- Final -

Mr. Chairman,

I have the honour to speak on behalf of the EU and its Member States.

The Candidate Countries North Macedonia, Montenegro, Serbia, Albania, Ukraine, the Republic of Moldova and Bosnia and Herzegovina, the potential candidate country Georgia, and the EFTA countries Iceland and Norway, members of the European Economic Area, as well as Monaco and San Marino align themselves with this statement.

1. International law, norms, capacity building and confidence building measures (CBMs) form an integrated compendium that defines and shapes responsible state behaviour in cyberspace.
2. We remain convinced that the objective of the CBMs, to develop and maintain communications between States to defuse conflicts and prevent escalation, is now more relevant than ever, especially in the context of the continuing Russia’s brutal, unprovoked and unjustified military aggression against Ukraine.
3. The Recent years have seen important milestones in several regional organisations, including the Organization for Security and Co-operation in Europe (OSCE), the Organization of American States (OAS), the Association of South East Asian Nations (ASEAN) Regional Forum and the Economic Community of West African States (ECOWAS).

4. We believe that more effective norm and CBM implementation can be achieved by carefully assessing the experiences in various regional organisations as well as by taking advantage of existing synergies between UN deliberations and the regional CBMs and capacity-building initiatives.

5. Regional fora have proven to be useful platform for discussion, enabling focus on regional and local specificities, and involvement of a smaller number of stakeholders with common interests and concerns. Many regional organisations have built up experience in developing and implementing CBM’s. It would be good to actively invite them to share their experiences in the OEWG.  

6. Countries that are a member of regional organisations could benefit from joint CBM implementation initiatives, and from further linking capacity-building initiatives with CBMs. In this regard, the EU has organised a cross-regional event on CBMs at the OSCE, and continues to promote the idea of cross-regional CBM cooperation in order to broadly share good practices and be able to launch targeted activities, such as cyber trainings, exercises or e-learning activities. This inter-regional exchange will help to understand how different regions implement norms and CBMs practically and could enable participants to gain insights into relevant cybersecurity initiatives and assist in identifying common interests. 

7. These efforts complement the OEWG and PoA discussions, and support and incorporate regional perspectives and best practices into the discussions. They would further provide good grounds for furthering trust and collaboration internationally.

8. Furthermore, concrete implementation is now the key. In that regards, the EU has been engaged within the OSCE in exploring how to develop crisis management procedures to better protect critical infrastructures against cyberattacks in the light of the new security environment and of the growing cyber threats against those infrastructures. Future steps might lead to mapping participating States’ cyber crisis management mechanisms, including the cooperative mechanisms with third partners or sharing existing assistance mechanisms, including in case of cross-border incidents.

9. Civil society, academia as well as private sectors could facilitate the engagement with interested stakeholders that have also a role in supporting the implementation of confidence building measures, in particular those including public-private partnerships.

10. Moreover, involving actors from the technical level to the diplomatic one is crucial to ensure a comprehensive approach and commitment at the relevant level.

11. The development and operationalisation of the global points of contacts (POC) directory is valuable as it allows us to have greater tools and lines of communication to either coordinate or communicate in the event of cyber incidents.

12. In light of the proposed POC Directory, it is important that the participation is voluntary as also highlighted in the Chairs Elements paper. Too complex and scripted modalities could be difficult to many to work out. We support step-by-step approach in this regard.

13. We agree on the importance of capacity building, which would allow states to establish this POC Directory. Noting that all capacity building related to the framework should be consistent with the principles agreed in the 2021 OEWG report, including corresponding to nationally identified needs and priorities.

14. We also think that such directory needs to be accompanied by regular ComChecks to be effective in the long term, a practice regularly used at OSCE level.

15. We look forward to our further discussions and progress for the year to come.