For more than two decades, successive U.S. administrations treated the UN as a necessary—if imperfect—venue for shaping global expectations of state behavior in cyberspace. The United States was a principal architect of the UN cyber framework, supporting the applicability of international law to cyberspace, articulating confidence-building measures, and defending multistakeholder engagement. Historically, U.S. international engagement in various cyber processes was driven by a strategic logic that combined normative leadership with institutional investment. In the past decade, Washington was instrumental in establishing the Global Forum on Cyber Expertise (GFCE), setting up the International Counter Ransomware Initiative (CRI), and promoting the Budapest Convention on Cybercrime.

However, this posture has become increasingly unsettled since U.S. President Donald Trump’s return to power. The 2025 U.S. National Security Strategy reflects a more instrumental view of multilateral institutions, including the UN. Engagement is no longer justified primarily by long-term order-shaping considerations and alliances but by short-term strategic return, cost efficiency, and perceived alignment with the administration’s worldviews and narrowly defined national interests.

Although he made a strong push for renewed alliances, U.S. Secretary of State Marco Rubio’s remarks at the Munich Security Conference in February 2026 were another clear expression of this position. As a consequence, the UN is no longer framed as a venue for shaping global order, but rather as one forum among many—useful insofar as it delivers concrete returns and dispensable when it does not.

This shift does not bode well for the new UN Global Mechanism to advance responsible state behavior in cyberspace, due to be launched this year. This single-track approach will replace previous cyber processes established in the context of disarmament: the UN Groups of Governmental Experts and the UN Open-Ended Working Group (OEWG) on security and ICTs that concluded in July 2025. In response to the more uncertain international environment and fragmentation exposed by the U.S. retrenchment, the EU and like-minded states should consider four possible pathways to ensure that global cyber governance remains effective and resilient.

An Institutional Shift Toward Disorder?

U.S. skepticism of multilateral cooperation has translated into tangible disengagement. In January 2026, Washington withdrew from dozens of organizations and coalitions that are adjacent to digital and cyber governance, such as the GFCE and the Freedom Online Coalition. These initiatives serve as valuable platforms for strengthening digital rights, boosting cyber resilience, and rallying governments behind the idea of a free, global, open, safe, and secure cyberspace.

What is more, the U.S. decision to defund numerous digital rights organizations and question the validity of sustainable development goals and the importance of gender-balanced debates has weakened informal pipelines through which ideas, practices, and trust flowed into UN negotiations. This context matters: To be effective and bring real change, which is also in U.S. interests, the UN Global Mechanism will need to rely heavily on parallel ecosystems of the private sector, the technical community, researchers, and civil society.

In addition, the Trump administration’s broader skepticism of the UN as an orchestrating global institution might have negative spillover effects.

Even without direct challenges to the cyber framework, persistent questioning of the UN’s legitimacy and efficiency reduces incentives for U.S. agencies to treat UN cyber outcomes as political and operational commitments. 

More importantly, the Trump effect may contribute to undermining the credibility and implementation of the UN framework of responsible state behavior altogether. Failure to strongly promote existing rules will only benefit countries like Russia and Iran.

The United States frames its preference for bilateral and minilateral cyber partnerships as an alternative to cumbersome UN processes. While such arrangements are not new in U.S. cyber diplomacy, their elevation under the current administration risks sidelining the UN as a venue for practical cooperation, especially for states outside U.S.-led coalitions. Over time, this weakens the authority of UN-backed norms and processes.

These trends toward normative, institutional, and operational fragmentation do not indicate an explicit U.S. rejection of the UN cyber framework. However, they do suggest a shift toward a more ideological and power-centric model of cyber governance—one in which the United States and its allies deal the cards and the UN’s role is tolerated rather than actively reinforced. In this environment, normative alignment becomes harder to sustain, and the risk of disorder and decentralization increases as UN rules face a proliferation of competing interpretations and implementation pathways.

Fragile Continuity Beneath Retrenchment

At the same time, the institutional Trump effect has clear limits. On substance, U.S. positions have so far been largely consistent with those articulated before 2025. Washington continues to oppose legally binding cyber treaties and has not endorsed alternative governance models that would displace the norms-based framework developed since 2015. In this respect, U.S. alignment with like-minded states remains stable. Most importantly, the United States has not reopened or diluted its position that existing international law applies to cyberspace, a cornerstone of the UN cyber consensus.

Although there is no present indication that this position will change, maintaining the image of a champion of international law may become more difficult in light of U.S. decisions in other areas of foreign policy, such as Washington’s use of offensive cyber capabilities in Iran and Venezuela. Similarly, U.S. support for voluntary, nonbinding norms of responsible state behavior remains intact. However, the Pentagon’s decisions to roll out generative AI at scale and to test AI-enabled monitoring and vulnerability discovery, while U.S. Cyber Command taps start-ups to accelerate offensive tradecraft, will put U.S. normative commitments under more scrutiny.

The United States has also not withdrawn from the overall UN cyber framework, nor has it contested the legitimacy of the Global Mechanism.

This distinguishes cyber governance from other policy areas, where U.S. disengagement from the UN has been more explicit and confrontational. While institutional follow-through has weakened, the United States has not formally aligned itself with state-centric governance models promoted by other actors in the UN system. Nor has Washington jettisoned the need for partnerships with other nations in pursuing its cyber agenda. Sean Cairncross, the U.S. national cyber director, repeatedly stated in remarks at the 2026 Munich Cybersecurity Conference that “America first” did not mean “America alone” and that partnering with allies was vital—especially in imposing costs on adversaries.

In fairness, U.S. skepticism of UN cyber processes as forums for tangible action is neither new nor unwarranted. Although the United States engaged in the past in cyber processes and the framing of the Global Mechanism, those forums, because they operated by consensus in a geopolitically divided world, could make only incremental progress at best. The new Global Mechanism may be billed as an action platform to enable implementation, but the original proposal of a program of action was significantly watered down, primarily by Russia, China, and their cohort.

This situation raises significant doubts about whether the resulting structure will deliver tangible outcomes, with or without U.S. dedication. Indeed, in many areas, including holding to account countries that engage in malicious cyber actions, the United States has long relied on a strategy of engaging and acting with like-minded partners. The Trump administration is simply doubling down on that approach. The 2026 Cyber Strategy for America puts adversaries on notice that U.S. cyber operators and tools “can be swiftly and effectively deployed to defend America’s interests.” It states clearly that the United States will use diplomatic, trade, and operational tools to ensure that norms and standards reflect American values.

Finally, U.S. institutions continue to recognize the operational need for capacity building, even if delivery mechanisms have shifted. The 2025 dismantling of the U.S. Agency for International Development has undoubtedly limited U.S. options for delivering impactful and sustainable cyber capacities in other parts of the world. Nonetheless, cyber capacity support remains embedded in bilateral assistance and security cooperation with Ukraine, Moldova, and the Western Balkans, reflecting a pragmatic understanding that norms without implementation capacity lack credibility.

The result is a pattern best described as institutional continuity without institutional leadership. The United States maintains its doctrinal positions while stepping back from its role of system steward.

Adjusting to a Less Anchoring United States

The recalibration of U.S. global cyber engagements—including at the UN—does not leave other actors without agency.

On the contrary, it forces a strategic choice about how to respond to a United States that remains influential but no longer consistently anchors the system. Four broad approaches are emerging—often in parallel—each with distinct implications for the UN Global Mechanism, U.S. cyber alliances, and the broader cyber governance landscape.

Containment: Working with Selective U.S. Participation

One strategy is continued engagement with the United States on the assumption that selective participation is preferable to disengagement. This pathway is particularly important for the EU and like-minded countries that prioritize cyber governance through the UN and other multilateral institutions. This approach accepts U.S. skepticism of institutionalized multilateralism as a structural constraint rather than a temporary aberration.

In practical terms, engagement focuses on issue-specific cooperation where U.S. interests align with those of partners like the EU, such as in responding to cyber incidents, protecting critical infrastructure, and countering ransomware. Within the UN Global Mechanism, this translates into prioritizing deliverables that show operational value, reduce strategic risk, and avoid new binding commitments. Dedicated thematic groups, established as part of the mechanism, will provide an opportunity to focus on specific problems, such as securing critical infrastructure, while strengthening multistakeholder participation, especially from the private sector and the technical community.

The advantage of this approach lies in preserving U.S. involvement without forcing premature institutional confrontation or undermining the UN’s role altogether. However, the limitation of this pathway is equally clear: Narrow engagement risks reinforcing a minimalist interpretation of the UN’s role, potentially constraining the mechanism’s long-term ambition and normative development.

Appeasement: Engagement Outside the UN and Acceptance Within

A more results-oriented variant of the first approach is based on a shared recognition of the inherent limitations of the Global Mechanism. Despite the UN’s success in reaching consensus on norms of responsible state behavior and the applicability of international law to cyberspace, it is highly unlikely that the organization as a whole or the mechanism can enforce those norms and strengthen accountability. Practical implementation of capacity building and other issues will be difficult in the Global Mechanism because of a lack of concrete resources for it and a reliance on contributions from UN member states for any concrete actions.

Active engagement with the United States on these issues outside the UN might be more conducive to tangible results and enhanced partnerships. This, in turn, might help anchor U.S. participation in the UN-led framework. This pathway implies that states continue to engage at the UN while seeking to partner more aggressively with the United States in bilateral and minilateral formats to make substantive progress. For instance, the United States is still actively involved in the G7 Cyber Expert Group and the Tallinn Mechanism, which are particularly important for the EU and its members. The Trump administration’s focus on scams and online fraud provides fertile ground for closer collaboration with countries in Asia, where many scam compounds are based, including Laos, Cambodia, and Myanmar. Solving concrete problems together on the ground is a promising avenue for keeping Washington engaged. Lessons from such common endeavors should then feed into the debates at the UN.

A focus on issue-based coalitions would find support among critics of UN processes, who often stress the limited impact of the UN framework on the behavior and calculations of malicious actors in cyberspace. The downside is that not all like-minded countries are completely aligned on all these issues, and the United States might be interested in working with only a small group of international partners.

Confrontation: Defending Multilateral Norms with Assertive Institutions

Another option is institutional confrontation—not in the sense of diplomatic rupture, but by assertively defending UN norms and processes when U.S. positions undermine their authority or coherence. A more aggressive U.S. posture on supply-chain security that would discriminate against European companies, restrict human rights and privacy, or undermine European digital policies could cause additional conflicts across the Atlantic that could play out at the UN.

This approach recognizes the progress made at the UN and treats the cyber framework as a collectively owned public good that is not contingent on the preferences of any single state. It sees the UN processes as ultimately beneficial for all, despite a small minority of countries violating their commitments. It involves insisting on procedural integrity, resisting attempts to dilute the achievements to date, and calling out potential inconsistencies between any state’s rhetorical commitments and its institutional behavior.

Confrontation might help safeguard normative clarity and prevent backsliding. Yet, it also entails significant risks. Overly adversarial dynamics may accelerate U.S. disengagement, politicize technical discussions, and fracture consensus—particularly if confrontation becomes symbolic rather than outcome oriented. Confrontation also requires consistent unanimity among those who uphold the framework, both in words and in actions. Experience shows that such cohesion is often lacking even among the so-called like-minded, particularly when it comes to action. This pathway also risks losing the United States as a substantial counterweight to the agendas of Russia and China.

As such, this strategy requires careful calibration: defending principles without alienating the United States or hijacking the UN cyber framework as a proxy battleground for broader geopolitical disputes.

Replacement: Rebuilding Anchoring Functions Without the United States

The final strategy involves partly replacing U.S. anchoring functions should Washington drift farther away. Rather than wait for renewed U.S. leadership, other actors—middle powers, regional organizations, and cross-regional coalitions—assume greater responsibility for sustaining the implementation of norms, coordinating capacity building, and fostering multistakeholder engagement. This pathway is more likely to materialize if the United States decides to withdraw more expressly from UN cyber processes or insists more forcefully on a fairer distribution of the costs and responsibilities of defending cyberspace between the United States and its allies.

In this model, the UN Global Mechanism remains important, but leadership becomes more distributed. Regional bodies, development banks, technical communities, and like-minded coalitions compensate for U.S. retrenchment by providing resources, political backing, and operational continuity. This implies that the Europeans assume a more central role in global cyber governance, including through the European Investment Bank, an increased presence of European cybersecurity companies, and stronger engagement and alliances with others.

Replacement does not imply exclusion of the United States. Instead, it reflects a pragmatic recognition that systemic resilience requires redundancy. The risk, however, is fragmentation: Without careful coordination, parallel leadership structures may produce divergent standards and uneven implementation, weakening the universality of the UN framework. What is more, there is little evidence that this approach would work or that the many distributed leaders could coordinate, agree, or be effective—especially as Russia and others try to exclude nonstate stakeholders.

Experience shows that Russia, China, and their bloc can be remarkably united and insistent on their demands—even willing to throw consensus away if those demands are not accommodated. Meanwhile, the so-called like-minded group often backs down and prioritizes consensus, as evidenced by the significant watering down of the proposed program of action. Replacement also ignores the stark reality that U.S. leadership not only kept the like-minded group cohesive and effective but was also instrumental in cutting acceptable deals with China and Russia that led to a productive consensus. However, as experience has shown, other actors, such as Australia, Canada, or cross-regional coalitions of states, can play important roles in finding a compromise.

Conclusion

Progress on global cyber diplomacy will depend on states’ ability to deliver solutions to concrete challenges in a world where geopolitical tensions drive fragmentation along ideological lines, while U.S. participation is selective, transactional, and uneven—but still consequential.

In practice, the four strategies presented above are not mutually exclusive. Most actors are likely to rely on a combination of them, depending on the issue and the political context. And actors should not treat potential further U.S. withdrawal as a foregone conclusion. Until proven otherwise, some form of continued engagement with Washington, as outlined in the first two options, stands the best chance of keeping the United States as an active and helpful player.

The central challenge for other states will be managing this hybridity under the UN Global Mechanism—maintaining inclusivity while preserving coherence and accommodating selective U.S. engagement. They will also need to focus on what the mechanism practically can achieve, rather than any aspiration for it to be a panacea. The reality is that much implementation has happened, and will increasingly happen, outside the UN, and the organization needs to both recognize and try to leverage those efforts.

Ultimately, adapting to a less anchoring United States is less about choosing the right strategy than about ensuring that global cyber governance remains functional, credible, and resilient in a more pluralist and uncertain international order.