Japan is a trusted partner and shares the same basic values of human rights, rule of law, and democratic governance. This common set of values also applies to cyberspace as both the EU and Japan have publicly expressed strong support for an open, free and secure internet and the application of international norms to state activities in cyberspace. Japan is also an important trading partner of the EU. The recently adopted Economic Partnership Agreement also reinforces the need for a closer integration of the digital economies. Alignment in broader international economic and political issues is also evident in the field of cyber diplomacy and thus constitutes a strong foundation for close cooperation and partnership.

Costa Rica has established itself as a leading country in technological adoption, in combination with a complete commitment to sustainability and the protection of the environment. Information and communications technology services accounted for 49% of the country’s exports (twice the average of OECD countries), placing the Central American country at the forefront of the digital economy.

India and the European Union share many values and principles, such as inclusiveness, democracy, and multilateralism. With 1.4 billion people, India is the largest democracy in the world and considers itself as a leader among the Global South. India and the EU share common visions of a rules-based global order and are aligned on their commitment to an open, free, secure, stable, peaceful, and accessible cyberspace, enabling economic growth and innovation. In light of India’s rapid digitization and connectivity, the EU-India Strategic Partnership & Roadmap to 2025 includes commitments to cooperate on new and emerging technologies, norms and regulatory frameworks, and international standards.

Japan has highlighted the importance of promoting the rule of law in cyberspace, noting that cyberspace “should not be a lawless zone”. It further endorses the applicability of international law, in particular the UN Charter, in the cyber domain. In relation to the use of countermeasures, it has stated that it is not necessary for countermeasures to be limited to the same means as internationally wrongful acts. 
Japan has cautioned against the launch of “premature” discussions on developing a legally binding new instrument, arguing that the adoption of such an instrument might “roll back” the achievement of past multilateral efforts in confirming the applicability of existing international law in cyberspace. Instead, Japan believes that it is necessary to consolidate, elaborate, and clarify the interpretation of existing treaties and content of customary international law. 
During the drafting phase of the 2021 Open-Ended Working Group (OEWG) Report, Japan had proposed to include language explicitly affirming the applicability of State responsibility for internationally wrongful acts, the inherent right of self-defence recognized under the UN Charter, and International Humanitarian Law.

Costa Rica has played a paramount role in the Organisation of American States as is one of seven American countries that sponsored a resolution within the framework of the OAS as part of a Working Group on Cooperation and Confidence-Building Measures in Cyberspace. The resolution is inspired by the work of the United Nations Group of Governmental Experts and aims at enhancing interstate cooperation, transparency, predictability, and stability in cyberspace.

As a member of the 2015 UNGGE group, India accepts that international law and specifically the UN Charter applies in its entirety in the cyber domain. India has noted the need to develop common understandings as to how international law should be interpreted, especially on the issues of what constitutes force and/or an armed attack in cyberspace and what the threshold of cyber-attacks should be to invoke Article 51 of the UN Charter. 
In statements at the UN General Assembly, India has also specifically called for further elaboration on peacetime rules of international law, the law concerning the right of self-defence and international humanitarian law. 
Apart from these calls for clarification and elaboration, however, India’s stance on specific aspects of international law and their interpretation remains unclear. This seems consistent with India’s recent reorientation of its foreign policy; since 2019, India’s wider approach has been marked by a shift from traditional non-alignment to issue-based ‘multi-alignment’ that reflects national priorities and interests.

In multilateral fora, Japan has frequently emphasised the need to implement voluntary and non-binding norms of responsible state behaviour in cyberspace. The country believes that any discussion on norm-building should exclusively occur on the basis of the 11 norms affirmed within the 2015 UNGGE Report; possible new norms should be “carefully scrutinised” so as to avoid any change to these 11 norms or duplication with them. 
Japan also strongly opposes the adoption of additional legally binding obligations, maintaining that such an endeavour would take a very long time whereas the evolution of technology is extremely fast-paced. Instead, countries should work on parallel mechanisms for capacity-building, raising awareness, and promoting a common understanding of norms.

Costa Rica has a long history of collaborating on cyber issues within the OAS Cyber Security Program, from training to capacity-building for both the public and private sectors. At a 2019 intervention, Costa Rica recognised the leadership carried out by the aforementioned Working Group in coordinating the response to cyber incidents regionally and establishing a cooperative framework of action to cyber threats.
Costa Rican participation in the UN OEWG is guaranteed until 2025. As part of the second substantive session in 2022, Costa Rica confirmed - along with several other countries - that international law is fully applicable to the use of ICT by states [OH1], with a focus on how international humanitarian law and the principles of humanity, necessity, proportionality, and distinction apply in cyberspace.
An interesting approach was taken by Costa Rica during this session, as the Caribbean country emphasised a multi-stakeholder approach to cybersecurity, involving the private sector, civil society, and researchers’ analysis, information, and capacity on threat.

India has assumed a stance of strategic ambiguity on the proliferation of norms for responsible state behaviour in cyberspace, positioning itself as a ‘bridge builder’ between the two camps that have emerged during multilateral cyber norm negotiations. 
Its insistence on an enhanced role for intergovernmental institutions (such as the ITU) and its oscillating allegiance to the two polarised factions largely reflect the country’s long-standing focus on Westphalian sovereignty and the consequent belief in the primacy of the state as an actor in international affairs. This brings India to a certain degree of alignment with sovereignty-focused countries like China and Russia in the context of norm-building debates. 
At the second substantive session of the Open-Ended Working Group (OEWG), India argued that voluntary norms do not necessarily increase the predictability of state behaviour within the ICT environment, but was not openly against the adoption of new voluntary norms; for instance, the country proposed the adoption of a new norm on refraining from weaponisation and offensive uses of ICTs along with countries like Iran, Cuba, and Nigeria.

Resilience constitutes one of the central objectives of Japan’s 2018 Cybersecurity Strategy, whose core components include international cooperation in sharing expertise and coordination of policies, incidence response, and cyber capacity-building (CCB). Japan has traditionally argued that global initiatives are required to reduce cybersecurity vulnerabilities and has advocated for a tailor-made approach that takes into account the national situation of recipient countries and the importance of national ownership. 
Japan recognises the ‘trickle-up’ effect of national initiatives, stating that CCB “not only improves the capabilities of the recipient country, but also directly leads to enhanced security and stability in cyberspace as a whole”; in that sense, it disfavours the understanding of CCB as a “common but differentiated responsibility”, believing that such a view “does not fit the context” of international cyber cooperation. As a result, the country has assumed a balanced approach to CCB. On the one hand, it has successfully utilised multilateral fora such as the G7 and G20 summits to promote its own normative standards. 
At the G7 Ise-Shina Summit in May 2016, for instance, Japan introduced the Ise-Shima Principles, which included the enhancement of cooperation on CCB. On the other hand, Japan considers its own security and that of its nationals as intrinsically tied to the cyber capabilities of developing countries, since attacks on the IT infrastructure of regional partners can adversely affect Japanese trade. Japan has thus acted primarily through ASEAN to promote regional capacity-building efforts.

In 2016, Costa Rican Cybersecurity Incident Response Team (CSIRT) joined CAMP, an international alliance that serves as a platform for the members to enhance their cybersecurity capacity.
Costa Rica is also collaborating with Israel on cyber issues and digital transformation in an effort that has the potential to streamline innovation in the public sector, transforming public services and institutions and positioning Costa Rica as a regional benchmark in cybersecurity.
On a national scale, Costa Rica launched a digital transformation strategy for the public sector in 2018 and is now working to create a strategy for the implementation of Artificial Intelligence. The initiative seeks to promote the use of digital technologies and access to scientific knowledge, innovation, technology, and telecommunications for social and productive transformation.
Having suffered a cyber attack in 2022, Costa Rica is now positioning cybersecurity as a top national priority, and the Ministry of Science, Innovation, Technology and Telecommunications is beginning to implement various actions to detect, respond and correct cyber intrusions, build faster and more robust response protocols, and train individuals in skilled threat detection.

In matters related to cyber resilience, India has proven to be an active proponent of bilateralism. It has initiated cyber dialogues with actors like the US, the UK, Russia, Malaysia, the EU, and ASEAN, all of which include capacity-building elements. Internationally, the country has also been especially vocal on the need to establish cooperative mechanisms for developing and implementing bilateral, regional, and global confidence-building measures (CBMs). 
In the context of multilateral fora, India has many a time reiterated that the issue of supply chain protection enjoys particular significance for them, especially in relation to ‘trust and trusted sources’ when it comes to preferring suppliers of ICT products and systems. It has also noted that capacity building actually goes beyond what is being dealt with under international security and is inherently tied to discussions on international legal instruments on cyberspace, where all states are equal and have the capacity to discuss legitimate matters under the auspices of the UN.

According to Japan’s 2018 Cybersecurity Strategy, the country is committed to “further [promoting] international partnership through international investigative cooperation and information sharing with international organisations, law enforcement agencies and security information agencies in foreign countries.” 
Japan is a party to the Budapest Convention on Cybercrime and mutual assistance treaties (MLAT), voting against the Russian-sponsored UNGA resolution calling for a new binding cybercrime treaty. Japan has pursued dialogues related to cybercrime cooperation in the context of ASEAN, as well as on a bilateral basis with countries like the UK, USA, and Australia.

Costa Rica is one of the few Latin American countries to have signed the Budapest Convention on Cybercrime, along with the First and Second Protocol (this one was signed in 2022 but yet to be ratified), and is at the forefront of cybercrime legislation in the region.
National legislation on cybercrime is fully compliant with the Convention and is contained in the Law on Intervention of Telecommunications and the Law of Computer Crimes and Related Crimes. It includes penalties for committing cybercrimes in the country. Additionally, legislative regulations were introduced to govern the use of social networks and other electronic means.
Their Cybersecurity Policy from 2017 was updated in 2021 with the creation of the CSIRT, the implementation of cybersecurity protocols across public institutions and the establishment of partnerships with strategic actors, mainly in the private sector.

Under the auspices of the OEWG, India has highlighted the need for “real-time cooperation between government agencies” in combatting cybercrime, cyberterrorism, and cyber threats more widely. To date, however, India has not signed any international cybercrime agreement. It voted in favour of a Russia-sponsored UNGA Resolution calling for the establishment of a separate cybercrime treaty. 
Despite having brought its legal framework largely in alignment with the Budapest Convention, India remains a non-party because the document was drafted without the country’s participation, thus rending the treaty discriminatory. Another big objection has been raised on the basis of section 32.b, which gives intelligence agencies trans-border access to data for the purposes of criminal investigations with lawful and voluntary consent - a concern shared by Russia. 
It has also been argued that the Mutual Legal Assistance (MLA) regime under Budapest is not effective, as it does not commit states to a firm promise of cooperation; from the perspective of the Indians, it would be preferable to replace this regime with a UN-driven process.