The United Kingdom ranks 10^th in the 2021 Network Readiness Index (NRI), 9^th in the 2021 Digital Skills Gap Index and 14^th in the 2021 IMD World Digital Competitiveness Ranking. The British digital sector contributes roughly £149 billion each year to the economy and employs more than 1.5 million people [x]. The country also remains Europe’s unofficial ‘start-up capital’, with British tech startups attracting more than $15 billion in venture capital investment in the midst of a global pandemic. Nevertheless, new and emerging challenges to peace and security in cyberspace represent pressing concerns for the UK [x]. Over the course of 2021, the UK’s National Cyber Security Centre dealt with 777 significant incidents, with around 20% of supported organisations being linked to the health sector and Covid vaccines [x]. In the face of ever-increasing cyber vulnerabilities, the UK government has recently adopted a strategy of ‘levelling up’ protection for British cyberspace. This has brought international collaboration on cyber issues to the forefront of Britain’s diplomatic agenda. British diplomacy has traditionally championed the rules-based international system both online and offline, placing great emphasis on human rights, democratic values and free trade.

In October 2021, North Macedonia became one of the first countries among the Western Balkans partners to issue a digital ID to its citizens [x]; the deployment of the digital identity project is only indicative of the country’s turn towards digitalisation and e-government. With a total population of about 2.08 million, Internet penetration in North Macedonia stands at 84%, while data shows that there are about 2.25 million cellular mobile connections. [x] The rapid drive towards digitalisation, but also its accompanying risks and vulnerabilities, are accounted for by the 2022 Cybersecurity Strategy, the country’s first comprehensive cybersecurity strategy. The document largely reflects the country’s European ambitions and is explicitly based on the “principles of the Cybersecurity Strategy of the European Union and the NATO Cyber Defence Pledge”.

According to the International Telecommunications Union (ITU), as of 2021, Peru had an internet penetration rate of around 71.1 %. However other indexes place this number in the mid 60’s. Although many improvements were made in the past few years, Peru still possesses low network coverage, especially in rural areas and a relatively low network performance.
The government of Peru has been implementing initiatives to increase connectivity in rural areas, including a national broadband plan and a program to deploy free Wi-Fi hotspots in public spaces, with a year-on-year increase of almost 100 %.
Peru ranked 86 out of 182 countries surveyed in the ITU’s Global Cybersecurity Index in 2020.

The UK views international law as “a critical tool for ensuring stability and security in cyberspace”. In accordance with the 2013, 2015 and 2021 UNGGE reports as well the 2021 OEWG report, the UK has affirmed that international law, including the UN Charter in its entirety, applies in cyberspace; a position paper notably states that “we do not consider it is for States to pick and choose which international law instruments are applicable”. This includes the prohibition of the use of force (Article 2(4)), the peaceful settlement of disputes (Article 33) and the inherent right of states to act in self-defence in response to an armed attack (Article 51). The law of state responsibility applies to cyber operations in peacetime, including the doctrine of countermeasures in response to internationally wrongful acts. Meanwhile, the country has professed a strong commitment to the respect of human rights law in cyberspace, co-sponsoring the 2012, 2014, 2016, 2018 and 2021 UN Human Rights Council resolutions on the protection, promotion and enjoyment of human rights on the Internet. Likewise, the UK believes in the application of international humanitarian law (IHL) to cyber operations in armed conflict. In response to concerns expressed by other states that this might lead to an undue ‘militarisation’ of cyberspace, the UK has responded that the application of IHL does not encourage armed conflict but only serves to limit humanitarian consequences in the event of such conflict. In addition, the country has stated and that there are ways for cyber capabilities to be developed in a manner “consistent with international law” and called on states to be transparent about the existence of their own capabilities. Those statements do not entirely dismiss the idea of cyberspace as a new military domain, with the British position at the OEWG being that “the use of ICTs in military contexts may be preferable to use of kinetic weapons and can be de-escalatory”. The UK is against the establishment of new, binding international instruments to regulate state behaviour in cyberspace, arguing that “pursuing […] the development of new treaties is only likely to entrench existing divides in this area and will progress us no further on the question of how International Law applies”.

At the first substantive session of the 2021-2025 UNGGE, recalling its candidate status, North Macedonia aligned itself with the EU’s statement that the existing corpus of international law, notably the UN Charter, international humanitarian law, and international human rights law, apply in cyberspace in its entirety. In particular, this includes the principle of state sovereignty, sovereign equality, the settlement of disputes by peaceful means, the provision of the use of force non-intervention in the internal affairs of other states, and the respect for human rights and fundamental freedoms as principles of international law that are applicable to states use of ICTs in cyberspace. [x] North Macedonia has also consistently aligned itself with the EU position in a number of key resolutions at the United Nations, including resolutions A/73/27 and A/74/29.

Peru is one of the Latin American countries to have signed and ratified the Council of Europe’s Convention 108+.
The country has also participated in the United Nations Open-ended Working Group (OEWG) on Developments in the Field of Information and Telecommunications in the Context of International Security. As a matter of fact, after the third substantive session of the OEWG, Peru issued a statement supporting the primacy of the UN Charter and the application of international law in the use of ICTs and in cyberspace, as well as the future establishment of legally binding obligations.
On the other hand, Peru along with Chile and the United States of America, has a divergent view on the notion of cyber attack and the applicability of international law. Peru states that in order for a cyber operation to be considered an attack, it results in direct death, injury or physical harm.

The UK regards voluntary, non-binding norms of responsible state behaviour as one of the three key pillars upon which the framework for international stability in cyberspace is currently built, the other two being international law and confidence-building measures (CBMs). The British have argued that “stronger awareness and understanding by all countries of the framework in general” is necessary and stated that they “remain concerned that the elaboration of new norms could undermine the existing norms by weakening the overarching protection they provide, or their technology neutral and ‘future-proofed’ nature”. The focus should instead be on the universalisation, operationalisation and implementation of existing norms, with regional organisations and capacity-building efforts playing a central role in this endeavour.

At the first substantive session of the 2021-2025 UNGGE, North Macedonia aligned itself with the EU’s position that the previous UNGGE and OEWG reports, including corresponding UNGA resolutions adopted by consensus, form the unequivocal basis for “any further discussions on the position, role, and implementation of the voluntary non-binding norms, rules and principles of state behaviour in cyberspace (norms)” [x]. North Macedonia was also the only EU candidate country to have co-sponsored the 2020 Programme of Action (PoA), which explored the possibility of ending the dual-track discussions (UNGGE/OEWG) in favour of a permanent UN forum.

Peru stresses the need to make a distinction between 'cyber attacks' (which involve 'damage being caused to a militarily relevant target, which may be totally or partially destroyed, even captured or neutralised') and an 'abrupt disruption of communications in cyberspace', i.e. cyber operations that cause inconvenience, even extreme inconvenience, but not direct injury or death, or destruction of property. Accordingly, Peru emphasises the determination of the legality of cyber operations in the context of the use of force by taking into account whether they may result in death or injury to persons or property.
Peru has noted the difficulty of attribution in cyberspace. Coinciding with other American states, Peru has focused on the state's duty to ensure that its territory is not used by non-state actors to launch attacks. In this regard, Peru states that the inertia of a state towards a non-state actor that could unleash a cyber-attack on another state and that it was in a position to control could make its behaviour attributable to the state.
In any case, Peru highlights the validity of various human rights in cyberspace, including 'the right to privacy and intimacy, freedom of information, freedom of expression, free and equal access to information, bridging the digital divide, intellectual property rights, free flow of information, the right to secrecy of communications'.

The July 2021 policy paper on Global Britain in a Competitive Age makes extensive reference to resilience in the post-Covid ICT environment, pledging that the UK will “strengthen global resilience” and “ensur[e] that more resilient countries worldwide can come together through stronger international institutions to act on the most pressing shared challenges”. In the cyber domain, this pledge has been further operationalised by the 2022 National Cyber Strategy, which frames cyber resilience in terms of risk awareness, system security and preparedness. The Strategy prioritises capacity building, adopting a whole-of-government approach and focusing on three elements: protecting critical international supply chains and infrastructure, advancing the secure use of digital technologies and working with industry partners and academia. Since 2016, the UK has worked through the National Cyber Security Centre (NCSC) to adopt an integrated approach to cyber incident management, streamlining across the public and private sectors. Meanwhile, Britain has championed
capacity-building assistance efforts abroad by providing advice, training and exercises and enabling the creation and maintenance of national Computer Security Incident Response Teams (CSIRTs). It has also provided funding to international capacity-building platforms, such as the Forum of Incident Response & Security Teams (FIRST) and the Americas CSIRT network. The UK has been working with partners within the OSCE to encourage the implementation of confidence-building measures (CBMs).

The 2018-2022 Cybersecurity Strategy dedicates a full section to cyber resilience and the protection of ICT infrastructure. The stated objectives include expanding the capabilities of the national CERT (MKD-CIRT), identifying types of critical infrastructure, developing national procedures for cyber crisis management, developing incident reporting and monitoring mechanisms, and establishing a single and comprehensive legal framework for cyber resilience. In 2021, upon joining NATO, North Macedonia signed a Memorandum of Understanding aiming at enhancing cyber defence cooperation between NATO and the country’s defence authorities; the MoU particularly focuses on information-sharing, exchanging best practices, and increasing resilience. [x]

The Personal Data Protection Law N° 29733 (PDPL) was enacted in June 2011. In March 2013, the Supreme Decree N° 003-2013-JUS-Regulation of the PDLP (Regulation) was published in order to develop, clarify and expand on the requirements of the PDPL and set forth specific rules, terms and provisions regarding data protection.
Together, the PDLP and its Regulation are the primary data protection laws in Peru.
As of 2021, Peru approved the Bill that creates the National Authority for Transparency, Access to Public Information and Protection of Personal Data.
Peru possesses a Digital Trust Framework, as a means to establish certain obligations for public or private entities acting as digital service providers. These include reporting when a digital security incident involving personal data occurs, as well as implementing technical, organisational, and legal security measures to guarantee the confidentiality of information transmitted through its communications services.
Over the last decades, the Peruvian state has made efforts to promote digital transformation, both within its institutions and in the services it offers to citizens and has outlined a Digital Agenda in 2021 for Digital Transformation.

According to the 2022 National Cyber Strategy, the UK is committed to promoting the Council of Europe’s Budapest Convention on cybercrime as the primary international instrument for inter-state cooperation, while simultaneously engaging constructively with the UN process to develop a new international cybercrime treaty that will sit comfortably alongside the Budapest regime. In terms of law enforcement, the UK has developed well established mechanisms through the National Cyber Crime Unit (NCCU), operating under the umbrella of the National Crime Agency (NCA). The NCCU is tasked with leading the operational response, coordinating activity across different stakeholders and providing specialist cyber support across the law enforcement domain. The NCA has also developed a network of international liaison officers, which regularly cooperate with Interpol and Europol. Bilateral cooperation with international partners occurs on the basis of the Budapest Convention and associated Mutual Legal Assistance Treaties (MLATs), which facilitate information sharing amongst signatory states. The UK has been an active participant – and has provided voluntary contributions – in the context of discussions for developing a Second Additional Protocol to the Convention to enhance the speed and efficiency of international evidence sharing; the Protocol will be opened for signature in May 2022. The UK has also provided capacity-building assistance to over 100 partner countries, especially in Eastern Europe, Southeast Asia and Africa.

North Macedonia has ratified the Budapest Convention and its Additional Protocol [x]. Nevertheless, full harmonisation of the Macedonian legal regime with Budapest provisions is still a primary issue. In terms of institutional setup, analysis has pointed out that North Macedonia is lagging behind compared to other countries in the Western Balkans [x]. That said, the 2018-2022 Cybersecurity Strategy identifies several priorities regarding the “prevention, research, and adequate response” to cybercrime. These include: harmonising the national with international policies; developing a single, comprehensive legal framework for cybercrime; modernising authorities in charge of cybercrime; establishing formal procedures of information exchange; participating actively in the creation of international cybercrime regulations and standards, as well as their implementation on a national level; and providing continuous education and training for law enforcement entities in the field of cybersecurity, cybercrime, and electronic evidence. The country’s law enforcement authorities regularly cooperate with Europol, following the conclusion of a strategic agreement in 2007 and an operational agreement in 2011. [x]

Peru’s signature and ratification of the Budapest Convention on Cybercrime, which is the only binding international instrument dealing with cybercrime, was a great step towards advancing a cyber agenda.
In 2019, Peru passed a Cyber Defence Act, with the objectives of defending and protecting sovereignty, national interests, critical national assets and key resources to maintain national capabilities against threats or attacks in and through cyberspace, when these affect national security.Peru has also passed a Cybersecurity Framework for the private sector, with the objective of identifying and protecting information assets, detecting security events, and providing for response and recovery from cybersecurity incidents.
In this context, there are more and more reports of cybercrime in the country. According to data from the Public Prosecutor's Office, in 2021 they received 18,596 reports of cybercrime cases, which represents a percentage increase of 92.9% compared to 2020, with phishing and ransomware being the most common attacks.