Organised by the C4DT-EPFL, Swiss Federal Department of Foreign Affairs (FDFA) and DiploFoundation, the session brought together representatives from government, industry, and academia for an open discussion on the evolving relevance of cyber norms and the rules-based international order in safeguarding critical infrastructure. While states have endorsed norms for responsible state behaviour in cyberspace, the discussion highlighted persistent challenges in their implementation.
Serge Droz (Swiss FDFA), Roman Zhukov (RedHat), and Imad Aad (C4DT-EPFL) noted that states often lack effective mechanisms to operationalise norms and confidence-building measures (CBMs), placing disproportionate responsibility on the private sector, which owns and operates much of the infrastructure. The gap between commitments and practice—particularly evident in ongoing malicious cyber activities—raised concerns about accountability, especially in the context of armed conflict where roles can quickly shift.
The panel explored how various stakeholders interpret and apply these norms and discussed whether existing frameworks are still adequate for today’s complex and fragmented security environment.
At the same time, the session highlighted important areas of convergence and opportunity. While technical communities and open-source developers may not explicitly engage with UN cyber norms, their day-to-day priorities—security, stability, and resilience—are deeply aligned with the overarching goals of these frameworks.
The Geneva Dialogue was cited as a valuable platform for bridging this gap by translating state-led commitments into shared understanding and actionable practices across stakeholder groups. Positive remarks were made about the potential of cyber norms to support international cooperation on security, even as political, legal, and technical barriers continue to grow.
The conversation reaffirmed that while norms may originate in diplomatic forums, their effectiveness depends on broad-based engagement—from open-source communities to governments—especially as the threat landscape continues to evolve.
