Developments in the internet governance environment April to July 2024

Developments in the internet governance environment April to July 2024

Key IG topics in the 2nd quarter of 2024

In the second quarter of 2024, the discussion on internet governance was dominated by the following topics:

· The final phase of negotiations on the Global Digital Compact (GDC) at the UN

· Preparations for the Internet Governance Forum (IGF) 2024 in Riyad and EURODIG 2024 in Vilnius

·       The ongoing preparations for the WSIS Review Conference in 2025 (WSIS+20)

·  The NetMundial+10 conference

·  The cyber security negotiations within the framework of the OEWG and UN Convention against Cybercrime

·  The NATO Summit in Washington with a new cyber agenda

·  The EU Commission's digital balance shortly before the European Parliament elections

·  The publication of the international cyber strategy of the USA

·  The results of the ITU Council meeting in Geneva

·  The conclusion of an international agreement on e-commerce within the framework of the WTO

·  Multiple initiatives to regulate artificial intelligence

·  Re-activating the involvement of the technical community in the internet governance discussions

·  Increasing polarisation of the global internet debate between democracies and autocracies at the G7 Summit in Apulia and the SCO Summit in Astana

Global Digital Compact is still under discussion

The discussions on the Global Digital Compact, which have been going on since summer 2022, are now in the home straight.

After more than 20 intergovernmental and multistakeholder consultations, the two GDC co-chairs (Sweden and Zambia) presented a first draft (GDC Zero Draft) at the end of April 2024. The 17-page text formulates five goals (overcoming the digital divide, inclusion in the development of the digital economy, safeguarding human rights, global interoperability in data governance and regulation of artificial intelligence) and defines 13 principles. The draft explicitly refers to the resolutions of the 2005 UN World Summit on the Information Society, thus focussing on continuity. However, practical proposals on topics such as data and AI governance go beyond this and have the potential to duplicate existing processes and come into conflict with existing institutions, particularly the IGF. While the general objectives and principles met with a positive response, other parts of the draft were strongly criticised. In particular, the emphasis on multilateral activities to the disadvantage of the multistakeholder approach to shaping the digital future was criticised. This related to proposals for the creation of new institutions and the launch of new processes for artificial intelligence, data governance and the GDC follow-up. Also criticised was a potential new GDC office in New York under the umbrella of the "Office of the UN Tech Envoy", which was feared to possibly create a "new empire" for global digital policy at the UN; this would inevitably weaken the institutions based in Geneva that deal with internet governance – IGF Secretariat, ITU, UNCSTD, UNCTAD, WTO, ILO, etc. – and thus weaken the GDC.

A revised draft (GDC Rev.1) was presented at the end of May 2024. The new draft emphasised more strongly the role of the IGF in implementing GDC recommendations, but still contained a large number of proposals for new institutions and processes. A further revised draft (GDC Rev.2) strengthened the multistakeholder approach to internet governance and the IGF and provided for a reduction in new initiatives. Worth to be positively mentioned is the reference made to the NetMundial process, which defined principles and procedures for the multistakeholder approach in 2014 and 2024. GDC Rev.2 was generally well received by the internet community. Focal points of criticism were the chapters on data governance and artificial intelligence as well as the "GDC Follow-Up". The draft still contained proposals for a new GDC office in New York and a new intergovernmental process that should lead to a GDC Review Conference in 2027, i.e. a kind of world conference on global digital policy under the umbrella of the UN.

On 12 July 2024, a third version (GDC Rev.3) was distributed to the UN embassies of the 193 UN member states under the so-called "Silence Procedure" with a deadline of 17 July 2024. The "silence procedure" means that the proposed text is deemed to have been adopted if no UN state has raised an objection by the deadline, i.e. if no one "breaks the silence". However, shortly before the deadline expired, more than ten states, including the USA, EU states, New Zealand, Australia, Russia and the G77 including China, raised objections. The GDC Rev.3 draft was thus rejected. The co-chairs Sweden and Zambia decided to hold informal intergovernmental consultations on the disputed paragraphs on 19 August 2024. No further consultation with non-governmental stakeholders is currently planned.

The main points of contention continue to be the relationship between multilateralism and multistakeholderism in shaping the digital future, the creation of new institutions for political discussions on artificial intelligence as well as the role of the IGF and the GDC follow-up. A key point of criticism remains the creation of a new GDC office at the Office of the UN Tech Envoy in New York and the rejection of a recommendation to place the IGF Secretariat in Geneva on a solid financial footing beyond "voluntary contributions".

The entire process of drafting the GDC has also come under increasing criticism. The multistakeholder consultations consisted in a series of two-minute statements without any opportunity for interactive communication; the statements were largely ignored by governments. The draft texts were not the subject of formal negotiations but were formulated by the Office of the UN Tech Envoy on behalf of the two co-chairs. It cannot be ruled out that the informal consultations scheduled for 19 August 2024 will not lead to a result and that a fourth draft will also meet with opposition. With time running out – the GDC is to be adopted as an annex to the "UN Pact for the Future" at the UN Future Summit on 22 September 2024 in New York – it will be difficult to reach a consensus between all 193 UN states. Thus, failure of the entire GDC process is a possibility that must be taken into consideration. The second version of the "Pact for the Future" was presented on 17 July 2024.

The argument that a bad GDC can do more harm than good is not only gaining ground among civil society, according to Konstantin Komaitis and Fiona Alexander and others. Basically, there is no acute need to adopt such a compact in 2024, especially since the review conference of the 2005 UN World Summit (WSIS+20) will start in 2025, at which all the issues addressed by the GDC will be on the table again. Parts of the GDC on which principal agreement has been reached could be incorporated into the "UN Pact for the Future". The contentious details, in particular regarding the launch of new institutions and processes, could be further negotiated within the framework of WSIS+20. Should a last-minute compromise nevertheless be reached, the value of a GDC would primarily consist of a positive political signal in complicated geopolitical times.

Preparations for the 18th Internet Governance Forum (IGF) are in full swing

Preparations for the 18th IGF in Riyad in December 2024 are proceeding according to plan. Following an initial preparatory conference of the MAG in Riyad in February 2024, the MAG adopted the umbrella theme (Building Our Multistakeholder Digital Future), four focal points for discussion (Harnessing innovation and balancing risks in the digital space, Enhancing the digital contribution to peace, development, and sustainability, Advancing human rights and inclusion in the digital age and Improving digital governance for the Internet We Want) and selected 89 workshops from the 203 proposals at a second meeting in Geneva at the end of June 2024. Once again, there will be a "High Level Governmental Track" and a "Parliamentarian Track" as well as a special "Youth IGF". There will also be sessions organised by the IGF Dynamic Coalitions, the NRI Network, the Best Practice Fora and the Policy Networks on Cyber Security, Internet Fragmentation and Artificial Intelligence. Details of the program are still under discussion. This also concerns the so-called "Day Zero". The draft program will be published at the next MAG meeting at the end of August 2024. Participants have been able to register since 23 July 2024.

The appeal by a group of civil society organisations to the UN to review the awarding of the IGF to Saudi Arabia due to acute human rights violations went unheeded. At the MAG meeting in Geneva at the end of June 2024, host Saudi Arabia assured that it would adhere to all UN guidelines and guarantee the non-discriminatory participation of all stakeholder groups. However, there are still concerns, particularly among the LBGTQ+ community. However, there is no formal call for a boycott.

The regional IGF for Europe, EURODIG, took place under the title "Balancing innovation and regulation" from 17 – 20 June 2024 in Vilnius.[5]Over 800 participants registered. Keynote speakers included Marija Pejčinović Burić, Secretary General of the Council of Europe, Tomas Lamanauskas, ITU Deputy Director General, and Aušrinė Armonaitė, Minister of Economy of Lithuania. The 36 "EURODIG Messages from Vilnius" include concrete recommendations to organise the GDC and WSIS+20 process openly, transparently and with equal involvement of all stakeholders. The conference in Vilnius further strengthened the role of EURODIG within the NRIs. Similar to the IGF Secretariat in Geneva, the EURODIG Secretariat also suffers from a lack of resources and material support.

The 19th IGF 2025 will most likely take place in Oslo at the end of June 2025. The Norwegian government submitted a corresponding offer at the IGF 2023 in Kyoto. However, Russia's proposal to organise the 19th IGF 2025 in Sochi or St. Petersburg is still on the table. A final decision by the UN is expected in the third quarter of 2024.

Initiated by the IGF WG Strategy, a discussion began in June 2024 on what the future of the IGF could look like after 2025, assuming that WSIS+20 renews the mandate for the IGF. On 26 July 2024, Chris Buckridge, Co-Chair of the WG Strategy, presented an initial position paper. The discussion centred, among other things, on not simply renewing the IGF's mandate, which was previously based solely on paragraph 72 of the 2005 Tunis Agenda but redefining against the background of the experience of the last 20 years. In this context, the idea of institutionalising the IGF in the medium term and creating an independent international multistakeholder organisation with its own constitution was also discussed. An "IGF Charter" or "IGF Bylaws" could define the IGF mission as well as the roles and responsibilities of the now numerous IGF bodies and working groups – from the MAG to the Leadership Panel and the IGF Secretariat to the Dynamic Coalitions, BPF and PNs. Such an organisation would also have to be placed on a stable financial footing in order to end dependence on voluntary contributions. In this context, it was suggested that WSIS+20 should convene a new multistakeholder WGIG 2.0 to develop corresponding proposals by 2027. Such a WGIG 2.0 could also discuss whether the IGF should be given a new name in view of the developments in the digital world over the last 20 years.

WSIS+20 is becoming more concrete

Preparations for the 2025 review conference of the UN World Summit on the Information Society (WSIS+20) became more concrete in the second quarter of 2024. This was mainly due to the recommendations of the regular session of the UN Commission on Science and Development (UNCSTD) and the ITU's WSIS Forum.

The UNCSTD has a mandate from the Tunis Agenda to document progress in the implementation of the WSIS resolutions on an annual basis. The UNCSTD reports are sent via ECOSOC to the UN General Assembly, which then adopts recommendations in the annual UN resolution "ICT for Development". The 27th UNCSTD meeting from 14 to 19 April 2024 in Geneva was significant in that the comprehensive 124-pragraph resolution adopted contains detailed ideas for shaping the WSIS+20 process. The UNCSTD resolution is in favour of renewing and strengthening the IGF. It also contains concrete proposals for the further implementation of the 16 WSIS Action Lines and their long-term connection with the UN Sustainable Development Goals (SDGs). WSIS+20 should be organised as openly and transparently as possible in 2025, involve all stakeholders and take place in Geneva. Paragraph 122 states: "The UNCSTD stresses the need for an ongoing open, inclusive and transparent process for the negotiations of the World Summit 20-year review and follow-up in Geneva that should include informal consultations with Member States, observers and stakeholders."

Almost 10,000 experts took part in the ITU's annual WSIS Forum in Geneva from 26 to 31 May 2024, both offline and online, including 45 ministers. The forum discussed almost all internet governance topics in more than 200 sessions. In contrast to the IGF, the WSIS Forum program is planned top-down by the UN organisations ITU, UNESCO and UNDP and leaves less room for open and controversial discussions than the IGF. The 100-page "Output Document" contains specific recommendations for WSIS+20, emphasising the need to strengthen existing structures such as the IGF and to link the WSIS Action Lines more closely with the UN's Sustainable Development Goals (SDGs) (WSIS Plus). The "Chair's Summary" also points out that it is wrong to construct a conflict between "multilateralism" and "multistakeholderism", as was sometimes done during the GDC debate. Both processes are complementary, it says, and Geneva is the right place for the WSIS process to achieve progress in the matter through joint activities of all stakeholders. The reference to the NetMundial+10 São Paulo Multistakeholder Guidelines (SPMGs) is noteworthy. The SPMGs are described as a "blueprint" for practising multistakeholder cooperation: "The WSIS mechanisms have facilitated a functional interplay between multilateral and multistakeholder governance. These different approaches to governance should not be seen as mutually exclusive, but as complementary. And both types need to further develop to become more transparent, inclusive and accountable to all people in the world. In this regard, the São Paulo Multistakeholder Guidelines, adopted at the Netmundial+10 conference in April this year, can serve as a blueprint for more trustworthy, inclusive and accountable governance in multilateral as well as multistakeholder processes."

The procedure for WSIS+20 has not yet been decided. The 2nd Committee of the 79th UN General Assembly, which will meet in New York in October and November 2024, is responsible. The question is whether WSIS+20 will be organised as a primarily intergovernmental process within the framework of the 80th UN General Assembly in New York in 2025 (similar to the GDC) or according to the model of the original WSIS process with PrepComs and thematic multistakeholder meetings in Geneva under the umbrella of the ITU.

NetMundial+10 yields new Multistakeholder Statement

A major event outside the UN process was the NetMundial+10 conference in São Paulo from 28 to 30 April 2024.

In 2014, Brazil organised a high-level multistakeholder conference on internet governance, partly in response to the Snowden revelations. The "NetMundial São Paulo Declaration" went beyond the WSIS resolutions of the Tunis Agenda of 2005. Although the Tunis Agenda contained a fundamental commitment to the multistakeholder approach, it did not define any principles. After 2005, various organisations, including the OECD and the Council of Europe, adopted declarations with principles for internet governance. However, these documents adopted in the early 2010s were either regionally limited or only supported by one stakeholder group. In contrast, the 2014 NetMundial was a global conference whose results were supported by all stakeholders. The principles of the NetMundial São Paulo Declaration are therefore regarded as a universal basis for internet governance.

However, it has been an open question ever since 2014 how these principles are being applied in practice. Different governments developed different practices, ranging from informal and unsustainable consultations with non-state stakeholders to joint policy development. Many governments paid lip service to the multistakeholder approach. The lack of clear procedural rules for multistakeholder cooperation favoured this "window dressing". This was particularly evident in the GDC process that began in 2022. Against this backdrop, on the eve of the 17th IGF in Kyoto in October 2023, Brazil decided to organise a similar multistakeholder conference (NetMundial+10) to mark the 10th anniversary of NetMundial and to discuss not only the application of the principles but also the procedures for multistakeholder cooperation.

NetMundial+10 was organised by cgi.br, the Brazilian ccTLD registry, with the support of the Brazilian government. A "High Level Expert Committee" (HLEC) consisting of 40 experts drafted a "NETmundial+10 Multistakeholder Statement: Strengthening Internet governance and digital policy processes" on the basis of global consultations. The document was adopted by acclamation. It reaffirms the principles of the 2014 NetMundial Declaration. The centrepiece, however, are the 13 "São Paulo Multistakeholder Guidelines" (SPMGs). The SPMGs formulate criteria for multistakeholder cooperation. They represent a kind of yardstick that can be applied to negotiations on internet-relevant topics to determine whether they fulfil the criteria of multistakeholder cooperation. To this end, 12 "Process Steps" are defined, which can be seen as procedural rules for such negotiations (1. Scope the issue, 2. Identify stakeholders; 3. Engage stakeholders; 4. Share information; 5. Ensure equitable participation; 6. Facilitate dialogue; 7. Prepare draft outcome; 8. Factor in feedback from wider community: 9. Open decision-making; 10. Submit final outcomes to the consideration of the wider community, 11. Establish mechanisms for implementing decisions and holding stakeholders accountable for their commitments, 12. Monitor and adapt.)

Cyber security continues to be an intensely discussed issue

The topic of cyber security is becoming increasingly important in the UN. A special session of the UN Security Council was held on 21 June 2024. From 8 – 12 July, the Open Ended Working Group (OEWG), created in 2020, met in New York for its 8th session and adopted its 3rd Annual Progress Report (APR). In May 2024, the OEWG had already agreed on the new "Points of Contact Mechanism" (PoC), a "red phone" to prevent unintended conflicts in cyber space. The last round of negotiations on a UN convention against cyber crime began on 27 July 2024 in New York. And in August 2024, the GGE LAWS will meet in Geneva to negotiate internet-based autonomous weapons systems.

On 21 June 2024, a thematic meeting of the UN Security Council on cyber security took place in New York under the chairmanship of South Korea. UN Secretary-General Guterres pointed out that world peace is also threatened in cyber space today. In addition, cyber criminals are undermining international security. The global damage caused by blackmail software alone amounts to US$ 1.1 billion (2023). 76 governments took the floor. Non-governmental representatives such as the Director of the Geneva Cyber Peace Institute (CPI), Stéphane Duguin, were also allowed to speak. He said "Warfare is no longer the sole preserve of states. Non-state actors – from criminal groups, hacktivist collectives with geopolitical motives and other civilians – taking part in cyberattacks and operations." Last year, the CPI registered 3,225 cyber attacks by 127 different attackers in 56 countries. German Minister of State Tobias Lindner called for a greater role for the UN Security Council in the peaceful resolution of cyber conflicts. "Germany would welcome efforts by the Security Council to mainstream cybersecurity threats into its agenda". The UN Security Council did not pass any resolutions.

The OEWG launched its new Global Points of Contact Directory (POC) in New York on 5 May 2024, hosted a Global Roundtable on ICT Security Capacity-Building in New York on 10 May 2024 and adopted its third Annual Progress Report (APR) by consensus after its 8th regular meeting on 12 July 2024.

The POC mechanism is intended to enable governments to avoid misunderstandings and miscalculations in the event of cyber attacks. The POC is considered a confidence-building measure in cyber space (CBMC). A similar mechanism has already proven its worth within the OSCE since 2019. POCs exist within the UN for various international arms control issues.

At the Global Roundtable on ICT Security Capacity Building (CCBMs), non-governmental representatives in particular took the floor. The Global Forum on Cyber Expertise (GFCE), for example, pointed out that there are already numerous capacity building initiatives in the area of cyber security and referred to its "Cybil Portal" database, in which over 1,000 stakeholders are involved. The Global Cyber Alliance (GCA) also spoke out against reinventing the wheel in view of scarce resources. There are enough projects, including for the Global South. However, almost all of them are underfunded. Countries such as Russia and China fear that corresponding education programs will be dominated by Western experts and are calling for CCBMs to be geared towards "national needs".

The OEWG Chair, Singapore's UN Ambassador Burhan Gafoor, presented his third Annual Progress Report (APR) on 10 July 2024. The report was adopted by consensus and comprises 60 paragraphs. It reaffirms that in times of new geopolitical tension, the eleven norms on responsible state behaviour in cyber space agreed in 2015 remain valid. However, the norms are not binding under international law. The 3rd APR does not rule out the possibility of further norms being agreed, which could also lead to a legally binding UN instrument. However, the focus of the report is on measures to implement the existing norms and on confidence- and capacity-building measures, such as the POC Directory or the creation of a Global Cyber Security Cooperation Portal (GCSCP). Annex A of the APR contains a checklist of practical actions for the implementation of the eleven standards. States are asked to write regular reports on how they are bringing these standards to life at both national and international level. It also recommends the establishment of Computer Emergency Response Teams (CERTS) in all countries and an exchange of experience between governments with regard to national cyber security legislation.

The participation of non-state actors in the OEWG negotiations is still controversial. At present, non-state actors who do not have ECOSOC accreditation must apply to the OEWG Chair for authorisation to participate. He only grants authorisation if no member raises an objection to admission. In the past, Russia and Ukraine in particular have made use of this right of objection and refused accreditation to institutions they disliked. To improve the procedure, a group of 13 countries, including Germany, presented a working paper on "Meaningful Multistakeholder Contributions to the Multilateral Cybersecurity Architecture" in May 2024. The paper states: "Stakeholders are at the centre of cyberspace, be it as owners and operators of elements of the infrastructure, or as the voice of communities and users of ICTs. Given the interconnected nature of cyberspace, it is essential to engage the multistakeholder community in our work". On 18 June 2024, the OEWG published a provisional list of 93 NGOs that will be able to participate indirectly in the OEWG's work in the future. These include the civil society organisations Access Now, APC, Diplo Foundation, GIGANET, ICT for Peace Foundation, ORF from India, Chatham House and the Paris Peace Forum. APNIC, cgi.br, ICANN and ISOC were listed by the technical community. The business community is only represented by the US Council for International Business (USCIB) and Hitachi Ltd. The German Council on Foreign Relations (DGAP) is recognised from Germany. The list does not include the Geneva Cyber Peace Institute (CPI), the Global Forum on Cyber Expertise (GFCE) in The Hague, the Davos World Economic Forum (WEF), Microsoft and other transnational companies. The 3rd APR mentions the role of non-state actors several times, but emphasises that they should be involved "as appropriate", i.e. on a case-by-case basis. However, what is meant by "appropriate" has been disputed since the OEWG was founded.

The mandate of the OEWG expires in 2025. There is consensus on continuing the discussion on cyber security within the UN, but different ideas on "how" to do it. The Western states have proposed a "Programme of Action" (PoA). The PoA should primarily deal with the application of the eleven 2015 norms. Russia wants an extension of the OEWG with a mandate to draft a UN convention on cyber security that is binding under international law with an expanded list of norms. The 3rd APR now initially contains a recommendation to create an as yet undefined "permanent mechanism" on cyber security issues under the umbrella of the UN General Assembly's 1st Committee on International Security Issues (UNGA). The UN Office for Disarmament Affairs (UNODA) would serve as the secretariat. The new intergovernmental body would be established for five years and meet once a year for one week in New York. In Annex C of the 3rd APR, "Elements for the Open Ended Action Oriented Permanent Mechanism on ICT Security in the Context of international security" are presented for discussion. Regarding the participation of non-state actors, it states: "Other interested parties, including business, NGOs and academia, could contribute to any future institutional dialogue, as appropriate." The first meeting of the new body is scheduled to take place in New York in June 2026. Prior to this, modalities are to be clarified at a preparatory conference in March 2026.

On 23 May 2024, the Ad Hoc Committee (AHC) for the development of a UN Convention against Cybercrime presented a revised draft with 67 articles on 41 pages.

This text is the basis for the last round of negotiations, which began on 29 July 2024 in New York and is to be concluded by 12 August 2024. Originally, the AHC wanted to conclude the negotiations, which have been ongoing since 2022, in February 2024. However, it was not possible to agree on a standardised text. The main points of contention are the definition of cyber offences, safeguarding fundamental human rights and freedoms and guaranteeing the rule of law in cross-border criminal prosecution.

In the run-up to the current negotiations, representatives of both civil society and the private sector warned against compromising the principles of the rule of law in the interests of a global consensus. At a panel of experts organised by the Diplo Foundation on 2 July 2024, it was pointed out that numerous articles of the draft of 23 May 2024 are so vaguely worded that they invite abuse. As a result, the convention would not contribute to a reduction in cyber offences, but rather to a tightening of state control over the internet.

NATO decides to launch Integrated Cyber Defence Centre

At the NATO Summit in Washington on 10 July 2024, cyber security and the use of artificial intelligence in the further development of NATO strategy were on the agenda. Against the backdrop of the Ukraine war, in which cyber attacks and autonomous weapons systems are playing an increasingly important role, NATO is in the process of further increasing its capabilities for active cyber defence. The summit adopted a revised "Artificial Intelligence Strategy and new Quantum and Biotechnology Strategies" and decided to establish a new "NATO Integrated Cyber Defence Centre (NICC)" in Brussels with a budget of 20 million US$ for 2025. The new center "will enhance the protection of NATO and Allied networks and the use of cyber space as an operational domain. The Centre will inform NATO military commanders on possible threats and vulnerabilities in cyberspace, including privately-owned civilian critical infrastructures necessary to support military activities." The new center is primarily intended to improve cooperation between the military and private industry.

OSCE holds security conference in La Valetta

On 16 and 17 July 2024, the OSCE held its annual cyber security conference in La Valetta. The topics included the misuse of cyber space for disinformation campaigns and protection against cyber attacks, particularly with regard to critical infrastructure, including the "public core of the internet". In addition to government representatives, non-governmental experts were also involved in the conference. Malta's Foreign Minister Borg, who currently holds the OSCE Chairmanship, said "Cyber threats are now a feature of efforts to destabilise states in the OSCE region. Malicious cyber activities including the spread of disinformation, undermine democratic processes and increase tensions within our societies. Such activities can also be used to disrupt relations between countries. Recent conflicts in our region, most notably Russia's war against Ukraine, demonstrate how the misuse of cyber technologies can precipitate conflict or exacerbate its impact". The conference did not pass any resolutions. Originally intended as a security partnership from "Vancouver to Vladivostok" based on the Helsinki Final Act of 1975, the OSCE is becoming increasingly less important due to the blockade by Russia and Belarus.

Artificial intelligence – a focal topic everywhere in the world

In the second quarter of 2024, the debate on the regulation of artificial intelligence continued to broaden. The most important events were the 2nd Bletchley AI Conference in South Korea, the adoption of the Council of Europe Convention on AI and Human Rights, the adoption of two UN resolutions on AI initiated by the US and China, the first informal US-Chinese AI consultations, the ITU's "AI for Good Summit", the entry into force of the EU's "AI Act", the final report of the UN High Level Advisory Panel on Artificial Intelligence and the "AI World Conference" organised by China, which published the "Shanghai Declaration on Global AI Governance".

On 21 and 22 May 2024, the continuation of the "Bletchley AI Summit" organised by British Prime Minister Sunak in London's Blechtley Park in November 2023 took place in Seoul. The "mini AI summit" was moderated by the heads of government of the UK and Korea. A "Scientific Report on the Safety of Advanced AI" by an independent group of experts was discussed, which for the first time provides a detailed assessment of the potential risks posed by the new technology. In the "Seoul Declaration for safe, innovative and inclusive AI" signed by 25 governments, two additional core AI principles were added to the four safety principles already mentioned in the " Declaration" of 2023, namely innovation and inclusion. In a "Seoul Statement of Intent", the creation of a network of AI Safety Institutes was agreed. 16 leading global tech companies from the USA, China, the EU and the UAE (including Amazon, Google, IBM, Meta, Microsoft, Mistral AI, OpenAI, Samsung Electronics, xAI and Zhipu.ai) have committed themselves in a "Frontier AI Safety Commitments" not to develop and use high-risk AI models. The "Bletchley AI Summit" will take place in France in 2025.

In March and June, the UN General Assembly adopted two resolutions on artificial intelligence. The first resolution was initiated by the USA, the second by China. Both resolutions complement each other and were adopted by an overwhelming majority. China voted in favour of the US resolution, while the USA voted in favour of the China resolution.

The "UN Resolution on seizing the opportunities of safe, secure and trustworthy artificial intelligence systems for sustainable development" initiated by the USA was adopted by the 78th UN General Assembly on 11 March 2024. It is primarily aimed at preventing the emergence of a new North-South divide in AI development: "It resolves to bridge the artificial intelligence and other digital divides between and within countries and to promote safe, secure and trustworthy artificial intelligence systems to accelerate progress towards the full realisation of the 2030 Agenda for Sustainable Development." It is an expression of the principle of "digital solidarity" enshrined in the new US strategy for international digital policy.

The UN Resolution on "Enhancing International Cooperation on Capacity-building of Artificial Intelligence" initiated by China was adopted by the UN General Assembly on 2 July 2024. It also aims to empower the Global South to actively participate in AI development as an equal partner. Article 1 is almost identical in wording with the US resolution: "Resolves to bridge the artificial intelligence and other digital divides between and within countries, and to enhance international cooperation on capacity building in developing countries, including through North-South, South-South and triangular cooperation, with full consideration of the needs, policies and priorities of developing countries, with the aim of harnessing the benefits of artificial intelligence, minimising its risks, and accelerating innovation and progress towards the achievement of all 17 Sustainable Development Goals". China's UN Ambassador Fu Cong announced his country's support for developing countries: "China aims to help developing countries strengthen AI capacity building with practical actions, promote sustainable development empowered by AI, enhance the common well-being of humanity, and contribute to building a community with a shared future for mankind". In October 2023, the Chinese government announced a Global AI Governance Initiative.

On 2 July 2024, the final report of the "High Level Advisory Body on Artificial Intelligence" (HLAB) appointed by UN Secretary-General Guterres in 2022 was leaked under the title "Governing AI for Humanity". The 20-page document proposes a UN strategy for AI in 72 paragraphs and justifies the need for global AI governance by stating that AI developments are "globally sourced", know no boundaries and not only open up enormous opportunities, but are also associated with considerable risks that must be kept under control. "No one understands AI's inner working enough to fully control its outputs or predict its evolution, with negative spill overs and downstream impacts also like to be global." The report culminates in seven recommendations:

·  The establishment of an "International Scientific Panel on AI" modelled on the International Climate Council,

·  A bi-annual intergovernmental and multistakeholder "Policy Dialogue on AI Governance",

·  The establishment of an "AI Standards Exchange" to ensure that AI developments remain interoperable worldwide.

·  The formation of an "AI Capacity Development Network" which, among other things, should also familiarise government representatives better with knowledge about AI developments.

·  The launch of a "Global Fund for AI" to finance AI projects in the Global South in particular,

·  A "Global AI Data Framework", and

·  A new "AI Office within the UN Secretariat".

The HLAB-AI report concludes with a note of optimism and is certain that the challenges can be overcome but warns against leaving the development to market forces. It claims the need of a new "Social AI Contract". "The UN can be the vehicle for a new social contract for AI that ensures global buy-in for a governance regime that protects and empowers us all. Such a contract will ensure that the opportunities are fairly distributed and the risks not loaded onto the most vulnerable or passed on to the future generations as we have seen, tragically, with climate change". The composition of the HLAB was criticised by civil society groups in particular as being too industry friendly. The recommendations are very similar to those contained in the AI chapter of the GDC. UN Tech Envoy Amandeep Singh Gil was a member of the HLAB. Germany's representative was Green MP Anna Christman. The report will be officially presented in August 2024.

On 8 and 9 May 2024, the first US-Chinese AI consultations took place in Geneva under high secrecy. The talks had been agreed between Presidents Biden and Xi in San Francisco in November 2023. The agenda, results or a date for a second round of consultations were not announced.

On 30 and 31 May 2024, the ITU held its annual "AI for Good Summit" in Geneva with more than 5,000 participants from 183 countries. UN Secretary-General Guterres and ITU Secretary-General Bogdan-Martin were joined by over 40 ministers and numerous CEOs, including Sam Altman, CEO of Open AI. The "AI for Good Summit" is a large marketplace for the exchange of ideas and information as well as an exhibition showcasing applications for areas such as health, transport and education. The summit does not make any decisions. A high-level political discussion panel, including vice ministers from China, the USA, Japan, Korea, the EU and the Council of Europe, emphasised the need to design emerging AI governance mechanisms in such a way that they meet national or regional needs while remaining compatible on a global level.

On 17 May 2024, the Committee of Ministers of the Council of Europe formally adopted the "Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law" in Strasbourg. It is the first legally binding international AI treaty and supplements both the EU AI Act and the US AI Executive Order. It is open to all states to join. Marija Pejčinović, Secretary General of the Council of Europe, said: "The Framework Convention on Artificial Intelligence is a first-of-its-kind, global treaty that will ensure that Artificial Intelligence upholds people's rights. It is a response to the need for an international legal standard supported by states in different continents which share the same values to harness the benefits of Artificial intelligence, while mitigating the risks. With this new treaty, we aim to ensure a responsible use of AI that respects human rights, the rule of law and democracy."

On 21 May 2024, the European Council adopted the EU AI Act. After a transitional period of two years, the law will apply in all EU countries from August 2026. On the one hand, the law aims to promote AI innovations, but on the other hand to avoid undesirable developments. It is based on the so-called "risk-based approach". AI applications are divided into four categories. 1. applications that violate human dignity are generally prohibited 2. applications with a high risk potential, e.g. in the medical sector, in court, in personnel administration, etc., are subject to a strict supervisory regime. 3. there is a graduated supervisory regime for low-risk applications. 4. risk-free applications are not subject to any requirements. On 29 May 2024, the EU established the "EU Artificial Intelligence Office" provided for in the law. The "AI Office" has five units and will have over 100 employees responsible for implementing the AI Act.

On 4 July 2024, a "World Conference on Artificial Intelligence" organised by China took place in Shanghai. The conference adopted a "Shanghai Declaration on Global AI Governance". The declaration contains five chapters with very general recommendations: 1. promotion of AI developments, 2. AI safety, 3. AI governance, 4. AI skills, 5. increasing the quality of life through AI. On the subject of AI governance, it states, among other things: "We advocate establishing an AI governance mechanism of a global scope, support the role of the UN as the main channel, welcome the strengthening of North-South and South-South cooperation, and call for increasing the representation and voice of developing countries. We encourage various actors including international organisations, enterprises, research institutes, social organisations, and individuals to actively play their due roles in the development and implementation of the AI governance system. We agree to strengthen the regulatory and accountability mechanisms for AI to ensure compliance and accountability in the use of AI technologies." And on the topic of AI security: "We resolve to strengthen AI-related cybersecurity, enhance the security and reliability of systems and applications, and prevent hacking and malware applications. We decide to jointly combat the use of AI to manipulate public opinion, and fabricate and disseminate disinformation on the premise of respecting and applying international and domestic legal frameworks. We will work together to prevent terrorists, extremist forces, and transnational organised criminal groups from using AI technologies for illegal activities, and jointly combat the theft, tampering, leaking and illegal collection and use of personal information. We agree to promote the formulation and adoption of ethical guidelines and norms for AI with broad international consensus, guide the healthy development of AI technologies, and prevent their misuse, abuse or malicious use." No concrete proposals are made. It is unclear who supports this declaration.

European Union – mid-term review on the digital decade

On the eve of the European Parliament elections on 9 June 2024, the European Commission presented a mid-term review of the implementation of the "Digital Decade" adopted in 2021. EU Commission President Ursula von der Leyen considers it a success that digitalisation has become a focus of European policy during her five years in office. This is documented in particular by the large number of laws on digital policy. The outcome for the European digital economy was less positive. The EU is still barely managing to catch up with US tech companies. It is also increasingly being challenged by Chinese companies.

Ursula von der Leyen's announcement in 2021 that Europe wanted to be a "norm maker" rather than a "norm taker" in the digital world and help shape the global "Digital Rulebook" was realised. More than ten laws dealing with the digital sphere were passed: Digital Market Act (DMA), Digital Service Act (DAS), Artificial Intelligence Act (AIA), NIS2- Directive, Data Governance Act (DGA), Data Act (DA), European Media Freedom Act (EMFA), Digital Operational Resilience Act (DORA) European Digital Identity Act (EDIA) and other regulations – i.e. over 2,000 pages of text with rules for shaping the digital sphere – now form a comprehensive legal basis for an area that was largely unregulated five years ago. The EU has done pioneering work here. Many of the regulations issued by the EU have been adopted by non-European countries. The "Brussels effect" has strengthened Europe's position, but it also has problematic aspects. The differences in approach between the USA and the EU have not been significantly reduced. The founding of the EU-US Technology and Trade Council (TTC) has succeeded in establishing a regular dialogue that also aims to promote a mutual learning process in digital regulation. However, the differences in data protection, big tech and artificial intelligence have not diminished. EU regulation is also used as a source of inspiration by many non-European countries and China in particular. This also has a problematic side. The adoption of EU regulations in an authoritarian state that lacks independent constitutional review procedures and protective regulations for individual rights and freedoms can also have negative effects such as more control and restrictions on freedoms.

On 21 May 2024, the EU Council of Ministers responsible for telecommunications summarised the key points for the "Future of EU Digital Policy" in a 44-point declaration. In eight chapters (digital and cutting-edge technologies, societal effects, digital infrastructure, data strategy, digital skills, green and digital transition, digital governance and international dimension), the new EU Commission is provided with a concept for the second half of the digital decade. Although the Council does not recommend taking a "breather" on digital legislation, it proposes that the new EU Commission should prioritise the implementation of the aforementioned laws. A "balance between innovation and regulatory burden" must be ensured through a coherent legal framework. On the subject of internet governance, paragraph 43 emphasises"the need to develop an EU strategy on the multistakeholder governance of the Internet to set out a common position to uphold in international fora with a view to ensuring an open, free, affordable, neutral, global, interoperable, reliable and secure Internet."

Neutral observers take a more critical view. In a report dated 17 July 2024, the Davos World Economic Forum acknowledges that the EU has set the right course with the "Digital Decade" adopted in 2021, but points to deficits in implementation. The EU "is falling short of the digital transformation targets. ... The bloc is lagging behind in areas including connectivity, digital skills and artificial intelligence (AI)". The WEF report criticises in particular the fact that digital education is falling behind. Only 55 percent of the EU population have the necessary digital skills. In the area of AI, practice would also fall short of planning. By 2030, 70 percent of EU companies should be using AI. The current figure is 17 percent. The Neue Zürcher Zeitung newspaper recognises that the EU is certainly "innovative, but not everywhere and with varying degrees of success."

The EU Commission will be newly formed in September 2024. It remains to be seen who will then be responsible for the second half of the "Digital Decade" as Commissioner for Digital Policy. The current EU Commissioner Margarete Vestager from Denmark, who has made a name for herself primarily with fine proceedings against large US corporations, is not available for a further term of office. She is moving to the head of the European Investment Bank (EIB).

US presents international digital strategy

On 6 May 2024, the US Department of State presented an "International Cyberspace and Digital Policy Strategy". The paper is based on the "National Cybersecurity Strategy" of 1 March 2023. The strategy presented by US Secretary of State Blinken focuses on the principle of "digital solidarity". This involves partnerships with like-minded countries and stakeholders. Three "guiding principles" (cyber security, rule of law and sustainable development) are to form the basis for four fields of action. "1. promote, build, and maintain an open, inclusive, secure, and resilient digital ecosystem; 2. align rights-respecting approaches to digital and data governance with international partners; 3. advance responsible state behaviour in cyberspace, and counter threats to cyberspace and critical infrastructure by building coalitions and engaging partners; and 4. strengthen and build international partner digital and cyber capacity, including capacity to combat cybercrime."

US Cyber Ambassador Nathaniel Fick said: "This strategy leads with digital solidarity as a necessary framework because nobody can address these issues alone. Digital solidarity is the willingness to work together on shared goals, to strive for aligned regulations and standards, to help partners build capacity, and to provide mutual support. We need to do that among states, of course, but also with companies and civil society organisations in a true multi-stakeholder partnership." The clear commitment to the multistakeholder principle is underpinned by precise guidelines for the US government in global digital negotiations, e.g. on the OEWG and the Cybercrime Convention. It is based on the belief that international law also applies to cyber space and that the USA will only enter into legally binding agreements if they comply with human rights. The IGF states: "The United States strongly supports the Internet Governance Forum (IGF) as the preeminent global body bringing together all stakeholders through a bottom-up process to discuss rights-respecting solutions to Internet public policy issues. It will continue to work with allies and partners to sustain and bolster the IGF's relevance".

In addition to multilateral engagement, the US government has established a system of bilateral cyber consultations where the issues discussed include OEWG, cyber crime, GDC and WSIS+20. Bilateral consultations took place on 26 July 2024 with the Philippines, on 12 June 2024 with Spain, on 29 May 2024 with Nordic and Baltic countries (NB8/Denmark, Estonia, Finland, Latvia, Lithuania, Norway and Sweden), on 3 May 2024 with Sweden and on 19 April 2024 with Slovenia. In the first quarter of 2024, such consultations were held with the Czech Republic, France and Jordan. The US government also participated with high-level delegations in the NetMundcial+10 conference at the end of April in São Paulo and in the ITU AI for Good Summit and the WSIS Forum at the end of May 2024 in Geneva.

On 12 May 2024, the White House published a 2nd Implementation Plan for the National Cybersecurity Strategy. This plan contains over 100 individual tasks for government agencies and aims to work closely with the private sector, the technical community and civil society. The plan consists of five chapters: 1. Defend Critical Infrastructure, 2. Disrupt and Dismantle Threat Actors, 3. Shape Market Forces to Drive Security and Resilience, 4. Invest in a Resilient Future and 5. Forge International Partnerships to Pursue Shared Goals.

ITU Council defines work plan for the coming years

The regular meeting of the ITU Council took place in Geneva from 4 to 14 June 2024.

The ITU Council adopted the work plan for the period from 2025 to 2028 with 43 planned outputs. Reports were given on the implementation of ITU initiatives such as Partner2Connect Digital Coalition, Space2030 Agenda and Advancing Green Digital Action. The thematic discussion centred on new technology developments such as G5/G6, Quantum, AI, digital infrastructure in the Global South and the UN Sustainable Development Goals (SDGs). The ITU Council also dealt with the GDC and WSIS +20, adopted resolutions in support of Palestine and Ukraine and approved a special program to promote young experts in the field of telecommunications. The conflict with ICANN no longer played a role.

For the first time, a UN Secretary-General took part in an ITU Council meeting. Guterres spoke in favour of overcoming the digital divide and the multistakeholder principle in AI: "Today, nearly one-third of the world's population remains unconnected, locked out of the digital revolution. Bridging that divide is not only an economic necessity, but a moral and humanitarian imperative – and fundamental for achieving the Sustainable Development Goals. ... Governments, industry, academia and civil society must develop rules and guidelines for AI safety – together, and before it is too late." Guterres recognised the role of the ITU and also addressed latent tensions between New York and Geneva with regard to the GDC but did not go into detail.

The dates and locations of the next ITU meetings were decided. The ITU General Assembly (Plenipot) will take place in Qatar in November 2026. The President of the Qatari Telecommunications Regulatory Authority, Ahmad Abdulla Al Muslemani, was elected as Chairman. The ITU World Standardisation Conference (WTSA) is planned for November 2024 in New Delhi. The ITU World Telecommunication Development Conference (WTDC) has been awarded to Baku (October 2025). The World Telecommunication/ICT Policy Forum (WTPF) will take place in 2026 under the title "Accelerating an inclusive, sustainable, resilient, and innovative digital future". The organiser has not yet been determined. The ITU Council Working Groups (CWGs) relevant to internet governance – CWG-Internet and CWG WSIS&SDG – will meet in Geneva in the week of 1 – 5 October 2024. The open multistakeholder consultations of the CWG-Internet on "The developmental aspects to strengthen the Internet" are still running until 3 September 2024. Russia had attempted to address the supervision of critical internet resources at the consultations but failed. The multistakeholder meeting of the CWG-Internet will take place on 3 October 2024 in Geneva. However, non-governmental representatives are still excluded from the regular meeting of the CWG-Internet on 4 October 2024.

World Trade Organisation (WTO) makes decision on eCommerce

After five years of negotiations at the World Trade Organisation (WTO), the co-chairs of the "WTO Joint Statement Initiative on eCommerce" from Australia, Singapore and Japan were able to present a final text for a new agreement on cross-border e-commerce in Geneva on 27 July 2024.

The negotiations on the new "WTO Agreement on Electronic Commerce" involved 91 WTO members, representing 90 percent of global e-commerce. The agreement is the first of its kind on cross-border data flows. In 38 articles, the agreement regulates issues relating to electronic commerce such as "Electronic Transactions, Electronic Authentication, Electronic Signature, Electronic Contracts, Electronic Invoicing, Paperless Trading, Electronic Payments", as well as issues such as consumer protection, data protection and cyber security in electronic transactions. The draft agreement is now to be discussed in the member states and adopted at the next WTO Ministerial Conference in 2026.

The US government withdrew from the negotiations in autumn 2023 , but this action was met with criticism from US companies involved in cross-border data traffic. The chapters on "Data Localisation", "Dispute Settlement" and "Digital Sovereignty", which were rejected by the US, are not included in the current draft agreement. According to the negotiators, however, these topics will continue to be negotiated. They could later be added to the new agreement in an annex. In addition to the USA, some developing countries such as Brazil, Indonesia and Turkey have also expressed reservations about the current text.

This does not affect the debate on the end of the moratorium agreed in 1998 on imposing customs duties on cross-border trade in digital products and services. Lifting the moratorium, which developing countries in particular have been demanding for years, failed at the 13th WTO Ministerial Conference in Abu Dhabi in March 2024. The moratorium was extended again by two years, but with the condition that this is the last extension and that it will finally expire by the 14th WTO Ministerial Conference in 2026, unless a corresponding agreement is reached between the WTO members before then.

Technical Internet community takes a stronger stance on IG

In the second quarter of 2024, the technical community became increasingly involved in the international political discussion on internet governance. This re-activation was initiated by the fact that the UN Policy Brief No. 5 of May 2023– the starting point for the GDC negotiations – completely ignored the technical community as a separate stakeholder group. With critical contributions, including a blog post from ICANN, ARIN and APNIC and a letter from the IGF Leadership Panel to UN Secretary-General Guterres signed by Vint Cerf, this imbalance was corrected in the course of the GDC discussion, and the technical community was once again mentioned as a separate stakeholder group in all GDC drafts.

On 2 July 2024, over 30 experts from the IETF and the W3C addressed UN Secretary-General Guterres and UN Tech Envoy Gil with a warning that a poorly formulated GDC could have negative consequences for the functioning of the internet: "We recognise that governments take seriously their responsibility to protect their citizens. So, as harms associated with the Internet and the Web become more apparent, there is a desire on the part of governments to act through regulation and legislation. Technical architecture can enable and influence how the Internet is used, but on its own it cannot address abuse, misinformation, inequality, or many other issues. There is nevertheless a potential danger in regulation and legislation, if it undermines the fundamentally empowering nature of the Internet. The Internet is an unusual technology because it is fundamentally distributed. It is built up from all of the participating networks. Each network participates for its own reasons according to its own needs and priorities. And this means, necessarily, that there is no center of control on the Internet. This feature is an essential property of the Internet, and not an accident. Yet over the past few years we have noticed a willingness to address issues on the Internet and Web by attempting to insert a hierarchical model of governance over technical matters. Such proposals concern us because they represent an erosion of the basic architecture."  The experts, including the fathers of the internet and the World Wide Web, Vint Cerf and Tim Barners Lee, call on the UN to find regulations that limit the misuse of the internet on the one hand, but on the other hand adhere to the "bottom-up, collaborative and inclusive model of Internet governance that has served the world for the past half century."

ICANN has also become more involved in the UN debates again. The various GDC drafts have been criticised in several papers and blog posts. There is a new mailing list called "WSIS+20" on which members of the ICANN community can comment on the international political processes. The approach proposed by ICANN's office in New York that members of the ICANN community should primarily influence UN debates via their national governments is being increasingly criticised. At the ICANN meeting in Puerto Rico in March 2024, the Public Forum already recalled that it was the unity and autonomy of the I*organisations – manifested in the "Montevideo Statement" of 2013 – that led to the IANA transition and the NetMundial conference. The technical community must once again speak with a unified voice of its own. It remains to be seen to what extent the new leaders at ICANN and ISOC, Kurt Erik Lindqvist and Sally Wentworth, will realise these discussions. In addition to WSIS+20, there are also opportunities in the OEWG, where both organisations are among the 91 accredited non-state actors.

G7 versus SCO and G20

Regardless of efforts to reach unanimous agreements within the UN or the G20, the polarisation between the emerging geopolitical blocs in cyber space continues to increase. This was demonstrated in the second quarter by the G7 Summit in Apulia on 14 June 2024 and the Shanghai Cooperation Organisation (SCO) Summit in Astana on 7 July 2024.

The 36-page "Apulia G7 Leaders' Communique" dated 14 June 2024 contains three relevant chapters: Artificial intelligence, cyber security and disinformation

In principle, the G7 are committed to an "open, interoperable, safe, secure, resilient, human rights respecting use of cyberspace". They support the multistakeholder model for internet governance. The OECD plays a special role. In principle, all initiatives within the UN framework are also supported.

In the case of artificial intelligence, reference is made to the "Hiroshima AI Process" (HAIP). AI regulation must promote innovation and minimise risks. Different regulatory approaches should not undermine global interoperability. The UN, OECD/Global Partnership on AI (GPAI) and the "Bletchley Process" are important platforms for strengthening AI safety and AI governance. For the first time, a position is also taken on the military aspects of AI. Governments should sign the "Political Declaration on Responsible Military Use of AI" adopted in The Hague in 2023. Pope Francis had called on the G7 leaders to ban AI-based autonomous weapons systems. "Precisely in this regard, allow me to insist: in light of the tragedy that is armed conflict, it is urgent to reconsider the development and use of devices like the so-called “lethal autonomous weapons” and ultimately ban their use. ... No machine should ever choose to take the life of a human being. Human dignity itself is at stake."

When it comes to cyber security, the G7 is committed to a "Programme of Action" (PoA) within the UN framework. The PoA is intended to breathe life into the standards adopted in 2015 for responsible state behaviour in cyber space. A new "G7 Cybersecurity Working Group" was established, which builds on the work of the previous "G7 Isa-Shima Cyber Group". Cooperation with non-governmental stakeholders is important: "We are willing to work with all those who share our common objective to ensure a cyberspace that supports inclusive and democratic societies, narrows the gender gap in this field, and promotes multistakeholder partnerships, including with the private sector. The fight against cyber criminals, in particular against ransomware, should be intensified. Further recommendations concern the resilience of supply chains to cyber attacks, security on the Internet of Things and the protection of critical information infrastructures such as submarine cables and satellites

The topic of disinformation has only recently become a topic at the G7 summits. "With the rapid evolution of emerging technology, we are more concerned than ever about Foreign Information Manipulation and Interference (FIMI) in our democratic institutions and processes, and how attempted interference campaigns, malicious cyber activities, and transnational repression collectively undermine sovereignty and democratic values." Measures against disinformation should be designed in such a way that the freedom of information and media, which is essential for a democracy, is not damaged. A "G7 Rapid Response Mechanism" is to be created by the end of 2024 to enable a coordinated response to disinformation campaigns. Tech companies and social media are called upon to prevent the misuse of AI for FIMI campaigns, including through greater transparency.

The SCO Astana Declaration of 7 July also contains a lengthy section on digital policy. However, the focus is less on supporting an "open and interoperable and human rights respecting cyberspace" and more on cyber sovereignty and internet governance. The UN is assigned a key role, albeit less as a platform for multistakeholder cooperation but more as an instrument for developing binding norms under international law to protect state cyber sovereignty. "The Member States emphasise the key role of the United Nations in countering threats in information space and creating a safe information environment built on the principles of respect for state sovereignty and non-interference in the internal affairs of other countries. The Member States reaffirm their intention to further promote cooperation to ensure international information security and call on the international community to seek consensus on adopting a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes within the UN."

Like the G7 states, the SCO states also hold annual meetings of their digital ministers. The plan is to establish a network of bilateral and plurilateral treaties on cyber security whose principles will be introduced into the UN negotiations.

The SCO is also increasingly trying to bring in its greater negotiating power to the BRICS group. Russia will hold the BRICS presidency in 2024. The BRICS working group on cyber security met in Moscow on 16 and 17 April. Its communiqué contains a commitment to an "open, secure, stable, accessible, and peaceful digital environment based on the principles of sovereign equality and non-interference in the internal affairs of states." At their meeting in Nizhny Novgorod on 10 June 2024, the BRICS Foreign Ministers called for the rapid conclusion of the UN Convention against Cybercrime and the development of a "universal legal framework" for cyber security. The BRICS Foreign Ministers also want to combat disinformation "in accordance with applicable national and international law".

Another organisation close to the SCO is the Collective Security Treaty Organisation (CSTO). Its foreign ministers adopted a statement "on expanding cooperation in international information security" on 21 June 2024. They called "to take steps to prevent conflicts in the digital sphere and to develop a universal international legal instrument regulating countries' activity in cyberspace." The CSTO is a military alliance of former Soviet republics led by Russia

Both the G7 and SCO/BRICS are participants in the G20. Brazil will hold the presidency in 2024. It remains to be seen to what extent the conflicting ideas on digital policy and cyber security can lead to a compromise at the summit announced for 19 November 2024 in Rio de Janeiro. A series of G20 ministerial and expert conferences were held in the second quarter of 2024, including a meeting of the G20 Digital Economy Working Group (DEWG), whose topics also include artificial intelligence. The meeting of the G20 Digital Ministers will take place on 13 September 2024 in Maceió.

Wolfgang Kleinwächter

Professor Emeritus of Internet Policy & Regulation at Aarhus University