International Cybersecurity Research Made in Hamburg

Advancing UN Cyber Norms: Multilateral Peer Review Mechanisms as a Way Forward - Part II

Emilia Neuber (Hertie School of Governance) & Mischa Hansel (IFSH)

09 January 2023


Credibility and Impartiality

Technical indicators, standards, and criteria do not set peer review apart from other review mechanisms. Rather, it is the political authority of a state-led process as opposed to an evaluation by, say, a technical secretariat of an UN treaty body. One benefit of such political salience is the visibility of the process. The downside of high political salience is fear of political bias, for example when there is a perception of a disproportionally strong influence of a specific actor. To overcome this fear, a reviewer system rotation can be implemented. The UPR is again one such example, where a randomly assigned troika of three reviewer states is responsible for coordinating reviews of the human rights situation in a UN member state. Within the cyber context, such a rotating board of review coordinators could be one answer to managing geopolitical fault lines and opposing interest, particularly in times of increased international instability.

A possible counterargument would point to the practice of the white-washing of human rights offenders by some states within the UN Human Rights Council. It is hard to dispute that this indeed undermines the credibility of the peer review process. However, human rights protection is a highly contentious policy area in almost all aspects. This condition does not apply to UN cyber norms across the board. For example, few, if any states, dispute the need to secure their own critical infrastructures or protect the work of CERTs. Also, there is almost universal agreement on the need to strengthen international capacity-building.

Finally, it is worth to consider the political viability of alternative methods of making compliance assessments. Here again comparison with the case of human rights protection is instructive. For example, states heavily obstructed efforts by UN Human Rights Commissioner Michelle Bachelet to publish a special report on the human rights situation of the Uyghur minority in China. While the report eventually was published, a narrow majority of states made sure that it could not even be discussed within the UN Human Rights Council.  Arguably, such obstruction would be more difficult in the context of regular and mandatory peer reviews.

Capacities and Flexibility

Another benefit of peer reviews is the way in which they can support international capacity building mechanisms. First, by addressing one of the most pressing concerns within this area, namely the redundancies and misappropriation of resources due to lack of donor coordination. Peer reviews can ameliorate this coordination deficit by not only offering timely and well-structured information on crucial resource and capability gaps, but also by providing a dialogue platform for donors and recipients. The recently launched “National Voluntary Survey” (NVS) is based on a similar rationale. Yet contrary to the NVS, where states voluntarily submit reports, institutional dialogue is not an add-on but a key element within any peer review process.

Another benefit of peer review practice derives from the ability to reconsider the meaning of effective compliance in a rapidly changing technological environment and with due regard for political circumstances.  For example, a reviewer state can give credit to a positive trajectory of increasing compliance even when there is still a huge gap between commitment and actual performance. Even in case of stagnation, circumstances beyond the responsibility of a reviewed states - for example resource constraints due to the pandemic - can be taken into account.


The idea of using peer reviews for international cybersecurity is not new – the ICT4Peace Foundation already proposed a peer review process in 2020, focussing primarily on operational restraints guiding great power behaviour. Putting state parties in charge of such a process via a rotary system may be a good way to avoid bias while maximising political salience and visibility. At the same time, a public process in no way precludes non-state actors from offering their judgement on a state’s performance in what has become known as shadow-reporting, as practised for example in the context of the Sustainable Development Reports. Nor would a peer-review process be incompatible with already existing or planned instruments. On the contrary, it could build on the NVS, developing it further after an initial period of implementation. Additionally, separate peer reviews could focus on specific norms or norm clusters and thus be integrated in the Programme of Action (PoA) that has recently been adopted by the UN General Assembly. A helpful first step would be a systematic assessment of all the tools and instruments developed within other policy areas where peer reviews are an integral part of norm implementation and monitoring.

 <-- Read Part I here