Navigating the EU’s Cyber Diplomacy

Patryk Pawlak Interviews

Josep Borrell Fontelles needs no introduction. In European and national politics, he has done it all, including serving as the President of the European Parliament and as Spain’s Minister of Foreign Affairs. He’s no stranger to digital and tech issues either: he spearheaded the process of liberalising Spain’s telecoms as Minister of Public Works and Transport in the early 1990s. In his role as the EU’s diplomat-in-chief, Borrell is now responsible for projecting the EU’s model and vision for cyberspace around the world. The task is not an easy one.

After a slow start, the European Union is finally prioritising and recognising the importance of cyber diplomacy. The growing number of attacks on EU institutions and member states – like the attack on the German Bundestag, the COVID-19-related disinformation campaigns orchestrated by China and the online violations of Belarusian protestors’ human rights – all mean that the EU cannot afford to be an idle bystander if it wants to be taken seriously. In a blog post published over the summer, Josep Borrell made it clear that advancing international security and stability will remain the EU’s priority. He reiterated this commitment in his speech at the EU Cyber Forum 2020, where he approached cyber issues from a geopolitical perspective. In an offline interview, we discussed some of the key cyber-related political issues on his agenda in more detail.

Multilateralism and Digital Sovereignty

Commitment to multilateralism is one of Borrell’s key priorities. In the coming months, his staff will work on a document laying out the EU’s vision for the future of multilateralism. The EU has also declared a strong interest in maintaining and developing a rules-based international order – including in cyberspace – within the framework of an effective multilateralism.

Borrell is aware of the challenges facing this mission. “The world has become more multipolar but multilateralism has weakened”, he wrote in his recent blog on building Global Europe. The truth of this statement is evidenced by the fact that international organisations – most notably the United Nations – have become yet another theatre in which to play out geopolitical competition. I asked Borrell how the EU intends to deliver on its commitment to multilateralism, given that countries like China and Russia increasingly instrumentalise these institutions to their own political ends. “I have often used an expression: we need to speak the language of power”, he told me. “This is not simply about hard power. Other actors are weaponising also their soft power. Think about trade, or about information, for instance. In practical terms, this means that we need to strengthen our capacities and be able to act autonomously”.

The ideas of strategic autonomy and digital sovereignty were also mentioned in the State of the Union, so I want to hear his view on this. Borrell explains: “The concept of strategic autonomy is not about protectionism but rather about the ability and will to defend our interests and values by acting multilaterally whenever we can, but being ready to act autonomously whenever we must”. In an op-ed written together with Thierry Breton, Commissioner for Internal Market, Borrell wrote that technology, data and information are now instruments of political competition. It is thus important for the EU to closely link its industrial and research policy to its foreign policy.

I ask what that means in practice. The answer is simple, according to Borrell: “We need to protect key technological sectors from falling under excessive control by potential third parties and to ensure the security of vital sectors such as digital, energy, raw materials and health. We must protect our critical infrastructure (from energy to space), and our digital autonomy and security (international digital rules/standards, cybersecurity). We should also leverage the renewed political priorities of the recovery fund (Next generation EU) on digital and environmental issues”.

Josep Borrell Fontelles at the EU Cyber Forum 2020 © Bernal Revert/ BR&U

A “European Way”

Unilateral – or autonomous – actions have been so far been the exclusive domain of big states like China and the United States. So it’s not surprising that similar moves from Europe make them anxious. In just the past month, both the United States and China have proposed their own initiatives. China’s “Global Data Security Initiative” announced by State Councillor and Foreign Minister Wang Yi recently is particularly interesting, as it explicitly mentions multilateralism as one of the principles for an effective response to the challenge of data security threats. In announcing the initiative, Wang said, “On the basis of widespread participation from all sides, we should reach global data security principles that reflect every country’s wishes and respect the interests of all sides”. It is a great example of how multilateralism can be instrumentalised to target autonomous regulatory initiatives, such as the EU’s GDPR, or ideas set forth in the European Data Strategy. There is a risk of multilateralism becoming an instrument used against actors like the EU that draw much of their power from the capacity to set norms and standards through regulation.

Borrell does not seem surprised that the EU’s leadership in this domain is being contested. “Modern technology, innovation and economic growth in the 21st century are all data driven. Data is also a crucial asset in the search for possible solutions to many sectors’ challenges: from health to farming, from security to manufacturing. Our European way of handling data is already defined by preserving a high degree of privacy, security, safety and ethical standards. These are essential for the establishment of trustworthy data flows at the global level. If we can set effective and credible norms and standards on data use and protection, we can then also lead by example”.

The need to chart Europe’s own path on the international stage – one that is in accordance with its values and interests – is what Borrell calls a “Sinatra doctrine”. Unsure exactly what that means, I ask what the “EU Way” would look like in cyberspace. What is the EU’s response to other models like digital authoritarianism or the rise of techno-nationalism?

“The EU has a strong stake in maintaining and developing a rules-based international order within the framework of an effective multilateralism – even if others are clearly trying to weaken it”, he responds. He then adds: “With regards to cyberspace, it is in the European DNA to prioritise cooperation and dialogue. The EU will always strongly support an open, stable and secure cyberspace where existing international law applies and where norms of responsible state behaviour are adhered to. Furthermore, in all our actions, we are guided by our values and fundamental rights, such as freedom of expression and the right to privacy or the protection of personal data”.

New Era of Digital and Cyber Alliances

Finding shared values and common ground in cyberspace is becoming increasingly challenging, even among the closest allies. For instance, the Clean Network programme announced by State Secretary Pompeo has been criticised for damaging the open and politically-neutral nature of the Internet architecture.

I ask Borrell how Europe should respond to these emerging splits in the “like-minded” camp. “We share a long history with the United States” he replied, and added, “We also share a political system: our democracies, where the people can hold their governments to account. In a way, we are ‘political cousins’: we are both committed to political pluralism, individual rights, media freedom and checks and balances. The combination of this shared history and shared values creates a close affinity between us. Precisely because we agree with the US on many points, we regret that the American foreign policy has lately so often been unilateral in nature”.

So what is the way out? “The right way to overcome differences is to continue our dialogue, even when we have disagreements, and to have a strong cooperation with like-minded democracies such as Japan, India, South Korea, Australia, New Zealand, Canada and many other partners,” Borrell says. “Dialogue and cooperation with like-minded partners can help bridge the differences and bear results”.

The European Union has recently taken a more decisive stance against countries that play by their own rules. In August, the EU member states agreed to list several Russian and Chinese individuals and private entities under the EU’s autonomous cyber sanctions regime. The EU and China talk regularly – either in the Sino-European Task Force on Cyber Issues, for which Borrell’s team is responsible, or in the EU-China ICT Dialogue managed by Thierry Breton. Political controversies can usually be ironed out through dialogue.

This is not the case with Russia. How can the EU deconflict relations with Russia when it comes to cyber issues? I ask Borrell if he believes in a constructive dialogue with Russia when it comes to international security in cyberspace, and his answer is straightforward: “There is no scope or space for a dedicated EU-Russia Cyber Dialogue”. He quickly adds: “Maintaining open lines of communication and looking for openings and opportunities, including with actors we disagree with on most issues, is a key component of diplomacy. So we talk to Russia in the margins of multilateral meetings, and manage to advance work in OSCE and ARF despite our differences”.

Business in Diplomacy

Finally, I want to discuss the private sector: both its relations with the EU and the role it plays in international security debates – as an actor and as the target of regulations. It’s no secret that tech companies like Amazon, Google, Facebook and Microsoft – as well as Huawei and Kaspersky – are actively involved in setting norms in cyberspace, whether through their products or their policies. Some authors have even suggested new formats such as D20, comprised of the largest digital economies and technology companies.

Borrell’s predecessor, Federica Mogherini, tried to address the issue by establishing the Global Tech Panel to bring together leaders from the tech industry, the investment world and civil society. But while the Panel was useful to start a conversation and increase awareness between the EEAS and the tech/digital world it has ultimately translated into few concrete outcomes.

Borrell reflects on the topic: “Most private companies are realising more and more that they must be responsible actors in cyberspace. These companies have specific responsibilities, including due diligence, and should play a role in building trust and transparency in the digital domain. Cooperation, including with private partners, is important to this end”. At the same time, however, he acknowledges that “States retain a special responsibility with regard to international security matters, which cannot be delegated to private partners.”

Time for Network Diplomacy

Our discussion ends there. We weren’t able to touch on some sensitive issues, such as the division of labour between the EEAS and the member states on cyber diplomacy or the silos mentality that often quashes the effectiveness of the EU’s global engagement on cyber and digital issues. I also didn’t get a chance to ask about my pet cause: the appointment of a Special EU Representative for Global Cyber and Digital Affairs.

But I did get confirmation of one thing: Borrell understands that to be an effective international player, the EU needs a strategic approach to cyber and digital issues in its foreign and security policy. It will also require a joint effort by all stakeholders and a new approach to working with international partners. The EU’s cyber diplomacy needs to become a network diplomacy.

Thumbnail image: Credits to Ricardo Gomez Angel on Unsplash

Image

About the Author

Patryk Pawlak

Dr Patryk Pawlak is a visiting scholar at Carnegie Europe (Brussels) and a visiting fellow at the Robert Schuman Centre for Advanced Studies at the European University Institute (Florence). Prior to joining Carnegie Europe, he was the Brussels Executive Officer for the EU Institute for Security Studies (EUISS) where he also coordinated all digital and cyber projects. In this capacity, he was the Project Director of the EU Cyber Diplomacy Initiative – EU Cyber Direct, a multimillion-euro initiative focused on strengthening the EU’s cooperation on cyber and digital issues with partner countries. Dr Pawlak has over 20 years of experience in working with governments, private sector and research organisations worldwide. In addition to his academic pursuits, Dr Pawlak is the founder of a boutique consulting company 'Digilateral' specialised in advising clients on how to design successful policy and business adaptation strategies that place digital and cyber at the core of their models. This includes cybersecurity risk management, cyber and digital diplomacy, and cyber capacity building.

Share this Article