The Programme of Action for advancing responsible State behaviour in the use of information and communications technologies in the context of international security — usually shortened to the PoA on cyber or cyber PoA — is a proposed permanent, action-oriented United Nations forum to consolidate work on cybersecurity norms, capacity building, and confidence-building measures.
The initiative was launched by France, Egypt, and a group of co-sponsors in 2020 as an alternative or successor architecture to the parallel tracks that had dominated UN cyber diplomacy: the Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) on ICTs. The UN General Assembly's First Committee adopted resolutions in 2022 and subsequent years endorsing further work on establishing a PoA, with broad cross-regional support.
Key features that proponents envision include:
- A permanent, inclusive forum open to all UN member states, replacing time-limited mandates.
- Focus on implementation of the existing acquis — notably the 11 voluntary norms of responsible state behaviour endorsed in the 2015 GGE report and reaffirmed by consensus in 2021.
- Built-in mechanisms for capacity building, stakeholder engagement (industry, civil society, academia), and regular review.
- Continued recognition that international law, including the UN Charter, applies in cyberspace.
Negotiations have been linked to the conclusion of the current OEWG mandate (2021–2025), with the PoA expected to be the principal follow-on mechanism. Points of contention include the degree of multi-stakeholder participation, whether the PoA should develop new legally binding obligations, and how it interacts with the separate UN cybercrime convention process. Russia, China, and some other states have expressed reservations about scope and stakeholder access, while Western, Latin American, and many African states have championed the model.
Example
In November 2022, the UN General Assembly First Committee adopted resolution L.73 supporting further elaboration of a Programme of Action on cyber, with France leading the co-sponsors.
Frequently asked questions
The OEWG operates on time-limited mandates (the current one runs 2021–2025), while the PoA is designed as a permanent, action- and implementation-focused mechanism rather than a primarily deliberative one.
Keep learning