UN GGE 2021 report

28 May 2021

Policy Reports

The United Nations Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace in the context of international security 2019/2021 has published its final report, adopted on 28 May 2021. The 2019/2021 group is the sixth GGE to be established since 2004. The group was mandated to ‘continue to study, with a view to promoting common understandings and effective implementation, possible cooperative measures to address existing and potential threats in the sphere of information security.’

Existing and emerging threats

The report reaffirms that the serious ICT threats identified in previous reports persist. It underlines serious concerns about 

  • harmful ICT activity against critical infrastructure; 
  • a increase in states’ malicious use of ICT-enabled covert information campaigns to influence the processes, systems and overall stability of another state;
  • and malicious ICT activity aimed to exploit vulnerabilities.

Norms, rules, and principles

Norms and existing international law sit alongside each other, the GGE reaffirmed in this report, and norms reflect the expectations of the international community and set standards for responsible state behaviour.

Additional norms could be developed over time, and, if appropriate, additional binding obligations could be elaborated in the future.

The group has also developed an additional understanding of the 13 voluntary GGE 2015 norms, as it was mandated.

International law

Also reaffirmed is the applicability of international law, and in particular the Charter of the United Nations in its entirety, to the ICT environment. The group clarified that international humanitarian law applies only in situations of armed conflict. However, the application to use ICTs of established international legal principles including the principles of humanity, necessity, proportionality and distinction, needs further study.

Confidence building measures

In this section, the report tackles both cooperative and transparency measures. Among cooperative measures, points of contact (PoC) and dialogue and consultations are discussed. Among transparency measures, states could consider using bilateral, sub-regional, regional and multilateral fora and informal consultations to clarify positions and share information. 

International cooperation and assistance in ICT security and capacity-building

The GGE noted a few areas in which international cooperation and assistance in ICT security and capacity-building can support states, including developing and implementing national ICT policies, strategies and programmes; creating and enhancing the capacity of CERTs/CSIRTs and their cooperation, etc.

The GGE also welcomed the capacity-building principles concerning process, purpose, partnerships and people recommended by the final report of the OEWG.