UN Open-ended Working Group (OEWG)
The UN plays a crucial role in global cybersecurity negotiations, with the issue of information security being on the UN agenda since 1998 when the Russian Federation introduced a draft resolution on the subject in the First Committee of the UN General Assembly.
This page provides comprehensive coverage of ongoing and past First Committee processes related to cybersecurity, peace, and security at the UN, including the Groups of Governmental Experts (GGEs) and the Open-ended Working Group (OEWG). Currently, the focus is on the work of the UN Open-Ended Working Group (OEWG) on the security of and in the use of information and communications technologies in 2021–2025.
The current process (OEWG 2021-2025)
The Open-ended Working Group (OEWG) on security of and in the use of information and communications technologies was established in 2021 by UNGA resolution UN A/RES/75/240.
After the first three substantive sessions held in December 2021, April and July 2022, the main stumbling stone was the participation of non-state stakeholders in the OEWG process. Despite tensions due to the war in Ukraine, some progress in confidence-building measures and capacity building was made. However, states disagreed on whether existing international law applies to ICTs and whether new norms are needed.
In July 2022, delegations adopted stakeholder modalities, agreed to establish a Points of Contact (POC) directory, and reached a compromise on the group's first Annual Progress Report. Annual Progress Reports serve as a roadmap for further negotiations.
In 2023, discussions on the applicability of international law on ICTs and on norms of responsible behaviour have not advanced. However, the work on the operationalisation of the POC Directory started. In July of 2023, delegations reached a compromise on the second Annual Progress Report.
In 2024, delegations remained divided on the applicability of international law on ICTs and on norms of responsible behaviour. But two major successes were achieved: The POC Directory was officially launched in May 2024, and the delegations agreed on the basic elements of the mechanism that will follow the OEWG.
Recent achievements
In July 2024, delegations reached a compromise on the third Annual Progress Report at its eighth substantive session in New York.
Our reports and analyses
A team of GIP rapporteurs followed the discussions at the OEWG 2021-2015 and produced analyses from the following sessions:
You can also browse reports from the sessions:
-
Global roundtable on ICT security capacity-building
The Chair of the Open-ended Working Group on security of... -
UN OEWG 2021-2025 8th substantive session
The UN OEWG 2021-2025 8th substantive session will focus on... -
UN OEWG 2021-2025 7th substantive session
The UN OEWG 2021-2025 will have its 7th substantive session... -
UN OEWG 2021-2025 6th substantive session
The UN OEWG on cybersecurity will have its 6th session... -
UN OEWG 2021-2025 5th substantive session
The UN OEWG 2021-2025 will conduct its 5th substantive session... -
UN OEWG 2021-2025 4th substantive session
The UN OEWG 2021-2025 will conduct its fourth substantive session... -
UN OEWG 2021-2025 2nd substantive session
The UN Open-Ended Working Group (OEWG) held its second substantive... -
UN OEWG 2021-2025 1st substantive session
The second UN Open Ended Working Group (OEWG) on developments...
Future process (PoA and elements of the future mechanism)
Co-proposed by 40 states, a Programme of Action (PoA) for advancing responsible state behaviour in cyberspace would establish ‘a permanent UN forum to consider the use of ICTs by states in the context of international security’. The proposal suggests the PoA to be in a single, long-term, inclusive, and progress-oriented format; its implementation and follow-up measures could be subsequently endorsed by the UN GA. In November 2022, the First Committee of the UNGA adopted resolution A/RES/78/16 on the programme of action (PoA) on cybersecurity. This means the UNGA welcomed the proposal for a PoA as a permanent, inclusive, action-oriented mechanism.
States continued to discuss the scope, structure and content of the future mechanism during 2023 and 2024, with a significant breakthrough in June and July 2024, when the Chair published elements for the establishment of an open-ended action-oriented permanent mechanism on ICT security, building upon the resolution A/RES/78/16 on the PoA.
During negotiations in July 2024, delegations agreed on the elements for the future mechanism, enshrined in Annex C of the third APR.
Another tricky question was the modalities of stakeholder engagement with the mechanism. The future mechanism will be a First Committee process and, therefore, a state-led process. However, there is room - and need - for stakeholder participation. Some states consider the ad-hoc committee on cybercrime modalities for stakeholder engagement to be the gold standard, where stakeholders attend any open formal sessions of the ad hoc committee, make oral statements, time permitting, after member states’ discussions, and submit written statements. Other countries caution that the OEWG’s own much-discussed modalities should be applied because they are the hard-won result of delicate compromise. This issue was ultimately deferred to the group’s next meeting.
Body of existing agreements
The body of existing agreements refers to the framework of responsible behaviour of states in cyberspace. This framework is sometimes also called ‘acquis’, a term borrowed from the EU for the body of common rights and obligations that is binding on all the EU member states. While it has quickly been adopted for informal discussions, there is still no clear understanding of everything it encompasses.
It encompasses the GGE 2013 report, the GGE 2015 report, the GGE 2021 report and the OEWG 2021 report. All reports were adopted by respective resolutions of the UNGA by consensus of all states. Additionally, other resolutions, such as those that established the GGEs and OEWGs on cybersecurity, also play a role, as states refer to some of them throughout negotiations. This particularly refers to the UNGA resolutions that established the OEWG in 2018 and 2020, since they do not entirely match GGE's reports, but rather reflect on other issues such as propaganda, and have procedural implications.
-
2010 UN GGE report (A/65/201)
Report of the UN GGE 2009/2010, which includes recommendations for: -
-
-
OEWG 2019-2021 final substantive report
The Open-ended Working Group (OEWG) on Developments in the Field of ICTs in... -
OEWG 2021-2025 first annual progress report (APR)
A. Introduction 1. The first, second and third substantive sessions... -
OEWG 2021-2025 second annual progress report (APR)
A. Overview B. Existing and Potential Threats 10. During the... -
OEWG 2021-2025 third annual progress report (APR)
Eighth substantive session, New York8-12 July 2024 Draft Annual Progress...
Most recently, the APRs of the OEWG 2021-2025 note that the framework of responsible State behaviour in the use of ICTs includes voluntary norms, international law, and confidence-building measures (CBMs). However, delegations, including the USA, Israel, Thailand, and Iran, contend that voluntary norms and CBMs cannot be classified as obligations. They argued that, by definition, voluntary norms are not obligatory and that CBMs, within the context of this OEWG, are also voluntary. These delegations emphasised that states cannot be held accountable for obligations arising from non-binding agreements. However, the language remains in the APRs.
Unresolved issues
Despite long-running discussions and several consensus reports, there are a number of issues that remain open.
Past processes: the GGEs and the OEWG 2019-2021
2004-2021: Six UN Groups of Governmental Experts (GGE)
The UN Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace in the context of international security (formerly: on Developments in the Field of Information and Telecommunications in the Context of International Security) have convened from 2004 until 2021.
2019-2021: UN OEWG and sixth GGE in parallel
In 2018, the UNGA adopted two resolutions (one sponsored by the USA (A/RES/73/266), the other by Russia (A/RES/73/27)), which set up the continuation of the GGE in 2019–21 and the UN OEWG.
2019-2020: The Open-Ended Working Group (OEWG) 2019/2020
The OEWG 2019/2020 was established by the UN General Assembly in December 2018 (A/RES/73/27).
Our projects
Cyber diplomacy web discussions:
Cyber diplomacy web discussion: Norms and confidence building measures (CBMs): Are we there yet?
Traceability and attribution of cyberattacks: Who did it?
Applicability of international law to cyberspace: Do we know the rules of the road?
Cyber armament: A heavy impact on peace, economic development, and human rights
Geneva Dialogue on Responsible Behaviour webinars
What is responsible behaviour in cyberspace?
What is the role of the private sector towards a peaceful cyberspace?
What is the role of civil society and communities towards a peaceful cyberspace?
Geneva Dialogue on Responsible Behaviour outputs
Report ‘Security of digital products and international standards’