Dedicated stakeholder session

OEWG session advances global cyber security with focus on confidence-building measures and international law application

The Open-Ended Working Group (OEWG) session on information and telecommunications in international security focused on several critical areas, including Confidence-Building Measures (CBMs), the application of international law to the use of Information and Communication Technologies (ICTs), capacity building, and the establishment of a global Points of Contact (POC) directory.

The session highlighted the importance of CBMs in fostering open dialogue and cooperation among states to prevent misunderstandings and reduce the risk of conflict resulting from cyber activities. The initial list of voluntary global CBMs was discussed, with an emphasis on operationalizing these measures through capacity building and the POC directory. There was a call for additional CBMs to be added to the list, focusing on transparency, cooperation, and stability to enhance ICT security and the peaceful use of cyberspace.

A significant milestone was the adoption of a common African Union position on the application of international law in cyberspace, demonstrating the possibility of achieving consensus among a large group of countries. The session saw cross-regional statements and national positions that built common understandings and showed progress in discussions on international law, including International Humanitarian Law (IHL), in the context of ICTs.

The establishment of the global POC directory was recognized as a key confidence-building measure at the global scale. The directory is expected to facilitate the application of other global CBMs, promote resilient and peaceful cyberspace, and support rapid crisis management and information sharing during cyber incidents. As of the session, 23 countries had nominated their POCs, with more expected to join.

The role of regional organizations in elaborating and implementing cyber CBMs was acknowledged, with the Organization of American States (OAS) cited as an example of successful regional cooperation. The OAS’s work on cyber diplomacy, including the designation of national POCs, was commended.

Capacity building was identified as a complementary aspect to CBMs, with a strategy needed to coordinate work with regional and sub-regional organizations. The involvement of multiple stakeholders, including academia, the private sector, civil society, and technical communities, was encouraged to leverage their experience and knowledge in implementing CBMs.

The session concluded with a recognition that building confidence is a long-term commitment that requires multilevel and multistakeholder engagement. The OEWG’s work on CBMs was seen as a continuation of the tradition of fostering cooperation, dialogue, and exchange of experiences to contribute to a secure and stable cyberspace. The session adjourned with plans to continue the discussion on the following day.

Chair:
And in accordance with the agreed modalities for the participation of stakeholders that we agreed to in April 2022, it’s my honor now to convene the dedicated stakeholder session. And as I said earlier this afternoon before we adjourned, I’d like to give stakeholders each an opportunity to make their statement within three minutes. And I kindly seek their understanding and cooperation. And I also invite them to make their statements available so that we can put it on the website and all delegations can have the benefit of the fuller intervention to understand the positions and contributions made by stakeholders. I have before me a list of stakeholders who have inscribed to speak. We have a list of 10 stakeholders, and we’ll give each one of them an opportunity, one at a time. So I start with the Center of Excellence for National Security, RSIS, National Technological University of Singapore, to be followed by Hitachi America. Center for Excellence of RSIS, you have the floor, please.

Center for Excellence of RSIS:
Thank you, Chair, for the opportunity to speak to the seventh substantive session of the Open-Ended Working Group. We also thank the Chair for continuing to hear input from all stakeholders, including those that have not been accredited at your virtual informal dialogue last week. And we hope that the useful stakeholder views that were shared with the Chair at the virtual informal dialogue can be shared with the wider OEWG as the Chair’s paper. We will make the following points based on the ongoing discussions this week, our experiences in capacity building in ASEAN with the UN-Singapore Cyber Fellowship, as well as other projects as a policy research think tank in Singapore. From the discussions this week, we agree that confidence-building measures are more important than ever. We agree with the Chair that these meetings are a form of CBM because of information sharing and greater transparency. And we’ve observed from these discussions that there are two areas where greater confidence needs to be built. One, critical information infrastructure or CII protection, and two, artificial intelligence AI threats vis-à-vis the use of ICTs. So first, for CII protection, we recommend engaging stakeholders like CII operators and practitioners. Compared to our work in assisting the review of Singapore’s Operational Technology Cyber Security Master Plan, we’ve observed the paucity of CII protection practitioners or operators at the OEWG formal and informal sessions. We know some states do engage their operators or practitioners domestically, but we recommend engaging them at a global level so the OEWG can benefit from concretely understanding the threats they are facing, then develop relevant, actionable and sustainable responses. Therefore, academic stakeholders like us are ready to help facilitate study groups or panels for states and CII operators on CII protection. The objectives can include capacity building for technical and policy experts, exchanging information on existing and potential threats to CII, and we believe this will be relevant to the agreements in the Second Annual Progress Report. paragraphs 12, 13, 17, and 23C. We also invite states to involve their CII operators and practitioners in the discussions at OEWG, the Global Roundtable on Capacity Building upcoming, and intersessional meetings in May, as this can benefit all. Secondly, for artificial intelligence, we recommend engaging relevant experts as well. We agree with Switzerland’s assessment that AI should be viewed in a balanced manner because it brings opportunities for developments and improvements in security, as well as threats. We echo Argentina’s call for a multi-stakeholder study group to help better understand the threat and opportunities in a balanced manner. Therefore, academic stakeholders like us are again ready to help facilitate study groups or panels for states and AI experts on the role of responsible state behavior in responding to artificial intelligence and other emerging technologies, like quantum. From my experience working with AI experts in AI governance projects in Singapore and in AI standard setting with ISO, we suggest there are three aspects where experts can help with capacity building for smaller states. One, cyber threats to AI system. Two, cyber and information threats enabled or enhanced by AI. And three, what might constitute responsible state behavior in respect of these threats? In conclusion, we, as part of the stakeholder community, reiterate that we are ready to collaborate with interested states and stakeholders regardless of accreditation status to help the OEWG deepen understandings and make informed decisions on the rapidly evolving threat landscape. We invite states and stakeholders to work together as a matter of priority, and we are here all week. We hope to engage with you. Thank you, Chair.

Chair:
Thank you very much, Center of Excellence for National Security, RSIS, from Singapore. I give the floor now to Hitachi America to be followed by Youth for Privacy.

Hitachi America:
Thank you, Mr. Chair, for continuous and inclusive stakeholder engagement with states. I’m honored to be here. First, new emerging technologies such as AI and quantum computing can be used positively or negatively. We need threat measures and risk assessment based on the human life’s impacts. For practical implementation against the supply chain and ransomware attacks, stakeholders can contribute protection solutions and tools working with the states, addressing the critical infrastructure by-product and the sector, addressing threat lifecycle, including backdoor detection, data integrity, emergency response, remediation, and improvements. Second, the draft checklist with 11 norms is very comprehensive and actionable to start with. Additional norms to consider includes continuous technology impacts to human lives and risks regardless of peace or wartime in such sector as healthcare, energy, and water. Thank you, a group of 13 countries, for sharing the working paper on application of international humanitarian law on March the 1st. to clarify IHL positive position further. Third, another suggestion on norm checklist is to clarify capacity building, spelling out. First, timely disclosure versus remediation, since automated threats can be exploited right after disclosure, which is related with the norm I and J. Second, coordination with regulation and compliance beyond the jurisdictions through international standard and certification in norm I. Fourth, about the capacity building, the best practice to protect critical infrastructure includes security by design and the default, zero trust architecture in every component of digitized supply chain from end to end, including hardware, software, firmware, IOT chips, and the cloud, data, human in the loop. Suppliers include small and medium-sized companies and the customers and the citizens. Finally, public-private collaboration, such as global round table is a great step up. Peace, safe, and resilient environment can be accomplished by working together with the trust. And supplemented by positive use of technology such as AI for civilization. Thank you, Mr. Chair.

Chair:
Thank you very much, Hitachi Marike, for your contribution. I give the floor now to Youth for Privacy to be followed by excellent safe PC solutions.

Youth for Privacy:
Dear Chair, Youth for Privacy is glad to be at the Open-Ended Work Group on ICTs today. Ever since we participated in the third Open-Ended Work Group, our organization has sought to present youth perspectives in these conversations on making the internet safe and secure for all. For our intervention today, we seek to highlight three points. First, the cybersecurity threats that we… we’re discussing today, are already affecting the most vulnerable, especially the youth. Young people like us might be familiar with the internet and use it the most. Yet, that also opens up us to be vulnerable to ransomware, deepfakes, and other attack vectors. Just consider the case of deepfakes. For young people going to school right now, there is a real possibility that your classmates might be making deepfake explicit images of you that are spread across group chats. These types of technologies, augmented with AI, are not limited to state sponsors’ behaviors. They already affect us all. It is with the importance of the youth perspective that we move on to our second point. Regarding the proposed permanent mechanism for ICT security, we recommend a possible area of thematic interest, youth. It goes without saying why we, as an organization called Youth for Privacy, care about this topic. Having a youth-focused thematic dialogue as part of the permanent mechanism will ensure that youth perspectives are systematically reflected. Finally, regarding capacity building, we highlight the need for educational programs that equip young people with the skills necessary to participate in and contribute to the digital economy safely and effectively. These programs should focus on cybersecurity, data privacy, and ethical considerations in the use of ICTs. In conclusion, incorporating youth perspectives in the guiding principles for the use of ICTs is not only beneficial, but essential for creating a secure, inclusive, and prosperous digital future. We urge all delegates to consider the voices of young individuals in your deliberations and to recognize their potential as partners in shaping the digital world. Thank you for your time.

Chair:
Thank you very much, Youth for Privacy. I agree with you that we certainly need to engage the voices of the young people in this process. Really appreciate your engagement and contribution. I give now the floor to Excellent, Safe PC Solutions, to be followed by Chatham House.

Safepc Solutions:
Thank you, Mr. Chairman, for giving me the opportunity to speak. speak, and to express my sincere and growing appreciation for giving the private sector stakeholders such as Safe PC Solutions the opportunity to share my feedback on some of the revised critical questions that you are asking. Are there any new developments or trends in existing and potential ICT threats which the OEWG should discuss in depth? In terms of new developments, we are currently implementing AI rapidly in 2024, be it Microsoft 365 Copilot Solution or READ.AI, which integrates with both Microsoft 365 and Google Workspace, as well as Google has come out with Gemini. During these implementations, the most important questions that CIOs and CISOs are asking us is governance as it relates to the security policies such as conditional access within these organizations because of the usage within AI. I want to emphasize AI is here, and it is not going anywhere. And we need to begin digging deeper in terms of the policies around that. The other question that you asked that was very important that we’re facing in the IT industry, of course, is supply chain. What are specific ways in which states can further strengthen cooperation to ensure the integrity of the supply chain and prevent the use of harmful hidden functions? Are there existing programs, policies that help promote the adoption of good practices by suppliers and vendors of ICT equipment and systems? Safe PC Solutions is currently researching and writing a white paper on how to identify risk in the supply chain of hardware and software. And we are rapidly doing the research due to the increased usage within AI. So in order for us to effectively identify risk in the supply chain hardware and software, we have developed a systematic process. And these key elements involve mapping the supply chain comprehensively, assessing the threat landscape, evaluating the likely impact of a risk scenario, prioritizing critical risk and developing mitigation strategies, and monitoring and reviewing the effectiveness of the risk management process. I would like to reiterate your suggestion that we need to collaborate with other stakeholders and produce a working paper on developing IT security risk and how supply chain within the ICT can assist with risk mitigation and possibly conduct a workshop to build a toolkit for UN member states. We have already started to partner with RightPilot to give us perspective on member states from the Middle East, but I open this up to other member states, I open this up to other stakeholders as well. Thank you so much.

Chair:
Thank you very much. SafePC, solutions for your contribution and also for your invitation extended to member states as well as to other stakeholders, I wish you all the best in your collaborative project. I give now the floor to Chatham House to be followed by Diplo Foundation.

Chatham House:
Thank you, Mr. Chair, for the opportunity to make a statement today. As many delegates have already articulated, the distinction between cybercrime and state-sponsored cyberattacks can be difficult to ascertain. Cybercrimes are rising to the level of national or international security risk or threat, and cybercriminal groups are working with state actors to deploy cyberattacks. Additionally, states sometimes overlook cybercriminal activity originating from their territories. This complexity is compounded by the commercialization and proliferation of high-end cyber capabilities and by the wide range of targets that are vulnerable to cyberattacks, whether politically or criminally motivated. Looking at critical infrastructure, for instance, the perpetrators of attacks on CI are not limited to states. As such, discussions on how to address these threats cannot be limited to forums which consider exclusively threats emanating from states. Another area of concern is the proliferation of commercial cyber intrusion tools. Recent efforts to build international collaboration on dealing with this problem, such as the Palmao process, are welcome and promising. Again, this is an area where the threats do not solely emanate from or affect states. Both CI and commercial intrusion tools are important parts of our discussion in this forum. They are also frequently discussed in the AHC process to develop a cybercrime convention. As AHC negotiations will likely continue into the summer, connecting various processes can lead to positive progress and coherence on how states and non-states can work together to deal with these issues. Many organizations are doing important work on connecting these forums and building the capacity and capability of stakeholders to contribute constructively to the shared goal of a peaceful cyberspace. For example, Chatham House co-drafted a paper with UNIDIR on understanding the intersections between ICTs, international security, and cybercrime, which we would, of course, recommend you read. Additionally, Chatham House is undertaking research on all of the issues I have mentioned previously. We have and continue to undertake research on the cybersecurity of nuclear infrastructure, for example. In collaboration with the Royal United Services Institute and with support from the UK Foreign Commonwealth and Development Office, we are undertaking research on what behaviors and values make the proliferation of commercial cyber intrusion tools possible and what efforts might be appropriate to curb this proliferation. And with support from the Netherlands, we are conducting research on how to operationalize the 10 Cyber Capacity Building Principles with a view to further advancing the framework for responsible state behavior in cyberspace. We hosted a consultation this morning, which we were grateful for your presence at, which gathered important insights, and we look forward to presenting this research in July later this year. Such research is an important form of capacity building as it builds our collective understanding of the intricacies of these matters. To conclude, threat perception, detection, and response are changing. Cybercrimes impact national and international security, and it is insufficient to conceive of it purely through a crime paradigm. So we encourage states to consider the importance of cross-pollination and coherence between various cyber processes, and to continue to underscore the importance of capacity building in ensuring broad and diverse participation and contributions to these discussions. Thank you, Mr. Chair.

Chair:
Thank you very much, Chetum House, for your contribution. Diplo Foundation, to be followed by Access Now.

Diplo Foundation:
Mr. Chair, distinguished delegates and colleagues, my name is Vladimir Radunovic. I represent Diplo Foundation, a non-profit educational organization supporting small and developing countries, as well as various stakeholders in industry and civil society through capacity building in cyber diplomacy, cyber security, and internet governance topics for about 20 years. Mr. Chair, we would like to reflect on some elements of the ongoing discussions in the Open Annual Working Group. In terms of the norms implementation checklist outlined in the second annual progress report, we suggest such a checklist to map the roles and responsibilities of both state and non-state stakeholders. The Geneva Manual, the most recent output of the Geneva Dialogue on Responsible Behavior in Cyberspace, established by Switzerland and led by Diplo Foundation, outlines roles that the industry, technical and open source community, civil society, customers, and users play in implementing the UN norms ING. These norms relate to the security of the ICT supply chains and the responsible reporting of vulnerabilities. Our further work, through an open dialogue with over 50 representatives of stakeholders and independent experts around the world, intends to map such roles and responsibilities related to the protection of critical infrastructure. Importantly, the findings also outline mutual expectations that stakeholders have from each other as well as from the public authorities to be able to fulfill their roles. We invite delegates to consult the Geneva Manual, also available on the Open Annual Working Group website, and encourage stakeholders to contribute to the Geneva Dialogue. In terms of capacity building, we commend the convening of a dedicated global roundtable on ICT security capacity building and the opportunity for all stakeholders to contribute to this important dialogue. We invite delegations to involve representatives of local and regional capacity building organizations and other relevant stakeholders whose contributions are essential for putting the principles defined by the Open Annual Working Group into practice and ensure capacity building is inclusive, holistic and neutral. Diplo Foundation has submitted its contribution to the mapping exercise and remains committed to supporting capacity building efforts, including at the upcoming global roundtable. Thank you for this opportunity, Mr. Chair.

Access Now:
Thank you for the opportunity to present our viewpoints and add to the significant expertise of this body, thanks to these regularly convened meetings. In 2024, we face a global context where the attack surface for cyber operations has increased, given the rapid, if far too unequal, digitization of our societies. The effects of malicious cyber attacks are also more significant from spyware and the targeted hack-by-hire operations that so many human rights defenders and journalists face to systemic efforts that target processes and institutions crucial to voting in this year of elections. We urge you to recognize the intersectional harms caused by malicious cyber threats. As we celebrate International Women’s Day later this week, we draw your attention to our most recent report on Pegasus spyware attacks published last month, which showed more than 35 people in civil society attacked, including a founder of a civil society organization aimed at empowering women in politics and an award-winning human rights lawyer who works to defend women’s rights, workers’ rights, and the freedoms of opinion, expression, and peaceful assembly. Such unlawful, targeted surveillance is made possible by the organized for-profit exploitation of cyber vulnerabilities in the global spyware industry. This constitutes a form of violence against women. We therefore urge the OEWG to explicitly name cyber mercenaries in the hack-for-hire industry generally, and spyware developers and operators in particular, as a key and existing and potential threat in its 2024 reporting, which all states are under an obligation to take. We need to recognize that the global hack-for-hire industry constitutes a threat to the stability of the Internet as a whole. We take note of the draft checklist prepared by the Chair and welcome efforts to responsibly advance upon the international consensus of past OEWGs. We draw your attention in particular to Norm E and Norm J on human rights and responsible reporting. In Norm E, we point to the insightful guiding question around what global or regional processes exist to address human rights. In this regard, we’re glad the Chair’s draft explicitly recognizes consensus principles advanced by the UN itself at the Human Rights Council and its resolutions on human rights on the Internet and right to privacy in a digital age. We recommend the checklist include a clear guiding question to states on how they implement these recommendations, and also look at the recommendations advanced by the Freedom Online Coalition’s 2014 Working Group on Cybersecurity. Norm J recognizes the importance of legal frameworks and protocols to enable reporting of vulnerabilities, as well as the need to protect researchers and penetration testers. This is how we form good-faith cybersecurity research. Finally, we invite you all to open accessible spaces, and those open to civil society as well as the private sector, such as our RightsCon Summit Series, which will next convene in East Asia in February 2025. These open discussions are a confidence-building measure. Thank you.

Chair:
Thank you very much, AccessNow, for your contribution. Center for International Law, to be followed by Nuclear Age Peace Foundation.

Center for International Law:
On behalf of the Center for International Law, we thank the Chair for this opportunity to engage in the discussions of the OEWG. The application of international law to the use of ICT by states and understanding how existing international law applies to cyberspace is critical in moving towards a shared understanding and ultimately to maintaining peace, security, and stability in the ICT environment. Converging on a common understanding of how international law applies will also illuminate gaps in the existing legal frameworks, if any, and how they may be addressed. Statements of national positions and interventions on international law in the OEWG thus far have reflected areas of consensus, such as the applicability of the UN Charter, as well as principles such as the use of force and the principle of non-intervention. These statements, as well as statements on how international law applies in the cyberspace, have been valuable in scoping the legal analysis and the landscape, both for what they say as well as for what they do not say, and signposting where my dialogue is needed. Turning to the question of emerging technologies, it is unsurprising that AI has featured predominantly in the discussions so far, given its transformative and disruptive nature, with both positive and negative effects. What does international law say about the deployment of AI of ICTs? International law is technology neutral, and as such already applies to scenarios involving the use of AI technologies. States are already bound by the existing treaties, customary law, as well as general principles of law. For instance, the principle of non-intervention requires states not to interfere in the internal or external affairs. This broad principle applies regardless of the means and methods used. Nonetheless, while principles of rules or principles are sufficiently general and flexible to respond to new technological developments, are there nonetheless unique features which require distinctions in how the law applies? How does the nature of AI technologies, particularly autonomous and generative AI, affect legal analysis, legal evidence collection and analysis, as well as legal attribution? How does the nature of AI affect the expected conduct of states to prevent or mitigate AI-enabled malicious cyber operations? This requires a thorough appreciation of the unique features of AI technologies, and unnecessarily requires a multidisciplinary and multistakeholder engagement to understand and better appreciate the unique specificities. In the discussions this week on potential existing threats, several delegations have also cited misinformation and disinformation cyber operations. Stakeholders can play an important role in catalyzing discussions of such emergent concerns. In this regard, the Center, the CIL, is supporting the American University, Washington College of Law, in partnership with other institutions, in convening the Third Annual Symposium on Cyber and International Law, with the specific theme of cyber and information conflict, the international law implications of convergence. Recent history has demonstrated that the advance of cyberspace has enabled and evolved the realm of information conflict with the attendant convergence of cyber and information operations. The symposium seeks to explore the implications of this trend, which raises critical questions across the spectrum of war and peace, including, among others, the law state responsibility and international human rights. We leave the rest of the statement for delegations to read, and thank you, Chair, for this opportunity to address. Thank you.

Chair:
Thank you very much, Center for International Law. I give the floor now to the Nuclear Age Peace Foundation.

Nuclear Age Peace Foundation:
Chair and distinguished delegates, my name is Stella Rose, and I’m a representative of the Nuclear Age Peace Foundation and youth advisor for Reverse the Trend, a youth initiative of our organization. I’m highly concerned about the continued evolution of ICTs and the possibility of cyber attacks of command and control systems for nuclear weapons. The OEWG must consider and examine the application of the UN Charter and international humanitarian law to the possibility of use of ICTs during armed conflicts. We must strive for a shared emphasis on the application of the tenets of international humanitarian law, including the distinction between civilians and combatants, the prohibition to attack those not directly engaged in hostilities, proportionality, and the prohibition to inflict unnecessary suffering. When ICT networks are the targets of cyber warfare, the vulnerabilities of security networks, hospitals, schools, water and electricity infrastructure are exploited to threaten civilian lives. Chair and distinguished delegates, in the nuclear age, cybersecurity is critical, not just for the sake of right to privacy, but for the safeguards of our weapon systems. In this regard, we cannot afford a misstep. The threat of nuclear war is subject to the sophistication of security systems that protect weapon softwares from hacking. These systems are fallible. Softwares for the most sophisticated institutions have endured continued breaches, relying on luck to prevent accidental nuclear weapon launches is a strategy which continually threatens our existence. For the sake of the greater good, we need to approach this challenge with vigilance, accountability, and transparency. Chair and distinguished delegates, as we further examine the importance of international humanitarian law within the cyber domain, the international community needs to take into account the views of young people. Young people, including myself, have grown up in the digital age and have unique skills that can help strengthen our common goal of creating a secure ICTs environment. In this regard, we are requesting that the global POC directory should include young people who have expertise and are deeply concerned about the potential malicious use of ICTs in armed conflicts. Furthermore, we are proposing capacity building efforts that allow for young people to be involved in enhancing and facilitating a broader understanding and analysis of ICTs challenges. Our inclusion and expertise will ensure a safer future that we will ultimately inherit. Only by working together can we create a better world, one that keeps humanity safe from existential threats and technological harm in times of war. Thank you.

Chair:
Thank you very much, Nuclear AHP’s Foundation, for your contribution. I give the floor now to the National Association for International Information Security.

National Association for International Information Security:
Mr. Chairman, thank you. The application of voluntary norms of responsible behavior on the part of states in the ICT environment includes very important points. We need to understand the interpretation of the norms on ICTs in order to expand the international regulatory system on ICTs. To implement the norms of state responsible behavior, we must create an appropriate international framework which establishes the elements of the international system and also includes bases for the conduct of international relations regulated under national laws. That can be applied in the framework of a convention on international information security, and that can help relations on ICTs and global data relations, a new space of international cooperation. It will be interesting in this context to discuss the regulation of situations in which there are disputes over ICTs, and the annual report indicates that non-binding norms allow the international community to evaluate the activities of states. Let us recall that in resolution 7323 of the General Assembly, an ICT activity being launched onto a territory is not sufficient in itself to call for action by that state. The illicit acts against states must be regulated, including in the context of problems of attribution and the nature of consequences. It is obvious that fundamental problems and the application of the rules having to do ICT responsible behavior of states include an assessment by states of those episodes, otherwise there will be no contribution to international peace and security. security. Artificial intelligence needs to be considered as well under ICTs. Important tasks for the international community ensures the responsible use of ICTs. This must be considered in the context. Thank you.

Chair:
Thank you very much, National Association for International Information Security for your contribution. I give the floor now to Paris Peace Forum.

Paris Peace Forum:
Thank you, Mr. Chair, distinguished delegates, Mr. Chair, allow me to first join my fellow stakeholders to reiterate our appreciation for your sustained efforts to ensure the participation of all interested stakeholders in the work of this open-ended working group during and outside the substantive session. We would like to focus our intervention on the commercial proliferation of cyber-intrusive and disruptive cyber capabilities and possible useful steps that states could undertake in the short term, which will actually build on remarks made by my colleagues from Chatham House and Access Now. Many delegations have acknowledged the worrying proliferation of intrusive and disruptive cyber capabilities on both underground and semi-regulated commercial markets, where they can be mobilized by malicious actors to conduct unlawful actions that may threaten international peace and security. Such a trend is empowering a growing threat landscape, both by increasing the number of threat actors across the globe and by complexifying the modalities of cyber attacks. On this important matter, the Paris Peace Forum wishes to commend the 25 states that united at the invitation of France and the United Kingdom last month with members of the stakeholder community to launch the Palmar process to tackle proliferation and irresponsible use of commercial cyber-intrusion capabilities. Such initiatives help draw in common understandings among participating states and can, in due course, inform the work of the OAWG by providing additional guidance for the implementation of the International Framework of Responsible State Behaviour and significantly norms I and J. In the framework of the OAWG and in line with your guiding questions, Mr. Chair, for the agenda items related to rules, norms, and principles, we would like to encourage states to share national positions on what they consider being a responsible use of commercially available intrusive and disruptive cyber tools, as well as to hackers available for hire. Such information would play a major role in strengthening cooperation to ensure the integrity of the supply chain and preventing the use of harmful hidden functions. From an international peace and security perspective, it would further clarify national doctrines in the recourse to cyber proxies, limit risks of misunderstanding, and contribute to avoiding unwanted escalation. I will finally mention that in line with Principle 5 of the Paris Call for Trust and Security in Cyberspace, the Paris Peace Forum will reconvene the Paris School Working Groups on Cyber Mercenaries and its network of expert stakeholders to focus on concrete use cases of responsible recourse to such technologies and services, as to inform state efforts in developing clear guidelines in this regard, in close cooperation with relevant intergovernmental processes and initiatives, and building on the outcomes that member states can read in the blueprint that you may find online. Thank you very much, Mr. Chair.

Chair:
Thank you very much, Paris Peace Forum. That was the last inscribed speaker from the stakeholder community. And I want to take this opportunity once again to thank all the contributions from the stakeholder representatives here today for your very thoughtful contributions. And I hope also that member states have listened carefully to your contributions. And I would encourage member states to also reach out to you, to each one of you, to discuss the issues that are before the working group, and see how you can also work together collaboratively, member states and the stakeholder community, in order to find common ground and take concrete steps forward. And of course, within the stakeholder community, I also would encourage you to work collaboratively with each other and put forward your ideas in a way that could feed into our work. And I find this ongoing discussion to be a very useful discussion. But more importantly, I think that the discussion and dialogue with the stakeholder community is here to stay as part of this process. And of course, as we think of a future mechanism, we have to see how we can not only maintain this aspect of the working group, but how we can make it better. So those are some comments that I wanted to share with you with regard to the stakeholder community session we have just had. Now it’s my intention to proceed to the discussion of the section on international law that we had started earlier this morning. And let me look at the speaker’s list from this morning. So we’ll continue with the speaker’s list and see how far we can go. We’ll start with Canada, to be followed by Germany. I’m not imposing time limits on member states. But once again, I ask member states making interventions on international law. law. To the extent possible, summarize your ideas, and feel free to circulate your more detailed statement to us, to the Secretariat, and we’ll put it on the website so it’s there for the record, but also it’s there for everyone to access and read. So, Canada, to be followed by Germany.

Canada:
Chair, Canada is pleased to speak to the topic of international law, an essential topic in our OEWG’s mandate. If you’ll allow me, Chair, two words. Momentum. Progress. Our OEWG’s momentum and progress on international law, in line with Resolution 75-240 and our past annual progress reports, should be captured in this year’s APR. This momentum and progress must be continued and reinforced for the remaining 15 months of our mandate. Our 2024 APR should record the increased quantity and quality of dialogue and exchange on international law amongst a growing number of Member States and members of the stakeholder community. Chair, we reaffirm here, but won’t reiterate, Canada’s views on the applicability of international law in cyberspace, which are well known, nor the growing consensus amongst Member States on elements of international law as captured in past reports. Similarly, we affirm, but won’t repeat here, our responses from December to your guiding questions, which we continue to see as very helpful and relevant. Nor, Chair, will we repeat our metaphor of building a birchbark canoe. Chair, more and more Member States are participating in our discussions on international law, in our open-ended working group, in numerous capacity-building activities, side events, and other discussions outside of the formal OEWG sessions. but which support our mandate and work. There are growing examples of cross-regional dialogue, exchanges, capacity building, and joint statements on international law, which as you have often noted, is necessary for our OEWG’s consensus and a confidence-building measure in itself. In that spirit, Canada aligns itself with the cross-regional joint statement on international law presented earlier today by Columbia. Canada is proud to support the cross-regional joint statement on internationally humanitarian law presented today by Senegal. IHL is clearly a topic that merits further focus in our APR and our ongoing work. And more states are publicly expressing their views through national statements, most recently, Czechia, and we congratulate them. Chair, Canada echoes the congratulations from others and commends the African Union and its member states on the development of their common African position, adopted by their Peace and Security Council, endorsed by their leaders at their summit last month in Addis Ababa. With one voice, Africa has made an enormous contribution to our OEWG’s work and dialogue on international law and cyberspace. Canada is honored to have been a partner in this process, supporting training for African officials and for their consultations at Addis Ababa and New York last year. In reviewing the common African position, Canada has identified many points of convergence with those put forward by a range of member states from many regions. This includes important affirmations on the importance of peaceful settlement of disputes, the applicability of international human rights law and of international humanitarian law, to name just a few. Canada, like others, is interested in. in learning more about the proposal in the Common African position for a possible UN General Assembly declaration on the application of international law in cyberspace. Chair, Canada expects the process that developed the Common African position may serve as a model and inspiration for other regions and sub-regions in developing their positions, and Canada stands ready to share our own experiences in support. For this year’s APR text, we suggest that references to national positions on international law be modified to national, regional, or sub-regional positions as appropriate. Chair, on your question of scenario-based discussions, we can only echo the chorus today of positive responses from all regions of the world, another point of consensus for our report section on international law and our ongoing work. The UNIDIR workshop last fall and several side events organized by cross-regional groups of member states, including this week, demonstrate the value of scenario-based discussions on select topics of international law and the significant appetite for such activities. Canada commends UNIDIR for its ongoing work on international law in support of our OEWG mandate, including continued capacity-building activities in the form of training workshops and structured support for the development of national, regional, and sub-regional positions on international law. We commend as well the ongoing work of the Organization of American States, cited earlier today by the representative of Chile. Chair, our OEWG’s commitment to focused discussion on select international law topics has proven very fruitful. We must continue this approach for the balance of our mandate. For our intersessionals in May, we would ideally devote two days to discussion of select international law topics. briefings by experts and group work on scenarios. If not possible in May, we should aim to program this later in the year or in 2025. We recognize the challenge for the current structure of the OEWG to provide for the more focused discussions on critical issues like international law, but we need these more focused discussions. Indeed, this challenge points to the essential need to build an action-oriented process with the capacity to develop topics in subgroups to study issues in details as part of a permanent follow-on mechanism to this OEWG, as foreseen in the proposal for a program of action. Chair, it goes without saying that capacity-building activities on international law and cyberspace should continue through the end of the mandate of this OEWG and beyond. In echoing Kenya, these activities should continue to be based on the needs identified by Member States and their own officials. Canada will continue to fund and support training courses for officials from Member States and to share our experiences on request, and we encourage all Member States to engage further in capacity-building activities on international law, which we have found to be mutually beneficial. Looking to the future, Canada believes that our OEWG’s APR this year and our final report next year can reflect the momentum and the progress on international law and the steady growth of our common understandings on the application of international law in cyberspace. And looking beyond our OEWG, dialogue on international law and accompanying capacity-building will certainly need to continue to be an important part of ongoing work at the UN. In this regard, the establishment of a program of action will enable us to maintain the momentum and progress on international law we have together created here in our OEWG. Thank you.

Chair:
Thank you very much, Canada, for your contribution and also for your reference to the Birchbark canoe. I am happy to note that the canoe is still afloat because we are all collectively in that canoe. So we have a responsibility to keep paddling and to move forward and not hit the rocks. So this is one of those discussions, international law, which has been a very challenging one right from the beginning. But you are right that we are getting deeper and deeper into the discussions and there is also different national positions that are being put forward and also sub-regional as well as regional positions in the form of the AU position, which really has given us a lot of material to reflect on, to look for commonalities and see how we can continue this discussion in a way that will contribute to our work in other aspects of the mandate. So once again thank you not only to Canada but to all of you because unbeknownst to all of you we are all in a very fragile canoe and I have said that we cannot take for granted the turbulent waters that we are navigating and so the canoe remains a useful metaphor for us. Who is next? Germany to be followed by Uruguay.

Germany:
Thank you Chair. Germany is in full alignment with the statement of the European Union and wishes to add the following remarks in its national capacity. Germany reaffirms its commitment to further advance the OEWG’s understanding on the outstanding issues on the application of international law and cyberspace. We therefore very much welcome deepening our exchanges under this agenda item today and during the dedicated discussions in the upcoming informal meeting. meeting in May. Leading this discussion here at the UN remains tremendously important because we strongly believe that the security risks of the cyber domain require a clearly defined joint understanding by all UN member states on the application of international law in cyberspace. Looking back at the discussions in this group so far, Jeremy notes an increasing convergence of states’ positions on the application of several key principles of international law, including adherence to the UN Charter, the sovereignty of states, the principle of non-intervention, and the prohibition of the use of force. These convergences, which are clearly evident in the respective statements of states, underscore a collective movement towards a consensus on the fundamental elements of the application of international law to the use of ICTs. The growing convergence of positions can also be seen in the many valuable contributions to the debate that have been published since the last session of the OEWG, and Germany would like to compliment the Czech Republic for having published their first national position paper last week. Germany would also like to commend the African Union for its recently published Common African position on the application of international law in cyberspace, which is an important step in broadening the discussion on the critical issue. With 55 states expressing their views on the application of international law in cyberspace is a decisive step towards clarifying the opinio juris of states in the field of international cyber law. Moreover, the work of the African Union in this regard demonstrates once again the important role that regional organizations such as the AU play in the work on cyber issues, including at the global level. It further underscores the importance of harnessing the regional experience at the UN level in our work within the OEWG. ongoing use of cyber means in international conflict. It is also important to further explore the rules of international humanitarian law in cyberspace. We see some progress in finding common understanding of the legal status quo in this area as well. As highlighted in the statement by our colleague from Senegal earlier, 13 states including Germany jointly submitted a working paper on the application of international humanitarian law to the use of ICTs in situations of armed conflicts. This is just one example showing that there is broad cross-regional acceptance of the position that international humanitarian law and its core principles are fully applicable to the use of ICTs. Additionally, Germany agrees with other states that scenario-based discussions also provide a pragmatic way to deepen our understanding of the application of international law in cyberspace and to build important national capacity in this regard. In our view, such scenario-based discussions could be held on the margins of a formal or informal working session of the OEWG. Germany had an excellent experience with this mode of implementation in the informal working group format within the OSCE. Lessons learned from the UNIDIR initiative titled application of international law to the behavior of states in the use of ICTs and other initiatives could also be utilized in such a format. While we have seen remarkable progress in the clarification of international law on the use of ICTs in the course of this working group, we believe that the issue deserves even more attention. In this regard, Germany would welcome the opportunity within the OEWG to facilitate a broader and more substantive discussion on this topic. For example, one of the next sessions of the OEWG could have an explicit thematic focus on the area of international law. Finally, Germany would like to reiterate the important work of civil society actors in shaping international law in the cyber domain. participation in this debate enormously enriches the discourse on international law in the cyber domain. Thank you, Chair.

Chair:
Thank you very much. Germany, Uruguay, to be followed by Vietnam.

Uruguay:
Thank you, Mr. Chairman. Uruguay joins in the statement made by Colombia on behalf of a group of countries. I take this opportunity to thank all delegations participating in the event which took place this morning together with Australia and the Philippines on the application of international law in various scenarios. First of all, we wish to highlight the report by UNIDIR on international law and the conduct of states on ICTs, which summarizes the conversations of 15 November 2023 in Geneva, where once again we recognize the importance of the principles of sovereignty, noninterference, prohibition of the use or threat of use of force, and peaceful settlement of disputes, which my country supports and promotes multilaterally. These principles, together with good faith in relations among countries, are central to the maintenance of international peace and security. Uruguay also understands that the obligation to preserve the confidentiality and protect information with a focus on the human rights of the individual must guide the actions of states. Mr. Chairman, Uruguay has a broad normative framework on cybersecurity, which include activities by our CERT and the protection of data of individuals. For my country, it is essential to make progress at the national as well as multilateral levels with regard to protecting the individual in the cyber domain. Uruguay believes that the The protection of human rights and fundamental freedoms must direct our discussions on this pillar. We also believe that international humanitarian law applies to cyber activities in armed conflict. And in this framework, we reaffirm once again the importance of the peaceful settlement of disputes in accordance with the mechanisms in the UN Charter. In this regard, we welcome Norm F, which states that no state should conduct ICT activities which run counter to the obligations entered under international law, especially as regards impacts on critical infrastructure. Mr. Chairman, on the formal work being done by the Working Group in this segment, my delegation supports organizing exchanges on international law with experts on the subject. We hope that there will be discussion groups based on possible scenarios – several delegations have referred to this today – that we can face as an international community given the malicious use of ICTs. And this has been expressed in – this was expressed in our statement by the distinguished colleague from Colombia. We trust that you, Mr. Chairman, will coordinate this type of forum when you deem it relevant. We also reaffirm the importance of including in a future permanent mechanism groups, capacity-building groups relating to international law, as well as the organization of training which may be conducted by UNIDIR, taking into account the mapping exercise which has already taken place and the complementarity with regional bodies which also vie for a more secure ICT environment such as that in the OAS. My delegation would like to highlight the important importance of linking this discussion with SDG 16, since the building of peaceful, inclusive and just societies is a commitment we have all taken on, and it is related to the promotion and respect of international law. In the present context, high levels of insecurity must be countered by strengthening the rule of law and promoting human rights, as we have stated. Thank you.

Chair:
Thank you very much. Uruguay. Vietnam, to be followed by United States. Vietnam, please.

Vietnam:
Thank you, Chair. Thank you for giving us the floor again to share our views on how international law applies to the cyberspace. Members of this working group have on many occasions reaffirmed that international law, including the UN Charter in its entirety, applies to states’ conduct in cyberspace. For Vietnam, international law helps to prevent and reduce interstate conflicts, govern states’ behaviors, and maintain international peace and security. Mr. Chair, I would like to express our strong support for the early completion of the draft Convention on Countering the Use of ICTs for Criminal Purposes. Recognizing the ever-growing threats posed by cybercriminal activities, the development of such a comprehensive legal framework provides a basis for harmonizing laws across nations and enhancing cooperation in investigating and prosecuting cybercriminals. It is equally important that the first UN Treaty on Countering Cybercrime will help enhance the understanding of the international community as a whole on how international law really applies to the cyberspace, in particular, how far states may lay their claims and enforce their access to the massive global ICT and data storage infrastructure, as well as the conditions for states to share the other resources of cyberspace, like technical expertise and data flows. Mr. Chair, the first-ever negotiation of a UN cyberconvention has enabled a large number of states to start policing and enforcing their domestic digital sphere. In safeguarding the nation’s domestic digital sphere upon which states may exercise its self-determination, it is our understanding that the principle of non-intervention will require every state and their official organs, entities, or persons, such as embassies, consulates, ambassadors, or high offices, to restrain from any efforts or attempt to influence the domestic public discourse of other countries. In the age of very large platforms, such restraint should apply to the above-mentioned officially verified accounts. Mr. Chair, furthermore, in acknowledgement of the rapid advancements of technology, we urge the international community to embark on early discussion on the establishment of a United Nations International Legal Framework for the Governance of Artificial Intelligence and Other Emerging Technologies. The transformative power of AI presents both unprecedented opportunities and potential risks that transcend national boundaries. As we navigate the complexities of the digital age, it is imperative that we establish a robust legal framework that establish guidelines for the responsible and ethical use of technology and promote peace, security, and cooperation among nations. But as far as we are well aware, the UN process would certainly take time to embark on any new topic or idea. In the meantime, every state should reserve its sovereign right to protect the integrity of its domestic digital space in the face of the massive private development of generative AI systems, which may or may not have put in place sufficient guardrails or safeguards to ensure individual rights, protect personal identities and intellectual properties, as well as enforce state policies. Last but not least, we hold a view that the application of international law in cyberspace is essential for promoting a safe, secure, stable, resilient, and ethical digital environment. It requires global collaboration and ongoing efforts to adapt legal frameworks to the dynamic nature of technology and cyber threats. And as already mentioned, we know this is a learning process for all of us, and we learn it together both easy and hard ways. Thank you, Chair, for your kind attention.

Chair:
Thank you very much, Vietnam, for your statement. You’re absolutely right that it’s a learning process for all of us. I feel like I’m in law school now. I feel like a student back in law school because all the different contributions that you are making is very, very thoughtful. And obviously, your lawyers have gotten involved along the way in drafting some of the statements, so it has been very useful just listening to the different statements and the different points of view. And I think it’s also equally important that you listen to each other as well. I give the floor now to the United States to be followed by Sri Lanka. United States, please.

United States:
Thank you, Chair. In response to your first guiding question, the convergence among states as to how international law applies to the use of ICTs only continues to grow. The African Union’s adoption of a common African position on how international law applies to the use of ICTs in cyberspace is a particularly notable demonstration of convergence on international law. The fact that 55 member states were able to reach consensus on a position paper on how core international law rules and principles apply in cyberspace is a significant achievement. We look forward to supporting AU member states as they develop national position statements, as the common African position exhorts them to do. We also welcome the Czech Republic’s recent publication of its national statement, as well as the two joint statements on international law delivered by Colombia and Senegal on behalf of cross-regional groups of states. These position statements and OEWG interventions, along with the many that have been made previously, reflect an undeniable process of convergence in states’ views on how core international law rules and principles govern state conduct in cyberspace. States are articulating their belief that they are constrained by existing international law in their use of ICTs, and their expectation that other states will abide by their existing international legal obligations when they use ICTs. Those states that continue to deny this convergence, or claim that it is impossible to apply existing international law to cyberspace, or have accountability for state conduct in cyberspace, do so for their own political reasons. The fact that one of the loudest voices claiming that there can be no accountability in cyberspace is a country currently engaged in kinetic and cyber warfare against one of its neighbors, should speak for itself when it comes to the good faith of these arguments. This self-interested messaging should not deter us from continuing to work together to bring ever greater clarity on states’ views on how international law applies to the use of ICTs, and to further develop common understandings on this vital question. ICTs are currently being used in armed conflict by states engaged in hostilities. The OEWG should be prioritizing its discussions on how IHL, including the principles of distinction, necessity, proportionality, and humanity, applies in cyberspace. Engaging on this question will promote international peace and security by providing additional clarity on how IHL regulates state conduct in cyberspace, including the legal constraints on when states may resort to force, furthering the ultimate goal of IHL, which is to mitigate human suffering. The paper on IHL presented by Senegal, on behalf of a cross-regional group of states, is an important contribution toward deepening our discussions on this topic. Scenario-based discussions can be a useful and effective tool for states to think through and develop their views on international law. They have the potential to foster constructive dialogue and permit states to go into greater detail than they can during general plenary sessions. Last week, the OAS and UNIDIR hosted a regional scenario-based workshop in Washington on the framework of responsible behavior in cyberspace that included discussions of norms in international law. And Australia, Colombia, and the Philippines hosted a similar discussion this morning. I applaud these and other efforts to promote scenario-based discussions and suggest that the Chair consider posing scenario-based questions to focus future OEWG interventions on international law. For many states, developing views on how international law applies to cyberspace first requires capacity building for lawyers on international law and possibly also on Internet fundamentals and computer networking terminology. The United States has long supported capacity building on international law. As mentioned in December, we have signed a cooperative agreement with UNIDIR to fund training on the framework, including international law, how it applies in cyberspace, and how countries can develop national positions on this issue. The cooperative agreement also includes funding for in-country assistance by UNIDIR for countries drafting these national positions. Recognizing that some capacity building occurs through exchanges of views on international law in the OEWG and on its margins, we note that it can be prohibitively expensive for many states to send legal experts to New York for one relatively brief agenda item, especially when these experts may be responsible for a wide range of legal issues. Longer sessions for focused discussions on international law would enable greater participation by experts from all states in this important conversation, as would permitting hybrid participation in informal intersessional meetings. Finally, as Japan and others have noted, the more flexible and action-oriented platform offered by the Future Program of Action will be well-suited to scenario-based and other detailed discussions of international law, as well as further development of common understandings of how it applies to states’ use of ICTs. We look forward to more inclusive discussions on this topic in the future. Thank you, Jim.

Chair:
Thank you, United States. Sri Lanka to be followed by Czechia.

Sri Lanka:
To remind you that you and I both are victims of a jealous mistress and that’s the law. You have asked a very pertinent question as to whether there are unique features related to the use of information and information technology or communications technology that requires a distinction to be made in terms of how international law applies compared to other domains. The answer simply is in the affirmative, and permit me to offer a few points for the consideration of this distinguished assembly. Let me deal with territorial boundaries, the most obvious one. The first and most troublesome distinguished feature, perhaps, ICT allows for seamless transfer of data across national borders, making it challenging to determine jurisdiction and apply traditional territorial principles of international law. How do we resolve it? Secondly, the use of ICT introduces new legal challenges in addressing cybersecurity threats and combating cybercrime. International law needs, I say, to adapt to address these emerging issues effectively. Thirdly, with the proliferation of ICT, the collection, storage, and transfer of personal data has become more complex. International law, such as the General Data Protection Regulation, as we know, was enacted to safeguard privacy rights and regulate data processing, a matter that needs careful consideration. Then the troublesome aspect of state responsibility. With the proliferation of ICT, ICT enables state-sponsored cyber activities, such as cyber-sewerage or cyber-attacks. Determining state responsibility, therefore, for such actions and establishing appropriate legal consequences, I say is a unique challenge in the application of international law. The next I can think of is Internet governance. The decentralized nature of the Internet requires international cooperation and coordination in addressing issues of Internet governance, including domain name management. …internet protocols, and content regulation. So these are a few examples of how unique the features are… …and why ICCT necessitates a distinct approach to international law compared to other domains. The other aspects obviously are things like the digital divide, cross-border data flows, intellectual property rights. Now in the case of intellectual property rights, we know that ICT has made it easier to copy… …easier to distribute, easier to modify digital content, posing challenges to traditional intellectual property regimes. International law such as the World Intellectual Property Organization treaties… …addresses issues related to copyright, patent, trademarks in the digital area. Now these treaties must be encouraged. Then I get to internet freedom and human rights. The use of ICT has both facilitated and challenged the exercise of human rights online. There’s no question about it. Quite frankly, we have no control over it. International law recognizes, therefore, the importance of protecting the freedom of expression… …privacy, and other fundamental rights in the digital realm. Then we have state sovereignty in cyber operations, jurisdictions and cross-border disputes, international cooperation. So these are some aspects, Mr. Chairman, that highlight the unique feature of ICT and their implications. Now let me very quickly address the aspect of gaps in how international law applies to the use of ICT. Now these gaps are due to, obviously, due to the rapid advancements of technology. Let’s look at the jurisdictional challenges which I alluded to before. Determining jurisdiction in cross-border cases involving ICT can be very complex. Different countries may have different laws and regulations, making it challenging to enforce international legal standards consistently. Bridging this gap, I say, requires enhancing international cooperation, harmonizing laws… …and establishing mechanisms of resolving jurisdictional disputes. Then we have the aspect of the global nature of cyber threats, which requires a coordinated international response. Bridging the gap in cyber security and cyber crime enforcement involves strengthening international legal frameworks… …promoting information sharing and capacity building, and fostering cooperation among states… …law enforcement agencies, and international organizations. I have dealt with the aspect of state responsibility, and I can emphasize it once more. Privacy and data protection, internet governance, capacity building, which we will deal with tomorrow, international cooperation. Now bridging these gaps requires a multifaceted approach that involves legal, technical, and policy measures. Now we also, at the same time, must remember that there’s an urgent requirement for the harmonization of laws… …and the development and implementation of international treaties and agreements that play a crucial role in bridging gaps in international law… …enhancing international cooperation, and so on and so forth. So there are several approaches to bridging these gaps, which I will not allude to due to the constraints of time. I’m compelled, this morning, having listened to one of the distinguished delegates, to speak a word on the application of IHL. Mr. Chair, international humanitarian law, also known as the law of armed conflict, primarily governs the conduct of armed conflict… …and the protection of individuals affected by such conflict. Now while IHL does not directly apply to ICT law, as a separate and distinct legal framework, certain aspects of IHL can be relevant, I say, in the context of ICT. During armed conflict, ICT plays a significant role in modern warfare, including in areas such as cyber operations, information warfare, the use of autonomous weapons. In these situations, IHL principles, such as the principles of distinction, proportionality, and precaution in attack, may be applicable to the use of ICT in armed conflict. It is worth, I say, noting that the legal framework governing ICT primarily falls under international law, including international human rights law, international criminal law, and international law on state responsibility. So while IHL principles may apply in specific situations involving armed conflicts and ICT, they should be interpreted and applied in conjunction with other applicable legal frameworks. So in summary, IHL does, although it does not directly apply as a separate legal framework, certain aspects may be relevant in the context of ICT during armed conflict, or in situations where cyber operations and attacks are conducted as part of armed conflicts. I thank you, Mr. Chairman.

Chair:
Thank you very much, Ambassador Sri Lanka, for your statement. And I know that you bring to bear through this statement of yours all your vast experience as former Attorney General of Sri Lanka and, of course, on the bench of the Supreme Court as the Chief Justice. Thank you very much for your presence and your participation. I give the floor now to Chekia, to be followed by France. Chekia, please.

Czechia:
Thank you, Mr. Chair. Mr. Chair, distinguished delegates, the Czech Republic aligns itself with the EU statement and wishes to deliver additional comments in its national capacity. Mr. Chair, at the outset, we wish to extend our gratitude for providing us with your targeted guiding questions well in advance, allowing us ample time to elaborate on our thoughts. Also, we are pleased to inform you, as you may have already heard today from several colleagues, that last week the Czech Republic has published its national position on the application of international law in cyberspace. Mr. Chair, in recent years, we have witnessed a significant increase in the interest concerning the applicability of international law in cyberspace. Over the past months, with a growing number of states expressing their positions and numerous other initiatives underway, a notable convergence in understanding has emerged. This convergence not only relates to the interpretation of specific provisions, such as non-intervention, the prohibition of use of force, and the obligation to settle disputes peacefully, but also extends to discussions about due diligence and international humanitarian law. Capitalizing on this momentum has resulted in substantial advancements in this area. In light of these developments, we commend the African Union for publishing their common position on the applicability of international law to cyberspace, a significant contribution towards achieving a common understanding. In this context, the Czech Republic supports the joint statement delivered today by Colombia on behalf of Australia, Colombia, El Salvador, Estonia, and Uruguay. Furthermore, we anticipate that the joint statement on international humanitarian law presented today by Senegal on behalf of a cross-regional group of states, including the Czech Republic, will spark more substantial and detailed discussion on IHL. We believe this contribution, together with a side event on protecting civilians against digital threats during armed conflict, co-facilitated by Brazil, Switzerland, and the ICRC yesterday, will foster a deeper understanding of IHL applicability in cyberspace, significantly contributing to the ongoing dialogue. Chair, in light of the growing number of malicious activities conducted by non-state actors in cyberspace, and possibly a viable answer to one of the questions raised today by Uganda, we would also like to reiterate the importance of due diligence, as it applies in particular to activities of private individuals that violate the rights of other states, when harmful activities cannot be attributed to a particular state in accordance with the rules governing state responsibility or where only insufficient proof for such attribution exists. In our view, due diligence requires states to take all reasonable and feasible measures concerning activities in cyberspace falling under their jurisdiction. Thus, every state has an obligation to act against unlawful and harmful cyber activities emanating from or through its territory, provided that it is aware of or should reasonably be expected to be aware of such activities. In this regard, it is important to stress that we understand due diligence as an obligation of conduct, not of result. Therefore, as long as a state takes all reasonable measures in accordance with the due diligence obligation, it cannot be held responsible if it is unable to prevent, mitigate, or terminate wrongful cyber activities launched from or intransiting through its territory. Mr. Chair, addressing your second question, there are indeed unique features related to the use of ICTs, such as the borderless nature of cyberspace and rapid technological development. While these unique aspects prompt discussions to find a common understanding of how international law applies to the specifics of cyberspace, it is crucial not to misconstrue them. International law applies in cyberspace just as it does in other domains. Regarding your third question, the Czech Republic finds it premature to delve into discussion about bridging gaps in how international law applies to cyberspace. We are of the opinion that we are not yet in that phase of the conversation. Instead, our focus should be on encouraging more states to participate in the dialogue, thoroughly examining all perspectives on the matter, and determining if this process reveals any potential gaps in our common understanding. Concerning scenario-based discussions within the OEWG framework, we believe that dedicated sessions with extended time for such discussions, including experts’ input, could prove particularly beneficial for engaging in more profound discussions on concrete provisions. These hypothetical scenarios can assist states understand their perspective, interpretation of practical application of concrete international law provisions in cyberspace, reducing the risk of misunderstanding between states as they gain deeper insight into each other’s interpretations of such provisions, bringing us closer to reaching common understanding. The UNIDO workshop conducted last November, titled The Application of International Law to the Behavior of States in the Use of ICTs, serves as an excellent example of how such discussions could be conducted. Another exemplary instance is a series of workshops organized by NATO, CCDCOE, and Estonia, offering a combination of expert briefings followed by scenario-based discussions, bringing together participants from both governmental and academic spheres, resulting in a compendium titled Talent Workshops on International Law and Cyber Operations. This morning’s side event, International Law as an Effective Toolkit, co-organized by Australia, Uruguay, and the Philippines with cross-regional participation of both legal and policy colleagues that allowed us to discuss specific rules applicable to provided hypothetical scenarios, is another valuable contribution to our deliberations. The scenarios available in the Cyber Law Toolkit, as mentioned earlier by the Philippines, could be another source to leverage. Building upon this, we could further leverage the insights gained from the commendable initiative of the Ministry of Foreign Affairs of Mexico, Temple University’s Institute for Law, Innovation, and Technology, and Microsoft that culminated in a comprehensive compendium of views titled Advancing Opportunities and Responsibilities for a Peaceful, Safer, and Rights-Respecting Cyberspace, accompanied by a follow-up discussion held yesterday morning. Mr. Chair, the Czech Republic believes that a program of action could in the future serve as a platform to continue our discussions. In conclusion, we would like to reiterate our support and commitment to this OEWG. Thank you.

Chair:
Mr. President, Mr. Chairman, my delegation would like to align itself with the European Commission on International Law, and I certainly hope that more countries would do so, because that will contribute to our collective understanding and introduce greater understanding and transparency in how each of us look at international law and how it applies to the domain of ICT. Thank you for that, Czechia. France, to be followed by the Syrian Arab Republic. France, please.

France:
Mr. President, Mr. Chairman, my delegation would like to align itself with the statement delivered by the EU. We’d like to make the following comments in a national capacity. France, first and foremost, would like to reiterate the importance of international law and the fact that it is fully applicable to cyberspace and to the use of ICTs. Our discussions on this topic at the latest December session were very substantive. We’re delighted that discussions are ongoing, especially as regards International Humanitarian Law, IHL. France has regularly had an opportunity to reiterate that IHL does apply to all cyber operations undertaken within the context of armed conflicts or related to such conflicts. On this note, the working document on the application of International Humanitarian Law put forward by Switzerland and the joint statement put forward by Senegal from 13 states across from different regions have vocalized attention on this topic. We invite all delegations to partake in exchanges on the modalities of applying IHL in cyberspace. France stated its national position on IHL applicability back in 2019. Since then, we’ve been encouraging the crafting and presentation of national and regional positions on the use of ICTs under IHL. On this note, we welcome the adoption of a common African position on the application of international law in cyberspace and the presentation of a Czechist position. Last week, at the UNIDIR workshop which took place in January, a number of states, including France, highlighted the fact that sharing national positions was a way of garnering consensus and ensuring mutual understanding between states. Furthermore, we partook in recognizing the full applicability of international law to cyberspace and the use of ICTs. We hope that the fact that UNIDIR will be holding workshops for states which haven’t yet come up with national positions will help to share best practices and increase the number of states involved as well as the geographical representation of the national positions which have been published. France would like to welcome and align itself with the joint statement delivered by Colombia, Australia, El Salvador, Estonia and Uruguay on language that has garnered consensus. This is language on international law. In our view, this work stream is particularly important as it stresses the progress that’s already been made in our discussions and shows, as we’ve seen during previous exchanges, that there are many points of convergence among states. On these areas of convergence, when it comes to states considering the applicability of IHL to cyberspace and given the principle of the peaceful settlement of disputes, as well as the principle of non-intervention and the non-use or threat of use of force, given all these principles, we believe that crafting new legally binding norms at this stage would be premature, although we’re not excluding the possibility. Nonetheless, discussions within the OEWG or specific workshops, such as the One Unity organised in November of last year, such discussions do demonstrate that discussions involving states should continue as we could further pinpoint how this could apply in cyberspace. With this in mind, we are very much in favour of exchanges and discussions, specifically scenario-based discussions within the OEWG, so as to achieve substantive progress involving all states. Indeed, scenario-based discussions would help us to delve deeper into certain aspects of the law and to make tangible progress. The peaceful settlement of disputes, sovereignty and international humanitarian law is something we’ll be focusing on, drawing on the practices I just mentioned earlier. Mr Chairman, I’d like to link this aspect of our work to capacity building. We’ve seen this as all states within this discussion, their participation has been vital as it helps to beef up international cooperation. Capacity building activities should therefore contribute to states formulating and updating their national doctrines on the applicability of international law in cyberspace. As this is going to be a long-term project, this priority needs to be recognised in future mechanisms, action-oriented mechanisms, which is something the OEWG will be doing going forward, including 2025. Thank you very much.

Chair:
Thank you very much, France, for your contribution. Syrian Arab Republic, to be followed by Spain.

Syrian Arab Republic:
Thank you, Mr Chairman. Mr Chairman, we’ve made progress in our discussions on international law. However, to date, we do not have a clear joint grasp on the application of international law, specifically the UN Charter, in cyberspace, especially within the framework of very rapid developments in the sphere of ICTs. And given the transnational nature of such technologies, their spread and the inability to pinpoint who is behind some of the operations, there are many different concepts and they’re understood differently. For instance, pinpointing the source of ICT incidents, malicious attacks or incidents, for instance. Thus, we believe that we need further in-depth negotiations within the United Nations on these various aspects, so as to come to a common understanding which would lay the groundwork for an internationally legally binding instrument. My delegation believes that we shouldn’t make haste in our discussions on the application of international law in cyberspace. We need further work on the idiosyncrasies of international law. If we were to make haste, there would be doubts left hanging over the conclusions we draw and the decisions we make. Therefore, these conclusions, these decisions would be fragile and the entire endeavour would be counterproductive. For this reason, we believe that all relevant issues need further discussion at this stage. Conduct in cyberspace is of course very different from conduct in the physical world. Nonetheless, the purposes and principles of the UN Charter, when applied to the use of ICTs, should not prevent us from agreeing on international legally binding measures, but only after a painstaking study of international law. Scenario-based discussions related to the use of international law so as to govern activities in cyberspace confirmed that it’s going to be very difficult to regulate these activities, drawing on existing norms. The only way to bridge the gaps would be to come up with new rules and norms. Thus, we’d like to highlight just how important the first draft of the International Convention on this topic is. This is something that was put forward by the Russian Federation. This is the scaffolding for a UN Convention on International Cyber Security. This draft convention reaffirms the rules which must be upheld when using ICTs. This draft resolution has been published on the Working Group’s website. Thank you, Mr Chairman.

Chair:
I give the floor now to Spain, to be followed by Côte d’Ivoire, Spain.

Spain:
Thank you very much, Mr. Chairman. Spain joins in the statement by the European Union and would like to add a few elements in our national capacity. Together with other countries, we believe that cyberspace is not an exception, not a unique case in international law. We reiterate, as we have seen here in previous occasions, that international law without doubt is fully applicable to cyberspace. Specifically, we attach particular importance to developing the principle of life applied to space, as well as humanity, proportionality, and convergence between civilian and military objectives in the application of ICTs to armed conflict. In this regard, we support the initiative mentioned by Senegal representing a group of countries on humanitarian international law, since in fact Spain’s strategy for the period 2023 to 2026 explicitly defends greater protection of medical missions and health services when subject to cyberattacks. Furthermore, we welcome the publication of the position of the African Union on the application of international law to cyberspace, which shows that it is possible to achieve a consensus on this matter among a large group of countries. Spain is also at an advanced stage of preparing its own position, and we hope that we will be able to publish it prior to the July session. In this regard, we certainly support the many efforts made to bring together national positions, and in particular, we welcome the initiative by Colombia on behalf of a group of countries on greater convergence in the language of international law. Finally, we welcome efforts for capacity building in the subject, be it through specific sessions with experts or others, as these are decisive steps to bridge gaps of interpretation of the current legal regime. We hope that the next intersessional period in May will offer sufficient spaces to have substantive debates in this area. Thank you.

Chair:
Thank you very much. Spain. Cote d’Ivoire, to be followed by Colombia.

Côte d’Ivoire:
Thank you, Mr. Chairman. The growing number of services associated with digital technologies and interlinkages between technological tools and systems, combined with current security threats, have made cyberspace the fifth field of conflict, coming on top of land, the sea, airspace, and outer space. Thus, despite the idiosyncrasies of cyberspace, we should not distinguish or create an exception for cyberspace, which would make it the only area granted an exemption from international rules. The application of international law to cyberspace, therefore, in the opinion of my delegation, follows an undeniable logic. We are of the view that international law, including the UN Charter, de facto does govern the digital sphere. The principles enshrined in the UN Charter, i.e. the sovereignty of states, their sovereign equality, non-interference in the domestic affairs of other states and their peaceful settlement of disputes, as well as the responsibility of states and their duty to take a precautionary approach, are the foundation for pacifying and ensuring the stability of cyberspace. In a similar vein, international humanitarian law, IHL, and respect for human rights and fundamental liberties are necessary for the digital world to work smoothly. Violations of the aforementioned principles will, without a doubt, have deleterious consequences, contributing to increasing the level of conflict in cyberspace. Mr Chairman, drawing on the certainly mentioned above, Cote d’Ivoire has always expressed its commitment to cyberspace, which should be open, safe, stable, accessible and peaceful. With existing international norms painstakingly upheld therein. For instance, in our national cybersecurity strategy covering the period 2021-2025, we ensure that there is full respect for international humanitarian law and human rights law. Within the framework of the OEWG’s work, my country has steadfastly underscored the importance of recognising the application of international law to cyberspace. We welcome the headway that has been made on deepening the understanding of this principle by all states. Today, a significant milestone has been hit by African countries. They recently adopted a common African Union position on the application of international law to cyberspace. My delegation believes that this document can make a useful contribution to advancing our discussions on this topic. On this note, given the large number of relevant elements which can feed into our discussions, Cote d’Ivoire would like to highlight the following points. Adding a regional perspective to our understanding of this topic, reaffirming the validity of all of the fundamental rules enshrined in international law, their validity for cyberspace and states must uphold these. We also need to facilitate states upholding their due diligence duties by placing importance on international cooperation and information sharing, especially information sharing and cooperation between CERT, Computer Emergency Response Teams, and C-CERT, Computer Security Incident Response Teams. We also need to support the implementation of tools and digital platforms as well as to invest in R&D in this area so as to promote the peaceful settlement of disputes. We’d also like to stress the invitation to sign agreements on assistance for combating all forms of cybercrime so as to contribute to the protection of and the full enthronement of individual human rights, support for capacity building for both developing countries and the LDCs across areas such as the crafting of national cybersecurity and resilience strategies, as well as the provision of access to relevant technologies. An appeal to pay particular attention to stepping up international cooperation so as to better clarify international law and draft rules which would incorporate the development dimension. The proposal for the UN to adopt a declaration on the application of international law to cyberspace, all relevant stakeholders should take part in such negotiation. This includes international organizations and regional organizations as well. Thank you.

Chair:
Thank you very much. Cote d’Ivoire, Colombia, to be followed by Israel.

Colombia:
Thank you, Mr. Chairman. In addition to supporting our statement this morning on the application of international law in cyberspace, the Delegation of Colombia also supports the statement made by Senegal on behalf of a cross-regional group of countries on the application of international humanitarian law in the years of ICTs in situations of armed conflict. We will now speak in our national capacity and very briefly on some additional points. Mr. Chairman, the contributions and joint work among delegations from different areas reflect the commitment of states to make progress in the search of common understandings and areas of convergence in this important matter. My delegation hopes that the contributions that have been made will be inputs to the third APR and will contribute to implementing the responsible behavior of states in cyberspace. Mr. Chairman, at the national level, Colombia has started to work actively in preparing its position on the application of each of the principles of international law in cyberspace. In this task, very valuable have been the capacity-building programs that we have benefited from, as well as our talks bilaterally with our colleagues with Canada, given their experience. We believe that this practice is in itself a confidence-building measure which could be replicated in the framework of this working group among those countries which have presented their positions and those that have not yet done so. Given your question as to what are the specific capacities required more urgently at the national level, we have identified the importance of training on the application of international humanitarian law in cyberspace and the sectors of defense in charge of implementation. This capacity-building would further clarify our dialogue, would contribute to developing common understandings, and would contribute to consensus. Lastly, with regard to your question about scenario-based discussions, my delegation would like to share with you that in the framework of the fifth meeting on CBMs of the Organization of American States, and based on the joint work done between SICTER and UNIDIR, we carried out the workshop on norms, international law, and behavior of states in cyberspace, which by means of three hypothetical scenarios led to an interactive dialogue among delegates on the application of responsible behavior and principles of international law. This facilitates learning through the practical understanding of application in the context of international incidents using ICTs. It promotes transparency and confidence-building among participants. They exchanged views in small groups. We believe that this exercise could be replicated in the informal meetings in May, following the Chatham House rules. Thank you.

Chair:
Thank you very much, Colombia. Israel, to be followed by Burkina Faso.

Israel:
Thank you, Chair, for giving us the floor. We’ve already presented our perspective on the issue of application of international law to cyberspace. Please allow me to reiterate certain key points. Israel encourages discussions on the application of international law to cyberspace. We believe, however, that deepening our understanding of how international law applies is a continuing and a long-term process, one that involves states forming national views and exchanging position as we witness that the threat of landscape continues to develop. Israel’s position on the application of international law to cyberspace has been consistently expressed over the years in this open ended working group discussions as well in other international fora. We’re also happy to mention that we have recently presented the UNODA Secretariat with an official legal paper dealing with Israel’s perspective on key legal and practical issues concerning the application of international law to cyber operations. We reiterate our fundamental position that international law is applicable in cyberspace. However, given the unique features of cyberspace and the fact that many traditional rules of international law have been developed and adopted in a domain specific context, it is necessary to evaluate whether and how certain rules of international law relate or apply to the cyber domain. We in order to understand whether adjustments and clarifications are necessary. For example, data travels globally across networks and infrastructure located in multiple jurisdictions transcending national borders and lacking meaningful physical manifestations. Moreover, cyber infrastructure is to a large extent privately owned and decentralized both at the domestic and international levels. The cyber domain is also highly dynamic with technological developments and innovation advancing at a rapid pace. When considering the applicability of specific rules of international law to cyberspace, it is important to be mindful of such distinctive features and to carry out a meticulous examination of the rules at play and the context in which these rules emerged. Mr. Chair, the open-ended working group has played a key role in enabling states to present and publish their views on the application of international law. As the landscape continues to evolve, states will no doubt seek to continue to make their views known, relate to the international law aspects of new threats that are emerging, refine previous positions, and perhaps revise and update previous statements. In our view, the open-ended working group can and should continue to play a role in facilitating discussions on international law, but continue to provide a platform for states to present and publish their views on a voluntary basis. In this context, the suggestion for scenario-based discussions is a very valid and beneficial one. Finally, Mr. Chair, we feel that building a common understanding on how international law applies to the use of ICTs by states should be the first step before moving to the creation or adoption of any new rules and norms. Additionally, we wish to echo other speakers and also to reiterate again that in our view, Israel does not see any need for the development of or adoption of a legally binding instrument in this context. Thank you.

Chair:
Thank you, Israel, for your statement. Bukhira Faso to be followed by Malawi.

Burkina Faso:
Mr. President, Mr. Chairman, ladies and gentlemen, at the outset, the delegation of Burkina Faso, as we are taking the floor for the first time, would like to extend to you and to all other members of the Bureau our congratulations on your appointment. Rest assured you have our staunch support. We wish you every success as you discharge your duties. Mr. Chairman, my delegation fully shares the concerns shared by the various delegations since we began our work. These were concerns regarding the threats hanging over us in cyberspace, specifically Burkina Faso is facing an uptick in the use of digital tools by terrorist groups. These organizations are deftly using ICTs to spread their extremist ideology to recruit new members and to plan attacks. Turning now to our discussion of norms and the list, we’d like to align ourselves with the statement delivered by the Russian Federation. We suggest that rules and norms for international conduct should be adopted so as to promote responsibility and discourage malicious conduct in cyberspace. With due regard for respect of sovereignty of states in cyberspace, as well as to combat cybercrime and cyberterrorism, to protect critical infrastructure against attacks, to promote transparency and ensure states act responsibly. The responsible use of ICTs to avoid collateral damage and unforeseen consequences is also key. We need a common understanding of the various rules to ensure that there are no misunderstandings among states when we move on to implementation. Furthermore, the rules and norms must take into consideration the level of digital maturity of various states. Mr. Chairman, the establishment of points of contact, POCs, and computer emergency response teams, CERTs, underscores the importance of cooperation between states. At this stage, Burkina Faso is cooperating with regional CERTs. So as to strengthen the CERT mechanism and POCs, we will be partaking in various initiatives and taking technical steps to ensure technical information sharing. By way of conclusion, we believe that under UN auspices, funding should be allocated to build states’ capacity on the digital security front. This should be channeled specifically to developing countries. Thank you very much, Mr. Chairman.

Chair:
Thank you very much, Burkina Faso. I give the floor now to Malawi, to be followed by Venezuela. Malawi, please.

Malawi:
Thank you, Chair. Malawi is in full alignment with the African Union’s common position on the applicability of international law in cyberspace. Malawi affirms that international law and its principles do apply in the cyberspace, despite its unique features. We fully support this position and believe that it is crucial for the global community to uphold international law in the various aspects of cyber activities. Malawi does agree that more and more there is indeed demonstrated convergence of this position by many states, as if we are to go by the various statements made by various countries at these OEW sessions. We acknowledge that cyber security is a pressing concern for nations. and that despite our various levels of development, it is essential for us to work collectively to address its challenges. History has shown us that we are only as strong as our weakest link, and therefore it is imperative that we all collaborate, share information, and align ourselves with global developments and find common understanding on how international law can apply in cyberspace. Malawi also understands that each nation has a role to play at the national, regional, and global level. We are committed to doing our part in this collective endeavor. When it comes to reaching common ground on applicability of international law, we believe that capacity building is crucial in not only understanding its related aspects, but also to strengthening cybersecurity capacities and resilience. Malawi recognizes the importance of investing in human and technical capacities to face the evolving cyber threats. We therefore appreciate the support provided to us by the sponsors of the UN Women in Cyber, which has allowed some of us to participate in this important forum and be part of these important global discussions. In more ways than one, these sessions continues to be our training ground. Without their assistance, our presence here would not have been possible. We further extend our appreciation to UNIDIA and others for the continuous capacity building efforts on international law through their various training programs. As already stated by others, Malawi also believes that engaging legal experts from all countries of the world to these important topics would foster reaching a common understanding on this important area. We further support the proposed hybrid participation for wider participation to these meetings. Chair, we commend your guidance on the use of scenario-based discussions. These scenarios provide a focus platform for in-depth discussion and a better understanding of complex international legal issues, which can sometimes be challenging to comprehend without practical examples. We fully support the inclusion of these scenarios as they enhance our ability to develop our country positions and our understanding of cyber threats and cyberspace in general. In conclusion, Malawi reaffirms its commitment to the principles of international law and its applicability to cyberspace. We urge all members to collaborate, share knowledge, and strengthen our capacities to ensure a safer and more secure digital environment for all. Let us seize this opportunity to work together towards a future where the benefits of ICTs are realized while upholding the bedrock principles of international law. Thank you, Chair.

Chair:
Thank you very much, Malawi, for your statement. Venezuela to be followed by Liechtenstein.

Venezuela:
Good afternoon. As this is the first time that I take the floor, I would like to extend my regards to the chairman and his team. I’d like to reiterate, we’ve mentioned it so many times before, we’ll mention it again. We are very grateful for your work, your dedication, and overall, your very large patience. As I said before, I do not envy you your job. I was motivated by several factors to make this hopefully brief intervention. And one of them was something that I heard today, specifically for one of my colleagues and fellow states, that as far as they’re concerned, there is no distinction between cyberspace and physical space. There’s no such thing as cyberspace. only cyber activities. And reflecting on that point made me think about how is it that this concerns us in in Venezuela. And before I dwell into that concern we need to make absolutely clear that the Bolivarian Republic of Venezuela does believe and definitely wants to work towards guaranteeing the applicability of international law and international humanitarian law to cyberspace. And I think it is complete nonsense to say that anybody is saying or insisting that there is no accountability in cyberspace. It’s not an issue of there not being and rejecting outright this notion. What actually concerns us much more is a perceived automatic applicability of international law, specifically international humanitarian law. And what this automatic applicability implies because as much as we speak about the abstract notion, we have to take into consideration the realities of the international system and yes indeed even the political ones. The political realities and how they interact with international law. As in how international law applies to the real physical world and the gaps that already exist. Gaps that might get even more complicated if we go to what we perceive as qualitatively different space which is cyberspace to the physical space. Now then, so many have spoken today and before about the importance of scenario based discussions. We completely agree and as a matter of fact it is thinking on scenarios that has led us to this doubt on the automatic applicability of international humanitarian law to cyberspace. We do not wish to reject it and make it clear again. We want to make sure that it is clear that what we want is to make it real in the real world not in just as an abstract thought. And once we think of issues like scenario based based problems and discussions, then we start seeing the small cracks, shall we say. When we try to determine, for example, the responsibility of an attack in the physical space, let’s say, for example, a country, A, bombs a school or a hospital and kills everybody in it, we don’t need technical experts, like the ones we have in the OPCW, experts in chemistry and expert in all these things to determine who might be the actor. Now, the actor that causes this aggression might claim that it was the other part, the responsible for the bombing, for example. But sometimes you don’t need that much experts, a couple of journalists on the ground can make and determine and say, well, this was the most likely scenario. Nonetheless, even then, we have problems in interpreting and applying international law. And this is where exactly the physical space becomes very different from the cyber space. In the cyber space, we can have a group of unknown nationals in Mogadishu, for example, planning an attack on, let’s say, state B, then all of a sudden, and they don’t need to be the best hackers in the world, they can make it look as the attack is from Caracas. Caracas doesn’t even know what’s going on, and it is attacked and it is accused of attacking and destroying, causing damage to infrastructure in another country, country B, et cetera, et cetera. And here is where international humanitarian law automatically applies, especially something like Article 51, which is the right to defend. Now, the question here is, country B that claims was attacked by, again, in this hypothetical case, Caracas, even though Caracas doesn’t even know what’s going on, it has a right to defend itself, where? In the physical world or in the cyber world? The attack was in the cyber world. Article 51 does not specify that, and it does not specify that for a good reason. 1945, this was not an issue. It is an issue now, and this is our huge concern. The thing is, what even concerns us more is that this has to be discussed. But unfortunately, certain things that are not, or that do not have an international consensus and are being discussed, some states go ahead and apply their judgment regardless. Take, for example, unilateral coercive measures. a very large amount of countries believe that they are illegal. Nonetheless, some countries apply it against others, with quite problematic consequences. People dying because they don’t have food, they don’t have shelter, they don’t have the basic things that they had before, the effects of these measures. If that’s not a case of humanitarian international law, but I don’t know what is. Nonetheless, while it’s being discussed whether it is legal or not, it is being applied. And the same thing would happen to things that we do not have a consensus on, on cyberspace. While we’re discussing whether the response or the mode of defense of country B against country A in relation to a cyber attack based on Article 51, whether it’s applicable or not, and whether the response or the defense has to be in cyberspace or in physical space, the country in question will just proceed and do what it sees fit while we’re discussing. Why not? It already happens in the physical world. These are issues and these are concerns that the Bolivarian Republic has. And it has them based on what we mentioned here, the scenario-based discussions. It’s not so clear-cut and simple because this cyber world did not exist when the articles were written for the Charter of the United Nations. So, again, yes, we want to work towards applicability. We believe that there has to be accountability and there should be. We’re just concerned about the details and we should be concerned about them now. Thank you, Mr. Chairman.

Chair:
Thank you very much, Venezuela, for your very detailed and clear statement. In some ways, you have brought us into a scenario-based discussion already. And there is very clearly a demand for such a discussion. I think that was the one unanimous point of convergence that we have. But underlying this convergence to discuss this further through scenario-based discussions are also different points of view, which is entirely understandable. But it’s a discussion that we need to have. And I’m also very encouraged, Venezuela, by your remarks that you do want to talk about the applicability of international law and you do attach importance to accountability. And I think that’s also something that we need to address until after 6 o’clock. So we’ll press on with the statement from the ICRC. You have the floor.

ICRC:
Ambassador Garfu, Excellencies, dear colleagues, thank you very much, Chair, for giving us the floor at that late hour in the day. Under your leadership, Chair, this Working Group has built significant agreement on ICT threats in international security, including in situations of armed conflict. Against this background, the ICRC urges you to deepen discussions on the limits that international law and, in particular, international humanitarian law, imposes on the use of ICTs in situations of armed conflict. We believe progress has been achieved in this Working Group and more common ground is within reach. What convergences can we identify on IHR? Since 2021, this Group has repeatedly underscored that recalling international humanitarian law in the ICT environment by no means legitimizes or encourages armed conflict. Delegations have rightly emphasized that international humanitarian law does not prevent armed conflict. International law obligations to prevent armed conflict, to maintain peace and security, are set out in the UN Charter. IHR is different from Article 51 and the inherent right to self-defense. International humanitarian law provides limits that must be respected in the unfortunate and undesirable situation of an armed conflict, irrespective of whether or not the UN Charter has been breached. Today, the world faces over 120 armed conflicts, including between states, and the precious humanitarian consensus that wars have limits must persist even when new means and methods of warfare are used. Your population, the communities that states in this room represent, they need this protection. Discussions in this Group have encouraged a growing number of states to express their views on the application of international law, including international humanitarian law, to the use of ICTs. The cross-regional statements presented today by Senegal and by Colombia and the recently published Common African Position build common understandings and show that this is possible. The 55 African Union states have unanimously held that despite the fact that most rules of IHR emerged before the appearance of cyberspace, IHR applies to cyber operations that may be undertaken in the context of armed conflict. The ICRC encourages this working group to build on these regional and cross-regional and also national positions to include clear language on IHR in the progress report in July. However, there are also unique features of ICTs that need further considerations. Finding agreed language on the applicability of IHR to the use of ICTs in armed conflict should not preclude discussing at the same time how IHR limits apply to cyber operations. And the need for further study on this question is reflected in each annual progress report. For example, in our view, it is not sufficient to simply note the principle of distinction. If at the same time some states restrict the application of IHR in the ICT environment so much that most uses of ransomware, of viperware, and of DDoS operations are excluded because they don’t result in physical damage. Interpretations of international humanitarian law that focus solely on protection of objects against physical damage are insufficient in the ICT environment. Common understandings on the protection afforded by existing IHR can be achieved striking the right balance between principles of military necessity and humanity. At the same time, if the existing rules of international humanitarian law are interpreted in ways that undermine the protective function of IHR in the ICT environment by leaving unaddressed the new kinds of harm that result from the use of ICTs, then additional rules would be needed and would need to be developed to strengthen the existing legal framework and to ensure that IHR remains adequate in today’s ever more digitalized societies and armed conflicts. Finally, Chair, you inquired about scenarios for discussion in this group. The ICRC is available to provide you with decontextualized yet reality-based examples if needed. Thank you.

Chair:
Thank you very much, ICRC, for your statement. I think that’s also a very good statement for all of us to hear and to reflect on as we wrap up this discussion on international law. I don’t want to make a summary because the value of a discussion like this in the working group is in itself an exercise of reaching greater levels of understanding and clarity. And so each one of you, I’m sure, will be taking back your own reflections and lessons that you might have gleaned by listening to the various other statements. From my point of view, I want to say that this has been a very, very good discussion, probably the best discussion we have had on international law in recent times. I think I said that the last time as well with regard to international law. So what it shows is that with each discussion we are getting deeper, we’re grappling with some of the tough issues, and because of that we are listening to each other and we need to understand each other’s point of view. Even if we may deep in your hearts, you may disagree with the point of view expressed, but when you listen to a different point of view, you need to grapple with how you need to deal with that, how you would respond to that, and certainly that has been useful for all of us collectively. So that’s the first point. Second, I would give all of you an A-plus for engagement and enthusiasm. So many of you are asking for additional sessions to discuss international law, that we may well perhaps in the future mechanism need to establish a permanent mechanism for international law discussions. We can’t possibly spend a whole week discussing international law because we have a whole list of issues to discuss, and let us not forget that the mandate that we have also requires that there be a balance. So much as I would like to allocate two to three full days to discuss one topic, we need to keep in mind also the need to have some balance between the different agenda items. But maybe in the future we can all spend a month here in New York and discuss all the issues. The point I’m making is that there was a lot of engagement and enthusiasm and no doubt very thoughtful preparations back in capital as well. And of course the statement of common position from the AU plus two cross-regional statements and papers submitted this week and also the different statements made by many of you plus additional national statements submitted. All these votes very well, and I think that in itself is intangible, but I think it’s a good step forward for our discussions. There were also discussions on the need for additional legally binding obligations. We have not made a huge step forward on that front. Some aspects of the old debate are still there, but at least what I hear is that the possibility is not excluded, at least in the minds of some of you, and I think that offers us possibility to go further into that discussion. And international humanitarian law, I think the statement by the ICRC is also something that I would ask each one of you to reflect carefully, because if international humanitarian law is fundamentally about protecting people, how can we make sure that international humanitarian law can also be leveraged and mobilized to protect people in the context of conflict and prevent them from being subject to harm through ICT means? I think that’s a fair question, because the world these days is increasingly facing many situations of armed conflict. That’s a reality. So this debate about whether IHL applies is not an abstract debate. It’s a real debate, and I think there’s scope for scenario-based discussions, and the ICRC has offered to provide some input in terms of how we can have such a scenario-based discussion that is decontextualized and made hypothetical. But those are hard issues, distinguished delegates, and I think we need to address them. There was also many of you responded to the question on unique features, and I think this is the first time I think we’ve put that question, and I think that also generated a good debate. Yes, there are unique features, many of you said, but some of you said that doesn’t mean we need something additional. Others had an opposite view, so this debate and discussion needs to continue as well. And of course on capacity building, I think clearly that’s another area of convergence in the sense that we all agree this is an area where more needs to be done. Capacity needs to be built in terms of national positions, in terms of sub-regional or regional positions. There’s a lot of work to be done in the area of capacity building, and I’m also gratified that there are a few side events already in this area of international law and different programs already happening, as you saw in the mapping report as well. Finally, this point about a scenario-based discussion, I think we need to take this further. I’ll give some thought to how we can do that. UNIDIR has played a good role in this, in the form of the workshop that they convened last November, so we’ll see how we can build on that, how we can bring that into the OEWG context. Time is always the biggest challenge, because if we meet here for a week, we have a mandate of five to six different issues. As you can tell, if we take more time for one issue, it puts us behind the schedule for other issues. So that is a challenge, but let me give some thought to how we can best do this during the intersessional period as well. So let me leave it at that at this point, and certainly not an exhaustive summary, but I would also encourage each one of you to, as you form cross-regional groups, please go across the aisle, talk to people who have a different view, because now is the time to do that. So it is not the persuasive interventions you make here in this open format that will move the needle, but it’s the quiet outreach that you make to reach out and talk to different delegations who have a different view to see how we can find ways to deepen the conversation and find maybe one or two elements of commonality. But the question of international law is not something that we can very quickly resolve, because I think talking about international law itself is important as an exercise in confidence building and building trust, building understanding, but also it’s about transparency and accountability as well. And even after 75 years, we still have debates about the charter in the Security Council, in the General Assembly, in the context of many different regional situations. So that’s an ongoing thing. So this discussion on international law and how it applies into the ICT domain is not something that will find a definitive conclusion in the third APR in July or in the final annual progress report in 2025. It’s something that needs to continue, and we need to broaden the discussions and bring in experts as well. So I think if we can take back the point that let’s avoid a very binary debate about whether we need a new instrument or not, whether there are gaps or not. I mean, all of those very established positions are there, but I think as we go deeper, hopefully through a scenario-based approach, I would ask each one of you to keep an open mind and engage in that discussion. So on that note, friends, thank you very much. It’s 5.30, so let’s use the remaining 30 minutes to begin the next item on confidence-building measures. And I want to draw your attention to the questions that I have put forward, which is circulated to all of you, as you know. First, with regard to the additional CBMs, we have the initial list of voluntary global CBMs, and there is the question of what else, how do we operationalize the initial list of global CBMs, in particular through capacity-building and also through the global POC dietary? And I’ve also asked a question about additional CBMs that can be added to the initial list of voluntary CBMs. So please also respond to that. And, of course, there’s also a question related to the POC directory in terms of topics for further work by states on the POC directory. So I look forward to hearing your views. So let me open the floor now, and then we’ll see how far we can go. And we’ll continue, of course, certainly tomorrow. So confidence-building measures. The floor is open. I give the floor now to Saudi Arabia, to be followed by India. Saudi Arabia, the floor, please.

Saudi Arabia:
Mr. Chair, my delegation expresses its gratitude to you and to the Secretariat for your continued efforts within the work of the Open-Ended Working Group and security of and in the use of ICTs. The Kingdom views capacity-building as a pivotal strategic priority as part of the relevant efforts to strengthen cybersecurity internationally. We also see that the contribution of similar initiatives to the GCSCP have a contribution towards increasing opportunities to enable effective cooperation, coordination between member states regarding cybersecurity issues by sharing best practices. As for the proposed units and the recommendations regarding other units as part of the GCSCP, we see the importance of avoiding duplication within this portal, while we have other existing portals under the UN. Therefore, we propose that we work on assessing and benefiting from existing platforms by UNIDIR and other relevant entities and to identify similarities between them and the proposed platform and to suggest the best means to harmonize these different platforms. Thank you, Mr. Chair.

Chair:
Thank you very much, Saudi Arabia. India, to be followed by the European Union.

India:
Mr. Chair, the focus of CBMs is on fostering open dialogue and cooperation among states to prevent misunderstandings and reduce unintended consequences of cyber activities. CBMs include information exchange, joint capacity building, and establishing communication channels for addressing cyber incidents promptly. CBMs, when adequately resourced and engaged, strengthen overall ICT security and the peaceful use of the ICT. They enable the implementation of norms by fostering trust, predictability, and stability in ICT use. There is a call to define foundational values to build confidence among nations, taking into account virtual and physical boundaries. CBMs might be relevant globally, but implemented regionally, and harmonizing regional CBMs is key for common international action. States should cooperate on countering terror propaganda online, including removing harmful content and alerting other states of concerning cyber activities. Differentiating cyber terrorism from other incidents is also important. States should consider data jurisdiction factors like ownership and data subjects in cyberspace. They should also refrain from attacking or targeting critical infrastructure. There should be emphasis on conducting joint drills or exercises involving computer emergency response teams, and sharing digital forensic evidence to mitigate cybercrime and malicious activities. The OEWG may explore mechanisms for swift information exchange and response between law enforcement agencies and governments to counter terrorist and criminalize EDUs. Establishing rapid and reliable communication channels for incident response is essential. India’s proposal for a global cybersecurity cooperation portal can be used as a forum where member states can post their requests for support and timely response from member states. It will help to build trust between member states and cyberspace. The one-to-one communication and broadcasting communication options that the portal can provide will lead member states to come forward as a community to respond to cyber threats and attacks faced by other member states. The portal will provide and facilitate exchange of information on capacity building programs, cyber attacks, best practices, and points of contact for quick response, and will also act as a repository of cybersecurity resources. This will help member states to explore strengths and opportunities that each member state can offer to other member states. This can even initiate fresh cooperation between member states and increase their trust in other member states. Cyber awareness activities may be carried out through the portal, and member states can share educational materials that are age, gender, or education level based, and videos in UN languages. This will help to bridge the digital divide and will make cyberspace more inclusive. India has also been quick to respond to the call for nominations of technical and diplomatic points of contact for the global POC directory, and we hope that the mechanism will soon be operationalized. I thank you, Mr. Chair.

Chair:
Thank you very much, India. Now, before I give the floor to the next speaker, I want to share a piece of good news with all of you. We have 23 countries who have made nominations to the POC directory as of today, 23 of them. This is a good start. Now, let me share with you the list of countries who have done so. Argentina, Australia, Bulgaria, Cambodia, Canada, China, Colombia, Czechia, Ecuador, Estonia, Germany, Ghana, India, Ireland, Jordan, Kuwait, Peru, Portugal, Qatar, Russian Federation, Singapore, Tunisia, Ukraine. So I’d like to thank all these countries who have made nominations, and certainly we still have time. The deadline that the Secretariat had suggested was 15 April, and I know that all of you are working with your capital and agency processes to get the nominations out, but I thought I should share the list as a piece of good news and also in the spirit of transparency because if the POC directory is to be global, we need all of you on board. So I hope that we can encourage each other. So each of these 23 countries, please bring a friend on board as soon as possible so we can double that number to 46, and then we repeat the process. Each one brings another friend until we get to 193. And bringing a friend on board is not just a question of sending a WhatsApp message, but it’s also about outreach and partnership to see what countries might need. Some countries might need more help, advice, even capacity building in terms of getting things ready to get on board this POC directory. So I think we are on the right track. I just wanted to mention that since India did say that they have nominated their points of contact, and I thought I should share the list with everyone. So that’s the piece of good news. I think all of you deserve a drink today. You can have one on my behalf. I give the floor now to the European Union, to be followed by Chile speaking on behalf of a group. EU, please.

European Union:
Thank you, Chair, for giving me the floor. The candidate countries, North Macedonia, Montenegro, Serbia, Albania, the Republic of Moldova, Bosnia and Herzegovina, and Georgia, and the EFTA countries, Iceland and Norway, member of the European Economic Area, as well as San Marino, align themselves with this statement. Mr. Chair, with cyber security attracting increasing interest and the barriers to access to cyber capabilities decreasing, the risk of a conflict resulting from miscommunication and misunderstanding is also growing. Against this background, discussions within recent sessions of the Open-Ended Working Group and the 2022 and 2023 Annual Progress Report have achieved progress on the way to operationalizing CBMs at the global level, particularly on the establishment of a global intergovernmental POC directory and by collecting input from stakeholders on CBMs through regular dedicated intersessional meetings. The EU and its member states are currently in the process of nominating POCs for the global directory. In parallel, regional organizations continue to make important progress in elaborating and implementing cyber CBMs based on regional needs and interests, which the EU is proud to support. In our view, the best way to accelerate the universal implementation of the CBMs listed in the initial list of voluntary global CBMs is through information sharing at regional and sub-regional level, supported by regional and cross-regional initiatives, as well with the development of cooperative measures like assistance in building resilience and other capacity-building initiatives that would strengthen the collective capacity to deal with the cyber threat. During the past sessions, we have heard from different regional organizations and the way they use different capacity-building processes, such as the support provided for setting up CERTs, cybercrime registration, and cybersecurity strategies to almost simultaneously promote the development of CBMs, including point of contact and CERT-to-CERT cooperation. To their experience, regional organizations are well positioned to identify gaps, provide practical tools, and share best practices and examples to further develop CBMs. The scope of the existing challenges and the variety of financial and human resources needed to address them require framing development of CBMs as a multilevel and multistakeholder engagement involving all parts of government and the private sector. For example, given that protection of ICT-enabled infrastructure and adequate response capacities in case of attacks is evolving into one of the main norms of behavior in cyberspace, cooperation models among the incident respondents community emerges as one of the key confidence-building elements and that can only speed up the operation of CBMs. Many non-state stakeholders are already driving initiatives with the aim of building trust and confidence between states and non-state actors. The ability of non-state organizations to actively engage in the open-ended working group process and exchange views with states in itself creates trust between member states and the relevant organizations and experts, which is critical for the implementation of the framework. Therefore, the BSC directory would also gradually expand to include the contact information of relevant stakeholders to support more rapid crisis management, information sharing, and context awareness when cyber incidents take place, while at the same time bolstering participation with targeted outreach and capacity building to those with limited resources or technical expertise to raise awareness of the BSC, while also tackling cooperation between member states. Mr. Chair, building confidence is a long-term commitment to cultivate deeper dynamic relationship between CBMs, norms, and capacity building. The EU and its member states look forward to continuing the change in the open-ended working group on how confidence-building measures would provide and add value, enhancing security and stability in cyberspace. Thank you.

Chair:
Thank you very much, Chile, for your statement. Sorry, European Union, for the group statement. I give the floor now to Chile, also on behalf of the group.

Chile:
Mr. Chairman, thank you very much for giving us the opportunity to exchange views on capacity building measures. I will make this statement on behalf of the following countries of the Americas – Antigua and Barbuda, Argentina, Brazil, Canada, Colombia, Costa Rica, Ecuador, El Salvador, United States, Guatemala, Honduras, Mexico, Paraguay, Peru, Dominican Republic, Uruguay, and my own delegation, Chile. We would like to emphasize the dialogue among countries as one of the most important confidence-building measures. It is the basis for successful cooperation. We recognize the efforts of this open-ended working group and your chairmanship in the framework of preparing the third annual report, the APR 2024, which will be circulated for the consideration of our group in July. We would like to take this March session to reiterate our shared position on CBMs and to highlight the matters that we consider to be priorities and which require concrete actions. We believe that CBMs include measures of transparency, cooperation, and stability. They contribute to preventing conflict. They avoid erroneous perceptions and misunderstandings, and they reduce tensions. They are a concrete expression of international cooperation. They can strengthen security, resilience, and the peaceful uses of ICTs, in general favoring the application of norms on state-responsible behavior. They promote confidence and guarantee greater clarity, foreseeability, and stability in the use of ICTs by states. As has been previously mentioned, we recognize that the working group is in itself a CBM. In this regard, we attach importance to the development and implementation of CBMs, pointing out to the work done at the level of regional organizations. In particular, we wish to refer to the work done by the working group to prepare a group of CBMs and cyberspace by the OAS. This has made it possible to adopt measures in our region specifically on cyber diplomacy, including the designation of national POCs and foreign ministries. We welcome the recent fifth meeting, which took place on 26th and 27th February this year, and we congratulate the Dominican Republic and Canada for having taken on the chairmanship and vice chairmanship of that group. We recognize and value the implementation of the Global Directory of Points of Contact, which is an important step forward in confidence-building at the global scale. The directory can facilitate the application of other global CBMs, which can promote resilient, open, safe, stable, accessible, peaceful, free, and interoperable cyberspace for all. We believe that POC networks established at the regional level, as in the case of the OAS, could help the work of the directory. We also believe that capacity building and CBMs are two aspects which complement each other. Creating capacity is essential for concrete measures for CBMs. This is essential, and we must take into account the various regional positions and the specific needs of countries so that they may have on the issue. In this regard, we believe that it is important to have a work strategy in coordination with regional and sub-regional organizations. We also recognize the role of the many stakeholders, such as academia, private sector, civil society, NGOs, the technical community, among others, in implementing CBMs. And we encourage countries to work with these actors to have their experience and knowledge. States have the necessary tools to voluntarily apply CBMs, and they have the necessary forms. In this regard, we encourage states to use voluntarily the National Survey models to implement Resolution 7237 of the UN General Assembly, which could help to structure the information to be submitted to the Secretary General of their views and evaluations. We think that possible measures such as cooperation between the response teams, cooperation among states in terms of capacity building to close the digital divide, critical infrastructure experiences with regard to norms and application of international law and cyberspace, cooperation with stakeholders – these are all examples of concrete actions we can undertake to implement them nationally and globally. With regard to the universal implementation of CBMs listed in the initial list, we encourage states which have more experience and progress with the implementation to assist those countries which require help to make progress in their national capacities. The exchange of experiences, lessons learned, among others, are valuable elements which can help make concrete progress with continuity over time. Mr. Chairman, CBMs have historically played a role in our region, which has a valuable tradition as a zone of peace. The development of CBMs in the area of ICTs is a continuation of that history, which has made it possible to create spaces of cooperation, dialogue, and exchange of experiences which contribute in our region to having a resilient, open, safe, stable, and accessible, peaceful, free and interoperable cyberspace for all. Thank you.

Chair:
Thank you very much, Chile, for your statement on behalf of the group. Can I give the floor now to Hungary, please?

Hungary:
Thank you very much, Chair. Again, Hungary aligns itself with the statement of the European Union. Adding to that, similar to other EU member states, Hungary is also in the process of nominating a national POC or POCs to the global directory. You know, of course, that this is not always a straightforward issue, because we need to carefully explain the added value of the directory to our technical experts, similarly active in other networks regionally or otherwise, in a global setting. Thanks for the Chair’s team for sharing a clear timeline of events for 2024 and are looking forward to the very first global POC directory meeting in May, hopefully in a hybrid format, in order to allow the highest possible number of existing and future POCs to participate in this meeting. It is reassuring that, as it was mentioned actually today during a side event organized in the German House by an open, informal cross-regional group, the global POC directory agreed by consensus will remain with us, independent of the outcome of our discussion on a future regular institutional dialogue. So that’s a good thing that we can celebrate here again. Here I wish to highlight again the recommendation from our side to consider building an alumni community of cyber experts and future ex-POCs of the directory. We think that it can have an added value for our future cooperation. We shared a view expressed by the European Union that the recently launched POC directory could gradually be expanded to include the contacts of relevant other stakeholders, not necessarily incorporated in the directory itself, but those stakeholders who are in a position to contribute to deal with the consequences of unintended conflicts and lend support for national-level crisis management or sharing information with them. However, we need to be aware of the voluntary nature of the participation in the directory and the specific capacity of non-governmental stakeholders to participate in the discussions on the international security aspects of ICT developments. Thank you very much, Mr. Chair.

Chair:
Thank you very much, Hungary, for your statement and also for your suggestions. Friends, we are close to 6 o’clock, so I intend to adjourn the meeting at this point. And we have about 20 speakers, so we’ll continue the discussion tomorrow. And of course, the floor remains open. We can take in more speakers tomorrow morning. I wish you all a pleasant evening, and the meeting is adjourned. Thank you.