1. I have the honour to speak on behalf of the European Union and its Member States.

2. The Candidate Countries North Macedonia*, Montenegro^*, Serbia^*, Albania^*, Ukraine, the Republic of Moldova, Bosnia and Herzegovina^* and Georgia, and the EFTA country Norway, member of the European Economic Area, as well as San Marino align themselves with this statement.

3. Challenges deriving from cyberspace have never been as complex, diverse and serious as they are now. The increasing number of threat actors, the deteriorating global security environment and rising geopolitical tensions inform our serious concern for international security and stability.

4. July’s Annual Progress Report (APR) of the OEWG captured the main concerns raised during this year’s meetings, including ransomware, the malicious use of commercially available ICT intrusion capabilities, threats to the core of the Internet, and ICT activity targeting critical infrastructure and essential services, as well as that targeting international organizations and international humanitarian organisations. It is also noteworthy that the last APR was the first to addresses concerns relating to AI and its implications for the use of ICTs in the context of international security.

5. Chair, critical infrastructure is increasingly at risk from cyber threat activity, both from cyber criminals and state-sponsored actors. In this context, we again highlight cyber activities disrupting the work of international organization and international humanitarian organisations, a threat that we increasingly see with rising tensions and conflicts. These attacks threaten effective multilateralism. It is vital that international organisations are able to conduct their work safely, securely and independently. We attach great value to the agreed UN framework of responsible state behaviour in cyberspace, grounded in international law. It is crucial that all states uphold these principles and refrain from subjecting such organisations to cyber-attacks.

6. In this regard, the EU highlights the actions of those EU member states who have recently attributed state-led malicious cyber activity campaigns against their critical national infrastructure, thereby promoting adherence to the framework of responsible state behavior. We call on all States to actively prevent and refrain from such activities and uphold the framework of responsible state behavior. 

7. We reiterate that the increasing number of cyber threat actors conducting ransomware attacks, for a variety of incentives, is something that we need to address within the OEWG, as well as in the work of the future permanent mechanism. The increasing frequency, scale and severity of ransomware attacks not only result in a disruptive impact on individuals, business and economies and societies at large, but may also impact international security and stability. We need to continue assessing what States can do in line with the UN framework for responsible state behaviour in cyberspace, to reduce this threat.

8. Another threat that should be recognised in the final report of the OEWG is that posed to human rights by malicious cyber activity. The international community as a whole must ensure that human rights are respected, protected and upheld online. Cybersecurity and human rights are not competing values or interests, but are interdependent, mutually reinforcing and can support economic and social development when developed hand-in-hand.

9. We have talked about raising our common understanding of the existing and potential threats in cyber space and identifying possible cooperative measures to tackle them, when we are talking about norms, when we are talking about law, and when we are talking about CBMs as well as about capacity building efforts. In order to make our work more concretely focused and more practical, we should apply the lens of the framework when we are expressing our will to addressing these threats through cooperative measures.

10. In particular, coordinated assistance by partners against these threats can help to build capacities, enabling states to protect their vital needs when targeted by serious cyberattacks and malicious activities. We should further reflect on best practices and practical examples, such as the Tallinn Mechanism, to see how we can improve international civilian cooperation, providing assistance and enhancing resilience as well as strengthening partnerships in the rapidly evolving digital landscape.

11. We look forward to continued productive discussions both with the experts and representatives of states throughout the rest of this session. We also encourage further progress in our collective work to more effectively link the identification of threats to appropriate action to counter these threats, including in the context of the future permanent mechanism.

12. Thank you.

* North Macedonia, Montenegro, Serbia, Albania and Bosnia and Herzegovina continue to be part of the Stabilisation and Association Process.