The United Kingdom ranks 10^th in the 2021 Network Readiness Index (NRI), 9^th in the 2021 Digital Skills Gap Index and 14^th in the 2021 IMD World Digital Competitiveness Ranking. The British digital sector contributes roughly £149 billion each year to the economy and employs more than 1.5 million people [x]. The country also remains Europe’s unofficial ‘start-up capital’, with British tech startups attracting more than $15 billion in venture capital investment in the midst of a global pandemic. Nevertheless, new and emerging challenges to peace and security in cyberspace represent pressing concerns for the UK [x]. Over the course of 2021, the UK’s National Cyber Security Centre dealt with 777 significant incidents, with around 20% of supported organisations being linked to the health sector and Covid vaccines [x]. In the face of ever-increasing cyber vulnerabilities, the UK government has recently adopted a strategy of ‘levelling up’ protection for British cyberspace. This has brought international collaboration on cyber issues to the forefront of Britain’s diplomatic agenda. British diplomacy has traditionally championed the rules-based international system both online and offline, placing great emphasis on human rights, democratic values and free trade.

As of 2020, 86 % of Uruguayans are active internet users, second in South America, only behind Chile. 9 out of 10 individuals in Uruguay are social media users. This provides a fabric for efficient digital policies and strategies that have transformed Uruguay since the 2010s. Uruguay is ranked first in Latin America and 35th place in the world on Digital Government Development, according to the UNDESA index, which measures dimensions related to technological infrastructure, availability of online services, and ability of citizens to take advantage of those resources. Uruguay also ranks first in Latin America and 42nd in the world on ICT Development, according to the 2017 IDI, published by the International Telecommunications Union. In all, this South American country has positioned itself at the forefront as a regional and world benchmark in Digital Government.

The UK views international law as “a critical tool for ensuring stability and security in cyberspace”. In accordance with the 2013, 2015 and 2021 UNGGE reports as well the 2021 OEWG report, the UK has affirmed that international law, including the UN Charter in its entirety, applies in cyberspace; a position paper notably states that “we do not consider it is for States to pick and choose which international law instruments are applicable”. This includes the prohibition of the use of force (Article 2(4)), the peaceful settlement of disputes (Article 33) and the inherent right of states to act in self-defence in response to an armed attack (Article 51). The law of state responsibility applies to cyber operations in peacetime, including the doctrine of countermeasures in response to internationally wrongful acts. Meanwhile, the country has professed a strong commitment to the respect of human rights law in cyberspace, co-sponsoring the 2012, 2014, 2016, 2018 and 2021 UN Human Rights Council resolutions on the protection, promotion and enjoyment of human rights on the Internet. Likewise, the UK believes in the application of international humanitarian law (IHL) to cyber operations in armed conflict. In response to concerns expressed by other states that this might lead to an undue ‘militarisation’ of cyberspace, the UK has responded that the application of IHL does not encourage armed conflict but only serves to limit humanitarian consequences in the event of such conflict. In addition, the country has stated and that there are ways for cyber capabilities to be developed in a manner “consistent with international law” and called on states to be transparent about the existence of their own capabilities. Those statements do not entirely dismiss the idea of cyberspace as a new military domain, with the British position at the OEWG being that “the use of ICTs in military contexts may be preferable to use of kinetic weapons and can be de-escalatory”. The UK is against the establishment of new, binding international instruments to regulate state behaviour in cyberspace, arguing that “pursuing […] the development of new treaties is only likely to entrench existing divides in this area and will progress us no further on the question of how International Law applies”.

As a member state of the UNGA, Uruguay expressed their views at the OEWG in 2021, considering cybersecurity an essential element in the prevention of international conflicts. Uruguay provides a rather humanitarian approach to international law and its application on cyber issues. The country is a member of international organisations that promote the development and compliance with standards of transparency and access to information, such as the Open Government Partnership, the Electronic Government Network of Latin America and the Caribbean (GEALC) and Digital Nations.
Uruguay was the first Latin American country, in 2013, to sign the only existing binding, international document concerning the Automatic Processing of Personal Data (known as Convention 108). Its signature and membership have been ratified in 2021.
Uruguay’s Digital initiatives at the national level are also in compliance with the Digital Agenda for Latin America and the Caribbean (eLAC by CEPAL). In particular, Uruguay’s Cybersecurity goal is in line with CEPAL’s framework for confidence-building measures such as combating digital crime by formulating public policies and strategies for cybersecurity and critical infrastructure protection.

The UK regards voluntary, non-binding norms of responsible state behaviour as one of the three key pillars upon which the framework for international stability in cyberspace is currently built, the other two being international law and confidence-building measures (CBMs). The British have argued that “stronger awareness and understanding by all countries of the framework in general” is necessary and stated that they “remain concerned that the elaboration of new norms could undermine the existing norms by weakening the overarching protection they provide, or their technology neutral and ‘future-proofed’ nature”. The focus should instead be on the universalisation, operationalisation and implementation of existing norms, with regional organisations and capacity-building efforts playing a central role in this endeavour.

Uruguay is a represented member in the Group of Governmental Experts (GGE) on Advancing responsible State behaviour in cyberspace. The South American country has openly stated that the voluntary norms included in the Report of the Group of Experts (GGE) represent an inescapable guide for the responsible behaviour of States in cyberspace. In session 5 of the second substantive session of the OEWG 2021-2025, Uruguay along with seven other States pointed out the importance of the protection of critical infrastructure, according to norm 13(f).

The July 2021 policy paper on Global Britain in a Competitive Age makes extensive reference to resilience in the post-Covid ICT environment, pledging that the UK will “strengthen global resilience” and “ensur[e] that more resilient countries worldwide can come together through stronger international institutions to act on the most pressing shared challenges”. In the cyber domain, this pledge has been further operationalised by the 2022 National Cyber Strategy, which frames cyber resilience in terms of risk awareness, system security and preparedness. The Strategy prioritises capacity building, adopting a whole-of-government approach and focusing on three elements: protecting critical international supply chains and infrastructure, advancing the secure use of digital technologies and working with industry partners and academia. Since 2016, the UK has worked through the National Cyber Security Centre (NCSC) to adopt an integrated approach to cyber incident management, streamlining across the public and private sectors. Meanwhile, Britain has championed
capacity-building assistance efforts abroad by providing advice, training and exercises and enabling the creation and maintenance of national Computer Security Incident Response Teams (CSIRTs). It has also provided funding to international capacity-building platforms, such as the Forum of Incident Response & Security Teams (FIRST) and the Americas CSIRT network. The UK has been working with partners within the OSCE to encourage the implementation of confidence-building measures (CBMs).

Objective 10 of Uruguay’s Digital Agenda for 2025 provides a clear guideline for resilience measures in cybersecurity and ICT. Uruguay is focused on enhancing cybersecurity to prevent and mitigate risks in cyberspace, advancing compliance with the national cyber-security framework, based on public-private cooperation and ensuring the availability of critical information assets. Uruguay intends to achieve this goal by improving efficiency in detecting and responding to cyber incidents by implementing new technologies that allow for predictive analytics and response automation, among others.

According to the 2022 National Cyber Strategy, the UK is committed to promoting the Council of Europe’s Budapest Convention on cybercrime as the primary international instrument for inter-state cooperation, while simultaneously engaging constructively with the UN process to develop a new international cybercrime treaty that will sit comfortably alongside the Budapest regime. In terms of law enforcement, the UK has developed well established mechanisms through the National Cyber Crime Unit (NCCU), operating under the umbrella of the National Crime Agency (NCA). The NCCU is tasked with leading the operational response, coordinating activity across different stakeholders and providing specialist cyber support across the law enforcement domain. The NCA has also developed a network of international liaison officers, which regularly cooperate with Interpol and Europol. Bilateral cooperation with international partners occurs on the basis of the Budapest Convention and associated Mutual Legal Assistance Treaties (MLATs), which facilitate information sharing amongst signatory states. The UK has been an active participant – and has provided voluntary contributions – in the context of discussions for developing a Second Additional Protocol to the Convention to enhance the speed and efficiency of international evidence sharing; the Protocol will be opened for signature in May 2022. The UK has also provided capacity-building assistance to over 100 partner countries, especially in Eastern Europe, Southeast Asia and Africa.

Uruguay is not a signatory State of the Budapest Convention on Cybercrime, cooperating in international affairs outside of the framework established by the Council of Europe. However, it has a relatively low rate of cybercrime compared to other countries in the region, staking its position as one of the most advanced countries in Latin America and the Caribbean in terms of cybersecurity. Much of its success relies on the Cybersecurity Framework published in 2021, which is allowing Uruguay to start using artificial intelligence to automate incident response and pattern detection, as well as incorporating data analytics to make projections and anticipate incidents.
Regarding Data Protection, Uruguay has adapted its national framework to the European GDPR, despite its latest Data Protection Law dating back to 2008.