Cybernorms are voluntary guidelines and principles that promote responsible state behaviour in cyberspace.

They are designed to enhance international security and stability by providing a framework for states and other stakeholders to follow in order to mitigate cyber threats and prevent cyber conflicts.

While non-binding, these norms aim to foster cooperation, transparency, and trust among states and other actors in the digital space. Effective implementation of cybernorms requires regular dialogue, cooperation on technical measures, and efforts to hold violators accountable.

Here are the 11 cybernorms endorsed by the United Nations.

  1. Non-use of ICTs for Internationally Wrongful Acts: States should not conduct or knowingly support ICT activity that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.

  2. Protection of Critical Infrastructure: States should take appropriate measures to protect their critical infrastructure from ICT threats.

  3. Incident Response Cooperation: States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts.

  4. Respect for Human Rights: States should respect human rights and fundamental freedoms in their use of ICTs.

  5. Non-interference in Internal Affairs: States should not conduct or knowingly support ICT activity that intentionally damages or impairs the use and operation of critical infrastructure for political coercion or to destabilize another State.

  6. Non-Use of Proxies: States should not use proxies to commit internationally wrongful acts using ICTs.

  7. Responsible Reporting of Vulnerabilities: States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to address such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure.

  8. Respect for International Law: States should recognize that international law, including the UN Charter, is applicable and essential to maintaining peace and stability and promoting an open, secure, stable, accessible, and peaceful ICT environment.

  9. Cooperation for Stability and Security: States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are harmful or that may pose threats to international peace and security.

  10. Capacity Building: States should consider how best to cooperate to build capacity in developing countries to address ICT security and to develop and implement measures to protect their critical infrastructures.

  11. Confidence-Building Measures: States should take steps to build confidence and trust with other States, such as exchanging information, building transparency, and engaging in dialogue to reduce the risk of misperception and miscalculation related to ICT incidents.


From our blog

Cyber road from Ukraine: where will it take us?

Vladimir Radunović

‘The potential for the next Pearl Harbor could very well be a cyberattack.’  US Defense Secretary Leon Panetta, 2012 This (in)famous warning has been discussed and re-discussed since 2012. Could a devastati...

Year in review: The digital policy developments that defined 2021

Stephanie Borg Psaila

For most countries, 2021 was a continuation of pandemic woes. As people swapped contact tracing apps for vaccine passports, the wave of misinformation on COVID-19 vaccines spread even faster.  Beyond COVID-19, the b...

Who’s behind a cyberattack?

Anastasiya Kazakova

Unravelling cyberattacks through a simulation game A seemingly ordinary Monday. You enter your office, turn on your computer, and grab a cup of coffee. A...

What’s new with cybersecurity negotiations? UN Cyber OEWG Final Report analysis

Pavlina Ittelson

The UN’s Open-ended Working Group (OEWG) on Developments in the Field of ICTs in the Context of International Security (UN Cyber OEWG) has established another landmark in the international negotiations about the ‘...

Training and courses



International cyber security diplomatic negotiations: Role of Africa in inter-regional cooperation for a global approach on the security and stability of cyberspace

This research paper examines African countries cybersecurity readiness and how Africa can play a role in shaping international negotiations and discussions on global cybersecurity governance.... Read more...

Food, Ketchup, Logo, Armor


International multistakeholder cyber threat information sharing regimes: Policy considerations for scaling trust and active participation

This paper examines cybersecurity information sharing mechanisms. It looks at the research into public-private partnership (PPP) theory, their application for cybersecurity, and the burgeoning field of international cybersecurity collaboration, and draws conclusions on... Read more...

Food, Ketchup, Logo, Armor