The Kingdom of the Netherlands’ response to the pre-draft report of the OEWG
law, complemented with the norms and recommendations in the reports from the UN GGE, provides States
with a framework for responsible behaviour in cyberspace. It is however up to States to adhere to this
framework, fulfil the obligations of this framework, and demonstrate restraint when required.
11. In this light, the Netherlands supports a technology-neutral, effects-based approach and a focus on State
behaviour, including the use of proxies, for the report of the OEWG. The report of the OEWG should
refrain from the use of the term ‘militarization of cyberspace’ because the meaning and scope of this
terminology is unclear and not supported by consensus in the OEWG.
12. The Netherlands supports the acknowledgement by the pre-draft report of the OEWG of the new and
potential severe threat to international peace and security by autonomous cyber operations initiated by
States and non-state actors. These independently operating and developing cyber operations are, once
launched, outside the control of the initiators and therefore the adherence to the framework of responsible
behaviour including international law cannot be ensured.
13. The Netherlands fully underlines the severity of threats against critical infrastructure, including the
preparatory activities of carrying cyber operations against critical infrastructure. The threat is amplified
because these days, critical infrastructure is no longer confined to the borders of States but is increasingly
becoming transnational and interdependent.
14. The Netherlands would like to suggest for the report of the OEWG to consider the threat that cyberoperations pose against the general availability or integrity of the public core of the Internet. Over the years,
cyber operations against the integrity, functioning and availability of the internet has shown to be a real and
credible threat.
15. The Netherlands would like to advice against deliberating on issues related to the content of ICT’, such
as “disinformation” in the work of this working group, as these fall outside of the scope of this working
group. The Netherlands asserts that any measure to counter “disinformation” must respect fundamental
rights, such as the right to privacy, press freedom and freedom of expression. If the Chair decides
otherwise, The Netherlands strongly suggests that the report of the OEWG stresses that all countries should
ensure that measures to counter “disinformation” are formulated in a way that respects international human
rights law and complies with the principles of legality, legitimacy, proportionality and necessity.
16. The Netherlands does not agree with the assertion that encryption is a technological trend comparable to
machine learning and quantum computing. Furthermore, The Netherlands does not agree with the
assertion that encryption amplifies vulnerabilities. Indeed the Netherlands recognizes that strong encryption
is important for cybersecurity and for respecting the right to privacy and ensures confidential
communication for the government and the private sector.
International law
17. The Netherlands is of the view that existing international law applies in its entirety. We do not
consider there to be a gap in existing international law. There is however a clear gap in the understanding of
how international law applies in cyberspace. Discussions and the recommendations of the OEWG should
therefore lead to more clarification on the application of different aspects of international law. A topical
example of a type of operation that would require further clarification from states is a cyber-operation
against the healthcare sector, and cyber enabled information operations to disrupt the lawful response in
times of urgent crisis. If states would clearly state their views on how international law applies in
cyberspace, this would enable them to assess these specific cases against a coherent legal framework and
make a balanced and informed decision as to any potential response.
18. In light of the above, the Netherlands would like to provide a number of concrete examples of the
application of international law. Malicious cyber operations targeting healthcare systems or facilities
could, depending on the specific circumstances, be qualified as a violation of international law. Equally,
cyber enabled information operations that intervene with, for example national crisis response mechanisms
during a health crisis, could, depending on the circumstances, be qualified as violation of international law.
In addition to this, during an armed conflict, cyber operations targeting healthcare facilities are prohibited
when they constitute a violation of International Humanitarian Law.
Page 2 of 6