Compare
Compare
An EU candidate country since 2014, Albania has been eagerly embracing its digital revolution with the government ushering in an array of cyber and digital policy initiatives. In recent years, Albania has worked on adapting its legal framework to comply with the EU’s acquis communautaire and further approach the Digital Single Market. The Albanian policy framework ranks 1st across the Western Balkans region in fostering the inclusivity and competitiveness of digital society [x], while the country currently ranks 80th in the Global Security Index [x]. An OECD report praised Albania for enhancing intragovernmental cooperation, emphasising the cross-cutting character of ICT in its development strategies, and allocating resources towards the implementation of its digital strategy. Despite the proliferation of such policies, however, the country is currently the 5th largest source of cybercrime in Europe, suffering at least 1.3 million cyberattacks yearly [x]. As such, modernising cybercrime legislation and upgrading critical infrastructure protection constitute key priorities for Albanian policymakers.
According to the International Telecommunications Union (ITU), as of 2021, Peru had an internet penetration rate of around 71.1 %. However other indexes place this number in the mid 60’s. Although many improvements were made in the past few years, Peru still possesses low network coverage, especially in rural areas and a relatively low network performance.
The government of Peru has been implementing initiatives to increase connectivity in rural areas, including a national broadband plan and a program to deploy free Wi-Fi hotspots in public spaces, with a year-on-year increase of almost 100 %.
Peru ranked 86 out of 182 countries surveyed in the ITU’s Global Cybersecurity Index in 2020. China has the largest amount of users in the world, a significant digital economy growth potential, and its national Internet giants Alibaba, Didi, Tencent and Baidu are increasingly able to rival the biggest Western competitors in terms of market value and influence on the global tech landscape. China’s cyber diplomacy puts special attention towards equal participation, the principles of non-interference in internal affairs, non-use of force and peaceful settlement of disputes, and support for multilateral institutions to shape normative views on the governance of cyberspace. However, China’s propagation of the cyber-sovereignty approach to international cybersecurity policy and an absolutist reading of sovereignty in cyberspace provide a legal cloak for state practices that often run counter to the core European values of a global, open, and free Internet.
The government of Peru has been implementing initiatives to increase connectivity in rural areas, including a national broadband plan and a program to deploy free Wi-Fi hotspots in public spaces, with a year-on-year increase of almost 100 %.
Peru ranked 86 out of 182 countries surveyed in the ITU’s Global Cybersecurity Index in 2020. China has the largest amount of users in the world, a significant digital economy growth potential, and its national Internet giants Alibaba, Didi, Tencent and Baidu are increasingly able to rival the biggest Western competitors in terms of market value and influence on the global tech landscape. China’s cyber diplomacy puts special attention towards equal participation, the principles of non-interference in internal affairs, non-use of force and peaceful settlement of disputes, and support for multilateral institutions to shape normative views on the governance of cyberspace. However, China’s propagation of the cyber-sovereignty approach to international cybersecurity policy and an absolutist reading of sovereignty in cyberspace provide a legal cloak for state practices that often run counter to the core European values of a global, open, and free Internet.
At the first substantive session of the 2021-2025 UN Group of Governmental exports (UNGGE), Albania aligned itself with the EU’s statement that the existing corpus of international law, notably the UN Charter, international humanitarian law, and international human rights law, apply in cyberspace in its entirety. In particular, this includes the principle of state sovereignty, sovereign equality, the settlement of disputes by peaceful means, the provision of the use of force non-intervention in the internal affairs of other states, and the respect for human rights and fundamental freedoms as principles of international law that are applicable to states use of ICTs in cyberspace. [x] Albania has also consistently aligned itself with the EU position in a number of key resolutions at the United Nations, including resolutions A/73/27 and A/74/29. A 2015 policy paper notes that cybersecurity will only be “efficient” if it is “based on the fundamental human rights and freedoms, pursuant to the Charter of Fundamental Rights of the European Union and the universal values of the EU”. In the same vein, the 2020-2025 National Cybersecurity Strategy includes “improving the legal framework providing norms and regulating cybersecurity in the country, and aligning this framework with European Union directives and regulation” as a stated objective.
Peru is one of the Latin American countries to have signed and ratified the Council of Europe’s Convention 108+.
The country has also participated in the United Nations Open-ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. As a matter of fact, after the third substantive session of the OEWG, Peru issued a statement supporting the primacy of the UN Charter and the application of international law in the use of ICTs and in cyberspace, as well as the future establishment of legally binding obligations.
On the other hand, Peru along with Chile and the United States of America, has a divergent view on the notion of cyber attack and the applicability of international law. Peru states that in order for a cyber operation to be considered an attack, it results in direct death, injury or physical harm. In theory, China accepts that the principles enshrined within the UN Charter, including sovereign equality, prohibition on the use of force, settlement of disputes by peaceful means, non-intervention in the affairs of other states and fulfilment of international obligations in good faith, apply in cyberspace.
Nevertheless, the Chinese position is generally characterized by a reluctance to crystallise the precise ways in which existing customary and international treaty law might govern the cyber domain; the exact application of specific aspects of international law, such as laws on self-defence, state responsibility, and international humanitarian law, is claimed to remain unclear in the absence of international consensus.
Chinese delegations have also repeatedly cautioned against the “indiscriminate application of the law of armed conflicts”, arguing that the undue emphasis on jus ad bellum undermines stability in cyberspace by presupposing and thus effectively legitimising cyber conflict, consequently turning cyberspace into a “new battlefield”.
China regards proposals on regional exchanges of views and development of common understanding on the application of international law with particular scepticism, stating that states must work on reaching “universally-accepted consensus” on the application of international law, rather than engage in “self-explanations at regional levels or among a small group of countries”. The Chinese have also consistently favoured the adoption of new international legal instruments tailored to the attributes of cyberspace (lex specialis).
The country has also participated in the United Nations Open-ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. As a matter of fact, after the third substantive session of the OEWG, Peru issued a statement supporting the primacy of the UN Charter and the application of international law in the use of ICTs and in cyberspace, as well as the future establishment of legally binding obligations.
On the other hand, Peru along with Chile and the United States of America, has a divergent view on the notion of cyber attack and the applicability of international law. Peru states that in order for a cyber operation to be considered an attack, it results in direct death, injury or physical harm. In theory, China accepts that the principles enshrined within the UN Charter, including sovereign equality, prohibition on the use of force, settlement of disputes by peaceful means, non-intervention in the affairs of other states and fulfilment of international obligations in good faith, apply in cyberspace.
Nevertheless, the Chinese position is generally characterized by a reluctance to crystallise the precise ways in which existing customary and international treaty law might govern the cyber domain; the exact application of specific aspects of international law, such as laws on self-defence, state responsibility, and international humanitarian law, is claimed to remain unclear in the absence of international consensus.
Chinese delegations have also repeatedly cautioned against the “indiscriminate application of the law of armed conflicts”, arguing that the undue emphasis on jus ad bellum undermines stability in cyberspace by presupposing and thus effectively legitimising cyber conflict, consequently turning cyberspace into a “new battlefield”.
China regards proposals on regional exchanges of views and development of common understanding on the application of international law with particular scepticism, stating that states must work on reaching “universally-accepted consensus” on the application of international law, rather than engage in “self-explanations at regional levels or among a small group of countries”. The Chinese have also consistently favoured the adoption of new international legal instruments tailored to the attributes of cyberspace (lex specialis).
At the first substantive session of the 2021-2025 UNGGE, Albania aligned itself with the EU’s position that the previous UNGGE and OEWG reports, including corresponding UNGA resolutions adopted by consensus” form the unequivocal basis for “any further discussions on the position, role, and implementation of the voluntary non-binding norms, rules and principles of state behaviour in cyberspace (norms)” [x]. In 2018, Albania voted against the Russian-sponsored resolution A/73/27, which launched the Open-Ended Working Group (OEWG) format.
Peru stresses the need to make a distinction between 'cyber attacks' (which involve 'damage being caused to a militarily relevant target, which may be totally or partially destroyed, even captured or neutralised') and an 'abrupt disruption of communications in cyberspace', i.e. cyber operations that cause inconvenience, even extreme inconvenience, but not direct injury or death, or destruction of property. Accordingly, Peru emphasises the determination of the legality of cyber operations in the context of the use of force by taking into account whether they may result in death or injury to persons or property.
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'. China’s International Strategy on Cyberspace Cooperation highlights that the country is committed to the maintenance of peace and stability in cyberspace through international cooperation on norms of responsible state behaviour. In 2018, Chinese support for the Russia-sponsored UNGA Resolution A/RES/73/27 was instrumental in establishing the Open-Ended Working Group (OEWG) as an alternative forum to the UN Group of Governmental Experts (UN GGE), whose fifth iteration in 2017 had failed to reach consensus.
The country is in favour of formulating new norms of responsible state behaviour in light of recent ICT developments; during the latest OEWG discussions, China put forward specific proposals on formulating new rules on data security, in accordance with its own Global Initiative on Data Security.
China has repeatedly expressed a preference for non-voluntary, binding legal norms, arguing that the best option is to formulate “new international legal instruments consummate with the characteristics of cyberspace, with a view to maintaining peace in cyberspace, instead of using legal instruments as a tool to pursue accountability and punishment unilaterally.”
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'. China’s International Strategy on Cyberspace Cooperation highlights that the country is committed to the maintenance of peace and stability in cyberspace through international cooperation on norms of responsible state behaviour. In 2018, Chinese support for the Russia-sponsored UNGA Resolution A/RES/73/27 was instrumental in establishing the Open-Ended Working Group (OEWG) as an alternative forum to the UN Group of Governmental Experts (UN GGE), whose fifth iteration in 2017 had failed to reach consensus.
The country is in favour of formulating new norms of responsible state behaviour in light of recent ICT developments; during the latest OEWG discussions, China put forward specific proposals on formulating new rules on data security, in accordance with its own Global Initiative on Data Security.
China has repeatedly expressed a preference for non-voluntary, binding legal norms, arguing that the best option is to formulate “new international legal instruments consummate with the characteristics of cyberspace, with a view to maintaining peace in cyberspace, instead of using legal instruments as a tool to pursue accountability and punishment unilaterally.”
In recent years, Albania has significantly expanded its capacity-building activities, modernising both the relevant institutional apparatus and the diplomatic outreach accompanying it. Since 2017, ALCIRT, Albania’s national CSIRT, has been given an expanded mandate and merged with the National Authority for Electronic Certification and Cyber Security (AKCESK). AKCESK is responsible for preparing strategic documents relating to cybersecurity, drafting legislation, collaborating with relevant stakeholders (international organisations, civil society organisations, the private sector) and providing training. [x] Through AKCESK, Albania has signed Memoranda of Understanding (MOU) with several regional national CERTs (Kosovo, North Macedonia, Romania) and is currently negotiating similar MoUs with Serbia, Montenegro, Cyprus, and Slovenia. [x] AKCESK also frequently collaborates with the Council of Europe in relation to incident response and awareness training. [x] As a member of NATO, Albania signed the MoU with the NATO Cyber Incident Response Centre (NCIRC) on enhancing cyber defence in 2013 [x] and has participated in numerous NATO-led training initiatives, including the flagship Cyber Coalition exercise. Meanwhile, increased emphasis has been placed on the protection of critical infrastructure, with a 2015 government paper stating that future actions will be focused on “the protection and resilience capacity of critical infrastructure” and on “encouraging operators that own them to implement a full security architecture (including risk management and emergencies)”. [x] In 2020, Albania adopted its first-ever cybersecurity regulation for the electricity sector, which establishes incident reporting and assessment criteria for electricity operators. [x] This was reportedly only the first of many planned initiatives intended to reduce the country’s cyber vulnerabilities and increase trust in digital services.
The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a Digital Agenda in 2021 for Digital Transformation.
The Chinese International Strategy on Cyberspace Cooperation places a large emphasis on the development of confidence-building measures (CBMs) and engagement with partner countries through predictability-increasing practical measures to prevent unintended conflicts, respond to information operations, and ensure supply chain security in network equipment and industrial control systems.
Another key pillar of China’s cyber strategy is providing capacity-building assistance to developing countries. The Belt and Road Digital Economy International Cooperation Initiative, launched in 2017, and 'the Digital Silk Road' seek to internationalise Chinese technology made by state-owned or affiliated companies, including Huawei and ZTE, and therefore export Chinese technical standards abroad. Chinese outreach in this domain is most active in Africa, South America, and Central and Southeast Asia through projects such as the China-ASEAN Information Harbour and the China-Arabia Digital Silk Road Ningxia Hub. In addition to infrastructure investment, capacity building also focuses on enhancing information-sharing capacities, cyber defence personnel training, and crisis management.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a Digital Agenda in 2021 for Digital Transformation.
The Chinese International Strategy on Cyberspace Cooperation places a large emphasis on the development of confidence-building measures (CBMs) and engagement with partner countries through predictability-increasing practical measures to prevent unintended conflicts, respond to information operations, and ensure supply chain security in network equipment and industrial control systems.
Another key pillar of China’s cyber strategy is providing capacity-building assistance to developing countries. The Belt and Road Digital Economy International Cooperation Initiative, launched in 2017, and 'the Digital Silk Road' seek to internationalise Chinese technology made by state-owned or affiliated companies, including Huawei and ZTE, and therefore export Chinese technical standards abroad. Chinese outreach in this domain is most active in Africa, South America, and Central and Southeast Asia through projects such as the China-ASEAN Information Harbour and the China-Arabia Digital Silk Road Ningxia Hub. In addition to infrastructure investment, capacity building also focuses on enhancing information-sharing capacities, cyber defence personnel training, and crisis management.
Albania is a party to the Budapest Convention on Cybercrime, with the Albanian Parliament ratifying the Convention in 2002 [x]. Since then, however, national strategic documents have been acknowledging the incomplete harmonisation of national legislation with Budapest provisions. The most recent five-year National Cybersecurity Strategy states that “legislation in the cybersecurity field should be harmonised with EU legislation, thus creating a complete and codified mechanism to adequately address and resolve issues. Besides, where possible, international internet security mechanisms should be accessed, signed, ratified, and implemented”. The Strategy also places special emphasis on children’s online protection, elevating it into a key priority [x]. Aiming to implement the policy goals listed within the National Cybersecurity Strategy, the Strategy for Investigation of Cybercrime (2021-2025) lays out a number of objectives for law enforcement [x]: (1) extending the cybercrime investigation structure throughout the country and building technological and legal capacity; (2) presenting a prompt and efficient response to cybercrime, raising public awareness, taking legislative initiatives, and building professional capacity; (3) presenting a rapid and professional response to the prevention, prosecution, and investigation of cybercrime against children; and (4) increasing national and international cooperation in the field of cybercrime investigation with strategic partners. Albanian police forces have also collaborated with Europol in coordinated action against cyber fraud and through the launch of the Sell Safe awareness campaign. [x]
Peru’s signature and ratification of the Budapest Convention on Cybercrime, which is the only binding international instrument dealing with cybercrime, was a great step towards advancing a cyber agenda.
In 2019, Peru passed a Cyber Defence Act, with the objectives of defending and protecting sovereignty, national interests, critical national assets and key resources to maintain national capabilities against threats or attacks in and through cyberspace, when these affect national security.Peru has also passed a Cybersecurity Framework for the private sector, with the objective of identifying and protecting information assets, detecting security events, and providing for response and recovery from cybersecurity incidents.
In this context, there are more and more reports of cybercrime in the country. According to data from the Public Prosecutor's Office, in 2021 they received 18,596 reports of cybercrime cases, which represents a percentage increase of 92.9% compared to 2020, with phishing and ransomware being the most common attacks.
The Chinese Strategy on Cyberspace Cooperation notes that the country “supports the UN Security Council to play an important part in international cooperation against cyber terrorism” and “supports and contributes to UN effort on fighting cyber crimes”. China is not a party to or observer of the Budapest Convention; instead, it has consistently backed Russian bids in the UN to establish a new cybercrime treaty, with these efforts culminating in Resolution A/74/247 that created an Ad Hoc Committee for that purpose.
China has also signed the World Intellectual Property Organization Copyright Treaty (WIPO Copyright Treaty) in 1985 as well as the UN Convention Against Transnational Organised Crime and is a member of Interpol.
In addition, China has pursued regional avenues of cooperative engagement; within the context of the Shanghai Cooperation Organisation, for instance, the country agreed to participate in efforts to fight against terrorism, separatism, extremism, and international cybercrime.
It also supports joint cybersecurity exercises under the auspices of the Organisation.
In 2019, Peru passed a Cyber Defence Act, with the objectives of defending and protecting sovereignty, national interests, critical national assets and key resources to maintain national capabilities against threats or attacks in and through cyberspace, when these affect national security.Peru has also passed a Cybersecurity Framework for the private sector, with the objective of identifying and protecting information assets, detecting security events, and providing for response and recovery from cybersecurity incidents.
In this context, there are more and more reports of cybercrime in the country. According to data from the Public Prosecutor's Office, in 2021 they received 18,596 reports of cybercrime cases, which represents a percentage increase of 92.9% compared to 2020, with phishing and ransomware being the most common attacks.
The Chinese Strategy on Cyberspace Cooperation notes that the country “supports the UN Security Council to play an important part in international cooperation against cyber terrorism” and “supports and contributes to UN effort on fighting cyber crimes”. China is not a party to or observer of the Budapest Convention; instead, it has consistently backed Russian bids in the UN to establish a new cybercrime treaty, with these efforts culminating in Resolution A/74/247 that created an Ad Hoc Committee for that purpose.
China has also signed the World Intellectual Property Organization Copyright Treaty (WIPO Copyright Treaty) in 1985 as well as the UN Convention Against Transnational Organised Crime and is a member of Interpol.
In addition, China has pursued regional avenues of cooperative engagement; within the context of the Shanghai Cooperation Organisation, for instance, the country agreed to participate in efforts to fight against terrorism, separatism, extremism, and international cybercrime.
It also supports joint cybersecurity exercises under the auspices of the Organisation.
