Q4/2023 – Executive Summary

Q4/2023 – Executive Summary

Developments in the Internet Governance Environment from October to December 2023:

In the 4th quarter of 2023, the global Internet governance discussion focussed on the following topics:

  • The 18th IGF in Kyoto
  • The Global Digital Compact (GDC)
  • Preparations for WSIS+20
  • The discussions about the regulation of artificial intelligence (AI)
  • The role of the Internet in the wars in Ukraine and Gaza
  • The UN negotiations on cyber security
  • The EU's digital regulations
  • New challenges for ICANN

18th IGF in Kyoto: Internet topics discussed on a broad basis

The 18th Internet Governance Forum (IGF) in Kyoto ended on 12 October 2023. With over 12,000 registered participants, it was the largest IGF since its inception in 2006. UN Secretary-General Guterres and Japan's Prime Minister Kishida opened the five-day meeting. The output includes 89 "IGF Messages from Kyoto", four comprehensive reports with recommendations from IGF Policy Networks (PN) on Artificial Intelligence, Internet fragmentation, Internet access and cyber security, the recommendation of the High Level Governmental Track and the Parliamentarian Track as well as the transcripts of more than 300 sessions.[1]The IGF Leadership Panel (LP) presented its paper "The Internet we want". The paper formulates five principles on how the Internet should continue to develop: "1. whole and open; 2. universal and inclusive; 3. free-flowing and trustworthy; 4. safe and secure; and 5. rights-respecting".[2]By the next IGF, the paper shall develop into a kind of "charter", which some described as the "Kyoto protocol for the digital age". The IGF took place in the same congress center where the original "Kyoto Protocol" on climate change was adopted in December 1997.

The IGF discussed almost everything that is listed on the global digital agenda: artificial intelligence and new technologies, Internet fragmentation, cyber security, cyber crime and online safety, data governance and trust, digital divide and inclusion, human rights and freedoms, sustainability and environment, digital trade and digital taxation, platform regulation, fake news and disinformation. The Kyoto IGF was a marketplace for the free exchange of ideas, information and expertise between governments, parliaments, businesses, civil society, technical and academic communities and young people from around the world. Despite all other conferences, the IGF is unique because of its universality. After 18 years, the IGF is a success story. It largely fulfils the expectations that the UN Working Group on Internet Governance (WGIG) had when it developed the idea of the IGF in 2005.

However, the IGF also has weaknesses. Governments are well represented, but ministers are rather rare. Representatives of the Internet industry come to the IGF, but what is missing is the C-level of large Internet companies. For SMEs or Internet start-ups, there is little incentive to spend five days in an expensive city. The Global South is becoming increasingly active, but the number of experts from Asia, Africa and Latin America on the IGF podiums is sparse. The IGF plays a big role in social media, but the IGF is largely ignored in traditional media. There is a concrete IGF output, but it remains unclear how the IGF messages are implemented politically, both nationally and internationally. The Parliamentarian Track, which was founded in Berlin in 2019, has been established, but it remains to be seen whether the MP Roundtables will play a role in the adoption of Internet laws in national parliaments. The IGF Leadership Panel has realised that part of its role is to raise its voice in negotiations at the UN on topics such as artificial intelligence, platform regulation, cyber security, cyber crime, digital trade, digital human rights and infrastructure development. However, governments rarely look towards the IGF in these negotiations. These are missed opportunities, and this is where the IGF still has potential. In a multipolar world in which geostrategic conflicts lead to increased confrontation, it is precisely the informal IGF discussions that can help to identify areas for cooperation and thus also opportunities for compromise.

In Kyoto, the IGF steering committee – the Multistakeholder Advisory Group (MAG) was routinely reappointed. The new chair is Carol Roach, a minister from the Bahamas. She replaces Paul Mitchel from Microsoft. Germany is no longer represented on the MAG. However, as a former host, Germany has a permanent MAG seat. Philipp Schulte from BMDV is a MAG member for 2023/2024. The 19th IGF will take place from 16 to 20 December 2024 in Riyadh, Saudi Arabia. Abdulrahman Almutairi, Director at the Saudi Ministry of Digital Affairs, will serve as MAG Co-Chair until December 2024.[3] The first IGF-MAG consultations for the 19th IGF will take place from 27 to 29 February in Riyadh.

Global Digital Compact & UN Pact for the Future

The contours of the Global Digital Compact (GDC) became clearer in the fourth quarter of 2023. The GDC played a central role at the IGF in Kyoto. This related to key content and the process. The IGF discussions on the GDC were summarised in a letter to UN Secretary-General Guterres from the Chair of the IGF Leadership Panel, Vint Cerf, and the outgoing and incoming Chairs of the MAG, Paul Mitchel and Carol Roach. They called for all stakeholders to be adequately involved in the negotiations and renewed the offer to use the IGF as a platform for the implementation of possible GDC recommendations. The GDC is to be adopted as part of the UN Future Summit planned for 23 September 2024.

At the beginning of December 2024, two rounds of consultations on the UN Future Summit were held with governments and stakeholders in New York.[4] The two co-coordinators, Namibia and Germany (UN Ambassador Antje Leendertse), presented the general plan for the summit document. According to this, a "Pact for the Future" is to be adopted by 193 heads of state and government at the summit. The planned document is to contain five chapters, including Chapter 3 on "Science, Technology and Innovation; Digital Cooperation". The GDC is planned as an annex to the UN Pact for the Future. [5]

The coordinators for the GDC are Sweden and Zambia. In September 2023, both governments presented a two-page "GDC Issue Paper" with substantive guardrails. In light of the IGF discussions and the December consultations in New York, the roadmap for 2024 has been clarified. Four multistakeholder and government consultations are planned to be held between February and March 2024, and written proposals can be submitted until 10 March 2024. Then, three rounds of intergovernmental negotiations are scheduled for April and May 2024. The final draft of the text is expected in June or July 2024. [6]

Many substantive and procedural questions are still open. It is unclear how proposals from non-governmental stakeholders will be dealt with in concrete terms. It is also unclear how detailed the GDC should be. Proposals range from a short statement with general principles to a comprehensive document with recommendations for the eight identified areas. It is unclear how the "follow-up" of a GDC should be organised. The IGF has offered to be available as a "landing place" for the implementation of GDC recommendations. This would require the review conference of the UN World Summit on the Information Society (WSIS+20) planned for 2025 to extend the IGF's mandate. The proposal that the GDC should create an alternative "Digital Cooperation Forum" (DCF) based in New York was rejected by the international community, including at the IGF in Kyoto, but is not off the table.

WSIS+20 and the concept of Internet governance

Preparations for the review conference of the UN World Summit on the Information Society (WSIS+20) planned for 2025 have begun with an intersessional session of the UN Commission on Science and Technology Development (UNCSTD) in Lisbon in November 2023.[7] The UNCSTD is the UN body that deals with the implementation of the WSIS resolutions from Geneva and Tunis.

At the conference in Lisbon, the main focus was on how the WSIS goals can be more closely linked to the UN Sustainable Development Goals (SDGs) in the future. WSIS+20 should therefore pave the way for greater coordination. A review conference for the SDGs is due in 2030. Sustainable development in the 2030s without a strong focus on digitalisation makes no sense. It is therefore conceivable that the existing SDG and WSIS goals for the next development cycle (2030 to 2045) could be summarised as "Comprehensive Development Goals" (CDGs) at the UN SDG Summit in 2030.

The Lisbon discussion also showed that, against the backdrop of geo-strategic tensions, expectations of major progress at WSIS+20 should be rather modest. It would already be a success if all 193 states could agree to recommit to the principles and goals of the Geneva Declaration of Principles (2003) and the Tunis Agenda (2005). The goal agreed in Geneva of creating a "people-centred, inclusive and development-oriented Information Society, where everyone can create, access, utilize and share information and knowledge, enabling individuals, communities and peoples to achieve their full potential in promoting their sustainable development and improving their quality of life, premised on the purposes and principles of the Charter of the United Nations and respecting fully and upholding the Universal Declaration of Human Rights" is still valid and does not need to be revised. Renegotiating the documents would entail the risk of lowering the standards of Tunis and Geneva. There was no need to reinvent the bicycle. Where new challenges have arisen in the last 20 years – such as artificial intelligence or social networks – there should be adjustments, possibly also through the creation of two or three new "WSIS Action Lines".

This approach also applies in principle to Internet governance as defined in the Tunis Agenda. Since Tunis, new developments have also introduced new terms into the discussion, such as digital governance, AI governance, cyber governance, data governance, IOT governance, etc. In principle, the broad definition of Internet governance adopted in Tunis would also cover the governance challenges posed by new developments in cyberspace and digitalisation. This applied in particular to the multistakeholder approach, but also to the need for open, transparent, inclusive and bottom-up policy development processes. The "broad definition" of Tunis encompasses both the technical aspects (management of critical Internet resources and standardisation) and the "Internet-related public policy issues". Internet governance is therefore still acceptable as a generic term, although there are specifics in the individual areas that should also be represented by specific forms of governance. Reducing the term Internet governance to the technical aspects (narrow definition) and labelling political aspects as "digital governance" is not very helpful and leads to a confusion of terms and fragmentation of the discussion.

Another topic on the agenda in Lisbon was the future of the IGF. WSIS+10 had extended the IGF mandate by ten years in 2015. WSIS+20 must decide on a further extension or expansion of the mandate. This is closely linked to the GDC. Should the GDC agree to grant the IGF a mandate to implement its decisions, this would have a precedent-setting character for a mandate extension and could lead to an IGF+. Should the GDC establish a new DCF, the future of the IGF would be open. UN Tech Envoy Amandeep Gil Singh did not mention the DCF in Lisbon, but also did not support the proposal by Vint Cerf, Paul Mitchel and Carol Roach to make the IGF the "GDC landing place".

The exact timetable for WSIS+20 is still unclear. It is to be specified at the regular UNCSTD meeting in Geneva in April 2024. This will also determine whether there should be a separate WSIS review conference or whether the review will take place as part of the 80th UN General Assembly (September to December 2025). The extent to which the ITU will be involved and the future of the WSIS Forum organised by the ITU are also open questions.

Regulating AI: maximising opportunities, minimising risks

The debate on artificial intelligence gained further momentum in the fourth quarter of 2024. There is now no longer any leading country that is not working on a national AI strategy. In contrast to the early days of the Internet, where there was broad consensus that early Internet regulation was detrimental to innovation and could lead to restrictions on freedom, there now is a broad consensus that AI regulation is necessary.

The consensus mainly relates to the principle that the possibilities of AI must be maximised and the risks minimised, but opinions differ as to what this regulation should look like in concrete terms. The spectrum ranges from proposals for very detailed regulation with clearly defined duties and responsibilities, including bans on the development of AI applications that violate human dignity, to proposals for framework regulations in which more general principles are laid down and specific regulations are only made when the consequences of individual applications can be assessed more concretely.

The most important events in the fourth quarter of 2023 were the London AI Summit in October, the adoption of the AI Executive Order by US President Biden in November and the agreement in the European Union on the EU AI Act in December. In December, the AI expert group appointed by the UN Secretary-General also presented its interim report. The Council of Europe has made substantial progress in drafting an AI framework convention, the finalisation of which has been announced for March 2024.[8] Italy, which took over the G7 presidency on 1 January 2024, intends to continue the "G7 AI Hiroshima process"[9] . Russia and China have also submitted proposals for global AI regulation. Critical voices from the global South are growing louder, complaining that the development of AI applications has so far done little to overcome the digital divide. India has now taken over the chairmanship of the OECD-led „Global Partnership on Artificial Intelligence" (GPAI)[10]and wants to work on minimising fears of an "AI North-South Divide".

i.     The "AI Summit" organised by British Prime Minister Sunak in London adopted a "Bletchley Declaration". In this document, 27 governments and numerous leading Internet companies agreed to identify AI risks at an early stage and to develop corresponding policies and necessary regulations. Internet companies are called upon to ensure transparency in the development, testing and market launch of AI products. An "internationally inclusive network of scientific research on frontier AI safety that encompasses and complements existing and new multilateral, plurilateral and bilateral collaboration, including through existing international fora and other relevant initiatives, to facilitate the provision of the best science available for policy making and the public good" is to be promoted.[11]It was remarkable that China was invited to the otherwise Western-dominated conference and played a constructive role. The absence of civil society was criticised. The non-binding nature of the outcome was also criticised. The AI summit is to take place annually. Seoul has offered to host the event in 2024.

ii.     On 30 October 2024, US President Biden published a 100-page "Executive Order (EO) on Safe, Secure, and Trustworthy Artificial Intelligence". The aim of the EO is "to establish new standards for AI safety and security, to protect Americans' privacy, to advance equity and civil rights, to stand up for consumers and workers, to promote innovation and competition, to advance American leadership around the world, and more."[12]Biden's EO can be seen as a response to the EU AI Act, which has been under discussion in the EU for years and was finalised in December 2023. A presidential EO is not a formal law, but it also has a binding effect. There are a number of proposals for an AI Act in the US Congress, but the prospects for a bipartisan solution are slim. There are numerous similarities between the EU law and the US President's EO, but also significant differences. President Biden relies less on the "risk-based approach" favoured in the EU, with bans and specific obligations for service providers. The EO favours a legal framework that includes protection mechanisms for consumers, but also leaves room for innovation. The EO explicitly refers to the need for a global approach, both through bilateral consultations with third countries and by supporting the G7 AI Hiroshima process, the G20, OECD and corresponding UN initiatives.

iii.     On 8 December 2024, after months of trilogue negotiations between the European Council, European Parliament and European Commission, a final agreement was reached on the "EU AI Act", which has been under discussion for years. EU Commission President von der Leyen said: "The EU AI Act is the world's first comprehensive legal framework for AI. This is a historic moment. With the AI Act, European values are being realised in a new era. By focussing regulation on identifiable risks, today's agreement will promote responsible innovation in Europe. By ensuring the safety and fundamental rights of people and businesses, it will support the development, deployment and adoption of trustworthy AI in the EU. Our AI law will make a significant contribution to the development of global rules and principles for human-centred AI."[13] The law introduces four risk groups for AI applications. Companies that fail to comply with the regulations face fines of up to 35 million euros. The AI Act introduces transparency rules along the value chain. For AI models with systemic risks, there are obligations for risk management, monitoring, model evaluation and attack tests. New codes of conduct are to be developed in cooperation with industry, science and civil society. National market surveillance authorities will be given supervisory powers. A new "European Artificial Intelligence Office" will be set up within the EU Commission. International cooperation within the G7, the G20, the OECD and the UN will be strengthened.

iv.     On 15 December 2023, the AI expert group appointed by UN Secretary-General António Guterres published its interim report "Governing AI for Humanity".[14] It contains an overview of the current state of AI development as well as future trends and analyses various international political initiatives for AI regulation. Five principles for a possible UN AI treaty are put forward for discussion: "AI should be governed inclusively, by and for the benefit of all; AI must be governed in the public interest, AI governance should be built in step with data governance and the promotion of data commons; AI must be universal, networked and rooted in adaptive multistakeholder collaboration; AI governance should be anchored in the UN Charter, International Human Rights Law, and other agreed international commitments such as the Sustainable Development Goals". Options for the creation of a UN body for AI will be discussed. Guterres had brought up the IAEA model in an AI discussion in the UN Security Council. EU Commission President von der Leyen referred to the Intergovernmental Panel on Climate Change at the G20 summit. The UN expert group has analysed over 20 models, including ICANN, but has not yet submitted a final proposal. The final report is due to be presented in summer 2024.

Artificial intelligence as a military weapon

The Internet is playing an increasingly important role in the military conflicts in Ukraine and Gaza. This applies in particular to the role of social networks in influencing public opinion. In the Ukraine war, Internet-based drones are being used, both for reconnaissance and for offensive operations. Cyber attacks on civilian and military targets are an integral part of warfare on both sides. For example, the technical surveillance cameras installed in major Ukrainian cities, which use Russian software, are used by Russian hackers as a gateway for military reconnaissance. On the other hand, a Ukrainian semi-private IT army regularly attacks targets in Russia. In the Gaza war, the Israeli army is using AI-generated facial recognition to identify and kill Hamas fighters. The Internet thus practically becomes a weapon.

Global social networks are increasingly becoming a platform for psychological warfare. Attempts to get hate speech and fake news under control through platform regulation have so far met with little success. The EU began implementing the Digital Services Act (DSA) in the fourth quarter of 2023 and has demanded reports from the major Internet platforms on how they are complying with the standards set by the DSA.[15] In October 2023, UNESCO adopted a document with principles for platform regulation that applies to all 193 UN states. However, the document is not legally binding. [16]

Warnings that the world is entering an AI arms race are increasing. Internet-based autonomous weapons systems were discussed for the first time in the UN General Assembly in October 2023. Negotiations have so far taken place in a "Group of Governmental Experts on Lethal Autonomous Weapons Systems" (GGE LAWS).[17] However, no progress has been made there.[18]On 4 December 2023, the 78th UN General Assembly adopted a UN resolution initiated by Austria with 164 votes in favour, five against (Russia, India, Mali, Niger, Belarus) and abstentions (including China). However, the UN resolution contains little substance. UN Secretary-General Guterres is merely called upon to submit a comprehensive report to the next UN General Assembly. Governments and stakeholders are asked to contribute to the report. What is to happen with this report in autumn 2024 remains unclear. [19]

Military aspects are not included in the AI regulations of the EU, the Council of Europe and the USA. Former US Secretary of State Henry Kissinger, who died in December 2023, warned of a military AI catastrophe in an essay in Foreign Affairs in October 2023 and compared it to the risks of nuclear war. "Will machines with superhuman capabilities threaten humanity's status as master of the universe? Will AI undermine nations' monopoly on the means of mass violence? Will AI enable individuals or small groups to produce viruses capable of killing on a scale that was previously the preserve of great powers? Could AI erode the nuclear deterrents that have been a pillar of today's world order? At this point, no one can answer these questions with confidence. But as we have explored these issues for the last two years with a group of technology leaders at the forefront of the AI revolution, we have concluded that the prospects that the unconstrained advance of AI will create catastrophic consequences for the United States and the world are so compelling that leaders in governments must act now."[20] Kissinger called for China and the USA to enter into negotiations on this topic in the same way as the US and the Soviets did with the SALT negotiations to avoid a nuclear war in the late 1960s. The extent to which the AI consultations agreed by the US and Chinese presidents, Biden and Xi, at their summit in San Francisco on 15 November 2023 will include these military aspects remains to be seen[21] .

New UN resolutions on cyber security

As a result of the UN cyber security negotiations at the 78th UN General Assembly, three resolutions were adopted in early December that relate to the work of the Open Ended Working Group (OEWG)[22]. In November, the Chair of the Ad Hoc Committee (AHC) for the development of a UN convention against cyber crime presented a further consolidated draft. The UN resolutions and the AHC draft convention reflect the current geopolitical climate: as with climate change, all states are in principle convinced that something must be done to ensure the stability of cyberspace in order to avoid running unchecked into a global disaster. But the ideas on how to achieve this drift far apart between autocracies and democracies. And the "global South" is increasingly making its own voice heard.

The three UN resolutions on the OEWG concern the creation of an intergovernmental mechanism of contact points to reduce the risk of cyber warfare, an action program proposed by the Western states to implement the eleven cyber security norms of 2015 and a future negotiating mechanism on cyber security within the UN framework.

i.  The resolution on the OEWG Chair's progress report[23]was adopted by consensus. The centrepiece of the report was the agreement on the creation of an intergovernmental mechanism for the establishment of so-called "Points of Contact" (PoC). The PoC mechanism is intended to function like the "red telephone" that was installed between the USA and the former Soviet Union after the Cuban Missile Crisis in the 1960s. In the event of a cyber attack, governments shall have the opportunity to contact the suspected government in order to clarify the situation. A similar mechanism was introduced years ago by the OSCE and works well.

ii.  With its resolution, Russia wanted to obtain a mandate to develop new cyber security norms and anchor them in a legally binding UN convention on cyber security in the future. The West does not reject this in principle but argues that clarity should first be sought on how the eleven existing GGE norms are applied in practice by states. First, a comprehensive picture of the behaviour of states in cyberspace in accordance with international law was needed. Then gaps in the norms could be identified and their legalisation discussed. The final text remains vague in this respect. It received 112 votes in favour, 52 against (including all EU members, the USA, Japan, Australia, Turkey, Ukraine and Albania) and eleven abstentions.

iii.  The resolution proposed by France on the programme of action was adopted with 158 votes in favour, 10 against (including China and Russia) and 12 abstentions.[24] The "Programme of Action" (PoA) is intended to focus on the implementation of the eleven GGE standards from 2015 and shall lead to a permanent UN cyber security negotiating platform after the OEWG mandate expires in 2025. France had proposed organising a world conference on cyber security in 2025 to define the principles, objectives and actions of a PoA. However, the proposal for such a conference was not supported by a majority.

iv.  This schizophrenic duplication has no consequences for the current work of the OEWG in 2024. Two more regular meetings and several informal consultations are planned.[25] However, the future of the OEWG after 2025 remains open and must be clarified by the 79th UN General Assembly in autumn 2024.

v.   It is also unclear how non-governmental stakeholders from the private sector, academia, civil society and the technical community will be involved in the work of the OEWG. Between the formal OEWG meetings, so-called informal consultations take place in which everyone, regardless of whether they are recognised as an NGO by ECOSOC or not, can make their voice heard. This applies, for example, to Internet companies such as Microsoft, research institutions such as the Geneva Cyber Peace Institute or the Hague-based Global Forum on Cyber Expertise (GFCE). Many NGOs are barred from participating in regular OEWG meetings. The POA resolution introduced by France calls for an inclusive dialogue with "relevant stakeholders" where it is "appropriate". All states have a right of veto in the judgement of what is "appropriate". Russia, for example, has blacklisted more than a dozen NGOs, including the Berlin-based "Stiftung Neue Verantwortung" (SNV). Ukraine, in turn, has blocked the participation of Russian organisations such as the Moscow Institute of International Relations (MGIMO).

On 6 November 2023, the Chair of the AHC presented a new draft text for the UN Convention against Cybercrime.[26] However, the text is still full of "square brackets". It is still unclear what exactly is meant by a criminal offence in cyberspace. Illegal intrusion into other people's networks? The offence of a blogger violating national censorship regulations? Western countries want a narrow definition, autocracies a broad one. Procedures for cross-border online investigations and the extradition of identified criminals are unclear. And it is also controversial how to find a balance between cyber security and human rights that is orientated towards the rule of law. The final meeting is scheduled for the end of January 2024 in New York. If there is no consensus, the convention can also be adopted with a two-thirds majority and submitted to the UN General Assembly in autumn 2024. Should the West decide not to sign, the Council of Europe's Budapest Convention on Cybercrime from 2001 would continue to apply.

EU digital policy is driving numerous laws forward

EU digital policy was very intensive in the fourth quarter of 2023, particularly in December. This related to legislation as well as the implementation of the "Digital Decade" and the expansion of bilateral cooperation.

On 1 December, a final agreement was reached on the Cyber Resilience Act (CRA). The CRA is intended to increase the security of hardware and software.[27] Agreement was also reached on the law on artificial intelligence – the EU AI Acton 5 December.[28]The Commission, Parliament and Council had previously agreed on a final regulation for the so-called EUid wallet (European Digital Identity Wallet) in a trialogue. As a result, all EU citizens will have the possibility to use an EUid wallet to access public and private online services, while fully guaranteeing the security and protection of personal data throughout Europe.[29] On 30 November, the European Commission launched a joint undertaking for chips, thus implementing the EU Chips Act to strengthen the European semiconductor ecosystem and Europe's technological leadership. The aim is to bridge the gap between research, innovation and production and facilitate the commercialisation of innovative ideas. The "Chips Joint Undertaking" will set up pilot plants for which EU funds totalling EUR 1.67 billion will be made available.[30]On 14 December, the EU Commission concluded a contract worth EUR 41 million with a private consortium, including the Germany company IONOS, to create a "common European data space" in accordance with the Data Governance Act (DGA).[31]At an "Industry Roundtable" on 4 December in Brussels, EU Commissioner Breton called on the private sector to invest more in digital infrastructures.[32]An EU White Paper is to be published in spring 2024.

On 24 November, the EU agreed a digital partnership with Canada, in which the topics of artificial intelligence, digital trade and cyber security in particular are to be discussed.[33] The 9th US-EU Cyber Security Consultations took place in Brussels on 5 and 6 December. An agreement was concluded between ENISA and CISA, the two government bodies responsible for cyber security, on an expanded exchange of data. A similar cyber security dialogue with the UK followed on 15 December.

In the fourth quarter, the EU Commission took the first steps towards implementing the Digital Services Act (DAS), in particular by requesting reports from the Very Large Online Platforms (VLOPs). On 12 October, X (formerly Twitter) was asked to report in writing[34], on 1 December Meta[35]and on 15 December Google and Apple[36] followed. On 20 December, three adult entertainment providers (Pornhub, Stripchat and XVideos) were also defined as VLOPs and thus also have to meet the reporting obligation [37]. On 11 December, the EU Commission launched consultations on the creation of a data exchange platform called "Agora" to implement the Digital Services Act (DSA). On 18 October, the EU Commission adopted a series of recommendations to its 27 members on how they should deal with controls for illegal content, and in particular terrorist propaganda.[38]

New challenges for ICANN

ICANN celebrated its 25th birthday in October 2023 at its 78th meeting in Hamburg. Overall, the general assessment of ICANN’s work was positive. However, also shortcomings were discussed.

ICANN's lasting successes include, in particular, the IANA transition of 2016, but also the Universal Dispute Resolution Policy (UDRP), the expansion of the domain name space (IDNs and new gTLDs) and the increase in DNS security through the introduction of DNSSEC. ICANN continues to be the globally recognised model of a multistakeholder organisation. In 25 years, the number of registered domain names has grown from a few million in 1998 to almost 400 million in 2023. In 1998, there were around 200 active top level domains, in 2023 there are around 1500.

ICANN's main weaknesses today are the lengthy policy development processes (PDP), such as the handling of data protection in the former whois database and the introduction of new gTLDs, creeping bureaucratisation and the dominance of commercial interests of those stakeholders with the greatest economic strengths. The influence of users (At Large) has steadily dwindled in recent years. ICANN's handling of the various reviews is also viewed critically. There are more than ten processes in which ICANN's committees and individual policies are examined. This leads to hundreds of recommendations that are only implemented slowly. The ATRT3 team's recommendation to conduct a critical holistic review of ICANN is still under discussion three years after the recommendation was made.

New challenges include the growing misuse of the DNS for illegal activities (DNS abuse), the development of new and possibly alternative name and number systems (Ethereum)[39]or state regulation in the area of cyber security. The extent to which ICANN, with its limited technical mandate, should participate in global discussions on cyber security and Internet governance is still being debated. ICANN's new CEO, who may already be appointed at the 79th ICANN meeting in Puerto Rico, will have to decide how ICANN positions itself, for example, in the Global Digital Compact, WSIS +20 or the UN cyber security negotiations.


[2] https://www.intgovforum.org/en/content/the-Internet-we-want






[8] https://www.coe.int/en/web/artificial-intelligence/cai

[9]https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/g7-leaders-statement-on-the-hiroshima-ai-process/ and https://www.atlanticcouncil.org/event/road-to-puglia-amb-ferrari-on-italys-g7-presidency-in-a-time-of-crises/


[11] https://www.gov.uk/government/publications/ai-safety-summit-2023-the-bletchley-declaration/the-bletchley-declaration-by-countries-attending-the-ai-safety-summit-1-2-november-2023 "our agenda for addressing frontier AI risk will focus on: identifying AI safety risks of shared concern, building a shared scientific and evidence-based understanding of these risks, and sustaining that understanding as capabilities continue to increase, in the context of a wider global approach to understanding the impact of AI in our societies.

building respective risk-based policies across our countries to ensure safety in light of such risks, collaborating as appropriate while recognising our approaches may differ based on national circumstances and applicable legal frameworks. This includes, alongside increased transparency by private actors developing frontier AI capabilities, appropriate evaluation metrics, tools for safety testing, and developing relevant public sector capability and scientific research.




























[39] On 15 December, ICANN's Security and Stability Advisory Committee (SSAC) published an "SSAC Report on the Evolution of Internet Name Resolution Report https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-123-15-12-2023-en.pdf

Wolfgang Kleinwächter

Professor Emeritus of Internet Policy & Regulation at Aarhus University