现出新变化与新需求，旨在及时反映当前全球网络空间发展的新形势、新变化，应对实践层面出现的新挑战。本版文件增加了“新形势下网络主权的突出挑战”等内容，邀请多国专家参与撰写“部分国家关于网络主权的主要实践”，对百年未有之大变局加速演进，尤其是新一轮科技革命和地缘政治变革迭加影响之下网络主权内涵与外延的持续拓展进行了梳理探讨。感谢英国谢菲尔德大学教授Nicholas Tsagourias、俄罗斯圣彼得堡国际大学教授Yana Leksyutina、印度尼赫鲁大学法学院教授Swaran Singh、墨西哥阿纳瓦克大学教授Ricardo Israel Robles Pelayo、土库曼斯坦Ak Ussa咨询公司首席营销官Leonid Demidov、坦桑尼亚达累斯萨拉姆大学法学院教授James Jesse、尼日利亚伊巴丹大学副教授Ehizuelen Michael Mitchell Omoruyi等为文件撰写做出的贡献。
Sovereignty in Cyberspace: Theory and Practice(Version 4.0)
Jointly Launched by
China Institute of Contemporary International Relations
Shanghai Academy of Social Sciences
National Institute for Global Strategy, Chinese Academy of Social Sciences
University of International Business and Economics
Southwest University of Political Science & Law
Beijing Institute of Technology
China Center for Information Industry Development
Throughout the history of world civilization, the meaning of national sovereignty has changed and been enriched over time. Humanity has successively undergone agricultural, industrial, and information revolutions, which have had enormous and profound impacts on the connotation and denotation of national sovereignty. In the agricultural age, human activity was mainly confined to land, so the focus of national sovereignty was on protecting territorial integrity. In the industrial age, human activity extended from land to the sea and sky. The scope of national sovereignty expanded accordingly. Highly integrated with the physical space of human activity in the information age, cyberspace has become a new frontier for modern states and a new domain of global governance. It is from this that sovereignty in cyberspace has emerged.
Sovereign states are key actors in carrying out activities and maintaining order in cyberspace. The principle of sovereign equality enshrined in the Charter of the United Nations is a basic norm governing contemporary international relations. Covering all aspects of state-to-state relations, its principle and spirit also apply to cyberspace. In practice, all countries have extended national sovereignty to cyberspace, but different understandings exist around the ideas and practices for exercising it. To facilitate more just and equitable global Internet governance and build a community with a shared future in cyberspace, the international community should, with the common well-being of humanity in mind, follow and practice the notion of sovereignty in cyberspace in line with the principles of equal consultation and seeking common ground while setting aside differences.
The Sovereignty in Cyberspace: Theory and Practice paper series have been dedicated to building consensus and promoting practice. Compared to the previous three versions, Version 4.0 takes further steps in the theoretical exploration and practical development on the basis of the existing logical framework, and reflects new changes and new demands. It aims to promptly present the latest global developments in cyberspace, and respond to new challenges at the practical level. "Prominent challenges and solutions for sovereignty in cyberspace in the new circumstances" are newly added into the paper. Experts from multiple countries were invited to contribute under "Main practices of some countries regarding sovereignty in cyberspace". Explorations are made in the continuous expansion of the connotation and denotation of sovereignty in cyberspace amid the global transformations unseen in a century, especially the new round of technological revolution and geopolitical changes. We would like to express our thanks to Professor Nicholas Tsagourias from the University of Sheffield in the UK, Professor Yana Leksyutina from St. Petersburg State University in Russia, Professor Swaran Singh from the Law School of Jawaharlal Nehru University in India, Professor Ricardo Israel Robles Pelayo from Universidad Anáhuac México, Mr. Leonid Demidov, Chief Marketing Officer of Ak Ussa Consulting in Turkmenistan, Professor James Jesse from the Law School of the University of Dar es Salaam in Tanzania, Associate Professor Ehizuelen Michael Mitchell Omoruyi from the University of Ibadan in Nigeria, and others for their contributions to the writing of the report.
Sovereignty in cyberspace is a theoretical issue, and, more importantly, a practical one, which requires continuous study. In the principle of embracing harmony without uniformity and seeking common ground while reserving differences, we will work for peace, openness, and development of cyberspace with an open mind and a pragmatic approach.
The Concept of Sovereignty in Cyberspace
Fundamental Principles of Sovereignty in Cyberspace
Key Manifestations of Sovereignty in Cyberspace
Sovereignty in Cyberspace in Practice
Prominent Challenges and Solutions for Sovereignty in Cyberspace in the New Circumstances
Building a More Inclusive International Cooperation Framework Based on Sovereignty in Cyberspace
Respecting Sovereignty in Cyberspace and Jointly Building a Community with a Shared Future in Cyberspace
Annex: Main Practices of Some Countries Regarding Sovereigntyin Cyberspace
The Concept of Sovereignty in Cyberspace
Sovereignty in cyberspace is the extension of national sovereignty to cyberspace. It is the internal supremacy and external independence that a state enjoys, on the basis of its national sovereignty, over cyber infrastructure, entities, behavior as well as relevant data and information in its territory. Specifically speaking, it primarily includes the following rights.
Independence. A sovereign state has the right to independently choose its own path of cyber development, model of cyber governance, and Internet public policies, free from any external interference.
Equality. In line with the principle of sovereign equality enshrined in the UN Charter, a sovereign state has the right to participate in global governance in cyberspace on an equal footing and jointly formulate international rules.
·Legislative Jurisdiction. A sovereign state has the right to enact legislation to regulate cyber infrastructure, entities, behavior as well as relevant data and information in its territory, in order to protect its national security, public interests, and the legal rights and interests of its citizens, legal persons, and other organizations.
·Administrative Jurisdiction. A sovereign state has the right to administer cyber infrastructure, entities, behavior as well as relevant data and information in its territory according to law, so as to maintain good order in cyberspace.
·Judicial Jurisdiction. A sovereign state has the right to exercise judicial jurisdiction over cyber infrastructure, entities, behavior as well as relevant data and information in its territory according to law.
A sovereign state has the right to exercise, in accordance with the universally recognized principles and rules of international law, necessary and reasonable personal, protective and universal jurisdiction over specific cyber activities outside its territory that have genuine and substantial connection to the State as well as over relevant cyber facilities, entities, data and information. In order to exercise its jurisdiction, a State may seek assistance from other countries and regions in the spirit of self-restraint, comity and reciprocity.
·Cyber-defense. A sovereign state has the right to conduct capacity building on cyber security and adopt lawful and reasonable measures under the framework of the UN Charter to protect its legitimate rights and interests in cyberspace from external infringement.
Whether in the physical world or cyberspace, sovereignty incorporates both rights and obligations. The connectivity and interdependence among countries in cyberspace all the more requires countries to respect the basic norms and general principles of international law and earnestly fulfill their due obligations specified in international law while enjoying the rights derived from sovereignty in cyberspace.
Non-infringement of the sovereignty of other countries. No country shall without permission access the cyber infrastructure of another country or infringe on cyber systems within the jurisdiction of another country. No country shall engage in acts of cyber surveillance, theft or sabotage.
Non-interference in other countries’ internal affairs. No country shall interfere in other countries’ rights to survival, security and development in cyberspace, or their rights to maintain cyberspace order, security and development. No country shall support or allow separatist forces to undermine other countries' territorial integrity, national security and social stability through cyberspace.
Due diligence. No country shall knowingly allow its territory, or territory or Internet facilities, data and information under the control of its government, to be used for cyber activities undermining national security or interests of other countries.
Protection. All countries have the obligation to protect lawful rights and interests of relevant cyberspace entities within their jurisdiction. They also have the obligation to promote openness and freedom of cyberspace while ensuring order, security and development.
III. The Legal Status of Sovereignty in Cyberspace
As the extension of state sovereignty in cyberspace, sovereignty in cyberspace is also a legally binding principle and rule. States may define their sovereignty differently and may have different perceptions of the threshold for violating sovereignty in cyberspace, but these differences do not affect the legal status of sovereignty in cyberspace under international law.
If a country infringes on the internal supremacy and external independence that another country enjoys on the basis of its national sovereignty over cyber infrastructure, entities, behavior as well as relevant data and information in its territory, this will be a violation of the principle of sovereignty and will constitute a wrongful act under international law. The acts may include, among others, unauthorized penetration into the network systems in the territory or within the jurisdiction of another country, causing disruption or damage of relevant infrastructure or undermining a country’s exclusive sovereign rights both internally and externally in cyberspace. A cyber operation may simultaneously violate the principles of sovereignty, non-interference in internal affairs and the prohibition of the use of force. The application of this principle to a specific set of circumstances may require certain contextualization.
IV. Some Concepts Related to Sovereignty in Cyberspace
In view of the diverse application scenarios and domains of the principle of sovereignty in cyberspace, the concepts of "information sovereignty", "technological sovereignty", "data sovereignty" and "digital sovereignty" have been put forward by various parties in the international community in recent years.
"Information sovereignty" that focuses on content management. Information can be divided into broad and narrow senses. The former covers technology and content, as is meant by "information security" proposed by Russia. However, "information sovereignty" is more narrowly defined among the academic community. It mainly refers to the information content produced and disseminated by using information and communication technologies and network. The main goal of upholding "information sovereignty" is to ensure effective governance and regulation of information content.
"Technological sovereignty" that focuses on capabilities in developing home-grown technologies in key areas. In February 2020, the European Commission released three important strategic documents: Shaping Europe's Digital Future, the White Paper on Artificial Intelligence and the European Data Strategy. According to Ms. Ursula von der Leyen, President of European Commission, this was aimed at regaining "technological sovereignty" and strengthening EU's ownership in the development and standard setting of cutting-edge technologies and applications such as artificial intelligence, big data and 5G.
"Data sovereignty" that places importance on the strategic value of data. In the era of big data, the strategic value of data has drawn unprecedented attention. Relevant countries are working to improve data governance in an effort to balance security and development. For example, in 2020 the European Commission issued A European Strategy for Data and the Data Governance Act.
"Digital sovereignty" aimed at enhancing "strategic autonomy". In the Digital Sovereignty for Europe released by the European Parliament in July 2020, "digital sovereignty" was defined as "Europe's ability to act independently in the digital world and should be understood in terms of both protective mechanisms and offensive tools to foster digital innovation (including in cooperation with non-EU companies)". The notion was put forward by the EU to maintain its independence, competitiveness and leadership in the face of competition in the digital world, emphasizing the ability of states to lead their own digital development.
The above concepts may differ in their goals or emphasis, but they are interrelated in nature. Relevant practices and explorations have substantiated the connotation and extension of sovereignty in cyberspace.
Fundamental Principles of Sovereignty in Cyberspace
Sovereign equality as set forth in the UN Charter is the primary principle that all states should follow in the exercise of their sovereignty in cyberspace. All sovereign states, regardless of size, wealth, or strength, are equal before the law and have the right to participate on an equal footing in international cyberspace affairs. Each state should be treated equally, and each state is also obligated to treat others as equals.
All states should uphold the principles of fairness and justice in cyberspace and facilitate a more just and equitable global Internet governance system that reflects the wishes and interests of the majority of countries, protects the legitimate rights and interests of developing countries, and ensures the people of countries around the world get to decide on the development of cyberspace. States should not abuse their superiority in Internet facility, technology, system and data to interfere in other countries' exercise of sovereignty in cyberspace or promote unjust acts such as cyber hegemony or isolation.
Cyberspace is global in nature. It is difficult for any state to achieve effective governance in cyberspace solely through its own efforts. In line with the principle of cooperation in good faith contained in the UN Charter, states should respect others as subjects of international law, follow the principle of extensive consultation, joint contribution and shared benefits, support multilateral and multi-party participation, and build a holistic governance system across multiple fields and levels to ensure the security and development of cyberspace.
In an interconnected cyberspace, the interests of all countries are deeply intertwined. All countries should act in conformity with the purposes and principles enshrined in the UN Charter, use the Internet for peaceful purposes, and settle cyber disputes by peaceful means. They should take effective measures to guard against the use of information and communications technology (ICT) to engage in activities that undermine peace, prevent an arms race in cyberspace, and prevent and fight cyberterrorism to maintain peace and security in cyberspace.
V. Rule of Law
All states should make steady progress in domestic legislation and advance the rule of law in global governance in cyberspace, uphold the authority of international law, and oppose double standards. In the exercise of sovereignty in cyberspace domestically, states should protect the legal rights of their citizens, legal persons, and other organizations in cyberspace, and internationally, states should respect the sovereignty of others in cyberspace, and observe international law. ; states shall not use the Internet to interfere in the internal affairs of other countries or engage in, encourage, or support cyber activities that endanger the national security of other countries.
Key Manifestations of Sovereignty in Cyberspace
Based on the architecture of cyberspace, sovereignty in cyberspace can be divided into four layers, namely physical infrastructure layer, logic layer, application layer and social layer. Each of these layers is a manifestation of national sovereignty.
I. Manifestation of Sovereign in the Physical Infrastructure Layer
A sovereign state has jurisdiction over the physical infrastructure and basic telecommunications services within its territory. In some circumstances, a state may also be entitled to take necessary measures to maintain the security of the physical infrastructure according to national law and in conformity with international law. A sovereign state participates in the management of and international cooperation on the global cyber infrastructure.
II. Manifestation of Sovereignty in the Logical Layer
A sovereign state can independently enact or adopt the relevant technical regulations or standards on the premise of not violating their obligations under international law, while maintaining the compatibility of the Internet.
III. Manifestation of Sovereignty in the Application Layer
A sovereign state may exercise its jurisdiction over the development and operation of software, protects lawful data and information, especially those related to national security, from theft or destruction in accordance with national and international law. The state can regulate the dissemination of online content stored in its territory, and restricts the dissemination of information that infringes upon public interests. A sovereign state prohibits overseas organizations from fabricating and distorting facts and disseminating online information content in its territory that seriously damages its national security and public interests. A sovereign state participates in international coordination and cooperation on cross-border data flow and information governance.
IV. Manifestation of Sovereignty in the Social Layer
A sovereign state can exercise jurisdiction over its Internet users and platforms, provide proper guidance to cyber entities and foster a social environment suitable for the development of cyberspace.; upholds its independent Internet governance system and participates in international cooperation on improving the Internet governance model on an equal footing. A state has the right to take an equal part in the development of the global digital economy.
The above reflects the systemic nature and integrity of sovereign activities in cyberspace. Respect for sovereignty in cyberspace promotes orderly cooperation, harmony and stability in cyberspace and its sustainable development. At the same time, when exercising sovereignty in cyberspace, a country should adhere to universally recognized principles and rules of international law, respect the interconnected and interactive nature of cyberspace, and avoid fragmentation of the Internet. A state should not politicize cyber security issues in the name of exercising sovereignty in cyberspace, violate international economic and trade rules or market rules, interfere with normal cooperation in cyber infrastructure and service projects, and impose isolation or repression on other states in cyberspace. A state should not use its technological, economic and political power to unfairly allocate or block important network resources or endanger the security of the global supply chain.
Sovereignty in Cyberspace in Practice
I. A number of important international documents affirmed the application of the principle of state sovereignty to cyberspace.
The Declaration of Principles adopted at the World Summit on the Information Society in 2003 stated that “policy authority for Internet-related public policy issues is the sovereign right of States”. The Tunis Agenda for the Information Society adopted at the 2005 WSIS highlighted the key roles and responsibilities of national governments in the summit process.
In 2011 and 2015, the International Code of Conduct for Information Security put forward by China, Russia and other countries reaffirmed that “policy authority for Internet-related public policy issues is the sovereign right of States”.
The reports of the UN Group of Governmental Experts (UN GGE) in 2013, 2015 and 2021 stressed that “state sovereignty and international norms and principles that flow from sovereignty apply to State conduct of ICT-related activities”, emphasized “the principle of sovereignty as the basis for increased security in the use of ICTs by States” and the centrality of “international cooperation, dialogue, and due regard for the sovereignty of all States".
The Leaders Communiqué of G20 Antalya Summit in 2015 affirmed that “international law, and in particular the UN Charter, is applicable to state conduct in the use of ICTs and commit ourselves to the view that all states should abide by norms of responsible state behavior in the use of ICTs”.
The Goa Declaration at 2016 BRICS Summit reiterated that “the use and development of ICTs through international and regional cooperation and on the basis of universally accepted norms and principles of international law, including the Charter of the UN in particular political independence, territorial integrity and sovereign equality of States, the settlement of disputes by peaceful means, non-interference in internal affairs of other States as well as respect for human rights and fundamental freedoms, including the right to privacy; are of paramount importance in order to ensure a peaceful, secure and open and cooperative use of ICTs”.
In 2019, the World Internet Conference released the concept document entitled Jointly Build a Community with a Shared Future in Cyberspace, stressing that "Sovereignty in cyberspace is a natural extension of the national sovereignty in cyberspace. We should respect the right of each country to independently choose its own development path and governance model, and to participate in global governance in cyberspace on an equal footing."
The China-ASEAN Initiative on Establishing a Digital Economy Partnership issued in 2020 emphasized "respect for sovereignty in cyberspace on the basis of respecting laws and Internet policies of individual countries,” and“building a global community with a shared future in cyberspace in a multilateral, democratic and transparent way".
In 2020, the World Internet Conference released the Initiative on Jointly Building a Community with a Shared Future in Cyberspace, reaffirming the importance of respecting sovereignty in cyberspace.
The China-Africa Internet Development and Cooperation Forum in 2021 launched the Initiative on China-Africa Jointly Building a Community with a Shared Future in Cyberspace, which stated that “On the basis of respecting sovereignty in cyberspace and Internet policies of individual countries, we should explore acceptable means of expanding Internet access and connection, and deliver development opportunities brought by the Internet to more developing countries and peoples.”
In the Samarkand Declaration and the New Delhi Declaration adopted by the Shanghai Cooperation Organization in 2022 and 2023 respectively, “Member States emphasize a key role of the UN in countering threats in the information space, creating a safe, fair and open information space built on the principles of respect for state sovereignty and non-interference in the internal affairs of other countries. They consider it important to ensure equal rights for all countries to regulate the Internet and sovereign right of states to manage it in their national segment”.
II. Relevant states have affirmed the application of the principle of state sovereignty to cyberspace in their position papers.
In recent years, some countries have issued position papers on the application of international law in cyberspace, stating their positions and propositions on the application of the principle of national sovereignty in cyberspace.
In confirming the applicability of state sovereignty to cyberspace, New Zealand released in 2020 the Application of International Law to State Activity in Cyberspace which said that it "considers that the standalone rule of territorial sovereignty also applies in the cyber context". In the same year, the International Law and Cyberspace: Finland’s National Positions also stated that “Finland sees sovereignty as a primary rule of international law” and that “this rule is fully applicable in cyberspace”. The Declaration of General Staff of the Armed Forces of the Islamic Republic of Iran Regarding International Law Applicable to the Cyberspace issued in 2020 maintains that "the territorial sovereignty and jurisdiction of the states are also extended to all elements of the cyberspace". The Republic of Poland’s Position on the Application of International Law in Cyberspace issued in 2022 also advocates that "the principle of sovereignty applies to cyberspace."
In confirming sovereignty in cyberspace as a binding rule in international law, the document entitled International Law in Cyberspace issued by the Netherlands in 2019 said that sovereignty constitutes an independent and binding rule in international law and that "States have an obligation to respect the sovereignty of other states and to refrain from activities that constitute a violation of other countries’ sovereignty." In its document On the Application of International Law in Cyberspace issued in 2021, Germany clearly states that "Germany agrees with the view that cyber operations attributable to States which violate the sovereignty of another State are contrary to international law. In this regard, State sovereignty constitutes a legal norm in its own right." In the same year, Norway and Italy expressed in their position papers that sovereignty is not only a principle but also "a primary rule of international law that is applicable in cyberspace". In 2021, China advocated in its position paper submitted to the United Nations Open-ended Working Group on security of and in the use of information and communication technologies 2021-2025 that "State sovereignty in cyberspace is a legally binding principle under international law".
In determining what constitutes an infringement of a state's sovereignty in cyberspace, according to the French document entitled International Law Applied to Operations in Cyberspace released in 2019, “Any authorized penetration by a State of French systems or any production of effects on French territory via a digital vector may constitute, at the least, a breach of sovereignty." Iran stressed in its Declaration of General Staff of the Armed Forces of the Islamic Republic of Iran Regarding International Law Applicable to the Cyberspace issued in 2020 that "Any utilization of cyberspace if and when involves unlawful intrusion to the (public or private) cyber structures which is under the control of another state, maybe constituted as the violation of the sovereignty of the targeted state." In addition, the National Security Strategy of the Russian Federation adopted in 2021 states that "The use of information and communications technology is expanding. The use of communication technologies to interfere in the internal affairs of states, undermine their sovereignty, and violate their territorial integrity, is posing a threat to international peace and security." In the same year, Norway declared in its position paper: "Causing physical damage by cyber means on another State’s territory may easily qualify as a violation of territorial sovereignty...In addition to physical damage, causing cyber infrastructure to lose functionality may also be taken into consideration and may amount to a violation...Similarly, a cyber operation that interferes with or usurps the inherently governmental functions of another State may constitute a violation of sovereignty". Brazil stated in its position paper that "Interceptions of telecommunications, for instance, whether or not they are considered to have crossed the threshold of an intervention in the internal affairs of another State, would nevertheless be considered an internationally wrongful act because they violate state sovereignty. Similarly, cyber operations against information systems located in another State’s territory or causing extraterritorial effects might also constitute a breach of sovereignty".
III. States affirm the exercise of their sovereignty in cyberspace through legislative, administrative and judicial means.
With regards to advocating and practicing principle of sovereignty in cyberspace, China stated at the 2nd World Internet Conference that respecting sovereignty in cyberspace is an important principle in the reform of the global Internet governance system. In the Law on Cybersecurity adopted in 2016, China embraces “safeguarding national sovereignty in cyberspace” as a fundamental purpose of cyberspace legislation. The National Cyberspace Security Strategy released in 2016 stresses that “national sovereignty extends to cyberspace” and upholds sovereignty in cyberspace as an important part of national sovereignty. The Strategy on International Cooperation in Cyberspace released in 2017 places the principle of national sovereignty on the list of the basic principles for international cooperation in cyberspace and regards “safeguarding national sovereignty and security” as the primary strategic goal of engaging in such cooperation. The Data Security Law adopted in 2021 states that "safeguarding national sovereignty, security, and development interests" is one of the primary objectives of the legislation. China has also made it clear that national sovereignty applies to cyberspace in the UN Group of Government Experts and the Open-Ended Working Group (OEWG), the Asian-African Legal Consultative Organization and in other multilateral fora.
As far as exploring the Internet development path and cyber administration models is concerned, The Law on Cybersecurity of Vietnam in 2018 makes it clear that “mutual respect for independence, sovereignty and territorial integrity, mutual non-interference in internal affairs, equality and mutual benefit” form the basic principles of cybersecurity cooperation. It provides a detailed list of acts that are prohibited in cyberspace such as distorting historical facts, undermining ethnic unity, offending religious belief and other acts that violate national sovereignty, interests and security. The European Union put forward “technological sovereignty” in February 2020 in a bid to reinforce its control and dominance in technologies, rules and values in cyberspace.
As for protecting domestic network from threats, disruptions, attacks and sabotage, Russia adopted the Stable Runet Act in May 2019 to ensure independence and reliability of its own Internet resources so that it can still function properly when it is unable to connect to servers outside the country. In 2021, Pakistan introduced its inaugural National Cybersecurity Policy which confirms that a cyber-attack on its key information infrastructure will be “regarded as an act of aggression against national sovereignty and [Pakistan] will defend itself with appropriate response measures”.
In regard to protecting the rights and interests of citizens in cyberspace and the development of the digital economy, the EU adopted the General Data Protection Regulation in May 2018 to put cross-border flow of personal data under strict control, and expands the confines of sovereignty through extra-territorial jurisdiction over processing of personal data. In 2021, the EU issued the 2030 Digital Compass: The European Way for the Digital Decade, with the aim of guiding the EU in building a sustainable digital society and enhancing the EU's digital sovereignty, ensuring that the EU becomes one of the most advanced regions in the digital economy worldwide. In 2021, France published its National Cybersecurity Strategy, outlining its goal to develop the technological capability, so as to protect sovereignty in cyberspace and foster the growth of the cybersecurity industry within the next five years.
Prominent Challenges and Solutions for Sovereignty in Cyberspace in the New Circumstances
The world today is experiencing historic changes in a way never seen before. The new round of technological revolution and industrial transformation, represented by big data and artificial intelligence, is reaching greater depths. The international balance of power is undergoing profound adjustments. A small number of countries are creating "exclusive circles" and engaging in "decoupling" in an attempt to sow division and confrontation in cyberspace. They are developing offensive cyber military capabilities, spreading offensive cyber technologies, and openly conducting offensive cyber operations against other countries. They have even listed critical infrastructure as targets for wartime cyber attacks. The sovereignty, security, and development interests of countries in cyberspace are facing unprecedented challenges.
I. Artificial Intelligence
In recent years, significant breakthroughs have been made in artificial intelligence (AI) technology which has been widely applied in various fields such as industry, healthcare, transportation, and information content. It has brought tremendous opportunities for humanity but has also posed new challenges to sovereignty in cyberspace. Misuse and abuse of AI technology will lead to the widespread dissemination of misinformation, which constitutes an infringement upon the legal rights of citizens and challenges to countries in maintaining public order. Inconsistent technical standards and regulatory policies on AI among countries can create trade barriers for AI products and services, hindering cooperation in digital economic development among nations.
The development and use of AI have international implications and bear on the future of humanity. Countries should adhere to the principles of people-centeredness and "technology for social good" and promote the establishment of universally inclusive international mechanisms. This will help shape a governance framework and set standards and norms based on broad consensus to ensure the safety, reliability, controllability, and fairness of AI, so that it will empower global sustainable development and enhance the collective well-being of humankind. Countries should strengthen information exchange and technological cooperation based on respect for national sovereignty, promote the peaceful use of AI, jointly address the risks and challenges it poses, and collectively oppose any act of using AI to undermine the sovereignty and security of other countries.
II. Data Governance
Data governance bears on national security, economic security, social stability, and the protection of individual rights. A very few countries, leveraging their technological advantages, have committed acts that harm the cybersecurity and national security of other countries and exacerbate the confrontation in cyberspace through the means of data. A very few countries also use "long-arm jurisdiction" at their own will and engage in cross-border data surveillance, seriously infringing upon the sovereignty in cyberspace of other nations. The abuse of technological monopolies and unilateral coercive measures undermines the fairness, effectiveness, and inclusiveness of global digital development, restricts the digital development rights of developing countries, and weakens their ability to exercise and protect sovereignty in cyberspace.
In the face of these challenges, countries should respect sovereignty in cyberspace, respect the jurisdictional and administrative rights of other countries, and refrain from directly accessing data from businesses or individuals located in other countries without legal permission. Countries should respect the right of each country to choose its own path of data governance based on its national circumstances, and reject acts of using information technology to undermine the critical infrastructure or steal important data of other countries, as well as acts of using it to harm the national security and public interests of other countries. Countries should approach data security issues comprehensively, objectively, and impartially based on facts, and promote the lawful, orderly, and free flow of data. Countries should enhance cooperation on data security, promote the transfer of digital technology and capacity building, bridge the digital divide, and support capacity-building assistance to developing countries. The international community should, under the leadership of the United Nations, develop common rules that are universally accepted and globally interoperable, and prevent division or fragmentation of global rules on data governance.
III. Satellite Internet
Satellite internet tightly connects the two frontiers of human activities - outer space and cyberspace, and poses new challenges to sovereignty in cyberspace. These include, among others, fair and reasonable allocation of radio frequencies and satellite orbital resources, the possibility of satellite internet bypassing ground-based national regulations and posing challenges to the exercise of sovereignty in cyberspace by other countries, illegal intrusions into network systems that may lead to the manipulation, loss of functionality, or destruction of satellites, which affect security in outer space, as well as damage to satellites which may disrupt satellite-based network systems and affect security in cyberspace.
Countries should adhere to the principle of peaceful use of outer space and the principles established in the International Telecommunication Union (ITU) Constitution for the rational, efficient, economical, and equitable use of radio frequencies and satellite orbital resources. Globally recognized norms should be formed on the construction, operation, and regulation of satellite internet based on respect for national sovereignty, equal participation, and full consultation. Countries should enhance international cooperation, improve crisis management and comprehensive governance in outer space, ensure the long-term sustainable development of outer space, and safeguard national sovereignty and security in cyberspace.
IV. "Long-arm Jurisdiction"
In recent years, "long-arm jurisdiction" has been extended to cyberspace, posing a significant challenge to sovereignty in cyberspace. The exercise of "long-arm jurisdiction" by one country often conflicts with the territorial or personal jurisdiction of other countries. In cyberspace, the frequent exercise of "long-arm jurisdiction" by a very few countries has constituted a form of cyber hegemony, which easily threatens the sovereignty in cyberspace of other countries. The abuse of "long-arm jurisdiction" violates the principle of sovereign equality under international law, threatens the security and stability of cyberspace, and disrupts the normal order of international trade and digital economic cooperation.
Countries should adhere to the purposes and principles of the United Nations Charter, especially the principle of sovereign equality, and resist the abusive behavior of "long-arm jurisdiction" by a very few countries. Countries should uphold the vision of a community with a shared future in cyberspace and strengthen international coordination on jurisdiction in cyberspace. A very few countries should abandon the practice of "long-arm jurisdiction" and fulfill their international responsibilities of non-infringement of other countries' sovereignty and non-interference in their internal affairs.
A very few countries are pushing for "decoupling" in the fields of economy, trade, and technology and using various means to coerce or even force relevant countries to take sides, which has disrupted market rules and the international economic and trade order, and had a negative impact on the stability of global industrial and supply chains as well as the development of the world economy. Such an act infringes upon the autonomy of other countries in areas such as industrial development and technological cooperation, undermines the principle of sovereign equality stipulated in the United Nations Charter, intensifies conflicts in cyberspace, and poses a serious threat to peace, development and cooperation in cyberspace.
Countries should adhere to the philosophy of win-win cooperation, openness, and inclusiveness, and firmly oppose various acts of "decoupling". Countries should build consensus on the harms that "decoupling" does to global public interests through extensive discussions, advocate for policy environments conducive to industrial and market development, and give more play to the role of the industrial sector, so as to build supply chains that meet the practical needs of industrial development. Countries should encourage multi-party cooperation between businesses, universities, and research institutes, and explore multiple channels to mitigate or offset the negative impact of "decoupling".
Building a More Inclusive International Cooperation Framework Based on Sovereignty in Cyberspace
Respect for sovereignty in cyberspace means respect for the purposes and principles enshrined in the UN Charter in cyberspace. It is the basis and the prerequisite for upholding peace and security in cyberspace and a necessary means to ensure strategic stability in cyberspace. Advocating and practicing sovereignty in cyberspace does not mean that countries can do as they wish in cyberspace or pursue a beggar-thy-neighbor policy. The establishment of a more inclusive international cooperation framework based on sovereignty in cyberspace aims to balance the relationship between sovereign rights and obligations of all states on the basis of respecting their sovereignty. It helps all parties enjoy the benefits of the digital era and promotes peace, security and development of cyberspace.
First, it is important to coordinate different perceptions of sovereignty in cyberspace, and on this basis promote and consolidate international consensus on sovereignty in cyberspace. The difference among states in exercising sovereignty in cyberspace will remain for a long time, but the application of the principle of state sovereignty in cyberspace has been confirmed by many important international documents. Countries should remove prejudice, recognize the fact that cyberspace is a world of shared interests, and uphold the international system with the UN at its core and the international order based on international law. Countries should recognize that sovereignty in cyberspace is an undeniable reality, seek common ground while shelving differences, respect and understand each other, actively interact, and avoid mutual constraints. Countries should encourage multilateral, bilateral and multi-party cooperation and dialogue at global and regional levels, jointly build international consensus on sovereignty in cyberspace, enhance mutual trust in cyberspace, and jointly promote the realization of the common values of peace, development, equity, justice, democracy, and freedom for humanity.
Second, based on the principle of sovereignty in cyberspace, international rules and systems conducive to inclusive cooperation should be established. Mechanisms within and among countries should be endorsed or established as an institutional guarantee for international cooperation. Countries should not only improve their domestic systems, but also enhance international coordination and actively participate in global institutional building on cyberspace. With the UN as the main channel and based on the purposes and principles of the UN Charter, countries should support the UN in playing a core role in global cyberspace governance, and work together to build systems and norms such as a security mechanism to protect the cyber infrastructure and the legal rights of entities, a cooperative mechanism on exchange and sharing of data information and digital technology, a risk prevention mechanism against malicious activities in cyberspace, a mechanism to crack down on cybercrimes, and a consultation and mediation mechanism on settling disputes in cyberspace. All countries should, in the spirit of honesty and goodwill, do their best to establish effective international rules and systems to govern cyberspace. Countries should ensure the equal realization of sovereign rights in cyberspace and universal compliance with international law obligations in cyberspace. States should promote cooperation in cyberspace for the benefit of mankind. They should prevent hegemonism, zero-sum thinking, and Cold War mentality from adversely affecting peace and development in cyberspace.
Third, states should promote joint development and cooperation of countries on sovereignty in cyberspace with concrete actions. Sovereignty in cyberspace exists in the community with a shared future in cyberspace. To effectively protect sovereignty in cyberspace, the international community needs to:
Achieving shared development. Countries should adopt more proactive, inclusive and coordinated policies that benefit all, speed up global information infrastructure construction, promote innovative development of the digital economy and enhance public service capacity.
Jointly pushing for development. Countries should adopt more active, inclusive and coordinated policies that benefit all for faster global information infrastructure construction, innovation in digital economy, and higher level of public services;
Jointly safeguarding cybersecurity. Countries should advocate the notion of cybersecurity based on openness and cooperation, attach equal importance to security and development, take an active part in the UN cyberspace security process, and work together to uphold peace and security in cyberspace;
Jointly participating in cyberspace governance. Countries should uphold multilateral and multi-stakeholder governance, strengthen dialogue and consultation, and build a more just and equitable global Internet governance system;
Sharing the benefits. Countries should develop science and technology that are human-centered for the greater good, in order to narrow the digital divide and achieve common prosperity. Countries should jointly promote "goodwill cooperation" on sovereignty in cyberspace with joint efforts and concrete actions, so as to ensure joint governance, win-win development and shared benefits in cyberspace.
Respecting Sovereignty in Cyberspace and Jointly Building a Community with a Shared Future in Cyberspace
The principle of sovereignty in cyberspace comes first in President Xi Jinping's "Four Principles" for promoting the reform of the global internet governance system and his "Five Proposals" on building a community with a shared future in cyberspace. Advocating and practicing sovereignty in cyberspace does not mean sealing off the cyberspace or breaking it up. Instead, it means facilitating a just and equitable international cyberspace order that respects national sovereignty and building a community with a shared future in cyberspace. The latter is the driving force and long-term goal for safeguarding sovereignty in cyberspace. Building cyberspace into a community of common development, security, responsibility and interests that benefit all humanity must be achieved on the basis of respecting the sovereignty of all countries.
In building a community with a shared future in cyberspace, countries must adhere to the principle of sovereignty in cyberspace. Building a community with a shared future in cyberspace requires the concerted efforts of all countries to address risks and challenges. Clearly defined national sovereignty in cyberspace and respect for it is essential for jointly building a community of shared future in cyberspace. Only when countries are assured that they have independent rights in choosing their own cyberspace development paths, governance models, and public policies, have equal rights in participating in the rule setting for international cyberspace governance, have jurisdiction over their own cyberspace through legislative, administrative, and legal means, and enjoy right of defense against external risks and infringements in cyberspace, can there be an effective dialogue and consultation mechanism among countries through exchange and cooperation on an equal footing, which serves a community with a shared future in cyberspace.
Sovereignty in cyberspace needs to be better secured and protected through building a community of shared future in cyberspace. The rapid development of the Internet has created unprecedented opportunities for the progress of human civilization, yet problems such as unbalanced development and flaws in rules and order have become more prominent. Hegemonism, power politics, protectionism, and unilateralism persist in cyberspace. Infringement on privacy and intellectual property rights, dissemination of false information, online fraud, cyber terrorism, and other illegal and criminal activities have become a global scourge. In cyberspace, countries have enormous shared interests. Effective responses to threats to security and development in this domain count on the cooperation and coordination of all countries. Building a community with a shared future in cyberspace can effectively safeguard the sovereignty of all countries in cyberspace.
However, as national interests are not the same and are sometimes even conflicting with one another, it is not always easy to strike a balance between safeguarding national interests and providing international public goods. Rising geopolitical tensions in the context of emerging issues concerning cross-border data flow, disinformation and supply chain security, etc. have made it difficult to push for progress in negotiations on international rules and norms. To identify the converging interests among all countries, it is imperative to follow the principles of respecting sovereignty in cyberspace, maintaining peace and security, promoting openness and cooperation, and building a sound order.
Human society once again stands at a historic crossroads, where countries are facing unprecedented challenges to their sovereignty, security, and development interests in cyberspace. The practice of sovereignty in cyberspace knows no bounds, and so does theoretical innovation. This reveals the long-term and arduous nature of building a community with a shared future in cyberspace. We call on all countries to jointly commit to maintaining global internet interconnectivity, uphold and develop the principle of sovereignty in cyberspace through international cooperation and exchanges in cyberspace, promote high-quality development of the digital economy, realize high-level network security, advance high-standard opening up in the digital domain, and foster an inclusive and symbiotic digital civilization. We call on the international community to work together under the UN framework and uphold the principles of engaging in discussions as equals, seeking common ground while shelving differences, and pursuing mutual benefits. We call on all countries to strengthen communication, coordinate positions, and on the basis of respecting and upholding sovereignty in cyberspace, formulate universally acceptable international rules and codes of conduct for cyberspace, broaden consensus, and contribute wisdom and strength for building a peaceful, secure, open, cooperative, and orderly cyberspace.
Main Practices of Some Countries Regarding Sovereignty in Cyberspace
In recent years, an increasing number of countries, especially developing countries, have embraced and actively practiced the principle of sovereignty in cyberspace in their effort to safeguard national interests, ensure national security, enhance the well-being of their citizens, promote international cooperation, and jointly build a community with a shared future in cyberspace. These practices fully demonstrate the theoretical value and practical significance of the principle of sovereignty in cyberspace.
In recent years, the Chinese government has successively introduced a series of policies and regulations to firmly uphold its sovereignty in cyberspace, further improving the regulatory framework centered around laws such as the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law. China has also issued or revised laws, regulations, and rules, including the Export Control Law (2020), the Regulations on the Security Protection of Critical Information Infrastructure (2021), the Measures for Cybersecurity Review (2022), the Measures for Data Security Assessment for Cross-Border Transfer (2022), and the Measures for Standard Contracts for the Cross-Border Transfer of Personal Information (2023). These laws and regulations have helped safeguard national sovereignty in cyberspace from various aspects such as controlling the export of network technologies, protecting critical information infrastructure, maintaining cybersecurity, and ensuring the security of data and personal information during cross-border transfers.
In practicing the concept of sovereignty in cyberspace, China has taken the following actions. First, it continues to advocate the concept of sovereignty in cyberspace in the international community. In 2021, China submitted the position paper on international rules for cyberspace and the position paper on sovereignty in cyberspace to the United Nations Open-ended Working Group on Information Security, affirming that "the principle of national sovereignty should be applicable to cyberspace" and elaborating on the meaning of sovereignty in cyberspace from the perspectives of both rights and obligations. Second, China actively practices the concept of sovereignty in cyberspace in international cooperation in cyberspace. It has issued initiatives such as the Global Data Security Initiative (2020), the China-ASEAN Initiative on Building a Digital Economy Partnership (2020), and the China-Africa Initiative on Building a Community with a Shared Future in Cyberspace (2021). In 2022, China published a white paper titled Building a Community with a Shared Future in Cyberspace, pledging to jointly safeguard cybersecurity and promote digital development on the basis of mutual respect for sovereignty in cyberspace. In the Joint Statement on Deepening the Comprehensive Strategic Partnership of Coordination between China and Russia (2023), both countries proposed the building of a multilateral, fair, and transparent global internet governance system under the premise of ensuring the national sovereignty on internet governance and security of all countries. Third, building upon the World Internet Conference held for consecutive years, China established the International Organization of the World Internet Conference in 2022 to better support equal participation of all countries in international cyberspace governance, and further safeguard their own sovereignty in cyberspace and development interests, in an effort to jointly build a community with a shared future in cyberspace.
Russia proposes such terms as “information sovereignty”, “digital sovereignty”, and “technological sovereignty in the ICT” to accentuate the importance of ensuring control not only over technical infrastructure, but also over the cross-border flow of information. At the national level, Russia has issued two strategic planning documents that are directly related to ensuring information security: The Doctrine of Information Security of the Russian Federation, approved in 2016, and the Basic Principles of State Policy on International Information Security, issued in 2021. They use similar terms like "information sovereignty/information space sovereignty" and "information and communication technology sovereignty."
In November 2019, Russia enforced the Stable Runet Law, also known as the Federal Law No. 90-FZ of May 1, 2019 on Amending the Federal Law on Communications and the Federal Law on Information, Information Technologies and Protection of Information. It formed the legal basis for the centralized Internet management system within the state borders by the state authority. It authorized the compulsory installation of technical equipment for counteracting threats; centralized management of telecommunication networks in case of a threat and a control mechanism for connection lines crossing the border of Russia; and the implementation of a Russian national Domain Name System.
In 2022, Russia initiated the update of its policy in the field of information sovereignty. For example, the activities of a number of Western IT platforms were banned in Russia, which was a step towards strengthening information sovereignty.
The pandemic years have seen increasing digitization of all Indian sectors — education, healthcare, agriculture, research, government, workplaces, and marketplaces. This has enhanced the national consciousness about sovereignty in cyberspace. Prime Minister Modi’s missions of “smart cities” or “Digital India” can be seen as examples of protecting citizens through sovereignty in cyberspace.
In 2000, India first enacted a comprehensive Information Technology Act which was substantially amended in 2008. It creates an enabling environment for the commercial use of cyberspace. To address issues relating to data security, India’s Personal Data Protection Bill of 2019, for instance, propagates data localization and private cyber firms’ obligation to share data with investigating agencies. Moreover, although India’s Information Technology Act of 2000 stipulates exercising jurisdiction beyond India’s territorial borders, yet this has rarely been put into practice owing to serious difficulties in cooperation with foreign law enforcement agencies and incompatible legal regimes.
As debates on sovereignty in cyberspace remain yet work-in-progress, India’s much anticipated Cybersecurity Strategy 2023 — which is expected to be released this year — should bring further clarity on India’s narratives, policy, legal frames, and practices of sovereignty in cyberspace.
The National Cybersecurity Policy in Mexico is a set of guidelines and strategies designed to ensure the security and protection of the country's critical infrastructure, information, and information systems. In 2017, Mexico launched its first cybersecurity framework called the National Cybersecurity Strategy (NCS) which was developed by the federal government and the National Security Agency of Mexico (CISEN). The NCS has eight cross-cutting pillars to strengthen cybersecurity actions applicable in the social, economic, and political spheres. Moreover, the NCS lists five strategic objectives, among which "National Security" stands out, consisting of "Develop capacities to prevent risks and threats in cyberspace that may alter national sovereignty, integrity, independence, and impact development and national interests”.
Mexico does not have a specific law that regulates the sovereignty in cyberspace. However, there are some provisions and laws in place that seek to regulate aspects related to online security and privacy. For example, the Federal Law on Protection of Personal Data Held by Private Parties establishes the obligations and rights of holders of personal data and those responsible for its treatment, including data that is collected and processed online. The Federal Telecommunications and Broadcasting Law establishes the basis for regulating access to the Internet, network neutrality, and the protection of user rights online, among other aspects. The Federal Penal Code establishes sanctions for crimes committed online such as illicit access to computer systems and networks, interference in computer systems, and the dissemination of computer viruses.
Turkmenistan upholds its rights to independently choose its own path of cyber development, model of cyber governance, and internet policies free from any external interference. In November 2018, Turkmenistan adopted the Concept for the Development of the Digital Economy in 2019-2025, and the main purpose of this document is to modernize state governance, improve administrative functionality, and diversify the engines of economic development of Turkmenistan. In September 2019, Turkmenistan established the Cybersecurity Service (SCS). In February 2021, Turkmenistan adopted the State Program on the Development of the Digital Economy of Turkmenistan for 2021–2025. Turkmenistan has also approved the State Cybersecurity Program for 2022-2025.
Turkmenistan holds the view that every country preserves the right to choose its own path of cyber development independently, emphasizing that the model of its cyber governance and internet policies should be free from any external interference. It advocates respect for other countries’ sovereignty and continues to practice global governance in cyberspace on an equal footing in an international arena. Turkmenistan welcomes cooperation in monitoring emerging threats in the field of international information security and responding to them.
Sovereignty in cyberspace and security are important areas of cyberspace governance in Tanzania. Tanzania considers information and communication technology a crucial driver of economic development and seeks to safeguard cybersecurity through the advancement of critical infrastructure. In 2022, Tanzania decided to launch the Digital Tanzania Project with a planned investment of $150 million to accelerate the development of the digital economy through the improvement of legal frameworks, the training of digital economy experts, and the construction of a national data center.
Legislation plays an important role in strengthening internet management and protecting sovereignty in cyberspace in Tanzania. Various laws have been enacted, including the Tanzania Intelligence and Security Service (Amendment) Act, the Personal Data Protection Act, and the Cybercrime Act. The Electronic Transactions Act adopted in 2015, provides detailed provisions on the authentication procedures and usage of electronic signatures, offering legal recognition and protection for online transactions. The Data Security and Cybercrime Prevention Program was implemented in 2017, setting standards and requirements for data protection in various industries. In the same year, the e-government security architecture was established for state-level regulation of cybersecurity. The Electronic and Postal Communications (Online Content) Regulations adopted in 2020 has further strengthened social media regulation. In 2021, the Cyberterrorism Governance Plan was introduced which played an important role in enhancing data security governance and combating cybercrime and cyberterrorism. Tanzania adheres to the diplomatic principle of unity and mutual assistance. It has actively cooperated with other countries and international organizations to jointly safeguard cybersecurity and further assert its own sovereignty in cyberspace.
Nigeria designated telecommunications equipment as Critical National Infrastructure in 2020, and it lays out a plan in the National Development Plan 2021-2025: Volume I for the development of the digital economy and plans to channel $40 billion of private capital investment into digital infrastructure by 2025. In the National Digital Economy Policy and Strategy (2020 - 2030) For A Digital Nigeria, some pillars were proposed such as Digital Literacy and Skills, Indigenous Content Development, and Adoption, in an effort to positively maintain security in cyberspace. Nigeria has issued a series of laws and regulations, including the Cybercrimes (Prohibition and Prevention) Act (2015), which creates a comprehensive legal, regulatory, and institutional framework in Nigeria to prohibit, prevent, detect, prosecute, and punish cybercrime. Nigeria has issued the Nigeria Cloud Computing Policy (2019), Nigeria Data Protection Regulation (2019), and other policies and regulations. The Nigeria Data Protection Regulation (2019) provides for Nigerians to have greater control over how their data is collected, shared, and used. Moreover, the Data Protection Act 2023 which was signed into law in 2023 is Nigeria’s latest effort in this regard.
In 2019, Nigeria announced that it would tighten regulation of social media to combat fake news and disinformation. In June 2021, after Twitter deleted a tweet from President Buhari warning of recent unrest in the southeast and freezing his account for 12 hours, the Nigerian government suspended the operation of Twitter until early 2022, and instructed the National Broadcasting Commission (NBC) to immediately begin reviewing and licensing all Over The Top (OTT) and social media apps in Nigeria. Nigeria has taken several measures to secure data and cyberspace in 2022, such as establishing the Data Protection Bureau (NDPB) and the National Shared Services Center.