Multistakeholder Instruments & Other Initiatives

African Union
African Union Convention on Cyber Security and Personal Data Protection
  • Aims to create a legislative framework for cyber security and personal data protection;
  • Requires member states to develop a national cyber security policy and appropriate institutional mechanism for governance; legislation and institutions against cybercrime; ensuring monitoring and a response to incidents and alerts, national and cross-border coordination and global cooperation.
League of Arab States
Convention on Combating Information Technology Offences

Enables parties to adopt a common criminal policy aimed at protecting the Arab society against information technology offences.

Caribbean Community (CARICOM)
Model Legislative Texts of Cybercrime/e-Crimes and Electronic Evidence
  • Model legislation targeting the prevention and investigation of computer and network related crime
  • Non-binding
Common Market for Eastern and Southern Africa (COMESA)
Cybersecurity Draft Model Bill
  • COMESA Secretariat as the Chairperson of the Tripartite Task Force (TTF) to undertake the harmonization of the cyber security policies
  • Came with adoption of the Model Cyber Security Policy and the Cyber Security Implementation Roadmap
  • Non-binding
Commonwealth
Model Law on Computer and Computer Related Crimes
  • Three sections: definitions, offences, and procedural law
  • Offences relate to illegal access, interfering with data, interfering with a computer system, the illegal interception of data, illegal devices and child pornography using a computer system or a computer data storage medium
Commonwealth of Independent States
Agreement on Cooperation in Combating Offences related to Computer Information
  • Agreement to cooperate in order to ensure the effective prevention, detection, suppression, uncovering and investigation of offences relating to computer information
  • Parties to strive to ensure harmonization of their national legislation
Council of Europe (open for non-member States)
Convention on Cybercrime (Budapest Convention)
  • Addresses Internet and computer network-based crimes, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security.
  • Contains a series of powers and procedures such as the search of computer networks and interception.
  • Pursues a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international co-operation.
East African Community (EAC)
Draft EAC Framework for Cyberlaws
  • States committed to enacting cyberlaws effective across the region
  • Adopted by the EAC Sectoral Council of Ministers on Transport, Communications, and Meteorology
  • Non-binding
Economic Community of Central African States (ECCAS)
Declaration of Brazzaville (adoption of Model Laws in ICT and Cybersecurity)
  • Adoption of model laws on telecommunications, cyber security, and regulatory framework to govern cross-border interconnection
  • Process initiated in 2011 with workshop on harmonization of the cyber-security legal framework
  • Non-binding
Economic Community of West African States (ECOWAS)
Directive C/DIR. 1/08/11 on Fighting Cyber Crime within ECOWAS
  • Indicates offences specifically related to information and communication technologies, including fraudulent access, interference, data interception, and data modification
  • Incorporates traditional offences into information and communication technology offences
European Union
Directive on Security of Network and Information Systems (NIS Directive)

Creates a legal and organizational basis for cooperation between the Parties in the field of international information security, including in:

  • Coordinating and implementing necessary joint measures in the field of ensuring international information security
  • Creating of a system of joint monitoring and response to emerging threats in this area
  • Elaborating joint measures for the development of the provisions of the international law limiting the spread and use of information weapons threatening defense capacity, national security and public safety
Shanghai Cooperation Organisation
Agreement on Cooperation in the Field of International Information Security

Creates a legal and organizational basis for cooperation between the Parties in the field of international information security, including in:

  • Coordinating and implementing necessary joint measures in the field of ensuring international information security
  • Creating of a system of joint monitoring and response to emerging threats in this area
  • Elaborating joint measures for the development of the provisions of the international law limiting the spread and use of information weapons threatening defense capacity, national security and public safety
Southern African Development Community (SADC)
Model Laws on Cyber Security; Cybercrime, Data Protection and Electronic Transactions
  • On occasion of the SADC ICT Ministers Meeting
  • Developed in conformity with the Africa Union Commission (AUC) Draft Convention on Cyber Security
  • Non-binding
French Republic
Paris Call for Trust and Security in Cyberspace
  • The Paris Call was sent in 2018 by the French president Emmanuel Macron during the Internet Governance Forum held at UNESCO and the Paris Peace Forum
  • Is based around nine principles to secure cyberspace and adopt responsible behavior
  • Invites cyberspace actors to work together and encourage States to cooperate with private sector partners, researchers and civil society
Global Commission on the Stability of Cyberspace
  • Was established as a result of the Global Conference on Cyberspace (GCCS) held in the Netherlands in 2015 and inaugurated in 2017.
  • Aims to promote awareness and understanding among cyberspace communities working on issues related to international cybersecurity, and to support policy and norms coherence related to the security and stability in and of cyberspace.
Internet Society
IoT Security Policy Platform
  • The IoT Security Policy Platform is a collaborative body of government agencies and global organizations working together to make security a pillar of the digital future.
  • The Platform’s goal is to gather, coordinate and promote global best practices in IoT security to address key challenges to the ecosystem.
Kaspersky
Global Transparency Initiative (GTI)
  • Introduces a framework, consisting of five pillars, for greater transparency and accountability in cybersecurity as well as for managing supply chain risks.
  • The five pillars within the GTI include: (i) relocation of data processing and storage to Switzerland; (ii) a network of global Transparency Centers for external source code examination and executive briefings on the company’s data management and engineering practices; (iii) third-party independent assessments; (iv) vulnerability management program and ethical principles for responsible vulnerability disclosure; and (v) cyber capacity building program – dedicated security training for government organizations, academia and companies to help them safeguard against ICT supply chain threats.
  • Transparency centers are available for both virtual and physical access in Zurich (Switzerland), Madrid (Spain), Kuala Lumpur (Malaysia), São Paulo (Brazil) and New Brunswick (Canada).
Microsoft Corporation
Cybersecurity Tech Accord
  • Was launched at the 2018 RSA Conference with 34 technology and security companies as signatories
  • Based around principles of stronger defense against cyberattacks, a no offense stance by choosing not to help actors launch cyberattacks against innocent parties, empowerment of developers and users of their technology by helping them build capacity for protecting themselves, and the establishment of partnerships with industry, civil society, and security researchers.
Siemens
Charter of Trust
  • Siemens and eight partners from industry signed the first joint charter for greater cybersecurity at the Munich Security Conference in 2018.
  • The Charter of Trust calls for binding rules and standards to build trust in cyberspace and is based around ten principles including: ownership for cyber and IT security,  responsibility throughout the digital supply chain, security by default, user-centricity, and joint initiatives.