Agenda item 5: discussions on substantive issues contained inparagraph 1 of General Assembly resolution 75/240 (continued) – session 4

10 Jul 2024 15:00h - 18:00h

Table of contents

Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.

Knowledge Graph of Debate

Session report

Full session report

Delegates Deliberate on Cybersecurity Capacity Building and Future Mechanisms at OEWG Session

During the fifth meeting of the eighth substantive session of the Open-Ended Working Group (OEWG) on Security of and the Use of ICTs, chaired by the appointed Chair, delegates engaged in a detailed discussion on the Third Annual Progress Report (APR). The Chair invited contributions under Agenda Item 5, focusing on capacity building, ICT threats, international cooperation, and the establishment of a future mechanism for ICT security.

Delegates from various countries presented their national positions, offering recommendations and expressing concerns about different sections of the APR. A significant emphasis was placed on the importance of capacity building for digital security, particularly for developing states, highlighting the need for international cooperation and assistance to address the threats posed by ICTs. Delegates discussed the potential for offensive responses by states to ICT threats, which could undermine friendly relations and cooperation between states.

The debate included discussions on the inclusion of resolutions and norms related to non-defamatory campaigns and hostile propaganda, with some delegates requesting their inclusion in the report. Gender-responsive capacity building was underscored as a priority, with calls for the integration of a gender perspective into national ICT and capacity building policies. Proposals for establishing a global cybersecurity cooperation portal and a UN Voluntary Trust Fund for capacity building were put forward, with varying levels of support and calls for further discussion to avoid duplication of existing efforts.

Regular institutional dialogue and the establishment of a future action-oriented permanent mechanism for ICT security were key topics. Delegates discussed the guiding principles, functions, scope, structure, modalities, and decision-making processes of such a mechanism. There was a general consensus on the importance of adopting a single-track, state-led permanent mechanism under the UN auspices, with a focus on avoiding duplication of efforts and ensuring inclusivity.

The role of stakeholders, including civil society, academia, NGOs, and the private sector, was acknowledged as crucial in the OEWG’s work and the future mechanism. Delegates advocated for their meaningful engagement and contribution to discussions, policy recommendations, and capacity building activities.

The Chair concluded that while there was a commitment to consensus, achieving balance and flexibility among delegations was necessary to move forward. The Chair noted the variety of suggestions put forward by delegates, including additions, deletions, reinstatements, combinations, streamlining, and redrafting of agreed language. The Chair expressed gratitude for the constructive engagement and thoughtful views, emphasising the need for a consensus outcome.

The Chair decided to adjourn the current session to prepare a revised version of the Third Annual Progress Report, taking into account the discussions and contributions. The Chair aimed to circulate the revised text early in the evening and reconvene the meeting the following morning to present the revised text formally and discuss the way forward.

Noteworthy observations included the recognition of the importance of regional organisations in supporting the implementation of the UN Framework of Responsible State Behaviour in cyberspace. Delegates also called for a moratorium on new resolutions on future mechanisms within the First Committee until the OEWG concludes its debates. The Chair’s decision to cancel the afternoon session to prepare a revised text demonstrated responsiveness to the delegates’ inputs and a commitment to facilitating a consensus-driven process.

Session transcript

Chair:
Distinguished Delegates, the fifth meeting of the eighth substantive session of the Open-Ended Working Group on Security of and the Use of ICTs, established pursuant to General Assembly Resolution 75-240, is now called to order. Distinguished Delegates, as I indicated yesterday, we will this morning continue our discussions under Agenda Item 5. We will continue our first reading of the Third Annual Progress Report on all the remaining sections in the report and we will go through the remaining list of speakers. I have about 20 who have indicated their desire to take the floor. I invite all Delegations to be as brief as possible, to focus on the issues of the greatest priority importance to your Delegation in the drafting of the Third Annual Progress Report and please keep in mind that we are not in a stage where we are engaged in a general debate or a general discussion in the Working Group, but rather we are engaged in the task of considering the Third Annual Progress Report and to have it adopted in the next few days, in a matter of days. So let me start with the speakers list, where we left off yesterday, but before that I also want to restate my intention that it is my intention to transition to the dedicated stakeholders. session after we have finished the list of speakers, and it’s my hope that we can do that by 12 noon this morning. This will then allow me the time this afternoon to get back to the Rev. 1 of the Annual Progress Report so that I can engage in preparing a new version that I can circulate, hopefully by this evening, so that tomorrow we can come back for a second reading. But I would need time to do that, and that’s the reason why it’s important that we exhaust the speakers’ list as soon as possible. I have no intention of shutting the floor. I want to give everyone the opportunity, because we are engaged in the first reading, but I really, really seek your indulgence in getting to the point, in being as brief as possible, and in focusing on priority issues. We are not engaged in a general debate, discussion or session, and I really appeal to you to keep that in mind, and I seek your understanding and your support for us to conclude the first reading of the Third Annual Progress Report this morning. So I’ll start the speakers’ list with Burkina Faso to be followed by Mauritius. You have the floor, please, Burkina Faso. Perhaps we’ll go to the next speaker. Mauritius. We’ll come back to Burkina Faso later. Mauritius. Sorry, Burkina Faso. Microphone for Burkina Faso, please. Microphone. My apologies to Burkina Faso. Sound engineer. Okay. Okay, good. Burkina Faso, you have the floor, please.

Burkina Faso:
Chair, ladies and gentlemen. At the outset, the Burkina Faso delegation, given it’s the first time we’re taking the floor during this session, wishes to express to you and also to the members of your team our warmest congratulations on the work done so far. Rest assured you have our tireless support and we wish every success in your mission. Chair, my delegation aligns itself fully with the concerns expressed on the very first day of our work on the threats looming over our states in cyberspace. On section A, we welcome the fact that capacity building for states is taken into account for digital security in paragraphs 6 and 7. And this was part of our recommendations in the last session too. On section B, Burkina Faso welcomes the fact that the ICT threats are taken into account in paragraph 17. These threats have negative ramifications on peace and social cohesion for all of our countries. countries, particularly those who are facing security crises such as terrorism. Thus, we would ask to prioritise the ICT threat within this report. Much like China, we do have concerns regarding offensive responses to states to this threat which could lead to incidents that undermine friendly relations between states and nations and co-operation between them. Burkina Faso would like the resolution adopted by the G8 to be taken into account on 31st December 2020. States must refrain from undertaking defamatory campaigns or hostile propaganda with a view to intervening or interfering in the internal affairs of other states. We would like this to be included in the report. On section F, Burkina Faso would like to add to paragraph 48b a further mention of prioritising developing states. Indeed, the lack of sufficiently trained and tooled human resources in developing countries is a weakness, but it could be an opportunity to use their space to then commit cyber attacks to another state. These weaknesses could be exploited. On paragraph 52, much like other delegations, Burkina Faso believes that capacity building must be cross-cutting and should allow that technical capacity building can be supported for states. Like other states, Burkina Faso welcomes a proposal to list the norms in Annex A of this report. However, we agree with what was stated by Russia to have a further analysis of the list of norms proposed. Chair, Burkina Faso plans on accompanying this process actively so we can achieve consensus for the adoption of this third report. Thank you very much.

Chair:
Thank you very much, Burkina Faso, for your contribution. Mauritius to be followed by Uruguay.

Mauritius:
Thank you very much for giving me the floor. Many states have already expressed that they want less deletion and more substance in the report. Mauritius concurs with this statement. We now wish to provide our comments in relation to section F on capacity building and section G on regular institutional dialogue. Given the scale of threats and the globally interdependent nature, individual governments cannot effectively protect against cyber threat if they work in isolation. More importantly, cyber attacks very often emanate from outside a home country and proceedings can be routed across borders. Thus, international collaboration, for example, in the form of mutual legal assistance and ongoing bilateral, regional, and global capacity building, which is a cross-cutting modality of international intervention, is necessary and urgent. Turning to paragraph 48A, we welcome gender-responsive capacity building efforts, the integration of a gender perspective into national ICT and capacity building policies, and the development of checklists. to identify existing needs and gaps. However, we would like to propose an update on the second sentence of this paragraph as follows. To delete encouraged efforts to promote gender-responsive capacity-building efforts and replace by encouraged gender-responsive capacity-building efforts. We strongly support the retention of this paragraph as cyber attacks have different effects on women because the same harmful gender norms that control and constrain their behavior in the offline world are often replicated or even exacerbated online. This is particularly true in developing countries and in our opinion requires attention. Referring to paragraph 48C, we believe in the potential of the global cybersecurity cooperation portal as a confidence building and cybersecurity capacity building endeavor. It could be harmonized with existing portals. However, we should very carefully avoid duplication while implementing it. Coming to paragraph 48D, we welcome additional information on the needs-based ICT security capacity building catalog to assist states in recognizing capacity-building needs as we are embarking on the proposal for the development and operationalization of the portal. We look forward to engage with like-minded countries to gather their views and suggestions in favor of that. Next, on paragraph 48F, we highly appreciate mention of the high-level global roundtable on ICT capacity building in the context of international security that would now be a regular feature. However, we would like to highlight. that many countries, in particular small and developing states, fully rely on funding avenues to participate in such vital discussions. Finally, as regards capacity building efforts, let me highlight that Mauritius hosts one of the ITU’s academic training centres in Africa through the Computer Emergency Response Team of Mauritius, and we offer diverse virtual training courses on cyber security on a free of charge basis. The future training on the role of CSERTs in the implementation of UN technical norms and confidence building measures is scheduled for the 12th to 21st of August 2024. Interested delegations are more than welcome to register for the course, where a certificate from ITU will be issued upon its successful completion. Chair, allow me to now express our views on regular institutional dialogue. At the outset, let me thank you and your team for circulating the draft paper at NXC entitled Elements for the Open-ended Action-oriented Permanent Mechanism on ICT Security in the Context of International Security. We believe it is a good 101 document to understand the guiding principles, functions, scope, structure, modalities and decision-making process of the proposed mechanism for continued and focused discussions on ICT security in the context of international security. Chair, as the OEWG is coming to an end next year, we cannot stop our discussions on international law, CBMs and capacity building then. We still require relevant capacities to implement the agreed framework of responsible behaviour, so we need to invest in CBMs implementation. and capacity-building programs. We therefore fully support the future action-oriented permanent mechanism and are optimistic that we will be able to reach consensus on its establishment in due course. We welcome the idea of having dedicated thematic groups on different agenda items, as we believe that this is foundational to the implementation of the existing framework. In conclusion, we agree with the European Union in that the language in this section of the report should be tailored to reflect the implementation of the agreed framework. I thank you very much, Chair.

Chair:
Thank you, Mauritius. Uruguay, to be followed by New Zealand.

Uruguay:
Thank you very much, Mr. Chairman. On the section of capacity-building, in paragraph 48B, we suggest eliminating from – starting from aimed until decision-making in order to highlight the need for greater capacity-building at all levels of national – the national structure. Also, at the end of this paragraph, we suggest including that south-south triangular regional or sub-regional cooperation does not substitute north-south cooperation, but rather complements it. We note with satisfaction the inclusion in the revised document and mention that it refers to transfer of technology, skills, and know-how. And we also support retaining paragraph 48D. We also value the roundtable on capacity-building and the importance that such roundtables take place on a regular basis. We also agree with what is established in paragraph G on the need to continue working on efforts for greater capacity-building in the – in the context of ICT security, as well as in making progress in predictable and voluntary financing for the benefit of developing countries. Regarding the proposal in paragraph 51 of holding a roundtable on capacity building during the high-level week of the General Assembly, we would be grateful if you take into account the huge burden that this would generate for smaller emissions, given the duplication of activities during that week, similar to other delegations such as Ecuador and El Salvador mentioned this problem. This is why we would support holding a roundtable of this type, but not during the, or at another time of the agenda. We also suggest eliminating covids in paragraph 53, in particular, where appropriate, Mr. Chairman. Lastly, in the section on institutional and regular dialogue, we are in favor of the consensual proposal that is oriented towards action that allows for a permanent mechanism with predictable and sustainable funding. We also support that there should be a unique proposal, a single proposal, which is why we don’t think it’s a good idea to have a duplication of processes in the area of cybersecurity. And we strongly support the Brazilian proposal to implement a moratorium on resolutions of this type in the first committee, until we conclude our debates. As we all know, duplication is due to the excessive, leads to excessive burden for small missions such as Uruguay and many other small countries, in addition to generating an unacceptable cost for the organization at a time when we are experiencing a significant reduction in costs. This has been referred to extensively at the last meeting. Regarding the proposal presented in the document that you have made, we observe a that the language is balanced and seeks the consensus that has received a broad support by the membership during this week. We agree with the proposal by Australia to include the word single track before future permanent mechanism. And we support the proposal of the chair to create a group specifically dedicated to confidence building and the discussion on international law and capacity building. This reflects the discussions that we had over the past few years within this working group. We are also open to considering the possibility of providing to the plenary the establishment of ad hoc groups or new thematic groups that deal with diverse topics such as, for example, the protection of personal data, always taking into account that creation of new meetings and new groups implies an additional burden for small delegations, as mentioned by the delegate of Singapore yesterday. We also believe that it’s important, again, to make progress on a single proposal. Mr. Chair, to conclude, we support the inclusion of a concrete proposal to be considered by this working group in this annual progress report on the future permanent framework that can be found in the annex. As we have stated earlier, for Uruguay and within the working group where we have to define what will be the future of the institutional framework on cybersecurity in the framework of this organization, we trust that this week will allow us to continue working to bridge positions and generate a single mechanism on the topics related to cybersecurity, as well as fulfill the mandate given to us by Resolution 75-240, and you can count on Uruguay for – to do this. Thank you very much.

Chair:
Thank you very much, Uruguay. New Zealand to be followed by Germany.

New Zealand:
Good morning, and thank you, Chair, for the revised draft elements paper. We agree that the APR main report should capture progress made on a regular institutional dialogue over the past 12 months, including reference to the UN General Assembly resolution adopted last year, deciding to establish the Programme of Action, which is a relevant and factual development. As a small state, New Zealand is deeply committed to achieving a single-track, action-oriented permanent mechanism when this OEWG concludes its mandate in 2025. When we refer to regular institutional dialogue, or future mechanism, or permanent mechanism, or Programme of Action, we are talking about the same thing. We think these terms are much clearer than the current title of the draft elements paper and hope that we can move towards a simple, common description soon. We recognise the important principle of consensus on substantive issues, and we have heard those states yesterday and during previous sessions that have suggested we take more time to discuss procedural issues, including decision-making processes. Stakeholder modalities adopted by the AHC cybercrime process have clearly demonstrated the value of including diverse perspectives, and we hold the same ambition for our permanent mechanism. As we have seen from the current mechanism, a single, dedicated stakeholder session in isolation from the overall discussion does not allow for states to truly benefit from the knowledge, experience, and capabilities of industry, academia, NGOs, and civil society representatives. Not all states have the same access to technical experts, and so we want to see a more inclusive approach adopted for stakeholder modalities so that we all can benefit. We also ask that civil society be included in the list of other interested parties in paragraph 6. We support improvements suggested by the Netherlands and Australia on merging paragraphs 8 and 9, and we underscore that the primary function of the permanent mechanism is to be action-oriented, to implement the framework, and to build the capacity of all states to do so. We emphasize that this needs to be reflected in the ordering of the functions. On reference to the cross-cutting nature of the permanent mechanism, in our view, it is not the objectives of the program of action that are cross-cutting, but rather it is the various work streams that would be cross-cutting in nature. The further we have progressed discussions at the OEWG, the more it has become apparent that we are rapidly exhausting the usefulness of holding very general discussions on the separate pillars. What we need now is to take action on relevant cross-cutting issues, such as how best to protect critical infrastructure, by drawing on an understanding of current and emerging threats to critical infrastructure, applicable international law and norms, looking for any policy gaps or implementation gaps in our current response, and considering whether targeted capacity building or CBMs are needed on this specific issue. This approach makes practical sense to us. It is, after all, how we plan, organize, regulate and deliver on domestic policy issues. We therefore support the proposal of one plenary session per year, with a review conference every four or five years, but we suggest that the dedicated thematic groups and dedicated inter-sessional meetings could be grouped together as work streams or technical working groups, which would be cross-cutting in nature. We do not need to confirm all the cross-cutting work streams or technical working groups now. The program of action has always been conceived as a flexible mechanism, capable of responding to emerging threats and priorities. We therefore seek changes to paragraph 14 of the Annex to reflect this. Finally, we think it will be beneficial for states to be able to consider the full set of proposed modalities for the permanent mechanism, rather than attempting to progress individual elements in isolation from the others, and we therefore encourage deeper discussion on proposed modalities at the next OEWG substantive session. Thank you.

Chair:
Thank you, New Zealand. Germany, to be followed by Paraguay.

Germany:
Thank you, Mr. Chair, for giving me the floor. Germany fully aligns itself with the statement of the European Union and wishes to add the following remarks in its national capacity. During the last OEWG sessions, it has truly been insightful to see how the increased demand for action-oriented and demand-driven capacity building has become a dominant force as part of our programme of work. This mere fact goes on to demonstrate the importance that states place upon acquiring and attaining the foundational capacities required to detect, defend against, or respond to malicious ICT activities. Therefore, Germany would like to commend you, Honourable Chair, for recognising this emphasis in bringing forward an ambitious Section F on capacity building, echoing the strong request within our group to shed further light on this cross-cutting and transversal issue that links all other pillars in forming our work at the OEWG. In the interest of time and following your recommendation from last afternoon, we will focus our intervention on the key points of Section F and G and move directly to substance. While reaffirming the cumulative and evolving framework for responsible state behaviour in the use of ICTs, we firmly agree with PARA 48a, stating the importance of mainstreaming the cyber capacity building principles into all relevant capacity building programming. Streamlining these into all our joint efforts to avoid duplication by leveraging our expertise and resources is essential for a holistic approach to capacity building. Germany also fully promotes gender-responsive capacity building efforts as stated in the same PARA 48A, not only through its active pursuit of a feminist foreign policy, but also by being the latest donor to join the Women in Cyber Fellowship, which is the perfect exemplification of such policies and efforts having a tremendous effect in practice. Indeed, like previously stated by Croatia, Ghana, and South Africa in different words, gender perspectives should not only be worth a single mention, but instead be streamlined throughout all items within the whole annual progress report. Germany also wishes to congratulate you for the recent successful high-level global roundtable on cyber capacity building having taken place here at the UN headquarters in May. The added value to the OEWG session by raising the level of awareness for the urgency of capacity building among high-level government officials is certainly immense and effectively contributes to a continuous gap in international cyber policy. Nevertheless, Germany wishes to underline New Zealand’s proposal that we should be cautious in not overburdening states and stakeholders with meetings as such, because as you, Honorable Chair, rightfully mentioned at the beginning of the week, the time we have on our hands until the end of the OEWG is rather limited. As such, the resources for these gatherings will also vary among member states and might be rather limited, particularly if we consider that everyone should have a seat around the table. Instead, we should find ways of building bridges to involve decision-makers for dedicated, strategic and action-oriented discussions as part of other already existing avenues such as the upcoming second edition of the GC3B in May 2021. in Geneva, with the aim of bridging the gap between cyber capacity building and development practitioners alike, while involving high-level leadership for these valuable conversations. This is also why we support the European Union’s revised proposal on streamlining paragraph 48C and D to showcase the work of other already existing coordination bodies such as the GFCE within this regard. Also in line with the statement by the European Union and other states, Germany considers the suggested establishment of a dedicated United Nations Voluntary Trust Fund, mentioned in paragraph 52, as a highly interesting proposal that should be linked to the future permanent mechanism. Therefore, Germany strongly supports the proposal by other colleagues to revise the wording of the quoted text passage in the APR in paragraph 52 by including the expression, quote, to further study the, unquote. In a similar vein, Germany would like to reiterate its conviction that all pending items mentioned above best come to fruition within the vision of a permanent, action-oriented future mechanism after 2025, and through dedicated thematic working groups. Therefore, we are supportive of linking, including wording that links any capacity building initiatives to the future mechanism. Like in paragraph 48G, by adding, quote, in this regard, states underscored that further coordination of capacity building efforts and ICT security was required, and that the future mechanism under the auspices of the United Nations could play an important role in such efforts, unquote. Turning to regular institutional dialogue, looking at functions and scope in para 8 of Annex C, Germany proposes placing point B on implementation of the framework first, making this the new point A, as the permanent mechanism will be first and foremost about implementation. With regards to stakeholder participation, Germany supports the language put forward by Australia last afternoon based on the solution found for the Ad Hoc Committee on Cybercrime. On structure, Germany has the following proposal to make. Reflecting on the painful process of having to build consensus on annual APRs in this working group, Germany proposes to amend PARA 12a by replacing progress report with points for future action. This would create a brief consensus document for adoption, which would also further underline the action-oriented nature of this mechanism. Finally, with regards to the thematic working groups, it has already been mentioned that it may be too early to decide on the exact titles. Should we, however, go ahead with the proposed thematic working groups, Germany offers the following proposal to amend PARA 14a, which would finish by saying, quote, study and understanding of how international law applies to the use of ICTs, including, insert, safeguarding human rights and fundamental freedoms, and to consider, end of insert, the development of additional legal binding obligations as appropriate, end of quote. Thank you, Mr. Chair.

Chair:
Thank you, Germany. Paraguay, to be followed by Belgium.

Paraguay:
Thank you very much, Mr. Chairman. Since this is the first time I’m taking the floor, I’d like to congratulate you and the other members of the Bureau for your efforts and achievements during the substantive meetings of this working group. You can count on our support during the work of this session. As regard to Section C, rules and norms, principles of responsible behavior. In paragraph 30A, my delegation welcomes the progress made in the group, but we consider that efforts should focus on implementation and application of effective application of existing norms before advancing and elaborating new norms. However, while it’s important to continue advancing and developing norms in the near future, my delegation is not against this because we consider that what we do consider is essential to focus our efforts on capacity building so that this advance, this progress is equitable and just. Regarding this point, as mentioned by the delegation of Argentina, we’d like to eliminate the last part of paragraph 30A, which states that – states also concluded that the further development of norms and the implementation of existing norms were not mutually exclusive but could take place in parallel, end of quote. With regard to section F, capacity building, my country considers that such fundamental tools in reducing digital divide are regional and global cooperation, exchange of information, experience-defining programs and projects jointly, as well as transfer of technologies on mutually agreed conditions, and taking special consideration of landlocked developing countries. Lastly, as mentioned by other delegations regarding paragraph 52 regarding the Voluntary Fund under the auspices of the United Nations, we believe – we’d like in the annual report in addition to referring to developing programs that it mentions capacity building in a broader sense. We believe that there is a universal digital transformation and the Voluntary Fund should focus on bridging digital divide, that is, to support building cyber resilience as a shared goal. Lastly, my delegation would like to – endorse what is – was stated by Uruguay for smaller delegations. It’s important not to duplicate efforts. Furthermore, this would make it possible for all delegations to focus their efforts to make the greatest impact by specializing on a specific topic. This will make it possible to have more coherent and sound representation of topics, thus optimizing the influence of states in global decision-making, and my delegation is ready to take part in this to achieve this goal. Thank you.

Chair:
Thank you very much, Paraguay, for your contribution. Belgium, to be followed by Switzerland.

Belgium:
Mr. Chair, my delegation aligns with the statement delivered by the EU. Regarding section G on the regular institutional dialogue, to reflect the mandate given by our previous report, my delegation would like to propose the following amendments to Paragraph 54A, adding, after a possible element for the future permanent mechanism, I quote, adding, including the POA, states also engage in focused discussion on the relationship between the POA and the Open-Ended Working Group and on the scope, content, and structure of a POA. The United Nations Secretariat briefed the Open-Ended Working Group at its sixth session on the report of the Secretary General submitted to the General Assembly at its 78th session. This is agreed language, Mr. Chair. It reflects the mandate that was given to us by Paragraph 58 of the second APR. The APR, too, indeed mandated us to hold focused discussion on the relationship between the POA and the Open-Ended Working Group and on the scope, content, and structure of a POA. We would further recommend to amend Paragraph 58 of the second APR to include the following After, as contained in Annex C of this report, we would delete the rest of the sentence and replace it by, I quote, to establish upon conclusion of the current open-ended working group in 2025, a program of action slash permanent mechanism to advance responsible state behavior in the use of information and communication technologies. Regarding the paper in Annex C, my delegation appreciates the institutional structure that you propose. Nevertheless, it requires further discussion on the details. As I have already mentioned in the threat section, we should pay more attention to the harms to victims made by malicious cyber activities. We suggest that Para 14 in the Annex C is amended. Belgium recommends the creation of a dedicated thematic group on victim assistance within the future regular institutional dialogue as an action-oriented outcome. The dedicated thematic group on victim assistance would, one, help states increase their understanding of the harm to victims and the human suffering caused by cyber attacks, two, exchange on best practice on how to mitigate them, three, support and guide states in the national effort to strengthen and advance victim assistance. On substance, however, we would like to recall that the first objective of a permanent mechanism is to advance implementation of the current framework. This objective cannot be realized without the monitoring of implementation. Concretely, this means we need to introduce in the permanent mechanism some language on states being encouraged to conduct voluntary reporting on their efforts to implement the framework. These reports could be presented and discussed during annual plenary session of the permanent mechanism. This reporting element is crucial to advance implementation of the framework. Further, the paper could also mention that the review conference could adopt a plan of action containing clear and measurable objectives for the intersessional period. Those milestones could be attached to measurable indicators that States could also report on. With this addition, Mr. Chair, we believe that the permanent mechanism would constitute a robust, action-oriented, and efficient instrument to advance the implementation of the Framework on Responsible State Behavior. In Para 8 of your paper, we propose to reverse the order of the functions and to list first implementation of the Framework as the first priority. We support the proposal made by Netherlands to merge Para 8 and 9 and to rephrase them. We support also a cross-cutting, comprehensive approach for each thematic group. In any case, Para 14d should remain. A mandate of two years for the Chair seems reasonable. However, the respective competencies of the Chair, Vice-Chairs, and facilitators requires more discussion. I thank you, Mr. Chair.

Chair:
Thank you very much, Belgium. The respective competency of the Chair is a deep reservoir of patience. We can put that as an element of modalities to be agreed, and I wish you luck in finding the next Chair. We go now to Switzerland to be followed by Argentina.

Switzerland:
Mr. Chair, thank you for your patience. With regard to Section E on CBMs, we can support the section in principle. We would like to reiterate the important role of regional organizations. A regular exchange of experiences with and in between these organizations is important, and we welcome the fact that it is mentioned. We also welcome the establishment of the global POC directory, and we support the step-by-step approach. to improve and enhance the functioning of the directory. However, like the European Union or other delegations, we would caution against overloading the network at this early stage. We also welcome the initial list of voluntary global CBMs contained in Annex B. We support Germany’s proposals for amendments to this annex. In Para 45, we would like to add the word voluntary to standardized templates so that this paragraph is consistent with paragraph 42D. Having said that, we share the concerns expressed by the delegation of Germany with regard to such templates and could also support the Netherlands proposal for an alternative wording of this paragraph. With regards to Para 47, we support its deletion as proposed by Australia and other delegations. With regard to Section F, the chapter on capacity building is very important and we support it in principle. However, we have some concerns and comments on the recommendations. We support Para 49 and 53. With regard to Para 50, we believe that the creation of the UN platform could lead to duplication with existing platforms such as UNIDIR’s Cyber Policy Portal or the GFCE’s Cyber Portal. We are open to further discussions on such a UN platform in order to better understand its potential functions and to ensure that scarce resources are not used for initiatives that cannot provide such added value. We agree that the first Global Roundtable was a success. However, we have questions about the recommendation in Para 51 to convene future high-level Global Roundtables during the UN General Assembly high-level week. Prima vista, this could be an added value and an enhancement of the topic. However, the target audience should not be experts, as mentioned, but rather high-level representatives. Otherwise, there is hardly any reason to convene such roundtables during the UN High-Level Week, and the similarity to the Global Capacity Building Conference to be held in Geneva in May 2025 would be too great. But we also wonder if it’s not premature to decide on such roundtables already now. It might make sense to decide on the future permanent mechanism first. Such roundtables could also take place in the margins of the plenary session of the future permanent mechanism. Finally, on this section, the creation of a UN Voluntary Trust Fund, as proposed in paragraph 53, harbors the risk, in our view, that money would flow out of existing and well-functioning funds, such as those of the World Bank, GFCE, or national platforms. A UN Voluntary Trust Fund could therefore lead to the work of such mechanisms being undermined. We are open for more discussions on this proposal to further clarify the role and function of such a fund and how the risk mentioned could be avoided. But we feel it’s too early to establish such a fund in principle. Finally, to our comments on the regular institutional dialogue. Our comments refer to the paper on the draft elements for the future permanent mechanism contained in Annex A. In our view, the proposed program of action is best suited to become this future permanent mechanism. With regard to the chapter on functions and scope, Switzerland is of the view that the main focus of the future permanent mechanism should be on implementation of the existing framework, including by strengthening capacity. Strong implementation efforts will in turn allow to identify objectively possible gaps in the framework that would need to be addressed through the permanent mechanism. including by further developing the framework. In our view, further development of the framework without a clear vision on what further elements or adjustments in the framework are objectively needed would risk wasting time and human resources for unfocused discussions. We therefore would prefer changing the order of the elements contained in para 8, letters A to C, by putting the content of letter A at the end. It would become new letter C. With regard to para 9, we would like to propose to use consensus language from the first and second APR with regard to possible new legally binding obligations. We therefore support the proposal of the Netherlands in this regard. This consensus language should be mirrored in the text about the thematic group on international law. Turning to the chapter on structure, we welcome in particular the proposal for a dedicated thematic group on international law. We think it’s important to continue the discussions on how international law applies in cyberspace and the future mechanism and to go deeper into this topic. We also welcome the proposal to hold dedicated stakeholder consultations prior to each plenary session. However, these consultations cannot replace the participation of stakeholders in the work during formal and informal sessions or meetings. We agree that the new format is a state-driven process and that states will make decisions. But the future permanent mechanism should allow broad and meaningful participation by multistakeholders without them being hindered by the vetoes of one or a few countries. Modalities for the proceedings of meetings and thematic groups should therefore allow stakeholders to attend formal and informal sessions, deliver statements and provide oral and or written inputs for consideration of member states. The paper must clarify this. As others, we think that the modalities of the AHC on cybercrime is a suitable model we should follow. We support Australia’s proposal in this regard for a paragraph 18d, Bs. We hope that we can adopt the elements paper by consensus in this working group, including the modalities for broad and meaningful stakeholder participation. In case this would not be possible, we would, in our view, need to add in 19a a new letter, C, the adoption of modalities. It would then be up to the states to decide the modalities of the new mechanism at the organizational meeting. We welcome the proposal for a dedicated thematic group to facilitate a cross-cutting approach. We would see merit in such an approach for all the thematic groups in order to overcome discussions in silos and to apply a more policy-oriented approach. The U.S. delegation has very well explained the reasoning for such an approach. To give an example, a thematic group could be mandated to address the implementation of the norms on the protection of CI and look at it from different angles. What are the threats? Which rules of international law do apply? Which CBMs are relevant? What guidance do the voluntary norms give us? What capacities do states need to implement the norms? But we think that it’s not necessary to decide now which thematic groups should be formed. It might be better to leave that decision to the future permanent mechanism. Finally, on the chapter on modalities, we would like to make the following comment. Switzerland cannot support paragraph 18d as it stands. In our view, there should be some flexibility with regard to the location of the formal meetings. Many relevant cybersecurity actors are present in other parts of the world and not necessarily in New York only. Therefore, there should be a possibility to convene formal as well as informal meetings of the future mechanism not only in New York, but also in other places where the UN has offices like Geneva. In our view, this would be particularly useful and valuable for the work of the dedicated thematic groups. and dedicated stakeholder consultations. If we limit meetings to New York, we deprive ourselves of very useful resources and knowledge for the work of the future mechanism. We therefore propose the following amendment to PARA 18D, I quote, formally plan recessions and review conferences of the permanent mechanism to be convened at the UN headquarter in New York, end quote. Thank you.

Chair:
Thank you. Switzerland. Argentina, please, to be followed by Moldova.

Argentina:
Thank you very much, Mr. Chairman. Very briefly, my delegation very rapidly want to return to the part on create capacity building. We’ve already made our position known, but we want to make some additional comments on paragraph 48B. We think that this paragraph has certain elements that are very valuable, that throughout the work of this group has been underscored by various countries, including developing countries, which is why my country would prefer to maintain the wording of the first part of 48B as it currently appears in its revised form in the report, and we would prefer avoiding the addition of the word caveats, which would change the nature of this paragraph 48B, especially with regard to improving efforts to adapt capacity building to the needs of receiving countries, including transfer technology skills, et cetera, experiences. We have no objections to the proposal of Uruguay for the second part of this paragraph. With regard to regular institutional dialogue section in the proposal of the mechanisms contained in Annex C, we’re going to make the following comments. Regarding paragraphs 54A and B, and to be absolutely clear that it’s the will of this group to avoid duplication of mechanisms, my delegation supports the proposal of Australia. adding single before future permanent mechanism so that and it reads states deepened discussion on possibility of a single deepen discussions of possible elements for the future single permanent mechanism as for C section annex C as we stated in July as we stated last time in paragraph 7 we’d like to added the importance of coordination in the future mechanism with other relevant process of the United Nations such as ITU and others as for paragraph 8 we want to reiterate what was again stated on the 1st of July the text of paragraph 8 as is currently written suggests that the main functions of the permanent mechanism seem to be only associated with the framework for the responsible conduct of states and the use of ICTs while a responsible conduct is one of the pillars of the work of this open-ended working group and is a priority for my delegation we don’t agree with the proposals of some delegations of elevating the pillar of the responsible conduct above other pillars of the work of this group in paragraph 8 C for example regarding capacity building get to the cross-cutting topic of this working group capacity building is presented as a activity that should be promoted with the sole purpose of allowing the states to implement the evolving framework on the responsible conduct and on this point my delegation would like to stress that capacity building is also associated with the bridging the digital divide the cybersecurity divide and promotion of technological development Pursuant to that, my delegations would suggest eliminating Paragraph 8 from Annex C and to return to the drafting of Version 0 of the draft, or to revise this paragraph that makes it possible to balance the Paragraph 8C and Paragraph 8 in general with the topics mentioned in the other pillars of the group. The proposed language we’d like to present to the group for Paragraph 8 in general in order to substitute it for the current Paragraph 8 and simplify it and to drop the exclusive focus on responsible conduct would be the following, and I quote, the main functions of the open-ended action-oriented permanent mechanism are, one, advance in implementation, development, and promotion, even more of a cumulative framework that is evolving in the responsible conduct of states in the use of ICTs, two, build cyber resilience by strengthening – by building capacities of all states in the area of ICT security, end of quote. This proposal we’re going to submit it in writing to the Secretary and to the Chair. Furthermore, we support what was mentioned by the delegation of the United States, that we would like the future mechanism to have broader opportunities for the participation of the private sector and that it’s not only reduced to the specific sections allocated to civil society and private sector. As regards Paragraph 12, as we stated on the 1st of July, we believe that the permanent mechanism should have a preparatory – an intersessional preparatory meeting prior to the substantive meeting to examine and review the PR draft as well as reports of the thematic groups and not subordinate. the organization of this meeting to only a decision of the chair of the future mechanism. And we’d like to reiterate our position on the importance for the future mechanism to have a sponsoring program or support program based on contribution of other states, similar to the programs, for example, that exist for the Arms Trade Treaty or other bodies that seek to promote inclusion and facilitate participation of developing countries in both informal and informal meetings of those mechanisms. On the same premise, we’d like to suggest that the future permanent mechanism should have a mandate to provide technical assistance, mobilize resources, and enable the transfer of technologies in line with relevant international law in order to build cyber resilience, mainly in developing countries and considering their particular needs. We believe that cyber resilience is not built through new norms, that many countries don’t have the capacity to implement, but rather, quite to the contrary, to provide countries with the most need in cyber resilience with the necessary tools and instruments to allow them to implement those norms as a natural consequence of the capacity that they acquire. Cooperation and technical assistance are fundamental elements in the peace and security agenda. An example of this are the cooperation and technical assistance mechanisms present in the Convention on Biological Arms, the Arms Trade Treaty, and the NPT inter alia. In the area of the ICTs, building cyber resilience through cooperation and technical assistance is crucial for international peace and security, mainly because, unlike other topics dealt with in the first committee, cyberspace is a very important issue. is – there’s an interoperability in cyberspace and a threat – anywhere around the world is a threat for the entire international community. Lastly, Mr. Chairman, we’d like to echo many delegations that both during this session of the 1st of July as well as yesterday have stressed the importance of stepping up efforts to avoid the duplication of future mechanisms, a scenario where there are multiple mechanisms will lead to a fragmentation of discussions and of multilateral decisions on cybersecurity, which could lead to incoherent and less effective responses to global cyber threats. The creation of a unified, a single mechanism will make it possible to have a coherent approach, thus maximizing international efforts in this critical sphere. This is why we support the proposal of Brazil, supported by Uruguay and other delegations, to grant a moratorium on the presentation of resolutions, new resolutions on future mechanisms at the next session. Thank you very much.

Chair:
Thank you very much, Argentina, for your statement. Moldova, to be followed by Cuba.

Moldova:
Mr. Chair, Moldova welcomes the increasing number of states that take the chance to reaffirm the importance of confidence in capacity building in furthering the cybersecurity agenda and would like to point out the following. First, CBMs are of paramount importance in building trust between states and could play an essential role in countering conflicts. We welcome the launching of the Point of Contact Directory and its first meeting in May this year and join the call to the UN member states who have not yet nominated their national POCs, both diplomatic and technicals to do so in the near time. Second, the Republic of Moldova welcomes that the draft APR recognizes the importance of voluntarily sharing among states on their national, as well as regional or joint views, and positions on how international law applies in the use of ICTs. It is worth stating in this APR that such capacity building efforts which undertaken in a neutral and objective manner can contribute to building common understandings of the application of the international law in cyberspace. I take this opportunity to applaud such programs like the one implemented by UNIDIR, which often requests support states in preparing their national positions on how international law applies in the use of ICTs. In line with the US, Australia, and Croatia, we would like to add voice in thanking the Republic of Korea for their convening of a high-level Security Council open debate on cybersecurity this June. As one of the signatories of the joint statement on the use of information and communication technologies in the context of international peace and security, Moldova is of the view that such events amplify the steadfast commitment to promoting an open, secure, stable, accessible, and peaceful ICTs environment in compliance with international law. Third, as a participating state at the OSCE, we are appreciative of the actions reported by this regional organization’s representative during last session about the conducted trainings, which among other objectives aim to create a better understanding and enable the 57 countries to meaningfully engage in international cyber policy deliberations at the United Nations level. Hence, my delegation is of the view that aspects of confidence building could continue to include engagement. with the regional organizations, and PARA 42G reflects this. Fourth, as Croatia stated yesterday and just recently Germany, we also see merit in addressing the gender equality in all chapters of this APR. In order to promote an equal and meaningful participation of women in decision-making processes related to the security of ICTs, we suggest adding in the last sentence of the PARA 51 that preferences in the selection of experts should be given to women when providing support to attend future high-level global roundtables on ICT security. Adding the same wording in the last sentence of the PARA 42C could also be an option. Thank you, Mr. Chair.

Chair:
Thank you very much, Moldova. Moldova, Cuba, to be followed by Thailand.

Cuba:
Gracias. Thank you, Mr. Chairman. With regard to Annex C, we’d like to reiterate our support for the comments made on this by the delegation of Nicaragua on behalf of the group of like-minded countries at the beginning of the session. We greatly value efforts for the presentation of a revised version of the document that can be found in Annex C with a view to building the necessary consensus for the design and establishment of a future mechanism for regular institutional dialogue as the only forum that addresses issues related to security and the use of ICTs and preserves its intergovernmental nature with the participation of all states and that preserves consensus as its… method for decision-making. We would like to underscore that it is up to this open-ended working group to decide, by consensus, the future channels for regular institutional dialogue. Annex C is a very good basis for this. I would like to stress the need not to overestimate or overvalue the role of regional organizations in the future mechanism. The document should make it clear that the participation of regional organizations in a future mechanism must remain as has so far been the practice for the relationship of these kinds of organizations within the open-ended working group. Cuba could not support that in a future mechanism for regular institutional dialogue too much weight is given to the role of certain organizations that could not be considered as regional partners or interlocutors. Regarding the establishment of thematic groups, we are in favor of adhering to the structure of the topics under consideration of the mandate of the current mechanism so that priority is not given to certain issues above others or that there is a confusion or repetition of discussions on thematic scopes covered by the forum. In any case, the proposal of creating new thematic groups or combining topics in the same thematic groups, just as convening meetings and during additional intersessional meetings should be decided by member states. As far as the participation of stakeholders, we were in favor of maintaining the modalities agreed to in the current open-ended working group. which represent that a compromise reached after a lengthy and complex process of discussion to go beyond this consensus could reopen the divergences and differences that we saw at the time. Lastly, we believe that we should not import into the future mechanism on cybersecurity practices from other forums, such as the Ad Hoc Committee on Cybercrime, which, due to its character and repercussions, are not fully in line or do not fully reflect the topics that we are discussing here. Thank you very much.

Chair:
Thank you very much, Cuba, for your statement. Thailand to be followed by India.

Thailand :
Thank you, Chair, for giving me the floor. Please allow us to contribute to the discussion on Section F and G concerning capacity building and regular institutional dialogue. On capacity building, Thailand supports various mechanisms for capacity building as proposed in the draft APR, including, first, the Global Cybersecurity Cooperation and Capacity Building Portal as an integrated state-driven platform that encompasses various initiatives. We support the proposal that the portal be developed as a levy platform that can integrate other constructive initiatives in the future, including a needs-based ICT security capacity building catalog, as introduced by ASEAN. Second, the High-Level Global Roundtable on ICT Security Capacity Building. We believe that this forum could be held on a biannual basis, serving as a main platform for Member States to further discuss and follow up on priorities and remaining gaps of cybersecurity, including assessing and updating ongoing capacity building programs. Thailand also supports the establishment of a voluntary fund to support the participation of at relevant meetings under the OEWG and the future mechanism as well as other capacity building programs. We take this opportunity to express our appreciation for the Women in International Security and Cyberspace Fellowship Program, which enables our women diplomats and practitioners to have a greater and more meaningful participation in ICT security discussions. Turning to Section G on regular institutional dialogue, Thailand generally supports the proposal as contained in Annex C. We also wish to see a single-track, state-led permanent mechanism under the auspices of the UN. The future mechanism should aim to be action-oriented and prioritize concrete initiatives, including on capacity building. We also see merits in establishing dedicated thematic groups to allow in-depth dialogue on a variety of topics. The establishment of such groups should be agreed upon by member states and remain flexible considering the evolving nature of cybersecurity. Nonetheless, given the limited resources, especially for developing countries, it is crucial to find the right number of sessions that the groups may convene to ensure that there is active and effective engagement in the discussions. Mr. Chair, we wish to reiterate that the deliberations on the establishment of the future permanent mechanism should be carried out within the existing OEWG framework in an inclusive and open nature to avoid creating dual forums on ICT security. We are of the view that the consensus-based principle should be upheld regarding the establishment of the future permanent mechanism. In this regard, we do hope that member states will exercise flexibility and constructively engage in the discussion to help us reach consensus. us on the elements of the establishment of the regular institutional dialogue by the end of this session. And please rest assured that Thailand is fully supporting in this regard. Thank you, Mr. Chair.

Chair:
Thank you very much, Thailand. India to be followed by Antigua and Barbuda.

India:
Thank you, Chair. India takes the floor for the first time during the eighth substantive session and wishes to extend congratulations to the Chair and his team for producing a balanced revised draft of the Third Annual Progress Report. Given the time constraints, India will keep its statement concise, focusing on Section F and Annex C of the draft APR. With respect to Paragraph 48C, India supports the suggestion by Singapore and agrees that the envisaged Global Cyber Security Cooperation Portal should function as a plug-and-play platform which would accommodate current and future proposals by countries. For example, the proposals made by Kenya on a threats repository and the one by Philippines about capacity building matchmaking could be incorporated into the portal if so decided by consensus. India has previously demonstrated during the sixth substantial session that the proposed Global Cyber Security Cooperation Portal offers a more comprehensive approach compared to other existing portals that are limited in their coverage of subjects and are driven by few countries only. Establishing a portal under the aegis of the United Nations would foster collective ownership and participation in its evolution and functioning and would be beneficial for all the member states, particularly for the developing countries. It therefore follows that its funding should also be collective. Turning to Annex C, agreeing to suggestions of Brazil, India emphasises the need to rationalise working groups. to enhance meaningful participation by developing countries without excessive strain on the resources. India also agrees with the Singaporean idea that all working group meetings may adopt hybrid formats to ensure equal participation of all member states. Regarding stakeholder involvement, India echoes the voice-not-vote approach of Brazil, emphasizing that the future mechanism must remain state-driven. In this regard, India agrees with the consultative role for stakeholders in the new mechanism as proposed by the Russian Federation. India stands by the principle that consensus is key and this principle applies to all substantial and procedural aspects of the establishment of a new future permanent mechanism. India remains committed to actively contributing towards the adoption of the third annual progress report by consensus by the end of this week. Thank you, Chair.

Chair:
Thank you very much, India, for your contribution. Antigua and Barbuda to be followed by Latvia.

Antigua and Barbuda:
Thank you, Chair. Chair, Antigua and Barbuda commend you and your team for the work done in preparing the revised draft of the third annual progress report, which we feel serves as a good basis for this week’s discussion. Chair, we welcome and support the action-oriented nature of the report and, taking into consideration the significant progress made during the process, we echo the call made during your opening remarks that, as delegates, we will all exercise a spirit of understanding, mutual trust, and flexibility as we aim to adopt by consensus the third annual progress report. Chair, with reference to Section B, Existing and Potential Threats, we welcome and support paragraph 14 and the reference to securing ICT-related critical infrastructure, such as undersea cables, in paragraph 15. We support Paragraph 19, 20, 21 of the draft, and we support delegations such as Malaysia, Vanuatu, Argentina, Fiji, UK and others for AI to be referenced comprehensively in Paragraph 22, and the change by Malaysia to new and emerging technologies. And Section C, Rules, Norms and Principles of Responsible State Behavior, we support the focus being on implementation of current norms to build capacity and raise resilience to a baseline as stated by Singapore. Here, we concur with other delegations that further norms may be developed over time. We support the inclusion of Annex A, the checklist of practical actions for the implementation of voluntary non-binding norms of responsible state behavior in the use of ICT as a useful guidance tool that states may wish to utilize. Chair, we agree that capacity building remains a fundamental and cross-cutting pillar of all the related discussions on ICT security. On Section F, Capacity Building, we support Paragraph 48B and the call for a Voluntary Trust Fund in Paragraph 52. We also see merit in the suggestion by Argentina for one of the functions of the Voluntary Fund to be the building of cyber resilience for states that really need it. Chair, we support – we are in support of a single track permanent mechanism like Bangladesh Dedicated intersessionals are challenging for small delegations like us given the already hectic schedule in New York, but we, however, may be able to participate in some hybrid meetings. Be assured, Chair of Antigua and Barbuda, support. Thank you.

Chair:
Thank you very much Antigua and Barbuda for your contribution. Latvia to be followed by Bangladesh.

Latvia:
Thank you Mr. Chair and good morning to all colleagues. We have been closely following the debate on the draft APR and welcome the rich discussion on all elements of the text. We align ourselves with interventions by the EU and would like to offer brief additional comments on some elements also in response to what has been said in the room. On section D, when it comes to the issue of potential development of additional legally binding obligations, we strongly support the use of agreed consensus language from the first and second APR. On section E, we once again commend the collective accomplishment under your leadership, namely the establishment of the POC directory. In this regard, we fully support the notion expressed in paragraph 44 on the priority to facilitate participation of all member states in the POC. Latvia strongly believes in step-by-step approach aimed to operationalize the instrument. We would therefore be hesitant at this stage to decide on adding new elements such as establishing new communication templates as envisaged in paragraph 45. On section G and the related annex C, we will not repeat our intervention from the intersessional meeting last week, but rather highlight the main points. First, let me reiterate Latvia’s commitment to a single track approach to the future mechanism, and also Latvia’s support to the ideas developed over years within the Programme of Action initiative on how such mechanisms should function. We believe that the primary function of the future mechanism should be advancing the international community. implementation of the framework of responsible state behavior in cyberspace. There’s still a lot to do to enhance capacity of states which are only at the initial phase of implementing the current framework. Therefore, our focus should be on this task. We support the proposals to make this clear in the text, including by reshuffling the order of elements in Para 8 of Annex C, as also suggested by Germany, Belgium, Switzerland, and others. Furthermore, we support those delegations, including the Netherlands, which seek to ensure that the references to potential development of additional legally binding obligations are in line with the agreed language from previous APRs. Finally, we reiterate our call for more ambitious language on stakeholder participation in future mechanism. Yesterday, Latvia, together with Bahrain, Colombia, and UNIDIR, organized a thematic side event on building cyber resilience through effective governance and stakeholder participation. Our takeaway from the rich discussion was the natural role of stakeholders that they play and should play in advancing more secure cyberspace. So the future mechanism should fully take this into account, while also respecting a voice, not a vote principle, as was also recently highlighted by India. And I thank you.

Chair:
Thank you very much, Latvia. Bangladesh, to be followed by Uganda.

Bangladesh:
Thank you, Mr. Chair. I would like to comment on Section F and G. On capacity building, Bangladesh reaffirms that capacity building is fundamental to the success of this group or any future mechanism. In this regard, we are pleased to see the inclusion of paragraph 48D on the development of a needs-based ICT security capacity catalog. an initiative that my delegation has been advocating from the past sessions. We also support the development and operationalization of a dedicated global ICT security cooperation and capacity building portal and recommendations as outlined in paragraph 50. Regarding regular institutional dialogue, my delegation comments your efforts in presenting the revised draft elements for the open-ended action-oriented permanent mechanism on ICT security in the context of international security. Bangladesh’s position on regular institutional dialogue is very clear. We reaffirm that the future mechanism for regular institutional dialogue must be a single track state-led permanent mechanism under the auspices of the United Nations. It must be open, inclusive, transparent, sustainable, flexible, and capable of evolving according to a state’s needs and developments in the ICT environment. In this regard, we fully support the guiding principles as outlined in the NXC. We recognize the importance of the principles of consensus, both in establishing the future mechanism and its decision-making process. In this connection, we fully support paragraph 5 of NXC as drafted. We also support Brazil’s proposal for a moratorium on competing resolution in the first committee for a future permanent mechanism. Chair, we endorse the framework outlined in NXC and are open to further discussing the structure of the future permanent mechanism. We support the establishment of dedicated thematic groups, intersessional sessions, and stakeholder consultations. However, we seek clarity on the frequency of meetings for these thematic groups as outlined in NXC. With the proposed four thematic groups initially and the potential for additional groups, how often each of these groups will convene annually? If each thematic group meets just once per week, we would already have four sessions dedicated solely to these groups, in addition to a plenary session of the permanent mechanism. On top of this, we would have inter-sessional meetings, stakeholder consultations, and potential additional dedicated thematic group meetings. This could potentially impose a considerable burden on smaller delegations such as ours. We urge all delegations to carefully consider this perspective, particularly if we aim for a truly inclusive mechanism. On this note, we also endorse the proposal put forward by several delegations to establish a dedicated sponsorship program for developing countries to attend these meetings. We endorse the outlined modalities and decision-making processes. As we approach the Open-Ended Working Group’s final report in 2025, it is prudent for the Working Group to thoroughly address any remaining issues. Finally, Chair, let’s not treat the name of the future permanent mechanism as sacrosanct. Let’s not treat it like holly reed. What truly matters is reaching consensus on its scope, structure, and operational framework so that it can effectively drive concrete actions forward. I thank you.

Chair:
Thank you very much, Bangladesh, for your contribution. I give the floor now to Uganda to be followed by Mexico. Uganda microphone for Uganda, please.

Uganda:
Thank you. Since it’s my first time to take the floor, I wish to thank you, Chair, for your leadership in steering the session of this Working Group thus far. and the dedicated team behind the USAP. I wish to assure you of my delegation support and hope to get the finish line on Friday and enjoy an early weekend before you all go back to our own countries. Chair, I fully appreciate and understand your desire to hand over to a more younger and in a genetic leadership to move forward this process. I know from my own experience, working in New York takes a toll. When I joined my mission in 2016, I had what we would call some good thick hair, blackish. But by the time I left in 2021, this is what is left of my hair. And I can see my colleague is also balding, so I wish to welcome him to my club. So Chair, the leadership of this process will be very invaluable to the future mechanism, so I wish to appeal that you don’t throw away the baby with the bath water. Chair, my own experience is a reflection of the daunting task faced by countries like Uganda, which have a limited human resource capacity to handle critical issues of cyber security. When I presented this draft report to my Secretary, he asked me to make for him a draft of five pages. So I was imagining how I’m going to summarize 58 pages into a five-page summary for him before my travel, so that he can endorse whatever I’ve summarized for him. Moreover, without a team of legal or ICT experts, it became such a daunting task, and I must say, my summary is still pending. So hopefully I’ll work on it when I go back. So Chair, I want to present. what Uganda supports in this RRPA report, and as I’ve told you, I’ve not read everything. Seriously, so I’m just giving what Uganda really would wish to support in this report. We fully support the establishment of the special fund to support participation of delegations from the developing world. But we want to see this support go beyond just participating here in the meetings, and also support us at the local level to set up institutional infrastructure to handle the matters of cyber security. My example in my country is that there are various ministries handling different aspects of cyber interests, so it becomes very difficult to know who the lead agency is and how to coordinate activities in regard to this area. We have the Ministry of Defense, the police, the telecommunications, so there are about six different government institutions handling different parts of cyber security. Uganda also supports the recommendation to have a mechanism within the UN where member states can easily seek emergency support to respond to cyber attacks on critical infrastructure within the shortest time possible. This is very important to us to avoid the situation escalating into political upheavals and unrest. Chair, Uganda also supports the recommendation to see how to best support victims of cyber attacks, especially the loss of life and damages to property. It’s very important for us that this topic is part of the discussions in the future mechanism. Chair, as a beneficiary, Uganda fully appreciates the Women’s Fellowship Program and adds our full support to have it reflected in the final APR. We all appreciate the meaningful contributions the women have made during these sessions, which wouldn’t have been possible without this fellowship. There will also be a few more empty seats in this room if you’re not here, sir. So I wish to appreciate and look forward to more discussions where women are enabled to come and attend. Chair, given my own experience of my summary of five pages, I fully support the proposal made by Member States to reduce on the size of the APR without compromising its content. I would love to make my work easy, maybe make a summary from five to three pages. Chair, Uganda fully supports the recommendation by Member States I’ve made on not trying to crowd the High Level Week here in New York during the General Assembly. I’ve been part of it. I know for sure how it goes. There are so many parallel meetings which all delegations are looking forward to attend, so to again squeeze in that crowded space another meeting on ICT would really make it very difficult, and even the attendance, because most of our countries may be focusing on other areas at the expense of this very critical subject. So I would wish that if at all this roundtable happens, it should be outside this High Level Week so that we all can participate in it fully. With those few, I wish to thank you, Chair.

Chair:
Thank you very much, Uganda, for your participation in this process and for your contribution as well. I give the floor now to Mexico to be followed by Côte d’Ivoire.

Mexico:
Gracias, señor. Thank you. Mr. Chairman, I’m going to focus on sections F and G. Regarding capacity building, we see the text continues to underscore the importance of capacity building as a cross-cutting topic, and as you know, for countries such as Mexico, this is essential. We also welcome the fact that to continue detailing key activities such as international cooperation, periodic organization of seminars, and partnership between the public and private sectors. We agree on the importance of efforts to elevate and raise awareness on the urgency of promoting capacity building efforts such as the high-level roundtable that took place last May, and we believe that it’s a good idea to conduct similar exercises that can coincide with certain major international events such as the high-level political forum or the high-level week of the General Assembly. Regarding paragraph 51, we’d like to maybe ask for a clarification on whether what is being proposed is the high-level week of the 79th session, or would it be a later period, a later session? Basically this is a proposal that is concrete and actionable that we can support, but we’d like more details on the length, dynamic, and the types of outcomes that can be expected. As for paragraph 52, while Mexico can support the establishment of a volunteer trust fund on capacity building, perhaps it might be a better idea for the time being to request the Secretary to prepare an initial report on the development and operationalization of this fund so that we can have more elements to evaluate the establishment of a fund in the future. also take on board some of the concerns we’ve heard from certain delegations. As far as Section G, Regular Institutional Dialogue, we agree with what some delegations have said, that we would like perhaps more text and perhaps maybe a shorter version in the Annex. I think the Annex does have some elements that is a step forward and that reflect some of the issues we’ve heard as convergent issues. We believe that this is an ambitious-ish text and we should continue working on some details to fine-tune them. But as far as this Annual Progress Report, I think a slightly more succinct version with guiding principles would be perhaps easier to work with. We agree with many of the guiding principles and basic aspects, pillars that you’ve proposed to us. And in particular, we believe that major convergence is that this should be a single mechanism and it should be a subsidiary body of the First Committee. This is something that I wish there’s convergence and agreement. We’ve also heard several delegations speak in favor of consensus. And we believe that you all know what the position of Mexico is regarding consensus. We’ve always sought consensus, but not a consensus which grants a veto power to 193 states. So, we believe that as we work on modalities for decision-making, perhaps we should also postpone this until later. Some aspects such as decision-making as modalities the length of the mandate, of the chair of the mechanism. All these are details I believe we could postpone until a later session. On the participation of stakeholders, I see that there’s some mention of this, but I think this should be expanded. Some delegations have already identified some very specific aspects where this could be included. I think that to relegate the participation of stakeholders to a dedicated session I don’t think is the right approach. I think their participation should be expanded. Also, we believe that the future mechanism should maintain a deliberative character, where we’re able to bring to the table various concerns. Also, where we should be able to take action-oriented measures, which, as we’ve heard, many delegations would like to see. As far as the format of the mechanism, we believe that it’s important to maintain plenary sessions. And as I already stated, not simply one session dedicated to stakeholders, but their active involvement. And also, the same thing applies to the creation of dedicated thematic groups. We have taken note of the thematic groups that you are proposing. And perhaps at this time, we would like to limit the quantity and the specificity of the topics. We believe that the quantity of thematic groups should not affect the equitable participation of smaller delegations. as might be the case with Mexico. So we believe that there’s a converging view on the need for dedicated thematic groups. It’s not necessary to define the number or the title, but to enable flexibility for dedicated thematic groups for certain for a certain period of time, which could be reexamined during review sessions. We’d also like to see a little more discussion regarding capacity building. That must be an essential component of the future mechanism in this section. We’d also like to think that there might be voluntary national reports to track the creation of capacity building at the national level, but also to create more transparency. And an additional last point would be to better understand what would be the interaction with the global directory of points of contact. We’d like to have a sufficient interaction and possible subsequent development of this. In other words, how this will serve to implement what might be agreed within this mechanism. In conclusion, Mr. Chairman, I would like to reiterate simply our request that perhaps this section can contain slightly fewer details and to focus more on general points of convergence that we have outlined in order to move towards the next phase. And as we have mentioned in an earlier session, we believe that perhaps inter-sessional periods from now until the next sessions, certain specific aspects of the work of open-ended working group could focus on the future mechanism of direct dialogue to fine-tune some of these aspects. Thank you very much.

Chair:
Thank you, Mexico, for your contribution. Dear friends, it’s 10 minutes to noon. It’s my intention at 12 noon to transform this meeting into a dedicated stakeholder session and to hear the views of the 12 stakeholders who have inscribed to speak. So I would invite the stakeholders to take their seats and be ready to make their interventions. And I intend to give each one of you three minutes, and I hope that you will be able to convey your message within the time allocated. And then we will return to the speakers’ list, and there are quite a number of you, and I hope that we will be able to finish this morning. And then I’ll give some thoughts on how we move forward. But it’s important that we give everyone a chance to speak. I have not interrupted any one of you. The statements have been lengthy, but it is the first reading. But we need to get to a second reading, and in order to get to a second reading, we need to get to a revised version of the third annual progress report. And that will require some time to be prepared. So I seek your understanding to be succinct for those who are still on the speakers’ list, and we hope to come back to you. So at this point, I think… We will take Côte d’Ivoire and maybe one more speaker before we go to the stakeholders. And I invite the stakeholders to take their seats. Côte d’Ivoire, please.

Côte d’Ivoire:
Thank you, Chair. Chair, as this is the first time that we are taking the floor this session, my delegation would like to commend the efforts made to draft the APR for 2024, which is before us. It demonstrates a real will to reflect the way, and accurately so, how our debates went over the previous sessions. It is a good foundation also for our discussions now and for our quest for consensus. I would like to beg your indulgence to briefly go over some previous points before touching on what we have before us at the moment. Now, on the existing and potential threats, we welcome the fact that the draft report underscores the frequency, the breadth and the growing seriousness of the use of malware and also phishing techniques and DDoS, which also better highlight their effects and how they slow down digital transformation in developing countries and how they hinder the bridging of the digital divide. On the applicability of international law, we would be in favour of making express mention in paragraph 37C of the African Union Common Position on the Applicability of International Law on the Use of ICTs in Cyberspace. This was adopted this year and, as we see, it was looked upon favourably by this group, Chair. To move on to the section on capacity building, Cote d’Ivoire supports the inclusion of the Global High-Level Roundtable on Institutionalisation to provide it with the necessary visibility and resonance. In terms of regular institutional dialogue, my delegation believes that is that this point should be a priority as we come towards the end of the term of the mandate of this group. We would also like this to be reflected not only in the deliberations of this meeting but also in the annual report of 2024. On annex C, Cote d’Ivoire is a co-signatory of the document of the Transregional Group on the proposal for the structure of a future mechanism. We welcome that several of these elements of this document were taken into account. However, on the title, my delegation has a clear preference for calling it a programme of action because all of the ingredients for this kind of tool, a programme of action, are there. The criteria, for example, for its establishment and also how it’s constituted, i.e. the measures and actions that need to be undertaken, planning them with a timeframe, the implementation process for them, the necessary resources and follow-up. Now on the guiding principles, my country would like to underscore that capacity building is one of the main reasons for us joining the programme of action. The mention of capacity building is therefore crucial, as we see it, particularly in paragraph 4 of this part, as the following wording, based on renewed modalities for capacity building. For the structure, the timeframe for substantive plenary sessions and review conferences requires some clarification from my delegation. Indeed, for the substantive session, annual meetings are planned for the first in March 2026, with the adoption of a report on a biennial basis every four years, and then every four years, a review conference. My delegation is in favour of approving the two biennial reports before each review conference. However, in the programme that’s proposed, it seems that the substantive sessions that seek to adopt a second report would coincide with the review conference. In this case, either there’ll be two meetings in one year, which would be a lot, or we would have to drop the fourth substantive session in order to give priority to the organisation of the review conference, and that would prevent the adoption of this second biennial report. If our analysis is indeed correct and these are plausible scenarios, we would propose review conferences every five years rather than every four years to encourage better planning. To conclude, we regret that this document does not take into account the creation of a dedicated thematic group for existing and emerging threats. At a time when this question is actually the very foundation of why we’ve mobilised for ICT security, as well as a sine qua non for the living dynamic mechanism that we are planning on creating, the creation of this kind of group is essential as we see it. Thank you very much, Chair.

Chair:
Thank you very much, Cote d’Ivoire, for your contribution and for your suggestions as well. So, friends, I intend to now transform this meeting into the dedicated stakeholder session, so I adjourn this meeting and I convene the dedicated stakeholder session to listen to remarks from the stakeholders who have registered. And for the stakeholders who would like to speak, who have registered to speak, please press the button so that the… Please press the button to speak only when you have been called so that the sound engineer can give the microphone to you. So we’ll start with wright pilot, please. Three minutes to you. Thank you.

Write Pilot:
Allow me, Mr Chair, to express my sincere appreciation to you and your team for effectively engaging with the multi-stakeholder community. I’m honored to be here today as the Chief Information Security Officer of DataSat and as a woman from Saudi Arabia. This marks my first engagement with the multilateral system of diplomacy on ICT security at the UN OEWG. Inspired by the numerous supportive initiatives that have emerged from this forum to empower and enable women in cybersecurity, I’m pleased to share my thoughts on the third annual progress report. States have expressed significant concerns regarding the security of artificial intelligence systems and the data used for training machine learning and AI models within the context of ICT security. Artificial intelligence, while capable of enhancing the speed and accuracy of ICT operations, also introduces risks such as enabling autonomous ICT attacks that may spiral out of control. As operations increase risk, the risk of cascading affects potentially causing unintended harm to critical infrastructure and may lead to misperceptions and unintended escalations between states. The symbiotic relationship between technology, humanity, and culture compels us to gain a deeper understanding of what security in a hybrid world looks like. The consistency of the report on rules, norms, and principles of responsible state behavior, paragraph G, highlights the importance of fostering transparency in the development of ICT products to enhance end-user trust. Mr. Chair, but to what scale and degree can we measure transparency? It’s imperative to explore this question to ensure that transparency truly serves its purpose in building trust and securing our digital environment. Security by design must be embedded in the development and manufacture of ICT products. This means prioritizing the integration of robust security measures over simply accelerating speed to market. By doing so, we ensure that security is not afterthought, but an integral part of our development process. This approach aligns with the recommendation of OEWG, fostering greater trust among end users and facilitating the swift identification of any vulnerabilities. Moreover, integrating quantum-safe encryption from the outset safeguards data and reinforce end-user trust in AI application and secure…

Chair:
Thank you very much, Write Pilot. I’m sorry that the three-minute time cuts off the microphone, and I apologize for that, but we are under a very tight schedule, and I seek your understanding, but you would be very much welcome to submit your statement, give it to us, we’ll put it on the website, and I also seek the understanding of the other stakeholders. After two minutes, your microphone will start flashing, and please do your best to wrap up your comments so that we can give the other stakeholders a chance to speak, and I still have more than ten delegations as well waiting to speak, hence the need to tightly manage our time. I give the floor now to Global Cyber Alliance for three minutes.

Global Cyber Alliance:
Chair, distinguished delegates and stakeholders, my name is Philip Reitinger, and I am the president of the Global Cyber Alliance. GCA is an international nonprofit that is focused on delivering a secure, trustworthy Internet that enables social and economic progress for all. Thank you for the opportunity to present. I will address two topics, capacity building at scale and understanding existing and potential threats. On the first topic, Capacity building is realized not only through policy and discussions, but must include practical efforts to extend the benefits of a secure Internet to everyone. Because of the scope of the Internet and its effect on every community, to be sustainable, effective and affordable, capacity building must be supported by tools, services and programs that work at Internet scale. Often these are provided not by government or industry, but by non-profit organizations operating on razor-thin budgets or through the support of volunteers. A group of organizations has launched the Common Good Cyber Initiative to take concrete steps to collectively address the challenge of sustaining these non-profit organizations. Besides GCA, the secretariat for this initiative includes the Cyber Threat Alliance, the Cyber Peace Institute, the Global Forum on Cyber Expertise, the Forum of Incident Response and Security Teams, the Institute for Security and Technology, and the Shadow Server Foundation. Next steps for the Common Good Cyber Initiative include raising our understanding and building a business case for non-profit organizations in cybersecurity, including mapping the cybersecurity non-profit organization ecosystem, two, delivering capacity and acceleration for cybersecurity non-profit organizations, and three, establishing a joint funding mechanism. On 30 September of this year, the City of The Hague, the Cyber Peace Institute, and the Global Cyber Alliance will host Beyond 125 Years, Securing Our Digital Future to further this dialogue. This initiative is relevant to the draft recommendations in paragraph 50 to 53 of the third APR Rev. 1. Second, with regard to understanding existing and potential threats, today GCA is expanding its Actionable Cybersecurity Tools Wiki, which already includes around 2,500 cybersecurity tools, to add the Threat Taming Tool Collection. This collection contains 300 free threat intelligence tools that will be useful for different stakeholders, including governments. to help combat cyber security incidents. Understanding threats is critical to modern cyber defense. And fortunately, there are free and open source tools available to help any organization. This input is responsive to draft recommendations in paragraph 29 of the draft APR REV1. Thank you very much.

Chair:
Thank you very much, Global Cyber Alliance. The next speaker is Academia Mexicana de Ciberseguridad y Derecho Digital. Three minutes, please.

AMCID:
Thank you, Chair. The Mexican Cybersecurity and Digital Law Academy, AMCID, would like to wish you a very good afternoon to you and representatives, stakeholders, and countries. AMCID is working to promote excellency of cybersecurity and digital law in Mexico and Latin America. And we focus on strengthening digital resilience and fostering an understanding of human rights in this field. This is a forum made up of more than 50 national experts. And we focus on training, programs, and research. We also participate of the National Alliance on Artificial Intelligence, too. And we have an integrated multidisciplinary approach. Last week, in collaboration with UNESCO, we presented Mexico’s evaluation for artificial intelligence with a view to having national strategies in line with the capacities and specific needs of this country. We’re also a leader on cybersecurity. Chair, the 2021 report of the GGE and the OEWG underscored a growing concern regarding how… threats are developing in the ICT sphere in the context of international security and geopolitical environments that are both very complicated. We would like to come back to touch on the following. Wars are born in the minds of people and it is therefore in the minds of these people that peace must be built. This reminds us of the importance of protecting human rights and fundamental freedoms with a view to developing new technologies which could aim, which could have objectives that are encountered to international peace and stability and could be a real threat. UNESCO is currently working on recommendations on ethics and neurotechnologies and we are participating in that too. We must also forget that various countries are currently drafting specific legislations on this question, neurotechnology. Neurotechnology is whether other technological tools could become accessible ways of directly impacting people and these technologies should be included in the list of existing or potential threats. I should also add that I and we also think that the gender specific approach is essential. This concerns women’s capacity to take part in decision-making in the digital sphere. Thank you very much.

Chair:
Thank you very much AMCID for your contribution. Next is German Council on Foreign Relations.

DGAP:
Thank you Mr. Chair for giving me the floor and for allowing stakeholders to provide input to the discussions. I’m Valentin Weber, a senior research fellow at the German Council on Foreign Relations which is a foreign policy based think tank in Berlin. Within my research group my team and I have recently focused on producing research and providing policy recommendations on how to advance the protection of critical infrastructure from cyber-threats. We are therefore very pleased to see that this issue is receiving a prominent role in the draft 3rd Annual Progress Report. Chair, all of these efforts to protect critical infrastructure from cyber-threats are very important. However, according to our research at the German Council on Foreign Relations, there is a huge gap in the implementation of the norms on the protection of critical infrastructure. In a recent report, we highlight that half of the countries represented in this room have not yet designated critical infrastructure sectors within their territories. That’s half of the room. At the German Council on Foreign Relations, we strongly believe that this challenge can be effectively addressed and that we can assist. Based on the data that we collected, we created a world map which shows which countries already have lists of critical infrastructure sectors and which do not. You can find this map on our website. At the same time, our map highlights that those states that have defined their critical infrastructure do share strong convergences in their critical infrastructure designation. Energy, ICT, transport, economy and finance, public services, and health are designated by an overwhelming number of states in their national strategies and documents as critical infrastructure. In addition to this, we are concerned that states are pre-positioning in other states critical infrastructures to prepare for future conflict. This is especially worrying when states conduct cyber operations against the electrical grid as well as early warning satellites and nuclear command and control systems. Member states should discuss whether conducting any cyber operations, including espionage, against this cyber threat. Select critical infrastructure should be off-limits. I’ve also previously written about this issue, and I’m happy to provide further information in case of interest. Here’s where I see a huge value in the OEWG, in providing the space to discuss how we can make the world a safer place for everyone. At the German Council on Foreign Relations, we’re not an action tank, we’re not a do-tank, but as a think-tank, we can sometimes provide the analyses and thoughts to make such a future happen and support you, Mr. Chair, in this endeavor. Thank you.

Chair:
Thank you very much, German Council. It’s really gratifying that the stakeholders think that this working group is doing valuable work. So I want to thank all of them, including those who are not speaking today, including those who might be watching from afar. Thank you very much for your interest. It’s us, the government delegations, who need to thank you because you have taken your time, because you think it’s worthwhile to come to the United Nations and to participate in a process here. So it’s us who need to be grateful for your participation, for your ideas, and for your support to, of course, find solutions and to make the world a better place. So thank you for that, not just to the German Council, but to every single stakeholder who’s present and watching the proceedings. Next is Hitachi America.

Hitachi America:
Thank you, Mr. Chair, for this stakeholder session. Hitachi companies supply CI, CII, including energy, transportation, digital, healthcare, and manufacturing. New innovations coming up include AI, quantum, nuclear fusion, and green for climate. Chair, let me touch upon the third APR Zero draft. First, threat. We observe global geopolitical challenges. While we utilize AI for productivity is more our concerns and vulnerabilities for safety. Same AI technology can be misused for military such as cognitive warfare and data poisoning. Human centric is essential from security by design to deployment with life cycle management. We should innovate positively for society rather than negatively. Second, 11 norms checklist is good to start. We can utilize it further for actions considering A, product-based piece of it because energy is different from health care. B, end to end supply chains security including chips, software, hardware, IOT, cloud, and leveraging methods like software build-up material, HBOMB, and zero trust. C, operational technology or OT for physical impact in mind in addition to ICT security working with standards like ISA, IEC. D, climate security consideration including circular economy. E, trusted information sharing critical for vulnerability amongst suppliers and users and states. Third, international law for stakeholders. It is great to coordinate international laws regardless peacetime or wartime online. Fourth, capacity building we aim for safety first for people and society enhancing capacity building keeping CBM together. Global cyber security cooperation portal coordinating with UNIDO cyber and AI leveraging mapping exercise is way to go. Global round table is a great opportunity. For practical actions, however, we cannot forget operational resiliency with a backup. and redundancies. Fifth, institutional dialogue. It is great to continue public-private partnerships for action-oriented permanent mechanism as drafted in the Rev. 2 of Annex C. In conclusion, stakeholders can…

Chair:
Thank you very much for your contribution. Before I give the floor to the next speaker, I want to ask all delegations to remain in the room. We will have to go beyond 1 p.m., so please do not leave. Firstly, because it’s important that you are here and listen to also the stakeholders’ contribution. And second, it is my intention to continue with the remaining speakers on the speakers’ list, and we may have to go beyond 1 p.m. So that’s just for delegations who might be tempted to make a quick stop outside the room at this point. Nuclear Age Peace Foundation.

Nuclear Age Peace Foundation:
Chair and distinguished delegates, my name is Alicia Barabay. I’m a youth activist with the Nuclear Age Peace Foundation, a peace messenger organization dedicated to creating a just and peaceful world free of nuclear weapons. Today, I wish to share with you the rising concerns about the malicious use of ICTs on command and control and early warning systems. Communication networks that ensure the accurate transmission of launch or abort commands and warning and surveillance systems that detect potential threats increasingly rely on ICTs to interpret and transmit data. While human decision-making remains the final determinant of detonation, fallible technological systems play a growing role in informing and relaying this decision. Technological malfunctions leading to false attack alarms are not without precedent. In 1983, the Soviet Union’s early warning systems. falsely detected and reported incoming missile strikes from the United States. Retaliation was only prevented by the officer on duty’s correct judgment that this was not a legitimate attack. Advancing cyber capabilities and reliance on them increases opportunities for exploitation by malicious actors. For instance, a spoofing operation that feeds false data into warning systems could trigger a high alert status and cause a misinformed retaliatory launch. Cyber operations compromising satellite communication networks could create false missile launch alerts, prompting military leaders under the impression of attack to launch a preemptive nuclear strike. These threats are not just hypothetical. Past malicious cyber operations demonstrate the capability of hackers to infiltrate the system successfully. In 2007, Syrian air defense radar systems were reportedly disabled by hackers. The current geopolitical climate exacerbates this precarious situation as relations between the two largest nuclear armed states have deteriorated. This situation makes command and control systems susceptible to cyber attacks, particularly those that could erroneously trigger warning systems. These tensions have further elevated distrust between states, putting them on high alert and predisposing them to react more swiftly to any perceived threat. Chair, while certain cyber attacks like cryptocurrency hacks have become unfortunately common, a successful attack on a nuclear weapons system is unprecedented and the consequences would be catastrophic. Ongoing cyber attacks have caused disruptions and threats to lives in the present. A cyber attack on nuclear weapons systems threatens the future of everyone alive today, including all of us in this room. On behalf of youth, I urge states to continue prioritizing capacity and confidence-building measures to protect these critical infrastructures. Implementing stringent cybersecurity measures and fostering international cooperation to mitigate these risks is not important. It is essential. Thank you.

Chair:
Thank you very much, Nuclear Age Peace Foundation, Cyber Youth Singapore, please.

Cyber Youth Singapore:
Thank you, Chair, for the opportunity to speak. We’re from Cyber Youth Singapore, a youth-led movement that empowers young Singaporeans to leverage technology to help themselves. We’re from Cyber Youth Singapore, a youth-led movement that empowers young Singaporeans to leverage technology to help themselves and their society thrive. My name is Beatrice Tan, and I’m 20 years old. Growing up in my digital age, I have witnessed firsthand the increased risks and harms my generation faces in cyberspace. This spurred me to volunteer my time with CYS. A key initiative of CYS is the enhancement of digital competence amongst youths in Singapore. Over the past two years, we conducted engagement programmes to help youths navigate cyberspace safely. Our volunteer-run, peer-led efforts reached over 30,000 young Singaporeans aged 13 to 16. Unfortunately, there is now a need to go further. The deepening application of artificial intelligence and the escalation of geopolitical tensions have resulted in a far more complex and intense cyberspace than what we educators used about just last year. What was once an exploratory environment of relative safety has become a deadly minefield of disinformation and mistrust. We can no longer protect our youth with our engagements alone. We need the cradle of support from the international community. Chair, for youths to thrive in the cyberspace, they must first survive. We thank all member states for their commitment to confidence-building and capacity development. These are important steps, but they are not enough. We humbly offer three suggestions. First, we call for all states to adapt existing legal frameworks to meet the evolving demands of cyberspace. We urge states to make serious attempts to operationalise their commitment to the agreed-upon norms of responsible behaviour to ensure that societies vulnerable can receive minimum protections from irresponsible and even malicious behaviour. Second, we call for all states to elevate the role of non-state stakeholders, specifically to continue including stakeholders in the OEWG and its succeeding platforms. NGOs like us, and others here today, play a vital role in keeping states accountable for their actions, and in multiplying state capacity by acting as key intermediaries with industry. Third, we call for youths to be more involved globally. We fundamentally believe youths need to go from being price takers to market makers. To equip youths to do so, we intend to organise a Digital Youth Forum in Singapore by 2026. This platform will allow all stakeholders to come together to boost capacity development specifically to mitigate cyber threats for the young. We look forward to welcoming you there. The OEWG is making significant progress in shaping responsible state behaviour in cyberspace. But Mr Chair, nothing about us, without us. As the OEWG continues apace, we hope it will do so with the voices of those who will inherit the legacy it leaves in its wake. Thank you.

Chair:
Thank you very much, Cyber Youth Singapore. Youth for Privacy, please.

Youth for Privacy:
Dear Chair, Youth for Privacy is glad to be here at the Open Ended Working Group on ICTs today. For our intervention, we wish to address our suggestions regarding the Annual Progress Report focused on three themes, youth, privacy and sustainability. First regarding youth, as next to me said, nothing about us, without us. After years of negotiation, we see that the Working Group is now in the implementation stage where we discuss the specifics of the confidence building measures, norms and the proposed permanent mechanisms on ICT security. While we agree with the proposed confidence building measures and norms, we suggest the Member States take a holistic approach to cyber security capacity building, particularly in regards to the youth. We want to let Member States know that an effective national security strategy must also be accompanied with cyber security education in schools. plans for cybersecurity workforce development, and various cybersecurity youth initiatives. We suggest addition of youth-related components in the norm A of the report. We also propose cybersecurity workforce-related thematic groups as part of the permanent mechanism on ICT security. Second, regarding privacy, as noted in the report, the United Nations General Assembly has adopted multiple resolutions on the right to privacy in the digital age, and privacy is mentioned in proposed norms E and I. However, we strongly believe that privacy could play a bigger role in the report than it does currently. Rather than national positions, can we suggest having a comprehensive data privacy regulation or a thematic group focused on data privacy? Rather than being on the periphery, privacy can be the throw line that ensures responsible state behavior in ICTs. Finally, regarding sustainability, with the increased competition for AI, companies and governments are spending more energy on compute resources. By some calculations, by 2026, the data center energy use could match that of the entire countries like Germany or the Netherlands. It is estimated that the ICT sector contributes to 4 to 10 percent of global electricity consumption currently. We believe that a sustainability dimension to the norms is not only good to have, but a necessity and successful implementation of the SDGs. In conclusion, incorporating youth perspectives as the guiding principles for the use of ICTs is not only beneficial, but essential for creating a secure, inclusive, and prosperous digital future. We urge all delegates to consider the voices of our individuals in your deliberations and to recognize their potential as partners in shaping the digital world. Thank you for your time.

Chair:
Thank you very much, Youth for Privacy. Next, National Association for International Information Security.

NAIIS:
Thank you very much for giving me the floor. The APR report’s proposal elements for an open and action-oriented permanent mechanism for ICT security in the context of international security is based on the OEWG. mandate and develops it as a proposal to create a permanent thematic subgroups to carry out specific discussions, including our subgroup on international law, to further discuss and study and understand how international law is applicable to the use of ICT, including, where necessary, developing further periodical documents. It seems that this kind of indication of possibility of developing a legally binding document is a positive step forward. The idea that the norms and principles add to international law and strengthen it doesn’t make them mandatory for implementation in any type of national legislation. On the contrary, many areas of activity and cooperation in other spheres require new legally binding documents to be adopted. This was the case for outer space and the high seas. This online is very different from the physical world and therefore it is more than the simply national infrastructures and implementation of norms, rules and principles on a national level is an important process. The overall national implementation cannot replace international regulation. The adoption of a legally binding document will allow us to overcome existing difficulties linked with the application of norms of state responsibility and behaviour in terms of normative international legal system. But this should also create justification for how to regulate this both in international relations and in public, publicly and national legislation too. In this connection, it would be wise to have a clear reflection of the need to develop a legally binding norms in the mandate and functions of the new mechanism. At the same time, it’s also important to underscore that the proposed elements to take into account how international law is applicable for the use of ICTs has for years been on the agenda of various international forums and is subject for various studies, including by a national association. So, we have results from this and it can bring people closer to consensus. However, if this current mechanism is results focused, it could be more successful if the discussion of further legal abiding instruments will be done as part of a separate working subgroup to look at various states’ initiatives to reach consensus on the principles and scope on applicability of these new principles. Thank you for your attention.

Chair:
Thank you very much. National Association for International Information Security. Next is ICT for Peace Foundation.

ICT 4Peace Foundation:
Esteemed Chair, distinguished delegates, colleagues, and friends. My name is Anne-Marie Bisottu, Executive Director of ICT for Peace Foundation, a non-profit organization working at the intersection of technology, peace, security, and human rights based in Geneva, Switzerland. Thank you for this opportunity to deliver these short remarks. As we stand on the cusp of establishing a permanent mechanism for addressing global cyber security challenges, we must ensure that our approach is comprehensive, effective, and forward-looking. First of all, for more than five years, ICT for Peace has proposed the implementation of a peer review mechanism on accountability. Inspired by the Human Rights Council’s Universal Periodic Review or UPR process, this mechanism would enhance transparency and foster trust among nations, promoting respect for international obligations, norms, and principles. By helping to hold states to account, this would strengthen the foundation of our shared digital future. Secondly, to restate a similarly longstanding call of ICT for Peace Foundation, we call upon all states to make a public commitment to not engage in cyber attacks against critical infrastructure. Such a declaration would significantly contribute to global stability and protect the essential systems that our societies rely upon. However, to achieve our aims, we also need to anticipate emerging technologies and the challenges, threats, as well as opportunities they offer. We stand at a critical juncture in technological advancement, one that demands our immediate attention and action. I speak of the advent of quantum computing, a development that holds both immense promise and potential peril for our global cybersecurity landscape. The power of quantum computing threatens to render obsolete the vast majority of our current cryptographic systems, the very systems that protect nearly all the data stored in our ICT infrastructure, from financial transactions to sensitive government communications, from healthcare records to critical infrastructure controls, all could be laid bare if we fail to act swiftly and decisively. This is not a distant threat, but an imminent challenge that requires our immediate and concerted effort. Echoing the words of Finland, who has spoken most forcefully on this topic, we must take measures now to prevent the potentially disruptive and profound impacts of quantum computing on cybersecurity, invest in the development of quantum-resistant cryptography, and begin the monumental task of upgrading our global ICT infrastructure so that we can reap the quantum computing’s positive and transformative impacts, including enhancing and strengthening our cybersecurity. This endeavor will require unprecedented levels of international cooperation, knowledge sharing, and resource allocation. Moreover, we must ensure that all nations, regardless of their current technological capabilities, are included in this quantum transition. The disparity in quantum…

Chair:
Thank you very much, ICT for Peace Foundation. Please feel free to submit your text to us. We’ll be happy to put that on our website. I give the floor now to Chatham House.

Chatham House:
on the international law section of the draft APR. First, we agree with several delegations that the application of international humanitarian law or IHL to the protection of civilians and critical infrastructure should be made clear in the text of paragraph 36 F and G of the draft APR. However, we also want to draw the attention of delegates and other stakeholders to the fact that not only IHL applies to the protection of civilians and critical infrastructure including during armed conflict. We must not forget that international human rights law continues to apply alongside IHL even in situations of armed conflict, providing complementary and oftentimes more robust protections for civilians and civilian critical infrastructure. Likewise, obligations arising from the principles of sovereignty, non-intervention, non-use of force, due diligence might also be relevant to the protection of civilians and critical infrastructure in both peacetime and armed conflict. So we suggest that paragraph 36 FG should be merged and read highlighted the obligations of states regarding the protection of civilians, critical infrastructure and critical information infrastructure under existing international law including international humanitarian law during armed conflict. Secondly and relatedly, we don’t think that human rights have received enough attention in the international section of the draft APR. And so we therefore support the suggestion by several delegates and stakeholders to include in the APR the language on human rights contained in the recent working paper on international law submitted by Australia, Colombia, El Salvador, Estonia and Uruguay which is taken from the 2021 GGE report. Thirdly, we welcome the call from several delegations for scenario-based exercises. This suggests that we need to think more generally about adopting a more practical or a concrete approach to the application of international and cyberspace within and outside of the OECD. These approaches allow us to better understand where there are gaps and areas of disagreement or consensus, and therefore reach consensus more easily. We think that similarly helpful approaches include discussions of cross-cutting issues and sectoral discussions or case studies of particular sectors like critical infrastructure. Finally we notice the enormous appetite from delegates for continuing expert briefings on international and cyberspace, which we fully support. But these briefings need to be meaningful, so we should have sufficient time allocated to add the expert presentations, and the format should be a bit more interactive to allow constructive discussion among experts and delegates. Thank you, Mr. Chair.

Chair:
Thank you, Chatham House. We go now to the last stakeholder, Crest International.

Crest International:
Thank you, Chair and delegates. I address you on behalf of Crest International, of which Global Cyber Alliance is a community supporter. Crest is a not-for-profit which brings 17 years of experience of building trust in the digital world. It works with governments and regulators to advance the currency and capacity and capability of cybersecurity, cyber service providers, and professionals through standard setting and quality assurance against them. Its mission is aligned with Norm G and the protection of critical infrastructure from ICT threats. From that perspective, Crest welcomes the proposals set out in paragraph 30 of the Webron draft and the OEG’s third annual progress report and the draft proposals for an open-ended, action-oriented permanent mechanism on ICT security. Crest commends the OEWG’s ongoing commitment to stakeholder engagement and the draft proposal’s provision for dedicated stakeholder consultations. Noting the Chair’s exhortation to collaborate with each other, Crest actively collaborates with stakeholders to facilitate knowledge sharing, enhance best practices, combine on services where appropriate. and support collective goals of an open, safe, secure, accessible, and peaceful ICT environment. Collaboration is enabled through membership of organizations like the non-profit Cyber Coalition and the GFCE, and engagement with a growing number of CREST community supporters globally. CREST invites all UN OEWG stakeholders to consider becoming CREST community supporters to continue our valuable work together. Agreeing with APR Rev. 1 paragraph 30E on the need to strengthen measures to protect critical infrastructure from ICT threats and the requirement for operators to be provided with support, we urge the OEWG, within its discussion of proposals for the elaboration of rules, norms, and principles of responsible state behavior, to consider promoting minimum standards for the security of critical infrastructure and harmonizing international certification frameworks to support creation of trusted pools of cybersecurity service providers and professionals globally to give operators confidence in the quality of services. Noting the recommended next step in paragraph 32 of the draft APR, CREST can offer the OEWG website the standards and guidance it has developed with government partners as part of the additional materials to support states with item 3 of the Norm G’s checklist. Specifically, given paragraph 14’s reference to aviation as a high-threat sector, this might include the U.K. Civil Aviation Authority’s Assure Scheme, which CREST helped develop and implement. In conclusion, CREST endorses the APR and draft proposals, is committed to supporting the OEWG’s goals and priorities through its ongoing efforts in standard setting, capacity building, and stakeholder engagement, and looks forward to continued collaboration with states and stakeholders. Thank you.

Chair:
Thank you very much, CREST International. Once again, my deep appreciation and gratitude to the stakeholders who have spoken, but also those who have not spoken but will remain very much engaged in this process. Your contribution and your ideas are very much needed in this process, but also beyond this process in the future permanent mechanism. So my gratitude to you once again. So I now conclude the dedicated stakeholder session, and I resume the fifth meeting of the eighth substantive session to continue our deliberations on the first reading of the Third Annual Progress Report. And I now give the floor to Egypt to be followed by the Dominican Republic.

Egypt:
Thank you very much, Mr. Chairperson, and we renew our thanks to your effective and consistent leadership. We will dedicate this intervention to share our substantive observations on the rest of the draft Annual Progress Report. Firstly, we welcome and support establishing and operationalizing the Global Directory points of contacts. However, we plead caution on the need to assign the chairperson with additional responsibilities in this context, including holding intersessional meetings on the points of contact, bearing in mind that the POC is not and should not be in a position to deliberate at policy level on the work of the OEWG. Secondly, on international cooperation and assistance, being one of the delegations which consistently supported establishing a trust fund to support states’ efforts to realize and ensure a safe and secure cyberspace, we welcome and support the language and proposal on establishing a trust fund to support states, particularly developing countries, as captured in paragraph 52. For the proposal to establish a global cybersecurity cooperation portal, while we support in principle this proposal, however, we have stressed on numerous occasions the importance to benefit from existing efforts, including the Cyber Policy Portal by UNIDIR, which has developed over time and overlaps with several of the modules proposed within the GCSC. We support further complementarity in this regard. On the regular institutional dialogue, we are generally receptive to this updated text, including the emphasis on the three main functions of the future mechanism. Implementation of existing agreed framework, further development of that framework, and capacity building as a standalone and cross-cutting matter. With such parameters of a comprehensive framework, there will be no need to establish any parallel process. We have doubts regarding the proposed plenary meetings frequency. We share the viewpoint that it should be convened biannually, taking into account that we already may have informal working groups that pursue the discussions on the outstanding issues. In this vein, we believe that it is important to rationalize the number of the proposed working groups that could be for a limited time and must be decided by member states. So as to ensure the effective participation of all delegations, in particular from developing countries. We appreciate and support the proposal by Brazil on the moratorium on a joint commitment to refrain from tabling any draft resolution on cyber security until the conclusion of the OEWG mandate. And we encourage all delegations to join this call and uphold this shared responsibility. Finally, Mr. Chairperson, we still believe that it is the time to accord advanced priority to certain matters in particular to the regular institutional dialogue by convening focused discussions on the matter, while other outstanding matters can be considered within the context of the future mechanism. As if we continue to address simultaneously all agenda items, this might overburden the discussion by issues that could be further addressed in the context of the future. Thank you very much, Mr. Chairperson.

Chair:
Thank you very much, Egypt, for your contribution. Dear friends, I have about 15 delegations and it’s my intention to conclude all of them. So I would appeal to… to all of them to be as succinct as possible. Dominican Republic to be followed by Colombia.

Dominican Republic:
Muchas gracias, señor Presidente. Thank you. Chairman, we go to paragraph E, on confidence-building measures, the Dominican Republic would like to highlight the following points. At the outset, I’d like to reiterate that Dominican Republic’s view that confidence-building measures are essential to enhance mutual trust and predictability among states to avoid misunderstandings. We attach great value to them and are actively involved in the implementation of the 11 confidence-building measures of the Organization of American States as part of our work plan as chairs of the OAS Working Group on Cooperation and Confidence-Building Measures in Cyberspace. We welcome the launch of the Global Directory of Points of Contact and the organization of its first meeting last May. We join the call made by some delegations that those countries that have not yet submitted the names of their points of contact should do so as soon as possible as a way of contributing, or as a way rather of continuing to strengthen and operationalize this initiative, which is one of the concrete deliverables of this working group. In the same way, we support the reference to the development of standardized templates based on exchanges with the framework of the Global Directory of Points of Contact. We also welcome the inclusion of an initial voluntary list of confidence-building measures based on the final report of the 2021 Open-Ended Working Group and the previous annual progress reports of this working group. and express our support for the efforts to be made by the chair of this working group with a view to its development, expansion, and operationalization. With regard to paragraph F regarding to capacity building, we believe the following comments are relevant. We believe that this is one area where we should step up efforts in the area of cybersecurity with a special emphasis on support for developing countries. Also, promotion of a gender perspective and a standardized questionnaire to determine the needs and areas for improvement in this area, and the promotion of transfer of knowledge and technology. We acknowledge the efforts made by stakeholders such as the UNIDIR, Global Forum on Cyber Partnership, and Cybersecurity Program of the Organization of American States, as well as Center for Cyber Capacity of Latin American and Caribbean, LACFORT, of which the Dominican Republic is host country and participant. And also, such organizations as the International Forum that reports cybernetic incidents first, and other relevant stakeholders at a bilateral and multilateral level with whom we’ve had an opportunity to work. It’s important to highlight that various of these actors are not regional, but rather global. And in many cases, they already have established cooperation mechanisms with regional organizations. We share the recommendation that the secretariat should prepare for consideration of this working group an initial report on the proposal for the development and operationalization of a global portal dedicated to cooperation and capacity building in the area of ICT security. taking into account related initiatives in order to optimize synergies and avoid duplication. We also support the idea of creating a voluntary – a UN voluntary fund on security and the use of ICTs. However, this should be based on clearly established principles, ensuring regional representation and gender balance, and this should be aligned with other regional and global efforts that already exist and based on the need to avoid duplication and the optimal use of limited resources. With regard to subparagraph G on periodic constitutional dialogue, we consider it relevant to make the following observations. We welcome the document elements for the permanent open action mechanism on ICT security in the context of international security with a view to ensuring a smooth transition of this working group to a future permanent mechanism. Finally, we would like to express our support for Brazil’s proposal to establish a moratorium on the consideration of resolutions within the first committee on issues related to the work of the OEWG. And on this, we are committed to working to achieve a realistic and acceptable proposal for all. Thank you very much, Mr. Chairman.

Chair:
Thank you, Dominican Republic. Colombia, please, to be followed by Saudi Arabia.

Colombia:
Mr. Chairman, with regard to the confidence-building measure section, we agree with the language of 42B on points of contact and 42D on the possibility of developing voluntary protocols that facilitate exchange of information and cooperation among its participants. As mentioned by the delegation of Ghana yesterday, this last point is also of particular importance for our delegation, given that it’s in the interest of Colombia to improve, expand and strengthen mechanisms for exchange of information on cybernetic incidents, including its storage, processing and analysis. We believe that, as included in Recommendation 45, an initial version of these formats are examples that could be offered by regional organizations. With regard to Paragraph 46 on new confidence-building measures included in Annex B, we believe that these are a step forward and it’s essential to continue advancing and promoting trust at the national, regional and global level. We agree with the delegation of Germany that, if they were adopted at this session, the language on new confidence-building measures should be action-oriented. Taking into account leadership, an example of this working group is a multilateral forum of the United Nations. We suggest that, in the future, confidence-building measures should be considered regarding the promotion, inclusion and participation of effective and meaningful leadership of women in decision-making processes related to information technologies, based on confidence-building measures 7 of the OAS. Mr. Chairman, regarding the section on capacity building, we believe that the considerations and steps recommended in the part on capacity building respond to – reflect proposals and debates that have taken place at previous sessions. We support the proposal of Australia to merge provisions of Paragraphs 48C and F regarding the Direct Future Mechanism. Regarding our suggestion on Recommendation 50 on the postponing of what was requested by the Secretary with regard to the portal on security cooperation of ICTs. So that mention is included in draft one of the report on characteristics of the portal, including a – lastly, regarding the topic of regular institutional dialogue, we’d like to express the support of our delegation for the proposal of France on the first day of this session. oriented towards action agreed in the IPR are joined or merged with the work on the permanent mechanism. It’s important to have ideas and projects that are valuable for the correct implementation of this mechanism. Thank you.

Chair:
Thank you, Colombia. Saudi Arabia has indicated that they would like to speak later. Qatar is on my list as well, but I noticed that they are not on their seat at this point. I give the floor now to Chile to be followed by China.

Chile:
Thank you, Mr. Chairman. I’d like to refer to section F on capacity building. We value the text presented in an area that we believe is of vital importance for the framework of work for responsible conduct, and we value the capacity building meeting in May of last year. That strengthens the work of this group. I’d like to also highlight the mention of gender perspective in paragraph 48 and the need to promote the development of capacity building with the gender perspective, including through incorporating this perspective in national ICT policies and capacity building in Chile. A country with a feminist foreign policy believes that this is very important and that this should be cross-cutting in all the work of this group. As for paragraph 51, we agree of having a high-level roundtable on capacity building and ICT securities. However, as was very well said by El Salvador, Ecuador, Uruguay, and others, we prefer that this does not take place during the high-level week of the General Assembly at the upcoming session for reasons previously explained by those delegations. We also welcome the mention of regional organizations and sub-regional ones together with other stakeholders in paragraph 53. We believe that a regional and sub-regional approach is very important in capacity building because it makes it possible to have a more clear and appropriate vision of the specific needs regarding technical assistance and capacity building programs. We value the initiative of the establishment of a voluntary fund, although, as other delegations have mentioned, it’s important to continue discussing and analyzing it in order to find a consensus – a format that – on which there’s consensus. Lastly, regarding the proposal of the European Union on the need to coordinate various initiatives and programs that exist today in the area of capacity building, it’s true there are initiatives that have been developed over the many years – cooperation frameworks and initiatives that incorporate a regional perspective, for example, the Global Forum of Cyber Expertise, inter alia. And lastly, ultimately, the idea is to have an appropriate coordination without duplicating efforts. Following the regular institutional dialogue, we want to express gratitude for last week’s session on this, and also thank you, Mr. Chairman, for all your efforts. to come up with a balanced and consensual proposal on a future permanent mechanism. We believe that the elements contained in LXCREF2 are promising and allow us to align the – to achieve a future structure that will meet the needs of countries with regard to ICT security. For Chile, it’s very important for the future mechanism to be an effective instrument that helps countries to strengthen their capacity in implementing the framework on the responsible conduct of states in cyberspace. With this in mind, we think that we should make sure that this should be a single mechanism and whose discussions should take place within the mandate of this working group, as mentioned by Brazil and others. As for more specific comments regarding the language of the annex, we agree with the proposal made by the Netherlands regarding a new language that merges paragraphs 8 and 9. We believe that this new proposal significantly improves the language of the text and establishes more balanced criteria regarding the scope and functions of the future mechanism. We also value the proposal on thematic groups as a way of facilitating an integrated framework, and we highlight the cross-cutting approach of the discussions, in particular on capacity building, which has a direct impact on other topics of the framework of work. As other delegates have mentioned, it’s not a good idea to have additional binding obligations. While we understand that there are some delegations that prefer this approach, we believe that the future mechanism should put priority on approaches on which there is consensus. We believe that this is the most realistic way to address the most – in the most successful way, the most urgent way, issues related to ICT security. At this point, we’d like to highlight the working document presented by the United Kingdom, Estonia, Fiji, Japan, and by our country. Regarding modalities for the participation of stakeholders, we have developed a common position together with the Delegation of Canada, for which we simply want to say that we fully subscribe to what they will say on this topic during their statement. Thank you.

Chair:
Thank you very much. Chile, China, to be followed by the Democratic Republic of Congo.

China:
Thank you, Mr. Chair. Mr. Chair, China has already stated its position on the future mechanism issue at the informal meeting. Initially, we had no plan to occupy the precious time here and to speak. However, we have listened to some countries’ remarks, and I thought I should correct a misleading statement. China noticed that some countries mentioned in their statements that we are currently discussing the future POA, some even stating that POA and the future mechanism are the same thing. China firmly objects to the practice of conflating the two concepts and prejudging the outcome of our discussion. We would like to emphasize that we should treat all proposals equally in our discussions, including POA, in order to extract common elements on the future mechanism. Such is our basis, and on this basis we should narrow our differences on the future mechanism. This is the basis of our discussions today and our discussions in the future. In addition, last year we have already agreed on the principle of consensus. We are firmly against any attempt to rewrite what’s been agreed on. We are against dividing the principle of consensus into substantive and procedural issues. Thank you, Chair.

Chair:
Thank you very much, China, for your contribution. Democratic Republic of Congo, to be followed by Lao PDR.

Democratic Republic of Congo:
Merci, Monsieur le Président. Thank you, Chair. As it’s the first time my delegation is taking the floor, allow me at the outset to echo those previous speakers on commending your commitment and leadership and also congratulate you and your team on the tireless work that you have done and are continuing to do since the start of this process to date. My delegation would assure you of its full support. Chair, in terms of CBMs, my delegation would like to underscore the importance of strengthening them to ensure responsible use by states of cyberspace. While we commend the Global Directory of Points of Contact on its first meeting, my delegation would like to see that in order to facilitate a secure and direct communication between these points of contact, it would be desirable for this directory to be accessible in all UN languages. As you can see, Chair, in the framework of ICTs, in the case of ICTs, there’s a problem of terminology and terms for ICTs, and the translation of these terms is not always available in every language. So we’d be in favour, therefore, of Paragraph 42F. And we propose that we make this platform inclusive. in order to accelerate the implementation of CPMs and to allow points of contact in developing countries, indeed those from my country, to have access to it. There is an urgent need for support, our specific training, to bring people up to the right, correct level. We would be grateful to the Secretariat to provide us assistance on this. If not, it would be difficult to carry out these scenario exercises. We welcome the recommendation made in paragraph 44, which encourages states who are able to do so to provide support to points of contact in developing countries so that they can then attend in person at the OEWG meetings as points of contact. On capacity building, my delegation would like to underscore the importance of international cooperation and technical assistance to address cyberspace threats. This is why we support paragraph 48 and we welcome the proposal made in paragraph 48b and also the paragraph that calls for the implementation of a fund, or the creation of a fund. As some delegations have already said, my delegation supports a proposal made by India to create a global cyber security portal and the proposal from the Philippines for a capacity building catalogue. However, we would like the management of all these tools to be carried out by the United Nations and that’s why we also support the proposal made by Egypt on the importance of showcasing what we already have on UNIDIR. So that’s all so far, Chair. Thank you.

Chair:
Thank you very much, Democratic Republic of Congo. for your contribution. Lau PDR to be followed by Nigeria.

Lao PDR:
Thank you, Chair, Distinguished Delegate. In recognizing the critical importance of ICT security today in the connected world and the need for enhanced international cooperation to address emerging threats in ICT domain, we believe that the establishment of the future mechanism for ICT security to be adaptive and flexible is essential. This mechanism is crucial to build support to progress achieved and further advance the agenda set forth by the OEWG. In parallel, we appreciate that the mechanism will continue to implement the agreed support action point to advance the collective framework for responsible state behavior in the use of ICT. This component will prioritize practical initiative, capacity building effort, the information sharing to enhance ICT security in New Zealand, regionally, and globally. In this context, I would also like to echo my ASEAN colleague’s statement and highlight the supportive role of our regional cooperation framework under the ASEAN, which complements the progress we have made under the OEWG. As for small developing countries, we value the regional leading role in supporting the implementation of the agreed action to effectively mitigate shared ICT concerns. In conclusion, the Lau PDR supports the future mechanism of a single track under the UN auspices dedicated to the discussion on the ICT security in the context of international security. We support fostering an inclusive forum open for all proposals under respective thematic discussion. building upon the outcome of this OEWT, including the consideration of a legally binding instrument. Such approach underscores the importance of collective action as well as ensures that diverse perspectives are integrated into the creation of comprehensive and effective policy and set a robust framework for cooperation and accountability. I thank you.

Chair:
Thank you very much, Lao PDR, for your contribution. Nigeria, to be followed by Israel.

Nigeria:
Chair, my delegation will once again commend your stewardship and efforts to build a balanced outcome document. Nigeria views capacity building as a fundamental pillar of trust to build bridges between divergent capabilities in all fields of human endeavor. The same notion is applicable under the context of the OEWG, particularly in view of dynamic emerging technologies in the cyberspace. The benefits of modern technologies cannot be overemphasized amid the level of its application and implementation differs from country to country, as indicated in paragraph 4A. Likewise, the essentiality of sophisticated technological trends is developing as a lower space in developing countries, and declaring a call for developing a unique framework tailored for each country in accordance with its technological deficiency, which aligns with paragraph 48B. However, Nigeria wishes to stress that capacity building should course across all levels of officials with particular focus on working-level professionals who are key in policy formulation processes, among others. Nigeria aligns with paragraph 48I to continue to strengthen coordination and cooperation between states and interested stakeholders, particularly businesses, non-governmental organizations, and academia. particularly noting that the public-private partnership would aid funding mechanism for capacity building in developing countries. Finally, Nigeria would like to continue to work with other parties to build a permanent mechanism for capacity building within the cyber context. I thank you.

Chair:
Thank you very much, Nigeria, for your contribution. Before I give the floor to the next speaker, I want to express my deep gratitude to the interpreters for giving us a few extra minutes. And I thank them. They would have to leave now at this point, but we will continue with the remaining speakers’ list without interpretation and with your kind understanding and indulgence. My sense is that the remaining delegations are delegations that would not require interpretation traditionally speaking. So Israel, I hope you do not need interpretation, and with your understanding, I give you the floor. To be followed by Canada, which I hope would not require interpretation as well. Thank you for your understanding. Israel, to be followed by Canada. And Vanuatu after that.

Israel:
Thank you, Chair, for giving us the floor. We do not need interpretation. With no intention to undermine the high importance we all attach to CBMs and to capacity building, and their crucial role to our work, we wish to follow your request and concentrate our intervention only on the most important issues, those with high priority. And therefore, we will share now our positions on the regular institutional dialogue, including some remarks on the Annex C, elaborating the elements of the future permanent mechanism on IC security. Mr. Chair, Israel holds the position that it is important to continue conducting an inclusive and transparent global discussion on matters pertaining to security of ICTs and their use. The question of what should be the exact mechanism of such a regular institutional dialogue is directly related to its mandate, modalities and characteristics. We are of the view that for the sake of inclusiveness and effectiveness of such a dialogue, the framework for such a dialogue on ICT security should be inclusive, transparent and on a voluntary and non-legally binding nature. Any other type of framework carries the risk to alienate and drive away some of the relevant actors. In this context, Israel also believes that as cybersecurity and cyber resilience are key elements of state’s national security, it is essential that any future framework will be consensus-based. Like many of our distinguished colleagues have stressed before us today, any chosen institutional dialogue should be a single track, avoiding duplications or fora, fragmentations, and it should optimize the use of resources and maintain a practical and focused process. Like many others, we also anticipate that we might encounter some difficulties equally contributing and fully engaging with parallel and multiple processes and will have difficulties participating in multiple meetings throughout the year. Regarding the regular institutional dialogue and the elements for the future mechanism or a possible POA, we have persistently made clear that it is imperative all decisions on substantial matters in the new RID be taken based on the principle of consensus. This principle should apply both to the negotiation processes itself leading to the creation of such a mechanism as well as to the decision-making processes within the future mechanism. In this manner, we ask for the retention of PARA 5 as it is written now in REV 1. And make sure this principle is also applied to all decision-making processes on substantial and procedural matters alike. As cybersecurity issues have the potential to affect all states’ fundamental national security interests, we wish to see it clearly stated as part of the future permanent mechanism modalities. It is our expectation that this essentially and widely observed principle will be safeguarded in the APR text and later put into practice. We wish to join many Member States and support the merging of Para 8 and Para 9 and revising the language and reshuffling the order of some of the sub-paragraphs of Para 8 in a manner to better reflect the right priorities, as we see them, of any future mechanism, being the implementation of the existing framework of responsible state behavior in cyberspace and only then possibly identifying if there are any existing gaps before we turn to look into the development of new norms or even considering any new legally binding commitments. In conclusion, Mr. Chair, Israel continues to support the idea of the creation of a future permanent mechanism, but the way forward must base all decision-making processes on substantial matters in the process to, and within this future process, to be based on the principle of consensus and especially while discussing the modalities of such a mechanism. I thank you.

Chair:
Thank you very much, Israel. Canada, to be followed by Vanuatu. Thank you. Microphone for Canada, please. Canada, could you, yes, okay, yeah, thank you.

Canada:
Thank you, Mr. Chair. Fortunately, my intervention is written in one of two official languages. On CBMs, Canada welcomes the language highlighting our key achievements this year, which is the launch of the POC directory. We also agree that the operationalization of the POC directory should follow a step-by-step approach, and we consider this is the right approach also for other elements of the CBM organization. It is important overall that we continue to maintain a distinction between confidence-building measures, specific action-oriented defined activities intended to build trust, and efforts to build confidence, which is a more general goal, which arguably could be applied to all of the work of the OEWG. Canada is privileged to be part of CBMs in numerous regional organizations, and our experience in each one is to be effective, they must be carefully negotiated by states to ensure their buy-in and thus effective implementation. Canada therefore supports proposals on ensuring that CBM language reflects best practices, that more time is needed to develop any template, and that the value added of working on a national views on terminology is still unclear, and that we must ensure not to duplicate existing processes including cert-to-cert cooperation. On capacity building, Canada welcomes the reaffirmation of the importance of agreed cyber capacity building principles, as well as the call to continue to integrating gender perspective in our capacity building efforts. We agree that voluntary national assessments can be helpful to identify gaps and focus capacity building activities, so they are most fit for purpose. We welcome the proposal for a report on the UN portal on capacity building, to better elaborate how it could perform its functions in a way that is harmonized with other portals that currently exist. We would ask that it also outline any resource implications. On the proposal for a capacity building fund, Canada remains committed to providing capacity building and has long seen increased coordination of capacity building as a key element of any future mechanism. We agree, however, that the Secretariat report must precede the agreement to establish a fund with a focus on ensuring there is no duplication between the proposed fund and existing structures, including the World Bank and ITU. Again, this is good policy development. Canada supports the recognition of the value-added of stakeholders’ engagements in terms of capacity building in paragraph 48i and 53. In practice, a very significant portion of capacity building is provided through stakeholders. It makes sense, as they have unique expertise in this technical environment. Turning to regular institutional dialogue, Mr. Chair, and as said at the beginning of this week’s meeting, we’ve collectively covered a lot of distance since 2021. The pathway to establishing a solid future mechanism is a marathon, not a sprint. We reinforce our call for this body to focus on creating good policy. Any permanent body will outlive the short time most of us will spend focused on cybersecurity, and we must ensure that we leave behind a functioning multilateral body, not a collection of ideas that commanded consensus but is unworkable in practice. Our goal for this week, with you as our coach, must be to identify how far we are capable of running this year, and how much further we can run next year if given time to practice. We believe the core structure of the future mechanism should be achievable now. The function, scope, and high-level structure of a future mechanism fall into this category. Yet we are not certain we can achieve good performance if we are pushed too hard to sprint and agree all other RID issues this week. Rather, we should commit to work with you to agree a set of outstanding issues on which we will focus our efforts until the finish line of July 2020. 25. Turning to specific comments on the text proposed in your paper, Canada supports Australia’s proposal on Paragraph 1 of the document. We agree with the need to formulate better language on functions and scope, and could support the proposed US language. We strongly support references to the cross-cutting nature of the discussions in the future mechanism, including Paragraph 10. In terms of dedicated thematic groups, we agree they must all be cross-cutting and reinforce that they should adopt a virtuous circle process as laid out in Paragraph 14d. The topics of this group may not be an issue yet ripe for consensus in the text. We’ve also heard the concern about overburdening delegations with too many meetings, and this is something that we should carefully consider over the coming year. We would recommend the addition of the word substantive before decisions in the first sentence of Paragraph 20. With regard to the role of stakeholders, Mr. Chair, and as noted by my Chilean colleague, I am honored to deliver comments on behalf of both Canada and Chile. We are concerned that the paper does not sufficiently reflect the importance of achieving meaningful engagement between states and stakeholders. We recognize that getting this relationship right will take more time, and therefore propose that the paper reflect areas where stakeholders can contribute to the process while allowing us the coming year to negotiate modalities. Integrating examples of specific contributions made by the multi-stakeholder community would mirror the framing of Paragraph 7 on regional organizations. We must reflect that their contribution is meaningful and should be based on a principle of a voice, not a vote. As such, we propose the following changes. Paragraph 6 should read, states recognize that stakeholders, including businesses, non-governmental organizations, and academia, could continue to play an important role in supporting states in the implementation of the framework of responsible state behavior. States agreed to negotiate modalities of stakeholder engagement in the OEWG by July 2025 based on the principle of a voice, not a vote. Stakeholders would be invited to meaningfully contribute to discussions inter alia by sharing research and analysis on threats, making policy recommendations for further consideration by states, identification and provision of capacity building activities to address gaps, and organization of expert level briefings on technical issues. We would also propose to amend paragraph 11 to include the following language, insert meaningful between promote and engagement, promote and remove relevant before stakeholder. Add given their unique expertise and technical reality of cyberspace after the list of segments from the stakeholder community and begin the following sentence with, stakeholder contributions will be considered by states. As such, the amended paragraph 11 would read, the open-ended action-oriented permanent mechanism would promote meaningful engagement and cooperation with stakeholders, including businesses, non-governmental organizations and academia, and other international and regional organizations given their unique experience and the technical reality of cyberspace. Stakeholders contributions will be considered by states within the framework of an intergovernmental process, which the negotiation and decision-making are exclusive prerogatives of states. Finally, on stakeholders, as the intent of our proposals is to agree on specific modalities, ideally in the lead up to July 2025, Canada and Chile recommend the deletion of paragraph 12D in order to allow all stakeholder modalities to be developed in concert. Apologies for the length of this chair and we will provide these comments in writing. Thank you.

Chair:
Thank you very much, Canada. Vanuatu, you have the floor, please.

Vanuatu:
Mr. Chair, before I get to my intervention, I want to express Vanuatu’s thanks to the stakeholders who made substantive and helpful interventions. My delegation listened to them with great interest and are grateful to have their expertise in this room as we discuss the future of cyberspace. Please allow me to offer my delegation’s thoughts on intersessional meetings. There are very few delegations here who have traveled quite as far as Vanuatu, the Vanuatu delegation. To get to New York, I had to take three long-distance flights and two prolonged layovers. You can only imagine how expensive this trip was. For this reason, I believe Vanuatu is uniquely positioned to offer its views on the feasibility of intersessional meetings. We strongly support this process and believe that when states meet to exchange views, we can all have better outcomes. However, while many haven’t tied departments to cover cyber issues, we only have a few people. We cannot afford to neither figuratively or literally send them to New York every couple of months. Therefore, we suggest that if intersessional sessions are to be held, they could be held immediately before or after substantive sessions. This would reduce the burden on both our financial and human resources. Alternatively, and at minimum, these meetings should be held in a hybrid manner. Time zones will still remain an issue, as 10 a.m. in New York is 1 a.m. in Port Vila. We would also call on states to consider how the participation of delegates from small island developing states could be financially supported. This is also a core reason why Vanuatu is committed to a single track of cyber negotiations going forward. Thank you, Mr. Chair.

Chair:
Thank you very much, Vanuatu. I think those are very important points and I hope everyone was listening. I think it’s – I mean, as the process gathers momentum, there is a certain enthusiasm to have more meetings, but also not just enthusiasm, but good reasons to have multiple meetings to go deeper into some of the issues. But I think we need to be mindful that if this process is to remain inclusive, we need to move at a pace that’s comfortable to all, but also make a serious effort to include everyone in the process. And I think what you’re suggesting are ideas that are worth reflecting very seriously. Now, I have two requests from the OAS and OSCE. They have been asking the floor since yesterday. They are accredited observers at the General Assembly, so I’d like to invite them to make their statements now. But please, I would also kindly request that they be as brief as possible. Thank you very much. So we start with OAS, followed by OSCE.

OAS:
Distinguished Chair and delegates, I would like to begin by acknowledging the effort made during these sessions to be holistic on the many issues related to this topic. And on behalf of the OAS, and more specifically CICTE, let me express our gratitude for allowing us to have shared our experience throughout this process. Chair, the Americas is a region characterized by great diversity in terms of technical development, cyber threat preparedness, and resiliency. We know that to be effective, cooperation needs to happen regularly at levels national, bilateral, regional, and international, among all relevant stakeholders. More importantly, these same stakeholders need to work individually and collectively to translate words into action with timely, cost-effective, and practical measures to facilitate cooperation. Chair, we plan to only take the floor once this week, and please allow us to offer more general remarks related to capacity building, as detailed in the dedicated Section F. We note the references to capacity building is also in the overview section, and further note the reference to the role regional and sub-regional organizations could play. However, we would like to highlight that in these general references to the role that regional organizations and others could play in areas such as collaboration and cooperation, we would like to posit that as it relates to capacity building, there is a concrete role that could be included in the recommendations section to support U.N. member states. Chair, regional organizations such as the OAS have long acted as interlocutors for implementing U.N. mandates at the regional level, and for helping to ensure that member states are fulfilling their various international obligations. For example, OAS SICTE has a 1540 implementation program that provides assistance to countries in the hemisphere that request so, to comply with their obligations on Resolution 1540-2004 of the U.N. Security Council on Nonproliferation of Weapons of Mass Destruction to Non-State Agents. The 1540 committee chair recognizes the importance role of regional organizations for the effective implementation of that resolution. SICTE was also nominated as a hemisphere coordinator under an agreement that we have with U.N. ODA. Chair, as it relates to this current topic, the OAS and the U.N. has had a fruitful relationship on key cybersecurity issues. This is particularly true given the capacities we’ve had over the past 20 years and the implementation of activities with various UN bodies. Chair capacity building should take into account current threats as you’ve amply articulated under Section B Paragraphs 27. However, while we do acknowledge that not all regional organizations are completely representative of their geographical region, we do implore member states to recognize that where these competencies do exist within regional organizations, that capacity building is transversal and adaptable and an assessment of maturity level and absorptive capacity is best had at the regional level through these organizations. Chair the threat today will undoubtedly be different tomorrow and the need for continued information sharing can happen with multiple stakeholders through these regional organizations and competencies. We would like member states to acknowledge that this can be the baseline or rather springboard for the UN to be able to build the global collaboration that you are aiming to do. We would like to close, Chair, by stating that regional organizations such as the OAS will continue to work jointly on training, especially as it relates to cybersecurity with UN bodies such as UNIDIR, among others. We believe that the exchange of experiences, including the implementation of CBMs across regions and the facilitation of cross-regional dialogue could only benefit UN member states if these regional mechanisms are employed. Chair capacity building is not a new tool for areas covered under this committee. Now more than ever, however, we believe that greater consensus around how this could be implemented is needed. We value and appreciate the UN resolutions and other international instruments that continue to recognize the role of regional organizations and congratulate you again, Chair, for creating this important space and platform to share and coordinate in the area of cybersecurity. While we offer no specific language, we are suggesting, Chair, and reiterate our commitment to collaborating with the United Nations. to create a safer cyberspace. Thank you.

Chair:
Thank you very much, OAS, for your contribution. OSCE, please.

OSCE:
Thank you very much, Chair. First of all, thank you so much for all your efforts and for preparing the draft Annual Progress Report. We appreciate the references in the APR to the role regional organizations play in supporting the implementation of the UN Framework of Responsible State Behavior in cyberspace. When it comes to confidence-building measures, regional organizations, including the OSCE secretary that I am representing, have continuously shared their experiences on developing and implementing CBMs, in particular on managing a cyber point-of-contact network. Therefore, we appreciate that the contributions by regional organizations are recognized in the APR, including in the section on confidence-building measures. Regarding paragraphs 42E and, respectively, 46, on additional voluntary global CBMs, please allow me to share some of the OSCE’s experience in developing and implementing regional cyber CBMs. The OSCE started to develop regional cyber CBMs more than a decade ago and adopted its CBMs in two sets, the first containing 11, while the second containing five CBMs. While the development of CBMs within the OSCE was based on proposals by individual countries, OSCE participating states spent substantial time in discussing and fine-tuning the text of the cyber ICT security CBMs. The CBMs were discussed in the two sets in the dedicated OSCE working group. For each of these sets, the discussions took over one year until states were satisfied with the text. Only after this were the CBMs then adopted by consensus by all 57 OSCE participating states. In our experience, this process… helped creating ownership of CBMs by the states, which subsequently was essential for advancing the national implementation of these CBMs. Our experience within the OSC is that meaningful and practical implementation of the CBMs do not only contribute to reducing the risk of conflict stemming from the use of ICTs, but it is also an important tool to build capacities and strengthen national cyber resilience. To conclude, Chair, I would like to reconfirm the OSC Secretary’s continued support for your efforts and our readiness to continue sharing regional experiences. Thank you.

Chair:
Thank you very much, OSC, for your contributions. Distinguished Delegates, dear friends, I have no more speakers. I just wanted to make some brief reflections on the way forward. First, we have had a very, very rich and detailed discussions over the last two and a half days, with very concrete proposals, very thoughtful contributions, and it is very clear that each one of you have read the draft very carefully, or at least sections of the draft that are of direct importance to your delegation. So I want to, first of all, thank you for the manner in which you have engaged in these discussions through your very constructive engagement, very concrete contribution, and very thoughtful views. Thank you very much for that. Second, we have, since we began on Monday, gone through the Third Annual Progress Report, the Rev. 1, in a very careful manner, section by section, allowing everyone to express their views. I have… quite consciously avoided cutting off delegations so that you really have had the full opportunity to give your views. And that, indeed, is what we do at the United Nations, where everyone is allowed to express their views, everyone listens to each other, as I’m sure each one of you did, listening to each other’s views. Now, therefore, this first reading of the Third Annual Progress Report was very, very important for all of us to understand where we are, for all of us to understand how do we move forward, what is the next step we take. Now, in expressing your views, I think delegations put forward suggestions for additions, suggestions for deletions, suggestions for reinstating parts that were deleted in Rev. 1 but was in the Zero Draft. There were suggestions for combining elements, suggestions for streamlining, suggestions to redraft agreed language, suggestions to put in more agreed language. So there was a variety of suggestions that were put forward, and I need to reflect on all of them carefully, but it’s not just for me to reflect on what has been put forward as suggestions but for each one of you. And for everything that we include in a revised Third Annual Progress Report, we have to be guided by a few sort of underlying elements. First, any improvement must lead to, must get us closer to convergence. So, if, for example, there were proposals that specifically suggested language that was already contentious and not previously agreed, then, of course, it’s going to be challenging that the addition of such language would create or bring us closer to consensus. So there’s no magic formula in this, but there is, of course, an exercise of judgment on my part as to what could bring us closer to consensus, and consensus will require that the text be balanced. Naturally, each delegation was advocating its own point of view. Each delegation wanted to see more of what it preferred, more of what was in line with your vision or position on the different issues, and naturally, there were reactions by different delegations who either disagreed on some issues or put forward alternative or different proposals and visions of where we need to move forward. Having said that, I think there is a pathway forward to take some small steps on the range of issues that we have discussed in the last two and a half days, but the pathway is not a very large one. It’s a very narrow pathway because, frankly speaking, there was no seismic shift in the position of delegations. This may come as a shock to you because each one of you naturally would like to think that you have demonstrated the greatest of flexibility, and I do see expressions and demonstrations of flexibility for which I’m grateful. But every delegation wants others to be flexible while preferring to advance its own vision and position on different issues. But if 193 countries expected others to make demonstrations of flexibility, but in turn the delegation holds dearly to its own position and vision, then we are not going to get to common ground. But having said that, I think there were some demonstrations and signals of flexibility, which leads me to believe that there is a narrow pathway forward for us this week to take some concrete steps forward. What I found most gratifying was that across the board, every single one of you expressed your commitment to a consensus outcome. Every single one of you expressed your support for adopting a Third Annual Progress Report. So that is a huge, huge step forward for us as a process. And as a process, it is really important that we do adopt a Third Annual Progress Report and we adopt a progress report that allows us to take a small step forward, because that has been the nature of this process, incremental, step by step. We started this process many years ago, but this working group over the last two years has concluded its annual cycle by taking small steps. So I believe it is possible for us to take a small step. I believe there is a very narrow path that is open to us for us to proceed with the adoption. But this, of course, will require that the balance be found, but the balance will require also demonstrations of flexibility, because balance like beauty, I’ve said this before, balance like beauty lies in the eyes of the beholder. What is balanced for one delegation may be imbalanced for another delegation. And if each one of you think that the text is imbalanced, then perhaps we are balanced after all. Because a compromise or a convergence will have to satisfy everyone equally, but also in some ways not satisfy everyone to the extent that they would like. So, my friends, this is where we are after the first reading. According to the program of work, we are to begin the second reading of the draft third annual progress report. But naturally, you would agree with me that in order to do that, we need to have a revised third annual progress report in front of us. And I would need some time to digest what I’ve heard, 15 hours of very intense discussions, very concrete contributions. I certainly don’t need 15 hours to produce a revised text, but I would need at least a few hours. So it is my intention to cancel this afternoon’s session so that I have some time to prepare a revised text. It’s my hope to make available a revised text early this evening. Shall we say around 7 p.m.? I’m hesitating an estimation. Let’s call this a voluntary non-binding goal set by the chair around 7 p.m. to produce a revised text. And of course, we will send out an e-mail and send out messages to delegations. to give you a heads up once the document is circulated and tomorrow morning. It’s my intention that we meet at 10 a.m. and At that meeting naturally delegations will need more time to look at the text very carefully with a microscope with a magnifying glass But tomorrow morning at 10 a.m. I’d like to convene the meeting to present the revised text In a formal way and explain to all delegations What is in the revised text and what? We need to do collectively to move forward so with those General comments once again my deep deep gratitude to you for your very constructive Engagement constructive approach constructive tone and most of all your commitment to a consensus outcome This week, so I would like to adjourn this meeting Islamic Republic of Iran we have asked for the floor You have 30 seconds

Islamic Republic of Iran:
Thank you, mr. Chair for giving me the floor and sorry for asking for the floor But I would like to kindly request you mr. Chair to provide the next version of the APR in both clean and track change because we believe that this will help delegations to follow to recognize the change and Will help to delegations to review the text. Thank you so much

Chair:
Thank you very much Islamic Republic of Iran. I have to disappoint you the changes to such an extent in some sections may require merging and Rearranging that a track changes version is going to confuse you Will not be helpful and Microsoft is not able to keep up with all the track changes Edition and we have tried that before this is not a complaint against Microsoft But I think no program can help us do that So I think it’s also good that every delegation looks at the revised text with a fresh pair of eyes So, I’m sorry I cannot make life any easier for you. I’d like to, but one day AI will help us do that. Thank you. The meeting is adjourned.

Speakers

G

Global Cyber Alliance

Speech speed

162 words per minute

Speech length

450 words

Speech time

167 secs

A

AMCID

Speech speed

129 words per minute

Speech length

378 words

Speech time

175 secs

AA

Antigua and Barbuda

Speech speed

139 words per minute

Speech length

415 words

Speech time

179 secs

A

Argentina

Speech speed

143 words per minute

Speech length

1245 words

Speech time

521 secs

B

Bangladesh

Speech speed

146 words per minute

Speech length

550 words

Speech time

226 secs

B

Belgium

Speech speed

145 words per minute

Speech length

667 words

Speech time

276 secs

BF

Burkina Faso

Speech speed

129 words per minute

Speech length

454 words

Speech time

210 secs

C

Canada

Speech speed

165 words per minute

Speech length

1300 words

Speech time

474 secs

C

Chair

Speech speed

139 words per minute

Speech length

4017 words

Speech time

1729 secs

CH

Chatham House

Speech speed

154 words per minute

Speech length

454 words

Speech time

176 secs

C

Chile

Speech speed

147 words per minute

Speech length

791 words

Speech time

322 secs

C

China

Speech speed

135 words per minute

Speech length

218 words

Speech time

97 secs

C

Colombia

Speech speed

132 words per minute

Speech length

428 words

Speech time

195 secs

CI

Crest International

Speech speed

159 words per minute

Speech length

467 words

Speech time

177 secs

C

Cuba

Speech speed

126 words per minute

Speech length

477 words

Speech time

228 secs

CY

Cyber Youth Singapore

Speech speed

165 words per minute

Speech length

511 words

Speech time

186 secs

CD

Côte d’Ivoire

Speech speed

164 words per minute

Speech length

775 words

Speech time

283 secs

D

DGAP

Speech speed

179 words per minute

Speech length

467 words

Speech time

157 secs

DR

Democratic Republic of Congo

Speech speed

142 words per minute

Speech length

496 words

Speech time

209 secs

DR

Dominican Republic

Speech speed

144 words per minute

Speech length

754 words

Speech time

314 secs

E

Egypt

Speech speed

166 words per minute

Speech length

536 words

Speech time

194 secs

G

Germany

Speech speed

150 words per minute

Speech length

1059 words

Speech time

425 secs

HA

Hitachi America

Speech speed

116 words per minute

Speech length

334 words

Speech time

173 secs

I4

ICT 4Peace Foundation

Speech speed

161 words per minute

Speech length

483 words

Speech time

180 secs

I

India

Speech speed

153 words per minute

Speech length

392 words

Speech time

154 secs

IR

Islamic Republic of Iran

Speech speed

193 words per minute

Speech length

72 words

Speech time

22 secs

I

Israel

Speech speed

150 words per minute

Speech length

675 words

Speech time

270 secs

LP

Lao PDR

Speech speed

135 words per minute

Speech length

305 words

Speech time

136 secs

L

Latvia

Speech speed

170 words per minute

Speech length

501 words

Speech time

177 secs

M

Mauritius

Speech speed

131 words per minute

Speech length

794 words

Speech time

363 secs

M

Mexico

Speech speed

129 words per minute

Speech length

1071 words

Speech time

497 secs

M

Moldova

Speech speed

153 words per minute

Speech length

538 words

Speech time

211 secs

N

NAIIS

Speech speed

150 words per minute

Speech length

441 words

Speech time

176 secs

NZ

New Zealand

Speech speed

155 words per minute

Speech length

706 words

Speech time

273 secs

N

Nigeria

Speech speed

143 words per minute

Speech length

246 words

Speech time

103 secs

NA

Nuclear Age Peace Foundation

Speech speed

162 words per minute

Speech length

470 words

Speech time

174 secs

O

OAS

Speech speed

163 words per minute

Speech length

748 words

Speech time

275 secs

O

OSCE

Speech speed

156 words per minute

Speech length

387 words

Speech time

149 secs

P

Paraguay

Speech speed

144 words per minute

Speech length

448 words

Speech time

187 secs

S

Switzerland

Speech speed

164 words per minute

Speech length

1494 words

Speech time

546 secs

T

Thailand

Speech speed

146 words per minute

Speech length

501 words

Speech time

205 secs

U

Uganda

Speech speed

149 words per minute

Speech length

874 words

Speech time

351 secs

U

Uruguay

Speech speed

149 words per minute

Speech length

780 words

Speech time

314 secs

V

Vanuatu

Speech speed

135 words per minute

Speech length

310 words

Speech time

138 secs

WP

Write Pilot

Speech speed

126 words per minute

Speech length

385 words

Speech time

183 secs

YF

Youth for Privacy

Speech speed

200 words per minute

Speech length

451 words

Speech time

135 secs