Excellencies,

I have the honour to speak on behalf of the European Union and its 27 Member States.

The Candidate Countries North Macedonia*, Montenegro*, Serbia*, Albania*, Ukraine, the Republic of Moldova, and Bosnia and Herzegovina*, the potential candidate country Georgia, and the EFTA country Norway, member of the European Economic Area align themselves with this statement.

The overwhelming support of 161 positive votes for the PoA resolution in this year’s UN General Assembly has shown that ensuring a seamless transition from the open-ended working group to a permanent, inclusive and action-oriented mechanism is now a common objective of a vast majority of states from all regions.

The European Union has been supporting the establishment of the Programme of Action (PoA) to advance responsible State behavior in the use of ICTs in the context of international security as a permanent, action-oriented, inclusive, transparent, and results-based mechanism, building on previous outcomes and in line with the cumulative and evolving framework for responsible State behaviour from early on. Mainly, because this is where we see the need is –assisting countries with the implementation of agreed norms and ensuring practical and needs-driven capacity building to increase cyber resilience.

Since 2020, we have taken an incremental approach on building the content of the PoA.  First of foremost, because we want every UN Member State to have a voice and that the agreed elements we determine are needs driven.

We strongly believe that a multistakeholder approach and the inclusion of all relevant stakeholders would lend legitimacy and help to shape any future instrument. Addressing cyber threats and the impact and harm they inflict on infrastructure and ultimately on citizens will require a collective and coordinated response across diplomatic, policy, and technical communities, as well as other relevant experts. The UN system can and should be leveraged to carry out multistakeholder consultations and initiatives designed to implement the agreed normative framework.

In this year’s resolution 78/16, the future steps of the Programme of action have collectively been set to allow Member States to elaborate this mechanism in 2024 and 2025 within the OEWG, both at its substantial sessions and its dedicated intersessional meetings. The resolution clearly states that the scope, structure, content, and modalities of this mechanism shall be based on consensus outcomes of the 2021-2025 OEWG.

In light of that, the OEWG deliberations on the future establishment of the mechanism must also become more granular. Both when it comes to discussing the broader framework of the POA but also when designing an action-oriented instrument that serves everyone’s interests. This initiative does not belong to Europe alone, but instead will strive if we build it in a cross-regional manner.

In order to facilitate a smooth transition and an effective implementation of the OEWG’s results, we have to start reaching clarity on the modalities of the future mechanism based on the common elements agreed in the Second APR. To us, for instance, the instrument’s objectives should be threefold: this future mechanism would support States, including through capacity-building, in the implementation of the framework for responsible State behaviour; it would enable discussions on the further development of the framework, including by identifying any gaps in the framework and, if appropriate, considering the need for additional voluntary, non-binding norms or additional legally binding obligations; it would facilitate inclusive dialogue and cooperation, including with relevant stakeholders where appropriate.

In closing, allow me to come back to my opening statement - we also see the POA as a way to help to close the current digital gaps, to reinforce the positive actions that can be taken to support cyber security. This includes in relation to building awareness of and supporting implementation of agreed norms and law.

Let’s jointly make sure that we use the time and opportunity to design the future mechanism as an inclusive and transparent platform that provides for responsible state behavior in cyberspace. The EU therefore welcomes this discussion and your proposal, Chair, to continue substantive discussions on this topic in 2024.