Thanks to the successful adoption of the UN Open Ended Working Group (OEWG)’s final report in March and the conclusion of the Group of Governmental Experts (GGE)’s final report at the end of May, scholars, experts, and diplomats are rightfully rejoicing. Multilateralism is alive and kicking, especially around sensitive issues such as cyber ones.
However, one can neither rest on one’s laurels nor take anything for granted, because there is much more that meets the eye: while the good news is that States are looking at the UN as the privileged forum where many differences can be bridged, divisions within the UN abound on these topics. Indeed, while the General Assembly has not endorsed the GGE Report yet, a Russian resolution to establish a new OEWG for 5 years was voted well before the expiry of the previous one. Incidentally, only a few days prior to the proposal for a Programme of Action (PoA) for advancing responsible State behavior in cyberspace, an attempt by 53 countries (including all EU member States) to establish a permanent UN forum to consider the use of ICTs by States in the context of international security.
Indeed, a dual track was evident, since the GGE and the OEWG had similar mandates to discuss the following topics: existing and potential threats, international law, norms for responsible State behavior, confidence building measures, capacity building, and regular institutional dialogue. The differences were to be found in their respective compositions (25 Governmental Experts in the GGE and the entire UN membership in the OEWG) and in the initiatives that led to their respective establishment (a US resolution for the GGE and a Russian resolution for the OEWG).
As further proof of the above-mentioned divisions, the Russian Federation presented a draft Convention on cybercrime to the UNODC on the 27th of July. The initiative builds upon previous Third Committee resolutions, adopted with contrary votes from the US, the EU, and other WEOG countries, most of them part of the Council of Europe Budapest Convention on the same topic, whose commitments and standards they want to preserve, even in case of the adoption of a new Convention.
In such a context, multilateralism is certainly being revived; however, it is also one of the many components of the global competition for the digital transformation currently underway.
Indeed, it is a game-changing transformation because it involves every aspect of our lives and it is global by definition, since the very notion of traditional borders is quite blurred in cyberspace. No wonder that such developments are influencing international relations: States are trying to find common understanding and discipline of their mutual interaction in cyberspace. This is of particular importance with regards to security considering the growing number of malicious activities – both by State and non-State actors – and ransomware attacks. Multilateralism can help dilute tensions and avoid escalations while trying to narrow opposite visions on how to discipline relations in cyberspace.
This is particularly true for international law, where two different visions are confronting themselves and are somehow reflected in the final report of the OEWG. While the EU and WEOG countries rejoiced for the reaffirmation of the previous GGEs statement that ‘international law and in particular the Charter of the United Nations in its entirety, is applicable and is essential to maintaining peace and stability and promoting an open, secure, stable, accessible and peaceful ICT environment’, other countries celebrated the inclusion of a reference to new proposals that “were put forward even though they were not necessarily agreed by all States, including the possibility of new legally binding obligations”.
The role of other stakeholders in the UN and in multilateral processes is another topic of divergent views: the EU, the US, and others favor their continuous involvement, whereas other countries stick to the formal limitations of the ECOSOC accreditation procedures.
Finally, both the OEWG’s and the GGE’s final reports have acknowledged the proposal for the creation of a PoA for advancing responsible State behavior in cyberspace.
While we await the formal endorsement of the GGE report, one of the most pressing issues for Italy and EU countries in general is the future of the PoA and its relation to the new OEWG. Clearly, the establishment of a new OEWG for the next 5 years represents a challenge, as well as attempts by that Working Group to absorb the tasks that have already been outlined for an action-oriented PoA.
As one of the countries that has immediately subscribed to the PoA, our delegation believes that a flexible program based on a political commitment could be very effective to narrow distances and provide the international community with a very effective tool to turn those areas where consensus exists — such as capacity building, for instance — into action. The openness towards a more active involvement of other stakeholders is a value-added to the potential effectiveness of the program, as well as its more permanent nature that would contribute to avoiding highly politicized mandate renewals and “stabilize” the negotiating environment. We are therefore committed to continue working towards the full establishment of the PoA in an inclusive and transparent manner.
The new OEWG will also keep our delegation busy as we will continue to engage in good faith. Whilst we salute the appointment of the new Singaporean Chair, Ambassador Ghafoor, a very capable and experienced diplomat, several aspects raise questions with the mandate of the OEWG, starting from its long duration, the slow-paced negotiation rhythm that characterized its previous iteration and a rather rigid organizational structure. True, like the previous OEWG, it remains open to the entire membership, but no measures are included to address the difficulties flagged by many countries that struggle to sustain the intergovernmental, prolonged effort that is required.
When adopting a constructive approach, such differences bode well for a complementary approach between two processes, an OEWG and a PoA, taking into account that fast rotation patterns by diplomats in this domain automatically imply a diversity of participants. The latter however, combined with the relative scarcity of trained “cyber-diplomats” on a global scale, could definitely be a challenge.
The growing need of diplomats that are versed in cyber, tech or digital matters is a defining feature of our times. Precisely because of the transformation that the international system is undergoing, every Foreign Service should consolidate a cyber/tech/digital branch in its diplomatic action by training more diplomats and start considering a more regular involvement of the political level, too. Although some issues need to be worked upon at technical level, it is often thanks to the political commitment that important questions can be resolved. Yet another reason to continue working towards the establishment of a PoA within the UN system, the most appropriate forum to iron-out such issues. I like to think that Italy’s unequivocal support for the PoA, which stems from our firm belief in multilateralism and from the values enshrined in our Constitution, can effectively contribute to the collective effort towards its realization.
 2021 Open-ended working group on developments in the field of information and telecommunications technologies in the context of international security; UN Doc A/75/816 para 7.
 Ibidem, para. 80
This article was written with the contribution of Riccardo Villa, Deputy Head of Cyber Security and Policies, Directorate General of Political Affairs and Security, Ministry of Foreign Affairs and International Cooperation of Italy.