As countries around the world are looking ahead to the (re)launch of UN cyber-norms processes, the EU Cyber Direct Project hosted a discussion in December 2018 in Brussels on the future of Indo-European cooperation in cyberspace with members of the official Indian cyber-diplomacy delegation.
India — a member of BRICS, the Shanghai Cooperation Organization (SCO), and the Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) — is particularly active in enhancing its cybersecurity posture and in engaging in international conversations on data protection, norms of state behaviour, and the applicability of international law in cyberspace. Bilaterally, India has signed cybersecurity-related agreements with, among others, European member-states, the United States, United Kingdom, Russia, and Israel. According to the Indian Delegation, the Indian government highly values, and looks forward to, its engagement with the European Union and like-minded partners to promote the development of universal cyber-norms of responsible behaviour acceptable to all states, and studying how specific provisions of international law apply to cyber conflict.
Confidence-building measures are vital components of deepening mutual trust, reducing risks, preventing conflicts, and maintaining predictability and stability in cyberspace. To this effect, India favours areas of practical cooperation with the European Union — notably, on cyber-crime and criminal justice — that have the potential to evolve into broader and more substantial normative commitments. More specifically, sharing of information on cyber-threats and cyber incidents, strengthening law enforcement cooperation to address cyber-crime, promoting capacity building in cyber-forensic and matters related to cyber evidence, and sharing expertise on best practices for the protection of critical information infrastructure area, are perceived as pressing for the EU-India cooperation. Similarly, the Indian delegation highlighted joint research and development on cyber-defence as another promising venue for collaboration between the EU and India in the near future. On a related note, participants discussed India’s regional engagement in the field of cybersecurity, in particular in the framework of the BIMSTEC. In December 2018, BIMSTEK’s Southeast Asian member-states India, Bangladesh, Bhutan, Myanmar, Nepal, Sri Lanka, and Thailand adopted a ‘Roadmap for BIMSTEC Cyber Security Cooperation’ that underlines the need for the development of CBMs and capacity-building in cybersecurity.
Significantly, at the First Committee of the UN General Assembly in November 2018, India supported both cyber norms-building processes — that is, the creation of an open-ended working group, and the renewal of the Group of Governmental Experts — related to the international security dimensions of cyberspace and the objective of further developing rules and norms of responsible state behaviour in cyberspace. As noted by roundtable participants, however, India will continue carefully monitoring UN-level activities and will provide useful input on how to ameliorate the language of the adopted by the UNGA draft, as well as on how to enhance synergy between the two processes. Moreover, while in favour of structured approaches towards norm-building, for instance under the framework of the SCO, Indian participants emphasised that New Delhi’s cyber policy does not necessarily align with that of other members of the organisation.
Furthermore, much like the European Union, India is investing heavily in improving its national cyber-resilience posture and has sophisticated cybersecurity institutional and regulatory environment. As one of the first countries that initiated mandatory cybersecurity testing and certification for telecommunication companies — in a way similar to the provisions of the EU’s Cybersecurity Act — the Ministry of Electronics and Communication undertakes certificate testing for ICT products in order to diminish risks related to supply chain security and is currently developing a new framework for centralized certification and accreditation.
Furthermore, European and Indian participants shared experience and discussed lessons learned on the topic of data protection, which is of interest for India’s efforts to establish a bill on data protection modelled on the EU GDPR.