UN OEWG

This page provides detailed and real-time coverage on cybersecurity and peace and security negotiations at the UN.

The use of cyberattacks by states – and, more generally, the behaviour of states in cyberspace about maintaining international peace and security – is moving to the top of the international agenda.

The UN plays a crucial role in global cybersecurity negotiations, with the issue of information security being on the UN agenda since 1998 when the Russian Federation introduced a draft resolution on the subject in the First Committee of the UN General Assembly.

The First Committee addresses issues related to disarmament, nonproliferation, arms control, and international security, recommending resolutions and decisions for adoption by the UNGA plenary session. This page provides comprehensive coverage of ongoing and past First Committee processes related to cybersecurity, peace, and security at the UN, including the Groups of Governmental Experts (GGEs) and the Open-ended Working Group (OEWG).

Currently, the focus is on the work of the UN Open-Ended Working Group (OEWG) on the security of and in the use of information and communications technologies in 2021–2025.

Recent achievements: In July 2024, delegations reached a compromise on the third Annual Progress Report at its eighth substantive session on 8-12 July 2024 in New York.

Next steps: The OEWG will meet for its ninth substantive session on 2-6 December 2024.

To learn more about the risks of cyber conflict, global negotiations on cyber norms and the framework of responsible behaviour, and cyber diplomacy, enrol on our Cybersecurity Diplomacy online course.

The current process - OEWG 2021-2025

The Open-ended Working Group (OEWG) on security of and in the use of information and communications technologies was established in 2021 by UNGA resolution UN A/RES/75/240). Its mandate lasts until July 2025. The composition is declared as open, allowing all UN member states that express a desire to participate. The group is mandated to:

further develop the rules, norms and principles of responsible behaviour of States and the ways for their implementation and, if necessary, to introduce changes to them or elaborate
additional rules of behaviour;
to consider initiatives of States aimed at ensuring
security in the use of information and communications technologies;
to establish, under the auspices of the United Nations, regular institutional dialogue with the broad
participation of states;
to continue to study, with a view to promoting common understandings, existing and potential threats in the sphere of information security, inter alia, data security, and possible cooperative measures to prevent and counter such threats,
how international law applies to the use of ICTs by States, as well as confidence-building measures and capacity-building.

The OEWG started its mandate with the organisational session held in June 2021.

After the first three substantive sessions held in December 2021, April and July 2022, the main stumbling stone was the participation of non-state stakeholders in the OEWG process. Despite tensions due to the war in Ukraine, some progress in confidence-building measures and capacity building was made. However, states disagree if existing international law applies to ICTs and whether new norms are needed. Discussions on the applicability of international law on ICTs and on norms of responsible behaviour have not advanced.

In July 2022, delegations adopted stakeholder modalities, agreed to establish a Points of Contact (POC) directory, and reached a compromise on the group's first Annual Progress Report. Annual Progress Reports serve as a roadmap for further negotiations.

In 2023, discussions on the applicability of international law on ICTs and on norms of responsible behaviour have not advanced. However, the work on the operalisation of the POC Directory started. In July of 2023, delegations reached a compromise on the second Annual Progress Report.

In 2024, delegations remained divided on the applicability of international law on ICTs and on norms of responsible behaviour. But two major successes were achieved: The POC Directory was officially launched in May 2024, and the delegations agreed on the basic elements of the mechanism that will follow the OEWG.

Drawing shows standing observers studying a bar chart on the wall. The chart shows the relationship of threats, norms, international law, confidence-building measures, capacity building and regular institutional dialogue from 2019 through 2024 with a red bar. A UN logo is shown on the wall to the left of the chart.

Our reports and analyses

A team of GIP rapporteurs followed the discussions at the OEWG and produced detailed reports and analyses from:

the organisational session,
the first substantive session,
the second substantive session,
the third substantive session,
the informal intersessional consultations on confidence-building measures (CBMs),
the fourth substantive session,
the informal intersessional consultation on capacity building,
the fifth substantive session
the sixth substantive session
the seventh substantive session
the Global roundtable on ICT security capacity-building

Top

The future process

Co-proposed by 40 states, a Programme of Action (PoA) for advancing responsible state behaviour in cyberspace would establish ‘a permanent UN forum to consider the use of ICTs by States in the context of international security’. The proposal suggests the PoA to be in a single, long-term, inclusive, and progress oriented format; its implementation and follow-up measures could be subsequently endorsed by the UN GA.

In November 2022, the First Committee of the UNGA adopted resolution A/RES/78/16 on the programme of action (PoA) on cybersecurity. This means the UNGA welcomed the proposal for a PoA as a permanent, inclusive, action-oriented mechanism. It will:

discuss existing and potential threats;
support States’ capacities and efforts to implement and advance commitments guided by the framework for responsible State behaviour, and discuss, and further develop, if appropriate, this framework;
promote engagement and cooperation with relevant stakeholders;
periodically review the progress made in the implementation of the PoA as well as the PoA’s future work.

The resolution also requests that the Secretary-General seek the views of UN member states on the scope, structure and content for the PoA, and the preparatory work and modalities for
its establishment, including at an international conference.

It was adopted by a recorded vote of 157 in favour to 6 against (China, Democratic People’s Republic of Korea, Iran, Nicaragua, Russian Federation, Syria), with 14 abstentions.

States continued to discuss the scope, structure and content of the future process during 2023 and 2024, with a significant breakthrough in June and July 2024, when the Chair published elements for the establishment of an open-ended action-oriented permanent mechanism on ICT security, building upon the resolution A/RES/78/16 on the PoA.

During negotiations in July 2024, delegations agreed on the elements for the future mechanism, enshrined in Annex C of the third APR.

It was decided that the mechanism would strengthen ICT security capacity for all states; implement and further develop the existing framework for responsible state behaviour in ICT use; address existing and potential threats; address voluntary norms, while recognising that additional norms could be developed over time; study international law’s application to ICTs and identify any potential gaps in its application, and consider new legally binding obligations if appropriate; and develop and implement confidence-building measures and capacity-building initiatives.

The structure of the mechanism was also under heavy discussion. One substantive plenary session, at least a week-long, will be held annually to discuss key topics and consider thematic group recommendations. States decided that thematic groups within the mechanism would be established to allow for deeper discussions.

The chair may convene intersessional meetings for additional issue-specific discussions. A Review Conference every five years will monitor the mechanism’s effectiveness, provide strategic direction, and decide on any modifications by consensus.

Another tricky question was the modalities of stakeholder engagement with the mechanism. The future mechanism will be a First Committee process and, therefore, a state-led process. However, there is room - and need - for stakeholder participation. Some states consider the ad-hoc committee on cybercrime modalities for stakeholder engagement to be the gold standard, where stakeholders attend any open formal sessions of the ad hoc committee, make oral statements, time permitting, after member states’ discussions, and submit written statements. Other countries caution that the OEWG’s own much-discussed modalities should be applied because they are the hard-won result of delicate compromise. This issue was ultimately deferred to the group’s next meeting.

Top

Framework of responsible behaviour

The framework of responsible behaviour of states in cyberspace refers to the body of existing agreements. This framework is sometimes also called ‘acquis’, a term borrowed from the EU for the body of common rights and obligations that is binding on all the EU member states. While it has quickly been adopted for informal discussions, there is still no clear understanding of everything it encompasses.

It does encompass:

All reports were adopted by respective resolutions of the UNGA by consensus of all states.

Additionally, other resolutions, such as those that established the GGEs and OEWGs on cybersecurity, also play a role, as states refer to some of them throughout negotiations. This particularly refers to the UNGA resolutions that established the OEWG in 2018 and 2020, since they do not entirely match GGE's reports, but rather reflect on other issues such as propaganda, and have procedural implications.

The timeline below shows when the aforementioned documents were adopted and what their most important points were.

Most recently, the APRs of the OEWG 2021-2025 note that the framework of responsible State behaviour in the use of ICTs includes voluntary norms, international law, and confidence-building measures (CBMs). However, delegations, including the USA, Israel, Thailand, and Iran, contend that voluntary norms and CBMs cannot be classified as obligations. They argued that, by definition, voluntary norms are not obligatory and that CBMs, within the context of this OEWG, are also voluntary. These delegations emphasised that states cannot be held accountable for obligations arising from non-binding agreements. However, the language remains in the APRs,

Top

Open issues

Despite long-running discussions and several consensus reports, there are a number of issues that remain open.

Does existing international law apply to cyberspace?

There is a broad consensus that international law applies to cyberspace – this includes the UN Charter as expressed in UN GGE reports, reaffirmed by the final OEWG report and the related UN General Assembly (GA) resolutions. More specifically, there is a general agreement that the states have jurisdiction over information and communications technology (ICT) within their territory, and that states should not conduct internationally wrongful acts nor use proxies for such acts.

How does the UN Charter apply to cyberspace?

There is broad agreement that the UN Charter in its entirety applies to cyberspace, which was confirmed by GGE reports and related UNGA resolutions, as well as by the final OEWG report. However, it gets much more complicated when we look at specific articles of the UN Charter and their interpretations.

How does state sovereignty translate into cyberspace?

One of the principles of the UN Charter is self-determination and the equality of states, reflected in Article 2. The 2021 GGE report and the 2021 OEWG report state that sovereignty applies to ICTs, and that states have jurisdiction over ICTs within their territory. There is a consensus that states have an obligation to respect the sovereignty of other states and to refrain from activities that constitute a violation of other states’ sovereignty, including cyber operations that would violate the sovereignty of another country. The question remains as to what responsibilities (stemming from the principle of sovereignty and sovereign equality) are assumed by states. While some states refer to the right of executing jurisdictional authority within the territorial borders of their country (principle of non-interference), others also attach a responsibility of not allowing other actors to use the territory of any given state to conduct malicious cyber activities (i.e. the principle of due diligence as described later). States also struggle with the global reach of cyber activities that do not fit into the traditional definition of sovereignty (i.e. protecting state authority over property and persons within territorial borders). For example, cyberattacks that target extraterritorial data storage (i.e. assert sovereign power over data) often include proxy servers or other tools that render the attackers untraceable (i.e. mask their geographical origin). This can make it extremely difficult to determine whether they involved a cross-border operation that would violate a state’s sovereignty

Non-interference principle: coercion, use of force, or armed attack?

The non-interference principle, derived from the principle of sovereignty, prohibits interference in the internal or external affairs of another state with the intent to employ coercion against that state. Existing and emerging technologies provide states with more opportunities to influence and interfere in the internal or external affairs of other states. In the context of cyberspace, a question arises: When are cyber operations considered coercion, use of force, or an armed attack given that no weapons in the usual (physical, kinetic) sense are used? Most states at the OEWG assess cyberattacks on an individual basis, after considering their effects and whether they are comparable to those of a conventional and prohibited act of violence. One open issue includes defining the thresholds of interference, i.e. at what point can a targeted state respond or have the right to defend itself. The precise boundaries between coercion, the use of force, and an armed attack have not yet been set. The two main points in this regard are the interpretation of Art. 2 (4) of the UN Charter and Art. 51 of the UN Charter. Coercion as economic, diplomatic, or political pressure is not defined under Art. 2 (4) of the UN Charter. In certain cases, however, when evaluated through its effects, it cannot be ruled out that a cyber operation with serious financial or economic impacts may qualify as the use of force. When interpreting the use of force, as described in Art. 2(4) of the UN Charter, international law does not provide a clear definition. Each case is examined individually to establish whether the ‘scale and effects’ are such that an operation may be deemed a violation of the prohibition of the use of force. That being said, the prohibition of the use of force is acknowledged by states at the OEWG and its implementation is a priority at the OEWG discussions. The majority of states at the OEWG also agree that an armed attack does not necessarily have to be carried out by kinetic means to trigger a state’s right to self-defense.

(How) Does the right to self-defence, enshrined in the UN Charter (Art. 51), apply to cyberattacks?

The UN Charter, as the basis of jus ad bellum, grants in Art. 51 the right to invoke individual or collective self-defence if an armed attack occurs against a member state. Yet, what exactly constitutes an internationally wrongful act, a use of force, or an armed attack in cyberspace? What is the threshold of an armed attack? Is it limited to attacks that cause physical damage and injury, or would other effects (financial, environmental, economic, or political) of a cyberattack also count? Should this determination remain the sole responsibility of states – perhaps by considering certain factors such as context, intent, or the severity of effects, as suggested in the Tallinn Manual 2.0? The major stumbling block, however, is the right to self-defence. In particular, should countries that are subject to a cyberattack be allowed to respond by any means, including all-out military options associated with traditional means of warfare? This question was one of the main reasons why the GGE failed to reach a consensus in 2017. The 2021 GGE report concludes that the ‘affected state’s response to malicious ICT activity attributable to another state should be in accordance with its obligations under the UN Charter and other international law, including those relating to the settlement of disputes by peaceful means and internationally wrongful acts.’ Positions on this issue are openly divergent: NATO has confirmed that Art. 5 of its Treaty allows response by any means (including conventional weapons) in the event of a cyberattack against one of its members. Russia finds that the traditional use of force is not a legitimate response to cyberattacks, at least not without the approval of the UN Security Council and in accordance with the UN Charter, which allows the accused party to defend itself before the Security Council. Russia further requests that the sources of cyberthreats are not identified by (attacked) states independently and arbitrarily, without evidence, particularly if this could lead to devastating counter-strikes. Some small states, like Cuba, believe that a cyberattack is not tantamount to an armed attack, and thus, the right to self-defence should not be used in such cases. An additional gray zone is the right to self-defence against armed attacks conducted by non-state actors or state proxies.

In what other ways can countries respond to cyberattacks?

While the right to self-defence may apply once the attack has occurred, what other options does a state have to respond to cyberattacks and deter counterparties from conducting such attacks? Also, should anticipatory self-defence (to deter imminent threats) or even preemptive strikes be considered? For instance, the USA and the EU consider the following actions to be acceptable: The USA believes in a ‘cyber deterrence menu’ of countermeasures that states can take when an attack occurs and to deter further attacks. It additionally supports accountability measures in relation to attackers: private and public attribution, sanctions, deterrence alliances, and even ‘defense forward’ (or preemptive) cyber strikes. The EU has adopted its cyber-diplomacy toolbox and sanction regime as official options to respond to and deter cyberattacks, as well as its Cybersecurity Strategy for the Digital Decade. EU member states have voiced their opinions in national capacities as well; for example, France believes anticipatory self-defence may be allowed, but not preemptive strikes. It also remains an open question whether states should have the duty to notify the state against which they plan to launch countermeasures.

How should attribution of cyberattacks be conducted?

Discussions often turn to the challenge of enforcing the agreed upon rules, be they binding ones, such as international law, or voluntary, such as norms and CBMs. One of the main challenges with holding states accountable for their operations is the complexity of attribution. As we saw in Module 1, an attack may include many layers of techniques that mask its origins. Even if one could provide technical evidence that connects an attack to a certain hacker group, it is a legal challenge to prove the connection between a particular state and a cyberattack. Therefore, rather than responding to a certain incident with evidence and dialogue, states are turning to campaign-like public attribution against other parties There is no agreed-upon methodology on how to establish attribution to cyberattacks. There are divergent views among experts over how reliable current technical means are for tracing the origins of attacks. Certain aspects of intelligence-gathering – such as conventional intelligence activities and cyberespionage for the collection of digital evidence – are understandably kept secret by parties working on attribution. In addition, the lack of transparency over evidence seen in the recent avalanche of mutual public accusations among states adds to the complexity. While the 2015 GGE report (Art. 28f), the resolution that established the OEWG (Art 1.2), and the final OEWG report confirm that the indication of the origin of the attack might not be enough for attribution and that accusations need to be substantiated, the official positions of the main actors are clearly divergent: The USA, its NATO allies, and some of the large internet industry players engage in collective attribution in the form of a joint public naming and shaming of the suspects. Russia sees such an approach as a pseudo-legal concept where a group of countries accuse a third country without disclosing evidence and demand evidence-based attribution. The 2021 UN GGE report also calls for caution in attribution, as it is a complex exercise and such caution can help avert misunderstandings and the escalation of tension between states.

Should due diligence be an obligation?

Due diligence is an obligation of states to prevent their territory from being used for the launch of cyberattacks against other states by state or non-state actors. The norms set in the 2015 GGE report, and reiterated in the OEWG resolution, as well as the 2021 GGE report request countries not to allow their territory to be used for internationally wrongful acts, and to mitigate cyberattacks against the critical infrastructure (CI) of other countries that originate in their territory. The final OEWG report went on to reaffirm the 2015 GGE norms. The 2021 GGE report added that the invocation of the responsibility of a state for an internationally wrongful act involves complex technical, legal, and political considerations. In practice, aside from the norms being voluntary, there may be a number of reasons why their implementation could be limited. For instance, states may only react to attacks, rather than try to prevent them, or they may claim they didn’t know about the attack at all. The EU and its partners believe that due diligence should be a binding obligation (both in cyberspace and beyond) following the International Court of Justice judgment in the Corfu case (1949), and warn that not adhering to it may result in countermeasures by the attacked country. Russia and its partners, on the other hand, oppose due diligence as an obligation in general, and only approve what has been agreed by the GGE.

Are new norms needed?

Are more norms needed at the moment? Or should the focus be placed on the implementation of existing ones? The 2015 GGE report, the resolution that established the OEWG, and the final OEWG report provide room for the development of additional norms over time. Some of the options raised by different parties – with evident divergence in their positions – include norm proposals by the Global Commission on the Stability of Cyberspace (GCSC) such as protecting the public core of the internet, preventing injury to civilians, mitigating the effects during incidents, and protecting electoral systems, as well as norms related to the effects of artificial intelligence (AI) on security, fake news, and disinformation, the protection of core internet infrastructure as public goods, and cybercrime issues, among others.

Top

Past processes: GGE and OEWG 2019-2021

The Open-Ended Working Group (OEWG) 2019/2020

The OEWG 2019/2020 was established by the UN General Assembly in December 2018 (A/RES/73/27).

It was tasked to continue to develop the rules, norms, and principles of responsible behaviour of states, discuss ways for their implementation, and study the possibility of establishing regular institutional dialogue with broad participation under the auspices of the UN. In March 2021, the OEWG 2019/2020 concluded with its third and final substantive session, in which the group adopted its final report, Chair's summary, and an updated procedural report.

The archive page of the OEWG 2019/20 can be found here.

Timeline

The OEWG 2019/20 started its work on 3-4 June 2019, with an organisational meeting that gathered representatives of almost 100 member states. Its first substantive session was scheduled for 9-13 September 2019. It was followed by the intersessional consultative meeting on 2-4 December 2019, a second substantive session 10-14 February 2020, and the final substantive session 8-12 March 2021.

Participation

The composition is declared as open, allowing all UN member states that express a desire to participate. In addition, the first OEWG held consultative meetings with the interested parties – business, non-governmental organisations, and academia. Applications were managed by UNODA and approved on a ‘no objection’ basis (i.e. objections by the governments). It remains to be seen how stakeholders will be included in the discussions of the second OEWG.

Ambassador Jürg Lauber of Switzerland was elected as the Chair of the first OEWG.

Our reports

A team of GIP rapporteurs followed the discussions at the OEWG and produced detailed reports from:

The OEWG 2019/20:

the first substantive session,
the multistakeholder informal consultation,
the second substantive session,
and the third and final substantive session.

Show less

The UN Group of Governmental Experts (GGE)

The UN Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace in the context of international security (formerly: on Developments in the Field of Information and Telecommunications in the Context of International Security) have convened from 2004 until 2021.

In 2004, the UN General Assembly (UN GA) established the Group of Governmental Experts (GGE) to examine the impact of developments in ICT on national security and military affairs. Six GGEs have been convened – in 2004/2005 (A/RES/58/32), 2009/2010 (A/RES/60/45), 2012/2013 (A/RES/66/24), 2014/2015 (A/RES/68/243), 2016/2017 (A/RES/70/237), and 2019/2021 (A/RES/73/266).

Four of the GGEs concluded their work by adopting a consensus report: GGE 2010, GGE 2013, GGE 2015, and GGE 2021. The UN GGE can be credited with two major achievements outlining the global agenda and introducing the principle that international law applies to digital space.

The official webpage of the GGE can be accessed here.

Selection and composition

The UN GGE is composed ‘on the basis of equitable geographical distribution’. Traditionally, the five permanent members of the Security Council have a seat on all GGEs, and the remaining seats are allocated by grouping. Upon the call for expression of interests, States send an official request for a seat on a GGE of particular interest to them, and might even lobby at the highest levels of the Secretariat for a place at the table.

The Office of the High Representative for Disarmament Affairs has the task of proposing the Group’s composition to the Secretary-General who decides, taking into account not only geographical and political balance, but a demonstrated interest in the topic, the number of times a country has served on other GGEs, whether they are currently serving on a different GGE, etc. Occasionally a government might decline to participate in a GGE if it believes it lacks the personnel or expertise necessary for the work.

Once the countries have been identified and notified, they are asked to nominate an expert to participate in the GGE. In almost all cases, these experts are government officials. Early GGEs included a mix of experts on information security, some with diplomatic backgrounds and others with a more technical background. Over time, the composition of the experts changed, as countries chose to select experts with arms control, or non-proliferation experience. Experts’ technical backgrounds can be ‘left behind’ in the sometimes intense diplomatic negotiations that accompany a GGE.

Each GGE selects a Chair from among its members. A strong and skillful Chair is vital to the success of the group. The Russian Federation chaired in 2005 and 2010, Australia in 2013, Brazil in 2015, and Germany in 2016. Brazil chaired the 2019-2021 Group. While it is the experts who sit at the table (there are no ‘delegations’), some experts are accompanied by advisers. In the recent GGEs, legal advisers have been particularly common.

Procedures

The Group, guided by the Chair and shaped by the mandate included in the General Assembly resolution, largely determines its own agenda and work plan. The work, particularly commenting on drafts and informal consultations is often conducted.

Most GGEs meet for four one-week sessions. The Group holds its meetings in the UN format, sitting for six hours a day (from 10 a.m. 1 p.m., and then again from 3 p.m. 6 p.m.), with simultaneous interpretation in all six official languages of the UN. The GGEs’ meetings are closed and there are no publicly available meeting summaries. The closed-door format is considered essential for the frank discussions to enable GGEs to find agreement. Thus, there are also no observers – whether representatives from other governments, non-governmental organisations, the private sector or international organisations.

On more than one occasion it has been suggested that the International Telecommunications Union (ITU), the UN specialised agency responsible for developing technical standards for ICTs, may be invited to observe the group. However, the General Assembly mandates the work of the GGEs squarely in the realm of international security and disarmament, and thus not as a technical exercise.

The UN Office for Disarmament Affairs (UNODA) serves as the Secretariat to the cyber GGEs.

Decision-making

Decisions, including decisions on the final report, are made by consensus.

Relations with other UN bodies and processes

The fact that the GGE falls under the UN First Committee has important implications for how the Group interprets its mandate, by focusing and narrowing the scope of the task. The First Committee is the Main Committee of the General Assembly and is allocated agenda items on disarmament and international security.

After multiple discussions, GGEs decided that the issues not under the purview of the First Committee – such as espionage, Internet governance, development and digital privacy – are not the focus of the Group’s work. While terrorism and crime are important topics for understanding, previous GGEs have limited themselves to calling for greater co-operation among states. They also decided that detailed discussion of these topics and the development of recommendations for them is best done in other UN bodies.

In 2019-2021, UNODA is mandated to organise a series of consultations with regional organisations, in particular the African Union, the EU, the OAS, the OSCE and the ASEAN Regional Forum. The consultations take place back-to-back with relevant meetings of the regional organisations, with participation by some GGE Members and, where possible, the Chair. Summary reports of these consultations are then sent to the GGE.

Source: UNIDIR's Report on the International Security Cyber Issues Workshop Series

Show less

GGE vs OEWG

In 2018, the UNGA adopted two resolutions (one sponsored by the USA (A/RES/73/266), the other by Russia (A/RES/73/27)) which set up the continuation of the GGE in 2019–21 and the UN OEWG. During 2019-2021, the GGE and the OEWG worked in parallel in somewhat different settings. Considerable cooperation between the chairs of the two groups was established, and many countries played an active and constructive role in both.

(Click on the infographic below, or here, for a voice-reader accessible .pdf version.)

Top

Our projects

	Online courses Cybersecurity policy and international affairs Cybersecurity Diplomacy online course
	Cyber diplomacy web discussions: Cyber diplomacy web discussion: Norms and confidence building measures (CBMs): Are we there yet? Traceability and attribution of cyberattacks: Who did it? Applicability of international law to cyberspace: Do we know the rules of the road? Cyber armament: A heavy impact on peace, economic development, and human rights
	Geneva Dialogue on Responsible Behaviour webinars What is responsible behaviour in cyberspace? What is the role of the private sector towards a peaceful cyberspace? What is the role of civil society and communities towards a peaceful cyberspace? Geneva Dialogue on Responsible Behaviour outputs Output document Report ‘Security of digital products and international standards’
	Study: Towards a secure cyberspace via regional cooperation