16 December 2016
On the occasion of the third meeting of the EU-U.S. Cyber Dialogue in Brussels on December 16, 2016, the participants jointly affirmed specific areas of cooperation as follows:
International Security in Cyberspace
The European Union and the United States acknowledged that fast digital development brings both opportunities and challenges to global growth. Cyber threats may adversely affect our institutions and organisations and undermine our collective ability to use the Internet for economic growth and development around the world. Both participants reaffirmed that existing international law applies to state conduct in cyberspace and commit to the view that all states should abide by norms of responsible state behaviour. Both sides also affirmed the importance of Confidence Building Measures (CBMs) within the Organisation for Security Cooperation in Europe, welcomed the endorsement of the second set of CBMs by the Ministerial Council of the OSCE in December 2016, urged for the full implementation of the two sets of CBMs, and looked forward to the further development of CBMs in order to reinforce cooperation, build trust, and reduce the prospects for conflict in cyberspace. Participants welcomed the continuation of the UN Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International Security and its important role in identifying non-binding, peacetime norms of responsible state behaviour in cyberspace and further studying how existing international law applies to state conduct in cyberspace.
Cyber Capacity Building
The European Union and the United States emphasised the importance of bridging the digital divide towards fostering open societies and enabling economic growth, social development, as well as resilience towards cyber threats. The participants remain committed to strengthening international cooperation with all regions to maximize the benefits provided by the Internet and ICTs while addressing the cyber threats that hinder the benefits of economic and social development. Both participants are committed to continue exchanging views and good practices, as well as coordinating their respective global cyber capacity building initiatives. The European Union and the United States expressed their support for the outcomes of the Global Forum for Cyber Expertise capacity building initiatives thus far and welcomed further coordination among actors globally.
All participants welcomed the recent transition of the stewardship of the Internet Assigned Numbers Authority (IANA) functions to the global multi-stakeholder community, including the introduction of new mechanisms on enhancing the accountability of the Internet Corporation for Assigned Names and Numbers (ICANN). They reiterated that no single entity, company, organisation, or government should seek to control the Internet and expressed their full support for multi-stakeholder governance structures of the Internet that are inclusive, transparent, accountable, and technically sound. Participants emphasised the value of the annual Internet Governance Forum (IGF) and welcomed the renewal of the IGF's mandate and the continuation of its work, as outlined in paragraph 72 of The Tunis Agenda, and encouraged its ongoing improvements in line with the UN Commission on Science and Technology.
Promotion and Protection of Human Rights Online
The European Union and the United States reaffirmed that the same rights people have offline must also be protected online, in particular freedom of expression as well as the right to be free from arbitrary and unlawful interference with privacy. Both participants will continue to promote and protect existing international human rights law. Both participants support the UN Human Rights Council resolution on the safety of journalists, which calls for the safety for members of the media, and the resolution on the promotion, protection and enjoyment of human rights on the Internet, which both the European Union and the United States believe constitutes a milestone resolution as the Council unequivocally condemned “measures to intentionally prevent or disrupt access or dissemination of information online.” The Internet’s benefits should be experienced by all people, free from censorship. Both participants fully support the Freedom Online Coalition and international cooperation to assure as much support as possible to protect the exercise of human rights online. The European Union and the United States affirmed their commitment to support an open and free Internet and condemned efforts by some governments or other actors to exploit the Internet to repress democratic activity and attack individuals online.
Both the European Union and the United States stressed the importance of protecting cyberspace from abuse and criminal activities for the benefit of our economies and societies, and therefore the need for law enforcement and judicial authorities to have effective tools to investigate and prosecute criminal acts related to cyberspace. Both participants affirmed their commitment to promote the Convention on Cybercrime ("Budapest Convention") in the fight against cybercrime, including by working together in international fora.
Both the European Union and the United States shared information on recent developments to bolster cybersecurity and resilience efforts on both sides of the Atlantic. They elaborated on the European Union’s Network Information Security directive, to be implemented across Member States, and the conduct of the CyberEurope 2016 exercise. They also discussed the second iteration of the Cybersecurity Framework for voluntary standards, including continued stakeholder engagement and adoption of the framework, as well as the new U.S. National Cyber Incident Response Plan and its “severity schema” for planning and preparedness purposes. The two sides agreed to continue to share information about these and other efforts on an on-going basis and coordinate on such efforts.
Transatlantic cyber policy research cooperation
Furthermore the EU and the United States recognised the need to enhance transatlantic cooperation between civil society, academia, and the private sector to aid both societies to be appropriately defended in the face of increasing malicious cyber activity by criminals, states, proxies, and terrorist organisations. To support burgeoning governmental transatlantic cooperation in cyberspace, the European Union and the United States launched the Transatlantic Cyber Policy Research Initiative, bringing together European and U.S. civil society, academic, industry and think-tank experts to address key cyber policy challenges and increase policy research capacity on cyber issues.
The third formal EU-U.S. Cyber Dialogue took place on 16 December 2016, co-chaired by the U.S. Department of State Cyber Coordinator Chris Painter and the EEAS Acting Director for Security Policy Francois Rivasseau. A number of different European Commission services and United States agencies were present, and 19 EU Member States took part of the dialogue as observers. The chairs agreed that they will continue their cooperative efforts and coordinate on such efforts intersessionally. The fourth EU-U.S. Cyber Dialogue will be convened again in approximately one year’s time in Washington, D.C.