G7 adopts Declaration on Responsible States Behaviour in Cyberspace

Joint Communiqué of the G7 Foreign Ministers Meeting, in its part on cyberspace, reaffirms G7 support for “an accessible, open, interoperable, reliable and secure cyberspace”, but also clearly recognises that dangers are involving state actors, emphasising the risks for critical infrastructure as well as for interference in democratic processes. G7 calls for cooperation within existing international as well as multistakeholder fora, and acknowledges applicability of existing international law in cyberspace including taking measures against wrongful acts. In addition, G7 supports the work of the UN Group of Governmental Experts (UN GGE), but also specifically invites states “to publicly explain their views on how existing international law applies to States’ activities in cyberspace to the greatest extent possible.” The Communiqué invites states to combat cybercrime and join Budapest Convention on Cybercrime by the Council of Europe. G7 also adopted the “Declaration on Responsible States Behaviour in Cyberspace“, which builds on its 2016 document from Ise-Shima on principles and actions in cyberspace Declaration reiterates G7 positions from the Communiqué, and reminds states that international law also provides a framework for responses to attacks which are under the threshold of armed attacks. It underlines that  “the customary  international law of State responsibility supplies the standards for attributing acts to States, which can be applicable to activities in cyberspace”, which ensures legal responsibility for states even if cyber-attack was conducted through proxies, and confirms that states are free to make own determination on attribution and response “in accordance with international law”. Declaration commends the work of the OSCE and ASEAN Regional Forum on confidence building measures, and then emphases the importance of norms of state behaviour during peacetime, reminding of those articulated in the 2015 UN GGE Report and the 2015 G20 Leaders’ Communiqué including that states should encourage responsible reporting of ICT vulnerabilities.