EU Statement – United Nations Open-Ended Working Group on ICT: Rules, norms and principals

Agenda item 5: rules, norms and principles of responsible behaviour of States and the ways for their implementation.

Mr. Chairman,

I have the honour to speak on behalf of the EU and its Member States.

The Candidate Countries Montenegro, the Republic of North Macedonia and Albania, the country of the Stabilisation and Association Process and potential candidate Bosnia and Herzegovina as well as Ukraine, the Republic of Moldova and Georgia, align themselves with this statement.

1. Being derived from international law, rules, norms and principles of responsible state behaviour are key to maintaining international security and stability.
2. Enhancing our common understanding about these rules, norms and principles and advancing its implementation should be at the core of our common efforts.
3. Through these efforts, we will be able to reduce cyber threats, allowing us to reap the benefits that cyberspace, and in particular the Internet, provide.
4. To achieve results and address the urgent need for security and stability in cyberspace, the EU and its Member States believe that our discussions in the OEWG should further invest in areas where consensus has been achieved, in accordance with the UNGGE reports and the final substantive OEWG report. We should urgently invest in the practical implementation of the consensus recommendations provided.
5. In this regard, the OEWG could elaborate on and strengthen the 11 norms of responsible state behaviour, in particular by enhancing the understanding of the implications of these norms of responsible state behaviour. Such exchanges could allow clarifying the expectations that the norms set, and should offer insights in best practices how these norms could be put in practice.
6. In addition, the discussions within the OEWG could allow all States to enhance global capacities in the area of implementation of norms and to contribute to the national survey of implementation of the UN General Assembly Resolution 70/237.
7. The EU and Member States stand ready to elaborate on the implementation of its EU Cybersecurity Strategy and share its experience through capacity building efforts on the implementation of the UN framework for responsible state behaviour in cyberspace.
8. Since 2015 and the adoption of 11 norms of responsible State behaviour, the EU and its Member States created a solid cyber security framework, with at its core the NIS Directive that provided legal measures to boost the overall level of cybersecurity. It ensures, as recommended in the framework for responsible state behaviour in cyberspace, to EU Member States' preparedness, by requiring them to be appropriately equipped. For example, with a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority.
9. It also creates culture of security across sectors that are vital for our economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.
10. Given the fast evolving cyber threat landscape, the EU Cybersecurity strategy adopted in 2020 addressed the new challenges. The proposal for a revised NIS directive look into improving the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.
11. The implementation of the UN framework for responsible state behaviour, through the development of cybersecurity legislation, or the establishment of Computer Security Incident Response Teams (CSIRTs), will allow us to concretely and imminently advance security and stability in cyberspace.
12. The EU and its Member States look forward to work with States and other stakeholders to take forward this work, including through a dialogue on the contribution by a Programme of Action a permanent and inclusive platform in the United Nations to the joint work on the implementation and capacity building.