Council Conclusions on malicious cyber activities

The Council of the European Union through these Council Conclusions stresses the importance of a global, open, free, stable and secure cyberspace where human rights and fundamental freedoms and the rule of law fully. It recalls its Conclusions on the Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities to prevent conflict, foster cooperation and stability in cyberspace, also by setting out restrictive measures.

The EU expresses its serious concern about the increased ability and willingness of third states and non-state actors to undertake malicious cyber activities and recognises that the nature of cyber threats requires joint efforts and specific responsibilities by governments, private sector, civil society, technical community, users and academia. The EU also condemns the malicious use of information and communications technologies, including the cases of Wannacry and NotPetya, and hints at the destabilizing effects of these acts. The Council stresses that existing international law is applicable to cyberspace and emphasises that respect for international law, in particular the UN Charter. The EU underlines that States must not use proxies to commit internationally wrongful acts using ICTs, and should seek to ensure that their territory is not used by non-state actors to commit such acts as expressed in the UNGGE 2015 report. The EU expresses its willingness to continue working on the further development and implementation of the voluntary non-binding norms, rules and principles for the responsible State behaviour in cyberspace as articulated in the 2010, 2013 and 2015 reports of the respective UNGGE, within the UN and other appropriate international fora.