Report of the First UN OEWG on Cybersecurity

  • Reaffirmation of the results of the previous reports of the Group of Governmental Experts (GGE), as well as that international law, and in particular the Charter of the UN, is applicable to cyberspace
  • Norms do not replace or alter states’ obligations or rights under international law – which are binding – but rather provide additional and specific guidance on what constitutes responsible state behaviour in the use of ICTs
  • Recommendation that states voluntarily identify and consider CBMs
  • Recommends that appropriate to their specific contexts, and cooperate with other states on their implementation
  • Comprehensive capacity building measures in the field of ICT security

Consult the first OEWG Report (2021)

Establishment of the Second UN Open-Ended Working Group (OEWG) on Cybersecurity

Consult UN GA Resolution on Establishment of the Second OEWG that includes:

  • The renewal of the OEWG for a period of five years – 2021 to 2025, with the same mandate
  • The organisational session of the new OEWG be held in 2021 and includes the establishment of thematic subgroups, allowing interaction with other stakeholders.
  • The group is to provide an annual progress report and a final report to the 80th UNGA, starting in autumn 2025.

2015 UN GGE Report: Developments in the field of information and telecommunications in the context of international security (A/RES/70/174)

Report of the UN GGE 2015 (later adopted by the UN General Assembly Resolution A/RES/70/174), which includes:

  • Principles of State sovereignty, the settlement of disputes by peaceful means, and non-intervention in the internal affairs of other States, applies to cyberspace
  • Recognition that states must comply with their obligations under international law to respect and protect human rights and fundamental freedoms
  • Agreement that UN should play a leading role in developing common understandings on the application of international law and norms, rules and principles for responsible State behaviour
  • Other norms, rules, and principles on the responsible behaviour of States
  • Confidence-building measures
  • Invitation for international cooperation and assistance in ICT security and capacity-building

2015 UN GGE Report: Introduction of 11 Principles on Cybersecurity

Report of the UN GGE 2015 (later adopted by the UN General Assembly Resolution A/RES/70/174), which includes:

  • Principles of State sovereignty, the settlement of disputes by peaceful means, and non-intervention in the internal affairs of other States, applies to cyberspace
  • Recognition that states must comply with their obligations under international law to respect and protect human rights and fundamental freedoms
  • Agreement that UN should play a leading role in developing common understandings on the application of international law and norms, rules and principles for responsible State behaviour
  • Other norms, rules, and principles on the responsible behaviour of States
  • Confidence-building measures
  • Invitation for international cooperation and assistance in ICT security and capacity-building

2013 UN GGE report recognises that international law applies to digital space

Report of the UN GGE 2012/2013 (later adopted by the UN General Assembly Resolution A/RES/68/243), which includes:

  • Recognition that international law, and in particular the UN Charter, applies to digital space
  • Norms, rules, and principles on the responsible behaviour of States
  • Reference that state sovereignty applies to the digital field
  • The principle that states must meet their international obligations regarding internationally wrongful acts in cyberspace attributable to them

2010 UN Governmental Group of Experts (GGE) Report on Cybersecurity

Report of the UN GGE 2009/2010, which includes recommendations for:

  • Further dialogue among States to reduce the risk and protect critical national and international infrastructure
  • Confidence-building, stability and risk reduction measures
  • Information exchanges on national legislation and strategies, and capacity-building measures
  • The elaboration of common terms and definitions related to information security
  • Capacity-building in less developed countries