• Thank you and your team for all the efforts and the REV1 draft Annual Progress Report (APR). We are grateful that several of our comments on the first draft have been taken on board, and see the current draft as a good basis for our discussions.
• We agree with you Mr. Chair, we have made important progress in our work and it is important that indeed this is reflected in the report.
• It is especially important to ensure that the acquis –notably the applicability of international law, including the UN Charter in cyberspace and the norms of responsible state behaviour –are given appropriate weight and recognition vis-à-vis new proposals on norms, rules and principles.
• Particularly, as these new proposals have not benefitted from sufficient discussions as such, neither have they garnered consensus nor broad support by the OEWG. We should assure that what we agree upon in our APR is a reflection of the discussions in and support of the OEWG, enabling also effective implementation by Member States.
• We support the action-oriented approach of the draft and the report contains many proposals for future work. Considering however the limited time left before the current OEWG concludes its work in 2025, it is important to set clear priorities for the topics that we wish to tackle during the time left before the current OEWG concludes its work in 2025, as well as those we wish to continue under the permanent mechanism. In this context, we propose to link these action-oriented proposals to the future mechanism.
• Moreover, to make sure that our work in the UN on these issues continues beyond 2025, and beyond the conclusion of this OEWG’s mandate, we need to get the parameters for such continuation right. In this light, we propose to take more time from the agenda this week to discuss the regular institutional dialogue.
• The proposal the EU and partners have put forward to establish a UN Cyber Programme of Action that is to implement the UN framework we have built to date, build cybersecurity capacities, work with the multi-stakeholder community and further discuss the UN framework like we do here in the OEWG today, meets the needs of the international community addressed throughout the last four years of OEWGs. Its elements form a solid basis for the future mechanism.
• We look forward to continue our discussions how to shape the proposal further, and also expect that the work done, including the widely supported resolution 7816, and the discussions that have taken place in the OEWG are reflected into the APR and its annex.
• We also see a need to continue our discussions, both during substantive sessions but also dedicated intersessionals, to deepen the proposal further and prepare in view of a seamless transition to a single permanent UN platform.
• Exchanges on the protection of critical infrastructure, on building capacities and on cooperation with the multi-stakeholder community, notably the private sector, to this end should be at the core of our discussions under such permanent platform. It is therefore important that the report will set the parameters for these discussions, and will guide our continued work under the new regular institutional dialogue.
• Please allow me to make some concrete suggestions for the text that I make on behalf of the EU and XX States. As regards the introduction section:
• We welcome the important reaffirmation of the OEWG consensus report of 2021 as well as the UNGGE consensus reports 2010, 2013, 2015 and 2021, and the reaffirmation that international law, in particular the Charter of the United Nations in its entirety, is applicable and essential to maintaining peace, security and stability in the ICT environment. It is important to state this in the introduction, as it forms the baseline of our work.
• We also welcome paragraph 9 highlighting the important role of regional organisations, but would like to request deleting the "could" in the first sentence. Regional organisations not only already play an important role, as proved by the contributions to the discussions. The role of regional organisations has also been reflected in the prior OEWG and GGE reports as well as the Annual Progress Reports, and there is no reason to change that reflection.
• Furthermore, we strongly support in paragraphs 8 the role of the multi-stakeholder community, and paragraph 10 on the participation of women delegates and hope that it will be widely supported by other UN Member States as well.
• We regret that the engagement with the multi-stakeholder community has been deleted from the REV1, as contributions by the stakeholders to promote peace and security is essential. Adding a reference to cooperation with the multi-stakeholder community in relation to awareness raising on threats (29), or in cyber capacity building (49) could be a way to address this.
• Furthermore, as regards the threats section,
• In the 2022 and 2023 Annual Progress Report we noted that threats have continued to intensify and have significantly evolved in line with the current challenging geopolitical environment. Unfortunately the geopolitical environment has only deteriorated further, and we regret to note that the use of ICTs in the context of an armed conflict is a reality today.
• In light of the risk this use poses for international peace and security, including due to the potential cascading and spill-over effects, we therefore propose for the 2024 APR to reflect the key threats associated to the use of ICTs in the context of armed conflict. Moreover, we stress the need to develop common understandings on how International Humanitarian Law (IHL) regulates the use of ICTs, in order to limit their effects in armed conflict.
• We concretely propose for Para 13 REV1 Draft of the APR 2024:
• “States recalled that a number of States are developing ICT capabilities for military purposes and noted the serious risk that ICT operations executed in the context of and in relation to an armed conflict could affect civilians or civilian objects and infrastructure, which may be in violation of international humanitarian law. They also recalled that the use of ICTs in future conflicts between States is becoming more likely, and noted that ICTs have already been used in conflicts in different regions. The continuing increase in incidents involving the malicious use of ICTs by State and non-State actors, including terrorists and criminal groups, and the risk of escalation stemming from any spill-over effects, is a disturbing trend. Some non-State actors have demonstrated ICT capabilities previously only available to States.^[1] In light of this reality, States underscored that developing common understandings of how international humanitarian law applies and regulates the use of ICTs during armed conflicts is an urgent and pressing necessity”.
• We would also like the APR to reflect that human rights must be respected, protected and fulfilled.
• Therefore we propose in Paragraph 12:
• “…..There were concerns that the irresponsible or potentially malicious use and proliferation of ICT intrusion capabilities by State and non-State actors could contribute to unintentional escalation and threaten international peace and security, and poses a grave risk to the respect, protection and fulfilment of human rights and the attainment of sustainable development.”
• The discussion at the OEWG illustrates that specific context-sensitive discussions can provide further understanding of the activities and challenges underpinning the practice of responsible behaviour in cyberspace by developed and developing countries as well as state and non-state actors.
• Furthermore, we support paragraph 15 and the linkage with the need to secure critical infrastructure such as undersea cables and communication networks essential to the availability and integrity of the internet.
• We also support having a separate paragraph (16) regarding malicious ICT activity targeting international and humanitarian organizations, which may hamper the ability of these organizations to fulfil their respective mandates.
• We propose to add: “States also expressed concern regarding malicious ICT activity targeting international and humanitarian organizations, which may hamper the ability of these organizations to fulfil their respective mandates in a safe, secure and independent manner. Such activity can disrupt essential services, endanger staff, and hinder the important work of these organizations worldwide”. Discussing this issue in the near future in this OEWG is timely and answers a call from states and other stakeholders.
• Concerning paragraph 19 and the risk of ransomware, which is of serious concern to all of us, we see the need to further address the differences between the criminal and national security dimensions of ransomware. We urgently need to come together to tackle this threat and use all reasonable and available measures to do so. Ransomware attacks by criminal ransomware groups target critical infrastructure, and suppliers, among them many hospitals or humanitarian actors, and publish sensitive information, which in some cases might amount to a national security issue. We would like to see the risk that ransomware poses to national security to be clearly highlighted in the text, as we see the impact increasing as well as the lines between state and non-state actors increasingly blurring.
• Finally, let me conclude by saying that we express our deep appreciation to the Chair and the Secretariat, who have done a fantastic job throughout this process. We are encouraged by the collaborative and serious dialogue among UN Member States and with the whole international community, and encourage to continue to strengthen our engagement with the multi-stakeholder community. We look forward to our discussions this week and those to come, and towards a positive conclusion of the week.

[1] Report of the 2021 OEWG, A/75/816, Annex I, para 16; Second APR, para 11.