The UN Global Mechanism: Three lessons from Tallinn
Written by Isa Rask and Julie Heng from Stanford Law
On the second day of the Tallinn Cyber Diplomacy Summer School, a week-long diplomatic initiative funded by the European Commission, cyber diplomats and policy experts from over 60 countries came together to discuss the future of international cybersecurity frameworks on a shifting global stage.
Joined by the newly selected Chair of the UN’s brand-new Global Mechanism, H.E. Ambassador Egriselda López, the group discussed the changing assumptions of cybersecurity governance, with various speakers highlighting three key areas of focus in advance of the Global Mechanism’s first substantive plenary session in July. Over the course of the day in Tallinn, experts explored how 1) AI, 2) international law in cyberspace and 3) the role of regional organizations will affect international cybersecurity frameworks
History of Cybersecurity at the United Nations
Information and communications technologies (ICTs) first appeared on the UN’s Agenda with Resolution 53/70 in 1998. Since the start of the new millennium, six Groups of Governmental Experts (GGEs) of representative Member States have been convened concerning ICTs and cybersecurity, as well as two Open-Ended Working Groups (OEWGs) from 2019-2021 and 2021-2025, respectively. These meetings advanced the dialogue surrounding the global community’s role in promoting cybersecurity, including formulating eleven voluntary norms concerning state behavior in cyberspace. However, given the ad hoc nature of these sessions and the growing relevance of cybersecurity to global peace, the second OEWG recommended in its final report the creation of a standing forum to address these issues.
With consensus of all 193 UN Member States, the Global Mechanism on ICTs in the Context of International Security was thus created in March 2026, a permanent body reporting to the First Committee of the UN General Assembly. It includes two dedicated thematic groups (DTGs), with DTG1 focusing on varied “specific challenges” and DTG2 on capacity building, respectively. While the Global Mechanism will likely face similar challenges as previous GGEs and OEWGs, including the non-binding character of its conclusions and the consensus-based model of decision-making, this fresh start offers an opportunity to redefine cyber diplomacy at a pivotal time for international relations and address the most salient topics of cybersecurity today, both old and new. These issues, discussed in Tallinn and articulated below, are integral to modern cyber diplomacy.
1. Cyber-governance frameworks must adapt dynamically to AI
From expanding cybercriminal operations to rapidly identifying vulnerabilities, AI will fundamentally change the cybersecurity landscape and cyber diplomacy with it. While differing AI resources have the potential to widen the gap between the States with advanced cyber capabilities and those without, AI tools can simultaneously act as a multiplier, allowing States with limited cybersecurity resources to do more with less. The novel issues posed by the explosion of AI must be at the forefront of discussions in July, including how countries can proactively adapt to rapidly expanding AI capabilities.
2. International law should remain on the table despite contention
The role of international law in cyberspace has been a contentious issue throughout past GGEs and OWEDs, and is expected to be similarly disputed in July. However, some progress has been made in past GGEs on this topic, including recognizing the UN Charter’s applicability in cyberspace. As these discussions continue through the Global Mechanism, States have the opportunity to articulate their views in parallel by adopting national positions on the applicability of international law to cyber events. These national positions can help disseminate a State’s interpretation of its legal obligations in cyberspace and potentially lead to the formation of customary international law. At minimum, these positions can keep international law at the forefront of cybersecurity debates, even if a single approach will likely currently fail to find consensus due to geopolitical tensions.
3. Regional organizations can inspire and implement global frameworks
Regional organizations have become increasingly active in cyber diplomacy, from the African Union’s Malabo Convention on Cyber Security to the Organization of American States (OAS) creation of regional confidence-building measures in cyberspace. These regional initiatives can serve both as inspiration to the Global Mechanism, as well as provide concrete feedback on what measures achieve success and why. Additionally, regional organizations can spearhead the implementation of voluntary UN cyber frameworks, such as the Association of Southeast Asian Nations (ASEAN) implementation of the norms of cyberspace. The Global Mechanism should draw upon regional organizations as partners, rather than competitors, in establishing guidelines for cybersecurity governance and promoting adoption of its non-binding declarations.
Concluding thoughts
Facing problems both old and new, the true test of the Global Mechanism’s effectiveness will be its ability to serve as a new chapter in cyber diplomacy, instead of simply replicating its predecessors in permanent form. Given current geopolitical tensions and the body’s consensus-based model, many are pessimistic about its prospects. Yet while many questions remain ahead of the July meeting, one thing is clear: the alternative to durable frameworks for cyberspace is a vacuum, a risk that should be front of mind as the first Global Mechanism debates begin.