A discourse on international cyber norms has emerged ever since the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) recommended eleven norms on responsible state behaviour in cyberspace. In the face of political contestation regarding the regulation of cyberspace, norms are often seen as an easier avenue for achieving consensus on responsible state behaviour than international law. As a result, the academic and policy-making focus has shifted to the creation of new norms. This article aims to explore the process and potential of small states to become norm entrepreneurs in cyberspace. It focuses on norm entrepreneurship concerning responsible state behaviour in cyberspace. Hence, the focal point of the article is norms by states for states. The article conceptualizes norm entrepreneurship and elaborates through case studies how and why the Netherlands and Estonia have become cyber norm entrepreneurs. It also details how this normative entrepreneurship manifests itself in the current cyber norms discourse.
European Foreign Affairs Review