- Final -

Mr. Chairman,

I have the honour to speak on behalf of the EU and its Member States.

The Candidate Countries North Macedonia, Montenegro, Serbia, Albania, Ukraine, the Republic of Moldova and Bosnia and Herzegovina, the potential candidate country Georgia, and the EFTA countries Iceland and Norway, members of the European Economic Area, as well as Monaco and San Marino align themselves with this statement.

1. Norms of responsible State behaviour are a key element of the normative framework for responsible State behaviour and are complementary to international law as applicable to cyberspace.
2. In this regard, the first OEWG has elaborated on and strengthened the 11 norms of responsible state behaviour, in particular by enhancing the understanding of the implications of these norms of responsible state behaviour.
3. The 2021 GGE and OEWG reports both also note a persisting divide in states' capacities to implement the agreed-on norms and recommendations effectively.
4. The latter case provides an entry point for cyber capacity building activities that could help broaden and deepen awareness and common understandings of the norms, some of their subsections and side-activities and their implementation in general.
5. According to a model developed by the Australian Strategic Policy Institute (ASPI), cyber norm implementation can be understood as a six-step process: awareness, recognition, assessment, understanding, plan and act, and implementation.
6. That means that for states to engage meaningfully in the cyber norms debate and to be able to implement cyber norms, specific capacities are required. They include activities aimed at national awareness, policies, and strategies; international cooperation and coordination; national laws and regulations; national institutions and resources; and public-private partnership and cooperation.
7. Therefore, the reference to the layers of norms includes a common understanding on the tasks necessary to adhere to norms. We need to continue working within the UN on deepening our common understanding on these tasks. This supports the implementation of norms in cyberspace as well as contributes to cyber capacity building efforts.
8. Through its cyber capacity building projects the EU aims to support implementation of one or more of the norms, inter alia, awareness-raising, establishing information-sharing pathways, conducting trainings, exercise etc.  .
9. Similarly, the EU will actively promote universal human rights and fundamental freedoms, the rule of law and democratic principles in the digital space and advance a human-centric approach to digital technologies in relevant multilateral fora and other platforms. Already in 2014, the EU adopted the EU Human Rights Guidelines on Freedom of Expression Online and Offline which state clearly that ‘all human rights that exist offline must also be protected online, in particular the right to freedom of opinion and expression and the right to privacy, which also includes the protection of personal data’.
10. One vehicle for promoting capacity building aiming explicitly at cyber norm implementation was proposed in October 2020, when a cross-regional group of member states led by Egypt and France put forward a proposal for a United Nations Program of Action (PoA).
11. This proposal aims to set up a permanent, inclusive and action-oriented mechanism at the United Nations to monitor the implementation of agreed cyber norms and recommendations and to support states in their national implementation efforts, mainly through capacity building.
12. These exchanges should build upon the discussion on norms implementation and the identification of gaps, also taking into consideration the subject of gender-sensitive capacity-building, and could further feed into the work under the PoA, noting that capacity building constitutes the practical foundation to implement the UN framework for responsible state behaviour in cyberspace.