Mr.Chair,
First of all, China thanks the Chair for your efforts in convening this meeting. As always, China will support the work of OEWG and the Chair, and play a constructive role in securing positive development of the OEWG 10th session.
This year marks the 80th anniversary of the United Nations and the final stage of the OEWG. In today's turbulent world, the importance of maintaining peace and security of cyberspace has become more prominent than ever before. The last substantive session will be held in July this year, and the final report of OEWG is highly anticipated by the international community.The UN ICT security process is at a critical crossroads,facing new important opportunities as well as severe challenges.
We should revive multilateralism, strengthen unity, demonstrate political will, make best use of the remaining time, build the widest possible consensus, and jointly strive for a high-quality final report, and ensure a successful closure of the OEWG.
Thank you Mr. Chair.
I.Existing and Potential Threats
Regarding existing and potential threats, China believes the following should be reflected in the final report:
First, global cyberspace is at the risk of division and bloc confrontation. For quite some time, some countries continue to overstretch the concept of national security, and politicize cyber security and ICT issues. Their containment and suppression of specific countries has expanded from individual companies and sectors to the entire digital ecosystem, and has divided the global digital market, disrupted integrity of the supply chain,and seriously threatened global development and cooperation. The final report of the OEWG should fully and clearly support that maintaining openness and cooperation and opposing division and confrontation in cyberspace are in line with the common will of the vast majority of countries, and send a clear message of maintaining an open, fair and non-discriminatory global cyber and digital business environment.
Second, the risks of friction and conflicts among States in cyberspace are rising. Following the strategy of cyber deterrence and offense, a certain State has introduced military blocs into cyberspace,developed offensive cyber military capabilities and even publicly declared that other countries' critical infrastructure are legitimate targets of cyber attacks, heightening the risks of friction and conflicts among States in cyberspace. Against this backdrop, it's of more practical significance and should be further emphasized in the final report to uphold peace and security and oppose militarization in cyberspace. Last year's APR has reached important consensus on malicious use and dissemination of ICT weapons and intrusion capabilities by State actors,which the final report should reaffirm.
Third, driven by narrow-minded geopolitical agenda, certain countries have been spreading disinformation on attribution,which has not only eroded mutual trust between States, but also undermined the UN ICT security process. Since last year,Chinese cyber security institutions have released a series of reports on "Volt Typhoon", revealing the truth that the so-called “Volt Typhoon" is actually an international ransomware organization, and unmasking certain countries' trick of hyping up false narrative and framing other countries. We hope the final report should reaffirm that“Attribution is a complex undertaking and that a broad range of factors should be considered before establishing the source of an ICT incident supported by substantiated facts". The final report should also include that “States expressed severe concerns over disinformation about attribution and considered this may undermine mutual trust and incite confrontation between States".
Fourth, in 2024, the pager explosion in Lebanon highlighted the significance of ICT supply chain security. Although technical details are yet to be verified, such incidents that combine cyber and physical attacks and cause indiscriminate harms have truly broken the barrier between cyberspace and the physical world.Any Internet-connected device can be a carrier to launch a cyber attack. The final report should emphasize maintaining the openness, security and stability of global ICT supply chain, and include “ICT products and services providers should not install backdoors in their products and services to illegally obtain users' data, control or manipulate users' systems and devices”.
Fifth, the explosive growth of AI and other emerging technologies has posed more diverse and integrative threats to cyber security. Just recently, Chinese AI model DeepSeek has received world-wide attention for its open source, low costs and high performance. Meanwhile, by using so-called data security and privacy as an excuse, some countries are attempting to ban DeepSeek without any objective evidence. This further highlights the urgency and necessity of discussing data security issue in the OEWG and future permanent mechanism and proves that China's Global Initiative on Data Security is indeed forward-looking and insightful.
China suggests the final report include such principles as "handling data security in a comprehensive, objective and evidence-based manner" “putting equal emphasis on development and security". To address countries' practical needs,we should also discuss and build up consensus on the Initiative's core principles of "States should not request domestic companies to store data generated and obtained overseas in their own territory""States shall not obtain data located in other States through companies or individuals without other States' permission" in an attempt to seek solution on data security in the era of AI.
II.Rules, Norms and Principles of Responsible State Behaviour
On the rules, norms and principles, China believes that the following elements should be reflected in the final report:
First, the comprehensive “observation and implementation" of the framework for responsible State behaviour in the use of ICTs should be reaffirmed. China recommends that Member States take new steps to translate the political commitments into legally binding instrument.
Second, data security is an important item of discussion under the mandate of the OEWG, and is also a prominent issue in the current cyber and digital field. The final report should make it clear that the OEWG and future permanent mechanism to discuss in depth on the formulation of universal and non-discriminatory international rules of data security,and issues like data storage, cross-border data flow and AI-related data security could be topics for future discussion.
Third, we should take concrete measures to promote the development and implementation of globally interoperable common rules and standards for supply chain security,and ensure an open, secure and stable supply chain of global information technology products and services.
Fourth,the issue of critical infrastructure protection is ever more important and pressing. The final report should emphasize that states should not use ICTs to damage other countries' critical infrastructure, destroy or steal important data from other countries' critical infrastructure, or spread disinformation against specific countries. The final report should also make further recommendations on how to strengthen the protection of critical infrastructure.
Fifth,attribution is an integrated part of the rules. Considering the rampant spread of cyber-related disinformation, China suggests that Member States actively consider establishing an authoritative and impartial multilateral attribution cooperation mechanism under the framework of the UN.
Sixth, the final report should make it clear that the" Voluntary Checklist of Practical Actions of responsible State behaviour in the use of ICTs" is implemented based on the existing consensus and remains voluntary, and does not include non-consensus contents and elements beyond the UN ICT security process.
III.International Law
Regarding international law, China insists that the final report should include the following:
First,it should emphasize that the fundamental starting point and ultimate goal of international law discussion is to maintain peace and security in cyberspace. We must be extremely cautious about any suggestions that may encourage or legitimize cyber conflicts.
Second, it should reiterate that the UN Charter as well as the principles enshrined in it, including sovereign equality, refraining from the use or threat of force, settlement of international disputes by peaceful means and non-intervention in the internal affairs of other States are applicable in cyberspace. This is the cornerstone of maintaining peace, security and stability in cyberspace. It should highlight that States take due responsibility to protect critical infrastructure and critical information infrastructure under international laws.
Third, it should approach application of international humanitarian law in cyberspace with caution, oppose the covert formulation of rules of engagement in cyberspace, and prevent cyberspace from becoming a new battlefield.
A few countries suggest that legal experts should be invited to the OEWG and call for scenario-based discussions. China believes that these suggestions will impose heavy burden on developing countries to participate in the discussions, and a more suitable place for such discussions should be university law school classrooms, rather than UN meeting rooms where the majority of participants are diplomats. ICT security is a significant issue concerning international peace and security, as well as national sovereignty and security. It is not only a technical or legal issue, but a major political, economic and social issue. Address political issues in a simplistic technical way is not conducive to advancing discussions on international law.
Fourth, new norms and a new legally binding instrument should be formulated in commensurate with the unique attributes and latest developments in cyberspace. China supports the discussion and formulation of a new legally binding instrument on the basis of universal participation of all parties. The draft Concept of the Convention of the UN on Ensuring International Information Security proposed by Russia provides a good foundation for relevant discussions. China supports Members States in conducting more focused discussions on this issue and formulating a new law.
IV.Confidence-Building Measures
First, the final report should reaffirm that the purpose of confidence-building measures is to enhance mutual trust and predictability among States and reduce misunderstanding and miscalculations. States should not go against the above-mentioned purpose and instead use CBMs as a tool to piece together "small circles", build cyber military alliances and proliferate advanced cyber weapons.
Second,cyberspace is a strategic space concerning sovereignty and security of all countries. The final report should clearly oppose using capacity-building as an excuse to infiltrate and control recipient country's cyber system or taking recipient countries as intermediaries to carry out malicious cyber activities against a third country.
Third, the final report should call on States to identify, disclose and report vulnerabilities in a timely, responsible and non-discriminatory manner, which is important for preventing cyber threats, enhancing mutual trust, and increasing confidence in the use of ICT services.
Fourth, the final report should recognize the importance of the Global POC Directory for facilitating confidence-building in general, support the continued development of the POC Directory and encourage the participation of developing countries.The final report should emphasize the voluntary nature of the POC, and that decision on how to define the roles of the POCs as well as the content and channel to be communicated is to be determined by each State. It should also call on States to make rational and effective use of the existing POC Directory,and carry out policy exchanges, law enforcement cooperation,technology exchanges and information sharing to enhance mutual trust and predictability among States and reduce misunderstanding and miscalculation.
V.Capacity-Building
First, the final report should reaffirm the importance of capacity-building, especially the pressing need to help developing countries in strengthening capacity-building. The existing OEWG and future permanent mechanism should continue to focus on this issue, and come up with practical proposals and solutions.
Second, the final report should reaffirm that capacity-building should be guided by the following principles. It should be open,fair,non-discriminatory, and does not interfere in internal affairs of other countries. It should be provided without conditions and conducted in a sustainable and transparent process. States should oppose using capacity-building as an excuse to infiltrate and control the recipient country's cyber system, spread cyber and digital disinformation against specific countries, or carry out malicious cyber activities against a third country.
In addition, China noted that the UN Secretariat has prepared and circulated the Initial reports entitled Development and Operationalization of a Dedicated Global Information and Communication Technologies Security Cooperation and Capacity-Building Portal and Proposal for Development and Operationalization of a United Nations Voluntary Fund to Support the Capacity-building of States on Security of and in the Use of Information and Communications Technologies, pursuant to the request of the third APR of the OEWG.
Regarding the first report on the Global Portal,paragraph 11(c)of the third part "objectives and purpose" outlines that "facilitation of information-sharing regarding response to threats and incidents”. China has repeatedly stressed that since certain countries have been hyping up cyber attribution for political purposes, such a function, if included in the Portal,could be used as a tool for spreading disinformation, which will go against the original aspiration of Member States in setting up the Portal. In addition, it should be seriously considered that certain functions of the Portal are overlapping with those of the POC, since some Member States have been talking about avoiding redundancy.
On the Voluntary Fund, China is studying it carefully and is willing to engage in future discussions.
VI.Regular Institutional Dialogue
The future permanent mechanism is a major issue concerning both the success of the OEWG and the development of the UN ICT security process. China has submitted a Proposal paper on the issue,and would like to further elaborate our positions.
First, based on the three annual progress reports, the OEWG has in fact reached a universal consensus that a single-track, government-led, consensus-based permanent mechanism on ICT security should be established under the auspices of the UN. We should make it clear that “We decide to establish a single-track,government-led,consensus-based permanent mechanism on ICT security under the auspices of the UN”be included in the final report of the OEWG,and initiate the preparation work at an early stage, ensuring smooth transition from OEWG to the future permanent mechanism.
What needs to be stressed is that given that broad consensus has already been reached among Member States, any attempt to push forward a new parallel process is a serious setback, and will undermine the achievements reached by the OEWG over the past 5 years and ultimately split the UN ICT security process. As the Chair puts it, now that we have reached the final leg of a marathon, we should cherish the hard-earned achievements since beginning of the marathon and ensure success of the OEWG in the last one kilometre.
Second,regarding the structure of the mechanism, we'd like to share with you China's main considerations based on our proposal paper.
First, the framework for responsible state behavior in the use of ICTs is the consensus of all UN Member States and the cornerstone of the UN ICT security governance. The future mechanism should fully inherit the mandate of the existing OEWG, and promote discussion of the "five pillars" of the framework, namely existing and potential threats, rules, norms and principles, international law, confidence-building measures and capacity-building, in a comprehensive and balanced way.Selective promotion of certain pillars of the framework is not constructive and will not only undercut the already-achieved outcomes of the UN ICT security process, but also undermine the authority of the framework.
Second, based on the “five pillars"and the consensus reached in the APRs, China believes that the meetings of the future mechanism should be rolled out in a streamlined, efficient and gradual manner. Therefore, the meetings of the future mechanism could be structured as follows:
Two dedicated plenary meetings and one substantive plenary session to be convened per year during each biennial cycle,with each dedicated plenary meeting lasting for 3 to 5 days, and substantive plenary session for 5 days in duration. The first dedicated plenary meeting in each year would focus on the discussion of existing and potential threats,rules, norms and principles and international law, and the second dedicated plenary meeting focus on CBMs and capacity-building.
In a biennial cycle, the substantive plenary session of the first year would fully and systematically review the discussions on the "five pillars" of the framework, and the substantive plenary session of the second year would be dedicated to discussing a biennial progress report.
For the fifth year of the review cycle, two dedicated plenary meetings and one plenary session would be held. The first dedicated plenary meeting, lasting 5 days, will review the discussions on existing and potential threats, rules, norms and principles and international law during the last four years. The second dedicated plenary meeting, lasting 3 to 5 days,will review the discussions on CBMs and capacity-building in the past process. The substantive plenary session, lasting 5 to 8 days,will discuss a review report of the five-year cycle.
Regarding the dedicated thematic groups, concerning that Member States have major differences on the number and agenda of the thematic group, and based on the Annex C of the third annual progress report of the OEWG in 2024, China proposes that at this stage, it is a practical choice for the dedicated thematic groups to be established by decisions of the future permanent mechanism as required.
I would like to stress that China's proposal has fully taken into account the concerns of various parties and shows flexibility.On the agenda of the meetings, we have learned from the useful experience of the existing OEWG, and fully considered the “five pillars" of the framework to enable exchanges among Member States to go wider. At the same time, we have fully considered the latest developments of cybersecurity and technological revolution and answered the call of Member States to go deeper in their discussions, by setting up a more focused agenda with adequate time for discussion. On the meeting schedule, we have also given full consideration to the aspirations of small and medium-sized countries and made flexible arrangements on the duration of the meetings. China agrees with Mr. Chair's idea of“finding a common zone”, which is probably the most feasible consensus we can reach under the current circumstances on the structure of the future permanent mechanism.
Third,we should adhere to the principle of consensus.The future permanent mechanism is an important platform of the First Committee of the UN General Assembly. Any issues pertaining the mechanism, whether substantive or procedural, should be decided by consensus in strict accordance with the rules of procedure of the First Committee. In this vein, the participation of multi-stakeholder in future permanent mechanism should inherit the existing model of this OEWG,otherwise it may affect the smooth beginning of the future permanent mechanism, and also undermine the authority of the rules of procedure of the First Committee and interfere with the work of other platforms of the First Committee.
In fact, the multi-stakeholder issue is not a new one or a procedural one, but a substantive issue concerning the working methods of the future permanent mechanism. At the very beginning, this OEWG was facing a deadlock due to this issue and wasted plenty of valuable time. With the strong coordination of Mr. Chair and the efforts of all parties, the OEWG has resolved the issue, functioned well and achieved remarkable results ever since, which fully demonstrates that the existing modalities are more than effective.
Mr. Chair, as we are approaching the last minute of the OEWG,China hopes that we can strike a balance between ambition and reality,show wisdom and solidarity, and make concerted efforts to reach consensus results on this issue. China is willing to continuously play a constructive role, exchange views with Member States and continue to support the work of Mr. Chair and the OEWG.
Thank you,Chair.