Unpacking cyber norms: private companies as norm entrepreneurs

Concerns over practices in cyberspace are central to the consolidating international agenda for cybersecurity. Responses to such concerns come in different shapes and sizes, and are proposed by different actors. Whether it concerns intellectual property rights, the theft of trade secrets, collection of personal data, critical infrastructure protection, DNS security, or geopolitical issues, the rise of cybersecurity as a multifaceted global issue has led to the proliferation of governance mechanisms aimed at responding thereto. While state efforts have sought to promote norms of responsible state behaviour in cyberspace, we argue that technology companies are also taking the lead as norm entrepreneurs in the context of the stability and security of cyberspace. We explore the tensions between current literature on cyber norms and the role of private actors as potential norm entrepreneurs in global cybersecurity. In an attempt to determine the position of private actors in this field, we turn to practices such as corporate diplomacy and lobbying as avenues for highlighting the methods in which corporations engage in international policymaking in general, and cyber norms in particular. We look at Microsoft’s case to unpack the company’s role in the normative development of cybersecurity globally. We analyse documents containing the company’s policies and strategies, and argue that these efforts consist of an attempt to influence global public policies on cybersecurity. In conclusion, we note that, notwithstanding these efforts, the lack of coordination between different aspects of norm-making processes illustrates the challenges facing the advancement of international cyber norms