UN OEWG 2021-2025 – International law

30 Mar 2022 19:00h - 22:00h

Event report

Session 6 of the second substantive session of the UN OEWG 2021-2025 addressed the issue of how international law applies to the use of information and communications technology (ICT) by states. It was held in an informal mode as a working group. Delegations presented different opinions on whether international law applies and how the work of the OEWG can contribute to a better understanding of national positions on the applicability of international law.

Australia, Austria, Botswana, Brazil, Canada, Chile, Colombia, Costa Rica, the Czech Republic, Egypt, Estonia, the European Union and its member states, the candidate countries, North Macedonia, Montenegro, and Albania, the country of the stabilisation and association process and potential candidate, Bosnia and Herzegovina, as well as Ukraine, the Republic of Moldova, Georgia, San Marino (EU), Fiji, France, Germany, Ghana, Guatemala, India, Ireland, Japan, Kenya, Malawi, Mexico, the Netherlands, New Zealand, Paraguay, the Republic of Korea, Singapore, South Africa, Sweden, Switzerland, the United Kingdom (UK), Uruguay, and the USA confirmed that international law, including the UN Charter in its entirety, applies to the use of ICT by states. These countries see it as the task of the current OEWG to build on previous GGE and OEWG reports and develop a deeper understanding among states of how international law, and in particular, international humanitarian law and international human rights law apply to state cyberspace activities. 

On behalf of the Non-Aligned Movement, Indonesia stated that the OEWG should discuss and build a layer of understanding on the application of international law in the use of ICT to achieve the same results as the 2015 GGE Report for the norms, rules, and principles of state behaviour in cyberspace.

Belarus voiced that while norms and principles of international law in the UN Charter may be applicable in the field of ICT, the UN Charter does not contain specific applicability regulations. Belarus, together with Cuba, Iran, the Russian Federation, and the Syrian Arab Republic called for the development of a new single international legally binding instrument to regulate states’ behaviour in cyberspace. The Russian Federation, Cuba, and the Syrian Arab Republic see this new legally binding instrument being developed under the auspices of the UN. 

Australia, Estonia, the EU, France, Ireland, and Switzerland opposed the proposal to create the new legally binding instrument. They said it would mean a significant setback in the efforts to advance international security and stability that would lead to confusion and misunderstanding. They pointed out that efforts must be focused on implementing the existing rules and laws.

With respect to the subject matter to be discussed within the OEWG in order to determine how international law applies to states’ activities in cyberspace, delegations presented several priority topics.

Austria, Canada, Colombia, Costa Rica, Chile, the Czech Republic, El Salvador, Estonia, the EU, Guatemala, Indonesia on behalf of the Non-Aligned Movement, Ireland, Japan, the Netherlands, New Zealand, Mexico, Paraguay, the Republic of Korea, South Africa, Sweden, Switzerland, and the UK stated that the OEWG needs to discuss how international humanitarian law and its principles of humanity, necessity, proportionality, and distinction apply in cyberspace. Austria, the Netherlands, New Zealand, Sweden, Switzerland, the UK, and the USA stressed the importance of applying international humanitarian law to cyberspace in situations of armed conflict. The Czech Republic and the UK pointed to the need for addressing the protection of humanitarian actors and human rights defenders that are crucial to collecting evidence of unlawful activities.

In its statement, the International Committee of the Red Cross (ICRC) emphasised that international humanitarian law applies in cyberspace in situations of armed conflict and that the established international legal principles and rules protecting civilians and non-combatants impose limits on the conduct of cyber operations.

Cuba opposed these opinions and rejected the automatic application of international humanitarian law in cyberspace. Cuba rejected any reinterpretation or application of Art. 51 of the UN Charter in the area of cybersecurity and stated that it will not accept any armed attack alleging the use of self-defence in response to a cybersecurity incident, and that a cyberattack will not equate to a traditional armed attack.

Principles of international law were also high on the list of priorities – sovereignty (Botswana, Egypt, El Salvador, Germany, Ghana, India, Indonesia on behalf of the Non-Aligned Movement, Japan) sovereign equality (Egypt, Ghana), non-interference (Ghana, India, Japan, the UK), refraining from the threat or use of force (India), and settlement of disputes by peaceful means (Canada, Egypt, Ghana, India, Switzerland). The Russian Federaation proposed for the OEWG to focus on how specific principles of international law can be applied to the use of ICT and the identification of gaps and unregulated areas in existing international law.

The importance of discussion on the application of human rights was specifically mentioned by Canada, El Salvador, Estonia, the EU, Ghana, Iraq, Japan, the Netherlands, Switzerland, and Uruguay. 

Other areas that need to be discussed within the OEWG concerning states’ behaviour in cyberspace and capacity building support should be: 

  • Breach of sovereignty (Botswana, India, Indonesia on behalf of the Non-Aligned Movement, the Republic of Korea)
  • Attribution of internationally wrongful acts, substantiation of attribution, and the difference between legal, technical, and political attribution (Australia, China (in Session 5), IndiaIndonesia on behalf of the Non-Aligned Movement, Japan, the Netherlands, Switzerland
  • Principle of due diligence (Austria, the Czech Republic, El Salvador, France, Japan, Switzerland)
  • Protection of critical infrastructure, especially health facilities (Austria, the Czech Republic, El Salvador, Fiji, Guatemala, India, Switzerland, the Syrian Arab Republic, Uruguay)  
  • Development of universal terminology in the area of cybersecurity (Egypt, the Russian Federation, the Syrian Arab Republic)

Delegations also discussed how the work of the OEWG should be structured and the best ways to share national positions on how international law applies to the use of ICT by states to support legal capacity and policy development in this area.

Some delegations voiced support for holding thematic discussions in dedicated groups on specific topics with experts involved, either within the regular OEWG or during the inter-sessional periods (proposed by Costa Rica, Switzerland, and supported by Brazil, Canada, Chile, the Czech Republic, Germany,  Japan, the Republic of Korea, and Singapore).

The Programme of Action received support as a continuous initiative to discuss norms, rules, and principles at Session 5. The EU, Guatemala, Fiji, and Ireland see the Programme of Action as a general platform for exchanging views on the responsible behaviour of states in cyberspace.

Most states recognised the value of voluntarily sharing national positions on how international law applies to the use of ICT by states. It serves as a critical confidence-building measure that decreases the risks of misperception and misunderstanding among states and as a contribution to capacity building for states to develop their own understanding of how international law applies.

According to Fiji, France, Singapore, Switzerland, and the USA, the OEWG should consider publishing an updated compendium of national positions as stated in the 2021 GGE Report.

In this session, the UNIDIR Cyber Policy Portal, as a repository of national positions, was supported by Canada, Colombia, Estonia, Fiji, France, Ghana, Ireland, Japan, Kenya, Malawi,  the Republic of Korea, Singapore, the UK, the USA, and Germany.

Kenya proposed the formation of a special working group to facilitate the submission and collection of respective national positions with member state-led periodic assemblies to consider best practices and share lessons learned. The proposal was supported by Canada.

India recommended the compilation of a matrix showing areas of convergence and divergence in national positions, which was supported by Germany and Egypt

Other means of voluntarily sharing national positions mentioned were non-papers of states and non-state stakeholders and the Tallinn Manual. With regards to legal capacity building, the work of the Global Forum on Cyber Expertise and the ICRC, among others, were highlighted.