India and the European Union share many values and principles, such as inclusiveness, democracy, and multilateralism. With 1.4 billion people, India is the largest democracy in the world and considers itself as a leader among the Global South. India and the EU share common visions of a rules-based global order and are aligned on their commitment to an open, free, secure, stable, peaceful, and accessible cyberspace, enabling economic growth and innovation. In light of India’s rapid digitization and connectivity, the EU-India Strategic Partnership & Roadmap to 2025 includes commitments to cooperate on new and emerging technologies, norms and regulatory frameworks, and international standards.

The United States has historically been a strong partner in cyber diplomacy for the EU based on common values (human rights, rule of law), goals (open, stable and secure cyberspace) and interpretation of international law. Cyber diplomacy with the US has also been operationalised in the form of information-sharing and cooperation to tackle cybercrime, cooperation on cyber defence via NATO and cyber capacity building in third countries. Despite differences over certain foreign policy issues, the EU and the US remain close allies in cyberspace.

The digital economy is amongst the most powerful loci of Canadian economic growth; over the past decade, the digital economy grew roughly 40 per cent faster than – and generated almost four times as many jobs as – the overall economy. However, this spurt has also led to increased vulnerabilities in relation to cybersecurity; in 2020, successful cyber attacks affected 78% of Canadian companies. Canada has quietly developed a robust cyber diplomacy approach aiming at promoting a rules-based international order in cyberspace, in line with the goals of other ‘like-minded’ states (including European Union countries). Both the EU and Canada share a vision of cyberspace as a domain of human activity that is open, free, and secure, and which is characterized by due regard for fundamental rights and democratic values. As such, Canada is an important strategic partner for Europe.

As a member of the 2015 UNGGE group, India accepts that international law and specifically the UN Charter applies in its entirety in the cyber domain. India has noted the need to develop common understandings as to how international law should be interpreted, especially on the issues of what constitutes force and/or an armed attack in cyberspace and what the threshold of cyber-attacks should be to invoke Article 51 of the UN Charter. 
In statements at the UN General Assembly, India has also specifically called for further elaboration on peacetime rules of international law, the law concerning the right of self-defence and international humanitarian law. 
Apart from these calls for clarification and elaboration, however, India’s stance on specific aspects of international law and their interpretation remains unclear. This seems consistent with India’s recent reorientation of its foreign policy; since 2019, India’s wider approach has been marked by a shift from traditional non-alignment to issue-based ‘multi-alignment’ that reflects national priorities and interests.

The US believes that international law is applicable in cyberspace. As part of the ‘like-minded’ coalition, the US recognises a need to acknowledge the full breadth of relevant international law, including international humanitarian law (IHL), human rights law, customary international law on the responsibilities of states for internationally wrongful acts. The general applicability of IHL in cyberspace is not to be misconstrued as a tacit endorsement of aggression in the cyber domain; instead, it only serves to remind states of the responsibility to respect and protect civilians in the event of armed conflict. 
In the context of multilateral fora, US diplomats have specifically emphasised the applicability of the right to self-defence under Art. 51 of the UN Charter, noting that a State may lawfully take cyber-based or non-cyber-based countermeasures in response to internationally wrongful cyber activities attributable to another State, but only subject to the requirements of the doctrine under international law and the principles of necessity and proportionality.

As per the conclusions of the 2013, 2015, and 2021 UN GGE (Group of Governmental Experts) reports, Canada believes that international law applies in cyberspace and is “essential to maintaining peace and stability” as well as “promoting an open, secure, peaceful, and accessible ICT environment”; according to Canada, the applicability of international law “puts guardrails on states’ behaviour in cyberspace”. Applicable legal instruments include the UN Charter, the law on state responsibility (including countermeasures), International Human Rights Law, and International Human Rights Law (IHL). Canada does not favour the establishment of a treaty or binding legal instrument on cyber issues, arguing that it would undermine existing international law and norms of responsible state behaviour. Instead, Canada believes that existing international law and agreed-upon norms are sufficient to guide State behaviour in cyberspace.

India has assumed a stance of strategic ambiguity on the proliferation of norms for responsible state behaviour in cyberspace, positioning itself as a ‘bridge builder’ between the two camps that have emerged during multilateral cyber norm negotiations. 
Its insistence on an enhanced role for intergovernmental institutions (such as the ITU) and its oscillating allegiance to the two polarised factions largely reflect the country’s long-standing focus on Westphalian sovereignty and the consequent belief in the primacy of the state as an actor in international affairs. This brings India to a certain degree of alignment with sovereignty-focused countries like China and Russia in the context of norm-building debates. 
At the second substantive session of the Open-Ended Working Group (OEWG), India argued that voluntary norms do not necessarily increase the predictability of state behaviour within the ICT environment, but was not openly against the adoption of new voluntary norms; for instance, the country proposed the adoption of a new norm on refraining from weaponisation and offensive uses of ICTs along with countries like Iran, Cuba, and Nigeria.

As stated in the 2018 National Security Strategy, the United States views voluntary, non-binding norms of state behaviour during peacetime as essential components of a framework of responsible State behaviour in cyberspace. The US has participated in all iterations of the UN Group of Governmental Experts (UNGGE) as well as the latest Open-Ended Working Group.
In these multilateral fora, US diplomats have typically opposed attempts at shifting to a legally binding status for norms of responsible state behaviour, arguing that such discussions are “premature” and do not represent the best way to address the immediate threats given the fast pace of technological developments. 
The starting basis for any further discussions on the part of the US rests on the current buildup of consensus surrounding the norms identified in the 2015 and 2021 GGE reports. Efforts should be concentrated on the implementation of existing consensus norms, not the creation of entirely new normative concepts (i.e. in relation to harmful hidden functions and specific critical infrastructure sectors).

Canada regards the applicability of norms of responsible state behaviour in cyberspace, together with existing international law, as the “foundation of sustaining international peace and security […] in cyberspace”. This is why it has strongly promoted the adoption and implementation of the UN GGE norms in various fora, including the G7, G20, North American Leaders’ Summit, NATO, ASEAN, and the OSCE. From Canada’s perspective, there is no need to develop new norms; international cooperation efforts should instead focus on fostering States’ capacity-building abilities, as well as the implementation and operationalization of existing norms. Canada has also been the biggest proponent of taking gender considerations into account when discussing the implementation of cyber norms, advocating for greater women’s participation and gender equality in the field of cybersecurity.

In matters related to cyber resilience, India has proven to be an active proponent of bilateralism. It has initiated cyber dialogues with actors like the US, the UK, Russia, Malaysia, the EU, and ASEAN, all of which include capacity-building elements. Internationally, the country has also been especially vocal on the need to establish cooperative mechanisms for developing and implementing bilateral, regional, and global confidence-building measures (CBMs). 
In the context of multilateral fora, India has many a time reiterated that the issue of supply chain protection enjoys particular significance for them, especially in relation to ‘trust and trusted sources’ when it comes to preferring suppliers of ICT products and systems. It has also noted that capacity building actually goes beyond what is being dealt with under international security and is inherently tied to discussions on international legal instruments on cyberspace, where all states are equal and have the capacity to discuss legitimate matters under the auspices of the UN.

The March 2021 Interim National Security Strategic Guidance states that “[the US] will make cybersecurity a top priority, strengthening our capability, readiness, and resilience in cyberspace.” Following the recommendations of the 2020 Solarium Commission, the US government has adopted the concept of ‘layered resilience’ and is gradually rolling out a comprehensive arsenal of resilience measures across a variety of domains. 
The US has been active in engaging in strategically-minded capacity building with partners; US capacity building in Africa with organisations such as the African Union and SADC, for instance, have been largely motivated by Washington’s wish to promote an open, secure, and democratic model for Internet governance across the African continent. 
In relation to cyber defence, there have been several joint operations and military exercises, both bilaterally (e.g. between the US Cyber Command and the Montenegrin military) and under the auspices of NATO. Recent regional engagement efforts such as the dialogues in the context of the tripartite AUKUS coalition and the Structured Quadrilateral Security Dialogue (the eponymous Quad) also heavily feature references to collaborative cyber-capacity building. In multilateral fora, the US has also welcomed the inclusion of confidence-building measures in the GGE reports and noted that, in order for CBMs to be useful, they need to be implemented at minimum on a bilateral basis and preferably on a multilateral and eventually an international basis.

The Canadian National Cyber Security Strategy puts an emphasis on “secure and resilient Canadian systems”, specifically critical infrastructure such as electricity grids, communications networks, and financial institutions. The ambition to help other countries expand their capacity building activities has been a key aspect of Canada’s cyber engagement strategy and its concurrent aim of promoting an “open, secure, and multistakeholder-led Internet”. Under the auspices of the OEWG, Canada has argued that “member States must make cyber security capacity development a priority at the highest level” and that “it is […] important to analyze and assess the capacity building needs collaboratively and agree on a collective approach”. Through the Anti-Crime Capacity Building Program (ACCBP), Canada has committed $27.7M to cyber capacity building, primarily in Latin America. ACCBP also assists countries in developing their own national cyber strategies and cybersecurity standards while also ensuring respect for human rights and privacy for all citizens. Meanwhile, Canada has been cooperating with several international and regional organizations on the development and implementation of Confidence-Building Measures (CBMs); for instance, there have been several Canadian initiatives at the OSCE, including workshops on international law and cyber operations as well as scenario-based discussions on CBM 5 (information sharing about national responses to regional cyber incidents). Canada believes that capacity-building should be multistakeholder and integrate the insights of the technical community as much as possible. The Canadian representative at the OEWG has also highlighted the importance of gender balance and the participation of women in capacity-building efforts.

Under the auspices of the OEWG, India has highlighted the need for “real-time cooperation between government agencies” in combatting cybercrime, cyberterrorism, and cyber threats more widely. To date, however, India has not signed any international cybercrime agreement. It voted in favour of a Russia-sponsored UNGA Resolution calling for the establishment of a separate cybercrime treaty. 
Despite having brought its legal framework largely in alignment with the Budapest Convention, India remains a non-party because the document was drafted without the country’s participation, thus rending the treaty discriminatory. Another big objection has been raised on the basis of section 32.b, which gives intelligence agencies trans-border access to data for the purposes of criminal investigations with lawful and voluntary consent - a concern shared by Russia. 
It has also been argued that the Mutual Legal Assistance (MLA) regime under Budapest is not effective, as it does not commit states to a firm promise of cooperation; from the perspective of the Indians, it would be preferable to replace this regime with a UN-driven process.

The US is a signatory and an early proponent of the Budapest Convention. A big part of American cyber diplomatic activity has, in fact, been focused on promoting the Budapest regime as the global model of cybercrime governance. In 2019, the US firmly opposed the Russian-sponsored resolution calling for an alternative legal instrument to the Convention; following the passing of the resolution, however, the US has agreed to participate in the Ad Hoc Committee established under UNGA resolution 74/247 despite the fact that the “surprise text” within the May 2021 resolution was seen as an effort to “circumvent dialogue” and undermine the “balanced, inclusive, consensus-based process” sought by the US. 
On a multilateral level, the US is also a party to the UN Convention against Transnational Organised Crime (UNTOC) and the Inter-American Convention on Mutual Legal Assistance of the Organisation of American States (OAS) and is a member of Interpol. 
Bilaterally, the US has completed an agreement with the UK under the CLOUD Act that facilitates cross-border data sharing directly between US companies and the British government; the US is trying to expand this type of bilateral engagement, currently negotiating a similar agreement with Australia.

Canada’s National Cyber Security Strategy identifies the activities of malicious cyber actors as a “growing challenge”. Following the adoption of the ‘Protecting Canadians from Online Crime’ Act, Canada acceded to the Council of Europe’s Budapest Convention in 2015 and has since consistently promoted the instrument as the “best tool to fight cybercrime at the international level”. Canada has specifically “encourage[d] countries to bolster their anti-cybercrime efforts by becoming Parties to the Convention, or using it as a model to implement their own cybercrime laws”. Moreover, upon Canada’s initiative, the Quintet of Attorneys General (which brings together Attorneys General from Canada, the US, Australia, New Zealand and the UK) issued a public statement at their July 2019 meeting, expressing their support for the Budapest Convention as a “necessary basic framework for fighting cybercrime” and for the work of the United Nations Open-Ended Intergovernmental Expert Group on Cybercrime (UNIEG). Being part of the ‘like-minded’ group of states, Canada voted against the Russian-sponsored UNGA Resolution 74/247 aiming at establishing an alternative cybercrime instrument; upon the passage of 74/247 and its follow-up UNGA Resolution 75/282, however, Canada has been a vocal member of the Ad Hoc Committee on Cybercrime. Prior to the Committee’s May 2021 organizational session, the Canadian position paper on the Implementation of 74/247 noted that the Committee must “ensure consistency with existing UN treaties in the field of crime prevention and criminal justice, in particular the United Nations Convention against Transnational Organized Crime, the United Nations Convention against Corruption and take into account multilateral instruments that have already proven their usefulness in the fight against cybercrime, in particular the Council of Europe Convention on Cybercrime”. In the same document, Canada emphasized the need for an “inclusive, transparent, constructive, and consensus-based process that will lead to a fair outcome to the benefit of all”. The first session of the Ad Hoc Committee will be held in New York from 17 to 28 January 2022. Canada’s perspective on the scope, objectives, and structure of the convention was submitted to the Ad Hoc Committee in advance of the start of the first negotiation session (E).