Key takeaways from the AU GGE consultation

15 Oct 2019

By Sheetal Kumar

Last week, GPD was in Addis Ababa for the annual meeting of the Global Forum of Cyber Expertise. On the sidelines of this meeting, the Office of Disarmament Affairs (ODA), along with the African Union (AU), organised the last of the regional consultations intended to feed into the discussions of the GGE, due to start in December in New York.

The three-hour long consultation was chaired by the Kenyan representative to the GGE, Dr. Katherine Getao. It began with introductory presentations by two experts supporting the ODA on the two UN First Committee processes, followed by presentations by experts from the region on cybersecurity and international peace and security in the use of ICTs on the African continent. The experts included a representative of the AU Commission and representatives of non-governmental organisations: Anriette Esterhuysen, Senior Advisor on Internet Governance, Policy Advocacy and Strategic Planning, Association for Progressive Communications (APC); and Abdul-Hakeem Ajijola, Executive Chairman, Consultancy Support Services Ltd and Member of the Organization of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT). This was then followed by presentations by a previous GGE member (Senegal) and current GGE members from the continent (Morocco, Mauritius and South Africa).

Morocco and Mauritius shared their experiences in developing and implementing cybersecurity strategies and setting up cybersecurity-relevant mechanisms and institutions, while South Africa spoke more broadly of some of the challenges that would be faced by African states in participating in the GGE—pointing out that the issues under discussion have important economic and foreign policy implications for AU member states. Then an “interactive session” was held, soliciting reactions from the AU member states in attendance on the presentations, and their views on the mandate of the GGE resolution. There was notably little participation from non-member states of the GGE during this session, with only two non-members (Eswatini and Gambia), taking the floor. 

Despite some initial uncertainty, in the end non-governmental stakeholders were invited to attend the consultation. Disappointingly, however, due to limited time they were not able to make any interventions in the “interactive discussion”.


    • Capacity building is essential (as is the need to move beyond it): The word on everyone’s lips at this meeting was capacity building—which can mean anything from the development of cybersecurity policies and legislation, to law enforcement capacity and public cybersecurity awareness campaigns (for more on capacity building in the context of the GGE discussions, see our recent explainer). It’s becoming clear that the need for capacity building to address cybersecurity “threats” at the national level is a comfort zone for many GGE states; in this consultation, both Senegal and Ghana focused on the need for policy responses to “increasing use of cyberspace for terrorist use, money laundering and drug trafficking, fraud, child sex abuse”. This meant that important aspects of the GGE’s mandate—including discussions on how aspects of international law applies in cyberspace, and reflections on implementation of other aspects of the responsible state behaviour framework (such as the 11 non-binding norms and confidence building measures)—went undiscussed. This was later picked up by the Chair of the GGE, Ambassador Guilherme Patriota, who acknowledged capacity building at the national level as “low-hanging fruit”, but encouraged member states to not be put off by the technicality of other aspects of the discussions and develop perspectives on key issues—including on whether new norms are needed.
    • Greater coordination among African countries is needed: The development of a “collective purpose and vision” on the issues discussed within the GGE framework was cited, during interventions from member states, as an important objective for African member states. The South African representative suggested current African members of the GGE continue to reach out and engage non-member states ahead of GGE consultations;  acknowledging, at the same time, the challenges in developing such a collective vision, pointing to the lack of current agreement among states on what constitutes a “threat” in cyberspace, and the absence of discussion on important shared issues, like electoral interference and the role of non-state actors.
    • There is an important role for the AU to play: While the AU did share some examples of how it is addressing cybersecurity—pointing out that “cybersecurity is a flagship project of the AU’s 2063 agenda”, and signalling the upcoming creation of a “cybersecurity expert group” responsible for providing funds and guidance to AU member states—there were a number of calls for it to play a greater role in supporting states to be more active players in global cyber discussions. The Chair of the meeting requested that the AU play a role as a “clearing house” for national position papers or contributions on relevant issues, and it was preliminarily agreed that the AU’s “information society division” would take on this role. One suggestion made during one of the expert presentations—that the AU adopt the 11 non-binding norms of the 2015 GGE report, as the ASEAN ICT Ministers have recently done—seemed to receive some support from participants, including Morocco, who added that it would act as an “important impetus” for the implementation of these norms on the continent.
    • Relative silence on stakeholder inclusion. Unfortunately, apart from one expert who mentioned the need to engage non-government stakeholders, and who pointed out that such engagement can widen the resource pool available to states in addressing their challenges, there was no other mention of the need to engage non-government stakeholders, including civil society, in these discussions.



While the AU regional consultation was short and involved only minimal interaction, it did have several important outcomes.

First, it has put discussions at the UN First Committee on responsible state behaviour on the agenda of the AU. This could play a role in supporting engagement from African states in UN First Committee discussions—discussions which are only going to grow in importance in coming years. 

Second, it has identified two important gaps: the lack of a common understanding among African states of “threats” in the context of responsible state behaviour in cyberspace; and a lack of clarity and state positions on the key issues which are part of the GGE’s mandate. 

The meeting also revealed a need for greater coordination to facilitate African states’ engagement in these discussions, and to develop national and regional perspectives. Both current and past GGE members, as well as the AU, were highlighted as playing important roles in supporting this coordination. In that sense, the AU consultation felt like the beginning of a conversation. With continued political will, and greater recognition among African member states of the importance of issues relating to responsible state behaviour in cyberspace, this conversation will hopefully continue—and African member states will be able to play a more prominent role in discussions at the First Committee. 


What happens next

A report from the meeting will be sent to the GGE ahead of its first meeting in December. Member states are also encouraged to send their views on the GGE mandate to the Chair for inclusion in the outcome report as an “annex”. 


Note: this text was amended on 22 October 2019 to include reference to the non-governmental stakeholder experts who participated in the discussions.