Cyber Norms Index and Timeline

Cybersecurity has become a top-level issue with a growing number of international accords focusing on rules of the road for cyberspace. Carnegie’s Cyber Norms Index tracks and compares the most important milestones in the negotiation and development of norms for state behavior in and through cyberspace. Featured in the 2018 Munich Security Conference report, it provides insight for policymakers and analysts in assessing cyber norms proposals, their evolution, and endorsements among the international community.

This project focuses on cybersecurity on the context of international peace and security. Please note that processes related to cybercrime are beyond the scope of this initiative. For more information on international efforts to combat cybercrime, the website dedicated to the Convention on Cybercrime is a useful resource.

TimelineIndexDocument LibraryMethodology and Structure
This project is in collaboration with the United Nations Office for Disarmament Affairs and complementary to the Cyber Policy Portal of the United Nations Institute for Disarmament Research.

Please share any feedback or suggestions for how to improve our Cyber Norms Index and Timeline here. Get more analysis at Carnegie’s International Cybersecurity Norms Page.

About the Cyber Norms Index

The Cyber Norms Index is a comparison of existing international expressions of standards of appropriate behavior in cyberspace.  This search tool enables the user to compare specific content in multilateral outcome documents either by category or keyword. The categories and structure of the Index is based on the format of the consensus reports adopted by the UN Group of Governmental Experts. For example, the ‘International Law and Norms’ category focuses on language discussing international law as well as the aspirational norms that the international community has been developing.  ‘Confidence Building Measures’ covers content specific to multilateral and regional confidence-and transparency-building efforts.  ‘Capacity Building’ consists of text focusing on cybersecurity capacity-building.  ‘Threat Perception’ is dedicated to how the various documents describe perceived cyber threats. ‘General Framing’ encompasses general objectives or concerns voiced in the language of the included documents, while ‘Process’ covers how the documents cross-reference other ongoing processes or outline future processes.  Finally, ‘Miscellaneous’ includes language referencing important elements of the cyber norms discussions that are not covered by any of the above categories.

Visit Carnegie’s International Cybersecurity Norms Page.

This project is in collaboration with the United Nations Office for Disarmament Affairs and complementary to the Cyber Policy Portal of the United Nations Institute for Disarmament Research.

Methodology and Structure

The interactive Cyber Norms Index and Timeline focus on cybersecurity in the context of international peace and security. They include documents released since 2007. The year 2007 was chosen as the cut-off because it presents a turning point in the international discussions about cybersecurity as described here. The documents were selected based on a qualitative analysis of their relevance according to experts in various countries and the related literature. Wherever possible, all documents were uploaded as downloadable PDFs.

This website is a living document and will be revised every three months based on future feedback and developments. Please share any feedback you might have with us by using our Feedback Submission Tool.

Please note that processes related to cybercrime are beyond the scope of this initiative. For more information on international efforts to combat cybercrime, the website dedicated to the Convention on Cybercrime is a useful resource.

The Timeline

The Timeline illustrates how the construction of international cybersecurity norms has developed over time. It is intended to be a resource for both users with existing knowledge of cyber norms processes and for newer users seeking to learn more about the evolution of cyber norms diplomacy since 2007.

The timeline contains over 150 documents in total and is filterable both by document type and by country. If a country is a member of a multilateral organization, and that organization is a party to an agreement included in the timeline, that agreement will still appear on the timeline when the country in question is selected as a filter. For example, the GFCE Delhi Communique appears when selecting Armenia a filter because Armenia is a member of the Council of Europe, which has endorsed the Communique.

Timeline nodes that appear in white contain documents that are searchable in the Cyber Norms Index below. Gray nodes contain documents that are not searchable in the Index.

Certain supplementary document types that can be found in the Document Library at the bottom of the page, such as ‘Statements on International Law Outside of the UN Process’ and ‘Submissions to the UN GGE + OEWG’ are not included in the timeline to ensure it remains easy to navigate and to use.

The Index

The Index compares existing language relating to international cybersecurity norms in multilateral outcome documents. Users can search documents by category of language or by specific keyword.

The most important document reflecting the international community’s views to date is the 2015 UNGGE report developed by governmental experts representing twenty states including the permanent five of the UN Security Council. The underlying database and structure of the Index was therefore designed to emulate the structure of the 2015 UNGGE report first, followed by elements from other relevant texts. Building on the structure of the 2015 UNGGE report, we developed a database for the text comparisons. The initial set of categories therefore reflected the outline and content of the 2015 UNGGE report. Additional categories were added subsequently to incorporate content included in other documents but not reflected in the UNGGE report. The final list of categories was the result of an iterative process revising the initial outline based on the results of comparing text elements.

The Index contains seven categories in total. ‘Process’ captures which institutions and documents cross-reference other regional and global processes in their respective outcome documents. This is a proxy for identifying and assessing the importance of the various nodes of this emerging regime complex. ‘General Framing’ contains references to general objectives and concerns related to the use of ICTs. ‘Threat Perception’ focuses on how documents perceive various ICT-related threats. The ‘Norms and International Law’ category compares the accords based on their references to various principles of international law, norms of behavior, confidence-building measures, and capacity-building efforts. The ‘Confidence Building Measures’ category consists of references to confidence-building measures meant to build trust between states. ‘Capacity Building’ is dedicated to measures states have undertaken to build international cyber capacity. Finally, a ‘Miscellaneous’ category consists of references to notable elements of cyber norms diplomacy not directly related to any of the other categories.

Every text element from the selected accords was coded based on its primary subject matter as it relates to the structure of the 2015 UNGGE report. To reduce complexity, we decided to code every text element only once and to assign it to a single category. The coding was therefore based on a qualitative assessment.

Document Library

The Document Library serves as a comprehensive repository of cyber norms documents released since 2007. It includes multilateral documents, plurilateral and bilateral texts, contributions by nongovernmental actors including NGOs and companies, and multistakeholder statements such as the Paris Call. Related collections of documents, such as statements on the applicability of international law to cyberspace and a comprehensive list of submissions to the UN Group of Governmental Experts and Open-Ended Working Group are also included. (The EU is listed separately considering its supranational status. Some statements on international law are part of official submissions to the UN and listed as such.)

When citing this resource, please use the following format: “Document,” Cyber Norms Index, Carnegie Endowment for International Peace, access date, URL.

For example:“G7 Declaration on Responsible States Behavior in Cyberspace,” Cyber Norms Index, Carnegie Endowment for International Peace, accessed November 6, 2017, http://carnegieendowment.org/publications/interactive/cybernorm

About the Cyber Norms Index

  1. This timeline sheds light on the emergence of international norms for cyberspace. It includes over 150 accords, declarations, and joint statements.

    Scroll right to view all entries, or filter entries by choosing a category or country below.

    *Entries in grey boxes not searchable.
  2. Filter By:

    AND

  3. G7

    Carbis Bay G7 Summit Communiqué

  4. G7

    G7 Foreign and Development Ministers’ Meeting Communiqué

  5. Attribution Statements

    Attribution of the SolarWinds Hack to Russia by Australia, the UK, and the U.S.

  6. See country filter

    Five Country Ministerial Statement Regarding the Threat of Ransomware

  7. Multistakeholder Documents

    Outcome Report of the Informal Multistakeholder Consultation on OEWG Zero Draft Report

  8. ASEAN CBMs

    Co-Chairs’ Statement on the 1st ASEAN-China Cyber Dialogue

  9. Multistakeholder Documents

    OEWG Informal Multi-stakeholder Cyber Dialogue Summary Report

  10. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on Spread of Disinformation Online

  11. Multistakeholder and Non-Governmental Statements

    The Oxford Statement on the International Law Protections Against Cyber Operations Targeting the Health Care Sector

  12. OAS CBMs

    OAS List of Confidence- and Security-Building Measures (CSBMS)

  13. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on Digital Inclusion

  14. Multistakeholder and Non-Governmental Statements

    Global Commission on the Stability of Cyberspace - Advancing Cyberstability: Final Report

  15. ASEAN CBMs

    Co-Chairs’ Statement on the Inaugural ASEAN-U.S. Cyber Policy Dialogue

  16. Other relevant documents

    Joint Statement on the Maritime Cybersecurity Event During the One Conference

  17. Other relevant documents

    [Like-Minded Countries] Joint Statement on Advancing Responsible State Behavior in Cyberspace

  18. See country filter

    Third Australia-India Cyber Policy Dialogue

  19. ASEAN CBMs

    Chairman’s Statement of the 26th ASEAN Regional Forum

  20. ASEAN CBMs

    ASEAN-EU Statement on Cybersecurity Cooperation

  21. See country filter

    ASEAN-EU Statement on Cybersecurity Cooperation

  22. See country filter

    Joint Statement on the Inaugural U.S.-Dutch Cyber Dialogue

  23. See country filter

    Joint Statement on the Third U.S.-Estonia Cyber Dialogue

  24. Other related documents

    Communiqué of the 850th Meeting of the African Union Peace and Security Council

  25. Multistakeholder and Non-Governmental Statements

    Christchurch Call to Eliminate Terrorist and Violent Extremist Content Online

  26. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on Defending Civic Space Online

  27. G7

    G7 Dinard Declaration on the Cyber Norm Initiative

  28. See country filter

    Australia-Japan Cyber Policy Dialogue 2019 Joint Statement

  29. ASEAN CBMs

    ASEAN-United States Leaders’ Statement on Cybersecurity Cooperation

  30. Multistakeholder and Non-Governmental Statements

    Paris Call for Trust & Security in Cyberspace

  31. Multistakeholder

    GCSC Norm Package Singapore

  32. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on the ITU Plenipotentiary 2018

  33. ASEAN CBMs

    Joint Chairs’ Statement: ASEAN-Australia Cyber Policy Dialogue

  34. G20

    G20 Digital Economy Ministerial Declaration

  35. See country filter

    Second Australia-Indonesia Cyber Policy Dialogue

  36. NATO

    NATO Brussels Summit Declaration

  37. See country filter

    Australia-United Kingdom Cyber Statement

  38. G7

    The Charlevoix G7 Summit Communiqué

  39. See country filter

    U.S.-Brazil Bilateral Cooperation on Cyber and Internet Policy

  40. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on Internet Censorship

  41. ASEAN CBMs

    ASEAN Leaders' Statement on Cybersecurity Cooperation

  42. G7

    G7 Foreign Ministers’ Communiqué

  43. Other relevant documents

    Commonwealth Cyber Declaration

  44. Multistakeholder and Non-Governmental Statements

    Cybersecurity Tech Accord

  45. See country filter

    MOU Between Papua New Guinea and Australia Relating to Cyber Security Cooperation

  46. See country filter

    Framework for the UK-India Cyber Relationship

  47. Multistakeholder and Non-Governmental Statements

    Charter of Trust Principles

  48. See country filter

    Joint Press Statement: Visit to Japan by Australian Prime Minister Turnbull

  49. See country filter

    Japan-Australia Cyber Policy Dialogue

  50. Multistakeholder and Non-Governmental Statements

    Delhi Communiqué on a GFCE Global Agenda for Cyber Capacity Building

  51. Other relevant documents

    Chairman’s Statement of the 12th East Asia Summit

  52. See country filter

    Joint Outcomes of the Australia-Israel Leaders' Roundtable on Cyber Security

  53. See country filter

    Singapore Signs Memorandum of Cooperation on Cybersecurity With Japan at the Sidelines of SICW 2017

  54. BRICS

    BRICS Leaders Xiamen Declaration

  55. See country filter

    Australia-Japan-United States Trilateral Strategic Dialogue

  56. See country filter

    Joint Statement of the Japan-U.S. Cyber Dialogue

  57. See country filter

    Australia-India Cyber Policy Dialogue

  58. See country filter

    Joint UK-Australia Statement on Cyber Cooperation

  59. OSCE CBMs

    OSCE Forum for Security Cooperation Decision No. 5/17

  60. See country filter

    Singapore Signs Joint Declaration of Intent on Cybersecurity Cooperation With Germany

  61. See country filter

    Joint Communiqué—Second Canada-China High-Level National Security and Rule of Law Dialogue

  62. EU

    EU Cyber Diplomacy Toolbox

  63. See country filter

    Singapore Signs MOU With Australia to Enhance Cybersecurity Collaboration

  64. See country filter

    India-Germany Joint Statement During the Visit of Prime Minister to Germany

  65. G7

    G7 Taormina Leaders' Communiqué

  66. See country filter

    Australia-Indonesia Cyber Policy Dialogue

  67. See country filter

    Australian High-Level Security Dialogue With China: Joint Statement

  68. G7

    G7 Declaration on Responsible States Behavior in Cyberspace

  69. Freedom Online Coalition

    Freedom Online Coalition Joint Statement on State Sponsored Network Disruptions

  70. See country filter

    Joint Statement Between the Government of Australia and the Government of the Republic of Indonesia

  71. Multistakeholder and Non-Governmental Statements

    The Need for a Digital Geneva Convention

  72. See country filter

    Joint Statement from President Donald J. Trump and Prime Minister Justin Trudeau

  73. See country filter

    3rd Japan-Estonia Cyber Conference

  74. See country filter

    Key Outcomes of the U.S.-Japan-ROK Trilateral Vice Foreign Ministerial Meetings

  75. See country filter

    “Joint Elements” From the EU-U.S. Cyber Dialogue

  76. See country filter

    Third U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues

  77. Other relevant documents

    2016 APEC Summit Leaders’ Declaration

  78. See country filter

    Remarks by Secretary Carter and Minister Han in a Press Conference in the Pentagon Briefing Room

  79. BRICS

    Goa Declaration at 8th BRICS Summit

  80. See country filter

    Joint Statement on Third Annual Nordic-Baltic + U.S. Cyber Consultations

  81. See country filter

    France-U.S. Cyber Bilateral Meeting

  82. See country filter

    UK-U.S. Cyber Agreement

  83. See country filter

    Joint Statement Between India and Vietnam During the Visit of Prime Minister to Vietnam

  84. See country filter

    U.S. Fact Sheet for President Obama’s Bilateral Meeting with President Xi Jinping

  85. See country filter

    Framework for the U.S.-India Cyber Relationship

  86. See country filter

    Joint Declaration on Increased Security and Defense Cooperation Between the United States, Estonia, Latvia, and Lithuania

  87. See country filter

    Joint Statement by the United States of America and the Republic of Singapore

  88. See country filter

    Singapore-Netherlands Cybersecurity Cooperation Agreement

  89. NATO

    NATO Warsaw Summit Communiqué

  90. NATO

    NATO Cyber Defence Pledge

  91. See country filter

    Fact Sheet: United States Key Deliverables for the 2016 North American Leaders’ Summit

  92. See country filter

    Israel and U.S. Operative Cyber Defense Cooperation Agreement

  93. See country filter

    Joint Statement: The U.S. and India: Enduring Global Partners in the 21st Century

  94. G7

    G7 Ise-Shima Leaders’ Declaration

  95. G7

    G7 Principles and Action on Cyber

  96. See country filter

    U.S.-Nordic Leaders’ Summit Joint Statement

  97. See country filter

    United States-Gulf Cooperation Council Second Summit Leaders Communiqué

  98. See country filter

    Joint Statement on U.S.-Germany Cyber Bilateral Meeting

  99. See country filter

    Fact Sheet: U.S.-Australia Cooperation: Deepening our Strategic Partnership

  100. See country filter

    Joint Elements from U.S.-E.U. Cyber Dialogue

  101. See country filter

    U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues

  102. G20

    G20 Leader’s Communiqué

  103. See country filter

    U.K.-China Joint Statement

  104. See country filter

    Joint Statement by President Obama and Prime Minister Sharif (Pakistan)

  105. See country filter

    U.S.-China Joint Statement on Strengthening Bilateral Relations

  106. See country filter

    U.S.-China Joint Statement on Economic Relations

  107. See country filter

    Joint Statement on the First U.S.-India Strategic and Commercial Dialogue

  108. BRICS

    VII BRICS Summit: 2015 Ufa Declaration

  109. See country filter

    Joint Statement of the U.S.-Japan Cyber Defense Policy Working Group

  110. See country filter

    U.S.-Gulf Cooperation Council Camp David Joint Statement

  111. See country filter

    Russia-China Cybersecurity Agreement

  112. See country filter

    U.S.-Japan Joint Vision Statement

  113. EU

    EU Council Conclusions on Cyber Diplomacy

  114. Shanghai Cooperation Organization

    Shanghai Cooperation Organization Draft International Code of Conduct for Information Security

  115. See country filter

    Joint Elements from U.S.-EU Cyber Dialogue, 2014

  116. Multistakeholder

    International Cybersecurity Norms (Microsoft)

  117. NATO

    NATO Wales Summit Declaration

  118. BRICS

    The 6th BRICS Summit: Fortaleza Declaration

  119. See country filter

    Fact Sheet: U.S.-EU Cyber Cooperation

  120. See country filter

    Fact Sheet: U.S.-Russian Cooperation on Information and Communications Technology Security

  121. See country filter

    Draft Russian Convention on International Information Security

  122. Shanghai Cooperation Organization

    Shanghai Cooperation Organization Draft International Code of Conduct for Information Security

View Results

The Document Library serves as a comprehensive repository of cyber norms documents released since 2007. It includes multilateral documents, plurilateral and bilateral texts, contributions by nongovernmental actors including NGOs and companies, and multistakeholder statements such as the Paris Call. Related collections of documents, such as statements on the applicability of international law to cyberspace and a comprehensive list of submissions to the UN Group of Governmental Experts and Open-Ended Working Group are also included.

Multilateral Accords

Bilateral and Select Plurilateral Accords

European Union Documents

Multistakeholder and Non-Governmental Statements

Statements on International Law Outside of the UN Process

Attribution Statements

Submissions to UNGGE + OEWG

OEWG Documents
2021 – 2025 OEWG2019 – 2021 OEWG
OEWG Final Report and Key Supplementary Documents Documents of the Fourth Round of Informal Meetings of the OEWG (December 1-3, 2020)Documents of the Third Round of Informal Meetings of the OEWG (November 17 – 19, 2020)Documents of the Second Round of Informal Meetings of the OEWG (September - October, 2020)
Documents of the First Round of Informal Meetings of the OEWG (May-July, 2020)
Initial Pre-Draft of the OEWG Report and Comments
Pre-Draft of the OEWG Report Comments by UN Member StatesComments by Inter-Governmental Organizations (IGOs) Comments by Non-Governmental Organizations (NGOs)
Documents of the Second Substantive Session of the OEWG (February 10-14 2020) Documents of the Informal Intersessional Consultative Meeting of the OEWG with Industry, Non-Governmental Organizations and Academia (2-4 December 2019)
Documents of the First Substantive Session of the OEWG (September 9-13, 2019) Working Papers Submitted to the OEWG by UN Member States
Informal Papers Submitted by Inter-Governmental OrganizationsInformal Papers Submitted by Non-Governmental Organizations
GGE Documents

Freedom Online Coalition Documents

Please note...

You are leaving the website for the Carnegie-Tsinghua Center for Global Policy and entering a website for another of Carnegie's global centers.

请注意...

你将离开清华—卡内基中心网站,进入卡内基其他全球中心的网站。