Uncategorized Archives | Page 16 of 117 | Digital Watch Observatory

Parliamentary Roundtable Safeguarding Democracy in the Digital Age Legislative Priorities and Policy Pathways

Session at a glance

Summary

This discussion focused on safeguarding democracy in the digital age through legislative priorities and policy pathways, bringing together members of parliament from around the world to address how digital technologies impact democratic institutions. The session was part of the parliamentary track at the Internet Governance Forum (IGF) 2025, with participants from Norway, Kenya, California, Barbados, and Tajikistan sharing their national experiences and challenges.

Key speakers emphasized the urgent need to balance freedom of expression with combating misinformation and disinformation, particularly as artificial intelligence technologies blur the lines between fact and fiction. Norwegian MP Grunde Almeland highlighted concerns about truth becoming less relevant in political discourse, while advocating for strengthening independent media organizations as a crucial countermeasure. Kenyan Senator Catherine Mumma outlined her country’s comprehensive legal framework including cybercrime and data protection acts, while noting ongoing challenges with hate speech and electoral misinformation that sometimes leads to violence.

California Assembly Member Rebecca Bauer-Kahn discussed the state’s pioneering role in privacy legislation and AI regulation, including requirements for watermarking AI-generated content and disclosure in political advertisements. She emphasized the need for “technology for good” and increased investment in academic institutions to compete with profit-driven tech companies. Barbados MP Marsha Caddle shared experiences with deepfakes targeting political leaders and stressed the importance of democratic literacy and creating a culture of evidence-based information.

Several participants raised concerns about technological dumping by advanced economies onto developing nations, comparing it to historical patterns of exploitation. The discussion concluded with calls for stronger international cooperation, similar to nuclear weapons treaties, to hold big tech companies and advanced nations accountable for their global impact on democratic processes and human rights.

Keypoints

## Major Discussion Points:

– **Balancing Freedom of Expression with Combating Misinformation**: Parliamentarians discussed the challenge of protecting free speech while addressing the spread of false information, particularly how AI and deepfakes are blurring the lines between fact and fiction in democratic discourse.

– **Legislative Frameworks and International Cooperation**: Panel members shared their countries’ approaches to digital governance, from Kenya’s comprehensive legal framework to California’s privacy legislation, emphasizing the need for harmonized international standards rather than fragmented national approaches.

– **Electoral Integrity and Democratic Trust**: Significant focus on protecting elections from AI-generated disinformation, deepfakes, and manipulation, with examples ranging from deepfakes of political leaders to concerns about electronic voting systems across different jurisdictions.

– **Technology for Good vs. Profit-Driven Solutions**: Discussion of the need to invest in academic institutions and civil society to develop beneficial AI tools, rather than leaving technology development solely to well-funded private companies focused on profit.

– **Global Digital Divide and Technological Responsibility**: Strong emphasis on addressing “technological dumping” where advanced economies and big tech companies export harmful practices to developing nations, with calls for accountability similar to nuclear weapons treaties or climate agreements.

## Overall Purpose:

The discussion aimed to bring together parliamentarians from different countries to share legislative approaches and policy solutions for safeguarding democratic institutions in the digital age, while fostering international cooperation on digital governance frameworks.

## Overall Tone:

The discussion maintained a serious but collaborative tone throughout. It began with formal opening remarks emphasizing urgency and responsibility, evolved into practical sharing of national experiences and challenges, and concluded with passionate calls for global accountability and cooperation. While acknowledging significant challenges, the tone remained constructive and solution-oriented, with participants demonstrating mutual respect and shared commitment to democratic values despite representing diverse jurisdictions and political systems.

Speakers

**Speakers from the provided list:**

– **Nikolis Smith** – Founder and President of StratAlliance Global, a strategic advisory firm supporting public-private partnerships and technology policy engagement; Session moderator

– **Junhua LI** – Undersecretary General of the UN Department of Economic and Social Affairs

– **Martin Chungong** – Secretary General of the Inter-Parliamentary Union (appeared via video message)

– **Catherine Mumma** – Senator from Kenya

– **Rebecca Bauer-Kahn** – California Assembly Member, Chair of the Privacy and Consumer Protection Committee

– **Grunde Almeland** – Member of Parliament from Norway

– **Marsha Caddle** – Member of Parliament from Barbados, former Minister of Innovation and Technology

– **Zafar Alizoda** – Member of Parliament from Tajikistan

– **Audience** – Various audience members who asked questions during Q&A sessions

**Additional speakers:**

– **Kenneth Pugh** – Senator from Chile, South America

– **Mounir Souri** – Member of Parliament from the Kingdom of Bahrain

– **Hugo Carneiro** – Member of Parliament from Portugal

– **John K.J. Kiarie** – Member of Parliament from Kenya

– **Anna Luhmann** – Member of Parliament from Germany

Full session report

# Safeguarding Democracy in the Digital Age: A Parliamentary Perspective on Legislative Priorities and Policy Pathways

## Executive Summary

This comprehensive discussion brought together parliamentarians from across the globe to address the challenge of protecting democratic institutions in an era of rapid digital transformation. The session, moderated by Nikolis Smith of StratAlliance Global as part of the Internet Governance Forum (IGF) 2025 parliamentary track, featured representatives from Norway, Kenya, California, Barbados, Tajikistan, and other jurisdictions sharing their national experiences and legislative approaches to digital governance.

The discussion revealed both the universal nature of digital threats to democracy and the diverse approaches being taken to address them. From deepfakes targeting world leaders to sophisticated misinformation campaigns undermining electoral processes, participants shared practical experiences and legislative solutions while emphasizing the need for international cooperation and balanced approaches that protect both democratic processes and fundamental rights.

## Opening Context and Urgency

The session began with a video message from Martin Chungong, Secretary General of the Inter-Parliamentary Union, who emphasized that digital technologies have fundamentally altered the information landscape, creating an environment where governments struggle to distinguish fact from fiction and electoral processes face constant manipulation. He highlighted how artificial intelligence has transformed the misinformation landscape through deepfakes, AI-generated content, and algorithmic amplification.

Junhua Li, Undersecretary General of the UN Department of Economic and Social Affairs, reinforced the need for global cooperation on combating misinformation, noting that fragmented approaches risk undermining democratic discourse worldwide.

## National Experiences and Legislative Approaches

### Kenya’s Comprehensive Framework and Challenges

Senator Catherine Mumma from Kenya provided a detailed overview of her country’s approach to digital governance. Kenya has established a comprehensive legal framework including the Computer Misuse and Cyber Protection Act, the Data Protection Act, and the Media Council Act. However, she acknowledged significant gaps, particularly in addressing misinformation and disinformation specifically.

“We don’t have a law that specifically addresses misinformation and disinformation,” Mumma explained, noting the challenge of “hitting the balance between protection of human rights and regulating and also allowing innovation to progress unhinged, is something that is beyond legislation, is something that sometimes is beyond the politics of the day.”

She described how Kenya faces particular challenges with misinformation and disinformation on social media during electoral periods, which sometimes escalates to violence and ethnic tensions. Mumma emphasized that electoral integrity depends largely on neutral electoral management bodies rather than just technology, highlighting the importance of institutional frameworks alongside technological solutions.

### California’s Pioneering Regulatory Approach

California Assembly Member Rebecca Bauer-Kahn shared her state’s experience as a pioneer in both privacy legislation and AI regulation. She detailed California’s Consumer Privacy Act (CCPA) and ongoing efforts to implement watermarking requirements and disclosure laws for AI-generated political content.

Bauer-Kahn focused heavily on technological solutions, emphasizing watermarking technology and device-level authentication for distinguishing reality from AI-generated content. She described California’s push for embedded authentication technology in cameras and requirements for platforms to implement watermarking systems.

She acknowledged constitutional constraints, noting that “constitutional protections of free speech create challenges in regulating misinformation while requiring creative solutions like disclosure requirements.” Her approach emphasized “technology for good,” advocating for increased funding for academic institutions to compete with large AI companies and ensure democratic alternatives to profit-driven technological development.

### Norway’s Media-Centric Strategy

Grunde Almeland from Norway presented his country’s approach, which centers on strengthening independent media organizations as a crucial countermeasure to misinformation. He detailed Norway’s legislative measures that prevent media owners from interfering with editorial decisions and provide extensive public funding for media organizations.

“Truth is becoming less relevant,” Almeland observed, explaining that AI-powered content creation enables people to remain in confirmation bias bubbles where they engage only with information that confirms their existing beliefs. He argued that this makes it “hard and harder to pierce with factual debate and true, well, facts.”

Almeland’s perspective was notably pragmatic, arguing that “most things are already quite heavily legislated” and that international cooperation is often more important than creating new legislation. He referenced an expert group on AI and elections and emphasized providing people with fundamental information to make their own decisions rather than making judgments for them.

### Barbados’ Transparent Parliamentary Process

Marsha Caddle from Barbados shared her country’s experience with implementing cybercrime legislation through transparent parliamentary processes that included extensive citizen input. She described Barbados’s transparency measures, including broadcasting parliamentary committee meetings and Prime Minister speeches.

Caddle provided a compelling example of the real-world impact of deepfakes: “The deepfake was about the prime minister saying something in relation to another major world power. Now that has the potential to completely, especially in this current global political environment, to completely put at risk a lot of what a country is doing with respect to policy and global engagement.”

She emphasized the responsibility of platforms to implement better verification methods while balancing accessibility concerns, and called for building local tech ecosystems that can create tools to fight misinformation while promoting innovation.

### Central Asian Perspectives

Zafar Alizoda from Tajikistan highlighted challenges facing Central Asian countries, particularly how global platforms apply different policies to different regions. He noted that while EU citizens benefit from GDPR protections, developing countries often lack the same priority in platform policies, creating unequal protection standards globally.

His intervention highlighted the unequal treatment of different regions by global technology platforms and the need for more equitable international standards.

## Critical Interventions and Broader Perspectives

### Addressing Technological Inequality

A significant intervention came from John K.J. Kiarie, a Member of Parliament from Kenya, who challenged assumptions about technological equality through a post-colonial lens. “To imagine that countries in places like Africa will at one point be at par with Silicon Valley is a fallacy,” Kiarie stated. “To imagine that such advanced economies do not have responsibilities is also wrong.”

He drew explicit parallels to historical exploitation: “what will happen with this AI is that my people will be condemned to digital plantations, just like they were condemned with sugar cane and with coffee and with all these other things that happened in slave trade.”

This intervention prompted discussion about the responsibilities of advanced economies and technology companies, with speakers acknowledging the need for more equitable approaches to global digital governance.

### Audience Engagement and Practical Concerns

The session included substantial audience participation, with questions covering electronic voting security, financial scams targeting vulnerable populations, and age verification challenges. These interventions highlighted practical implementation challenges beyond the policy frameworks discussed by panelists.

Questions about children’s rights and access to information in the context of age restrictions revealed tensions between protection and access that remain unresolved in many jurisdictions.

## Areas of Common Ground

Despite representing diverse jurisdictions, participants found common ground on several key principles:

### International Cooperation

Speakers consistently emphasized that digital governance challenges require coordinated international responses. Almeland suggested that IGF could serve as a platform for developing shared rules, while Mumma described how African parliamentarians have formed regional caucuses to share experiences and develop common approaches.

### Supporting Independent Media and Verification

There was broad agreement on the importance of independent media and verification technologies, though speakers proposed different approaches. The discussion covered various verification methods, from technological solutions like watermarking to institutional approaches focused on editorial independence.

### Balanced Approaches

All speakers emphasized the need to balance protection of democratic processes with preservation of fundamental rights like freedom of expression, though they acknowledged this remains challenging in practice.

## Ongoing Challenges and Future Directions

The discussion identified several unresolved challenges:

### Implementation Gaps

Multiple speakers acknowledged that policy development moves slower than technological advancement, creating persistent gaps between emerging challenges and regulatory responses.

### Cross-Border Enforcement

The global nature of digital platforms creates significant enforcement challenges, with existing international cooperation mechanisms often inadequate for addressing sophisticated cross-border digital manipulation.

### Technological Inequality

The discussion highlighted fundamental questions about ensuring equitable access to digital technologies and preventing the reproduction of historical patterns of exploitation in digital forms.

## Practical Outcomes and Commitments

The session produced several concrete commitments:

– Participants agreed to carry IGF 2025 outcomes back to their respective countries to drive policy coherence

– California committed to continuing legislative efforts on watermarking requirements and embedded authentication technology

– African parliamentarians indicated they would continue using regional caucuses to develop common approaches

– Speakers agreed to explore developing codes of conduct for social media platforms

## Conclusion

The discussion demonstrated both the complexity of challenges facing democratic institutions in the digital age and the potential for meaningful international cooperation. While participants represented different political systems and levels of technological development, they found substantial common ground on fundamental principles while acknowledging that implementation must be adapted to local contexts.

The conversation revealed that effective digital governance requires moving beyond purely regulatory approaches to encompass investment in beneficial technologies, strengthening of democratic institutions like independent media, and genuine international cooperation that addresses power imbalances. The parliamentarians’ commitment to continuing engagement through regional and international forums suggests potential for meaningful progress, though significant challenges around enforcement, technological inequality, and the pace of change remain to be addressed.

Session transcript

Nikolis Smith: Good afternoon, everyone, and welcome back. I trust that everyone was able to get a bite to eat and their stomachs are replenished and ready for more IGF 2025. So today’s session, the title of today’s session is Safeguarding Democracy in the Digital Age, Legislative Priorities and Policy Pathways. This session gathers members of parliament from across the globe to discuss how digital technologies are impacting democracy and what legislative and policy actions are being taken to preserve democratic institutions and trust. Again, my name is Nikolis Smith. I’m the founder and president of StratAlliance Global. StratAlliance is a strategic advisory firm supporting public-private partnerships and technology policy engagement. Now, before we call our distinguished panel to the floor, we have to start by recognizing a familiar face that I’m going to call in just a second. He’s been an advocate for the IGF since its existence. Please welcome Mr. Junhua LI, Undersecretary General of the UN Department of Economic and Social Affairs.

Junhua LI: Your Excellencies, distinguished members of the parliament, dear colleagues, good afternoon. It is my great pleasure to welcome you all to the parliamentary tract of the IGF 2025 in Lillestern. As we convened this important meeting, our purpose is very clear, to bring legislators together with all the other stakeholders in shaping digital policies and legislative frameworks to ensure an open, inclusive, and secure Internet for all. Under the overarching theme of the IGF 2025, Building Digital Governance Together, we will focus on the critical needs for international digital cooperation to address today’s digital challenges. Among the most urgent of these is the dual imperative to protect the freedom of expression while combating the rampant spread of misinformation and disinformation. The ability to speak freely, access accurate information, and engage in an open online discourse is the bedrock of democratic societies. Yet, these fundamental rights are being tested, not only by disinformation and censorship, but also by the rise of powerful technologies like the generative AI that further blurs the lines between fact and fiction, challenging our very understanding of truth. We face profound challenges, from the false narratives that erode trust in public institutions to the targeted disinformation campaigns that threaten peace and stability. The digital environment demands new approaches that uphold human rights while preserving civic space. At the same time, We must ensure that the responses to these threats do not infringe upon the very freedoms we seek to protect. As members of the Parliament, your role in navigating this complex terrain is pivotal. You have the authority to craft the legislation that safeguards the freedoms of the expression and the access to the information. Promotes the media and the information literature and strengthens the resilience of the democratic discourse. You can foster a digital environment where the right to express the diverse views is protected and respected. And where the reliable fact-based information is prioritized over the manipulation and distortion. This is how we can ensure that the innovation and inclusion advance in lockstep with the human dignity and safety. By actively engaging in this forum, you are not only contributing to a vital global dialogue on the digital policies, but it also shaping the national frameworks that reflect these shared values. I appealed and urged all of you to carry the outcomes of our discussions here in IGF 2025, back to your respective departments. Driving continued momentum and policy coherence at the both national and the regional levels. Over the past years, we have seen encouraging progress while expanding the parliamentary engagement in national and the regional IGFs. From West Africa to the Asia-Pacific, this localization of our goal conversation is essential. We are eager to learn from your insights and national experiences and identify the new avenues for collaboration. Let us strengthen this engagement and champion the digital governance that respects the freedom of expression, addresses the information integrity, and supports open, inclusive, and rights-based digital space. I extend my sincere thanks to the Inter-Parliamentary Union, the Norwegian Parliament, and our partners for their invaluable collaboration on the parliamentarian track, and for their commitment to integrating the parliamentary voices into the UN processes. I wish you a very fruitful exchange and impactful outcomes. Thank you.

Nikolis Smith: Thank you very much. Mr. Li, thank you very much for those words of encouragement. As we go through the challenges with Internet governance, now, this would not be a proper parliamentary track session if we did not hear from a very respected person that we all know, Mr. Martin Chungong, Secretary General of the Inter-Parliamentary Union, and as a prominent advocate for resilient democratic institutions, we have a video message that we would like to show you now.

Martin Chungong: Mr. Under-Secretary General, Distinguished Parliamentarians and IGF Participants, I have great pleasure in welcoming you to this Parliamentary Roundtable at the 20th Internet Governance Forum. This session provides a unique platform for parliamentarians, policymakers and digital governance experts to build consensus on one of the most pressing challenges, safeguarding democratic institutions in the digital age. At a time when democratic norms face unprecedented pressure and public trust continues to erode, global cooperation on combating misinformation is more crucial than ever. A fragmented approach to information integrity risks undermining the very foundations of democratic discourse and exacerbating the crisis of trust that threatens our societies. The rapid spread of misinformation through digital technologies has fundamentally altered the information landscape in which our democracies operate. Governments struggle to distinguish fact from fiction, electoral processes face manipulation through coordinated disinformation campaigns, and democratic institutions find their legitimacy questioned based on false narratives. The rise of artificial intelligence has fundamentally transformed the misinformation landscape, with deepfakes, AI-generated content and algorithmic amplification creating unprecedented challenges for democratic discourse. Yet, within this challenge lies profound opportunity. By working together across borders and political systems, we can develop common principles that preserve both free expression and democratic integrity. Parliaments as the voice of the people have a pivotal role in ensuring that digital transformation strengthens rather than weakens democratic governance. In our response, we are guided by the Global Digital Compact, an emerging international consensus on information integrity. And while the Global Digital Compact represents an important foundation, there is still much work to transform its vision into effective safeguards for democracy. I encourage all participants to actively engage in these discussions, recognizing that the frameworks we develop today will determine whether democratic institutions emerge stronger from the digital transformation. Together we can ensure that democracy not only survives the digital age, but emerges more resilient, transparent, and responsive to the citizens we serve. Thank you.

Nikolis Smith: Okay, thank you Mr. Chungong for those remarks. Now it is my deep honor to introduce our panel that’s going to be with us this afternoon. First we have Senator Catherine Mumma from Ghana, I’m from Kenya. Then we have Rebecca Bauer-Kahn, California Assembly Member, Chair of the Privacy and Consumer Protection Committee. Grunde Almeland from Norway, Member of Parliament. Marsha Caddle from Barbados, also a Member of Parliament and former Minister of Innovation and Technology. Zafar Alizoda from Tajikistan, Member of Parliament as well. I’d like to welcome them to the stage. Full disclosure, everyone, I made the first mistake, said that one of our first speakers is actually from Ghana, but she’s from Kenya. My apologies. Wanted to get that out there first and foremost. Okay, so here we are. We’re back. This is the parliamentary track session. We have a lot to talk about over this next hour. So what we’re going to do is we’re going to have our distinguished panelists here. We’ll go through a series of questions. We will also leave time for the audience to ask questions because that’s very important. And then we’ll have some closing remarks as well. So let me start first with the host of this year’s IGF, Grunde Almeland. Recently you just concluded an expert group on AI and elections, was recently tasked with this. What are the biggest challenges that you see, Gunda, from the Norwegian democracy in terms of how it faces and what are those challenges? What are you doing exactly in parliament? Because I know, you know, when we think of AI, it’s at every intercourse that we see, you know, from not only just the IGF, but other bodies. But I know that it’s very important for Norway and the parliament. So if you can just kind of enlighten us and kind of where you guys are at this point.

Grunde Almeland: Of course, first of all, it’s an honor to host this event here and it’s an honor for all of us in Parliament as well that this event is taking place here in our country. But to your question, I think what worries me the most is one of the key findings in the report you’re referencing, and that is that truth is becoming less relevant. And with that, the report that went through all these different elections in 2024 and 2024, how AI is super powering content, creating so much more content to engage with for people, we see that truth is becoming less and less important because what you engage with, what you look at, is things, content that is already confirming your held beliefs and are kind of helping you stay in this comfortable bubble that it’s hard and harder to pierce with factual debate and true, well, facts, so to say. And I don’t want to be all doom and gloom, because there is a lot that we can do. And one of the, you know, they look at a lot of different measures in that report. You know, they look at how you can build competency, you know, how to implement stuff in schools, how you, you know, you should advance research. But one of the key measures is supporting and strengthening independent media organizations. And I think this is the measure that I want to focus on in the beginning now, because it is such an important measure in order to have something that can kind of combat this reality that is being created in a lot of different bubbles. And there is such a connection between our trust as politicians, trust in us as politicians, and people having access to true information. and having access to also media or content that is being edited by a professional, well, independent media, edited media, so to say that they know that what we are doing as politicians are being checked, you know, that we are being transparent about what we are doing and this is where the media comes in. And I think for Norway, independent media has been an important political issue across the isle for a lot of years. I’m very happy to say that we are number one on the press freedom index and it’s partially because of what we are doing in parliament, but of course hugely what the reporters are doing every day on their work. But looking at what the parliaments can do, you know, starting with a strong legislative foundation and that is having, we are having an act that ensures independence, editorial independence, that ensures that owners of a newspaper cannot go in and challenge what the editor or the journalist are reporting on, making sure that we as politicians are not, we do not have access, even though we do allocate a lot of funds to the media, we are not able to access independent decisions on what is being reported. Any owner of a newspaper cannot require to see a journalist’s work before it’s being published. You know, these kind of legislative measures are really important to have a strong foundation. And then comes, you know, funding and we do quite extensively fund the media in Norway. I think this is very important in order to have all these, not only national newspapers that would be there, that could thrive in almost any kind of society, but also having those small local news outlets that can also check what the politicians and staff is doing on a local level. And I think having this kind of built-up media system ensures that people who know it can, you know, they know that they can access information on what we’re actually doing. And there is a lot to be said for this, you know, we have a lot to work on in order to become more transparent, especially when you see a shift in how we also communicate as politicians going from, you know, more simpler days of writing letters to each other and going now on to all these different channels of technology, you know, there is a lot of things to be done. But I think this is a good starting point and I’ll end on this note saying that the report also, you know, is also highlighting one last thing and that is that we have to be level-headed and not exaggerate the impact of AI because exaggerating it, you know, and trying to fearmonger as politicians is also a way of making that kind of misinformation have a stronger meaning in itself.

Nikolis Smith: Thank you for those remarks and you’re absolutely right about keeping the level, right, because we don’t want to approach everything with fear, right? We have to remember that AI is a tool that was invented by humans, right? But there’s benefits, right, to AI and what we’re going to talk about today will speak to that. And so I appreciate those introductory remarks. I wanted to turn now to you, Senator, my good friend from Kenya. You’re very well known in circles on the African continent. You’re very active in the regional things that are happening as it relates to the IGF. Can you help us kind of take us through what are you seeing as kind of the emerging threats in Kenya? And kind of what are the countermeasures that you’re taking to this point?

Catherine Mumma: Thank you very much. First to say that Kenya has embraced matters relating to digital technology in a profound way. We recognize that this is where the world is headed, not just on actually all democratic matters, including both politics and development. So Kenya has kind of anticipated this, and I would want to say that we have a good legal framework that currently supports the growth of internet and digital technological advances. We have a very facilitative constitution that protects freedoms of expression, the right to access information, but also provides for protection of human rights. It is very strong on human rights. It also provides for protection of consumer rights. As a result, we have a number of laws that actually guide or regulate issues relating to matters of internet and digital technology. We have the Computer Misuse and Cyber Protection Act. We have the Data Protection Act. We have the Media Council Act. We have the Copyrights Act that protects intellectual property. And we have the National Cohesion and Integration Act that set up a commission to deal with matters relating to hate speech. But we still have are challenges when it comes to misinformation and disinformation using the social medias. And we don’t have a law that specifically addresses misinformation and disinformation, not because the law is somewhere and needs to quickly come, as you will appreciate from the conversations we’ve had since this morning, hitting the balance between protection of human rights and regulating and also allowing innovation to unhinged, to progress unhinged, is something that is beyond legislation, is something that sometimes is beyond the politics of the day. Because as politicians, a lot of the misuse, the disinformation and misinformation is particularly during electoral times. And for us in Kenya, every time is election time. We actually finish elections today, and the next day we are competing for the next, we are already campaigning. So there is a lot of disinformation use of hate speech in our part of the country, or a part of where our country is. We have been, or we have suffered post-election violence following hate speech that was negatively, I mean, that used negative ethnicity. And that’s how we came up with the Cohesion Commission. But now with matters, digital technology, we’ve had a lot of misinformation that is used by political competing, politically competing groups to actually use demonizing language, misinformation around maybe national policies that are happening. to try and demonize a government, or information to try and demonize an opposition leader. And it’s happening to a stage where it’s ending up in violence. And I would want to say that our challenge, really, is on how we can regulate that without looking as if we are over-correcting or over-enforcing. There is also the challenge of the possibility of abuse of office, misuse by government of some of the privileges. How would we use, for instance, surveillance around matters, digital content, to the advantage of the government and to abuse rights of opponents, political opponents. So I would say we have a good legislative framework not complete enough in the sense that we still have to find ways of protecting rights, including rights of children. I think we have a lot of, we have a lot of access for children on the internet that is actually harming their health, including matters relating to pornography and so on. Now, we would need to think through to find out how do we, beyond the Kenyan parliament and Kenyan legislation, how would we think through a violator that is situated in another jurisdiction? What kind of conversation can we have in forums like the IGF to ensure that beyond national legislation, we are able to come up whether with its codes of conduct that would one hold, accountable, those in charge of these platforms, as well as ensure that the freedom to advance in digital technology happens. There is also, when you’re talking about human rights, we also need to think about beyond the issue of information and disinformation, how do we include more people? In our area, I think one of the things we need to do is have greater investment. Beyond regulation, we need to give some financial investment in the necessary public digital infrastructure that would see those in rural areas equally participating in the benefits of the digital space and technology, to see more women participating in this space, to see more other vulnerable and minority groups participating in this space. So as a country, I believe beyond protecting against disinformation, there is the issue of also inclusion, which is a human rights issue that we need to look at. So as we discuss this issue, beyond just discussing the regulation, we need to discuss how best to invest more in order for more people to participate in this space.

Nikolis Smith: Well, let me just say that, hats off to all the work that you’re doing in Kenya, because as you listed a long list of laws that you’ve been able to implement, so that’s progress, right? Obviously, you made the point clear that there’s still more progress to be done, but I think that Kenya’s in the right direction, they’re going in the right direction, and I commend you guys for that. Thank you. You know, on this same topic, I wanna move now to… Assemblymember Rebecca Bauer-Kahn of California. You know, I lived in California as a kid as well, so there’s a little bit of priority here with that. But California has been very active in this space. Probably more active than other states in the country. So tell us how, you know, what are the approaches now? Knowing what you did back in 2018 when CCPA was passed, and we’re looking now into the future, where are we going forward? And when we think about regulatory approaches, what’s being explored in terms of, to ensure information integrity, right? Because now, as the Senator mentioned, it’s elections, right? And we just got through one election, right? And there’s gonna be more on the horizon. So in terms of integrity, where do we go now?

Rebecca Bauer-Kahn: Well, thank you so much for this conversation. It’s my first time at the IGF, and I have to say that one of my takeaways so far this morning is that, despite the fact that all of our jurisdictions are so different, we’re really all struggling with this same issue of information integrity. And for those that don’t know, the law that was cited is our privacy law. We were the first state in the United States to pass a privacy protective piece of legislation shortly after the European Union passed their privacy laws. And some states have followed, but we’re still not nearly as protective as the European Union. And, you know, I should ground this in being from California. We are home to 32 of the top 50 AI companies. We are home to all of the major social media companies. So, you know, these are the people I represent. They make this technology. They proliferate it to the world. And with that, I think we feel a great responsibility and sitting there this morning, listening to what is happening across the world as a result of some of this, it’s intense what these companies are doing to change the global ecosystem. And we have the federal government. I have long believed the federal government is in the best position to regulate these technologies for us as a country, but they won’t, and they don’t. And so the states are taking it upon themselves to protect our constituents and to try to push these companies in the direction of responsibility. But as I’m sure many people in the room are aware, we too have constitutional protections of freedom of speech. Our constitutional protections say that we may not stop people from speaking. It also says we cannot force people to speak, which is an interesting dynamic because one of the ways that we have tried to combat mis- and disinformation as a result of our First Amendment, our protection of freedom of speech, is to require more speech, to say you have to disclose when you’re using AI in a political advertisement so people know that they’re seeing something that’s AI-generated. That’s held up in the courts right now because the courts are seeing that as forced speech. And so we have a very complicated dynamic of how we get at this issue of mis- and disinformation when we have such strong protections around speech. But that’s one way, and so we continue to try to do that. We’ve passed legislation that requires those disclosures, that require the platforms to take down serious misinformation in the political context, although political speech is even more protected than your average speech in America, so that is a really challenging thing to do. And so the next step we’re taking is trying to push forward on watermarking, which I know is something that the European Union has pushed for. But this ability to understand reality from fiction I think is fundamental to protecting our democracies. And so watermarking and the technology that will go along with it is critical. And I think with the EU pushing on watermarking and California pushing. You know, we are the fourth largest economy in the world. We have a lot of tech companies in our backyard, and can we really make sure that technology comes to fruition so that around the world we can all require it? We can all say we need watermarking. Right now the technology is not yet where we want it to be, but if it is there, maybe it will give us that ability for constituents to know what is real and what is not, and I think that would be game changing. Just a few hours ago someone asked me about what’s happening in California. Many have seen in the worldwide news about what is happening in my home state as it relates to our friction with the federal government right now, and one of the things we’ve faced is massive disinformation. So many deepfakes about what is happening on the streets of Los Angeles. I was there just a week ago. It is incredibly peaceful. That is not what you’re seeing on the social media sites because of all the deepfakes that are being generated, and when people cannot tell that from reality, it leads to serious outcomes in our elections, in our society, and we have to do more, and so California’s gonna continue to push, although I will say that right now the federal government is moving what would be a 10-year ban on state enforcement of artificial intelligence, which would stop most of California’s efforts, and so there really is, when I talk about friction with the federal government in California right now, it’s, I can’t overstate it.

Nikolis Smith: Thank you for that. As a former federal employee, I’m not going to start any more frictions right now, especially that we’re both from the same state, so I wouldn’t want to do that. I do want to turn, though, to another region of the world, and for everybody here who does not speak Russian, please use your headsets. I want to turn now to our friend from Tajikistan. Mr. Alizoda, in kind of the Central Asian response to information manipulation and the steps that are being taken, can you talk to us about the measures that you are taking in terms of building that type of institutional resilience as it relates to everything that you’ve heard so far?

Zafar Alizoda: Thank you, Nikolis. I would like to note and provide information on international stability and the assistance of comprehensive information in Central Asian countries, including the protection of personal data, which is one of the most important tasks in terms of the application of digital technology in Central Asian countries. Each country has its own laws that regulate the collection, storage and use of personal data. In Central Asian countries, personal data falls under the broader concept of the right to protect private life and privacy. According to the legislation of these countries, privacy is a personal property. Responsibility for violations related to personal data depends on specific circumstances, as well as on the legislative norms and rules in the country. Sensitive personal data is a category of personal data that relates to the most personal and confidential information of a person. They can include such data as race or ethnic origin, political beliefs, religious and philosophical beliefs, professional affiliation, medical information, biometric data, information on finance and credit history, and so on. Personal data of this category requires special protection and processing, as their disclosure or use can lead to discrimination, stigmatization and other negative consequences for a person. The formation of legislation that comprehensively provides for the right to regulate relations related to the protection of personal data is one of the most complex tasks of the state. Currently, the Central Asian countries are actively developing a legal institute for the protection of personal data. However, it should be noted that the legislation does not regulate many issues in the field of the protection of personal data of citizens. It can be attributed to the absence of national legislation on the protection of personal data. on measures to react quickly when personal data is leaked and the necessary measures to minimize the consequences of such a leak, as well as the absence of obligations on the notification of authorities for the owner or operator. The provision of digital privacy is a complex problem affecting the rights and legal interests of the public and private sectors. According to the assessment of national experts, it is necessary to revise the law on the protection of personal data and to make adjustments to it that reflect the modern applications of advanced technologies. The development of the digital economy, even with all its good intentions, should not have the consequences of the refusal to protect human rights and freedoms. Any current and proposed business practice should envisage the assessment of its consequences for the non-permanent privacy so that there is an opportunity to consider the provision of information on how politics and technology ensure the alleviation of risks for the non-permanence of private life. In parallel with European law, as our colleague has already said, on the protection of personal data, legislators and central countries should consider the possibility of introducing a legal mechanism for assessing the risks of the General Regulation on the Protection of Personal Data, GDPR. It should be noted that the DPI assessment procedure is not always used, especially when the processing of data is associated with a high risk of violation of the rights and legal interests of citizens. For the conscientious and effective development of the technology used, society should have modern effective legal instruments and independent control over the compliance of human rights to the non-permanence of personal life and confidentiality of personal data. It should also be noted that at the legislative level, there is an important role for the promotion of information policy. and the strategy of legal measures that allow to increase integrity and balance of the information space, the Central Asian countries are state members of the Inter-Parliamentary Assembly of the CIS and jointly develop joint proposals of national parliaments of the countries of cooperation

Rebecca Bauer-Kahn: on issues of mutual interest in this direction. Thank you.

Nikolis Smith: As you mentioned, I think the first kind of task I think our panelists would agree is that domestically as you’re going through a process you have to have something to formulate a risk assessment. It’s key. I think that using the IGF to discuss these issues would be a great opportunity so hopefully you’ll be able to take back what you hear here and take it back to Tajikistan and continue those efforts. Last but not least from the island of Barbados Miss Marsha Caddle What steps are underway in Barbados to rebuild public trust in elections and the democratic system?

Marsha Caddle: Thanks. That’s a big question.

Nikolis Smith: It’s loaded.

Marsha Caddle: Let me just set some context by saying that Barbados is a small island in the Caribbean. Population of 270,000 and declining, which is another of the existential threats that we’re facing. Falling population and aging population. Barbados has always had since independence a history of stable, free and fair elections and a high degree of political stability. I think it’s important to set that context because you know the circumstances in which we are talking about these issues of maintaining democracy and democratic participation are against the backdrop of expectations of stability and truth. The other thing that we have in Barbados is extremely high internet and digital penetration. So you’ll see our numbers say something like 114% mobile penetration. So we are kind of over the maximum, right? People have very immediate access to information and high expectations about that information. So then the question becomes about not just access, but meaningful access and use as we talk about these issues. Just before I got on a plane to come here, the office of the prime minister in Barbados had to push out urgently warnings about a deepfake that had just been circulating. And I want to share the example because it highlights not just the domestic issues when it comes to democratic participation and trust, but also the potential risk to destabilize global relations, international relations, and foreign policy. The deepfake was about the prime minister saying something in relation to another major world power and saying untruthfully that Barbados was taking a certain diplomatic stance with respect to this country. Now that has the potential to completely, especially in this current global political environment, to completely put at risk a lot of what a country is doing with respect to policy and global engagement. So we’re not just talking about domestic trust, but we’re talking about international and a country’s global position in the world. And so I wanted to say a little bit in answer to your question about what we are doing. One of the things I think is very important. is this issue of democratic literacy. How do people interact with policy conversations, with electoral processes? So one of the things that we’ve tried to do simply is to push out as much truth and transparency as we can. Start to get people accustomed to an environment of truth and evidence, because that, even before we started talking about technology, is perhaps something that hasn’t been as strong as we would like. So for example, we have these joint select committees of parliament that consider issues before they’re passed, consider legislation that have to do with governance, with social issues, and so on, and they’re broadcast. There are very few things that the Prime Minister says, speeches, engagements, that are not broadcast either in real time or recorded and shared. And why? Because we want to be able to get people used to the idea of truth. This is the original source, and this is where you can find it. You can find it on these channels, you can find it in these ways. The other thing that we are working on is investing in a tech ecosystem that can balance or build tools that essentially fight against misinformation, so that there are others who are investing very heavily in misinformation. What can we do to invest in tech creators who are going to combat that with things that promote truth? One of the things, though, that we think is very important is encouraging platforms to return to more robust methods of verification. We think that that is critical. And I’ll say very quickly, I think it was Rebecca who said earlier that political speech is very protected in general in your jurisdiction. The interesting thing is that while political speech is protected and while I can sit in one jurisdiction in a country like Barbados and see things proliferating about political actors in my space, on the other hand, as a political actor on a social media platform sitting in Barbados, I am not trusted to generate content. And so as soon as I try to generate content as a politician, I’m told, well actually you’re a politician and we’re not sure that you should be able to say these things on our platform. So the question of being able to combat misinformation is also, I’m also constrained because of some of the rules that platforms that are generating in other parts of the world but impact the way I can talk to my constituents, the way that they operate. So I think that these are some of the ways that we’ve started to really try and encourage an environment of real evidence and truth. There is legislation. I was the minister who brought cybercrime legislation. We took it to the Joint Select Committee. We heard evidence. We heard pushback. We heard concerns on human rights from citizens and we amended the legislation. And so I think that this is a healthy way to get people in the conversation and make sure that we realize that democratic participation and adherence to truth and evidence is everybody’s concern.

Nikolis Smith: Thank you very much. So we’ve talked an array of different areas in terms of what we’re doing within our governments, the challenges that we’re facing. What else? We’ll start back with you, Senator. But what are the other gaps that we’re missing? I think there’s room there where we can recognize the existing challenges that are there. But are there areas that we’re not focusing on? Maybe that could help us kind of bring this together? And then the second piece of that is that on the non-legislative side, right? Are there areas where we can collaborate? Obviously the IGF is a great platform, right? But are there other areas that we could be doing on an international front, right? Because we’re looking at it from a domestic lens, right? To make sure that we come together. So I’ll start with you.

Catherine Mumma: Thank you very much. Now, because we are parliamentarians, I have noticed that we tend to focus on the impact of technology in the political space. But I would want us to think broader and imagine the innovation in the health sector, for instance, with digital technology. How will telemedicine look like? And how should parliament anticipate the possibilities of human rights violations with advancement of digital technology in the health sector? And therefore, how would that law look like? So we should not be fixated with a particular law that would deal with matters of digital technology. We need to think broadly to see, would we need to look at the laws in the health sector? Do we need to tweak something in the health sector, in the water sector, in the other sectors, so that we know the dangers that we are seeing now around democratic spaces could actually extend and have even more, or even more profound implications to the common person. So we need to think broadly around that and agree on how best to deal with this. So I think laws on digital technology are not about a particular legislation. It’s cross-border. And we need to think beyond this and allow our professionals. in all sectors to help us think around this. Now when it comes to thinking on what to do internationally and nationally, first to thank the IGF for the proactive way in which they are actually moving this agenda and getting us to learn and also discuss more within their forums. In the Africa space, African parliamentarians have actually taken the liberty to form the African Parliamentary Caucuses, the Africa-wide in West Africa, in East Africa, so that we can actually compare notes and know that what happens in Tanzania will affect us and Kenya will affect those in Malawi, will affect those in Nigeria. So we need to start borrowing from each other and listening to each other and learning to grow on this. And beyond legislation, we need to find out how the mechanisms we have in place could be built upon to do, somebody in the morning talked about a mechanism for auditing information. How would that look like? Kenya has the Data Protection Commissioner. It also has the Media Council. Should we add on to their mandates some more clauses that will help us to monitor the area better? Do we need maybe an African Union or East African community mechanism that will help us to check the situation further? So there is all these opportunities. Thank you.

Nikolis Smith: Thank you. We have about 10 minutes left of this section, then we’re gonna go into some Q&A. So I’m just gonna go down the line. Rebecca, I’ll turn to you next.

Rebecca Bauer-Kahn: So I think that where I’m sitting, one of the things that is missing is technology for good. We see sort of technology in the hands of very few players right now. that are, for better or worse, profit-driven. And how do we push technology to be the solution in the technology age? And I think that that’s something that we really need to be working on, both locally in California, but also globally. And so part of what we’re trying to figure out is how can we fund that? How can we put more money into our academic institutions to have the compute power to compete with the largest AI companies? Right now, the only companies able to build large language models are these very well-funded companies, and our academics need to be in that space. Our civil society needs to be playing in this space to create technology for good. There’s one example for us in the United States. On the intellectual property front, the University of Chicago created an AI model that allows you to put something into your copyrighted material that if a model is trained with your material, it will actually refuse it, if you will. And that’s not a legal protection, it’s a technology protection. And those are the kind of tools that I think we need to really allow us to battle against, as you said, the misinformation and the disinformation ecosystem that is growing and can, I believe, be solved in part by better technology for good, and we have a real role in doing so. And part of that, I also, the reason we believe we’re home to so many of these companies is our academic institutions, is the training that they provide. And if we’re investing in technology for good at our academic institutions, are we then putting people into the world to create companies for good? And how do we create that ecosystem, I think is really important. And then I’ll say on the global landscape, I think it is this kind of collaboration. I think it is understanding we’re all trying different things. We’re all out there in a world that was created over the last decade, trying to find solutions to very new problems. And as has been said many times today, this technology is moving faster than the policy. And so to the extent that we can listen to each other. and hear what is working in your jurisdiction, how can I bring it home to help the people where I live, I think we’re better off, because we have to move fast in order to protect our societies, and the only way to do that is in collaboration and partnership.

Nikolis Smith: Thank you, Rebecca. Grunde?

Grunde Almeland: Well, I think I’ll pick up on technology for good, and as you were talking about democratic literacy, we know very well that being able to adapt digitally does not necessarily translate to democratic literacy or media literacy, but one of the reasons why I wanted to focus on independent media in the beginning is because the example of Norway is also an example of how digital adaptability enabled us to still have quite a high level of trust in media, and how that technology actually were able to create a foundation for people being able to access independent media, being able to have this high level of media literacy that we are very fortunate to have, and I think it’s such a good example, because in the months and years that we’re moving towards, using that same kind of inspiration on taking technology as a tool to enable to have more transparency, making sure that we adapt technology that strengthens these kind of institutions that we want to uphold, strengthen democracy is such an opportunity. There are so easy to point at all the challenges, because they are so evident and apparent to us, but it’s also such big possibilities in having these tools that also can create more transparency. Just as a small example to end off, we have a lot of complaints from journalists in Norway of how much time we’re using to review their applications for access for information in government institutions. It’s such a small example of how you can simplify a lot of these processes as well. That ensures the whole process being more simple, easier accessible for journalists and also more transparent for the public.

Nikolis Smith: Thank you.

Marsha Caddle: Yes. So I think that, you know, creating this culture of evidence so that people feel that, OK, should I propagate something if I cannot show that it is true? I think that that is something that that has certainly helped. But also investing in in the kind of learning, certainly in countries in the in the global majority countries, investing in the kind of learning that will allow our people to create tools that they find useful and that they that they generate and are able themselves to trust one of the ways in Barbados that we started when I was minister of technology is to be able to train people in things like data analytics and data science. And this is not just informal academic institutions, but partnering with companies. There’s one, for example, that does a lot of work on the continent of Africa called Zindi that we’re working with so that people can learn some of these skills and be able to create. Tools and play in that space, we think that there’s an AI value chain, which means that for some countries in the global majority, it may not be practical to say we are going to build these large language models, but we can create at some part of that value chain and start to create some of these technology tools. So I do think that the culture of evidence to support strong legislation and establishing sources of truth that people see that they can trust is a part of of the puzzle as well.

Nikolis Smith: Thank you. Headsets for.

Zafar Alizoda: I would like to add that the policy of global platforms is different for different countries and regions. If, for example, the data of EU citizens is protected by GDPR, then small developing countries in the regions of Asia are deprived of such a priority. For example, the legislation of Tajikistan, although it is close to GDPR, but still many issues remain unresolved, such as the trans-border data transfer, the third-party data transfer in order to improve the product of the company. It is possible to improve the legislation of Tajikistan, and the legislators of Tajikistan always work on these issues. However, there is a question of the application practice. It is difficult to control the implementation of the law-enforcing levers due to the limited market for global platforms. In this regard, I think it is necessary for global platforms to improve their policies for all users, regardless of the country of the user.

Nikolis Smith: You can go to the microphone. Make sure to state your name and affiliation, please.

Audience: Thank you. Hi, I will make my question in Spanish. So, put the headphones on. I would like to ask you about the Tribunal of Ethics of the Council of the Peruvian Press. In the electoral processes, there is a basic problem, which is a massive action to move towards the digital vote. We have already had a couple of problems in Latin America. One is the data transmission, not precisely in the electoral process, but in the transmission. and the other in electoral processes, as was the case in Bolivia and Venezuela a few years ago. There is a movement of retrogression in declaring electronic votes unconstitutional in various countries, not only in the Latin American region, but also in other countries around the world. From the legislative point of view of these countries, how can we avoid the misuse of these electronic systems, especially the electronic vote, to avoid affecting democratic processes? And this in addition to the processes prior to the elections, as happened in Romania, where disinformation or misinformation is used, if you want to put it that way, to affect an electoral process. So we have, on the one hand, the problems prior to electoral processes, and on the other hand, we have the problems of the electoral process itself. Thank you very much. I’m Senator Kenneth Pugh from Chile, South America, and I would like to ask the panel precisely about an issue. We are human beings. Humans, we have human rights, and that’s Article 19 in the chapter of human rights. Problem is, in order to get confidence, we need to know each other, we need to talk, we need to have a will, and then we will trust. So human beings need to be in contact. How we are gonna achieve that in the digital environment with digital trust, when we are providing one of the most important right, which is freedom of expression to artificial intelligence, which are not humans. How we are gonna define who has a human identity, it doesn’t mean that we are getting the ID provided by the government. How we are gonna differentiate humans from not humans in the cyberspace. How we will know if they are minors or not, because in the real life, we can see them. It’s a young boy or girl. But how we will do it in the cyberspace. If you have anything to share, I will be very grateful. Thank you very much.

Nikolis Smith: Thank you. So why don’t we pause there and start addressing before we go through the whole line, and I lose track of all the questions. So why don’t we start directly with Hiz. Anybody on stage wanna go first?

Marsha Caddle: Yeah, I think Rebecca will end up talking a lot longer, so let me take the last one. Yeah. Let me take the last one about how do you, really this is about intent. The last question, how can you differentiate the origin of an idea or a certain idea? set of information, and I think it is less about origin and more about output, that’s going to be what we end up having to regulate and legislate, because it is going to be very difficult to say, just like often we don’t know now, we can’t see the author behind something, we may be able to eventually verify, but that takes time and more and more people are very impatient when it comes to information. But I think one of the things that we’re going to have to concern ourselves with is really verification of what is generated, and as well as being able to tell where it was generated from, so to require that we can see that this particular output used AI, but also to be able to use different pieces of legislation to generate output. So for example, we’ve seen cases recently where there was coercion used to get young people to do certain things, and this came from an AI actor, and what that jurisdiction, I don’t want to mention which country it was in, but what that jurisdiction ended up having to start to look at is, well, what is the kind of content, no matter the source, that can make its way into this space where vulnerable people are represented, and to start to use kinds of keyword technology and authentication technology to say, look, because this content has come into this space, it cannot be allowed here because of the nature of the people who are here, whether they’re young people and children and so on. So I think that, as you say, it’s going to be very difficult more and more to kind of police the difference between the two, but I think identifying the and then regulating or being able to direct the content and the outcome is going to be more and more the kinds of work that we’re going to have to do.

Nikolis Smith: Thank you for that.

Catherine Mumma: On the issue, I think it was the first question about what can Parliament do about electoral laws and electoral systems where there is misuse of technology, I guess, for rigging elections. My view is that a good electoral system is largely dependent on the electoral management body because for the fraud to happen, whether with AI or any, it usually will take place with some collusion by people within the electoral management board. So whether it is through the person they procure to carry out the elections, whether it is through their own IT systems and Kenya has usually gone to the Supreme Court to discuss the issue of manipulation of the transmission of elections, the electronic transmission of the presidential results and we’ve had issues where, for instance, the last election, the electoral management body completely refused to open the service to audit the electoral system that transmitted the results. So I believe it’s not so much the technology as is a corrupt set of minds that are behind this whole thing and I believe if electoral management bodies is remained neutral, then elections, whether digitally driven or not, will remain credible.

Nikolis Smith: I know both, I was looking at Grunde and Rebecca, you guys are both vying for one, so I’ll let you go first.

Rebecca Bauer-Kahn: No, I love, I just want to start there, which is I love that perspective in the United States, every state runs their own elections, and so it’s done differently across our whole country. And I think that this is a question not just is the election integrity real, but do people believe it, right? I mean, part of what holds our democracy up is sort of an agreed principle that our elections are free and fair, and that’s been a challenge. And so I do think that one of the things that’s critical personally is a paper trail. So even if you’re using a machine that you get a receipt, that there is a way to audit it, which I think is so critically important, so I’ll just add that on. Somebody asked about our watermarking legislation in California, last year we did pass a law, and it was signed by the governor that requires the platforms to show a watermark in a few years. And we did that because we wanted to signal to the innovation economy that California was going to require this, because we knew that although the technology isn’t there today, if we required it, the brilliant minds out there would create the technology because there would be a market for it. So I believe that’s coming, which is very exciting, I think, for the whole world. This year, we’re moving a piece of legislation that would require the devices, so your camera, to have embedded in it the technology that would authenticate. We actually, as a legislature, we’re one of the entities that used Adobe’s technology for the first time, where every image we took in-house was run through their watermarking technology, so that when we then put it out into the world, we could trace it back. We could prove whether this was a real image or whether it was a doctored image. So that technology is coming. it in practice and I think it’s really exciting because it is one of the things that will enable us to see fiction from reality.

Nikolis Smith: There was a question about financial scams. That’s something that has come up. We have not moved legislation yet on AI and financial scams but I think it’s so important and I think the foundation of that is privacy legislation. Part of why the financial scams are getting so sophisticated is because there is so much access to information about every single one of us. When they call and they say they’re your aunt or your uncle and they know your children’s names, you fall for that scam in a way you wouldn’t if they didn’t have that much information about you. So part of it is protecting privacy which I think is critical and then the second piece is making sure that as you said, this isn’t just about AI legislation. It’s about legislation. We already have laws that outlaw these type of scams. So how do we say that it’s as much a violation of the law if it’s done by a real person or done by an AI tool and making sure that our laws that protect our communities extend out to all AI actors which I think goes perfectly to the last question which was about this question about AI being humans and that’s an interesting question in the United States because we just had a court for the first time have to struggle with this question. There was a chatbot that a young boy in Florida died by suicide because a chatbot told him to take his own life and the mother has sued the company and the company claims they had a First Amendment protected right to speak. They had a right to speak. The chatbot could say whatever it wanted and the court said no. The chatbots do not have constitutional rights like humans do. So that was a huge win. It’s one court but I think it’s a step in the right direction to saying these AI companies are not humans. They are not the same as you and I. They do not have the rights that we do and really pushing that forward I think will be critical in making sure that we have the protections necessary to protect them from these AI tools.

Grunde Almeland: I think it’s important to remember as politicians and legislators that we should not meet this whole new world of technology with panic and believing that we do not have anything legislated already, because most things are already quite heavily legislated. And sometimes it has to be amended, and sometimes we need to come up with new legislation, but most of things are already legislated. We just have to see how technology fits into it. And I think this relates to a lot of the different questions that are put forward here. And talking about the scam as well, I think this is, well, AI used in scams, you know, it falls under, I think if you look in any kind of country and legislative space, you see that this would fall under what is already in criminal codes. But the issue is really that there is a lack of cooperation between countries in order to tackle these new challenges. And I think when you see, we have a really good example that came out in Norwegian media just a few weeks ago of a system called Magicat, and it’s a great piece of journalism that is available in English as well, you can Google it, and it shows how sophisticated these kind of scams are, and how not well prepared Norwegian society in this case was also to actually tackle these kind of international scams. So I think international cooperation is often more the answer than, you know, coming up with the exact new legislation. And just a quick remark on the watermarking side of it. We have a good case study about this in the Norwegian society as well, the media landscape in Norway came together to create this technology, and are cooperating with BBC and New York Times, a lot of these big media outlets to have good watermarking technology in place. implemented in journalism, but what is the key component of that is not, you know, having this kind of verification check, but it’s having the information accessible for people to, who took the photo, where is it from, this kind of essential information that gives people an opportunity to make their own decision upon the content and are not trying to force them to by saying this is real or this is not real. So I think this is something also to remember for us as politicians that we need to give people the fundamental information, just not always trying to decide for them.

Nikolis Smith: So we are running out of time, but I want to see if we can be really efficient in the queue line. I know that there’s some members of Parliament that is also looking to ask some questions. So can we just do really shrunk-created questions, make sure they’re not too long, so we can get some quick responses before we go into the closing part. Please.

Audience: Assalamu alaikum. I am Mounir Souri from the Kingdom of Bahrain, a member of the Parliament. Can you hear me or do you want me to speak in English? Is it okay in Arabic? English would be great. I think it’s very important that we have the power to control the legislations in order to protect the society. We say today that it’s difficult, the legislations have changed. The technology has evolved day by day and the legislation is difficult. If we make a legislation today, the technology will evolve tomorrow. If we make it, it will be difficult to preserve it. My question today is, is it possible that there are other powers other than the legislations to protect privacy while we have freedom? We are between transparency and freedom. Do we want to protect the society? Can we make the AI control the content? So that we don’t depend on humans? The AI is producing information and people are misusing it. Can we, as artists and officials, make the content balanced? Does it help itself to protect the content? Does the AI protect the content? Thank you. My name is Hugo Carneiro and I’m an MP from Portugal. So the questions are this. Social networks should verify news and fake news and misinformation. But following the US elections, we became aware that, for example, Facebook Meta will stop doing that kind of verification. What do you think that we should do? So regulation should be a solution for these kinds of cases or we should trust in these big companies to verify this information. Second question. a colleague asked before about the ID, when we want to open an account, a bank account, for example, even if we use a cell phone, we have face recognition, we can take a photo from our ID, should we implement these solutions, for example, when someone wants to open an account in a social network, because there are a lot of fake profiles, and I don’t see other solution if we don’t give a stronger step on this. And last question, the French president, Emmanuel Macron, announced that probably he will enact laws to prohibit youngsters under 15 years old to have a social network account. So there are a lot of misinformation and fake news that influence the political decisions that our youngsters are taking or are learning. Do you believe that a solution or a path should be to prohibit youngsters of having social network accounts? Thank you.

Nikolis Smith: So we’re going to have time for one question for each side, and we’ll try to do our best in a kind of a lightning round as we respond to this. I know I wish we had more time, but one more question from each, and I would encourage you at the conclusion of this, there will be a reception this evening. Some of the MPs, you’ll be able to kind of engage with them there, if you don’t get a chance to answer your question here now. So one more on each side, thank you.

Audience: Thank you very much. John K.J. Kiarie, Member of Parliament in Kenya, and it is to all the people on the panel, including the moderator, and mine is to ask, to your mind, what do you think are practical pragmatic steps that IGF can take to place responsibilities not only on big tech developers but also on economies that are advanced, in jurisdictions that are advanced to an extent that they are feeding all the other countries with the technology they are doing so that we have so much of technological dumping because to imagine that countries in places like Africa will at one point be at par with Silicon Valley is a fallacy. To imagine that such advanced economies do not have responsibilities is also wrong. We are here at IGF. It takes a lot for even some of these countries to be represented at IGF and we have real cases of technological dumping that does not speak to even the basic human rights. In Kenya, for example, we had a company walk into the country and start collecting biometric data, scanning people’s irises and inducing vulnerable populations with tokens in the name of world coin and the behavior that they brought to Kenya are things that they would never do in their own countries, even with the existing laws. But whenever the countries in the southern hemisphere raise this, we are told to go and develop our own laws. So I’m asking, is IGF practically able to rein in on us so that we can place responsibilities not only on big tech, but even on countries that develop this technology to the extent that they carry responsibility to carry everyone along. Because as we speak today, even as we talk about Internet, everything about Internet is never manufactured in Africa. We do not manufacture the fiber optic cables. We do not manufacture the devices. We do not have a single satellite in the terrestrials. To imagine that we are all on the same table and working on the same laws at IGF and working on the same conventions would be a fallacy. So I am asking practically, is IGF able to do what the world did on the onset of the nuclear weapons? Because that was fast. We are here in the 20th IGF, but when we look at nuclear, the bomb was invented in 1945, and by 1957, there were already treaties that were putting responsibilities on the developers and on the inventors of that technology. When will that happen for internet? When will that happen for social media? When will that happen for big tech? When will that happen for the countries that are so advanced? Because if we do not do anything right now, we will end up exasperating the divisions that exist and the disparities that exist, and what will happen with this AI is that my people will be condemned to digital plantations, just like they were condemned with sugar cane and with coffee and with all these other things that happened in slave trade. To imagine that we will all work together as a world is a big fallacy. What practical examples can we take out of IGF? What practical actions can we take to put responsibilities where it belongs? Because to imagine that we are all okay in that part would be a big fallacy. Thank you very much.

Nikolis Smith: Thank you very much. So, for the last question, what we’re gonna do, we’ll do something a little bit different instead of having everybody respond to all those questions. Why don’t we package that in our closing remarks? And we’ll start with Mr. Alizoda because he didn’t get a chance to respond, and that way we can still finish. One last question? Yes. One second.

Audience: I tried to be very brief.

Nikolis Smith: Thank you.

Audience: And a concrete question. because I would be very interested in a Kenyan perspective on this issue. You said earlier that you hope that IGF will help to facilitate a code of conduct for social media organisations’ platforms. I’m wondering if you really think that that will be enough, a voluntary code of conduct for social media organisations, or if we rather need more like standards regulation plus also alternative platforms that actually work for democracy instead of undermining it, that work for freedom of speech instead of restricting it, and what is a Kenyan perspective on these kind of new social media platforms, who could do it, how, and what would be something that you would want there. My name is Anna Luhmann. I’m a member of parliament from Germany. Thank you.

Nikolis Smith: Thank you. Thank you, everybody. Thank you, as I said. We’ll start with Mr. Alizoda. If you can, I know you heard, you didn’t get a chance to respond in the first round, so as you’re thinking about your closing remarks, you can try to think it and kind of contextualise it in a way that you can respond to some of these questions from the audience. Thank you.

Zafar Alizoda: Thank you, Nikolis. I agree with the proposal of the Kenyan representative. Indeed, the efforts of parliamentarians and experts from all countries in the discussion of the issue of the protection of information once again confirm the fact that no country can be an outsider in this matter. Becoming an equal participant in these interrelationships on the Internet, we must respect the general conditions and measures to regulate the preservation of the integrity of information as a whole. Thank you. and also to harmonize the regulations in each country with global principles and standards. Thank you.

Marsha Caddle: And this is really a kind of a repeat of that conversation, right? That we saw the dumping, in this case of greenhouse gas emissions, we experienced it, we suffered from it, and then we started to slowly try to regulate a global system that would see the polluting countries start to invest in adaptation and mitigation, and it’s been a long, arduous process that has not settled. And so for me, we have to learn the lessons of nuclear regulation, we have to learn the lessons of climate that we’re still experiencing now, and to be able to say, look, these are the things that we require of major tech countries and major tech companies. For example, you’ll see that major social network companies and creators can benefit hugely. They don’t even have to physically come to a country and collect data, but they can benefit hugely just from pushing information into a jurisdiction where there is little control. So I agree with you. I cannot speak to whether IGF is that place, but I do think that we have to learn the lessons of the last three decades in climate and in other areas, and rather than having it take another three decades to come to a global compact that is about accountability, that that needs to happen. We already have models for it. We already know what that looks like. And it’s just time to act in a global way.

Grunde Almeland: Well, IGF certainly can be a space where we are able to find this kind of common ground, and I really hope it will be, because this is such an international question that trying to, I think, you know, often trying to regulate this in our national jurisdiction is just creating a lot of Swiss cheese for these companies. And while it is delicious with Swiss cheese, it’s not always good for you. And I really do believe that we need to find these spaces where we work together internationally in order to find this common ground, a common set of rules. And there are a lot of challenges, and I think a lot of the questions point to those challenges, when in terms of verification, you know. Having a set rule on verification also excludes vulnerable people in vulnerable situations, or is able to exclude them. You know, having people in, making sure that in areas that are able to actually speak up is also important, you know. Requiring an age verification for children to access networks, while it is an active discussion in Norway as well, it still has the dilemmas of, you know, children also have fundamental rights in order to gain information, be active in, you know, they are not small people that are being put in a room until they become adults. They should be an active part of society, you know. These are all dilemmas that we have to navigate as well, while we still try to protect, but not overprotect.

Nikolis Smith: Thank you so much.

Rebecca Bauer-Kahn: Yeah, I think, I mean, I think what is being said is really at the crux of all of it, which is global cooperation. I think, you know, we talk about… so much of what the world has done, and we’ve gone different directions. I mean, I don’t know if we have MPs from Australia here, but they have banned social media for young people. How is that going for them? Is it having the problems you describe? I think we can learn so much from one another and really move the ball forward, because as the gentleman from Bahrain said, policy moves slower than technology, and I think only through that collaboration can we really move forward in a way that protects our communities. You know, there was a question about privacy versus some of these society-protecting tools, and I think we can figure this out together. I mean, we’re moving a piece of legislation this year that would require devices to be able to verify your identity so that you don’t have to share that with the platforms, that there is a way technologically to do that in a privacy-protective way, and if we do that together, I think we can move the world forward, not have Swiss cheese, and have societies that are protected from some of the ills that we’ve talked about today. I want to acknowledge that I live in one of those jurisdictions that is responsible for these tech companies, and the weight of that is real, and you also can imagine how it affects our electoral politics, especially in a country where you can buy elections, and that’s perfectly legal now in America, and so we live in a very complicated political dynamic, but I will say that this topic of technology and its impact on society is becoming one of the most agreed-upon political topics, because I think that we are living in a reality where we see the downsides, whether it be for our children and how their mental health is being affected, or our democracies and truth, and so I’m hopeful that even in the complicated country and democracy I live in, we’ll be able to move forward solutions that will be protective, not just of our own people, but of the world. Thank you.

Nikolis Smith: Thank you.

Catherine Mumma: Now, codes of ethics are… The first tool for self-regulation for a lot of professionals and professional associations and organizations. So I think the first self-regulation opportunity lies in some codes of ethics. And since the big tech may not necessarily be in an association where we can say as an association come up with a code of ethics, I’m thinking IGF could be a good space to initiate this. And I would want to suggest that you look at the IPU resolution on AI. Also look at the IPU draft code of ethics on science and technology which might give some suggestions on what could happen. But that would be actually extending some opportunity for big tech companies to realize that the freedoms may have crossed the lines in terms of freedoms and what they’re doing may be harming very vulnerable populations, especially in countries that may not be as enabled. And that brings me to the point my colleague KJ just raised around the more developed countries taking responsibility and the big tech companies taking responsibility in regard to what the negative sides of tech is happening in the more developing countries. I would want to say first we need to recognize that the international protective mechanism around human rights is breaking as far as I’m concerned. We’ve seen what’s happened in Gaza. and we are all helpless, or the world seems to be helpless as a lot of human rights violations are happening, not just in Gaza, but in other places, in Sudan, in Ukraine, and wherever else. I would want to first query whether we need to reimagine what international cooperation was supposed to be, and whether that international cooperation can be rethought and reimagined to truly provide the protections that it’s supposed to provide. Meantime, I think as the small countries, we may need to do what we have to do. One of the things I think from the morning session, I would think we must, in protection of our vulnerable populations, we must start putting conditionalities to the licenses that we give until that time when we will have the tech companies realize that ruining our young people through facilitating access to what they wouldn’t do in their own countries is a violation of human rights. That distorting, facilitating, or enabling the distortion of elections in our countries in order for us to end up with wrong governments is a violation of our rights. So even as we place the responsibility to the United Nations and the international community, we must start looking inward and determine the incremental kind of arrangement that we will have with these companies to ensure that for the very vulnerable, we give conditionalities to the licenses before we issue those licenses to the big tech companies. Thank you very much.

Nikolis Smith: Wow, I’m seeing the flashing red. We should be done already. I just want to say, can we just give a round of applause to this great panel, this discussion? Thank you all. Two things that I just want to make sure that I underscore here. Number one is that this is still day zero. Day one is actually tomorrow, so this track will continue tomorrow morning. So make sure that you’re looking at the schedule. You’ll have more opportunities throughout the week to talk to some of these people on stage through other sessions. So make sure you take advantage of that, especially the folks that didn’t get a chance to as they were queuing to ask questions. One more thing before we close for all members of Parliament that will be going to an event and reception at the Parliament this evening. What you’re going to do when we leave here, we’ll exit out and go to the left and down. There will be some folks waiting for you guys to take you. The bus, I believe, that’s going to escort you leaves at 1600. So 4 p.m. If you have any questions, you can come talk to some of us as we come off the stage as well. But again, thank you so much and enjoy the rest of your week. Thank you. Yeah.

Grunde Almeland

Speech speed

155 words per minute

Speech length

1737 words

Speech time

671 seconds

Truth is becoming less relevant as AI superpowers content creation, leading people to engage only with information confirming their existing beliefs

Explanation

Almeland argues that AI is creating so much more content that people primarily engage with information that confirms their held beliefs, making them stay in comfortable bubbles that are increasingly difficult to pierce with factual debate and true facts. This represents one of the key findings from a report on AI and elections that examined different elections in 2024.

Evidence

Referenced a report that went through different elections in 2024 and analyzed how AI is super powering content creation

Major discussion point

Misinformation and Disinformation Challenges

Topics

Human rights | Sociocultural

Independent media organizations are crucial for combating misinformation, requiring strong legislative foundations ensuring editorial independence and public funding

Explanation

Almeland emphasizes that supporting and strengthening independent media is a key measure to combat the reality being created in different information bubbles. He argues there is a strong connection between trust in politicians and people having access to true information from professional, independent media that can check what politicians are doing.

Evidence

Agreed with

– Rebecca Bauer-Kahn
– Marsha Caddle

Agreed on

Technology should be leveraged for democratic good and transparency

Most issues are already legislated and need adaptation rather than entirely new laws, with international cooperation being more crucial than new legislation

Explanation

Almeland argues that politicians and legislators should not approach new technology with panic, believing they have nothing legislated already. Most things are already heavily legislated and sometimes need amendment or new legislation, but often it’s about seeing how technology fits into existing frameworks.

Evidence

Example of AI-used scams falling under existing criminal codes, Norwegian case study of Magicat scam system showing need for international cooperation rather than new legislation

Major discussion point

Legislative and Regulatory Approaches

Topics

Legal and regulatory | Cybersecurity

Disagreed with

– Catherine Mumma
– Zafar Alizoda

Disagreed on

Legislative approach – new laws versus adapting existing frameworks

Verification should provide fundamental information allowing people to make their own decisions rather than forcing judgments about what is real

Explanation

Almeland describes Norway’s approach to watermarking technology in media, which cooperates with major outlets like BBC and New York Times. The key component is not just verification checks, but making essential information accessible about who took photos and where they’re from, giving people the opportunity to make their own decisions.

Evidence

Norwegian media landscape cooperation with BBC and New York Times on watermarking technology, focus on providing source information rather than declaring content real or fake

Major discussion point

Verification and Authentication Solutions

Topics

Human rights | Sociocultural

Agreed with

– Rebecca Bauer-Kahn
– Marsha Caddle

Agreed on

Importance of verification and authentication solutions

Disagreed with

– Rebecca Bauer-Kahn

Disagreed on

Approach to content regulation and verification

IGF can serve as a platform for finding common ground and developing shared rules rather than creating fragmented national regulations

Explanation

Almeland believes IGF can be a space for finding common ground on international digital governance issues. He argues that trying to regulate these issues in national jurisdictions creates ‘Swiss cheese’ for companies, and international cooperation is needed to find common rules.

Evidence

Metaphor of Swiss cheese regulation being delicious but not always good, emphasis on need for common set of rules internationally

Major discussion point

International Cooperation and Global Standards

Topics

Legal and regulatory | Human rights

Agreed with

– Martin Chungong
– Catherine Mumma
– Rebecca Bauer-Kahn
– Zafar Alizoda
– Audience

Agreed on

Need for international cooperation and global standards rather than fragmented national approaches

Martin Chungong

Speech speed

86 words per minute

Speech length

International Cooperation and Global Standards

Topics

Human rights | Legal and regulatory

Agreed with

– Grunde Almeland
– Catherine Mumma
– Rebecca Bauer-Kahn
– Zafar Alizoda
– Audience

Agreed on

Need for international cooperation and global standards rather than fragmented national approaches

Catherine Mumma

Speech speed

118 words per minute

Speech length

1910 words

Speech time

969 seconds

Kenya has established a comprehensive legal framework including Computer Misuse and Cyber Protection Act, Data Protection Act, and Media Council Act, though gaps remain in addressing misinformation specifically

Explanation

Mumma explains that Kenya has embraced digital technology and established a facilitative constitutional framework protecting freedom of expression and human rights. The country has implemented several relevant laws but still lacks specific legislation addressing misinformation and disinformation, particularly during electoral periods.

Evidence

Agreed with

– Grunde Almeland
– Martin Chungong
– Rebecca Bauer-Kahn
– Zafar Alizoda
– Audience

Agreed on

Need for international cooperation and global standards rather than fragmented national approaches

Need for international mechanisms similar to nuclear weapons treaties to place responsibilities on big tech developers and advanced economies

Explanation

Mumma supports the need for international protective mechanisms, noting that current human rights protections are breaking down. She argues for reimagining international cooperation to truly provide protections, while also suggesting that smaller countries should place conditionalities on licenses given to tech companies to protect vulnerable populations.

Evidence

Comparison to nuclear weapons treaties developed quickly after 1945 bomb invention, examples of human rights violations in Gaza, Sudan, Ukraine

Major discussion point

International Cooperation and Global Standards

Topics

Legal and regulatory | Human rights

Agreed with

– Grunde Almeland
– Martin Chungong
– Rebecca Bauer-Kahn
– Zafar Alizoda
– Audience

Agreed on

Need for international cooperation and global standards rather than fragmented national approaches

Rebecca Bauer-Kahn

Speech speed

189 words per minute

Speech length

2003 words

Speech time

634 seconds

California has passed privacy legislation (CCPA) and is working on watermarking requirements and disclosure laws for AI-generated political content

Explanation

Bauer-Kahn explains that California was the first US state to pass privacy protective legislation after the EU, and is home to major AI and social media companies. The state is taking responsibility by requiring disclosure of AI use in political advertisements and mandating platforms to take down serious political misinformation, though constitutional free speech protections create challenges.

Evidence

California is home to 32 of top 50 AI companies and all major social media companies; passed CCPA after EU privacy laws; legislation requiring AI disclosure in political ads currently in courts

Major discussion point

Legislative and Regulatory Approaches

Topics

Legal and regulatory | Human rights

Need to invest in technology for good through academic institutions and civil society to compete with profit-driven companies

Explanation

Bauer-Kahn argues that technology is currently in the hands of very few profit-driven players, and there’s a need to push technology to be the solution in the technology age. This requires funding academic institutions to have compute power to compete with largest AI companies and putting civil society into the space to create technology for good.

Evidence

University of Chicago example of AI model that allows copyrighted material to refuse training by AI models; emphasis on academic institutions as source of tech company talent

Major discussion point

Technology for Good and Innovation

Topics

Development | Economic

Agreed with

– Grunde Almeland
– Marsha Caddle

Agreed on

Technology should be leveraged for democratic good and transparency

Watermarking technology and device-level authentication are critical for distinguishing reality from AI-generated content

Explanation

Bauer-Kahn describes California’s approach to requiring watermarking technology, first from platforms and then from devices themselves. The state legislature used Adobe’s technology to watermark their own images, demonstrating the technology’s capability to trace and authenticate content.

Evidence

California passed watermarking law for platforms, moving legislation for device-level authentication, California legislature’s use of Adobe watermarking technology for their own images

Major discussion point

Verification and Authentication Solutions

Topics

Legal and regulatory | Infrastructure

Agreed with

– Grunde Almeland
– Marsha Caddle

Agreed on

Importance of verification and authentication solutions

Disagreed with

– Grunde Almeland

Disagreed on

Approach to content regulation and verification

Privacy legislation is fundamental to preventing sophisticated financial scams that exploit personal information

Explanation

Bauer-Kahn argues that financial scams are becoming sophisticated because there is so much access to personal information about individuals. When scammers call knowing children’s names and family details, people fall for scams they wouldn’t otherwise. Privacy protection is therefore foundational to preventing these scams.

Evidence

Example of scammers calling with detailed family information making scams more believable

Major discussion point

Privacy and Human Rights Protection

Topics

Human rights | Cybersecurity

Constitutional protections of free speech create challenges in regulating misinformation while requiring creative solutions like disclosure requirements

Explanation

Bauer-Kahn explains that US constitutional protections prevent stopping people from speaking and also prevent forcing people to speak. This creates complications when trying to combat misinformation through required disclosures, as courts may see disclosure requirements as forced speech, particularly for political speech which is even more protected.

Evidence

Court challenges to California’s AI disclosure requirements in political advertisements being seen as forced speech

Major discussion point

Privacy and Human Rights Protection

Topics

Human rights | Legal and regulatory

Disagreed with

– Marsha Caddle

Disagreed on

Role of government versus platforms in content moderation

Paper trails and audit capabilities are essential for maintaining election integrity and public trust

Explanation

Bauer-Kahn emphasizes that election integrity requires not just real integrity but public belief in that integrity. She advocates for paper trails even when using electronic voting machines, so there are receipts and ways to audit elections, which is critically important for maintaining democratic legitimacy.

Evidence

US system where every state runs elections differently, emphasis on agreed principle that elections are free and fair

Major discussion point

Verification and Authentication Solutions

Topics

Human rights | Legal and regulatory

Marsha Caddle

Speech speed

151 words per minute

Speech length

Supporting Independent Media and Transparency

Topics

Human rights | Sociocultural

Agreed with

– Grunde Almeland

Agreed on

Supporting independent media and transparency mechanisms

Investment in tech ecosystems that can build tools to fight misinformation while promoting innovation is essential

Explanation

Caddle argues for investing in tech ecosystems that can balance or build tools to fight against misinformation, since others are investing heavily in creating misinformation. The focus should be on investing in tech creators who will combat misinformation with tools that promote truth.

Evidence

Agreed with

– Grunde Almeland
– Rebecca Bauer-Kahn

Agreed on

Importance of verification and authentication solutions

Disagreed with

– Rebecca Bauer-Kahn

Disagreed on

Role of government versus platforms in content moderation

Zafar Alizoda

Speech speed

142 words per minute

Speech length

884 words

Speech time

371 seconds

Central Asian countries need to revise personal data protection laws and consider GDPR-like risk assessment mechanisms

Explanation

Alizoda explains that Central Asian countries are actively developing legal institutes for personal data protection, but legislation doesn’t regulate many issues in this field. He argues for revising laws on personal data protection and making adjustments that reflect modern applications of advanced technologies, including considering GDPR-like risk assessment procedures.

Evidence

Agreed with

– Grunde Almeland
– Martin Chungong
– Catherine Mumma
– Rebecca Bauer-Kahn
– Audience

Agreed on

Need for international cooperation and global standards rather than fragmented national approaches

Audience

Speech speed

142 words per minute

Speech length

1539 words

Speech time

647 seconds

Need for international mechanisms similar to nuclear weapons treaties to place responsibilities on big tech developers and advanced economies

Explanation

John K.J. Kiarie from Kenya argues that IGF should take practical steps to place responsibilities on big tech developers and advanced economies, similar to how nuclear weapons were quickly regulated after 1945. He emphasizes that technological dumping occurs where companies engage in practices in developing countries that they would never do in their home countries, and that imagining all countries can be at par with Silicon Valley is a fallacy.

Evidence

Nuclear weapons example where treaties were established by 1957 just 12 years after 1945 invention; World Coin example in Kenya collecting biometric data with tokens in ways not done in home countries; Africa’s complete dependence on imported internet infrastructure

Major discussion point

International Cooperation and Global Standards

Topics

Legal and regulatory | Development

Agreed with

– Grunde Almeland
– Martin Chungong
– Catherine Mumma
– Rebecca Bauer-Kahn
– Zafar Alizoda

Agreed on

Need for international cooperation and global standards rather than fragmented national approaches

Nikolis Smith

Speech speed

161 words per minute

Speech length

2307 words

Speech time

856 seconds

AI is a tool invented by humans that has benefits alongside challenges

Explanation

Smith emphasizes the importance of maintaining a balanced perspective on AI, acknowledging that while there are legitimate concerns about its impact on democracy and society, AI fundamentally remains a human-created tool that offers significant benefits. He advocates against approaching AI with fear and instead focusing on both its positive potential and necessary safeguards.

Evidence

Reminder that AI was invented by humans and has benefits that should be recognized alongside challenges

Major discussion point

Technology for Good and Innovation

Topics

Human rights | Sociocultural

The IGF provides a valuable platform for international collaboration on digital governance issues

Explanation

Smith positions the IGF as an important forum for bringing together parliamentarians, policymakers, and digital governance experts to build consensus on pressing challenges like safeguarding democratic institutions. He emphasizes that the IGF offers opportunities for continued dialogue and learning throughout the week beyond individual sessions.

Evidence

Organization of parliamentary track sessions, facilitation of panel discussions with MPs from multiple countries, provision of networking opportunities

Major discussion point

International Cooperation and Global Standards

Topics

Legal and regulatory | Development

Junhua LI

Speech speed

104 words per minute

Speech length

International Cooperation and Global Standards

Topics

Legal and regulatory | Development

Agreements

Agreement points

Need for international cooperation and global standards rather than fragmented national approaches

Speakers

– Grunde Almeland
– Martin Chungong
– Catherine Mumma
– Rebecca Bauer-Kahn
– Zafar Alizoda
– Audience

Arguments

IGF can serve as a platform for finding common ground and developing shared rules rather than creating fragmented national regulations

– Grunde Almeland
– Marsha Caddle

Arguments

Independent media organizations are crucial for combating misinformation, requiring strong legislative foundations ensuring editorial independence and public funding

Promoting transparency through broadcasting parliamentary proceedings and providing original sources helps establish a culture of truth and evidence

Summary

Both speakers agreed that independent media and transparent government processes are fundamental to combating misinformation and maintaining democratic trust

Topics

Human rights | Legal and regulatory | Sociocultural

Similar viewpoints

Both emphasized the need for rapid international action similar to nuclear weapons regulation, with specific focus on addressing technological dumping and ensuring big tech companies are held accountable for practices in developing countries that they wouldn’t engage in at home

Speakers

– Catherine Mumma
– Audience

Arguments

Need for international mechanisms similar to nuclear weapons treaties to place responsibilities on big tech developers and advanced economies

Topics

Legal and regulatory | Human rights | Development

Both emphasized the importance of building local capacity and alternative technology ecosystems that serve democratic purposes rather than just profit motives, though Bauer-Kahn focused on academic institutions while Caddle emphasized practical skills training

Speakers

– Rebecca Bauer-Kahn
– Marsha Caddle

Arguments

Need to invest in technology for good through academic institutions and civil society to compete with profit-driven companies

Countries should invest in training people in data analytics and science to create their own tools rather than just consuming technology

Topics

Development | Economic

Both recognized that existing legal frameworks can address many digital challenges but require adaptation and creative approaches, particularly when balancing free speech protections with the need to combat misinformation

Speakers

– Grunde Almeland
– Rebecca Bauer-Kahn

Arguments

Most issues are already legislated and need adaptation rather than entirely new laws, with international cooperation being more crucial than new legislation

Constitutional protections of free speech create challenges in regulating misinformation while requiring creative solutions like disclosure requirements

Topics

Legal and regulatory | Human rights

Unexpected consensus

Arguments

Verification should provide fundamental information allowing people to make their own decisions rather than forcing judgments about what is real

Watermarking technology and device-level authentication are critical for distinguishing reality from AI-generated content

Summary

Almeland advocates for providing information and letting people decide for themselves what is real, while Bauer-Kahn emphasizes the need for technological solutions like watermarking to definitively distinguish reality from AI-generated content

Topics

Human rights | Legal and regulatory

Legislative approach – new laws versus adapting existing frameworks

Speakers

– Grunde Almeland
– Catherine Mumma
– Zafar Alizoda

Arguments

Most issues are already legislated and need adaptation rather than entirely new laws, with international cooperation being more crucial than new legislation

Kenya has established a comprehensive legal framework including Computer Misuse and Cyber Protection Act, Data Protection Act, and Media Council Act, though gaps remain in addressing misinformation specifically

Central Asian countries need to revise personal data protection laws and consider GDPR-like risk assessment mechanisms

Summary

Almeland believes most issues are already covered by existing laws that need adaptation, while Mumma and Alizoda emphasize the need for new specific legislation to address gaps in digital governance

Topics

Legal and regulatory | Human rights

Role of government versus platforms in content moderation

Speakers

– Rebecca Bauer-Kahn
– Marsha Caddle

Arguments

Constitutional protections of free speech create challenges in regulating misinformation while requiring creative solutions like disclosure requirements

Platforms should return to more robust verification methods while balancing accessibility concerns

Summary

Bauer-Kahn focuses on government regulatory approaches constrained by constitutional protections, while Caddle emphasizes the responsibility of platforms themselves to implement better verification

Topics

Human rights | Legal and regulatory

Unexpected differences

Trust in electoral management versus technology solutions

Speakers

– Catherine Mumma
– Rebecca Bauer-Kahn

Arguments

Electoral integrity depends largely on neutral electoral management bodies rather than just technology

Paper trails and audit capabilities are essential for maintaining election integrity and public trust

Explanation

This disagreement is unexpected because both speakers are concerned with election integrity, but Mumma emphasizes human institutional factors while Bauer-Kahn focuses on technological safeguards. This reveals different cultural and systemic approaches to the same problem

Topics

Human rights | Legal and regulatory

Overall assessment

Summary

The main areas of disagreement center on regulatory approaches (new laws vs. adapting existing ones), the balance between government regulation and platform responsibility, verification methods (information provision vs. technological authentication), and institutional vs. technological solutions for election integrity

Disagreement level

The level of disagreement is moderate and constructive. Speakers share common goals of protecting democracy and human rights in the digital age, but differ on implementation strategies. These disagreements reflect different national contexts, constitutional frameworks, and development levels rather than fundamental philosophical differences. The implications are positive as they provide multiple pathways for addressing digital governance challenges, allowing different jurisdictions to adopt approaches suited to their specific circumstances while maintaining overall coherence in global digital governance efforts.

Partial agreements

Similar viewpoints

Both emphasized the need for rapid international action similar to nuclear weapons regulation, with specific focus on addressing technological dumping and ensuring big tech companies are held accountable for practices in developing countries that they wouldn’t engage in at home

Speakers

– Catherine Mumma
– Audience

Arguments

Need for international mechanisms similar to nuclear weapons treaties to place responsibilities on big tech developers and advanced economies

Topics

Legal and regulatory | Human rights | Development

Both emphasized the importance of building local capacity and alternative technology ecosystems that serve democratic purposes rather than just profit motives, though Bauer-Kahn focused on academic institutions while Caddle emphasized practical skills training

Speakers

– Rebecca Bauer-Kahn
– Marsha Caddle

Arguments

Need to invest in technology for good through academic institutions and civil society to compete with profit-driven companies

Countries should invest in training people in data analytics and science to create their own tools rather than just consuming technology

Topics

Development | Economic

Both recognized that existing legal frameworks can address many digital challenges but require adaptation and creative approaches, particularly when balancing free speech protections with the need to combat misinformation

Speakers

– Grunde Almeland
– Rebecca Bauer-Kahn

Arguments

Most issues are already legislated and need adaptation rather than entirely new laws, with international cooperation being more crucial than new legislation

Constitutional protections of free speech create challenges in regulating misinformation while requiring creative solutions like disclosure requirements

Topics

Legal and regulatory | Human rights

Takeaways

Key takeaways

Truth is becoming less relevant in the digital age as AI-powered content creation enables people to remain in confirmation bias bubbles, making factual debate harder to achieve

Supporting and strengthening independent media organizations is crucial for combating misinformation, requiring strong legislative foundations that ensure editorial independence and adequate funding

Most digital governance challenges can be addressed through existing legislation that needs adaptation rather than entirely new laws, with international cooperation being more important than creating new regulations

A comprehensive approach is needed that balances protecting human rights and freedom of expression while regulating harmful content and allowing innovation to progress

Technology for good initiatives must be prioritized, including investment in academic institutions and civil society to create tools that compete with profit-driven platforms

Global platforms apply different policies to different regions, with developing countries lacking the same protections as more developed jurisdictions

Watermarking and authentication technologies are critical for distinguishing between real and AI-generated content, requiring both legislative mandates and technological development

Electoral integrity depends more on neutral electoral management bodies than on technology itself, though paper trails and audit capabilities remain essential

Digital inclusion requires investment in public infrastructure to ensure rural areas, women, and vulnerable groups can meaningfully participate in digital spaces

Resolutions and action items

Parliamentarians should carry IGF 2025 outcomes back to their respective countries to drive policy coherence at national and regional levels

Continue expanding parliamentary engagement in national and regional IGFs, particularly in West Africa and Asia-Pacific regions

California will continue pushing watermarking requirements for platforms and devices, with legislation requiring embedded authentication technology in cameras

African parliamentarians will continue using regional caucuses (Africa-wide, West Africa, East Africa) to share experiences and develop common approaches

Countries should consider implementing conditionalities on licenses given to big tech companies to protect vulnerable populations

IGF should explore developing codes of conduct for social media platforms, potentially building on IPU resolutions on AI and draft codes of ethics on science and technology

Parliamentarians should look beyond political spaces to consider digital technology impacts across all sectors including health, water, and other areas

Unresolved issues

How to effectively regulate misinformation and disinformation without appearing to over-correct or enabling government abuse of surveillance powers

How to place meaningful responsibilities on big tech developers and advanced economies that export technology to developing countries without adequate protections

Whether voluntary codes of conduct for social media platforms will be sufficient or if mandatory standards and regulations are needed

How to verify human identity versus AI-generated content in digital spaces while protecting privacy and avoiding exclusion of vulnerable populations

How to handle cross-border enforcement when violators are situated in different jurisdictions from those being harmed

Whether and how to restrict social media access for minors while respecting children’s fundamental rights to information and participation

How to balance age verification requirements with privacy protection and inclusion of vulnerable populations

How to address the challenge that policy moves slower than technology development

How to ensure meaningful international cooperation when existing international protective mechanisms for human rights appear to be failing

Suggested compromises

Focus on regulating output and content rather than trying to identify the origin of AI-generated material, as verification of source becomes increasingly difficult

Provide fundamental information through watermarking and verification systems that allow people to make their own decisions rather than forcing judgments about what is real or fake

Use existing criminal codes and legislation to address AI-enabled crimes like scams, rather than creating entirely new legal frameworks

Implement incremental arrangements with tech companies through licensing conditionalities while working toward broader international cooperation

Require disclosure and transparency (such as watermarking AI-generated political content) as an alternative to restricting speech, though this faces constitutional challenges

Invest in both regulation and digital infrastructure to ensure broader participation while protecting against harmful uses

This comment challenged the prevailing assumption that new technologies require entirely new legal frameworks, suggesting instead that existing laws need better enforcement and international coordination.

Impact

This pragmatic perspective helped ground the discussion in practical governance realities, leading other speakers to focus more on implementation challenges and international cooperation mechanisms rather than drafting new legislation.

Overall assessment

Explanation

She questioned whether voluntary self-regulation would be adequate or if stronger regulatory measures and democracy-supporting alternative platforms are needed.

Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.

Building Digital Governance Together

Taking Stock

Networking Session #26 Transforming Diplomacy for a Shared Tomorrow

Session at a glance

Summary

This networking session focused on the transformative role of AI and AI-powered tools in modern diplomacy, hosted by the Data Innovation Lab of the German Federal Foreign Office. Sebastian Blum, the program manager, opened by explaining how AI is already reshaping diplomatic practices through enhanced capacity, predictive analytics, and comprehensive data processing capabilities. He emphasized that major foreign ministries are rapidly adopting AI technologies, making investment in AI capacity and data literacy essential for maintaining competitive diplomatic positions.

Claire Patzig, a junior data associate and computer scientist at the lab, presented the technical perspective on developing AI tools for diplomats. She stressed that their approach focuses on enriching rather than replacing human diplomatic work, recognizing diplomacy as a discipline with centuries of tradition involving sensitive government communications. Patzig outlined three current use cases: virtual embassies for public diplomacy in remote or politically challenging areas, negotiation tools for international conferences like COP summits, and capacity-building prototypes to train young diplomats in various scenarios.

The German approach involves establishing data labs across all federal ministries, creating a bottom-up technological development strategy tailored to specific user needs. This structure promotes collaboration while addressing interoperability challenges through peer-to-peer networks and shared projects with organizations like GIZ. The discussion highlighted the importance of cultural sensitivity, international partnerships, and responsible AI implementation in diplomatic contexts.

Questions from the audience addressed technical interoperability concerns and the potential for providing diplomatic training tools to underserved regions, particularly small island states in the Pacific where elected officials often lack formal diplomatic training. The session emphasized that successful AI integration in diplomacy requires continuous communication, respect for existing expertise, and focus on enhancing rather than replacing human diplomatic connections.

Keypoints

**Major Discussion Points:**

– **AI’s transformative role in diplomacy**: The discussion covers how AI tools are already reshaping diplomatic practices through NLP algorithms for processing diplomatic records, predictive analytics for geopolitical forecasting, and the urgent need for foreign ministries to adopt AI capabilities to remain competitive internationally.

– **Germany’s bottom-up approach to AI development**: The speakers explain Germany’s strategy of establishing data labs in every federal ministry to develop AI tools from the ground up, working directly with diplomats rather than imposing technology solutions, ensuring tools meet actual user needs and use cases.

– **Specific AI applications in diplomatic work**: Three concrete use cases are presented – virtual embassies for public diplomacy in remote or politically challenging areas, negotiation support tools for international processes like COP climate negotiations, and training systems for young diplomats to practice argumentation and decision-making.

– **Interoperability and collaboration challenges**: Discussion of technical and organizational challenges in ensuring different government AI systems can communicate effectively, the importance of peer-to-peer networks among data scientists, and the need for clear communication and respect between technical and diplomatic communities.

– **Capacity building for underserved regions**: A participant from the Cook Islands raises concerns about smaller nations lacking diplomatic training resources, highlighting the potential for AI tools to support countries with limited diplomatic education infrastructure.

**Overall Purpose:**

The discussion aims to showcase the German Federal Foreign Office’s Data Innovation Lab work in integrating AI into diplomatic practices, promote dialogue about responsible AI use in diplomacy, and explore partnerships for developing shared tools that can benefit the global diplomatic community.

**Overall Tone:**

The tone is collaborative and educational throughout, with speakers emphasizing partnership over competition. The presenters maintain a humble, service-oriented approach, repeatedly stressing that AI should enrich rather than replace human diplomatic work. The tone becomes more interactive and practical when addressing audience questions, particularly around technical interoperability and capacity building for developing nations, demonstrating genuine interest in inclusive solutions.

Speakers

– **Sebastian Blum**: Program manager at the Data Innovation Lab by the Federal Foreign Office, moderator for the session

– **Claire Patzig**: Junior data associate at the Data Innovation Lab by the Federal Republic of Germany from the FFO (Federal Foreign Office), computer scientist involved in developing software for diplomats

– **Audience**: Multiple audience members including:

– Tauga: Works with the German International cooperation agency (GIZ)

– Maureen Hilliard: From the Cook Islands, one of the small island states in the Pacific

Additional speakers:

None identified beyond those in the speakers names list.

Full session report

# Report: AI-Powered Tools in Modern Diplomacy – A Networking Session by the German Federal Foreign Office Data Innovation Lab

## Executive Summary

This networking session, hosted by the Data Innovation Lab of the German Federal Foreign Office, explored the role of artificial intelligence in contemporary diplomatic practices. The discussion was moderated by Sebastian Blum (program manager) and featured Claire Patzig (Junior Data Associate and Computer Scientist). Originally planned as a panel with multiple government representatives, the session was restructured due to cancellations. The speakers examined how AI technologies are being integrated into diplomatic work while emphasizing human-centered development approaches and Germany’s bottom-up strategy for AI implementation across federal ministries.

## Opening Context and AI’s Role in Diplomacy

Sebastian Blum opened the session by establishing the context for AI adoption in diplomatic institutions. He outlined how AI tools are reshaping diplomatic practices through enhanced capacity via natural language processing, predictive analytics using historical and real-time data, and improved data processing capabilities for reporting and analysis.

Blum emphasized that major foreign ministries worldwide are adopting AI technologies, creating an environment where investment in AI capacity and data literacy has become important for maintaining effective diplomatic positions. He noted the competitive aspect of this technological adoption in the diplomatic landscape.

## Germany’s Human-Centered Approach

Claire Patzig provided insight into Germany’s approach to AI development in diplomatic contexts, emphasizing that their methodology focuses on enriching rather than replacing human diplomatic work. She stated: “It’s not about technology being arrogant and saying we can in any way replace human beings but instead it’s about enriching what we are currently already doing.”

Patzig acknowledged diplomacy as a discipline with centuries of accumulated expertise and stressed that technology development must understand the people it serves—diplomats who navigate complex international relationships through sophisticated communication strategies.

## Bottom-Up Development Strategy

The German approach involves establishing data labs across federal ministries, creating what Patzig described as a bottom-up technological development strategy. This decentralized structure ensures that AI tools are developed based on specific user needs and actual use cases rather than imposing top-down solutions.

Patzig mentioned that this approach involves collaboration between ministries and organizations such as the German International Cooperation Agency (GIZ), though she noted challenges in ensuring interoperability between different systems.

## Three Key Applications

Patzig outlined three applications currently being developed:

### Virtual Embassies

Digital platforms that provide services to citizens abroad and people wanting to learn about Germany in areas where physical embassies cannot operate due to various constraints. Patzig mentioned a “make-a-thon” involving students that focused on developing virtual embassy concepts.

### Negotiation Support Tools

AI systems designed to support diplomats during complex international negotiations, particularly in multi-stakeholder processes. Patzig noted they are “currently working together with other huge federal ministries and GIZ on a negotiation tool” for upcoming proceedings.

### Training Systems

AI-powered platforms to help diplomats develop skills through simulated scenarios and practice opportunities that would be difficult to replicate through traditional training methods.

## Technical and Implementation Challenges

The discussion addressed several challenges in implementing AI solutions within diplomatic contexts:

### Communication and Data Literacy

Patzig emphasized the importance of clear communication when introducing technical solutions to established diplomatic processes, noting the need to respect existing expertise while introducing technological enhancements.

### Evaluation Complexity

Unlike fields with clearly defined success metrics, Patzig noted that diplomatic AI applications face unique evaluation challenges: “If we are talking about diplomacy, we don’t have those clearly defined goals, right? It’s a very broad approach and here we really have to see how it actually can enhance diplomacy instead of big noise that just takes away from the human connection that is at the core of it.”

She contrasted this with medical applications like cancer detection, where accuracy can be clearly measured.

## International Collaboration and Capacity Building

Patzig discussed Germany’s commitment to international partnerships and mentioned plans for “open sourcing them and sort of levelling the playing field.” She emphasized the importance of avoiding complete dependency on single solutions and supporting shared values through international cooperation.

A significant moment came when Maureen Hilliard, representing the Cook Islands, raised concerns about capacity building needs in small island states. She explained that in Pacific island nations, government officials are often elected from small communities without formal diplomatic training: “People in the Pacific, the government is actually elected by the small communities, people that, you know, someone within the community, no experience whatsoever with government sort of processes… But there is no training.” Her question was cut off mid-sentence in the transcript.

## Responsible AI Implementation

Throughout the discussion, speakers emphasized principles for responsible AI implementation in diplomatic contexts, including cultural sensitivity and preservation of human connections in diplomacy. Patzig noted that diplomatic AI applications must respect diverse traditions and communication styles while enhancing rather than replacing human diplomatic capabilities.

She also mentioned considerations around sovereignty and European independence in AI development, though this topic was not extensively elaborated.

## Current AI Usage

Patzig mentioned that they have been “using large language models probably since [unclear – possibly ChatGPT] for about nine years now,” indicating ongoing experience with AI technologies in their work.

## Session Limitations and Conclusion

*Note: The transcript appears to have quality issues in several places, with repetitive sections and unclear audio. The session ended with an incomplete question from the audience member representing the Cook Islands.*

This networking session provided insight into Germany’s thoughtful approach to integrating AI technologies into diplomatic practice. The German Federal Foreign Office’s Data Innovation Lab presented a model that emphasizes enhancement rather than replacement of human capabilities, with focus on bottom-up development and international collaboration. However, several challenges remain unresolved, particularly regarding capacity building for underserved regions, interoperability between systems, and developing appropriate evaluation frameworks for diplomatic AI applications.

The discussion highlighted both the potential benefits of AI in diplomacy and the complexity of implementing such technologies in a field that relies fundamentally on human relationships and cultural understanding.

Session transcript

Sebastian Blum: So, welcome everyone to our networking session on transforming diplomacy for Shared Tomorrow. My name is Sebastian Blum. I’m a program manager at the Data Innovation Lab by the Federal Foreign Office and I’m more than excited to be your moderator for today’s session. As said before, this session is brought to you by the Data Innovation Lab and today we’re discussing a crucial topic which is the transformative force of AI and AI-powered tools in diplomacy. In this session we wanted to showcase some of the potential that AI and AI-powered tools bring in foreign policy and we initially wanted to offer a platform for open dialogue among different government representatives from different regions. As you can see, there have been some minor changes in the setting of the panel because we had some cancellations so we were actually thinking to focus a little bit more on the work of the Data Innovation Lab in the next following 25 minutes. Having said that, let me briefly set the stage a bit about how AI is actually already reshaping the practice of diplomacy and talk a bit about the changes in our work that we’re already witnessing at the Data Innovation Lab itself. So firstly, we can definitely see that AI tools amplify diplomatic capacity. For example, NLP algorithms can extract key insights and transform transcripts, meetings, minutes and other diplomatic records facilitating the creation of comprehensive and timely reports. Also the huge amount of data and AI holds a huge capacity for predictive analytics, for example by leveraging historical and real-time data to forecast geopolitical trends and potential outcomes for policy decisions. And lastly, we’re also already witnessing major foreign ministries racing ahead with AI adoption and this is definitely highlighting that the integration of AI for sure is urgent and vital and therefore investing in AI capacity and more importantly data literacy is not optional but necessary. AI diplomats may risk losing ground on the international forum. Having clarified this and with this context in mind, I would like to turn to our speaker and my dear colleague, Claire Patzig, who is a junior data associate at the Data Innovation Lab by the Federal Republic of Germany from the FFO and I’m really honored to have this exciting panel with you today and I would like to hand over but before a small procedural note like we’re having a short introduction by Claire with some inputs and afterwards also due to the circumstances we’re having this panel right now, we want to open the floor also to you to share your experiences and let some space for your questions. So Claire, the floor is yours. You might share some of the challenges and opportunities in integrating AI into diplomatic practices.

Claire Patzig: Thank you so much for the kind introduction. So I’m going to speak about this topic more from the view of a computer scientist and of someone who is actually developing the software our diplomats are supposed to use and therefore I want to really highlight that one thing is similar for every software development process. It’s about the people you are developing for and in this case we are talking about diplomats. The sheer practice of diplomacy is something we in the end of the day do every single person does that, right? We are negotiating every single day and in this case we are talking about discipline with lots of tradition and in this case we are also talking about something where governments are dealing with the most sensitive issues currently happening worldwide. It’s about core values of people and in this case it’s about communication. We are talking about something that people have hundreds of years of experience with and I mean on a large scale we are using large language models probably since JCPT for about nine years now. So it’s not about technology being arrogant and saying we can in any way replace human beings but instead it’s about enriching what we are currently already doing and I think this approach is really shown in the take that the German government has taken. So in this approach every German federal ministry has a data lab so it’s from the ground up so technology is really developed for the people who are actually using that and their use cases and so also the German Federal Foreign Office has a data lab and the data innovation lab serves to communicate those findings to the outside world, connect with other partners, this is why we are organizing this networking session, as well as developing also prototypes themselves. And therefore I want to bring you like three current use cases we are working on to really also showcase how rich diplomacy is. So we just had a make-a-thon last week with students on virtual embassies, here we are talking about public diplomacy so it’s not about the practice of diplomacy itself but rather it’s really about our citizens abroad as well as people in other countries who want to learn about Germany or maybe coming to Germany. And here we see as a use case that obviously we might have an embassy in the capital but there are remote areas where people might have issues traveling to the capital for an embassy so we are really thinking about the system of virtual embassies where we might be able to offer our services in countries where we might not even have due to the current political environment or natural catastrophes being able to open an embassy and now we might be able to provide the service still to those people. And then if you look at the practice of diplomacy, right, we are really looking at negotiations at the heart of it and so we had a huge challenge last year on developing tools, really supporting diplomats and here really again focusing on working with diplomats instead of just working for them and currently we are working together with other huge federal ministries as well as the GIZ on developing a negotiation tool for the upcoming COP and here it’s also about sort of providing a service not only for Germany but open sourcing them and sort of leveling the playing field. I mean, most of the people in this room might be following the WSIS process and just following this one process, right, and keeping an eye on everything that is going on or the other institutions publishing on that just what the UN with reports is putting out is a lot and if you look at governments, they are obviously forced to sort of follow everything that is going on and even for somewhat large countries like Germany, this is a lot and here we really see a use case for AI again in sort of combining all of that knowledge and really making it easier for diplomats to stay ahead with everything. And last but not least, it’s also about capacity building. So obviously our academy knows what they are doing but still sort of supporting young diplomats in their journey is something where you really need individual support and we are currently developing, I’m doing that myself, a prototype really to drain young diplomats to sort of bring them in lots of many different situations, being able to come up fast with arguments and here we really think that this is again a use case that is interesting to every ministry of foreign affairs globally and where we again really want to stress working together and coming up with tools that really support each other. So here it’s really about having you as an audience also reaching out to us, sharing maybe what you are working on and really have some interactive dialogue.

Sebastian Blum: Well, thank you so much. I think you really were drawing to this point that the Data Innovation Lab itself was actually resulting out of the Data and AI Lab by the Federal Foreign Office. But drawing a little bit back to that, you were also referring to some different partnerships and initiatives. What do you think such initiatives as the Data Innovation Lab, how do they help to promote the responsible use of AI in diplomacy?

Claire Patzig: I think the responsible use here is that we are not talking about something like, for example, cancer detection, right? We can benchmark that and say we have an accuracy of about, I don’t know, 98%. If we are talking about diplomacy, we don’t have those clearly defined goals, right? It’s a very broad approach and here we really have to see how it actually can enhance diplomacy instead of big noise that just takes away from the human connection that is at the core of it. And there again, it’s about cultural sensitivity, right, like German diplomats might have a different focus than other parts of the world. And again, we learn from shared partnerships in this area because it’s about the practice, not really about the content, whatever negotiation, whether it’s climate or peace or whatever. It’s not about that. is the co-founder and co-creator of the AI and Diplomacy Lab. It’s not just about AI, it’s about the discipline and learning from each other again.

Sebastian Blum: Thank you so much. Having said that, I would really like to hand over to the floor as well to our online participants. Feel free to ask any questions to us about the Data Innovation Lab. The floor is yours to ask any questions to us about the Data Innovation Lab. We’re also very happy to have you here to talk about AI in the field of AI and diplomacy, and you’re also invited to present yourself, so the floor is yours. We’re also checking, of course, the online participants, so if there’s any question by our online audience, you’re also invited to present yourself. And we’re also happy to have you here to talk about AI in the field of AI and diplomacy. So, please, feel free to ask any questions. Thank you. And we’re also happy to have you here to talk about AI in the field of AI and diplomacy. So, please, feel free to ask any questions. And we’re also very happy to have you here to talk about AI in the field of AI and diplomacy. So, please, feel free to ask any questions. So, please, feel free to ask any questions. And we’re also happy to have you here to talk about AI in the field of AI and diplomacy. So, please, feel free to ask any questions. And we’re also happy to have you here to talk about AI in the field of AI and diplomacy. So, please, feel free to ask any questions. Please, feel free to ask any questions. U in May, we had a timed meeting mentioned spaces for AI, and we hosted a data talk. So, we are not only focussed on developing tools, but also soft aspects of that. So, integrating is possible. We do that in workshops, to embassies, partners worldwide, and being present in conferences, as well as inviting amazing speakers to our data talks. We also try to include people from different areas.

Claire Patzig: So, we try to make sure that the data talks aren’t maybe connected only to certain countries. And we are able to host ourselves. And we try to take that in account in our own work. And then, again, it’s about partnerships, right. About even, right, we are currently hearing a lot about sovereignty and about Europe being sovereign itself. And I think that’s a very important thing, because we are talking about the fact that the Internet doesn’t exist on its own just in one nation, right. We are at the Internet Governance Forum. We are talking about so deep interconnections. We have to take that into account and be realistic about what we are developing. And in some cases, if it’s not about something very sensitive, we can also still, obviously, work with other partners and not have to do everything on our own. So, I think that’s a very important thing, because we are talking about the fact that there are many countries and many ministries of foreign affairs that might still not have the capacities to develop tools themselves. And there again, I think it’s the same point again and again. We are coming back to partnerships, countries that support the same values and developing together. And obviously, we have a dependency, but that’s something that’s important, that is enrichment to what we are building.

Sebastian Blum: Thank you very much. Pose is the next slide.

Audience: Hi, my name is Tauga, I work with the German International cooperation agency. And previously, you told us that basically every German ministry has its own data lab. And I mean, we’re a government owned company in Germany, we also have our data lab, we also work on solutions like this. So what I’m interested in is how do you look at the issue of interoperability in such a bottom up approach from the technical perspective? How do you ensure that all these solutions that are being developed are able to communicate with each other and to link up even to the rest of the world? Thank you.

Claire Patzig: Yes, so there we are coming back again to plane, this was really the point to make it easier for also data labs to share data within government and to work together. We see that there is a peer to peer network established so that our data scientists are able to communicate and discuss what they are currently focusing on. Then again, I think for, I mean, we have within the government a new ministry, this will always be an issue that you constantly have to work on. And I think there’s lots that you can do in that regard. But for example, together with GIZ and for other ministries, we are currently working together on one shared project. And that’s just about discussing clear responsibilities, having everyone on board. And then with a shared goal in mind, it’s obviously very much possible to work together because we have one single focus. And here I think we also see especially as the Ministry of Foreign Affairs, because we are not solely focused on one issue, but we are covering many, many topics. And therefore, we are used to working together with other ministries and the experts working on those topics. So it’s bringing that into the digital sphere and also to our data scientists as a mindset. So that is, I think, very important to us as government.

Sebastian Blum: I think this was also particularly interesting because we were also talking more about the technological aspects. But what are the organizational challenges in our work that you’re witnessing coming out from a really specific position also inside of the organization of the Federal Foreign Office?

Claire Patzig: Yeah. I think it’s about clearly, it’s about always the same thing. It’s about communication. And clearly communicating as maybe the more technical community, respect for the work that is already happening. It’s not about, again, replacing anything that’s going on, but enriching. And at the same time, obviously, people have lots of experience and they know what they are doing. So you have to adapt to new processes. I think something everyone struggles with in all areas, for example, is how you sort of collect data to have that in a format that works for the technical community, but that might not be relevant for the people who are currently working as experts on those topics. And there it’s about capacity building and about data literacy and just coming back to the basics again and again. Yeah.

Sebastian Blum: Thank you so much. I see we have another question on the floor. You just can talk into the microphone. Hi. Is it on? Yeah, it is on. We can hear you clearly.

Audience: My name is Maureen Hilliard. I’m actually from an underserved region. I’m from the Cook Islands, one of the small island states in the Pacific. And one of the things that I’ve actually sort of like found in the 20 years that I’ve lived on that little island is that, you know, like, I mean, we would be really appreciative of developing tools of development for new diplomats. I mean, people in the Pacific, the government is actually elected by the small communities, people that, you know, someone within the community, no experience whatsoever with government sort of processes and things like that. But, you know, there seem to be nice people, so they get elected to government. But there is no training. I do know there’s no training for the whole diplomacy school. It’s the sort of schools that many of these people sort of like get sent overseas to work with other sort of like ministries in their area. And I was just wondering, does your hub, does it provide sort of like training facilities for, you know, underserved regions where government officials have, you know, like really do require those schools be really, really important? I mean, I sit and listen, I mean, when I sort of like think of how wonderful some of the governments are and the work that they’re doing, you know, like I know that our guys go

Sebastian Blum

Speech speed

167 words per minute

Speech length

– Claire Patzig

Agreed on

Urgent need for AI adoption and capacity building in diplomatic institutions

Claire Patzig

Speech speed

170 words per minute

Speech length

1600 words

Speech time

561 seconds

AI should enrich existing diplomatic practices rather than replace human beings, focusing on supporting people with hundreds of years of diplomatic experience

Explanation

Claire emphasizes that AI technology should complement and enhance human diplomatic capabilities rather than substitute for human judgment and experience. She stresses the importance of respecting the long tradition and expertise that exists in diplomatic practice.

Evidence

Major discussion point

Organizational and Capacity Building Challenges

Topics

Development | Capacity development | Data governance

Agreed with

– Sebastian Blum

Agreed on

Urgent need for AI adoption and capacity building in diplomatic institutions

Audience

Speech speed

157 words per minute

Speech length

343 words

Speech time

130 seconds

There is significant need for diplomatic training tools in underserved regions where government officials lack formal diplomatic education

Explanation

An audience member from the Cook Islands describes how small island states often elect community members to government positions without any diplomatic training or experience. This highlights a significant gap in diplomatic capacity building for underserved regions that could benefit from AI-powered training tools.

Evidence

people in the Pacific, the government is actually elected by the small communities, people that, you know, someone within the community, no experience whatsoever with government sort of processes and things like that… But there is no training

Major discussion point

Organizational and Capacity Building Challenges

Topics

Development | Capacity development | Digital access

Agreements

Development | Infrastructure

Similar viewpoints

Both speakers share a user-centered approach to AI development in diplomacy, emphasizing that technology must be designed with deep understanding of diplomatic professionals’ needs and the sensitive nature of their work.

Speakers

– Sebastian Blum
– Claire Patzig

Arguments

AI tools amplify diplomatic capacity through NLP algorithms that extract insights from diplomatic records and facilitate comprehensive reporting

Technology development must be grounded in understanding the people it serves – diplomats who deal with sensitive issues and core values through communication

Topics

Development | Capacity development

Both recognize the critical need for diplomatic training and capacity building, particularly for new or inexperienced government officials, and see AI as a potential solution to address training gaps.

Speakers

– Claire Patzig
– Audience

Arguments

AI can assist in capacity building by training young diplomats through simulated scenarios to develop quick argumentation skills

There is significant need for diplomatic training tools in underserved regions where government officials lack formal diplomatic education

Topics

Development | Capacity development | Digital access

Unexpected consensus

Bottom-up approach to AI development in government

Speakers

– Sebastian Blum
– Claire Patzig

Arguments

Major foreign ministries are racing to adopt AI, making investment in AI capacity and data literacy necessary to avoid losing ground internationally

The German approach involves every federal ministry having a data lab to develop technology from the ground up for actual users and their specific use cases

Explanation

Despite the competitive pressure for rapid AI adoption that Sebastian mentions, both speakers surprisingly agree on a methodical, decentralized approach where each ministry develops its own solutions. This consensus on taking time for proper, user-centered development despite competitive pressures is unexpected.

Topics

Development | Infrastructure

Cultural sensitivity and respect for traditional diplomatic practices

Speakers

– Sebastian Blum
– Claire Patzig

Arguments

AI enables predictive analytics by leveraging historical and real-time data to forecast geopolitical trends and policy outcomes

Responsible AI use in diplomacy requires focusing on enhancing human connection rather than replacing it, considering cultural sensitivity across different regions

Explanation

While Sebastian focuses on the technical capabilities and competitive advantages of AI, there’s unexpected consensus with Claire’s emphasis on cultural sensitivity and preserving human connections. This shows alignment between technical advancement and humanistic values.

Topics

Human rights | Cultural diversity | Development

Overall assessment

Summary

The speakers demonstrate strong consensus on fundamental principles: AI should augment rather than replace human diplomatic capabilities, capacity building is essential, partnerships are crucial for development, and user-centered design must guide implementation. There’s also agreement on practical applications like training tools and the need for cultural sensitivity.

Consensus level

High level of consensus with significant implications for diplomatic AI development. The agreement suggests a mature, thoughtful approach to AI integration that balances technological advancement with respect for diplomatic tradition and human expertise. This consensus could facilitate more coordinated international efforts in developing responsible AI tools for diplomacy.

Differences

Different viewpoints

Unexpected differences

Overall assessment

Summary

The discussion shows minimal disagreement, with speakers generally aligned on AI’s role in diplomacy. The main difference lies in emphasis rather than fundamental disagreement – Sebastian focuses more on AI’s transformative potential and competitive necessity, while Claire emphasizes human-centered development and respect for existing diplomatic expertise.

Disagreement level

Very low level of disagreement. This was a collaborative presentation rather than a debate, with speakers complementing each other’s perspectives. The slight difference in emphasis (technological capabilities vs. human-centered approach) actually strengthens their overall argument for responsible AI implementation in diplomacy. The audience question about training needs for underserved regions was supportive rather than challenging, indicating broad consensus on the topic’s importance.

Partial agreements

Similar viewpoints

Both speakers share a user-centered approach to AI development in diplomacy, emphasizing that technology must be designed with deep understanding of diplomatic professionals’ needs and the sensitive nature of their work.

Speakers

– Sebastian Blum
– Claire Patzig

Arguments

AI tools amplify diplomatic capacity through NLP algorithms that extract insights from diplomatic records and facilitate comprehensive reporting

Technology development must be grounded in understanding the people it serves – diplomats who deal with sensitive issues and core values through communication

Topics

Development | Capacity development

Both recognize the critical need for diplomatic training and capacity building, particularly for new or inexperienced government officials, and see AI as a potential solution to address training gaps.

Speakers

– Claire Patzig
– Audience

Arguments

AI can assist in capacity building by training young diplomats through simulated scenarios to develop quick argumentation skills

There is significant need for diplomatic training tools in underserved regions where government officials lack formal diplomatic education

Topics

Development | Capacity development | Digital access

Takeaways

Key takeaways

AI should augment rather than replace human diplomatic expertise, focusing on enriching existing practices while respecting the traditional discipline of diplomacy

Germany’s bottom-up approach with data labs in every federal ministry enables technology development tailored to specific user needs and use cases

Three key AI applications in diplomacy are emerging: virtual embassies for underserved regions, negotiation support tools for international processes like COP, and capacity building through simulated training scenarios

International partnerships and open-source development are essential for creating equitable AI tools that serve countries with varying technological capacities

Responsible AI implementation requires cultural sensitivity, clear communication between technical and diplomatic communities, and focus on enhancing human connection

Data literacy and capacity building are fundamental organizational challenges that must be addressed alongside technical development

Resolutions and action items

Continue developing the negotiation tool for upcoming COP in collaboration with other federal ministries and GIZ

Open-source AI tools to level the playing field for countries with limited technological resources

Maintain peer-to-peer networks among data scientists across German federal ministries to facilitate communication and collaboration

Provide workshops and training to embassies and international partners on AI integration

Encourage audience members to reach out and share their own AI development work for collaborative dialogue

Unresolved issues

How to effectively address the training needs of underserved regions like small island states where government officials lack formal diplomatic education

Technical interoperability challenges between different data labs and AI systems across ministries and international partners

Specific methods for collecting and formatting data that works for both technical communities and diplomatic experts

Balancing national sovereignty concerns with the need for international collaboration in AI development

Defining clear benchmarks for success in diplomatic AI applications, unlike more measurable fields like medical diagnosis

Suggested compromises

Work with partners on non-sensitive applications while maintaining sovereignty over critical diplomatic tools

Accept some level of dependency on international partnerships as enrichment rather than weakness, particularly for countries lacking development capacity

This comment is insightful because it reveals a strategic approach to AI diplomacy that goes beyond national advantage to global capacity building. The concept of ‘leveling the playing field’ through open-source diplomatic tools represents a significant philosophical stance on international cooperation.

Impact

This comment introduced the theme of international cooperation and equity in AI diplomatic tools, setting up the later discussion about partnerships and the eventual question from the Cook Islands representative about capacity building for underserved regions.

Overall assessment

Speakers

Knowledge graph

In-depth analysis

Session at a glance

Summary

This discussion focused on the launch of a research report titled “Access to Justice in the Digital Age: Empowering Victims of Cybercrime in Africa,” co-organized by UNICRI and ALT Advisory. The session examined cybercrime trends, challenges, and solutions across four African countries: South Africa, Namibia, Sierra Leone, and Uganda. Tina Power, the report’s main author, presented four key findings: cybercrime is rising in Africa but remains under-documented due to significant under-reporting, there’s a disparity in understanding between financial and personal cybercrimes, certain cybercrimes are inherently gendered in nature, and deep structural barriers continue to hinder access to justice.

Michael Ilishebo, a digital forensic analyst from Zambia Police, highlighted major law enforcement challenges including lack of technical capacity, increased use of AI by criminals, encryption technologies that delay investigations, and jurisdictional issues. He emphasized that most African countries are not party to the Budapest Convention, limiting international cooperation. Sandra Aceng from Women of Uganda Network discussed obstacles victims face, particularly women and gender minorities, including social stigma, limited digital literacy, dismissive police attitudes, and insufficient legal frameworks specifically addressing technology-facilitated gender-based violence.

The speakers provided recommendations including strengthening legal frameworks with victim-centered approaches, enhancing law enforcement capacity through training, improving public-private partnerships with tech companies, and developing comprehensive support services for victims. Senator Shweba Fola Besalisu from Nigeria emphasized the need for continental coordination and bringing civil society organizations into the conversation. The discussion concluded that addressing cybercrime in Africa requires a multi-stakeholder approach combining robust legal frameworks, institutional capacity building, and coordinated regional responses to effectively protect victims and ensure access to justice.

Keypoints

## Major Discussion Points:

– **Rising cybercrime in Africa with significant under-reporting challenges**: The discussion highlighted that while cybercrime is increasing across African countries, there’s a substantial gap in understanding the full scope due to victims not knowing they’ve been affected by crimes, lacking knowledge of reporting procedures, or facing stigma when reporting personal harms like non-consensual sharing of intimate images.

– **Gender-based dimensions of cybercrime and online harms**: A key focus was on how certain cybercrimes disproportionately affect women and LGBTQI+ communities, including revenge porn, cyber-stalking, and doxxing. The discussion emphasized how victims face cultural stigma, fear of public shaming, and dismissive attitudes from law enforcement when reporting these crimes.

– **Law enforcement capacity and technical challenges**: Speakers addressed the significant obstacles facing African law enforcement agencies, including lack of technical skills for digital forensics, inadequate legal frameworks, jurisdictional issues in cross-border crimes, and the increasing sophistication of criminals using AI and encryption technologies.

– **Legislative gaps and the need for comprehensive legal frameworks**: The conversation emphasized the importance of having well-crafted, human rights-based cybercrime laws that address both financial and personal harms, with clear definitions and accountability mechanisms. The discussion included recommendations for legislative audits and model laws tailored to African contexts.

– **Multi-stakeholder collaboration and capacity building needs**: Speakers stressed the necessity of partnerships between government, civil society, private sector (especially big tech companies), and international organizations to effectively combat cybercrime, along with comprehensive training for justice system actors and digital literacy programs for communities.

## Overall Purpose:

The discussion aimed to launch UNICRI’s research report “Access to Justice in the Digital Age: Empowering Victims of Cybercrime in Africa” and translate research findings into actionable recommendations. The session sought to identify common trends in cybercrime across African countries, understand barriers to justice for victims, and develop practical solutions through multi-stakeholder dialogue involving law enforcement, civil society, legal experts, and policymakers.

## Overall Tone:

The discussion maintained a professional, collaborative, and solution-oriented tone throughout. While speakers acknowledged serious challenges and shared concerning case studies of victims, the atmosphere remained constructive and focused on finding practical remedies. The tone was respectful and inclusive, with speakers building upon each other’s points rather than disagreeing. There was a sense of urgency about addressing the issues, but also optimism about the potential for positive change through coordinated efforts. The conversation became slightly more animated during the Q&A session when participants raised concerns about balancing civil liberties with victim protection and the need for continental approaches to regulation.

Speakers

– **Ottavia Galuzzi**: Social expert at UNICRI (United Nations Interregional Crime and Justice Research Institute), session moderator

– **Tina Power**: Director of ALT Advisory, Attorney of the High Court of South Africa, main author of the report being launched

– **Michael Ilishebo**: Digital Forensic Analyst and Cybercrime Investigator at the Zambia Police

– **Sandra Aceng**: Executive Director at WOGNET (Women of Uganda Network)

– **Audience**: Various audience members who asked questions during the Q&A session

**Additional speakers:**

– **Odhran McCarthy**: Program Management Officer and Liaison Officer in New York at UNICRI, online moderator

– **Senator Shweba Fola Besalisu**: Nigerian Senator, Chair of the Nigerian Senate Committee on ICT and Cyber Security, Chairman of the West African Parliamentarians Network on Internet Governance

– **Juri Bokovoy**: Member of the Finnish Green Party

– **Belford Doherty**: Cyber Policy Analyst and Head of IT at the Financial Intelligence Agency in Sierra Leone (mentioned as expected speaker but did not participate in the recorded portion)

Full session report

# Report Launch: Access to Justice in the Digital Age – Empowering Victims of Cybercrime in Africa

## Executive Summary

This discussion centred on the launch of a research report titled “Access to Justice in the Digital Age: Empowering Victims of Cybercrime in Africa,” co-organised by UNICRI (United Nations Interregional Crime and Justice Research Institute) and ALT Advisory. The session brought together law enforcement officials, civil society representatives, legal experts, and policymakers to examine cybercrime trends and challenges across four African countries: South Africa, Namibia, Sierra Leone, and Uganda.

## Key Participants

**Ottavia Galuzzi**, Social Expert at UNICRI, served as moderator and explained UNICRI’s work stream on cybercrime and online harms, including terrorism, violent extremism, gender-based violence, child abuse and hate speech.

**Tina Power**, Director of ALT Advisory and Attorney of the High Court of South Africa, presented the report’s main findings as its principal author.

**Michael Ilishebo**, Digital Forensic Analyst and Cybercrime Investigator at the Zambia Police, provided law enforcement perspectives on operational challenges and technical capacity gaps.

**Sandra Aceng**, Executive Director at WOGNET (Women of Uganda Network), contributed civil society perspectives on victim experiences, particularly focusing on gender-based dimensions of cybercrime.

**Senator Shweba Fola Besalisu**, Nigerian Senator and Chair of the Nigerian Senate Committee on ICT and Cyber Security, as well as chairman of the West African Parliamentarians Network on Internet Governance, offered parliamentary perspectives on legislative challenges.

## Major Research Findings

### Rising Cybercrime with Under-Reporting

Tina Power highlighted that whilst cybercrime is increasing across African countries, significant under-reporting exists because victims often don’t recognise they’ve been affected by crimes, lack knowledge of reporting procedures, or face stigma when reporting personal harms such as non-consensual sharing of intimate images.

### Disparity Between Financial and Personal Cybercrimes

A key finding was the stark difference in how authorities respond to different types of cybercrimes. Financial crimes typically receive quicker responses from law enforcement, whilst personal crimes—particularly those affecting women—are often dismissed as intimate or domestic matters not warranting serious investigation.

### Legal Framework Gaps

The research identified inadequate legal frameworks across the studied countries, consisting of either patchwork legislation, outdated laws, or complete absence of relevant cybercrime statutes. Tina Power noted that “good laws matter as they provide clear definitions, guidance, and legal basis for victims to seek redress.”

## Law Enforcement Challenges

### Technical and Resource Constraints

Michael Ilishebo detailed significant obstacles facing African law enforcement agencies, including lack of technical skills for digital forensics, inadequate training programmes, insufficient resources for cybercrime investigations, and limited access to specialised equipment and software.

### Artificial Intelligence and Evolving Threats

Michael Ilishebo identified a concerning trend: “We have seen an increase in terms of the cyber crime that is happening due to the use of AI. We have seen people that may not even actually know how to code… They are using AI to enhance their criminal skills.”

### International Cooperation Challenges

The cross-border nature of cybercrime creates jurisdictional challenges. Michael Ilishebo noted that most African countries are not party to the Budapest Convention, limiting international cooperation opportunities. He mentioned the upcoming UN Convention against cybercrime to be signed in October in Vietnam as a potential solution.

### Africa Cryptocurrency Working Group

Michael Ilishebo described his involvement in the Africa Cryptocurrency Working Group under the US Department of Justice, which brings together African law enforcement agencies to address cryptocurrency-related crimes and share intelligence.

## Victim Experiences and Barriers

### Gender-Based Dimensions

Sandra Aceng provided insights into obstacles victims face when seeking justice, particularly women and gender minorities. She shared specific case examples, including a 2022 case from northern Uganda and a recent case reported to Kampala Central Police Station, illustrating how victims face social stigma and dismissive attitudes from law enforcement.

### Institutional Response Gaps

Sandra Aceng noted that law enforcement frequently lacks specific training for technology-facilitated gender-based violence, resulting in inadequate responses. She observed that police officers often don’t understand the serious impact of cybercrimes involving personal or intimate harms.

## Legal Successes and Practical Applications

Tina Power provided specific examples of successful legal interventions using South Africa’s Cybercrime Act and Protection from Harassment Act, demonstrating how well-crafted legislation can provide effective remedies for victims when properly implemented.

## Public-Private Partnership Challenges

### Platform Non-Cooperation

Michael Ilishebo identified frequent refusal of social media platforms to cooperate with African law enforcement agencies. Platforms often refuse to provide information or remove content, citing community guidelines over local laws.

### Continental Coordination Proposal

Senator Besalisu proposed a continental approach to address platform non-cooperation, suggesting that “Africa as a continent come together, does the same thing that happens in Europe. You violate the law in a part of Europe, the entire Europe will fine you.”

## Civil Society and Legislative Tensions

Senator Besalisu expressed frustration with civil society opposition to cybercrime legislation amendments, stating: “civil society organizations, every time there’s an attempt to amend the cyber crime law to protect citizens, the civil society organizations are always in arms, believing and thinking that it’s about to constrain the space.”

Tina Power acknowledged this “very fine line” and emphasised the importance of grounding legislation in human rights principles to address these concerns whilst protecting victims.

## Key Recommendations

### Victim-Centred Legal Frameworks

Tina Power emphasised that “laws must be victim-centered, grounded in human rights, and well-communicated to both public and justice system actors.”

### Capacity Building and Training

Speakers emphasised the need for comprehensive training programmes for law enforcement, judiciary, and other justice system actors, addressing both technical skills and gender-sensitive approaches.

### Specialised Response Units

Sandra Aceng recommended establishing specialised technology-facilitated gender-based violence response desks at police stations, staffed by trained female officers.

### Multi-Stakeholder Partnerships

Sandra Aceng emphasised the need for “multi-stakeholder partnerships including engagement of boys, men, and communities in prevention efforts.”

### Digital Literacy and Awareness

Speakers highlighted the importance of comprehensive digital literacy programmes targeting diverse audiences through multiple channels, including community workshops, radio programmes, and social media campaigns. Sandra Aceng mentioned successful initiatives including comic books and other educational materials.

## Conclusion

The discussion successfully launched UNICRI’s research report whilst generating substantive dialogue about cybercrime challenges in Africa. Key themes included the need for victim-centred approaches, enhanced institutional capacity, improved public-private partnerships, and better coordination between stakeholders. The session highlighted both the complexity of addressing cybercrime across diverse African contexts and the potential for collaborative solutions that balance victim protection with human rights considerations.

Tina Power’s framing of cybercrime as fundamentally “a justice issue” rather than merely a technical problem provided a central theme that influenced much of the subsequent discussion about legal frameworks, institutional responses, and victim support mechanisms.

Session transcript

Ottavia Galuzzi: Good morning everyone joining us in person and online and good afternoon or evening to disconnect from different time zones. For people present in the room you can wear the headset to hear us better, both us and people online. My name is Ottavia and I work as a social expert at UNICRE, the Interregional Crime and Justice Research Institute. We are very thankful for your time and interest in this session co-organized by UNICRE and ALT Advisory titled From Research to Action, Cybercrime and Justice in Africa. Very quickly during this session we will launch our research report just published today titled Access to Justice in the Digital Age, Empowering Victims of Cybercrime in Africa. We’re going to present its main findings, learn from our speakers about many topics from the common trends in cybercrime and online harms targeting African countries, the challenges national law enforcement agencies face in conducting investigations and the obstacles victims encounter in reporting cybercrime and online harms and in seeking fair redress. Then we will aim to discuss recommendations, what gaps we can fill in as a multi-psycholar community and what practical solutions we can improve or develop as next step. We will conclude the sessions with participant feedback and expertise including of course questions. for our speaker. This falls within UNIQRI’s work stream on cybercrime and online harms, which aims to explore the interplay of different cyber threats and harmful behaviours, seeking to develop inclusive and rights-based solutions to address the convergence of cyber crime and online harms, including terrorism, violent extremism online, gender-based violence, child abuse and exploitation, and hate speech. At UNIQRI, we address these threats through action-oriented research on niche thematic areas, but also capacity-building activities involving tech companies and technical assistance to member states and policy-making. So, of course, I would like to thank our great speakers for their time today and their direct contribution to the report we are launching, we just published. Let me quickly introduce them for you all. So, we have Tina Power, she’s Director of ALT Advisory and Attorney of the High Court of South Africa. Michael Ilishebo, Digital Forensic Analyst and Cybercrime Investigator at the Zambia Police. And then online, we have Sandra Aceng, thanks a lot for joining us online, Executive Director at WOGNET, Women Uganda Network. And we are waiting for another online speaker who might join us soon, Belford Doherty, who is Cyber Policy Analyst and Head of IT at the Financial Intelligence Agency in Sierra Leone. Last but not least, my colleague Odhran McCarthy, Program Management Officer and Liaison Officer in New York, is joining as online moderator. To all online participants, of course, leave your questions and comments and feedback in the chat, and we’re going to go through it during the Q&A. So, logistically speaking, we will, before opening the floor to participants, we will have two rounds of questions for our speakers, to firstly set the scene, and secondly, to discuss recommendations, opportunities. And I think we can just start. So my very first question is for Tina. So as the main author of this report we’re launching today, could you please share with us the main findings of this report? Thank you.

Tina Power: Thanks, Ottavia. Good morning, everyone. Maybe just a quick good morning to all of the early birds who joined us in person. We appreciate it’s a slightly chillier morning and it’s been a very busy week. So thank you for taking the time to be here. And thank you to everyone online as well. We know some colleagues are joining from very different time zones. So we appreciate that everyone has put in the effort. And a final thank you to the technical team at the back who’ve helped make all of this possible. We really do appreciate it. Thank you so much. So as a point of departure, it’s important to note that while many of the themes that we’ll be discussing today may be familiar, what sets this report apart is its focus on Africa, which is somewhat unique given that we’re launching it in Norway. But we don’t often speak about what’s going on in Africa from a cybercrime perspective. So that is important. It is also victim-centered in nature. We’re not talking about hacks of big banks. We’re talking about the lived and individual experiences of ordinary people who are victims of cybercrimes. And it is also informed by a diverse set of stakeholders, which is why this panel is also so unique. We’ve got members of the private sector. We’ve got members of civil society. We’ve got UN agencies and we’ve got government. So it was truly informed by everyone’s perspective and views. And lastly, it’s been geared towards finding meaningful and practical solutions to the present challenges. So quite simply, the report isn’t set to explain to us what cybercrimes are. It’s set to explain to us how people are being affected and why so many remain without justice. So there’s a lot to unpack in the report. But I’m going to just spend some time going through four of the overarching findings that we saw across four different countries. South Africa. Namibia, Sierra Leone, and Uganda. So the first finding is that we know cybercrimes are on the rise in Africa, but we don’t yet have the full picture. Secondly, there’s a significant disparity in how people are understanding various different forms of cybercrimes. Thirdly, certain types of cybercrimes are inherently gendered in nature. And finally, we are seeing deep structural barriers that are continuing to hinder access to justice. So I’ll briefly take us through these. So the first is we know that cybercrimes is on the rise. We’ve seen this through emerging data, anecdotal evidence, and engagement with stakeholders. But we don’t think we have the full picture yet. And this is largely due to significant under-reporting, which I know Sandra is going to touch on shortly. But we’ve seen that a lot of people who are victims of cybercrimes don’t know that they have been affected by a crime. Even if they do know it’s a crime, they don’t know where to report, how to report, or how to phrase what it is that has happened to them. There’s also, particularly in relation to more of the personal types of online harms, like the non-consensual sharing of intimate images, a lot of women in particular feel that there is significant stigma in reporting and that they will be blamed or re-victimized. So that hinders them from reporting. And in many instances, we’ve also just seen that frontline officers at police stations aren’t equipped to respond to these types of crimes. They don’t know what codes to use. They don’t know how to articulate what the crime is, which then hinders the whole justice process. So where data exists, it is very helpful and we can start seeing what the trends are and pick it up. But we do need to do a lot more to better capture what the actual reality is, because it means we’re tackling somewhat of an invisible problem. And this is not to say that the harms aren’t real, they’re just currently not captured on the system. Secondly, and this links to capturing, the report highlights quite an important distinction between financial harm and personal harm. Financial harms are the harms where you’ve been scammed, you’ve been hacked, someone has stolen your money. And then we have personal harms, which are far more intimate. This is the non-consensual sharing of intimate… and Mr. Michael Ilishebo. We’ve been talking about the two types of crimes. We’ve been talking about intimate images, being harassed online, being doxed, being threatened, instances of hate speech. And what is interesting about the distinction is how it is responded to. If you report a financial crime or a theft, there’s often a quicker response and a more immediate response, whereas reporting personal crimes are seen as more intimate or domestic in nature and not always taken as seriously. We’ve seen this in the case of cybercrime. We’ve seen this in the case of cybercrime. Cybercrime also came through incredibly strongly in the research and engagements with stakeholders on the ground. Where there are instances of harassment, doxing, intimate images, these are all very gendered in nature and it is clear that women are disproportionately affected as our members of the LGBTQI plus community. And finally, all of this culminates in us identifying the correct legal framework to enable this. It is either a patchwork of laws, non-existing laws, or laws that are outdated or outmoded. We’re also seeing that law enforcement and justice systems are often undercapacitated in Africa. Resources and budgeting is not directed towards these institutions, but it will be lovely to hear from Michael, as someone who is playing a critical role in these institutions, as to what the type of capacity is that we need. We’re also seeing that both victims and survivors of cyber-crimes are often under-reported. We’re also seeing that there is a lack of accountability for victims of cyber-crimes, and cyber-crimes legislation. We’re also seeing that people don’t recognize this as a crime, which then means that they are not reporting. Ultimately, the report has made it clear that cyber-crimes is not just a technical issue, it’s a justice issue. If we don’t have correct avenues for justice, victims and survivors will not be able to seek recourse, we will lack accountability, and we will not be able to move forward as a global country.

Ottavia Galuzzi: Thank you Ottavia, that was a fantastic their report we are publishing today, but to the conversation and discussion of today. So now we’d like to move to you, Michael, and get your perspective as law enforcement. So could you please share with us, what do you think are the main challenges law enforcement authority face with cybercrime investigations today?

Michael Ilishebo: Thank you. Good morning, Ottavia, and good morning, my fellow panelists and those in this room and those online. So basically as a law enforcement officer from Africa, and also one of the law enforcement officers in this world was trying at all costs to ensure that we have a safer cyberspace for all, because as you know, cyber has no jurisdictional borders. So basically from the African perspective, the challenges are many. Cybercrime comes in a mouth face way. What I’m trying to mean is, in almost every crime that is committed today has elements of digital evidence. Digital evidence is highly policed using the cyber laws. So we find a situation where almost all traditional forms of crime that used to happen in the past are more prominent now, because of the use of ICT. Just as the increase in the nominal traditional crimes is on the rise, we’ve seen cybercrime also coming on the rise. So among us, the many challenges that we are facing as African law enforcement agencies or African law enforcers is that the first part of it is the lack of capacity in terms of technical skills. Because when we talk of cybercrime investigations, the process starts with a person reporting. In this case, there’s also an increase in under-reporting of these cases. Most cases that happen, people fail to report them to the police, not because they don’t want to report them. and Mr. Michael Ilishebo. I would like to start with the first point. First, because they know that either by time, even if they report, they may not get sufficient help. Secondly, because as she put it, it could not be a crime that has been committed from the aspect of financial gain but personal gain. There are people that would want to keep their privacy as in really private, knowing that if I go to the police station, they may not be able to report these cases. So, if they report these cases, they may not be able to report the nature or anything that may compromise their standing in society. They may end up failing to report these cases. So, as the cases are reported at police station levels, what happens next is the suspects are supposed to be arrested and arraigned before the courts of law. Then, if the police are failing to handle some of these cases due to technical skills, what happens at the courts? Then they hug them, maybe try to run others and then eventually, they will get a fine or they will actually have to join another city court. They will have to judge the acts that they had committed against themselves. They will have to do a lot of things. They will have to do a lot of things. So, we have seen an increase in terms of the cyber crime that is happening due to the use of AI. We have seen people that may not even actually know how to code. People may not even know how to frame this and that. They are using AI to enhance their criminal skills. Also, the use of encryption in order to hide whatever information that may be found on their mobile devices, on their cell phones, on their computers. So, the use of encryption in order to delay the later justice is enforced. Thirdly, also, the use of cryptocurrency. As you have seen, we have seen an increase where criminals no longer have to rely on fiat cash. In order for them to commit a crime, they hide under the cryptocurrency barrier. But of course in Africa, we are trying with the help of the US government an organization was a grouping was formed which is called Africa Cybers Africa Cryptocurrency Working Group, which is under the US Department of Justice attached to the AU in Addis Ababa. I think we are there is about eight countries and more countries will be joining We are trying to tackle the issues of cryptocurrency so sadly It’s the issues of legal frameworks as you know To fight cybercrime you start with domestic laws then let alone you Graduates to international conventions. So most African countries are not part to the Budapest Convention But fortunately enough the UN has come up with a draft UN Convention against cybercrime Which by nature in an African country which is a member of the UN may in a way or one way or the other may find themselves signing to the Budapest to the To the UN Convention when it comes into when it is signed. I think it will be signed in In October in Vietnam, then of course the process will start overseeing and all those So that would be the easier way for member states in Africa to be part to the international conventions of course, we have the Malabo Convention on data protection and Cyber security, but it does not address the current increase in terms of crime There is also the Budapest Convention which has been around for the last 20 years If I checked the last time I checked the data’s the only about Less than 15 if not 12 African countries who are part to the Budapest Convention this in itself has played a critical role in terms of us getting information when it comes to Cases or criminals who are out of the jurisdiction of Africa So that brings out to the issues of jurisdictions because we’ve seen an increase in crimes Being committed in nations that may not even have cyber laws in place So what is happening right now is if a country has poor cyber Crime registration somebody from another jurisdiction may actually cause financial and emotional harm and yet In that country, it’s not a crime So, we’ve seen so many challenges such that if I was to list them here, they would resonate with almost all the challenges all enforcement agencies are facing. But what I’ve just said, these are part of the most critical challenges that we are facing.

Ottavia Galuzzi: Thanks a lot, Michael, for this overview and snapshot, very detailed snapshot into the different challenges law enforcement may face in regards to cybercrime investigation. Something interesting you mentioned regarding the rise of cybercrime with AI, something we have seen via different research is that AI is really, is not creating new criminals, is actually allowing criminals in other fields moving into the cybercrime environment, which is a bit concerning because, yeah, I think we can all agree that AI reduce the level of barrier into everything that is technical. So thanks for bringing that up as well. Moving forward, I would love to come to you, Sandra, I hope you hear me. Yeah, we see you, that’s fantastic. And to you, given your line of work and the important work you do, I would like to focus more on the victim side. So we would love to hear from you, what are the obstacles that victims encounter in reporting cybercrime-reliant harms and in seeking fair redress, particularly from a gender perspective?

Sandra Aceng: Thanks to you. Thank you so much for the question. Could you please confirm that you can hear me? Yeah, we can hear you. Okay. It would have been lovely to be in that room, but nonetheless, I’m joining virtually and good morning, good afternoon, and might be evening for everyone, for some other people who are joining as well. I’m very glad to be speaking about this subject. So based on the work that we have done at Women of Uganda Network. Looking at some of the obstacles that victims encounter, especially women and gender minority groups, they face a lot of numerous challenges, especially in being able to report, but also being able to seek redress, which sometimes, in most cases, is shaped by social stigma, sometimes institutional gaps, and also digital illiteracy, as also clearly highlighted by Michael. So I would go deep into it. So one of the obstacles has been stigma and the fear of also public shaming, whereby women who experience tech-facilitated gender-based violence, such as non-consensual intimate distribution of intimate images, that in the context of Uganda is usually referred to as revenge porn, and also cyber-stalking and doxxing, they often really fear being blamed or ridiculed. And then there’s also the cultural norms that discourage women from speaking out, especially when the abuse is sexual in nature and also intimate in nature. So there’s this case in 2022, when we documented during our study, a young woman in the northern part of Uganda had intimate images leaked by her ex-partner. So rather than her posting it, reporting it, she withdrew from social media and also isolated herself. So when she reported this case to Women of Uganda Network, she expressed fear of being judged by police and also her community. So when the case was handled confidentially through Whoop Net’s toll-free line, but she never really… pursued for more justice as well. And then, also talking about the aspect of limited literacy and also awareness of rights, whereby many victims, especially those in the rural, rural women and youth, do not recognize online harms or crimes, or are unaware of, actually, the available legal protections. So, a lack of awareness of, for example, a data protection law, or the Computer Misuse Act amendment in 2022, or the the Uganda Police Cybercrime Units also limits reporting. Still an example during a workshop that we conducted in a district that is based in northern Uganda. It also found out that about 80 percent of the participants, majority of which were women, had never heard of what Uganda Data Protection and Privacy Act is. So, many believe that online reporting abuse was maybe for those who have strong political views or financial connection. So, you can see, really. So, there’s also a bit of lack of awareness in regards to that. And then, also talking about the weak law and also the enforcement response and institutional aspect of it, you find that victims also face very dimissive attitudes from police, especially when the harm is online and not physical. A serious case that we actually recently was reported to our police through one of our partners, whereby her private and intimate images were unlawfully shared in multiple WhatsApp groups, which we also were able to identify the WhatsApp group without consent. So, she strongly believed that these images were taken by her former boyfriend, which was also named. but I’ll keep it private for this. So as she was, he was the only person with access to her at that state and she also asserted that he took these photos without her consent. So she reported this case to the central police stations of Kampala. All the case details are with offensive registration registered and as an unsolicited information under the Computer Misuse Act, CAPT 96. So she was deeply very concerned that more content would be shared and also as she and also the ex-partner also engaged in intimate activities in his residence which also had a CCTV camera to which he had sole access to but the police could not help her because she didn’t have enough evidence. So we were able to provide some support of having screenshots which she was also able to share and either also if she has direct access to the WhatsApp group which she didn’t have but a friend had access to the WhatsApp group and also belong to the WhatsApp group but she couldn’t report this case because the friend could not report it. It needed someone in the WhatsApp group to be able to report and I was actually looking through the rules in the WhatsApp group which also says if you’re quiet in the WhatsApp group you will be able to be excluded and all that. So you can see that the aspect of law enforcement that lacks specific trainings especially to undertake tech-facilitated gender-based violence is still lacking and investigations often are slow and also very inclusive. So this requires a lot of training to be done and also linked to that also a university student also reported that cyberbullying and defamation via Facebook accounts to her local police post in Lira district that is also based in northern Uganda. So the police asked her to present the suspect, who was anonymous, and then told her to ignore it and deactivate her account. So through UGNET’s legal network, we were able to link them to the Belford law for digital legal support, but formal justice was not pursued. So you find that there’s a lot of issues that continue to happen, also with the insufficient legal frameworks and gender-sensitive provisions that we have, this continues to happen. For the case of Uganda, we have no specific law in Uganda that addresses technology-facilitated gender-based violence. Although we have the African Commission of Human and People’s Rights Resolution 522, which talks about the protection of women against digital violence in Africa, it’s still something that re-organizes online gender-based violence as a human right. And this is a step, and it’s also calling for all the member states countries to be able to work together to ensure that we have specific laws that address digital violence as a whole. So I would like to stop here, and I need to go back to you, thank you.

Ottavia Galuzzi: Thanks a lot, Sandra, for sharing different, unfortunately different examples of cases related to cybercrime, online arms, and with a gender-based violence component as well. Your perspective is very much needed in this type of conversation. So now, you know, we set a bit the scene of what is happening, and what are the different and Mr. Michael Ilishebo, Mr. Odhran McCarthy. Thank you so much, Tina. I’m going to start with you, because I think you’ve already touched on a lot of different challenges that different sectors within this topic address. So perhaps we can we can move into recommendations, opportunities and next steps. And then, of course, opening to to the floor, both in on site and online floor. What can you share with us on the legislative aspect? So how can we use legislative instruments to to really advance the prevention and countering of cybercrime and online harms?

Tina Power: Thank you. Thanks, Ottavia. If there’s ever a question to get a lawyer excited, it’s what is the value of laws? So I’ll try to keep it brief, but I want to touch on why laws matter, how the right laws can lead to tangible, positive results and what we can do to make our laws better. So an important finding of the report is good laws matter for several reasons. They provide clear definitions and guidance as to what the crime is and what the options you have are. It’s also essential both for the public understanding of what the law means and what justice means, as well as for how the justice system will then unfold once it’s been reported. Laws also give victims a legal basis to seek redress and ensure that there is accountability and a well-drafted piece of legislation lays the foundation for action. It enables us to know what to do from the moment of reporting, which we’ve now heard multiple times is a clear challenge through to investigation, which is also there are complications as well as at the actual justice system level. Once we get to courts, what is going to happen? So the law gives us that foundation, which is much needed. So without laws and clear guidance that are grounded in human rights, victims will remain vulnerable and access to justice will remain limited. South Africa’s Cyber Crimes Act provides quite a useful tool. Thank you very much, everyone, for joining us. This is a very useful example of a law. I’m not going to say that it is good, but it does tick many of the boxes. It addresses both financial and personal harms. It provides institutional guidance. And requires the development of more sort of operational requirements, such as standing operational procedures. How do we gather the evidence? How do we store the evidence? How do we use the evidence in court? Having the right legal framework can tangibly support victims of various forms of cybercrimes. And I’m going to share a few examples in some of the work that we’ve done recently. So we’ve issued several cease and desist letters. In South Africa, we call them letters of demand. In cases involving threats of the disclosure of intimate images. So the image hasn’t yet been disclosed, but it’s a threatened disclosure. And in the letters, by simply referencing South Africa’s Cybercrime Act and explicitly stating what the criminal sanctions are, we have found that it’s an incredibly useful deterrent to stop the harm in its tracks. When people see that there is a real legal harm or a real legal risk at play, they generally have tended to stop, in our experience. And so this is quite an important reminder that even the threat of legal accountability can be a strong deterrent. A second successful example that we’ve had was using South Africa’s Protection from Harassment Act. And here we used it to obtain what we call a protection order. In other jurisdictions, it’s generally known as a restraining order. And we achieved this on behalf of a human rights defender who was being relentlessly attacked on X and threatened with real world violence. But fortunately for us, our act applies to both harassment and threats in the physical realm as well as the online realm. So we were able to go to court and explain to the judge both the online harms and the stresses and the consequences as well as how this could unfold in the offline world. And we were able to secure protection for our client in that way. and Mr. David B. Reid. So I want to start by saying that the UNRQ report can offer justice, but the law needs to be good. It needs to be well-crafted. Definitions need to be clear, the accountability mechanisms and the reporting mechanisms also need to be clear. So one of the useful things about the UNRQ report is that we don’t just stop there. We don’t say you need good laws. We actually want to figure out how we can make good laws. So that means that every agency and we are going to apply legislation to raise awareness of actually assessing things for, for concern at the country level. So each country assesses where they are at. Do we have overlapping laws, are we missing something fundamental? Do we simply not have a law like is the case in Namibia, they haven’t yet passed it and that means that victims are completely without redress. We then couple this with a cyber crimes model law that is victim-centered. We have seen other cyber crimes law that is not just a model law, it is a model law that is not just a model law, it is a model law that is actually affected. So we want to structure the legal approach in two forms. We set up the audit to assess where the challenges are, but then we also help you fill the gaps. This is what a model law could look like. Apply it to your jurisdiction and see what works. But we also know, and I’m sure other colleagues will discuss it as well, that law alone is not enough. This needs to be coupled with comprehensive training of just the sector actors so they know how to apply the law, but also to have a good piece of legislation. We need to have a good piece of legislation so that ordinary members of the public are able to know that they have been a victim of a cyber crime and they know how to report and what the reporting process looks like. So we want good laws, but we also want people to be able to use the laws. It is very unhelpful having a good piece of legislation, but no one knows how to use it or how to access it. So in summary and in closing, because I see our time is moving on, I will caveat all of this, as lawyers generally tend to do, to say that it is not the end line, it is not the finish line. For our laws to be effective, they need to be clear, they need to be grounded in human rights, and they need to be well communicated, both to members of the public and those within the justice system. This needs to be equally coupled with institutional capacity, and capacity has come up time and time again, both from Sandra and Michael. So we know there is a clear challenge there, and laws need to be able to support that and enable that. So when all is said and done, as a lawyer, I see huge potential and value in the law, and it is one of the solutions. It is an important one, and it does provide us with what we need to take us forward, but it needs to be coupled with everything else that we’ve discussed today as well. Thank you, Ottavia.

Ottavia Galuzzi: Thanks to you, Tina. That is very, I think, the perspective of having not just legislative framework, but the right legislative framework is a key message here. Michael, back to you again, from law enforcement perspective. Where do you think we should focus our efforts in enhancing law enforcement capabilities towards tackling cybercrime? And perhaps if we can get your views on one of the recommendations in the report is the use of clear coding systems for cybercrime investigations. If you could share anything on this, that would be very helpful. Thank you.

Michael Ilishebo: So basically, I’ll pick it up from the previous speaker. You see, when we embark on the Know Your Light campaign to focus on victim-specific laws, what we’ve discovered is that, like from my experience, from examinee experience, is that in my country, those laws are there that actually protect the victim. But unfortunately, the civil society are coming up and saying that some of these laws are meant to stifle freedom of expression. So as much as the government, as much as the laws and Mr. David Njie. We have a lot of people here who want to speak life into protection of the victims. Somehow others would feel their freedom of expression is being hampered. So that’s one of the challenges that we need to find a balance. So coming to the question, so some of the major recommendations or working solutions that we need in order for us to address, fight and mitigate, of course, you cannot avoid, is that the first part is, as I alluded on, is on capacity building. Not only the police, but also the justice system, the wheel of justice starts with the law enforcement, ends with the courts. So once we tell in some causes that are specific to the needs of these players in the justice system, we’ll at least be able to address and mitigate some of these issues. You need to feel in the Courts to be ready, to navigate, so therefore, we need first, we need such a solution to limit crime in those areas, and once you have a solution that we have mature on that should be protected. In terms of the first part of what I said, we need a third form of communication and we need the leniency of the system, not just pass things through but rely on that decision. Believing that we also have the right to have such an initiative and we should not let it happen. So I give an example. The social media platforms where some of these I would like to say even financial, non-financial cases or cases or cases happen, sometimes it requests information from these service providers, I won’t name them, you know them, they will tell you what to do with it. an offence, an act that is an offence in a certain jurisdiction. So, in that case, they may not actually be able to give you the information you are seeking for. An image may be posted of someone online. You request for it to be pulled down. They will still say this does not go against our community guidelines. So, we need a clear balance. We need cohesion. We need to reach consensus. A situation where as much as it may not be able to go against their guidelines, but as long as the victim feels not safe, imbalanced, or public shamed by virtue of that post or image, this social media platform needs to be bringing down this information, this content. Also, when the law enforcement agencies also request for information, there is need for them to act swiftly to give the law enforcers the information they are after, as long as we meet the basic criteria of either a subpoena, a court order, or anything that they demand. So, once we address the issue of private-public partnership, we will halfway have solved the problem. Also, we have the issue of enhanced legal framework. I will give you an example for Zambia. Just two months ago, we amended our Cybersecurity and Cybercrimes Act into making the Cybersecurity Act a single piece of registration and also enhancing the Cybercrimes Act. We have come a long way in terms of addressing cybercrime. But again, if you look at the current law, it is able to address what challenges we are facing now. But that does not mean that in two, three, four years’ time, the same piece of registration will be as effective as it is now. So, the process of enhanced legal frameworks has to always be continuous because a cyber law has a shelf life. It does not sit like a criminal procedure. The Penal Code, the mighty Penal Code, that probably was enacted 50 years ago, and the same applies today. So, enhanced legal frameworks which are supposed to mirror to each other, meaning that if we have a mirrored cybercrimes act in Africa, where an offence in Benin, an offence in Kenya, an offence in Zambia speak to the same facts, unlike where it’s an offence in Zambia, you go to Kenya, it’s not an offence. Probably the perpetrator might be in another jurisdiction, in this case Kenya, and the victim is in Zambia. The damage has been done in Zambia, but the victim is in Kenya. And yet when you compare the cyberregistration, you discover that indeed in Zambia it’s an offence, in Kenya it’s not. So there it becomes more of a bilateral kind of arrangement. But if the laws are as clear in terms of speaking life into each other, they are mirrored, that way I can assure you we are going to probably reduce cybercrime by a huge percentage, because anyone in any African country will know that what I’m doing is an offence where I am, and the victim I’m targeting is in South Africa or anywhere else. So amongst these recommendations are that we need to have a mirrored cyberregistration. Also I already alluded to the aspect of international conventions, as I said the letter to which African countries are becoming part of the Budapest Convention, not to talk of the UN Convention, which is not yet to be signed. I think there is a need for us to push for African countries to be part of most of these international conventions, because cyber knows no border, cyber knows no jurisdiction, cyber knows, it’s not a respect of anyone. An infrastructure here in Norway can be messed up by somebody who is in Colombia or Zambia. So how do we address these issues is for us to meet somewhere through an international treaty. Thank you.

Ottavia Galuzzi: Thanks to you, Michael, and thanks for the different oversight and for the recommendations in general. But I also really appreciate you introducing the public-private partnership debacle. It’s something that is very hard to tackle. I think probably everybody in the room and also online have faced this issue in one way or the other. Before moving into questions and feedback from participants, we’d like to come back to you, Sandra, for, again, we are looking into recommendations. So perhaps your view on recommendations on how we can effectively support victims of these types of crimes, again, with a particular attention to the needs of women and girls. Thank you.

Sandra Aceng: Thank you for the question. Can you hear me? Yes. Okay, so I will start from where Tina Power actually stopped. She said the law is not enough and I like to say that you cannot fix what is broken by tech using the law. However, we also need the law. So for my recommendation, I would say there’s need, as also Michael highlighted, that there’s need to strengthen the legal and policy framework, enact specific laws that speaks about online gender-based violence or technology facilitated gender-based violence. And these laws should be able to explicitly cover issues around non-consensual intimate images or videos, cyber-stalking, doxing, and also online harassment. And more importantly, also the AI-generated sexual content referred to as defects. Now we also have cheap facts and also the gender disinformation that is also very much linked to AI-generated content. And also speaking about the law, we can also see how to integrate gender-sensitive provisions, especially into ICT legislation, ensure that about women’s rights, and also building institutional capacity and accountability. How do we ensure that we train law enforcement, the prosecutors, the judicial officers on digital crimes with agenda lengths, include models, especially on trauma-informed survivor support, ensure that there’s digital violence, ensure that also we have an inclusion of online investigation techniques that is built or taught to these people, and also establishing delegated technology-facilitated gender-based violence response desk, especially at the police post with female officers and also the digital crime experts, monitor also enforcements to ensure that justice for survivors is being guaranteed and not further victimization, and also the need to have expand access to survivor-centered support services. How do we develop and also scale up support platforms that are available? For instance, we have the OGPV web portal, like the WOCNET has, and it’s able to offer support to digital security tips, also referrals, and also we have the toll-free line that’s held for reporting and emotional support. So how do we scale that? and also have mobile outreach clinics, especially for psychosocial services in the rural areas because these are some of the areas that are most times thought all that they do not face this thing and ensure that there’s also multi-language access, disability inclusive services so that no cyber is left out. And facilitate also legal aid, free legal aid, digital security support through partnership with civil society organization and legal tech firms. Again, for us to be able to reduce, I would not like to say end because we cannot end, reduce cyber crimes against women and girls, we need to have a multi-stakeholder partnership which is very key. And also promote digital literacy and awareness, ensure that women and girls have education on online safety and these trainings should be able to focus on managing the privacy settings, recognizing that online scam and online harassment is real and also the reporting channels and how to determine evidence is also being taught. And conducting some of the regular community-based workshops, the use of radios, the use of social media. Recently we explored the use of comic books that was really very impactful, going to the community and reading to them a fun way to for them to be able to educate themselves on some of the digital security tips but also being aware that online gender-based violence or cyber crime is real. And integrating also some of the cyber safety. and Digital Rights skills, especially into the school curriculum, especially for women and marginalized learners is key. And I would like to conclude and say that for us to also be able to reduce online gender-based violence, we have to start thinking of how do we engage boys, men, and also the communities in prevention. How do we challenge harmful gender norms and also online misogyny? Let’s have a facilitated dialogue, especially on respectful digital behavior and content and support male champions, peer educators in school and communities, groups to be able to be models that can promote positive engagement so that we can really be able to see how to mitigate the increasing rate of online gender-based violence. Thank you.

Ottavia Galuzzi: Thanks to you, Sandra, for sharing all these recommendations and fantastic ideas. The use of common books, for instance, I think it’s a very great example of how to involve communities as well. So I think we have a bit more than 10 minutes left, so it would be fantastic to come to you all. And thanks again for your interest and time in joining our session. I don’t know if there is any questions or comments from the… Yes, please. I think you would need to go to the mic. Thanks a lot.

Audience: Thank you and good morning. Can you hear me? I am Senator Shweba Fola Besalisu from Nigeria. I chair the Nigerian Senate Committee on ICT and Cyber Security. And I’m also the chairman of the West African Parliamentarians Network on Internet Governance. We are very delighted to be here and listening to the conversation in the last one hour or so. You could also be speaking about Nigerian situation, I mean listening to Zambia, to Uganda, and I’ve come to the conclusion that the issues are fairly the same, particularly on the African continent. My brother gentleman spoke about the civil society organization, and I think that’s why this conversation needs to also extend to the civil society organization. Nigeria first enacted the cyber crime law in 2015. Last year we amended it, and we’re also in the process of amending it again, particularly because of the UN Convention that was just adopted in December. But the challenge is that the civil society organizations, every time there’s an attempt to amend the cyber crime law to protect citizens, the civil society organizations are always in arms, believing and thinking that it’s about to constrain the space, forgetting that sometimes where your own rights stop is where the rights of somebody else start. So I think we need to bring the civil society organizations into the conversation. The second point for me, and I spoke about this two days ago at the parliamentary track, unless and until we are able to bring the big text into the table, and I suggest a situation where Africa as a continent come together, does the same thing that happens in Europe. You violate the law in a part of Europe, the entire Europe will fine you. Unless and until all of those big texts know that if you violate the law in South Africa, your sanction is not limited to South Africa. Same sanction will be applicable in Côte d’Ivoire, in Ghana, in Nigeria. That is the only time they will respect our national laws, our national values. As of now, we almost appear helpless. When we make the laws, devalue the laws, the same content that they will bring down in less than one day in Europe, you’ll be shuffling papers up and down for the next two weeks. Meanwhile, the victims continue to suffer. Sometimes people go into depression on account of that. I think we need a continental approach to come to the table and say, you violate the law, you don’t respect the norms here, that sanction will be applicable across the African continent. I would like to thank you again for this beautiful conversation. You speak to the African issue, you speak to the African continent, and I think now we need to move from talking about it to having a concerted African position.

Ottavia Galuzzi: Thanks a lot, Senator. That is very important, what you’re sharing, both involving civil society and bringing the big tag at the table. I don’t know if panelists would like, speakers would like to comment.

Michael Ilishebo: So basically, I will engage the Senator after this session. As this area put on, our challenges are not almost the same. What Nigeria is going through is what any other African country is going through. As I said earlier on, we’ll continue the conversations beyond the panel session.

Tina Power: I just have one brief comment. I see there’s more questions. But just to note, on the question about civil society responding to legislation, there’s a very fine line. And what the report recommends and proposes is when we’re drafting legislation, it must be grounded in human rights. So where there are tensions around freedom of expression, or there is the potential misuse of the act to potentially curb other people’s rights, we need to strike that balance. And that’s why the report very much suggests any law reform efforts must be grounded in human rights, must align with our international law. and Ms. Sophia Bokovoy, members of the Finnish Green Party. I appreciate the tension. It is a difficult one, and it is a fine line to navigate, but that is why we want our laws to be grounded in human rights, so that all human rights are taken into account when drafting the legislation. I see there are some more questions.

Ottavia Galuzzi: We can take one more question from the floor, and then we have a few questions online. Please go ahead.

Audience: Juri Bokovoy from the Finnish Green Party. It is good that it is highlighted that the big tech still washes their hands of any responsibility of monitoring their platforms for crime everywhere in the world. But my comment was mostly about the same point that was raised about civil societies. I originally come from Belarus, which is struggling from completely the same issues, but there the civil societies have been basically crushed by the government to do whatever they want. And I just want to remind people that civil societies can kind of be seen as a symptom of public distrust of the government’s capabilities and resources to handle these issues. And they should really be worked together with, even if they are annoying to compromise with on cyber law. But yeah, my question is mostly about what is the view of you, Michael, and as a prosecutor and law enforcer on the weight of public trust in these institutions in ways to handle these situations. I mean, you highlighted it about the trust affecting under-reporting quite heavily, but is there any specific way you can see that being improved significantly in this?

Michael Ilishebo: and various engagements to ensure that at least at any given situation at any police station they may start a case they may do something but when it goes beyond their technical capabilities they are able to reach us at the force headquarters which is the police headquarters so we are trying but I hope within the next coming year or two or so we’ll reach that but it’s not something that is easy.

Ottavia Galuzzi: I think we can we can have more questions I can respond to people afterwards. Sorry I’m just gonna take the two questions online if that’s okay with you very quickly and so we have one question on for you Sandra specifically on existing mechanism to support victims of crime and the second question for you Sandra but also for the other speakers is do we have example of countries where countries have enacted and robustly implemented laws against tech-facilitated gender-based violence and if yes how do they go about popularizing and implementing them? Thank you perhaps Sandra if you’d like to start thank you

Sandra Aceng: yeah so the existing mechanism, where is the person from, from which country?

Ottavia Galuzzi: I think we is Emi Okwir Oguele who asked the question online, but I’m not sure about the country but perhaps.

Sandra Aceng: Oh, so he was just saying he was happy to learn some of the existing mechanism highlighted by Sandra. So it wasn’t a question.

Ottavia Galuzzi: And then there is the question about if you know about countries that have enacted and robustly implemented laws against tech-facilitated gender-based violence.

Sandra Aceng: Okay, so that question is asked by Dr. Wakavi, who is also my friend and our partner from Uganda. So it’s a hard question, but there are some notable examples of countries that have enacted and actively also implemented laws that address technology-facilitated gender-based violence. Of course, there is really no legal framework that is perfect and universally that is comprehensive, but some countries have really made a meaningful stride, especially in the legislation. Maybe Tina Power could talk about the South African one that also have done the Cybercrime Act 2020 and also some of the key provisions, especially around it is it’s criminalizing malicious communication, including those intended to cause mental, psychological, and also emotional harm. And as far as I know, they have implemented a strategy of also doing partnership with women’s rights organization. and also to disseminate information, but also the creation of the cybercrime apps under the South African police services. But Tina Power would like maybe to explore more on that. Some of the countries that I also know is like Australia that also have the Online Safety Act of 2021 and that focus really on targeting sex-facilitated gender-based violence, including image-based abuse, cyber bullying, and also serious online harassment. From conversation, they have also the e-safety. Sorry, Sandra, we are out of time. If you can just quickly close it, that would be fantastic, sorry. Yes, so they also have the e-safety commissioner that also is very important. And also some of the examples that I know Dr. Waakabi knows about in Kenya, but explicitly we don’t have policies that really specifically might be talking about technology-facilitated gender-based violence, but things that relate to that. Thank you and over to you.

Ottavia Galuzzi: Thanks, thanks a lot. I’m sorry, we don’t have time for this, but you can come to us to share any comments or the questions you might have. Apologies for running out of time. But yeah, I would really like to thank all the speakers, Tina, Michael, and Sandra for your fantastic contribution. Thanks also to my colleague, Odhran McCarthy, who has been up late to follow us. And please feel free to come to us for any comments and questions. Thanks again for your time. Thank you. ,

Tina Power

Speech speed

212 words per minute

Speech length

2400 words

Speech time

678 seconds

Cybercrimes are rising in Africa but full picture unclear due to significant under-reporting

Explanation

While emerging data and anecdotal evidence shows cybercrime is increasing across Africa, the true scope remains hidden because many victims don’t report incidents. This under-reporting occurs because victims often don’t recognize they’ve been affected by a crime, don’t know where or how to report, or fear stigma and re-victimization.

Evidence

Agreed with

– Sandra Aceng

Agreed on

Gender-based cybercrimes disproportionately affect women and require specialized approaches

Deep structural barriers hinder access to justice including patchwork of laws, non-existing laws, or outdated legislation

Explanation

The legal framework across African countries is inadequate, consisting of either fragmented legislation, complete absence of relevant laws, or outdated regulations that don’t address current cybercrime realities. This is compounded by under-capacitated law enforcement and justice systems that lack proper resources and training.

Evidence

Disagreed with

– Michael Ilishebo
– Audience (Senator)

Disagreed on

Civil society role in cybercrime legislation

Michael Ilishebo

Speech speed

178 words per minute

Speech length

2161 words

Speech time

728 seconds

Law enforcement faces capacity challenges including lack of technical skills and inadequate training

Explanation

African law enforcement agencies struggle with insufficient technical skills to handle cybercrime investigations, which now involve digital evidence in almost every crime. This capacity gap extends throughout the justice system, from police officers who don’t know how to properly code and handle cybercrime reports to courts that lack understanding of these complex cases.

Evidence

Major discussion point

Public-Private Partnership Challenges

Topics

Legal and regulatory | Liability of intermediaries | Content policy

Sandra Aceng

Speech speed

123 words per minute

Speech length

– Tina Power
– Michael Ilishebo

Agreed on

Law enforcement and justice systems lack adequate capacity and training to handle cybercrime cases

Women and gender minorities face numerous obstacles shaped by social stigma, institutional gaps, and digital illiteracy

Explanation

The intersection of social stigma, inadequate institutional responses, and limited digital literacy creates multiple barriers for women and gender minorities seeking justice for cybercrimes. These interconnected challenges prevent effective reporting and redress, particularly affecting marginalized communities who face additional discrimination.

Major discussion point

Gender Dimensions of Cybercrime

Topics

Gender rights online | Digital access | Human rights principles

Need for specific laws addressing technology-facilitated gender-based violence including non-consensual intimate images and AI-generated sexual content

Explanation

Current legal frameworks lack specific provisions for technology-facilitated gender-based violence. New legislation should explicitly cover non-consensual intimate images, cyber-stalking, doxing, online harassment, and emerging threats like AI-generated sexual content (deepfakes) and gender disinformation.

Evidence

Uganda has no specific law addressing technology-facilitated gender-based violence. Reference to African Commission of Human and People’s Rights Resolution 522 on protection of women against digital violence, calling for member states to enact specific laws addressing digital violence

Major discussion point

Gender Dimensions of Cybercrime

Online education | Digital access | Capacity development

Audience

Speech speed

142 words per minute

Speech length

668 words

Speech time

282 seconds

Need for continental approach where violations in one African country result in sanctions applicable across the continent

Explanation

African countries should adopt a unified approach similar to Europe, where violating laws in one country results in continent-wide sanctions. This would force big tech companies to respect African national laws and values, as currently they can ignore individual country requests while responding quickly to European demands.

Evidence

Same content that big tech will bring down in less than one day in Europe, you’ll be shuffling papers for two weeks in Africa while victims continue to suffer and sometimes go into depression. Suggests Africa needs concerted continental position similar to European approach

Major discussion point

Public-Private Partnership Challenges

Topics

Legal and regulatory | Liability of intermediaries | Jurisdiction

Disagreed with

– Michael Ilishebo
– Audience (Senator)
– Tina Power

Disagreed on

Civil society role in cybercrime legislation

Civil society organizations sometimes oppose cybercrime law amendments believing they constrain freedom of expression

Explanation

There is tension between protecting victims and preserving civil liberties, as civil society organizations often resist cybercrime legislation amendments out of concern that they will restrict freedom of expression. This creates challenges for governments trying to strengthen victim protection laws while balancing competing rights and interests.

Evidence

Nigeria enacted cybercrime law in 2015, amended it last year, and is amending again due to UN Convention. Civil society organizations are always up in arms when there’s attempt to amend cybercrime law to protect citizens, believing it will constrain civic space

Major discussion point

Public-Private Partnership Challenges

Topics

Freedom of expression | Legal and regulatory | Human rights principles

Disagreed with

– Michael Ilishebo
– Audience (Senator)
– Tina Power

Disagreed on

Civil society role in cybercrime legislation

Ottavia Galuzzi

Speech speed

145 words per minute

Speech length

Research Methodology and Approach

Topics

Cybercrime | Human rights principles | Capacity development

Agreements

Legal and regulatory | Cybercrime | Gender rights online

Gender-based cybercrimes disproportionately affect women and require specialized approaches

Speakers

– Tina Power
– Sandra Aceng

Arguments

Certain types of cybercrimes are inherently gendered with women disproportionately affected, especially regarding harassment, doxing, and intimate images

Victims face stigma, fear of public shaming, and cultural norms that discourage reporting, especially for sexual/intimate abuse

Summary

Both speakers agree that women face unique challenges in cybercrime victimization, experiencing disproportionate targeting for intimate and personal harms, combined with cultural barriers that prevent reporting and seeking justice.

Topics

Gender rights online | Cybercrime | Human rights principles

Human rights principles | Gender rights online | Capacity development

Unexpected consensus

AI is enabling criminals from other fields to transition into cybercrime by lowering technical barriers

Speakers

– Michael Ilishebo
– Ottavia Galuzzi

Arguments

AI is enabling criminals from other fields to move into cybercrime by lowering technical barriers

AI is reducing technical barriers and enabling criminals from other fields to move into cybercrime

Explanation

It’s unexpected that both a law enforcement practitioner and a research organization representative would specifically identify the same emerging trend about AI democratizing cybercrime capabilities, showing sophisticated understanding of how technology is reshaping the criminal landscape.

Topics

Cybercrime | Digital business models

Need for continental approach to cybercrime legislation and enforcement

Speakers

– Michael Ilishebo
– Audience (Senator)

Arguments

Need for mirrored cybercrime legislation across African countries to address jurisdictional challenges

Need for continental approach where violations in one African country result in sanctions applicable across the continent

Explanation

The convergence between a law enforcement officer’s technical perspective and a parliamentarian’s policy perspective on the need for harmonized African cybercrime laws demonstrates unexpected alignment between operational and legislative viewpoints.

Topics

Legal and regulatory | Jurisdiction | Cybercrime

Tension between civil society concerns about freedom of expression and victim protection needs

Speakers

– Michael Ilishebo
– Audience (Senator)
– Tina Power

Arguments

Law enforcement faces capacity challenges including lack of technical skills and inadequate training

Civil society organizations sometimes oppose cybercrime law amendments believing they constrain freedom of expression

Laws must be victim-centered, grounded in human rights, and well-communicated to both public and justice system actors

Explanation

Unexpected consensus emerged on the challenge of balancing victim protection with civil liberties, with speakers from different sectors acknowledging this tension and the need for human rights-grounded solutions.

Topics

Human rights principles | Freedom of expression | Legal and regulatory

Overall assessment

Summary

Strong consensus exists on core challenges: rising cybercrime with massive under-reporting, inadequate legal frameworks, insufficient law enforcement capacity, and disproportionate impact on women. Speakers also agree on fundamental solutions including better laws, enhanced capacity building, and multi-stakeholder approaches.

Consensus level

High level of consensus with remarkable alignment across different sectors (law enforcement, civil society, legal experts, policymakers) on both problem identification and solution directions. This strong agreement suggests a mature understanding of cybercrime challenges in Africa and creates a solid foundation for coordinated action. The consensus spans technical, legal, and social dimensions, indicating comprehensive shared understanding of the issue’s complexity.

Differences

Different viewpoints

Civil society role in cybercrime legislation

Speakers

– Michael Ilishebo
– Audience (Senator)
– Tina Power

Arguments

Civil society organizations sometimes oppose cybercrime law amendments believing they constrain freedom of expression

Need for continental approach where violations in one African country result in sanctions applicable across the continent

Laws must be victim-centered, grounded in human rights, and well-communicated to both public and justice system actors

Summary

There’s tension between law enforcement/government officials who see civil society as obstructing victim protection laws, and the legal perspective that emphasizes balancing human rights including freedom of expression. The Senator and Michael view civil society opposition as problematic, while Tina acknowledges the need to strike a balance and ground laws in human rights principles.

Topics

Freedom of expression | Legal and regulatory | Human rights principles

Unexpected differences

Approach to big tech accountability

Speakers

– Michael Ilishebo
– Audience (Senator)

Arguments

Social media platforms often refuse to provide information or remove content, citing community guidelines over local laws

Need for continental approach where violations in one African country result in sanctions applicable across the continent

Explanation

While both speakers identify big tech non-compliance as a problem, they propose different solutions. Michael focuses on improving public-private partnerships and meeting platforms’ criteria for information sharing, while the Senator advocates for a more confrontational continental sanctions approach similar to Europe’s model. This represents a tactical disagreement on engagement versus enforcement strategies.

Topics

Legal and regulatory | Liability of intermediaries | Jurisdiction

Overall assessment

Summary

The discussion shows remarkable consensus on problem identification but reveals nuanced disagreements on solutions and implementation strategies. Main areas of disagreement center on balancing human rights with victim protection, the role of civil society in legislation, and strategies for big tech accountability.

Disagreement level

Low to moderate disagreement level with high strategic alignment. The disagreements are primarily tactical rather than fundamental, focusing on implementation approaches rather than core objectives. This suggests strong potential for collaborative solutions that incorporate different perspectives, though careful navigation of civil society relations and human rights balance will be crucial for effective policy development.

Partial agreements

Human rights principles | Gender rights online | Capacity development

Takeaways

Key takeaways

Cybercrime is a growing justice issue in Africa, not just a technical problem, requiring comprehensive legal frameworks and institutional capacity building

There is significant under-reporting of cybercrimes due to victims not recognizing crimes, lack of awareness of reporting mechanisms, stigma (especially for gender-based violence), and inadequate police response

Gender-based cybercrimes disproportionately affect women and LGBTQI+ communities, with personal/intimate crimes receiving less serious treatment than financial crimes

Legal frameworks across Africa are inadequate – either non-existent, outdated, or fragmented – and most African countries are not party to international conventions like Budapest Convention

Law enforcement faces critical capacity gaps including lack of technical skills, training, and resources to handle cybercrime investigations effectively

AI is lowering barriers to cybercrime entry, enabling criminals from other fields to move into cyber offenses

Public-private partnerships with tech companies are problematic, with platforms often refusing to cooperate with African law enforcement or remove harmful content

Effective solutions require victim-centered, human rights-based approaches that balance crime prevention with protection of fundamental rights like freedom of expression

Resolutions and action items

UNICRI and ALT Advisory published and launched the research report ‘Access to Justice in the Digital Age: Empowering Victims of Cybercrime in Africa’

The report provides a cybercrime legislative audit tool for countries to assess their current legal frameworks and identify gaps

A victim-centered cybercrime model law is being developed to help countries fill legislative gaps

Recommendation to establish specialized technology-facilitated gender-based violence response desks at police stations with trained female officers

Proposal for African countries to adopt a continental approach to cybercrime sanctions, similar to Europe’s coordinated response

Call for enhanced international cooperation through increased African participation in cybercrime conventions, particularly the upcoming UN Convention

Development of clear coding systems for cybercrime investigations to improve data collection and case management

Unresolved issues

How to effectively balance cybercrime legislation with freedom of expression concerns raised by civil society organizations

Lack of cooperation from major tech platforms in providing information to African law enforcement and removing harmful content

Jurisdictional challenges when perpetrators and victims are in different countries with varying legal frameworks

Insufficient funding and resources for law enforcement capacity building and training programs

Limited public trust in institutions’ ability to handle cybercrime cases effectively

How to scale up victim support services, particularly in rural areas with limited digital literacy

The challenge of keeping cybercrime laws current as technology evolves rapidly, unlike traditional criminal codes

Addressing the root causes of gender-based online violence through community engagement and changing social norms

Suggested compromises

Grounding all cybercrime legislation in human rights principles to address civil society concerns about freedom of expression while protecting victims

Developing multi-stakeholder partnerships that include government, civil society, private sector, and international organizations in crafting solutions

Creating mirrored cybercrime legislation across African countries to address jurisdictional issues while respecting national sovereignty

Balancing the need for swift content removal with due process rights by establishing clear criteria for when platforms must act on law enforcement requests

This distinction reveals systemic bias in how different types of cybercrimes are prioritized and investigated. It’s insightful because it exposes how traditional gender biases in law enforcement extend into the digital realm, where crimes affecting women disproportionately receive less serious treatment.

Impact

This categorization provided a framework that other speakers built upon throughout the discussion. Sandra’s examples of intimate image sharing and the dismissive police responses directly illustrated this distinction, while Michael’s discussion of law enforcement challenges implicitly acknowledged these different response patterns. It helped structure the conversation around understanding why certain victims face greater barriers to justice.

Overall assessment

Explanation

Need concrete models of successful implementation strategies for other countries to learn from

Open Forum #47 Demystifying WSis+20

Session at a glance

Summary

This discussion focused on the World Summit on the Information Society (WSIS) Plus 20 review process, examining progress made over the past two decades and identifying priorities for the upcoming December negotiations. The panel, hosted by Finland and featuring representatives from ICANN, UNDP, government, civil society, and Smart Africa, explored how WSIS commitments have been implemented and what gaps remain.

Panelists emphasized that WSIS has successfully established multi-stakeholder participation in internet governance discussions, a significant achievement compared to traditional UN processes. Technical initiatives like DNSSEC and internationalized domain names were highlighted as concrete successes that emerged from WSIS frameworks. However, significant challenges persist, particularly the digital divide affecting 2.6 billion people globally and substantial gender gaps in digital access.

A live poll revealed that digital capacity building in under-resourced regions was identified as the most pressing need requiring greater support. Smart Africa’s representative outlined four critical gaps for Africa: meaningful connectivity, regulatory harmonization, capacity building including AI literacy, and digital sovereignty. The technical community stressed the importance of preserving global internet standards and interoperability that have enabled the internet’s success.

Participants noted a concerning disconnect between New York-based UN diplomatic processes and the technical communities that have been working on these issues for decades. They emphasized the need for stakeholders to actively participate in the WSIS Plus 20 process, provide concrete evidence of what works, and demand meaningful inclusion in negotiations. The discussion concluded with calls for continued multi-stakeholder engagement to ensure the December outcome reflects practical realities of how the internet functions and serves global development needs.

Keypoints

## Major Discussion Points:

– **WSIS Plus 20 Review Process and Timeline**: The panel discussed the upcoming 20-year review of the World Summit on the Information Society (WSIS), including its mandate, deliverables, and timeline leading to December 2024 negotiations. This includes examining whether existing WSIS action lines and institutions like the Internet Governance Forum (IGF) remain fit for purpose.

– **Multi-stakeholder Engagement and Inclusivity**: A central theme was ensuring meaningful participation from all stakeholders – government, civil society, technical community, and underrepresented regions – in the WSIS Plus 20 process. Panelists emphasized the need to maintain and strengthen the multi-stakeholder model that has been a hallmark of WSIS success.

– **Digital Divide and Capacity Building**: The discussion highlighted persistent gaps in global digital access, with particular focus on meaningful connectivity, affordability, digital skills, and infrastructure needs in underserved regions, especially Africa. A live poll showed capacity building as the top priority needing greater support.

– **Technical Infrastructure Successes and Ongoing Needs**: Panelists reviewed concrete achievements from WSIS initiatives, including DNSSEC implementation, internationalized domain names, and Internet exchange points (IXPs) deployment, while identifying areas still requiring attention like universal acceptance and interoperability.

– **Practical Steps for Stakeholder Engagement**: The conversation concluded with specific recommendations for how different communities can contribute to shaping the WSIS Plus 20 outcome, including showing up to consultations, providing evidence-based input, and demanding seats at decision-making tables.

## Overall Purpose:

The discussion aimed to prepare stakeholders for meaningful participation in the WSIS Plus 20 review process by explaining the scope and timeline, identifying successful outcomes from the past 20 years, highlighting current gaps and priorities, and providing concrete steps for engagement before the December 2024 negotiations.

## Overall Tone:

The tone was collaborative and constructive throughout, with panelists demonstrating shared commitment to the multi-stakeholder approach despite representing different sectors. There was a sense of cautious optimism about progress made while acknowledging significant work remains. The discussion maintained a practical, action-oriented focus rather than being purely theoretical, with panelists offering specific examples and concrete recommendations. The tone remained consistently professional and forward-looking, emphasizing the importance of continued engagement and not taking past achievements for granted.

Speakers

**Speakers from the provided list:**

– **Theresa Swinehart** – Works with ICANN, session moderator

– **Yu Ping Chan** – Leads digital engagements and partnerships at the United Nations Development Programme (UNDP)

– **Jarno Suruela** – Undersecretary of State for International Trade at the Finnish Foreign Ministry

– **Fiona Alexander** – Professor at American University in Washington, D.C., former government official with experience in internet governance

– **Kurtis Lindqvist** – President and CEO of ICANN

– **Lacina Kone** – CEO and Director General of Smart Africa, a Pan-African organization based in Kigali

– **UNKNOWN** – Role/title not specified in transcript

**Additional speakers:**

None identified – all speakers in the transcript were included in the provided speakers names list.

Full session report

# WSIS Plus 20 Review: Assessing Two Decades of Progress and Charting the Path Forward

## Executive Summary

This comprehensive discussion, moderated by Theresa Swinehart from ICANN and hosted by Finland, brought together key stakeholders to examine the World Summit on the Information Society (WSIS) Plus 20 review process. The panel featured Yu Ping Chan from the United Nations Development Programme (UNDP), Jarno Suruela from the Finnish Foreign Ministry, Fiona Alexander from American University, Kris Lindqvist from ICANN, and Lacina Kone from Smart Africa.

The discussion revealed both significant achievements and persistent challenges in global digital development. Panelists emphasized that WSIS has successfully established multi-stakeholder participation as a cornerstone of internet governance, with concrete technical successes including DNSSEC implementation and internationalized domain names. However, substantial challenges remain, particularly the digital divide affecting 2.6 billion people globally and significant gender gaps in digital access.

A live poll conducted during the session identified digital capacity building in under-resourced regions as the most pressing priority. The December negotiations will determine critical outcomes including the future of the Internet Governance Forum and potential updates to WSIS action lines.

## The WSIS Plus 20 Process and Timeline

Yu Ping Chan provided essential context for the WSIS Plus 20 review, explaining this represents the second comprehensive review by the UN General Assembly of the 2003-2005 WSIS outcomes. The process examines whether existing action lines remain sufficient for addressing current digital developments and involves multiple UN agencies drafting reports and conducting stakeholder consultations.

The timeline includes several critical milestones leading to December negotiations. Chan emphasized that the multi-stakeholder approach remains central to WSIS and must be maintained throughout the review process, though she acknowledged significant challenges in ensuring meaningful participation within traditional UN frameworks.

Jarno Suruela reinforced that the Global Digital Compact and WSIS should be implemented in synchronization rather than as competing initiatives. The December resolution will determine whether the Internet Governance Forum continues and potentially update WSIS action lines to reflect contemporary digital realities.

## Multi-Stakeholder Engagement: Achievements and Structural Challenges

All panelists demonstrated strong consensus on the fundamental importance of multi-stakeholder engagement while acknowledging implementation challenges. The multi-stakeholder model has been central to WSIS achievements and must be protected in the Plus 20 process.

Fiona Alexander highlighted critical structural challenges, noting that New York-based UN systems are not as open as expert agencies, creating barriers for stakeholder participation. She emphasized that co-facilitators have made positive efforts to allow stakeholder input, but continued pressure is needed to maintain access.

Yu Ping Chan identified a significant gap between the New York diplomatic community and technical communities that have worked on these issues for decades. She observed that General Assembly processes tend to oversimplify complex technical issues and insert compromised language without understanding implications, creating risks of applying inappropriate political context to accepted technical terms.

Lacina Kone provided a positive counterpoint, demonstrating how multi-stakeholder cooperation works effectively when rooted in regional needs. Smart Africa’s experience shows that continental ownership creates leverage, with African heads of state making digital development a political imperative.

## Technical Infrastructure: Concrete Achievements

Kris Lindqvist provided a comprehensive overview of technical achievements over the past 20 years. DNSSEC implementation represents a significant accomplishment in addressing DNS security weaknesses through global cooperation. The evolution of Internationalized Domain Names (IDNs) to support non-Latin scripts has improved linguistic accessibility, though universal acceptance remains an ongoing challenge.

Africa has experienced phenomenal growth in Internet Exchange Points (IXPs) over the past two decades. The global deployment of root server instances, with almost 2,000 instances improving internet stability and performance, represents another concrete achievement of multi-stakeholder cooperation.

Lindqvist made a thought-provoking observation about the paradox of success, suggesting that the internet’s achievements may have made people take global standards for granted. The technical community must continue providing evidence and implementation data showing what works, particularly as the success of global interoperability standards may make their importance less visible to policymakers.

## Regional Development and Persistent Digital Divides

The discussion highlighted persistent gaps in global digital access, with particular focus on meaningful connectivity, affordability, digital skills, and infrastructure needs. Suruela presented sobering statistics: 2.6 billion people still lack internet access, with significant gender gaps and urban-rural disparities. Addressing the digital divide is crucial for getting back on track with Agenda 2030 and Sustainable Development Goal targets.

Lacina Kone provided detailed insights into African digital development challenges, identifying four persistent gaps: meaningful connectivity, regulatory harmonization, skills development, and digital sovereignty. Despite having over 50 digital laws across the continent, Africa suffers from little interoperability, requiring continental legal frameworks to address fragmentation.

The skills gap remains particularly acute, with less than 10% of adults in several African countries possessing basic digital skills. New challenges are emerging with artificial intelligence literacy gaps. Smart Africa, as a Pan-African organization based in Kigali representing over 40 countries and 1.1 billion people, demonstrates how continental ownership can create leverage and deliver concrete results.

## Language and Communication Challenges

A significant theme was the critical importance of language clarity in UN processes. Chan and Lindqvist both identified terminology as a major challenge from different perspectives. Chan emphasized the gap between diplomatic and technical communities, recommending clear, simple, actionable language that diplomats already understand to avoid misinterpretation.

Lindqvist warned that language matters significantly in UN processes, with terms like “sovereignty” and “control” having different meanings to different communities. He expressed concern that political context can be inappropriately applied to technical terms, creating negotiation complications that could undermine the global interoperability that has enabled internet success.

This reflects a broader structural problem: the disconnect between technical experts who understand practical implications of policy decisions and the diplomatic community that ultimately makes those decisions.

## The Internet Governance Forum’s Future

The sustainability of the Internet Governance Forum emerged as a critical concern requiring resolution in December negotiations. Suruela highlighted that the IGF serves as the primary multi-stakeholder forum for international digital policy, with over 160 national and regional initiatives demonstrating its global reach.

However, the IGF requires a more sustainable financial basis from the regular UN budget to ensure continued operations and meaningful participation from underserved regions. The December resolution will determine whether the IGF continues and potentially update WSIS action lines to reflect contemporary digital governance needs.

## Priority Setting and Stakeholder Input

The live poll identified digital capacity building in under-resourced regions as the top priority, reinforcing the development-focused origins of WSIS while highlighting the continued relevance of its foundational principles. Interestingly, open technical standards and cross-border interoperability received minimal support, which Lindqvist interpreted as potentially indicating success rather than lack of importance.

The poll results validated the development orientation that several panelists emphasized throughout the session, suggesting that capacity building remains as critical today as at the summit’s inception.

## Philosophical Framework and Global Context

Lacina Kone provided a sophisticated framework for understanding current global dynamics, distinguishing between multipolarity as a geopolitical fact and multilateralism as a conscious choice to cooperate. This distinction elevated the discussion from technical implementation to fundamental questions about how nations choose to engage in digital governance.

This framework helped contextualize WSIS Plus 20 challenges within broader global trends towards fragmentation while emphasizing that cooperation remains viable despite geopolitical tensions.

## Concrete Action Steps and Recommendations

The discussion concluded with specific recommendations for different stakeholder communities:

**Technical communities** should continue providing concrete evidence and implementation data showing what works, highlighting fundamental principles that have enabled internet success.

**All stakeholder groups** were encouraged to engage with the informal multi-stakeholder feedback group being established by co-facilitators and participate in upcoming consultations.

**Regional organizations** should share concrete success stories and operational examples, following Smart Africa’s model of demonstrating how multi-stakeholder cooperation can deliver tangible results.

**National engagement** was emphasized, with stakeholders urged to engage with their governments to inform WSIS Plus 20 positions and participate in upcoming events, including the high-level WSIS event in Geneva.

## Path Forward and Critical Decisions

The WSIS Plus 20 process represents a critical juncture for internet governance, with December decisions potentially affecting the next decade of digital policy. The strong consensus among diverse stakeholders on fundamental principles provides a solid foundation for negotiations, though maintaining multi-stakeholder openness will require continued vigilance and active participation.

Success will depend on balancing celebration of concrete achievements with honest acknowledgment of persistent gaps, particularly in capacity building and digital inclusion. The ability of different communities to communicate effectively across diplomatic and technical divides while maintaining collaborative spirit will be essential.

The discussion reinforced that the multi-stakeholder model is not just a procedural preference but a practical necessity for addressing complex, interconnected challenges of global digital governance. As the international community prepares for December negotiations, the insights from this discussion provide valuable guidance for ensuring WSIS Plus 20 builds on past successes while addressing digital governance challenges of the next two decades.

Session transcript

Theresa Swinehart: Okay, I think that’s the sign that we get to start. Everybody have their headsets on, ready to go? Yes. Good, good, fantastic. Good, good, excellent. First of all, I’d like to thank the Government of Finland for joining us for this. This is fantastic to be able to do this session. My name is Theresa Swinehart. I work with ICANN. And we are very much looking forward to this panel session, which will focus in on the WSIS process and where we are with regards to that. This does build on our discussion that we held at the last IGF in December 2024 and what has been and can be done between now and the upcoming December WSIS Plus 20-related negotiations and what matters to us leading up to that. Clearly, the decisions that are still to come could affect the Internet governance aspects for the next decade. And we really need to look at what practical steps different communities can take between now and December and what their observations are from the past. So with that, I’d like to ask the panelists to briefly introduce themselves. You’ll see that we have a panel from the technical community, from government, civil society and intergovernmental initiatives. And this will be an important observation from each of these sectors for the discussions. So if I could start with the panel to my right for the brief introductions.

Yu Ping Chan: Thank you so much. So my name is Yu-Ping Chan. I lead digital engagements and partnerships at the United Nations Development Programme.

Jarno Suruela: Thank you. Good afternoon, everybody. My name is Jarno Suruela. I’m Undersecretary of State for International Trade at the Finnish Foreign Ministry.

Fiona Alexander: Hi. Nice to see everyone again. Fiona Alexander. I’m a professor at American University in Washington, D.C.

Kurtis Lindqvist: I’m Kris Lindqvist. I’m the President and CEO of ICANN.

Lacina Kone: I am Lacina Koné. I am the CEO and Director General of Smart Africa, a Pan-African organization based in Kigali.

Theresa Swinehart: Fantastic. Very good. Thank you, everybody. Now, we have four sections to today’s session in a limited amount of time. So we will go through each of them, and we do have a poll as well. So that will add to the excitement. So on the first part that we really want to talk about is understanding WSIS Plus 20 and what it is. It’s in the 20-year review process at this point and the commitments made between 2003 and 2005 and building on a more inclusive development-oriented information society. What would be very good to hear from the panelists is to start discussing the scope of that process, who’s involved, what’s at stake, and how different communities can still contribute. So with that, question one, I’ll go over to Yuping. UNDP is one of the lead co-facilitators of the Geneva Action Plan. If you could just walk us through the mandate for WSIS Plus 20, what deliverables are expected, timelines that you have in place, and the broad range of stakeholders engaged meaningfully.

Yu Ping Chan: That would be great. Thank you so much Theresa. So I think a lot of us have been following this WSIS process for a number of years and for those who are not as up to speed on some of the intricacies of UN processes, which I agree are very long and very complicated, in essence what will be happening this year at the end of the year is that there will be the adoption of the WSIS plus 20 review. So this will be the second review that’s conducted by the member states of the United Nations General Assembly of the outcome documents that Theresa had mentioned, the 2003-2005 Tunis and Geneva outcomes of the WSIS summits themselves. So the question here is how will member states shape this eventual review to reflect some of the ongoing discussions that are happening around digital, both at the United Nations as well as other international forums? Will the WSIS action lines that have actually been established to implement the original WSIS outcomes still suffice to cover the breadth and the multitude of the global digital discussions and developments since then? And do the institutions and processes that were set up through the WSIS, such as the Internet Governance Forum that brings us all together today, still be maintained, updated, refined? You know, are they still fit for purpose? And how do the member states reflect on all the conversations that have taken place, the developments so far in the last 20 years? The process has been actually, as I mentioned, quite complex. There have been a number of UN agencies that have been involved in drafting Secretary-General’s reports. The ITU, the UNESCO colleagues have also had consultation processes that culminated in a number of submissions to the Secretary itself. The Secretary-General will be putting forward a report, the timing of which is a little bit unclear, that will summarize some of these ongoing conversations as an input for the consideration of the member states. And, as some of you have already been involved in, there are ongoing consultations that have been held in forums such as the IGF, such as the Paris Summit, the Paris Conference that was convened by UNESCO just a couple of weeks ago. And then in two weeks, at the high-level WSIS event that is convened by ITU, UNDP, UNESCO and UNCTAD, which is an annual forum where, again, we gather stakeholders to really talk about what we see as the progress made through WSIS and then the future going forward as well. There will be a number of occasions where it will be important to hear the stakeholder point of view because part of the WSIS and the outcomes of the WSIS and the reason why the process endured so long and is something that has really been able to carry through some of these outcome documents in very concrete ways is the commitment of the multi-stakeholder community and the network that has developed. It is important that as stakeholders we continue to be engaged in this process and by saying this I also include the UN system because for us we as UNDP see the WSIS action lines and the WSIS process as very important in translating guidance that is given by the Member States into actionable outcomes that are focused on delivery to countries and to communities that we serve. So in the context of ongoing negotiations at the United Nations, the conclusion of the Global Digital Compact just last year, how then do we reflect these sort of developments into the WSIS action lines, into the WSIS review, reflecting on the fact that the principles that were agreed 20 years ago in Geneva and Tunis remain as relevant today as they were 20 years ago. So that’s sort of the opening context where I really hope that stakeholders will continue to have conversations such as in the IGF and in other institutional forums to maintain the importance of the multi-stakeholder approach as embodied at the heart of WSIS itself. Thank you.

Theresa Swinehart: You really highlight the subject stakeholder and the multi-stakeholder dimension of all of this in the different subject areas. Thank you. Jarno, first of all, Finland, thank you so much for co-hosting this and by example also from government engagement in the process, what steps can governments take to ensure that really all regions, not just traditional actors, are meaningfully included in this WSIS plus 20 process?

Jarno Suruela: I think governments are like the one of Finland, so we are doing a lot together with different actors, organizations and mechanisms. And I think through the recent Global Digital Compact, the UN is better placed than ever to foster multi-stakeholder cooperation on digital matters and to leverage digital technologies for sustainable development. We believe that the GDC and WSIS are highly complementary and should be implemented in sync with each other. This is also to guarantee that everybody will be then on board. For us, the IGF is the primary multi-stakeholder forum for shaping international digital policy and Internet governance at the UN level. A clear indication of its success are over 160 national, regional and youth initiatives of the IGF. It has also become an important platform for discussing emerging digital issues such as AI. And Finland, so we are of course strongly supporting the IGF. We have given financial support to the IGF throughout its existence, being one of the all-time top contributors and we encourage of course other actors to step up their support to the IGF. In these geopolitical circumstances of today, I think it’s even more important to support and enhance the multi-stakeholder model on internet governance, which in essence empowers the various stockholders and enhances resilience of our common internet structure. And I think fragmentation of internet poses a danger to actualization of universal human rights, international trade, and global geopolitical stability. But I think this thing, so how we can reach everybody and do good for everybody, is that we have to of course address the digital divide. And the majority of the world’s population do not yet have meaningful and safe access to the internet, which requires urgent action. And breaching this digital divide is not only about affordable connectivity, it requires also investments in skills and competencies and respect for human rights and fundamental freedoms online. And we want to develop new technologies and the internet by respecting democratic values and principles. Still I think the WSIS 20 years review should highlight the need to focus on trusted connectivity and the free, open, global, interoperable and secure internet. And the review is also an important opportunity to renew and strengthen the IGF mandate, including by ensuring a more sustainable financial basis from the regular UN budget that such a global, inclusive effort deserves and needs. So to conclude, I think we are doing a lot.

Fiona Alexander: Yeah, I would agree. And thank you for your observations for an IGF. One needs a sustainable budget. One needs to be able to bridge all stakeholders around the globe and be as inclusive. So I think those are important elements coming into the WSIS 20 aspect. Fiona, from your perspective, you’ve had quite a bit of experience in this as well. What areas and where is the input most needed before the WSIS 20 outcome is finalized? And how can we make sure that those inputs reflect a diverse global perspective? Thank you, Teresa, and thanks for the invitation and for the question. And I think it’s important to keep in mind, you kind of laid out a lot of the stuff that’s going to be happening across the UN system this year, and it’s a lot of activity. But at the end of the year in December, member states are going to adopt a resolution, and the resolution is going to decide whether or not the IGF continues, and it’s potentially going to update the WSIS action lines, and it’s going to talk about the GDC. And a process that’s been kicked off, there’s been co-facilitators appointed to kind of work with stakeholders and governments to kind of put the base documents together, and those co-facilitators have had some stakeholder consultations, they had a government consultation, which is broadcast on Web TV, or UN Web TV if you wanted to watch it. And then they also have issued an elements paper this past Friday that came out. And I think, you know, there’s a litany of issues, there are substantive issues that are going to be covered that are important to a wide range of the civil society and non-government stakeholders, whether it’s getting people connected, whether it’s ensuring human rights online, whether it’s dealing with AI and digital governance issues. But I think there’s one issue set that I think people are sort of united around from the civil society perspective, and that’s making sure that, you know, what I at least personally think is one of the biggest hallmark achievements of the WSIS process is opening up the conversation so that all stakeholders are considered. And you know, we saw last year, unfortunately, in the Global Digital Compact process, the GDC process, that the systems in New York are not nearly as open as UNDP or ITU or other expert agencies of the UN have become. They originally weren’t 20 years ago either, right, and they’ve made a lot of effort to do that. And so I think the challenge that we have before us this year is to make sure that the process that’s going to unfold this year has a real voice and gives real space for people to provide input into that process. And the two co-facilitators and the agenda they’ve laid out and the timeline and the schedule seems to be allowing that, which I think is a great outcome and a great improvement. There was a group of stakeholders originating in civil society and others that signed on that have submitted a couple of letters giving some very specific recommendations and suggestions for how to allow for that engagement. And so far, we’re seeing positive movement in that, so I think that that’s good. But we shouldn’t take that for granted, and I think people should always be pushing to make sure that everyone’s in the room and everyone has a say. I think conversations here at IGF are helpful, conversations that are going to be happening at UNDP, that are going to be happening at ITU in a few weeks in Geneva. These are all going to be great things. But these conversations that the co-facilitators are going to lead and actually having conversations that are not just people giving empty statements and actually seeing what they say and provide reflected in the documents and discussed are going to be an important next step. And I think that’s what we want to make sure happens going forward for the rest of this year until we get to that final decision point where governments adopt a resolution in December.

Theresa Swinehart: for where the next question goes. And I can only echo that we’ve come a long way from 20 years ago. There was these kinds of panels, these kinds of discussions, were not normal conversations that we would usually have. And so I think these opportunities of inclusivity of all stakeholders and subject areas has lended to some really core results. Which brings us to the second section of this session about where WSIS outputs have shown an impact. We’ve talked about WSIS has produced different frameworks and dialogues and some tangible changes including stakeholders at the table in discussions discussing subject areas and and providing factual subject expertise into different conversations. Which outputs though have been effective and which ones still need support is an important part of this conversation. So with that I’m going to turn it over to Kurtis actually about where have WSIS-related initiatives such as DNSSEC or internationalized domain names demonstrated lasting value, particularly for the underserved regions, and where are there still gaps? Where can we still do some work?

Kurtis Lindqvist: Thank you Theresa. So I think you’re right as was mentioned during the WSIS and IGF processes there’s been a lot of talk about where the internet has been or where there was development or gaps to be filled, such as security in the domain name system, universal access or global region access. And DNSSEC is a very concrete success story. It was globally identified that there were weaknesses in the domain name system. These were addressed through work in the IETF to create the technical standards, city building, community building through the IGF and the multi-stakeholder awareness raising, adaptation. And this wasn’t developed by top-down mandates, this came from this realization from the technical communities, from the work here and elsewhere, really that this was a problem that needed to be addressed to create a reliability and trust in the system. And through persistent cooperation engagement Rich, and accessibility includes linguistic accessibility, and that includes in the DNS. We have seen this being evolved over the years and developed against standardization done throughout the IETF, but where we now today have a technical system in IDNs, which covers the domain name system for non-Latin scripts, Arabic, Cyrillic, Chinese, other non-Latin scripts like Swedish, my native language, and we also see a lot of work being pushed over into the universal acceptance that we go beyond the domain name system and we start talking about applications supporting these scripts in a way that we haven’t had before. Technical standards have been done, we have them, and now the universal acceptance part is to get these adopted and really used in all the world’s applications, again, something that has been discussed and pushed through the awareness and awareness-raising in the IGF sessions, in the VSYS context, about how important this is. We as ICANN have done a lot of work and outreach around this as well. I think this showcased this last point a little bit about where there are still gaps, and the gap is not necessarily always about capability, we have the technical capability, it’s about ongoing alignment and work through that we build on these capabilities and make them accessible everywhere, and we continue to do the work on coordination through rolling out the DNSSEC around operators around the world, and we also see that where this cooperative effort fails or stagnates, that’s when we start seeing fragmentation, which is a bad thing, and we see a lack of progress. And I think VSYS plus 20 really needs to draw a clear distinction here that the internet, actually the technical solutions work when they are supported by this long-term coordination that we have seen as part of the IGF, as part of the VSYS process. So the bottom line is really this, that the VSYS output so far has delivered a lot of positive examples of work when the multi-stakeholder model has been put into practice and concrete action, and the VSYS plus 20 should really preserve and protect this, because this is what has been delivering, and I think if we start upsetting this, we risk seeing continued delivery as we heard from the panels in the first section, we should really not try to bypass this, but build on what we have and continue this to ensure continued deployment.

Theresa Swinehart: Thank you. Thank you. And that does really tie into the first part of making sure we bridge into the south.

Lacina Kone: Thank you very much, Theresa, for the questions, and thank you for inviting Smart Africa. At Smart Africa, a coalition of over 40 countries, African governments, partners, civil society dedicated to transforming Africa into a single digital market, together we represent over 1.1 billion populations, united around just one vision, an integrated, sovereign and inclusive digital Africa. Our mission is to convert WSIS commitments into immeasurable progress. By saying that, excuse me, over the past decade, you know, we’ve drawn three core lessons. Number one is a continental ownership that creates leverage. With a direct endorsement from African head of the state, digital development has become a political imperative for all nations. Flagship priorities like a broadband strategy developed together with Senegal, digital identity developed together with the Benin, cybersecurity with the Cote d’Ivoire, cloud infrastructure and champions are championed nationally and regionally with a regional perspective, thereby reflecting a shift from a fragmented project to a shared continental ambition. Number two of what we actually drawn is a policy framework must deliver real result. Through initiative like a Smart Africa Trust Alliance, which is a digital ID interoperability among nations. the Smart Africa Digital Academy which is for capacity building, the Smart Africa Backbone which actually calls every single country in Africa to be interconnected to at least two of its neighbors and other relevant initiatives. We have moved from policy ideas to operational pilots and regional implementation. These are not just a future aspiration, they are a working model. Number three, and the last one, is the multi-stakeholder cooperation it works if it’s rooted in African need. Our digital scholarship funds created back in 2018, today we’ve actually trained more than 90 students in a master’s degree in digital transformation at different universities in Africa. And our data governance framework which is actually running in Senegal and Ghana and so forth, and our harmonized regulatory blueprints are developed not just with the government but also civil society, academia, and private sector, both African and global. So WSIS gives us the vision, Smart Africa is building the bridge.

Theresa Swinehart: Thank you. That’s so well articulated, I have to say, between the continental ownership, the ambition, but also importantly taking policy and how does one operationalize that in a way that’s rooted in the local community needs, which are very distinct from different communities to each other. So we’re going to run a little experiment here, we’re going to see how this works. Ah, it did work, we have a slide up, fantastic. So much of this work has involved contributions across different sectors, including the private sector. And what we’d like to do is just get a quick read from the room, including the Zoom attendees, which WSIS-related initiatives do you think need greater support today? So from the audience, I’m going to ask for a show of hands, and Becky, I think you’re going to work magic in the Zoom room, is that right? Something to that effect? Yes, the poll’s up in the Zoom room, so I’ll let you know. So for the first question, the IGF, so the question is, does it need greater support? So first one, the IGF is a globally accessible platform for dialogue. Is that a yes? Okay. Sense of the room? Very good, okay, excellent. And online so far that has 8%. in the zoom room that that one has eight percent oh wonderful okay very good let’s keep track of this okay for the second one um digital capacity building in under-resourced regions this one just pulled ahead at 41 okay excellent okay thank you open technical standards and cross-border interoperability okay it’s a little less okay maybe because it’s working better than it was and uh zero percent for online so zero percent okay that’s interesting so i wonder whether 20 years ago that might have been a different result maybe it’s a demonstration of how things have evolved over time universal acceptance including support for multilingual internet infrastructure okay yes a bit yes very good and actually online this is our second runner up at 35 oh my gosh okay very good and for the last one cyber security collaboration through multi-stakeholder approaches okay very good 12 percent 12 percent oh 16 16 percent okay okay that’s very interesting um some of the areas 20 years ago or 15 or 10 years ago might have had a different sector but it certainly does show where greater support is needed today and also the cross-sectorial and the regional aspects that we want to take a look at fantastic okay so going into the next section here we’re going to focus in on what can still be done before december now december being when we look at the negotiations in new york and the conversations that will be happening which will hopefully be as inclusive as possible but what work do we need to undertake in order to demonstrate the value of what needs to be done next so with that how can government civil society and the technical community really help shape that and i’m going to turn to you first for this what are some of the most critical inputs or messages that government should be prioritizing now particularly from those regions that have not traditionally been represented in these global internet policy discussions and you touched on that earlier in your remarks and we’ve certainly heard about it from the others

Jarno Suruela: yeah i i think we have to focus there on the opportunities and try to give also the positive messages and i think I think there are so many things that are quite obvious for us, but still we should try to keep on repeating them. For example, as we know, digitalization accelerates progress towards the sustainable development goals. Digitalization is also a means to strengthen the economy, mobilize domestic resources, increase private investments, improve citizens’ welfare and increase gender equality. Also, I think that digitalization has proven to accelerate the clean transition. But still, we also have to talk about the other side of the thing. Coming back to the topic of this digital divide, it remains a wide concern. There are 2.6 billion people lacking access and significant disparities between nations. The gender gap remains a significant concern, hindering women’s position in the digital economy. For Finland, that is one of the top priorities. In this sense, we are trying to work with different organizations. I think addressing the current digital divide will help us to get back on track when it comes to Agenda 2030 and the majority of SDG targets. Globally, of course, we are still quite far from reaching the target of universal connectivity as set out by the Agenda 2030. At the national level, especially in developing countries, significant gaps remain between urban and rural areas. As I said already, the gender digital divide is still wide. I think a strong focus on trusted connectivity and free, open, global, interoperable, stable and secure Internet, as well as multi-stakeholder Internet governance underpinning this. are essential in the review and they are important messages. This action aligns the perspectives related to new technologies that are essential for the development of the information society should be also considered more comprehensively than before. This includes AI, high-performance computing, quantum technology, semiconductor technology, mobile networks and photophonic, for example. Quite a number of items still on the table.

Theresa Swinehart: A lot of items and new subject areas as well. Thank you, that’s very helpful. Fiona, from your perspective, in light also what we’ve heard from a government perspective, what advice would you offer to smaller or under-resourced organizations aiming to participate? In that, how might they also liaise with some of their governments in relation to helping inform those conversations?

Fiona Alexander: Sure, I think it’s a good question. Also, I wanted to comment on the poll because I was struck actually, if I read the results correctly, that the capacity building one might have been the highest, got the strongest online and in the room vote. I found that really interesting because in my recollection, the original idea for WSIS came from a 1998 ITU Plenipot resolution and development and connectivity was the basis of that resolution. It was the basis of calling for the summit in the New York process and undergirds the entire five years of the WSIS process. I think it’s great that that continues and I think it’s important that we keep that in mind. At the end of the day, I know I haven’t been a former government official, we can spend a lot of time arguing about words in a room, but at the end of the day, this is about getting people connected and getting people to do the things that you’re doing and to do that. I found the poll really interesting actually and it was kind of cool. To answer your specific question, I think as I said, the process that’s unfolding throughout the rest of the calendar year, the co-facilitators so far have been making great efforts to give people the space to have a say. So they had a stakeholder session, they had this elements paper they put out, the comments for that are due July 15th. I cannot believe that something has happened so quickly in the UN system, but I think when I listened to the government stakeholder session, there was a proposal made from the EU that was originally a Swiss proposal for the creation of an informal stakeholder, informal multi-stakeholder feedback group of some kind. I’ll get the exact name wrong. And that was just a few weeks ago and they’ve already announced they’re doing it. I literally have never seen something happen that fast. So that means that there’s going to be a group of stakeholders that the co-facilitators are going to run things past, I guess, and get input from. So once that group gets announced, I would also encourage people to find the people in your stakeholder group that are on that because I think talking to those people can be helpful. Also talking to your individual government back at home to understand what they’re doing and how they’re going to participate and how you can inform their process is equally as important. But I am more optimistic than I was last year that it looks like in this year’s process there’s going to be opportunities for you to provide your own input, whether it’s online or whether it’s through written submissions or whether it’s through working with like-minded groups and doing others. So I would encourage everyone to take advantage of that and keep pushing for more, because if you don’t push, it doesn’t happen. So don’t accept the status quo and push for more, but you have to show up and you have to actually show up and participate. So I would encourage everyone that cares about these issues to take advantage and to do that at all the events that are going to unfold over the course of the year.

Theresa Swinehart: It’s a really good point not to take it for granted. It took a lot of work by a lot of governments and a lot of stakeholders to get to this point, so take advantage and don’t miss these opportunities and let’s keep that going. Lacina, as we approach the final phase of the WSIS Plus 20 review and what’s most pressing with regards to infrastructure policy gaps that should still be addressed, particularly from your perspective and from the regional development and digital development and coordination in Africa, you touched on some really core operational aspects in your introductory remarks, so we’d love to hear a little bit more around that.

Lacina Kone: Thank you very much, Theresa. The WSIS 20, if I need to really look at the most pressing regional infrastructure and policy gap that the WSIS 20 should be addressing, first of all, if I had to rewind the tape back in 1999 when the WSIS was being created, when they talk about connectivity, I would have said meaningful connectivity, because the connectivity led us to affordability challenge as well in Africa. So the WSIS 20 really must address four persistent gaps that constrain Africa’s digital future, which is meaningful connectivity, regulations, skills and sovereignty. I will start with meaningful connectivity. Too many African countries still depend on external routes. for local internet traffic. We must complete the regional backbone, increase IXPs, very important, and reinforce initiatives like the Smart Africa Backbone that require every single country to be connected, at least two of its neighbors, and as well as the One Africa Network. Not only that, we must focus also on affordability, because today, if you look at usage gap today in Africa is over 40%, which means the infrastructure of telecommunication is available, but people are not using it for four reasons. One, affordability. Two, local context. Three, capacity building, because they don’t really understand. Four, cyber hygiene. So I’m going to move to number two, regulatory harmonization. Africa has over 50 digital law, but little interoperability, and I was very surprised in the poll, you know, we had a very few, like a 10% only, but interoperability. So investors and innovators, they need clarity. No one’s like unpredictability. So the WSIS 20 plus 20 should champion continental legal conversions through agile, right-based framework aligned with Africa’s internet governance blueprint. Number three, capacity and inclusion. Less than 10% of adults in several countries in Africa possess basic digital skills. And now, we have now, it’s not enough to be digitally savvy, but you could also be AI ignorant. That’s the reality. Absolutely, you could be a PhD, but if you’re not adapted to AI, we have another gap. So AI gap. So through Smart Africa Digital Academy and the Smart Africa Scholarship Funds, we are investing in both grassroots literacy and high-level technical training, including AI, cyber security, and quantum readiness. Number four, and the last one, which is a sovereignty and institutional coordination. Africa must govern its data, digital assets, initiatives like a Smart Africa Trust Alliance and the Council of Africa Internet Governance Authority, CAIG. Mbenga are essential to asserting regional leadership and ensuring that global governance reflects African reality. WSIS 20-plus must not only review past gaps but equip regions like Africa to co-lead the next decade of digital governance, inclusive, secure and sovereign. Thank you.

Theresa Swinehart: Thank you so much. I love your four very concrete areas. That’s really very thoughtful and also a good way to go into the conversations. Kurtis, what contributions should the technical community bring forward, whether through data case studies or coordination examples to ensure that the WSIS 20-plus outcome reflects how the internet actually works?

Kurtis Lindqvist: We often talk about the IGF and the WSIS 20-plus and what has been achieved. Hidden in that I think we forget quite a bit of what actually has been achieved, all the success stories. And I think maybe to what my colleagues here just referred to about the pole and the lack of engagement in the need for global standards, maybe we’ve just been a little bit too successful because the internet has been a phenomenal success because it’s built on the existing global standards that have been produced through multi-stakeholder processes and we’re taking it for granted. And I think that’s a success story that maybe we should talk more about, is that the reason you can do that is exactly because of the global interoperable standards that enables this. And the flip side of that is that it also makes us to a large extent forget what happens when the opposite occurs, when we see fragmentation and we see how we devalue the access to the internet. But having that fragmentation, by having silos, which is something that we actually built away from. I’m old enough to have been here before that and then what we saw before that. And when we had the silos and the internet unified this and created a much more valuable network for everyone that allowed all this digital economy to flourish, built upon these standards. And I think that we also forget about the work in the multi-stakeholder model and WSIS 20 outcomes have operationally meant in what we have deployed with this. We talked about the underserved regions, and we have seen a lot of build-up with IXPs as the Director General mentioned. Africa has seen a phenomenal explosion in IXPs in the last 20 years. That doesn’t mean there is more to be done, but we have also come quite a far way, and the rest of the world as well. We have seen root server instances. One of the things we talked about in the early IGFs was how do we build a more resilient and better infrastructure in underserved regions. In doing so, we have deployed literally thousands of root server instances around the world to make sure that the Internet is stable, better, more secure in those regions. ICANN is one of these operators, and there is today almost 2,000 of these instances around the world. We operate 240 of them in 70 countries. We can show how this has improved performance where we saw, for example, one of the data points we have is when we deployed this in Egypt, how traffic became much more localized. The same that we have seen as IXPs has been deployed, we see traffic becoming localized, both for benefit of resilience and security of the network, but also for improved user performance and again, stimulating the local economy. For all of the G7 countries and also for any other country, by the way, this infrastructure really matters, and this has been a showcase of what we have established so far. As we heard, there is more that can be done, but we tend to forget what we have also achieved. This has really improved how the Internet works. As I mentioned before, the multilingual support and universal access work has come a very far way. Again, there is much more to do, but this has come out. We should celebrate these success stories and actually highlight this, what we have done. We at ICANN together with Internet Society produced the footprints of the 20 years of the IGF, which is a paper that really summarizes all this achievement that the technical community, that business has delivered over these years. I think that we have maybe not done enough of reflecting on our own successes and talk about this. Saying that, I also think what we should bring with us in this and for the forward is that language matters and having clarity in language is very important. We hear talk about sovereignty or control, which are two words that can mean very different things to different people. If I hear them or someone hears them, they probably believe that we are talking about fragmentation. To others, these might be words that have other meanings, but we have to be clear on what we are trying to achieve, what was the ultimate goal and what are the risks and we break this. The technical community has since before IGF in the early business process been engaged to provide the input and safeguards to explain what the consequences are of decisions to ensure that we can prevent a breakage or siloing or fragmentation of exactly the Internet values that really create this value creation and provided all this economic growth over the last 20 years. and we really need to reinforce this success record and showcase that it is these fundamental principles that the technical community have highlighted, safeguarded and provided the understanding of over 20 years that is at the core of this and continues to provide a value and we need to continue to make these points all between now and December and really really reiterate how important these are for the success of the internet in the future just like it’s been for the last past 20 years.

Yu Ping Chan: Thank you. I think those are some really concrete examples of where we can actually share those stories. Yuping, I know that you had wanted to also offer your thoughts for this so please go ahead. I asked Teresa to give me the floor because I’m going to take off my UNDP hat and sort of say this as a former diplomat at the UN hat. I think there’s a big gap and forgive me all the other MFA diplomats in the room that are from New York. There’s a big gap between the New York community and those of us gathered in the room that have been working on these issues for a long time. There is a tendency when you put resolutions to the General Assembly to oversimplify, to stick in compromised language where you don’t really understand the implications of what the language means and then to really put a political context on terms that are otherwise accepted or actually understood by the technical community. So for instance Curtis mentioned sovereignty and control. In the UN context that has a very loaded meaning and even the use of those terms would actually be debated and some shadows seen into the use of that terminology that could then have implications in terms of the negotiations. So my appeal to all of the stakeholders that are really engaging in this conversation and I really applaud the fact that there have been so many good concrete ideas that we are all united behind in bringing forward to the WSIS review is to keep it clear, simple, actionable when it comes to the UN processes to word it in language that diplomats are already using so that they understand certain things. So the reason why for instance capacity building drew such a high vote is because that is the language that is now pervasive in the UN when it comes to sustainable development and really equipping countries of the global majority to have that kind of ability. So really I think the way we’re starting to frame this conversation into what appeals to the countries of the world in a united collective effort around digital versus sort of taking an approach that might be seen as a little bit more divisive is very important. I would also say that there seems to be a tendency to write off the WSIS as being dusty, out of date, that we have new developments now that must supersede the WSIS but precisely as Fiona said the fact that we’re still here talking about capacity building 20 years on is a testament to how enduring these principles are and what I think we need to make clear is that in the next 20 years going forward these foundations remain as valid as in the past today and going forward as well. I would say, and this way I put back on my UN agency hat and say that a lot of you are aware of the conversations around the UN system where it’s a very difficult time for all of us and in this moment of difficulty I think the greater guidance you can give to the system to double down on what has worked to focus on delivery and impact particularly for the communities that we serve is important and so like that would be my ask to you as UN agency so for instance very concretely sort of following my own recommendation to be clear and simple in the elements paper that the WSIS co-facilitators have put forward there is no reference to the high-level segment of the WSIS forum that’s occurring very soon in a couple of weeks that to us UN agencies ITU, UNDP, UNESCO, UNCTAD has been a cornerstone of the success of the WSIS action line so we would ask that this be reflected again in the WSIS review in the elements paper as well so very concrete recommendations to how the UN system should continue implementing these areas of work and the guidance from member states will be particularly important.

Theresa Swinehart: Thank you so much that almost led into the closing part but I don’t want to skip the opportunity to open it very briefly if there’s any questions from the audience and Becky I don’t know if you have anybody in the zoom room or anybody wants to have a question or their own observations about what would be useful no okay should I jump to the closing yeah we can we can jump to closing okay okay so we’re not closing yet we’re not letting our panelists loose but Yoping had sort of kicked it off a little bit but I’m going to ask each panelist to offer one specific step their community should take to help shape a globally useful outcome of the WSIS plus 20. Now by useful it could be anything practical, pragmatic, anything that they think is useful. We’ve already heard conversations not in New York are often different than conversations outside of New York so those are some examples practical solutions but to the panelists for the audience if you want them to walk away with one action and one thing what would it be and so I’m going to turn to you first from a government perspective. Well I’ll start with you Jarno.

UNKNOWN: I think it’s important for us to think about what it is that we’re doing and how we’re doing it and how we’re doing it and how we’re doing it Well, obviously I have to focus on the political aspects then. Of course, yes. I think a major challenge in this process is how to maintain digital development inclusive from the regional level to the global level as well as to maintain the development orientation of technology and its focus on human rights also.

Jarno Suruela: This is a key challenge which all stakeholders need to address.

Theresa Swinehart: Thank you. I hope everybody heard that and wrote it down. Fiona, over to you. What would you take as an action for everybody?

Fiona Alexander: Sure. I think there are lots of different things we could all point to. But if I’m looking for one very specific thing, I think I would say to people in different stakeholder groups that they should continue to demand their seat at the table. That means you have to actually show up when you get the seat. And I think that we’ve seen some progress this year. Probably still not enough, but some small steps. So we should acknowledge that and we should show up and we should take advantage of it and we should continue to push to see the really truly multi-stakeholder environment that we want to see.

Theresa Swinehart: Thank you. Kurtis, from the technical side.

Kurtis Lindqvist: I think the technical community really must continue to contribute evidence and tangible implementation, coordination outcomes and data that shows what has worked. That’s really our responsibility to bring to the table. And this can’t happen in isolation, as you just heard. The governments and civil society needs to bring their inputs forward rooted in the experiences and not just declarations to bring these tangible examples of what works. And I think this is something that will only succeed if the outcomes reflect the systems that are already making the Internet works. And we don’t need new structures. We need continued collaboration and a clear commitment to the model that has actually delivered.

Theresa Swinehart: Thank you. I think those are really, we need to show that very carefully. Yuping, you shared some observations, but I suspect you might have some more.

Yu Ping Chan: This is a tricky moment for me, because on behalf of the UN system, we have to reiterate the fact that we are guided by the member states. And so just looking to the member states, but also asking that the member states listen to the stakeholder community. Because, again, I’ve said this before, I said this, I think, in a number of discussions before, multistakeholderism is not natural to the UN system itself. It is a multilateral organization, but multistakeholderism, the way it’s been developed in 20 years and the way we do discussions here at the IGF, is not the way how New York does things and perhaps New York needs to adapt to that, but exactly as Fiona says, showing up, saying this and demanding that amount of accountability for this over and over again is how we make the changes. Again, truly, the fact that we now have these changes in the way the WSISCO facilitators are approaching multistakeholderism is a testament to the fact that many people have showed up through the GDC process and now are showing up more and more than ever before.

Theresa Swinehart: Thank you. And Lacina, from your perspective?

Lacina Kone: From my perspective, multipolarity is a geopolitical fact of our time, undeniable and irreversible, but multilateralism is a choice. It is a conscious decision to cooperate across divide, to build trust among ourselves and to shape a fairer global order, not despite our differences, but because of them.

Theresa Swinehart: That’s very well said. Thank you. Thank you. Not only is the light flashing red, so I’m being told it needs to sort of call it a wrap, but we’ve heard a wide range of perspectives and observations of what has been transformative over the past 20 years, but also where we have gaps and where we need to go. The question we were going to pose to you or comments to seek would be what would help you and your organization in WSIS Plus 20 before December. So I would ask that you walk away from this conversation thinking about that. Encourage you to sign up for different things to help inform or get materials. For example, we have a WSIS Plus 20 outreach mailing list with updates. Everybody’s sharing different information. There’s also other dialogues happening. Engage in those. Provide your input and provide your data. And as has been reiterated here, the process is open. Take those opportunities and engage and participate. Share your stories, share your observations, where you’ve seen pragmatic results, but also where there’s gaps and where we can work to improve things. So with that, I would thank everybody for joining and participating, and let’s make the WSIS Plus 20 a successful conversation and outcome. So thank you, everybody. Thank you.

Yu Ping Chan

Speech speed

206 words per minute

Speech length

Action Steps and Recommendations

Topics

Legal and regulatory | Development

Agreed with

– Fiona Alexander

Agreed on

Stakeholders must actively participate and demand their seat at the table

Jarno Suruela

Speech speed

113 words per minute

Speech length

Agreed on

Multi-stakeholder approach is fundamental to WSIS success and must be preserved

IGF needs a more sustainable financial basis from the regular UN budget for its global inclusive efforts

Explanation

Suruela advocates for securing more stable funding for the IGF through the regular UN budget rather than relying on voluntary contributions. He argues that such a global, inclusive effort deserves and needs sustainable financial support to continue its important work.

Evidence

Reference to Finland being one of the all-time top contributors to IGF and encouragement for other actors to step up their support

Major discussion point

IGF Sustainability and Future

Topics

Legal and regulatory | Development

The challenge is maintaining digital development inclusivity from regional to global levels while focusing on human rights

Explanation

Suruela identifies the key challenge as ensuring that digital development remains inclusive across all levels from regional to global while maintaining a focus on human rights principles. He emphasizes the need to keep technology development oriented toward human rights and democratic values.

Evidence

Reference to developing new technologies and the internet by respecting democratic values and principles, and maintaining development orientation of technology with focus on human rights

Major discussion point

Action Steps and Recommendations

Topics

Development | Human rights

Fiona Alexander

Speech speed

208 words per minute

Speech length

1376 words

Speech time

396 seconds

The New York UN systems are not as open as expert agencies, creating challenges for stakeholder participation

Explanation

Alexander points out that the UN systems in New York are significantly less open to multi-stakeholder participation compared to expert agencies like UNDP or ITU. She notes that while these expert agencies have made efforts to become more inclusive over the past 20 years, the New York systems have not evolved similarly, as evidenced in the Global Digital Compact process.

Evidence

Agreed with

– Yu Ping Chan

Agreed on

Stakeholders must actively participate and demand their seat at the table

Kurtis Lindqvist

Speech speed

166 words per minute

Speech length

Action Steps and Recommendations

Topics

Infrastructure | Legal and regulatory

Lacina Kone

Speech speed

132 words per minute

Speech length

Regional Development and Digital Divide

Topics

Development | Sociocultural

Agreed with

– Yu Ping Chan
– Jarno Suruela
– Fiona Alexander

Agreed on

Multi-stakeholder approach is fundamental to WSIS success and must be preserved

Four persistent gaps constrain Africa’s digital future: meaningful connectivity, regulatory harmonization, skills development, and digital sovereignty

Explanation

Kone identifies four critical areas that WSIS Plus 20 must address for Africa’s digital advancement. These include moving beyond basic connectivity to meaningful access, harmonizing the continent’s fragmented regulatory landscape, addressing massive digital skills gaps, and ensuring African control over digital assets and governance.

Evidence

Multipolarity is a geopolitical fact, but multilateralism is a conscious choice to cooperate and build trust

Explanation

Kone makes a philosophical distinction between the inevitable reality of a multipolar world and the deliberate decision to engage in multilateral cooperation. He argues that multilateralism represents a conscious commitment to work across differences to create a fairer global order that embraces rather than despite diversity.

Major discussion point

Action Steps and Recommendations

Topics

Legal and regulatory | Development

Theresa Swinehart

Speech speed

149 words per minute

Speech length

Action Steps and Recommendations

Topics

Legal and regulatory | Development

UNKNOWN

Speech speed

161 words per minute

Speech length

84 words

Speech time

31 seconds

Focus should be on political aspects and maintaining digital development inclusivity from regional to global levels

Explanation

The unknown speaker emphasizes the importance of political considerations in the WSIS process and highlights the challenge of ensuring digital development remains inclusive across all levels from regional to global. They stress the need to maintain a development orientation that focuses on human rights principles.

Evidence

Reference to focusing on political aspects and maintaining digital development inclusive from regional to global level with focus on human rights

Major discussion point

Action Steps and Recommendations

Topics

Development | Human rights | Legal and regulatory

Agreements

Agreement points

Multi-stakeholder approach is fundamental to WSIS success and must be preserved

Speakers

– Yu Ping Chan
– Jarno Suruela
– Fiona Alexander
– Lacina Kone

Legal and regulatory | Development

Unexpected consensus

Technical standards and interoperability may be working better than expected

Speakers

– Kurtis Lindqvist
– Audience poll results

Arguments

Internationalized Domain Names (IDNs) have evolved to support non-Latin scripts, improving linguistic accessibility

Poll results showing low priority for open technical standards and cross-border interoperability (0% online, minimal room response)

Explanation

The low poll response for technical standards support suggests that 20 years of WSIS work may have been successful in this area, with Lindqvist noting that success might make people take global standards for granted. This represents unexpected consensus that technical interoperability challenges have been largely addressed

Topics

Infrastructure | Sociocultural

Capacity building emerged as the highest priority across all stakeholder groups

Speakers

– All speakers
– Poll participants

Arguments

Poll results showing capacity building in under-resourced regions as top priority (41% online)

Less than 10% of adults in several African countries possess basic digital skills, with new AI literacy gaps emerging

Digital divide addressing is crucial for getting back on track with Agenda 2030 and SDG targets

Explanation

Despite different backgrounds and perspectives, there was unexpected unanimous agreement that capacity building remains the most critical need, suggesting this foundational WSIS principle from 1998 remains as relevant today as it was 20 years ago

Topics

Development | Sociocultural

Overall assessment

Summary

The speakers demonstrated strong consensus on core WSIS principles including multi-stakeholder governance, the importance of addressing digital divides, the need for active stakeholder participation, and the critical role of capacity building. There was also agreement on procedural challenges, particularly around language barriers between technical and diplomatic communities.

Consensus level

High level of consensus on fundamental principles with constructive alignment on implementation challenges. The agreement spans across different stakeholder groups (government, technical community, civil society, international organizations) and suggests a mature understanding of both achievements and remaining gaps after 20 years of WSIS implementation. This strong consensus provides a solid foundation for the WSIS Plus 20 negotiations, though speakers acknowledge that maintaining multi-stakeholder openness will require continued vigilance and active participation.

Differences

Different viewpoints

Terminology and language interpretation in UN processes

Speakers

– Yu Ping Chan
– Kurtis Lindqvist

Arguments

There’s a significant gap between the New York diplomatic community and technical communities working on these issues

Language matters in UN processes, with terms like ‘sovereignty’ and ‘control’ having different meanings to different communities

Summary

Both speakers identify language as a challenge but from different perspectives – Yu Ping Chan focuses on the gap between diplomatic and technical communities and recommends using diplomatic language, while Lindqvist warns that technical communities may interpret certain terms (like sovereignty/control) as suggesting fragmentation

Topics

Legal and regulatory

Unexpected differences

Limited disagreement on technical standards priority

Speakers

– Kurtis Lindqvist
– Poll results

Arguments

Technical community must continue providing evidence and tangible implementation data showing what works

Explanation

Lindqvist expressed surprise that the poll showed low interest in ‘open technical standards and cross-border interoperability’ (0% online, minimal in-room), suggesting this might indicate success rather than lack of importance. This represents an unexpected disconnect between technical community priorities and audience perception

Topics

Infrastructure | Legal and regulatory

Overall assessment

Summary

The discussion showed remarkable consensus on major issues including the importance of multi-stakeholder engagement, need for inclusive processes, digital divide challenges, and IGF sustainability. The primary areas of difference were tactical rather than strategic – focusing on how to communicate effectively with different audiences and how to work within existing UN systems.

Disagreement level

Very low level of substantive disagreement. The speakers demonstrated strong alignment on fundamental principles and goals, with differences mainly in emphasis, approach, and tactical considerations. This high level of consensus suggests a mature, collaborative stakeholder community but may also indicate potential groupthink or lack of diverse perspectives that could strengthen the WSIS Plus 20 process.

Partial agreements

Legal and regulatory | Development

Takeaways

Key takeaways

WSIS Plus 20 represents a critical juncture for internet governance, with decisions potentially affecting the next decade of digital policy and the continuation of the IGF

Multi-stakeholder engagement remains fundamental to WSIS success, but there’s a significant gap between New York UN diplomatic processes and technical communities that needs bridging

Technical infrastructure has seen remarkable success over 20 years (DNSSEC, IDNs, IXPs, root servers), demonstrating the effectiveness of multi-stakeholder cooperation

Digital capacity building in under-resourced regions emerged as the highest priority need, reflecting the persistent digital divide affecting 2.6 billion people

Regional ownership and coordination, particularly demonstrated by Smart Africa’s continental approach, proves effective when rooted in local needs

Language and communication clarity is crucial in UN processes, as technical terms can be misinterpreted in political contexts

The Global Digital Compact and WSIS are complementary frameworks that should be implemented together

Success stories from the past 20 years should be celebrated and used as evidence for continued multi-stakeholder approaches

Resolutions and action items

Stakeholders should provide input to the WSIS Plus 20 elements paper by the July 15th deadline

Technical community must continue providing concrete evidence and implementation data showing what works

All stakeholder groups should engage with the informal multi-stakeholder feedback group being established by co-facilitators

Organizations should sign up for WSIS Plus 20 outreach mailing lists and participate in upcoming consultations

Stakeholders should engage with their national governments to inform their WSIS Plus 20 positions

Communities should participate in upcoming events including the high-level WSIS event in Geneva

Stakeholders must continue to demand and show up for their seat at the table in UN processes

Regional organizations should share concrete success stories and operational examples

Technical community should highlight fundamental principles that have enabled internet success over 20 years

Unresolved issues

Sustainable funding for the IGF from the regular UN budget remains uncertain pending December negotiations

The scope and effectiveness of the informal multi-stakeholder feedback group has not been fully defined

Timing and content of the Secretary-General’s report to member states remains unclear

How to effectively bridge the communication gap between New York diplomatic processes and technical communities

Whether WSIS action lines will be updated to reflect current digital developments and the Global Digital Compact

How to ensure meaningful participation from underrepresented regions in the final negotiations

The specific language and commitments that will be included in the December resolution

How to operationalize the complementary relationship between WSIS and the Global Digital Compact

Suggested compromises

Use clear, simple, actionable language that diplomats already understand to avoid technical terms being misinterpreted in political contexts

Frame digital governance conversations around capacity building and sustainable development language that appeals to the global majority of countries

Build on existing successful frameworks rather than creating entirely new structures

Maintain the multi-stakeholder model while adapting it to work better within traditional UN multilateral processes

Focus on concrete, evidence-based examples of what works rather than abstract declarations

This challenged the typical narrative of developing regions as passive recipients of digital development by presenting Africa as an active coordinator of its own digital transformation. It demonstrated how regional coordination can create leverage and move beyond aspirational policies to concrete implementation.

Impact

This shifted the conversation from discussing gaps in underserved regions to showcasing successful regional coordination models. It influenced how other panelists discussed regional development and provided concrete examples of multi-stakeholder cooperation working at scale.

Overall assessment

Speakers

Knowledge graph

In-depth analysis

Session at a glance

Summary

This discussion focused on the human rights implications of using Large Language Models (LLMs) for content moderation on social media platforms and digital services. The panel, featuring experts from the European Center for Nonprofit Law, Digital Trust and Safety Partnership, Center for Democracy and Technology, and Access Now, examined both the potential benefits and significant risks of deploying LLMs in automated content moderation systems.

The conversation highlighted how LLMs represent a concentration of power, with a handful of companies developing foundation models that are then deployed by smaller platforms, creating a cascading effect where moderation decisions made at the foundation level impact content across multiple platforms. While LLMs offer some advantages over traditional automated systems, including better contextual understanding and improved accuracy, they also pose serious risks to human rights, particularly freedom of expression, privacy, and non-discrimination.

A critical issue discussed was the disparity between high-resource languages like English and low-resource languages, with multilingual LLMs performing poorly for languages with limited training data. This creates significant inequities in content moderation, as demonstrated by examples from the Middle East and North Africa region, where Arabic content faces over-moderation while hate speech in Hebrew was under-moderated due to lack of appropriate classifiers.

The panelists shared concerning real-world examples, including the misclassification of Al-Aqsa Mosque as a terrorist organization and the wrongful detention of a Palestinian construction worker based on Facebook’s mistranslation. These cases illustrate how LLM errors can have severe consequences for marginalized communities, particularly during times of crisis when platforms tend to rely more heavily on automation.

The discussion emphasized the need for greater community involvement in LLM development, mandatory human rights impact assessments, and more transparency from platforms about their use of these technologies.

Keypoints

## Major Discussion Points:

– **Concentration of Power in LLM Development**: The discussion highlighted how a handful of companies (like those behind ChatGPT, Claude, Gemini, Llama) develop foundation models that are then used by smaller platforms, creating a concerning concentration of power where decisions made at the foundation level (such as defining Palestinian content as terrorist content) automatically trickle down to all deploying platforms.

– **Language Inequities and Low-Resource Languages**: A significant focus was placed on how LLMs perform poorly for “low-resource languages” (languages with limited textual data available for training), creating disparities where content moderation works well for English and other high-resource languages but fails for languages like Swahili, Tamil, Quechua, and various Arabic dialects, despite these being spoken by millions of people.

– **Real-World Harms in Content Moderation**: The panel extensively discussed concrete examples of LLM failures, particularly in the Middle East and North Africa region, including cases where Arabic content was over-moderated while Hebrew hate speech was under-moderated, mistranslations leading to false terrorism accusations, and aggressive automated removal of Palestinian content during crises.

– **Technical Limitations and Trade-offs**: The discussion covered inherent technical challenges including the precision vs. recall trade-off (accuracy vs. comprehensive coverage), hallucinations where LLMs confidently provide wrong information, and the particular vulnerability of LLMs when dealing with novel situations not well-represented in their training data.

– **Community Involvement and Alternative Approaches**: The conversation emphasized the need for meaningful community engagement throughout the AI development lifecycle, highlighting emerging community-led initiatives in the Global South that focus on culturally-informed, decentralized models as alternatives to the current concentrated approach.

## Overall Purpose:

The discussion aimed to provide a comprehensive analysis of the human rights implications of using Large Language Models (LLMs) for content moderation on social media platforms. The panel sought to bridge technical understanding with real-world societal impacts, moving beyond AI hype to document actual harms while also exploring potential solutions and alternative approaches that could better respect human rights and community needs.

## Overall Tone:

The discussion maintained a consistently serious and concerned tone throughout, with speakers demonstrating deep expertise while expressing genuine alarm about current practices. The tone was analytical rather than alarmist, with panelists providing concrete evidence and examples to support their concerns. While the conversation acknowledged some potential benefits of LLMs, the overall sentiment was cautionary, emphasizing the urgent need for better oversight, community involvement, and human rights protections. The tone remained constructive, with speakers offering specific recommendations and highlighting promising alternative approaches, suggesting a path forward despite the significant challenges identified.

Speakers

– **Marlene Owizniak**: Leads the technology team at the European Center for Nonprofit Law (ECNL), a human rights and civic space organization; based in San Francisco

– **David Sullivan**: Executive Director of the Digital Trust and Safety Partnership (DTSP), which brings together companies providing digital products and services around trust and safety best practices

– **Dhanaraj Thakur**: Research Director at the Center for Democracy and Technology (CDT), a nonprofit tech policy advocacy group based in Washington, D.C. and Brussels; expertise in content moderation and multilingual AI systems

– **Panelist 1**: Marwa Fatafta, MENA (Middle East and North Africa) policy and advocacy director at Access Now; expertise in regional content moderation issues and human rights impacts

– **Audience**: Multiple audience members including:

– Balthazar from University College London

– Someone from the Internet Architecture Board in the IETF (Internet Engineering Task Force)

– Professor Julia Hornley, Professor of Internet Law at Queen Mary University of London

**Additional speakers:**

None identified beyond those in the speakers names list.

Full session report

# Human Rights Implications of Large Language Models in Content Moderation: Panel Discussion Report

## Introduction and Context

This panel discussion examined the intersection of artificial intelligence and human rights in digital content moderation. The conversation featured Marlene Owizniak from the European Center for Nonprofit Law (ECNL), David Sullivan from the Digital Trust and Safety Partnership (DTSP), Dhanaraj Thakur from the Center for Democracy and Technology (CDT), and Marwa Fatafta from Access Now.

The discussion addressed how the deployment of Large Language Models (LLMs) for automated content moderation affects fundamental human rights, particularly freedom of expression, privacy, and non-discrimination. The panelists grounded their analysis in documented real-world harms and systemic inequities already emerging from current LLM implementations.

## The Concentration of Power Problem

### Foundation Models and Cascading Effects

Marlene Owizniak highlighted the unprecedented concentration of power in LLM development, explaining how “a handful of companies” developing foundation models like ChatGPT, Claude, Gemini, and Llama create a cascading effect where “any kind of decision made at the foundation level, let’s say, defining Palestinian content as terrorist content will then also trickle down to the deployer level unless it’s explicitly fine-tuned.”

This structural issue creates what Owizniak described as “even more homogeneity of speech” than previous systems. Unlike traditional platforms where individual companies made independent moderation decisions, the current LLM ecosystem concentrates unprecedented power in foundation model developers.

### Demystifying AI Technology

Owizniak provided crucial context by demystifying LLM technology, noting that “AI is neither artificial nor intelligent. It uses a lot of infrastructure, a lot of hardware, and it’s mostly guesstimates.” She characterised LLMs as “basically statistics on steroids” rather than divine intelligence, connecting their technical limitations to their concentrated ownership structure.

## Language Inequities and Systematic Discrimination

### The Low-Resource Language Crisis

Dhanaraj Thakur provided extensive analysis of how language inequities create systematic discrimination in LLM-based content moderation. He explained the concept of “low-resource languages” – languages with limited textual data available for training – and how this creates severe disparities in system performance. Despite languages like Swahili, Tamil, and Quechua being spoken by millions of people, they receive inadequate representation in training datasets compared to “high-resource languages” like English.

The consequences are severe: speakers of low-resource languages experience “longer moderation times, unjust content removal, and shadow banning” compared to English-language users. These represent systematic digital discrimination that mirrors and amplifies existing global inequalities.

### Complex Linguistic Challenges

Thakur introduced the concept of “diglossia” – situations where communities use two languages with different social functions, often reflecting colonial power structures. He explained how “in many of these languages, particularly in those that have gone through the colonial experience, there’s a combined use of two languages” where one represents power whilst the other serves mundane functions.

This analysis raised questions about whether LLM development might “replicate or exacerbate this kind of power dynamics between these two languages,” connecting historical colonialism to contemporary AI systems. Additional challenges include code-switching (mixing languages within conversations) and agglutinative language structures that don’t conform to English-based training assumptions.

### Regional Case Studies from MENA

Marwa Fatafta provided concrete examples from the Middle East and North Africa region, documenting systematic disparities where “there were no Hebrew classifiers to moderate hate speech in Hebrew language, but they were such for Arabic.” This had severe consequences during periods of heightened conflict, with Arabic content facing over-moderation whilst Hebrew hate speech remained undetected.

Fatafta described how “removing terrorist content in Arabic got it wrongly 77% of the time,” whilst critical infrastructure like Al-Aqsa Mosque was mislabelled as a terrorist organisation during sensitive periods. She also recounted cases where Facebook’s mistranslation led to false terrorism accusations, including a Palestinian construction worker who was wrongfully detained after the platform mistranslated his Arabic post about “attacking” his work (meaning going to work) as a terrorist threat.

## Crisis Response and Over-Moderation

Fatafta observed that “companies tend to over rely on automation around times of crises” and “are willing to sacrifice accuracy in the decisions, as long as we try to catch as large amounts of content as possible.” She noted that Meta lowered confidence thresholds from 85% to 25% for Arabic content during crisis periods, leading to what she described as “mass censorship of legitimate content.”

This approach is particularly harmful because crises are precisely when marginalised communities most need access to communication platforms for safety, coordination, and documentation of human rights violations.

## Technical Capabilities and Limitations

### Potential Benefits and Applications

David Sullivan provided the industry perspective, identifying areas where LLMs might improve current systems: enhancing risk assessments, improving policy development consultation, and augmenting rather than replacing human review. He noted the potential for “generative AI to improve explainability of content moderation decisions and provide better context to users.”

Sullivan emphasised that effective deployment requires understanding LLMs as tools that “augment human review rather than replace it” and referenced the ROOST (Robust Open Online Safety Tooling) project as an example of collaborative safety initiatives.

### Fundamental Technical Constraints

However, Sullivan was candid about technical limitations, explaining that “models struggle with novel challenges not adequately represented in training data” and highlighting the persistent issue of hallucinations where LLMs “confidently provide wrong information.”

He explained the precision versus recall trade-off that remains central to all content moderation systems: emphasising precision (accuracy) means missing harmful content, whilst emphasising recall (comprehensive coverage) means removing legitimate content. LLMs don’t eliminate this trade-off but may shift where the balance point lies.

### Structural Incompatibilities with Democratic Rights

Owizniak highlighted structural incompatibilities with democratic rights, explaining that “even the best intentioned platforms will make errors just because this is content that falls outside of data sets and the bell curve. It is, by definition, exceptional or contrarian.”

She noted that organisations working on “protests, civic space, assembly and association” deal with content that is “by default, contrarian, minority, anti-power, protest.” Statistical systems trained on mainstream content will systematically struggle with such material.

## Community Engagement and Alternative Approaches

### Current Inadequacies

Thakur noted that “social media companies lack awareness of local LLM developers and researchers,” missing opportunities for partnerships that could improve system performance for underserved languages and communities.

Owizniak outlined ECNL’s work developing “a framework for meaningful engagement” that involves stakeholders “from AI design stage through deployment,” including their current Discord partnership pilot project. She emphasised the need for involvement in reinforcement learning and human feedback processes rather than relying solely on what she termed “Silicon Valley experts.”

### Community-Led Alternatives

Thakur described efforts to develop “culturally-informed, decentralised models as alternatives to the current concentrated approach.” These initiatives focus on community ownership of both data and classification systems, representing a fundamental alternative to the centralised foundation model approach.

## ECNL’s Research Methodology

Owizniak described ECNL’s comprehensive research approach, which involved “reading 200+ computer science papers” and conducting human rights legal analysis to understand the implications of LLM deployment in content moderation. This methodology combines technical understanding with human rights expertise to provide grounded analysis of current harms.

## Regulatory and Governance Solutions

### Human Rights Impact Assessments

Fatafta advocated for “mandatory human rights impact assessments throughout the AI development lifecycle,” moving beyond voluntary corporate initiatives to regulatory requirements. She referenced BSR human rights due diligence findings regarding Meta’s content moderation practices as evidence of the need for systematic evaluation.

### Transparency and Accountability

Owizniak emphasised the need for greater transparency about “when and how LLMs are used in content moderation.” Current opacity makes it impossible for researchers, civil society, and affected communities to assess system performance or advocate for improvements.

### Alternative Moderation Models

Thakur highlighted “different moderation models beyond centralized approaches, including community-based solutions” that could provide more culturally appropriate and contextually sensitive content governance.

## Audience Engagement

The discussion included questions from academic participants, including Professor Julia Hornley from Queen Mary University of London, who raised concerns about whether community-based approaches could handle the sophisticated legal analysis that content moderation often requires. An audience member from University College London asked about government and civil society influence on technical design decisions.

## Conclusion

This panel discussion revealed the complexity and urgency of human rights challenges posed by LLM-based content moderation. While the technology offers some potential benefits over traditional automated systems, it also creates new forms of systematic discrimination and concentrates unprecedented power in foundation model developers.

The conversation moved beyond both uncritical AI optimism and complete technological pessimism to provide nuanced analysis grounded in documented harms. The speakers demonstrated how seemingly technical decisions about training data, confidence thresholds, and language support embed political choices with severe consequences for marginalised communities.

The discussion highlighted the need for meaningful community engagement, mandatory human rights assessments, and greater transparency in how LLMs are deployed for content moderation. All speakers agreed that human involvement remains essential and that current voluntary approaches to addressing these challenges are inadequate.

The path forward requires sustained collaboration between technologists, human rights advocates, affected communities, and policymakers to ensure that content moderation systems serve human rights rather than undermining them.

Session transcript

Marlene Owizniak: LLM’s and calling us online, Shen. It’s great to see you all here in person and welcome to the folks joining us online. My name is Marlene Owizniak. I lead the technology team at the European Center for Nonprofit Law, a human rights and civic space organization, mostly based in Europe, but we operate worldwide and I myself am based in San Francisco. I’m really thrilled to be here today with my esteemed panelists, from right to left, David Sullivan, executive director of the DTSP, what is his hand for again? Digital Trust and Safety Partnership. Yes. It’s a lengthy acronym. And David can share 30 seconds of what it is later. Dan Arush from, Charles Bradley from Center for Democracy and Technology, research director, and to my left, Marwa Fatafta, MENA policy and advocacy director at Access Now. And today we’ll talk about a topic that is really emerging and a lot of acronyms, apologies in advance, JNAI, LLMs, being based in San Francisco, it’s something that people talk about daily and it seems far fetched, but we already see that in the world today. So the way that our session will be structured is I’ll share a few key takeaways from our emerging research at ECNL, as well as some human rights impacts. And then we’ll hear from folks on the panel about different use cases, different risks. We’ll hear a regional perspective from Marwa and really try to bridge both the technical and societal aspects of LLMs and placing it today in everything that’s happening in the world, including geopolitical developments. So this topic is really relevant for ECNL. We’ve been working on automated content moderation. for the past five, six years, and LLMs have become really an interesting development, and interesting from a human rights perspective means both potential good as well as alarming use cases. And I’d say one of the biggest issues for LLMs, which is a subset of generative AI trained on vast textual data, is that while it promises efficiency and adaptability, they also pose serious risks. Automated content moderation, as many folks in this room probably know, pose already a lot of human rights risks and cause violations, and LLMs have become, at least in Silicon Valley, and increasingly presented as a silver bullet for solving these issues. However, our research has shown that they can reinforce existing systemic discrimination, censorship, and surveillance. And one of the most pressing issues that we found, and ECNL has conducted research on this topic for the past year, working with hundreds of different folks across civil society, academia, industry, on mapping the human rights impacts of large language models for content moderation. One of the most pressing issues is the concentration of power. So the way that LLM used for content moderation works today is that there’s a handful of companies that develop foundation models or LLMs. The one that probably folks are most aware of is ChatGPT. There’s also Cloud, Gemini, Llama, and a few others. And so this is at the AI developer level. Then you have the deployer level, which are often smaller social media platforms like Discord, Reddit, Slack. They often will not have their own LLMs, but they will use other LLMs like the ones I mentioned and fine-tune them for their own purposes. So what does this mean? Any kind of decision made at the foundation level, let’s say, defining Palestinian content as terrorist content will then also trickle down to the deployer level unless it’s explicitly fine-tuned. What this means for freedom of expression globally is that content moderation defined at the foundation level will also be replicated on the deployment one and really there’s even more homogeneity of speech as before. However, alternative approaches are emerging and we’ve seen throughout our research that there are community-led initiatives, especially in the global majority, that focus on public interest AI that is culturally informed and really decentralized. These models, though smaller in scale, demonstrate comparable performance with broader LLMs and highlight the potential for more rights-based moderation. Our report, which our friends at IGF can maybe post online, and I encourage you guys to check out, look at the various human rights impacts from privacy, freedom of expression information, assembly and association, non-discrimination, participation, and remedy. We’ll talk about some of these later but I encourage you to read it. It’s a thorough analysis of each of these rights and the last part is recommendations, which we’ll also dive in to this session. And just to note that we’ll have ample time for questions. I really want to hear from folks in the room as well as online. I already see a few experts on this topic and also encourage everyone to participate even though it seems like it’s brand new. A lot of the questions around large language models have been around for a long time. Obviously automated content moderation but even offline or human-led moderation, you know, these questions are often the same and they’re just exacerbated and accelerated due to the scale and speed of AI. With that said, I wanted to to turn it to David to share a few use cases of LLMs for content moderation. And DTSP together with BSR, Business for Social Responsibility, has led research on the topic. So David, if you could share some of those findings and introduce your work.

David Sullivan: Thank you. Thanks, Marlena. And I’m going to take these off for a moment. It’s great to be here with everyone. I’m David Sullivan. I lead the Digital Trust and Safety Partnership, which brings together companies providing all different types of digital products and services, including some of those companies that are frontier model developers and deployers, like a Google or a Meta, as well as smaller players, such as Discord and Reddit. And our companies come together around a framework of best practices for trust and safety, a framework that is content and technology agnostic. And the idea is basically that companies can come together around the practices that they use to develop their products, enforce, develop the governance and rules for those products, enforce those rules, improve over time, and be transparent with their users and with the public. So it’s about the practices of safety, as opposed to agreeing on what types of content should be favored or disfavored on these kinds of digital services. So what I want to start with, so last year, in 2024, we brought together a working group of our partner companies on best practices for AI and automation in trust and safety. So that looked at the full range of technologies from even the most basic kind of rule-based systems that have been used as part of trust and safety going back for 20 years, dealing with things like spam, to possibilities for use of generative AI as part of trust and safety. of which content moderation is kind of one component. And so we spent the better part of a year looking at what companies were doing and trying to identify some best practices and as well as what we called generative AI possibilities, ways that companies might be experimenting and beginning to use this technology as part of trust and safety, as well as what the limitations and challenges and ways to overcome those challenges. So I’d encourage folks to go to our website, DTSpartnership.org. That report is right on the front page. And as Marlena mentioned, we worked closely with a team at BSR who helped us do that research. Hannah from that team is here and is also really an expert in this space. So I want to just briefly mention a few things. First, as I think I already said, I think that use of trust and safety, use of AI and automation in trust and safety has always been a blended process of human and technology. That’s always been the case and it continues to be the case, even as what that blend looks like may change quite substantially as LLMs and these generative AI technologies get incorporated into trust and safety. The second thing is that perfection when it comes to content moderation is nearly an impossibility. And so we’re always thinking about potential for over-action or under-action when it comes to how companies are enforcing their policies. And we can talk a little bit more about some of the trade-offs there. And I’m sure we’ll talk a lot about that with this group here. So with that in mind, I wanted to just use our framework of these five overarching commitments to talk about five examples of kind of possibilities for the use of generative AI. as part of trust and safety. And then hopefully those will help kick off some discussion. So the first of our commitments that all our company members make is around product development. And so one example of a generative AI possibility in product development is the use of generative AI to enhance and inform the kinds of risk assessments that companies do when they are developing and rolling out new products or new features within products. So examples of this could be generative AI could help to analyze emerging patterns of content related abuse. They could identify edge cases that could then become more mainstream. You connect data points between different types of risk factors and could potentially be used as part of red teaming exercises by trust and safety teams, brainstorming attack scenarios and things like that. So that’s on the product development side. The second commitment that all our companies make is to product governance. And so there as part of that commitment, some of the best practices we’ve identified around external consultation, incorporating user perspectives into company policies and consulting with the civil society organizations and other external groups as the part of developing and iterating those policies. So there again, I think LLMs could potentially be leveraged to gather much more data. You have companies currently using kind of surveys and focus groups and getting information from outside experts and all of that may not always be as coherently brought together as it could be. So LLMs could help with that. And one other thing they could potentially do is help to create the kind of feedback loop where those organizations that spend a lot of time telling companies what they should and shouldn’t be doing with their policies. would be able to hear it. This is how your input was used in, you know, the development of this, you know, new content policy around whatever issue. On enforcement, so there I think one of the things that, where I am cautiously optimistic, is about the potential for generative AI to augment human review as opposed to replace it. And we hear a lot these days about AI replacing humans when it comes to content review. But I think the area where there’s the most potential, both in terms of shielding humans from having to review the worst of the worst type of content, but also being able to help provide context to human reviewers that maybe will help them with their decision-making. And also being able to route the things that are easily determined to be content violating away from humans to then make their own work more efficient. And we can talk, of course, about a lot of the challenges there as well. Just quickly on improvement, I think one thing that gen AI can do is sort of enhance the automated evaluation of context around violations. So, you know, it can be hard for companies to be able to let’s see basically the idea is being able to have more information at your disposal in order to figure out how your policies are being are actually being implemented in practice and to incorporate that context into automated actions as well as that sort of information for human reviewers. And then lastly on transparency, there I think there’s also potential for generative AI to improve the explainability of the decisions that companies are taking. So I think maybe all of us have at one point or another had an experience of having Something you’ve posted finding that it violates some services guidelines one way or another and when you Appeal those things you get very little information in return And so there is I think potential for these types of technologies to be able to provide a little bit more information So the example for example would be you know, if you have posted a video that’s an hour long It could tell you here’s the two minutes that we found to be violative and you can have a chance to correct that So those are I think some Possibilities some positive use cases. We’re going to talk a lot more about the limitations and challenges. I just wanted to Mention just a couple of them The first is that and this is where I think the stakes of all of this gets very high is that we don’t know what you know, kind of tomorrow’s content crises are going to look like and We know that these models are not good when they’re dealing with novel challenges that are not adequately Represented in their training data. That’s when they really go off off the deep end So we need to be aware of that. The second thing is that for all companies that have Trust and safety operations that have their content policies. They need to exist in three different forms They have to there has to be a public facing version for users to understand what’s allowed and not allowed There has to be the internal detailed. These are the specifics of how we enforce this policy, which you don’t want to make Completely public because bad actors can use that to kind of you know, gain the system and then you need a version That’s machine readable. It can be used by a company by by LLMs So those are that’s a complicated sort of balancing act and one that that also complicates these challenges Lastly I think there’s just trade-offs when it comes to the metrics that companies use here And so you you can you know optimize for? Precision which is really the metric about how correct your decisions are or you can optimize for recall which is about are here to talk to you about how we can make sure we get as much, covering as much content as possible. What that, these are the terms that, you know, kind of AI folks will throw around. They have real consequences when it comes to the kinds of harms that occur through digital services and the impact of those. And so you’re constantly having to balance, you know, we need to make sure we get as much of the really harmful content as possible. Whereas in other situations, you want to worry about false positives. So those are real trade-offs. You can’t just wish them away. And so I think hopefully that maybe helps kick things off and I’ll stop there to give others time.

Marlene Owizniak: Thanks. Thanks, David. And can everybody hear us? Yeah. OK, great. Because the mic situation is a little bit off, but you have to wear the earphones to hear. Next we’ll hear from Dhanaraj about multilingual models in particular. So a lot of this conversation research is often on English content and some colonial languages. But perhaps or hopefully unsurprisingly to folks in this room, that is not the case across languages. There’s a lot of inequities. And CDT really over the past few years has done groundbreaking research on this topic. It has informed our own research as well. So I’m thrilled to have you, Dhanaraj, here. And also shout out to Alia Bhatia, who is not here with us today, but who has done some of that research.

Dhanaraj Thakur: Yeah, great. Thank you, Marlena. And thanks for the invitation to join this conversation. Yeah, so I’m Dhanaraj Thakur. I’m research director at the Center for Democracy and Technology based in Washington, D.C. and in Brussels. We’re a nonprofit tech policy advocacy group. We focus on a range of issues, one of which is our own content moderation. Great. So, yeah, just to follow up on then on what David discussed on, like, the application of large and large models the content moderation analysis and trust and safety systems. I can talk a bit more specifically about how those are applied, how those systems and technologies are applied in what we’ll further discuss and explain is low-resource languages. And this is based on some research that as Marlena mentioned the CT has done. For example one report called large language models in non-language content analysis led by Gabriel Nicholas and Aliya Bhatia and a forthcoming report based on a series of case studies we’ve been doing on content moderation and global south looking at different low-resource languages specifically Maghrebi Arabic, Swahili, Tamil and Quechua. So when we talk about multilingual large language models what we’re essentially focused on is large language models that are trained on text data from several different languages at once. And the logic or the claim that researchers often make with these kinds of models is that they can extend the various multi-capacity capabilities and benefits that for example that David highlighted to languages other than English and even to languages for which there’s little or no text data available. And so you can also then see how you can apply some of these kinds of benefits to many of the content, user-generated content from various kinds of languages around the world. That said there are several issues and challenges that come up and that’s what I’ll spend a bit more time talking about. Skipping over the potential benefits which I think David has covered quite well. So a lot of studies also show that multilingual language models also struggle to deal with what’s called there’s this wide disparity between languages and how much textual text data is available. And so researchers describe or use categories of high-resource and low-resource languages. English has by multiple odds of magnitude much more text data available than any other language and there’s a lot of reasons behind that. You can think of the legacy of British colonialism, American neocolonialism and the subsequent erasure of regional and indigenous languages. Most of the companies that we are discussing now when we talk about frontier model companies are based in the U.S. as well, as well as the social media companies, so English becomes a dominant language there. So what we call high-resource languages effectively refer to languages where there are significant amounts of text data available, such as English and many other European and other languages, Chinese, Arabic, for example. On the other hand, on the other side of the spectrum, you have low-resource languages with very little textual data available, but these can still be major languages in terms of number of speakers. So this can include, for example, Swahili, Tamil, or dialects of Arabic, so the Maghrebi Arabic languages I mentioned earlier. There’s also like Bahasa Indonesian, which is like literally hundreds of millions of speakers. So what this leads to then is this kind of disparity or inequity in the potential applicability of these technologies to content analysis around, particularly in social media, but in other use cases. We could have a separate discussion on the terminology of high and low-resource as it applies to these kinds of languages, but we could leave that for another time. So one of the questions that comes up in a lot of our work is not so much the technical capability of these technologies, but also how they’re incorporated into existing trust and safety systems. And so here we come across several different kinds of problems. So with low-resource languages, for example, we have this problem of lack of training data, but often that lack of training data is not just for content in general, but can be for specific domains. So in our research, for example, we spoke to LLM and LP researchers, natural language processing researchers, working on Quechua, for example. and the other is the problem of having enough data and catch available generally for developing these models, but in specific domains such as hate speech. Because if hate speech is a concern, for example, for a particular trust and safety application, then you need particular data in that as well. And that’s also part of the lack of data or the low resource problems, so to speak. Many users, and this is, I think, a well-known fact for many of you, is that people online, when they come to user-generated content, engage in what’s called code switching. So they alternate between two languages, for example, because many people employ multiple languages in daily conversation as well. There are other challenges, such as the agglutinative nature of some of these languages. So by that, I mean that some languages, such as Quechua, Tamil, for example, will build words based on lexical roots and then they add suffixes to create complex meanings that often in other languages require entire sentences or multiple sentences to convey the same thing. How LLMs handle that process is quite different, but it adds challenges to the analysis of text or content in those languages. There’s also the issue of diglossia, which is a linguistic concept. Often in many of these languages, particularly in those that have gone through, like, the colonial experience, there’s a combined use of two languages, which I mentioned, but they’re done in such a way that there’s an asymmetrical relationship between the use of two languages. So if I use the example of Quechua and its relationship to Spanish, which is a colonial language, one would represent power status and issues of importance in how people use that language in the same sentence or paragraph with Quechua, whereas Quechua would be used, for example, a more mundane function. So this concept of, like, words from a certain language you use to represent more power and the other is used to represent less power, and that’s used together. and the issue that comes up here is to what extent, or a question that comes to mind is to what extent will the development of models around this, building upon this kind of dynamic replicate or exacerbate this kind of polydynamics between these two languages. This is combined with a problem that you see a lot, for example, in indigenous languages where there is a history of erasure of languages. And so often a concern that comes up when you talk to researchers and people in these communities is to what extent do these technologies combine or at least push back against that kind of erasure. In our research, what we showed or what we found, I’ll just highlight some of the problems, but these have direct impacts on people, social media users, who post in these languages. For example, what people observed is that often it would take a longer time for the social media companies to moderate content in these languages versus content that was uploaded in high resource or in the colonial languages. And because of the challenges around developing models around this, and or the lack of native speakers on trust institute teams that can handle these languages, it could lead to a longer time to moderate content. There were often in addition reports of unjust content removal, perceived shadow banning and so on. People also highlighted different ways of recognizing these problems, highlighted different tactics of what we call resistance. So, for example, I mentioned code switching. There’s algo speak, you know, using random letters in a word or using different emojis, for example, the watermelon emoji, which is used to refer to Palestine, for example. So using various tactics because they are aware of the failures or the potential weaknesses of these kinds of automated systems, using various tactics to get around them. Yeah, I can stop there for now. Thanks.

Marlene Owizniak: Thanks so much. And this is a perfect segue to talk about some real world regional harms going to the Middle East and North Africa region, which is, you know, especially today, very topical, but the issues around content moderation and censorship more broadly, surveillance are not new to the region. So really, really grateful to have Marwa here. And we’d love to hear from you about your regional perspective.

Panelist 1: Yeah, thank you, Marlena. And yeah, unfortunately, the MENA region is quite rife in examples. But I do want to first thank my co-panelists for laying the ground pretty well for me to provide some specific examples. I want to make my comments around three issues. The first one of which that has already been alluded to, to the question of where do you invest in those systems and in which languages? Arabic is one of I don’t want to call it a minority language. Millions of people speak it. It’s an official UN language. Yet, unfortunately, AI systems used by tech companies and social media platforms more specifically tend to be poorly trained. And I’ll mention some specific examples there. But the issue here is also in some cases where there is a minority language, companies sometimes think it’s not, you know, market. It’s not there is no incentive for them to prioritize that language, even though, for example, in the context of Palestine, Israel in 2021, when there was a surge of violence on the ground and also a surge of online content, protesting or documenting abuses, we noticed that there was an over-moderation of Arabic language under moderation of Hebrew language on META’s platforms more specifically. And after Business for Social Responsibility conducted a human rights due diligence into META’s content moderation of that period, one of the reasons behind such dynamic was the fact that There were no Hebrew classifiers to moderate hate speech in Hebrew language, but they were such for Arabic. One would ask a question here is that why, despite the context was very clear, there were high incitement, so high volume of content inciting to genocide, inciting to violence, pretty direct hate speech where it’s pretty much black and white. But nevertheless, the company did not think that it was a priority at the time to roll out classifiers that would be able to automatically detect and remove such harmful and potentially violative content. When we pushed back, of course, and after the due diligence findings were out, now META has classifiers, but we found out in the new round of violence, unfortunately, I mean, after October 7th, that those classifiers were not even well trained to be able to capture even more, a larger volume of hate speech and incitement to violence and genocide and dehumanization or dehumanizing rhetoric, which leads me to the second issue. That is the under and over enforcement that comes as a direct impact of basically company decisions and investment and where and when to deploy such systems. Let’s now zoom in into the concrete issues of how these systems are not, they’re far from perfect, but the risks and the direct impact of which can be very, very harmful. One of the examples here in terms of over enforcement, I mean, if you talk to, for example, Syrians, Syria has been one of the most sanctioned countries on Earth planet. Thankfully, many of the sanctions are being removed. But the result of that, you know, for example, on counterterrorism legislation or laws, we’ve seen aggressive moderation. and removing terrorist content in Arabic got it wrongly 77% of the time. That’s quite huge. And when we talk again about a region that is pretty much at the receiving end of this aggressive counterterrorism measures, the result is this mass scale censorship of activists, of human rights defenders, of journalists, and particularly around peaks of violence and escalations where people do come to online platforms to share their stories and the realities and to document abuses and for journalists, of course, to govern what’s happening on the ground. There are other examples that I could mention where I got things terribly wrong and extremely sensitive in critical moments. One example I can think of in twenty twenty one when Instagram falsely flagged Al-Aqsa Mosque, which is the third holiest mosque in Islam as a terrorist organization. And as a result, all hashtags. And that particular time is also quite interesting. It’s interesting because it was when the Israeli army stormed Al-Aqsa Mosque and people were reporting and sharing photos with that hashtag Al-Aqsa and this is when Instagram decided, or Meta, now is the time to mislabel this mosque as a terrorist organization and as a result all the content was banned and forcibly removed. During the unfolding genocide in Gaza we had also examples where one famous example was of a person whose Instagram bio was mistranslated. He said, you know, praise to be God, I’m Palestinian but the system translated it as praise to be God, Palestinian terrorists are fighting for their freedom. Many, many years ago also there was a case of a Palestinian construction worker who was working in Jerusalem, who was arrested by the Israeli police because he was flagged to them that he’s about to conduct a terrorist attack and they relied on Facebook’s translation, automated translation which falsely or mistakenly translated the man saying good morning, posting a picture of himself smoking a cigarette and leaning on a caterpillar to good morning, I’m going to attack them. And the man was detained for a few hours and interrogated and then he was released after the Israeli police realized oh, Facebook made a mistake in translation. The man had shut down his accounts, I do remember, meaning that those types of actions and their consequences can be quite detrimental for people’s ability not only to exercise themselves but can constitute or instill a sense of fear that they might be subject to similar detrimental consequences. David had mentioned an interesting point which I would like to elaborate on. The tension between precision versus recall. From my observation, having worked on multiple crises in the MENA region over the past few years, is that companies tend to over rely on automation around times of crises. And particularly when there are attacks or, you know, they feel like under pressure that they need to remove as fast as possible large amounts of content in order to avoid being, you know, liable. One example I can think of is, of course, the October 7th attack. Immediately after tens of thousands, hundreds, in fact, hundreds of thousands of content was just largely removed using automation. And there that balancing act that is not possible to even achieve means that companies are willing to sacrifice or, you know, to say, okay, it’s fine if we erroneously get content decisions or content moderation decisions wrong, as long as we try to catch as large amounts of content as possible. And there one specific example I can mention here is META’s decision to lower the threshold for hate speech classifiers directly in the aftermath of October 7th attack to remove, for these classifiers to detect comments in Arabic language and specifically those coming from Palestine. So lowering the confidence thresholds from, I think it was around 85 or so, all the way down to 25%, meaning that the classifier, you know, at that very low level could remove and hide people’s comments. Because again, the emphasis here on removal versus precision or accuracy in the decisions. Now, what does that mean for the users, for people and their ability to use? Those platforms freely and safely to express themselves. We’ve had situations where people were banned from commenting for days We’ve had people who had Really extremely innocuous. I mean just Palestinian Flags or they watermelon emojis being removed We’ve had even people having receiving warnings Before following particular accounts, you know For instance if you were a journalist known for covering the events in in Palestine and or in Gaza more specifically and The you would get a notification saying are you sure you want to follow this person because they’re known for spreading disinformation I’m talking about credible journalists as you know, professional journalists not influencers or content creators so we’ve had many examples and again where Hundreds if not thousands of people who had their content removed as a result of these types of that tension to which companies tend to tilt towards Again over moderation or aggressive moderation rather than than accuracy Lastly what I want to say is that okay. I’m not an expert on LLMs, but I What concerns me the most is that we are at the cusp yet of another era of new technologies or you know a new iteration of technologies in which there is a lot of promise, but there are yet to be proper human rights impact assessments and that’s something that you Excellently catch in your in your report that we still don’t have access to these systems It’s hard to independently audit them and therefore to understand and also work with the companies What are the the risks and how can be mitigated before they are already rolled out at a scale and then we as civil society? find ourselves in the position of having to Document the harm try to connect the dots and understand Okay, why is it that the certain population at a certain time being subject to censorship? and what could be the catalyst reasons behind it and then provide that as an evidence for platforms for them to correct course and adjust the systems and the policies behind them. And I’ll stop here. Thanks so much.

Marlene Owizniak: And before I open it up to the floor, I just wanted to highlight a few of the key risks that we found, just following up on the speaker’s points. And I really do encourage you to read our report. We distilled it down to 70 pages, which is still quite long. We read over 200 computer science papers and like really brought a human rights legal analysis to it and try to make it more digestible by having different chapters. So every right is its own chapter. And then there’s also one technical primer. Some of the concepts that David shared, which are very common in the, you know, AI, CS technical world are less so in policy and vice versa. And then Marwa said we need more human impact assessments. So BSI was brought up several times. There’s a handful of orgs and people doing that, but it’s, it’s really concerning that you have these many human rights impact assessments for this big of an impact. And some of the key LLM impacts we found, one of the benefits side, because there can be some potential use cases is that LLMs are typically better at assessing context. So if we are going to use automated content moderation, they typically perform better. The accuracy level is higher than traditional machine learning. And they can be also better for personalized content moderation. So we talk a lot about user empowerment and agency, and if folks want to kind of like adjust their own moderation settings, if someone is comfortable with sensitive content, for example, or gore or nudity, they can choose that versus others can filter that out. And also LLMs can be better at informing users in real time why the content was removed, for example. and I’m going to talk about what steps they can take to remedy it. There’s such a big gap today with explaining to users why their content was removed and what they can do to appeal that. That said, a few key risks specific to LLMs. One, because there’s so much content. And I often say, I’ve been working in AI for a long time, for those who know me, and AI is neither artificial nor intelligent. It uses a lot of infrastructure, a lot of hardware, and it’s mostly guesstimates. So LLMs, and I should have begun with that, is large language models. It’s basically statistics on steroids. It’s not divine intelligence. It’s just a lot of data with a lot of computing power, which is also one of the reasons why it’s so concentrated. What happens when systems have so much data, often from web scraping, is that they can infer sensitive attributes. Much more than traditional ML systems can. And when we think about the relationships between governments and companies today, that really puts minorities at risk of being targeted and increasingly surveilled. Marwa and folks here already talked about over and under enforcement. Unfortunately, marginalized groups are both impacted by false positives and false negatives. That means, for Marwa’s example, Palestinian content is both overly censored and at the same time, genocidal, hateful content is not removed from the platform. Hallucinations is a very typical Gen AI LLM example. When companies rely on LLM-driven content moderation to moderate misinformation, for example, the LLMs can put out really confident-sounding statements that are just wrong. So using that to inform human content moderators or automated removal often leads to just errors and inaccuracy. One last thing I will mention is that our organization, ECNL, we work a lot on protests, civic space, assembly and association. These are often actions and content that are, by default, contrarian, minority, anti-power, protest. You usually protest something. You protest a powerful institution. And if you think about AI, both traditional machine learning and LMs, they are statistical bell curves. And minority content falls outside this data set. And Marwa and David, I think, hinted at that when we think about crisis. And, quote-unquote, exceptional content. So even the best intentioned platforms will make errors just because this is content that falls outside of data sets and the bell curve. It is, by definition, exceptional or contrarian. So that’s really something to consider when you think about assembly and protests. Yeah, and I’ll just leave it at that. We also have a lot of work on participation, so I encourage you all to check that out and reach out. And I would love to open it up now. One of the things that we’ve been thinking a lot about at ACNL after doing this human rights impact assessment is now what? What kind of recommendations can we make to AI developers and employers? What are we still missing in the academic and civil society community? What gaps are there? So if anybody has thoughts on that, I would love to hear from you. Otherwise, any other questions? And folks online, please either write your question in the chat and I’ll bring it to the floor or you can raise your hand. I’ll take a couple questions just because we have limited time. Please raise your hand if you have a question. For now, there’s only one, so please, yes. And if you can introduce yourself, name, and affiliation, that’d be great. Oh, yeah, the mic is over there. I’m sorry. So please line up and go to the mic if you’d like to ask a question.

Audience: Yes, so this is Balthazar from University College London I’m just wondering if there are any avenues for other actors I mean in this case, sorry, in this case government and civil society to influence the technical design of the LLM used for content moderation within digital platform, or is it like largely proprietary by these social media companies and there’s no no way to influence the technical life cycle so to speak and then we just you know rely on tech platform to make decision on what is the next iteration of the LLM going to be or is there really I haven’t used some kind of external human in the loop mechanism so that civil society or government can influence in a more technical sense to complement the legal intervention and program intervention. Thank you

Marlene Owizniak: Thanks so much. I have a few thoughts, but I’ll hand it over to the panel first

Dhanaraj Thakur: Sure, thanks great person So one of the kind of feedback that came up a lot in our research is that engage with greater community leadership and participation in the building of LLM So for example, that can come in the form of the building of data sets ownership of data sets, right? For specific kinds of contents in in building LLMs There are many examples about around the world of this happening with local researchers and communities coming together to build LLMs, build models, language technologies for specific purposes outside of social media. The problem that came up a lot and I don’t know how if others have thoughts on this was that social media companies the ones who engage are often not aware of these communities of local LLM developers, LLM researchers or these kinds of efforts which they could benefit a lot from but there’s a gap there, a disconnect there. I think that’s one area as well There’s also significant opportunities for governments and even industry to invest in these kinds of partnerships as well and to support those kinds of efforts

David Sullivan: Just building on that I do think that there is an opportunity coming up where there is a lot of enthusiasm and interest within the trust and safety community for open source So in particular there’s a new project called Roost robust open online safety tooling Which is where a lot of companies are coming together to open source some of the technologies and tools in the space That’s been a sticky area when it comes to really challenging online safety issues But I think there is an opportunity there and there’s ways for people to get involved So I think that that’s one one positive to look at

Panelist 1: Plus one to involving communities from the get-go from the start and yes, and I also do Yeah, I do confirm that I don’t think that Social media companies are connected to local developers or local LLM experts. I certainly don’t see that happening in the region I would also say, in addition to these voluntary multi-stakeholder mechanisms or FORAs, maybe there should be a space for mandatory human rights impact assessments. Also, throughout the cycle of development, starting from the very beginning, up and, of course, during the launch of those systems and their enrollment, and, of course, following any adjustments or modifications of such systems and their use.

Marlene Owizniak: Yeah, and I’ll just add briefly on the AI lifecycle. ECNL has been working with Discord on piloting what we call a framework for meaningful engagement, where from the first stage of the lifecycle on AI design, they’re developing machine learning and LLM-driven interventions to moderate content online. So we’ve been partnering with them and with stakeholders around the world, some of you in this room, on helping them do that. So it’s a very specific case study, and I can’t share more about that. Another example where I think folks can be involved is after the deployment stage. So the way that LLMs work is they’re trained, and then there’s the whole validation slash evaluation section. They’re often done through reinforcement learning by human feedback. I won’t go into details, but it basically requires people to go through the outputs and retrain them. One thing that we’ve been advocating for at ECNL is to involve communities at that stage as well. What typically happens is during this reinforcement learning phase, it’s mostly Silicon Valley folks or experts like probably us in the room who would do that, but not the communities affected. And it’s very, very homogenous. So it’s people from elitist academic institutions, high-name NGOs, and those based in Silicon Valley. And that’s a problem, because it’s supposed to, quote-unquote, fix or improve the LLM, but it just ends up perpetuating even more bias. So many ways to involve folks, and that is definitely step one, I think, to actually make these systems better. Next question, please.

Audience: I’m part of the Internet Architecture Board in the IETF, the Internet Engineering Task Force. I have a very straightforward or blunt question, maybe. So I kind of understood that LLMs will always make mistakes. I think that seems obvious, but do you think there is an area to involve LLMs to do a good job here? Or do you think there will always be a need for other mechanisms to have humans involved in the thing? Or do you think LLMs is not the right technology at all, and we need maybe other ways to empower the users and to give users a decision about which contents they want to engage with and they want to see? So, you know, what’s the way forward?

Marlene Owizniak: Want to briefly say?

Dhanaraj Thakur: Sure, I can take a quick. So I think there are two dimensions to this. Like, how do companies address content moderation? And there are actually many different models, not just this kind of centralized model that you see with large social media companies. So we should keep that in mind. And they could use, like, you can imagine a subreddit, a moderator, thinking of ways they could use these kind of tools for their specific use case. And it could be very helpful for community building in that sense. So just keep in mind that there’s this range of options available. But I think when we think of it at a larger scale, all positions, always, at human moderators should be part of the consideration and the calculus of how you address content. I think others, like David and Marwad, mentioned this as well. I think what’s important is the flexibility around this. So for some of the particularly low-resource languages where there’s very little data and these kinds of tools may not be as effective, there should be a heavier emphasis on human moderation. And that could evolve over time. But I think there will always be some kind of combination between the two.

David Sullivan: I would just add, maybe, there’s an excellent research paper that Google folks put out last year in 2024 about how LLMs can be leveraged to support human raters of content, which goes into this at a level of technical detail that is beyond me, but I think might be helpful. But I think one of the opportunities here, which is cognizant of all of the risks when it comes to how AI can be misused when it comes to content moderation, I do think when you think about AI as this, sometimes, this technology that is overhyped and lacking business applications, I do think that content moderation and trust and safety is a concrete business application for AI, and one where the developers and deployers are often the same company. And so I think there are some opportunities there, but it comes with all the risks we’ve talked about.

Audience: That’s a very quick follow-up. So you said if the humans are part of the chain, I think the challenge is always scaling up and also timely reactions, right? Can you come comment on that?

Marlene Owizniak: Excuse me, there’s people behind me with time, but I urge you to read the reports, and we also have a large section on recommendations, so that is the next step forward. We only have two minutes, so briefly, please.

Audience: I’m Professor Julia Hornley. I’m a professor of internet law at Queen Mary University of London. I’m an academic, and I’m a lawyer, and hence my question. Obviously, for lawyers, it would often take an extremely long qualification for a judge to adjudicate content, right? For lawyers, these are very, very complex decisions, whereas, as I understand, LLMs and artificial intelligence is based on, obviously, complex processes of labeling and validation processes. So I was wondering whether, in addition to LLMs, which, by definition, will always have these problems, which you so often…

Dhanaraj Thakur: So there are models where it’s really engaging communities about what kinds of data, like how you classify data, what categories of data are important, and who ultimately owns it and becomes a steward of that. That kind of emphasis is very different from the current models. And having LLM developers partner with these kinds of communities in those contexts is one approach. And it’s very similar to the kinds of community-based internet networks that you’re talking about. And that also introduces different kinds of business models as well.

Marlene Owizniak: Thanks so much. And unfortunately, the session is already wrapping up. There’s so much to be said about this topic. I hope one takeaway you have is that it’s an emerging field. There’s still too little transparency. And if we can urge platforms to share more data, including how and when LLMs are used, we often don’t even know that. That is one thing. One of the things that we try to do at EC&L is really document the human rights harms as opposed to AI hype. There’s a lot of hype in this space, as you probably all know. And at the same time, excitement around community-driven models, like Dhanraj talked about. And so there is, like not everything is doom and gloom. There is hope for some community-driven public interest, fit-for-purpose models that I think we can explore. And really find a way that develop AI that respects labor rights, including human counter-moderators, users, and engages stakeholders. And going forward, we will obviously continue to work closely with our partners, many of you in the room, and implement the recommendations with the platforms, test them as well. They’re very much ongoing. So you’ll see that in our report in the last section. Please reach out if you want to get involved. This conversation is only starting. Who knows if LLMs will even be deployed. They’re very expensive to run to begin with. That’s something we didn’t really talk about. But in any case, hearing your voice and concerns is really important. So thank you so much for being here, and happy IGF.

Marlene Owizniak

Speech speed

168 words per minute

Speech length

2596 words

Speech time

926 seconds

LLMs can reinforce existing systemic discrimination, censorship, and surveillance

Explanation

While LLMs are presented as a solution to content moderation issues, research shows they can actually exacerbate existing problems. They perpetuate and amplify discriminatory patterns present in their training data, leading to biased enforcement that disproportionately affects marginalized communities.

Evidence

ECNL conducted research for the past year working with hundreds of different folks across civil society, academia, and industry on mapping human rights impacts of LLMs for content moderation

Major discussion point

Human Rights Impacts and Risks of LLMs in Content Moderation

Topics

Human rights | Legal and regulatory | Sociocultural

Disagreed with

– David Sullivan
– Panelist 1

Disagreed on

Optimism about LLM potential versus focus on current harms

Concentration of power at foundation model level creates homogeneity of speech globally

Explanation

Topics

Human rights | Sociocultural | Legal and regulatory

Agreed with

– Panelist 1

Agreed on

Crisis periods lead to over-reliance on automation with harmful consequences

Protest and contrarian content falls outside statistical bell curves, making it vulnerable to errors

Explanation

Content related to protests and civic activism is inherently contrarian and anti-establishment, representing minority viewpoints that fall outside the statistical norms that AI systems are trained on. Since LLMs operate on statistical patterns, this exceptional content is systematically misclassified, even by well-intentioned platforms.

Evidence

ECNL works on protests, civic space, assembly and association – actions that are by default contrarian, minority, anti-power; AI systems are statistical bell curves and minority content falls outside datasets

Major discussion point

Human Rights Impacts and Risks of LLMs in Content Moderation

Topics

Human rights | Sociocultural | Legal and regulatory

Dhanaraj Thakur

Speech speed

179 words per minute

Speech length

1857 words

Speech time

619 seconds

Wide disparity exists between high-resource languages like English and low-resource languages in available training data

Explanation

English has orders of magnitude more textual data available than any other language due to historical factors like British colonialism and American technological dominance. This creates a fundamental inequality where major languages with millions of speakers are still considered ‘low-resource’ for AI training purposes.

Evidence

Agreed with

– Panelist 1

Agreed on

Language inequities create systematic discrimination in content moderation

Greater community leadership and participation needed in building LLMs and datasets

Explanation

Local communities should have ownership and stewardship over the data and classification systems used to moderate their content. This approach would ensure cultural context and community values are properly represented in AI systems rather than imposing external standards.

Evidence

Examples of local researchers and communities building LLMs and language technologies for specific purposes outside social media; emphasis on community ownership of datasets

Major discussion point

Community Engagement and Governance Solutions

Topics

Sociocultural | Human rights | Development

Agreed with

– Marlene Owizniak
– Panelist 1

Agreed on

Community engagement and participation is critical for effective AI systems

Social media companies lack awareness of local LLM developers and researchers

Explanation

Agreed on

Human involvement remains essential in content moderation systems

Disagreed with

– David Sullivan
– Panelist 1

Disagreed on

Role of automation versus human moderation in content decisions

David Sullivan

Speech speed

170 words per minute

Speech length

1898 words

Speech time

666 seconds

LLMs can enhance risk assessments, improve policy development consultation, and augment human review rather than replace it

Explanation

Generative AI can analyze emerging abuse patterns, identify edge cases, connect risk factors, and assist in red teaming exercises. For policy development, LLMs can help gather and synthesize input from surveys, focus groups, and external experts more coherently, while in enforcement they can provide context to human reviewers and route clear violations away from human review.

Evidence

DTSP worked with BSR on research with partner companies; examples include analyzing emerging content abuse patterns, brainstorming attack scenarios, creating feedback loops with civil society organizations

Major discussion point

Technical Applications and Use Cases

Topics

Legal and regulatory | Cybersecurity | Economic

Agreed with

– Dhanaraj Thakur
– Audience

Agreed on

Human involvement remains essential in content moderation systems

Disagreed with

– Dhanaraj Thakur
– Panelist 1

Disagreed on

Role of automation versus human moderation in content decisions

Generative AI can improve explainability of content moderation decisions and provide better context to users

Explanation

Topics

Legal and regulatory | Development | Economic

Content moderation represents a concrete business application for AI with specific technical opportunities

Explanation

Unlike many overhyped AI applications, content moderation provides a genuine business use case where AI developers and deployers are often the same company. This alignment creates opportunities for more integrated and effective solutions, though it comes with all the associated risks discussed.

Evidence

Reference to Google research paper from 2024 about LLMs supporting human content raters

Major discussion point

Technical Limitations and Future Considerations

Topics

Economic | Legal and regulatory | Cybersecurity

Disagreed with

– Marlene Owizniak
– Panelist 1

Disagreed on

Optimism about LLM potential versus focus on current harms

Panelist 1

Speech speed

153 words per minute

Speech length

1676 words

Speech time

656 seconds

Arabic content is over-moderated while Hebrew content is under-moderated due to classifier availability disparities

Explanation

During the 2021 violence surge, META had Arabic language classifiers for hate speech detection but no Hebrew classifiers, leading to systematic bias in enforcement. Even after Hebrew classifiers were developed following criticism, they remained poorly trained and ineffective at detecting incitement to violence and genocide.

Evidence

Agreed with

– Marlene Owizniak

Agreed on

Crisis periods lead to over-reliance on automation with harmful consequences

Disagreed with

– David Sullivan
– Dhanaraj Thakur

Disagreed on

Role of automation versus human moderation in content decisions

Confidence thresholds are lowered during crises, leading to mass censorship of legitimate content

Explanation

META lowered hate speech classifier confidence thresholds from around 85% to 25% specifically for Arabic content from Palestine after October 7th. This dramatic reduction meant that classifiers with very low confidence could automatically remove or hide content, leading to widespread censorship of legitimate expression.

Evidence

Agreed on

Community engagement and participation is critical for effective AI systems

Disagreed with

– David Sullivan
– Marlene Owizniak

Disagreed on

Optimism about LLM potential versus focus on current harms

Audience

Speech speed

253 words per minute

Speech length

390 words

Speech time

92 seconds

LLMs will always make mistakes and require human involvement in content moderation

Explanation

Given the inherent limitations of LLM technology, there will always be errors in automated content moderation systems. The question becomes whether there are areas where LLMs can perform adequately, or if alternative approaches like user empowerment and choice should be prioritized over automated moderation entirely.

Major discussion point

Technical Limitations and Future Considerations

Topics

Legal and regulatory | Human rights | Economic

Agreed with

– David Sullivan
– Dhanaraj Thakur

Agreed on

Human involvement remains essential in content moderation systems

Complex legal decisions require extensive qualification, raising questions about AI’s capability for nuanced judgments

Explanation

Legal professionals undergo extensive training and qualification to make content-related decisions that judges would typically handle in court systems. This raises fundamental questions about whether AI systems, regardless of their sophistication, can adequately handle the nuanced legal and ethical judgments required for content moderation.

Evidence

Reference to judges requiring extensive qualification to adjudicate content and lawyers finding these very complex decisions

Major discussion point

Technical Limitations and Future Considerations

Topics

Legal and regulatory | Human rights | Sociocultural

Agreements

Human rights | Legal and regulatory | Cybersecurity

Human rights | Legal and regulatory | Cybersecurity

Unexpected consensus

Industry-civil society collaboration potential

Speakers

– David Sullivan
– Dhanaraj Thakur
– Marlene Owizniak

Arguments

Open source initiatives like ROOST provide opportunities for collaborative safety tooling

Greater community leadership and participation needed in building LLMs and datasets

ECNL has been working with Discord on piloting what we call a framework for meaningful engagement

Explanation

Despite the critical tone toward tech companies throughout the discussion, there was unexpected consensus that meaningful collaboration between industry and civil society is both possible and necessary, with concrete examples of successful partnerships already emerging.

Topics

Development | Legal and regulatory | Economic

Technical limitations acknowledgment across all stakeholders

Speakers

– David Sullivan
– Dhanaraj Thakur
– Panelist 1
– Audience

Arguments

Models struggle with novel challenges not adequately represented in training data

Code switching, agglutinative language structures, and diglossia create additional challenges for LLM analysis

Translation errors have led to false terrorism accusations and wrongful arrests

Complex legal decisions require extensive qualification, raising questions about AI’s capability for nuanced judgments

Explanation

Surprisingly, even the industry representative openly acknowledged significant technical limitations of LLMs, creating consensus across all stakeholders about the fundamental constraints of current AI technology for content moderation.

Topics

Legal and regulatory | Human rights | Sociocultural

Overall assessment

Summary

The discussion revealed strong consensus on key issues: the necessity of human involvement in content moderation, the critical importance of community engagement, the systematic discrimination created by language inequities, and the harmful over-reliance on automation during crises. There was also unexpected agreement on the potential for industry-civil society collaboration and honest acknowledgment of technical limitations.

Consensus level

High level of consensus on fundamental principles and problems, with implications suggesting that despite different perspectives, there is a shared foundation for developing more equitable and effective approaches to AI-driven content moderation. This consensus provides a strong basis for collaborative solutions that prioritize human rights, community involvement, and technical humility.

Differences

Different viewpoints

Role of automation versus human moderation in content decisions

Speakers

– David Sullivan
– Dhanaraj Thakur
– Panelist 1

Arguments

LLMs can enhance risk assessments, improve policy development consultation, and augment human review rather than replace it

Flexibility needed with heavier emphasis on human moderation for low-resource languages

Companies over-rely on automation during crises, sacrificing accuracy for speed of content removal

Summary

David Sullivan emphasizes LLMs augmenting rather than replacing human review and sees potential for AI to improve content moderation processes. Dhanaraj Thakur advocates for heavier human moderation especially for low-resource languages. Panelist 1 criticizes the over-reliance on automation during crises, arguing companies prioritize speed over accuracy.

Topics

Human rights | Legal and regulatory | Sociocultural

Optimism about LLM potential versus focus on current harms

Speakers

– David Sullivan
– Marlene Owizniak
– Panelist 1

Arguments

Content moderation represents a concrete business application for AI with specific technical opportunities

LLMs can reinforce existing systemic discrimination, censorship, and surveillance

Mandatory human rights impact assessments should be required throughout the AI development lifecycle

Summary

David Sullivan expresses cautious optimism about LLMs as concrete business applications with genuine opportunities. Marlene Owizniak and Panelist 1 focus more heavily on documenting current harms and the need for stronger regulatory oversight, with less emphasis on potential benefits.

Topics

Human rights | Legal and regulatory | Economic

Unexpected differences

Degree of technical optimism about LLM capabilities

Speakers

– David Sullivan
– Marlene Owizniak

Arguments

Generative AI can improve explainability of content moderation decisions and provide better context to users

LLMs can infer sensitive attributes more than traditional ML systems, putting minorities at risk of targeting and surveillance

Explanation

Despite both being from organizations that work closely with tech companies, David maintains more optimism about LLM potential for improving user experience and transparency, while Marlene emphasizes how the same capabilities create surveillance risks. This disagreement is unexpected given their similar institutional positions and shared concern for human rights.

Topics

Human rights | Cybersecurity | Legal and regulatory

Overall assessment

Summary

The main areas of disagreement center on the appropriate balance between automation and human oversight, the level of optimism about LLM potential versus focus on current harms, and implementation approaches for community engagement. While all speakers acknowledge both benefits and risks of LLMs, they differ significantly in emphasis and proposed solutions.

Disagreement level

Moderate disagreement with significant implications. The speakers share fundamental concerns about human rights impacts but differ on whether to focus on improving current systems or implementing stronger regulatory oversight. These differences could lead to divergent policy recommendations and advocacy strategies, potentially affecting how the technology develops and is regulated.

Partial agreements

Human rights | Legal and regulatory | Cybersecurity

Takeaways

Key takeaways

LLMs in content moderation pose significant human rights risks including reinforcing discrimination, censorship, and surveillance while concentrating power among a few foundation model companies

Language inequities are severe – low-resource languages face longer moderation times, higher error rates, and systematic bias compared to high-resource languages like English

During crises, platforms over-rely on automation and lower confidence thresholds, leading to mass censorship of legitimate content while sacrificing accuracy for speed

LLMs perform better than traditional ML at understanding context and can improve user explanations, but they struggle with novel content and hallucinate confidently incorrect information

Marginalized communities face both over-enforcement (false positives) and under-enforcement (false negatives) simultaneously

Protest and contrarian content is inherently vulnerable to AI moderation errors because it falls outside statistical norms by definition

Community-driven, culturally-informed AI models show promise as alternatives to centralized foundation models

Resolutions and action items

Implement mandatory human rights impact assessments throughout the entire AI development lifecycle from design to deployment

Establish frameworks for meaningful engagement that involve affected communities from the AI design stage through deployment

Increase investment in partnerships with local LLM developers and researchers, particularly for low-resource languages

Develop open source safety tooling initiatives like ROOST to enable collaborative approaches

Involve affected communities in reinforcement learning and human feedback processes rather than relying solely on Silicon Valley experts

Require platforms to provide greater transparency about how and when LLMs are used in content moderation

Document human rights harms systematically to counter AI hype with evidence-based analysis

Unresolved issues

How to balance precision versus recall metrics in content moderation without causing systematic harm to marginalized groups

Whether LLMs are fundamentally the right technology for content moderation or if alternative user empowerment approaches should be prioritized

How to scale human involvement in content moderation while maintaining timely responses during crises

How to address the economic sustainability of LLMs given their high operational costs

How to prevent the replication of colonial language hierarchies and power dynamics in multilingual AI systems

How to ensure adequate representation of indigenous and minority languages in AI development

How to create effective oversight mechanisms for proprietary AI systems used by social media companies

Suggested compromises

Implement blended human-AI approaches that augment rather than replace human moderators, with flexibility to emphasize human moderation more heavily for low-resource languages

Use LLMs to enhance human reviewer capabilities by providing better context and routing obviously violative content away from humans rather than fully automating decisions

Develop community-specific moderation models that can be tailored to different contexts (like subreddit moderators) rather than relying solely on centralized approaches

This comment reveals a fundamental incompatibility between the statistical nature of AI systems and the protection of dissent and protest rights, showing how the technology is structurally biased against the very content that democratic societies most need to protect.

Impact

This insight shifted the conversation from fixable bias problems to fundamental structural incompatibilities, suggesting that some human rights issues with LLMs may be inherent rather than solvable through better training or fine-tuning.

Overall assessment

Explanation

Current voluntary assessments are insufficient given the scale of human rights impacts from LLM-based content moderation

Open Forum #51 Strengthening Cyber Resilience in Global Posts Logistics

Session at a glance

Summary

The UPU Open Forum on Strengthening Cybersecurity for the Global Posts and Logistics Sector brought together experts to discuss the growing cyber threats facing postal services worldwide as they undergo digital transformation. Kevin Hernandez from the Universal Postal Union presented alarming findings from a survey of 52 countries, revealing that while 71% of postal services now offer digital services extending far beyond traditional mail delivery, their cybersecurity preparedness remains inadequate. The survey showed that less than two-thirds of posts have implemented basic cyber hygiene practices, with developing regions in Latin America, the Caribbean, Asia-Pacific, and Africa being particularly vulnerable.

Nigel Cassimire from the Caribbean Telecommunications Union highlighted the region’s digital transformation challenges and described their partnership with the UPU through a memorandum of understanding to enhance postal cybersecurity capabilities. Floretta Faber from Albania’s National Cyber Security Authority shared concrete examples of cyber threats, noting that over 15% of cyber attacks in Albania target postal services, primarily through domain impersonation and phishing campaigns designed to exploit public trust in postal brands. She emphasized the importance of proactive measures including staff training, early detection systems, and joint incident response protocols.

Mats Lillesund from Norwegian Post stressed the critical importance of collaboration between postal organizations and industry stakeholders, citing successful sector-specific initiatives like the Nordic financial CERT as models for information sharing. Tracy Hackshaw outlined the UPU’s comprehensive cyber resilience program, including the secure .post domain initiative and plans for a postal sector Information Sharing and Analysis Center (ISAC) to facilitate threat intelligence collaboration. The discussion concluded with recognition that securing postal services requires both technical solutions and human capacity building, as postal workers increasingly serve as the interface between citizens and digital services in an interconnected world.

Keypoints

## Major Discussion Points:

– **Current State of Postal Cybersecurity**: Kevin Hernandez presented alarming findings from a UPU survey of 52 countries, revealing that posts are rapidly expanding digital services (71% offering e-commerce, 58% digital financial services) but have poor cybersecurity implementation rates. Only basic practices like secure websites are implemented by two-thirds of posts, while critical measures like cybersecurity training and incident response plans lag significantly behind.

– **Regional Disparities in Cyber Preparedness**: The discussion highlighted stark regional differences in cybersecurity readiness, with developing regions—particularly Latin America and the Caribbean, Asia-Pacific, and Africa—showing the lowest implementation rates of cyber hygiene best practices and inadequate budget allocations despite increasing cybersecurity workloads.

– **Real-World Threat Landscape**: Floretta Faber from Albania’s National Cyber Security Authority provided concrete examples of postal sector attacks, noting that over 15% of cyber attacks in Albania target postal services through domain impersonation and phishing campaigns, demonstrating that these threats affect both developed and developing nations.

– **Collaborative Solutions and Partnerships**: Multiple panelists emphasized the critical importance of cross-sector collaboration, with examples including the CTU-UPU partnership in the Caribbean, Norway’s sector-specific CERT initiatives, and the UPU’s development of collaborative platforms like the postal ISAC (Information Sharing and Analysis Center).

– **UPU’s Cyber Resilience Program**: Tracy Hackshaw outlined comprehensive UPU initiatives including the .post secure domain infrastructure, the secure.post platform for threat detection, and plans for a global postal ISAC to facilitate secure information sharing among postal operators and their supply chain partners.

## Overall Purpose:

The discussion aimed to assess the current state of cybersecurity in the global postal and logistics sector, identify vulnerabilities and regional disparities, and explore collaborative solutions to strengthen cyber resilience as postal services increasingly become digital service hubs offering e-commerce, financial services, and e-government solutions.

## Overall Tone:

The discussion maintained a professional and urgent tone throughout, beginning with concern as alarming statistics were presented about the sector’s cyber vulnerabilities. The tone evolved to become more constructive and solution-oriented as panelists shared successful initiatives and collaborative approaches. While the gravity of the cybersecurity challenges was consistently acknowledged, the conversation remained optimistic about the potential for improvement through partnership, knowledge sharing, and the implementation of comprehensive cyber resilience programs.

Speakers

– **Mayssam Sabra** – Moderator from the DotPost Business Management Unit of the Postal Technology Center of the UPU (Universal Postal Union)

– **Kevin Hernandez** – Digital Inclusion Expert at the Universal Postal Union, works on Connect.Post project

– **Floreta Faber** – Deputy Director General and Director for International Project Coordination and Strategic Cyber Security Development at the Albanian National Cyber Security Authority

– **Nigel Cassimire** – Deputy Secretary General of the Caribbean Telecommunications Union (CTU)

– **Mats Lillesund** – Director of Governance and Communication Group Security at Postenbrink AS (Norwegian Post)

– **Tracy Hackshaw** – Head of the Dotpost Business Management Unit of the Universal Postal Union

– **Ihita Gangavarapu** – Representative of Youth IGF India, works in external threat monitoring

**Additional speakers:**

None identified beyond the speakers names list provided.

Full session report

# UPU Open Forum on Strengthening Cybersecurity for the Global Posts and Logistics Sector: Discussion Report

## Executive Summary

The Universal Postal Union’s Open Forum on Strengthening Cybersecurity for the Global Posts and Logistics Sector brought together international experts to address cybersecurity challenges facing postal services as they expand their digital offerings. Moderated by Maysam Sabra from the UPU’s DotPost Business Management Unit, the forum featured presentations from the UPU, national cybersecurity authorities, postal operators, and regional telecommunications unions examining current threats and collaborative solutions.

The discussion highlighted how postal services are evolving beyond traditional mail delivery into comprehensive digital service providers, creating new cybersecurity vulnerabilities that require coordinated responses across the global postal network.

## Digital Services Survey Findings

Kevin Hernandez, Digital Inclusion Expert at the Universal Postal Union, presented findings from a survey of 52 countries revealing the extent of postal services’ digital transformation. The data showed that 71% of postal services now promote economic inclusion through e-commerce services, 58% offer digital financial services for financial inclusion, and 51% provide e-government services for social inclusion. Over one-third (34%) of postal services show signs of becoming comprehensive “one-stop shops” combining multiple inclusion services.

However, this expansion has not been matched by corresponding cybersecurity improvements. Less than two-thirds of postal services implement basic cyber hygiene practices such as secure websites, and essential security measures including cybersecurity training programmes and incident response plans lag behind service expansion. The survey revealed regional disparities, with developing regions showing lower implementation rates of cybersecurity best practices.

A significant concern identified was the budget-workload mismatch: while 70% of postal services report increased cybersecurity workloads, less than half have increased their cybersecurity budget allocations accordingly.

Hernandez also mentioned the Connect.Post project, which aims to connect all post offices to the internet, further emphasizing the digital transformation underway across the postal sector.

## Regional Perspectives

### Caribbean Telecommunications Union

Nigel Cassimire, Deputy Secretary General of the Caribbean Telecommunications Union, acknowledged that digital transformation in the Caribbean remains relatively underdeveloped. The CTU signed a memorandum of understanding with the UPU in 2023 to promote digital transformation and enhance cybersecurity capabilities across Caribbean postal services. The CTU conducts digital readiness assessments in member states to identify specific vulnerabilities and development needs.

### Albania’s National Cyber Security Authority

Floreta Faber, Deputy Director General of Albania’s National Cyber Security Authority, provided specific threat intelligence data showing over 6,500 indicators of compromise from January to March 2025, with over 15% linked to postal services. These attacks primarily involve domain impersonation and phishing campaigns exploiting public trust in postal brands.

Albania experienced significant state-sponsored cyber attacks in 2022 affecting over 1,200 e-government services, leading to comprehensive cybersecurity reforms. Faber emphasized that attacks on postal services extend beyond operational disruption to undermine public confidence in government institutions, noting that “the human layer is still the weakest link in cybersecurity attacks.”

### Norwegian Post

Mats Lillesund, Director of Governance and Communication Group Security at Norwegian Post, shared Norway’s experience with collaborative cybersecurity initiatives, highlighting the success of the Nordic Financial CERT in creating effective information-sharing mechanisms across the financial sector. He emphasized developing a culture of openness regarding security incidents, moving beyond traditional competitive secrecy to embrace collaborative defense strategies.

Norway faces similar global threats including sophisticated fraud campaigns using postal logos and computer-based attacks, but their collaborative approach has enhanced detection, response, and recovery capabilities through shared intelligence.

## UPU Cyber Resilience Programme

Tracy Hackshaw, Head of the DotPost Business Management Unit, outlined the UPU’s comprehensive cybersecurity initiatives designed to strengthen global postal cybersecurity.

### The .post Domain Initiative

The .post domain provides secure digital identity and services specifically for postal operators, offering enhanced security features and collaborative threat intelligence. The UPU has developed special funding packages for Small Island Developing States and Least Developed Countries, with QR codes provided for accessing these packages.

### Secure.post Platform

The secure.post platform offers URL checking services for suspicious links, with planned expansion to include comprehensive cybersecurity testing and learning resources. The Trust.post platform is currently live, providing accessible security tools for postal operators.

### Postal Sector Information Sharing and Analysis Center (ISAC)

The UPU is developing a postal sector ISAC to facilitate secure collaboration and threat intelligence sharing among postal operators and supply chain partners including airlines, shipping companies, delivery partners, and technology vendors. This platform will enable confidential collaboration and coordinated incident responses across the global postal ecosystem.

## Discussion and Q&A

### Human Factors and Workforce Development

During the discussion, speakers addressed the human element in cybersecurity. When asked about job creation versus replacement through digitalization, Hernandez emphasized that digitalization should focus on upskilling postal staff rather than replacing jobs, positioning postal workers as skilled digital service facilitators providing “digital services with a human touch.”

### External Threat Monitoring

Ihita Gangavarapu from Youth IGF India raised questions about balancing internal and external threat monitoring for resource-constrained organizations. The discussion highlighted the complexity of monitoring threats across diverse supply chains involving multiple stakeholders, each representing potential vulnerability points.

### Physical Infrastructure Considerations

A final question addressed the relationship between digital transformation and physical infrastructure resilience, including disaster fallback capabilities. This highlighted the need to consider both digital and physical security aspects as postal services expand their technological capabilities.

## Key Collaborative Approaches

All speakers emphasized the importance of collaboration in addressing postal cybersecurity challenges, though they proposed different models:

– Regional partnerships and assessments (CTU approach)

– National authority cooperation with postal operators (Albanian model)

– Sector-specific information sharing (Nordic Financial CERT model)

– Global collaborative platforms (UPU ISAC initiative)

These approaches are complementary, addressing various aspects of cybersecurity cooperation at national, regional, and global levels.

## Conclusion

The forum demonstrated both the scope of cybersecurity challenges facing postal services and the potential for collaborative solutions. As postal services transform into comprehensive digital service platforms, they face new vulnerabilities requiring sophisticated cybersecurity responses. The gap between service expansion and security preparedness, particularly in developing regions, represents an urgent challenge requiring immediate attention.

The collaborative frameworks outlined—from regional partnerships to global information sharing platforms—provide a foundation for coordinated action. The UPU’s cyber resilience programme, combined with national and regional initiatives, offers a multi-layered approach addressing diverse needs across the global postal network.

The discussion positioned postal cybersecurity as essential for maintaining public trust in digital services and supporting digital inclusion objectives. As postal services continue expanding their digital offerings, their security becomes increasingly critical not only for operational continuity but for broader national digital infrastructure protection.

Session transcript

Mayssam Sabra: Good afternoon, also good morning and good evening to our online participants who may be joining us from different time zones. Welcome and thank you for being here with us. For our UPU Open Forum on Strengthening Cybersecurity for the Global Posts and Logistics Sector. My name is Maysam Sabra from the DotPost Business Management Unit of the Postal Technology Center of the UPU and I will be your moderator for this session. Just quickly for those who may not know what is the UPU, the UPU is the Universal Postal Union, a United Nations agency dedicated to the postal sector. What we do is we mainly coordinate international postal policies and standards among our postal operators and member countries. We also assist the postal operators in the transformation of their services toward a secure digital connectivity and we help. We promote collaboration, we also help ensure an efficient and secure mail delivery worldwide. As you know, the Global Postal Network plays a critical role in facilitating trade, communication and economic development. However, as we rely more on digital technologies, we also face increasing cyber threats such as ransomware, phishing attacks, data breaches, supply chain attacks, and this is not disrupting our operations but also can compromise sensitive data, can damage reputation, and can erode the trust within consumers and businesses. So in today’s session, we aim to explore how we can strengthen our cyber security, how we can enhance the cyber resilience across the sector. We will be discussing maybe some strategies and best practices to build trust and security in the postal and logistics sector. So I am honored to share this platform with five distinguished panelists with me today. On my left, I have Mrs. Floretta Faber, the Deputy Director General and Director for International Project Coordination and Strategic Cyber Security Development at the Albanian National Cyber Security Authority, and Mr. Mats Lillesund, the Director of Governance and Communication Group Security Postenbrink AS, or Norwegian Post, and Mr. Kevin Hernandez, Digital Inclusion Expert at the Universal Postal Union. On my right, I have Mr. Nigel Cassimire, the Deputy Secretary General of the Caribbean Telecommunications Union, CTU and Mr. Tracey Hackshaw, the Head of the Dotpost Business Management Unit of the Universal Postal Union. So we have a limited amount of time. I encourage all of you please to keep your remarks concise so we can hear from all of you. And for our online participants, if you have any questions, please type them in the chat box and then we will raise it on your behalf. And now let’s kick off our discussion and I would like to start immediately with Kevin Hernandez. Kevin, you are the Digital Inclusion Expert at the Universal Postal Union and lately you have been working on a digital services report for the postal services in which you dedicated a specific section on the cyber security for posts. So maybe you could walk us through the state of cyber security in the postal sector so we can discuss further on the findings of what you will show us. Please proceed.

Kevin Hernandez: Thank you very much for the introduction, Massim. So as Massim said, my name is Kevin Hernandez. I am a Digital Inclusion Expert at the UPU where I work on a project called Connect.Post with the goal of connecting all post offices in the world to the internet and transforming them into one-stop shops for essential digital services. And for all of you interested in the project I just mentioned, I’m not going to speak about it in detail in this presentation, but I have some concept notes that I can share with you and they’re here in the front. And there’s also some at the .Post booth in the village. And although Connect.Post is not necessarily a cyber security, and I am the director of the U.S. Cyber Security Project. Ensuring that these newly connected post offices and the services that they offer are secure is one of our biggest concerns and I will explain why in this presentation. So as Massimiliano mentioned, I was recently working on a report for the UPU, which we call the Digital Panorama Report and it’s based on a survey which we did on digital services and cyber security and 52 countries responded to the survey. And the survey found that posts are offering many more digital services than we were even expecting. We thought that posts offered digital services, but we could never imagine how much. So 71, and these services go well beyond the postal sector, which is really important to highlight because posts are not just offering digital postal services, but are now also offering digital services across multiple sectors. And this is super exciting from an inclusion standpoint because there are, I don’t know if any of you know, but there are over 650,000 post offices in the world, the majority of which are located in rural areas, which are specifically the places where people are less likely to use the internet and where people are most at risk of being left behind. So digital services offered through the posts have significant potential to promote inclusion. For example, our survey found that 71% of posts are promoting economic inclusion for SMEs through e-commerce services, 58% are promoting financial inclusion through digital financial services, 51% are promoting social inclusion through e-government services, 11% are promoting universal health coverage through digital health services, and also 70% are directly contributing to bridging the digital divide and promoting digital inclusion by providing at least one digital connectivity service or solution. And going one step further, our survey also found that more than a third, So 34% of posts show signs of becoming a one-stop shop for economic, financial, social, and digital inclusion by providing all three services at once. So namely, digital financial services, e-commerce services, and e-governments all under the same roof. So this is one place where citizens can go and access all of these services. And this helps mitigate the risk of digital exclusion for less connected groups, while also helping governments achieve multiple public policy objectives related to these areas, and also the overarching leaving no one behind SDG goal. Also, we found that posts are offering these services through multiple channels. So as you would expect, the main channel that posts use to deliver digital services is a digitally equipped post office counter through interaction with postal staff. And this is, once again, this is especially useful for less connected users because they can receive help accessing a service in person that they may otherwise not be able to access on their own due to a lack of internet access, not having an adequate device, or not having the necessary digital skills to access that service on their own. However, many posts are also offering these digital services through fully digital channels, like a website or an app, while some posts are even leveraging their delivery staff to deliver these services through staff that are equipped with digital devices, like digital personal assistants, or tablets, or smartphones. And this can be especially useful for very remote communities or people whose mobility might be restricted. And it’s also important to note that in many cases, the post may only act as a physical extension of a partner’s digital service. So it’s not necessarily the case that all of these services belong to the post, but that the post is acting as a trusted partner. So, building on that, as posts begin to offer more and more digital services, they become an even more. critical infrastructure that must be secured, because they are now holding more sensitive data about customers and citizens across multiple sectors and across multiple aspects of life. And this makes the potential consequence of a disruption of a postal operator’s digital system more severe. And these disruptions would disproportionately impact people in rural areas and the elderly who rely on the post for digital services the most. This also makes the impacts of breaches, identity theft, and financial losses even more severe. And although, as I mentioned before, multi-channel service delivery is great from an inclusion perspective, it also opens up even more entry points for cyber attacks. And as a result of all this, the ability for posts to maintain trust is both more important than ever and more difficult. And it’s not just important to maintain this trust for customers or for citizens, but also, as I mentioned before, for partners. Because delivering digital financial services, e-government services, and e-commerce requires partnerships with private institutions and companies and government agencies who would be reluctant to partner with an institution that they see as insecure, especially when the digital service belongs to that institution. So at this point, you might be asking, how secure are posts across the world? Are they ready to offer these services in a secure way? And our survey found that the current state of cyber hygiene best practices within the postal sector is in need of a significant improvement. So we found suboptimal implementation rates across all cyber hygiene best practices which were surveyed. Posted websites were the only best practice implemented by at least two-thirds of posts. And only two other practices, namely secure emails, secure staff emails, sorry, and business continuity plans were implemented by at least half of posts. Meanwhile, other best practices, such as cybersecurity training, were implemented by less than half of POST. And this is extremely important given that, as mentioned before, POST are utilizing a multi-channel approach to digital service delivery, which means that the POST staff are likely to be involved in delivering these services, whether it’s at the counter of a POST office or through the delivery staff equipped with digital devices. And less than half of POST implement cybersecurity risk management plans, and only around 40% have incident response plans and crisis management plans. So this kind of paints a picture of POST that are largely unprepared and unable to adequately respond to cybersecurity threats. And the survey also found a drastic regional difference in the implementation of these best practices. I couldn’t fit all of them on this one slide, but this trend tends to hold true across all of the cyber hygiene best practices that were on the previous slide. So developing regions and POST from developing regions, and in particular three regions, Latin America and the Caribbean, Asia and the Pacific, and Africa regions, are the least likely to implement these cyber hygiene best practices. And I want to end by highlighting another scary finding from the survey. So cybersecurity budgets of POST are not keeping up with their cybersecurity workloads. So although around 70% of POST saw an increase in their cybersecurity workload in the last two years, less than half of POST reported that they increased their cybersecurity budget allocations. And POST, once again, from developing regions, and in those three regions in particular, were the least likely to increase their cybersecurity budgets in the last two years. So not only are they not well prepared from a cybersecurity standpoint, but their budgets are not keeping up with their workload. And one last thing. along with low implementation of cyber hygiene best practices and lagging budget allocations, posts are also not getting national level support responding to these cyber attacks. So only 35% of posts were affiliated with the National Information Security Incident Response Team. So as you can see, there is still a lot of work to do to secure the posts, especially as they begin to offer more digital services from multiple sectors through multiple channels. And that is it for me. I hope this presentation has helped set the stage for the discussion on cyber security and the posts. Thank you.

Mayssam Sabra: Thank you very much, Kevin, for the insightful presentation. Actually, it really indicates the urgent need for enhanced cyber resilience in some posts and in some regions. So in light of this, I would like to hear from Nigel. Nigel, as you see from the presentation of Kevin, it indicates a low percentage of cyber security being offered in some posts in the Caribbean region. So maybe now you will walk us through some slides to highlight the digital transformation in the Caribbean and the role that the STU is playing in improving the cyber resilience in the Caribbean. Please proceed, Nigel.

Nigel Cassimire: Yes, thank you. I’m Nigel Casimir from the Caribbean Telecommunications Union. I’ll be looking at our status of digital transformation in the postal industry, which is not very advanced. So I think that would be part of the reason why, sorry, Kevin’s results would have shown as he showed for Latin America and the Caribbean. Just to give a little background on the CTU, ICTU is an intergovernmental organization in the Caribbean specializing in ICT. Our members are 20 governments and, should I say, independent states and territories in the Caribbean. And we advise on ICT policy matters, and that includes things related to digital transformation, for example. Our involvement with the postal services in the member states would probably fall under our ICT policy formulation and project coordination type parts of our mandate, as shown on the screen there. So, just setting the context for the Caribbean as far as postal digital transformation is concerned. It’s happening in the more general context of our governments pursuing digital transformation generally. They’re looking at introducing e-government services, and they’ve done that in most of our member states, and also facilitating e-commerce generally to get the economies going and to help diversify their economies. Of course, the postal services has been evolving throughout the world, and the Caribbean is no different. We’ve seen traditional mail services going down, while things like courier services in support of e-commerce are going up. There is competition for the traditional postal services now. Private companies involved in the courier and delivery businesses, and logistics as well. And also, our traditional postal services have their obligations to continue. and others who continue to deal with. But in the face of all these environmental changes, there are opportunities noted for the postal services to modernize and become competitive in the markets. So really what you’ve been seeing, some of the initiatives, and a lot of them have been mentioned by Kevin already, they’ve been seeking to enhance their logistics and delivery, they’ve been trying to capitalize on that trusted nature of the postal services and being used as community hubs, delivering government services and products, facilitating access to government services for persons who may not have their own private internet connections. Some of the financial services that Kevin also mentioned, and in some cases even, they may have some facilities to help with some capacity building of the less technically savvy persons in the community. So there may be an area of a post office, especially in rural areas maybe, where the citizenry can come and get some help in maybe accessing some government services. But as the post offices try to modernize their operations and utilize the digital technologies and transform digitally, as mentioned, this comes with the attendant cyber risks and the requirements for resiliency. Now Kevin went into some of the very specific type things, but I’ll talk about the approach the CTU has been taking. Our involvement in the digital transformation and assisting our governments, of course, is more general. And the postal services is just one example. In 2022, at the ITU Plenipotentiary Conference in Romania, we had the opportunity to meet with the Universal Postal Union, and they apprised us of some of the new services that they had developed in the digital sphere. And we decided that, yes, we needed to partner with the UPU to help enhance the quality of our digital transformations in the postal services in the Caribbean. So, shortly after that then, an MOU was signed between the CTU and the UPU, and this is a picture. The initial meeting was in 2022, and this was the first half of 2023, when the Director General of the UPU signed this MOU with the Secretary General of the Caribbean Telecoms Union to cooperate in various areas. And this MOU, the focus of it was to promote the digital transformation of postal services in the Caribbean, and there were some specific things identified in there. Deployment of the UPU’s digital readiness for e-commerce assessment, that is a program whereby the UPU would come in to individual countries and do a comprehensive assessment of the state of the particular industry and the capabilities of the postal services, and make some specific recommendations in terms of how to go forward with modernization and secure digitalization of their operations. were seeking to promote the adoption of the UPU’s .post domain by our postal services. That is a secure domain that I think gels well with the trusted and would tend to preserve the trusted nature of doing business with the post offices and also implementing the UPU’s ConnectPost initiative in the region, which Kevin had mentioned. In fact, he said he works in the ConnectPost area. So since that 2023, we have had specific engagements in the Caribbean with, I think, at least three of our member states and typically with some of the larger ones, and we do have some specific recommendations now that they are implementing. Within the Caribbean, there’s a Caribbean Postal Union, which is an affiliate of the UPU, and we as CTU liaise as well with the CPU in terms of fulfilling the requirements of the MOU. So that’s kind of where we are. So we are getting the recommendations and start trying to implement the implementations from the UPU to enhance the cyber resiliency of the postal services in the Caribbean. Thank you.

Mayssam Sabra: Thank you very much, Nigel. It’s clear the focus of the CTU on cyber security through the adoption of initiatives like the .post domain or ConnectPost program. It’s absolutely vital to enhance the cyber security in the Caribbean region. Thank you very much for highlighting this. Now I would like to hear from Mrs. Floretta Faber. Floretta, you are the Deputy Director General at the Albanian National Cyber Security Authority, but you also coordinate and lead projects. on Cyber Security Strategies and Development. So, as you know today, as cyber threats evolve, how do you see these changes are impacting on cyber security strategies in our organizations? And maybe you can share with us any successful initiative or best practices from Albania that have improved cyber security in the post and logistics sector.

Floreta Faber: Thank you very much. I’m very happy to be here today and join this discussion. The Albanian National Authority on Cyber Security has been, especially in the last three years, focused on big changes in the cyber security domain in Albania. We had a strong state-sponsored cyber attack in mid-2022 all over the e-government services. Albania today has over 1,200 e-services towards its citizens. More than 95% of all the government services to citizens are given online. So, a cyber attack on all those services meaning really strong steps towards all the countries like Albania and democratization processes and transparency with the citizens. And since then, we have been taking strong reforms on cyber security and big steps forward. Part of all the transformation is the changes of law on cyber security. And we have a new one since May last year, which is according to the EU-NIST directive. And a number of sub-laws on cyber security, which still go through the model of the European best practices and the NIST directive. And we look at specific sectors on cyber security based on the criticality and the postal services. is one of this group, which we have been working specifically. The postal system has, as it was mentioned here from the studies in Albania as well, has increased its level of digitalization. And having the attacks through the postal service or using the name of the post has been really attacks of last year, over 15% of the attacks in the country, or efforts to attack the system. Out of 88 attacks we had last year, over 15% were through the postal system. And only three of them were successful cases, which the post office was dealing with and the National Authority on Cybersecurity was supporting hand to hand. We have seen specifically strong impersonating campaigns. And in 2024, the post office, according to our grouping, is with the transportation group. And almost all the attacks last year in this group were only through the post system, specifically through domain impersonification, aiming to exploit trust really in the public facing brand. The issue carries significant weight due to far reaching impact on the public trust and institutional integrity and the stability of critical infrastructures. Attacks on national post service are not isolated nor random. They have been calculated efforts to exploit institutions that serve as a fundamental touch point for millions of citizens who use the postal services and the digital services in their daily life. The impersonation of postal brand and the misuse of digital channels to spread fraudulent messages can erode confidence in public services and amplify the risk of financial and identity-related crimes. In this context, the importance of building a cyber-resilience in the postal sector goes far beyond working on the technical issues, and it becomes a matter of protecting civil trust and the continuity of essential services in the digital area, and in a time that most of the services through the post office as well are giving through the digital systems. Because these are not isolated cases, these patterns resonate globally. Maybe you have seen that in the last week, the FBI issued a new alert warning for iPhones and Android users about widespread smishing campaigns, as highlighted by Forbes and the New York Post as well. Malicious actors are leveraging the names of trusted institutions, including postal services, to decide to steal and to destabilize public trust. Our data confirmed that this was the case in Albania as well. Only from January to March 2025, we have seen that over 6,500 indicators of compromise that were found through our national search. Over 15% of them, again, were linked with the postal office. This means that the efforts to attack through the cyber systems on public infrastructure in Albania, over 15% really go to one of the critical infrastructures we have. And while the numbers remain high, we have seen promising numbers. I mentioned that last year… On the attacks we had, three of them really made some issues in the institution But this year, all the attempts, none of them has been coming to a point where there was an incident inside the post office In response to the growing threat landscape, the Albanian National Authority on Cybersecurity has taken concrete steps in partnership with the Albanian Post Office to strengthen the sector resilience These efforts include targeted cybersecurity training, implementation of early deduction system real-time monitoring of threat indicators and joint incident response simulation with the authority and the postal system We are also integrating cybersecurity requirements into the digital modernization roadmap on the national post system Our approach is not reactive, it is proactive, it is strategic, it is tailored to the unique challenges this sector face By aligning operational processes with security protocols, we aim to reduce the attack surface and enhance institutional readiness against evolving cyber threats The fact that nearly all the attacks on 2025 were smishing-based tells us something crucial that the human layer is still the weakest link in cybersecurity attacks That’s why our efforts must include not just the technical hardening, but also aware raising among citizens and postal employees So first, we have been investing heavily in capacity building and the cross-sector collaboration Cybersecurity is not a silent challenge, it requires ecosystem level resilience We have developed sector-specific early warning mechanisms and shared playbooks tailored for public services This is operators like the Post, the National CERT, which covers 7 days, 24 hours, overlooking at a number of institutions, 15 institutions, one of them is the Postal Office, because we believe that the strong efforts through this system are worth of having specifically focus on saving those systems. Second, we are working closely with postal operators to build internal cyber hygiene protocols and it’s part of all the cyber hygiene trainings that we are giving throughout the country, because since especially 2022, it was seen that it was given specific priority to the cyber security sector in the country, and only last year we had over 6000 people trained on cyber hygiene, including a specific focus on having all employees of the Postal Office, because among all the steps taken to change the cyber ecosystem in Albania and to take the steps for changing the laws, we believe it’s important to work with people and have the cyber hygiene and a new culture on cyber security in the country, and the request of people to have those training in increased numbers means that there is an awareness that people need to know more, unfortunately for bad reasons, because the attacks have been numerous and some of them have been successful on creating cyber incidents, people more and more are getting the awareness that they should know more, what they should do in order to protect themselves and the institutions they work with in cyber security. As we reflect on all the developments in the country and in the postal services, we understand that it’s important that this is a work in progress and this is something which doesn’t finish in a year or two. With the increase of the number of technologies used, with the increase of the number of attacks, with the increase of AI using on cyber attacks, it’s also important that we get prepared technically and not only on cyber security, even the postal office, and we believe that it’s very important that we have a strong bridge between people, how we get ready in changing technologies and having people prepared on facing those cyber attacks.

Mayssam Sabra: Thank you very much, Floretta, for these important highlights. The findings you indicated are very important and we hope the strategies you are developing will help your organizations become more resilient. Now I would like to move to Mr. Mats Lillesund, the Director of Governance and Security at Norwegian Post. So, Mats, as we mentioned earlier, we rely more and more on digital technologies and we also live in an increasingly connected world and the postal sector faces significant cyber threats, but sometimes we think that these threats are limited to developed countries but in reality they are also targeting big organizations and big countries. For example, we at the UPU, we have been informed of many, several cyber attacks that targeted big posts in big countries, and in today’s opening session, the speeches, most of the speeches highlighted, emphasized the collaboration part. I would like to know what is your view on the collaboration between postal organizations and industry stakeholders in enhancing cyber security in our sector and what initiatives or partnership has Norway Post taken or initiated to improve, to foster this cooperation?

Mats Lillesund: Thank you and thank you for the invitation of being here, ladies and gentlemen, I would like to address your question, it’s a big question and it’s an interesting one at that, but first off a little background about Postenbring, where I work, a Norwegian post, so we serve actually Nordic countries, so postal and logistic services, and we have approximately 14,000 employees, but our base is from Norway and Norway Post, where we have the largest market share and also an important society function, and of course it’s a global scale, as you point out, we have the same threat challenges as any other big company have in today’s threat landscape, being that our adversaries or nature-specific threats also, which I think is an important factor in today’s threat landscape, and addressing cyber resilience also. And just to point out a few of those, we have everything from from Fraud. The people in Norway, for example, is targeted for fraud, where the Posten logo and visual components are used in phishing campaigns. Two more aggressive computer attacks and vectors like that. So on the measurement side, we’re of course addressing this on various angles. We have both human and competence training, we have organizational measures, and of course a lot of technical measurements and controls in place to address this. And I think it was very interesting what Kevin and the other panelists described the different areas. I think that I recognize a lot of them, and I think that we’re always aiming to get better. I think we’re pretty good, but we’re always aiming to get better. And when it comes to cooperation, I think that’s a major factor in resolving issues. So here in Norway, I think we have a very open society, and we have a lot of openness in terms of security incidents. Companies and governments are very open, also in the media, talking about incidents. But it also means that this culture is something that you bring into your behind channels, and experts talking to experts on various issues. Some of the, I would like to emphasize, something that has grown in the financial sector in Norway, spread into something in the Nordic countries, is called financial cert, which is a very good example of how a sector cert function can work together among banks and insurance companies. Companies to leverage each other’s capacities and knowledge to address cyber issues. So I think it’s a very important aspect of both to be prepared and to discuss the issues when they arise as incidents.

Mayssam Sabra: Thank you very much. Actually it’s very important and inspiring, the cooperation you just highlighted. Thank you very much for your invaluable insights. I would move now to Tracy Hackshaw, last but not least. Tracy Hackshaw, you are the head of the post unit at the UPU and lately you have been working on some cyber resilience initiatives. So if you could please give us some details on the cyber resilience initiatives and the role of the UPU in promoting cyber resilience among the postal sector and logistics sector.

Tracy Hackshaw: Good morning, good evening, good afternoon, good night wherever you are in the world. I know time is short so I’m going to move pretty swiftly so we can get some questions in, if there are any questions already. I just wanted to make one observation. When Nigel pointed out the work we did with the CPU, the Caribbean Postal Union, just to reiterate that they were actually a dot post user. So they migrated their website from something else to cpu.post and then are running a secure email and secure hosting environment. I just wanted to make that observation. So I’m going to move pretty swiftly and show on this slide just reiterating some of the issues with attacks in the postal sector. As you can see from this slide, over the last several years we’ve had quite a number of reports, public reports of cyber attacks in the postal sector and not limited only to, as was said before, developing countries but also related to you know countries in North America and Europe and otherwise. So it’s not limited to countries which are least resourced but as Kevin’s research pointed out there’s a heavy risk or a large risk in those countries where the resources are the least deployed and therefore they could be seen as potential low-hanging fruit for cyber attackers. As we go into our initiatives, as Misa mentioned, we are implementing a series of projects at the UPU within our cyber resilience program. You would have heard mention already about the .post initiative and essentially that’s a program which looks to utilize the DNS, the domain name system, to secure what we call the edge of the network for the postal sector. So if you’re running a website, you’re running email and so on, you will be able to use a secure top-level domain which is what the UPU has, .post, that is dedicated to the postal sector and that you as the postal sector, as a post office, as a postal operator or as a postal player in the sector, meaning providing services, you’re a technology operator, you’re making envelopes, packages. you’re in the custom sector, you’re in the airline sector, you can utilize the .post domain and that’s available today via our Trust.post platform. As you can see from this slide, we’ve established a digital framework in which we look to, you know, wrap the entire sector with a series of services, including, as we just mentioned, our cyber-resilient services. Just briefly mentioning what .post brings to the table. It’s a major cyber-resilient infrastructure. Within that infrastructure, we have a series of compliance measures that relate to our overall cyber security framework and we look to implement it as a secure digital identity, that .post domain. We also are looking to deploy, as I said, services, secure email, secure hosting and other secure services. If you’re in the sector and you’re looking for secure services, please do reach out to us to see how best we can work with you to secure your online transactions and services. As I mentioned, we have a shared services platform via Trust.post. That’s live today and you can check it out as you speak right now. We also have an offer for all posts in the small island developing states category, SIDS or least developed countries. If you scan this QR code right now that you can see on screen, you can provide us with some information and we may be able to assist you with a funding package to get you up and running in your journey in digital transformation securely. We also have a project called secure.post, which we are currently rolling out. Today we are right now live only with our check URL. If you go to secure.post today, you’ll see a facility where You can test any URL that is suspicious to see if it’s been reported for scams or malware within the Global cyberspace and you can also use that same platform to report a suspicious link Potential phishing link etc. So that’s available via that platform today coming soon We’ll be rolling out an entire range of services on that platform learning Testing and also Potentially directing you to our various partners within the Secure Outposts framework I will just quickly run and show you who they are So today we’re running with just a short list of these partners who some of the top Alliances and and institutions within the cybersecurity space globally In addition to what we do in the Secure Outposts platform We also are about to implement something called an ISAC an information sharing and analysis platform and that ISAC essentially looks to provide a secure trusted platform where posts and other stakeholders within the sector can confidentially and secure securely share information and collaborate to Deal with the threat intelligence Landscape as was mentioned earlier by our colleague from Albania that intelligent that threatened landscape is Evolving on a daily basis and we encourage all posts and their stakeholders meaning in the supply chain vendors academic institutions As I said customs brokers and airlines etc to reach out to us to join us in this journey on building a global Postal ISAC. I will show you very rapidly a link in which you can reach out to us by completing this information on this form via QR code and you can express interest in joining us on this journey to implement a postal sector ISAC. I really no time is short and I apologize for being so rapid but I’m going to stop here to ensure we have some questions and maybe elaborate as a case maybe so thank you so much for listening to me and maybe hand back over to me somehow so she can facilitate any questions or comments either in the room or remotely. Thank you very much. Thank you very

Mayssam Sabra: much Tracy Hackshaw for your presentation. I believe like the cyber resilience program is essential for postal organizations to build a resilient infrastructure. So online with me actually we have eight minutes left so I’ll take a question from online from Mutu Sami. In the process of digitizing broadening and networking post offices and services is the physical non-tech infrastructure of the post offices and jobs expanded to suit the technological expansion. Also while postal services become digital the post office can become a fallback hub in extraordinary situations of disruption in digital infrastructure. Has the design of post modernization considered these possibilities and needs? Who would you like to answer the question?

Kevin Hernandez: That question had two parts. I guess I can go with the first part and from my understanding that the question was trying to get at whether this might the digitalization of the post replaces jobs in some way and I would say Not really. Actually, what’s happening is the post is now offering more services. But the problem is that these that the people who work at post offices need to be upskilled. Because in the past, they might not have been working on so many digital platforms at once, or they might not have been working on any digital platform at all. So they need to be upskilled, not just on how to use the digital technology, which is which is one thing, but then also on how to use these specific platforms and then also how to ensure that they’re doing it in a secure way. So you need basic digital literacy training, and then you’re going to also need digital training on the specific platforms that are used for each type of service because it might be the case that the e commerce platform is different from the digital government platform, which is different from the digital financial service platform. So they need to learn how to use all of them. And then on top of that, they need cyber hygiene training to ensure that you know, they’re not opening themselves up for some some cyber attacks. I have but just one last thing, we’re trying to really position the post as a place where you can access digital services with a human touch. Because I think that’s the key. And that’s the role that the postal sector can play is it’s a place where you can get help accessing a digital service. That’s that’s the unique value proposition of the post. So it is key. I mean, we need a postal staff. Yeah. Yeah, just just supplement what Kevin was saying. In fact, in terms of the question, I understood a little bit differently. And I see the questioner did put an additional comment that his implication was that it had the opportunity to create more jobs, right? And in addition to up scaling and so on. The other part of his question related to use of the postal infrastructure in in as a kind of a disaster fallback situation, it is something that could possibly

Mayssam Sabra: Thank you, Nigel and Kevin. I’ll take now a question from the audience. Please go ahead. Am I audible? Yes.

Ihita Gangavarapu: Okay, perfect. Hi everyone. Thank you so much for your insights. I’m Ahita. I’m representing the Youth IGF India. So I come from the, I work in the space of external threat monitoring. And when you talk about logistics and posts, that’s something that it’s an industry that we come across but not so often. So in terms of catering to a bunch of clientele, right. So I, my question is that when we are tracking a lot of these threats that could be your phishing kits that are impersonating the postal services or leaked credentials or you mentioned compromise third party vendors. These are all external threats. So when the focus, usually what we see in the industry is that the focus is on internal threats or having solutions that are monitoring all the internal possibilities of vulnerabilities. So I just want to understand how does and could be directed to Tracy Hackshaw because you mentioned post ISAC, that how is it positioned to shift that balance from bringing more attention to external risks and external threats, especially in regions which have very limited visibility or other resources to focus on external in addition to internal threats that are there in the space.

Tracy Hackshaw: Thank you very much. Very good question. That’s exactly what I think the ISAC is trying to do. So I’m not sure if I was able to convey the message clearly, but it’s focused on collaboration between all of the stakeholders in the sector. So the thinking is, I mean, just to give an example, if we are onboarding the post offices, let’s say all 1992 postal operators, the idea is that we will also onboard the supply chain for those who serve them. and it’s a very diverse and extensive supply chain including right up to the delivery partners, airlines, shipping companies, the whole thing. All of those external entities are essentially risk factors to the entire sector because they’re not only potentially targets by cyber attackers, but as you mentioned, the software that runs this environment which can be shared, you know, you’re sending messages between parties. So just to share with you and my colleague from the post may want to elaborate, when you scan a barcode, that message goes everywhere. So when you’re tracking and tracing, it’s going through a network and at every point in that network, there’s a potential failure and it’s a potential way of getting that attack, you know, literally speaking. So the ISAC is designed to identify those stakeholders and bring them together. I won’t say for the first time, but certainly in a way that would allow the information to be shared literally and for collaboration to begin happening so that it wouldn’t be seen only as an internal risk, but also identifying that the external risks and we deal with it from that standpoint. So I hope that will be the first and major time that that happens in the sector to get this done effectively. Thank you.

Mayssam Sabra: Okay, thank you very much. With this, we come to the end of our session. It was short, but I hope it was inspiring and insightful for all of you. I would like to thank my panelists for being with us today. I would like to thank the online participants. And if you would like to continue conversations or discuss further, please visit us at the UPUsecure.post booth. We will be happy to continue conversations. Thank you once again for your participation. Thank you.

Kevin Hernandez

Speech speed

162 words per minute

Speech length

1860 words

Speech time

688 seconds

Posts are offering extensive digital services beyond traditional postal operations, with 71% promoting economic inclusion through e-commerce and 58% offering digital financial services

Explanation

Kevin Hernandez presented findings from a UPU Digital Panorama Report survey of 52 countries showing that postal services have expanded far beyond traditional mail delivery. Posts are now serving as multi-sector digital service providers, offering e-commerce, financial services, e-government services, and digital health services, with many becoming one-stop shops for digital inclusion.

Evidence

Agreed with

– Floreta Faber

Agreed on

Human factors and training are crucial components of postal cybersecurity

Disagreed with

– Floreta Faber

Disagreed on

Approach to addressing human factors in cybersecurity

Posts can serve as human-touch access points for digital services, particularly valuable for less connected users in rural areas

Explanation

Kevin emphasized the unique value proposition of postal services in digital inclusion, positioning them as places where citizens can access digital services with human assistance. This is especially important for rural populations and those lacking digital skills, devices, or internet access.

Evidence

Reference to over 650,000 post offices worldwide, majority in rural areas, serving populations most at risk of being left behind digitally. Posts offer services through staff-assisted counters and mobile delivery staff equipped with digital devices.

Major discussion point

Digital inclusion through postal services

Topics

Development | Infrastructure | Sociocultural

Nigel Cassimire

Speech speed

116 words per minute

Speech length

907 words

Speech time

466 seconds

Digital transformation in Caribbean postal services is not very advanced, contributing to lower cybersecurity implementation rates in the region

Explanation

Nigel explained that the Caribbean region’s postal digital transformation is happening within a broader context of government digitalization efforts, but progress has been limited. Traditional mail services are declining while courier services are growing, creating both challenges and opportunities for modernization.

Evidence

Description of Caribbean governments pursuing e-government services and e-commerce facilitation, traditional mail services declining while courier services increase, and competition from private delivery companies.

Major discussion point

Regional digital transformation challenges

Topics

Development | Infrastructure | Economic

Agreed with

– Kevin Hernandez
– Floreta Faber

Agreed on

Postal services are expanding beyond traditional mail to become multi-sector digital service providers

The Caribbean Telecommunications Union signed an MOU with UPU in 2023 to promote digital transformation and cybersecurity in Caribbean postal services

Explanation

Following discussions at the 2022 ITU Plenipotentiary Conference, the CTU and UPU formalized a partnership to enhance digital transformation quality in Caribbean postal services. The collaboration focuses on comprehensive assessments, secure domain adoption, and implementation of UPU digital initiatives.

Evidence

MOU signed in first half of 2023 between CTU Secretary General and UPU Director General, focusing on digital readiness assessments, .post domain adoption, and ConnectPost initiative implementation. Specific engagements with at least three member states and liaison with Caribbean Postal Union.

Major discussion point

International cooperation for postal cybersecurity

Topics

Cybersecurity | Development | Infrastructure

Agreed with

– Mats Lillesund
– Tracy Hackshaw
– Mayssam Sabra

Agreed on

International collaboration and partnerships are essential for strengthening postal cybersecurity

Floreta Faber

Speech speed

121 words per minute

Speech length

1265 words

Speech time

626 seconds

Albania experienced significant state-sponsored cyber attacks in 2022 affecting over 1,200 e-government services, leading to major cybersecurity reforms

Explanation

Floreta described how Albania, with over 95% of government services delivered online, faced a major state-sponsored cyber attack in mid-2022 that targeted all e-government services. This attack prompted comprehensive cybersecurity reforms including new legislation aligned with EU-NIST directive and sector-specific approaches.

Evidence

Albania has over 1,200 e-services and more than 95% of government services are delivered online. The 2022 attack led to new cybersecurity law in May (previous year) according to EU-NIST directive and multiple sub-laws based on European best practices.

Major discussion point

National cybersecurity crisis response

Topics

Cybersecurity | Legal and regulatory

Agreed with

– Kevin Hernandez
– Nigel Cassimire

Agreed on

Postal services are expanding beyond traditional mail to become multi-sector digital service providers

Over 15% of cyber attacks in Albania target the postal system, primarily through domain impersonation and phishing campaigns exploiting public trust

Explanation

Floreta presented data showing that postal services represent a significant target for cyber attackers in Albania, with over 15% of attacks attempting to exploit the trusted postal brand. These attacks focus on impersonation campaigns and fraudulent messaging that can erode public trust in essential services.

Evidence

Agreed with

– Kevin Hernandez

Agreed on

Human factors and training are crucial components of postal cybersecurity

Disagreed with

– Kevin Hernandez

Disagreed on

Approach to addressing human factors in cybersecurity

Mats Lillesund

Speech speed

97 words per minute

Speech length

429 words

Speech time

265 seconds

Norway faces similar global threat challenges including fraud campaigns using postal logos and more aggressive computer attacks

Explanation

Mats explained that despite Norway’s advanced cybersecurity posture, Norwegian Post faces the same global threat landscape as other major organizations. These include both fraud targeting citizens through postal brand impersonation and more sophisticated technical attacks, requiring comprehensive defensive measures.

Evidence

People in Norway are targeted for fraud using Posten logo and visual components in phishing campaigns, along with more aggressive computer attacks and vectors. PostenBring serves Nordic countries with 14,000 employees and has largest market share in Norway.

Major discussion point

Global nature of postal cyber threats

Topics

Cybersecurity | Cybercrime

Agreed with

– Mayssam Sabra
– Floreta Faber
– Tracy Hackshaw

Agreed on

Cyber threats targeting postal services are a global phenomenon affecting both developed and developing countries

Norway has developed a culture of openness regarding security incidents, with sector-specific cooperation models like Financial CERT demonstrating effective collaboration

Explanation

Mats highlighted Norway’s approach of transparency about cybersecurity incidents, with companies and governments openly discussing attacks in media and behind-the-scenes expert channels. The Financial CERT model, which has expanded from financial sector to Nordic countries, exemplifies how sector-specific collaboration can leverage shared knowledge and capabilities.

Evidence

Norway has very open society with openness about security incidents in media and behind-the-scenes expert discussions. Financial CERT grew from financial sector in Norway to Nordic countries, enabling banks and insurance companies to leverage each other’s capacities and knowledge for cyber issues.

Major discussion point

Collaborative cybersecurity culture

Topics

Cybersecurity | Economic

Agreed with

– Nigel Cassimire
– Tracy Hackshaw
– Mayssam Sabra

Agreed on

International collaboration and partnerships are essential for strengthening postal cybersecurity

Tracy Hackshaw

Speech speed

151 words per minute

Speech length

Sector-wide threat intelligence sharing

Topics

Cybersecurity | Infrastructure

Agreed with

– Nigel Cassimire
– Mats Lillesund
– Mayssam Sabra

Agreed on

International collaboration and partnerships are essential for strengthening postal cybersecurity

The postal supply chain involves diverse stakeholders including airlines, shipping companies, and delivery partners, all representing potential risk factors requiring collaborative security approaches

Explanation

In response to a question about external threats, Tracy emphasized that the postal sector’s extensive and diverse supply chain creates multiple potential attack vectors. The interconnected nature of postal operations, where tracking messages flow through networks touching multiple parties, requires a collaborative approach to security that extends beyond individual postal operators.

Evidence

When scanning a barcode, messages go through extensive networks with potential failure points at every stage. Supply chain includes delivery partners, airlines, shipping companies, and software systems that can be shared between parties, creating external risk factors.

Major discussion point

Supply chain cybersecurity risks

Topics

Cybersecurity | Economic | Infrastructure

Agreed with

– Mayssam Sabra
– Mats Lillesund
– Floreta Faber

Agreed on

Cyber threats targeting postal services are a global phenomenon affecting both developed and developing countries

Ihita Gangavarapu

Speech speed

188 words per minute

Speech length

204 words

Speech time

65 seconds

External threats including phishing kits impersonating postal services and compromised third-party vendors require attention beyond internal security measures

Explanation

Ihita raised the important point that while most cybersecurity focus in organizations tends to be on internal threats and vulnerabilities, the postal and logistics sector faces significant external threats that require dedicated attention. She questioned how the industry, particularly in resource-limited regions, can shift focus to address external risks alongside internal security measures.

Evidence

Reference to tracking external threats including phishing kits impersonating postal services, leaked credentials, and compromised third-party vendors. Observation that industry focus is usually on internal threats and solutions monitoring internal vulnerabilities.

Major discussion point

External vs internal threat focus

Topics

Cybersecurity | Network security

Mayssam Sabra

Speech speed

106 words per minute

Speech length

Global nature of postal cyber threats

Topics

Cybersecurity | Infrastructure

Agreed with

– Nigel Cassimire
– Mats Lillesund
– Tracy Hackshaw

Agreed on

International collaboration and partnerships are essential for strengthening postal cybersecurity

Agreements

Agreement points

Postal services are expanding beyond traditional mail to become multi-sector digital service providers

Speakers

– Kevin Hernandez
– Nigel Cassimire
– Floreta Faber

Digitalization requires upskilling postal staff in digital literacy, platform-specific training, and cyber hygiene practices rather than replacing jobs

The human layer remains the weakest link in cybersecurity, requiring both technical hardening and awareness raising among citizens and postal employees

Summary

Both speakers agree that addressing human vulnerabilities through comprehensive training and awareness programs is essential for postal cybersecurity, requiring investment in staff development and public education

Topics

Cybersecurity | Capacity development | Sociocultural

Cybersecurity | Infrastructure

Unexpected consensus

Arguments

The human layer remains the weakest link in cybersecurity, requiring both technical hardening and awareness raising among citizens and postal employees

Digitalization requires upskilling postal staff in digital literacy, platform-specific training, and cyber hygiene practices rather than replacing jobs

Summary

Floreta emphasizes that humans are the weakest cybersecurity link requiring broad awareness campaigns for both employees and citizens, while Kevin focuses specifically on upskilling postal staff for digital service delivery without addressing broader public awareness needs

Topics

Cybersecurity | Capacity development

Unexpected differences

Scope of stakeholder inclusion in cybersecurity initiatives

Speakers

– Tracy Hackshaw
– Ihita Gangavarapu

Arguments

External threats including phishing kits impersonating postal services and compromised third-party vendors require attention beyond internal security measures

Explanation

While both recognize external threats, Tracy focuses on including supply chain partners in collaborative security frameworks, while Ihita questions whether the focus should shift from internal to external threat monitoring, representing different philosophical approaches to threat management

Topics

Cybersecurity | Infrastructure

Overall assessment

Summary

The discussion showed remarkable consensus on the fundamental challenges facing postal cybersecurity, with disagreements primarily centered on implementation approaches rather than core problems. Speakers agreed on the need for improved cybersecurity, the importance of collaboration, and the global nature of threats, but differed on specific methodologies and scope of solutions.

Disagreement level

Low to moderate disagreement level with high strategic alignment. The disagreements were constructive and complementary rather than conflicting, suggesting that different approaches could be implemented simultaneously or in different contexts. This consensus-building discussion indicates strong potential for coordinated action in postal cybersecurity, with various stakeholders contributing different but compatible solutions to address the sector’s cybersecurity challenges.

Partial agreements

Similar viewpoints

Both speakers view postal services as critical infrastructure for digital inclusion, particularly for underserved populations, and emphasize the need for secure, accessible digital solutions tailored to resource-constrained environments

Speakers

– Kevin Hernandez
– Tracy Hackshaw

Arguments

Posts can serve as human-touch access points for digital services, particularly valuable for less connected users in rural areas

Topics

Development | Infrastructure | Cybersecurity

Both speakers identify significant regional disparities in cybersecurity preparedness, with developing regions facing the greatest challenges and requiring targeted support and intervention

Speakers

– Kevin Hernandez
– Mayssam Sabra

Arguments

Developing regions, particularly Latin America and the Caribbean, Asia Pacific, and Africa, show the lowest implementation rates of cybersecurity best practices

There is an urgent need for enhanced cyber resilience in postal services, particularly in certain regions like the Caribbean where cybersecurity implementation rates are low

Topics

Cybersecurity | Development

Both speakers advocate for proactive, collaborative approaches to cybersecurity that involve real-time monitoring, information sharing, and coordinated response mechanisms between postal operators and cybersecurity authorities

Speakers

– Floreta Faber
– Tracy Hackshaw

Arguments

Albania has implemented joint incident response simulations and real-time monitoring partnerships between the National Cybersecurity Authority and Albanian Post Office

A postal sector Information Sharing and Analysis Center (ISAC) is being developed to enable secure collaboration and threat intelligence sharing among posts and stakeholders

Topics

Cybersecurity | Infrastructure

Takeaways

Key takeaways

The postal sector faces significant cybersecurity challenges with only basic practices like secure websites implemented by two-thirds of posts globally

Developing regions (Latin America/Caribbean, Asia Pacific, Africa) show the lowest cybersecurity implementation rates and are most vulnerable to attacks

Posts are rapidly expanding digital services beyond traditional mail, offering e-commerce, digital financial services, and e-government services, creating new attack vectors

Cybersecurity budgets are not keeping pace with increased workloads – less than half of posts increased budgets despite 70% experiencing higher cybersecurity demands

Human factors remain the weakest link in cybersecurity, requiring both technical solutions and comprehensive awareness training for staff and citizens

Collaboration between postal operators, national authorities, and international organizations is essential for effective cybersecurity resilience

Posts serve as critical infrastructure and trusted community hubs, making them attractive targets for cybercriminals seeking to exploit public trust

Resolutions and action items

UPU to continue rolling out the .post domain initiative to provide secure digital identity for postal operators

Implementation of the postal sector Information Sharing and Analysis Center (ISAC) to enable secure threat intelligence sharing

Expansion of the secure.post platform to include comprehensive cybersecurity testing and learning resources

Caribbean Telecommunications Union to continue implementing UPU digital readiness assessments in member states through their 2023 MOU

Albania to continue joint incident response simulations and real-time monitoring partnerships between national cybersecurity authority and postal services

UPU to provide special funding packages for small island developing states and least developed countries to support secure digital transformation

Continued upskilling of postal staff in digital literacy, platform-specific training, and cyber hygiene practices

Unresolved issues

How to effectively balance internal versus external threat monitoring with limited resources in developing regions

Specific mechanisms for scaling cybersecurity budget allocations to match increasing workloads across all postal operators

Detailed implementation timelines for the postal ISAC and how to ensure participation from diverse stakeholders across the supply chain

Standardization of cybersecurity practices across different regional postal unions and national postal operators

Integration of physical infrastructure resilience with digital transformation initiatives

Specific metrics and benchmarks for measuring cybersecurity improvement across the global postal network

Suggested compromises

Posts positioned as human-touch access points for digital services rather than fully automated systems, balancing efficiency with accessibility for less connected users

Phased implementation of cybersecurity measures starting with basic practices before advancing to more sophisticated solutions

This comment articulated a clear vision for the future role of postal services in the digital economy, emphasizing their unique position as trusted intermediaries that can bridge the digital divide through human-assisted digital service delivery.

Impact

This vision statement helped crystallize the discussion around why postal cybersecurity matters strategically. It provided a framework for understanding posts not as declining institutions but as evolving digital inclusion platforms that require protection.

Overall assessment

Explanation

Kevin’s research showed that cybersecurity budgets are not keeping up with workloads, especially in developing regions, but sustainable funding models and budget allocation strategies need further research and development.