UN Cyber Processes
(OEWG & Global Mechanism)

Key facts

Open-Ended Working Group (OEWG) on security of and in the use of ICTs — 2021 to 2025, AHC, UNCC

Norm-setting
Process to discuss or agree on digital policy norms
Multilateral
Intergovernmental, limited stakeholder participation
Partly open - there are medium barriers that make it harder for civil society to meaningfully participate
Openness
  • OEWG: The 2021–2025 Open-Ended Working Group (OEWG) on security of and in the use of information and communications technologies was the UN’s primary intergovernmental process for advancing international cooperation on responsible state behaviour in cyberspace. It concluded in July 2025, with its final report submitted to the General Assembly. The 2021–2025 OEWG was established in 2020. It built on earlier UN cyber processes, including the first OEWG established in 2018, and a series of Groups of Governmental Experts (GGEs). Unlike the GGEs, which were composed of a limited number of experts participating in their personal capacity, the OEWG was open to all UN Member States. Its work was structured around five substantive pillars: existing and potential threats; the application of international law in cyberspace; responsible state behaviour (voluntary, non-binding norms); confidence-building measures (CBMs); and cyber capacity building. It produced annual progress reports (APRs) that, while non-binding, shaped the global record of state positions and expectations around conduct in cyberspace. The OEWG’s work on a new permanent mechanism was the central focus of its final two years. Consensus on the final report was reached in July 2025 which preserved agreement on the continuation of the process.

Global Mechanism on Developments in the Field of ICTs in the Context of International Security and Advancing Responsible State Behaviour

Norm-setting
Process to discuss or agree on digital policy norms
Multilateral
Intergovernmental, limited stakeholder participation
Partly open - there are medium barriers that make it harder for civil society to meaningfully participate
Openness
  • The Global Mechanism on developments in the field of ICTs in the context of international security and advancing responsible State behaviour in the use of ICTs is the new permanent UN process established to continue discussions on responsible state behaviour in cyberspace. It was endorsed by the General Assembly in a resolution, and adopted without a vote on 1 December 2025, following the conclusion of the OEWG and on the basis of the OEWG’s final report.
  • The Global Mechanism is open to all UN Member States and is supported by the UN Office for Disarmament Affairs (UNODA) as its Secretariat. 
  • The Global Mechanism began formal operations in 2026. The mechanism is organised around five-year cycles, with two two-year phases, followed by a  review phase in the fifth year. During each two-year phase, there will be an annual plenary meeting and a meeting of the dedicated thematic groups (DTGs). There will be a review conference every five years to assess progress and consider future working arrangements.
  • The Global Mechanism is distinct from the Ad Hoc Committee (AHC) process on cybercrime and the UN Cybercrime Convention (UNCC). The OEWG / Global Mechanism focuses on responsible state behaviour in cyberspace, international security, norms, international law, confidence-building measures, and capacity building — not on criminal justice, criminalisation, or law enforcement cooperation. For information on the AHC and the UNCC, see the separate forum guide on the UN Cybercrime Convention.

Related events

Status:
Binding
Process with legally binding outcomes
Norm-setting
Process to discuss or agree on digital policy norms
Discussions
Forum to discuss digital policy issues
Deadline
Opportunity to offer written feedback or participate
Type:
Multistakeholder
Formal role for non-governmental stakeholders
Multilateral
Intergovernmental, limited stakeholder participation
Openness level:
N/A or no information about level of openness
Open - there are no or low barriers that make it easy for civil society to meaningfully participate
Partly open - there are medium barriers that make it harder for civil society to meaningfully participate
Not open - there are high barriers that make it very hard or impossible for civil society to meaningfully participate
Dec

Why it matters

The OEWG and its successor, the Global Mechanism, sit at the centre of global efforts to define what rules govern state behaviour in cyberspace — including how international law applies, what constitutes responsible conduct, and how countries can build trust and cooperate to reduce the risk of harmful ICT incidents.

These discussions have direct implications for human rights. The application of international humanitarian law and international human rights law in cyberspace is among the most contested issues in the process. Progress on this has been uneven. Some states have argued for the development of new legally binding rules, while others have emphasised the continued applicability and sufficiency of existing international law. These disagreements remain central to the process.

Civil society engagement is essential to push for outcomes that are grounded in human rights, that advance cyber capacity building in an inclusive way, and that ensure the process remains transparent and accessible to non-governmental actors.

The transition from the OEWG to the Global Mechanism carries both opportunity and risk. The consensus final report preserved agreement on the continuation of the process, but several civil society actors raised concerns that language on international humanitarian law and stakeholder participation did not go far enough. 

The Global Mechanism’s structure is also complex. With plenaries, two Dedicated Thematic Groups, optional ad hoc groups, and roundtables, there is a risk of institutional sprawl and duplication. Civil society will need to be strategic about which forums and discussions to prioritise.

On stakeholder participation: the modalities allow Member States to raise objections to accreditation, which can be a barrier for civil society organisations that lack ECOSOC consultative status. Early engagement with supportive delegations and active monitoring of modality developments will be important.

How it works

The Global Mechanism is an intergovernmental process. Negotiation and decision-making are the exclusive prerogatives of Member States. Non-governmental stakeholders participate in a consultative capacity.

It operates through several formats:

    • Substantive plenary meetings: The primary forum, covering the full range of the mechanism’s themes, taking place annually.
    • Dedicated Thematic Groups (DTGs): In its first five-year cycle, the Global Mechanism will have two dedicated thematic groups for focused discussion: one focused on “specific challenges” to international cyber peace and security (DTG 1), and the other on capacity-building (DTG 2). 
    • Optional ad hoc groups and roundtables: Additional formats that may be convened as agreed by states.
    • Five-year cycles: The mechanism operates on five-year cycles, with review conferences in the fifth year of each cycle intended to assess progress and consider future arrangements.

Outputs are expected to be consensus-based. They are non-binding but are intended to be persuasive.

On stakeholder participation: organisations with ECOSOC consultative status have a clearer route to participation and should notify the Secretariat of their interest. Organisations without ECOSOC status may be accredited on a non-objection basis. A Member State objection can prevent accreditation unless concerns are resolved through the consultation process set out in the agreed modalities. Accredited stakeholders may attend substantive plenaries and review conferences, make oral statements in dedicated stakeholder sessions, and submit written inputs.

How to engage

Register for email updates: Stakeholders interested in following the Global Mechanism’s work should fill out the subscription form linked from the UNODA meetings page (meetings.unoda.org) and contact the Secretariat at GlobalMechanismICT@un.org.

Apply for accreditation: Organisations with ECOSOC consultative status should notify the Secretariat of their interest to participate. Organisations without ECOSOC status should apply during the annual accreditation window.  Engage national delegations: Civil society can share analysis with supportive delegations, request them to relay positions in sessions, and encourage strong language on the application of international law, human rights, and meaningful stakeholder participation.

Submit written inputs: Accredited stakeholders may submit written inputs to be posted on the Global Mechanism’s webpage. This is an important channel even where in-person access is uncertain.

Monitor the Dedicated Thematic Groups: The DTGs are where substantive discussion on the five pillars and on capacity building will take place. Early advocacy on the scope and working methods of the DTGs — and on whether additional issues such as international law receive adequate focus — is particularly valuable.

Coalition-building: Coordinate with other civil society organisations and supportive delegations. Joint positions and coordinated advocacy carry greater weight in a process where stakeholder access remains contested.

Check official sources before planning engagement: Modalities and meeting arrangements may change. Check the UNODA meetings page and the official Global Mechanism communications for the latest information.

Resources

27 Oct 2025

Joint Statement on the Signing of the UN Convention on Cybercrime

news
24 Jul 2025

The OEWG ends and a new UN cybersecurity permanent mechanism is born

blog post
02 Sep 2024

The UN Cybercrime Convention: where do we go from here?

blog post
21 Oct 2024

CS joint letter urging EU and member states to withdraw support from rights-harming UNCC

blog post
30 Jul 2024

Crunch time for the rights-threatening UNCC

blog post
08 Feb 2024

CS and industry call on states to reject the UN Cybercrime Convention in its present form

blog post
10 Aug 2023

Shaky consensus at the OEWG: where next for UN discussions on state behaviour in cyberspace?

blog post
24 Jul 2023

GPD contributes to joint civil society input on OEWG’s annual progress report

blog post
29 Mar 2023

GPD provides input ahead of the fifth session of the AHC

blog post
23 Mar 2023

Stalemate or incremental progress: notes from the fourth OEWG session

blog post
02 Feb 2023

The UN’s proposed cybercrime convention: notes from the fourth session

blog post
09 Jan 2023

GPD inputs into continuing negotiations at the Ad Hoc Committee on Cybercrime

news
28 August 2024

An ever-tightening net: Restrictions on online expression under cybercrime laws and content restrictions in Africa, the Middle East and Türkiye

report
16 Jan 2024

Ad Hoc Committee Seventh Session: Analysis of Draft Text of the UN Cybercrime Convention

report
19 July 2023

Inclusive Cyber Norms Toolkit

report
19 July 2023

Guía para Cibernormas Inclusivas

report
09 Mar 2018

Framework for Multistakeholder Cyber Policy Development

report
23 Jun 2020

NGO Participation in Multilateral and Multistakeholder Forums: Good Practice Examples

report
09 March 2023

Application of International Law In Cyberspace: Human Rights Assessment Guide

report