1. I have the honour to speak on behalf of the European Union and its Member States.

2. The Candidate Countries North Macedonia*, Montenegro^*, Serbia^*, Albania^*, Ukraine, the Republic of Moldova, Bosnia and Herzegovina^* and Georgia, and the EFTA country Norway, member of the European Economic Area, as well as San Marino align themselves with this statement.

3. Thank you Chair for convening a Townhall meeting last week on this topic. As you mentioned in your opening remarks last Monday, a constructive approach by all is necessary to reach consensus on a single-track process that is “focused on practical results” to “make a difference”. We must work diligently to find the solutions needed to ensure that the future permanent mechanism not only starts seamlessly, but also begins with a strong and successful foundation. We will strive towards this objective.

4. For the EU, two elements have explicitly and recurrently crystallized over the last OEWG meetings, and again resurfaced over the course of this week:

1. Firstly, the work the international community has done over recent years on the UN framework for responsible state behavior in cyberspace has given us a solid foundation.

2. And secondly, the Programme of Action as the future permanent mechanism will provide us with the house, in which we can continue to advance responsible State behavior, build our resilience against cyber threats, and strengthen international cooperation. The positive cycle created by the mechanism will also ensure that a continued assessment of the threat environment, the needs of States and potential gaps in implementation of the framework can ground the advancement of the framework into reality.

5. In order to make practical progress in our cooperation to implement the framework and tackle cyber threats, the future permanent mechanism should adopt an approach focused on our objectives and common challenges, such as on building resilience to protect our critical infrastructure, or increasing cross-border cooperation for incident response.

6. To this end, we agreed in the 3^rd Annual Progress Report that dedicated working groups should conduct focused discussions, enable needs-based capacity building and feed the substantive plenary sessions with updates and recommendations.

7. In our view, the thematic groups could focus on actionable recommendations and on three encompassing objectives related to ICT security: building cyber resilience, increasing cooperation, and ensuring stability in cyberspace. They should function in complementarity with annual discussions in plenary as we have in the OEWG. They would apply to these main objectives the toolbox of norms, international law, confidence building measures and capacity building. Thus, the working groups would generate input on the framework to the plenary discussions, which would retain the decision-making power. 

8. The groups should be inclusive and open to all UN Member States, should offer the possibility for remote participation, and should not be held in parallel. They could include on their agenda briefings by experts.  The proposal put forward by France[1] would enable three groups to lower the burden on delegations through less meetings than the current format, while ensuring action-oriented discussions and recommendations.

9. Indeed, the thematic groups should also enable needs-based cybersecurity capacity building activities and building on agreed initiatives developed within the OEWG (2021-2025). Capacity building could be facilitated through a cyclical process of (a) sharing expertise, (b) identifying needs, (c) matching needs with resources, (d) informing the further development of common understandings.

10. As for your question relating to the issue of modalities on the participation of other interested parties and stakeholders, it will come as no surprise that the EU and Member States see the contribution by academia, civil society, businesses and the technical community as valuable to our discussions, considering their responsibilities in the security and stability of cyberspace.

11. It is essential that the POA is established in a way that ensures meaningful contributions from stakeholders with modalities that do not allow a single state to have the final say in whether a stakeholder can participate. These modalities work on the same principle as modalities of this OEWG, that is, a voice, not a vote, while providing a meaningful avenue to express that voice more fairly and with more integration.

12. Through this modality, state objections to a stakeholder’s participation are subject to transparency and a subsequent vote of all member states to determine whether the prospective stakeholders should be excluded. This will ensure that relevant stakeholder expertise will be available to the POA as it helps states to implement the framework.

13. Chair, the EU commits to continue working hard to get this right. Together we can constructively contribute to shaping a future RID where all of us can access the best opportunities there are for responsible state behavior in cyberspace.
14. Thank you.

* North Macedonia, Montenegro, Serbia, Albania and Bosnia and Herzegovina continue to be part of the Stabilisation and Association Process.

[1] FR to present its proposal before the EU statement