 It's my pleasure to join you all today to discuss a research topic I've been working on for the past year and a half now I would say about how the World Trade Organization deals with cybersecurity concerns. Now this is a very broad topic so today in this presentation specifically we will just focus on cyber security and so far it affects the international sale of goods and therefore restricting my analysis to the general agreement on tariffs and trade or the GATT. I will be discussing two instances in which trade restrictions have been imposed on information and communication technology and although these measures have never been formally challenged in the WTO dispute settlement system I will proceed with looking at these examples as if they were a hypothetical dispute and accordingly looking at how they would be justified under the exceptions in the GATT and even looking at possible solutions elsewhere for an example resolving cybersecurity concerns under the TBT or technical barriers to trade agreement. Now to begin with an important issue to address is that states will have various policy considerations behind restricting trade in ICT or information and communication technology products and some of these considerations will conceal protectionist or politically motivated intentions however I do believe that cybersecurity is a growing concern and accordingly I feel it's appropriate to deal with it as such meaning that the WTO should address the concerns related to cybersecurity within the system instead of having states resort to other recourses. Now for the sake of argument I will be dealing with these issues even if they are at times of a political nature as if they were a genuine novel cybersecurity concern. So let's begin with looking at two particularity controversial measures that have affected trade in information and communication. So the first of these measures has been the banning the use of foreign equipment and critical infrastructure projects and this concern was essentially raised by Australia in 2018 in which it banned the use of Chinese telecommunication equipment in building its 5G broadband network. Now the ban was initiated amidst concern that because information would be traveling through this Chinese equipment then the company might be compelled to hand over and gather that information to Chinese intelligence agencies. The measure adopted by Australia has had a spillover effect so we've seen the US, Japan and New Zealand have all adopted similar regulations. Another issue regarding trade in technological goods has been banning or imposing export restrictions on information and communication technology components. So in 2019 the US added Huawei along with several of its affiliates to its entity list. Now what that does is that it bans US companies from exporting any kind of items to the Chinese companies on the list over national security concerns. Now why is this a problem? Now the GAAT agreement as part of the WTO framework sets out a series of rules that seek to strengthen economic cooperation between states and it does so by eliminating or reducing tariffs and non-tariff barriers. The aforementioned examples are all examples of non-tariff barriers that would violate the GAAT. For an example they would violate Article 1 on Most Favourite Nation, Article 3 on National Treatment and Article 11 on Quantitative Restriction. Naturally a state will try to justify these measures under one or more of the GAAT exceptions. Specifically because a lot of these states have adopted the measures under our national security rationale, Article 21 is of utmost importance here. And I think a little bit of background is necessary about Article 21. So the article has been the focal point of much debate and discussion about its just disability and appropriate standard of review. Fortunately we have the Russia Traffic of Transit dispute which is the first and currently the only WTO case adjudicating Article 21 in which the panel have kind of clarified these concepts. So what the panel did in that case was divide the article into both objective and subjective elements. So while WTO member has the right to self-judge what would be considered an essential security interest subject they do so in good faith, a member must also adhere to an objective analysis of the facts under which these measures were taken. And here's where it gets a little bit tricky. So can we consider cybersecurity and essential security interests within the meaning of Article 21? And perhaps the best way to look at this is through Article 21b sub paragraph 3 in which it justifies measures taken at a time during a time of emergency and international relations. However in the Russia Traffic of Transit dispute the panel interpreted emergency and international relations by reference to the concept at a time it was developed in 1947 when the article was drafted. So the panel says that an emergency of an international relations is one that would be of comparative gravity to war or one that would involve our armed conflict, some sort of heightened tension or general instability engulfing the state. Now this concept would be difficult to apply to nowadays threats especially when it comes to cybersecurity, when they don't necessarily have to become military or military of a military nature. On the contrary they could be completely peaceful but could have a significant impact on state security. Another issue with applying the concept as defined by the Russia Traffic of Transit panel is that they required chronological concurrence between the emergency and international relations and the measures taken which is challenging for issues related to cybersecurity because it basically relies on states taking preventive action. If states were not allowed to take action until a cyber attack or cyber reach happens then it would be irrelevant and therefore it is unclear if Article 21 would be able to allow for preventive measures to be taken or precautionary measures in that sense. Another challenge in applying Article 21 would be to determine the good faith of a WTO member in adopting these measures. So the panel, although they recognize the self-judging nature of part of the clause, they also require that it is subject to some sort of review of good faith in which a member should adopt these measures in good faith and unfortunately specifically in the examples I mentioned and examples we've seen nowadays in banning or restricting information and communication technology is that it's also been, it's often been of a political or punitive nature so which will make it particularly difficult to apply Article 21 on cybersecurity and given the complexity of dealing with cybersecurity under the national security justification I alternatively propose addressing the cybersecurity concerns under the TBT agreement which allows states to adopt technical barriers or specifications to products imported into their country subject that they do so in a non-discriminatory way and this is quite frankly perfect when it comes to cybersecurity and security in technology because there are currently several systems or specifications where internationally recognized that do address security and cybersecurity and integrity of devices collectively with their networks, softwares and systems. For an example we have the NIST cybersecurity framework which is an extensive framework that deals with cybersecurity in product services and different layers of technology. We also have the 2013 joint standards by the international standardization organization along with the IEC which also talk about hardware and software security. The NERC also has a set of standards for electric power industry and ensuring security there. The problem with these standards is that states have not sat down and agreed on them collectively all together so certain members have adopted these regulations but I think it is possible to kind of sit all the states together and have one specific standard adopted by in which all of them would be able to implement. I generally believe that states have a legitimate concern when they want to address cybersecurity and securities and information and communication products however states should be more concerned about how these products are being made instead of where and who are producing them. Adopting international standards pursuant and in accordance with the TBT would resolve reasonable number of cybersecurity concerns and also do so within the existing WTO framework. But this is still a work in progress and feedback is very much appreciated. I would like to thank you all for listening and I hope you enjoyed this presentation.