28. February 2025 New York

Informal Dialogue with Stakeholders on 13 February 2025
ahead of the Tenth Substantive Session of the UN OEWG
(17 to 21 February 2025) at the United Nations Headquarters in New York (UNHQ)

Statement by Anne-Marie Buzatu, Executive Director of ICT4Peace

Thank you, Chair, for this opportunity to address the crucial matter of international law in cyberspace and its implementation through the OEWG process. We at ICT4Peace are especially appreciative as due to financial constraints, we are not able to travel to New York next week.

I will get straight to answering the questions posed in your letter.

Regarding additional layers of understanding that could be reached on topics identified in paragraph 39 of the third APR, ICT4Peace proposes several concrete areas:

First, we suggest developing standards bodies/institutions to support the implementation of the 11 norms of responsible state behavior, similar to how technical standards are developed and implemented in other areas of international cooperation. Organizations such as the ITU demonstrate how technical standards can effectively bridge high-level principles with practical application.

Second, we propose adapting existing UN mechanisms like the Universal Periodic Review process in the HRC to enhance accountability in cyberspace. In fact, we first made this proposal to the second substantive Meeting of the First UN Open Ended Working Group (UN OEWG) in February 2020 at the United Nations New York, (See ICT4Peace Statement here).

Having a UPR focused on responsible state behavior in cyberspace could
provide a structured framework for reviewing state adherence to existing international law, agreed norms and principles.

On progress in related fora, we note several promising developments:
• The ICRC’s extensive work on applying IHL principles to cyber operations
• UNIDIR’s Survey of National Implementation, which helps identify specific gaps in implementation
• The Oxford Process’s detailed examination of international law application in
cyberspace
• And numerous capacity building offerings on this topic, including ones provided by my organization.

In addition to this, stakeholders can contribute to building capacity on application of international law to cyberspace by:
a) Developing practical guidance materials translating international law principles into operational frameworks (ICT4Peace Toolkit
b) Providing technical expertise for implementing legal obligations in cybersecurity practices
c) Facilitating regional workshops combining legal and technical training
d) Creating repositories of best practices and case studies

Turning to the Chair’s discussion paper on stakeholder modalities and dedicated thematic groups, as a first point, we note that cyberspace is mostly owned, developed and operated by non-state, private actors, who enjoy a kind of “effective control” over cyberspace in some areas where States do not, so effective implementation of international law and the normative framework requires effective participation of non-state actors.

ICT4Peace welcomes several proposed elements in the paper, and offers specific suggestions for enhancement: On stakeholder modalities, we support:
• The commitment to “systematic, sustained, and substantive” stakeholder
engagement
• The provision for stakeholder participation in both plenary sessions and review conferences
• The emphasis on inclusive participation and geographical representation

We propose the following enhancements:

1. Regarding safeguards for stakeholder participation:
• Establish clear, objective criteria for evaluating stakeholder competence and
relevance
• Similar to the suggestion my colleague from Singapore made, implement a
transparent review process with States publishing reasons for which they won’t
approve a participant with defined timeframes
• Create an appeals mechanism for participation who have not been approved

2. On the dedicated thematic groups, we particularly welcome:
• The inclusion of technical experts and legal advisors
• The hybrid format to ensure inclusive participation
• The two-year appointment of co-facilitators with gender balance and geographical representation

We suggest the following practical considerations:

• Establish clear terms of reference for each thematic group
• Create mechanisms for coordination between groups to avoid duplication
• Develop concrete deliverables and timelines for each group
• Ensure adequate technical support for hybrid participation

In closing, we emphasize that effective implementation of international law in cyberspace in particular, and the normative framework in general, requires the expertise of diverse stakeholders, including technical experts, legal scholars, and relevant civil society organizations. The involvement of these actors should be structured to maximize their contributions while respecting the intergovernmental nature of the process.

Thank you for your attention.
New York, 13 February 2025