Global Governance of Emerging Technologies: Counterterrorism Challenges at the United Nations Security Council

Terrorist organizations rarely lead in technological innovation and are not early adopters of emerging technologies. Their incorporation of technological advancements into operational activities is typically measured and gradual, influenced by organizational structure, resource limitations, opportunities for learning and concerns that new technologies may increase their exposure to counterterrorism operations.

Nevertheless, terrorist organizations have demonstrated considerable skill in exploiting widely available commercial technologies to advance their operational objectives. Their strength stems from strategically adapting universally accessible technologies to suit their needs. They have become particularly adept at utilizing social media and artificial intelligence for propaganda dissemination, recruitment, and the orchestration of terrorist activities.

The capacity to exploit commercially available technologies for nefarious purposes poses substantial challenges for governance of these technologies. Policymakers and security agencies must maintain constant vigilance and address these evolving threats while simultaneously incorporating advanced technologies into counterterrorism strategies.

For instance, biometric technology is systematically utilized at borders and airports to detect suspected individuals. Surveillance technologies enable monitoring and situational awareness. Signal intelligence is deployed to intercept communications across a range of digital channels. Blockchain technologies are increasingly leveraged to trace illicit financial transactions, while artificial intelligence facilitates predictive analytics, behavioral pattern recognition, the processing of large datasets and the rapid removal of terrorist propaganda. Collectively, these technologies constitute a multilayered counterterrorism architecture that demonstrates a profound reliance on emerging technologies.

Below, I trace how the U.N. Security Council has adapted to the terrorists’ use of emerging technologies over time, relying on principles and non-binding guidance that offer flexibility and the possibility of building consensus in an increasingly uncertain time.

Governance of New and Emerging Technologies

Governing emerging technologies presents a highly complex challenge. First, there is the significant gap between the rapid proliferation of new technological innovations and the comparatively slow process required to develop, implement, and enforce effective governance frameworks. Technology develops exponentially, while governance remains linear.

Second, terrorists quickly adapt their operations to new governance regimes, often within weeks. In the digital realm, for example, terrorists have become adept at “platform hopping” – migrating from one online space to another in response to new restrictions.

A third challenge is that new technologies quickly diffuse across national boundaries. If a single country does not endorse an effective AML/CFT (Anti-Money Laundering and Countering the Financing of Terrorism) governance regime for new payment methods, then it can be rendered ineffective.

Collectively, these challenges lead to what is usually referred to as the “regulatory lag” or “reg-lag.” Reg-lag stems from the fact that governance struggles to keep pace with rapid technological innovation due to systemic, technological, and political weaknesses. It is compounded by the fact that many policymakers lack the technical expertise needed to effectively govern complex new technologies and is exacerbated by political gridlock and corporate influence on governments. Ultimately, these factors leave policymakers constantly playing catch-up with the speed of technological development.

Shortening reg-lag requires alternative governance models. While not flawless, such models can reduce imminent risks of exploitation and encourage ongoing collective learning as technology develops. It does not necessarily mean abandoning traditional multilateral frameworks. When terrorists started exploiting the new world of widely available commercial flights, the international community responded with the development of a series of U.N. conventions. Multilateral instruments offer comprehensive solutions and confer broad legitimacy, yielding numerous notable successes – from U.N. conventions to regional frameworks and targeted, risk-specific arrangements. Nevertheless, the processes of adoption and implementation of these instruments are characteristically protracted.

Over the years, several alternative governance regimes have emerged. These include sandboxes – a controlled environment in which regulatory bodies permit organizations to test innovative products under relaxed regulatory requirements, while maintaining oversight and safeguards. Another alternative governance regime involves the development of an overseeing body for specific technology or specific right (i.e. privacy). A third governance model involves the establishment of a self-regulatory mechanism, composed of industry stakeholders who collaboratively develop, implement, share and enforce standards governing member conduct. In the context of counterterrorism, a notable example is the Global Internet Forum to Counter Terrorism (GIFCT). The emergence of these governance regimes assumes their imperfectness, yet they provide an important immediate check at least until a more elaborate comprehensive regime emerges. They create a common language and understanding of the proper response to the threat.

For alternative governance regimes to be effective, several key principles need to be followed. Foremost is the establishment of values-based frameworks, rooted in human rights, sustainability, safety, and adherence to rule of law principles: legality, necessity, proportionality, accountability and independent oversight.

Other critical elements of effective governance regimes include stakeholder engagement, participation from civil society, academia, and the private sector, adaptation mechanisms to handle evolvement of new technological applications and international cooperation.

The Security Council and the Governance of Emerging Tech

Incitement Online

On 7 July 2005, four British nationals, acting on behalf of al-Qaeda, executed a coordinated attack on London’s public transit network. The attack claimed 52 civilian lives and wounded over 700, becoming the deadliest terrorist incident in the U.K. since the Lockerbie bombing in 1988.

The bombings prompted a profound shift in understanding the global threat of the relatively new yet already broadly available technology of the internet. The findings showed that exposure to online incitement can influence individuals to carry out attacks within their own country. It also led to intensive discussions over what can be a global response to the threat of online radicalization, incitement, recruitment and training, as the terrorists traveled to Afghanistan and Pakistan. This discussion resulted in the adoption of resolution 1624 (2005).

Resolution 1624 (2005) is a notable example of internet governance that, while effective in certain respects, remains fundamentally constrained. Divergence among major powers led to a compromise, with the resolution urging States to “prohibit by law” incitement, rather than to “criminalize” it explicitly, leaving much discretion to States on how to implement it. Furthermore, unlike many normative counterterrorism resolutions, it was not adopted under Chapter VII of the Charter, underscoring its limited enforceability.

The approach embraced in Resolution 1624 (2005) illustrates the benefits and limitations inherent to formal global governance regimes. On the one hand, it created a common understanding of the threat, which led to numerous subsequent initiatives, including the development of concepts such as Countering Violent Extremism (CVE). On the other hand, it left critical issues regarding enforcement mechanisms unresolved and to the discretion of Member States.

The Rise of ISIL

In June 2014, the world woke up to a new shocking reality. The Islamic State of Iraq and the Levant (ISIL) stunned the world as its forces quickly captured key Iraqi cities. In August, ISIL attacked the Yazidi minority in the Sinjar region, committing mass atrocities against it. That same month, ISIL released videos showing horrific crimes committed in its so-called caliphate, including the beheading of American journalists James Foley and Steven Sotloff.

At the U.N. headquarters in New York, the international community quickly began forming a counter-ISIL plan. Alongside building a military coalition, discussions emerged over creating a framework to improve cooperation in preventing foreign terrorist fighters (FTFs) from traveling to Syria and Iraq and prosecuting ISIL members for their crimes. Informal consultations regarding what would eventually become resolution 2178 (2014) continued day and night until its adoption by heads of state in September 2014. For those present in New York during this period, it was clear that the Security Council is the only global body capable of acting swiftly, decisively and universally.

Resolutions 2178 and 2396: The Governance of New Tech

Resolution 2178 (2014) was innovative and ambitious on several fronts, most notably in establishing a new category of offense related to FTF travel. It was also novel in its incorporation of technological measures to address the movement of FTFs. It encourages Member States to employ screening procedures, including collection and analysis of travel data, and to do so without resorting to profiling based on stereotypes.

Yet, the terrorist threat from ISIL continued to evolve and the world began to face a new challenge. Between 2014 and 2016, major attacks were perpetrated by returnees, including the May 24, 2014 shooting at the Jewish Museum of Belgium, the Jan. 7, 2015 assault on Charlie Hebdo’s office in Paris, and the Nov. 13, 2015 attacks in Paris, among others. In parallel, a series of assaults were carried out by individuals inspired, rather than directed, by ISIS. These included the Dec. 2, 2015 San Bernardino shootings, the June 12, 2016 Pulse nightclub massacre in Orlando, the July 14, 2016 truck attack in Nice, and the Dec. 19, 2016 Christmas market truck attack in Berlin.

These attacks culminated in the adoption of resolution 2396 (2017), which called on Member States “ to collect biometric data and to develop and share information related to watchlists or databases of known and suspected terrorists, including FTFs.”

Biometric Technology and Alternative Governance Regimes

Biometric technology has a long historical trajectory, with early instances dating back to ancient Babylon, where fingerprints were employed to authenticate commercial transactions. In the past three decades, the domain has witnessed considerable advancements, notably the expanded use of DNA analysis and facial recognition technologies.

In the context of the fight against ISIL, biometric technology became a critically effective technology to identify ISIL suspects and prevent FTFs’ travel even when they use fraudulent documents.

In resolution 2396 (2017), the Security Council decided that States shall develop and implement systems to collect biometric data to responsibly and properly identify terrorists, including FTFs, in compliance with domestic law and international human rights law. The Security Council also encouraged Member States to share this data responsibly with INTERPOL.

Resolution 2396 (2017) introduces several advancements over Resolution 2178 (2014). It obligated all States to develop and implement biometric systems without first establishing a universal and binding governance regime, which still does not exist. The Member States saw the risk of ISIL as greater than the risk of potential abuse. Additionally, the scope of application was broadened, incorporating the two terms “responsibly” and “properly.” The Security Council did not provide definitions for these terms but clarified that they are supplementary to the existing requirement to observe human rights law.

Alternative Governance Regimes in the U.N. Security Council: The Non-binding Guiding Principles Approach

Biometric technology is an intrusive investigative technique. It enables intelligence and law enforcement agencies to access not only individuals’ actions and personal data but also information about their physical characteristics and DNA. It can be collected without a person’s knowledge or consent and may be retained or repurposed, raising serious human rights concerns. It is no wonder that the adoption of these measures by the Security Council led to much criticism.

Yet, a more nuanced assessment of the Security Council’s efforts should consider not only the urgency with which it acted but also the mechanisms it provided to establish a governance framework. While this approach may not be flawless, it offered meaningful safeguards against potential abuses. The two alternative tools for governing emerging technologies collectively deployed by the Security Council were the use of principles rather than rules and the focus on non-binding guidance.

Principles are recognized as an effective tool for governing new tech for several reasons. Principles represent shared commitments to legal and ethical concepts. If properly developed, they can make sure that society benefits from the advantages that technology offers while upholding the rule of law and human rights. A principle–based approach also prevents innovative technologies from becoming bogged down in the regulatory thicket that often results from a rule–focused response.

The other tool recommended for governing new tech is to consider non-binding governance approaches. For example, the Organization for Economic Cooperation and Development (OECD) recommends: “Commitments and obligations that are not directly enforceable by governments.” The advantage of the non-binding mechanism is that it can offer flexible interim solutions to govern emerging technologies as uncertainties of technological pathways are reduced over time. Non-binding interventions are well suited to shape the norms surrounding the development and deployment of emerging technologies due to their collaborative nature. They can provide a venue for back-and-forth dialogue between technologists, regulators, and society.

The Madrid Guiding Principles and Their Addendum

Immediately following the adoption of resolution 2178 (2014), the Counter Terrorism Committee of the U.N. Security Council (CTC) began developing guiding principles on how Member States should implement the resolution’s complex requirements. These later became known as the “Madrid guiding principles.” Concluded in 2015, the Principles provided practical guidance for addressing FTFs, from radicalization and travel to prosecution, rehabilitation, and reintegration.

Building on this success, the Security Council requested in resolution 2396 that the CTC and the Counter-Terrorism Committee Executive Directorate (CTED) review the 2015 Madrid principles with a focus on the threat of returnees. The CTC promptly initiated the development of what later became the Addendum to the Madrid Guiding Principles, which notably included a dedicated chapter addressing the use of biometric technologies. The Addendum acknowledges the critical role of biometric data in preventing terrorist travel but also reminded Member States that any interference with privacy must comply with human rights law. It stressed that biometric technology creates challenges because of reg-lag. It called on States to introduce effective privacy impact assessments, establish review or other types of oversight bodies, and consider the potential impact of such new technologies. The CTC went on to remind Member States that it is essential to provide safeguards for the protection of data and human rights, focusing on information about children.

Following the adoption of the Addendum, U.N. bodies, working collectively with the support of civil society, developed a compendium on the use of biometric technology that provides further human rights-based guidance on the use of this technology.

The Delhi Declaration

Building on these successes and facing an unprecedented number of new technologies available for terrorist purposes, from unmanned aerial systems (UASs) to crypto, crowdfunding and gaming, the CTC intensified its use of non-binding guiding principles. During a ministerial special meeting in Delhi in 2022, the CTC adopted the Delhi Declaration on “Countering the Use of New and Emerging Technologies for Terrorist Purposes.” Aware of the criticism related to the lack of full participation of civil society in the development of the Madrid guiding principles, the CTC and CTED held numerous discussions before and during the meeting itself with civil society, the private sector and academia.

The Delhi Declaration marked another critical step in the Security Council’s development of a governance regime for emerging tech. It detailed a long list of principles applicable to governance of new tech in the context of terrorism, including the need to balance fostering innovation and interconnectivity, as well as the free and secure flow of information, with preventing and countering the use of new and emerging technologies for terrorist purposes. It emphasizes the importance of engaging the tech sector, academia and civil society in the development of specific governance regimes for these technologies while maintaining a full respect for human rights.

It also led the CTC to adopt two new sets of non-binding guiding principles to assist Member States in countering the threat of terrorists using emerging technologies. In 2023, the CTC adopted the Abu Dhabi non-binding Guiding Principles, which are the first comprehensive guidance for addressing the misuse of UASs by terrorists. And in 2025, the CTC adopted the Algiers non-binding Guiding Principles on “Countering the Use of New Payment Technologies and Fundraising Methods for Terrorist Purposes.”

Collectively, these new instruments provide a broad toolkit that recognizes the interconnectivity of technological threats and the necessity of coordinated, collective responses.

The Security Council’s Governance Initiatives in the Broader Context 

The governance of emerging technologies demands a nuanced approach, a challenge that extends beyond counterterrorism. Effective governance is essential to ensure the safe integration of new technologies, to prevent their misuse, and to safeguard human rights, while simultaneously enabling society to reap the benefits of innovation. Yet, when these technologies are employed in the context of countering terrorism, the complexity and criticality of governance increase substantially.

On the one hand, the deployment of advanced technologies in counterterrorism can play a pivotal role in thwarting terrorist attacks. On the other hand, certain highly intrusive countermeasures pose significant risks to fundamental rights, raising the potential for abuse. It is no wonder that with the lack of a proper governance regime there have been calls for moratoria on the use of the most intrusive technologies, such as spyware.

The Security Council’s governance initiatives must be viewed within this broader context. As described in detail earlier, these initiatives were formulated in response to urgent and unprecedented global threats. Their primary objective was to prevent terrorists from abusing new capabilities while mitigating associated risks, with the understanding that more comprehensive governance frameworks will evolve over time, whether through the Security Council, its subsidiary bodies, or other relevant stakeholders. Both the Security Council and the CTC have consistently maintained that the governance regime they endorse is intended to supplement established international norms and were immediately followed by the development of practical non-binding guidance.

There is abundant fair criticism of the solutions offered by the Security Council and the CTC in developing these guiding principles. They are connected to a broader discussion over the growing use of “soft law” in counterterrorism, not just by the Security Council but also by bodies such as the Global Counterterrorism Forum (GCTF), the Financial Action Task Force (FATF) and the U.N. Global Compact. The U.N. Special Rapporteur notes in this context that these guidelines are often “formulated in processes that are non-transparent.” Concerns were also raised regarding the mainstreaming of human rights in the development and enforcement of this guidance. In providing these concerns, the Special Rapporteur reflected a sentiment many Member States within and outside the Security Council share.

Although this article does not purport to prescribe a definitive model for the governance of emerging technologies within the counterterrorism sphere, it aims to elucidate the underlying rationale guiding the Security Council’s initiatives and the urgency with which these measures were undertaken. The Security Council confronted an unprecedented global crisis, necessitating immediate global action. While recognizing that hasty though necessary solutions may lead to misuse, the Security Council then immediately advanced a principled, non-binding framework designed to mitigate these risks, while also stressing that its efforts are intended to complement human rights principles and, where appropriate, be superseded by other, perhaps more elaborate instruments.

Author’s note: The views expressed in this article are those of the author and do not necessarily represent the views or policies of the United Nations or any of its Member States.

Read Next:

Featured Articles: