Annex C: Norms for the responsible behaviour of States in cyberspace

From the report of the 2015 UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (A/70/174).

  • Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security.
  • In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences.
  • States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs.
  • States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect.
  • States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression.
  • A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.
  • States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions.
  • States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty.
  • States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions.
  • States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure.
  • States should not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cybersecurity incident response teams) of another State. A State should not use authorized emergency response teams to engage in malicious international activity.
Democratic Principles
Human Rights
Ethics of Critical Technology
Diversity and Gender Equality
International Peace and Stability
Disinformation & Misinformation
Cyber Security
Cyber Crime
Online Harms & Safety
Regional Connectivity
Digital Trade
Markets and Supply Chains
Critical Technology Standards
Research, Industry and Innovation
Internet Governance
International
Indo-Pacific
South East Asia
Pacific
Indonesia
India
Papua New Guinea
ASEAN
Attribution
United Nations
Artificial Intelligence
Ambassador for Cyber Affairs and Critical Technology
Incident response
Critical Technology
Cyber Affairs
Multilateral engagement
Bilateral engagement
Partnerships and agreements
Standards
5G
Connectivity
International law and norms
Confidence building measures
Values
Security
Prosperity
Regulation and governance
Quantum computing
Blockchain
Online safety
Electoral integrity
Cyber and Critical Technology Cooperation Program
Digital Trade
2017 International Cyber Engagement Strategy
Grant
Capacity building
Women in Cyber
News and announcements
Media