The OEWG publishes Final Draft report

The Open-Ended Working Group (OEWG) has published its Final Draft report after three days of discussions, as well as the Chair’s Summary. The final exchange and adoption of the Final Draft is planned for Friday, 12th March.

The report includes an introduction to reaffirm the existing foundations for the Final Draft Report, confirms the leading role of the UN as the forum for negotiations, and provides context for the Conclusions and Recommendations sections.

On existing and potential threats, the Final Draft Report states that harmful ICT incidents are increasing in frequency, precision, and sophistication, and are constantly evolving with increased likelihood of use of ICTs in future conflicts between states. While the designation of critical infrastructure (CI) is within the prerogative of each state, the rise in incidents involving the malicious use of ICTs by state actors and non-state actors (terrorist and criminal groups) increases the chances of attacks against CI such as medical facilities, financial services, energy, water, transportation, and sanitation.

In comparison with the First Draft, the section on rules, norms, and principles precedes the section on international law in the Final Draft – a point introduced by China and highly debated in the second and third sessions this week and opposed by New Zealand, Switzerland, and others. The Final Draft underscores that states reaffirmed norms do not replace or alter states’ obligations or rights under international law – which are binding – but rather provide additional and specific guidance on what constitutes responsible state behaviour in the use of ICTs. The report recommends that states support the implementation and development of norms of responsible behaviour by all states and that states should not conduct or support malicious ICT activities against CI and should protect CI and exchange best practices on how to protect CI, specifically mentioning supply chain security.

On international law, the report reaffirmed that international law, and in particular the Charter of the UN, is applicable. The report recommends that states support capacity building efforts in the area of international law, national legislation, and policy because this will enable all states to contribute to building common understandings of how international law applies to the use of ICTs by states. States should discuss how international law applies to ICTs in future UN processes, as well. References to international humanitarian law, human rights law, and customary law, as well as principles of the UN Charter, are not in the text of the Final Draft, with the exception of settlement of disputes by peaceful means. The report states that further study is needed on how international law applies in cyberspace.

The report recommends that states voluntarily identify and consider confidence building measures (CBMs) appropriate to their specific contexts, and cooperate with other states on their implementation. It also recommends that states: voluntarily engage in transparency measures by sharing relevant information and lessons learned;, consider nominating a national Point of Contact, inter alia, at the technical, policy, and diplomatic levels; and explore mechanisms for regular cross-regional exchanges of lessons learned and good practices on CBMs. The UN Secretary-General shall be informed on these CBMs, as well as states’ views and assessments.

The report lays out the principles of capacity building as a sustainable process, comprising specific activities that should have a clear purpose and be results focused, evidence-based, politically neutral, transparent, accountable, and without conditions, and be undertaken with full respect for the principle of state sovereignty. Capacity building should be based on mutual trust, be demand-driven, correspond to nationally identified needs and priorities, and be undertaken in full recognition of national ownership. Partners in capacity building participate voluntarily and actively, with shared but differentiated responsibilities. Capacity building should respect human rights and fundamental freedoms, be gender sensitive and inclusive, be universal and non-discriminatory, and shall contribute to closing the digital divide.

The report also recommends that states, on a voluntary basis, use the model ‘National Survey of Implementation of United Nations General Assembly Resolution 70/237’ to inform the Secretary-General of countries’ views and assessments on capacity building programmes and initiatives.

It was recommended that regular institutional dialogue on ICTs in the context of international security be held under the auspices of the UN, including the 2021-2025 OEWG on security of and in the use of information and communications technologies. This section of the report calls for further elaboration of other proposals, such as the Programme of Action which should be discussed within the next edition of the OEWG.