Developments in the internet governance environment October to December 2025

Wolfgang Kleinwächter Jan 13, 2026 28 min read

In the fourth quarter of 2025, the discussion on Internet governance was dominated by the following three issues:

WSIS+20 Review Conference
Artificial intelligence
Cybersecurity

I. WSIS+20 Review Conference

On 17 December 2025, the WSIS+20 Review Conference Outcome Document was adopted by consensus at the 80th UN General Assembly.[1] Comprising eight chapters divided into 127 paragraphs, the document forms the basis for the continuation of the WSIS process that began in Geneva in 2002. The next review conference is scheduled for 2035 (WSIS+30). The most significant outcome of WSIS+20 is the resolution to grant permanent status to the Internet Governance Forum (IGF), which was founded in 2005 as an experiment.

Tough negotiations down to the wire

The adoption of the "Outcome Document" was preceded by tough government negotiations, which were on the verge of failure several times in their final phase.

The negotiation process, led by two facilitators (the UN ambassadors from Albania and Kenya), began with the publication of an "Elements Paper" in June 2025.[2] The Elements Paper was discussed at the IGF in Lillestroem, Norway, at the WSIS Forum in Geneva and in several virtual consultations, and led to a Zero Draft at the end of August 2025[3], which was the subject of further virtual consultations. The more than 100 written comments were reflected in a revised draft (Rev.1) published on 7 November 2025[4]. After another round of consultations, the second revised draft (Rev.2)[5] formed the basis for the final government negotiations, which began on 9 December 2025 at the UN headquarters in New York.
During these negotiations, in which non-governmental representatives were no longer involved, the conflicts between governments became more apparent Tage. These conflicts centred in particular on the financing of efforts to overcome the digital divide and the role of governments in Internet governance. Some countries rejected references to the UN's sustainable development goals, gender and climate (USA), human rights (Russia and Iran), digital problems in occupied territories (Israel), disinformation and hate speech (Argentina), condemnation of sanctions (Ukraine) and sexual violence on the Internet (Saudi Arabia and Nigeria). In total, there were objections to 55 of the 127 paragraphs.
However, attempts by the two co-facilitators to reach consensus with a third draft (Rev.3) on 11 December 2025 failed, as did a fourth draft (Rev.4) on 15 December. During the night of 16 December, consultations between the President of the 80th UNGA and the UN ambassadors of the countries that rejected passages of the document resulted in a procedural compromise. According to this compromise, those governments that had serious objections were given the opportunity to explain their position before the vote in the plenary session of the 80th UNGA (Expression of Position before the Vote/EOP) and to make it clear that "consensus" does not mean "agreement". In return, these governments refrained from requesting a vote. Such a vote would have undermined the consensus principle that has been in place in the WSIS process since 2003.

Success for the multistakeholder model despite tensions

The fact that, after six months of stakeholder consultations and government negotiations, a final document was actually adopted by consensus must be considered a success, given the complicated geostrategic situation in world politics.

The WSIS+20 Outcome Document makes it possible to continue on the path begun in 2002 towards building a global "people-centred, inclusive and development-oriented" information society based on international law and human rights. The multi-stakeholder model, which was agreed upon 20 years ago as the basis for internet governance, has been further strengthened by WSIS+20. However, the document is very cautious in its comments on today's controversial digital issues: cybercrime, cyberterrorism, digital neocolonialism, digital taxation, cross-border data flows, misuse of social networks, mass surveillance, internet shutdowns, online censorship, dominance of technology companies, risks of artificial intelligence, quantum, internet-based autonomous weapon systems and others.
WSIS+20 was therefore not a historic moment, nor a breakthrough that elevated global digital policy to a higher level. It was the lowest level at which governments could meet, regardless of their conflicts in other policy areas. In retrospect, it was therefore a wise decision by the two co-chairs not to set the bar too high for WSIS+20 from the outset. This allowed the WSIS vision of the early 2000s to be preserved, opening up space for improvements in the future, when the political climate may have calmed down again. WSIS+20 was therefore nothing more than a milestone in a process that began at the start of the millennium and will continue in the future. The fact that this chain was not broken in New York City in December 2025 is the real success of WSIS+20.

Conflict lines: Financing and the role of governments

The two central points of contention – financing the bridging of the digital divide and the role of governments in Internet governance – which have been on the agenda since the first WSIS summit in Geneva in 2003, resurfaced in the final negotiations in New York.

With regard to financing, the compromise at WSIS+20 was to delegate the issue to an internal ITU task force, which is to develop proposals for future measures by 2027.

However, the new task force will not be comparable to the Task Force on Financial Mechanism (TFFM) of 2004/2005, which at the time proposed the creation of a "Digital Solidarity Fund" (DSF). This time, the ITU is being asked to set up an "Internal Task Force" to "assess gaps and challenges and make concrete recommendations to strengthen financing mechanisms for digital development in developing countries" (para. 67). For the G77 and China, the establishment of a task force to finance the digital transformation was a red line. The US, the EU and the UK rejected the establishment of an independent new institution. However, both sides agreed that funds must be mobilised for infrastructure development, capacity building and investment in AI.
An internal ITU task force is a reasonable compromise, but also a very weak proposal. Analysing gaps and challenges for building information infrastructure has been the ITU's responsibility since the ITU D Sector was established more than 30 years ago. The hope is that pressure from WSIS+20 will take the ITU to a new level and that its activities will go beyond the "Baku Declaration"[6], which was adopted in November 2025 at the ITU's World Telecommunication Development Conference (WTDC) and which stated that "no one should be left behind in the digital age".
The lesson learned from the failed DSF[7] in 2009 is that in a highly competitive digital market economy, the expectation that a fund will help bridge the digital divide is an idea of yesterday. Many developing countries made it clear that they do not primarily expect "cash" from rich countries, but rather an equal partnership in the global digital economy and equal participation in digital policy-making. Bridging the digital divide is primarily a challenge of creating incentives for private investment in local infrastructure and applications, as well as for fair public-private partnerships. Saudi Arabia's Minister of Digital Affairs, Abdullah Amer Alswaha, made it clear that what is needed above all are employment opportunities, digital education and local initiatives in the Global South. If 90 per cent of AI LLMs are trained in only one language, the result is unbalanced. That has to change.

The discussion on the role of governments in internet governance followed a similar pattern. The plan of some governments after Tunis (2005) to solve digital problems by establishing an intergovernmental internet council through "enhanced cooperation", i.e. state control of the internet, has not worked in the last 20 years. And it will not work in the future either.

Nevertheless, some governments from the Global South, and Russia in particular, are dissatisfied with the existing mechanisms for managing critical Internet resources. They wanted to use WSIS+20 to introduce the idea of "enhanced cooperation" into the IGF through the back door. They called for the introduction of an "IGF Governmental Track" within the IGF, with a mandate to negotiate recommendations. Such a governmental track would have changed the multi-stakeholder character of the IGF. This was a "no-go" for the supporters of the IGF.
The compromise in para. 101 now calls on the IGF to "improve its working modalities and expand the participation of governments and other stakeholders from developing countries and underrepresented communities by working to establish and facilitate dialogue between governments with the participation of all stakeholders". The somewhat confusing wording of para. 101 reflects the difficulties some governments have with their understanding of "multistakeholderism" and "multilateralism".

a. Some governments want the multistakeholder approach to be under government control. Others see governments as a separate stakeholder group within the multistakeholder model. Some governments think in terms of hierarchies, with governments at the top of the hierarchy. Others understand a modern society as a network in which different stakeholders have different responsibilities but work together as equals.
b. Paragraph 101 does not solve the problem, but it does allow the debate to continue by maintaining the multi-stakeholder nature of the IGF and calling on governments to take a more active role. It is therefore important that WSIS+20 reaffirms in para. 88 the Tunis Agenda (2005) definition of internet governance, which states that "internet governance is the development and application of shared principles, norms, rules, decision-making processes and programmes by governments, the private sector and civil society in their respective roles, which shape the development and use of the Internet."
One of the achievements of the WSIS+20 process is that the multi-stakeholder approach has ultimately been further strengthened compared to the Tunis Agenda of 2005 and the WSIS+10 outcome document of 2015. The terms "multi-stakeholder" and "stakeholder" appeared 22 times in the 122 paragraphs of the Tunis Agenda. In the 71 paragraphs of WSIS+10, they appeared only 19 times. Now, in the 127 paragraphs of WSIS+20, there are a total of 51 references to the multi-stakeholder approach. This is also reflected in the introductory chapter of WSIS+20. Paragraph 3 states: "We reaffirm the value and principles of multi-stakeholder cooperation and engagement." And paragraph 4 states: "We reaffirm the principle of the sovereign equality of all States." This recognises that intergovernmental multilateralism is embedded in a multi-stakeholder environment. The multi-stakeholder approach and multilateralism are two sides of the same coin. What is needed is not a battle between stakeholders for "leadership", but increased cooperation between all stakeholders concerned in their respective roles on an equal footing.
It is also important that WSIS+20 contains a reference in paragraph 94 to the "Sao Paulo Multistakeholder Guidelines" (SPMG)[8] from NetMundial in April 2024. The SPMG went a step beyond the agreed principles of Internet governance and defined in more detail the "how" of multistakeholder cooperation. With the SPMG, the community now has a criterion for measuring the actual degree of multistakeholder participation in digital policy-making.
The reality, however, is that many governments pay only lip service to the multistakeholder model. This was also reflected in the modalities of the preparatory process for WSIS+20. Although it provided for formal support for the multistakeholder model, in practice it was organised into two rather separate strands of work: consultations with non-governmental stakeholders and negotiations between inter- governments. Only a small number of governments participated in the stakeholder consultations. And non-governmental actors were excluded from the inter-governmental negotiations. The idea of creating a closer link between the two groups by forming an "Informal Multistakeholder Sounding Board" (IMSB) was a good one. But it too was only partially successful. The IMSB attempted to involve governments in non-governmental discussions, offered "consultation hours" for interested stakeholders and published statements. But even the IMSB was not allowed to sit at the negotiating table as a silent observer.
The decision to grant the IGF permanent status is the most important outcome of WSIS+20.

a. It is now up to the IGF, the Multistakeholder Advisory Group (MAG) and the Leadership Panel (LP) to prove that the IGF is "the most important multi-stakeholder platform for discussing Internet governance issues," as stated by the GDC. The WSIS+20 Outcome Document calls for a review of the IGF's modalities and for more incentives to encourage the involvement of all stakeholders – governments, parliamentarians, large and small businesses, civil society, the technical and academic communities. A new "MAG Working Group on IGF Enhancement" could be a helpful idea.
b. To fulfil this role, the IGF needs a stable budget and a strong secretariat. The role of the IGF Secretariat in Geneva is strengthened in para. 103, but the question of IGF funding remains unresolved. WSIS+20 now calls on "the Secretary-General of the UN, with the support of UNDESA, to submit a proposal to the UNGA during its 80th session to ensure sustainable funding for the Forum". The mandate of the 80th UNGA ends in early September 2026. There is not much time left.

Priorities: Human rights, GDC and digital economy

The list of issues addressed in the WSIS+20 document is long. It also includes human rights, the digital economy, digital development, cybersecurity, AI and data governance. However, the chapters on these topics merely reiterate what has already been decided elsewhere and refer to other processes.

The section on human rights confirms the Human Rights Council's resolution that people should enjoy the same rights both offline and online. The paragraphs on freedom of expression, privacy protection and mass surveillance repeat the wording from the WSIS+10 document and the GDC. What is new is that the role of the United Nations High Commissioner for Human Rights is clearly formulated. This is a good step towards ensuring that the WSIS is anchored in human rights.
The GDC is also seen as a suitable framework for discussing AI and data governance. Under the GDC, two new UN bodies for AI are currently being established: the International Scientific Panel on AI and the Global Dialogue on AI Governance. The GDC also decided to establish a Working Group on Data Governance (WGDG). The WGDG began its work in spring 2025 and is required to submit its final report to the UNCSTD in Geneva by 2027.
The section on the digital economy calls for an "open, fair and non-discriminatory environment for digital development" (para. 30) and urges that "concentrations of technological capacity and market power be addressed to ensure that the benefits of digital cooperation are equitably distributed". (para. 31). This is a very polite way of avoiding controversial issues such as digital taxation, which is being discussed in the International Negotiating Group (ING) of the UN Convention on Taxation[9], or the Digital Trade Pact, which is being discussed in the WTO[10].
The section on cybersecurity welcomes the establishment of the new Global Mechanism on Cybersecurity under the First Committee of the UN General Assembly as a follow-up to the Open-Ended Working Group (OEWG)[11], but does not refer to the UN Convention on Cybercrime (Hanoi Convention)[12], which has been open for signature since October 2025. Furthermore, the section ignores the discussions within the CCW on internet-based autonomous weapon systems (LAWS)[13] and the use of AI in the military sphere.

Challenge: Coordination of UN processes

A future challenge will be to coordinate the various complementary activities. WSIS+20 calls for coherence and the avoidance of duplication. More or less all new digital policy processes have their origins in WSIS and are based on the use of the Internet. The definition of internet governance from the Tunis Agenda is a very broad one that is also relevant to cyber governance, digital governance, IoT governance, data governance and AI governance. There is therefore no need to reinvent the wheel.

It is important that WSIS is now closely linked to the GDC review planned for 2027 and the SDG review planned for 2030. The role of the UN Group on the Information Society (UNGIS) has also been strengthened. UNGIS has been given the mandate to promote multi-stakeholder dialogue (para. 121). This will enable a holistic approach in the future. The WSIS architecture now includes the WSIS action lines, the SDGs, the GDC, the IGF, the WSIS Forum in Geneva, the Global Dialogue on AI Governance, the International Scientific Panel on AI and the WGDG. In addition, there are the UN bodies dealing with cybersecurity, the digital economy and human rights.
Successful coordination also requires close cooperation between the various UN bureaucracies in New York and Geneva: ECOSOC, ODET and UNDESA (New York) and the IGF Secretariat, UNCSTD, ITU and UNGIS (Geneva).

USA: From blocker to supporter

A new problem in the WSIS context was the role of the US government. For more than 20 years, the US government had been a constructive partner in developing the multi-stakeholder approach to digital policy-making. However, following the UNCSTD meeting in Geneva in April 2025, at which the US government voted against the WSIS+20 resolution preparing for the WSIS+20 review negotiations in New York, it remained unclear until the last moment how the US government would behave.

Following the presentation of Rev.3, the US government indicated that it would likely request a vote on the WSIS+20 Outcome Document. At that moment, a group of leading US technology companies intervened and wrote a letter to the US State Department calling for continued US support for the IGF and the multi-stakeholder approach.
The letter clearly had the desired effect. At the plenary session of the Ministerial Conference that began on Tuesday, the US government initially refrained from speaking. It was not until the afternoon session on Wednesday that the US took the floor as the last speaker and announced that it would not be requesting a vote after all, despite its reservations about many parts of the final text of the WSIS+20 Outcome Document. In a "statement of position" prior to the vote (EOP), the US government distanced itself from numerous paragraphs of the document, but stated that it would continue to support the multi-stakeholder approach.[14]

Germany: Ministerial presence and financial pledge for the IGF

Germany was represented by a minister at a WSIS meeting for the first time since 2003. In his speech, Digital Minister Wildberger advocated for a free, open and uncensored Internet without state control over central Internet functions and announced that the Federal Republic would support the IGF with one million dollars.[15] He took the opportunity to hold bilateral meetings, including with UN Tech Envoy Amandeep Gil Singh and leading business representatives, particularly from the AI industry. He also participated in a WSIS+20 side event organised by the European University Institute in Florence, together with the head of the EU delegation, Thibault Kleiner.[16]

Stakeholder mobilization: A successful stress test

WSIS+20 was a stress test for governments, showing that multilateral mechanisms can still function and achieve results despite deep controversies. No less important was the mobilising factor for non-governmental interest groups. The Global Digital Rights Coalition (GDRC)[17] organised civil society, the Technical Community Coalition for Multistakeholderism (TCCM)[18] united the technical community, and the International Chamber of Commerce (ICC) brought together small and large companies to influence the consultation process through statements and written contributions such as the "Five Point Plan for an inclusive WSIS+20".

II. Artificial intelligence

The global discussion on artificial intelligence continued in various directions in the fourth quarter of 2025. A structure is beginning to emerge in this debate that is characterised by both confrontation and cooperation, but whose individual parts are not very interconnected. The global AI debate is closely linked to the discussion on internet governance, as the WSIS+20 process has shown, but is beginning to take on a life of its own. The global AI debate is increasingly overshadowed by the American-Chinese conflict over leadership in new AI applications. The UN has set the course for an "Independent International Scientific Panel on AI" and a "Global Dialogue on AI Governance," which could become the universally accepted platform for the development of a global AI policy. However, the first steps taken by the UN have already led to new controversies. The G20 and G7 as platforms for discussions on AI and the Bletchley Process (AI summit) launched by the British government in 2022 have also lost momentum.

USA: "America First" and the goal of technological dominance

In accordance with the AI strategy published by President Trump in July 2025, "Winning the Race: The US AI Action Plan"[19], the US is focusing on its own strengths. For the US President, AI is "a national security imperative to achieve and maintain unquestioned and unchallenged global technological dominance. To secure our future, we must harness the full power of American innovation."[20] The US now only participates in international projects to the extent that it serves its interests. This even applies to cooperation within the G7 (such as the OECD's Global Partnership on Artificial Intelligence (GPAI)[21] oder dem 2023 von G7 Hiroshima AI Process/HAIP)[22], and the "Bletchely Process" launched by the UK[23]. The UN initiatives to form the International Scientific Panel on AI and the Global Dialogue on AI Governance[24] are viewed with suspicion. The main opponent is China.

China: Cooperative rhetoric with a strict national focus

China, on the other hand, is pursuing a more cooperative strategy, but one that leaves no doubt that China is striving for leadership in the AI race. China supports the UN initiatives on AI and has also advocated cooperation within regional associations of states such as APEC. In particular, it offers countries in the Global South cooperation in the development of AI capacities within the framework of the "Global AI Governance Action Plan"[25] of 25 July 2025. In September 2025, Vice Foreign Minister Ma Zhaoxu criticised "unilateralism and protectionism" in the UN Security Council, condemning "high fences around small spaces" designed to secure Western dominance and calling for internationally agreed governance models. At its core, however, China, like the US, is relying on its own strength and the innovative power of Chinese AI companies. The details of China's proposed establishment of the World Artificial Intelligence Cooperation Organisation (WAICO), based in Shanghai[26], remain unclear. The proposal, which was repeated by President Xi Jinping, Prime Minister Li Quiang and Foreign Minister Wang Yi at several high-level AI conferences in the fourth quarter of 2025, leaves open whether WAICO is to be an international organisation with state and non-state members or an NGO under the control of the Chinese party leadership.

UN: Global initiatives despite headwinds

In the UN, decisions had already been made in the third quarter of 2025 on the Independent International Scientific Panel on AI and the Global Dialogue on AI Governance.

A kick-off meeting of the Global Dialogue on AI Governance took place on the eve of the 80th UN General Assembly in New York, chaired by UN Secretary-General Guterres. Guterres also published a "Call for Nomination" to fill the AI panel.[27] In the fourth quarter, however, the process lost momentum, not least because the US government made its opposition clear. At a meeting of the UN Security Council, Presidential Adviser Mikhail Kraitsos said: "We totally reject all efforts by international bodies to assert centralised control and global governance of AI. ... The path to this new AI world is found not in bureaucratic management, but in the freedom and duty of citizens, the prudence and cooperation of statesmen, and the independence and sovereignty of nations." He added: "The US is focused on establishing American AI as the global gold standard and enabling allies and trade partners to build their own sovereign AI ecosystems with secure American technology." [28]
However, the majority of UN members are positive about the two UN initiatives. Countries in the Global South in particular hope that they will provide impetus for overcoming the "digital divide" and building an AI infrastructure. China is one of the main supporters. The EU countries also view both the AI panel and the AI dialogue positively. In contrast to the US government, however, US companies such as Microsoft, Google and Meta have expressed interest in both initiatives. Microsoft President Brad Smith has been campaigning for years to bridge the digital divide and encourage private investment in building AI infrastructure in the Global South.
Despite the rejection by the US, preparations for the first Global Dialogue on AI Governance are underway. It will take place together with the ITU's AI for Good Summit from 6 to 10 July 2026 and in parallel with the WSIS Forum in Geneva. However, the formation of the AI panel has been delayed. The application deadline expired on 31 October 2025. It is now up to UN Secretary-General Guterres to nominate the 40 members of the panel from the applications.

G20: AI initiative for Africa in the shadow of geopolitics

AI was also one of the main topics of the G20 summit on 22 November 2025 in Johannesburg. The "G20 South Africa Summit: Leaders' Declaration"[29] reaffirms the 2019 G20 AI Principles, recognises the work of the G20 Task Force on Artificial Intelligence, Data Governance and Innovation for Sustainable Development, and launches a new "AI for Africa Initiative" to serve as a voluntary platform for multilateral and multi-stakeholder cooperation.

The G20 had already pioneered global AI policy in 2019 by raising the five principles developed by the OECD (1. Inclusive growth, sustainable development and well-being, 2. Human-centred values and fairness; 3. Transparency and explainability; 4. Robustness, security and safety, and 5. Accountability) to the G20 level, thereby setting a standard for subsequent discussions on AI regulation, including the EU's AI Act.[30]
However, the absence of key G20 leaders at the summit in Johannesburg (US President Trump, Chinese President Xi and Russian President Putin did not attend the meeting) detracted from its success. In addition, the US behaved in a downright hostile manner towards the host country South Africa and expressed scepticism about the role of the G20 in the field of AI. A critical report by the Atlantic Council stated: "The US administration's current approach to AI—marked by a preference for domestic industrial strategy and selective bilateral partnerships—reflects a hardening belief that multilateral governance is either futile or dangerous. In too many parts of Washington, there is a sense that global cooperation simply helps China; that multilateral institutions dilute US influence; and that if the US leads on innovation, it doesn't need to lead on rules. The US administration's current approach to AI—marked by a preference for domestic industrial strategy and selective bilateral partnerships—reflects a hardening belief that multilateral governance is either futile or dangerous. In too many parts of Washington, there is a sense that global cooperation simply helps China; that multilateral institutions dilute US influence; and that if the US leads on innovation, it doesn’t need to lead on rules. This is a profound misreading of how power works in the digital age.[31]

G7: Focus on practice, SMEs and quantum technology

AI was also the focus of the G7 Digital Ministers' meeting in Montreal on 9 December 2025. For years, the G7 has been a pioneer in the development of AI policy guidelines. Launched in 2023, the G7 Hiroshima AI Process (HAIP)[32] became a blueprint for AI policy frameworks.

However, the "G7 2025 Industry, Digital and Technology Ministerial Declaration"[33] focuses less on the political aspects of AI development and more on the practical ones. The preamble to the document generally refers to the G7 pursuing a "human-centric approach" and supporting AI "that drives innovation and growth and benefits people, mitigates negative externalities, promotes our economic and national security, respects applicable legal frameworks, including human rights, and is enabled through Data Free Flow with Trust (DFFT)". In fact, however, the declaration is primarily concerned with accelerating innovative AI developments, especially in small and medium-sized enterprises (SMEs). An "SME AI Adoption Blueprint" and a "Toolkit for SMEs Deploying AI" were adopted. In addition, there will be an education initiative to ensure that the necessary personnel are available. With an eye to the future, a "G7 Joint Working Group on Quantum Technologies" was established.
Under Trump, the US sees its partners in the G7 less as a team for developing a uniform (Western) AI policy and more as a sales market for US tech companies. The "Golden Standard for AI" is to be set by the US. The UN initiatives on AI and WSIS+20 were not on the agenda of the G7 digital ministers.

Bletchley Process: Loss of momentum and looking towards India

The so-called Bletchley Process, launched in 2022 by then British Prime Minister Sunak, a series of AI summits bringing together governments and the private sector, has also lost significance.

The first AI summit in Bletchley near London[34] was attended by US Vice President Kamela Harris, French President Emanuel Macron and German Chancellor Scholz, as well as all the CEOs of the leading US tech companies and experts from China. The Bletchley Declaration recommended finding a balance between opportunities and risks in AI development and advocated for an "internationally inclusive network of scientific research on frontier AI safety that encompasses and complements existing and new multilateral, plurilateral and bilateral collaboration"[35].
At the follow-up meeting in Seoul in 2024, it was agreed to establish a network of "AI Safety Institutes".[36] At the third summit in Paris in February 2025, the USA refused to approve the final document.[37] The proposed regulatory measures would stifle innovation. Since then, the other initiatives of the Bletchley Process have also stalled.
India is now planning the fourth AI summit for February 2026.[38] It is the first AI summit in the Global South. According to Indian Prime Minister Modi, the aim of the New Delhi summit is to strengthen existing multilateral initiatives and set new priorities. The summit aims to set the course "to move from high-level political statements to demonstrable impact and tangible progress in global AI cooperation". However, there is considerable scepticism that the New Delhi summit will actually produce practical progress for the Global South.

III. Cybersecurity

Cybersecurity remains a prominent issue in the fourth quarter. In December 2025, the 80th UN General Assembly passed several resolutions on cybersecurity. On 25 October 2025, the UN Convention on Cybercrime was opened for signature. However, the most significant activities took place at the national level. For the major players in international politics, cybersecurity is now a key element of national security and digital sovereignty. Cybersecurity is increasingly seen as protection against military attacks, which inevitably leads to an arms race in the digital sphere.

UNGA: New "Global Mechanism" and resolutions on autonomous weapons

At the 80th UN General Assembly (UNGA), a total of four resolutions on cybersecurity and AI were adopted. It was decided to transform the Open-Ended Working Group (OEWG), which had been the UN platform for discussing cybersecurity issues since 2021, into a permanent "Global Mechanism". Other resolutions concerned negotiations on internet-based lethal autonomous weapons systems (LAWS) and the use of AI in the military domain. Only the UN resolution on the global mechanism was adopted by consensus. In the case of all other resolutions, the US and Russia in particular, but also other nuclear powers, voted against the texts presented.

With the unanimous adoption of UN Resolution 80/16 on 1 December 2025, the OEWG was transformed into a "Global Mechanism on developments in the field of ICTs in the context of international security and advancing responsible State behaviour in the use of ICTs" [39]. This means that the issue of cybersecurity now has a permanent place in the UN architecture. The first meeting of the new "Global Mechanism" is scheduled for March 2026 in New York. The mandate has not changed from that of the OEWG. The new body is responsible for standards to ensure cybersecurity and for confidence- and capacity-building measures such as the "Global ICT Security Cooperation and Capacity-Building Portal" and the "Global Point of Contact Directory" (PoC). The new body does not initially have a mandate to draft a UN cybersecurity convention. However, the issue remains on the agenda. The Global Mechanism operates under the First UNGA Committee, which is responsible for international security issues.
UN Resolution 80/57 of 1 December 2025 on autonomous weapon systems[40] refers to UN Secretary-General Guterres' call for an international treaty based on a "two-tier approach" of prohibition and regulation. Weapon systems that are beyond human control are to be banned. Weapon systems that use AI are to be bound by rules, above all international humanitarian law. The UN resolution refers to the "substantial progress" achieved in more than ten years of LAWS negotiations and calls on UN member states "to work towards completing the set of elements for an instrument." The resolution was adopted with 164 votes in favour, six against and seven abstentions. Russia, the USA, Israel, North Korea, Belarus and Burundi voted against. Abstentions came from Poland, China, Iran and Turkey, among others. Observers doubt that a result will be achieved in 2026, as Guterres wishes.
UN Resolution 80/58 of 1 December 2025 on AI in the military domain[41] was adopted with 167 votes in favour, five against and five abstentions. Russia, the USA, Israel, North Korea and Burundi voted against. Against the backdrop of the use of AI in the wars of 2025 – Ukraine, Gaza, Sudan – the resolution calls for more detailed consideration of the issue and schedules three days of informal consultations in Geneva in spring 2026. The consultations are intended to clarify the relevance of international law, particularly international humanitarian law, and to identify the humanitarian, legal, security, technological and ethical aspects of AI in military conflicts. This resolution also incorporates the recommendations of the Global Commission on Responsible AI in the Military Domain of May 2025, which, under the auspices of the Dutch government, proposed, among other things, that state and non-state stakeholders be equally involved in consultations.[42] The resolution takes this up and underlines "the importance of a multistakeholder approach".
UN Resolution 80/23 of 1 December 2025 deals with the potential risks of integrating AI into nuclear weapons systems.[43] The resolution calls for "human control and oversight to be maintained over command, control and communications systems of nuclear weapons." The use of AI in the management of nuclear weapons carries incalculable risks and increases the danger of their unintended use. The resolution was adopted with 118 votes in favour, nine against and 44 abstentions. Those voting against included the nuclear powers Russia, the US, China, France, the UK, Israel and North Korea. The non-nuclear EU states abstained.

Hanoi Convention: Signing despite Western criticism

In the presence of UN Secretary-General Guterres, the signing ceremony for the UN Convention on Cybercrime took place in Hanoi on 25 October 2025. Vietnamese Prime Minister Pham Minh Chinh welcomed more than 100 governments and numerous non-governmental representatives. Guterres said at the opening: "In cyberspace, nobody is safe until everybody is safe. One vulnerability anywhere can expose people and institutions everywhere. That is why we need a strong, collective, global response.... The UN Cybercrime Convention is a powerful, legally binding instrument to strengthen our collective defences against cybercrime. It is a promise that fundamental human rights such as privacy, dignity, and safety must be protected both offline and online. It is a testament to the continued power of multilateralism to deliver solutions. And it is a vow that no country, no matter their level of development, will be left defenceless against cybercrime"[44].

By 27 December 2025, 72 governments from 193 UN member states had signed the convention[45]. Russia initiated the negotiations in 2019 and, like China and numerous developing countries, was one of the first signatories. The European Union also signed the convention, but more than half of the EU member states, including Germany, were hesitant to sign at this stage. The US, which had voted in favour of the convention at the 79th UNGA in December 2024 (before the Trump administration took office), attended the signing ceremony but declined to sign the convention. Instead, the US spokesperson invited governments to join the "Global Coalition on Fostering the Future Together" presented by First Lady Melanie Trump at the opening of the 80th UNGA in September 2025.[46] The convention will enter into force 90 days after the 40th instrument of ratification has been deposited.
Western reservations about the UN convention mainly concern vague definitions of cybercrimes, a lack of safeguards against human rights violations such as freedom of expression and privacy, and international extradition procedures that invite abuse. The offer by Western states to accede to the Council of Europe's 2001 Budapest Convention on Cybercrime was rejected by the majority of countries in the Global South because they were not involved in the drafting of this convention. However, negotiations within the relevant Ad Hoc Committee (AHC) succeeded in establishing fundamental consistency between the Budapest Convention and the new Hanoi Convention.
In addition to over 100 governments, the Council of Europe, Interpol and non-governmental stakeholders were also represented at the signing ceremony. Google's Legal Council Nima Binara spoke on behalf of many Western observers: "For Google, the protection of human rights online is inseparable from our mission. Google believes the following three areas should feature strongly in any discussion: First, the continued, robust involvement of multi-stakeholders is vital at all further stages of the Convention. Second, it's vital that substantive human rights protections in the Convention be strengthened. Third, we believe it's equally vital that procedural safeguards should be strengthened.". [47]

National strategies: Arms build-up and regulation

In the fourth quarter of 2025, the most important countries took practical and regulatory measures to strengthen their national cyber security. Cyber security is increasingly taking on a military component. An arms race in the digital space is beginning to develop, especially against the backdrop of AI developments.

The US worked on a new National Cybersecurity Strategy in the fourth quarter of 2025. It is scheduled to be presented in January 2026. According to leaked information, the strategy contains six chapters: 1. cyber offence and deterrence; 2. aligning regulations to make them more uniform; 3. bolstering the cyber workforce; 4. federal procurement; 5. critical infrastructure protection; and 6. emerging technologies. The new strategy is primarily aimed at warding off cyber attacks from China. The White House National Cyber Director, Sean Cairncross, stated at the Meridian Summit in Washington in October 2025: "To date, I don't think the US has done a terrific job of sending the signal, in particular to China, that their behaviour in this space is unacceptable. It is meant to harm us. It sits on our critical infrastructure systems and threatens chaos. It tries to put us in strategic dilemmas that impact our decision-making. And that is something that is scaling. It is something that is seen as cost-free, I think, across the ocean, and that is something that needs to be reset so that there is strategic stability in this domain."[48]
China amended its cybersecurity law in the fourth quarter of 2025. It will come into force on 1 January 2026. A key addition to the new law is the stricter reporting requirements for companies. Operators of critical information infrastructures are now required in certain cases to send a significant cybersecurity notification within just 60 minutes. In other cases, the notification deadline is extended to four hours. These requirements are reinforced by administrative measures for notification of national cybersecurity incidents, which were published by the Cyberspace Administration of China (CAC) on 1 November 2025. This means that there is now a uniform framework that applies to all network operators who set up networks within China or offer services via Chinese networks. Penalties for non-compliance with reporting requirements can be as high as €1 million. [49]
On 16 October 2025, the European Commission adopted a Defence Readiness Roadmap that supplements existing cybersecurity regulations such as NIS 2. European Commission Vice-President Henna Virkkunen said: "Disruptive technologies and their rapid development, testing and embedding in defence capabilities are essential to modern warfare. The war in Ukraine clearly demonstrates how fast defence technologies evolve and how frontier technologies such as AI, quantum, cyber, and space-based systems provide rapid tactical change on the battlefield." The roadmap aims to bring the tech and defence industries closer together and increase Europe's production capacity through innovation.[50]
At a meeting with the leadership of the Russian Ministry of Defence on 17 December 2025, Russian President Putin called for rapid rearmament in the digital sphere: "Key areas of the state programme include air and missile defence systems, command and control systems, electronic warfare capabilities, and unmanned aerial vehicles (UAVs) operating in all environments.... The Russian army must continue to remain at the forefront of technological progress. This means accelerating the introduction of robotics, information technologies, and new materials into the Armed Forces, as well as expanding the use of artificial intelligence in command and control systems and autonomous combat platforms." [51]