Dedicated stakeholder session (in accordance with agreed modalities for the participation of stakeholders of 22 April 2022)
Session at a glance
Summary
This transcript captures the final substantive session of the UN Open-Ended Working Group (OEWG) on cybersecurity, featuring both a dedicated stakeholder session and member state discussions on establishing a future permanent mechanism for international ICT security. The session began with stakeholder presentations from 24 organizations, including civil society groups, think tanks, and private sector representatives, who emphasized the critical importance of meaningful multi-stakeholder participation in cybersecurity governance. Key stakeholder concerns included the need for stronger human rights protections in cyberspace, better implementation of existing norms rather than creating new ones, and avoiding duplication of existing capacity-building initiatives.
Member states then engaged in discussions covering norms of responsible state behavior, international law application in cyberspace, confidence-building measures, and capacity building. There was notable convergence on the importance of capacity building for developing countries, with many delegations supporting proposals for global portals, sponsorship programs, and technical assistance initiatives. However, significant divergences emerged regarding the structure of the future permanent mechanism, particularly around the establishment of dedicated thematic groups and stakeholder participation modalities. Some delegations favored cross-cutting, action-oriented thematic groups as proposed by France, while others preferred pillar-based approaches or expressed concerns about resource implications.
The Chair acknowledged both the strong commitment from all delegations to reach consensus and the challenging matrix of competing proposals and counter-proposals. Despite time constraints due to UN budget cuts affecting meeting services, the Chair expressed optimism about finding a “narrow path” toward consensus. The session concluded with plans to produce a revised draft (REV2) by evening, followed by further negotiations leading to a final conference room paper for adoption on Friday, representing a critical test for multilateral cooperation in cybersecurity governance.
Keypoints
## Major Discussion Points:
– **Stakeholder Participation and Modalities**: Extensive debate over how civil society, NGOs, academia, and other stakeholders should participate in the future permanent mechanism, with strong support for meaningful inclusion but disagreements over accreditation processes and the extent of participation
– **Structure of Future Permanent Mechanism**: Significant discussion about establishing dedicated thematic groups (DTGs) with debate between cross-cutting action-oriented groups versus pillar-specific groups, particularly around international law, capacity building, and confidence-building measures
– **International Law Application in Cyberspace**: Ongoing tensions over how to reflect discussions on international humanitarian law (IHL) and human rights law in the final report, with some delegations wanting stronger language while others prefer more cautious approaches
– **Capacity Building as Cross-Cutting Priority**: Strong consensus that capacity building is fundamental and should be treated as a cross-cutting issue rather than siloed, with particular emphasis on supporting developing countries and avoiding duplication of existing initiatives
– **Financial Constraints and UN Crisis**: The Chair’s revelation that the OEWG faces unprecedented 10% cuts in meeting time due to UN financial crisis caused by non-payment of dues, highlighting broader challenges facing multilateral cooperation
## Overall Purpose:
The discussion aimed to finalize the Open-Ended Working Group’s report and establish a framework for transitioning to a future permanent mechanism on ICT security. The session focused on reaching consensus on outstanding issues across all pillars of responsible state behavior in cyberspace while ensuring continuity and avoiding regression from previous achievements.
## Overall Tone:
The discussion began with a constructive and collaborative tone, with stakeholders and member states expressing strong commitment to reaching consensus. However, the tone became more urgent and somewhat strained as time constraints became apparent, culminating in the Chair’s emotional explanation of the financial pressures facing the UN. Despite these challenges, the Chair maintained an encouraging tone, emphasizing the “narrow path” toward consensus while acknowledging the difficult compromises required. The session ended on a cautiously optimistic note, with the Chair expressing confidence that an outcome was achievable through flexibility and pragmatism.
Speakers
**Speakers from the provided list:**
– **Chair** – Session moderator and leader of the Open-Ended Working Group (OEWG)
– **Access Now** – International civil society organization focusing on digital security and defending digital rights of vulnerable individuals and communities (represented by Ramanjit Singh Cheema)
– **German Council on Foreign Relations** – Research organization (represented by Valentin Weber, senior research fellow)
– **Safe PC Solutions** – Organization focused on cybersecurity awareness training
– **Academia Mexicana de Ciberseguridad y Derecho Digital** – Mexican Academy of Cybersecurity and Digital Law
– **Crest International** – Non-profit organization building trust in the digital world by raising standards in the cyber security industry
– **Center for Humanitarian Dialogue** – Organization focused on humanitarian dialogue and conflict resolution
– **Red on Defensa de los Derechos Digital** – Mexican organization defending digital rights (represented by Francia Preta-Santa Baldassa)
– **Alliance of NGOs on Crime Prevention and Criminal Justice** – Umbrella organization coordinating civil engagement with crime and justice mandates
– **European Union Institute for Security Studies** – Research institute focused on security studies
– **Wright pilot** – Jordanian organization (represented by Abdullah bin Hussain)
– **Hitachi America** – Private company providing critical infrastructure solutions
– **Arab Association of Cybersecurity** – Regional cybersecurity organization
– **Center of Excellence for National Security** – Think tank organization
– **Nuclear Age Peace Foundation** – Youth initiative organization (represented by Lydia Peavy, youth activist)
– **Youth for Privacy** – Youth organization (represented by J1 Choi, 16-year-old representative)
– **Fundación Karisma** – Colombian organization working for digital rights promotion
– **First ORG. INC** – Forum of Incident Response and Security Teams with over 800 members from 113 economies
– **Global Cyber Alliance** – Not-for-profit organization working to improve internet security (represented by Chris Painter, Strategic Advisor)
– **Women in cybersecurity Middle East** – Regional movement uniting over 3,000 women across 22 Arab countries
– **Global Partners Digital** – Human rights organization focusing on governance of digital technologies
– **Stiftung Wissenschaft und Politik** – German Institute for International and Security Affairs (think-tank)
– **ICRC** – International Committee of the Red Cross
– **Interpol** – International police organization
– **El Salvador** – Country delegation
– **Switzerland** – Country delegation
– **Paraguay** – Country delegation
– **Mauritius** – Country delegation
– **South Africa** – Country delegation
– **Australia** – Country delegation
– **Republic of Korea** – Country delegation
– **Latvia** – Country delegation
– **Cuba** – Country delegation
– **Tunisia** – Country delegation
– **Kingdom of the Netherlands** – Country delegation
– **Dominican Republic** – Country delegation
– **Italy** – Country delegation
– **Sweden** – Country delegation
– **Zimbabwe** – Country delegation
– **United Kingdom** – Country delegation
– **Colombia** – Country delegation
– **Ghana** – Country delegation
– **Uruguay** – Country delegation
– **Ukraine** – Country delegation
– **Cameroon** – Country delegation
– **Viet Nam** – Country delegation representing a cross-regional group of states
– **Russian Federation** – Country delegation
– **Czechia** – Country delegation
– **Guatemala** – Country delegation
– **Belarus** – Country delegation
– **Costa Rica** – Country delegation
– **New Zealand** – Country delegation
– **India** – Country delegation
– **Nigeria** – Country delegation
– **Albania** – Country delegation
– **Djibouti** – Country delegation
**Additional speakers:**
None – all speakers mentioned in the transcript were included in the provided speakers names list.
Full session report
# Report: Final Substantive Session of the UN Open-Ended Working Group on Cybersecurity
## Executive Summary
This report documents the final substantive session of the UN Open-Ended Working Group (OEWG) on cybersecurity, which featured a stakeholder session followed by member state discussions on establishing a future permanent mechanism for international ICT security. The session highlighted both areas of consensus and significant disagreements on implementation approaches.
The stakeholder session included presentations from civil society groups, think tanks, and private sector representatives who emphasized the importance of multi-stakeholder participation, human rights protections in cyberspace, and implementation of existing norms rather than creating new ones. Youth representatives made particularly assertive interventions calling for systematic embedding as valid stakeholders.
Member state discussions covered norms of responsible state behavior, international law application in cyberspace, confidence-building measures, and capacity building. While notable agreement emerged on the importance of capacity building for developing countries and the applicability of international law to cyberspace, significant disagreements persisted regarding stakeholder participation modalities and the structure of thematic groups in the future permanent mechanism.
The Chair acknowledged the UN’s financial crisis, which resulted in 10% cuts in meeting time due to non-payment of dues by some member states. Despite what the Chair described as a “matrix of divergences,” the session concluded with the Chair expressing confidence that consensus could be reached through flexibility and pragmatism.
## Stakeholder Session
### Human Rights and Digital Rights Organizations
Access Now, represented by Ramanjit Singh Cheema, opened by challenging delegates to see themselves “not only as diplomats, but as stewards” with a duty to “leave things better than how you found it.” The organization called for addressing commercial spyware targeting civilians and emphasized that stakeholder modalities should be improved to avoid “locking into politics.” They requested that international human rights law be explicitly referenced in the main body text of the final report.
The Red on Defensa de los Derechos Digital, represented by Francia Preta-Santa Baldassa, emphasized incorporating regional perspectives, particularly Latin American human rights interpretations, arguing that regional perspectives must be integrated into global frameworks.
Global Partners Digital stated that human rights impacts of cyber incidents require multi-stakeholder collaboration frameworks, arguing that the interconnected nature of cyber threats necessitates inclusive approaches.
### Youth Representatives
The Nuclear Age Peace Foundation, represented by youth activist Lydia Peavy, argued that “youth engagement is crucial as digital natives who understand technology impacts on society,” emphasizing that young people should be recognized as co-creators given their lived experience with digital technologies.
Youth for Privacy, represented by 16-year-old J1 Choi, declared that “children and youth must be systematically embedded as valid stakeholders with fundamental rights,” arguing that youth participation should be understood as an inalienable right rather than optional consultation.
### Technical Expertise and Private Sector
The German Council on Foreign Relations, represented by Valentin Weber, highlighted the quantum computing threat, noting that “quantum computing presents a foreseeable threat requiring urgent post-quantum cryptographic solutions.” Weber quoted Elvis Presley: “As Elvis Presley said, a little less conversation, a little more action. A little more bite, and a little less bark. A little less fight, and a little more spark.” The Chair noted that this comment brought “music into our lives” and a “positive tone.”
Safe PC Solutions emphasized that “generative AI and quantum computing need specific governance frameworks,” highlighting how emerging technologies introduce new vectors for disinformation and automated cyber attacks.
Crest International argued that “international standards are preferable to variable national standards for supply chain security.” Hitachi America noted that “the private sector can contribute to updating threats and applying norm checklists across sectors.”
The Global Cyber Alliance, represented by Chris Painter, emphasized that “existing effective mechanisms should be scaled rather than duplicated.”
### Regional and Other Perspectives
The Arab Association of Cybersecurity emphasized that “women’s meaningful participation must be promoted in capacity building initiatives.” Women in Cybersecurity Middle East noted their success in uniting “over 3,000 women across 22 Arab countries.”
Interpol emphasized that “criminal misuse of ICTs poses significant threats to essential services requiring collective action” and that “sophisticated criminal networks using advanced techniques like deepfakes target global infrastructure.”
## Member State Discussions
### Norms of Responsible State Behaviour
El Salvador emphasized that “the voluntary nature of norms and complementarity with international law must be recognised.” Mauritius noted that “whole-of-government approaches are essential for effective norm implementation” and that “critical infrastructure designation remains a sovereign prerogative requiring national frameworks.”
The Dominican Republic emphasized that “practical measures and good practices are needed for norm operationalisation,” while South Africa noted that “norm implementation requires specific capacity building to address gaps.”
Australia suggested that “templates for assistance requests should be voluntary and clearly titled,” while Sweden emphasized that “the framework for responsible state behaviour must be strengthened rather than weakened.”
### International Law Application in Cyberspace
Switzerland provided detailed legal analysis, noting that “ICT operations comparable to traditional means can constitute use of force” and that “due diligence obligations and state responsibility principles apply to cyber operations.” The delegation emphasized that “national positions on international law provide invaluable clarification that cyberspace is not lawless.”
Paraguay emphasized that “UN Charter principles of sovereign equality and peaceful relations apply to cyberspace.” The ICRC noted that “international humanitarian law prohibits attacks on civilian objects and hospitals in cyberspace” and that “a humanitarian red line exists prohibiting attacks on civilian infrastructure through ICTs.”
Vietnam, representing a cross-regional group, noted that “cross-regional working papers represent areas of emerging convergence on international law.”
### Capacity Building
Australia argued that “capacity building is a foundational and cross-cutting element requiring concrete implementation mechanisms.” Zimbabwe proposed a “global ICT security cooperation portal as a neutral member state-driven resource platform” and emphasized that “South-South and triangular cooperation is important to complement traditional partnerships.”
Latvia supported establishing a “UN Cyber Resilience Academy within UNIDIR for implementation.” Mauritius emphasized that “needs-based and tailored approaches are essential for effective capacity building programmes” and that “regional organisations serve as vital implementation partners and capacity building hubs.”
Ghana emphasized that “technical and hands-on training is critical for developing national cyber capabilities” and called for “voluntary fund establishment essential for supporting developing country participation.” Nigeria noted that “integration of modern technology with indigenous knowledge ensures sustainability” and that “gender inclusiveness and youth engagement are vital for maximising human capacity.”
Cuba argued that “UN budgetary constraints cannot be a pretext for limiting developing country needs” and that “capacity building is essential for eliminating the digital divide affecting developing countries.”
### Confidence-Building Measures
The Republic of Korea emphasized that “global point of contact directories require broad participation and flexible implementation” and that “CBMs serve to reduce misunderstanding and prevent conflict escalation.”
Ukraine argued that “existing eight CBMs should be operationalised before developing new proposals.” Cameroon emphasized that “regional POC networks should be integrated to enhance incident response capabilities.”
The Netherlands argued that “focus is needed on effective operationalisation before further development” and that “regional organisations and technical community roles should be explicitly recognised.”
### Future Permanent Mechanism Structure
Czechia proposed “three umbrella themes of stability, resilience, and cooperation” as an optimal framework and supported “cross-cutting action-oriented thematic groups preferred over pillar-based structures.” Latvia strongly supported “cross-cutting, action-oriented thematic groups.”
New Zealand argued for a “single-track format with concrete meaningful exchanges needed for success.” Albania emphasized that “action-oriented structures are needed to deliver real-world cybersecurity solutions.”
Belarus proposed “creating separate thematic groups on standards and on confidence building measures” and emphasized that “consensus-based decision making must be maintained in the future mechanism” with “seamless transition from OEWG to permanent mechanism without undermining the mandate.”
Guatemala sought middle ground, arguing for a “moderate number of thematic groups with specific focus on capacity building.” India emphasized that “the inclusive and democratic characteristics of OEWG must be preserved” and that “regular institutional dialogue should be representative, inclusive, and democratic.”
### Stakeholder Participation Modalities
Belarus stated: “We support the current format of work. We are aware of the important contributions made to the work of the OEWG by non-state entities, but we believe that all decisions on NGO participation in sessions ought to be based on no objection from member states.”
The Alliance of NGOs on Crime Prevention and Criminal Justice warned that “should the final report maintain weak language on stakeholder modalities and the future permanent mechanism, it will further hinder their engagement.”
Italy emphasized that “multi-stakeholder engagement is indispensable for effective capacity building.”
## Chair’s Assessment and Procedural Matters
### UN Financial Crisis
The Chair provided a candid assessment of the UN’s financial constraints: “The UN is in financial crisis… Because some members do not pay in full and on time… multilateralism is in crisis… on your shoulders lies also the burden to show to your capitals, to each other, and to the world that the spirit of multilateral cooperation is alive and well.”
The Chair noted that the OEWG faced unprecedented 10% cuts in meeting time, directly impacting the ability to conduct comprehensive discussions with full interpretation services. The Chair acknowledged implementing microphone cutoffs for the first time in five years due to time constraints.
### Technical Issues
The Russian Federation experienced recurring difficulties accessing UN Web TV, which the delegation argued “violates transparency and participation principles.” The Chair acknowledged these problems and tasked the Secretariat with addressing technical issues.
### Path Forward
The Chair acknowledged a “matrix of divergences” while expressing determination to find a “narrow path” toward consensus, noting that reaching agreement would require “flexibility, pragmatism, and willingness to compromise from all parties.”
The Chair outlined a specific timeline: REV2 would be available around 9 p.m., with a meeting scheduled for Thursday at 11 a.m., a conference room paper by the end of Thursday, and adoption planned for Friday at 10 a.m.
The Chair requested delegations to send written statements and technical proposals to the Secretariat and asked them to prioritize their demands and show flexibility in the negotiations.
## Key Areas of Agreement and Disagreement
### Areas of Broad Agreement
Multiple speakers supported the principle of multi-stakeholder participation, though they disagreed on specific modalities. There was strong consensus on capacity building as a foundational element, with virtually all speakers emphasizing its importance for developing countries.
Broad agreement emerged that existing international law applies to cyberspace, including UN Charter principles and international humanitarian law, though disagreements persisted on specific formulations.
Many speakers supported leveraging existing mechanisms rather than creating duplicative structures, reflecting concerns about resource constraints and proven effectiveness.
### Fundamental Disagreements
The most significant disagreement concerned stakeholder participation modalities, with civil society advocating for improved meaningful participation while some states insisted on maintaining current restrictive formats requiring consensus for NGO participation.
Disagreement persisted on institutional structure, with some favoring cross-cutting thematic groups while others preferred pillar-specific or dedicated groups for particular areas.
While agreeing on international law applicability, states disagreed on specific formulations regarding use of force thresholds, explicit human rights law references, and the balance between different legal frameworks.
## Conclusion
The final substantive session demonstrated both the potential for multilateral cooperation in cybersecurity and the significant challenges facing such efforts. The strong stakeholder participation provided diverse perspectives and expertise, while member state discussions revealed both areas of consensus and fundamental disagreements that will need to be resolved in establishing an effective permanent mechanism.
The Chair’s acknowledgment of the UN’s financial crisis highlighted broader challenges facing multilateral cooperation, while the compressed timeline and procedural constraints added urgency to the negotiations. Despite these challenges, the Chair expressed confidence that consensus could be achieved through flexibility and pragmatism, setting the stage for final negotiations on the future permanent mechanism.
Session transcript
Chair: Good morning, distinguished delegates. As indicated in the program of work, this morning we will start with the dedicated stakeholder session. And in keeping with the practice of the working group, we will go through each of the stakeholders who are registered to speak. And as I indicated yesterday, before we wrapped up, we are operating under intense time pressure. So I’d like to appeal to the stakeholders for their understanding and support. We will have to turn off the microphone at the three-minute point. It’s not something that I enjoy doing, but I’d like to seek your kind understanding. Do circulate the statements to me and to all delegations. We will put that on the website. But I also want to say that this session today is not a one-off session. We have, throughout the five years, been talking to the stakeholder community. And each of the formal sessions, we have given them an opportunity to speak. I also make it a point to convene informal sessions with the stakeholders on a range of topics. They have contributed a lot of ideas. Not all the ideas make it to the formal progress reports, or might even make it to the final report. But the point is that they are engaging, participating, contributing ideas. And this enriches our collective conversation here. I think that is the spirit of the United Nations. So let’s get on with the speakers list. So the first speaker is AXS Now, to be followed by the German Council on Foreign Affairs. relations. Access Now, you have the floor, please.
Access Now: Thank you, Chair. I am Ramanjit Singh Cheema, addressing you on behalf of Access Now, the international civil society organization which focuses on digital security and defending the digital rights of vulnerable individuals and communities. We thank you for the opportunity to address you all today, and in particular, appreciate the comments you made yesterday, Chair. We hope all delegations are here, listening to us and seeking to understand the views of stakeholders. We speak to you from positions of expertise and frontline experience. Our digital security helpline, a proud member of the Forum for Incident Response, and a participant in the Common Good Cyber Initiative, has seen over 1,000 cases each quarter so far this year, showing us just the tip of the cybersecurity crisis we face. Today, we ask you to see yourselves not only as diplomats, but as stewards. The main duty of stewardship is simple, to leave things better than how you found it. Today, we are therefore asking this OEWG to consider the fact that the first OEWG and the group of governmental experts left us with milestone consensus achieved across the UN’s membership on responsible state behavior, despite the odds they faced, a foundation that we could all work with and build on. Right now, we believe you have partly progressed on this foundation, but you still run the risk of jeopardizing the acquis that states here have achieved through tremendous work. An instance of progress in the current draft is the references to state efforts against the growing market for commercially available ICT intrusion capabilities. We believe international efforts on responsible ICT behavior must recognize the reality that commercial spyware is regularly used to target civilian populations, diplomats, and other stakeholders. In that regard, we believe the REV.1 text must be further bolstered by adding specific references. In PARA 25, that cyber intrusion capabilities must be used in ways consistent with international law, including the standard of necessity, legality, and proportionality as outlined in international human rights law. We welcome the efforts to further implement the norms on human rights and a human-centric approach. to cybersecurity through the voluntary norms E and J in the text. OEWG members must promote human rights on the internet and encourage responsible reporting of ICT vulnerabilities, including the critical role of security researchers. But the current text leads us to the less secure foundation in the past OEWG by failing to incorporate explicit references to international human rights law in the main body. This body should also be proud of the increasing number of states who have outlined their position international on cyber operations. In that regard, we believe that more needs to be done again to specifically refer to international human rights law and humanitarian law. We urge you lastly to reconsider your approach to the modalities of stakeholders. We’ve joined 24 organizations and experts this week in supporting a joint letter asking for improved stakeholder modalities. Do not lock yourself into politics, be pragmatic and give yourself all the tools you can achieve. We therefore wish you a success in establishing a permanent mechanism that advances the challenges of meaningful rights respecting cyber dialogue.
Chair: Thank you very much Access Now for your contribution. German Council on Foreign Relations, you’re the next speaker.
German Council on Foreign Relations: My name is Valentin Weber and I’m a senior research fellow with DGP, the German Council on Foreign Relations. And in this capacity, I’ll also sign the joint civil society letter on multi-stakeholder modalities. Thank you so much for giving me the floor and for your admirable effort to find consensus in a world where it is increasingly rare. For the German Council on Foreign Relations, also known as DGP, this OEWG has been the first time to engage in a UN cyber dialogue. During the last five years, we thankfully had the opportunity to closely follow how member states have started operationalizing their key of the past 20 plus years. We’re very happy to see that the current version of this report puts an emphasis on critical infrastructures. At DGP, we have actively supported your and member states efforts. to strengthen their protection. But our research shows that words alone do not suffice. There is a huge gap in the implementation of the norms on the protection of critical infrastructure. In the policy brief, we have highlighted that half of the countries, that means half of the room here, represented in this room have not yet designated critical infrastructure sectors within their territories. This makes it difficult to implement norms 13F, G, and H, and in my opinion, requires further attention. My team at DGIP has also taken notice of member states’ concern over the misuse of quantum technology. In this context, we are happy to see that for the first time, the current version of the final OEWG report contains a reference to states’ intention to deploy post-quantum cryptographic solutions. We don’t think that this is premature. Chair, it is really high time to do so. DGIP research shows that all of us are profoundly vulnerable to quantum computing. Our analysis found that no UN member state has yet accomplished the transition to quantum security. No country in this room. In short, all UN member states are vulnerable for the day when quantum computers reach the capability to break conventional encryption. Some estimate that this might even occur by 2030. This leaves us only four years to get this job done. In short, there has been progress, also due to your efforts, Mr. Chair, but the world, and in particular its critical infrastructure, remains profoundly vulnerable. As Elvis Presley said, a little less conversation, a little more action. A little more bite, and a little less bark. A little less fight, and a little more spark. In this spirit, we appeal to you and the member states. Thank you for your attention.
Chair: Thank you very much. German Council for Foreign Relations and also for introducing some music into our lives. I think we need to have a positive tone and a positive tune in our heads at this point. I give the floor now to Safe PC Solutions.
Safe PC Solutions: Thank you, Chair, for the opportunity for Safe PC Solutions to speak today to make a statement for intervention. We welcome zero-draft recognition of the transformative potential and the dual-use nature of emerging technologies, particularly artificial intelligence and quantum computing. As I stated last week in the informal dialogue, we need to include generative AI, a rapidly advancing subset of AI capable of producing synthetic content such as text, images, code, and audio. It has introduced new vectors for disinformation, social engineering, and automated cyber attacks. And also, we encourage the OEWG to consider referencing the governance of generative AI as a distinct area of concern within the broader AI landscape. We also suggest that quantum computing be separated and be defined in the document. Quantum computing presents a foreseeable threat to current cryptographic systems. We urge the OEWG to emphasize the urgent need for the development, standardization, and the global adoption of post-quantum cryptographic solutions. We further emphasize the importance of inclusive cross-sectoral cooperation, engaging governments, industry, academia, and the public. and civil society to address the complex risks arising from convergence of AI, quantum computing, and other advanced technologies. And I do thank you for putting the stakeholders at the forefront of this meeting. We also, Safe Peace Solutions, we also support the joint stakeholder statement on the zero draft and REV1 Annex 3 section on stakeholder modalities. Also, concerning capacity building for resilience and sustainable development. Safe Peace Solutions, last month, in May, we had the opportunity to present at the global conference on cyber capacity building in Geneva. And I met with a lot of the member states from Africa, Latin America, and Pacific Islands. And they were not aware, first of all, that we were a stakeholder, no EWG, let alone that we had built a cybersecurity awareness training on a generative AI platform focusing on people of color. So, thank you.
Chair: Thank you very much, Safe Peace Solutions. Next speaker is Academia Mexicana de Ciberseguridad y Derecho Digital.
Academia Mexicana de Ciberseguridad y Derecho Digital: Gracias, Senor Presidente. Thank you very much, sir. The Mexican Academy of Cybersecurity and Digital Law welcomes this opportunity to speak, and we pay tribute to what has been done by states in this entire process. We welcome the advances in principles such as making a better, broader, and more peaceful cyberspace. However, things are still lacking to ensure a robust person-centered cybersecurity panorama. So, we would like to see more data, clear data looking- at the future so that we can include emerging technologies and new technologies, generative AI, so that we can be vigilant also in independent decision-making systems, although the draft does recognize quantum computing and generative AI. We feel that we need a specialized thematic group that can bring forward recommendations and look at technicalities based on evidence. Then we need a cross-cutting approach when it comes to human rights in the digital sphere. In the document, we have to respect human rights, that’s mentioned, but however, there’s a lack of practical measures to fulfill this. We have voluntary measures, as suggested over the last two weeks, applicable to AI and cyber technologies by states. Then when we look at the larger scale, we need governance, traceability, accountability, when it comes to decision-making operations for public decisions. This is linked also to products and services. Then fourthly, when we come to IHL in context of armed conflict in cyber space, we would suggest that the section here be strengthened with reference to possibility of enforcement, particularly in sensitive areas. We also underline how important it is to strengthen accountability mechanisms. When it comes here to a voluntary basis, it would be a good idea to provide basic behavioral indices per region and have voluntary national reports to increase confidence. And lastly, when it comes to the participation of stakeholders, stakeholders can make relevant contributions only if it’s possible to actually work in the field. The large support expressed in this group for capacity building cannot… forward without contributions from all sectors. Therefore, we support the joint cyber security paper submitted last week. Then lastly, when it comes to innovation and human dignity under legal provisions, we feel the speaker has been cut off.
Chair: Thank you very much, Academia Mexicana. Crest International, we have the next speaker.
Crest International: For your commitment to ensuring that stakeholders are heard by the OEWG, I speak for Crest International, a non-profit which builds trust in the digital world by raising standards in the cyber security industry. The recent Common Good Cyber and EU-ISS paper highlights multiple non-profit-led programs that are relevant to the zero draft initiatives. The practical experience and real-world results of such work uniquely position stakeholders to work with states. Crest therefore supports the joint civil society statement in calling for meaningful stakeholder engagement and the Canada-Chile-led paper’s proposal to overcome the single state veto and enable stakeholders to contribute to each agenda item. You invited us, Mr. Chair, to identify where we can work with states on the zero draft initiatives. Crest is specifically well-placed to contribute to global standards for supply chain security and the standardized curriculum for technical cyber capacity building. These are set out in paragraphs 34G and 51C. Crest brings 18 years of experience driving cyber resilience through the supply chain, developing standards for technical cyber security services and assessing providers against them. Crest also brings experience as a licensing and certifying body, setting standards for the cyber security workforce and developing and assessing professionals on behalf of governments and regulators. Crest’s syllabus defines the knowledge professionals require. Crest’s courses material is underpinned by a commercial model that supports capacity building. Crest’s certifications can be taken in 3,500 exam centers in 158 countries. Our standards enable capacity building. Australia, EBRD, and UK-sponsored Crest Camp programs have built service provider maturity in 14 countries, including Indonesia, Ghana, Kenya, Malaysia, Morocco, Thailand, and Vietnam, and supported training centers with trained a training course material. As we work together to build a safer digital world, internationally recognized and agreed upon standards must be preferable to variable national standards in guiding states due diligence, measuring verifying compliance and the norms upheld by the international community and in identifying gaps and measuring progress for capacity building. Together we can identify and recommend relevant tested standards as the basis for future international standards for future iterations of the checklist and as a confidence building measure. In conclusion, CREST supports the OEWG’s aspirations to drive international standards. We bring practical experience and capability to work with states and others to agree, negotiate and evolve standards and to develop standardized curriculum. We look forward to your continued collaboration with states and stakeholders within the future permanent mechanism. Thank you.
Chair: Thank you very much for your contribution. I give the floor now to Center for Humanitarian Dialogue.
Center for Humanitarian Dialogue: Thank you for giving me the floor, Mr. Chairman. The Center for Humanitarian Dialogue welcomes the opportunity to speak. It is among the numerous stakeholders who have issued a joint statement on stakeholder participation in the future permanent mechanism. On 11 January 2011, the UN General Assembly welcomed the work of a group of governmental experts on developments in the field of information and telecommunications in the context of international security. In their report, the experts, chaired by Russian Ambassador Andrei Krutsky, warned that existing and potential threats in the sphere of information security are among the most serious challenges of the 21st century. They developed a conceptual triangle to address these challenges. The corners of this triangle are agreeing the rules that govern state use of ICT, both binding international law and non-binding norms of responsible state behavior, building confidence that states will respect these rules and developing and capacities so that all states can behave in a rule-abiding and confidence-inspiring manner. For 15 years, these elements have been guiding the United Nations work on the issue, building a cumulative and evolving framework for responsible state behavior. Now, I am worried that the final OEWG report may depart from this successful approach. The draft before delegates and the proposed setup of the dedicated working groups represents a shift of focus away from the evolving nature of the threats, and it relegates to second rank the discussions on norms as well as on confidence-building. UN efforts have resulted in a substantial progress on the rules of state use of ICT. As the Secretary General wrote in 2023, the rule of law exists in the digital space The rule of law exists in the digital sphere just as it does in the physical world. This progress has been hard won, and it must serve as a baseline for all future multilateral work in this area. Many argue that the problem is not an absence of rules, but a lack of confidence that states will respect them. Rules are a manifestation of power. They are worth very little without confidence that the rules will enjoy respect. In the words of Russian Tsarina Catherine the Great, power without confidence is nothing. To escape the risk of reducing hard-won progress to nothing, an appropriate emphasis in the future permanent mechanism on confidence-building seems advisable. In support of such efforts, including in the dedicated thematic working groups, the Center for Humanitarian Dialogue would be happy to offer insights based on its concrete activities dedicated to ICT confidence-building.
Chair: Thank you very much for your contribution. The next speaker is Red on Defensa de los Derechos Digital.
Red on Defensa de los Derechos Digital: Gracias, Senor President. Thank you very much, sir. I’m Francia Preta-Santa Baldassa, and I represent R3D, the Network to Defend Digital Rights. We’re a Mexican organization to defend rights in the digital. scenario and we welcome the opportunity to speak here. In a world where states are constantly expanding the use of technologies in some local context such as ours, there are also more and more attributions going to authorities to exceed to gain and share data without any effective limits. All this gives rise to serious concern when it comes to real capacities of infrastructure to ensure the security of computer systems. We can think of the millions of people that are affected when there are cyber attacks or undue use of information obtained. The development, acquisition and use of digital systems by states in areas such as intelligence, public security, implementation of law, control of migrants and the provision of service, this can only deepen structural gaps, facilitate mass vigilance, exploitation of data, discrimination when it comes to the provision of public services. As is indicated in paragraph 17, 27 and others, the protection of critical information structures has to be addressed very seriously. Here, the standing mechanism from this working group and its thematic groups needs to incorporate a perspective of the global majority, in particular Latin America, when it comes to the inter-American system of human rights and the differing interpretations when it comes to freedom of expression and privacy. There are effects here when it comes to these on human rights in accordance with A and what is considered in the voluntary measures for taking steps here. It is important to ensure that the results of these discussions be taken to a regional and national context to ensure real, fair and effective implementation. So, we from R3D have subscribed to the joint statement on the modalities of participation of stakeholders in order, as is stated in paragraph 17a of annex 3, in order to ensure a systematic and sustained and substantive involvement of all interested stakeholders when it comes to the use and abuse of technologies. Thank you.
Chair: Thank you very much for your contribution. Alliance of NGOs on Crime Prevention and Criminal Justice. You have the floor, please.
Alliance of NGOs on Crime Prevention and Criminal Justice: Thank you, Chair. It’s a privilege to address you today on behalf of the Alliance of NGOs on Crime Prevention and Criminal Justice, an umbrella organization coordinating civil engagement with the crime and justice mandates of the United Nations. The Alliance has a leading role in supporting civil society participation in multilateral discussions. It has actively engaged in the negotiations of the United Nations Cybercrime Convention and the subsequent discussion on stakeholder participation in the Conference of States Parties. As delegations work towards the consensus adoption of the final report, it’s a critical time to show strong support for stakeholder participation to ensure that civil society, the private sector, and academia can meaningfully contribute to the future permanent mechanism on cybersecurity. Stakeholders have consistently demonstrated the value of their contributions over the two years of the first open-ended working group and more than four years of the second open-ended working group. We have seen more joint organization of side events on the margins on the substantive sessions, as well as state stakeholder cooperation and initiatives outside of the plenary. These actions show a strong commitment to responsible state behavior in cyber. cyber space. However, concerns remain about the openness and inclusiveness of the open and working group discussions. Many organizations have been vetoed and face concerns to participate in the substantive sessions. Should the final report maintain weak language on stakeholder modalities and the future permanent mechanism, it will further hinder their engagement. The advancement of responsible state behavior in cyber space will fall short of effectiveness, transparency, and inclusivity if done without the support of civil society. The plenary discussions also show a strong cross-regional support for stakeholders to have a voice in the regular institutional dialogue. We support a proposal led by Canada and Chile and a joint stakeholder position that states can object to specific applicants, but a vote will be requested in plenary to decide on the final accreditation. The future permanent mechanism is a unique opportunity to set the stage for long-term progress on international peace and security. To achieve its full potential, the agreement must not come at the expense of stakeholder participation. We remain committed to engaging throughout the session and supporting an outcome that ensures constructive stakeholder engagement. Thank you for your attention.
Chair: Thank you very much for your contribution. European Union Institute for Security Studies,
European Union Institute for Security Studies: please. Thank you, Chair, for giving me the floor. As the Open-Ended Working Group concludes its mandate, we must acknowledge that the decision taken in this final session will not only shape the final report, but determine whether a decade of international consensus building anchors its achievements or risks diluting them. One of the most decisive tests will be whether we treat capacity building as a silo or as a strategic lever across all pillars of responsible state behavior. In this regard, the language of capacity building in REV.1 remains too siloed. We believe that cyber capacity building should be stronger recognized as a cross-cutting enabler for norm implementation, confidence building and the operationalization of international law, and this should be more clearly reflected in the report Across Pillars. Chair, we urge that the final report emphasizes the cross-cutting foundation of capacity building by considering the following proposals. Reiterate explicitly the link between norm implementation and capacity building, embed capacity building in the language on CBMs as an enabler for responsible but also accountable state behavior. And finally, on international law, we should emphasize that capacity building has played a foundational role in advancing states’ understanding of how international law applies in cyberspace within the respective jurisdictions. Capacity building efforts must uphold human rights, promote equity and include a wide range of actors to ensure meaningful and inclusive participation. These principles must shape program design, monitoring and evaluation, not serve as a post hoc consideration. Chair, there is a second cross-cutting observation we must acknowledge in the context of this process in cyberspace, the essential value that stakeholders contribute. Their contribution is grounded in their diversity and complementary expertise, qualities that are often described as welcome, yet not always treated as such in practice. Stakeholder inclusion is not optional. Excluding stakeholders from future coordination efforts will weaken the legitimacy of the process, but also its outcomes. In these regards, we also express our full support for the working paper on practical modalities for stakeholders’ participation and accreditation of future UN mechanisms on cybersecurity, coordinated by Canada and Chile, and the joint stakeholder statement on the ZERO draft and the REV1 Annex III section on stakeholders’ modality in the future permanent mechanism. Chair, the open-ended working group cannot conclude. a report that treats the cross-cutting contribution of capacity building and stakeholder engagement in isolation. Both are essential to reflect the reality of the cyber domain’s multi-layered nature and shared ownership. I thank you for your attention.
Chair: Thank you very much for your contribution. Wright pilot, you have the floor please.
Wright pilot: Honorable Chair, distinguished delegates and stakeholders, my name is Abdullah bin Hussain and noting your recent exhortation to stakeholders to find partners so that voices from vulnerable areas and underrepresented communities are heard, I am pleased to deliver this statement on behalf of Right Pilot so a young Jordanian voice is heard in this august chamber. Mr. Chair, allow me to express our appreciation for your exceptional leadership and guidance throughout this process. Your patience and understanding have been instrumental in fostering an environment that accommodates diverse perspectives and inclusion. In keeping with your guidance and focusing discussions on ways in which the multi-stakeholder community can work together with states, Right Pilot is prepared to serve as a co-facilitator in support of civil society’s efforts to structure, organize, and report back to states in the future permanent mechanism. We welcome the statement made by Crest International that internationally recognized standards must be preferred over to varied international standards and hence of the need to recognize the harmonization of standards as a confidence building measure. The multi-dimensional use of standards in the zero draft report warrants greater understanding of the diverse frequencies in which standards intend to play as either a technology security issue or a matter of governance or a matter of capacity building enabler even as a component of international law with states being obliged to comply under the principle of due diligence. Following your guidance to engage as a network of advocates, RightPilot is pleased to align itself with Crest International in committing to work with others to reach understanding on how standards in cyberspace can enable and operate under international law. We welcome and support the Canada-Chile-led proposal to support the engagement of multi-stakeholder community, the joint civil society statement and its call for meaningful stakeholder engagement. The Women in Cybersecurity Middle East Group, WICSME, we urge the international community to recognize them as a common good cyber initiative and to continue to support the major achievements of women in cybersecurity fellowship programs as a crucial way to enable an underrepresented voices to speak and be listened to by states. We stand ready to support you in building a resilient cyberspace. Thank you, Mr. Chair.
Chair: Thank you very much for your contribution. Next speaker is Hitachi America.
Hitachi America: Thank you, Mr. Chair, for this dedicated stakeholder session towards the final stage of OEWG consensus. As a private company, we make efforts providing safe, secure, reliable civilian critical infrastructure, including energy, transportation, digital water, and data for people globally while applying positive innovations in AI, quantum and nuclear fusion. Today, let me touch upon REV1 draft final report. First, working together with the states, we can contribute updating threats such as negative use of AI and quantum and start applying norm checklist, including FGHIJ in different designated sectors by state and regions. As a provider of hardware, software, IOT for global supply chain in digitized CI, we can work with inclusive stakeholders, NGO, academia, states, under the auspices of UN, sharing the best practices, analyzing gaps for improvements under trust. These are the example of plenary or designated thematic group one. Second, we can contribute active participation in technical and legal in simulation scenario and gap analysis with country advisors. Lessons learned can be reflected to policy improvements while applying international laws such as charter, human rights, IHL. These are examples of DTG2. Third, capacity building is most we can contribute as a CICII provider including global round table, best practices such as security by design, zero trust, AI security and ethics, and quantum safe securities. These are related with also DTG3 and relevant to digital compacts and SDGs, indeed. Capacity building is CBM. In conclusion, we can participate practically working together with the states in permanent mechanism continuously, improving global CICII for peace, safety, security, resilience, addressing cross-cutting nature and gaps in data integrity of physical virtual in each.
Chair: Thank you very much for your contribution. Association for Cybersecurity. You have the floor, please.
Arab Association of Cybersecurity: Honorable Chair, distinguished delegates, esteemed colleagues and stakeholders, it’s a privilege to address this distinguished group today on behalf of the Arab Association of Cybersecurity. Allow me first to express our sincere appreciation to you, Mr. Chair, for your unwavering leadership and dedication to ensuring this process remains inclusive, transparent, and loose in dialogue. Your efforts continue to inspire confidence and trust amongst all participants. We welcome the Zero Draft 100 report as a thoughtful and well-balanced basis for further negotiation. We particularly commend the inclusiveness of this process, embodied in the seasonal meetings and consultations over the past four years. The road to consensus requires patience, openness, and a willingness to listen. Remain committed to contributing to this process in that spirit, seeking outcomes that reflect the collective wisdom of the entire international community. We fully support the global points of the current directory, which holds great promise of building cross-border trust cooperation. To raise its full potential, we encourage targeted capacity-building efforts, including language-based training and regional exchange, so that all states, regardless of maturity, can benefit equally. Regional institutions, such as the OIC CERT, offers valuable experience and insights. Indeed, we see great potential in strengthening linkages between such bodies and the UNL process. To foster greater cohesion and a more effective implementation of global norms. Mr. Chair, allow me to turn to my colleague. Thank you, Mr. Chair. We welcome the reaffirmation in the zero draft that existing international law applies to cyberspace, and we support continued dialogue in this area. Recognizing that dialogue alone is not enough, we must take practical steps to strengthen understanding and importantly, compliance. That is why we urge states to commit to the formalization of expert briefings that draw on the legal expertise, as well as technical knowledge of international and regional organizations and regional and national cybersecurity agencies. We also welcome the reference to women’s meaningful participation in international law. We welcome the reference to women’s meaningful participation. Here too, we see an opportunity to lead by example. by promoting gender parity in national delegations and ensuring that women cybersecurity leaders are actively involved in OEWG discussions and consultations. The Arab Association for Cybersecurity stands ready to contribute to regional capacity building efforts in close collaboration with international partners. Our initiatives include delivering cyber diplomacy trainings aligned with UN frameworks, fostering trilateral partnerships between the UN, Arab cybersecurity centers, and academia, and promoting hands-on workshops tailored to the needs of developing states in our region. We believe that capacity building is not only a technical role, but a powerful enabler for mutual trust and understanding. In closing, as the working group moves forward towards finalizing its final report, we reaffirm our commitment towards active and constructive participation. We stand ready to support a smooth transition toward the future permanent mechanism, which will carry forward the inclusive spirit that has defined this process. Thank you.
Chair: Thank you very much for your contribution. S. Roger Redlam, School of International Studies, Center of Excellence for National Security, on the floor, please.
Center of Excellence for National Security: Thank you, Chair, for the floor, and for all of your hard work in including stakeholders. We appreciate the references in the draft to the contributions that all interested parties and stakeholders can make to the future permanent mechanism. Now, building on paragraph 17K of NX3, we propose the following process to organize hybrid consultative meetings with all interested parties and stakeholders during the intersessional period, building on the practice of the previous OEWG and our regional experience in capacity building and confidence building measures as a think tank. I invite everyone to view our written statement, which is posted on the UN OEWG website, which also includes a graphical representation of our proposal. Point one, the chair of the future permanent mechanism or the thematic study groups can appoint a corresponding non-governmental track two counterpart to organize stakeholder study groups of all interested parties and stakeholders to support the respective dedicated thematic groups of states. Point two, each corresponding stakeholder study group can convene regional or cross-regional. or global meetings in hybrid modalities over the course of the year to enable wider participation, sustainability, equitable geographic representation, regardless of accreditation, visa status, time zone, or funding. These stakeholder study groups can gather relevant expert analysis, generate actionable ideas, foster dialogue, and develop non-political recommendations to the respective thematic groups. States or other interested organizations can fund the conduct of these study groups as a means of capacity building. States participating at the thematic groups can interact on track 1.5 level with the stakeholder study groups so that both technical experts and policy experts can have interactive dialogue as the combined contributions of both are essential. The outcomes of the stakeholder study groups can be presented as memoranda to the respective dedicated thematic groups of states. States can identify experts to brief them on the findings of the study groups following the precedent of the Global Roundtable on Capacity Building. Chair, this proposal does not contradict or detract from the existing modalities for the inclusion of all interested parties and stakeholders into the future permanent mechanism or for any proposals to amend the modalities. This is instead a proposal to complement the modalities to ensure stakeholder contributions remain meaningful, relevant, consultative, and non-political in nature. We draw on the precedent of CSCAP or Council for Security Cooperation in Asia Pacific, which is a non-governmental track 2 counterpart that carries out the same function in assisting the ASEAN Regional Forum, ARF, which is the official governmental forum for security dialogue. This multinational entity has experts participating from all ASEAN member states, Australia, Canada, China, Europe, India, Japan, Korea, Mongolia, New Zealand, Papua New Guinea, Russia, the U.S., and the Pacific states. Our center stands ready to support, host, or organize.
Chair: I give the floor now to Nuclear Age Peace Foundation.
Nuclear Age Peace Foundation: Chair, excellencies, distinguished colleagues, ladies and gentlemen. My name is Lydia Peavy and I am a youth activist with the Nuclear Age Peace Foundation and Reverse the Trend, NAPF’s youth initiative. I grew up in Singapore and proud to be a Singapore permanent resident and appreciate Singapore’s efforts in guiding the OEWG’s process. I would like to recognize that the OEWG has strengthened global norms and open space for more inclusive dialogue. Chair, I will focus my remarks on the importance of civil society and youth engagement in the OEWG’s process and particularly on the critical role that youth can and must play as we transition to a future permanent mechanism. The draft final report acknowledges that engagement with civil society, NGOs, academia, and youth has strengthened legitimacy, transparency, and effectiveness in the OEWG’s work. But we must go further. In paragraph 52M, the report encourages states to engage other interested parties, stakeholders, and youth in capacity building and training. This is critical. But we urge member states to treat youth not just as recipients of training but as co-creators of policy. Youth engagement brings community insight and an understanding of how technologies are used, abused, and experienced firsthand. Civil society is not just a supporting actor in global cybersecurity governance but comprises implementers, technical experts, educators, and especially in the case of youth, digital natives who understand how these technologies function and how they affect our societies. The report’s recognition of the need for diverse and sustained engagement must be backed by practical steps, including regular consultations, technical cooperation, inclusive cyber capacity building, and clear pathways for stakeholder input in norm development. We are highly concerned about attempts to backtrack and limit the role of stakeholders. Chair, our generation will live with the consequences of today’s decisions on digital security and governance, whether it’s AI-enabled conflict, the misuse of cyber tools. civilians or governmental actors or attacks on critical infrastructure. The risks are real and youth engagement is crucial in shaping responses. The OEWG has laid a strong foundation, but the future permanent mechanism must go farther in embedding civil society, especially youth, as partners in this space. Finally, as someone who grew up in Singapore and now works with young peacebuilders from around the world, I’ve seen what happens when youth are given the tools and the trust to lead. The future of ICTs depends on us. Let’s build that future together. Thank you.
Chair: Thank you very much for your contribution. I give the floor now to Youth for Privacy.
Youth for Privacy: Thank you, Chair, for giving me the floor. My name is J1 Choi and I am speaking on behalf of Youth for Privacy and the DMUN Foundation. I’m also a 16 year old young person representing the marginalized voices of children in this process. Chair, as we go through the final session of the Working Group, we commend the recognition of several cross-cutting issues and would like to offer our three reflections. First, we demand an open and inclusive future mechanism. As the draft report highlights, the Working Group engaged stakeholders in a systemic and sustained and substantive manner. We believe that this model of inclusive dialogue must continue further. In particular, the sustained interest of civil society organizations and other stakeholders throughout the sessions is the living evidence for the value of our contributions. Meaningful progress requires diverse voices. Second, we call for semantic flexibility in the works of the permanent mechanism. We strongly support the idea that the future mechanism should be integrated, policy oriented and cross-cutting. We also stress that semantic structures must remain adaptable to quickly address emerging risks and new technologies. Finally, and most importantly, use engagement is never optional, it’s inalienable and is part of our fundamental rights. While the final report affirms the importance of the participation of certain stakeholders, we note a concerning and relative silence regarding the role of children and youth. As previously stated, children and youth possess relevant lived experience that brings valuable contributions to the working group and the permanent mechanism. Hence, we urgently demand that children and youth become systemically embedded into the permanent mechanism as valid stakeholders. Distinguished colleagues, Mr. Chair, the success of the permanent mechanism will rely on the openness, agility, and commitment to inclusive stakeholder participation. We, as children and youth of the world, will not allow ourselves to be pushed out to the sidelines in this process. I thank you.
Chair: Thank you very much, Youth for Privacy, for your contribution. I give the floor now to Fundación Karisma. Señor Presidente.
Fundación Karisma: Mr. Chairman, I should like to thank you for your work at the head of this working group and also for giving us the opportunity to take part in today’s discussion. I belong to Fundación Carisma, it’s a Colombian organization working for the promotion of digital rights. We have a digital security laboratory and we look at privacy for civil society. We would like to emphasize the need to redouble endeavors when it comes to discussions and capacities from the OEWG so that they be implemented at a local level too by participating states. We know that some governments, such as the Colombian government, are making real steps forward to improve their policies and protocols and capacities regarding cyber security. An example is the attempt to update national legislation to create new… cyber security bodies, the effective inclusion of human rights in new legislation and strengthening human and technical capacity to respond to cyber attacks. However, from a charisma’s point of view, we believe that we need to take our discussions further with this. Yet, there’s been no consensus when it comes to the regulation of technology for military use identification of vulnerability and capacity building in cyber security in a non-centralized fashion. There are still very important barriers here at a national level. We believe that this process is a complex one and requires multisectoral work, time and resources. And therefore, we would like to emphasize the call that states continue with regard to local implementation. We believe that a standing dialogue mechanism should provide an opportunity for states to present regular reviews on progress in cyber security so that the many stakeholders can also make recommendations and reports in the thematic groups and plenaries. The alienation nationally from the purposes of this or the alignment rather from the purposes of this group nationally will include transparency and contribute to the construction of confidence amongst the various parties. Thank you.
Chair: Thank you very much for that charisma for contribution. I give the floor now to First Incorporated.
First ORG. INC: Thank you, Chair. And good morning, Excellencies, distinguished delegates, fellow stakeholders. First, the Forum of Incident Response and Security Teams is just that, a forum, a platform and community of incident response practitioners and teams from around the world. We have over 800 members from 113 economies, including national teams, some of whom are here today, as well as teams from government, the private sector, academia, civil society and more. We are practitioner and practice driven. Together with the wider community, we come together to build trust, share information and find ways to do incident response better. Nearly every aspect of the OEWG discussions involve or impact incident response, and we have direct operational experience on many of the matters discussed throughout the process. We hope to share what works in our community to help improve outcomes for everyone. CERTs are central in responding to existing and potential threats, actioning norms, and acting as key actors in competence-building measures. Driven by peer-to-peer sharing and community building, we also have practical experience in capacity building. This includes supporting the establishment of new teams, facilitating CERT-to-CERT cooperation, and delivering formal and informal mentorship—measures highlighted in paragraphs 32, 52D, Annex 1, and elsewhere in the draft report. FIRST welcomes the recognition of the importance of capacity building and echo the need to deliver efforts in a way that is tailored to local context in Section F of the draft. In our experience, the most effective efforts take an ecosystem-wide approach, leverage proactive engagement with stakeholders, are operationally driven, and focus on long-term formal and informal collaboration and community building. With this in mind, we encourage any efforts to action Recommendations 54 to 57 to not duplicate what already exists. Many of the most impactful capacity-building initiatives are driven by operational communities that work behind the scenes and are, unfortunately, under-resourced. Duplication diverts resources further away from delivering action and collectively dilutes utility. Supporting communities and platforms that already exist, like the GFCE, CBLPORTAL, FIRST, and others, as highlighted in the Common Good Cyber Nonprofit Contributions to Cybersecurity Report, build on what already works, expanding rather than replicating impact, and allowing further investment to be directed toward efforts that deliver concrete action. FIRST is here as a resource with expertise to share from the incident response community. This includes developing collaborative, bottom-up standards, like the Traffic Light Protocol, the Non-Vulnerability Scoring System, and the First Point of Contact Directory. These technical standards could offer a starting point to help put OEWG discussions, like on the POC Directory, into action. We are also proud to have worked with the Women in International Security and Cyberspace WIC Fellowship to deliver a series of Toastville tabletop exercises to build awareness of how instant response works in practice and bridge technical and diplomatic perspectives. These type of meaningful contributions require more robust stakeholder modalities than captured in the current draft. We endorse the joint stakeholder statement signed by 24 partners.
Chair: Thank you very much for your contribution. Global Cyber Alliance, you’re next.
Global Cyber Alliance: Chair, Excellencies, Distinguished Delegates, I’m Chris Painter, Strategic Advisor for the Global Cyber Alliance. GCA is a not-for-profit which works internationally to improve the internet and help people and organizations be more secure online. We thank the Chair for his inclusive approach, and we welcome the emphasis on practical capacity building as a core element of cyber stability. However, we’re still concerned that several proposed initiatives in the draft risk duplicating existing and ineffective mechanisms. Here are four examples. The draft calls for a new global ICT security cooperation and capacity building portal risk duplicating existing platforms such as the GFC’s civil portal and the UNIDIR’s cyber policy portal, both of which already catalog projects and connect donors with implementers. The creation of a UN-managed sponsorship program would divert from successful initiatives such as the Women in Cyber Fellowship Program or the France-Irish Sponsorship Program for small islands and developing states. Member states should consider the UN’s additional overhead and costs and decide whether they want less beneficiaries for more money. The proposal for standardized training and curriculum at a UN Cyber Resilience Academy risk duplicating the UNIDIR Academy and decades of work by civil society organizations such as FIRST, which has trained national CSIRTs with technical hands-on training, tailored, unprecedented, and deployed in more than 70 countries, or CREST, working with regulators in building standards and certifications for critical infrastructure protection. Future discussions on the new UN Voluntary Fund should consider the serious risk of the reverting funds from existing funding streams, like the World Bank Cybersecurity Multi-Dollar Trust Fund, and public-private partnerships, like Common Good Cyber Fund, which was recently launched to support non-profit work protecting vulnerable civil society and digital infrastructure. If established, and a UN voluntary fund, should be limited to helping states participate in UN meetings and activity. These existing efforts are not theoretical. They are functioning, field-tested, and responsive to national priorities, creating new structures in a state-only context, and without integrating stakeholders, risk duplication, confusion, and inefficiency. The recent Common Good Cyber report, Nonprofit Contributions to Cybersecurity, commissioned by the EU Institute for Security Studies and funded by Global Gateway, documents 334 non-profit-led initiatives, but it also highlights ongoing challenges, such as lack of funding, limited policy access, and weak coordination with multilateral bodies. We need to scale what works, not replace it. For this reason, we very much support the statement, the joint civil society statement, our meaningful involvement by stakeholders, which still is not reflected in the current draft. And we make a couple of recommendations in that regard. One, assess before you build. Include a commitment for annual mapping exercises in the first report to identify partnerships and existing stakeholders and how they can be integrated. And two, enhance the stakeholder accreditation and participation. To be fully inclusive and participant, it has to be better than a single state veto, which is.
Chair: Thank you very much for your contribution. I give the floor now to women in cybersecurity Middle East.
Women in cybersecurity Middle East: Chair, esteemed members, states, and colleagues. I speak today as the chairperson of Women’s Cybersecurity Middle East, Wixmi, a movement born from our region’s legacy of resilience, collective will, and they believe that cybersecurity is not merely a technical domain. It is a human responsibility. Starting with a verse from our holy Quran that reflects the spirit of our OEWG journey. Indeed, Allah will not change the condition of people until they change what’s within themselves. This reminds us that the transformation begins from within. And today, as we all share the higher purpose of guarding our digital realm, it is our collective resolve that can take this OIWG from experience to activation. Women are nation builders, and our Islamic and Arabic culture has proudly empowered women over the 1,400 years, cultivating a supporting environment that continues to produce impactive female role models across the various fields. A powerful recent example of resilience was demonstrated by the Palestinian women in Gaza. Their remarkable strength and iron grit resonated globally, reminding everyone of the enduring spirit of our region. Today, Wixmi continues that legacy, uniting over 3,000 women across 22 Arab countries to strengthen cyber capacity, elevate women’s voices, and deliver sustainable impact. Wixmi is not just a network. It is a global strategic blueprint for building inclusive digital future. Examples of that are launching CyberShe, the regional capacity building program with national KPIs alignment, aiming to train up to 1,500 skilled female cyber talents across the region in three years, with the first cohort launched from Kuwait. In partnership with ITU, Wixmi participants from one-third of the global cohort in the Women’s Cyber Mentorship Program, Arabic content and collage support were introduced for the first time, serving as a global hub by connecting more than 18 women’s cyber groups worldwide to support and amplify impact. These are not just milestones of representation. They are models of regional ownership, strategic execution, and sustained impact. As we approach the finalization of our OWGE work, we respectfully propose acknowledging Wixmi and CyberShe as global blueprints for gender-responsive capacity building, utilizing civil society as force multipliers and operational partners, and establishing inclusive payment mechanisms for their stakeholders. Wixmi’s journey is a story of our region’s culture-guided resilience-built and impact-driven. Let us carry this spirit forward, not as parallel voices. but as partners in progress and be keen to cooperate in righteousness and pity as widely advised in our Holy Quran. It is when empowerment needs righteousness, guided by a shared higher purpose, we build not only safer digital ecosystem but stronger more compassionate nations. Thank you, Chair.
Chair: Thank you very much for your contribution. Global Partners Digital, you have the floor, please.
Global Partners Digital: Thank you, Chair, for the opportunity to speak on behalf of Global Partners Digital. We’re a human rights organization focusing on the governance of digital technologies and thank you for your efforts to substantively engage stakeholders over the past years and to all of the states who listened to your encouragement to be here for this stakeholder session. Discussions around major cyber incidents often revolve around the technical, financial, legal and intergovernmental consequences. However, this group has also unpacked the human impacts of cyber incidents, including at a breakfast meeting hosted by Global Partners Digital alongside the Freedom Online Coalition, Kingdom of the Netherlands and the Government of Ghana at the group’s tenth session. This event explored how major incidents, and specifically ransomware, have cascading impacts, including on human rights and gender equality. This requires balancing technical measures with a rights-respecting, human-centric framework fostered by multi-stakeholder collaboration. Discussions on the human impact of cyber incidents could be better reflected in the group’s final APR to provide a clearer starting point for the future mechanism to build on progress made during the OEWG. In addition, greater detail on international humanitarian law would be useful. While recent APRs reaffirmed that IHL applies to cyber operations during armed conflict, they stopped short of reflecting obligations such as feasible precautions in hostilities. We appreciate Mexico’s intervention yesterday on the need for the APR to include more concrete measures related to IHL. We were also glad to hear so many delegations mention the updated paper on practical modalities for stakeholders participation supported by 42 states. This paper encourages NGOs to foster the diversity of stakeholder participation. This is something that GPD has been doing over the years at the OEWG. Through the support of our funders we have consistently funded and supported civil society from the global majority to engage in international cyber discussions and supported their work to translate the global norms to their regional and local contexts through rights respecting approaches. Without including these voices discussions in the future mechanism risk missing on-the-ground realities and proposals risk being impractical or inappropriate for many contexts. We fully support and endorse the joint statement by a group of 24 stakeholders. A few printed copies are available by the door as well as online. We need modalities that allow stakeholder participation to go beyond symbolic consultation for us to be able to effectively support the work of states in the permanent mechanism. Thank you for this opportunity to share our views.
Chair: Thank you very much for contribution. The last speaker is Stiftung Wissenschaft und Politik. You have the floor please.
Stiftung Wissenschaft und Politik: Mr. Chair, I’m affiliated with the German Institute for International and Security Affairs or Stiftung Wissenschaft und Politik in German. We’re a think-tank. I strongly support the joint stakeholder statement on stakeholder modalities in the future permanent mechanism. The statement is an example of cross-regional coordination among stakeholders as encouraged by you Mr. Chair. It provides action oriented proposals for ensuring meaningful stakeholder contributions to the future permanent mechanism. To quote from the statement, ensuring meaningful stakeholder participation is primarily for the benefit of UN member states. Also against the backdrop of limited resources and expertise. Researchers like me have continuously provided evidence-based scientific expertise that is directly relevant to the OUWG discussions. I encourage states to make use of this opportunity by elaborating modalities that allow for substantive stakeholder participation. Finally, as an affiliate of an organization with ECOSOC consultative status, I wish to acknowledge the longstanding practice that the participation of such organizations which have undergone a rigorous application process is a cornerstone of stakeholder participation in UN processes. Mr. Chair, I would also like to address the issue of action-oriented, dedicated thematic groups of the Future Permanent Mechanism. Faced with the question of how to design these groups, I advocate for a cross-cutting approach that addresses specific issues across all pillars of the framework. One concrete example showcasing the benefit of this cross-cutting approach is the issue of software supply chain security, which several delegations have raised during the sessions. I suggest that one of the dedicated thematic groups to be established tackle this cross-cutting issue as one of its agenda items. Software supply chain security remains a difficult problem as insecure software products and components and lacking security practices of suppliers and service providers are the root cause of many cybersecurity incidents around the world. It is also a matter for norms implementation, as norm I spells out an obligation for states to take action to strengthen software supply chain security. While this norm to date lacks broad implementation, stakeholders have made meaningful action-oriented suggestions on which policy actions such implementation could entail. Finally, the topic also has implications for international law and capacity building. In such discussions, stakeholders hold crucial expertise and can support states in advancing the debate towards concrete results. This example underscores that stakeholders need to have a voice, particularly in the dedicated thematic groups. Thank you, Mr. Chair.
Chair: Thank you very much for your contribution. Dear friends, that was the last speaker on the list of stakeholders, and I want to take this opportunity to thank all of them, all the stakeholders who spoke this morning, for their very well-prepared, thoughtful contributions. We heard several suggestions and ideas, and I hope that member states have listened carefully and taken note of these ideas and suggestions. My thanks also to the stakeholders for having been engaged in this process over the last few years. Some of you have been in this process from the beginning, others have joined recently. Your organizations have been engaged consistently, and I thank you for that. I’d like to suggest and request that the stakeholder community who are represented here in this room become advocates for this process, become ambassadors for this process, as we make the smooth and seamless transition to the Future Permanent Mechanism. You are familiar with the work and discussions here, you are familiar also with the challenges that we are dealing with, the diversity of views, the deep differences also in positions, but also you are familiar with the progress we have made, the convergence that has emerged on a range of issues, and the work that remains to be done. So be empowered to become advocates and ambassadors as we make the transition to the Future Permanent Mechanism. The other thing that I want to say is that the group here is, of course, a diverse group, and the group here present in the room is a function of the modalities that we have. That has been the decision, but it is my hope that we can, in the Future Permanent Mechanism, continue to grow this group, expand the circle of participants, but at the same time expand the diversity of representatives, so that we have representatives from different parts of the world, so that we have representatives from different sectors. segments of the population. The youth, for example, it’s very heartening to see youth representatives who have taken their time away from their studies to be engaged in this process. I find that very heartening and hopeful for the future permanent mechanism. So we need to do better in terms of expanding the circle of participation and also improving the diversity of representatives who will be able to participate in the future permanent mechanism. Now I have also taken note of the joint stakeholder statement on modalities. This of course, as all of you know, is one of the most challenging issues that we have faced in this process right from the beginning and it is with us even as we near the end of our work. We’ll need to find an equilibrium that is possible within this process, but my message to the stakeholders and also to member states is this. The modalities are important and it is important to have as inclusive a modality as possible. But if we are not able to arrive at perfect modalities, then we have to find other ways to continue to widen the circle of participation and enhance the diversity of representatives. For example, the modalities that we have for stakeholder participation does not prevent any member state or anyone else from convening side events. or Track 1.5 or Track 2 events, and I think there have been some ideas in that regard. So I’d like all of you to think about it. We have, within this process, under the previous OEWG, we have been able to convene stakeholders for a dialogue here at the UN. So that option and those kinds of possibilities are still open to us, regardless of what modalities we arrive at. So I’d like all of you to think very creatively in terms of how we can continue to expand and widen the circle of stakeholder participation. So these are some thoughts that I have, and my thanks once again to the stakeholders. Please stay engaged, please stay in touch, please also wish us luck as we continue our work over the next few days to cross the finish line. And of course, please share your statements in writing with us and with my office, so that we’ll put it on the website. I think the views of the stakeholders are an important record and a checking mechanism to what Member States are saying. It’s an alternative point of view, and it’s really important that we hear them and reflect on them. So thank you very much once again to everyone. Now Distinguished Delegates, we’ll now, as I said earlier, or rather yesterday, we have about one hour and 40 minutes. I have about 30 delegations, in fact 30. five delegations which have asked to speak. So I have to do what I wasn’t planning to do, which is to put a three-minute time limit and a microphone cutoff. Don’t look at this as the chair being nasty and mean, trying to muzzle you, but look at it as us collectively sharing a limited resource, which is time. And I encourage delegations to stay within the time limit, and I will, well, we’ll have to be fair to all delegations. One option is to let you speak, and then we’ll have to adjourn at 1 p.m., but that will not be fair to delegations which are not able to speak. There’s no easy way out, but I think I’d like to give everyone an equal opportunity, so that we collectively share the limited resource of an available time, and that collective sense of sharing that limited resource in itself is what this exercise has always been about, about creating a community, creating understanding, and listening to each other as well, listening to everyone, so that we give everyone a chance. So with those remarks, I will now open the floor, not open the floor, I mean, rather I will go to the list of speakers that we had left from yesterday morning, which starts with El Salvador and Switzerland. Now, as your name is announced, some of you have also indicated to the Secretary that you would like to withdraw your request for the floor. That is appreciated as a way of saving time. As you are given the floor, if you would like to withdraw your request for the floor, that will also be noted, but if you would like to make your intervention, then we will allocate three minutes to your delegation and to all delegations. So, El Salvador to be followed by Switzerland, and the speakers list yesterday was from sections A to F, but if you choose to address also the section on RID by all means. And then I also have some remaining speakers from yesterday afternoon on the RID section, about six speakers. So all in all, we have about 30 speakers, about 35 speakers. So let’s listen to everyone this morning. El Salvador to be followed by Switzerland.
El Salvador: Thank you very much, Mr. Chairman. Looking at the remaining sections of the panel report, our comments will be very brief. Regarding norms, rules and principles of responsible behavior, we welcome the redrafting of paragraph 34C by eliminating the reference to non-state actors, which we believe consistent with the applicability of the framework for responsible behavior. We also welcome the rewording of paragraph 34E and the addition of 34N, which recognize the voluntary nature of these norms and how they are complementary with international law. When it comes to international law, as many delegations have stated when they took the floor before me, we believe that this section does not fully reflect the tenor of the discussions over the last few years and would be better if there were more progressive language. In particular, we regret the deletion in new paragraph of 46 of an important reference as to how these references by operations using ICT can mean use of force when comparable with traditional means. Indeed, the previous language of 42B was more accurate, particularly regarding future areas for discussion, such as obligations on territorial integrity, the importance of life and the protection of critical infrastructure and data under international law. Lastly, we regret that there is no inclusion of any significant reference to the implementation of IHL in cyberspace, in particular here regarding the limitation of cyber operations in context of armed conflict, the protection of critical infrastructure against cyber attacks, and also the implementation of IHL doesn’t legitimate cyberspace as an area for conflict. When it comes to confidence, CBM, we like the new wording in the new paragraph 46F when it comes to implementation of J, the provision on responsibilities, and also recommendation 58, looking at the capacity building aligned with the needs of developing countries and their priorities, respecting their national sovereignty and approval there. As many countries have said, it is vital to retain focus on a national capacity in this final report. This is not just a priority for developing countries. It is essential for the digital ecosystem. We would like to say that we support this capacity building initiative as suggested and the sponsorship program looking at experts being used in capitals. The speaker is interrupted.
Chair: Thank you very much, El Salvador, for your contribution to send us your statement. Switzerland has asked for the floor to be followed by Paraguay.
Switzerland: Thank you, Chair, for giving us the floor again. We initially wanted to comment on Chapter C, D, E, and F. However, in the interest of time, I will focus on international law and we will send our full statement to the Secretariat. However, we strongly regret this unequal treatment and the cutoff. On international law, we would first of all like to congratulate Thailand and the Republic of Korea on the publication of their national positions. on the application of international law in cyberspace and New Zealand on their updated position. Over the last five years, many states and regional organizations published their national positions on how international law applies. They are an invaluable source of clarifying the law, and they draw a clear picture. Cyberspace is not a lawless space, neither in peacetime nor during armed conflicts. Indeed, discussions on international law, particularly IHL, have developed substantially over the past five years. As numerous previous speakers have mentioned, this is particularly evident in the many contributions to the debate, especially across regional working papers, but also in the publication of many national and regional positions on the application of international law. However, this progress is not yet adequately reflected. Chair, we think that you have a unique opportunity to reflect the rich discussions that took place, and we trust you that you will try to do so in REV2 and give the text the necessary balance, as this is not the case yet. Therefore, now in detail to chapter D. In PARA 40C, the sentence, start quote, an ICT operation may constitute the use of force when its scale and effects are comparable to non-ICT operations, rising to the level of a use of force, end quote, has been deleted at the end. It needs to be reinstated as requested by Brazil, the UK, and many others. With regards to PARA 41, we welcome the mention of state responsibility, due diligence, and international humanitarian law in the list of topics. However, international human rights law should also be included here, as this was discussed and raised by numerous delegations, as well as the cross-regional paper on areas of convergence. We support the good proposition by Poland. We welcome the mentioning of the two cross-regional working papers on IHL and on areas of convergence. What we can’t understand is why PARA 41 refers to the document A-77-984, as this is not a contribution to the substantive discussions of the concrete application of international law in cyberspace, but a proposal on a convention. This reference needs to be deleted. The phrase and the possibility of. additionally legally binding obligations has nothing to do with the application of existing international law in cyberspace, we propose to delete it. We welcome the positions of the AU and the European Union that are mentioned. The same applies to the resolution of the 34th International Conference. However, since the resolution represents a consensus outcome, we believe it merits a separate paragraph. We support the proposal made by the Netherlands, propose adding substantive language on IHL from OP4 of the resolution. More generally on IHL, I would like to refer to the joint statement by the co-chairs of the ICT work stream on.
Chair: Thank you very much, Switzerland, and thank you for your understanding as well. Paraguay to be followed by Mauritius.
Paraguay: See, the law went up. Yes, thank you. Good morning, sir. I think looking at what was said yesterday, we still have outstanding the applicability of international law to cyberspace, and in particular, the charter of the UN, which has clear principles and purposes when it comes to sovereign equality of states and when it comes to maintaining peace and security in the international arena and supporting friendly relations amongst nations. This is especially referred to in the preamble to the Vienna Convention on Diplomatic Relations. Thank you.
Chair: Thank you very much, Paraguay. Mauritius to be followed by South Africa.
Mauritius: Thank you for giving me the floor, Chair. The Mauritian delegation would like to reflect on agenda items C, D, E, and F. In the interest of time and taking into consideration the Chair’s guidance, we will limit our intervention to the most salient points. In line with paragraph 34B on rules, norms, and principles of responsible state behavior, we emphasize the importance of a whole-of-government approach. implementation of norms. We also wish to highlight that regional organizations can play a critical role in supporting and complementing national implementation efforts. Therefore we propose that the language be strengthened to read states emphasize the importance of whole of government coordination in the national implementation of voluntary non-binding norms of responsible state behavior and in raising awareness of these norms across all relevant sectors. In this context states recognize that regional organizations can serve as vital partners in facilitating the implementation process particularly by supporting capacity building efforts promoting regional cooperation and addressing shared challenges stemming from technical gaps diverse legal systems and regional specificities. We further believe that since paragraph 34 B and K are interrelated it could be beneficial to integrate the content of the two paragraphs into a single cohesive paragraph keeping the essence of global regional and national aspects. Moving on to paragraph 34 F we affirm that the designation of CI and CII remains a sovereign prerogative and we support the development of national risk assessments training programs and frameworks to ensure their protection and we believe that for an effective CI or CII framework implementation the first step is the identification of critical services and owners and this is often a challenging task for many developing states. We therefore recommend that the comprehensive guideline on the identification of CII be developed as part of the activities of the future permanent mechanism. Now with regards to confidence building measures we express our full support for the global POC directory and to ensure meaningful and inclusive participation we encourage efforts to support POCs from developing countries to participate in in person and call for comprehensive capacity building support to empower all states to actively engage with the directory. Now coming to capacity building, we express support for new initiatives such as the proposed digital tool for norms implementation and the UN Cyber Resilience Academy under UNIDEA. We believe that these tools can provide practical support and long-term resources for states, especially those with limited capacities. I thank you,
Chair: Chair. Thank you, Mauritius. South Africa to be followed by Australia.
South Africa: Thank you, Chair. The South African delegation agrees with the sections on norms and international law as drafted and we wish to make a brief remark on the norms section. Paragraph 34E in the norms section clearly outlines the purpose of common templates for requesting assistance and responding to requests. Therefore, we propose renaming annexure 2 to better reflect this purpose. Specifically, we suggest changing the title to templates for requests for assistance instead of template for communication. We consider this the common template an essential tool for both requesting assistance and responding to requests which can be implemented on a voluntary basis. We appreciate the recognition in subparagraph 34M of the value of developing targeted ICT security capacity building programs to address implementation challenges and capacity gaps. Paragraph 34P and Q accurately reflect the group’s discussions over the past four and a half years and we support their attention. South Africa also support the inclusion of annex 1, the voluntary checklist of implementation. Turning to section E and F, South Africa supports the sections on confidence building measures and capacity building as drafted with a minor proposal on paragraph 46B to delete part of the sentence after footnote. 67. That is the sentence starting with noting also that the principles of the POC directory as encapsulated in annex A of the second APR should be retained until the POC is fully operational without burdening the directory with additional responsibilities. Thank you, Chair.
Chair: Thank you, South Africa. Australia to be followed by Republic of Korea.
Australia: Thank you, Chair. I’m taking the floor on items E and F. Australia aligns itself with the Pacific Islands Forum Statement and makes the following remarks in its national capacity. On confidence building measures, we welcome many of the amendments that have been made in Rev 1. On paragraph 46E and 50, we suggest the template for communications be retitled voluntary template for communications to underscore this point and be consistent with the voluntary checklist of practical actions. On paragraph 45L, we do not consider it appropriate to include a reference to one CBM proposal made by a single state which has not been thoroughly discussed or widely supported and strongly recommend deleting it. On capacity building which is foundational to developing the capabilities necessary to increase state cyber security and resilience and implementing the framework for responsible state behavior in cyberspace. We must also be conscious of the context of UN80 and we need capacity building that is cost efficient, leverages existing resources and avoids duplication. On paragraph 54, while Australia supports the objectives of the global roundtable, it is unclear how they would interact with capacity building discussions in the plenary or dedicated thematic groups, when they would be scheduled or how they would be funded. We therefore support France’s updated proposal to convene the global roundtable under DTG1 on resilience. We also support Brazil’s suggestion to delete high level to give more flexibility on the format and level of participation. On paragraph 56, in principle Australia supports a sponsorship program funded by voluntary contributions to assist LDC’s, LLDC’s and SIDS participation and to encourage the full equal and meaningful participation of women in future permanent mechanism meetings. In practice Australia is a proud sponsor of the Women in International Security and Cyberspace Fellowship which has supported over 120 women from 55 countries to participate in the OEWG and is considered best practiced and cost-efficient. We strongly support retaining reference to it in paragraph 52 M. We also note the French, Irish and Singaporean sponsorship programs. On paragraph 57 agreeing to continue discussions on a UN voluntary fund is already covered under paragraph 53. It is premature to prescribe the direction of discussions especially in the context of major fiscal constraints and many alternative funding instruments available. Thank you chair.
Chair: Thank you Australia. Republic of Korea to be followed by Latvia.
Republic of Korea: Thank you chair I’m taking the floor to speak on CBM and capacity building. Chair on CBM we align ourselves with the statement by the representative of Ghana yesterday and we believe that the purpose of CBM is to reduce misunderstanding, enhance predictability and prevent the escalation of conflicts. In this regard we would like to underscore the critical role of information sharing through the global point of contact network. For the POC network to function effectively as a CBM it is crucial to ensure a broad participation by member states. In this regard we welcome paragraph 46 E which encourages the flexible and voluntary use of the POC template developed by the secretariat. Chair in line with the CBM 5 and 6 Republic of Korea has been hosting the world emerging security forum since 2021. At the fourth forum held last December, we brought together a wide range of stakeholders including government officials, private sector experts, academia, and civil society to discuss key issues including AI governance, the risks associated with the AIWMD nexus, and international cooperation in response to cyber threats. This year we’re pleased to announce that the fifth world emerging security forum will be held on September 8th in Seoul under the theme the evolution of a hybrid threats and international security. We sincerely hope to see active participation and interest from fellow member states. On capacity building, chair, while we welcome international support for a capacity building, we believe that the most important factor for its success is establishing a structure that’s both realistic and implementable. In this regard, we are somewhat concerned that the current draft report proposes rather excessive number of new initiatives. While well-intentioned, this may actually reduce the effectiveness and efficiency of implementation. Creating a new fund or a program does not automatically result in funding or a follow-through. It is essential to assess overlaps with existing system and explore ways to align and streamline to ensure concrete implementation. In this regard, we do not see the necessity of paragraph 52J. I’ll stop here. Thank you.
Chair: Thank you, ROK. Latvia to be followed by Cuba.
Latvia: Thank you, chair. I will make two short statements, national and joint. Nationally, Latvia aligns itself with the statement by the European Union, and I would like to stress that my delegation fully supports establishment of cross-cutting, action-oriented thematic groups. We share your view that decisions on the group should not be postponed. We believe that compromise proposal by France to establish groups drawing on existing formulations from Revision 1 is the right way to go. In line with the proposal, the groups to, A, increase the resilience and ICT security of states. Second, to enhance concrete actions and cooperative measures to address threats and to promote an open, secure, stable, accessible and peaceful ICTs, and third, to promote maintaining peace, security, and stability in ICT environment would provide the future mechanism with the action-oriented tools it requires. It would enable issue-based approach drawing on all pillars of the framework. Chair, now I would like to switch to a joint statement on behalf of Vietnam and Latvia concerning the specific element in the capacity building section. We welcome the PARA 52I which refers to establishment of a UN Cyber Resilience Academy within UNIDIR as proposed by Latvia together with Vietnam and supported by many other member states including today. That said, we regret that the proposal has not found a place in the recommendation part of the report which would envisage a clear way forward to its implementation. There is a clear demand for capacity building in the future permanent mechanism. The report in its current form has identified the issues and proposed a roadmap for the way forward. However, we believe that the implementation modality is still missing. The UN Cyber Resilience Academy within UNIDIR is meant exactly to be this implementation mechanism. Therefore, we would still call on you for adding a sentence in the recommendation part of the capacity building section that reads, decides to establish a Cyber Resilience Academy hosted within UNIDIR supported by voluntary contributions to conduct the research and capacity building activities on cyber security and resilience issues under the auspices of the Academy. With this, I thank you, Ms. Chair, and wish you all the luck you need to conclude these negotiations in a positive manner.
Cuba: on confidence building measures, we would like to emphasize our support for retaining the reference in paragraph 46L to the new measure proposed in the OEWG on the facilitation of access of all states to the market of security goods and services for ICTs. When it comes to the section on capacity building, we want once again to say how important this is in order to eliminate the deep and increasingly growing digital divide affecting developing countries. We support that language remain robust here with the specific proposals that are reflected in the current section F. Diluting, rendering conditional or limiting capacity building would only be against a global response that could really counter the threats looming in security and the use of ICTs. Budgetary constraints and the UN, essentially because of the denial of the major contributor, cannot be used as a pretext when it comes to addressing the needs of developing countries. Thank you.
Chair: Thank you. Tunisia to be followed by the Kingdom of the Netherlands.
Tunisia: Thank you, Mr. Chairman, for giving me the floor. The Arab group would like to refer to the intervention that called for deleting 52A and I, which relates to supporting the implementation of rules and norms under the pretext that this initiative was not addressed in previous discussions, Mr. Chairman, in this context. The Arab Group reiterates that this initiative was formally proposed during the 9th session and it was supported through a visual presentation that was uploaded to the OAEWG website by Kuwait in order to make it accessible to all delegations. The initiative enjoyed the support of a number of states during the 9th and 10th sessions and the Arab Group reiterated its full support of the initiative in a formal statement during the 10th session and this is also available on the website. Therefore we emphasize that we should maintain this paragraph. Thank you, Mr. Chairman.
Chair: Thank you very much, Tunisia. Kingdom of the Netherlands to be followed by the Dominican Republic.
Kingdom of the Netherlands: Thank you, Chair. We align ourselves with the statements of the EU as well as the statement delivered by Ghana on behalf of the cross-regional group of the Open Ended Working Group Confidence Builders and we would like to add the additional remarks in our national capacity. Being grateful for all the work this Open Ended Working Group has put into the development of the eight CBMs, we believe that now is the time to focus on their operationalization and therefore we join others that the report should not list new proposals that were barely discussed and we echo the call by others to delete paragraph 46L and annex 2. Moreover, while we agree that the implementation of norm J is important, we are cautious to single out this norm on reporting of ICT vulnerabilities in paragraph 46F under this CBMs chapter and not the other norms. In paragraph 46J, we ask to explicitly recognize the role of regional organizations and the technical community alongside other stakeholders as they play a critical role in the implementation of CBMs. Lastly, on paragraph 47. As we have encountered obstacles with the practice of the POC directory, we are in favor of first focusing on the effective, inclusive and constructive operationalization before developing it further. Therefore, we wish to include the language, quote, in a step-by-step manner, end quote, as also mentioned in paragraph 46C. Chair, allow me to turn now to capacity building. Underlying that capacity building should be an essential element in the future mechanism, we have highlighted the proposal on functions on capacity building in the future mechanism under regular institutional dialogue. So now I will only focus on some additional text proposals. We took note of paragraph 52B on the need to enhance availability of capacity building and leadership programs, and we would be keen to see other active fellowships with a similar objective reflected. For example, the Women in Cyber Fellowship. Regarding paragraph 52E and F on the ICT security corporation and capacity building portal, we see merit of the portal serving as an official website in the future permanent mechanism. We do have concerns regarding the other functions and the complementarity with existing initiatives. And then finally, with respect to paragraph 58, we propose replacing while respecting national ownership and sovereignty with while respecting the principles of capacity building. The capacity principles adopted in 2021, the Open Ended Working Group Consensus Report, also already encompass national ownership and sovereignty, but also other elements. I thank you, Chair.
Chair: Thank you. Netherlands, Dominican Republic to be followed by Italy.
Dominican Republic: Gracias, President. Thank you, Mr. Chair. I shall just provide you with a very summary version of our full paper, which has been provided both in Spanish and English electronically. We didn’t have the opportunity to speak in any previous session because it doesn’t appear fair to us. It would give us only three minutes this morning. Section C, our delegation once again want to express its support for voluntary norms for responsible behaviour in cyberspace. We like the inclusion of practical measures and we support the existing norms and the good practices referred to here, particularly when it comes to critical infrastructure and supply chains. We think it’s appropriate to have references to regional provisions such as those adopted in some South American states in line with the AWG and also reference to cyber defenders. We recall that recently there’s been adoption of the practices on critical infrastructure, looking at all possible dangers there. And we support national capacity building in order really to look at the threats from ICTs. Looking at the international law, particularly the UN Charter is fully applicable to cyberspace. We welcome the reference to regional positions and we support the future mechanism continue to be discussed in the practical implementation of international law in the future. We welcome the reference to voluntary national positions and we shall be publishing our recommendations shortly. When it comes to critical mechanisms, we would say that we want to consider international law, UNIDIR in particular, in connection with South America, when it comes to E and confidence building measures of the OAS and cyberspace. We support CBNs in order to avoid misunderstanding and to strengthen interstate cooperation. We welcome the establishment of the global POC and we urge all states to… a POC and improve interoperability with existing mechanisms. We hope that it will be possible to connect regional directories so that we will be able to improve notification in the case of serious incidents. We support the development of a cyber incident global scale for, or common scale for requirements here. Then F, we believe that we should cover all pillars of the OEWG looking at cybernetics and digital rights. And we are proud to note a particular initiative such as that for particularly appreciated by our states. We support the global capacitation or confidence building portal. We want to see a redoubling of forces, but not duplication when it comes to cooperation here with developing countries. And the speaker is Guillotine.
Chair: Thank you very much, Dominican Republic. And thank you also for your understanding. Please do share with us your full statement. I give the floor now to Italy to be followed by Sweden.
Italy: Thank you, Mr. Chair, for giving me the floor. Italy fully aligns itself with the statement delivered by the European Union. And we’d like to add the following element on section F from a national perspective. Italy considers cyber capacity building to be a central and cross-cutting component of the work of the OEWG, as well as of the future permanent mechanism. CCB is also at the core of our national cyber diplomacy. That’s why we sincerely attach a great deal of importance to it. We believe that the draft final report allows for some improvements. In fact, the inclusion of several proposals, some of which not properly discussed, risk undermining the overall coherence of. the section, see for example paragraph 52i. Furthermore, there seems to be an overemphasis on financial instruments at paragraphs 52j, 56 and 57, at the expense of a more integrated policy vision on what CCB is and how it can be carried out in a sustainable and inclusive way. At the same time, we must strive to avoid duplication and fragmentation. Existing tools and mechanisms, including the ongoing efforts of UNODA, UNIDIR, ITU and the work of multi-stakeholder platforms such as the GFC, should be leveraged more systematically. Italy also touched particular importance to promoting multi-stakeholder engagement. Effective capacity building cannot happen in silos. That’s why we strongly support an approach that actively involves governments, the private sector, academia, NGOs and civil society. Governments alone cannot always deliver what is needed. Technical and informed voices are indispensable for a successful and effective CCB. That’s why we believe that the language of paragraph 52m is too weak in this respect. In conclusion, Italy reaffirms its commitment to promoting a constructive and results-oriented dialogue on CCB. The latter is cross-cutting by nature and therefore we strongly support the structure of DTGs in the future permanent mechanism, as proposed by France with the cyber POA, in order to bridge the various gaps states are confronted with. We trust in your leadership, Mr. Chair, to shape a chapter on CCB that is realistic and implementable. Thank you, Mr. Chair.
Chair: Thank you. Thank you, Italy. Sweden, to be followed by Zimbabwe. Thank you, Chair.
Sweden: As previously mentioned, Sweden fully aligns itself with the statement delivered by the European Union, as well as the Nordic statement delivered by Finland. Sweden regrets that the new language in paragraph 15, that is reading exclusively peaceful. purposes. This diverts from previously agreed language and denies both the obligations and the rights given to states under international law, as elaborated on by multiple states, among others by Ukraine. Sweden therefore supports the language proposal put forward by Australia. Sweden also supports Italy’s remark on paragraph 15 regarding the potential hybrid use of ICTs. Sweden regrets that in paragraph 40c the reference to when an ICT operation may constitute a use of force has been deleted. Sweden requests its reinsertion. Chair, the UN framework of responsible state behavior and the UN key is what give us stability and security in the ICT domain. We cannot risk weakening the framework at this stage. Considering this, in paragraph 33, the UN framework must be given equal weight as the development of cooperative measures to counter threats facing states. And the overall balance in the report must be strengthened to reaffirm the UN framework and the UN key. Thank you, Chair.
Chair: Thank you, Sweden. Zimbabwe to be followed by UK.
Zimbabwe: Thank you, Chair. In the interest of time, Zimbabwe would like to focus on agenda item 5, section F of your draft report, and would like to underscore the following in our national capacity. First, Chair, my delegation finds merit in needs-based and sustainable approaches to capacity building. In this regard, we support the UN framework and the UN key. Second, Chair, I would like to underscore the importance of needs-based and sustainable approaches to capacity building. In this regard, we support the call for tailored, gender-responsive capacity building initiatives referenced in paragraphs 52A and 52B that address national gaps in ICT security, institutional strengthening, technical skills transfer, and leadership development. to proceed and include the points that were raised regarding institutional capacity building, which is important. We stress the importance of a South-South and triangular cooperation, as highlighted in paragraph 52C, to complement traditional North-South partnerships leveraging on shared regional experiences in Africa and beyond. Second, my delegation welcomes the proposal under paragraph 52E to 55 on the global ICT security cooperation portal, which is defined as a neutral member state-driven one-stop shop for capacity building resources. This portal must prioritize accessibility for developing countries and integrate with existing mechanisms to avoid duplication. Third, my delegation recognizes the value of strengthening computer emergency response teams, including computer security incident response teams through a structured mentorship program, joint training initiatives, and robust information sharing mechanisms. As highlighted in paragraph 52D of the report, such efforts are critical for enhancing Africa’s cyber resilience in the face of evolving threats. Zimbabwe, therefore, calls for increased international cooperation and targeted technical assistance aimed at developing and reinforcing regional set capabilities, particularly within the African context. This would bridge the digital divide while contributing meaningfully to building a secure, stable, and resilient cyberspace for all. Chair, we also welcome the inclusion of a regular high-level global roundtable as a means to sustain political momentum on capacity building initiatives. In particular, we support inclusive participation, as outlined in paragraph 52M, notably the involvement of the youth, academia, and the private sector in these dialogues. Such engagement under agreed modalities of participation is essential to ensuring that capacity building efforts are responsive. forward-looking and reflective of the diverse stakeholder shaping the global digital landscape. Chair, Zimbabwe emphasizes that the future permanent mechanism should prioritize concrete
Chair: Thank you very much, Zimbabwe. UK, to be followed by Colombia.
United Kingdom: Thank you, Chair. On confidence-building measures, we would like to add two additional sentences to 46B, which draws on consensus text of the second annual progress report, highlighting the voluntary, practical, and neutral nature of the POC, as well as taking into account the work of computer emergency response teams and computer security incident response teams, who will send our full proposal in writing. We also support paragraph 46D. Regarding paragraph 46E and 50, we appreciate the improvements in Rev. 1, but note the points raised by others, namely Australia, US, and France. In the final sentence in paragraph 46G and 49, we would like to add, in accordance with the state’s national policies and legislations, end quote, at the end of the last sentence. This language is from Annex A of the second APR. Regarding paragraph 46L, we are not comfortable with the elevation of a proposal by a single state in this way. We therefore agree with comments made by many others that this language should be removed. On capacity building, as stated yesterday, we continue to hear the broad consensus that capacity building should be at the heart of the future mechanism. Rev. 2, and particularly Annex 3, could draw more on the proposals that we’ve heard, including the 11 key functions by a group of Latin American states. In this regard, we continue to support further consideration of the proposals put forward by France and the Netherlands. We also agree with a large number of states that have said we should recognize the very difficult fiscal circumstances of the UN, and we therefore caution against initiatives that will increase financial burdens during the ongoing UNAT reforms. In this regard, the first sentence of Paragraph 55 should read States agree to establish a dedicated global ICT security, cooperation and capacity building portal within existing resources, taking into account Paragraphs 51E, F and G. In 52B, we welcome the addition of the words mutually agreed, but they should also be included in the first and penultimate sentences of 52D. We will send this amendment in writing. Thank you, Chair.
Chair: Thank you very much, UK. Before I give the floor to Colombia, I have received a request from the Russian Federation to make a procedural point. Russia, you have the floor, please.
Russian Federation: Distinguished Chair, our delegation would like to once again point out to the Secretariat that there is a continuing problem with interruption in the webcast of this OEWG meeting in Russia through the UN Web TV website. Our experts have not been able to take part in person in today’s meeting, therefore are essentially being excluded from following our discussions at this very important session of the group. I’d like to once again underscore that this runs counter to the principles of transparency and participation of states in the activities of OEWG. We ask you to provide support and to take measures to rectify the situation immediately. Thank you.
Chair: Thank you, Russian Federation. I was not aware of this technical problem with regard to UN Web TV. I think it happened once before during this week, so I kindly ask the Secretariat to look into this. I think the point made by the Russian Federation is a fair one. Ultimately, if we have UN Web TV, it should be accessible to all around the world, and this recurring problem does create an issue, a reasonable grounds that Russia has. So can I request that the Secretary address this, and hopefully we’ll get an update at a later stage. Thank you, Russian Federation. We’ll continue with the list of speakers. Colombia, to be followed by Ghana. Colombia, please.
Colombia: Thank you, sir. This is a summarized version of what we have to say. Looking at the paragraph on norms and principles, we support the list of practical actions for the implementation of the norms, including the recommendation, including paragraph 37 on international law. We welcome the inclusion and the reference to the working documents on international law and IHL, as submitted by the regional group of countries, Colombia included therein. However, in order to move towards a more broader consensus, we think that this could be dealt with thematically in connection with the content of these documents. We also support the proposal from other delegations on this paragraph on C and D, on the importance of developing national positions. I’d like to say that in Colombia’s case, it was a determining experience working with other countries in outlining our national position. And here we would like to make the following suggestion on paragraph 42D, as a reaction there to our positions. We’d like to add practices in the process of their elaboration. On capacity building, for various sessions now, a group of countries from my region and others have submitted working documents and statements on capacity building. These are intended to provide practical considerations here. My delegation believes it’s important to include the reference to these documents and therefore we propose this in paragraph 52 after chair’s national experience that as views of groups of the states on international cooperation and capacity building. Finalmente, then lastly on paragraph 55 we support the proposal made recently by the UK. Thank you very much.
Chair: Thank you very much Columbia. Ghana to be followed by Uruguay.
Ghana: Thank you chair. Ghana aligns itself with a statement delivered yesterday by the African group on capacity building. We welcome and support paragraph 52B which underscores the importance of tailoring capacity building initiatives to the specific context and priorities of member states. My delegation also joins others in expressing strong support for the UN Voluntary Fund. In this regard Ghana welcomes paragraphs 52J and 57 and we are of the view that these should be retained in the final report. We also support paragraph 56 on the establishment of a sponsorship program administered by the UN Secretariat. Ghana supports the proposal to establish a dedicated global portal for ICT security cooperation and capacity building and looks forward to its timely operationalization. We also recognize the importance of existing initiatives such as the high-level global roundtable on ICT security as well as fellowships like the Women in International Security and Cyberspace Fellowship and the UN Singapore Cyber Fellowship. In this regard we express support for the creation of an additional fellowship program under the auspices of the United Nations. Finally we support the views expressed regarding the vital role of regional organizations in capacity building and the importance of showcasing the impactful initiatives already underway. We likewise welcome the proposal to establish a cyber resilience academy hosted by UNIDIR as a further step towards strengthening global capacity in this area. I thank you.
Chair: Thank you very much Ghana. Uruguay, to be followed by Ukraine.
Uruguay: Thank you very much, Mr. Chairman. Uruguay has participated in the Group on Confidence-Building Measures together with Germany, Australia, Brazil, Canada, Chile and Colombia, Ghana, inter alia, and this is in line with our working document submitted by our country, believing that this is fundamental for the peaceful use of cyberspace and strengthening capacities here and minimizing conflict. We also appreciate the list of voluntary measures, including implementation of the PACE directory and looking at CBMs under the future standing mechanism. And lastly, we emphasize the work done regionally and sub-regionally to build confidence, such as in the OAS. And we wish to look at specific priorities and context here. We wish to see these organizations connected with the future standing body. Thank you.
Chair: Thank you very much. Uruguay, Ukraine, to be followed by Cameroon.
Ukraine: Thank you, Chair. As we advance in the discussions, Ukraine fully aligns itself with the statements previously delivered by the European Union and our delegation would like to make some additional remarks in its national capacity on CBMs. At the outset, we cannot but recognize the progress that UAWG has achieved on this issue, which includes the adoption of eight CBMs and the establishment of the POC directory. Turning to the revised draft final report, Ukraine does not support the development of additional CBMs at this stage. We observe that the potential of the CBMs already in place has not been explored to its fullest yet. The example illustrating how CBMs used, particularly CBM-3, can already add to the functioning of the future permanent mechanism was given during yesterday’s intervention by Ukraine. We would also suggest refraining from the inclusion of such proposals as the development of technical ICT terms and terminologies, since such proposals have not been discussed in depth. In general, we emphasize the need to focus on the further development and implementation of the eight agreed CBMs and further effective functioning of the POC directory. Therefore, at this stage, we should ensure that the POC directory is fully functionable. for moving to the further development of this mechanism. On capacity building, Ukraine supports the convening of regular global roundtables on ICT security capacity building under the auspices of the Future Permanent Mechanism. However, we would suggest that such roundtables are held at the expert level rather than at the high level. We believe that such meetings could include capacity building practitioners, representatives of states, and other interested parties and stakeholders, including businesses, non-governmental organizations, and others. We also support the establishment of a dedicated global ICT security cooperation capacity building portal, paragraph 55. However, we consider it is important to avoid the duplication with the existing initiatives, such as cyber policy portal of UNIDIR and civil portal of the Global Forum on Cyber Expertise. We remain committed to working constructively towards achieving a positive outcome at this session. Thank you, Chair.
Chair: Thank you very much. Ukraine, Cameroon, to be followed by Vietnam.
Cameroon: Thank you, Chair, for giving my delegation the floor once more. My delegation would like to make the following remarks on section E and section F. On section E, which focuses on capacity building measures, and paragraph 48, which focuses on global POC directory, Cameroon supports the functioning of the POC directory, but proposes amending paragraph 48 to include the director shall integrate regional POC networks to enhance incident response, leveraging the template in annex 2. This addition reinforces paragraph 46b on the POC’s contact directory’s purpose, and paragraph 11 on regional organization. On paragraph 49, which focuses on the simulation exercises, we propose the addition of this statement. Exercises should prioritize scenarios affecting least developing countries, with post-exercise reports shared via the global ICT security cooperation portal. On capacity building in section F, my delegation emphasizes the critical importance of section F. particularly Paragraph 57 on the proposed UN Voluntary Fund. To transform this concept into actionable progress, my delegation proposes the following amendment. In Paragraph 57, the current text should be replaced with, the future permanent mechanism shall operationalize a UN Voluntary Fund by 2026 with resources prioritized for least developing countries and African states in accordance with the ICT security capacity and building principles in the 2021 OEWG report in Paragraph 56. Thank you, Mr. Chair.
Chair: Thank you very much, Cameron, for your statement. Give the floor now to Vietnam, please.
Viet Nam: Thank you, Chair. I’m delivering this statement on behalf of a cross-regional group of states. That includes Australia, Chile, Colombia, the Dominican Republic, Ecuador, and Salvador, Estonia, Fiji, Germany, Kiribati, Moldova, the Netherlands, Papua New Guinea, Romania, Thailand, Uruguay, Vanuatu, and Vietnam. We have come a long way. Over the years of this OEWG, states from all regions have engaged in increasingly detained and substantive discussion on international law. These discussions have helped reinforce capacity, bring confidence, and deepen our common understanding on how international law applies in cyberspace. These common understandings on international law are key output of this OEWG. Our cross-regional group has presented proposals in our paper that represent areas of emerging convergence on international law, based on our discussions, and has also reflected in state’s national positions. Regrettably, the current iteration of the report does not reflect these important understandings that we have reached. We are prepared to be flexible. We are open to compromise. In this period, we would therefore like to propose the following streamlined and qualified language for inclusion in the report under new sub-paragraphs in this Paragraph 40. The language reads as follows, Paragraph 40, at the OEWG’s focused discussion on how the national law applies to the use of ICTs states in the earlier new Paragraph F, sub-discussed the need to respect and protect human rights and fundamental freedoms both online and offline in accordance with their respective obligations, G, discussed how there can be an internationally wrongful act of a state when its use of ICTs is attributable to it and constitutes a breach of an international obligation of the state, H, discussed how international humanitarian law applies to activities using ICTs within an armed conflict including where applicable the established international legal principles of humanity, necessity, proportionality, and distinction. We hope that the report can, at a minimum, faithfully capture a factual record of our discussion within the OEWG. We look forward to working with all states to ensure that our hard work, rich discussion, and progress are appropriately reflected. Thank you.
Chair: Thank you very much, Vietnam, for the statement. India had asked for the floor. Are you able to take the floor now? Okay. So we’ll come back to India. I give the floor now to the ICRC and Interpol, two intergovernmental organizations which had asked for the floor since Monday, and I apologize to them as well for, first of all, making them wait and, of course, for the limited time that is available to them but also to others. So ICRC followed by Interpol.
ICRC: Excellent season. Ambassador Gafoor, the International Committee of the Red Cross is grateful for the opportunity to participate in this final substantive session of the Open-Ended Working Group. Today there are over 130 armed conflicts around the world. ICT activities are an integral part of many of these conflicts. You, the delegations in this room, have the important task of building common understandings on the international legal rules that limit malicious ICT activities, prevent escalation in new wars, and protect civilian populations against harm if conflict erupts. This Open-Ended Working Group has done an unprecedented job in setting out today’s ICT threats. The ICRC can attest that many of these exact threats materialize in today’s armed conflicts. Our colleagues in countries affected by armed conflicts have documented cyber operations aimed at disrupting or destroying essential services for civilian populations. These operations put the lives and well-being of civilian populations in danger. Excellencies, in light of these acute threats, the ICRC sees great value in paragraphs 38 to 41 of the draft report, which referenced the multiple agreements that states have reached on the application of international law, including international humanitarian law, to the use of ICTs. This Open-Ended Working Group has provided a central platform for such discussions, building on the work of several GGEs and the last Open-Ended Working Group, as well as other important processes such as the International Conference of the Red Cross and Red Crescent. Through global, regional, and cross-regional cooperation, we today have overwhelming agreement to a humanitarian red line in the use of ICTs. IHL prohibits to attack civilian objects, to target hospitals, to launch indiscriminate or disproportionate attacks, including in the use of ICTs. During this final week of intergovernmental negotiations, the ICRC calls on all delegations to reflect this humanitarian red line in the final report. As said by many delegations in this working group, additional discussions are needed to ensure that IHL is effectively applied to the use of ICTs in armed conflicts. Whether this is done by building common understandings on existing law or through an additional legally binding instrument, such negotiations must not cast doubt or undermine the existing legal protection for civilian populations affected by armed conflicts. I thank you.
Chair: Thank you very much, ICRC, for your contribution. Interpol, please.
Interpol: Mr. Chair, Excellencies and colleagues, thank you for this opportunity. Today, ICT security is not just a technical concern. It is a defining issue for global stability, peace, and sustainable development. In this context, Interpol welcomes Member States’ recognition in paragraph 16 of Rev. 1 of the threats posed by the criminal misuse of ICTs, given its significant potential to disrupt essential services and cause serious harm. And the threat is growing. Interpol’s latest Africa Cyber Threat Assessment reported an alarming increase in cybercrime incidents across the continent. One country saw over 17,000 ransomware detections, while another faced a 3,000 percent rise in scam alerts. These threats are not limited to one region. Across the globe, we’re seeing sophisticated criminal networks using techniques like phishing, malware, and deepfakes to target citizens, governments, and businesses. These threats mirror many of those recognized in Section B of Rev. 1 and underscore the need for collective action. Faced with this rapidly evolving challenge, Interpol encourages member states to continue leveraging our global capabilities and network to address the criminal and terrorist use of ICTs in line with Norm D of the Framework on Responsible State Behavior. In support of this, we continue to strengthen trust and confidence building between our 196 member countries for practical law enforcement cooperation. Our relaunched Cybercrime Expert Group brings together over 170 experts from around the world to examine the evolving cyber threat landscape, including the implications of emerging technologies like AI. Interpol is also embarking on new initiatives to better support member states in countering current and emerging cyber threats. These include efforts to respond to cyber attacks targeting critical infrastructure and developing global strategies to combat the misuse of residential proxies, the expansion of IoT malware, and phishing attacks. We welcome interested partners to contribute to these efforts. As states have repeatedly emphasized throughout this OEWG, capacity building is both foundational and cross-cutting. With the support of partners like the European Union, the Council of Europe, and the United Kingdom, Interpol delivers capacity building tailored to the needs of frontline officers across different regions. These efforts are aimed at producing operational outcomes against specific cyber threats, a model that has enabled the dismantling of hundreds of thousands of malicious infrastructures and the arrest of thousands of suspects just over the last year. In closing, these results show what is possible when we work together. In this regard, Interpol is convinced that a future permanent mechanism, like the OEWG, can play a vital role in strengthening trust and confidence between states, the foundation on which effective international cooperation is built. I thank you.
Chair: Thank you very much, Interpol. Friends, we have completed the list of speakers that was outstanding from yesterday morning. And it’s now my intention to move to the other list of outstanding speakers, and there are six of them, with regard to the debate yesterday on regular institutional The list is as follows, Czechia, Guatemala, Mauritius, Belarus, Costa Rica, and New Zealand, plus India, which had asked for the floor earlier, but I think they are not yet ready to speak. We’ll give them a chance. So we have seven speakers left. I’m planning to take the list remaining as of yesterday. So we’ll start with Czechia, to be followed by Guatemala.
Czechia: Thank you, Mr. Chair. On the RID, we align ourselves with the statement delivered by the EU and add the following in our national capacity. The Czech Republic supports a structure of a future mechanism which will be inclusive, efficient, and action-oriented. That is why we reaffirm our support for the creation of thematic groups, and we stress that they should be cross-cutting, as it was very well described by our French colleague yesterday. A cross-cutting structure will best reflect the interconnected nature of cyber issues and ensure coherence across the mechanism’s work. Within one group, we will be able to discuss all aspects of a specific cyber issue, with the related threats, our potential reactions to them, and also the capacity-building needs which such threats are linked to. From our experience as a country providing cyber capacity-building, we can clearly see that especially such capacity-building, which derives from specifically articulated needs, is the most effective. And the cross-cutting thematic groups, which will focus on specific topics under three umbrella themes – stability, resilience, and cooperation – define specific threats and identify specific gaps that need to be addressed, would provide a perfect basis for a tailor-made approach to capacity-building. The discussions in the cross-cutting groups would be able to cover also all other related issues, including international law, implementation of norms, or anything else that may arise in the specific context. We strongly do not agree with the creation of a specific group on international law, as the discussions on law should not stay alone without being related to specific issues that the law addresses. We consider the format of cross-cutting thematic groups to be the most convenient. We also support the idea of a global roundtable on capacity building, and we would like to see a global roundtable that would be convenient for efficient and to-the-point discussions, which should aim at tackling the specific challenges that we are facing in cyberspace. We would still have the pillar discussions in the plenary, and we would be able to benefit in the plenary from the practical discussions held in the cross-cutting thematic groups and from their potential recommendations under a separate agenda item in the plenary, as suggested, for example, by the UN and the UNESCO, and we would be able to support the idea of a global roundtable on capacity building, and we would like to see a global roundtable on capacity building, and we would be able to support the idea of a global roundtable on capacity building, and we agree with Brazil to strike out the high level. Concerning the indicative timeline in Annex 3, while we see merit in having the plenary taking place back-to-back with the thematic groups, at the same time, we are a bit concerned about the possible loss of momentum of the discussions, with having all the meetings taking place over the course of the year, and we would like to see a more balanced manner throughout the year. Finally, we also underline the importance of a meaningful multistakeholder participation. Multistakeholders play an important role in identifying threats, in tackling them, and, very importantly, also in capacity building. We are truly convinced that, while this being an intergovernmental process, the future permanent mechanism must be inclusive in all possible aspects, and that is why we cannot agree with the word
Guatemala: mechanism to help us to continue with progress in the AWG. We believe that the transition should be a fluid one and in accordance with the principles upon which we agreed. We emphasize the need to avoid duplication of efforts and processes, particularly in a context where both technical and financial resources are limited. A new sole mechanism should consolidate the existing one, strengthen what’s already worked and harmonize rather than to fragment initiatives. We also support the creation of a moderate number of technical working groups and thematic ones. And we believe it is vital that one of these should focus specifically on the capacity building pillar. This is a priority for developing countries and must be addressed in a structural fashion, looking for specific and sustainable results. We highlight the working documents submitted by a group of countries from my region, seeking to include the various dimensions of capacity building and looking at the various needs there. A specific thematic group will ensure a systematic integrated approach, able to coordinate what is already being done. Guatemala also resoundingly supports the participation of relevant stakeholders, their technical, operational and political contribution is vital to ensure that we have a transparent and inclusive participation, strengthening the future mechanism. So, here we support Canada and Chile’s proposal. Lastly, Guatemala once again says that we are committed constructively to the process whereby a permanent mechanism will be established and we wish to offer our full support to the chair. We are sure that after the fruitful discussions in the OEWG, we will be able to have an effective and inclusive mechanism. one that is action oriented. Thank you.
Chair: Thank you Guatemala for your statement and for your support.
Mauritius: Mauritius to be followed by Belarus. Thank you Chair for giving us the floor. We take this opportunity to reaffirm our strong commitment to the establishment of a regular institutional dialogue on international ICT security through the operationalization of the future permit mechanism. We support the operationalization of the permit mechanism through thematic working groups as a practical and flexible modality to carry forward discussions and implementation. We believe that such a structure will promote targeted sustained engagement and provide an opportunity for state and stakeholders to exchange experiences, propose new ideas and address gaps based on their evolving needs. We believe the following elements must be addressed in the future mechanism. Within DTG1 we recommend the following a non-attributive threat information exchange platform supported by a technical partners. Both public and private should be set up at the level of UN. Moreover the existing guidance toolkits and repositories should be leveraged by states for the adoption of existing norms. At the same time the modalities for the creation of a new norms could be considered as stated by many other delegations. As regards to CBMH we also underscore the importance of ensuring that initiative developed under the OEWG such as global POC simulation exercises and capacity building roundtables are sustained and further developed under the future permit mechanism. Their integration into the mechanism future work schemes will be critical to operationalizing the framework and building trust. We also emphasize the partnerships with regional organizations that could serve as an implementation bridge for policy alignment and regional implementation as well as for supporting region specific CBMs. Coming to DTG2 we propose the following an inclusive legal forum including technical and legal experts legal advisors and other stakeholders to discuss the applicability of international law to state behavior in this hybrid space. A voluntary compilation of the state’s national positions on international law could be made available on existing repositories. For the DTG3 on capacity building we suggest the needs-based catalog is transition to the future permit mechanism. We also support the idea of convening the global roundtable on IEA. to security capacity building on a regular basis. We believe the participation of inter-area capacity building experts, practitioners, and other stakeholders, such as regional organizations, technical community, and NGOs is critical to accelerate the delivery of the capacity building. Regional organizations could act as implementation hubs to coordinate technical assistance, training, and knowledge exchange. They could also serve as the liaison bodies for the future payment mechanism. Furthermore, they could play an important role in facilitating regional dialogues and submit regional reports or positions to the UN. We also propose setting up a monitoring and evaluation framework for voluntary state reporting on implementation progress at national, regional, and global level. Dashboards, as well as regular reviews, forums, could facilitate the monitoring of the progress. In conclusion, Chair, we reaffirm our commitment to the early and effective establishment of the future payment mechanism. Thank you very much.
Chair: Thank you, Mauricio. Belarus, to be followed by Costa Rica.
Belarus: Distinguished Chair, at the outset, allow me to thank you and your team for your hard work over the past five years to ensure the continuation of the negotiation process as part of this working group, which is now in its final phase, as well as for preparing the draft final report on the work of the OEWG. We align ourselves with the state of Nicaragua on behalf of the like-minded states with regard to the draft final report. We believe that the basic principle underlying decision-making in the future mechanism must be consensus. Taking into account the views of all states is crucially important in decision-making for both substantive and procedural issues. In discussing the details of the thematic groups, as we mentioned before, it’s important to find an optimal balance between, on one hand, efforts to cover a large number of issues, and on the other hand, to maintain their unique specialized nature. At the same time, it’s important to note that the establishment of thematic groups is not a prerequisite. is it for the success of this concluding session. The main priority should be having a seamless transition between the current OEWG and the future mechanism without undermining its mandate and taking into account all five pillars. Therefore, we do not support at the current stage the first thematic group in its current proposed format, taking into account the need for a balance between norms and international law, as well as the importance of efforts for confidence building measures and capacity building. We propose creating a separate thematic group on standards and on confidence building measures. Given the rapid development of technology, the mandate of the future mechanism should include the possibility of developing the standards on important issues such as supply chains and data security. We support the consensus-based approach toward appointing co-chairs of the thematic groups. With regard to persuasion of stakeholders in the work of the future mechanism, we believe that priority should be given to the principles of national sovereignty. We support the current format of work. We are aware of the important contributions made to the work of the OEWG by non-state entities, but we believe that all decisions on NGO participation in sessions ought to be based on no objection from member states. And this is an intergovernmental process, first and foremost. In addition, participation of accredited, ECOSOC-accredited NGOs could be helpful for the future permanent mechanism. We believe the terminology of the report ought to be in line with the mandate of the group and previously agreed reports. And we also believe we should separate out the concepts of criminal activities in the area of ICT and harmful cyber activity. We also support including language on potentially developing legally binding norms that would reflect positions of the member states from the outset of the OEWG. We believe that… norms of IHL that are applicable in times of armed conflicts are not sufficient for regulating ICT issues.
Chair: Thank you very much, Belarus, for your statement. Costa Rica, to be followed by New Zealand.
Costa Rica: Mr. Chairman, Costa Rica supports a regular institutional dialogue with broad participation of states and stakeholders on security and the use of ICTs. Not just looking at one of the mandates bringing us here, but also we view this as a need in order to achieve global understandings based on consensus on this important matter which is constantly in development. We wish to respect the principles of inclusivity and transparency and therefore support the document submitted by Canada and Chile. We also recognize the value of the structure being proposed to us in Annex III on the thematic working groups. For Costa Rica, looking at capacity building, we are of particular interest to the proposal which is aimed at action with clearly identified objectives to facilitate the exchange of experiences, including their experts to promote international cooperation, to provide a platform for implementing the agreed framework, and also to ensure that it be flexible to deal with new threats. So we strongly urge in the final report that there be the inclusion of the working documents submitted by the group of countries from Latin America and the Caribbean entitled Strengthening of the Strategic Dialogue on Capacity Building and its Inclusion in the Future Permanent Mechanism. Thank you.
New Zealand: Thank you, Chair. On regular institutional dialogue, and with your plea for brevity in mind, we will simply note that, like a great many other delegations, we support the very constructive French compromise proposal for crosscutting action-oriented thematic groups, and we support the important proposal put forward by Chile and Canada on stakeholder modalities. We’ve explained our reasoning for supporting these initiatives previously, so given time constraints, I won’t repeat that now. We also want to endorse the helpful reminder from Germany yesterday to take a step back and recall what we’re trying to achieve through establishing the permanent mechanism. We want to promote, protect, and implement the normative framework for responsible state behavior and continue to build common understanding of how international law applies in cyberspace. We want crosscutting issue-oriented discussions to allow for concrete and meaningful exchanges, including to support effective capacity building. And we want to move forward in a single-track format. The measure of success for our work this week will be to reach consensus on establishing, for the first time, a permanent UN forum focused on ICT security in the context of international security. This will be a significant achievement and is the most important signal we can send about our shared commitment to promoting an open, secure, stable, accessible, peaceful, and interoperable cyberspace. Thank you.
Chair: Thank you very much, New Zealand, for your contribution. India, please, to be followed by Nigeria.
India: Thank you, Chair. India is speaking for the first time. We appreciate Chair’s leadership in guiding us towards consensus. We by and large agree with the Rev. 1 draft, which reflects the consensus we have achieved over the years. We have several technical solutions related to AI-powered attacks, ransomware as a service, etc., which we are sending to you by email. We would like to highlight some important broad principles, many of which have been highlighted in interventions of many of our Global South partners, like Brazil, South Africa, Thailand, Indonesia, Malawi, and the African Group. Mr. Chair, today a significant portion of global Internet users live in developing countries, and the governments of Global South are also heavily invested into the ICT domain and digital governance. The Global South today stands at a transformative juncture, where technology and digital innovation are not merely tools, but have become powerful levers and catalysts for economic advancement and the realization of our developmental aspirations. In this regard, India’s own journey with digital public infrastructure, exemplified by the open architecture of India’s TAC, demonstrates the profound potential of accessible, secure, and interoperable digital systems to uplift societies and accelerate progress at population scale. Let me add that the India’s TAC, from its inception, itself endeavours to implement secure by design, by default, and in deployment. It is in this spirit that we underscore the paramount importance of safeguarding cyberspace, particularly for developing nations, and that is why capacity building is of utmost importance for the Global South. Let me reiterate here that the sentiments of a majority of states on this topic, particularly the Global Capacity Building Portal, have been aptly captured by the REV.1 text. It is in this context of our developmental needs that the OEWG becomes important for us. One of the most important characteristics of OEWG that we want to preserve and pass on to the RID is that the OEWG is representative, inclusive, and democratic. These also abbreviate as RID. Therefore, we want the RID to be also RID. We believe that the strength of the OEWG platform lies not in the platform, but in our own ability to build consensus, which was very beautifully articulated by Egypt. ICT domain is a borderless domain where coexistence is not an option, but an inherent feature of the domain. It goes without saying that harmonious coexistence requires consensus as an essential. On the importance of consensus for coexistence, I am reminded of an ancient Sanskrit verse from Rig Veda, which I will translate. It says, meaning, let your intentions be united, let your hearts be in harmony, let your minds be in congruence so that you may coexist in harmony. We therefore would like to highlight that we all need to come together and focus on ensuring a seamless transition to a future permanent mechanism rather than focusing on procedural specificities. Thank you, Chair.
Chair: Thank you very much, India, for your statement and your harmonious – your message of harmony, which is what I think we need as we closed – as we come close to the finish line. Nigeria, please.
Nigeria: Chair, Nigeria aligns itself with the African group, and I would like to make the following remarks in our national capacity. Nigeria views capacity building as a fundamental pillar of trust to bridge gaps among divergent capacities in the field of human endeavor. In our opinion, it’s a harbinger of inclusivity to reduce inequality of requisite knowledge among states. It gives states equal footing in relevant discussion, obliterating a sense of marginalization while holding up ownership in ensuring documents or outcomes of meetings. It’s a cross-cutting topic embedded in all pillars of the open-ended working group in the security of and in the use of information and communication technologies as asserted in paragraph nine of the report on that reference. Nigeria acknowledges the elaborate consensus stem of capacity building in the report on the view. I would like to make further suggestions on pragmatic mechanism to consolidate it as a pillar in the future permanent mechanism. My delegation advocates practical context with an actionable support for cyber security infrastructure and relevant staff. The transfer of knowledge should be need-based, inclusive, transparent, tailored to us, integrating it with indigenous knowledge for sustainability. The integration of modern technology with indigenous knowledge in recipient countries will facilitate the ability to nurture a diverse and skilled cyber security workforce. This enables such states to easily defend their critical infrastructure and critical information infrastructure against cyber threats and contribute to the nation’s digital resilience as well as create cyber solutions for the future. It will also create a spiral effect on employment in emerging technological fields, improving economic and human developmental indices of developing countries. The gender inclusiveness in cyber security is vital to maximize human capacity. Women are famous for their multitasking ability which is crucial in inculcating relevant knowledge to safeguard the cyberspace. Technology as we know it today has become an indispensable element of human subsistence. It is therefore imperative to prepare the younger generation beyond the use of social media to the complexity of cyber security. Teaching them from a young age increases the digital skills of any nation and it further reduces future digital gaps between the high and low income countries. Nigeria acknowledges the framework of international law as a second pillar in the future of permanent mechanism due to its complexity within the cyberspace. The guiding principle of international law is a product of multilateral efforts in ensuring responsible state behavior and this should be applicable in the cyberspace. Let me conclude by reiterating the importance of inclusivity in global discourse. It should be championed through mutual respect, meaningful engagement and transparency.
Chair: Thank you very much, Nigeria, for your contribution. Friends, we’ve exhausted the speaker’s list and it’s almost 12.50 and I wanted to have some time to also share my views on how we move forward from here. So I will need some time as well for that purpose. But I wanted to also explain why we had to do the microphone cutoff. This is the first time I’ve done this in five years and I did not do it with an easy heart. But perhaps it was not clear to you, I wanted to explain that this is also the very first time that the work of the OEWG. has been subjected to cuts in meeting time allocated by the UN Secretariat. These cuts in meeting and conference services are applied across the board to all meetings of the UN, all processes, all chairs and facilitators of UN processes have been asked to make a 10% cut. So this afternoon, this meeting room is not available and there are no interpretation services available. I’m ready to meet you anywhere and to listen to you. But if you want to have an open-ended meeting of this nature with interpretation, which is what the UN is all about, multilingualism, multilateral cooperation, this meeting room is not available. And why do we have to cut conference services? Because the UN is in financial crisis. And why are we in a state of financial crisis? Because some members do not pay in full and on time. It’s not a secret. And why do some members not pay in full and on time? Because of a variety of reasons that’s known to them. And a related point, which provides the context for our work, is that multilateralism is in crisis. I don’t need to belabor that point. But before I elaborate on that, let me come back to why we had to cut the microphone. So I apologize sincerely to those who feel that you were not allowed to express your points of view, that you did not get the time you deserved. There are some, I believe, who have not even spoken. There are some who have only spoken once. There were some who were subjected to the microphone cutoff. So I apologize for that. These were circumstances beyond my control. At the same time, this process has evolved in such a way that there is so much to say. That is a good thing. And it seems to me that we will need a two-week meeting for the future permanent mechanism. Actually one week is not enough for everything that needs to be said. But that is another issue. But I once again want to say that, you know, my apologies for cutting you off if you feel that you have been muzzled. Second, I want to ask in the remaining time that we have, I still have a request for a floor that has just come in. Is there anyone else who feel that you have not been heard and you need to put your views on the table? I can only go until 1 p.m. I see Albania, you have asked for the floor.
Albania: Thank you, Chair. First, Albania fully aligns with the statement of the European Union on regular institutional dialogue and multi-stakeholder modalities. We also reaffirm our strong commitment to responsible state behavior in cyberspace and welcome continued progress towards a permanent and effective mechanism in line with the General Assembly’s decision on the program of actions. We believe this future mechanism must be inclusive, action-oriented, and structured to deliver real-world solutions towards cybersecurity challenges. It should build on existing UN framework while adapting to evolving threats and technological developments. To effectively secure cyberspace, we must focus on concrete real-world challenges and avoid duplicating efforts. This requires adding a practical dimension to UN discussions so that we can focus on open-ended working group-style negotiations in the plenary, including on international law, along with dedicated thematic group discussions focused on implementation and capacity building. Cyber threats are rarely confined to a single area. They are interlinked and complex. Therefore, we support a framework where expert-level groups focus on concrete challenges, sharing best practices, and identifying solutions. certifying capacity-building needs, while the plenary continues to play its critical role in discussing the essentials. Clear and distinct role for each format plenary, DGTs and capacity-building platforms will ensure that efforts are streamlined, complementary and effective. The complexity of cybersecurity demands that we leverage the full breadth of expertise available. The private sector, the civil society, academia and technical experts offer critical insight that states alone cannot provide. Transparency and open dialogue must guide our work and we support decision-making processes that reflect the will of the majority where necessary. An inclusive mechanism is not only more effective but also legitimate. Albania believes we must move past the system in which the objection of a single state can prevent the broader community from benefiting from the expertise of diverse stakeholders. Albania has prepared its position for each of the issues discussed and will send them to the Secretariat. Albania fully committed to working constructively with all partners to establish a mechanism that reflects our shared goals. Thank you.
Chair: Thank you Albania. Is there anyone else who has not spoken and you feel that it’s important for you to speak and you need to speak now? Djibouti please.
Djibouti: Thank you, Chair. My delegation commences on the declaration of the African Union at the following its national capacity. At the outset, I would like on behalf of my delegation taking the floor for the first time to congratulate you on your leadership throughout the process. We commend your considerable efforts throughout the past five years to arrive at this document that reflects concerns on these very important issues. We also are pleased with the other reports on progress made on – toward a common understanding of ICT security and its challenges. We are pleased with the strengthening of confidence-building measures despite a difficult situation geopolitically. We welcome the entirety of this report. Establishment of a permanent mechanism represents a natural evolution that is necessary to continue our combined efforts, and we welcome in particular the focus on capacity-building. That’s an absolute priority for developing countries. The Global POC Directory is also a promising innovation that we support. The inclusive approach allowing participation of non-state actors corresponds to modern realities in the field of cybersecurity, where the borders between public and private are blurred. We recognize the link between cybersecurity and sustainable development, which is often overlooked but is very important for developing countries. For in the interest of time, Mr. Chair, we will send you our contributions in writing, and we hope the work of this 11th and last session will be successful. Thank you.
Chair: Thank you very much, Djibouti. Is there anyone else who would like to make a statement? Good, I see no further requests for the floor. Thank you very much for your cooperation. But friends, you still have the opportunity to send me your inputs and statements in writing. I’d like this process to have the collective sense that you have been heard, and I want to assure you that I and my team have listened very carefully to everything that has been said this week. I’ve taken careful notes myself, and so has my team. I’ve also received many, many of your statements and suggestions and proposals, and I thank you for them. And I will also need to go through them, and for that, I will need some time. Thirdly, I want to say that I have been very encouraged by the discussions so far. We are midway in the week. It’s Wednesday morning and I am very gratified by the very constructive tone and the manner in which all of you have taken the floor, put forward your ideas. I’m also very encouraged and gratified by the strong commitment you have demonstrated to this process, and more importantly, the commitment that you have demonstrated to reach an outcome this week. That is my strong sense from listening to all the statements, but also that is my strong sense from my various informal meetings and consultations. Everyone I have spoken to informally, but also in the context of your statements here, everyone is committed to reaching a consensus outcome. I think that should give all of us encouragement and hope that an outcome is possible. Second, I want to say that, as I said earlier, the UN is going through a very challenging period. And therefore, what we do here will send a very strong signal. Positive or negative, a signal will be sent on Friday. And if we are able to reach a consensus outcome on Friday, then I think that will be good, not just for this process and for our ability to make the transition to the next mechanism, but also for… for the very idea of multilateral cooperation, for the very idea and vision of the United Nations. So in that sense, my dear friends, on your shoulders lies also the burden to show to your capitals, to each other, and to the world that the spirit of multilateral cooperation is alive and well. And that additional burden arises because of the specific context in which we are doing our work. This additional burden would not normally be on your shoulders, but it is precisely because we are traversing a very difficult period geopolitically, internationally, and in the international security landscape, that each one of us have that additional responsibility to look at the larger picture and do whatever we can to reach that outcome. And as I said, what gives me hope and encouragement is the fact that all of you are committed, all of you have said to me you want an outcome, all of you have said to me you are determined to go back home with a consensus outcome on Friday. So that, I think, is the positive and the plus point. The other point that I would make is that we cannot conceal or hide the fact that there are divergences. You have heard it throughout the week. And often these divergences are expressed with regard to proposals put forward by another group of delegation or another delegation. And that works both ways. If a proposal is put forward by a delegation or a group of delegation, then there is also a counterpoint or a counter proposal or a counter proposal or a counter request from another group of delegation. So if we look at all the proposals, there’s usually a counterpoint or a counter proposal. And that makes finding consensus very challenging. Sometimes the proposals are in terms of additional language, sometimes the proposals are in terms of deletion. So for every proposal, for additional language, there is additional proposals for deletion of the additional proposals. Sometimes the proposal is for deletion, the counterpoint is a proposal to retain. So it’s a matrix of divergences. And that is why I think the task for us is challenging. But at the same time, there are also elements of convergence. First, as I said, there is the strong commitment to reach an outcome and make that seamless and smooth transition to a future permanent mechanism. I think that there is a very strong commitment to that. Second, a strong convergence and commitment to build on all that we have achieved over the last three years as a working group and then consolidate the outcomes, build on it, and then take it to the next process. And then there are many other details in terms of how we reflect the discussions, factually, objectively, even that is challenging because that could also come back to the points and counterpoints. Having said all of that, I want to give you another positive aspect. And that is the fact that I do see a narrow path visible and possible that will take us forward. And that is what I will try and do in preparing REV2. But it is important to keep in mind that the narrow path that is possible and visible to take a step forward is not a path that will go automatically in the direction of your capital’s views. and instructions that you have. There’s a narrow path possible, but that narrow path has to be in the middle. In the middle, because we are seeking to put together an outcome that is balanced for everyone, because we are in a consensus process. If it was a question of putting things to a vote, it will be much, much easier. But we are not in that exercise, which is why we have that additional burden also of looking for and walking a tightrope, almost a tightrope, towards consensus. And that tightrope is going to be right in the middle. And therefore, I appeal to each one of you, first of all, to be very clear about your prioritization. Because if you want so many things in REV2, it may not be possible to have everything that you hope to see in REV2. You need to be pragmatic, but most of all, you need to be flexible. My intention is to look for solutions that will work for everyone. I will do my best. But in the nature of the UN processes, we may not be able to satisfy everyone. And therefore, you need to be very clear about your own priority issues. And then, of course, at the same time, you also need to not just take and take and take, but you also need to give and give and give. That is in the nature of seeking consensus. That is in the nature of what we do at the UN. There has to be give and take. There has to be an open-mindedness. There has to be flexibility. And we need to be pragmatic because we can’t solve all the issues. Some of the issues will have to be left for the future mechanism. But we need to do what is necessary to ensure a smooth and seamless transition. transition, so that we do not put at risk what we have achieved, so that we do not take a step backwards, we need to take a step forward. So friends, these are some thoughts I have. In terms of the process, this is what I intend to do. I will, together with my team, we will be working on REV2, and it’s my intention to make that available around 9 p.m. this evening. I’ve said 9 p.m. in the past, and it came much later. Some of you will remember this, so give me some flexibility on the 9 p.m. So we will say 9 p.m.-ish. Thank you for your understanding. Second, tomorrow we will meet at 11 a.m., so as to give some time for you and your groups to meet, have a quick meeting in the morning. But at 11 a.m. we will reconvene, and I will present the REV2, and after that we can have some initial remarks, and you probably will need more time to go through. But we need to look at a conference room paper by the end of Thursday, because delegations will have to seek instructions. So we need a formal document by the end of Thursday. So the REV2 is a step that will lead us to a conference room paper at the end of Thursday, which by the way is what we have done for the last few years. So what I’m describing to you is not a novel methodology, but what we have been doing in the group. So REV2 tonight. Tomorrow morning, we meet at 11 a.m. and to allow for me to present the REF-2 and to hear initial remarks, and then we can reconvene at 3 and CRP to be put forward tomorrow, the formal document, so that you can send it back to capitals and their time zone differences. And then Friday morning, at 10 a.m., we meet to adopt the conference room paper by consensus. It’s possible, it’s achievable, but we need to go to REF-2 first. So on that note, I want to thank you once again, and I also want to thank our excellent, excellent, excellent bunch of interpreters who are unseen, underappreciated. So they are the unsung heroes and the backbone of multilateralism because they’ve given us another 10 minutes extra for that. So thank you, dear interpreters, for that. So friends, the meeting is adjourned. I wish you a pleasant lunch and see you tomorrow morning. Thank you. Thank you.
Access Now
Speech speed
174 words per minute
Speech length
529 words
Speech time
181 seconds
Commercial spyware targeting civilians requires international regulation with human rights law references
Explanation
Access Now argues that commercial spyware is regularly used to target civilian populations, diplomats, and other stakeholders, requiring international efforts on responsible ICT behavior to recognize this reality. They believe cyber intrusion capabilities must be used consistently with international law, including standards of necessity, legality, and proportionality as outlined in international human rights law.
Evidence
Access Now’s digital security helpline has seen over 1,000 cases each quarter in 2024, showing the tip of the cybersecurity crisis they face
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Human rights
International human rights law must be explicitly referenced in main body text
Explanation
Access Now argues that the current text leads to a less secure foundation than the past OEWG by failing to incorporate explicit references to international human rights law in the main body. They believe more needs to be done to specifically refer to international human rights law and humanitarian law in states’ positions on international cyber operations.
Major discussion point
International Law and Legal Framework
Topics
Human rights | Legal and regulatory
Disagreed with
– Switzerland
– ICRC
– Sweden
Disagreed on
International law references and use of force thresholds in cyberspace
OEWG should build on existing consensus rather than jeopardize previous achievements
Explanation
Access Now argues that the first OEWG and group of governmental experts left milestone consensus on responsible state behavior that provides a foundation to build upon. They believe the current working group has partly progressed but still risks jeopardizing the acquis that states achieved through tremendous work.
Evidence
The first OEWG and the group of governmental experts left milestone consensus achieved across the UN’s membership on responsible state behavior, despite the odds they faced
Major discussion point
Stakeholder Participation and Modalities
Topics
Legal and regulatory | Cybersecurity
Stakeholder modalities should be improved to avoid locking into politics
Explanation
Access Now joined 24 organizations and experts in supporting a joint letter asking for improved stakeholder modalities. They urge the working group not to lock themselves into politics but be pragmatic and give themselves all the tools they can achieve for meaningful rights-respecting cyber dialogue.
Evidence
They joined 24 organizations and experts this week in supporting a joint letter asking for improved stakeholder modalities
Major discussion point
Stakeholder Participation and Modalities
Topics
Legal and regulatory | Human rights
Agreed with
– German Council on Foreign Relations
– Alliance of NGOs on Crime Prevention and Criminal Justice
– European Union Institute for Security Studies
– First ORG. INC
– Global Partners Digital
– Stiftung Wissenschaft und Politik
– Italy
Agreed on
Stakeholder participation essential for effective cybersecurity governance
Disagreed with
– Belarus
– Alliance of NGOs on Crime Prevention and Criminal Justice
– Global Partners Digital
Disagreed on
Stakeholder participation modalities and accreditation processes
German Council on Foreign Relations
Speech speed
155 words per minute
Speech length
434 words
Speech time
167 seconds
Multi-stakeholder engagement essential for effective cybersecurity governance
Explanation
The German Council on Foreign Relations emphasizes that words alone do not suffice for cybersecurity governance, highlighting a huge gap in implementation of norms on critical infrastructure protection. They note that half of the countries represented have not yet designated critical infrastructure sectors within their territories, making it difficult to implement relevant norms.
Evidence
Research shows that half of the countries in the room have not yet designated critical infrastructure sectors within their territories
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Infrastructure
Agreed with
– Access Now
– Alliance of NGOs on Crime Prevention and Criminal Justice
– European Union Institute for Security Studies
– First ORG. INC
– Global Partners Digital
– Stiftung Wissenschaft und Politik
– Italy
Agreed on
Stakeholder participation essential for effective cybersecurity governance
Quantum computing presents foreseeable threat requiring urgent post-quantum cryptographic solutions
Explanation
The German Council argues that all UN member states are profoundly vulnerable to quantum computing, with no country having yet accomplished the transition to quantum security. They estimate that quantum computers might reach the capability to break conventional encryption by 2030, leaving only four years to complete this transition.
Evidence
Analysis found that no UN member state has yet accomplished the transition to quantum security, with some estimates suggesting quantum computers might break conventional encryption by 2030
Major discussion point
Emerging Technologies and Threats
Topics
Cybersecurity | Infrastructure
All UN member states vulnerable to quantum computing with no country having completed transition
Explanation
Research by the German Council shows that all UN member states are vulnerable for the day when quantum computers reach the capability to break conventional encryption. This vulnerability affects all countries represented in the working group, with no exceptions.
Evidence
DGIP research analysis found that no UN member state has yet accomplished the transition to quantum security
Major discussion point
Emerging Technologies and Threats
Topics
Cybersecurity | Infrastructure
Safe PC Solutions
Speech speed
109 words per minute
Speech length
317 words
Speech time
173 seconds
Generative AI and quantum computing need specific governance frameworks
Explanation
Safe PC Solutions argues that generative AI, as a rapidly advancing subset of AI capable of producing synthetic content, has introduced new vectors for disinformation, social engineering, and automated cyber attacks. They encourage the OEWG to consider referencing governance of generative AI as a distinct area of concern and suggest that quantum computing be separated and defined in the document.
Evidence
They met with member states from Africa, Latin America, and Pacific Islands who were not aware of their cybersecurity awareness training on a generative AI platform focusing on people of color
Major discussion point
Emerging Technologies and Threats
Topics
Cybersecurity | Legal and regulatory
Academia Mexicana de Ciberseguridad y Derecho Digital
Speech speed
119 words per minute
Speech length
367 words
Speech time
183 seconds
Cross-cutting human rights approach needed in digital sphere with accountability mechanisms
Explanation
The Mexican Academy argues for a cross-cutting approach to human rights in the digital sphere, noting that while the document mentions respecting human rights, there’s a lack of practical measures to fulfill this. They call for governance, traceability, and accountability in decision-making operations for public decisions, linked to products and services.
Major discussion point
Stakeholder Participation and Modalities
Topics
Human rights | Legal and regulatory
AI governance and quantum computing risks require specialized thematic group attention
Explanation
The Academy believes there’s a need for a specialized thematic group that can bring forward recommendations and look at technicalities based on evidence for emerging technologies like generative AI and quantum computing. They emphasize the need for vigilance in independent decision-making systems.
Major discussion point
Emerging Technologies and Threats
Topics
Cybersecurity | Legal and regulatory
Crest International
Speech speed
142 words per minute
Speech length
406 words
Speech time
171 seconds
International standards preferable to variable national standards for supply chain security
Explanation
Crest International argues that internationally recognized and agreed upon standards must be preferable to variable national standards in guiding states’ due diligence, measuring and verifying compliance with norms upheld by the international community. They believe this approach is essential for identifying gaps and measuring progress for capacity building.
Evidence
Crest brings 18 years of experience driving cyber resilience through supply chains, developing standards for technical cyber security services, and their certifications can be taken in 3,500 exam centers in 158 countries
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Infrastructure
Center for Humanitarian Dialogue
Speech speed
146 words per minute
Speech length
422 words
Speech time
172 seconds
Stakeholder participation critical for confidence-building and rule implementation
Explanation
The Center argues that many believe the problem is not an absence of rules, but a lack of confidence that states will respect them. They emphasize that rules are worth very little without confidence that they will enjoy respect, and that appropriate emphasis should be placed on confidence-building in the future permanent mechanism.
Evidence
They reference Russian Tsarina Catherine the Great’s words: ‘power without confidence is nothing’
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Legal and regulatory
Red on Defensa de los Derechos Digital
Speech speed
125 words per minute
Speech length
353 words
Speech time
169 seconds
Regional perspectives must be incorporated, particularly Latin American human rights interpretations
Explanation
R3D argues that the standing mechanism and its thematic groups need to incorporate a perspective of the global majority, particularly Latin America, regarding the inter-American system of human rights and differing interpretations of freedom of expression and privacy. They emphasize the importance of ensuring results are taken to regional and national contexts for real, fair, and effective implementation.
Evidence
They note that in their local context, authorities are constantly expanding use of technologies with more attributions to access and share data without effective limits
Major discussion point
Stakeholder Participation and Modalities
Topics
Human rights | Legal and regulatory
Alliance of NGOs on Crime Prevention and Criminal Justice
Speech speed
153 words per minute
Speech length
381 words
Speech time
149 seconds
Civil society engagement essential for transparency and effectiveness in cybersecurity governance
Explanation
The Alliance argues that stakeholders have consistently demonstrated the value of their contributions over the years of the working groups, showing strong commitment to responsible state behavior in cyberspace. They emphasize that advancement of responsible state behavior will fall short of effectiveness, transparency, and inclusivity if done without civil society support.
Evidence
They have seen more joint organization of side events and state-stakeholder cooperation initiatives outside of plenary sessions
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Legal and regulatory
Agreed with
– Access Now
– German Council on Foreign Relations
– European Union Institute for Security Studies
– First ORG. INC
– Global Partners Digital
– Stiftung Wissenschaft und Politik
– Italy
Agreed on
Stakeholder participation essential for effective cybersecurity governance
European Union Institute for Security Studies
Speech speed
140 words per minute
Speech length
415 words
Speech time
177 seconds
Capacity building requires cross-cutting approach with stakeholder inclusion as strategic enabler
Explanation
The EU Institute argues that capacity building should be recognized as a cross-cutting enabler for norm implementation, confidence building, and operationalization of international law, rather than being treated as a silo. They emphasize that capacity building has played a foundational role in advancing states’ understanding of how international law applies in cyberspace.
Major discussion point
Stakeholder Participation and Modalities
Topics
Development | Cybersecurity
Agreed with
– Australia
– Ghana
– Zimbabwe
– Nigeria
– Mauritius
– Italy
– Cuba
Agreed on
Capacity building is foundational and cross-cutting element
Wright pilot
Speech speed
140 words per minute
Speech length
368 words
Speech time
156 seconds
Standards harmonization needed as confidence building measure with multi-stakeholder support
Explanation
Wright pilot argues that internationally recognized standards must be preferred over varied international standards, emphasizing the need to recognize harmonization of standards as a confidence building measure. They note that standards serve multiple functions as technology security issues, governance matters, capacity building enablers, and components of international law.
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Infrastructure
Nuclear Age Peace Foundation
Speech speed
151 words per minute
Speech length
406 words
Speech time
160 seconds
Youth engagement crucial as digital natives who understand technology impacts on society
Explanation
The Nuclear Age Peace Foundation argues that youth engagement brings community insight and understanding of how technologies are used, abused, and experienced firsthand. They emphasize that civil society, especially youth as digital natives, comprises implementers, technical experts, and educators who understand how technologies function and affect societies.
Evidence
The speaker notes that their generation will live with consequences of today’s decisions on digital security, including AI-enabled conflict and attacks on critical infrastructure
Major discussion point
Stakeholder Participation and Modalities
Topics
Sociocultural | Human rights
Youth for Privacy
Speech speed
137 words per minute
Speech length
318 words
Speech time
139 seconds
Children and youth must be systematically embedded as valid stakeholders with fundamental rights
Explanation
Youth for Privacy argues that youth engagement is never optional but inalienable and part of fundamental rights. They note a concerning relative silence regarding the role of children and youth in the final report, despite their relevant lived experience that brings valuable contributions to the working group.
Evidence
The speaker is a 16-year-old representing marginalized voices of children in the process
Major discussion point
Stakeholder Participation and Modalities
Topics
Human rights | Sociocultural
Fundación Karisma
Speech speed
150 words per minute
Speech length
321 words
Speech time
127 seconds
Multi-sectoral work essential for local implementation of cybersecurity policies
Explanation
Fundación Karisma emphasizes the need to redouble efforts to ensure OEWG discussions and capacities are implemented at local levels by participating states. They argue that this process is complex and requires multisectoral work, time, and resources, calling for states to continue regarding local implementation.
Evidence
They cite the Colombian government’s real steps forward to improve policies and protocols, including attempts to update national legislation and create new cybersecurity bodies
Major discussion point
Stakeholder Participation and Modalities
Topics
Development | Legal and regulatory
First ORG. INC
Speech speed
160 words per minute
Speech length
492 words
Speech time
184 seconds
Incident response community brings practical experience that requires robust stakeholder modalities
Explanation
FIRST represents a forum of over 800 incident response practitioners from 113 economies, emphasizing that nearly every aspect of OEWG discussions involve or impact incident response. They argue that the most effective capacity-building efforts take an ecosystem-wide approach, leverage proactive engagement with stakeholders, and focus on long-term collaboration and community building.
Evidence
FIRST has developed collaborative, bottom-up standards like the Traffic Light Protocol and the Non-Vulnerability Scoring System, and worked with the Women in International Security and Cyberspace Fellowship to deliver tabletop exercises
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Development
Agreed with
– Access Now
– German Council on Foreign Relations
– Alliance of NGOs on Crime Prevention and Criminal Justice
– European Union Institute for Security Studies
– Global Partners Digital
– Stiftung Wissenschaft und Politik
– Italy
Agreed on
Stakeholder participation essential for effective cybersecurity governance
Global Cyber Alliance
Speech speed
158 words per minute
Speech length
482 words
Speech time
182 seconds
Existing effective mechanisms should be scaled rather than duplicated
Explanation
Global Cyber Alliance argues that several proposed initiatives in the draft risk duplicating existing and effective mechanisms. They emphasize that existing efforts are functioning, field-tested, and responsive to national priorities, warning that creating new structures without integrating stakeholders risks duplication, confusion, and inefficiency.
Evidence
They cite examples of potential duplication including the GFC’s civil portal, UNIDIR’s cyber policy portal, the Women in Cyber Fellowship Program, and FIRST’s training programs deployed in more than 70 countries
Major discussion point
Stakeholder Participation and Modalities
Topics
Cybersecurity | Development
Agreed with
– Australia
– Ukraine
– Italy
– Republic of Korea
Agreed on
Existing successful programs should be leveraged rather than duplicated
Disagreed with
– Australia
– Cuba
– Italy
Disagreed on
Capacity building funding mechanisms and duplication concerns
Women in cybersecurity Middle East
Speech speed
160 words per minute
Speech length
433 words
Speech time
161 seconds
Women’s participation models like WICSME should be recognized as global strategic blueprints
Explanation
WICSME argues that their organization represents a global strategic blueprint for building inclusive digital futures, uniting over 3,000 women across 22 Arab countries to strengthen cyber capacity and elevate women’s voices. They propose acknowledging WICSME and CyberShe as global blueprints for gender-responsive capacity building.
Evidence
They launched CyberShe regional capacity building program aiming to train 1,500 skilled female cyber talents across the region in three years, and participants from WICSME represent one-third of the global cohort in the ITU Women’s Cyber Mentorship Program
Major discussion point
Stakeholder Participation and Modalities
Topics
Human rights | Development
Global Partners Digital
Speech speed
148 words per minute
Speech length
415 words
Speech time
167 seconds
Human rights impacts of cyber incidents need multi-stakeholder collaboration framework
Explanation
Global Partners Digital argues that discussions around major cyber incidents often focus on technical and financial consequences but should also unpack human impacts, including on human rights and gender equality. They emphasize that this requires balancing technical measures with a rights-respecting, human-centric framework fostered by multi-stakeholder collaboration.
Evidence
They hosted a breakfast meeting alongside the Freedom Online Coalition exploring how ransomware has cascading impacts on human rights and gender equality
Major discussion point
Stakeholder Participation and Modalities
Topics
Human rights | Cybersecurity
Agreed with
– Access Now
– German Council on Foreign Relations
– Alliance of NGOs on Crime Prevention and Criminal Justice
– European Union Institute for Security Studies
– First ORG. INC
– Stiftung Wissenschaft und Politik
– Italy
Agreed on
Stakeholder participation essential for effective cybersecurity governance
Stiftung Wissenschaft und Politik
Speech speed
131 words per minute
Speech length
397 words
Speech time
180 seconds
Cross-regional coordination among stakeholders provides action-oriented proposals for meaningful participation
Explanation
The German Institute argues that the joint stakeholder statement on stakeholder modalities is an example of cross-regional coordination among stakeholders that provides action-oriented proposals for ensuring meaningful stakeholder contributions. They emphasize that ensuring meaningful stakeholder participation is primarily for the benefit of UN member states, given limited resources and expertise.
Evidence
They note that researchers have continuously provided evidence-based scientific expertise directly relevant to OEWG discussions
Major discussion point
Stakeholder Participation and Modalities
Topics
Legal and regulatory | Cybersecurity
Agreed with
– Access Now
– German Council on Foreign Relations
– Alliance of NGOs on Crime Prevention and Criminal Justice
– European Union Institute for Security Studies
– First ORG. INC
– Global Partners Digital
– Italy
Agreed on
Stakeholder participation essential for effective cybersecurity governance
Switzerland
Speech speed
180 words per minute
Speech length
538 words
Speech time
179 seconds
ICT operations comparable to traditional means can constitute use of force
Explanation
Switzerland argues that the sentence stating ‘an ICT operation may constitute the use of force when its scale and effects are comparable to non-ICT operations, rising to the level of a use of force’ has been deleted and needs to be reinstated. They support this position alongside Brazil, the UK, and many others.
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Cybersecurity
Disagreed with
– Access Now
– ICRC
– Sweden
Disagreed on
International law references and use of force thresholds in cyberspace
National positions on international law provide invaluable clarification that cyberspace is not lawless
Explanation
Switzerland congratulates Thailand, Republic of Korea, and New Zealand on publishing their national positions on international law application in cyberspace. They argue these positions are invaluable sources for clarifying the law and draw a clear picture that cyberspace is not lawless, neither in peacetime nor during armed conflicts.
Evidence
They note that discussions on international law, particularly IHL, have developed substantially over the past five years, evident in many contributions to the debate and publication of national and regional positions
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Cybersecurity
Agreed with
– Paraguay
– ICRC
– Viet Nam
– Colombia
– El Salvador
Agreed on
International law applies to cyberspace with need for clearer implementation
Due diligence obligations and state responsibility principles apply to cyber operations
Explanation
Switzerland welcomes the mention of state responsibility, due diligence, and international humanitarian law in the list of topics for discussion. They argue that international human rights law should also be included as it was discussed and raised by numerous delegations and reflected in cross-regional papers on areas of convergence.
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Human rights
Paraguay
Speech speed
151 words per minute
Speech length
88 words
Speech time
34 seconds
UN Charter principles of sovereign equality and peaceful relations apply to cyberspace
Explanation
Paraguay emphasizes the applicability of international law to cyberspace, particularly the UN Charter, which has clear principles and purposes regarding sovereign equality of states and maintaining peace and security in the international arena. They reference the importance of supporting friendly relations among nations.
Evidence
They reference the preamble to the Vienna Convention on Diplomatic Relations
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Cybersecurity
Agreed with
– Switzerland
– ICRC
– Viet Nam
– Colombia
– El Salvador
Agreed on
International law applies to cyberspace with need for clearer implementation
ICRC
Speech speed
127 words per minute
Speech length
372 words
Speech time
175 seconds
International humanitarian law prohibits attacks on civilian objects and hospitals in cyberspace
Explanation
The ICRC emphasizes that there are over 130 armed conflicts worldwide where ICT activities are integral, and they have documented cyber operations aimed at disrupting or destroying essential services for civilian populations. They argue that IHL prohibits attacks on civilian objects, targeting hospitals, and launching indiscriminate or disproportionate attacks, including through ICTs.
Evidence
ICRC colleagues in countries affected by armed conflicts have documented cyber operations aimed at disrupting essential services that put civilian lives in danger
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Human rights
Agreed with
– Switzerland
– Paraguay
– Viet Nam
– Colombia
– El Salvador
Agreed on
International law applies to cyberspace with need for clearer implementation
Disagreed with
– Switzerland
– Access Now
– Sweden
Disagreed on
International law references and use of force thresholds in cyberspace
Humanitarian red line exists prohibiting attacks on civilian infrastructure through ICTs
Explanation
The ICRC argues that through global, regional, and cross-regional cooperation, there is now overwhelming agreement on a humanitarian red line in the use of ICTs. They call on delegations to reflect this humanitarian red line in the final report and ensure that additional discussions do not cast doubt on existing legal protection for civilian populations.
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Human rights
Viet Nam
Speech speed
124 words per minute
Speech length
343 words
Speech time
165 seconds
Cross-regional working papers represent areas of emerging convergence on international law
Explanation
Vietnam, speaking for a cross-regional group of states, argues that over the years of the OEWG, states have engaged in increasingly detailed discussions on international law that have helped reinforce capacity and deepen common understanding. They present proposals representing areas of emerging convergence based on discussions and state national positions.
Evidence
The cross-regional group includes Australia, Chile, Colombia, Dominican Republic, Ecuador, El Salvador, Estonia, Fiji, Germany, Kiribati, Moldova, Netherlands, Papua New Guinea, Romania, Thailand, Uruguay, Vanuatu, and Vietnam
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Human rights
Agreed with
– Switzerland
– Paraguay
– ICRC
– Colombia
– El Salvador
Agreed on
International law applies to cyberspace with need for clearer implementation
Belarus
Speech speed
161 words per minute
Speech length
496 words
Speech time
184 seconds
Seamless transition from OEWG to permanent mechanism without undermining mandate
Explanation
Belarus emphasizes that the main priority should be having a seamless transition between the current OEWG and the future mechanism without undermining its mandate and taking into account all five pillars. They argue that establishment of thematic groups is not a prerequisite for success of the concluding session.
Major discussion point
Future Permanent Mechanism Structure
Topics
Legal and regulatory | Cybersecurity
Czechia
Speech speed
206 words per minute
Speech length
558 words
Speech time
162 seconds
International law discussions should be integrated with specific issues rather than isolated
Explanation
Czechia strongly disagrees with creating a specific group on international law, arguing that discussions on law should not stay alone without being related to specific issues that the law addresses. They consider cross-cutting thematic groups to be the most convenient format that can cover all related issues including international law and norm implementation.
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Cybersecurity
Cross-cutting action-oriented thematic groups preferred over pillar-based structure
Explanation
Czechia supports a structure that is inclusive, efficient, and action-oriented, emphasizing cross-cutting thematic groups that reflect the interconnected nature of cyber issues. They argue this structure ensures coherence across the mechanism’s work and allows discussion of all aspects of specific cyber issues within one group.
Evidence
From their experience as a country providing cyber capacity-building, they see that capacity-building derived from specifically articulated needs is most effective
Major discussion point
Future Permanent Mechanism Structure
Topics
Cybersecurity | Development
Agreed with
– New Zealand
– Albania
– Latvia
– Guatemala
Agreed on
Cross-cutting thematic groups preferred over pillar-based structure
Disagreed with
– Belarus
– Guatemala
– Latvia
Disagreed on
Structure of future permanent mechanism – cross-cutting vs pillar-based thematic groups
Australia
Speech speed
152 words per minute
Speech length
382 words
Speech time
150 seconds
Capacity building is foundational and cross-cutting element requiring concrete implementation mechanisms
Explanation
Australia emphasizes that capacity building is foundational to developing capabilities necessary to increase state cyber security and resilience and implement the framework for responsible state behavior. They stress the need for cost-efficient capacity building that leverages existing resources and avoids duplication, particularly in the context of UN80.
Evidence
Australia is a proud sponsor of the Women in International Security and Cyberspace Fellowship which has supported over 120 women from 55 countries and is considered best practice and cost-efficient
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Cybersecurity
Agreed with
– European Union Institute for Security Studies
– Ghana
– Zimbabwe
– Nigeria
– Mauritius
– Italy
– Cuba
Agreed on
Capacity building is foundational and cross-cutting element
Existing successful programs should be supported rather than duplicated
Explanation
Australia supports retaining reference to existing successful programs like the Women in International Security and Cyberspace Fellowship and notes other programs like French, Irish and Singaporean sponsorship programs. They argue it’s premature to prescribe direction of discussions on new funding mechanisms given major fiscal constraints and many alternative funding instruments available.
Evidence
The Women in International Security and Cyberspace Fellowship has supported over 120 women from 55 countries to participate in the OEWG
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Human rights
Agreed with
– Global Cyber Alliance
– Ukraine
– Italy
– Republic of Korea
Agreed on
Existing successful programs should be leveraged rather than duplicated
Disagreed with
– Cuba
– Global Cyber Alliance
– Italy
Disagreed on
Capacity building funding mechanisms and duplication concerns
Zimbabwe
Speech speed
125 words per minute
Speech length
389 words
Speech time
186 seconds
Global ICT security cooperation portal needed as neutral member state-driven resource platform
Explanation
Zimbabwe welcomes the proposal for a global ICT security cooperation and capacity building portal, defined as a neutral member state-driven one-stop shop for capacity building resources. They emphasize that this portal must prioritize accessibility for developing countries and integrate with existing mechanisms to avoid duplication.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Infrastructure
Agreed with
– Australia
– European Union Institute for Security Studies
– Ghana
– Nigeria
– Mauritius
– Italy
– Cuba
Agreed on
Capacity building is foundational and cross-cutting element
South-South and triangular cooperation important to complement traditional partnerships
Explanation
Zimbabwe stresses the importance of South-South and triangular cooperation as highlighted in the report to complement traditional North-South partnerships, leveraging shared regional experiences in Africa and beyond. They call for increased international cooperation and targeted technical assistance for developing regional capabilities.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Economic
Latvia
Speech speed
130 words per minute
Speech length
373 words
Speech time
171 seconds
UN Cyber Resilience Academy within UNIDIR should be established for implementation
Explanation
Latvia, speaking jointly with Vietnam, welcomes the reference to establishing a UN Cyber Resilience Academy within UNIDIR as proposed by their countries and supported by many others. They argue there is clear demand for capacity building in the future permanent mechanism and that the Academy is meant to be the implementation mechanism.
Evidence
The proposal was supported by many other member states and is intended to conduct research and capacity building activities on cyber security and resilience issues
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Cybersecurity
Mauritius
Speech speed
151 words per minute
Speech length
905 words
Speech time
357 seconds
Needs-based and tailored approaches essential for effective capacity building programs
Explanation
Mauritius emphasizes the importance of whole-of-government coordination in national implementation of norms and recognizes that regional organizations can serve as vital partners in facilitating implementation, particularly by supporting capacity building efforts and addressing shared challenges from technical gaps and diverse legal systems.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Legal and regulatory
Agreed with
– Australia
– European Union Institute for Security Studies
– Ghana
– Zimbabwe
– Nigeria
– Italy
– Cuba
Agreed on
Capacity building is foundational and cross-cutting element
Regional organizations serve as vital implementation partners and capacity building hubs
Explanation
Mauritius proposes that regional organizations could act as implementation hubs to coordinate technical assistance, training, and knowledge exchange, and serve as liaison bodies for the future permanent mechanism. They could facilitate regional dialogues and submit regional reports or positions to the UN.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Legal and regulatory
Critical infrastructure designation remains sovereign prerogative requiring national frameworks
Explanation
Mauritius affirms that designation of critical infrastructure and critical information infrastructure remains a sovereign prerogative and supports development of national risk assessments, training programs and frameworks. They note that identification of critical services and owners is often challenging for developing states.
Major discussion point
Norms and Responsible State Behavior
Topics
Cybersecurity | Infrastructure
Ghana
Speech speed
151 words per minute
Speech length
232 words
Speech time
91 seconds
Technical and hands-on training critical for developing national cyber capabilities
Explanation
Ghana recognizes the importance of strengthening computer emergency response teams through structured mentorship programs, joint training initiatives, and robust information sharing mechanisms. They call for increased international cooperation and targeted technical assistance aimed at developing and reinforcing regional capabilities, particularly within the African context.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Cybersecurity
Agreed with
– Australia
– European Union Institute for Security Studies
– Zimbabwe
– Nigeria
– Mauritius
– Italy
– Cuba
Agreed on
Capacity building is foundational and cross-cutting element
Voluntary fund establishment essential for supporting developing country participation
Explanation
Ghana welcomes and strongly supports the UN Voluntary Fund as referenced in the report and believes these provisions should be retained in the final report. They also support the establishment of a sponsorship program administered by the UN Secretariat.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Economic
Nigeria
Speech speed
141 words per minute
Speech length
434 words
Speech time
184 seconds
Integration of modern technology with indigenous knowledge ensures sustainability
Explanation
Nigeria advocates for practical context with actionable support for cybersecurity infrastructure, emphasizing that transfer of knowledge should be need-based, inclusive, transparent, and tailored while integrating with indigenous knowledge for sustainability. This integration enables states to nurture diverse skilled cybersecurity workforces and defend critical infrastructure.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Sociocultural
Agreed with
– Australia
– European Union Institute for Security Studies
– Ghana
– Zimbabwe
– Mauritius
– Italy
– Cuba
Agreed on
Capacity building is foundational and cross-cutting element
Gender inclusiveness and youth engagement vital for maximizing human capacity
Explanation
Nigeria emphasizes that gender inclusiveness in cybersecurity is vital to maximize human capacity, noting that women are famous for their multitasking ability which is crucial in cybersecurity. They also stress the importance of preparing the younger generation beyond social media use to understand cybersecurity complexity.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Human rights | Sociocultural
Arab Association of Cybersecurity
Speech speed
176 words per minute
Speech length
485 words
Speech time
164 seconds
Women’s meaningful participation must be promoted in capacity building initiatives
Explanation
The Arab Association welcomes references to women’s meaningful participation and sees an opportunity to lead by example by promoting gender parity in national delegations and ensuring women cybersecurity leaders are actively involved in OEWG discussions and consultations.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Human rights | Development
Guatemala
Speech speed
136 words per minute
Speech length
276 words
Speech time
121 seconds
Moderate number of thematic groups with specific focus on capacity building required
Explanation
Guatemala supports creation of a moderate number of technical and thematic working groups and believes it’s vital that one should focus specifically on the capacity building pillar. They emphasize this is a priority for developing countries and must be addressed structurally, looking for specific and sustainable results.
Evidence
They highlight working documents submitted by countries from their region seeking to include various dimensions of capacity building
Major discussion point
Future Permanent Mechanism Structure
Topics
Development | Legal and regulatory
Agreed with
– Czechia
– New Zealand
– Albania
– Latvia
Agreed on
Cross-cutting thematic groups preferred over pillar-based structure
Disagreed with
– Czechia
– Belarus
– Latvia
Disagreed on
Structure of future permanent mechanism – cross-cutting vs pillar-based thematic groups
India
Speech speed
166 words per minute
Speech length
484 words
Speech time
174 seconds
Regular institutional dialogue should be representative, inclusive, and democratic
Explanation
India emphasizes that one of the most important characteristics of the OEWG that should be preserved is that it is representative, inclusive, and democratic (RID). They want the future Regular Institutional Dialogue to also be RID, arguing that the strength lies in the ability to build consensus.
Evidence
India’s own journey with digital public infrastructure, exemplified by the open architecture of India’s TAC, demonstrates the potential of accessible, secure, and interoperable digital systems
Major discussion point
Future Permanent Mechanism Structure
Topics
Development | Legal and regulatory
Digital public infrastructure demonstrates potential for secure and interoperable systems
Explanation
India highlights their transformative journey with digital public infrastructure, particularly the open architecture of India’s TAC, which demonstrates the profound potential of accessible, secure, and interoperable digital systems to uplift societies and accelerate progress at population scale.
Evidence
India’s TAC, from its inception, endeavors to implement secure by design, by default, and in deployment
Major discussion point
Emerging Technologies and Threats
Topics
Development | Infrastructure
New Zealand
Speech speed
139 words per minute
Speech length
221 words
Speech time
94 seconds
Single-track format with concrete meaningful exchanges needed for success
Explanation
New Zealand supports crosscutting issue-oriented discussions to allow for concrete and meaningful exchanges, including to support effective capacity building, and wants to move forward in a single-track format. They emphasize that establishing a permanent UN forum focused on ICT security would be a significant achievement.
Major discussion point
Future Permanent Mechanism Structure
Topics
Legal and regulatory | Cybersecurity
Agreed with
– Czechia
– Albania
– Latvia
– Guatemala
Agreed on
Cross-cutting thematic groups preferred over pillar-based structure
Albania
Speech speed
122 words per minute
Speech length
342 words
Speech time
166 seconds
Action-oriented structure needed to deliver real-world cybersecurity solutions
Explanation
Albania believes the future mechanism must be inclusive, action-oriented, and structured to deliver real-world solutions to cybersecurity challenges. They argue for focusing on concrete real-world challenges and avoiding duplicating efforts, requiring a practical dimension to UN discussions.
Major discussion point
Future Permanent Mechanism Structure
Topics
Cybersecurity | Legal and regulatory
Agreed with
– Czechia
– New Zealand
– Latvia
– Guatemala
Agreed on
Cross-cutting thematic groups preferred over pillar-based structure
El Salvador
Speech speed
119 words per minute
Speech length
374 words
Speech time
188 seconds
Voluntary nature of norms and complementarity with international law must be recognized
Explanation
El Salvador welcomes the rewording of relevant paragraphs and addition of language that recognizes the voluntary nature of norms and how they are complementary with international law. They support the redrafting that eliminates reference to non-state actors, believing it consistent with the applicability of the framework for responsible behavior.
Major discussion point
Norms and Responsible State Behavior
Topics
Legal and regulatory | Cybersecurity
Agreed with
– Switzerland
– Paraguay
– ICRC
– Viet Nam
– Colombia
Agreed on
International law applies to cyberspace with need for clearer implementation
South Africa
Speech speed
110 words per minute
Speech length
243 words
Speech time
131 seconds
Norm implementation requires specific capacity building to address gaps
Explanation
South Africa appreciates recognition of the value of developing targeted ICT security capacity building programs to address implementation challenges and capacity gaps. They support the inclusion of the voluntary checklist of implementation and consider common templates essential tools for requesting and responding to assistance requests.
Major discussion point
Norms and Responsible State Behavior
Topics
Development | Cybersecurity
Dominican Republic
Speech speed
145 words per minute
Speech length
415 words
Speech time
171 seconds
Practical measures and good practices needed for norm operationalization
Explanation
Dominican Republic expresses support for voluntary norms for responsible behavior in cyberspace, welcoming the inclusion of practical measures and supporting existing norms and good practices, particularly regarding critical infrastructure and supply chains. They think it’s appropriate to have references to regional provisions adopted in South American states.
Evidence
They reference recent adoption of practices on critical infrastructure looking at all possible dangers
Major discussion point
Norms and Responsible State Behavior
Topics
Cybersecurity | Infrastructure
Sweden
Speech speed
147 words per minute
Speech length
198 words
Speech time
80 seconds
Framework for responsible state behavior must be strengthened rather than weakened
Explanation
Sweden regrets new language reading ‘exclusively peaceful purposes’ as it diverts from previously agreed language and denies both obligations and rights given to states under international law. They argue that the UN framework of responsible state behavior is what gives stability and security in the ICT domain and cannot risk weakening it.
Major discussion point
Norms and Responsible State Behavior
Topics
Legal and regulatory | Cybersecurity
Disagreed with
– Switzerland
– Access Now
– ICRC
Disagreed on
International law references and use of force thresholds in cyberspace
United Kingdom
Speech speed
150 words per minute
Speech length
351 words
Speech time
140 seconds
Templates for assistance requests should be voluntary and clearly titled
Explanation
The UK appreciates improvements in Rev. 1 regarding templates and suggests that paragraph references should read ‘voluntary template for communications’ to underscore the voluntary nature and be consistent with the voluntary checklist of practical actions.
Major discussion point
Norms and Responsible State Behavior
Topics
Legal and regulatory | Cybersecurity
Republic of Korea
Speech speed
127 words per minute
Speech length
345 words
Speech time
162 seconds
Global point of contact directory requires broad participation and flexible implementation
Explanation
Republic of Korea underscores the critical role of information sharing through the global point of contact network and emphasizes that for the POC network to function effectively as a CBM, it’s crucial to ensure broad participation by member states. They welcome flexible and voluntary use of the POC template.
Evidence
Republic of Korea has been hosting the world emerging security forum since 2021, with the fourth forum bringing together government officials, private sector experts, academia, and civil society
Major discussion point
Confidence Building Measures
Topics
Cybersecurity | Legal and regulatory
CBMs serve to reduce misunderstanding and prevent conflict escalation
Explanation
Republic of Korea believes that the purpose of CBMs is to reduce misunderstanding, enhance predictability and prevent escalation of conflicts. They emphasize the critical role of information sharing through the global point of contact network in achieving these objectives.
Evidence
They will host the fifth world emerging security forum in September 2024 in Seoul under the theme ‘the evolution of hybrid threats and international security’
Major discussion point
Confidence Building Measures
Topics
Cybersecurity | Legal and regulatory
Agreed with
– Australia
– Global Cyber Alliance
– Ukraine
– Italy
Agreed on
Existing successful programs should be leveraged rather than duplicated
Disagreed with
– Ukraine
– Cuba
– Kingdom of the Netherlands
Disagreed on
Confidence building measures – new proposals vs existing implementation
Ukraine
Speech speed
148 words per minute
Speech length
344 words
Speech time
139 seconds
Existing eight CBMs should be operationalized before developing new proposals
Explanation
Ukraine does not support development of additional CBMs at this stage, observing that the potential of existing CBMs has not been explored to its fullest yet. They emphasize the need to focus on further development and implementation of the eight agreed CBMs and effective functioning of the POC directory.
Evidence
Ukraine gave an example during their intervention of how CBM-3 can add to the functioning of the future permanent mechanism
Major discussion point
Confidence Building Measures
Topics
Cybersecurity | Legal and regulatory
Agreed with
– Australia
– Global Cyber Alliance
– Italy
– Republic of Korea
Agreed on
Existing successful programs should be leveraged rather than duplicated
Disagreed with
– Cuba
– Kingdom of the Netherlands
– Republic of Korea
Disagreed on
Confidence building measures – new proposals vs existing implementation
Cameroon
Speech speed
130 words per minute
Speech length
219 words
Speech time
100 seconds
Regional POC networks should be integrated to enhance incident response capabilities
Explanation
Cameroon supports the functioning of the POC directory but proposes amending relevant paragraphs to include that the directory shall integrate regional POC networks to enhance incident response, leveraging templates. They also propose that exercises should prioritize scenarios affecting least developing countries.
Major discussion point
Confidence Building Measures
Topics
Cybersecurity | Development
Kingdom of the Netherlands
Speech speed
141 words per minute
Speech length
420 words
Speech time
177 seconds
Focus needed on effective operationalization before further development
Explanation
The Netherlands argues that as they have encountered obstacles with the practice of the POC directory, they favor first focusing on effective, inclusive and constructive operationalization before developing it further. They wish to include language about proceeding ‘in a step-by-step manner.’
Major discussion point
Confidence Building Measures
Topics
Cybersecurity | Legal and regulatory
Disagreed with
– Ukraine
– Cuba
– Republic of Korea
Disagreed on
Confidence building measures – new proposals vs existing implementation
Regional organizations and technical community roles should be explicitly recognized
Explanation
The Netherlands asks to explicitly recognize the role of regional organizations and the technical community alongside other stakeholders as they play a critical role in the implementation of CBMs.
Major discussion point
Confidence Building Measures
Topics
Cybersecurity | Legal and regulatory
Interpol
Speech speed
156 words per minute
Speech length
436 words
Speech time
167 seconds
Criminal misuse of ICTs poses significant threats to essential services requiring collective action
Explanation
Interpol welcomes recognition of threats posed by criminal misuse of ICTs given their significant potential to disrupt essential services and cause serious harm. They report an alarming increase in cybercrime incidents, with one country seeing over 17,000 ransomware detections and another facing a 3,000 percent rise in scam alerts.
Evidence
Interpol’s latest Africa Cyber Threat Assessment reported alarming increases in cybercrime incidents across the continent
Major discussion point
Criminal Misuse and Law Enforcement
Topics
Cybersecurity | Legal and regulatory
Sophisticated criminal networks using advanced techniques like deepfakes target global infrastructure
Explanation
Interpol notes that across the globe, sophisticated criminal networks are using techniques like phishing, malware, and deepfakes to target citizens, governments, and businesses. These threats mirror many of those recognized in the working group’s discussions and underscore the need for collective action.
Major discussion point
Criminal Misuse and Law Enforcement
Topics
Cybersecurity | Legal and regulatory
International law enforcement cooperation essential for countering cyber threats
Explanation
Interpol encourages member states to continue leveraging their global capabilities and network to address criminal and terrorist use of ICTs in line with the Framework on Responsible State Behavior. They emphasize strengthening trust and confidence building between 196 member countries for practical law enforcement cooperation.
Evidence
Their relaunched Cybercrime Expert Group brings together over 170 experts from around the world to examine the evolving cyber threat landscape
Major discussion point
Criminal Misuse and Law Enforcement
Topics
Cybersecurity | Legal and regulatory
Capacity building should focus on operational outcomes against specific cyber threats
Explanation
Interpol delivers capacity building tailored to frontline officers’ needs across different regions, aimed at producing operational outcomes against specific cyber threats. This model has enabled dismantling of hundreds of thousands of malicious infrastructures and arrest of thousands of suspects.
Evidence
With support from partners like the European Union, Council of Europe, and United Kingdom, their efforts resulted in dismantling hundreds of thousands of malicious infrastructures and thousands of arrests in the last year
Major discussion point
Criminal Misuse and Law Enforcement
Topics
Cybersecurity | Development
Trust and confidence building between states foundation for effective international cooperation
Explanation
Interpol argues that their results show what is possible when working together, and that a future permanent mechanism can play a vital role in strengthening trust and confidence between states, which is the foundation on which effective international cooperation is built.
Major discussion point
Criminal Misuse and Law Enforcement
Topics
Cybersecurity | Legal and regulatory
Center of Excellence for National Security
Speech speed
148 words per minute
Speech length
459 words
Speech time
184 seconds
Hybrid consultative meetings with stakeholder study groups should organize intersessional work
Explanation
The Center proposes that chairs of the future permanent mechanism appoint corresponding non-governmental track two counterparts to organize stakeholder study groups supporting dedicated thematic groups. These groups would convene regional or global meetings in hybrid modalities to enable wider participation regardless of accreditation, visa status, time zone, or funding.
Evidence
They draw on the precedent of CSCAP (Council for Security Cooperation in Asia Pacific) which assists the ASEAN Regional Forum with experts from all ASEAN member states, Australia, Canada, China, Europe, India, Japan, Korea, Mongolia, New Zealand, Papua New Guinea, Russia, the U.S., and Pacific states
Major discussion point
Stakeholder Participation and Modalities
Topics
Legal and regulatory | Cybersecurity
Chair
Speech speed
127 words per minute
Speech length
4700 words
Speech time
2205 seconds
UN financial crisis forces meeting time cuts affecting multilateral cooperation
Explanation
The Chair explains that for the first time in five years, OEWG work has been subjected to cuts in meeting time due to UN Secretariat budget constraints. These cuts are applied across all UN meetings because the UN is in financial crisis due to some members not paying in full and on time.
Evidence
This afternoon, the meeting room is not available and there are no interpretation services available due to 10% cuts in meeting and conference services applied across the board
Major discussion point
Future Permanent Mechanism Structure
Topics
Economic | Legal and regulatory
Multilateralism is in crisis requiring additional responsibility from delegates
Explanation
The Chair emphasizes that multilateralism is in crisis, placing an additional burden on delegates’ shoulders to show that multilateral cooperation is alive and well. What they achieve will send a strong signal, positive or negative, about the future of multilateral cooperation and the United Nations.
Evidence
The UN is going through a very challenging period geopolitically, internationally, and in the international security landscape
Major discussion point
Future Permanent Mechanism Structure
Topics
Legal and regulatory | Cybersecurity
Narrow path to consensus requires flexibility and prioritization from all delegations
Explanation
The Chair sees a narrow path visible for consensus but warns it requires walking a tightrope in the middle, not automatically going in the direction of any capital’s views. Delegations need to be pragmatic, flexible, and clear about their priorities while engaging in give and take.
Evidence
For every proposal for additional language, there are proposals for deletion; for every proposal for deletion, there are counterproposals to retain, creating a matrix of divergences
Major discussion point
Future Permanent Mechanism Structure
Topics
Legal and regulatory | Cybersecurity
Djibouti
Speech speed
153 words per minute
Speech length
236 words
Speech time
92 seconds
Permanent mechanism represents natural evolution necessary for continued combined efforts
Explanation
Djibouti welcomes the establishment of a permanent mechanism as a natural evolution necessary to continue combined efforts. They particularly welcome the focus on capacity-building as an absolute priority for developing countries and support the Global POC Directory as a promising innovation.
Major discussion point
Future Permanent Mechanism Structure
Topics
Development | Cybersecurity
Inclusive approach allowing non-state actors corresponds to modern cybersecurity realities
Explanation
Djibouti supports the inclusive approach allowing participation of non-state actors, arguing it corresponds to modern realities in cybersecurity where borders between public and private sectors are blurred. They also recognize the important link between cybersecurity and sustainable development.
Major discussion point
Stakeholder Participation and Modalities
Topics
Development | Cybersecurity
Tunisia
Speech speed
111 words per minute
Speech length
149 words
Speech time
80 seconds
Arab Group initiative on norms implementation was formally proposed and supported
Explanation
Tunisia, speaking for the Arab Group, reiterates that their initiative for supporting implementation of rules and norms was formally proposed during the 9th session with visual presentation uploaded to the OEWG website. The initiative enjoyed support from a number of states during the 9th and 10th sessions.
Evidence
The initiative was formally proposed during the 9th session and supported through a visual presentation uploaded to the OAEWG website by Kuwait, with Arab Group formal support statement during the 10th session available on the website
Major discussion point
Norms and Responsible State Behavior
Topics
Legal and regulatory | Cybersecurity
Italy
Speech speed
134 words per minute
Speech length
350 words
Speech time
156 seconds
Cyber capacity building should be central and cross-cutting component with integrated policy vision
Explanation
Italy considers cyber capacity building central and cross-cutting for both OEWG and future permanent mechanism work, noting it’s at the core of their national cyber diplomacy. They argue for a more integrated policy vision rather than overemphasis on financial instruments, and stress avoiding duplication by leveraging existing tools and mechanisms.
Evidence
They note existing efforts of UNODA, UNIDIR, ITU and multi-stakeholder platforms such as the GFC should be leveraged more systematically
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Cybersecurity
Agreed with
– Australia
– Global Cyber Alliance
– Ukraine
– Republic of Korea
Agreed on
Existing successful programs should be leveraged rather than duplicated
Disagreed with
– Australia
– Cuba
– Global Cyber Alliance
Disagreed on
Capacity building funding mechanisms and duplication concerns
Multi-stakeholder engagement indispensable for effective capacity building
Explanation
Italy strongly supports an approach that actively involves governments, private sector, academia, NGOs and civil society, arguing that governments alone cannot always deliver what is needed. They believe technical and informed voices are indispensable for successful capacity building, criticizing current language as too weak in this respect.
Major discussion point
Stakeholder Participation and Modalities
Topics
Development | Cybersecurity
Agreed with
– Access Now
– German Council on Foreign Relations
– Alliance of NGOs on Crime Prevention and Criminal Justice
– European Union Institute for Security Studies
– First ORG. INC
– Global Partners Digital
– Stiftung Wissenschaft und Politik
Agreed on
Stakeholder participation essential for effective cybersecurity governance
Cuba
Speech speed
113 words per minute
Speech length
156 words
Speech time
82 seconds
Capacity building essential for eliminating digital divide affecting developing countries
Explanation
Cuba emphasizes the importance of capacity building to eliminate the deep and increasingly growing digital divide affecting developing countries. They support robust language with specific proposals and argue that diluting or limiting capacity building would be against a global response to counter ICT security threats.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Cybersecurity
Agreed with
– Australia
– European Union Institute for Security Studies
– Ghana
– Zimbabwe
– Nigeria
– Mauritius
– Italy
Agreed on
Capacity building is foundational and cross-cutting element
Disagreed with
– Ukraine
– Kingdom of the Netherlands
– Republic of Korea
Disagreed on
Confidence building measures – new proposals vs existing implementation
UN budgetary constraints cannot be pretext for limiting developing country needs
Explanation
Cuba argues that budgetary constraints at the UN, essentially because of denial by major contributors, cannot be used as a pretext when addressing the needs of developing countries. They support maintaining reference to new confidence building measures on facilitating access to ICT security goods and services.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Economic | Development
Disagreed with
– Australia
– Global Cyber Alliance
– Italy
Disagreed on
Capacity building funding mechanisms and duplication concerns
Russian Federation
Speech speed
120 words per minute
Speech length
109 words
Speech time
54 seconds
Webcast interruptions violate transparency and participation principles
Explanation
The Russian Federation points out continuing problems with interruption in the webcast of OEWG meetings in Russia through UN Web TV website. They argue this runs counter to principles of transparency and participation of states in OEWG activities, as their experts cannot participate in person and are being excluded from following discussions.
Evidence
Their experts have not been able to take part in person in the meeting and are essentially being excluded from following discussions at this important session
Major discussion point
Future Permanent Mechanism Structure
Topics
Legal and regulatory | Cybersecurity
Hitachi America
Speech speed
90 words per minute
Speech length
271 words
Speech time
180 seconds
Private sector can contribute to updating threats and applying norm checklists across sectors
Explanation
Hitachi America, as a private company providing critical infrastructure globally, argues they can contribute to updating threats such as negative use of AI and quantum computing while applying norm checklists across different designated sectors by state and regions. They emphasize working with inclusive stakeholders under UN auspices.
Evidence
They provide safe, secure, reliable civilian critical infrastructure including energy, transportation, digital water, and data for people globally while applying positive innovations in AI, quantum and nuclear fusion
Major discussion point
Stakeholder Participation and Modalities
Topics
Infrastructure | Cybersecurity
Capacity building most significant contribution through global best practices sharing
Explanation
Hitachi emphasizes that capacity building is their most significant potential contribution, including global roundtables, best practices such as security by design, zero trust, AI security and ethics, and quantum safe securities. They note that capacity building serves as a confidence building measure and relates to digital compacts and SDGs.
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Infrastructure
Colombia
Speech speed
134 words per minute
Speech length
263 words
Speech time
117 seconds
National positions on international law should include development processes
Explanation
Colombia supports the importance of developing national positions on international law, noting that working with other countries in outlining their national position was a determining experience. They propose adding language about practices in the process of elaboration to reflect ongoing development work.
Evidence
Colombia found it was a determining experience working with other countries in outlining their national position on international law
Major discussion point
International Law and Legal Framework
Topics
Legal and regulatory | Cybersecurity
Agreed with
– Switzerland
– Paraguay
– ICRC
– Viet Nam
– El Salvador
Agreed on
International law applies to cyberspace with need for clearer implementation
Regional group working documents on capacity building should be referenced
Explanation
Colombia argues that working documents and statements on capacity building submitted by groups of countries from their region over various sessions should be included in the report. These documents provide practical considerations for international cooperation and capacity building.
Evidence
A group of countries from their region and others have submitted working documents and statements on capacity building over various sessions intended to provide practical considerations
Major discussion point
Capacity Building and Technical Cooperation
Topics
Development | Legal and regulatory
Uruguay
Speech speed
114 words per minute
Speech length
124 words
Speech time
65 seconds
Regional and sub-regional confidence building measures should connect with future mechanism
Explanation
Uruguay emphasizes the importance of regional and sub-regional work to build confidence, such as in the OAS, and wishes to see specific priorities and context addressed. They want these regional organizations connected with the future standing body to leverage regional experiences.
Evidence
Uruguay has participated in the Group on Confidence-Building Measures together with Germany, Australia, Brazil, Canada, Chile, Colombia, Ghana, and others
Major discussion point
Confidence Building Measures
Topics
Legal and regulatory | Cybersecurity
Costa Rica
Speech speed
117 words per minute
Speech length
207 words
Speech time
105 seconds
Thematic working groups structure valuable for action-oriented capacity building
Explanation
Costa Rica supports the regular institutional dialogue with broad participation and recognizes the value of the proposed thematic working groups structure. They are particularly interested in capacity building proposals aimed at action with clearly identified objectives to facilitate experience exchange and promote international cooperation.
Evidence
They strongly urge inclusion of working documents submitted by Latin American and Caribbean countries entitled ‘Strengthening of the Strategic Dialogue on Capacity Building and its Inclusion in the Future Permanent Mechanism’
Major discussion point
Future Permanent Mechanism Structure
Topics
Development | Legal and regulatory
Agreements
Agreement points
Stakeholder participation essential for effective cybersecurity governance
Speakers
– Access Now
– German Council on Foreign Relations
– Alliance of NGOs on Crime Prevention and Criminal Justice
– European Union Institute for Security Studies
– First ORG. INC
– Global Partners Digital
– Stiftung Wissenschaft und Politik
– Italy
Arguments
Stakeholder modalities should be improved to avoid locking into politics
Multi-stakeholder engagement essential for effective cybersecurity governance
Civil society engagement essential for transparency and effectiveness in cybersecurity governance
Capacity building requires cross-cutting approach with stakeholder inclusion as strategic enabler
Incident response community brings practical experience that requires robust stakeholder modalities
Human rights impacts of cyber incidents need multi-stakeholder collaboration framework
Cross-regional coordination among stakeholders provides action-oriented proposals for meaningful participation
Multi-stakeholder engagement indispensable for effective capacity building
Summary
Multiple stakeholders agree that meaningful participation of civil society, private sector, academia, and other non-state actors is essential for effective cybersecurity governance, requiring improved modalities that go beyond symbolic consultation
Topics
Cybersecurity | Legal and regulatory | Human rights
Capacity building is foundational and cross-cutting element
Speakers
– Australia
– European Union Institute for Security Studies
– Ghana
– Zimbabwe
– Nigeria
– Mauritius
– Italy
– Cuba
Arguments
Capacity building is foundational and cross-cutting element requiring concrete implementation mechanisms
Capacity building requires cross-cutting approach with stakeholder inclusion as strategic enabler
Technical and hands-on training critical for developing national cyber capabilities
Global ICT security cooperation portal needed as neutral member state-driven resource platform
Integration of modern technology with indigenous knowledge ensures sustainability
Needs-based and tailored approaches essential for effective capacity building programs
Cyber capacity building should be central and cross-cutting component with integrated policy vision
Capacity building essential for eliminating digital divide affecting developing countries
Summary
Strong consensus that capacity building should be treated as a foundational, cross-cutting element rather than a separate pillar, with emphasis on needs-based, tailored approaches that leverage existing resources and avoid duplication
Topics
Development | Cybersecurity
International law applies to cyberspace with need for clearer implementation
Speakers
– Switzerland
– Paraguay
– ICRC
– Viet Nam
– Colombia
– El Salvador
Arguments
National positions on international law provide invaluable clarification that cyberspace is not lawless
UN Charter principles of sovereign equality and peaceful relations apply to cyberspace
International humanitarian law prohibits attacks on civilian objects and hospitals in cyberspace
Cross-regional working papers represent areas of emerging convergence on international law
National positions on international law should include development processes
Voluntary nature of norms and complementarity with international law must be recognized
Summary
Broad agreement that existing international law, including the UN Charter and IHL, applies to cyberspace, with growing convergence on specific applications and the value of national positions in clarifying legal frameworks
Topics
Legal and regulatory | Cybersecurity | Human rights
Cross-cutting thematic groups preferred over pillar-based structure
Speakers
– Czechia
– New Zealand
– Albania
– Latvia
– Guatemala
Arguments
Cross-cutting action-oriented thematic groups preferred over pillar-based structure
Single-track format with concrete meaningful exchanges needed for success
Action-oriented structure needed to deliver real-world cybersecurity solutions
Cross-cutting, action-oriented thematic groups should be established
Moderate number of thematic groups with specific focus on capacity building required
Summary
Strong support for establishing cross-cutting, action-oriented thematic groups that can address interconnected cyber issues holistically rather than maintaining separate pillar-based discussions
Topics
Legal and regulatory | Cybersecurity
Existing successful programs should be leveraged rather than duplicated
Speakers
– Australia
– Global Cyber Alliance
– Ukraine
– Italy
– Republic of Korea
Arguments
Existing successful programs should be supported rather than duplicated
Existing effective mechanisms should be scaled rather than duplicated
Existing eight CBMs should be operationalized before developing new proposals
Cyber capacity building should be central and cross-cutting component with integrated policy vision
CBMs serve to reduce misunderstanding and prevent conflict escalation
Summary
Consensus on the importance of building upon and scaling existing successful initiatives rather than creating new duplicative structures, particularly given resource constraints and proven effectiveness of current programs
Topics
Development | Cybersecurity
Similar viewpoints
Human rights organizations emphasize the need for explicit integration of human rights law and perspectives in cybersecurity governance, with particular attention to regional interpretations and the human impacts of cyber incidents
Speakers
– Access Now
– Red on Defensa de los Derechos Digital
– Global Partners Digital
Arguments
International human rights law must be explicitly referenced in main body text
Regional perspectives must be incorporated, particularly Latin American human rights interpretations
Human rights impacts of cyber incidents need multi-stakeholder collaboration framework
Topics
Human rights | Legal and regulatory
Technical experts agree that emerging technologies, particularly quantum computing and generative AI, present urgent threats requiring immediate attention and specialized governance frameworks
Speakers
– German Council on Foreign Relations
– Safe PC Solutions
– Academia Mexicana de Ciberseguridad y Derecho Digital
Arguments
Quantum computing presents foreseeable threat requiring urgent post-quantum cryptographic solutions
Generative AI and quantum computing need specific governance frameworks
AI governance and quantum computing risks require specialized thematic group attention
Topics
Cybersecurity | Infrastructure
Youth organizations argue for meaningful inclusion of young people as stakeholders based on their lived experience as digital natives and their fundamental rights to participate in decisions affecting their future
Speakers
– Nuclear Age Peace Foundation
– Youth for Privacy
Arguments
Youth engagement crucial as digital natives who understand technology impacts on society
Children and youth must be systematically embedded as valid stakeholders with fundamental rights
Topics
Human rights | Sociocultural
Technical standards organizations emphasize the importance of internationally harmonized standards over variable national approaches, viewing standardization as both a technical necessity and confidence-building measure
Speakers
– Crest International
– Wright pilot
Arguments
International standards preferable to variable national standards for supply chain security
Standards harmonization needed as confidence building measure with multi-stakeholder support
Topics
Cybersecurity | Infrastructure
Unexpected consensus
Private sector as essential partner in cybersecurity governance
Speakers
– Hitachi America
– Interpol
– Crest International
– Global Cyber Alliance
Arguments
Private sector can contribute to updating threats and applying norm checklists across sectors
International law enforcement cooperation essential for countering cyber threats
International standards preferable to variable national standards for supply chain security
Existing effective mechanisms should be scaled rather than duplicated
Explanation
Unexpected alignment between private sector companies and international organizations on the essential role of business in cybersecurity governance, moving beyond traditional state-centric approaches to recognize private sector expertise and capabilities
Topics
Cybersecurity | Infrastructure
Regional organizations as vital implementation partners
Speakers
– Mauritius
– Kingdom of the Netherlands
– Uruguay
– Arab Association of Cybersecurity
Arguments
Regional organizations serve as vital implementation partners and capacity building hubs
Regional organizations and technical community roles should be explicitly recognized
Regional and sub-regional confidence building measures should connect with future mechanism
Women’s meaningful participation must be promoted in capacity building initiatives
Explanation
Surprising convergence across different regions on the importance of regional organizations as implementation bridges, suggesting a shift toward more decentralized, regionally-adapted approaches to global cybersecurity governance
Topics
Development | Legal and regulatory
UN financial constraints as shared concern affecting all stakeholders
Speakers
– Chair
– Cuba
– Australia
– United Kingdom
Arguments
UN financial crisis forces meeting time cuts affecting multilateral cooperation
UN budgetary constraints cannot be pretext for limiting developing country needs
Capacity building is foundational and cross-cutting element requiring concrete implementation mechanisms
Templates for assistance requests should be voluntary and clearly titled
Explanation
Unexpected acknowledgment across different political perspectives that UN financial constraints are a real limitation requiring pragmatic solutions, with both developed and developing countries recognizing the need to work within resource limitations
Topics
Economic | Legal and regulatory
Overall assessment
Summary
Strong consensus emerged on several key areas: the essential role of stakeholder participation in cybersecurity governance, the foundational importance of capacity building as a cross-cutting element, the applicability of international law to cyberspace, preference for cross-cutting thematic groups over pillar-based structures, and the need to leverage existing successful programs rather than create duplicative mechanisms
Consensus level
High level of consensus on structural and procedural issues, with broad agreement on the need for inclusive, action-oriented approaches that build on existing frameworks. The consensus suggests a mature understanding of cybersecurity governance as requiring multi-stakeholder, cross-cutting approaches rather than traditional state-centric, siloed methods. This has significant implications for the future permanent mechanism, indicating strong support for innovative governance structures that can adapt to the interconnected nature of cyber threats while maintaining legitimacy through inclusive participation
Differences
Different viewpoints
Stakeholder participation modalities and accreditation processes
Speakers
– Access Now
– Belarus
– Alliance of NGOs on Crime Prevention and Criminal Justice
– Global Partners Digital
Arguments
Stakeholder modalities should be improved to avoid locking into politics
We support the current format of work. We are aware of the important contributions made to the work of the OEWG by non-state entities, but we believe that all decisions on NGO participation in sessions ought to be based on no objection from member states
Should the final report maintain weak language on stakeholder modalities and the future permanent mechanism, it will further hinder their engagement
We need modalities that allow stakeholder participation to go beyond symbolic consultation for us to be able to effectively support the work of states in the permanent mechanism
Summary
There is fundamental disagreement on stakeholder participation, with civil society organizations advocating for improved, meaningful participation beyond single-state vetoes, while some states like Belarus insist on maintaining current restrictive formats requiring no objection from member states
Topics
Legal and regulatory | Human rights
Structure of future permanent mechanism – cross-cutting vs pillar-based thematic groups
Speakers
– Czechia
– Belarus
– Guatemala
– Latvia
Arguments
Cross-cutting action-oriented thematic groups preferred over pillar-based structure
We propose creating a separate thematic group on standards and on confidence building measures
Moderate number of thematic groups with specific focus on capacity building required
Cross-cutting, action-oriented thematic groups
Summary
Disagreement exists on whether thematic groups should be cross-cutting (addressing issues across all pillars) or pillar-specific, with some favoring integrated approaches while others prefer dedicated groups for specific areas like capacity building or confidence building measures
Topics
Legal and regulatory | Cybersecurity
International law references and use of force thresholds in cyberspace
Speakers
– Switzerland
– Access Now
– ICRC
– Sweden
Arguments
ICT operations comparable to traditional means can constitute use of force
International human rights law must be explicitly referenced in main body text
International humanitarian law prohibits attacks on civilian objects and hospitals in cyberspace
Framework for responsible state behavior must be strengthened rather than weakened
Summary
While there’s general agreement on international law applicability, there are disagreements on specific formulations, particularly regarding use of force thresholds, explicit human rights law references, and the balance between different legal frameworks
Topics
Legal and regulatory | Human rights
Capacity building funding mechanisms and duplication concerns
Speakers
– Australia
– Cuba
– Global Cyber Alliance
– Italy
Arguments
Existing successful programs should be supported rather than duplicated
UN budgetary constraints cannot be pretext for limiting developing country needs
Existing effective mechanisms should be scaled rather than duplicated
Cyber capacity building should be central and cross-cutting component with integrated policy vision
Summary
Disagreement on whether to create new UN funding mechanisms or leverage existing programs, with developed countries concerned about duplication and costs while developing countries emphasize the need for robust new funding despite UN budget constraints
Topics
Development | Economic
Confidence building measures – new proposals vs existing implementation
Speakers
– Ukraine
– Cuba
– Kingdom of the Netherlands
– Republic of Korea
Arguments
Existing eight CBMs should be operationalized before developing new proposals
Capacity building essential for eliminating digital divide affecting developing countries
Focus needed on effective operationalization before further development
CBMs serve to reduce misunderstanding and prevent conflict escalation
Summary
Disagreement on whether to focus on implementing existing confidence building measures or developing new ones, with some states preferring consolidation while others push for additional measures to address specific needs
Topics
Cybersecurity | Legal and regulatory
Unexpected differences
UN financial constraints impact on multilateral processes
Speakers
– Chair
– Cuba
– Russian Federation
Arguments
UN financial crisis forces meeting time cuts affecting multilateral cooperation
UN budgetary constraints cannot be pretext for limiting developing country needs
Webcast interruptions violate transparency and participation principles
Explanation
Unexpected disagreement emerged over how UN budget constraints should affect the working group’s operations, with the Chair explaining practical limitations while Cuba and Russia viewing these as unacceptable barriers to participation and developing country needs
Topics
Economic | Legal and regulatory
Role of private sector in cybersecurity governance
Speakers
– Hitachi America
– Belarus
– Crest International
Arguments
Private sector can contribute to updating threats and applying norm checklists across sectors
We support the current format of work. We are aware of the important contributions made to the work of the OEWG by non-state entities, but we believe that all decisions on NGO participation in sessions ought to be based on no objection from member states
International standards preferable to variable national standards for supply chain security
Explanation
Unexpected tension between private sector organizations offering specific technical contributions and state preferences for maintaining restrictive participation modalities, revealing disagreement on the appropriate level of private sector involvement in intergovernmental processes
Topics
Cybersecurity | Infrastructure
Youth and children’s rights in cybersecurity governance
Speakers
– Youth for Privacy
– Nuclear Age Peace Foundation
– Nigeria
Arguments
Children and youth must be systematically embedded as valid stakeholders with fundamental rights
Youth engagement crucial as digital natives who understand technology impacts on society
Gender inclusiveness and youth engagement vital for maximizing human capacity
Explanation
Unexpected emphasis on youth rights as a fundamental aspect of cybersecurity governance, with young speakers asserting their participation as inalienable rights rather than optional consultation, challenging traditional stakeholder categorizations
Topics
Human rights | Sociocultural
Overall assessment
Summary
The transcript reveals significant disagreements across multiple dimensions: stakeholder participation modalities (restrictive vs. inclusive), institutional structure (cross-cutting vs. pillar-based), international law formulations (specific vs. general references), and capacity building approaches (new mechanisms vs. existing programs). The most fundamental divide appears between developed and developing countries on funding and participation, and between states favoring restrictive vs. inclusive stakeholder engagement.
Disagreement level
High level of disagreement with significant implications for the future permanent mechanism. The Chair’s acknowledgment of a ‘matrix of divergences’ and the need for a ‘narrow path’ to consensus indicates that disagreements are substantial and could jeopardize the establishment of an effective permanent mechanism. The disagreements span both substantive policy issues and procedural questions about participation and governance, suggesting that even if consensus is reached, implementation may face ongoing challenges due to fundamentally different visions of how the mechanism should operate.
Partial agreements
Partial agreements
Similar viewpoints
Human rights organizations emphasize the need for explicit integration of human rights law and perspectives in cybersecurity governance, with particular attention to regional interpretations and the human impacts of cyber incidents
Speakers
– Access Now
– Red on Defensa de los Derechos Digital
– Global Partners Digital
Arguments
International human rights law must be explicitly referenced in main body text
Regional perspectives must be incorporated, particularly Latin American human rights interpretations
Human rights impacts of cyber incidents need multi-stakeholder collaboration framework
Topics
Human rights | Legal and regulatory
Technical experts agree that emerging technologies, particularly quantum computing and generative AI, present urgent threats requiring immediate attention and specialized governance frameworks
Speakers
– German Council on Foreign Relations
– Safe PC Solutions
– Academia Mexicana de Ciberseguridad y Derecho Digital
Arguments
Quantum computing presents foreseeable threat requiring urgent post-quantum cryptographic solutions
Generative AI and quantum computing need specific governance frameworks
AI governance and quantum computing risks require specialized thematic group attention
Topics
Cybersecurity | Infrastructure
Youth organizations argue for meaningful inclusion of young people as stakeholders based on their lived experience as digital natives and their fundamental rights to participate in decisions affecting their future
Speakers
– Nuclear Age Peace Foundation
– Youth for Privacy
Arguments
Youth engagement crucial as digital natives who understand technology impacts on society
Children and youth must be systematically embedded as valid stakeholders with fundamental rights
Topics
Human rights | Sociocultural
Technical standards organizations emphasize the importance of internationally harmonized standards over variable national approaches, viewing standardization as both a technical necessity and confidence-building measure
Speakers
– Crest International
– Wright pilot
Arguments
International standards preferable to variable national standards for supply chain security
Standards harmonization needed as confidence building measure with multi-stakeholder support
Topics
Cybersecurity | Infrastructure
Takeaways
Key takeaways
Strong consensus exists among all delegations for establishing a future permanent mechanism to replace the current Open-Ended Working Group (OEWG), with commitment to a seamless transition
Stakeholder participation is recognized as essential for effective cybersecurity governance, with 24 organizations supporting joint statements for meaningful multi-stakeholder engagement
Capacity building emerges as a foundational and cross-cutting element that must be prioritized, particularly for developing countries and the Global South
International law applies to cyberspace with growing convergence on key principles, though more concrete implementation guidance is needed
Cross-cutting, action-oriented thematic groups are preferred over traditional pillar-based structures for the future mechanism
Emerging technologies like AI and quantum computing require urgent attention and specialized governance frameworks
The UN faces significant financial constraints affecting meeting time and resources, reflecting broader challenges to multilateralism
Chair emphasizes that consensus requires flexibility, pragmatism, and willingness to compromise from all parties
Resolutions and action items
Chair will produce REV2 draft by 9 PM Wednesday evening incorporating feedback from all delegations
Meeting scheduled for Thursday 11 AM to review REV2 and provide initial remarks
Conference Room Paper (CRP) to be finalized by end of Thursday for delegation review and capital consultations
Final adoption meeting scheduled for Friday 10 AM to reach consensus on the conference room paper
Delegations requested to send written statements and technical proposals to the Secretariat
Secretariat tasked with addressing technical problems affecting Russian Federation’s access to UN Web TV
Future permanent mechanism to be established with dedicated thematic working groups structure
Global point of contact (POC) directory to be operationalized with broad state participation
Unresolved issues
Specific modalities for stakeholder participation remain contentious, with single-state veto concerns unresolved
Structure and number of dedicated thematic groups still under negotiation between different proposals
Balance between existing international law framework and potential new legally binding obligations
Funding mechanisms for proposed initiatives including UN Voluntary Fund and various capacity building programs
Integration versus duplication concerns regarding new initiatives and existing mechanisms
Specific language on international humanitarian law application in cyberspace
Decision-making procedures for the future permanent mechanism (consensus vs. majority voting)
Timeline and implementation details for transitioning from OEWG to permanent mechanism
Scope and mandate of proposed UN Cyber Resilience Academy within UNIDIR
Regional organization roles and integration with global mechanisms
Suggested compromises
French proposal for cross-cutting thematic groups under three umbrella themes: stability, resilience, and cooperation
Canada-Chile proposal allowing single state objections to specific stakeholder applicants but requiring plenary vote for final accreditation decisions
Establishment of global ICT security cooperation portal ‘within existing resources’ to address budget constraints
Voluntary nature of templates and mechanisms to accommodate different state preferences
Step-by-step approach to POC directory development before expanding functionality
Integration of existing successful programs rather than creating entirely new duplicative mechanisms
Flexible meeting formats including hybrid consultations during intersessional periods
Recognition of both global frameworks and regional specificities in implementation approaches
Thought provoking comments
Today, we ask you to see yourselves not only as diplomats, but as stewards. The main duty of stewardship is simple, to leave things better than how you found it.
Speaker
Access Now
Reason
This reframes the entire discussion from a procedural diplomatic exercise to a moral imperative about legacy and responsibility. It challenges delegates to think beyond immediate national interests to long-term global impact.
Impact
This comment set a tone of responsibility and urgency that influenced subsequent stakeholder statements, with many emphasizing the need for concrete action and implementation rather than just discussion.
As Elvis Presley said, a little less conversation, a little more action. A little more bite, and a little less bark. A little less fight, and a little more spark.
Speaker
German Council on Foreign Relations
Reason
This unexpected cultural reference effectively highlighted the gap between discussion and implementation in cybersecurity, particularly regarding quantum computing threats. It made a serious technical point memorable and accessible.
Impact
The Chair specifically noted this comment brought ‘music into our lives’ and a ‘positive tone,’ showing how it shifted the atmosphere from technical density to more engaging discourse. It reinforced the theme of moving from talk to action.
Rules are a manifestation of power. They are worth very little without confidence that the rules will enjoy respect. In the words of Russian Tsarina Catherine the Great, power without confidence is nothing.
Speaker
Center for Humanitarian Dialogue
Reason
This philosophical observation cuts to the heart of international law and governance – that rules without enforcement mechanisms or confidence in compliance are meaningless. The historical reference adds gravitas to a fundamental challenge in cyber governance.
Impact
This comment deepened the discussion about confidence-building measures by highlighting that the problem isn’t lack of rules but lack of trust in their implementation, influencing how subsequent speakers addressed CBMs.
ICT domain is a borderless domain where coexistence is not an option, but an inherent feature of the domain. It goes without saying that harmonious coexistence requires consensus as an essential.
Speaker
India
Reason
This insight reframes cyber governance from a choice about cooperation to an inevitable necessity due to the nature of cyberspace itself. The Sanskrit verse that followed reinforced this with cultural wisdom about unity.
Impact
This comment provided philosophical grounding for why consensus-building is not just procedural preference but technical necessity in cyberspace, influencing the Chair’s final remarks about the importance of multilateral cooperation.
We cannot but recognize the progress that UAWG has achieved on this issue, which includes the adoption of eight CBMs and the establishment of the POC directory… We observe that the potential of the CBMs already in place has not been explored to its fullest yet.
Speaker
Ukraine
Reason
Despite being directly affected by cyber warfare, Ukraine’s measured assessment focused on building upon existing frameworks rather than demanding new ones. This showed pragmatic restraint and institutional thinking.
Impact
This comment influenced the discussion toward consolidation and implementation of existing measures rather than proliferation of new initiatives, with several subsequent speakers echoing the theme of avoiding duplication.
The future of ICTs depends on us. Let’s build that future together… We, as children and youth of the world, will not allow ourselves to be pushed out to the sidelines in this process.
Speaker
Nuclear Age Peace Foundation (youth representative)
Reason
This assertion of youth agency in cyber governance challenged the traditional diplomatic paradigm by positioning young people not as beneficiaries but as co-creators of policy, given their status as digital natives.
Impact
This comment, along with other youth interventions, prompted the Chair to specifically highlight the importance of youth participation and diversity in the future mechanism, showing how it influenced his thinking about inclusivity.
The UN is in financial crisis… Because some members do not pay in full and on time… multilateralism is in crisis… on your shoulders lies also the burden to show to your capitals, to each other, and to the world that the spirit of multilateral cooperation is alive and well.
Speaker
Chair
Reason
This candid acknowledgment of systemic challenges facing the UN elevated the stakes of the negotiation beyond cyber governance to the credibility of multilateralism itself. It was unusually direct for diplomatic discourse.
Impact
This comment recontextualized the entire negotiation as a test case for multilateral cooperation, adding moral weight to reaching consensus and explaining the procedural constraints (time limits, microphone cutoffs) that had frustrated delegates.
Overall assessment
These key comments fundamentally shaped the discussion by elevating it beyond technical and procedural matters to questions of stewardship, legacy, and the future of multilateral cooperation. The stakeholder interventions, particularly from civil society and youth, consistently pushed for concrete action over continued discussion, while state interventions revealed tensions between ambition and pragmatism. The Chair’s final remarks synthesized these themes by acknowledging both the constraints of the current system and the moral imperative to demonstrate that consensus-building remains possible. The discussion evolved from technical presentations to philosophical reflections on governance, power, and responsibility in cyberspace, with the most impactful comments being those that connected immediate procedural decisions to larger questions about international cooperation and intergenerational responsibility.
Follow-up questions
How to effectively implement post-quantum cryptographic solutions given the urgent timeline (potentially by 2030)
Speaker
German Council on Foreign Relations (Valentin Weber)
Explanation
Research shows all UN member states are vulnerable to quantum computing threats, with no country having accomplished the transition to quantum security yet, leaving only 4-6 years to complete this critical transition
How to develop comprehensive guidelines for identification of critical infrastructure and critical information infrastructure
Speaker
Mauritius
Explanation
Many developing states find it challenging to identify critical services and owners, which is the first step for effective CI/CII framework implementation
How to establish specialized thematic groups for emerging technologies with evidence-based recommendations
Speaker
Academia Mexicana de Ciberseguridad y Derecho Digital
Explanation
There’s a need for technical expertise to address generative AI, independent decision-making systems, and other emerging technologies that require specialized knowledge
How to develop governance, traceability, and accountability mechanisms for AI decision-making in public operations
Speaker
Academia Mexicana de Ciberseguridad y Derecho Digital
Explanation
As AI systems are increasingly used for public decisions, there’s a need for frameworks to ensure responsible implementation and oversight
How to strengthen accountability mechanisms and develop behavioral indices for voluntary norms implementation
Speaker
Academia Mexicana de Ciberseguridad y Derecho Digital
Explanation
Current voluntary measures lack practical enforcement mechanisms, and regional behavioral indices could help track implementation progress
How to avoid duplication of existing capacity building initiatives while creating new UN mechanisms
Speaker
Global Cyber Alliance (Chris Painter)
Explanation
Multiple speakers raised concerns about proposed new initiatives duplicating existing successful programs, risking inefficiency and resource diversion from proven approaches
How to conduct annual mapping exercises to identify partnerships and existing stakeholder capabilities
Speaker
Global Cyber Alliance
Explanation
Before creating new structures, there’s a need to systematically assess what already exists and how it can be integrated rather than replaced
How to establish hybrid consultative meetings with stakeholder study groups during intersessional periods
Speaker
Center of Excellence for National Security
Explanation
There’s a proposal for a structured process to organize stakeholder contributions through regional/global hybrid meetings to support thematic groups, but implementation details need to be worked out
How to operationalize cross-cutting thematic groups that address specific issues across all pillars of the framework
Speaker
Multiple speakers including France, Czechia, Latvia
Explanation
Many delegations support cross-cutting groups but the specific structure, mandate, and operational details need further development
How to resolve technical problems with UN Web TV accessibility in certain regions
Speaker
Russian Federation and Chair
Explanation
Recurring technical issues are preventing some member states from following discussions, which undermines transparency and participation principles
How to transition from one-week to potentially two-week meetings for the future permanent mechanism
Speaker
Chair
Explanation
The Chair noted that one week appears insufficient for all the substantive discussions needed, suggesting a need to reassess meeting duration and structure
How to address the UN’s financial crisis affecting meeting time and conference services
Speaker
Chair
Explanation
Budget cuts are impacting the ability to conduct full meetings with interpretation services, which affects multilateral cooperation and needs systemic solutions
Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.
