could also include exchange of information and experience on the impact that these programs have had in the area. Thank you very much.

Chair: Thank you very much, Chile, for your statement. Ireland, to be followed by Czechia.

Ireland: Thank you, Mr. Chair. Ireland aligns with the statement of the European Union, and we would like to make a number of further remarks in our national capacity. 2024 has been a very good year in advancing our collective understanding of how international law applies in cyberspace. Of particular note is the publication of two regional position papers. The African Union led the way in January with its common position, reflecting the views of 55 states. And two weeks ago, the EU and its 27 member states issued a declaration on a common understanding of international law and cyberspace, to which Ireland was pleased to contribute. Over 100 UN member states have now published formal position papers, either individually or as part of a regional group. This is a significant milestone, which demonstrates considerable progress in our work. What is clear from the more than 100 positions published to date is that existing international law is fit for purpose in today’s digital age. While there are clearly some gaps and differences of opinion in our collective understanding, it is not evident at this stage that there are significant gaps in existing international law, and we consider any proposals for new legally binding rules to be premature. Another positive development this year was the publication of UNIDIR’s Compendium of Good Practices on Developing a National Position. We also welcome the recently launched initiative of the University of Exeter, with the support of the CCD, COE, Estonia and Japan, to produce a handbook on developing national positions. We are confident that these resources will assist more states to develop national positions, allowing us to build on recent progress. A further note is that in October, at the 34th International Conference of the Red Cross and Red Crescent, a significant resolution was adopted by consensus on protecting civilians and other protected persons and objects against the potential human cost of ICT activities during armed conflict. This resolution is, without question, premised on the rules that apply in situations of armed conflict under international humanitarian law, including in respect of ICT activities. We recall that the first APR in language that was reiterated in the second and third APRs, recommended that the OEWG’s discussions on international law should focus not just on identifying areas of consensus, but also areas of convergence. While the OEWG has yet to be able to agree consensus language, explicitly affirming the applicability of international humanitarian law in the cyber context, this is quite clearly one area where there is very considerable convergence, with just a handful of states refusing to acknowledge what, in our assessment, is an objective legal fact. It is important that, at a minimum, the convergence of positions and the prevalence of discussion on the crucial issue of IHL are acknowledged in the OEWG final report. In addition to IHL, we considered that there are at least two other areas of consensus or convergence that would merit inclusion in the final report. We would support a reference to human rights, and specifically the acknowledgment that states must comply with their obligations under international human rights law online, just as offline. We would also support a reference to the law of state responsibility, in particular the acknowledgment that states must meet their international obligations regarding internationally wrongful acts attributable to them under international law, which includes reparation for injury caused. In this regard, we strongly support the cross-regional working paper on areas of convergence submitted by Australia, Colombia, and others. Mr. Chair, with regard to the future permanent mechanism, it is important that this is designed in such a way to effectively advance our work on international law. We are pleased that the elements set out in Annex C to the third APR recognized that the future mechanism should continue to study how international law applies in the use of ICTs. From a structural perspective. we do not believe that this would require the creation of a dedicated international law working group. Matters of international law could be addressed within the context of the various thematic working groups, as well as the plenary. However, we do feel that there may be advantages in holding dedicated technical meetings on international law within the framework of the future mechanism. For instance, there could be an annual one-day hybrid format meeting, perhaps to be held in parallel to or back-to-back with the annual plenary meeting in order to maximise in-person attendance, in particular by legal experts from capitals. Technical meetings on international law could provide an opportunity for structured discussions on specific international law issues, expert briefings, scenario-based discussions, and the delivery of capacity building objectives. We would envisage such technical meetings as not being oriented towards any negotiated outcome document, nor would they formally feed into discussions at the plenary or the thematic working groups. Rather, they could provide a forum for discussion, learning, and capacity building, which would indirectly enrich the work of the dedicated thematic working groups and the plenary. We look forward to discussing this proposal further with colleagues, including in the context of the regular institutional dialogue. Thank you, Mr Chair.

Chair: Thank you, Ireland. Czechia, to be followed by Malaysia.

Czechia: Thank you, Mr Chair. Distinguished colleagues, the Czech Republic aligns itself with the EU statement and wishes to deliver additional comments in its national capacity. Mr Chair, let me begin by highlighting the recently published declaration by the EU and its member states on a common understanding of the application of international law to cyberspace. This declaration underscores the EU’s commitment to fostering an open, secure, stable, accessible, and peaceful ICT environment, while promoting responsibility for the protection of human rights and human dignity. Mr Chair, I would like to begin by highlighting the recently published declaration by the EU and its member states on a common understanding of the application of international law to cyberspace. This declaration underscores the EU’s commitment to fostering an open, responsible state behavior in cyberspace. It emphasizes the importance of the full implementation of the UN framework of responsible state behavior in cyberspace, which affirms inter alia that international law, particularly the UN Charter, international human rights law, and international humanitarian law, fully applies to cyberspace. The annex outlines a shared understanding of a non-exhaustive set of legal elements, reaffirming that international law, including international human rights law and international humanitarian law, fully apply to cyberspace, building on the momentum created by the African Union’s position paper published earlier this year. The second regional position paper demonstrates the growing global alignment in endorsing the international order based on international law. In this context, the Czech Republic also supports joint statement delivered yesterday by Fiji on behalf of group of states. Mr. Chair, to address your first guiding question on what additional layer of understanding can we reach related to the topics identified for focused discussion in paragraph 39 of this year’s APR, the Czech Republic believes that scenario-based discussions offer an excellent opportunity to explore the real world applicability of international law provisions in specific situations. These hypothetical scenarios assist states in understanding their respective interpretations of concrete international law provisions in cyberspace, reducing the risk of misunderstanding and fostering deeper insights into each other’s perspectives. Such discussions bring us closer to achieving a common understanding. This valuable contribution to our deliberations was once again possible this morning at the workshop-style side event, International Law as an Effective Toolkit co-organized by Australia, Uruguay, and the Philippines. The side event, proven successful in its two previous iterations, has already demonstrated its effectiveness. Turning to your second question, there have been multiple opportunities outside the OEWG this year to discuss the applicability of. international law to cyberspace. For instance, Estonia, in cooperation with NATO CCDCOE, organized another workshop on international law and cyber operations, this time focusing on international human rights law. The workshop combined expert briefings with scenario-based discussions and successfully continued the tradition of these valuable exchanges. Since 2019, the Czech Republic, together with the ICRC, NATO CCDCOE, and several universities, is also supporting the International Cyber Law Toolkit Project. This project aims to illustrate the application of international law to practical cyber scenarios and to provide a library of existing national and regional positions on the matter. Another notable efforts are also the publishing of the UNIDIR compendium of good practices on developing a national position on the interpretation of international law and state use of ICTs and the development of the handbook on developing a national position on international law in cyberspace by the experts from the University of Exeter, Estonia, Japan, and the NATO CCDCOE. We believe this handbook will offer structured guidance on developing national or common positions on international law as it applies in cyberspace. However, one of the most significant achievements this year is the adoption of the resolution titled Protecting Civilians from the Humanitarian Impact of Digital Technologies in Armed Conflict at the 34th International Conference of the Red Cross and the Red Crescent this October in Geneva. This resolution underscores the importance of safeguarding civilians and civilian infrastructure from malicious cyber operations, further highlighting the humanitarian implications of digital technologies in armed conflict. Following on this resolution, the Czech Republic emphasizes that IHL is designed to protect persons who do not or no longer take part in hostilities and imposes limits on the means and methods of warfare, conduct of hostilities, and provides for the protection of civilians and civilian objects during an ongoing armed conflict. Cyber operations conducted as part of. hostilities during an armed conflict must always be conducted in compliance with all relevant IHL rules, and in particular with IHL basic principles of humanity and military necessity, distinction, proportionality, and precaution. Compliance with these principles in a cyber context may require specific consideration, as the infrastructure in cyberspace is often used for both military and civilian purposes. Parties to armed conflict must carefully design and use cyber tools to distinguish between the population and combatants, and between civilian objects and military objectives when conducting cyber operations. Civilians and civilian objects shall be protected from being the object of attack, including those carried out by cyber means. To conclude, Mr. Chair, we would like to express our deep appreciation to your unwavering leadership and dedication in this challenging role, and to assure you of our full support. Thank you.

Chair: Thank you very much, Czechia. Malaysia, to be followed by Mozambique.

Malaysia: Thank you, Mr. Chair, for giving me the floor. Malaysia reiterates the importance of rule-based cyberspace. We acknowledge the pivotal role of international law, including the UN Charter in maintaining international peace and security, while fostering a culture of responsibility and accountability. My delegation reaffirms our commitment to the principles enshrined in the UN Charter, including state sovereignty, the prohibition of threat of use of force, respect for territorial integrity and political independence of states, and the peaceful settlement of international disputes. We support continued discussions on the application of these principles in the cyber domain, as suggested by many delegations. We also acknowledge the value of dedicated expert discussions. as well as scenario-based exercises as practical approaches to enhance common understanding of international law. In our view, scenario-based exercises will not only deepen our understanding of the topics identified for focus discussion in paragraph 39 of the third APR, but also contribute to the crystallization of other tools that we have developed in this OEWG. For example, the Global POC Simulation Exercise. The simulation exercise, which aims to develop standardized templates for communication between the POCs, is an example of how Member States may benefit from case studies that illustrate the practical applications of elements of the Framework of Responsible State Behavior. Exercises of this nature could assist us in developing, testing, and verifying structures of cybersecurity incident response and management, whether scenario-based, tabletop, or using technological tools with specific injects, they could deepen States’ understanding of international law and its critical role within the Framework of Responsible State Behavior. Mr. Chair, yesterday, the delegation of Egypt mentioned some questions concerning the application of specific rules of international law in the ICT security context, which merits further consideration by the international community. Malaysia supports proposals by Egypt and others for the future permanent mechanism to be allocated sufficient space for States to engage in a substantive manner in unpacking relevant issues of international law. We also see the value of proposals from Brazil to integrate the discussion on international law and norms in the future permanent mechanism. Malaysia also echoes… and widely expressed, emphasize on the importance of capacity building in this field. Targeted capacity building is required to enhance member states’ knowledge and expertise vis-a-vis the application of international law in the cyber domain. Track 1.5 dialogues, including those by UNIDIR, play a meaningful role in this regard, supplementing the formal deliberations of states. Thank you, Chair.

Chair: Thank you, Malaysia. Mozambique to be followed by New Zealand.

Mozambique: Thank you, Mr. Chair, for giving me the floor. Mr. Chair, Mozambique aligned itself with statement delivered by Nigeria on behalf of African group with Fiji, Albania, Egypt, Indonesia, Poland, Pakistan, and others on the application of international law to the use of ICT by states. And in its national capacity, Mozambique delegation would like to highlight the following points. Mr. Chair, international law, including UN Charter, AU Common Position 2024 adopted January this year, and EU declaration applies to the use of ICT by states. Fundational and international recognized principles, such as sovereign equality of all states, non-intervention in internal affairs of other states, respect for territorial integrity, proportionality, peaceful settlement of disputes, and respect for human rights, also form a basis of addressing the challenge posed by ICT. It is important to acknowledge that developing countries, such as Mozambique, face unique challenges in accepting sovereignty in cyberspace due to, but not limited to, resource constraints, technological dependence, and external influence. These multidimensional challenges affect the country’s ability to secure its digital infrastructures, regulate activities in cyberspace, and safeguard national interests. However, before delving into sovereignty in cyberspace, we hold the view that the classic concept of sovereignty, which defines states’ absolute power over its territory and population, falls short to deal with the characteristics of cyberspace, a global environment without territorial boundaries. In cyberspace, presence of interaction is instantaneous, and digital activity transcends geographical limits, making it difficult for states to exercise full control over information and cybercrime. While acknowledging that reality challenges the traditional notion of sovereignty, we emphasize the importance of adaptation to account for digital interdependence, international cooperation, and the role of transnational actors. This approach is critical in order to find balance between state security and independence in a globalized digital context. Mr. Chair, the growing reliance on ICT also introduces a significant international security challenge. Cyber threats, including cyber attacks on critical infrastructure data breaks, and cyber espionage have become major concern for states around the world. These traits do not respect national borders and often involve both state and non-state actors, making it increasingly difficult for individual states to respond effectively within their own jurisdiction. Therefore, international cooperation and establishment of norms and legal frameworks are essential to address this security challenge, ensuring that cyberspace remains a domain for peaceful use of development rather than one other exacerbates geopolitical tensions or destabilizes the region. In our view, the rapid evolution of ICT requires great clarity regarding the application in specific contexts. As such, four aspects are critically important, namely, firstly, defining sovereignty in cyberspace, addressing the boundaries of state’s jurisdiction in the digital realm. Secondly, attribution of cyber activities, establishing clear standards for attributing cyber operations to state and non-state actors. Thirdly, prohibiting harmful ICT activities, ensuring that states refrain from the use of ICT to undermine critical infrastructure or carry out destabilizing cyber operations. Lastly, promoting accountability, strengthening mechanisms to hold states accountable for violation of international law in cyberspace. Mr. Chair, Mozambique remains committed to engaging positively and contributing constructively with the view to build a consensus building among member states. to establish norms, clarities, ambiguities, and address gaps in the current application of international law to ICT. Such efforts should prioritize inclusivity, equity, and shared goals of ensuring that ICTs are used responsibly and for peaceful purposes, while also addressing the growing international security challenge in cyberspace. I thank you.

Chair: Thank you, Mozambique. New Zealand, to be followed by China. Microphone for New Zealand, yes, please.

New Zeland: Thank you, Chair. In the interest of time, I’ll deliver a slightly abridged statement, and we will publish a fuller statement on the website. So Chair, regarding your second guiding question about progress in other fora, I would like to briefly highlight, as others have done, the recent international conference of the Red Cross and Red Crescent. Again, in the interest of saving a little time, we endorse the remarks by others, in particular Brazil, Switzerland, and the UK, on the value of the resolution protecting civilians against the potential human costs of ICT activities during armed conflict. That resolution provides further support for the applicability of international humanitarian law, including the established international legal principles of humanity, necessity, proportionality, and distinction to cyber activities in the context of armed conflict. New Zealand welcomes this development. With respect to your third guiding question on capacity building, New Zealand recognizes the critical importance of facilitating and increasing access to capacity building to ensure that all countries can enjoy the benefits of cyberspace. and to foster a common understanding of the application of international law online. We commend the significant body of work by states, the technical community, academia and civil society that’s been underway for many years now to build capacity and support implementation of the agreed framework for responsible state behaviour. New Zealand does wish to acknowledge the series of training courses run by the United Nations Institute of Disarmament Research here in Geneva. Through 2024 around 100 participants have participated in four courses run by UNIDIR and we understand these courses were a valuable capacity building activity both for legal advisors and diplomats working in this field. Chair, as we look forward to a future mechanism aimed at creating an action orientated platform we envision the establishment of dedicated thematic working groups. These groups would be particularly well suited for scenario based discussions which we believe would underscore the practical relevance of international law and promote common understandings of its application to ICTs. As several others have noted today, scenario based discussions provide valuable opportunities for states to develop and refine their views on international law. We see great potential in dedicated thematic work streams for example focusing on specific challenges such as enhancing incident response cooperation between states and better protecting critical infrastructure. These kinds of work streams would offer a concrete context to explore how international law and voluntary norms apply in cyberspace and how confidence building measures can support the application of international law in addressing these challenges. We thank you Chair.

Chair: Thank you very much New Zealand. China to be followed by Tonga. China please.

China: Thank you Chair. Chair, on the issue of international law, China wishes to highlight the following points. First, upholding international peace and security, and preventing cyberspace from becoming a new battlefield. These are the starting point and ultimate goal of our discussions on international law. The principles enshrined in the UN Charter, including inter alia, sovereign equality, the prohibition of the threat or use of force, the peaceful settlement of international disputes, and non-interference in internal affairs apply to cyberspace. They make up the cornerstone for ensuring peace, security, and stability in cyberspace. China supports prioritizing the study on implementing the principle of sovereign equality. Respecting cyber sovereignty is a manifestation of respecting the purposes and principles of the UN Charter in cyberspace. It is the foundation and sine qua non for maintaining peace, security, and stability in cyberspace, and represents an important consensus at the UN over decades of discussions on information security. Specifically, states have jurisdiction over ICT infrastructure, resources, data, and activities Within their own territories, they have the right to protect their information systems and critical data from threats, interference, attacks, and sabotage. States are entitled to formulate their domestic internet policies and legislation to safeguard the lawful rights and interests of their citizens, businesses, and social organizations in cyberspace. States must neither use ICT to interfere in the internal affairs of other states, undermining their political, economic, or social stability, nor engage in activities that endanger their national security and public interests. All states have the right to equal participation in the management and allocation of international internet infrastructure resources to establish a multilateral, democratic, and transparent system for international internet governance, second, the application of the law of armed conflict or Jews in Belem, and law governing the use of force or Jews at Belem to cyber issues should be approached with caution to prevent escalation and avoid turning cyberspace into a new feud. Hastily applying juicing bellow into cyberspace before resolving the core issue of credible attribution would only provide a legal cover for certain countries to provoke cyber conflicts, spread disinformation, and willfully launch armed conflicts against others. All parties should remain highly vigilant against this. Third, the discussions on the new international legal instrument with the extensive participation of all parties must be based on the unique attributes of cyberspace and consistent with the evolution of cyber and digital technologies. The Draft Convention on International Information Security proposed by Russia provides a solid foundation for such discussions. I thank you, Chair.

Chair: Thank you. China. Tonga, to be followed by Colombia.

Tonga: Mr. Chair, I have the honor of speaking on behalf of the member states of the Pacific Islands Forum with a presence here in New York, namely Australia, Fiji, Kiribati, Federated States of Micronesia, Marshall Islands, Nauru, New Zealand, Palau, Papua New Guinea, Samoa, Solomon Islands, Tonga, Tuvalu, and Vanuatu. The Pacific Island Forum countries would like to offer our thanks to the Chair for your efforts to ensure the OEWG progresses its work, including on international law. We are committed to working with you to deepen common understandings of how international law applies to the use of ICTs and contribute to building consensus within the international community. The Pacific Island Forum countries affirm that international law, including the Charter of the United Nations in its entirety, is applicable and essential to maintaining peace and stability and promoting an open, secure, and prosperous world. stable, accessible, and peaceful ICT environment. Applicable principles include state sovereignty, sovereign equality, the peaceful settlement of disputes, non-intervention in the internal affairs of other states, and the prohibition on the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the purposes of the United Nations. We also emphasize that human rights and fundamental freedoms apply online as they do offline. We welcome the 2024 APR’s recognition of the importance of capacity building efforts in international law, including the recommendation for tailored capacity building to support countries to develop independent national views and positions on the application of international law to the use of ICTs. These capacity building efforts will enable the active participation of more states on an equal footing in this important pillar of work. We support states continuing to share national views and positions on the application of international law to the use of ICTs, which helps with bridging gaps in understanding, avoiding misperceptions, and contributes to preventing conflicts. There have been a range of existing efforts, including those of UNIDIR, which have been useful for international law capacity building, and we hope these efforts can continue and be built upon. We would also welcome further capacity building efforts that have been suggested by states, which could include scenario-based exercises, workshops, training courses, conferences, exchanging best practices. as well as drawing on the experience of relevant regional organizations and the expertise of international legal experts. We look forward to working with you and all members on progressing work on the application of international law in cyberspace throughout the final year of this OEWG and beyond, including under the Future Permanent Mechanism. We hope that we can further elaborate on common understandings of international law in this OEWG’s final report in July 2025. I thank you, Mr. Chair.

Chair: Thank you, Tonga. Colombia, to be followed by Canada.

Colombia: Thank you very much, Chair. My delegation aligns with the statements read by the delegation of Fiji on behalf of a group of countries, and we will now speak in our national capacity. I’d like to start this intervention by highlighting that Colombia deeply appreciates the efforts made in our collective discussions about this subject of international law, which I will now refer to. First, my delegation wishes to highlight the central role of this matter within the context of the Permanent Mechanism to be developed going forward. To do so, we’re convinced of the need to have a thematic group tasked with directly addressing matters related to the application of international law in cyberspace, as well as the rules, norms and principles dealing with intrinsically interlinked matters. Such a scenario would be an important step forward to structure our discussions and ensure that our global legal frameworks are consistently applied in cyberspace. Therefore, my delegation would like to respond to the questions you asked in the following terms. First, in terms of additional… understandings, as referred to in paragraph 39 of the third APR, Colombia believes it’s relevant to continue to build joint understandings on specific principles of international law, such as those set out in the second and first annual reports, particularly the issues of sovereignty, equal sovereignty and peaceful settlement of disputes. This could be part of the work of the permanent thematic group to make further progress. In other fora linked to international law, Colombia believes that there are complementary fora where meaningful progress is already being made for the application of international law in cyberspace, such as the events organized by states, unity initiatives and specialized organisms efforts. All these can offer us valuable experiences to feed into our work within the OEWG. We also think it’s timely to look to the regional spheres, where major outcomes are being achieved in the field of international law. For instance, in the Organization of American States, where recently we helped the joint session of the Committee of Legal and Political Affairs and the Committee of Hemispheric Security to address the current state of play of global discussions about international law in cyberspace. Furthermore, as a regional groups, we have made major contributions through joint statements and positions in this area. These regional experiences are a unique opportunity to exchange good practices, particularly so as to overcome differences in interpretation and to coordinate so that we can facilitate the future work of the permanent mechanism. In terms of access to and strengthening international capacity building, my country and the delegation are very interested in capacity building, particularly geared towards international law. For instance, in unity… has held workshops about developing a national position on developing national law on ICTs, as well as scenario-based workshops on norms of international law and the state use of ICTs. These were truly vital to make further progress on the scope and implementation of international law in cyberspace. We also were invited to participate in trainings on norms of international law in cyberspace in Geneva in September, and the Berlin event on cybersecurity, and the Emerging Leaders Programme of the State Department of the United States on responsible behaviour of states in the use of ICTs. We observe that an important issue continues to be access to capacity building and the applicability of international law in cyberspace. We note the major progress and contributions from states and interested parties to ensure that all are able to be represented appropriately. As such, Colombia approves the creation of mechanisms for cooperation to boost capacity building access, especially for developing countries. This cooperation can help us ensure that all states have capacity to implement the norms and principles of international law in cyberspace, therefore contributing to stability and security for the whole world. We also believe that a scenario which could be conducive to such cooperation would be the permanent mechanism, with the suggested group which could host interdisciplinary discussions and participants from various parts of society. Colombia advocates for gender scenarios to be taken into account, because this is a cross-cutting area in discussions of the OEWG on cybersecurity and international law. This is an aspect we will go further into depth in when it comes to our discussions on capacity building. The recent work, my delegation, as well as other colleagues, regret that substantive reports have not been made of international humanitarian law. Therein, in the report, we hope that the future report will contain further references to this matter. Finally, Chair, I have some news which my country is proud to share with you today. Colombia seeks to present its national position on the application of international law in cyberspace during the next session of the OEWG in February 2025. These discussions will focus on how international law and cyberspace are interlinked, including the applicable legal framework, as well as how UN initiatives can guide our collective actions to contribute to the understanding we have as global partners in this area. Thank you.

Chair: Thank you very much, Colombia, and also for sharing the news of your intention to publish your position. Canada, to be followed by Germany.

Canada: Chair, Canada is glad to have the opportunity to speak again about our continued progress and momentum at the OEWG in building common understandings on international law in fulfillment of our mandate. Chair, in a word, momentum. Our OEWG has built real momentum on international law. The many pieces of our work are coming together the way the many pieces of a birch bark canoe are carefully put together. We thank you for your guiding questions and have framed our remarks to respond to them. On the first question about increased layers of understanding, Canada would first like to underline that over the last four years, we have been seeing an increasingly productive and substantive discussion on international law in cyberspace here at the OEWG. and beyond. The many states and regional groups publishing views on how international law applies to cyberspace have greatly contributed to strengthening our international dialogue with converging views on many topics. This in turn is helping to build common understandings and increased layers of understanding on topics such as state responsibility and international human rights law and of lawful state conduct and what constitutes a violation of international law. These public declarations help reduce the risk of misunderstandings and escalations into more serious disputes between member states. Canada continues today to encourage and support other member states in developing their own national and regional statements given the benefits for states and the broader community. States including Canada have found that the consultations within their government to develop their national position or regional position build capacity and improve internal coordination at the national level. We congratulate the European Union and its member states for having published their declaration two weeks ago. This regional statement, like the African Union’s groundbreaking common position published earlier this year, is a big milestone for the international cyber law community. Both these regional statements are evidence of the growing convergence of views this OEWG is fostering. National and regional positions, Chair, were not the only indicator of the solid progress made this year and in past years. We welcome and support the updated cross-regional paper on the application of international law presented yesterday by Fiji on behalf of a cross-regional group of states. Canada hopes to see the multiple areas of convergence identified in this paper reflected in our final report next July. We recall the cross-regional statement on international humanitarian law. presented by Senegal in March on behalf of a group of states, including Canada, and we reiterate our support for it today. Chair, all of these developments are adding additional layers of understanding that can and should be captured in our final report in July. In relation to your second question, on promising areas of progress made in other fora, there are many. I’ll just mention a few. On internationally humanitarian law, we want to underline the progress made at the 34th Conference of the Red Cross and Red Crescent and the adoption of the resolution there, cited by many of our colleagues earlier, on protecting civilians and other protected persons and objects against the potential human cost of ICT activities during armed conflict. This is further evidence of the emerging consensus on the applicability of IHL in cyberspace. This convergent should be reflected in our final report. On accountability, Chair, the Stimson Centre’s recent report, entitled Advancing Accountability in Cyberspace, Models, Mechanisms, and Multi-Stakeholder Approaches, raises important considerations for improving adherence to international law and implementing the 11 voluntary norms that all member states have agreed. Turning, Chair, to the last question on facilitating and increasing capacity building on international law, Canada continues to actively encourage and support capacity building activities. In terms of recent developments, we take note of the training courses delivered this year by UNIDIR on norms, international law, and cyberspace. I am informed that these were attended by a total of 89 delegates with gender parity from 57 member states that span all regions of the world. This is the cross-regional dialogue we all want and need. Another recent cross-regional initiative was the panel on international law and cyberspace hosted by Egypt during International Law Week. co-sponsored with Brazil, Canada, and the UK. Canada also welcomes the development of other initiatives which are proving successful, such as the one initiated by the University of Exeter, the CCD-COE, Japan, and Estonia on national regional positions, and others by the OAS and Chatham House, the Oxford Process, Estonia’s Talon Workshops, and Cyber Diplomacy School, and others. We would also, Chair, encourage all initiatives producing materials or providing training on cyberspace and international law to consider doing so in the language or languages requested by the target audiences. Chair, to conclude, the many conversations within and around our OEWG on how international law applies in cyberspace are vital, especially because they involve a growing number of states. The richness of our discussions and the growing convergence of views must be captured in our final report. When it comes to our work to shape the future mechanism, Canada will continue to advocate for an approach that is inclusive, that focuses on capacity building, and that facilitates the participation of all member states in clarifying together how international law applies. Such an approach will help us to continue building common understandings in a productive way as we move forward to our final report and beyond. Thank you, Chair.

Chair: Thank you very much, Canada. Germany, to be followed by the Russian Federation.

Germany: Thank you, Chair, for giving me the floor. Germany aligns itself with the statement of the European Union and would like to make the following remarks in its national capacity. Germany welcomes the opportunity to once again address the application of international law in cyberspace. The application of established rules of international law in cyberspace is a cornerstone for ensuring an open, secure, stable, accessible, and peaceful world. cyberspace. We echo the statements of many other states in this regard who have once again reaffirmed this fundamental baseline. As we approach the end of the year, it is a natural time for reflection and review. In doing so with regard to international law and cyberspace, we have observed significant progress in the global dialogue on this crucial issue. Representing a member state of the European Union, allow me to begin by highlighting the declaration on a common understanding on the application of international law in cyberspace, adopted by the European Union and its member states in November. This declaration reaffirms once again how established international law can be, and in our opinion must be, applied in cyberspace. It is particularly noteworthy because it allowed many European states that had not yet done so in such a clear way to voice their opinion on this matter. Following the position paper issued by the African Union earlier this year, which we once again commend the EU for, the EU has become the second regional organization to articulate such a common position on the application of international law in cyberspace. By our count, with these two positions and together with the existing number of national position papers from states, more than half of all UN member states have now voiced their perspective on this important issue. This is a remarkable achievement. In our understanding, it underscores that the existing international legal framework applicable in cyberspace, grounded in customary international law, is seen as sound and sufficient by a great number of states. But it also demonstrates the momentum of the global debate and the significance of our discussions in this forum. In line with this momentum, Germany would also like to welcome recent capacity-building initiatives aimed at deepening our understanding of international law in cyberspace. For example, the UNIDIR training course on norms, international law, and cyberspace held in Geneva last month, brought together representatives of states from diverse regions to discuss specific questions related to the application of international law in cyberspace. From our perspective, the course revealed significant alignment in participants’ views on what constitutes problematic behavior in cyberspace and how such challenges can only be addressed through the already existing framework of international law. Likewise, the fifth Thailand workshop on international law and cyber operations underlined the importance of respecting human rights in cyberspace. The international composition of members furthermore agreed that human rights law applies in cyberspace, in particular in the context of Internet shutdowns and when targeting digital platforms. Similarly, the Roundtable for African Union Member States on the Developing National Positions on International Law, organized by the University of Exeter and supported by Japan, Estonia, and Germany, provided a valuable platform for sharing best practices and promoting capacity building. The forthcoming Handbook on Developing a National Position on International Law in Cyberspace, currently under development by researchers, will be an invaluable resource, especially for states yet to establish a national position on the application of law in cyberspace. Expanding such training programs and workshops will, in our opinion, further facilitate and increase access to capacity building in this vital domain. In this spirit, I would like to use this opportunity to share that Germany and Egypt are co-hosting a workshop by African experts for African Union Member State diplomats at the German House at lunchtime today, right after this session. The interactive learning session provides space to diplomats of the African Union Member States to reflect on cyber diplomacy at the level of the United Nations and is embedded in a wider series of trainings aimed at strengthening African voices in global discussions on cyber and digital diplomacy. As a last point, Germany continues to emphasize the importance of integrating the evolving discourse on the application of international humanitarian law in cyberspace more closely into the work of the OEWG. The recent resolution on the protection of civilians and other protected persons and objects from the potential human costs of ICT activities in armed conflict that was adopted by consensus at the 34th International Conference of the Red Cross and Red Crescent in October, which brings together the contracting parties to the Geneva Conventions, including all UN member states. This underscores the urgency of addressing cyber activities in armed conflict. Once again, Germany would like to reiterate that international humanitarian law applies in cyberspace and that the established legal principles of humanity, necessity, proportionality and distinction must be respected in cyberspace. I thank you, Chair.

Chair: Thank you, Germany. Russian Federation, to be followed by the Philippines.

Russian Federation: Distinguished Chairman, colleagues, good morning. We believe that in order to create a fair and equitable system of international information security, a comprehensive approach is necessary to the elaboration of universal legal instruments that regulate the activities of states in the information space. We think that the principles of prevention and peaceful settlement of disputes, sovereign equality of states, and indivisible security as the basis for such agreements. The new norms should take into account the unique technical and legal characteristics of the information space, and in particular, the cross-border nature of ICTs, the anonymity of their use, and hidden malicious functions and hardware and software vulnerabilities. We support the statement of Iran, Pakistan, and China. as well as the Cuban delegation on behalf of Cuba, Venezuela and Nicaragua on the topic of the application of international law to the use of ICTs. We also noted that certain states, including the chairman, still continue to encourage participants OEWG to the possibility of whether a legal opinion is necessary. We don’t believe – we see no point in further debating the issue of expediency of developing legally binding agreements in the field of international information security. The answer to this question is already known. In August 2024, all UN member states agreed on a draft Convention Against Cybercrime, which once approved, will become the first international treaty in the field of international information security. We’re convinced that this is only the first step towards a universal international legal regime for the use of ICTs. Further measures to bridge the legal gaps in the field of international security should be taken within the framework of the body that will succeed the OEWG in accordance with its mandate, in particular with support for the establishment of a separate thematic subgroup on international law within the future mechanism. Russia also supports the initiative of the president of Belarus to adopt an international legal instrument on non-aggression in the digital sphere and establishing a specific monitoring system. Such an instrument would not only make it possible to formalize the rights and obligations of states in the information service, but also solve the issue of political attribution of computer attacks. The priorities are to contribute to the prevention of conflicts in the use of ICTs and the peaceful use of these technologies, enhance cooperation among countries, while strictly observing the fundamental principle of the UN Charter, the sovereign equality of states. We’d like to once again draw the attention of OEWG participants to the concept of UN Convention on International Information Security. presented earlier within the group, we suggest that this initiative be considered as a basis for the discussing the elements of a future treaty in the field. The document reflects a common understanding of countries on the applicability of universally recognized principles of international law to the use of ICTs. These include, in particular, sovereign equality, the non-use of force or the threat of force, respect for territorial integrity, the peaceful settlement of international disputes, non-interference in internal affairs, fulfillment in good faith of obligations under international law,

Chair: and international cooperation. We call for careful consideration of the initiative and its substantive discussion within the group along with other proposals.

Russian Federation: Thank you.

Chair: Thank you, Russian Federation. Philippines to be followed by Peru.

Philippines: Thank you, Chair. Mr. Chair, speaking on behalf of my delegation, for the first time I extend our profound appreciation for your leadership and that of the permanent mission of Singaporeans during the work of this OEWG. My delegation wish to commend also the valuable initiatives under the UNIDIR SECTEC program, specifically the training in norms, international law, and cyberspace, which had four iterations this year. The Philippine mission has greatly benefited from this training, which provided a rich overview of the OEWG’s process, progress, and reinforced fundamental concepts, including norms of responsible behavior, principles such as sovereignty, non-intervention, and self-defense, and remedies for cyber attack scenarios. The scenario-based exercises were also particularly valuable in deepening our practical understanding. We are inclined to send our expert to participate in future iterations of this kind of program should they continue. We also express our gratitude to the donors who supported this UNIDIR and the SECTEC program, making such critical capacity-building initiatives possible. These contributions have empowered member states, particularly developing countries, to engage meaningfully in these discussions. Mr. Chair, throughout this OEWG, developing countries have emphasized the urgent need for capacity-building and bridging the digital divide. Training, such as the UNITY training, exemplifies a meaningful response to these calls, equipping member states with the knowledge and skills necessary to engage effectively in our discussions. The Philippines believes it remains premature to conclusively determine whether existing principles of international law adequately address all existing cybersecurity concerns, and even more so, whether we’re already future-proof given the evolving nature of the cyber domain. We agree with other delegations before us that the issue is not whether existing international law applies, but rather how. This is why scenario-based exercises should be an important activity in our future permanent mechanism. Scenario-based exercises could be the best practice for honing the competencies of operational, legal and diplomatic experts. Such exercise also allows us to acknowledge differences in legal interpretation, and in turn allows us to understand each other better, and explore remedies despite divergent approaches. In this regard, like other delegations, we regret that the reference to the importance of scenario-based exercises did not find universal support from the OEWG in the third annual progress report. We echo the importance of this capacity-building and fostering inclusive dialogue and advancing common understandings. Efficiency in state behavior, reduced risk of miscalculation, and clear consequences for unlawful actions are outcomes that benefit us all. This morning, the Philippines, together with Australia and Uruguay, hosted a third iteration with a side event entitled International Law as an Effective Toolkit. This workshop-style discussion offered delegates a chance to explore the application of international law to malicious cyber conduct. The eager participation of delegates this morning underscores the importance of such interactive platforms, which test understanding and expand perspectives on international law’s application and limitation. We wish to thank all delegations who woke up early this morning and joined us at 7.45. and participated in today’s side event. In response to the guiding questions of the chair on international law, my delegation would like to raise three points. First, additional layers of understanding can emerge through, again, scenario-based workshops, expert briefing, open dialogues to clarify divergent interpretations of international law principles. Number two, promising areas of progress include capacity building initiatives, like we said, the Unity Iran Talent Workshop, the CCDCOE Cyber Law Toolkit, the scenario-based workshop that we had this morning, and other collaborative platforms that enhance understanding and exchange of best practices. Another promising area of progress is in the application of IHL in cyberspace. In this regard, like others, we welcome the adoption by the 34th Conference of the ICRC and Red Crescent of the Resolution Protecting Civilians and Other Protected Persons and Objects Against Potential Human Costs of ICT Activities during armed conflict in Geneva last October. Number three, to increase capacity building, we must prioritize inclusivity, expand partnerships with think tanks and academic institutions, and ensure resource sharing among all states. Mr. Chair, I would like to react to some proposals, interventions we’ve heard on the floor. We thank Egypt for raising all the right questions yesterday, and we agree that these legal questions merit the OEWGs and the future mechanisms consideration. We agree with Mexico, Brazil, Estonia, and Canada, and others, other delegations, for more delegations, especially developing countries, to publish their national position on the interpretation of the application of international law in the cyber domain, and to develop a regional position, common understanding on the subject as well. In this regard, we look forward to UNIDIR’s iteration of their norms in international law workshop in Thailand next year, and we’re hopeful that this particularly assists the Philippines in developing and completing our national position on the paper in this subject. We also take keen interest in the recommendation of South Africa to refer the applicability of international law in cyberspace to the International Law Commission. We further share with Brazil that we do not see any contradiction between the applicability of current international law to cyberspace and an eventual lack of specialists on the subject, or between binding obligations and voluntary norms, which are complementary and mutually reinforcing. In this regard, we can also support that the future mechanism should, within its thematic groups, integrate the bids on international law and on norms, rules, and principles of responsible behavior in the cyber domain. The Philippines supports our continued dialogue within the OEWG on the applicability of international law in the use and security of ICT. We also reaffirm our commitment to fostering a secure, inclusive, and rules-based digital future for all. Thank you very much, Chairman.

Peru: As this is the first time I have spoken, allow me to congratulate you for the excellent work you have accomplished at the helm of this important open-ended working group, and for the achievements racked up to date. On behalf of my delegation, I would like to reiterate to you the continued support of Peru in these commitments. As is known, international law plays a fundamental role in establishing limits and regulating the conduct of actors involved in cyberspace. One of the challenges for the effective application of international law is the lack of consensus on how norms and principles which already exist apply to online activities, in addition to its transnational nature, which hampers the identification and prosecution of those responsible for cybercrimes. This is why we need to foster capacity building and knowledge exchange on cybersecurity and international law so as to improve understanding and application of existing norms and principles. In this vein, I’d like to highlight that Peru has already stated its position on various aspects of this matter in the context of the work and mechanisms of the Organization of American States, or OAS. In 2020, for instance, the Secretariat for Legal Affairs of the OAS and the Technical Secretariat of the Inter-American Legal Committee sent to member states a questionnaire on various aspects linked to the applicability of international law in cyberspace, including prohibition of the use of force, the right to self-defense, international humanitarian law and human rights. The questionnaires included questions on whether cyber operations in and of themselves constituted a use of force, on the responsibility of a state for cyber operations of a non-state actor, on the degree of control or participation that the state should have in operations of non-state actors, on whether a cyber operation could be deemed an attack in accordance with the norms guiding the prosecution of hostilities, as well as many other questions. Peru and other countries in the region have stated their position on these matters, including with interviews and meetings held by legal representatives of foreign ministries. Peru confirmed its position on the application of international law in the field of cyberspace, highlighting the validity of various human rights in cyberspace as well, including the right to privacy, the right to information, the right to self-expression, the right to equal access and free access to information, eliminating the digital gap, the right to intellectual property, the right to flows of information and the right to confidentiality of communications. On the principle of due diligence, Peru has taken the stance that the principle of due diligence should be part of international law that states apply in cyberspace. That is to say, the state should exercise due diligence. and not allow their sovereign territory, including infrastructure under their control to be used to carry out cyber operations which could be to the detriment of rights or have adverse consequences for other states. With that in mind, these questionnaires and meetings with the legal representatives of foreign ministries promoted by regional organizations such as the OAS are very important indeed to continue discussions on these matters and start forming common positions or positions of like-minded countries which could eventually become elements of a legal nature for the negotiation of a normative framework specifically pertaining to cyberspace on the questions that this field includes, including cyber security, the protection of data, privacy and responsibility of state and non-state actions. On the guiding questions for this section about what more can be done to increase capacity building in this area and facilitate it, we recommend that the current open-ended working group and or its future mechanism assess the possibility of compiling, bringing together rather legal representatives of states to exchange ideas and positions on the applicability of international law in cyberspace, including the financing of participation costs thereof to ensure that the least developed countries are represented too. Thank you.

Chair: Thank you very much, Peru, for your statement. Dear friends, I think we have about seven more delegations, so we’ll certainly need to continue in the afternoon. So this is what I intend to do. This afternoon we will meet at 3 p.m. for the dedicated session with stakeholders. That is part of our work program and our practice in the open-ended working group. We have about 15 stakeholders who have inscribed to speak and it is important that we hear them and give them that opportunity to participate this afternoon. So immediately after that, we will continue with the rest of the speaker’s list on international law and then flow into the next topic for discussion, which is confidence building measures. And in the context of the time constraints that we are facing, we will have to apply some time limits for the contribution by the stakeholders. Stakeholders who are following the discussions know that we are operating under time constraints and I seek the understanding and I would encourage and urge them to limit their statements to three minutes each. And of course, you would have the opportunity to make your statements in writing. So that’s how we will proceed this afternoon. But before we conclude in the remaining minutes that we have before one o’clock, I wanted to share with you some of my impressions. First, I think there are many positive aspects to our discussions on international law, which is, first of all, the fact that so many of you have made statements, have come prepared with very, very detailed and thoughtful statements, including, I think, with the participation of many legal experts here in the room. And even if legal experts are not in the room, the statements are clearly prepared in a very thoughtful way within your own capitals with the participation, no doubt, of your legal experts. So I clearly have the sense that the discussions are deepening. and becoming more detailed, and for all those reasons, I would give all of you wearing my hat as a school teacher from Singapore, a great A plus. Well done, you’ve done so well that obviously the allocated time is not sufficient for this discussion. And that is also an indication that this is a topic that is so important that we need to reflect how we can allow for this important discussion to continue in the future permanent mechanism. But we’ll come to that at a later point. The second positive aspect is the fact that there have been more and more group positions. Of course, African Union followed this week by the European Union and different cross-regional groups presenting coordinated positions on different aspects. I think that is good because when we first began the process, I think this was a topic where there was a lot of, what shall I say, not hesitation, but a certain carefulness in terms of taking public positions. But I think over the last three to four years, I think delegations have thought very deeply about this question, and there’s a certain desire and even a demand, I would say, to express their views in a formal way, and I think that should be encouraged because I think that is part of the process of building confidence in a transparent way for countries to share their positions and through such understanding of each other’s position, hopefully avoid. misunderstanding, leading to differences between states. So this is definitely something that is worthwhile. Now the other positive aspect is the very strong foundation we have. I think everyone has affirmed again and again that international law applies to the use of ICTs and the discussion has been how international law applies and we have repeatedly reaffirmed this and identified different areas for further discussions relating to how international law applies. So if you look at the first annual progress report, the second and the most recent one in July, clearly there is a greater and greater elaboration in terms of the listing of issues. So I think we are certainly getting closer and closer and also getting to certain common understandings of how international law applies. So this I think is a fundamental discussion and even a foundational discussion because everything we do at the UN is founded on international law, the UN Charter. So this is a discussion that we must continue. But there are also some aspects which are not as positive because the divergences remain, the divergences are sharp. And this is where I notice some tensions and I think we are at a crossroad in our process. We cannot just repeat the discussions from the last 25 years, from the GGE to OEWG 1 and OEWG 2.0 now, repeat the same talking points for 25 years. We have to take a step forward. forward. And I made that point yesterday in the context of norms. Whether we are walking or running, we need to take a step forward. And we certainly are not going to take a step backward. That would be not at all a good idea. And I don’t think we are stepping backward, frankly, on any issue, so that’s a positive sign. But we need to avoid a situation of standstill, where we are so comfortable that we don’t want to move, we don’t let others make a move, and therefore we are ready not to move ourselves, and therefore nothing moves. So I think the status quo with regard to the discussions on international law, and not just international law, I said yesterday also in the context of norms, the status quo is increasingly becoming untenable. And one of the fundamental tensions is this. On the one hand, we have a view that says that international law applies. It’s already future-proof. All we need to do is understand how it applies, and everything will be clear, and we don’t need any legally binding instruments or agreements. That’s one point of view that we have heard, and with which you are all familiar. The other point of view is that, yes, it applies, but we really need to discuss the need for a legally binding agreement, instrument. We need to get started with that, because that’s the only way to get to where we need to go, which is make sure that everyone follows international rules based on a very binding framework. And so for those who advocate international law, I think that’s a very important point. the need for a legally binding instrument. At the same time, they are reluctant to talk about certain issues. If you advocate the need for a legally binding agreement, you have to be ready to discuss any issue. International humanitarian law, human rights law, state responsibility, everything has to be discussed. So there’s also, I see, from the podium, and this is not intended as a criticism, certain tensions in the positions are here, contradictions even. But on the other hand, there are those who say we don’t need a legally binding instrument, but we want to keep discussing international law. But we want that discussion, and we need time and space, but we don’t want a predetermined outcome. In other words, we don’t want a legally binding instrument, but we are happy to talk about international law. But you can’t bring lawyers together and say you can talk about everything, but don’t talk about a legally binding instrument, because that’s not in line with our current talking points or deeply defined positions by capital. So there, too, there is a tension, if not a contradiction, in positions. So I’m being even-handed by pointing out to both sides the contradictions in the positions that are being expressed. Now, these are perhaps not even contradictions. These are political positions that can always be squared. Circles are constantly squared on a daily basis at the United Nations. We can finesse them, but we will not be able to make any step forward on a discussion on international law. The starting point for us also is not a bad one, because we have, as part of the elements for the future permanent mechanism, in paragraph 9, agreed on a certain function for the future permanent mechanism, which would include a range of issues, including, in that context, how international law applies, and In that context, we have noted the possibility. So friends, I think that it is time to take a serious look. We should stop kicking the can down the road. You can continue this for eternity in the eternal future mechanism, but if you are serious both sides about wanting to take a step forward, you need to acknowledge the need to be flexible with regard to the other side’s position. And again, for example, there’s another tension that I see. On the one hand, some of you have, in this context, said we need to capture the range of views and you see signs of convergence. Yes, it’s possible to do that. And I hope that we can, even if we don’t agree on certain positions, reflect the range of views. Because if each side says, I cannot agree to this, and the other side says, I cannot agree to that, then you are back to the bare minimum where the annual progress report or the final progress report is not going to take a step forward. You will have basically a standstill situation. But if we take the approach that in international law, we will reflect the range of views and the emerging convergence, then that also must apply for the other section in the context of norms. And there, too, there is a tension. And I pointed that out yesterday. Because there are those who say the norms that we have are good for eternity. And there are others who say, no, no, we need new norms because technology has changed. And then the counter is that technology changes, but the norms need not change. And it goes back and forth. These are circles that can be squared, but there are serious tensions in the positions that I see from the podium. Now, for the last three years, we have sort of finessed it by making incremental steps. But I think as we approach this final phase of the OEWG’s work, we need to ask ourselves some serious questions. What do we want the Future Permanent Mechanism to do? If you want the Future Permanent Mechanism to engage in a substantive discussion on international law, we have to create a space. And I think there was also a comment, I think from Ireland, that yes, we want to discuss international law, but we don’t want a dedicated thematic group, but we can call it a dedicated technical group. Fine, you can call it whatever you wish, but the fundamental question is do we agree we need to give them time and space to discuss international law? Is it time to bring legal experts into the conversation? I think some of you would like to bring them in, but you’re also afraid of bringing legal experts in, because legal experts might take the conversation in a different direction. So I think the schizophrenia that I sense, not just with regard to any delegation, the collective schizophrenia, so don’t take it personally, you know, needs to be addressed. If we want it, and we may not like it, but we need to recognize that different sides need different things, different sides want to make progress on different things. And I think it’s possible to take a collective step forward. I really think it’s possible, because we have enough elements to put together. But that means that each side has to live with elements that the other side wants. And so while I am very happy to listen to all your thoughtful statements, it still begs the question, what do we put together in the final report? And so I want you to start thinking about it, because the positions that I’ve heard, some of them have not changed, some of them since the GGE period, which is like the sort of, you know… more than five to six years ago, the OEWG1 period, and then now we are almost at the tail end. I mean, certain things we need to address. In my view, protection of civilians in a current context is important. International humanitarian law is important. I think collectively, that’s what we are doing here at the UN. And that doesn’t mean we are pointing fingers at anyone in particular. I think, again, in the context of the threat discussions or the landscape for the threats, I said that we should avoid pointing fingers because that is not the route to finding consensus. But we need to take a hard and fast look in terms of what we want and how do we move in tandem with some of the other processes at the UN. And it is true that we have adopted a legally binding agreement on a range of issues. The cyber crime is one example. And in that context, at the same time, here we take the view that we are not ready for that discussion. But some of you have also said that the door is open. So I think there are many positive signs to that. So friends, I thought about whether I should say everything that I have just said. It’s easier for me to say that the meeting is adjourned, but it’s my responsibility to you to point out some of the tensions, the contradictions that you have to grapple with. And so if you repeat the standard provisions and statements and talking points from OEWG1 to OEWG2, then we are in a standstill situation and we could potentially even step back. So I want each one of you to think very creatively, not just at this session this week, but also for the session in February and then leading to the final session in July. So with those comments, the meeting is adjourned. We’ll meet at 3 p.m. And my thanks to the interpreters. Thank you. .

Agreement Points

International law applies to cyberspace

North Macedonia

Ireland

Estonia

Mozambique

Cuba

Russian Federation

International law, including UN Charter, fully applies to cyberspace

Existing international law is fit for purpose in the digital age

International law, including IHL and human rights law, applies to cyberspace

Principles like sovereignty and non-intervention apply to cyberspace

International law applies but new legally binding instrument needed

Existing international law insufficient, new cyber-specific treaty needed

While there is consensus that international law applies to cyberspace, there are differing views on whether existing law is sufficient or if new instruments are needed.

Capacity building is crucial for understanding and applying international law in cyberspace

Indonesia

Philippines

Peru

New Zealand

Colombia

Canada

Support capacity building to develop national positions on international law

Capacity building needed to bridge digital divide and enhance participation

Expand partnerships with think tanks and academia for capacity building

Support scenario-based exercises and workshops for capacity building

Facilitate access to capacity building for developing countries

Encourage development of national and regional positions through capacity building

There is strong agreement on the importance of capacity building initiatives to enhance understanding and participation in international cyber law discussions, particularly for developing countries.

Human rights apply in cyberspace

Tonga

Ireland

Germany

Poland

Japan

Peru

Human rights and fundamental freedoms apply online as they do offline

States must comply with human rights obligations in cyberspace

Human rights law applies to ICT activities and new technologies

Right to privacy and freedom of expression relevant in cyber context

Human rights in cyberspace need further examination

Various human rights apply in cyberspace, including privacy and free expression

There is consensus that human rights principles apply in cyberspace, with emphasis on specific rights like privacy and freedom of expression.

Similar Viewpoints

These speakers agree that International Humanitarian Law (IHL) applies to cyberspace, particularly in the context of armed conflicts, and emphasize the importance of protecting civilians from cyber operations during conflicts.

Brazil

Switzerland

United Kingdom

Czechia

IHL applies to cyber operations in armed conflicts

IHL protects civilians from ICT activities during armed conflict

IHL applies to cyberspace but does not legitimize cyber warfare

IHL applicability to cyberspace should be reflected in OEWG report

These speakers advocate for dedicated discussions or groups focused on international law within the future permanent mechanism, although they propose slightly different formats or approaches.

Colombia

South Africa

Ireland

Russian Federation

Brazil

Support dedicated thematic group on international law in future mechanism

Need focused discussions on international law in future permanent mechanism

Technical meetings on international law needed in future mechanism

Thematic subgroup on international law needed in future body

Integrate debates on international law and norms in future mechanism

Unexpected Consensus

Importance of scenario-based exercises for understanding international law in cyberspace

New Zealand

Philippines

Estonia

Support scenario-based exercises and workshops for capacity building

Capacity building needed to bridge digital divide and enhance participation

International law, including IHL and human rights law, applies to cyberspace

Despite representing different regions and levels of technological development, these countries unexpectedly agree on the value of practical, scenario-based exercises for enhancing understanding of how international law applies in cyberspace.

Overall Assessment

Summary

The main areas of agreement include the applicability of international law to cyberspace, the importance of capacity building, and the relevance of human rights in the digital domain. There is also growing consensus on the applicability of International Humanitarian Law to cyber operations in armed conflicts.

Consensus level

Moderate consensus with significant implications. While there is broad agreement on fundamental principles, there are divergent views on the need for new legally binding instruments and the specific application of existing laws to cyber scenarios. This level of consensus suggests that future discussions will likely focus on clarifying the practical application of international law in cyberspace and potentially developing new frameworks to address unique challenges in the digital domain.

Disagreement Points

Need for new legally binding instruments

Ireland

Cuba

Russian Federation

Existing international law is fit for purpose in the digital age

International law applies but new legally binding instrument needed

Existing international law insufficient, new cyber-specific treaty needed

Ireland argues that existing international law is sufficient for the digital age, while Cuba and Russia advocate for new legally binding instruments to address cybersecurity challenges.

Application of International Humanitarian Law (IHL) to cyberspace

Brazil

Switzerland

China

IHL applies to cyber operations in armed conflicts

IHL protects civilians from ICT activities during armed conflict

Application of IHL to cyberspace should be approached cautiously

Brazil and Switzerland support the application of IHL to cyberspace, particularly in armed conflicts, while China argues for a cautious approach, warning of potential escalation.

Unexpected Disagreements

Approach to capacity building on international law

Indonesia

Philippines

Peru

New Zealand

Colombia

Support capacity building to develop national positions on international law

Capacity building needed to bridge digital divide and enhance participation

Expand partnerships with think tanks and academia for capacity building

Support scenario-based exercises and workshops for capacity building

Facilitate access to capacity building for developing countries

While all speakers support capacity building, there are unexpected differences in their proposed approaches, ranging from developing national positions to scenario-based exercises and partnerships with academia.

Overall Assessment

Summary

The main areas of disagreement revolve around the need for new legally binding instruments, the application of International Humanitarian Law to cyberspace, and the specific approaches to capacity building and future discussions on international law.

Disagreement level

The level of disagreement is moderate to high, with significant implications for the development of international cyber law and policy. These disagreements could potentially hinder progress in establishing a unified global approach to cybersecurity and the application of international law in cyberspace.

Partial Agreements

All speakers agree on the need for continued discussions on international law in the future mechanism, but differ on the specific format and structure of these discussions.

Colombia

South Africa

Ireland

Russian Federation

Brazil

Support dedicated thematic group on international law in future mechanism

Need focused discussions on international law in future permanent mechanism

Technical meetings on international law needed in future mechanism

Thematic subgroup on international law needed in future body

Integrate debates on international law and norms in future mechanism

Similar Viewpoints

These speakers agree that International Humanitarian Law (IHL) applies to cyberspace, particularly in the context of armed conflicts, and emphasize the importance of protecting civilians from cyber operations during conflicts.

Brazil

Switzerland

United Kingdom

Czechia

IHL applies to cyber operations in armed conflicts

IHL protects civilians from ICT activities during armed conflict

IHL applies to cyberspace but does not legitimize cyber warfare

IHL applicability to cyberspace should be reflected in OEWG report

These speakers advocate for dedicated discussions or groups focused on international law within the future permanent mechanism, although they propose slightly different formats or approaches.

Colombia

South Africa

Ireland

Russian Federation

Brazil

Support dedicated thematic group on international law in future mechanism

Need focused discussions on international law in future permanent mechanism

Technical meetings on international law needed in future mechanism

Thematic subgroup on international law needed in future body

Integrate debates on international law and norms in future mechanism

Key Takeaways

There is broad consensus that existing international law applies to cyberspace, but disagreement on whether new legally binding instruments are needed

Capacity building on international law in cyberspace is widely supported, especially for developing countries

The applicability of international humanitarian law (IHL) to cyberspace is a key area of discussion, with most states supporting its application

Human rights law is generally agreed to apply in cyberspace, though further examination is needed

Many states support continued focused discussions on international law in the future permanent mechanism, though the exact format is debated

Resolutions and Action Items

Consider reflecting the range of views and emerging convergence on international law in the final OEWG report

Explore options for dedicated discussions on international law in the future permanent mechanism

Encourage more states to publish national positions on how international law applies to cyberspace

Continue and expand capacity building efforts on international law in cyberspace

Unresolved Issues

Whether new legally binding instruments are needed for cyberspace

How to structure discussions on international law in the future permanent mechanism

How to reconcile divergent views on the application of IHL to cyberspace

How to address tensions between different states’ positions on international law topics

Suggested Compromises

Reflect range of views on international law in final report, even if consensus not reached on all points

Consider technical meetings or dedicated space for international law discussions in future mechanism, without necessarily creating a formal thematic group

Acknowledge applicability of IHL to cyberspace while emphasizing it does not legitimize cyber warfare

Integrate discussions on international law with debates on norms in future mechanism

We regret that scenario-based exercises conducted by academics and research institutions have been excluded from the last annual progress report. Structured discussions involving state representatives and legal experts remain crucial for advancing on the application of international law.

Speaker

Italy

Reason

This comment highlights the importance of practical exercises and expert involvement in understanding how international law applies to cyberspace, challenging the exclusion of these valuable inputs from official reports.

Impact

It sparked further discussion from other delegations about the value of scenario-based exercises and expert involvement, with several subsequent speakers echoing support for these approaches.

We support prioritizing the study on implementing the principle of sovereign equality. Respecting cyber sovereignty is a manifestation of respecting the purposes and principles of the UN Charter in cyberspace.

Speaker

China

Reason

This comment introduces a focus on cyber sovereignty as a key principle, framing it as an extension of existing UN Charter principles into the digital domain.

Impact

It shifted part of the discussion towards debating the nature and extent of state sovereignty in cyberspace, with some subsequent speakers addressing this concept either directly or indirectly.

We echo the importance of regional positions in building a common understanding of how international law applies in cyberspace. In addition to the common position of the African Union, the declaration of the European Union is aiming to create more transparency and comprehension.

Speaker

Estonia

Reason

This comment emphasizes the value of regional approaches and consensus-building in developing shared understandings of international law in cyberspace.

Impact

It highlighted a trend towards regional coordination, with several other speakers subsequently referencing or praising regional position papers and declarations.

The status quo with regard to the discussions on international law, and not just international law, I said yesterday also in the context of norms, the status quo is increasingly becoming untenable.

Speaker

Chair

Reason

This comment from the Chair challenges the participants to move beyond repeating established positions and pushes for progress in the discussions.

Impact

It served as a critical reflection on the overall state of the discussions, potentially influencing how delegates approach future sessions and the final report.

Overall Assessment

These key comments shaped the discussion by highlighting the need for practical approaches like scenario-based exercises, emphasizing the importance of regional coordination, introducing debates about cyber sovereignty, and challenging participants to move beyond established positions. They collectively pushed the conversation towards more concrete and action-oriented discussions about how to advance understanding and application of international law in cyberspace.

How does the principle of state sovereignty apply to ICT-related activities?

Speaker

Indonesia

Explanation

This is important to clarify policy formulation and safeguarding of critical ICT infrastructure within national jurisdictions.

How can we clarify the responsibility of states to prevent malicious cyber activities emanating from their territories?

Speaker

Indonesia

Explanation

This is crucial for establishing clear accountability and preventing harm to other states.

What potential mechanisms can be explored to address disputes arising from ICT-related activities?

Speaker

Indonesia

Explanation

This is necessary to ensure peaceful resolution and adherence to international law in cyberspace conflicts.

How can we address ambiguities in how international law applies to scenarios such as armed conflicts, use of force, or emerging technologies?

Speaker

Indonesia

Explanation

This is important to provide clarity on legal frameworks in evolving cyber contexts.

How does the principle of non-intervention apply in countering cyber-influenced campaigns targeting political systems of other states?

Speaker

Indonesia

Explanation

This is crucial for protecting state sovereignty and preventing foreign interference through cyber means.

What kind of cyber operations constitute a violation of international law?

Speaker

Japan

Explanation

This is important to establish clear boundaries of lawful state conduct in cyberspace.

Which tools are available under international law for states whose legal interests have been infringed by cyber operations?

Speaker

Japan

Explanation

This is crucial for understanding remedies and responses available to states facing cyber threats.

How can we develop a shared lexicon to provide clear definitions for various cybersecurity-related terminologies?

Speaker

Pakistan

Explanation

This is important for establishing common understanding and facilitating more effective international dialogue.

How can we address the challenge of cyber attribution?

Speaker

Pakistan

Explanation

This is crucial for establishing accountability and deterring malicious cyber activities.

How can international law be applied to scenarios such as Internet shutdowns and targeting of digital platforms?

Speaker

Germany

Explanation

This is important for protecting human rights in the digital sphere.

How can we integrate debates on international law and on norms, rules, and principles within the future mechanism?

Speaker

Brazil

Explanation

This is important for developing a comprehensive approach to cyber governance.

Should the applicability of international law in cyberspace be referred to the International Law Commission?

Speaker

South Africa

Explanation

This could provide authoritative guidance on complex legal issues in cyberspace.