In January, the Coalition to Reduce Cyber Risk (CR2) held a briefing at the World Trade Organization (WTO) in Geneva, Switzerland focused on our forthcoming research around the inclusion of digital trade and cybersecurity components in trade agreements. The briefing was attended by 40+ countries, including the U.S., Spain, Australia, Germany, Kazakhstan, Brazil, Japan, and China. 

Cybersecurity provisions have been incorporated in 11 trade agreements to date. These provisions revolve around establishing a cyber-trade link, government capacity building efforts, operational collaboration efforts, and the use of risk-based approaches and consensus standards. 

We focused on:

  • The nature of these existing cyber-trade provisions.
  • The steps taken by governments to implement them.
  • The capacity-building resources available to assist with implementation. 

The session was followed by a Q&A, with questions around defining cybersecurity versus information security, as well around best practices for incident/vulnerability reporting and capacity-building. 

The briefing landed right in the middle of the ongoing negotiations for the  90-country Joint Statement Initiative (JSI) on Electronic Commerce, and in advance of the 13th WTO ministerial conference next week in Abu Dhabi. The JSI has been in development since 2017, and the negotiations have been marked by controversy, including most recently by the withdrawal of United States support for objectives around cross-border data flows, data localization, and source code transfer. Nonetheless, the JSI contains harmonized rules for a number of issues including e-signatures, e-contracts, open government data, consumer protection, unsolicited commercial messages, and crucially, foundational cybersecurity language. 

While there was hope that the JSI could be finalized by Abu Dhabi, it now appears highly unlikely. Negotiations have been further impeded by debate around the temporary WTO Moratorium on Customs Duties on Electronic Transmissions. 

CR2 recently co-signed a letter calling for the renewal of the moratorium with over 170 global business associations. As the negotiations continue, trade optimists hope for a finalization of the text towards the fall of 2024. Despite controversies over other topics, the proposed cybersecurity language in the draft seems relatively uncontentious. 

Ines Jordan-Zoob

Read Next

EU’s Cyber Resilience Act Enters Into Force

New product cybersecurity requirements are coming to the EU single market after years of intense debate and negotiation in Brussels, as the European Union’s Cyber Resilience Act officially enters into force.

Through the Looking Glass: An Updated Vision for the Office of the National Cyber Director

The ONCD was established to advise the President on cybersecurity and has matured into a key component of cybersecurity policymaking. However, changes are needed to ensure the efficacy of the office, especially as it relates to other agencies.

The U.S. Data Security EO with Lee Licata and Grant Dasher (Part 2)

For the first time in the Distilling Cyber Policy podcast, Alex and Jen are re-joined by guests from earlier this season: Lee Licata, from the Department of Justice, and Grant Dasher, from CISA.