New Technologies in International Law / Tymofeyeva, Crhák et al.

However, it has to be underlined that as regards the UN, it is noted that it is constant ly working on the development of concrete standards and regulations strictly applicable to cyber security issues. The most crucial cyber issues were discussed, for instance, on the sessions organised by the Groups of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security and Open-Ended Working Group on Developments in the Field of ICTs in the Context of International Security. 704 The genesis of the above-mentioned structures dates back to 2003, when the UN General Assembly asked the Secretary-General to analyse potential threats to information security and, as a result, a subsequent publication relating to possible pre ventive measures and cooperation opportunities that would help to minimise the risks associated with cyberspace. The last one was conducted in an open-ended format, meaning that any UN member state could become involved in its work. At the same time, consultations took place with representatives of the business world, NGOs, and academics. In addition to the role of regulations and the outcome of UN and NATO summit ses sions, EU legislation may also be applicable in the context of cyber conflict. Obvously, we should point out the Directive 705 adopted on 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Under this act, the EU Member States were obliged to carry out three key tasks. Firstly, each country was obliged to establish competent authorities (National Competent Authorities). The task of the Competent Authority is to monitor the implementati on of the Directive’s provisions at national level in all regulated sectors. Secondly, the Directive introduces mechanisms for inter-state cooperation at the technical level – i.e. to be ensured through the so-called CSIRT network and the creation of mechanisms for the exchange of information on cross-border incidents between CSIRTs designated for key service operators and digital service providers. The next level is the political and strategic level, which is to be implemented through the establishment of a so-called Cooperation Group, which is to deal with the development of common strategic con cepts and the acceptance of, among other things, annual reports from the competent authorities. 706 Although the EU regulations do not apply to and are not directly binding on Russia and Ukraine, which are outside EU structures, by binding the Member States they provide an important frame of reference for the perception of conflicts related to cyber 704 Balcewicz J, ‘UN GGE - Prawo międzynarodowe w cyberprzestrzeni’ ( NASK , 15 January 2020) accessed 16 December 2023. 705 Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union [2016] OJ L194/1. 706 Wrzostek M, ‘Dyrektywa NIS, czyli pierwsze europejskie prawo w zakresie cyberbezpieczeństwa’ ( NASK , 6 July 2016) accessed 16 December 2023.

172