Mr. Chair,

I have the honour to speak on behalf of the European Union. The Candidate Countries North Macedonia*, Montenegro^*, Serbia^*, Albania^*, Ukraine, the Republic of Moldova and Bosnia and Herzegovina^*, the potential candidate country Georgia, and the EFTA countries Iceland and Norway, members of the European Economic Area, as well as Andorra, Monaco and San Marino align themselves with this statement.

Over the past decade, the international community has made clear that the international rules-based order also applies to States’ behaviour in cyberspace. All members of the United Nations General Assembly have repeatedly affirmed the evolving framework of responsible State behaviour in cyberspace, built upon the recognition that international law applies in cyberspace, adherence to voluntary non-binding norms of State behaviour capacity building and the enhancement of practical confidence-building measures to reduce the risk of conflict. Broad international consensus around these four elements is the foremost accomplishment of cyber diplomacy in the last decade.

Russia's illegal, unprovoked and unjustified war of aggression has seriously challenged the international rules-based order, including in the cyber domain.

Destructive cyber-attacks against Ukraine, often in conjunction with missile attacks, are unprecedented, with a spill over effect to the EU countries as well. Ukraine has, in the past year, not only suffered from more data-wiping malware than any country before, but also successfully prevented many of them, thanks to its extraordinary cyber defence and resilience.

The changed threat environment in Europe, induced by Russia’s aggression against Ukraine as well as other growing and evolving threats from States and non-State actors have affected the way we as the EU approach malicious cyber operations. We strengthened our commitment to further revise and constantly improve cyber resilience within the EU and develop further strategies how best to address cyber threats coming from all malicious actors.

To this end, we are working across the whole range of our instruments to prevent, discourage, deter and respond to malicious cyber activities. This includes the EU Cyber Diplomacy Toolbox and the EU’s Policy on Cyber Defence enabling prevention, deterrence and defence across all domains — political, military and technical — but also our capacity building efforts, and our cooperation with other stakeholders to make sure our governance and capabilities correspond to the threat landscape and remain futureproof. The recent revision of the EU Cyber Diplomacy Toolbox furthermore enables a more sustained EU response, allowing for a continued effort to address threats to peace and security stemming from malicious behaviour in cyberspace.  

While recognising that States bear the primary responsibility to ensure international peace and security, other stakeholders have an essential role to play. The Open-Ended Working Group on security of and in the use of information and communications technologies 2021-2025 (OEWG), established pursuant to General Assembly resolution 75/240, is an opportunity for the international community to exchange openly, inclusively and transparently, on the responsible use of ICTs by States, in a manner that is consistent with international law.

We welcome the consensus reached in 2023 on the Annual Progress Report of the OEWG, and stress the need for the international community to continue its path to further strengthen security and stability in cyberspace. While the APR could have gone further, it does outline multiple decisions and next steps that can be considered as concrete and actionable ways forward to strengthen the UN framework for responsible State behaviour, and international law.

Much more is still to be achieved, notably to support the practical implementation of the outcomes of those discussions. The EU and its Member States look forward to continue working with States and other stakeholders to take forward these efforts, in particular through an inclusive dialogue on the elaboration of a UN Programme of Action (PoA), building on consensus outcomes from successive UN GGE and OEWG, as well as the work of the current OEWG and the report of the Secretary General.

The broad support at last year’s First Committee, with 157 votes, cosponsored by a cross regional group of 74 countries, reaffirmed the commitment of States to implement the agreed upon normative framework through an permanent, inclusive and action-oriented mechanism. It clearly demonstrates a common aspiration of the vast majority of States to promote peace, security, and stability in cyberspace through a permanent and cooperative platform that advances the exchange of knowledge and best practices, avoids duplication of efforts, and assists in national and regional implementation efforts. Over 40 States, from all regional groups, have shared written submissions and the UN Secretary General has issued a report which offers valuable substance and recommendations for further inclusive discussions on the PoA.

As set out in last year’s resolution 77/37, this proposal aims to provide States with flexibility to address issues that would benefit from political discussions, information exchange and practical implementation. It will be State-driven, and it will also seek to enhance multi-stakeholder engagement, providing for regular consultations with relevant stakeholders, including the private sector, academia and the civil society, to consider and provide their unique perspectives. Many non-State stakeholders are already driving initiatives with the aim of building trust and confidence between States and non-State actors, and their inclusion will result in more impactful outcomes and contribute to transparency, credibility and sustainability in the implementation of the framework. 

Most importantly, the establishment of a permanent platform would allow the international community to focus its discussions on substance and enhancement of cooperation and trust among States rather than recurring debates on future processes. We should not miss this opportunity to take our work forward in a stable environment and the EU and its member States fully support the corresponding resolution presented to UNGA to that end. To maintain a single-track process at the UN, we need a permanent mechanism to be established after the conclusion of the current OEWG 2021-2025, and that its scope, structure and content will be built upon the discussions within the OEWG in 2024 and 2025.

Given the escalating nature of international cybersecurity threats, it is more important than ever to deepen our cyber collaboration with international partners and promote a shared understanding on how international law applies and how to further implement the United Nations framework of responsible State behaviour. For that reason, the EU supports the draft resolution introduced by France to establish a mechanism under the auspices of the United Nations as a flexible venue where UN Member States can engage in practical discussions on how best to secure cyberspace for all. We can only ensure an open, stable and secure cyberspace effectively if we collaborate, improve coordination and complementarity, break silos and create new, innovative methods to address malicious cyber behaviour. Doing this is at the core of the EU's ambition.

Thank you Mr. Chair.

* North Macedonia, Montenegro, Serbia, Albania and Bosnia and Herzegovina continue to be part of the Stabilisation and Association Process.