Compare
Compare
India and the European Union share many values and principles, such as inclusiveness, democracy, and multilateralism. With 1.4 billion people, India is the largest democracy in the world and considers itself as a leader among the Global South. India and the EU share common visions of a rules-based global order and are aligned on their commitment to an open, free, secure, stable, peaceful, and accessible cyberspace, enabling economic growth and innovation. In light of India’s rapid digitization and connectivity, the EU-India Strategic Partnership & Roadmap to 2025 includes commitments to cooperate on new and emerging technologies, norms and regulatory frameworks, and international standards.
In recent years, Bosnia and Herzegovina has seen a consistent increase in the rate of Internet absorption along with a continuous extension of broadband access across urban and rural areas. As a potential EU candidate country, Bosnia has recently developed a burgeoning drive to advance the country’s digital and cyber capabilities in line with those of the European Union; ‘smart growth’ is notably included as one of the national priorities under the 2015 Strategic Framework. That said, the institutional, regulatory, and operational framework that would enable the realisation of this ambition is still nascent and the progress in many policy areas is undermined by the complexity of the distribution of powers between the central government and two entities: the Federation of Bosnia and Herzegovina and the Republika Srpska. In 2017, Bosnia formally adopted the Policy of Electronic Communications of Bosnia and Herzegovina 2017-2021, which is largely aligned with the Digital Agenda of Europe [x]. This vision of a Bosnian digital society is a key milestone for the country’s emerging cyber diplomatic apparatus as it clearly identifies the foundational pillars of the country’s ICT ecosystem, which in turn will assist in bringing it into closer alignment with European cyber priorities.
South Korea has made significant progress over the last decades when it comes to connectivity and is currently one of the leading states in terms of access and use of ICTs. While in 1995 less than one percent of Koreans used the internet, four years later the country passed the developed nation average and nowadays South Korea is a global leader in the field of connectivity and internet access. Government support for internet access has been instrumental in fostering this progress in connectivity through governmental programs, trainings and low interest loans to companies providing broadband access. Consequently, cyber issues were recognised as important to the bilateral relationship at the EU-South Korea Summit in 2015, and five cyber dialogues have taken place between 2015 and 2020.
As a member of the 2015 UNGGE group, India accepts that international law and specifically the UN Charter applies in its entirety in the cyber domain. India has noted the need to develop common understandings as to how international law should be interpreted, especially on the issues of what constitutes force and/or an armed attack in cyberspace and what the threshold of cyber-attacks should be to invoke Article 51 of the UN Charter.
In statements at the UN General Assembly, India has also specifically called for further elaboration on peacetime rules of international law, the law concerning the right of self-defence and international humanitarian law.
Apart from these calls for clarification and elaboration, however, India’s stance on specific aspects of international law and their interpretation remains unclear. This seems consistent with India’s recent reorientation of its foreign policy; since 2019, India’s wider approach has been marked by a shift from traditional non-alignment to issue-based ‘multi-alignment’ that reflects national priorities and interests. At the first substantive session of the 2021-2025 UNGGE, recalling its status as a potential candidate of the EU, Bosnia and Herzegovina aligned itself with the EU’s statement that the existing corpus of international law, notably the UN Charter, international humanitarian law, and international human rights law, apply in cyberspace in its entirety. In particular, this includes the principle of state sovereignty, sovereign equality, the settlement of disputes by peaceful means, the provision of the use of force non-intervention in the internal affairs of other states, and the respect for human rights and fundamental freedoms as principles of international law that are applicable to states use of ICTs in cyberspace. [x] Nevertheless, it has consistently refrained from aligning itself with the EU position in a number of key resolutions at the United Nations, including resolutions A/73/27 and A/74/29. As a member of the 2015 Group of Governmental Experts (UNGGE) and as per the Seoul Framework for and Commitment to an Open and Secure Cyberspace, the ROK recognises that international law, and in particular the UN Charter, is applicable in cyberspace and essential for maintaining security and stability as well as promoting an open, secure, peaceful, and accessible ICT environment.
The country also acknowledges that cybersecurity must go hand-in-hand with respect for human rights and fundamental freedoms as set forth in the Universal Declaration of Human Rights and other international instruments. The ROK notably co-sponsored the Human Rights Council Resolutions 20/8 and 26/13 concerning the promotion, protection and enjoyment of human rights on the Internet.
The country supports the idea of increasing interstate engagement and exchanging national views on how international law applies in cyberspace, both at the multilateral level as well as at the bilateral and regional levels.
In statements at the UN General Assembly, India has also specifically called for further elaboration on peacetime rules of international law, the law concerning the right of self-defence and international humanitarian law.
Apart from these calls for clarification and elaboration, however, India’s stance on specific aspects of international law and their interpretation remains unclear. This seems consistent with India’s recent reorientation of its foreign policy; since 2019, India’s wider approach has been marked by a shift from traditional non-alignment to issue-based ‘multi-alignment’ that reflects national priorities and interests. At the first substantive session of the 2021-2025 UNGGE, recalling its status as a potential candidate of the EU, Bosnia and Herzegovina aligned itself with the EU’s statement that the existing corpus of international law, notably the UN Charter, international humanitarian law, and international human rights law, apply in cyberspace in its entirety. In particular, this includes the principle of state sovereignty, sovereign equality, the settlement of disputes by peaceful means, the provision of the use of force non-intervention in the internal affairs of other states, and the respect for human rights and fundamental freedoms as principles of international law that are applicable to states use of ICTs in cyberspace. [x] Nevertheless, it has consistently refrained from aligning itself with the EU position in a number of key resolutions at the United Nations, including resolutions A/73/27 and A/74/29. As a member of the 2015 Group of Governmental Experts (UNGGE) and as per the Seoul Framework for and Commitment to an Open and Secure Cyberspace, the ROK recognises that international law, and in particular the UN Charter, is applicable in cyberspace and essential for maintaining security and stability as well as promoting an open, secure, peaceful, and accessible ICT environment.
The country also acknowledges that cybersecurity must go hand-in-hand with respect for human rights and fundamental freedoms as set forth in the Universal Declaration of Human Rights and other international instruments. The ROK notably co-sponsored the Human Rights Council Resolutions 20/8 and 26/13 concerning the promotion, protection and enjoyment of human rights on the Internet.
The country supports the idea of increasing interstate engagement and exchanging national views on how international law applies in cyberspace, both at the multilateral level as well as at the bilateral and regional levels.
India has assumed a stance of strategic ambiguity on the proliferation of norms for responsible state behaviour in cyberspace, positioning itself as a ‘bridge builder’ between the two camps that have emerged during multilateral cyber norm negotiations.
Its insistence on an enhanced role for intergovernmental institutions (such as the ITU) and its oscillating allegiance to the two polarised factions largely reflect the country’s long-standing focus on Westphalian sovereignty and the consequent belief in the primacy of the state as an actor in international affairs. This brings India to a certain degree of alignment with sovereignty-focused countries like China and Russia in the context of norm-building debates.
At the second substantive session of the Open-Ended Working Group (OEWG), India argued that voluntary norms do not necessarily increase the predictability of state behaviour within the ICT environment, but was not openly against the adoption of new voluntary norms; for instance, the country proposed the adoption of a new norm on refraining from weaponisation and offensive uses of ICTs along with countries like Iran, Cuba, and Nigeria. At the first substantive session of the 2021-2025 UNGGE, Bosnia and Herzegovina aligned itself with the EU’s position that the previous UNGGE and OEWG reports, including corresponding UNGA resolutions adopted by consensus, form the unequivocal basis for “any further discussions on the position, role, and implementation of the voluntary non-binding norms, rules and principles of state behaviour in cyberspace (norms)” [x]. In 2018, however, it voted in favour of Russian-sponsored resolution A/73/27, which launched the Open-Ended Working Group (OEWG) format. The ROK stands in favour of the adoption and elaboration of voluntary, non-binding norms of state behaviour during peacetime. It strongly upholds the 11 non-binding norms agreed upon in the 2015 UNGGE report and believes that further efforts should be undertaken to clarify and concretise them.
In addition, the ROK has put great emphasis on the principle of due diligence, consistently demonstrating its commitment through public statements at regional and international forums. The country believes that no new legally binding instrument is necessary for the moment, retaining a preference for the ‘soft law’ approach and maintaining that less resilient states should first focus on building capacity rather than reforming regulatory frameworks.
Its insistence on an enhanced role for intergovernmental institutions (such as the ITU) and its oscillating allegiance to the two polarised factions largely reflect the country’s long-standing focus on Westphalian sovereignty and the consequent belief in the primacy of the state as an actor in international affairs. This brings India to a certain degree of alignment with sovereignty-focused countries like China and Russia in the context of norm-building debates.
At the second substantive session of the Open-Ended Working Group (OEWG), India argued that voluntary norms do not necessarily increase the predictability of state behaviour within the ICT environment, but was not openly against the adoption of new voluntary norms; for instance, the country proposed the adoption of a new norm on refraining from weaponisation and offensive uses of ICTs along with countries like Iran, Cuba, and Nigeria. At the first substantive session of the 2021-2025 UNGGE, Bosnia and Herzegovina aligned itself with the EU’s position that the previous UNGGE and OEWG reports, including corresponding UNGA resolutions adopted by consensus, form the unequivocal basis for “any further discussions on the position, role, and implementation of the voluntary non-binding norms, rules and principles of state behaviour in cyberspace (norms)” [x]. In 2018, however, it voted in favour of Russian-sponsored resolution A/73/27, which launched the Open-Ended Working Group (OEWG) format. The ROK stands in favour of the adoption and elaboration of voluntary, non-binding norms of state behaviour during peacetime. It strongly upholds the 11 non-binding norms agreed upon in the 2015 UNGGE report and believes that further efforts should be undertaken to clarify and concretise them.
In addition, the ROK has put great emphasis on the principle of due diligence, consistently demonstrating its commitment through public statements at regional and international forums. The country believes that no new legally binding instrument is necessary for the moment, retaining a preference for the ‘soft law’ approach and maintaining that less resilient states should first focus on building capacity rather than reforming regulatory frameworks.
In matters related to cyber resilience, India has proven to be an active proponent of bilateralism. It has initiated cyber dialogues with actors like the US, the UK, Russia, Malaysia, the EU, and ASEAN, all of which include capacity-building elements. Internationally, the country has also been especially vocal on the need to establish cooperative mechanisms for developing and implementing bilateral, regional, and global confidence-building measures (CBMs).
In the context of multilateral fora, India has many a time reiterated that the issue of supply chain protection enjoys particular significance for them, especially in relation to ‘trust and trusted sources’ when it comes to preferring suppliers of ICT products and systems. It has also noted that capacity building actually goes beyond what is being dealt with under international security and is inherently tied to discussions on international legal instruments on cyberspace, where all states are equal and have the capacity to discuss legitimate matters under the auspices of the UN. The country has no overarching cybersecurity strategy. Elements of strategic contemplation over cybersecurity can be found within the Criminal Code, which criminalises critical infrastructure damage (including that of information systems) as an act of terrorism. The 2015-2020 Strategy for Prevention and Combating Terrorism reiterates an objective laid out in earlier documents regarding the setup of a dedicated national CERT that will develop and implement monitoring and response mechanisms vis-a-vis the misuse of the Internet for terrorist purposes. Bosnia and Herzegovina has been exploring potential avenues of cooperation with NATO, especially in relation to common solutions to security challenges in the area of cyber defence [x], while Bosnian scientists have also participated in the NATO SPS Programme. Finally, as a member state of the OSCE, Bosnia and Herzegovina is required to implement the OSCE’s 16 Confidence Building Measures (CBMs) as adopted by the OSCE Permanent Council. Driven by a proliferation of cyberthreats originating in the DPRK, Korean diplomats have consistently maintained that bridging the global gap in cybersecurity capabilities constitutes a central task for states; as such, countries should develop cyber defence capabilities to foster resilience in the global cyber ecosystem.
The South Korean government has introduced several international cooperation mechanisms, especially through the Korean Internet & Security Agency (KISA) and its Global Cybersecurity Centre for Development (GCCD) project. Through the GCCD, South Korea has worked with the World Bank and a series of partner countries in Latin America to organise workshops and exercises. Another important initiative is the Cybersecurity Alliance for Mutual Progress (CAMP) network, a mechanism launched in 2016 that provides a platform for Korea to share its expertise with a large group of partner countries and help them exchange knowledge and best practices.
In the context of multilateral fora, India has many a time reiterated that the issue of supply chain protection enjoys particular significance for them, especially in relation to ‘trust and trusted sources’ when it comes to preferring suppliers of ICT products and systems. It has also noted that capacity building actually goes beyond what is being dealt with under international security and is inherently tied to discussions on international legal instruments on cyberspace, where all states are equal and have the capacity to discuss legitimate matters under the auspices of the UN. The country has no overarching cybersecurity strategy. Elements of strategic contemplation over cybersecurity can be found within the Criminal Code, which criminalises critical infrastructure damage (including that of information systems) as an act of terrorism. The 2015-2020 Strategy for Prevention and Combating Terrorism reiterates an objective laid out in earlier documents regarding the setup of a dedicated national CERT that will develop and implement monitoring and response mechanisms vis-a-vis the misuse of the Internet for terrorist purposes. Bosnia and Herzegovina has been exploring potential avenues of cooperation with NATO, especially in relation to common solutions to security challenges in the area of cyber defence [x], while Bosnian scientists have also participated in the NATO SPS Programme. Finally, as a member state of the OSCE, Bosnia and Herzegovina is required to implement the OSCE’s 16 Confidence Building Measures (CBMs) as adopted by the OSCE Permanent Council. Driven by a proliferation of cyberthreats originating in the DPRK, Korean diplomats have consistently maintained that bridging the global gap in cybersecurity capabilities constitutes a central task for states; as such, countries should develop cyber defence capabilities to foster resilience in the global cyber ecosystem.
The South Korean government has introduced several international cooperation mechanisms, especially through the Korean Internet & Security Agency (KISA) and its Global Cybersecurity Centre for Development (GCCD) project. Through the GCCD, South Korea has worked with the World Bank and a series of partner countries in Latin America to organise workshops and exercises. Another important initiative is the Cybersecurity Alliance for Mutual Progress (CAMP) network, a mechanism launched in 2016 that provides a platform for Korea to share its expertise with a large group of partner countries and help them exchange knowledge and best practices.
Under the auspices of the OEWG, India has highlighted the need for “real-time cooperation between government agencies” in combatting cybercrime, cyberterrorism, and cyber threats more widely. To date, however, India has not signed any international cybercrime agreement. It voted in favour of a Russia-sponsored UNGA Resolution calling for the establishment of a separate cybercrime treaty.
Despite having brought its legal framework largely in alignment with the Budapest Convention, India remains a non-party because the document was drafted without the country’s participation, thus rending the treaty discriminatory. Another big objection has been raised on the basis of section 32.b, which gives intelligence agencies trans-border access to data for the purposes of criminal investigations with lawful and voluntary consent - a concern shared by Russia.
It has also been argued that the Mutual Legal Assistance (MLA) regime under Budapest is not effective, as it does not commit states to a firm promise of cooperation; from the perspective of the Indians, it would be preferable to replace this regime with a UN-driven process. Bosnia and Herzegovina is a party to the Budapest Convention on Cybercrime, officially acceding in 2006. As of 2019, however, domestic legislation at the state level had only been partially harmonised with Budapest provisions [x]. The country voted against the Russian-sponsored UN resolution that launched the institutional procedure for a new legal instrument on international cybercrime cooperation. Bosnian law enforcement regularly cooperates with Europol and is due to open negotiations for a cooperation agreement with Eurojust [x]. The ROK is generally a strong advocate of strengthening global cooperation against cybercrime. While it is not formally a signatory to the Budapest Convention, the country voted against the Russian-sponsored UNGA resolution calling for a new binding cybercrime treaty.
To promote cooperation among law enforcement agencies, the ROK’s Supreme Prosecutor’s Office (SPO) convenes regular meetings with the FBI, while also engaging with the Federal Criminal Police Office (BKA) in Germany and the European Cybercrime Centre (EC3) in the Netherlands.
On the basis of an increased awareness that Internet Service Providers (ISPs) are becoming “important partners to secure electronic evidences”, the SPO works along with Microsoft to operate the Government Security Program (GSP).
Despite having brought its legal framework largely in alignment with the Budapest Convention, India remains a non-party because the document was drafted without the country’s participation, thus rending the treaty discriminatory. Another big objection has been raised on the basis of section 32.b, which gives intelligence agencies trans-border access to data for the purposes of criminal investigations with lawful and voluntary consent - a concern shared by Russia.
It has also been argued that the Mutual Legal Assistance (MLA) regime under Budapest is not effective, as it does not commit states to a firm promise of cooperation; from the perspective of the Indians, it would be preferable to replace this regime with a UN-driven process. Bosnia and Herzegovina is a party to the Budapest Convention on Cybercrime, officially acceding in 2006. As of 2019, however, domestic legislation at the state level had only been partially harmonised with Budapest provisions [x]. The country voted against the Russian-sponsored UN resolution that launched the institutional procedure for a new legal instrument on international cybercrime cooperation. Bosnian law enforcement regularly cooperates with Europol and is due to open negotiations for a cooperation agreement with Eurojust [x]. The ROK is generally a strong advocate of strengthening global cooperation against cybercrime. While it is not formally a signatory to the Budapest Convention, the country voted against the Russian-sponsored UNGA resolution calling for a new binding cybercrime treaty.
To promote cooperation among law enforcement agencies, the ROK’s Supreme Prosecutor’s Office (SPO) convenes regular meetings with the FBI, while also engaging with the Federal Criminal Police Office (BKA) in Germany and the European Cybercrime Centre (EC3) in the Netherlands.
On the basis of an increased awareness that Internet Service Providers (ISPs) are becoming “important partners to secure electronic evidences”, the SPO works along with Microsoft to operate the Government Security Program (GSP).
