Global Compendium on Responsible Cyber Behaviour

Cyberspace has become a pivotal domain for geopolitical competition and statecraft, where vulnerabilities are systematically exploited and weaponised to advance state power. While certain sub-threshold activities, such as espionage, are tacitly regarded as ‘acceptable’, other behaviours remain ambiguously defined along the spectrum of responsible and irresponsible state conduct. This lack of clarity has significant implications for the present and future of the stability and security of the global digital ecosystem.

Over the past two decades, states have engaged in extensive multilateral discussions to delineate the ‘rules of the road’ for cyberspace. These efforts, primarily undertaken within UN forums on international peace and security, have culminated in the development of a framework for responsible state behaviour in cyberspace. Anchored in four pillars – international law, norms, cyber capacity-building, and confidence-building measures – this framework represents a consensus-based approach to reducing ambiguity. However, its negotiation reflects a narrow focus, constrained by geopolitical tensions and divergent state priorities. The resulting diplomatic deadlocks and ongoing cyber confrontations between key actors – the US, China, Russia and others – highlight the challenges of operationalising the framework in practice.

This compendium seeks to expand the discourse on responsible cyber behaviour (RCB) by examining perspectives that have been under-represented in global debates. Moving beyond the confines of the UN framework and the perspectives of a select group of ‘capable’ countries, this publication draws on region-specific case studies from North America, Latin America and the Caribbean, Europe, the Indo-Pacific, and the Middle East and Africa. These studies offer a critical lens on how states interpret and enact RCB, with approaches often shaped by unique regional dynamics such as developmental priorities, geopolitical pressures and climate concerns.

By exploring these diverse approaches, the compendium not only enriches understanding of RCB but also underscores the importance of contextualising global norms within local and regional realities. The compendium is the outcome of 11 workshops, as well as interviews and literature reviews conducted by the authors, undertaken under the aegis of the Global Partnership for Responsible Cyber Behaviour, a RUSI-led initiative with over 80 researchers dedicated to advancing regional research on RCB.

The case studies illuminate how responsibility is articulated and operationalised through institutional development, legal and regulatory frameworks, cooperative agreements, and responses to major cyber incidents. Collectively, they contribute to a more nuanced understanding of the interplay between global principles and localised practices, offering an essential foundation for advancing both scholarly enquiry and policy formulation on RCB.