Q2/2023 - Executive Summary

Volume 2, April – June 2023, No. 2

Four processes were at the center of the global Internet governance discussion in the second quarter of 2023:

  • The Global Digital Compact and the future of the Internet Governance Forum (IGF).
  • The future of artificial intelligence regulation
  • Consequences of the war in Ukraine for cyberspace,
  • The UN negotiations on cyber security

The discussion about the Global Digital Compact (GDC) remained a top topic in Internet governance during the second quarter of 2023. The GDC is set to be adopted during the UN World Summit on the Future scheduled for September 2024. According to the vision of UN Secretary-General António Guterres, the GDC aims to establish guardrails for shaping global digital cooperation and contribute to achieving the United Nations' Sustainable Development Goals (SDGs) by the year 2030.

  • The most significant activity during this time was the so-called "Deep Dive" discussions, conducted in a multistakeholder format by the two GDC facilitators nominated by the UN Secretary-General: the governments of Sweden and Rwanda. Between April and June 2023, a total of six "Deep Dive" discussions took place, covering topics such as Internet Governance, Data Protection, Human Rights Online, Artificial Intelligence and other Emerging Technologies, Digital Trust and Security, Global Digital Commons, and Accelerating Progress on the Sustainable Development Goals/SDGs[1] These discussions were open to anyone interested, but it remained unclear how the stakeholders' input would be further processed. According to the plan presented by the UN Tech Envoy's office, once the consultations are completed, an Issue Paper will be produced. This Issue Paper will serve as the basis for the GDC Ministerial Meeting scheduled for September 2023 in New York.
  • Some confusion regarding the further progress of the elaboration of the GDC arose from two reports published in May 2023. On the one hand, a "High Level Advisory Panel" (HLAB) nominated by the UN Secretary-General to prepare the 2024 UN Future Summit had proposed to create a new "Global Commission on Just and Sustainable Digitalization"[2] And in a "Policy Brief No.5", António Guterres put forward the idea of establishing a new "UN Digital Cooperation Forum" (DCF) for discussion. [3] Both the HLAB panel and the policy brief emphasise that they do not want to replace existing global Internet governance mechanisms, such as the IGF, which has existed since 2006, but to complement them. However, both proposals remain very vague and do not explain what such newly created (and costly) institutions could achieve that cannot also be accomplished within the framework of the IGF (and an IGF+) with its structures that have grown over the years (Dynamic Coalitions, Best Practice Fora, Policy Networks, national and regional IGFs, Leadership Panel, Parliamentarian Track).
    • Moreover, distrust was generated by the recurring description of the GDC process as an "intergovernmental process with multistakeholder participation." Critical observers suspect that this description may conceal an attempt by some governments to regain greater control over the multistakeholder process that has evolved more or less "from the bottom up" over the past 20 years. Governmental control over the IGF, including the selection of annual discussion topics and speakers, is virtually impossible due to the involvement of the Multistakeholder Advisory Group (MAG) and the Geneva-based IGF Secretariat. However, a new intergovernmental secretariat in New York for a more multilateral "Digital Cooperation Forum"would be easier to control, especially if it were better funded, for example, with contributions from Saudi Arabia, the United Arab Emirates, or China, which have so far been cautious in supporting the financing of the IGF.
    • It is unclear what the authors of the Policy Brief mean by "digital cooperation" and by "Internet governance" and how they distinguish between the two terms. The Policy Brief No.5 of May 2023 suggests, for example, that the IGF should focus on discussing the more technical Internet governance issues as addressed by ICANN and the IETF, while a new DCF could rather deal with policy issues. The paper does not provide definitional guidance for a distinction. Defining Internet governance was one of the tasks assigned to the UN Working Group on Internet Governance (WGIG) by the 1st UN World Summit on the Information Society (2003). The 2005 WGIG definition, which was literally included in the Tunis Agenda, had opted for a broad definition. According to this definition, Internet governance was more than "names and numbers" and included all issues related to the development and use of the Internet. Based on this definition, which was confirmed by the 193 UN states, the mandate of the IGF was decided. The creation of a new forum would, therefore, initially lead to a new dispute over definitions, waste limited resources and contribute to further confusion rather than clarifying serious issues.
  • Non-state stakeholders had repeatedly demanded during the Deep Dive discussions to be adequately involved in the drafting of the Issue Paper for the New York Ministerial Conference, e.g. through the formation of "Multistakeholder Drafting Teams". In a joint letter dated 8 June 2023 addressed to the two co-facilitators Sweden and Rwanda, the Chair of the IGF MAG, Paul Martin and the IGF Leadership Panel, Vint Cerf, had proposed the establishment of a "Multistakeholder GDC Sounding Board". "We would highlight that the themes and issues that are to be addressed in the GDC have been discussed and examined in great depth by the IGF community, both at the annual events and in IGF intersessional work. As such, there is a wealth of knowledge and insight that can be drawn upon in development of the compact. There are notable past examples of multistakeholder processes that we can build on and that have been successfully applied to the delivery of specific and timely outcomes, including the Working Group on Internet Governance (WGIG, 2005), the NETmundial Global Multistakeholder Meeting on the Future of Internet Governance (2014) and the IANA Stewardship Transition (2016)." The letter emphasised that the IGF was the natural place to prepare the GDC and, after the adoption of the text at the UN Future Summit, to implement its recommendations.
  • It is foreseeable that the discussion on the future of the IGF and the creation of new Internet governance mechanisms will continue to intensify. In early July 2023, the IGF MAG and the IGF Leadership Panel will meet in Geneva and will address, among other things, the process for drafting the GDC Issue Paper. It is unclear how the Ministerial Conference in New York planned for September 2023 will proceed and how non-state stakeholders will be involved in the intergovernmental negotiations. The IGF in Kyoto will take place three weeks after the New York Ministerial Meeting. The 78th UN General Assembly will consider the roadmap for the GDC and WSIS+20 in November 2023. The UN Summit of the Future is scheduled for September 2024. One year later, the Review Conference of the UN World Summit on the Information Society (WSIS+20) will have to decide whether to extend, modify or terminate the mandate for the IGF. The Geneva-based UN Commission on Science and Technology for Development (UNCSTD) is responsible for the WSIS+20 Review Conference. Its chair, Portuguese Ambassador Ana Neves, complained at the EURODIG in Tampere that the UNCSTD has so far lacked the resources to prepare WSIS+20 seriously.
  • It is also possible that - regardless of the fact that Doreen Bogdan-Martin, a US-American, now heads the International Telecommunication Union (ITU) - some governments will reactivate the ITU and bring it into play as an alternative to ICANN. On 27 June 2023, Russia tabled a draft resolution for the July 2023 ITU Council meeting in Geneva, calling for the ITU Council's CWG-Internet Working Group to look at options for creating an intergovernmental mechanism to manage domain names and IP addresses. The Russian draft resolution argues that the Internet governance mechanisms created by the USA in the mid-1990s no longer meet today's requirements and are not sufficiently hardened to be able to defend against attacks (including by cyber criminals) on the public core of the Internet (Public Core). Many states would therefore look for national solutions to protect the Internet, which would encourage fragmentation of the Internet. To prevent this, a legally binding instrument was needed at the United Nations level. [4]

Another central topic of the Internet governance discussion in Q2 2023 was the future regulation of artificial intelligence. In particular, the presentation of the first chatbot GPT by Open AI at the end of 2022 fuelled the debate. At the beginning of April 2023, the US Future of Life Institute called for a six-month moratorium on AI developments in order to be able to establish more clarity about the consequences of AI systems and to examine which regulations are necessary. [5] The letter has by now been signed by more than 30,000 experts, mainly from academia, but also by Elon Musk and Steven Wozniak (formerly of Apple). The letter, "Pause Giant AI Experiments: An Open Letter", expresses concern that the race for ever more powerful AI systems is getting out of control and that even the inventors of the systems could no longer understand, predict or reliably control the behaviour of their developments. Humanity could lose control of its own civilisation. Decisions should not be left to the technology leaders legitimised in a non-democratic way.

  • In reaction to the letter, several hearings were held in the US Congress to discuss the pros and cons of government regulation. US President Joe Biden convened an AI summit at the White House on 4 May 2023. It came to the conclusion that a balance had to be found between harnessing the possibilities of AI and avoiding its risks. "The President and Vice President were clear that in order to realize the benefits that might come from advances in AI, it is imperative to mitigate both the current and potential risks AI poses to individuals, society, and national security. These include risks to safety, security, human and civil rights, privacy, jobs, and democratic values."[6]
  • The call for regulation of artificial intelligence meets with an environment of changing views in Western democracies about regulation in the information age. The Internet has never been a lawless space. But while in the early 2000s the view prevailed that state regulation impeded innovation and economic growth and promoted censorship, support for smart regulation" has been gaining ground since the mid-2010s (especially against the backdrop of the emergence of social networking monopolies). "Smart regulation" is now widely considered to be necessary to guarantee fair competition and prevent abuse of IT technologies. At the RightsCon in Costa Rica in June 2023, for example, the new US cyber ambassador said: "The era of laissez fair digital capitalism is over." [7] Moreover calls are getting louder that request the creation of new international mechanisms for AI oversight at a global level. On 12 June 2023, for example, UN Secretary-General António Guterres, presenting his "Policy Brief on Information Integrity on Digital Platforms", suggested considering an independent UN agency for AI, possibly following the model of the Vienna-based International Atomic Energy Agency (IAEA). [8] Supporters of the proposal included Sam Altmann, CEO of Open AI. [9]
  • The first major initiative on global regulation of AI was launched by the OECD in 2016. Three years later, on 25 May 2019, the OECD adopted a recommendation with five fundamental principles (Inclusive growth, Sustainable development and well-being, Human-centred values and fairness, Transparency and explainability, Robustness, Security and safety, Accountability)[10] In the same year, these recommendations were adopted by the G20 heads of state and government. The OECD Principles were also the starting point for the UNESCO Recommendation on "Ethics and Artificial Intelligence", which was adopted by the UNESCO General Conference in October 2021. This recommendation contains, for example, the principle that AI applications that violate human dignity should be banned. However, neither the UNESCO Recommendation nor the OECD Principles are legally binding.
  • Legally binding instruments are currently being drafted in the European Union, the Council of Europe and the USA, but also in China, India, the African Union and other countries.
    • The most advanced project is the so-called "AI Regulatory Package" of the European Union. The core of the EU scheme is the so-called "risk-based approach". According to this approach, AI applications are divided into four categories. Applications that violate human dignity are banned. For AI applications with a significant risk, strict certification and control mechanisms apply. For applications with a low risk, milder criteria apply. There are no requirements for risk-free everyday applications. The proposed legislation has now been discussed in all European bodies and was passed by the European Parliament on 14 June 2023 as the "EU AI Act"[11] Critics fear difficulties in implementation, especially with regard to the establishment of certification bodies and supervisory authorities.
    • The Council of Europe has opted for a "Framework Convention". The draft of this document is being prepared by a "Committee on Artificial Intelligence" (CAI) headed by Swiss Ambassador Thomas Schneider. The CAI office published a first consolidated draft of the "Framework Convention" on 5 May 2023, which was discussed by the 6th CAI plenary session (30 May to 2 June 2023) in Strasbourg. A second consolidated draft is scheduled to be available by the beginning of July 2023. The work is planned to be completed by spring 2024 and to then open the convention for signature by the member states. As all EU states are also members of the Council of Europe, the EU AI Act and the AI Framework Convention of the Council of Europe are closely coordinated to avoid possible conflicts or inconsistencies.
    • The US-American White House published a so-called "Blueprint for an AI Bill of Rights" in October 2022, containing principles for a possible AI regulation. [12] The document is not yet a legal act. In the US, the debate on what future AI regulation should look like is still ongoing. There is a group of congressmen who, similar to the Council of Europe, favour a "framework regulation" that does not go into detail. Others would prefer more detailed regulations. In a speech to the Center for International and Strategic Studies (CSIS) in Washington, US Senate Majority Leader Charles Schumer called for policy innovation for AI regulation: "Lawmakers will need to invent a new process to develop the right policies to implement our framework." And he added that "the typical path of simply holding congressional hearings on proposed AI regulations will not allow lawmakers to come up with the right policies, since the speed of technological development means that by the time we act, AI will have evolved into something new."[13]
    • The issue of AI regulation played a role at both the G7 Digital Ministers meeting in Takasaki in April 2023 and the 3rd EU-US Trade and Technology Council (TTC) meeting in Lulea at the end of May 2023. The G7 Digital Ministers generally support initiatives on AI regulation but recommended keeping these regulations compatible to prevent regulatory confusion at the global level: "We reaffirm our commitment to promote human-centric and trustworthy AI based on the OECD AI Principles and to foster collaboration to maximise the benefits for all brought by AI technologies. We oppose the misuse and abuse of AI to undermine democratic values, suppress freedom of expression, and threaten the enjoyment of human rights. We stress the importance of international discussions on AI governance and interoperability between AI governance frameworks, while we recognise that like-minded approaches and policy instruments to achieve the common vision and goal of trustworthy AI may vary across G7 members. Tools for trustworthy AI, such as regulatory and non-regulatory frameworks, technical standards and assurance techniques, can promote trustworthiness and can allow for the comparable assessment and evaluation of AI systems. We support the development of tools for trustworthy AI through multistakeholder international organisations, and encourage the development and adoption of international technical standards in SDOs through private sector-led multistakeholder processes."[14]
    • In April 2023, China published a draft of a possible AI regulation. [15] The draft, entitled "Measures for the Management of Generative Artificial Intelligence Services", contains many elements of the European Union's AI Act, but does not include rule-of-law procedures in the implementation of the intended regulation. [16]

The war in Ukraine is increasingly becoming a cyber war. The use of Internet-based weapon systems such as drones, Internet- and satellite-based reconnaissance of the military opponent's operations, and the information war waged primarily in social networks have led to a new dimension of warfare that was unknown in the 20th century. However, the "cyber war" of the 21st century does not replace conventional war, as many experts have claimed in recent years, it supplements it. Activities are not limited to reciprocal attacks by Russian hackers on Ukrainian facilities and Ukrainian hackers on Russian facilities. Cyber attacks beyond the territory of the two fighting states also increase. These attacks do not have the character of a use of force prohibited by Article 2.4 of the UN Charter, but they certainly are part of corresponding operations in the immediate war zone. Cyber attacks — especially DDOS attacks and extortion with ransomware – on Western institutions supporting Ukraine with weapons have increased considerably. Japan, for example, saw a significant increase in cyber attacks attributed to Russian entities once Japan had expanded its support for Ukraine [17] Cyber attacks against EU member states are also on the rise. [18] At the EURODIG on 20 June 2023, Finnish cyber ambassador Stefan Lindström therefore spoke of the first "cyber world war" in human history. "The bottom line is that this is the first cyber world war. We had world wars before, but they have not been cyber war worlds, that's the first one."

Notwithstanding the war in Ukraine, international negotiations for a global cyber security architecture continued in Q2 2023. However, no progress was made. All negotiations have come to a halt.

  • The Open Ended Working Group (OEWG), which deals with general cyber security issues, held an intersessional session in New York from 23 to 26 May 2023, at which non-state observers in particular had their say. [19] Once again, the conflicting ideas became apparent. The Western states propose that the OEWG should concentrate on implementing the set of norms for responsible state behaviour in cyberspace already agreed in 2015. To this end, they have proposed a so-called "Programme of Action" (POA) with corresponding reporting and review procedures. The more autocratic states and many states of the global South, on the other end, want to start working on a legally binding UN instrument to strengthen cyber security. During a visit by the OEWG chair, Burhan Gafoor, to Moscow on 22 June 2023, Russia again advocated "the possibility of devising a universal international legal framework for regulating the way states behave in the information space based on a concept of a UN convention on ensuring International Information Security." [20] DThe only concrete outcome of the OEWG founded in 2019 is the principal agreement on parameters for a global intergovernmental "Points of Contact Directory for exchanging information on computer attacks and incidents" as a confidence-building measure. There has not been agreement yet on capacity-building measures to strengthen cyber security. The next formal OEWG meeting is scheduled for the end of July 2023 in New York and will discuss the OEWG Chair's report to the 78th UN General Assembly. Still unresolved is the status of non-state actors in the further negotiations.
  • Also In the negotiations of the Ad-Hoc Committee (AHC)on the elaboration of a UN convention against cyber crime, the front lines between the different approaches have become more visible in Q2 2023. While one group of states prefers a convention that is as short and clear as possible and limited to the core areas of cyber crime, other states are in favour of a treaty that goes into great detail and includes as many crimes as possible that can be committed with the Internet and makes them the subject of the UN convention. The main point of contention is the extent to which so-called content-based crimes – the dissemination of illegal content, racism, terrorism, extremism, fake news and dis- and misinformation –  should become part of the convention. Western states reject such inclusion. They see it as a possible legitimisation for introducing widespread Internet censorship. China and Russia are pushing for corresponding rules. Another point of contention is the rule of law procedures when prosecuting cross-border crimes in cyberspace, such as investigation and extradition procedures. In contrast to the OEWG, the participation of non-governmental organisations is more openly regulated in the AHC. Contributions from the International Chamber of Commerce (ICC), the Digital Peace Institute, Electronic Frontier Foundation (EEF) and Interpol were incorporated into proposals from member states. The next formal round of negotiations will discuss the consolidated draft text, which is currently over 100 pages long, in New York at the end of August 2023. According to current plans, a final draft should be available by the 1st quarter of 2024.
  • Negotiations by a group of government experts on a legal instrument for lethal autonomous weapon systems (GGE LAWS) are also not progressing. The GGE LAWS met again in Geneva from 15 to 19 May 2023. No substantial progress was made. The models discussed in the last rounds of negotiations to differentiate between "fully autonomous" and "semi-autonomous" weapons systems, which requested fully autonomous systems to be forbidden under international law and strict (legally non-binding) rules for semi-autonomous systems, remain on the agenda, but no final agreement is in sight.

At the annual OECD Ministerial Conference (7 to 8 June 2023 in Paris), a new OECD Recommendation on Digital Identity was adopted. The non-legally binding document contains a series of definitions of what is meant by "digital identity" and how, in the digital age, the identity of natural and legal persons should be managed beyond identity cards and passports, especially in cross-border traffic. [21] The ministers also reaffirmed the "Declaration on Trusted, Sustainable and Inclusive Digital Future" adopted by the OECD Digital Conference in Gran Canaria in December 2022, which advocates an unfragmented Internet. [22] On the subject of artificial intelligence, the ministers referred to their 2019 Declaration of Principles and supported a policy that promotes innovation on the one hand, but is aware of its responsibility and supports application "in a way that respects human rights and democratic values" on the other. The one-day new OECD "Global Forum on Technology" (GFT) dealt, among other things, with immersive technologies such as the Metaverse. The GFT did not pass any resolutions.

The cooperation of the BRICS countries in the areas of cyber security and the digital economy is making only slow progress. At their meeting in Cape Town on 2 June 2023, the BRICS foreign ministers could only agree to support the negotiation of the AHC to draft a UN convention against cyber crime. The statement makes no reference to the OEWG or the GGE LAWS. Neither was there any mention of earlier demands by the BRICS ministers, such as to strengthen the role of the ITU in Internet governance and to subject the management of critical Internet resources such as domain names and IP addresses to an intergovernmental regime. The lofty plans within the framework of a "Partnership on New Industrial Revolution" (PARTNIR) with joint research projects have stalled, too. This also applies to the output of the Digital BRICS Task Force (DBTF), which remains largely invisible. However, at the Cape Town meeting in June 2023, the foreign ministers agreed to expand cooperation on artificial intelligence and "supported communication and cooperation on AI technology to promote mutual benefits, called for strengthening AI international governance and encourage policy exchanges and dialogues on AI, with a view to exploring to establish an effective global governance framework with the aim to protect human rights and spur innovation and economic growth." [23] The BRICS summit is planned for August 2023 in Durban. An expansion of BRICS will also be discussed. Almost 20 countries have expressed interest in cooperating more closely with BRICS, including Saudi Arabia, the United Arab Emirates, Argentina, Iran and Pakistan. Overshadowing the summit preparations is the issue that South Africa, as a member of the International Criminal Court, would be obliged to execute the arrest warrant issued against Russian President Putin.

On 11 May 2023, the Global Forum on Cyber Expertise (GFCE) announced that the long-planned World Conference on Cyber Capacity Building (GC3B) will take place on 28 to 29 November 2023 in Accra, Ghana. GC3B is organised in cooperation with the World Bank, the Cyber Peace Institute Geneva, the Davos World Economic Forum and the Government of Ghana. [24] In June 2023, Uruguay, Samoa and Pakistan joined the GFCE. This brings the number of GFCE members to 108. At the GFCE European Regional Conference in Brussels on 23 April 2023, GFCE Director David van Duren said that the focus of the GFCE's work is increasingly shifting from creating public awareness of cyber security issues to implementing existing international standards and recommendations. Cyber capacity building is one of the focal points of the UN negotiations on cyber security under the OEWG. Russia had vetoed the participation of the GFCE, the Cyber Peace Institute and the World Economic Forum in the UN negotiations in this context.

Mehr zum Thema
Q2/2023