In October 2021, North Macedonia became one of the first countries among the Western Balkans partners to issue a digital ID to its citizens [x]; the deployment of the digital identity project is only indicative of the country’s turn towards digitalisation and e-government. With a total population of about 2.08 million, Internet penetration in North Macedonia stands at 84%, while data shows that there are about 2.25 million cellular mobile connections. [x] The rapid drive towards digitalisation, but also its accompanying risks and vulnerabilities, are accounted for by the 2022 Cybersecurity Strategy, the country’s first comprehensive cybersecurity strategy. The document largely reflects the country’s European ambitions and is explicitly based on the “principles of the Cybersecurity Strategy of the European Union and the NATO Cyber Defence Pledge”.

Thanks to its regulatory powers, robust digital economy, and active foreign and security policy, the European Union is one of the key players in cyberspace. The EU strongly promotes the position that international law, and in particular the United Nations (UN) Charter, applies in cyberspace. As a complement to binding international law, the EU endorses the voluntary non-binding norms, rules and principles of responsible State behaviour that have been articulated by the UN Group of Governmental Experts. It also encourages the development and implementation of regional confidence building measures, both in the Organisation for Security and Co-operation in Europe and other regions. On a bilateral level, the EU has established cyber dialogues with strategic partners to reinforce the exchange of good practices, lessons learnt and further the idea of responsible state behaviour in cyberspace.

South Korea has made significant progress over the last decades when it comes to connectivity and is currently one of the leading states in terms of access and use of ICTs. While in 1995 less than one percent of Koreans used the internet, four years later the country passed the developed nation average and nowadays South Korea is a global leader in the field of connectivity and internet access. Government support for internet access has been instrumental in fostering this progress in connectivity through governmental programs, trainings and low interest loans to companies providing broadband access. Consequently, cyber issues were recognised as important to the bilateral relationship at the EU-South Korea Summit in 2015, and five cyber dialogues have taken place between 2015 and 2020.

At the first substantive session of the 2021-2025 UNGGE, recalling its candidate status, North Macedonia aligned itself with the EU’s statement that the existing corpus of international law, notably the UN Charter, international humanitarian law, and international human rights law, apply in cyberspace in its entirety. In particular, this includes the principle of state sovereignty, sovereign equality, the settlement of disputes by peaceful means, the provision of the use of force non-intervention in the internal affairs of other states, and the respect for human rights and fundamental freedoms as principles of international law that are applicable to states use of ICTs in cyberspace. [x] North Macedonia has also consistently aligned itself with the EU position in a number of key resolutions at the United Nations, including resolutions A/73/27 and A/74/29.

Under the auspices of the UN, the EU and its Member States have consistently reaffirmed that a universal cyber security framework can only be grounded in existing international law, including the Charter of the United Nations in its entirety, international humanitarian law, and international human rights law. 
Addressing issues as to how existing international law and international humanitarian law, including the principles of humanity, necessity, proportionality and distinction, apply to the use ICTs by States is necessary to increase accountability and transparency. International humanitarian law is fully applicable in cyberspace and this should not be misunderstood as legitimising the use of force between states in the cyber domain. The EU has typically opposed calls for the need to adapt existing international law as a means to develop a new legal instrument for cyber issues.

As a member of the 2015 Group of Governmental Experts (UNGGE) and as per the Seoul Framework for and Commitment to an Open and Secure Cyberspace, the ROK recognises that international law, and in particular the UN Charter, is applicable in cyberspace and essential for maintaining security and stability as well as promoting an open, secure, peaceful, and accessible ICT environment. 
The country also acknowledges that cybersecurity must go hand-in-hand with respect for human rights and fundamental freedoms as set forth in the Universal Declaration of Human Rights and other international instruments. The ROK notably co-sponsored the Human Rights Council Resolutions 20/8 and 26/13 concerning the promotion, protection and enjoyment of human rights on the Internet. 
The country supports the idea of increasing interstate engagement and exchanging national views on how international law applies in cyberspace, both at the multilateral level as well as at the bilateral and regional levels.

At the first substantive session of the 2021-2025 UNGGE, North Macedonia aligned itself with the EU’s position that the previous UNGGE and OEWG reports, including corresponding UNGA resolutions adopted by consensus, form the unequivocal basis for “any further discussions on the position, role, and implementation of the voluntary non-binding norms, rules and principles of state behaviour in cyberspace (norms)” [x]. North Macedonia was also the only EU candidate country to have co-sponsored the 2020 Programme of Action (PoA), which explored the possibility of ending the dual-track discussions (UNGGE/OEWG) in favour of a permanent UN forum.

Since 2014, the EU’s ambition has been to act as an ‘honest broker’ on multilateral discussions surrounding issues of cyber governance and norms of responsible state behaviour, aiming to ensure the support and partnership of proactive players in the context of the global debate. The EU has long promoted the need for voluntary, non-binding norms. It believes that norms crystallised under the UN GGE process should generally not be revisited and that progress should be made on matters relating to their implementation. 
Within the OEWG, the EU advanced a suggestion to develop a global repository of existing practice within the United Nations, which would enable UN member states to showcase how they are implementing the voluntary norms of responsible state behaviour, confidence building and other measures.

The ROK stands in favour of the adoption and elaboration of voluntary, non-binding norms of state behaviour during peacetime. It strongly upholds the 11 non-binding norms agreed upon in the 2015 UNGGE report and believes that further efforts should be undertaken to clarify and concretise them. 
In addition, the ROK has put great emphasis on the principle of due diligence, consistently demonstrating its commitment through public statements at regional and international forums. The country believes that no new legally binding instrument is necessary for the moment, retaining a preference for the ‘soft law’ approach and maintaining that less resilient states should first focus on building capacity rather than reforming regulatory frameworks.

The 2018-2022 Cybersecurity Strategy dedicates a full section to cyber resilience and the protection of ICT infrastructure. The stated objectives include expanding the capabilities of the national CERT (MKD-CIRT), identifying types of critical infrastructure, developing national procedures for cyber crisis management, developing incident reporting and monitoring mechanisms, and establishing a single and comprehensive legal framework for cyber resilience. In 2021, upon joining NATO, North Macedonia signed a Memorandum of Understanding aiming at enhancing cyber defence cooperation between NATO and the country’s defence authorities; the MoU particularly focuses on information-sharing, exchanging best practices, and increasing resilience. [x]

The EU places great importance on cyber resilience and capacity building. Internally, the Union has built a robust legal acquis in relation to the resilience of critical infrastructures, the cornerstone of which rests upon the 2016 Network and Information Security (NIS) Directive and the 2013 and 2019 Cybersecurity Acts. This legal meshwork seeks to integrate cybersecurity into all elements of the supply chain and introduce soft law mechanisms like the EU cybersecurity certification scheme. In doing so, it harmonises national cybersecurity capabilities, cross-border collaboration and the supervision of critical sectors across the EU. 
In the coming months, the Commission intends to add upon the existing cyber-acquis by introducing an array of new initiatives, such as the updated NIS Directive (the so-called NIS2), a proposal on a Critical Entities Resilience (CER) Directive, and a plan to launch a network of Security Operations Centres across the Union. The aim is to create a Union-wide ‘cybersecurity shield’ that will facilitate the detection of cyberattacks and provide an impetus for proactive action. 
This internal buildup of capabilities is supplemented by the development of a specialised ‘cyber diplomacy toolbox’ that allows the Union and its Member States to address cyber incidents through various joint policies, from cooperation and stabilisation measures to restrictive measures and attribution.

Driven by a proliferation of cyberthreats originating in the DPRK, Korean diplomats have consistently maintained that bridging the global gap in cybersecurity capabilities constitutes a central task for states; as such, countries should develop cyber defence capabilities to foster resilience in the global cyber ecosystem. 
The South Korean government has introduced several international cooperation mechanisms, especially through the Korean Internet & Security Agency (KISA) and its Global Cybersecurity Centre for Development (GCCD) project. Through the GCCD, South Korea has worked with the World Bank and a series of partner countries in Latin America to organise workshops and exercises. Another important initiative is the Cybersecurity Alliance for Mutual Progress (CAMP) network, a mechanism launched in 2016 that provides a platform for Korea to share its expertise with a large group of partner countries and help them exchange knowledge and best practices.

North Macedonia has ratified the Budapest Convention and its Additional Protocol [x]. Nevertheless, full harmonisation of the Macedonian legal regime with Budapest provisions is still a primary issue. In terms of institutional setup, analysis has pointed out that North Macedonia is lagging behind compared to other countries in the Western Balkans [x]. That said, the 2018-2022 Cybersecurity Strategy identifies several priorities regarding the “prevention, research, and adequate response” to cybercrime. These include: harmonising the national with international policies; developing a single, comprehensive legal framework for cybercrime; modernising authorities in charge of cybercrime; establishing formal procedures of information exchange; participating actively in the creation of international cybercrime regulations and standards, as well as their implementation on a national level; and providing continuous education and training for law enforcement entities in the field of cybersecurity, cybercrime, and electronic evidence. The country’s law enforcement authorities regularly cooperate with Europol, following the conclusion of a strategic agreement in 2007 and an operational agreement in 2011. [x]

The EU has been an early champion of the Budapest Convention signed under the auspices of the Council of Europe, given the overlapping membership of the two organisations. Much of the EU’s cyber diplomatic efforts have focused on promoting the Convention as the main instrument of choice for fighting cybercrime on a global level. EU member states have consistently opposed Russian bids for replacing this regime with another legal framework. 
The Union is represented in the recently constituted Ad Hoc Committee established by UNGA resolution 74/247 by its Member States and is currently focused on ensuring that the process is inclusive, transparent, consistent with the progress of the UNGGE and OEWG processes, and committed to legal consistency.

The ROK is generally a strong advocate of strengthening global cooperation against cybercrime. While it is not formally a signatory to the Budapest Convention, the country voted against the Russian-sponsored UNGA resolution calling for a new binding cybercrime treaty. 
To promote cooperation among law enforcement agencies, the ROK’s Supreme Prosecutor’s Office (SPO) convenes regular meetings with the FBI, while also engaging with the Federal Criminal Police Office (BKA) in Germany and the European Cybercrime Centre (EC3) in the Netherlands. 
On the basis of an increased awareness that Internet Service Providers (ISPs) are becoming “important partners to secure electronic evidences”, the SPO works along with Microsoft to operate the Government Security Program (GSP).