Brazil is the world’s eighth largest economy in terms of GDP, and by far South America’s most populous and powerful state. While the country has suffered economic and political crises since 2014, it has made significant advances in domestic digitization and played a pivotal, albeit ambiguous role in international negotiations on cyberspace. Brazil has the world’s fifth largest internet user base, after China, India, the United States and Indonesia, and is a leading country in South America when it comes to ICTs usage. The share of Brazilians using the internet has increased from less than 3% of the population in 2000 to more than 68% in 2019. As such, Brazil remains a critical partner for the EU’s efforts to build a secure, stable and rights-based cyberspace.

India and the European Union share many values and principles, such as inclusiveness, democracy, and multilateralism. With 1.4 billion people, India is the largest democracy in the world and considers itself as a leader among the Global South. India and the EU share common visions of a rules-based global order and are aligned on their commitment to an open, free, secure, stable, peaceful, and accessible cyberspace, enabling economic growth and innovation. In light of India’s rapid digitization and connectivity, the EU-India Strategic Partnership & Roadmap to 2025 includes commitments to cooperate on new and emerging technologies, norms and regulatory frameworks, and international standards.

In October 2021, North Macedonia became one of the first countries among the Western Balkans partners to issue a digital ID to its citizens [x]; the deployment of the digital identity project is only indicative of the country’s turn towards digitalisation and e-government. With a total population of about 2.08 million, Internet penetration in North Macedonia stands at 84%, while data shows that there are about 2.25 million cellular mobile connections. [x] The rapid drive towards digitalisation, but also its accompanying risks and vulnerabilities, are accounted for by the 2022 Cybersecurity Strategy, the country’s first comprehensive cybersecurity strategy. The document largely reflects the country’s European ambitions and is explicitly based on the “principles of the Cybersecurity Strategy of the European Union and the NATO Cyber Defence Pledge”.

In accordance with the output produced by the 2013, 2015, and 2021 consensual reports of the United Nations Groups of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE), Brazil believes that international law enjoys general applicability in cyberspace. For Brazil, this also includes international humanitarian law and international human rights law. Nevertheless, Brazilian delegations have expressed concern that unqualified transfers of international humanitarian law and an unlimited right of self-defence could legitimise cyberspace as a military domain, while also challenging the protective value of sovereignty and cementing a Western-biased status quo.

As a member of the 2015 UNGGE group, India accepts that international law and specifically the UN Charter applies in its entirety in the cyber domain. India has noted the need to develop common understandings as to how international law should be interpreted, especially on the issues of what constitutes force and/or an armed attack in cyberspace and what the threshold of cyber-attacks should be to invoke Article 51 of the UN Charter. 
In statements at the UN General Assembly, India has also specifically called for further elaboration on peacetime rules of international law, the law concerning the right of self-defence and international humanitarian law. 
Apart from these calls for clarification and elaboration, however, India’s stance on specific aspects of international law and their interpretation remains unclear. This seems consistent with India’s recent reorientation of its foreign policy; since 2019, India’s wider approach has been marked by a shift from traditional non-alignment to issue-based ‘multi-alignment’ that reflects national priorities and interests.

At the first substantive session of the 2021-2025 UNGGE, recalling its candidate status, North Macedonia aligned itself with the EU’s statement that the existing corpus of international law, notably the UN Charter, international humanitarian law, and international human rights law, apply in cyberspace in its entirety. In particular, this includes the principle of state sovereignty, sovereign equality, the settlement of disputes by peaceful means, the provision of the use of force non-intervention in the internal affairs of other states, and the respect for human rights and fundamental freedoms as principles of international law that are applicable to states use of ICTs in cyberspace. [x] North Macedonia has also consistently aligned itself with the EU position in a number of key resolutions at the United Nations, including resolutions A/73/27 and A/74/29.

Brazilian diplomats portray Brazil’s role in the often polarised debates on norms of responsible state behaviour as that of a broker or strategic bridge-builder between the different camps rather than a mere ‘swing state’ and highlight that balancing between both camps serves to maintain an independent foreign policy. Brazil sought to focus its chairmanship of UN GGE’s third and fourth iterations on three issues: the role of civilians in cyber conflict, the right to respond, and attribution. Since the 2013 Snowden revelations, the country has been a stark champion of data protection, showcasing exceptional norm entrepreneurship
in relation to cyber-surveillance norms. Brazil has also expressed support for the proposal of adopting a legally binding instrument in the medium to long-term to prevent the militarisation of cyberspace.

India has assumed a stance of strategic ambiguity on the proliferation of norms for responsible state behaviour in cyberspace, positioning itself as a ‘bridge builder’ between the two camps that have emerged during multilateral cyber norm negotiations. 
Its insistence on an enhanced role for intergovernmental institutions (such as the ITU) and its oscillating allegiance to the two polarised factions largely reflect the country’s long-standing focus on Westphalian sovereignty and the consequent belief in the primacy of the state as an actor in international affairs. This brings India to a certain degree of alignment with sovereignty-focused countries like China and Russia in the context of norm-building debates. 
At the second substantive session of the Open-Ended Working Group (OEWG), India argued that voluntary norms do not necessarily increase the predictability of state behaviour within the ICT environment, but was not openly against the adoption of new voluntary norms; for instance, the country proposed the adoption of a new norm on refraining from weaponisation and offensive uses of ICTs along with countries like Iran, Cuba, and Nigeria.

At the first substantive session of the 2021-2025 UNGGE, North Macedonia aligned itself with the EU’s position that the previous UNGGE and OEWG reports, including corresponding UNGA resolutions adopted by consensus, form the unequivocal basis for “any further discussions on the position, role, and implementation of the voluntary non-binding norms, rules and principles of state behaviour in cyberspace (norms)” [x]. North Macedonia was also the only EU candidate country to have co-sponsored the 2020 Programme of Action (PoA), which explored the possibility of ending the dual-track discussions (UNGGE/OEWG) in favour of a permanent UN forum.

Brazil’s 2020 National Cybersecurity Strategy (E-Ciber) outlines ten strategic actions to be undertaken in relation to cyber resilience, which include the extension of international cooperation and the enhancement of protection for critical infrastructure. The Strategy pledges Brazil to encourage international cooperation in cybersecurity, participate in joint cyber resilience events and exercises, and expand cybersecurity cooperation agreements. On the level of discourse, Brazil remains committed to international cyber cooperation in resilience, staying true to its traditional stance in favour of multilateral solutions.

In matters related to cyber resilience, India has proven to be an active proponent of bilateralism. It has initiated cyber dialogues with actors like the US, the UK, Russia, Malaysia, the EU, and ASEAN, all of which include capacity-building elements. Internationally, the country has also been especially vocal on the need to establish cooperative mechanisms for developing and implementing bilateral, regional, and global confidence-building measures (CBMs). 
In the context of multilateral fora, India has many a time reiterated that the issue of supply chain protection enjoys particular significance for them, especially in relation to ‘trust and trusted sources’ when it comes to preferring suppliers of ICT products and systems. It has also noted that capacity building actually goes beyond what is being dealt with under international security and is inherently tied to discussions on international legal instruments on cyberspace, where all states are equal and have the capacity to discuss legitimate matters under the auspices of the UN.

The 2018-2022 Cybersecurity Strategy dedicates a full section to cyber resilience and the protection of ICT infrastructure. The stated objectives include expanding the capabilities of the national CERT (MKD-CIRT), identifying types of critical infrastructure, developing national procedures for cyber crisis management, developing incident reporting and monitoring mechanisms, and establishing a single and comprehensive legal framework for cyber resilience. In 2021, upon joining NATO, North Macedonia signed a Memorandum of Understanding aiming at enhancing cyber defence cooperation between NATO and the country’s defence authorities; the MoU particularly focuses on information-sharing, exchanging best practices, and increasing resilience. [x]

Brazil originally refrained from signing the Budapest Convention on Cybercrime and had expressed scepticism in response to invitations to accede. The argument advanced was that the treaty is Western-biased and lacking in inclusivity, given that Brazil was not part of the original drafting process. During voting for UNGA Resolution A/74/401, the Russian-sponsored proposal for a new binding Cybercrime Convention, Brazil abstained; during meetings with the BRICS leaders, however, Brazil had endorsed Russian pleas for a new cybercrime instrument to replace the Budapest regime. Upon invitation by the Council of Europe, Brazil finally initiated the process of accession to the Convention in December 2019 and is now an observer country.

Under the auspices of the OEWG, India has highlighted the need for “real-time cooperation between government agencies” in combatting cybercrime, cyberterrorism, and cyber threats more widely. To date, however, India has not signed any international cybercrime agreement. It voted in favour of a Russia-sponsored UNGA Resolution calling for the establishment of a separate cybercrime treaty. 
Despite having brought its legal framework largely in alignment with the Budapest Convention, India remains a non-party because the document was drafted without the country’s participation, thus rending the treaty discriminatory. Another big objection has been raised on the basis of section 32.b, which gives intelligence agencies trans-border access to data for the purposes of criminal investigations with lawful and voluntary consent - a concern shared by Russia. 
It has also been argued that the Mutual Legal Assistance (MLA) regime under Budapest is not effective, as it does not commit states to a firm promise of cooperation; from the perspective of the Indians, it would be preferable to replace this regime with a UN-driven process.

North Macedonia has ratified the Budapest Convention and its Additional Protocol [x]. Nevertheless, full harmonisation of the Macedonian legal regime with Budapest provisions is still a primary issue. In terms of institutional setup, analysis has pointed out that North Macedonia is lagging behind compared to other countries in the Western Balkans [x]. That said, the 2018-2022 Cybersecurity Strategy identifies several priorities regarding the “prevention, research, and adequate response” to cybercrime. These include: harmonising the national with international policies; developing a single, comprehensive legal framework for cybercrime; modernising authorities in charge of cybercrime; establishing formal procedures of information exchange; participating actively in the creation of international cybercrime regulations and standards, as well as their implementation on a national level; and providing continuous education and training for law enforcement entities in the field of cybersecurity, cybercrime, and electronic evidence. The country’s law enforcement authorities regularly cooperate with Europol, following the conclusion of a strategic agreement in 2007 and an operational agreement in 2011. [x]