Federal Department of Foreign Affairs FDFA

Eleven norms of responsible state behaviour in cyberspace

Digital technologies are transforming the economy, society and international relations. As an economic and research hub, Switzerland seeks to maintain its privileged position alongside some of the world's most competitive actors. It actively supports the UN's normative framework to promote responsible state behaviour in the digital space and promotes multilateral cooperation in this area.

 11 green and red boxes shows what states should and should not do in the digital space.

The UN voluntary norms setting out what states should and should not do in the digital space. © Australian Strategic Policy Institute, ASPI

Nowadays, flows of data and sensitive information are constantly passing through the digital space, and rapid technological development offers ample opportunities for economic prosperity, sustainable development and the advancement of society. Unfortunately these technologies are often diverted from their intended purpose, whether to impose restrictions on the internet, limitations on human rights and fundamental freedoms, or for data theft or cyber attacks.

Cyber security is one of the major challenges facing all states in the modern era, and the digital space is now at the heart of international geopolitical tensions which centre on the differing views of the state's role in the regulation of the internet.

Cyber security – a key issue at the UN

International cyber security has been on the UN's agenda for close to 20 years. A number of working groups have been set up to promote exchange and dialogue among experts and governmental representatives on the potential threats to peace and international security posed by the use of information and communication technologies.

The UN discussions have improved our understanding of the threats linked to use of the digital space and resulted in the definition of a normative framework to tackle them. The aim is to establish a climate of trust between states and to enhance cooperation between industrial countries and the developing world.

Since 2004, five Groups of Governmental Experts (GGEs) on cyber security, including representatives of 15 to 25 member states, have been convened, and a sixth is under way (2019–21). The GGE is responsible for studying existing and potential threats linked to the digital space and looking at collective measures that could be implemented to address them. Switzerland is participating for the second time since 2016–17.

Meanwhile, since 2019, all United Nations member states have been represented in the Open-Ended Working Group (OEWG), chaired by the permanent representative of Switzerland to the UN, Jürg Lauber. This is the first time that the international community in its entirety has taken concrete steps to transpose and implement the measures proposed by the GGEs. These include applying and respecting international law (in particular the United Nations Charter) and complying with a set of voluntary norms.

The UN framework: four pillars and 11 voluntary norms

The normative framework developed by the GGEs to promote responsible state behaviour in cyberspace is based on four pillars: international law; 11 voluntary norms setting out what states should and should not do in the digital space; various confidence-building measures, in particular to strengthen transparency, predictability and stability; and capacity building.  On 12 March 2021, all the United Nations member states endorsed the OEWG's final report, thereby reaffirming this framework.

The normative framework to promote responsible state behaviour in cyberspace is based on four pillars. This video explains them. (Australian Strategic Policy Institute, ASPI Video)

Of the 11 norms of responsible state behaviour in cyberspace, eight are actions that states want to encourage, while the other three involve actions that countries should avoid. The framework is primarily about promoting interstate cooperation, respecting human rights and privacy, protecting critical infrastructure, safeguarding global supply chains, providing assistance when required and preventing the malicious use of digital technologies on states' national territories.

Of the 11 norms of responsible state behaviour in cyberspace, eight are actions that states want to encourage, while the other three involve actions that countries should avoid.

Switzerland supports the UN in its mission to promote dialogue

As a highly interconnected country, Switzerland has an interest in 'the supremacy of law over the rule of might', including in the digital space. This is why it defined improving global cyber security as an objective in its Foreign Policy Strategy 2020–23. A thematic strategy dedicated to digital developments in Switzerland and internationally was adopted in late 2020 and sets out a specific policy framework for the period 2021–24.

In line with its digital foreign policy, Switzerland thus supports various international norms set out by the UN and seeks to collaboratively shape the operational aspects, and to contribute to practical implementation and mainstreaming efforts. It supports the UN in its mission to promote dialogue and multilateral cooperation in the field of digital technologies, and is an active participant in both the GGE and the OEWG. The two working groups have similar mandates and share the goal of enhancing the effectiveness of the agreed measures. But beyond the international norms established by the members of the United Nations, Switzerland also calls for countries to make a voluntary commitment to mutual respect in cyberspace as this is essential to promote confidence and mutual cooperation between states and to ensure good governance in the digital space.

As an economic and research hub, and as host state to numerous international organisations, Switzerland must maintain its privileged position alongside some of the world's most competitive actors.  Consequently, improving cyber security and assessing the threats posed by the use of ICT are concerns for Switzerland on several levels, both to protect its citizens, institutions, businesses and organisations based on its territory, but also to guarantee access to a free, open, safe, stable, accessible and peaceful internet for all. The federal government therefore carries over all the fundamental values that guide its policy into the virtual world and promotes the role of International Geneva.

Complementary strategies for coherent foreign policy

In its Foreign Policy Strategy 2020–23, published at the end of January 2020, the Federal Council set out overall objectives informed by an analysis of the current global environment, and the developments and trends likely to affect Switzerland in the years to come.

For Switzerland to implement its foreign policy in a coordinated and coherent manner in all regions of the world, its strategies must complement each other. While the Foreign Policy Strategy formulates the overall objectives and approach, the regional and thematic strategies set out the priorities in specific fields and regions. Switzerland's Digital Foreign Policy Strategy 2021–24 is part of this.

Portrait Nadine Olivieri Lozano
Nadine Olivieri Lozano, Ambassador, head of the International Security Division, and Swiss delegate and expert at the OEWG and the GGE. © FDFA

Interview with Nadine Olivieri Lozano

The digital space offers huge opportunities for international prosperity as long as it is not compromised by malicious activities that jeopardise international stability and security. What type of threats are we talking about here?

Firstly, I'm keen to stress that it's the malicious use of technology that can pose a threat, and not the technology itself. We're talking about serious incidents that can jeopardise international peace and security. In recent years, we've noticed an increase in incidents involving the malicious use of information and communication technologies (ICT) by state and non-state actors, for example to attack critical infrastructure. In Ukraine, the electricity grid was attacked, in Switzerland, the arms company RUAG was targeted, and in Poland, government websites were hacked to spread misinformation. This same sort of misinformation was also used to try and sway the US elections. Attacks on hospitals during the COVID-19 pandemic are particularly serious as they directly put lives at risk. And finally, attacks on technology companies and their software – as in the case of SolarWinds – can also pose a significant threat as this software is used by many states and governments.

Why are these 11 voluntary norms necessary?

These norms govern what states can and can't do in the digital space in a clear and simple way. They are based on and complement existing international law. We could also call them the '11 commandments' of responsible state behaviour in the digital space. If states follow and apply these 'commandments', their behaviour is more predictable. This enhances security and prevents conflicts, which is important for a free, open, secure and peaceful digital space.

How has Switzerland contributed to the UN's normative framework?

The foundations of the normative framework were laid in the GGE's 2013 and 2015 reports. Switzerland was not a member of the GGE at the time, but all the UN member states – including Switzerland – approved the framework. The normative framework is not set in stone, however. It's more like the foundations of a house that we can build on. Switzerland is playing a part, for example through its participation in the GGE (2019–21) and in the OEWG. In this context, but also within the OSCE, it upholds international law, and is involved in clarifying and implementing voluntary, non-binding norms and confidence-building measures. It is also contributing to capacity-building efforts, particularly in the area of international law.

Is it sufficient to apply existing law in the digital space or are new rules called for in this area?

In Switzerland's view, there is no need for new rules at the moment. Before we can develop new rules, we need to have a clear understanding of how existing law is applied in the digital space. All UN member states recently reaffirmed within the OEWG that international law also applies in the digital space. For certain rules, this is relatively straightforward. For example, the prohibition of violence also applies in the digital space. For other rules, however, we need to examine in greater detail exactly how they are implemented. An example would be the rules on international humanitarian law, in other words what states can and can't do in the event of cyber warfare. Only once we have clarified these issues will we be able to evaluate whether new rules are necessary.

How can Switzerland help ensure greater respect of international law in the digital space? 

Firstly, it can do so by working constantly within the United Nations and other international organisations to uphold and strengthen international law. Switzerland has done this within the OEWG and continues to do so within the GGE.  Secondly, it can help clarify the way in which international law should be applied in concrete terms in the digital space by stating where Switzerland stands on the issue. By setting out and promoting its position, Switzerland can help bring greater legal certainty. In this way, it can also shape the international position on the digital space to reflect Switzerland's interests.  Thirdly, it can make a tangible contribution to promoting clarity and a shared understanding of the application of international law by organising dialogue between states.

Back to top