China has the largest amount of users in the world, a significant digital economy growth potential, and its national Internet giants Alibaba, Didi, Tencent and Baidu are increasingly able to rival the biggest Western competitors in terms of market value and influence on the global tech landscape. China’s cyber diplomacy puts special attention towards equal participation, the principles of non-interference in internal affairs, non-use of force and peaceful settlement of disputes, and support for multilateral institutions to shape normative views on the governance of cyberspace. However, China’s propagation of the cyber-sovereignty approach to international cybersecurity policy and an absolutist reading of sovereignty in cyberspace provide a legal cloak for state practices that often run counter to the core European values of a global, open, and free Internet.

Thanks to its regulatory powers, robust digital economy, and active foreign and security policy, the European Union is one of the key players in cyberspace. The EU strongly promotes the position that international law, and in particular the United Nations (UN) Charter, applies in cyberspace. As a complement to binding international law, the EU endorses the voluntary non-binding norms, rules and principles of responsible State behaviour that have been articulated by the UN Group of Governmental Experts. It also encourages the development and implementation of regional confidence building measures, both in the Organisation for Security and Co-operation in Europe and other regions. On a bilateral level, the EU has established cyber dialogues with strategic partners to reinforce the exchange of good practices, lessons learnt and further the idea of responsible state behaviour in cyberspace.

As of 2009, Ukraine has been a member of the Eastern Partnership (EaP) and a strategic partner for the EU. On the basis of the EU-Ukraine Association Agreement (AA) signed in 2014, the country has engaged in legislative and policy reforms aiming at gradual convergence with the EU acquis, including on digital economy. During the past two years, digitalisation has become a “flagship topic” in Ukraine, with a growing focus on e-government, digital citizenship, and state support for the local IT industry. Ukraine suffered large-scale cyberattacks during the 2014 presidential elections [x], distributed denial of service (DDoS) attacks during the Russian invasion of Crimea in 2014 [x], malware attacks on its power grid in 2015 [x], and was also heavily impacted by the devastating global-scale NotPetya attack in 2017. This explains why Ukraine prioritised capacity building efforts to strengthen its cyber resilience.

In theory, China accepts that the principles enshrined within the UN Charter, including sovereign equality, prohibition on the use of force, settlement of disputes by peaceful means, non-intervention in the affairs of other states and fulfilment of international obligations in good faith, apply in cyberspace. 
Nevertheless, the Chinese position is generally characterized by a reluctance to crystallise the precise ways in which existing customary and international treaty law might govern the cyber domain; the exact application of specific aspects of international law, such as laws on self-defence, state responsibility, and international humanitarian law, is claimed to remain unclear in the absence of international consensus. 
Chinese delegations have also repeatedly cautioned against the “indiscriminate application of the law of armed conflicts”, arguing that the undue emphasis on jus ad bellum undermines stability in cyberspace by presupposing and thus effectively legitimising cyber conflict, consequently turning cyberspace into a “new battlefield”. 
China regards proposals on regional exchanges of views and development of common understanding on the application of international law with particular scepticism, stating that states must work on reaching “universally-accepted consensus” on the application of international law, rather than engage in “self-explanations at regional levels or among a small group of countries”. The Chinese have also consistently favoured the adoption of new international legal instruments tailored to the attributes of cyberspace (lex specialis).

Under the auspices of the UN, the EU and its Member States have consistently reaffirmed that a universal cyber security framework can only be grounded in existing international law, including the Charter of the United Nations in its entirety, international humanitarian law, and international human rights law. 
Addressing issues as to how existing international law and international humanitarian law, including the principles of humanity, necessity, proportionality and distinction, apply to the use ICTs by States is necessary to increase accountability and transparency. International humanitarian law is fully applicable in cyberspace and this should not be misunderstood as legitimising the use of force between states in the cyber domain. The EU has typically opposed calls for the need to adapt existing international law as a means to develop a new legal instrument for cyber issues.

-

China’s International Strategy on Cyberspace Cooperation highlights that the country is committed to the maintenance of peace and stability in cyberspace through international cooperation on norms of responsible state behaviour. In 2018, Chinese support for the Russia-sponsored UNGA Resolution A/RES/73/27 was instrumental in establishing the Open-Ended Working Group (OEWG) as an alternative forum to the UN Group of Governmental Experts (UN GGE), whose fifth iteration in 2017 had failed to reach consensus. 
The country is in favour of formulating new norms of responsible state behaviour in light of recent ICT developments; during the latest OEWG discussions, China put forward specific proposals on formulating new rules on data security, in accordance with its own Global Initiative on Data Security. 
China has repeatedly expressed a preference for non-voluntary, binding legal norms, arguing that the best option is to formulate “new international legal instruments consummate with the characteristics of cyberspace, with a view to maintaining peace in cyberspace, instead of using legal instruments as a tool to pursue accountability and punishment unilaterally.”

Since 2014, the EU’s ambition has been to act as an ‘honest broker’ on multilateral discussions surrounding issues of cyber governance and norms of responsible state behaviour, aiming to ensure the support and partnership of proactive players in the context of the global debate. The EU has long promoted the need for voluntary, non-binding norms. It believes that norms crystallised under the UN GGE process should generally not be revisited and that progress should be made on matters relating to their implementation. 
Within the OEWG, the EU advanced a suggestion to develop a global repository of existing practice within the United Nations, which would enable UN member states to showcase how they are implementing the voluntary norms of responsible state behaviour, confidence building and other measures.

-

The Chinese International Strategy on Cyberspace Cooperation places a large emphasis on the development of confidence-building measures (CBMs) and engagement with partner countries through predictability-increasing practical measures to prevent unintended conflicts, respond to information operations, and ensure supply chain security in network equipment and industrial control systems. 
Another key pillar of China’s cyber strategy is providing capacity-building assistance to developing countries. The Belt and Road Digital Economy International Cooperation Initiative, launched in 2017, and 'the Digital Silk Road' seek to internationalise Chinese technology made by state-owned or affiliated companies, including Huawei and ZTE, and therefore export Chinese technical standards abroad. Chinese outreach in this domain is most active in Africa, South America, and Central and Southeast Asia through projects such as the China-ASEAN Information Harbour and the China-Arabia Digital Silk Road Ningxia Hub. In addition to infrastructure investment, capacity building also focuses on enhancing information-sharing capacities, cyber defence personnel training, and crisis management.

The EU places great importance on cyber resilience and capacity building. Internally, the Union has built a robust legal acquis in relation to the resilience of critical infrastructures, the cornerstone of which rests upon the 2016 Network and Information Security (NIS) Directive and the 2013 and 2019 Cybersecurity Acts. This legal meshwork seeks to integrate cybersecurity into all elements of the supply chain and introduce soft law mechanisms like the EU cybersecurity certification scheme. In doing so, it harmonises national cybersecurity capabilities, cross-border collaboration and the supervision of critical sectors across the EU. 
In the coming months, the Commission intends to add upon the existing cyber-acquis by introducing an array of new initiatives, such as the updated NIS Directive (the so-called NIS2), a proposal on a Critical Entities Resilience (CER) Directive, and a plan to launch a network of Security Operations Centres across the Union. The aim is to create a Union-wide ‘cybersecurity shield’ that will facilitate the detection of cyberattacks and provide an impetus for proactive action. 
This internal buildup of capabilities is supplemented by the development of a specialised ‘cyber diplomacy toolbox’ that allows the Union and its Member States to address cyber incidents through various joint policies, from cooperation and stabilisation measures to restrictive measures and attribution.

-

The Chinese Strategy on Cyberspace Cooperation notes that the country “supports the UN Security Council to play an important part in international cooperation against cyber terrorism” and “supports and contributes to UN effort on fighting cyber crimes”. China is not a party to or observer of the Budapest Convention; instead, it has consistently backed Russian bids in the UN to establish a new cybercrime treaty, with these efforts culminating in Resolution A/74/247 that created an Ad Hoc Committee for that purpose. 
China has also signed the World Intellectual Property Organization Copyright Treaty (WIPO Copyright Treaty) in 1985 as well as the UN Convention Against Transnational Organised Crime and is a member of Interpol. 
In addition, China has pursued regional avenues of cooperative engagement; within the context of the Shanghai Cooperation Organisation, for instance, the country agreed to participate in efforts to fight against terrorism, separatism, extremism, and international cybercrime. 
It also supports joint cybersecurity exercises under the auspices of the Organisation.

The EU has been an early champion of the Budapest Convention signed under the auspices of the Council of Europe, given the overlapping membership of the two organisations. Much of the EU’s cyber diplomatic efforts have focused on promoting the Convention as the main instrument of choice for fighting cybercrime on a global level. EU member states have consistently opposed Russian bids for replacing this regime with another legal framework. 
The Union is represented in the recently constituted Ad Hoc Committee established by UNGA resolution 74/247 by its Member States and is currently focused on ensuring that the process is inclusive, transparent, consistent with the progress of the UNGGE and OEWG processes, and committed to legal consistency.

-