Civil society participation in cybersecurity policymaking at the Regional Level

Civil Society (CS) most certainly plays a critical role within democratic governance; however, to what extent they contribute to democratic legitimacy internationally is contested. In cybersecurity, where boundaries of actors and regions are becoming borderless, we wish to understand the strength of CS involvement within these ‘inclusive’ fora? And to what extent are they able to participate in the decision making and policy formation at the regional level? As the complexity of the cybersecurity field affects all aspects of national development, it is essential that the multidimensional policy field is approached in an ‘effective’ multistakeholder manner to achieve a high level of effectiveness, legitimacy and inclusiveness (e.g. Potjomkina etal). It is essential, therefore, to research how CS engages with cybersecurity policy debates internationally. A wide range of research has been done in measuring CS influence within policymaking. In the EU’s participatory democratic norms, CS is an important factor that bridges the gap between the EU and its citizens. Most of the research to date has been focused on established policy fields such as health. There is little research on cybersecurity and civil society engagement. In general debates on CSO engagement in EU policymaking, CSOs are often portrayed as instruments, engaged for box-ticking exercises, rather than actively contributing towards democratic legitimacy (e.g. Kröger). Others argue that CSOs play a legitimate role internationally. We assert that examining CSO engagement in cybersecurity strategizing (a new policy terrain) will help understand what the dynamics of meta-participation actually are in this space. We intend to fill the gap in literature that arises at the intersection of CSO engagement in regional cybersecurity policy. In order to answer the research aim of this paper, a qualitative discourse analysis will be conducted through online information gathering and the usage of relevant CSO statements and reports. We will examine texts from relevant CSOs in the EU which focus on responses to EU cybersecurity policy. In our paper we first introduce the EU’s cybersecurity policy, focussing on areas where CS is ‘active’ (notably protection of fundamental rights). The conceptual framework will follow (based on Luiijf 2013), defining key terms and justifying sources. We then analyse CSO documents (i.e. annual reports) that respond to EU cybersecurity policy. Annual reports are useful as they allow measurement of progress and change, providing a clear overview of not only how civil society looks at the EU as a cybersecurity governing actor today, but it will allow us to see how opinions have developed and how perspectives have been altered.