Cyber Norms Index and Timeline

Cybersecurity has become a top-level issue with a growing number of international accords focusing on rules of the road for cyberspace. Carnegie’s Cyber Norms Index tracks and compares the most important milestones in the negotiation and development of norms for state behavior in and through cyberspace. Featured in the 2018 Munich Security Conference report, it provides insight for policymakers and analysts in assessing cyber norms proposals, their evolution, and endorsements among the international community.

This project focuses on cybersecurity on the context of international peace and security. Please note that processes related to cybercrime are beyond the scope of this initiative. For more information on international efforts to combat cybercrime, the website dedicated to the Convention on Cybercrime is a useful resource.

TimelineIndexDocument LibraryMethodology and Structure
This project is in collaboration with the United Nations Office for Disarmament Affairs and complementary to the Cyber Policy Portal of the United Nations Institute for Disarmament Research.

Please share any feedback or suggestions for how to improve our Cyber Norms Index and Timeline here. Get more analysis at Carnegie’s International Cybersecurity Norms Page.

About the Cyber Norms Index

The Cyber Norms Index is a comparison of existing international expressions of standards of appropriate behavior in cyberspace.  This search tool enables the user to compare specific content in multilateral outcome documents either by category or keyword. The categories and structure of the Index is based on the format of the consensus reports adopted by the UN Group of Governmental Experts. For example, the ‘International Law and Norms’ category focuses on language discussing international law as well as the aspirational norms that the international community has been developing.  ‘Confidence Building Measures’ covers content specific to multilateral and regional confidence-and transparency-building efforts.  ‘Capacity Building’ consists of text focusing on cybersecurity capacity-building.  ‘Threat Perception’ is dedicated to how the various documents describe perceived cyber threats. ‘General Framing’ encompasses general objectives or concerns voiced in the language of the included documents, while ‘Process’ covers how the documents cross-reference other ongoing processes or outline future processes.  Finally, ‘Miscellaneous’ includes language referencing important elements of the cyber norms discussions that are not covered by any of the above categories.

Visit Carnegie’s International Cybersecurity Norms Page.

This project is in collaboration with the United Nations Office for Disarmament Affairs and complementary to the Cyber Policy Portal of the United Nations Institute for Disarmament Research.

Methodology and Structure

The interactive Cyber Norms Index and Timeline focus on cybersecurity in the context of international peace and security. They include documents released since 2007. The year 2007 was chosen as the cut-off because it presents a turning point in the international discussions about cybersecurity as described here. The documents were selected based on a qualitative analysis of their relevance according to experts in various countries and the related literature. Wherever possible, all documents were uploaded as downloadable PDFs.

This website is a living document and will be revised every three months based on future feedback and developments. Please share any feedback you might have with us by using our Feedback Submission Tool.

Please note that processes related to cybercrime are beyond the scope of this initiative. For more information on international efforts to combat cybercrime, the website dedicated to the Convention on Cybercrime is a useful resource.

The Timeline

The Timeline illustrates how the construction of international cybersecurity norms has developed over time. It is intended to be a resource for both users with existing knowledge of cyber norms processes and for newer users seeking to learn more about the evolution of cyber norms diplomacy since 2007.

The timeline contains over 150 documents in total and is filterable both by document type and by country. If a country is a member of a multilateral organization, and that organization is a party to an agreement included in the timeline, that agreement will still appear on the timeline when the country in question is selected as a filter. For example, the GFCE Delhi Communique appears when selecting Armenia a filter because Armenia is a member of the Council of Europe, which has endorsed the Communique.

Timeline nodes that appear in white contain documents that are searchable in the Cyber Norms Index below. Gray nodes contain documents that are not searchable in the Index.

Certain supplementary document types that can be found in the Document Library at the bottom of the page, such as ‘Statements on International Law Outside of the UN Process’ and ‘Submissions to the UN GGE + OEWG’ are not included in the timeline to ensure it remains easy to navigate and to use.

The Index

The Index compares existing language relating to international cybersecurity norms in multilateral outcome documents. Users can search documents by category of language or by specific keyword.

The most important document reflecting the international community’s views to date is the 2015 UNGGE report developed by governmental experts representing twenty states including the permanent five of the UN Security Council. The underlying database and structure of the Index was therefore designed to emulate the structure of the 2015 UNGGE report first, followed by elements from other relevant texts. Building on the structure of the 2015 UNGGE report, we developed a database for the text comparisons. The initial set of categories therefore reflected the outline and content of the 2015 UNGGE report. Additional categories were added subsequently to incorporate content included in other documents but not reflected in the UNGGE report. The final list of categories was the result of an iterative process revising the initial outline based on the results of comparing text elements.

The Index contains seven categories in total. ‘Process’ captures which institutions and documents cross-reference other regional and global processes in their respective outcome documents. This is a proxy for identifying and assessing the importance of the various nodes of this emerging regime complex. ‘General Framing’ contains references to general objectives and concerns related to the use of ICTs. ‘Threat Perception’ focuses on how documents perceive various ICT-related threats. The ‘Norms and International Law’ category compares the accords based on their references to various principles of international law, norms of behavior, confidence-building measures, and capacity-building efforts. The ‘Confidence Building Measures’ category consists of references to confidence-building measures meant to build trust between states. ‘Capacity Building’ is dedicated to measures states have undertaken to build international cyber capacity. Finally, a ‘Miscellaneous’ category consists of references to notable elements of cyber norms diplomacy not directly related to any of the other categories.

Every text element from the selected accords was coded based on its primary subject matter as it relates to the structure of the 2015 UNGGE report. To reduce complexity, we decided to code every text element only once and to assign it to a single category. The coding was therefore based on a qualitative assessment.

Document Library

The Document Library serves as a comprehensive repository of cyber norms documents released since 2007. It includes multilateral documents, plurilateral and bilateral texts, contributions by nongovernmental actors including NGOs and companies, and multistakeholder statements such as the Paris Call. Related collections of documents, such as statements on the applicability of international law to cyberspace and a comprehensive list of submissions to the UN Group of Governmental Experts and Open-Ended Working Group are also included. (The EU is listed separately considering its supranational status. Some statements on international law are part of official submissions to the UN and listed as such.)

When citing this resource, please use the following format: “Document,” Cyber Norms Index, Carnegie Endowment for International Peace, access date, URL.

For example:“G7 Declaration on Responsible States Behavior in Cyberspace,” Cyber Norms Index, Carnegie Endowment for International Peace, accessed November 6, 2017, http://carnegieendowment.org/publications/interactive/cybernorm

About the Cyber Norms Index

  1. This timeline sheds light on the emergence of international norms for cyberspace. It includes over 150 accords, declarations, and joint statements.

    Scroll right to view all entries, or filter entries by choosing a category or country below.

    *Entries in grey boxes not searchable.
  2. Filter By:

    AND

  3. Multistakeholder and Non-Governmental Statements

    The Oxford Statement on the International Law Protections Against Cyber Operations Targeting the Health Care Sector

  4. OAS CBMs

    OAS List of Confidence- and Security-Building Measures (CSBMS)

  5. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on Digital Inclusion

  6. Multistakeholder and Non-Governmental Statements

    Global Commission on the Stability of Cyberspace - Advancing Cyberstability: Final Report

  7. ASEAN CBMs

    Co-Chairs’ Statement on the Inaugural ASEAN-U.S. Cyber Policy Dialogue

  8. Other relevant documents

    Joint Statement on the Maritime Cybersecurity Event During the One Conference

  9. Other relevant documents

    [Like-Minded Countries] Joint Statement on Advancing Responsible State Behavior in Cyberspace

  10. See country filter

    Third Australia-India Cyber Policy Dialogue

  11. ASEAN CBMs

    Chairman’s Statement of the 26th ASEAN Regional Forum

  12. ASEAN CBMs

    ASEAN-EU Statement on Cybersecurity Cooperation

  13. See country filter

    ASEAN-EU Statement on Cybersecurity Cooperation

  14. See country filter

    Joint Statement on the Inaugural U.S.-Dutch Cyber Dialogue

  15. See country filter

    Joint Statement on the Third U.S.-Estonia Cyber Dialogue

  16. Other related documents

    Communiqué of the 850th Meeting of the African Union Peace and Security Council

  17. Multistakeholder and Non-Governmental Statements

    Christchurch Call to Eliminate Terrorist and Violent Extremist Content Online

  18. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on Defending Civic Space Online

  19. G7

    G7 Dinard Declaration on the Cyber Norm Initiative

  20. See country filter

    Australia-Japan Cyber Policy Dialogue 2019 Joint Statement

  21. ASEAN CBMs

    ASEAN-United States Leaders’ Statement on Cybersecurity Cooperation

  22. Multistakeholder and Non-Governmental Statements

    Paris Call for Trust & Security in Cyberspace

  23. Multistakeholder

    GCSC Norm Package Singapore

  24. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on the ITU Plenipotentiary 2018

  25. ASEAN CBMs

    Joint Chairs’ Statement: ASEAN-Australia Cyber Policy Dialogue

  26. G20

    G20 Digital Economy Ministerial Declaration

  27. See country filter

    Second Australia-Indonesia Cyber Policy Dialogue

  28. NATO

    NATO Brussels Summit Declaration

  29. See country filter

    Australia-United Kingdom Cyber Statement

  30. G7

    The Charlevoix G7 Summit Communiqué

  31. See country filter

    U.S.-Brazil Bilateral Cooperation on Cyber and Internet Policy

  32. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on Internet Censorship

  33. ASEAN CBMs

    ASEAN Leaders' Statement on Cybersecurity Cooperation

  34. G7

    G7 Foreign Ministers’ Communiqué

  35. Other relevant documents

    Commonwealth Cyber Declaration

  36. Multistakeholder and Non-Governmental Statements

    Cybersecurity Tech Accord

  37. See country filter

    MOU Between Papua New Guinea and Australia Relating to Cyber Security Cooperation

  38. See country filter

    Framework for the UK-India Cyber Relationship

  39. Multistakeholder and Non-Governmental Statements

    Charter of Trust Principles

  40. See country filter

    Joint Press Statement: Visit to Japan by Australian Prime Minister Turnbull

  41. See country filter

    Japan-Australia Cyber Policy Dialogue

  42. Multistakeholder and Non-Governmental Statements

    Delhi Communiqué on a GFCE Global Agenda for Cyber Capacity Building

  43. Other relevant documents

    Chairman’s Statement of the 12th East Asia Summit

  44. See country filter

    Joint Outcomes of the Australia-Israel Leaders' Roundtable on Cyber Security

  45. See country filter

    Singapore Signs Memorandum of Cooperation on Cybersecurity With Japan at the Sidelines of SICW 2017

  46. BRICS

    BRICS Leaders Xiamen Declaration

  47. See country filter

    Australia-Japan-United States Trilateral Strategic Dialogue

  48. See country filter

    Joint Statement of the Japan-U.S. Cyber Dialogue

  49. See country filter

    Australia-India Cyber Policy Dialogue

  50. See country filter

    Joint UK-Australia Statement on Cyber Cooperation

  51. OSCE CBMs

    OSCE Forum for Security Cooperation Decision No. 5/17

  52. See country filter

    Singapore Signs Joint Declaration of Intent on Cybersecurity Cooperation With Germany

  53. See country filter

    Joint Communiqué—Second Canada-China High-Level National Security and Rule of Law Dialogue

  54. EU

    EU Cyber Diplomacy Toolbox

  55. See country filter

    Singapore Signs MOU With Australia to Enhance Cybersecurity Collaboration

  56. See country filter

    India-Germany Joint Statement During the Visit of Prime Minister to Germany

  57. G7

    G7 Taormina Leaders' Communiqué

  58. See country filter

    Australia-Indonesia Cyber Policy Dialogue

  59. See country filter

    Australian High-Level Security Dialogue With China: Joint Statement

  60. G7

    G7 Declaration on Responsible States Behavior in Cyberspace

  61. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on State Sponsored Network Disruptions

  62. See country filter

    Joint Statement Between the Government of Australia and the Government of the Republic of Indonesia

  63. Multistakeholder and Non-Governmental Statements

    The Need for a Digital Geneva Convention

  64. See country filter

    Joint Statement from President Donald J. Trump and Prime Minister Justin Trudeau

  65. See country filter

    3rd Japan-Estonia Cyber Conference

  66. See country filter

    Key Outcomes of the U.S.-Japan-ROK Trilateral Vice Foreign Ministerial Meetings

  67. See country filter

    “Joint Elements” From the EU-U.S. Cyber Dialogue

  68. See country filter

    Third U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues

  69. Other relevant documents

    2016 APEC Summit Leaders’ Declaration

  70. See country filter

    Remarks by Secretary Carter and Minister Han in a Press Conference in the Pentagon Briefing Room

  71. BRICS

    Goa Declaration at 8th BRICS Summit

  72. See country filter

    Joint Statement on Third Annual Nordic-Baltic + U.S. Cyber Consultations

  73. See country filter

    France-U.S. Cyber Bilateral Meeting

  74. See country filter

    UK-U.S. Cyber Agreement

  75. See country filter

    Joint Statement Between India and Vietnam During the Visit of Prime Minister to Vietnam

  76. See country filter

    U.S. Fact Sheet for President Obama’s Bilateral Meeting with President Xi Jinping

  77. See country filter

    Framework for the U.S.-India Cyber Relationship

  78. See country filter

    Joint Declaration on Increased Security and Defense Cooperation Between the United States, Estonia, Latvia, and Lithuania

  79. See country filter

    Joint Statement by the United States of America and the Republic of Singapore

  80. See country filter

    Singapore-Netherlands Cybersecurity Cooperation Agreement

  81. NATO

    NATO Warsaw Summit Communiqué

  82. NATO

    NATO Cyber Defence Pledge

  83. See country filter

    Fact Sheet: United States Key Deliverables for the 2016 North American Leaders’ Summit

  84. See country filter

    Israel and U.S. Operative Cyber Defense Cooperation Agreement

  85. See country filter

    Joint Statement: The U.S. and India: Enduring Global Partners in the 21st Century

  86. G7

    G7 Ise-Shima Leaders’ Declaration

  87. G7

    G7 Principles and Action on Cyber

  88. See country filter

    U.S.-Nordic Leaders’ Summit Joint Statement

  89. See country filter

    United States-Gulf Cooperation Council Second Summit Leaders Communiqué

  90. See country filter

    Joint Statement on U.S.-Germany Cyber Bilateral Meeting

  91. See country filter

    Fact Sheet: U.S.-Australia Cooperation: Deepening our Strategic Partnership

  92. See country filter

    Joint Elements from U.S.-E.U. Cyber Dialogue

  93. See country filter

    U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues

  94. G20

    G20 Leader’s Communiqué

  95. See country filter

    U.K.-China Joint Statement

  96. See country filter

    Joint Statement by President Obama and Prime Minister Sharif (Pakistan)

  97. See country filter

    U.S.-China Joint Statement on Strengthening Bilateral Relations

  98. See country filter

    U.S.-China Joint Statement on Economic Relations

  99. See country filter

    Joint Statement on the First U.S.-India Strategic and Commercial Dialogue

  100. BRICS

    VII BRICS Summit: 2015 Ufa Declaration

  101. See country filter

    Joint Statement of the U.S.-Japan Cyber Defense Policy Working Group

  102. See country filter

    U.S.-Gulf Cooperation Council Camp David Joint Statement

  103. See country filter

    Russia-China Cybersecurity Agreement

  104. See country filter

    U.S.-Japan Joint Vision Statement

  105. EU

    EU Council Conclusions on Cyber Diplomacy

  106. Shanghai Cooperation Organization

    Shanghai Cooperation Organization Draft International Code of Conduct for Information Security

  107. See country filter

    Joint Elements from U.S.-EU Cyber Dialogue, 2014

  108. Multistakeholder

    International Cybersecurity Norms (Microsoft)

  109. NATO

    NATO Wales Summit Declaration

  110. BRICS

    The 6th BRICS Summit: Fortaleza Declaration

  111. See country filter

    Fact Sheet: U.S.-EU Cyber Cooperation

  112. See country filter

    Fact Sheet: U.S.-Russian Cooperation on Information and Communications Technology Security

  113. See country filter

    Draft Russian Convention on International Information Security

  114. Shanghai Cooperation Organization

    Shanghai Cooperation Organization Draft International Code of Conduct for Information Security

The Document Library serves as a comprehensive repository of cyber norms documents released since 2007. It includes multilateral documents, plurilateral and bilateral texts, contributions by nongovernmental actors including NGOs and companies, and multistakeholder statements such as the Paris Call. Related collections of documents, such as statements on the applicability of international law to cyberspace and a comprehensive list of submissions to the UN Group of Governmental Experts and Open-Ended Working Group are also included.

Multilateral Accords

Bilateral and Select Plurilateral Accords

European Union Documents

Multistakeholder and Non-Governmental Statements

Statements on International Law Outside of the UN Process

Attribution Statements

Submissions to UNGGE + OEWG

OEWG Documents
Documents of the Fourth Round of Informal Meetings of the OEWG (December 1 – 3, 2020)Documents of the Third Round of Informal Meetings of the OEWG (November 17 – 19, 2020)Documents of the Second Round of Informal Meetings of the OEWG (September - October, 2020)
Documents of the First Round of Informal Meetings of the OEWG (May-July, 2020)
Initial Pre-Draft of the OEWG Report and Comments
Pre-Draft of the OEWG Report Comments by UN Member StatesComments by Inter-Governmental Organizations (IGOs) Comments by Non-Governmental Organizations (NGOs)
Documents of the Second Substantive Session of the OEWG (February 10-14 2020) Documents of the Informal Intersessional Consultative Meeting of the OEWG with Industry, Non-Governmental Organizations and Academia (2-4 December 2019)
Documents of the First Substantive Session of the OEWG (September 9-13, 2019) Working Papers Submitted to the OEWG by UN Member States
Informal Papers Submitted by Inter-Governmental OrganizationsInformal Papers Submitted by Non-Governmental Organizations
GGE Documents

Freedom Online Coalition Documents

Please note...

You are leaving the website for the Carnegie-Tsinghua Center for Global Policy and entering a website for another of Carnegie's global centers.

请注意...

你将离开清华—卡内基中心网站,进入卡内基其他全球中心的网站。