(a) In generalIt is the policy of the United States—
(1) to work internationally to promote an open, interoperable, reliable, and secure internet governed by the multi-stakeholder model, which—
(2)
to encourage and aid United States allies and partners in improving their own technological capabilities and resiliency to pursue, defend, and protect shared interests and values, free from coercion and external pressure; and
(3) in furtherance of the efforts described in paragraphs (1) and (2)—
(A)
to provide incentives to the private sector to accelerate the development of the technologies referred to in such paragraphs;
(b) ImplementationIn implementing the policy described in subsection (a), the President, in consultation with outside actors, as appropriate, including private sector companies, nongovernmental organizations, security researchers, and other relevant stakeholders, in the conduct of bilateral and multilateral relations, shall strive—
(1)
to clarify the applicability of international laws and norms to the use of information and communications technology (referred to in this subsection as “ICT”);
(2)
to reduce and limit the risk of escalation and retaliation in cyberspace, damage to critical infrastructure, and other malicious cyber activity that impairs the use and operation of critical infrastructure that provides services to the public;
(3)
to cooperate with like-minded countries that share common values and cyberspace policies with the United States, including respect for human rights, democracy, and the rule of law, to advance such values and policies internationally;
(4)
to encourage the responsible development of new, innovative technologies and ICT products that strengthen a secure internet architecture that is accessible to all;
(5) to secure and implement commitments on responsible country behavior in cyberspace, including commitments by countries—
(A)
not to conduct, or knowingly support, cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors;
(B)
to take all appropriate and reasonable efforts to keep their territories clear of intentionally wrongful acts using ICT in violation of international commitments;
(C)
not to conduct or knowingly support ICT activity that intentionally damages or otherwise impairs the use and operation of critical infrastructure providing services to the public, in violation of international law;
(E)
not to conduct or knowingly support malicious international activity that harms the information systems of authorized international emergency response teams (also known as ‘computer emergency response teams’ or ‘cybersecurity incident response teams’) of another country or authorize emergency response teams to engage in malicious international activity, in violation of international law;