ICANN publishes update on UNGA cyber discussions 2023–2025

The Internet Corporation for Assigned Names and Numbers (ICANN) has published an update from its Government and Intergovernmental Organization Engagement team, reviewing cyber discussions at the United Nations General Assembly (UNGA). The report covers the second Open-Ended Working Group (OEWG) on ICT security, the Ad Hoc Committee on cybercrime (AHC), and the Global Digital Compact (GDC).
ICANN publishes update on UNGA cyber discussions 2023–2025

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a new update from its Government and Intergovernmental Organization Engagement team. The publication reviews recent cyber discussions at the United Nations General Assembly (UNGA), focusing on the second Open-Ended Working Group (OEWG) on ICT security, the Ad Hoc Committee on cybercrime (AHC) between September 2023 and July 2025, and the Global Digital Compact (GDC) negotiations that took place in 2024.

the open-ended working group: from temporary forum to permanent mechanism

The OEWG on ICTs, which ran from 2021 to 2025, was created to give all UN member states a platform to discuss how international law applies in cyberspace, what rules and norms should guide state behaviour, and how to build trust and capacity among countries. Over its sessions, the group examined threats such as cyberattacks on critical infrastructure, the risks of internet fragmentation, and emerging challenges posed by quantum computing and AI.

In July 2025, the OEWG concluded with the adoption of its Draft Final Report by consensus. The report established a new permanent Global Mechanism on ICTs in the context of international security, which will meet annually. This mechanism will be supported by two dedicated thematic groups: one to focus on ICT security challenges and another to promote capacity-building. The new structure inherits the OEWG’s five areas of work: threats, international law, voluntary norms, confidence-building, and capacity development.

The report also confirmed that each state retains the right to decide which systems it designates as “critical infrastructure,” acknowledging that attacks on cross-border networks such as undersea cables could have cascading global effects. However, the discussions revealed deep divides: countries like Russia, China, and Iran emphasised sovereignty and called for limiting the role of non-state actors, while the European Union, the United States, and others stressed the importance of including civil society, the technical community, and the private sector in order to draw on their expertise. A compromise was reached: accredited stakeholders can attend and speak, but a “non-objection” rule allows any state to block their participation in formal sessions.

The un cybercrime convention

Running parallel to the OEWG, the Ad Hoc Committee (AHC) worked on drafting a new international treaty on cybercrime. After difficult negotiations, the UN Cybercrime Convention was adopted in December 2024. Its purpose is to improve cooperation between states in investigating cybercrime, facilitate cross-border evidence sharing, and address criminal activities committed through ICTs.

One of the treaty’s provisions, however, has raised concerns. It obliges states to empower authorities to compel “any person with knowledge” of an ICT system to provide information needed for investigations. While intended to help law enforcement access evidence, critics warn that the vague wording could be interpreted broadly and risk misuse, particularly if applied to technical staff, private companies, or even end-users.

The Global Digital Compact

The Global Digital Compact (GDC), adopted at the Summit of the Future in September 2024, sets out a broad framework for international cooperation on digital governance, including AI. It reflects ongoing debates over internet governance and digital inclusion.

Different groups of states expressed distinct priorities:

  • The G77+China insisted the process remain state-driven, with stakeholders playing only a supporting role.
  • The European Union pushed for the Internet Governance Forum (IGF) to be recognised as the main global platform for internet governance.
  • The African Group emphasised that open and secure internet access is essential for closing the digital divide.
  • China argued against “digital fragmentation” but maintained that stakeholder participation must follow strict UN procedures.

This diversity of views demonstrates both the ambition and the difficulty of building a global consensus on digital cooperation.

Looking ahead

The developments between 2023 and 2025 illustrate both progress and ongoing tensions in UN cyber discussions. States have agreed on new structures—the Global Mechanism and the Cybercrime Convention—and endorsed a broad digital governance framework in the GDC. At the same time, differences remain over how inclusive these processes should be and how to balance sovereignty with the global nature of the internet.

As the UN transitions from the OEWG to the Global Mechanism and begins implementing the new convention and compact, the challenge will be ensuring that these instruments are not just agreements on paper but workable tools for managing the security and governance of the digital environment.

Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.

Civil Society Alliances for Digital Empowerment (CADE) 2024. All rights reserved.

This website is co-funded by the European Union. Its contents are the sole responsibility of CADE and do not necessarily reflect the views of the European Union.

Web accessibility | Privacy policy

Go to Top