Contact

UN Cyber Processes
(OEWG & AHC)

Key facts

Open-ended Working Group (OEWG) on the Security of and in the Use of ICTs

Norm-setting
Process to discuss or agree on digital policy norms
Multilateral
Intergovernmental, limited stakeholder participation
Partly open - there are medium barriers that make it harder for civil society to meaningfully participate
Openness
  • The current (2021-2025) OEWG is the main UN process for advancing international cooperation on cyber norms, international law, and capacity building.
  • It was established by the UN General Assembly in 2018 to discuss responsible state behaviour in cyberspace.
  • It is open to all UN Member States, unlike its more closed predecessor, the Group of Governmental Experts (GGE), composed of experts from 25 States working in their personal capacity.
  • It is led by the UN First Committee and supported by the OEWG Secretariat, and produces annual progress reports (APR) that influence global policy by recording the views of Member States on what constitutes responsible behaviour in cyberspace and agreed actions.

Ad Hoc Committee on Cybercrime (AHC) / UN Cybercrime Convention (UNCC)

Binding
Process with legally binding outcomes
Multilateral
Intergovernmental, limited stakeholder participation
Partly open - there are medium barriers that make it harder for civil society to meaningfully participate
Openness
  • In 2019, the UN General Assembly (UNGA) established the AHC to negotiate an international convention on cybercrime.
  • The text of this convention – the draft UN Cybercrime Convention (UNCC) – was finalised and adopted by UNGA in 2024.
  • The draft UNCC covers criminalisation, investigative powers, and cross-border cooperation. It will enter into force once 40 states ratify it and ratifying states must align national laws with its provisions.
  • States agreed that the AHC will continue its work to negotiate an additional protocol to the Convention, addressing additional offences.

Related events

Status:
Binding
Process with legally binding outcomes
Norm-setting
Process to discuss or agree on digital policy norms
Discussions
Forum to discuss digital policy issues
Deadline
Opportunity to offer written feedback or participate
Type:
Multistakeholder
Formal role for non-governmental stakeholders
Multilateral
Intergovernmental, limited stakeholder participation
Openness level:
N/A or no information about level of openness
Open - there are no or low barriers that make it easy for civil society to meaningfully participate
Partly open - there are medium barriers that make it harder for civil society to meaningfully participate
Not open - there are high barriers that make it very hard or impossible for civil society to meaningfully participate
Jul
Oct
2026 Mar
Jun
UN Cyber Processes (OEWG & AHC)
OEWG on security of and in the use of ICT, 11th and Final Substantive Session
New York, UNITED STATES
07 - 11 Jul 2025
07 - 11 Jul 2025
OEWG on security of and in the use of ICT, 11th and Final Substantive Session

Event link

[TBD] Signing ceremony of the draft UN Cybercrime Convention
Hanoi, VIETNAM
25 Oct 2025
25 Oct 2025
[TBD] Signing ceremony of the draft UN Cybercrime Convention

Event link

[TBD] Organizational session of a future permanent mechanism on security of and in the use of ICTs
New York, UNITED STATES
01 - 31 Mar 2026
01 - 31 Mar 2026
[TBD] Organizational session of a future permanent mechanism on security of and in the use of ICTs
[TBD] First plenary session of a future permanent mechanism on security of and in the use of ICTs
New York, UNITED STATES
01 - 30 Jun 2026
01 - 30 Jun 2026
[TBD] First plenary session of a future permanent mechanism on security of and in the use of ICTs

Why it matters

Both the OEWG and the AHC’s UNCC may have serious implications for the respect, protection and promotion of human rights online and offline.

Through voluntary and consensus-based agreements, the OEWG shapes expectations around state conduct in cyberspace, including the application of international law in cyberspace. It also builds understanding of cyber capacity building and promotes confidence building measures. Civil society engagement is vital to ensure rights-respecting approaches.

The OEWG is coming to an end in July 2025 and discussions on a new permanent cybersecurity mechanism are ongoing. Civil society participation is needed to push for any future mechanism to be inclusive of all stakeholders, transparent and grounded in human rights.

The AHC’s draft UNCC introduces broad criminalisation and sweeping surveillance and enforcement powers, posing serious risks to human rights, including freedom of expression and privacy. While it contains some human rights safeguards, many actors see these as vague, insufficient and lacking effective oversight.

The negotiation of an additional protocol to the UNCC – aimed at increasing the scope of the Convention through adding further offences – poses additional risks to human rights.

Although the UNCC has been adopted, advocacy continues to urge States to withdraw support or decline to ratify. In addition, further negotiations of an optional protocol are due to begin, and an oversight mechanism will be established, requiring future engagement and monitoring from civil society once it enters into force.

How it works

The AHC and OEWG have very different mandates and trajectories:

  • The OEWG is a voluntary and consensus-based process, focusing broadly on international security in cyberspace. Its outputs are non-binding but persuasive.
  • The AHC is a treaty process, anchored by a specific, binding output (the UNCC). Once it enters into force, ratifying states will be required to align their domestic laws with its provisions

Both processes are state-led with varying opportunities for stakeholders to engage:

  • The OEWG requires accreditation for stakeholders without ECOSOC status, which any UN member state can block. Sessions and meetings occur throughout the year, culminating in the negotiation of an annual progress report. The OEWG is now discussing the creation of a new, permanent mechanism.
  • The AHC has allowed more meaningful stakeholder input, but like the OEWG, it is a multilateral process, meaning that only States have powers to vote and negotiate.

How to engage

OEWG

  • Monitor developments for a permanent cybersecurity mechanism.

AHC

  • Monitor and engage in further negotiations of an optional protocol and set-up of an oversight mechanism.

Ask GPD for support and advice.

Resources

02 Sep 2024

The UN Cybercrime Convention: where do we go from here?

blog post
21 Oct 2024

CS joint letter urging EU and member states to withdraw support from rights-harming UNCC

blog post
30 Jul 2024

Crunch time for the rights-threatening UNCC

blog post
08 Feb 2024

CS and industry call on states to reject the UN Cybercrime Convention in its present form

blog post
10 Aug 2023

Shaky consensus at the OEWG: where next for UN discussions on state behaviour in cyberspace?

blog post
24 Jul 2023

GPD contributes to joint civil society input on OEWG’s annual progress report

blog post
29 Mar 2023

GPD provides input ahead of the fifth session of the AHC

blog post
23 Mar 2023

Stalemate or incremental progress: notes from the fourth OEWG session

blog post
02 Feb 2023

The UN’s proposed cybercrime convention: notes from the fourth session

blog post
09 Jan 2023

GPD inputs into continuing negotiations at the Ad Hoc Committee on Cybercrime

news
28 August 2024

An ever-tightening net: Restrictions on online expression under cybercrime laws and content restrictions in Africa, the Middle East and Türkiye

report
16 Jan 2024

Ad Hoc Committee Seventh Session: Analysis of Draft Text of the UN Cybercrime Convention

report
19 July 2023

Inclusive Cyber Norms Toolkit

report
19 July 2023

Guía para Cibernormas Inclusivas

report
09 Mar 2018

Framework for Multistakeholder Cyber Policy Development

report
23 Jun 2020

NGO Participation in Multilateral and Multistakeholder Forums: Good Practice Examples

report
09 March 2023

Application of International Law In Cyberspace: Human Rights Assessment Guide

report