Redazione RHC : 9 July 2025 10:50
The eleventh final session of the Open-Ended Working Group (OEWG) on cybersecurity opened at the United Nations Headquarters in New York on July 7. The group was created in 2019 at Russia’s initiative with the aim of developing norms for responsible state behavior in information space. The meeting will last until July 11, and participants hope to adopt a final report that will be agreed upon by all countries participating in the process.
The 56-page draft document, presented on the eve of the session, was prepared by the OEWG chair, Singaporean diplomat Burhan Ghafoor. The draft highlights that the group’s work in the 2021-2025 period took place in a “very challenging geopolitical context,” characterized by strong power rivalries, political tensions, fragmentation of the global economy, and growing concerns about the misuse of ICTs by both state and non-state actors. Nevertheless, the OEWG has succeeded in building trust and developing a common understanding of key issues.
The OEWG format has become the second specialized mechanism within the United Nations on international cybersecurity issues, alongside the Group of Governmental Experts (GGE), also established at the initiative of the Russian Federation in 2004. Nearly all UN member states, as well as representatives of international organizations, businesses, and NGOs, participate in OEWG discussions. The group is based on 11 voluntary standards of conduct agreed upon within the GGE, including the commitment not to use information technology against critical infrastructure, not to allow attacks from their territory, and not to introduce hidden functions (“backdoors”) into IT products.
The draft final report reproduces these standards and contains new proposals discussed during the group’s work. In particular, it proposes to ensure the protection of submarine cables and telecommunications satellites from sabotage that could jeopardize regional Internet access. However, as before, all measures are consultative in nature and do not entail legal consequences for non-compliance.
Russia, which insists on the development of a legally binding Convention on International Information Security, has previously submitted an updated draft of a document based on the principles of state sovereignty and non-interference. Its main objectives are to prevent conflicts, develop cooperation, and support the cyber potential of developing countries. However, this initiative is facing suspicion from several Western countries and currently remains at the conceptual level.
At the same time, one of Russia’s concrete proposals was successfully implemented: a year ago, the “Global Registry of Contact Points” was created, a platform for interaction between national Computer Emergency Response Teams (CERTs). It is published on the website of the United Nations Office for Disarmament Affairs (UNODA) and has become the first universal confidence-building tool within the OEWG. According to representatives, the registry allows competent authorities from different countries to promptly exchange information in the event of incidents in cyberspace.
The session’s agenda also includes a discussion of the future of the negotiating mechanism itself. Russia proposes replacing the temporary format with a permanent body with decision-making power and the ability to develop legally binding rules. Despite the support of many participants for the idea of an open-ended platform, the specific parameters of its future mandate remain a matter of disagreement.
Redazione