An EU candidate country since 2012, Serbia is an important partner in the Western Balkans. The 2020 iteration of the Digital Evolution Scorecard characterised Serbia as a ‘break out’ economy, meaning that despite a relative lack of digital infrastructure the country is rapidly digitalising; internet penetration is one of the highest across the region, standing at 79%. Over the past decade, Serbia’s digital policy has been focused on attracting foreign investment, deepening the digital transformation across the public and private sectors, and promoting economic growth in line with EU targets. These objectives have been operationalised through a series of strategies, notably the Strategy for the Development of Information Security for the period 2017-2020 and the Strategy for combat against cyber crime 2019-2023. The ITU notes, however, that “while innovative, internet-based e-commerce is expected to bring significant growth and development, obsolete legislation and a lack of harmonisation with EU standards and best practice persist, hampering progress”. As the country becomes increasingly more digitalised, the challenge for Serbian cyber diplomacy will be to develop and enhance avenues of European, regional, and international cooperation.

Nigeria is Africa’s largest economy, with a total GDP of $432.3 billion, 13.85% of which comes from the country’s budding ICT sector [x]. Over the past decade, Nigeria has seen an extraordinary surge in digital entrepreneurship (particularly e-commerce) and mobile internet usage, both fuelled by an increase in telecom investments and smartphone purchases; this has led to a rise in internet penetration from 20% in 2009 to 50% in 2021 [x][x]. Nigeria is gradually emerging as Africa’s main ICT investment destination, hosting over 55 active tech hubs [x]. Meanwhile, in October 2021, the country was the first in Africa to launch a national cryptocurrency [x]. The rapid acceleration of Nigeria’s digital transformation, however, comes at the cost of increased cybersecurity demands. A 2020 survey showed that 86% of Nigerian companies had fallen prey to cyberattacks over the course of the year [x]; this was the second-highest percentage worldwide and the highest in Africa. Nigeria also reported the highest number of data leakages globally [x]. Current Nigerian priorities – outlined in the 2020-2030 Digital Strategy – include laying down the regulatory and infrastructural groundwork to facilitate digital development, as well as enabling public confidence in the digital economy. This means that cyber issues are becoming increasingly relevant for Nigerian diplomacy, especially with regard to digital trade and cybercrime.

The country has not assumed a firm stance on the application of international law in cyberspace. Serbia’s position paper concerning the Open-Ended Working Group (OEWG) highlighted that multilateral dialogue on “information security” must occur “with strict respect for the Charter of the United Nations”. Echoing the stance of states such as China, Russia, and Cuba, Serbia also raised the alarm about the “danger of developing offensive ICT and militarising the digital space”.

Nigeria’s stance on international law is primarily filtered through its traditional concern over the growing proliferation of global cybercrime. Nigerian diplomats have emphasised the need for a proper legal framework that reflects the ideals and current trends within the African region. Less has been said, however, about the application of international law in cyberspace more generally. Nigeria voted in favour of UN resolution 73/27 that established the Open-Ended Working Group (OEWG), indicating at least some partial alignment with the Sino-Russian camp.

Serbia was represented in the 2016-2017 UN Group of Governmental Experts (UNGGE). Despite its EU candidate status, Serbia does not typically vote in alignment with the EU on key cybersecurity resolutions presented before the UN First Committee. Notable examples include UNGA resolution 73/27, which first established the Open-Ended Working Group (OEWG), as well as later resolutions 74/29 and 75/240.

Nigeria has been an active participant in the OEWG, contributing to the 2021 consensus report while primarily aligning itself with the intergovernmentalist camp. Under the auspices of the OEWG, Nigeria supported a new norm proposal on refraining from the weaponisation and offensive uses of ICTs, echoing similar suggestions from India, Iran and Cuba.

Serbia’s legislative framework on cybersecurity is structured upon the 2016 Law on Information Security and its bylaws. The Law ushered in several institutional developments, including the creation of a national CERT in the regulatory agency for electronic communications and postal services (RATEL). The national CERT “monitors the status of incidents on national level, provides early warnings, alerts and announcements, and reacts on incidents by providing the information on affected entities and persons”. [x] It also holds seminars and technical trainings for operators of special importance (critical infrastructure) [x]. 
Meanwhile, the 2021 Cyber Tesla drill (organised in collaboration with the US state of Ohio) constitutes only one example of Serbia’s increased emphasis on critical infrastructure through the prism of cyber defence; the stated objectives included the “construction of military defence system capacities and the National CERT’s capacities for the protection from high-tech attacks, as well as an enhanced cooperation with relevant government and private sector organisations and academic institutions for the purpose of protection of the IT systems”. 
In its UNGGE position paper in 2016, Serbia emphasised the importance of interstate cooperation in “maintaining effective and responsive mechanisms for information exchange, alerts and announcements on cybersecurity incidents”. The paper goes on to posit that “the special focus should be on the protection of critical infrastructure”, especially in the case of transnational attacks. In 2021, Norway donated a platform worth €1.2 million which will “[serve] to hold cyber exercises at the national level enables the real situation of different attack scenarios, and will contribute to capacity building and training of officials in various state institutions”, according to State Secretary of the Ministry of Trade, Tourism and Telecommunications Milos Cvetanovic [x].

With Nigeria currently first on the list of the most attacked countries in Africa, the country has traditionally been a strong advocate of the need for increased capacity building efforts. Nigerians have placed particular emphasis on demand-driven, needs-based and non-discriminatory approaches. At the OEWG, Nigerian delegates also emphasised the importance of gender equality and bridging the gender divide. In 2021, Nigeria published the updated National Cybersecurity Policy and Strategy, which lays out an ambitious plan for ensuring a ‘comprehensive approach’ to critical information infrastructure (CNII) protection and resilience. Nigerian priorities include establishing an effective collaborative partnership with CNII owners and operators as well as the multistakeholder community, addressing cross-sectoral dependencies and setting specific national priorities considering resource availability, known capability gaps and emerging trends and cybersecurity risks. The Strategy also promises the design of a Critical National Information Infrastructure Protection Plan to incorporate clear risk management procedures and mitigation mechanisms, while also calling for the creation of a national CERT (ngCERT) to coordinate sectorial incident management responses. Meanwhile, the UK has emerged as an important capacity building partner for Nigeria, which is due to benefit from the UK’s £22 million investment package that aims to support resilience in Africa and the Indo-Pacific.

The Information Society and Information Security Development Strategy for the period 2021-2026 provides a comprehensive approach to the field of information security, which includes both (a) information security of ICT systems of special importance and security of the Republic of Serbia, and (b) security of citizens and businesses, which is particularly reflected through the fight against cybercrime. Its predecessor, the 2017 Strategy for the Development of Information Security, in turn, indicates the fight against cybercrime as one of the government’s five key priorities. 
In light of EU accession negotiations, Serbia has signed and ratified the Council of Europe Convention on Cybercrime (Budapest Convention), including its Additional Protocol on Xenophobia and Racism Committed Through Computer Systems. Nevertheless, the country also voted in favour of UNGA resolution 74/247 calling for an international legal instrument to govern this domain. Domestically, the national legislative framework has been developed in accordance with the Budapest Convention and EU legislation. A High-Tech Crime Unit has recently been established within the special prosecutor’s office, along with three specialised units: crime analysis; terrorism and extremism; and drug prevention, addiction and repression. 
Serbia is a member of Interpol, with which the country has discussed ways to enhance cooperation with regard to combatting cybercrime. Serbia is also gradually developing its own bilateral cooperation network, signing a Cooperation Memoranda with India in 2016 [x] and Romania in 2017 [x] as well as receiving assistance from Russian experts [x].

Special thanks to Ms Maja Lakusic for her valuable comments.

The Nigerian 2020-2030 National Digital Strategy, which is in line with the African Union Digital Transformation Strategy 2020-2030, emphasises the significance of adopting ‘collaborating approaches’ to fighting cybercrime; it specifically notes that ‘cybersecurity is not a local issue and it requires collaboration with relevant institutions around the globe’. At the moment of writing, Nigeria has not signed either the Council of Europe-sponsored Budapest Convention or the African Union-sponsored Malabo Convention. The Budapest Convention is nevertheless described as a ‘key treaty’ and ‘efforts are underway’ in relation to Nigeria’s accession; meanwhile, the Strategy also touches upon the importance of adopting the Malabo Convention. At the OEWG, Nigeria has highlighted the need for developing capacity building initiatives at the local level, particularly in relation to law enforcement agencies and cybercrime investigations. In 2019, the country voted in favour of UNGA resolution 74/247, which established an Ad Hoc Committee to draw up an international convention on cybercrime; Nigeria currently holds a vice-chair position on the Committee. The Nigerian position paper prior to the launch of the first substantive session noted the ‘urgent need to define and sanction criminal conduct in cyberspace, improve synergy in trans-national policing capabilities, improve procedural tools and reform/enhance international cooperation, whilst respecting human rights’. Nigerian objectives include the consolidation of established baselines, the criminalisation of offences in a technology-neutral manner, the establishment of capacity building and technical assistance mechanisms and finally the promotion of already existing multilateral instruments such as the Budapest Convention, UNTOC and UNCAC. Furthermore, in its capacity as a member of ECOWAS, Nigeria has participated in several socialisation-based capacity building initiatives, including the OCWAR-C project, the GLACY+ workshops and the African Forum on Cybercrime (organised by the African Union).

Published with thanks to Dr Nnenna Ifeanyi-Ajufo for her valuable contributions.