IGF 2025 - Day 2 - Studio N - WS #126 Strengthening Multistakeholder Digital Cooperation

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> KLARA MARLAND: Good afternoon, everyone. It is a true pleasure and honour to welcome you to this IGF 2025 session in Strengthening Multistakeholder Digital Cooperation for a Resilient and Secure Cyber Ecosystem. My name is Klara Marland, and I work at the Global Forum of Cyber Expertise, and I'll be your moderator for this discussion.

We find ourselves at a pivotal moment in global cyber diplomacy. In a few weeks, the United Nations Open‑Ended Working Group on the security of and the use of ICTs, or OEWG, will conclude its current mandate. Over the past four years, this process has brought together all U.N. member states which have engaged in detailed discussions on a wide range of topics. From norms of responsible state behavior, confidence‑building measures and threats, to the applicability of international law in cyberspace, cyber capacity building, and the establishment of a regular institution dialogue.

While the OEWG process formally recognized the value of multistakeholder input, today's session invites us to look more closely at how inclusive was the participation in practice, and what lessons can we take forward to ensure the next phase, the proposed U.N. permanent mechanism on ITC security, is not only more inclusive but also effective and resilient in addressing global cyber challenges. So the key question we are asking today is how can we ensure that the expertise, services, and research provided by the broader cyber ecosystem, from nonprofits and Civil Society, to academia and the private sector, are not only recognized but truly integrated into global cyber governance?

That's the focus of our session today, and thank you, everyone, for being here, also online. This session is intentionally structured in two parts. First, we will hear from an expert panel next to me representing government and Civil Society who will help us unpack the opportunities and challenges ahead. Then we will turn the conversation over to you, our multistakeholder community, to bring your own experiences, perspectives, and practical recommendations to the table.

Your input today truly matters. The ideas shared during this session will be captured in a public report submitted to the United Nations ahead of the final OEWG session in July. Our shared goal is to ensure that multistakeholder voices help shape the design and implementation of the future U.N. permanent mechanism on ICT security.

A warm thank you to our distinguished panelists from the CyberPeace Institute, Global Partners Digital, Global Affairs Canada, and the Government of Chile, not only for joining us today but also for your continued commitment to advancing an inclusive approach to cyber diplomacy.

One note before we start, we are all referring to the Zero Draft of the Final Report, Annex A, from May 2025.

Now, I'm delighted to introduce our speakers, each of whom brings a unique lens to the central question we're exploring today. How can the multistakeholder community meaningfully shape and support the future U.N. permanent mechanism on ICT security?

Two of our speakers bring insights from government, reflecting national priorities and approaches to international cooperation. On my left is Senator Kenneth Pugh from the Republic of Chile who has been instrumental in addressing Chile's digital legislative agenda. From the creation of a national cybersecurity agency and cyber crime reforms, to convening multistakeholder dialogues through the Chilean forum, he offers a clear example of how national leadership can align with global frameworks in an inclusive way.

Next to him is Mr. David Fairchild, First Secretary for Digital Policy and Cybersecurity at the Permanent Mission of Canada for the U.N. in Geneva, who has closely followed the OEWG process and offers a Canadian perspective on enabling multistakeholder participation, including through the joint Canada‑Chile non‑papers, proposing practical ways to structure and leverage stakeholder contributions in the future mechanism.

The other two speakers represent the broader multistakeholder community, offering expertise from Civil Society and international initiatives. Ms. Rose Payne works as a policy and advocacy lead at Global Partners Digital, works to ensure human rights are embedded in the governance of digital technologies, with experience across global advocacy organizations. She brings concrete examples of how diverse, underrepresented voices can be better included in policy design.

Last but not least, Ms. Francesca Bosco, Chief Strategy Officer at the CyberPeace Institute, brings nearly two decades of experience in the intersection of international law, cyber policy, and human rights. Her work focuses on turning global frameworks into practical, inclusive initiatives, particularly through Civil Society collaboration, capacity building, and threat analysis.

Thank you, all, very much for being here today. It is such a pleasure to have such a diverse and experienced panel. Without further ado, let's dive into the first part of this workshop, which is our panel.

Senator, I will guide my first question at you. We are very much interested in Chile's work and how Chile sees its domestic cybersecurity strategy aligning with future global frameworks, particularly the U.N. permanent mechanism, and, also, what lessons can be drawn from Chile's approach to multistakeholder engagement?

>> KENNETH PUGH: Thank you very much, Klara. It's a pleasure to be here. I'm honoured to be with Francesca, Rose, David, and this panel. Grateful for the United Nations IGF Forum, especially Norway.

I do represent the region of Valparaiso, which is a region that goes from Easter Island in the middle of the Pacific to Robinson Crusoe Island, through to the others. If you go to the Kon‑Tiki Museum here in Oslo, you're find all the heritage that all those navigators found.

Now, we're sailing in a new world, the cyberspace. To understand the cyberspace, we need to have knowledge, and that's a problem. All the other spaces we know serve as maritime, space, air, and we can see them. We can touch them. The problem is cyberspace, we cannot understand it. That's the importance of the multistakeholders, to understand all the different layers that we are facing. And this is a challenge.

What I'm proposed to do now in a very few minutes is to try to put our example as a country, how we did it in order to build this trust between people in order to understand and to regulate something that we don't see. Basically, we started creating a month in order to have everybody involved. We took the month of October in, well, 2018. It's a long time ago.

Every October, we get together to understand all the new things, the new threats, because it's called the cybersecurity month. We cannot go into the digital world without cybersecurity, and that's important to understanding. Once we start this with a law that says that, also, you have to train and prepare exercises during that month, we use the parliament, the senate, which I was, with a commission, a futures committee in order to prepare a book, and to write a book is the best way to get people involved because you have to ask everybody.

You have to talk. You have to have the will, and then you will get the trust. That's the Chilean way. Talk, of course, and then will, we have to have something that we can prove this is what we would like to, and then we build the trust. With that trust, we use European influence, Brussels influence, basically with all the regulations being those, the two ways that European does, but we do it our own way.

We take everything, a directive, and we do the transposition. In the case of cybersecurity, NIS, which we started with, in the middle of the process that was December 28th, 2022, it changed to these two. Immediately, we took it and we prepare with all the multistakeholder that we have already created. This was the first example that we had everybody involved, even in the law. If you go, you're going to find six articles relate to what I am saying.

Three of them says that there will be a special committee. It is going to be a public‑private committee with one person from the government and six persons from the other sectors. Two from the industry through from academia, and two from the organized Civil Society. So within the law, we have the mechanism to embed it and to have these public‑private work together.

People is there for six years, and every three years, we change them. And the other two articles, which are very important, was to have all the cybersecurity researchers as part of the cybersecurity framework law. These other hackers, the hacker community, which are good people, investigators, so we prepare a special article for them so they can report all of their abilities of the government not being a crime. That's important.

Also, the agent in the agency has not to say he is committing a crime. This is only for government system. For private system, they have to ask permission. So having said that, if we want to understand globally now, which is our problem, what we said is in this environment, the cyberspace and in cybersecurity, we do not compete. We collaborate. That's basically what everybody is doing in the forum we have, three times a year where we get together.

This has gone even to the North where, later on, Canada will do it. We have prepared a strategy in order to have integrated within the discussion how the most important or meaningful stakeholders can be part of this process. If you want to see and visit us, we're going to be expecting you in Valparaiso, where the conference is, or you can follow the activities we're doing online. We're trying to spread it.

We're available in order to build a better and safe cyber world, but we have to be aware and to have more knowledge of the people. That is what we're working now, Klara.

Klara, thank you very much.

>> KLARA MARLAND: Thank you very much, Senator. It was inspiring to hear the government's perspective on leveraging the knowledge, which you said is scarce in cyberspace, and also from the multistakeholder community. What a better way than embed it in law? So this is very interesting perspective.

On this note, Canada has also consistently advocated for meaningful multistakeholder inclusion in cyber diplomacy.

Turning to you now, David, could you share how the Canada‑Chile nonpapers proposed to operationalize the contributions in the suggested future U.N. permanent mechanism?

>> DAVID FAIRCHILD: First of all, thank you, Senator Pugh, for your introductory comments. It's great to be here today. Thank you to JFC for organizing the event, and to my other co‑panelists.

This is my last IGF, so I'm going to first off start by saying it's been a fantastic five‑year run of participating in what is, in fact, the emblem of multistakeholderism. I think the OEWG could learn a lot from the IGF as a principle for how to model cybersecurity discussions.

I have lots of prepared remarks. I'll try to breeze through them because I think some of it is a bit sort of stated in other forum and obvious. 2024 and 2025 has been an important year. We saw the culmination of the pact of the future, the global digital compact, much more germane to the conversation, panelists here, which, as we know, multistakeholderism was a huge political football that was kicked around during negotiations.

This somewhat mirrors, I think, what we generally see and have seen for a progressive period within the cyber Open‑Ended Working Group. This year, as you know, next week, in fact, and over the next couple of weeks is the culmination of the second Open‑Ended Working Group on cyberspace. So, member states are currently preparing for what will be the final negotiations and, hopefully, landing the final report.

We have progressively seen over the entirety of the cyber open‑end working group process difficulties ensuring meaningful contribution from stakeholders. My participation with the Open‑Ended Working Group has always demonstrated the high value of stakeholders, but we have seen progressive attempts by certain member states to prevent that.

Canada, as one of its priorities during the Open‑Ended Working Group, was to focus on stakeholder participation. So this is really, you know, sort of looking back perspective of how we try to ensure maximum participation in these very important discussions.

So even though we anticipate agreement by consensus or hope for agreement by consensus on the final report, obviously, there are elements that remain, important elements of the final report that remain to be hammered out. One of them is the shape of what's to come after the end of this phase, so this is the second Open‑Ended Working Group.

There has been progressive discussions and agreements to the establishment of a regular institutional dialogue which we, the like‑mindeds, have put forward and is commonly known as the program of action. This is meant to be what would be at the end of this session a permanently established platform that would allow, from our perspective, all stakeholders to have a platform to engage on these substantive issues in a less politicized and more meaningful way.

As I'm sure some of you in the room know, this was put forward under the leadership of France and Egypt several years ago, and it was really an attempt for us to move beyond the highly politicized, highly stilted, very sort of stave conversations that we see in first committee with prepared speeches, a lot of time spent on procedural matters, and little time for stakeholders.

What we believe, in order for the framework for the state behavior and to address some of the concrete challenges, we need to ensure the stakeholder community is at the table meaningfully. I have said this progressively over my four‑year posting. The DNA of this space is multistakeholder. I think it's ‑‑ it becomes highly problematic in the first committee context of international peace and security where member states tend to have a monopoly of decision making. That's sort of historical in the context of cyberspace and digital space. What we see is private sector community organizations, academics, all have agency and equity in this space, and I think that's systematically underrepresented in the cyber, Open‑Ended Working Group, despite our efforts.

So how did we do this? We were actively participating in the French‑led efforts under the POA, but I think what we began to realize is that it needed a little bit of a boost. So Canada and Chile decided to work together to begin a long series of consultations globally with partners of all walks to try and develop a more comprehensive understanding of what this regular institutional dialogue and permanent mechanism should look like.

A number of papers were produced, and in the first instance, it was an attempt to try to develop a repository of the positive benefits that stakeholders could and should and do bring to this process. You know, how do they deliver capacity? How do they protect systems? How do they add public policy valued to the discourse? And to raise awareness of their involvement in this space.

So in the second phase, we continued these consultations, participating in a number of activities with an idea that, ultimately, to try to break the deadlock, as I'm sure some who follow this process, there are very entrenched political views on what the next phase of this should/could look like.

And it's important because the owners and operators of cyber infrastructure tend to be a blend. In fact, in some countries, tend to be more in the private sector. You know, the front line organizations dealing with cyberattacks and the harms on societies can be equally Civil Society, local governments, communities.

So I think what we wanted to ensure through the process was to develop a narrative and a functional way forward that would help, in fact, try to break the deadlock, and hopefully we're successful in that. One of the key elements, of course, is the modalities issue, and I think some of the very people in this room have suffered from the inevitable veto that member states have over the participation stakeholders in some of these meetings.

We have found workarounds over the years to, you know, invite members to join delegations. We hold a number of side events where non‑accredited organizations can speak to member states. But we've also felt throughout that, it's just insufficient. It just doesn't really recognise the true value of the stakeholder community.

So, at this point, these papers have been submitted. They are up in the cloud. They have been posted to the OEWG website, and the co‑sponsors have signed on. Without putting too much emphasis on it, I think really where we are at this point is there is no guarantees that the plane will be landed at the upcoming session. I think we need to recognise it is going to be a tough road.

If you have a chance to review the BRICS Foreign Minister Statement from a couple weeks ago, it's very clear. I'm going to bring it up here quickly. You know, they, in their own final communique, reflect this very point. They see the future of ICT and cyberspace as a multilateral, member state led activity. So we are, in a way, fighting upstream to make the point. I think what we hope to see in the next couple weeks is a real breakthrough.

What it may look like, I think, is an open debate. The principles are at least agreed, but whether it's a, you know, number of working groups that are structured under a broader chapeau that is New York based remains to be seen. Critical for Chile and Canada is that the stakeholder involvement is based plated into whatever modalities, into whatever the future framework looks like.

I think, if I can, Klara, I'll stop there and turn it over to my capable and able colleagues. Thank you.

>> KLARA MARLAND: Thank you so much, David. It was very interesting how you mentioned the member state led activity. Just to maybe clarify, this is not something we want to challenge, but we just want to add to it. The knowledge and research and everything. The non‑papers, also a very strong message is that we don't want to vote, don't want to fight this intergovernment process, but we want to be heard. We just want a voice.

We believe this multistakeholder approach is the right way forward for inclusivity and also sustainability.

Now turning to Rose. Some states at the U.N. still remain cautious about involving a broad range of stakeholders in these sensitive international security discussions, fearing that it could dilute focus or introduce less relevant voices.

How would you respond to such concerns? More broadly, how can we better demonstrate the unique value that non‑state actors bring to processes like the U.N. permanent mechanism?

>> ROSE PAYNE: Thank you so much, Klara. Thank you for the opportunity to speak about this topic a couple weeks before the final meeting. It's really important.

Happy to be sitting here with representatives of Canada and Chile, given the important role you've played in championing stakeholder inclusion. I was really happy when you sent me this question, actually. Particularly, picking up on those two words, relevance and legitimacy, I'd probably turn that back a little bit to ask what kind of relevance and legitimacy we're trying to build, without the meaningful inclusion of stakeholders who operate their own digital infrastructure, who are instrumental in actually dealing with threats, who are carrying out vital capacity building activities which supports states in both participating in the OEWG and also in implementing the norms of responsible state behavior, and who have also, throughout the process, offered concrete guidance and research on the application of international law and the impact of policies on human rights.

I think that they ‑‑ we've seen many states pick up on these existing things they've done, and I hope that along with the non‑papers and their fantastic work by governments who are supportive of stakeholder inclusion, those will help convince some of the countries that are a bit more cautious, if we want to put it like that.

I'm going to expand a little bit on the unique value of stakeholders bringing to the state‑led processes. I hope a lot of people in the room may also be convinced, and, David, you've touched on this, but it is worth reiterating. So they can help raise awareness of international state‑led processes on a national level. They can build moment and trust in the processes that can feel big to people on the ground.

Second, stakeholders have a role to play in building bridges between different camps. As David touched on, and for anyone who follows the OEWG, it won't be a surprise for me to say that it's been a little bit difficult to make progress on a number of issues. In part because of geopolitical divides between countries who do hold fundamentally different viewpoints.

Stakeholders help to bring fresh perspectives and conduct research and bring evidence which can help to move conversations forward when we work together in good faith.

Third, stakeholders have a proximity to affected communities which governments don't necessarily have. Here, I'm thinking specifically about historically marginalized communities or communities which are experiencing vulnerability. It is individuals who are the principal targets of cyber threats. Civil Society organizations, academia, and those working with affected communities can provide bottom‑up and up‑to‑date understanding of the impact of threats upon individuals which can help to feed into those policy discussions.

Fourth, as I've kind of touched on, stakeholders do hold expertise which can be supportive to states during negotiations. I think I'll come on to touch on that a little bit more, but that expertise can help increase the legitimacy and implementability of policies. So looking back at some of the lessons learned from the OEWG and forward to the current, and by that I mean the one that was already online because we've heard there's going to be a new version soon, the version of the annual progress report which does outline the structure of the future mechanism.

Very, very briefly going to touch on how stakeholders can play a useful role. Particularly looking at the thematic groups, at the moment, APR suggests stakeholders will be able to participate in the thematic groups. I want to emphasize how useful it will be to have spaces for stakeholders to really be able to directly interact with states on issues which they have the most expertise in.

However, with a small caveat that states may not know all of the expertise held by stakeholders, so it is important that stakeholders are able to participate across thematic groups, that technical experts in a particular area is not kind of a pointed condition of them being able to participate.

Second of all, during the plenary sessions, allowing stakeholders to react to each agenda item, potentially in a short, dedicated session during each section of the agenda, means they can react to proposals in somewhat real time. During the OEWG, stakeholders primarily could intercede during a dedicated afternoon. They'd either need to comment on every pillar of work at once, if they all try to follow specific guiding questions. This really diluted their ability to support states in understanding the merits or challenges of new proposals as they came up. And it doesn't really allow for two‑way dialogue.

It's really vital the permanent mechanism allows stakeholders to support states across all pillars of work. What needs to happen for them to play that role, they need to be in the room. As David touched on, the accreditation process meant that any state could essentially veto a stakeholder without sharing a rational. That needs to be addressed by making it more transparent who has vetoed a particular stakeholder and why.

That stakeholder can actually go and understand and address the concerns, first of all, and also, excuse me, I also want to support the suggestion found in the Chile and Canada non‑paper that objections to stakeholders' participation should be used as a last resort, and to also reflect that the majority vote mechanism used during the ad hoc committee on cyber crime worked quite well.

In terms of more concrete suggestions on how meaningful stakeholder inclusion can be meaningfully enabled in the future mechanism, next Tuesday during the informal stakeholder discussion organized by the Chair, a group of Civil Society organizations will come and present a number of different ideas. I hope that we'll see you there.

To finish off, we need to take the lessons learned from the Open‑Ended Working Group and other relevant processes into the future mechanism. If it has modalities which facilitate truly meaningful stakeholder engagement, stakeholders will be able to play an even more of a role in sharing research and evidence, raising human rights concerns, and even helping to bridge divides between states.

Quite apart from that, stakeholders really stand ready to be a resource for states. We hope that we'll be able to play that role.

>> KLARA MARLAND: Perfect. Thank you so much, Rose. You touched upon interesting parts and I'm sure it'll feed directly into the report we'll submit after this session.

The current struggle with accreditation is truly one of the biggest obstacles for meaningful participation of stakeholders. From just the brief perspective of GFC, we have been leading the women in international security and cyberspace fellowship, which since the beginning of the process, enabled female diplomats and cybersecurity professionals to attend these sessions, especially from small, underrepresented states.

We boosted the participation of women from 37% in the first session to 55% in the latest one, and enabled 120 women from 55 U.N. member states to take part in the U.N. cyber crime and cybersecurity discussions. So more than 25% of U.N. member states benefitted from this program delivered by a non‑governmental stakeholder. Of course, this initiative is sponsored by seven governments, but we're very proud we get to facilitate that. It would be great to keep doing the great work that we do as a multistakeholder community.

So now, before we jump into the second part of the session which will be an interactive discussion, I will like to dedicate the last question to Francesca, to tell us a little bit more about what, in your view, should be the concrete role that Civil Society organizations can play in supporting states and the future U.N. permanent mechanism, especially in areas such as cyber capacity building, threat analysis, and operational implementation.

>> FRANCESCA BOSCO: Thank you so much. Thank you, Klara, and the GFC for the invite and the opportunity to contribute to the discussion with such experienced and inspiring panelists.

The CyberPeace Institute is a Global Civil Society Organization that is focusing on both addressing the societal harms of cyberattacks with the focus on underserved communities, but also at the same time, to provide active cybersecurity assistance and, indeed, provide evidence‑based knowledge and capacity building into policymakers at the national and international level, like within U.N. processes.

It is a pleasure to follow the great remarks Rose provided. When you were enumerating the ways the multistakeholder community can actively contribute, I went into archaeology mode. I retrieved that back in 2021, so it is nothing new, in a way, what we're discussing, and thank you to David for depicting the process so well, we provided a statement on the value of the multistakeholder engagement. Coupling with a letter that, at that time, Civil Society provided, focusing on the modalities.

Back then, we emphasized that the key value of, for example, researching existing and potential threats in the sphere of information security, further developed the rules, norms, and principles of responsible states, and how international law applies to the use of information and communication technology by states, monitoring the application of confidence building measures in different contexts and, for example, work toward an effective and sustainable capacity‑building process. Playing a key role by disseminating and diffusing knowledge about cybersecurity and responsible state behavior.

With the interest of time, I want to be very concrete and bring some examples of ‑‑ I mean, we try to walk the talk, let's say, since 2021. I'd like to focus on two key areas. On one hand, also following your question, on how the multistakeholder community of Civil Society can contribute to the evidence‑based policy development and threat analysis. As well as, let's say, considering Civil Society not only as consumers, in a way, of cybersecurity but also producers of cybersecurity as public good.

In the first case, the multistakeholder community has the experience, the operational knowledge and contextual understanding of the impact, for example, of cyber incident, which is essential to inform policy debates, and the development of effective solutions that are anchored in, what I would call, a wider human rights based framework.

We've been consistently advocated for a human‑centric and evidence‑based approach to cybersecurity within the Open‑Ended Working Group process, and it's not just the principle but we really call it a sort of, like, imperative. Following what Rose was mentioning in terms of contributing with expertise, also across the different type of thematic groups, the example that I can bring is that, for example, we developed a methodology to assess the harm that cyberattacks and the information operations are causing to society. And we use the methodology to bring, also, concrete examples, providing data, and submitting the data to the Open‑Ended Working Group, the value of the various statements, and also working with a few governments, a few, let's say, friend governments.

Also, being able, for example, to develop what we call the cyber peace incident tracers. Monitoring attacks against health care and what it means for people when cyberattacks hit on a hospital. We develop a cyber incident tracer monitoring platform when it comes to attacks attacking civilian infrastructure in the middle of conflict, for example. What it means for society, for the population. We develop a cyber incident tracer that is focusing on attacks that are hitting, for example, Civil Society organizations, humanitarian organizations that are active in development and humanitarian context.

With this data and with the analysis of this data, we provide this knowledge, again, to support a real understanding of cybersecurity. Because if we are talking about developing cyber norms, well, norms needs to, let's say, reflect the reality of what's happening in real life, when cyberattacks are hitting.

Also bridging local experience, working with a lot of Civil Society organization, international organizations, active in the field and on the ground, up to the global policy. Also, translating, in a way, the realities into recommendations. We had a couple concrete examples. Working with the government of the Czech Republic, for example, where we worked in terms of, like, creating knowledge and capacity‑building, specifically in the field of attacks against critical infrastructure, notably the health care sector.

Or, for example, in emphasizing the importance of the victim‑centric approach when it comes to analysing the impact of cyberattacks. Thanks to the Government of Belgium, we were able to hold two side events during the previous edition of the Open‑Ended Working Group. So this is more for, let's say, the evidence‑based policymaking, but then, as mentioned, and I will finish with that, Civil Society are producer of cybersecurity public goods.

A role that is directly relevant to the Open‑Ended Working Group calls for inclusive implementation of norms and capacity building. There are initiatives, like the nonprofit cyber coalition, where we are sharing cybersecurity resources developed by nonprofit. Specifically, one initiative which is called Common Good Cyber is a global initiative with the goal to identify and implement innovative models for sustaining groups, organizations, individuals involved in critical cybersecurity functions, for the broader internet community.

We have organizations like Shadow Server Foundation, Global Cyber Lions and others that basically are securing the backbone of the internet. They work directly ‑‑ their work directly supports, basically, the Open‑Ended Working Group goals for enhancing the security of the ICTs and protecting critical infrastructure, for example, especially in underserved regions.

These nonprofits also contribute to confidence‑building measures by offering transparent, non‑commercial cybersecurity resources that can be trusted in a wide range of actors.

I recommend reading a paper coming next week, co‑published together with the EUISS, specifically detailing and mapping how nonprofits contribute to cybersecurity. There is one specific piece that is focusing on the multistakeholder participation and the Civil Society participation to the Open‑Ended Working Group.

A good example of how also, thanks to the involvement in the Open‑Ended Working Group, you can make concrete change and impactful change. Just the 17th of June, the beginning of this week, as well, allow me to mention that the state of United Kingdom and Canada announced, in a joint statement at the G‑7, that they are supporting the Common Good Cyber fund. It's an initiative to strengthen global cybersecurity by supporting nonprofits to deliver core cybersecurity processes that protect cybersecurity actors at the high‑risk and the internet as a whole.

It's possible. It's happening. I mean, this is also where, I think, the discussion about the multistakeholder contribution can have a very meaningful impact. Allow me to finish with one thing, which is also very much in line with what Rose mentioned, and this is also why, even after 2021, we are still here, basically discussing about this. I'm thankful to be at the table with Canada and Chile, and thank you so much for your proposal.

I can give you the practical experience that we are facing, because despite, let's say, the technical and operational expertise that was also recognized by states, many civil society actors are still currently excluded due to the non‑objection rule, and leading to access to documents, lack of funding to participate in the forums.

Despite trying to play by the rule, because we request the accreditation in 2022, I checked, now, three years later, still our application has been deferred to 2026. Despite us giving a clarification that we are regularly and timely provided. We've been vetoed again, just the news from last week, from the accreditation to this session.

So despite some good and meaningful contribution, this is why it's so relevant to have the actors that you can see here at the table, that we are still discussing, basically. This is super important issues. Thank you.

>> KLARA MARLAND: Thank you so much, Francesca. It is good to reflect on the practical challenges that you experience. As a GFC, we can join you in that fight.

I think it was great to hear about the importance of the role of Civil Society, also, as you said, the human‑centric, and bringing the evidence‑based approach to cybersecurity. Because excluding those voices, we don't want to see what type of future we will have regarding the future permanent mechanism on ICT security, so this is definitely important.

Now, I would like to turn to you, also online, whoever is listening online. You can reflect on what you've just heard, share your experiences or best practices, and offer concrete recommendations for how the future U.N. permanent mechanism can be effective and grounded in collaboration.

We have prepared guiding questions which you can see on the slide behind us. I will read them briefly, and in the meantime, feel free to line up. We have two microphones on the side here. Our best approach is you line up in front of the microphone so we can answer as many questions as possible, and also feed as much input for the report we'll submit to the United Nations ahead of the final OEWG session in July.

Let me read the questions. First one is, what role should nonprofits and Civil Society play in the future U.N. permanent mechanism, and what would it look like in practice? Second is, how can we ensure that underrepresented voices are meaningfully included? What are some sustainable strategies for ensuring multistakeholder input is not ad hoc, but continuous? And, lastly, are there any other international processes that offer good models for non‑state stakeholder engagement?

Perfect. I see that we already have our first speaker lined up. Francis, the floor is yours.

>> I don't know if you can hear me. Oh, perfect. I'm part of the European Youth IGF. I just have a question, basically to the whole panel, about the quality of the multistakeholder approach. Insofar as, as least my impression is, to some extent, the stakeholders involvement in the process might be self‑selecting.

What does that change, and how does it affect the quality of the kind of dialogues we're having in forums or panel discussions? Insofar as, especially the private sector and industry, first of all, they'll self‑select as to whether it is actually going to affect them, the kind of discussions that are happening, and if it's not, why would they attend?

And is it a problem for you? Do you see that there's some solutions or ways to fix this? And, yeah. Because I just think that maybe the incentive structure, does it work? Maybe the incentive structure just is a bit off in this way. How can we ensure that when we're having the multistakeholder models and dialogues, that, always, there are people represented, even if it's not necessarily in their best interest to be there?

Okay, thank you.

>> KLARA MARLAND: Perfect. This is exactly what we are discussing here, right? How can people be represented in the most efficient way? Anybody would like to comment on this question? Yes, Senator, the floor is yours.

>> KENNETH PUGH: Thank you very much for the question. We use the KYC, know your customer. You have to know the other part, and that's very important. Then start to, try to have something in common. A good idea is to, when you invite, invite everybody. But once you invite everybody, you have to see who didn't want to attend or who's not there? Those are the ones you really have to work.

It is like singing to the choir. Let's say you don't have to preach the converted ones. You have to find the other ones. That's the way we did it. Know your customer. When you see that in your map of multistakeholders, there are others that you know that exist, that they're not part of it, you are to talk and see why they're not there. Try to make them to be within.

>> KLARA MARLAND: Rose, you want to add to these remarks?

>> ROSE PAYNE: Yes, I can also comment on that. Apologizes, my hearing is terrible, which is a downside on a job that relies mostly on talking. But I think what you were saying was about self‑selection of stakeholders, and whether that's a kind of problem.

Speaking specifically to the OEWG, in my opinion, it's quite a long process. It's gone on for a long time. It happens in New York, which is very expensive. The people who are in the room really want to be there. So, yes, and to be honest, it's not really self‑selection in this case because there is this issue of accreditation. But in terms of kind of quality of their interventions and the work they do there, there is really no point in them not trying to make the interventions and their work as relevant as possible.

In my opinion, I actually think that, like, we have some partners in the room, I think, who have worked with GPD and trying to really look on a national level, like the impact of different policies, trying to make sure the evidence‑base is really there.

I would say it is not a problem for the OEWG. Self‑selection has worked quite well, insofar as it has gone, you know, insofar as people put themselves forward, then a lot vetoed. It would be fantastic, actually, to have a much more diverse group of voices in the room.

Francesca, I wish that the CyberPeace Institute didn't keep getting vetoed, because you obviously do fantastic work which is fundamental to cyber resilience, so yeah.

>> KLARA MARLAND: David, I think you also want to comment?

>> DAVID FAIRCHILD: Very quickly. You're absolutely right. I think one of the issues we find, and you can just look in this room, it's very expensive to take part and to be at every single U.N. meeting. What we see is, unfortunately, overrepresentation from some stakeholder elements. You know, there are obviously ones that can afford it and have local staff based in New York in order to cover the waterfront.

I think you're sort of eluding to different issues. The U.N. rules themselves don't lend themselves to effective stakeholder participation. During COVID, we moved to a virtual world. The U.N. essentially bent their own rules, and now they're forcing us back to working only in person. Despite the fact that member states have suggested this is probably not optimal.

In the U.N. Geneva space, for instance, in the human rights council, we are now back to full in‑person informal. You know, this has a real effect. There's simple solutions on the surface of it, but they're not so simple when you look behind the velvet curtain.

I participated in the Sao Paulo, the only non‑U.N. multistakeholder forum, at least in the years I've been here. There is a published principles, which we tend to highlight and encourage member states to adopt, whether it be in the IGF, OEWG. It's not just about opening the door to member states, it's about finding a way to modify your own work methods to accommodate stakeholders.

I can sort of practically speak to that, which I'll come back to. Also, I think the other reality is there are member states who either maybe don't have a healthy stakeholder community in their own country, don't want to talk to their multistakeholder community, but worst of all, may want to but don't have the means to. So it is a bit of a vicious circle for some member states. You see that floating up into these international processes.

I'm very, I guess, humbled in the sense that Canada can easily represent itself, both at the national government but also in the stakeholder community sense. That is not the case for every member state. That is not the case for every community, and I think we're seeing progressive attempts to try to rectify that.

Here, I'll bridge back to, obviously in the context of the IGF, Canada is very publicly wanting to see the IGF not only renewed but made permanent and provided a budget that will ensure not only its survivability but ensure there is going to be maximum participation from all sectors in all regions of the globe. That can only be done with effective budgeting and effective financing for participation and not working on a voluntary basis.

Just to sort of finally bridge back. In the context that I work on the digital governance working group, which has been mandated through the GDC, Global Digital Compact that was signed off, the membership is 27 member states and 27 non‑member states. It's equal participation. But we don't have the budget to ensure their participation, and we don't have even the means to provide, necessarily, virtual participation, which makes it extremely impossible for some.

You know, we have some non‑member states who are based in Australia that have been selected to participate. It'll take this person more time to travel to the event than the event itself. That is not what I would personally call meaningful participation. That's something that, I think, we continue to at least try to fix.

You know, Canada was successful in at least something as simple as asking that there be a second Vice Chair for the working group that represents the 27 non‑member states. These are small states that I think Canada, at least I'm highlighting because I know about them, but I think they reflect a deeper problem, which is, we can just abide by the existing rules, which are, quite frankly, designed for member states within the U.N. context. I think we have to be a little more nimble, particularly, you know, and understand that stakeholders come in all sizes, shapes. Small stakeholder doesn't necessarily have the capability and may need more time.

Something as simple as issuing papers with enough time for all member states and stakeholders to reflect and provide feedback. Publishing them so observers and stakeholders and participants can have access to them. These are small things, and they're not necessarily relevant, per se, to the Open‑Ended Working Group, but these are common features at least in the four years I've been on this kind of file that I think I would reflect as sort of things that we can do but we don't always do.

>> KLARA MARLAND: Perfect. Let's briefly hear from Francesca, then we have a gentleman on the right side and another on the left, and then also online chat. Let's be quick.

>> FRANCESCA BOSCO: No pressure. Super quick, well, plus one to what David was mentioning, because I was trying to reflect on, okay, where we can learn. What can be a good model? Although it's not cyber specific, but we have concrete examples of successful modalities for stakeholder engagement.

For example, seeking input through online consultations previous to the event, and to inform the outcome documentation, making things public, contributing transparency, and also holding working session throughout the event, where stakeholders could take the floor through an open mic system and make interventions.

Just to mention, going back to our, let's say, main topic, I mean, I second what Rose was mentioning in terms of, like, that there are forms of solidarity and support, I think, which is definitely a plus of the challenges, let's say, that we are facing within this process, specifically within the Civil Society community, but in the overall multistakeholder community.

We are trying to join forces when it comes to the joint statement. Also, forming kind of strategic coalitions organized around the thematic expertise, for example. It's something that is also very helpful that can, especially thinking about the next mechanism potentially with the thematic groups, it's something that can be proven valuable.

>> KLARA MARLAND: Perfect. Okay, let's turn to the second question.

>> Thank you, Madam Moderator, panelists, audience. I'm Boris, head of development at SWGFL. And we're a 25 year old not‑for‑profit charity believing in a mission to enable everybody to benefit from technology, free from harm. About a month ago, we are proud that we are in special status with the United Nations economic and social council.

We focus in online safety, protection of children, and adults online. I've only been in this space for a decade, and the only answer to all of these problems is a multistakeholder environment where all voices are respected equally. But if you would allow me, Madam Moderator, to bring another light to the discussion, we developed, three years ago, a platform called stop NCII.org. Nonconsensual intimate image abuse.

Might have heard in the last panel, more than 300 million children every year suffer from child sexual abuse. Our numbers show that more than 40 million women across the world suffer from nonconsensual intimate image abuse. I'm really interested to understand how tools like this, and many others, fit into the broader cybersecurity frameworks. How do you see survivor‑focused, Civil Society‑led solutions being integrated into the new mechanism for ICT security?

Our platform is already used by millions. It's supported by major platforms across the world. It is privacy preserving, victim led, and designed to be scaleable across regions. I'd love to explore how it might work for you, and if you would allow me, Madam Moderator, so ask the panel, how do you see tools that work and listen to the victims on the group being incorporated in this mechanism going forward?

Thank you so much.

>> KLARA MARLAND: Thank you.

Maybe let's also collect the second question from online chat, and then we can just pick and choose which one you prefer to answer, or briefly touch on both.

>> ONLINE MODERATOR: Moderator here. This question is from Alasana Cham. What multistakeholder strategies do we use to reduce the power imbalance that exists in the multistakeholder engagement process? For example, governments appear to be more powerful and influential, most specially at the national level.

I think we also have another speaker that wanted to take the floor in Zoom briefly. Martin Koyabe, if that is possible?

>> KLARA MARLAND: Perfect. Let's see if we can.

>> ONLINE MODERATOR: Martin, are you able to? Martin Koyabe.

>> Yes, can you hear me?

>> ONLINE MODERATOR: Yes, we can.

>> Thank you very much. Of course, thank you for the panelists and the input that have been provided. I just wanted to give ‑‑ my name is Martin Koyabe of the GFC Africa. I just wanted to give a perspective on the Africa region, but more importantly, some of the concerns that need to be taken into account.

If you consider the region, which has also quite a number of least developed countries, nearly 33 out of 34, you would find that there are specific challenges that need to be addressed as a prerequisite. Number one is the maturity of the posture of most of the countries. A, most are at the point of developing national security strategies or even implementing some of the key areas, including some of the critical infrastructure aspects that have been touched on by the speakers.

In that case, you find that the priority of these countries do vary because they do have specific needs, most of it in development rather than cyber. That needs also to be addressed, in terms of how do we make sure that countries that have kind of less priorities are also included at the same level with countries that are negotiating whether at regional or international level.

The second point, also, is how do we build trust between countries? Because one of the fundamental issues that we ‑‑ that many of the African countries face is the issue around the difficulty of implementing CBMs. CBMs require trust‑building mechanisms in order for that to function, especially when you have functional certs or regular information exchange. This presents an issue of trust.

Finally, the issue that has been touched on which focuses on resources, especially when it comes to the level of expertise. While we increase participation, especially as eluded of women and other levels of the Civil Society into this particular process, we find that many institutions do not instill what we call an institutional memory of how this process is going to be established.

The call here is to look at establishing what we call a framework of engagement of these particular countries. Thank you very much.

>> KLARA MARLAND: Thank you. I think each speaker here, each of the panel lists, are going to be given, like, max 30 seconds to answer any of these questions.

Maybe just to quickly comment on the first one, so looking at Civil Society led solutions and how they can be fed into the future permanent mechanism. Number one is potentially allowing hybrid participation in a dedicated thematic groups, meaning that there will be much wider, multistakeholder community that can actually participate and provide other input. That is one recommendation on the report to be submitted on the final session.

I'll open the floor to my other panel lists. Senator Kenneth, we can go quick, final comments before we conclude.

>> KENNETH PUGH: The internet gives us the leverage, then the platform. Stop and see AI.org. We can be connected. Also, we have artificial intelligence. You saw it there. Using these tools and, soon, we were able to interact, that's the importance of this meeting. We can do it. We have the tools. We have the will, the commitment. Now, we have to make it reality.

Public policies for that, to make it for good. For that, we need all the help, all the people, all the multistakeholders. Thank you very much.

>> KLARA MARLAND: Thank you very much.

David, any final thoughts?

>> DAVID FAIRCHILD: Yeah, just very quickly. I mean, this feels like I'm preaching to the choir. Of course, the multistakeholder model and nearly simply to say, don't stop fighting. It feels like it is a never‑ending, uphill battle. There are champions out there. Maybe they're not always evident, but I think for Canada and Chile in one context, other countries in others, it's about rallying the support and knowing who actually is the person to influence in outcome. That isn't always the highest official in the room.

I'll leave it at that.

>> KLARA MARLAND: Perfect. Rose?

>> ROSE PAYNE: This was on the first question, right?

>> KLARA MARLAND: Feel free to also ‑‑

>> ROSE PAYNE: I'm going to give a shout‑out to a couple of other organizations. First of all, the GFC. When it comes to actually bringing together different tools and methodologies, they are the place to go. I would strongly encourage any organization working on cyber solutions and who are not currently involved to reach out.

Second of all, I want to highlight the work of our colleagues at the association for progressive communications who have done an awful lot of work, specifically when you're referring to survivor‑centric approaches. They've done an awful lot of work looking at how you can integrate gender into the interpretation and implementation of the 11 U.N. norms and have fed the work into the OEWG extensively. I recommend looking them up.

>> KLARA MARLAND: Perfect, thank you.

>> FRANCESCA BOSCO: Quickly, maybe one of the initiatives I mentioned before, the nonprofit cyber. If you are a nonprofit working on cybersecurity, double check, because we created a matrix that you can contribute to. You can apply, for example, the tools that you are working on.

Actually, this is also addressing one of the recommendations that we have for the permanent mechanism, which is, indeed, to focus and implement transparent tracking systems for stakeholder contributions, including the submission, for example, of tools. Because we do believe that a wealth of information is lost because it is not centralized.

There are some very good items, but having a sort of centralized repository with all the stakeholder inputs and how they can influence final documents and decisions is key.

>> KLARA MARLAND: Perfect. Maybe just to briefly conclude, thank you, everyone, for being part of this discussion. You also know where to find us if your questions were not answered or you have additional input for the report. We'd love to hear from you.

What we have heard makes one think clear today, and that is that meaningful multistakeholder engagement is not just a principle on paper, it is essential if you want to build a trusted, inclusive, and effective approach to cyber evidence, both at the United Nations and in our wider global efforts.

So, what are we going to do now? Firstly, we will put together key points from today's session and also from additional input we receive from you into a short summary report. This will include reflections from the panel and practical recommendations shared during the discussion. It will be made publicly available and submitted to the United Nations ahead of the OEWG session in July, and also presented in the informal town hall meeting with OEWG Chair next week.

Second, we will encourage you to stay engaged. As it was mentioned, the GFC community is wide and broad, so we welcome all multistakeholders to join us. Also, this process will help shape how the future permanent mechanism and ICT security can take form, what form it will shape, and your input continues to matter.

Whether you come from Civil Society, academia, private sector, government, your perspective plays a crucial part.

Yeah, finally, as I said, please share with us any additional input. We would love to hear from you. Let's keep the conversation going. Make sure that multistakeholder voices continue to shape the future of cyber diplomacy.

Thank you, once again. We look forward to what comes next. Thank you.

(Applause).