For the first time in nearly two decades of UN-led multilateral negotiations, the eleventh and final substantive session of the UN Open-Ended Working Group on the security of and in the use of ICTs 2021–2025 (OEWG 2021–2025) marked a historic turning point, laying the foundation for a new, single-track, permanent UN Global Mechanism to guide responsible state behaviour in cyberspace. In an era where cyber threats are growing in complexity, targeting critical infrastructure, undermining public trust, and fuelling geopolitical tensions, this mechanism marks a significant evolution in UN-led cyber diplomacy. It shifts from ad hoc, time-limited forums to a standing institutional body designed to facilitate action-oriented, inclusive dialogue. Until this major milestone for international cooperation in cybersecurity, the United Nations had hosted two main mechanisms for intergovernmental dialogue on cybersecurity. In addition to six cycles of Groups of Governmental Experts (GGEs) addressing responsible state behaviour in cyberspace in the context of international security, the UN launched a first Open-Ended Working Group (OEWG) in 2019, followed by a second OEWG in 2021. Unlike the GGEs, which were restricted to a limited number of states, the OEWG process was inclusive of all UN Member States, and open to multistakeholder community. However, both formats were bound by time-limited mandates. The temporary status of these mechanisms prompted states, during the 2021–2025 OEWG, to broaden their agenda and work toward a more permanent UN mechanism. Over its four-year mandate, the second OEWG addressed a wide range of issues: from existing and emerging cyber threats to the development of voluntary norms, rules, and principles of responsible behaviour; the application of international law in cyberspace; confidence-building measures; and capacity-building. A central focus of the group’s work became the establishment of a permanent institutional mechanism for regular, structured dialogue on cybersecurity, what is now known as the Global Mechanism.
According to the final report of the OEWG 2021–2025, at the heart of the future Global Mechanism will be two Dedicated Thematic Groups (DTGs): one to promote an open, secure, stable, accessible, peaceful and interoperable ICT environment, and the other on accelerating Cyber Capacity Building (CCB). While participation modalities remain largely unchanged, the DTGs offer space for structured engagement with non-state technical experts. Each group will work from rotating agendas, covering concrete issues such as the protection of critical infrastructure, lessons learned, and best practices. Discussions are expected to result in practical, forward-looking recommendations that will feed into an annual substantive plenary session. The plenary will be organised around the five established pillars of responsible state behaviour, mirroring the current OEWG structure and allow participation form accredited non-state stakeholders. The DTGs will meet for five days per year in an informal, hybrid format, alongside a five-day plenary. This setup halves the current annual meeting time of the OEWG. After four years, a review conference will assess the Global Mechanism, including potential adjustments or expansion of the DTGs. Intersessional meetings may be convened by the Chair if needed to address specific issues.
While the agreement to establish a Global Mechanism understandably drew the most attention, the OEWG’s final report also reflects modest but meaningful progress across several substantive areas. For example, it includes a forward-looking and comprehensive section on existing and emerging threats, ranging from ransomware and supply chain attacks to spyware, wiper malware, and the malicious use of artificial intelligence and quantum computing. The report also reinforces the cumulative effect of prior agreements on the 11 voluntary, non-binding norms of responsible state behaviour, including commitments to protect critical infrastructure, avoid targeting the public core of the internet, and handle ICT incidents responsibly. On confidence-building measures (CBMs), the report endorses concrete tools such as a Global Points of Contact Directory and proposes the development and utilisation of standardised communication templates for assistance requests and incident reporting, practical steps aimed at enhancing transparency and trust among states. Progress on capacity-building is also reflected in the report’s call for long-term, inclusive, and demand-driven support, particularly for developing countries. It specifically recommends the creation of a dedicated Global ICT Security Cooperation and Capacity-Building Portal, developed through a step-by-step modular approach. This online platform would support the Global Mechanism by helping match capacity-building needs and demands with appropriate solutions.
While capacity-building remains a cornerstone of international cooperation in ICT security, the final report also underscores the central role of international law in promoting stability and responsible state behaviour in cyberspace. At the same time, international law has consistently been among the most contentious issues throughout the OEWG negotiations, a tension that is reflected in the final report. Although the report reaffirms that international law, particularly the UN Charter, applies to state conduct in cyberspace, it offers limited progress on how these principles should be interpreted and implemented in practice. Notable omissions, such as explicit references to international humanitarian law and international human rights law, highlight the deep and persistent divisions among Member States on key legal issues and principles. While the final report shows limited progress in this area, the OEWG process has nonetheless catalysed greater legal clarity and dialogue among states. Over 100 UN Member States, individually or through a regional grouping such as the European Union and African Union, have published national or collective positions on the application of international law in cyberspace over the course of the OEWG’s mandate.
Overall, the OEWG’s final report may not resolve every open question in the realm of international cybersecurity, but it undeniably marks a turning point. In a time of growing geopolitical tensions and contested multilateralism, the consensus outcome achieved by 193 UN Member States in the context of the UNOEWG, including the establishment of a permanent UN Global Mechanism, is a significant milestone. The report consolidates years of complex dialogue into a shared, if imperfect, foundation of a new stage of cyber diplomacy. It provides evidence of the UN critical role in coordinating state-led discussions on responsible behaviour in cyberspace, while also opening new doors for stakeholder expert input and more action-oriented processes. The Global Mechanism now provides a permanent institutional home to build on the progress of the previous UN mechanisms and translate years of negotiations into actions. With this platform in place, much will now depend on how forthcoming debate and decisions will “furnish the home”: how they shape the agenda, set up and use the DTGs in relation to the plenary, and strengthen engagement with stakeholders. The inaugural organisational session in March will be an early test of whether this new format can deliver on its potential.
