The OEWG Final Report: New Milestone in Global Cyber Diplomacy, Collective Efforts Still Needed to Close the Accountability Gap and Achieve CyberPeace

After nearly two years of deliberations, the United Nations Open Ended Working Group on developments in the field of information and telecommunications in the context of international security (UN OEWG) released its final report. Reaching consensus was an important milestone. It showed that the discussions have matured and the multilateral processes improved with inputs from multi-stakeholder groups.

What was the outcome of the latest UN OEWG process?

Friday evening, 12 March 2021, was a memorable moment. What didn’t seem possible at the beginning of the week finally happened: the consensus adoption of the Final Substantive Report, the Chair’s Summary, and the Updated Procedural Report thus ending a 2-year process skillfully guided by the Chair, Swiss Ambassador Jürg Lauber.  

The Final Report reaffirmed the UN GGE’s previous reports; reaffirmed that international law, including the Charter of the UN, applies to cyberspace; agrees that norms provide guidance for State action in addition to international law; recommends the further development of confidence building measures (CBMs) and further cooperation between States in order to implement them; and recommends the further development of capacity building measures. 

From this brief summary of what was agreed, it’s not easy to understand the nature of a UN process like the OEWG and the 109 hours of work leading to its completion. It might seem that no advancements were made and some may be frustrated by the speed at which these negotiations happen. These are valid points to take into account. However, during a time of worldwide turmoil and increasingly tense relations between States, this process is a solid step forward. 

This OEWG process has shown that it’s possible for states to reach consensus on some important points that will have a lasting effect upon the development and use of cyberspace. Though there were some disagreements such as whether International Humanitarian Law applies to cyberspace and whether or not a new legally binding instrument is needed, State actors participating in the process were ultimately able to reaffirm some integral points such as that international law and the Charter of the UN apply to cyberspace. 

The inclusion of civil society actors also benefited the process. Through multi stakeholder sessions held alongside the OEWG process, input was collected and discussions were held with non-state actors in order to build on existing expertise and knowledge of the field. In this way, the international community was brought together in a more inclusive process to discuss a wide range of issues pertaining to responsible behaviour in cyberspace. With this foundation and this common agreement, it is time to push forward in our pursuit of accountability. 

What are our key concerns?

Despite the overall positive outcome of the process, some of our disappointments and concerns must be shared as well. Throughout the discussions and in the final report, we were dismayed by the lack of a human-centric approach as a central component to foster consensus and as a basis for the report’s recommendations. It seemed that using the term ‘human-centric’ was more a buzzword than a practical approach to the issues discussed by the group.

We believe that by grounding the OEWG’s recommendations in a human-centric approach, essentially by putting people back at the centre of these action points, more relevant and sustainable steps towards accountability can be taken. By shifting the narrative to re-focus on people and the impact that digital issues have on their lives, we can move away from abstract notions and get down to the practical level of what needs to be done to protect and empower civilians. We voiced this concern in a comment piece submitted to the Chair based on the Zero Draft version of the report published in February.

Building off of this idea, the Final Report lacks clear and actionable steps to work towards accountability in cyberspace. As stated above a human-centric approach would assist in this, however, the question of how international law applies to cyberspace still looms large in these discussions. Without clear guidance on this, people will continue to fall victim to cyberattacks and be unsure of their rights, as States are unclear on what actions they can take to hold malicious actors to account. 

In our recent analytical report on healthcare, we reviewed several cases where this happened. Healthcare has explicitly been included under critical infrastructure by the OEWG, and so it needs to be afforded the proper protection as such. Civil society also has a key role to play in the implementation of the recommendations coming out of the UN OEWG process by lending not only experience but taking action to support the work of States in this endeavour.

What are the next steps and what can be expected?

In November 2020 it was agreed that there would be another OEWG after the conclusion of this one. This next process is set to run from 2021-2025 though no other logistical formalities have been agreed upon yet. Based on last week’s discussions, it is fair to expect some fatigue from States in this upcoming process, as some expressed concern over the efficiency and efficacy of the UN OEWG and they will have to start from the ground up as these processes do not build upon each other. 

From a civil society perspective, a future process needs to be even more inclusive than the last and more human-centric, incorporating perspectives from grassroots groups and civil society work on the ground.  We are eager to engage in the process but also to emphasize our expertise, knowledge and resources to bring these discussions closer to those impacted by cyberattacks and offer new remedies to those left vulnerable. 

This could be in a new process altogether such as the Programme of Action proposed by a collection of States, or perhaps a civil society-led initiative to supplement the work of States in the international fora. We will be keeping a close eye on how these activities progress and advocating for achieving cyberpeace by shifting focus away from geopolitical interests and focusing on the protection and empowerment of people around the globe.

 © Copyright: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.