UN OEWG and GGE

This page provides detailed and real-time coverage on cybersecurity and peace and security negotiations at the United Nations.

The use of cyberattacks by states – and, more generally, the behaviour of states in cyberspace in relation to maintaining international peace and security – is moving to the top of the international agenda.

Historically, as you can consult further down, the basis for cybersecurity at the UN was laid by the work of the United Nations Group of Governmental Experts (UN GGE) between 2004 and 2021.

The current process: The focus is on the work of the UN Open-Ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. The OEWG started its second mandate (2021–2025) with the organisational session held in June 2021. After the substantive session of the OEWG held in December 2021, the main open issue is the modus of participation of non-state stakeholders in the OEWG process.

The most recent updates:

The second substantive session of the OEWG 2021-2025 was held from 28 March-1 April 2022, in-person in New York (with a webcast through UN WebTV). Using an informal mode, the group discussed substantive issues under its mandate: the existing and potential threats in the ICT sphere and data security; rules, norms, and principles of responsible behaviour of states in cyberspace; how international law applies to the use of ICTs by states; confidence-building measures; and capacity building. Read our expert analysis of the discussions.
On 22 April 2022, the OEWG reached agreement through a silent procedure to apply the modalities for the participation of stakeholders as proposed by the Chair 20 April. The modalities will be read out for formal record at the third substantive session. According to modalities, NGOs both with and without consultative status with ECOSOC should inform the OEWG Secretariat of their interest to participate as observers in the formal sessions; make oral statements during a dedicated stakeholder session, and submit written inputs to be posted on the webpage of the OEWG. However, states can object to the participation of NGOs without consultative status with ECOSOC.

The next steps: The OEWG 2021-2025 will hold its third substantive session 25-29 July 2022. Ahead of the session, an informal consultative meeting with interested stakeholders will be held 21 July 2022. The Chair has prepared a Zero-Draft of the annual progress report, which states will discuss at the third substantive session. The session’s agenda includes two rounds of discussions on the report, as well as a dedicated stakeholder session on capacity building and implementation of the concrete, action-oriented proposals contained in the draft report.

The current process

In December 2020, the OEWG was renewed for 2021-2025 (A/RES/75/240).

Timeline

The group started its work 1 June 2021, with an organisational session. Its first substantive session was scheduled for December 2021, followed by the second substantive session 28 March-1April 2022, 2020, and the third substantive session 25-29 July 2022.

Participation

The composition is declared as open, allowing all UN member states that express a desire to participate. In addition, the first OEWG held consultative meetings with the interested parties - business, non-governmental organisations, and academia. Applications were managed by UNODA and approved on a 'no objection' basis (i.e. objections by the governments). It remains to be seen how stakeholders will be included in the discussions of the second OEWG.

Ambassador Burhan Gafoor of Singapore was elected, by acclamation, as the Chair of the second OEWG.

Our reports

A team of GIP rapporteurs followed the discussions at the OEWG and produced detailed reports from:

Framework of responsible behaviour (the acquis)

The term ‘acquis’ (a reference to the EU’s body of laws) which popped up in recent cyber negotiations, refers to the body of existing agreements. While it has quickly been adopted for informal discussions, there is still no clear understanding of everything it encompasses.

It does encompass:

All reports were adopted by respective resolutions of the UNGA by consensus of all states.

Additionally, other resolutions, such as those that established the GGEs and OEWGs on cybersecurity, also play a role, as states refer to some of them throughout negotiations. This particularly refers to the UNGA resolutions that established the OEWG in 2018 and 2020, since they do not entirely match GGE's reports, but rather reflect on other issues such as propaganda, and have procedural implications.

The timeline below shows when the aforementioned documents were adopted and what their most important points were.

Top

Open issues

Despite long-running discussions and several consensus reports, there are a number of issues that remain open. The map below shows which stances actors have taken when it comes to these issues.

Top

Possible future processes

Co-proposed by 40 states, a Programme of Action (PoA) for advancing responsible state behaviour in cyberspace, would end ‘dual track discussions’ - namely the GGE and the OEWG - and establish ‘a permanent UN forum to consider the use of ICTs by States in the context of international security’. The proposal suggests the PoA to be in a single, long-term, inclusive, and progress oriented format; whose modalities could be discussed by the ongoing GGE and OEWG, while the implementation and follow-up measures could be subsequently endorsed by the UN GA.

According to the proposal, the PoA could ‘create a framework and a political commitment’ based on the existing international framework, i.e., recommendations, norms, and principles already agreed (referred to as acquis); in particular in the 2015 UN GGE report which was adopted by UN General Assembly Resolution 70/237.

The PoA would have regular annual working level meetings, focused on the implementation of the existing framework. A possible national survey of implementation of the UN GA Resolution 70/237, proposed within the current OEWG discussions, could be used as a basis. The PoA would step up cooperation and capacity building, and organise consultations with other stakeholders, regional organisations, and UN institutions, as well as relevant multistakeholder initiatives.

Regular, consensus driven review conferences would take place every five years, at which states may consider if additional norms should be developed.

Top

Past processes: GGE and OEWG 2019-2021

The Open-Ended Working Group (OEWG)

The OEWG 2019/2020 was established by the UN General Assembly in December 2018 (A/RES/73/27). It was tasked to continue to develop the rules, norms, and principles of responsible behaviour of states, discuss ways for their implementation, and study the possibility of establishing regular institutional dialogue with broad participation under the auspices of the UN. In March 2021, the OEWG 2019/2020 concluded with its third and final substantive session, in which the group adopted its final report, Chair's summary, and an updated procedural report.

In December 2020, the OEWG was renewed for the term 2021-2025 (A/RES/75/240).

The official page of the OEWG 2021-2025 can be accessed here. The archive page of the OEWG 2019/20 can be found here.

Timeline

The OEWG 2019/20 started its work on 3-4 June 2019, with an organisational meeting that gathered representatives of almost 100 member states. Its first substantive session was scheduled for 9-13 September 2019. It was followed by the intersessional consultative meeting on 2-4 December 2019, a second substantive session 10-14 February 2020, and the final substantive session 8-12 March 2021.

Participation

Ambassador Jürg Lauber of Switzerland was elected as the Chair of the first OEWG.

Our reports

A team of GIP rapporteurs followed the discussions at the OEWG and produced detailed reports from:

The OEWG 2019/20:

the first substantive session,
the multistakeholder informal consultation,
the second substantive session,
and the third and final substantive session.

The UN Group of Governmental Experts (GGE)

The UN Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace in the context of international security (formerly: on Developments in the Field of Information and Telecommunications in the Context of International Security) has been convening since 2004.

In 2004, the UN General Assembly (UN GA) established the Group of Governmental Experts (GGE) to examine the impact of developments in ICT on national security and military affairs. Six GGEs have been convened – in 2004/2005 (A/RES/58/32), 2009/2010 (A/RES/60/45), 2012/2013 (A/RES/66/24), 2014/2015 (A/RES/68/243), 2016/2017 (A/RES/70/237), and 2019/2021 (A/RES/73/266).

Four of the GGEs concluded their work by adopting a consensus report: GGE 2010, GGE 2013, GGE 2015, and GGE 2021. The UN GGE can be credited with two major achievements outlining the global agenda and introducing the principle that international law applies to digital space.

The official webpage of the GGE can be accessed here.

Selection and composition

The UN GGE is composed 'on the basis of equitable geographical distribution'. Traditionally, the five permanent members of the Security Council have a seat on all GGEs, and the remaining seats are allocated by grouping. Upon the call for expression of interests, States send an official request for a seat on a GGE of particular interest to them, and might even lobby at the highest levels of the Secretariat for a place at the table.

The Office of the High Representative for Disarmament Affairs has the task of proposing the Group’s composition to the Secretary-General who decides, taking into account not only geographical and political balance, but a demonstrated interest in the topic, the number of times a country has served on other GGEs, whether they are currently serving on a different GGE, etc. Occasionally a government might decline to participate in a GGE if it believes it lacks the personnel or expertise necessary for the work.

Once the countries have been identified and notified, they are asked to nominate an expert to participate in the GGE. In almost all cases, these experts are government officials. Early GGEs included a mix of experts on information security, some with diplomatic backgrounds and others with a more technical background. Over time, the composition of the experts changed, as countries chose to select experts with arms control, or non-proliferation experience. Experts' technical backgrounds can be 'left behind' in the sometimes intense diplomatic negotiations that accompany a GGE.

Each GGE selects a Chair from among its members. A strong and skillful Chair is vital to the success of the group. The Russian Federation chaired in 2005 and 2010, Australia in 2013, Brazil in 2015, and Germany in 2016. Brazil chaired the 2019-2021 Group. While it is the experts who sit at the table (there are no 'delegations'), some experts are accompanied by advisers. In the recent GGEs, legal advisers have been particularly common.

Procedures

The Group, guided by the Chair and shaped by the mandate included in the General Assembly resolution, largely determines its own agenda and work plan. The work, particularly commenting on drafts and informal consultations is often conducted.

Most GGEs meet for four one-week sessions. The Group holds its meetings in the UN format, sitting for six hours a day (from 10 a.m. 1 p.m., and then again from 3 p.m. 6 p.m.), with simultaneous interpretation in all six official languages of the UN. The GGEs' meetings are closed and there are no publicly available meeting summaries. The closed-door format is considered essential for the frank discussions to enable GGEs to find agreement. Thus, there are also no observers - whether representatives from other governments, non-governmental organisations, the private sector or international organisations.

On more than one occasion it has been suggested that the International Telecommunications Union (ITU), the UN specialised agency responsible for developing technical standards for ICTs, may be invited to observe the group. However, the General Assembly mandates the work of the GGEs squarely in the realm of international security and disarmament, and thus not as a technical exercise.

The UN Office for Disarmament Affairs (UNODA) serves as the Secretariat to the cyber GGEs.

Decision-making

Decisions, including decisions on the final report, are made by consensus.

Relations with other UN bodies and processes

The fact that the GGE falls under the UN First Committee has important implications for how the Group interprets its mandate, by focusing and narrowing the scope of the task. The First Committee is the Main Committee of the General Assembly and is allocated agenda items on disarmament and international security.

After multiple discussions, GGEs decided that the issues not under the purview of the First Committee - such as espionage, Internet governance, development and digital privacy - are not the focus of the Group’s work. While terrorism and crime are important topics for understanding, previous GGEs have limited themselves to calling for greater co-operation among states. They also decided that detailed discussion of these topics and the development of recommendations for them is best done in other UN bodies.

In 2019-2021, UNODA is mandated to organise a series of consultations with regional organisations, in particular the African Union, the EU, the OAS, the OSCE and the ASEAN Regional Forum. The consultations take place back-to-back with relevant meetings of the regional organisations, with participation by some GGE Members and, where possible, the Chair. Summary reports of these consultations are then sent to the GGE.

Source: UNIDIR's Report on the International Security Cyber Issues Workshop Series

GGE vs OEWG

In 2018, the UNGA adopted two resolutions (one sponsored by the USA (A/RES/73/266), the other by Russia (A/RES/73/27)) which set up the continuation of the GGE in 2019–21 and the UN OEWG. During 2019-2021, the GGE and the OEWG worked in parallel in somewhat different settings. Considerable cooperation between the chairs of the two groups was established, and many countries played an active and constructive role in both.

(Click on the infographic below, or here, for a voice-reader accessible .pdf version.)

Top

Our projects

	Online courses Cybersecurity policy and international affairs Cybersecurity Diplomacy online course
	Cyber diplomacy web discussions: Cyber diplomacy web discussion: Norms and confidence building measures (CBMs): Are we there yet? Traceability and attribution of cyberattacks: Who did it? Applicability of international law to cyberspace: Do we know the rules of the road? Cyber armament: A heavy impact on peace, economic development, and human rights
	Geneva Dialogue on Responsible Behaviour webinars What is responsible behaviour in cyberspace? What is the role of the private sector towards a peaceful cyberspace? What is the role of civil society and communities towards a peaceful cyberspace? Geneva Dialogue on Responsible Behaviour outputs Output document Report ‘Security of digital products and international standards’
	Study: Towards a secure cyberspace via regional cooperation

Top