-CHECK AGAINST DELIVERY-

Chair,

I have the honour to speak on behalf of the European Union. We very much welcome the opportunity to exchange views on the evolving cyber-threat landscape and its implications for the maintenance of international peace and security.

The Candidate Countries North Macedonia^*, Montenegro^*, Albania^*, Ukraine, the Republic of Moldova, Bosnia and Herzegovina^* and Georgia, and the EFTA countries Iceland and Norway, members of the European Economic Area, as well as, Andorra align themselves with this statement.

Colleagues,

In our modern world, cyberspace has become a pillar of all societies, facilitating economic growth and social progress for all citizens.

The EU, like many in this room, however, remains deeply concerned with the parallel increase of malicious activities in cyberspace and the misuse of information and communication technologies. Such activities directly affect citizens’ trust in the digital world and increase the risk of escalation and conflict, both in cyberspace and beyond. Such activities can also have adverse effects on the full and effective enjoyment of human rights.

A key trend is the blurring of lines between state-sponsored and criminal or financially motivated actors. We remain particularly concerned that the threat of ransomware continues to target private companies and critical sectors such as healthcare. The impact of such ransomware incidents occasionally also rises to the level of a threat to international peace and security.

Where we once focussed primarily on the threat to governments and defence, we now also recognise the real-world impact of irresponsible activity on the broader economy and society. It must be our joint commitment to improve our toolkit for collective resilience to ransomware and we welcome other delegations sharing their insights and experiences.

In addition, the EU is concerned about the significant threat coming from state actors that seek political or economic advantage from coercive action in cyberspace, particularly with regard to critical infrastructure and critical cyber systems.

In this context, the EU and its Member States are alarmed about the number of malicious cyber activities targeting government institutions as well as democratic processes, often with the direct intent to undermine stability and security and to erode trust in the outcome of democratic elections. Recently, the EU joined the United Kingdom and other international partners in expressing serious concerns about the use of cyber operations to interfere with democratic processes and institutions.

Together, we must be prepared to shed light on malicious cyber activity and hold the responsible actors to account. We must continue both to collectively address malign cyber activity, and to enhance accountability of actors that conduct themselves contrary to the international obligations and expectations we have all agreed upon, while fully respecting our international human rights obligations.

Chair,

The international community recognises that existing international law, including the UN Charter in its entirety, is applicable in cyberspace. States have also recognized the applicability of the law of state responsibility, international human rights law, and, in situations of armed conflict, international humanitarian law.

States are increasingly developing military cyber capabilities. It is the responsibility of the international community to ensure – should these capabilities be used in armed conflict – that they are used in a manner that complies with longstanding rules of international humanitarian law and in a way that minimizes human suffering.

We urge all States to work towards providing clarity and examples on how existing rules of International Humanitarian Law can be applied on cyber operations, especially its fundamental principles of humanity, necessity, proportionality, distinction, and precaution.

Finally, as we confront the threats that concern us most today, we must also look to the future and the implications of emerging technologies, such as AI, within the framework for responsible state behavior.

As a concrete and forward-looking measure, the EU supports the establishment of a Programme of Action on Cybersecurity as a permanent mechanism in this domain. This initiative seeks to establish a results-based, action-oriented, and transparent mechanism underpinned by inclusive dialogue and cooperation among all relevant stakeholders. This will allow efforts to support states promoting the implementation of the framework for responsible State behavior and capacity building to increase cyber resilience globally.

Chair,

Working together to understand the evolving nature of the threat of malicious cyber activity is crucial to setting the context in which we develop practical measures for international cooperation. We look forward to continue to work with responsible UN member states to identify cyber threats of shared concern to international peace and security and to implement effective measures aimed at decreasing those threats and risks.

Thank you.

* North Macedonia, Montenegro, Serbia, Albania and Bosnia and Herzegovina continue to be part of the Stabilisation and Association Process.