Developments in the internet governance environment October to December 2024
Key IG topics in the 4th quarter of 2024
In Q4 2024, the discussion on internet governance was dominated by the following topics:
· The 19th Internet Governance Forum (IGF) in Riyadh
· Preparations for the 2005 UN World Summit Review Conference (WSIS+20)
· Activities to create global policy mechanisms for artificial intelligence
· The final adoption of the UN Convention against Cybercrime
· Preparations for the creation of a new negotiating body on cyber security at the UN
Internet Governance Forum
More than 11,000 participants (offline and online) from 177 countries registered for the 19th UN Internet Governance Forum (IGF) in Riyadh (15 to 20 December 2024). 80 organisations were represented with booths in the IGF Village. 35 UN organisations had sent delegations. Under the motto "Building our Multistakeholder Digital Future", 307 plenary sessions, workshops, open forums, lightning talks and other sessions took place in which almost all topics related to the development and use of the internet were discussed: affordable access to the internet, digital divide, internet fragmentation, digital economy, cyber security, cyber crime, human rights, privacy, freedom of expression, artificial intelligence, critical internet resources, blockchain, autonomous weapons systems, but also WSIS+20, the São Paulo Multistakeholder Guidelines and the Global Digital Compact.
In a video address, UN Secretary-General António Guterres recalled that in September 2024, the heads of state and government of the 193 UN member states had recognised the IGF as "the primary multistakeholder platform for discussing Internet governance issues" in the Global Digital Compact. Guterres called the GDC a "blueprint for the digital future of humanity". It is the first comprehensive framework of its kind based on a simple but important principle: Digital technology must serve humanity - not the other way around. [1]
The opening speech was given by the Minister of Communications and Information Technology of Saudi Arabia, Abdullah Alswaha. Previous IGFs have been opened by presidents or prime ministers of the host country: Emmanuel Macron/Paris 2018, Angela Merkel/Berlin 2019, Andrzej Duda/ Katowice 2021, Abiy Ahmed/Addis Ababa 2022 and Fumio Kishida/Kyodo 2023. Saudi Arabia's Crown Prince Mohammed bin Salman only appeared on screen after the ministerial speech had concluded.
o Minister Alswaha called for overcoming the "North-South digital divide": "We are talking about a gap in computing capacity of around 63 GW, which can only be covered by a handful of countries. We are talking about a shortage of 10 million data scientists, cybersecurity experts and AI professionals that needs to be addressed. We need to bridge the algorithmic divide, the divide between data and computers. We need an algorithm that makes sure we're helpful, honest and harmless, that there's no bias that leaves anyone behind, or that an AI or data scientist puts in a guardrail and hard codes to exclude anyone." [2]
o At the end of his speech, the minister presented a "Riyadh Declaration" with principles for AI governance. The document had been drawn up by the Saudi government without consulting other governments or the IGF but used the IGF logo on its title page. This led to irritation. The IGF MAG later clarified that this document was not an official IGF document and was not included in the list of IGF Riyadh outputs. The "Riyadh Declaration" contains some formulations from the Global Digital Compact, but no references to human rights or the multistakeholder approach.
The output of the 19th IGF includes the 57 "Riyadh IGF Messages",[3] the "IGF 2024 Summary Report"[4] , the reports of the more than 300 sessions, the "Output Document of the Parliamentarian Track[5] and the "IGF Messages from the Youth"[6] . The 57 IGF Messages reflect the main topics of discussion: artificial intelligence, sustainable development and digital governance.
o On artificial intelligence, it states, among other things, " Governance of AI is not a "nice to have." Minimizing the risks of AI is crucial, but it is equally important to focus on tools that balance AI innovation and regulation. Overregulation can hinder AI's potential to benefit humanity and the environment, yet we should not compromise on ethical standards, tackling biases or ensuring privacy." It called for accountability, transparency and explainability and warned against "regulatory fragmentation" in the "AI supply chain"
o On the topic of sustainable development, it calls for improving " It can only be achieved with affordable access to services and devices, obtainable digital literacy and skills, and equal occupancy of the online space by both men and women, boys and girls, young and old, urban and rural, local and global communities." It points out that "the cost of Internet access remains one of the main barriers to inclusion for the unconnected."
o The resolution of the "Parliamentarian Track" refers to the special responsibility of parliamentarians when it comes to legislation and budgeting for digital projects. National parliaments are called upon to organise more plenary sessions on digital topics and to involve all stakeholders - business, science, civil society and the technical community. The parliamentarians describe the IGF as "a key venue for multi-stakeholder dialogue on digital policy" and call for additional resources to fulfill the IGF's mission.
o The Youth IGF's messages focus on artificial intelligence and education. AI must be integrated into school curricula, vocational training and university curricula at a very early stage. Teachers need to be empowered more quickly to impart this knowledge to the younger generation. Companies should involve young people in the development of AI services. The emergence of a new "AI divide" should be avoided. "The mindset of educators and learners needs to adapt to AI evolution. AI education should be seen as a shared global responsibility, with efforts to avoid leaving anyone behind."
The IGF has further stabilised institutionally. Cooperation between the Multistakeholder Advisory Group (MAG) and the Leadership Panel (LP) is working well. Fears that there would be rivalries or overlaps between the two bodies have not materialised. The High Level Leaders Track, the Parliamentarian Track and the Youth IGF have established themselves. A new Judiciary Track for judges and lawyers is planned for 2025. The activities between the IGFs have been consolidated. There are three Policy Networks (PN) on Meaningful Access, Artificial Intelligence and Internet Fragmentation as well as a Best Practice Forum on Cybersecurity (BPF). In addition, there are 31 active Dynamic Coalitions and 175 national and regional IGFs (NRIs) recognised by the IGF Secretariat.
Despite the successful IGF 2024, there is still criticism of the IGF's effectiveness and relevance. The IGF is hardly noticed by the wider political public. It is virtually absent from the world news. The quantity and quality of IGF output is not visible. Making the IGF messages more politically effective and transporting them into intergovernmental negotiation spaces or decision-making bodies of internet companies only works marginally despite some efforts by the Leadership Panel (LP). Only six out of 15 members of the LP were physically present in Riyadh. The LP document "The Internet We Want", which has been under discussion since the 18th IGF in Kyoto, could not be adopted in Riyadh as planned. The mandate of the LP members was extended until the end of 2025. The future and replacement of the LP will be decided within the scope of WSIS+20.
Finances of the IGF remain critical. The principle of not financing the IGF from the UN's regular budget and relying on diversified funding to avoid one-sided dependencies or political pressure is still considered to be correct. However, against the backdrop of the institutional strengthening of the Secretariat of the UN Tech Envoy (OSET) in New York, there are growing fears that there will be a budgetary imbalance and that a number of activities, particularly in connection with the implementation of the GDC and new projects on AI governance, will migrate from Geneva to New York. It was also critically discussed that the major tech companies from the USA and China, which are the main beneficiaries of a globally functioning, open, stable and free internet, are only marginally involved in IGF funding. The "Very Large Online Platforms" (VLOPS) categorised under the EU's Digital Service Act should fulfil their responsibility arising from "Corporate Social Responsibility" (CSR) and make a substantial financial contribution to the IGF.
The fact that the IGF was awarded to Saudi Arabia triggered controversial reactions. Civil society organisations such as "Access Now" had called for a boycott. Women's associations and the LGBTQ+ community in particular pointed to human rights violations in the host country. In fact, the number of participants from civil society at the 19th IGF fell to an all-time low of eleven percent. The host country was obviously aware of this and wanted to avoid "bad news". It tried to present Saudi Arabia as a future-oriented and open country in which women play a central role, especially in IT and AI. A third of the participants at IGF 2024 were female. The Secretary General of the Digital Cooperation Organization (DCO), Deemah Al Yahya from Saudi Arabia, encouraged girls in the Gulf region in particular to take the plunge into the age of AI. Everything from niqab and abaya to jeans and hot pants could be seen in the congress center. Anyone could ask any question. It was not a "censored IGF" as some groups had feared. But everything was under control. Some observers described it as a "curated IGF". And unusually for the IGF, where "equal participation" is an important cultural tradition, there was a "hierarchy" at the Riyad IGF with a first class (VIP), a business class (L-badges) and an economy class (P-badges).
The 20th IGF will take place from 23 to 28 June 2025 in Oslo. The mandate of the IGF expires on 31 December 2025. An extension of the IGF is on the agenda of the review conference of the UN World Summit on the Information Society (WSIS+20), which will take place as part of the 80th UN General Assembly in New York in the fall of 2025. It is generally assumed that the mandate will be extended, possibly with some modifications and conditions. There are still no formal candidates for the 2026 and 2027 IGFs. It is not known whether Russia's unsuccessful bid for 2025 was automatically postponed to 2026.
WSIS+20
Preparations for the review conference of the 2005 UN World Summit on the Information Society (WSIS+20) have already begun. The 79th UN General Assembly (UNGA) set the main procedural course. On 19 December 2024, UN Resolution 79/194 "ICT for Sustainable Development" was adopted unanimously. The 69 paragraphs of the resolution also contain regulations for WSIS+20.
According to paragraph 62, the modalities for WSIS+20 are to be clarified by 31 March 2025. The President of the UN General Assembly is then to appoint two WSIS+20 co-facilitators who will coordinate the process in a similar way to the GDC. It is not insignificant that paragraphs 61 and 62 call for the close involvement of non-state stakeholders both in the actual WSIS review process and in its preparation. Paragraph 62 "invites the President of the General Assembly to appoint two co-facilitators to convene open intergovernmental consultations for that purpose, involving the input and participation of all stakeholders in the review process, including in the preparatory process."
WSIS+20 will focus on reviewing the 11 WSIS action lines and how these WSIS action lines can be better linked to the UN Sustainable Development Goals (SDGs). The eleven action lines are: С1. The role of public governance authorities and all stakeholders in the promotion of ICTs for development C2. Information and communication infrastructure, C3. Access to information and knowledge, C4. Capacity building, C5. Building confidence and security in the use of ICTs; C6. Enabling environment, C7. ICT applications, C8. Cultural diversity and identity, linguistic diversity and local content, C9. Media, C10. Ethical dimensions of the Information Society and C11. International and regional cooperation.
o One problem is that the WSIS action lines and the Sustainable Development Goals (SDGs) have so far been organised in two different processes by different people in New York and Geneva, with little interaction between WSIS and SDGs. In 2015, when the Millennium Development Goals (MDGs) set in 2000 were revised and replaced by the SDGs, the negotiators in New York were quite ignorant of the WSIS action lines and failed to recognise that the world will be a digital world by 2030. Some of the 2015 SDGs have a "digital dimension", but the SDGs as a whole do not have a strong digital chapter.
o WSIS+20 now offers the opportunity to overcome this separation. The review of the WSIS action lines should be carried out in such a way that they build a bridge to the SDGs, which are planned to be reviewed in 2030. After 2030, WSIS action lines and SDGs could then be linked to form a kind of "Digital Development Goals" (DDGs).
A central point of WSIS+20 will be the renewal of the IGF's mandate, which expires in December 2025. The majority of discussants at the IGF referred to the GDC's statement and Guterres' speech in Riyadh where the IGF is recognised as the main (primary) multi-stakeholder platform for discussing internet governance issues. If this was confirmed by 193 governments in New York in September 2024, the renewal of the IGF mandate at WSIS+20 should be a more "technical issue" and not become the subject of geopolitical power games.
o It was also discussed whether the renewal of the IGF mandate should be linked to an extended range of tasks. This was rejected by a majority. Article 72 of the Tunis Agenda, which describes the IGF mandate in detail in 13 paragraphs, is flexible enough to address all new problems that arise in connection with the development and use of the internet. The last 20 years have shown that the IGF community and its mechanisms can deal with this successfully. There was also no support for the idea of turning the "IGF process" into an "IGF organisation". Both a new version of the IGF mandate and the drafting of an IGF constitution would be tantamount to opening Pandora's box and would trigger endless negotiations with little prospect of a successful conclusion. However, it is necessary to further develop the IGF in line with the proposal made by the High Level Panel on Digital Cooperation (HLP.DC) in 2019. But time should be allowed to develop proposals for an IGF+. One option discussed was to ask the UNCSTD to establish another multi-stakeholder working group for "IGF Enhancement" (based on the model of the UNCSTD Working Group on IGF Improvement/2011 - 2013), which could submit proposals by 2027.
o Against the backdrop of the discussion in Riyadh, however, it was irritating that the discussion at the 79th UN General Assembly in New York was moving in a different direction at the same time. The draft UN Resolution 79/194 on "ICT for Sustainable Development" submitted by the G77 group of states did not contain the GDC formulation (the primary platform for Internet Governance) with regard to the IGF. Instead, paragraph 34 of the draft resolution stated: "It recognizes the importance of the Internet Governance Forum and its mandate as the forum for multi-stakeholder dialogue on various matters". The US motion to adopt the GDC's wording on the role of the IGF as a "primary platform" was rejected by 107 votes to 57.
Another controversial point in Resolution 79/194 is the resurrection of the controversy over "the process of enhanced cooperation" for internet governance. "Enhanced cooperation" was a compromise formulation in the Tunis Agenda of 2005, which covered up the dissent over the creation of an intergovernmental oversight body for ICANN. In Tunis, developing countries, as well as China and Russia, had criticised the US government's then supervisory role over the Domain Name System (DNS) A root server as a violation of the international law principle of sovereign equality of all states and called for all states to be involved "on equal footing" in the supervision of the management of critical internet resources, preferably through the creation of a new intergovernmental body. In Tunis, even the EU proposed the creation of an "Intergovernmental Internet Council" for "questions of principle". However, the "day-to-day operations" of DNS management should remain in the hands of ICANN.
o The discussion on "enhanced cooperation" was continued in the 2010s in two UNCSTD working groups (WGEC I & II) without results. However, the IANA transition at the end of 2016, in which oversight of the A root server was transferred from the US government to the "empowered community" at ICANN, removed a key basis for this. Since then, there has no longer been a special role for any government at ICANN. All governments are on equal footing in the Governmental Advisory Committee (GAC). The new ICANN Bylaws contain specific procedures on how the ICANN Board should deal with GAC Consensus Advice.
o However, some governments are still dissatisfied with the current ICANN arrangement. The Russian government has made several proposals to the ITU to initiate a new discussion on the creation of intergovernmental oversight bodies over ICANN. At the "ITU-CWG Internet" meeting in Geneva in September 2024, Russia again proposed discussing the topic and regretted that 20 years after Tunis, there is still no intergovernmental body for the management of critical internet resources.[7] Although the idea of transforming the GAC into a GOC (Governmental Oversight Committee) does not have a majority, it does have some sympathisers. This is obviously reflected in UN Resolution 79/194, when it repeats the history of "enhanced cooperation" in five paragraphs and then states in paragraph 40: "It recognizes the importance of enhanced cooperation in the future, to enable Governments, on an equal footing, to carry out their roles and responsibilities in international public policy issues pertaining to the Internet, and notes the need for continued dialogue and work on the implementation of enhanced cooperation as envisioned in the Tunis Agenda."
Artificial intelligence
The topic of artificial intelligence is increasingly becoming a topic in its own right within global internet governance and digital diplomacy. With the recommendations of the UN High Level Panel on AI in September 2024, this discussion has reached a new level. While AI was previously a topic that primarily concerned the Western world (EU, USA, Japan) and its organisations (OECD, G7, Council of Europe), AI is now increasingly becoming a global topic in which all countries want to have an equal say. This applies to AI developments as well as the elaboration of political, legal, ethical and other framework conditions. Against the backdrop of the wars in Ukraine and Gaza, public awareness of the military aspects of AI is increasing. There are clear warnings of an "AI divide". It is unacceptable that global AI rules are only written by a few developed countries. Voices from the Global South calling for equal participation in AI are becoming louder and were heard in the fourth quarter of 2024, particularly at the IGF in Riyadh, at the 79th UN General Assembly (UNGA) and at the special session of the UN Security Council (UNSC) on 19 December 2024 in New York
AI was one of the main topics of the IGF 2024. In his opening speech in Riyadh, Saudi Arabian Communications Minister Abdullah Alswaha had already pointed out the risks of an AI divide and called for greater efforts by the Global North to train AI experts in the Global South. AI was discussed in more than 30 sessions: AI ethics, AI regulation, AI governance, AI and blockchain, AI and biometrics, AI and business models, AI in healthcare and transportation, AI weapons, AI as a topic of diplomatic negotiations. The AI activities of the UN, the OECD, the Council of Europe, the EU, the ITU, the G7, UNESCO and other organisations were presented. It was criticised that the growing number of venues for AI governance entails risks of fragmentation, overlap and waste of resources. This tends to deepen the North-South divide in AI, as many developing countries do not have the capacity to follow everything and run the risk of being marginalised. AI must be discussed and regulated centrally at the UN.
One controversial topic was the definition of AI governance. What are the differences between internet governance, data governance, digital governance, cyber governance, ICT governance and now AI governance? One suggestion was to speak generally of "governance in the digital age" and to name the specifics in different areas such as data, cyber or AI. There is no need to reinvent the wheel and introduce new language. One could use the broad definition of "Internet Governance" from the Tunis Agenda as a basis. The main elements of the Tunis definition – a. a multi-stakeholder approach involving governments, businesses, civil society and the technical community, b. a collaborative approach to policy development and decision-making, and c. a comprehensive approach involving both technical and political aspects – are relevant not only to internet governance in the narrow sense, but to all forms of "governance in the digital age". In other words, it makes a lot of sense to use the Tunis definition as a starting point for a specific definition of AI governance.
AI also played an important role at the 79th UN General Assembly (UNGA). At the UN Future Summit in September 2024, important decisions were made for the future role of the UN in AI with the adoption of the "Pact for the Future" and the "Global Digital Compact" (GDC): the formation of a permanent UN AI panel, the establishment of a high-level regular AI dialogue within the UN and the creation of an AI office in the UN Secretariat.
o Two further resolutions on military aspects of AI were adopted in December 2024: UN Resolution 79/62 initiated by Austria on "Lethal autonomous weapons systems"[8] and UN Resolution 78/239 initiated by the Netherlands and Korea on "Artificial intelligence in the military domain and its implications for international peace and security."[9] The Austrian resolution calls on the "Group of Governmental Experts on Lethal Autonomous Weapons Systems (GGE LAWS)" to conclude the negotiations that have been ongoing for ten years under the umbrella of the "Convention on Certain Conventional Weapons (CCW)" by December 2025 and thus create the conditions for the conclusion of an international treaty in 2026, as called for by UN Secretary-General Guterres. The Korean and Dutch resolution calls on the 80th UNGA 2025 to submit a report to the UN Secretary-General on the role of AI in the military dimension.
o In another UN Resolution 79/23 "Role of science and technology in the context of international security and disarmament", introduced by India, the UN states were called upon to create greater public awareness of the role of AI in the question of war and peace. The resolution "encourages Member States to organize events such as conferences, seminars, workshops and exhibitions, at the national, regional and international levels, on the role of science and technology in the context of international security and disarmament, in order to facilitate multilateral dialogue, as well as dialogue among relevant stakeholders, on current developments in science and technology and their potential impact on international security and disarmament efforts"[10]
o The 78th UNGA had already adopted two AI resolutions, sponsored by the USA and China respectively, which advocate support for AI developments in the Global South. Their implementation will also be discussed at the 80th UNGA in 2025.
On 19 December 2024, the UN Security Council (UNSC) hosted an AI expert hearing.[11] The current UNSC Chair, US Secretary of State Blinken, had invited three experts – Fei-Fei Li from Stanford University, Yann LeCun from Meta and Jacob T. Schwartz from New York University – who spoke about the risks and opportunities of AI for solving global problems. Blinken himself pointed out in his presentation that AI can help implement 80% of the SDGs, but "it can also be deployed for destructive and hard-to-trace cyberattacks". He referred to the emerging network of "AI Safety Institutes", which were created in the wake of the "Bletchley Process" launched by the British government in 2023 and which could help to curb AI misuse. [12]
o Yann LeCun from Meta said in response to accusations that his company was using unfair practices: "Governments and the private sector must work together to ensure this global network of infrastructure exists to support AI development in a way that enables people all over the world to participate in the creation of a common resource. International cooperation must focus on two initiatives: collecting cultural material, providing AI-focused supercomputers in multiple regions around the world and establishing a modus operandi for the distributed training of a free and open universal foundation model; and unifying the regulatory landscape, so that the development and deployment of open-source foundation models is not hindered. Meta has taken a leading role in producing and distributing free and open-source foundation models. About AI-generated disinformation. There is no evidence that current forms of AI present any existential risk, or even a significantly increased threats over traditional technology such as search engines and textbooks."[13]
o The UNSC session was mainly used by the major AI powers to position themselves for the upcoming discussions. China's Ambassador Fu Cong said: "AI technology is not a cake for a small group of people, nor should its global governance be determined by just a small number of countries. China firmly opposes the practice of imposing on others the rules formulated by a small number of countries."[14] Russia offered technical assistance to the Global South and called for AI algorithms to be developed on the basis of cultural and national specificities of different civilisations.
o On behalf of the African states, Algeria warned against a North-South AI divide and the use of military AI. "The time has come for a binding framework that prevents the misuse of military AI. The growing AI divide is not about machines and algorithms – it is about sovereignty itself as AI-powered, border-proof attacks can damage societies and manipulated information can poison minds. Africa's Continental Artificial Intelligence Strategy and Digital Compact are the continent's vision for AI for peace. We need an inclusive international mechanisms where developing countries are equal architects for our shared future".
o At the opening, UN Secretary-General Guterres said: "Recent conflicts have become testing grounds for AI military application. Algorithms, from intelligence-based assessments to target selection, have reportedly been used in making life-and-death decisions. Artificial intelligence without human oversight would leave the world blind.... The integration of AI with nuclear weapons must be avoided at all costs. ... We must never allow AI to stand for 'Advancing Inequality' ".
The AI calendar for 2025 is already tight. In February 2025, France will host the 3rd AI summit as part of the Bletchley Process.[15] In March 2025, informal consultations on autonomous weapons systems will take place in New York. The G7 will evaluate the progress of the G7 AI Hiroshima Process at their summit in Kananaskis, Canada, in June 2025.[16] The UN will clarify the modalities for the AI Panel and the AI Dialogue by summer 2025. In July 2025, the ITU will hold its "AI for Good Summit" in Geneva.[17] The Global Commission on Responsible Artificial Intelligence in the Military Domain (GC REAIM), supported by the Netherlands, will have several meetings, including on the fringes of the Munich Security Conference (MSC) in February 2025 and the NATO summit in The Hague in June 2025.[18] And AI will be one of the main topics at the 80th UNGA starting in September 2025.
UN Convention against Cybercrime
After three years of negotiations and numerous controversies, the UN Convention against Cybercrime was finalised in August 2025 and passed by acclamation as UN Resolution 79/243 on 24 December 2024 without any further votes.[19] During the discussion in the 3rd Committee of the UN General Assembly in November 2024, there was still an intensive debate in which Western states in particular pointed out weaknesses in the Convention and warned that the Convention should not be misused to justify restrictive national policies such as state censorship or mass surveillance. The USA and several Western states issued unilateral statements in which they made their concerns known.[20] Ultimately, however, they agreed to the adoption.
The final approval of the Western states for the Convention was justified by the growing cyber crime, which requires a global response. It was still better to strengthen the Budapest Convention of the Council of Europe from 2001, so the opinion. However, as many states from the global South would prefer a UN instrument, the alternative of a Western refusal would have been a split within the UN and would have contributed to growing legal uncertainty. Western governments pointed out that in the AHC negotiations it was agreed that there was no fundamental contradiction to the Budapest Convention and that signatories to the UN Convention were free to join the Budapest Convention, whose definitions and protection mechanisms are more precise.
o Council of Europe expert Alexander Seger, one of the fathers of the Budapest Convention, who had been involved in the UN negotiations from the outset, argued that any treaty can be misused. The UN Convention would not solve all problems, but would lead to a consolidation of legal rules in the fight against cyber crime on a global scale.
o Interpol´ s Secretary General Valdecy Urquiza argued similarly: "Cybercrime is a uniquely borderless threat that is increasing at a dramatic rate. Cyber attacks destroy businesses, undermine public institutions, and endanger lives. Only by moving forward together in lockstep can countries effectively combat cybercrime. The UN cybercrime convention provides a basis for a new cross-sector level of international cooperation we desperately need."[21]
Non-governmental representatives from business and civil society reiterated their negative attitude even after the adoption of the UN Convention on 24 December 2024. Definitions of criminal offenses in cyber space are too vague, protective mechanisms for respecting human rights such as freedom of expression and privacy are too weak and the procedures for cross-border criminal prosecution are an invitation to abuse. The civil rights organisation Electronic Frontier Foundation specified its reservations in a statement on 16 December 2024: "We expressed grave concerns that the treaty facilitates requests for user data that will enable cross-border spying and the targeting and harassment of those, for example, who expose and work against government corruption and abuse.".[22] The Tech Accord, which represents over 140 large private companies, expressed a similar view.[23] Netzpolitik.org had already called on European governments not to sign the Convention in November 2024 following the discussion in the 3rd Committee of the UNGA. [24]
Once the Convention has been adopted by the UN General Assembly, the formal signing ceremony will take place in Hanoi in the first quarter of 2025. Signatory states must then submit the onvention to their parliaments for ratification. The treaty will enter into force 30 days after the 40th instrument of ratification has been deposited with the UN. Parallel to this, negotiations on an additional protocol will begin in 2025. These negotiations will cover all the issues that were excluded from the Convention, including the dissemination of illegal content such as terrorism and incitement to hatred on the internet.
In some Western countries, a discussion has begun on whether the treaty should be signed. The EU Commission negotiated on behalf of the members of the European Union. However, it is now up to the governments of the individual EU states to decide whether to sign the document. In the USA, voices have already been raised advising the new government not to sign the treaty. It is also quite unlikely that the UN Convention will receive a majority in both chambers of the US Congress.
National cyber security
The topic of national cyber security is also being negotiated at the UN. The Open-Ended Working Group (OEWG), founded in 2020, operates under the 1st Committee of the UN General Assembly (UNGA) responsible for security and disarmament issues. The OEWG meets twice a year and reports to the UNGA. Its mandate expires in December 2025.
On December 24, the 79th UN General Assembly adopted UN Resolution 79/237 "Open-ended working group on security of and in the use of information and communications technologies 2021-2025 established pursuant to General Assembly resolution 75/240", which sets the course for the future of the OEWG. The resolution confirms the 3rd Annual Progress Report (APR) of the Chairman of the OEWG, Singapore's Ambassador Burhan Gafoor.
o The report provides information on two positive decisions: The creation of a "Points of Contact" (PoC) mechanism and a "Global Portal on Cooperation and Capacity-Building". The POC mechanism is a confidence-building measure. It is based on the model of the "red telephone" between the nuclear powers. It is intended to provide a means of contact in the event of cyberattacks that threaten national security. The Global Portal is a capacity-building measure. It is intended to help develop national capabilities and strengthen resilience against cyber attacks, particularly in developing countries. A "voluntary fund" is to be set up to enable such training measures. The details of how the PoC mechanism and the Global Portal are to be operationalised and how the Voluntary Fund is to be financed will be on the agenda of the next OEWG meetings.
o The question of whether the OEWG should primarily deal with the implementation of the eleven cyber security standards from 2015 or with the development of new standards remains controversial. The question of whether these norms should be translated into binding international law, i.e. into a new UN cyber security convention, and continue to apply as "voluntary principles" is also open. The Western states prefer a "Program of Action" (PoA), in which the UN states should first report on how they are implementing the eleven cyber security principles. Russia in particular is pushing for further standards to be drawn up and made binding under international law.
o The involvement of non-governmental stakeholders from business, science and civil society as well as the technical community in the work of the OEWG remains controversial. There is currently a two-stage process. All non-governmental institutions that have ECOSOC accreditation are automatically entitled to participate in OEWG meetings. Non-ECOSOC-accredited institutions can apply to participate, but this can be blocked by the veto of a single UN state. This situation has meant that institutions such as the Davos World Economic Forum (WEF), the Global Forum on Cyber Expertise (GFCE) in The Hague, the Moscow Institute of International Relations (MGIMO) and the German Council on Foreign Relations (DGAP) cannot attend OEWG meetings because either Russia or Ukraine have vetoed them.
o UN Resolution 79/237 also gave the green light for the future of the so-called "Regular Institutional Dialogue" (RID), i.e. the creation of a permanent UN mechanism on cybersecurity after the expiry of the OEWG mandate in December 2025. The key issues paper of the OEWG Chair was basically confirmed. The details for the new "permanent mechanism" are to be worked out by the 9th and 10th OEWG sessions (December 2024 and February 2025) and approved by the 80th UN General Assembly in fall 2025.
The 9th OEWG session took place in New York from 2 to 6 December 2024. It was effectively a continuation of the debates in the 1st Committee of the 79th UNGA and reflected the divided political situation: growing consensus on confidence- and capacity-building measures (PoC mechanism and Global Portal), but disagreement on the role of cyber security norms, the participation of non-state actors and the details of the future "permanent mechanism". The OEWG Chair has announced that he will present a new working paper for the Regular Institutional Dialogue (RID) before the next OEWG meeting in New York in February 2025 and discuss it with all stakeholders at a town hall meeting. [25]
[1] https://intgovforum.org/en/filedepot_download/305/28530
[2] https://www.youtube.com/watch?v=rA7i30OcmME
[3] https://intgovforum.org/en/filedepot_download/305/28526
[4] https://intgovforum.org/en/filedepot_download/305/28529
[5] https://www.intgovforum.org/en/filedepot_download/333/28522
[6] https://intgovforum.org/en/filedepot_download/327/28527
[7] https://www.itu.int/md/S24-RCLINTPOL20-C-0004/en
[8] https://documents.un.org/doc/undoc/gen/n24/351/56/pdf/n2435156.pdf
[9] https://digitallibrary.un.org/record/4064478?ln=en&v=pdf
[10] https://documents.un.org/doc/undoc/gen/n24/348/11/pdf/n2434811.pdf
[11] https://press.un.org/en/2024/sc15946.doc.htm
[12] https://www.state.gov/secretary-antony-j-blinken-at-a-un-security-council-meeting-on-ai/
[13] https://press.un.org/en/2024/sc15946.doc.htm
[14] https://www.fmprc.gov.cn/mfa_eng/xw/zwbd/202412/t20241225_11517873.html
[15] https://www.elysee.fr/en/sommet-pour-l-action-sur-l-ia/join-the-road-to-the-summit
[16] https://www.international.gc.ca/world-monde/international_relations-relations_internationales/g7/index.aspx?lang=eng
[17] https://aiforgood.itu.int/
[18] https://hcss.nl/gcreaim-conferences/
[19] https://documents.un.org/doc/undoc/gen/n24/372/04/pdf/n2437204.pdf
[20] https://therecord.media/un-cybercrime-treaty-clears-vote; https://www.eeas.europa.eu/delegations/un-new-york/eu-explanation-position-un-general-assembly-3rd-committee-adoption-united-nations-convention-against_en
[21] https://www.interpol.int/en/News-and-Events/News/2024/INTERPOL-welcomes-adoption-of-UN-convention-against-cybercrime
[22] https://www.eff.org/deeplinks/2024/12/still-flawed-and-lacking-safeguards-un-cybercrime-treaty-goes-un-general-assembly
[23] https://cybertechaccord.org/tech-accord-urges-changes-in-flawed-final-draft-of-un-cybercrime-convention-to-safeguard-security-tech-workers-and-uphold-data-and-human-rights/
[24] https://netzpolitik.org/2024/un-abkommen-zur-computerkriminalitaet-eu-staaten-sollen-die-cybercrime-convention-ablehnen/
[25] https://dig.watch/updates/oewgs-ninth-substantive-session-limited-progress-in-discussions
