The international community has long struggled with the challenge of translating international law into actionable norms and practices in cyberspace. The conclusion of the United Nations Open-Ended Working Group (OEWG) on the security of and in the use of information and communications technologies 2021-2025 marks a vital milestone in that ongoing process. With the adoption of its Final Report on 11 July 2025, the OEWG delivered what many regards as a high point in international cyber diplomacy: a consensus document articulating the foundations for responsible state behavior in cyberspace.

From Principles to Practice: The OEWG’s Role in Shaping Multistakeholder Governance

This report reflects the culmination of a five-year mandate to negotiate, clarify, and codify principles guiding state conduct in the digital realm. These include commitments to respect international law, develop voluntary norms of responsible behaviour, reduce risks through confidence-building measures, and promote equitable capacity building. The report also acknowledges existing and potential threats in cyberspace, underlining the urgency and complexity of the challenges that lie ahead.

The OEWG process—initiated in 2019 and followed by its successor in 2021—sought to unify disparate national, regional, and institutional approaches to cyber governance into a coherent framework. Despite differences in geopolitical outlook and competing visions of digital sovereignty, states managed to agree on the continuing applicability of international law to state conduct in cyberspace. This includes the UN Charter, international humanitarian law, the principles of sovereignty, non-intervention, the prohibition on the use of force, and due diligence. The report stops short of elaborating legally binding provisions, but its significance lies in reaffirming these principles and creating space for future legal interpretations.

Over the course of its tenure, the OEWG produced several key outcomes, including the development of a global, UN-hosted Points of Contact (PoC) Directory to facilitate direct communication and coordination among states, especially in the context of potential cyber incidents. Alongside this, a Template for Communication was introduced to support timely and effective information sharing. These initiatives signal a practical commitment to operationalising cyber diplomacy, moving beyond abstract norms to tangible mechanisms for state interaction.

However, perhaps the most consequential outcome of the OEWG is the establishment of a new, permanent institutional framework for continued discussions: the Global Mechanism on Developments in the Field of ICTs in the Context of International Security and Advancing Responsible State Behaviour in the Use of ICTs. Unlike previous ad hoc processes, this mechanism is designed as a standing body that will allow for sustained and structured dialogue under the auspices of the United Nations General Assembly (UNGA).

Institutionalising Inclusion: Civil Society and the Global Mechanism

A major development in the Global Mechanism is its effort to embed multistakeholder participation, especially the inclusion of civil society, into the heart of cyber norm deliberations. The involvement of civil society has been a long-standing demand from advocacy groups, think tanks, academic institutions, and technical communities that have been instrumental in shaping the discourse on cyber norms, international law, and internet governance.

While the OEWG’s negotiation process itself limited non-governmental participation—particularly in earlier phases—subsequent developments have reflected a shift towards greater inclusion. The Final Report establishes a structured mechanism for stakeholder engagement in the new Global Mechanism. Specifically, non-governmental organisations (NGOs) with ECOSOC consultative status will be eligible to participate in plenary sessions and review conferences, and other stakeholders may also be considered for participation through an accreditation process based on the non-objection principle.

This is a significant, if incremental, development. It signals recognition by states that the challenges posed by ICTs cannot be resolved through intergovernmental processes alone. Civil society brings domain-specific expertise in areas such as digital rights, technical standards, cybersecurity policy, and humanitarian law. More importantly, it represents voices that are not always reflected in state-centric processes, including marginalised communities, end users, and digital rights defenders.

The value of such participation is particularly evident in norm development and legal interpretation. Civil society actors have contributed substantially to the interpretation of how norms of sovereignty, human rights, and non-intervention apply to state actions online. Their involvement in capacity-building initiatives has also helped expand the reach of digital security practices in the Global South, where localised responses and culturally sensitive solutions are crucial.

As the Global Mechanism begins its formal work in 2026, these actors will be crucial in supporting transparency, promoting accountability, and ensuring that the agreed norms reflect both state and non-state perspectives. However, the effectiveness of this inclusion will depend on how accessible, predictable, and equitable the accreditation process turns out to be in practice. Civil society must not only be invited to observe but enabled to contribute meaningfully.

Beyond Cyber Diplomacy: Legitimizing the Multistakeholder Model for Internet Governance

The launch of the Global Mechanism represents the institutional legacy of the OEWG. It will serve as a subsidiary body of the UNGA and will report directly to the First Committee, which deals with disarmament and international security. Its mandate is to continue discussions on the five foundational pillars of responsible state behaviour:

• Existing and potential threats
• International law
• Voluntary norms
• Confidence-building measures (CBMs)
• Capacity building

The Global Mechanism is structured to convene in multiple formats. Annual substantive plenary sessions will serve as the main deliberative forum within each biennial cycle. In addition, two thematic working groups will be established: one general, covering issues related to norms, threats, and international law, and the other specifically focused on capacity building. These groups are expected to provide a more granular platform for technical and policy discussions. Importantly, every five years, the mechanism will host a Review Conference to assess progress and set strategic direction. Inter-sessional meetings may also be convened as needed to respond to urgent developments or advance particularly complex topics.

This layered format ensures continuity and depth while remaining flexible enough to adapt to changing geopolitical and technological landscapes. It also establishes a clear and predictable timeline for engagement and accountability. The mechanism is set to begin formal operations in March 2026, with its first substantive session scheduled by June 2026. A review conference is planned for 2031, providing a medium-term horizon to evaluate progress. Periodic reviews will occur every four years to assess effectiveness and guide future work. This timeline is detailed in the “Draft Elements for the Open-Ended Action-Oriented Permanent Mechanism on ICT Security in the Context of International Security,” issued by the Chair of the Open-Ended Working Group (OEWG).

The commitment to capacity building remains central. One of the most cited challenges in implementing cyber norms is the disparity in national capacities to detect, prevent, and respond to cyber threats. The OEWG Final Report acknowledges this gap and emphasises the need for tailored, needs-based capacity-building measures that are transparent, inclusive, and politically neutral. Capacity-building efforts will be linked not only to technical skills but also to legal and institutional development, ensuring that states can effectively translate global norms into national practice.

Equally important is the role of like-minded states in reinforcing the multilateral process. Members of the European Union, alongside the United States, Australia, Canada, and others, have consistently advocated for an open, interoperable, secure, and end-user focused cyberspace. Their continued support will be crucial to anchoring the new mechanism in democratic principles and ensuring that it retains the multistakeholder ethos.

With all this in mind, it’s worth noting that the Global Mechanism does not exist in a vacuum. It must adjust to a crowded governance landscape that includes the UN Internet Governance forum, its regional initiatives (IRIs), other regional forums, and various technical standard-setting bodies, ICANN and the IETF included. Coordination and complementarity among these fora will be essential. Without it, there is a risk of fragmentation or duplication, which could dilute the effectiveness of the new institution.

Timeline of Key Milestones

• December 2018: UN General Assembly Resolution 73/27 establishes the first OEWG (2019—2021) and a parallel GGE (2019—2021).
• 2021: A second OEWG is established (2021—2025), with a five-year mandate to deepen discussions on cyber norms, international law, and capacity building.
• 2022: The OEWG launches initial discussions on the Global Points of Contact Directory.
• 2023: A Template for Communication between national PoCs is introduced and piloted.
• 2024: Member States agree in principle to establish a more permanent institutional mechanism to succeed the OEWG.
• 11 July 2025: OEWG adopts its Final Report, including the creation of the Global Mechanism.
• March 2026: Formal launch of the Global Mechanism’s work, beginning with its first plenary.
• 2026—2030: Biennial cycles of plenary and working group sessions.
• 2031: First Review Conference of the Global Mechanism.

The Road Ahead

The OEWG 2021—2025 has succeeded in building a foundation for responsible state behaviour in cyberspace. Its most lasting contribution, however, may be the establishment of a permanent, multistakeholder mechanism through which these principles can be developed, implemented, and refined. The Global Mechanism offers the promise of continuity in governance, legal anchoring through international law, and a platform for civil society participation.

The next few years will be critical. The success of this framework will depend not only on the willingness of states to abide by the norms they have agreed upon but also on the vibrancy of the broader multistakeholder ecosystem that supports them. Civil society must be empowered to act not as a peripheral observer but as an essential contributor to global digital governance.

If applied fully, the Global Mechanism could become a model for future governance in other domains of emerging technology: grounded in law, open to multistakeholder participation, and committed to international peace and security.