Hannes Ebert is a senior advisor at the German Marshall Fund of the United States (GMF) and team lead at EU Cyber Direct.
Louise Marie Hurel is pursuing her PhD in data, networks and society at the London School of Economics (LSE) and is a leading cybersecurity researcher at Igarapé Institute.
On February 20, the European Union (EU) hosted Brazil for the second official Brazil-EU Cyber Dialogue in Brussels. The meeting signaled an attempt by Brasília and Brussels to coordinate their efforts to advance responsible state behavior in cyberspace, as actors like China and Russia derail progress on international cybersecurity in the United Nations (UN) Open-Ended Working Group (OEWG) and the Group of Governmental Experts (GGE).
Even though many differences remain in how Brasília and Brussels approach a global normative framework, bilateral efforts such as the Dialogue have helped develop a strategic cyber partnership between Brazil and the EU. This can help Brazil and the EU overcome differences, project their influence as aspiring global cyber powers, and more effectively pursue their shared interest of establishing a rules-based order in cyberspace.
Drivers: From Technical Cooperation to Strategic Cyber Partnership
Cyber cooperation between Brazil and the EU has expanded considerably in the past decade from an initial focus on digital economy and trade issues to cybercrime and cybersecurity.
Since 2010, both have engaged in the Brazil-EU Dialogue on Information Society and Digital Economy, a forum for establishing joint research agendas in 5G, IoT, and AI, harmonizing digital market and data protection regulations, and advancing joint digital infrastructure projects, such as the construction of a submarine fiber cable between Europe and Latin America.
ICT cooperation developed further in 2014 when both sides decided to institutionalize cooperation on cybersecurity in the form of a separate EU-Brazil Cyber Dialogue led by the European External Action Service and the Brazilian Ministry of Foreign Affairs. The first Cyber Dialogue took place in 2017 in Brasilia and opened up a new avenue for Brazil and the EU to identify convergences in their ideas for international peace and security in cyberspace. In November 2019, Track 1.5 Brazil-EU Consultations on Preventing Conflict in Cyberspace were held, signaling a mutual willingness to continue to strengthen cooperation in cybersecurity.
Building on this momentum, the Second Brazil-EU Cyber Dialogue held in February was used to exchange information on cybersecurity threats, capacity building and confidence-building measures. Both sides agreed to cooperate on “improving a global understanding on a framework for conflict prevention, cooperation and stability in cyberspace”—important elements for the work of the OEWG and GGE going forward.
Prospects of the Brazil-EU Cybersecurity Partnership in Multilateral Negotiations
In the past, Brazil and the EU have been divided in their preferred approaches to developing cyber norms. While the EU advocates focusing on the implementation of existing norms and capacity building, and submitted a non-paper on capacity building to the OEWG’s first substantive meeting, Brazil prefers to adopt a legally binding instrument in the medium- to long-term to prevent the militarization of cyberspace.
Yet, the OEWG second substantive meeting and Cyber Dialogue in February indicated that Brazil and the EU are equally interested in settling these disagreements. First, both agreed that international law applies to cyberspace and reiterated the importance of complementarity of the OEWG and GGE, separate tracks in the UN, in advancing stability in cyberspace.
Second, both sides highlighted that ambitions for the UN negotiations must be limited to clarifying the already agreed upon norms, discussing few if any new ones, and suggesting an institutional setting for future deliberation on them. In this context, Brazil showed flexibility at the February OEWG meeting stating that while in the long-term it prefers a binding instrument, states should now focus on further developing and implementing the agreed-upon non-binding norms. In turn, Brazil’s proposal to protect the public core of the internet and electoral systems in the OEWG report was endorsed by EU members, such as Germany.
Third, both sides also made a strong case for involving multiple stakeholders in the development and implementation of norms, ensuring academia, civil society, and the private sector can inform the dialogue. At the OEWG in February, the Brazilian delegate stated that “cybersecurity is an issue that requires a comprehensive, inclusive, and participatory approach, (which is) why (the) OEWG should continue a dialogue with all relevant stakeholders to ensure that its recommendations are realistic, implementable, and effective.” This was echoed by EU member states’ representatives, who expressed regret that only non-governmental institutions with prior UN Economic and Social Council consultative status were allowed to participate in both OEWG meetings.
There is hope for further collaboration on these issues between Brazil and the EU, and both are currently well-positioned to advance deliberations on cybersecurity. Brazil is chairing the GGE, and their chair, Guilherme Patriota, was credited with building strong links with the Swiss chair of the OEWG, Jürg Lauber, and successfully holding GGE consultations with various regional organizations, including the EU.
The evolving Brazil-EU Cyber Dialogue can serve to build trust on sensitive cybersecurity issues and advance discussions on responsible state behavior in cyberspace ahead of the upcoming OEWG and GGE meetings in July and August 2020, respectively. In the present geopolitical climate, in which threats are likely to further proliferate, progress toward greater stability in cyberspace depends on such flexible cyber diplomacy calibrations by actors able and willing to build bridges.