UN GGE and OEWG

The United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (GGE) is a UN-mandated working group in the field of information security. Six working groups have been established since 2004, including the GGE 2019-2021. The UN GGE can be credited with two major achievements outlining the global agenda and introducing the principle that international law applies to the digital space.

In 2018, another UN-mandated working group – the Open-Ended Working Group (OEWG) – was established in parallel with the GGE, involving 'all interested states'.

This page contains all the information you need about the GGE and OEWG, including the latest developments.

At a glance: GGE vs OEWG

Top

In context: The state of offensive cyber-capabilities

Episodes of cyber warfare between states already exist. What is worse is that there is no regulatory scheme for that type of warfare, it is not clear how the Geneva Convention or international humanitarian law applies to it.

UN Secretary-General Antonio Guterres, 2018

There is evidence from official documents and media coverage that countries are increasingly investing in defensive as well as offensive cyber-capabilities.

Top

The UN Group of Governmental Experts (GGE)

In 2004, the UN General Assembly has established the Group of Governmental Experts (GGE) to examine the impact of developments in ICT on national security and military affairs. Six GGEs have been convened – in 2004/2005 (A/RES/58/32), 2009/2010 (A/RES/60/45), 2012/2013 (A/RES/66/24), 2014/2015 (A/RES/68/243), 2016/2017 (A/RES/70/237), and 2019/2021 (A/RES/73/266). In addition, the UN General Assembly has also established the Open-Ended Working Group for 2019/2020 (A/RES/73/27).

Members

GGE members in 2019-2021 are Australia, Brazil, China, Estonia, France, Germany, India, Indonesia, Japan, Jordan, Kazakhstan, Kenya, Mauritius, Mexico, Morocco, Netherlands, Norway, Romania, Russian Federation, Singapore, South Africa, Switzerland, United Kingdom, United States, and Uruguay. Ambassador Guilherme de Aguiar Patriota of Brazil was elected as the Chair of the GGE. The map of GGE members from 2004 onward is below.

Selection and Composition

The UN GGE is composed 'on the basis of equitable geographical distribution'. Traditionally, the five permanent members of the Security Council have a seat on all GGEs, and the remaining seats are allocated by grouping. Upon the call for expression of interests, States send an official request for a seat on a GGE of particular interest to them, and might even lobby at the highest levels of the Secretariat for a place at the table.

The Office of the High Representative for Disarmament Affairs has the task of proposing the Group’s composition to the Secretary-General who decides, taking into account not only geographical and political balance, but a demonstrated interest in the topic, the number of times a country has served on other GGEs, whether they are currently serving on a different GGE, etc. Occasionally a government might decline to participate in a GGE if it believes it lacks the personnel or expertise necessary for the work.

Once the countries have been identified and notified, they are asked to nominate an expert to participate in the GGE. In almost all cases, these experts are government officials. Early GGEs included a mix of experts on information security, some with diplomatic backgrounds and others with a more technical background. Over time, the composition of the experts changed, as countries chose to select experts with, arms control, or non-proliferation experience. Experts technical backgrounds can be 'left behind' in the sometimes intense diplomatic negotiations that accompany a GGE.

Each GGE selects a Chair from among its members. A strong and skillful Chair is vital to the success of the group. The Russian Federation chaired in 2005 and 2010, Australia in 2013, Brazil in 2015, and Germany in 2016. Brazil chairs the 2019-2021 Group. While it is the experts who sit at the table (there are no 'delegations'), some experts are accompanied by advisers. In the recent GGEs, legal advisers have been particularly common.

Procedures

The Group, guided by the Chair and shaped by the mandate included in the General Assembly resolution, largely determines its own agenda and work plan. The work, particularly commenting on drafts and informal consultations is often conducted.

Most GGEs meet for four one-week sessions. The Group holds its meetings in the UN format, sitting for six hours a day (from 10 a.m. 1 p.m., and then again from 3 p.m. 6 p.m.), with simultaneous interpretation in all six official languages of the UN. The GGEs' meetings are closed and there are no publicly available meeting summaries. The closed-door format is considered essential for the frank discussions to enable GGEs to find agreement. Thus, there are also no observers - whether representatives from other governments, non-governmental organisations, the private sector or international organisations.

On more than one occasion it has been suggested that the International Telecommunications Union (ITU), the UN specialised agency responsible for developing technical standards for ICTs, may be invited to observe the group. However, the General Assembly mandates the work of the GGEs squarely in the realm of international security and disarmament, and thus not as a technical exercise.

The UN Office for Disarmament Affairs serves as the Secretariat to the cyber GGEs.

Decision-making

Decisions, including decisions on the final Report, are made by consensus.

Relations with other UN bodies and processes

The fact that the GGE falls under the UN First Committee has important implications for how the Group interprets its mandate, by focusing and narrowing the scope of the task. The First Committee is the Main Committee of the General Assembly and is allocated agenda items on disarmament and international security.

After multiple discussions, GGEs have decided that the issues not under the purview of the First Committee - such as espionage, Internet governance, development and digital privacy - are not the focus of the Group’s work. While terrorism and crime are important topics for understanding, previous GGEs have limited themselves to calling for greater co-operation among states, while deciding that detailed discussion of these topics and the development of recommendations for them is best done other UN bodies.

In 2019-2021, UNODA is mandated to organise series of consultations with Regional Organisations, in particular the African Union, the EU, the OAS, the OSCE and the ASEAN Regional Forum. The consultations take place back-to-back with relevant meetings of the Regional Organisations, with participation by some GGE Members and, where possible, the Chair. Summary reports of these consultations are then sent to the GGE.

Source: UNIDIR's Report on the International Security Cyber Issues Workshop Series

Top

The Open-Ended Working Group (OEWG)

The OEWG was established by the UN General Assembly in December 2018 (A/RES/73/27). It is tasked to continue to develop the rules, norms, and principles of responsible behaviour of states, discuss ways for their implementation, and to study the possibility of establishing regular institutional dialogue with broad participation under the auspices of the UN.

Participation

The composition is declared as open, allowing all UN member states that express a desire to participate. In addition, OEWG will hold consultative meetings with the interested parties - business, non-governmental organisations and academia - which can apply to attend the meetings (deadline for application to attend intersessional and 2020 meetings is 1 October 2019); application is managed by UNODA and approved on a 'no objection' basis (i.e. Objections by the governments). Ambassador Jürg Lauber of Switzerland was selected as the Chair of the OEWG.

Agenda

According to paragraph 5 of the GA Resolution A/RES/73/27, there are six substantive issues for discussion:

Existing and potential threats;
International Law;
Rules, norms and principles;
Regular institutional dialogue;
Confidence building measures;
Capacity building.

The OEWG will work according to the preliminary agenda, to develop its report on a consensual basis.

Timeline

The OEWG started its work 3-4 June 2019, with an organisational meeting that gathered representatives of almost 100 member states. Its first substantive session was scheduled for 9-13 September 2019, followed by the intersessional consultative meeting 2-4 December 2019, second substantive session 10-14 February 2020, and the final substantive session 6-10 July 2020. It should report to the 75th session of the UN General Assembly, 15-30 September 2020.

Top

Controversial issues

How does one deal with issues that do not fall within the UN GGE's mandate but have an impact on the UN GGE's work related to work on Internet infrastructure, content management, freedom of expression, privacy protection, digital economy
What qualifies a cyber-attack as 'use of force' and/or 'armed attack'
Should the protection of critical Internet infrastructure (for example, the DNS system) be part of the discussions
Whether it is sufficient to apply the existing norms of international law or there is a need to adopt new norms
Whether cyberspace is a unique domain in international affairs
How to apply state responsibility in the digital
How the responsibility of states should be in regard to acts of non-state actors against the cyber infrastructure of other states
Whether discussions should focus on disarmament and the of cyberspace or a more precise use of the Law of Armed Conflict
How to the norm of not attacking critical infrastructure in peacetime
Whether the digital critical infrastructure is a global public good
How to ensure wider involvement in the UN GGE's work beyond limited membership (in particular how to involve developing )
How to deal with the challenge of technical, legal, and policy attribution for cyber-attacks
How to deal with the dual-use nature of cyber technology
How to ensure effective communication with technical, business, and civil society communities.

Instruments

UN GGE Report 2010 (Res. A/65/201)

Report of the UN GGE 2009/2010, which includes recommendations for:

Further dialogue among States to reduce the risk and protect critical national and international infrastructure
Confidence-building, stability and risk reduction measures
Information exchanges on national legislation and strategies, and capacity-building measures
The elaboration of common terms and definitions related to information security
Capacity-building in less developed countries

UN GGE Report 2013 (A/68/98*)

Report of the UN GGE 2012/2013, which includes:

Recognition that international law, and in particular the UN Charter, applies to digital space
Norms, rules, and principles on the responsible behaviour of States
Reference that state sovereignty applies to the digital field
The principle that states must meet their international obligations regarding internationally wrongful acts in cyberspace attributable to them

UN GGE Report 2015 (A/70/174)

Report of the UN GGE 2015, which includes:

Principles of State sovereignty, the settlement of disputes by peaceful means, and non-intervention in the internal affairs of other States, applies to cyberspace.
Recognition that states must comply with their obligations under international law to respect and protect human rights and fundamental freedoms.
Agreement that UN should play a leading role in developing common understandings on the application of international law and norms, rules and principles for responsible State behaviour
Other norms, rules, and principles on the responsible behaviour of States
Confidence-building measures
Invitation for international cooperation and assistance in ICT security and capacity-building

UN GA Resolution on establishment of OEWG (A/RES/73/27)

Besides setting up the open-ended working group (OEWG), the Resolution also explicitly welcomes only a chosen set of norms enshrined in the GGE Reports of 2013 and 2015, and lists them using own wording which is not always consistent with the wording the two reports.

UN GA Resolution on establishment of GEE in 2019 (A/RES/73/266)

The UN General Assembly (UNGA) considered the budget implications for the new group of governmental experts (GGE) reflected in the document A/73/678. By a recorded vote the assembly adopted the resolution A/RES/73/266 named ‘Advancing responsible state behaviour in cyberspace in the context of international security’. Thus, this group will be the second that will continue to study possible co-operative measures to address information security threats. The group will be established in 2019 on the basis of equitable geographical distribution, and it submit a report on the results of its study to the General Assembly at its seventy-sixth session. The resolution also requests that the UN Office for Disarmament Office (UNODA) to convene a series of consultations with Regional Organisations on behalf of the GGE members, and requests that the GGE Chair organises two open-ended informal consultative meetings for all interested member states.

GIP Digital Watch is operated by