Uncategorized

Summary

This IGF session focused on presenting an award to the first telecom operator providing affordable access for education, health, and empowerment, with particular emphasis on connectivity challenges in sub-Saharan Africa. Josef Noll opened the discussion by highlighting that while 75% of people in sub-Saharan Africa remain unconnected, the coverage gap is only 15%, but the usage gap is a significant 59%, indicating that many people have access to mobile broadband but don’t use it.

Claire Sibthorpe from GSMA Mobile for Development explained that the biggest barriers to mobile technology adoption include lack of affordability, digital literacy and skills, relevant content and services, and safety concerns. She emphasized that unconnected populations are disproportionately rural women, poor communities, those with lower education, and persons with disabilities. Sudhir Dixit from IEEE discussed the organization’s Rural Communication Standards Activities Program, which evaluates proposals for rural broadband infrastructure standards, noting that standards are crucial for manufacturers to justify investment in products.

George Pereira from the EU Commission outlined Europe’s 5G action plan and digital compass initiatives, including 5G corridors for cross-border connectivity and 5G communities focusing on strategic development entities like schools and hospitals. Representatives from Tanzania and Ethiopia described their respective connectivity challenges, with Tanzania experiencing significant infrastructure investment costs and Ethiopia facing similar rural connectivity issues requiring multi-stakeholder approaches.

The session concluded with Vodacom Tanzania Foundation receiving recognition for their work connecting over 250 schools across Tanzania at approximately $22 per school for unlimited 10 Mbps connectivity. This initiative demonstrates how public-private partnerships and community-driven approaches can successfully bridge the digital divide in underserved areas.

Keypoints

## Major Discussion Points:

– **The Digital Divide Challenge**: The session highlighted the significant connectivity gap in Sub-Saharan Africa, where 75% of people remain unconnected. While the coverage gap is relatively small at 15%, the usage gap is much larger at 59%, indicating that many people have potential access to mobile broadband but don’t use it due to barriers like affordability, digital literacy, and lack of relevant content.

– **Multi-stakeholder Collaboration for Connectivity**: The discussion emphasized the critical importance of partnerships between various organizations (GSMA, IEEE, EU Commission, Internet Society, telecom operators, universities, and development agencies) to address connectivity challenges. The collaborative approach involves connecting schools and communities through research networks and community learning labs.

– **Standards and Infrastructure Development**: IEEE’s role in developing rural communication standards was highlighted, including the Rural Communication Standards Activities Program that evaluates proposals for new standards. The discussion covered how standards are essential for manufacturers to build products at scale and for successful infrastructure deployment.

– **Policy Frameworks and Investment Challenges**: Speakers addressed the need for supportive policy environments, including tax breaks, universal service funds, and public-private partnerships. The high cost of infrastructure investment, particularly in rural areas where return on investment is challenging, was identified as a major barrier requiring innovative financing models.

– **Practical Success Stories and Scalability**: The session showcased Vodacom Tanzania’s achievement in connecting 250 schools at an affordable rate of $22 for unlimited 10 Mbps connectivity, demonstrating that affordable access is possible. The discussion emphasized the need for digital literacy training, local ownership, and community engagement for sustainable scaling.

## Overall Purpose:

The discussion aimed to present an award to the first telecom operator providing affordable access for education, health, and empowerment, while exploring strategies and collaborative approaches to bridge the digital divide in Africa. The session sought to share best practices, identify challenges, and promote partnerships that can scale affordable connectivity solutions.

## Overall Tone:

The discussion maintained a consistently positive and collaborative tone throughout. Speakers were enthusiastic about partnerships and shared achievements, while also being realistic about challenges. The tone was professional yet optimistic, with participants expressing genuine commitment to addressing digital inequality. The atmosphere remained constructive and solution-focused, with speakers building on each other’s points and emphasizing the importance of working together to achieve meaningful connectivity for underserved communities.

Speakers

– **Josef Noll** – Session moderator, works with Basic Internet Foundation on school connectivity projects

– **Clair Sibthorpe** – Co-founder of M4D (Mobile for Development), works on digital inclusion and gender in the mobile development department at GSMA

– **Sudhir Dixit** – IEEE Connecting the Unconnected, works on standardization of technologies for rural communication at IEEE Standards Association

– **Josh Perrera** – EU Commission, responsible for DG Connect, 5G, 6G connectivity initiatives

– **Nazar Nicholas** – Dr. Nazar Nicholas Kirama, works for Internet Society, Community Networks Champion in Tanzania

– **Asrat Mulatu** – Internet Society Ethiopia

– **Asim Adeel** – Program coordinator at GIZ (German Development Corporation), works on digital solutions and infrastructure

– **Suveina Farah** – Vodacom Foundation Tanzania, guest of honor

– **Catherine Kimbambo** – Online moderator, works with African Child Program

– **Audience** – Barack Cotiano, chairs the association of community networks in Kenya, partners with Basic Internet Foundation

**Additional speakers:**

– **Claire Sittop** – GSMA Mobile for Development (mentioned in introduction but appears to be the same person as Clair Sibthorpe)

– **George Pereira** – EU Commission responsible for DG Connect, 5G, 6G (mentioned in introduction, appears to be the same person as Josh Perrera)

– **Nicholas Nazar** – Internet Society Tanzania (mentioned in introduction, appears to be the same person as Nazar Nicholas)

– **Jonathan Moringani** – Basic Internet Foundation, rapporteur (mentioned in introduction but did not speak)

– **n.n. from GIZ** – Representative from GIZ (mentioned in introduction, appears to be Asim Adeel)

# Comprehensive Summary: IGF Session on Affordable Access for Education, Health, and Empowerment

## Introduction and Context

This Internet Governance Forum (IGF) session 2-3, moderated by Josef Noll from the Basic Internet Foundation, was specifically focused on presenting an award to the first telecom operator providing affordable access for education, health, and empowerment. The discussion brought together representatives from major international organisations, including GSMA, IEEE, the EU Commission, Internet Society, and various development agencies, to address connectivity challenges in sub-Saharan Africa and explore collaborative solutions for bridging the digital divide.

Catherine Kimambo served as online moderator and Jonathan Moringani as rapporteur for the session, which maintained a collaborative and celebratory tone throughout as participants shared experiences and recognised concrete achievements in connectivity provision.

The session opened with a stark statistic that framed the entire discussion: whilst 75% of people in sub-Saharan Africa remain unconnected, the coverage gap represents only 15% of the population, whilst the usage gap accounts for a significant 59%. This fundamental insight established that the primary challenge is not merely about building infrastructure, but rather about enabling people to use existing connectivity options effectively.

## The Digital Divide: Understanding the Usage Gap

Josef Noll’s opening remarks highlighted the critical distinction between coverage and usage gaps, explaining his methodology of working with universities to build research and education networks, enabling universities to connect, getting students to connect schools, and building community learning and living labs. He mentioned achieving coverage of “20 to 25 kilometre” through this approach.

Claire Sibthorpe from GSMA Mobile for Development expanded on this theme, explaining that the biggest barriers to mobile technology adoption include lack of affordability, digital literacy and skills, relevant content and services, and safety concerns. She emphasised that unconnected populations are disproportionately rural women, poor communities, those with lower education levels, and persons with disabilities.

## Standards and Technology Development

Sudhir Dixit from IEEE brought a crucial perspective on the role of standardisation in scaling connectivity solutions. He outlined IEEE’s Rural Communication Standards Activities Program, which evaluates proposals for rural broadband infrastructure standards. His key insight was that “without standards, no manufacturer will build products because they are looking for volume to justify investment in any manufacturing process.”

Dixit explained that out of 15 proposals received, only one was selected for standardisation – the P1962 project focusing on utilising solar panels as optical communication receivers for rural broadband infrastructure, with a kickoff meeting scheduled for 1st of July 2025.

## European Connectivity Initiatives

George Pereira from the EU Commission outlined Europe’s comprehensive approach to connectivity through the 5G action plan launched in 2016 and the digital compass initiative from 2021, which targets 5G coverage everywhere by 2030. He described two key components: 5G corridors for cross-border connectivity and 5G communities focusing on strategic development entities such as schools, hospitals, and emergency services.

Pereira acknowledged that whilst Europe has made significant progress in urban connectivity, “the challenge remains in return on investment for sparsely populated rural areas.” The European approach of focusing on anchor institutions like schools and hospitals as connectivity hubs offered a strategic framework that resonated with other speakers’ experiences in African contexts.

## African Perspectives: Tanzania and Ethiopia

Nazar Nicholas from Internet Society Tanzania painted a vivid picture of the connectivity landscape, explaining that “as you move maybe like 15, 20, 30 kilometres away from the commercial capital, you start experiencing, instead of 5G, you start experiencing 3G, 2G and sometimes no G.”

Nicholas highlighted that infrastructure costs are extremely high, making investment difficult for telecom operators in rural areas. However, he also noted positive developments, including Tanzania’s regulatory frameworks that accept smaller operators and the digital economy framework for 2024-2034, which recognises the importance of rural connectivity.

Asrat Mulatu from Internet Society Ethiopia described similar challenges, noting that most of Ethiopia’s population lives in rural areas facing under-connectivity issues. He emphasised the need for a multi-stakeholder approach that aligns policies, showcases impact, and mobilises mixed funding mechanisms. The Ethiopian Communications Authority is creating supportive policies including tax breaks, universal service funds, and public-private partnerships.

## The Success Story: Vodacom Tanzania Foundation

The session’s centrepiece was the recognition of Vodacom Tanzania Foundation’s achievement in connecting over 250 schools across Tanzania. Suveina Farah, representing the foundation, provided specific details about their success: connecting schools at a cost of 60,000 Tanzanian shillings (approximately $22) for unlimited 10 Mbps connectivity.

Farah explained that the foundation, with its 20-year history and impact on 10 million lives, provided comprehensive support including ICT hardware, computer labs, tablets, and routers. The initiative involved deploying 700 towers in rural areas through the Digital Tanzania Project and zero-rating the Tanzania Institute of Education platform with 184 centers.

However, Farah also acknowledged ongoing challenges, including significant hurdles with energy and power in rural areas, accessible roads for tower maintenance, and low smartphone penetration that limits usage despite improved access. The foundation’s response included shifting focus to digital skills and teacher training to address gaps in digital literacy.

## Community Networks and Development Perspectives

Barack Cotiano, representing the association of community networks in Kenya, brought important insights about evidence-based research and community-driven approaches. He emphasised that “evidence-based research is key” and noted that approximately 70% of sub-Saharan Africa lacks meaningful access and still uses 2G technology whilst the Global North has moved beyond 2G.

Asim Adeel from GIZ (German Development Corporation) outlined his organisation’s approach to supporting digital solutions, emphasising principles of local ownership, scalability, gender inclusion, and cross-sector partnerships. This development perspective reinforced the importance of community-driven approaches and highlighted the need to address gender disparities in digital access.

## Key Themes and Approaches

Throughout the discussion, several important themes emerged:

**Multi-stakeholder Collaboration**: Speakers consistently emphasised the importance of partnerships between governments, private sector, civil society, and communities. The success of the Tanzania initiative demonstrated how telecommunications operators, educational institutions, government agencies, and development organisations can work together effectively.

**Digital Literacy and Capacity Building**: Multiple speakers agreed that providing connectivity infrastructure alone is insufficient. Suveina Farah’s description of Vodacom Foundation’s shift towards digital skills and teacher training exemplified the understanding that capacity building must accompany infrastructure development.

**Rural Connectivity Challenges**: Speakers consistently identified rural areas as facing the greatest connectivity challenges due to infrastructure limitations, investment barriers, and geographic obstacles. The high cost of infrastructure investment, particularly in areas where return on investment is uncertain, emerged as a persistent barrier requiring innovative financing models.

**Anchor Institution Strategy**: The focus on schools, hospitals, and emergency services as anchor points for connectivity initiatives provided a strategic framework that appeared across multiple speakers’ presentations, from the EU’s approach to the Tanzania success story.

## Practical Implementation and Innovation

The discussion provided concrete evidence of successful implementation through specific metrics and approaches. The Vodacom Tanzania Foundation’s model offered a tangible benchmark – 250 schools connected at $22 per school for 10 Mbps unlimited data – demonstrating that affordable connectivity is achievable at scale.

The session also touched on innovative technical approaches, including the IEEE project on utilising solar panels as optical communication receivers, which addresses both connectivity and power challenges simultaneously. The emphasis on evidence-based research and measurement tools demonstrated the importance of systematic approaches to identifying connectivity gaps and measuring impact.

## Award Recognition and Symbolic Importance

The session concluded with the symbolic presentation of an award to Vodacom Tanzania Foundation, recognising their achievement as the first telecom operator to provide affordable access for education, health, and empowerment at scale. Catherine Kimambo was designated to hand-carry the award to Tanzania, emphasising the personal and collaborative nature of the recognition.

This award presentation served multiple purposes: acknowledging concrete achievement, providing a model for other operators to emulate, and creating momentum for similar initiatives across the region. The recognition highlighted the importance of celebrating success and peer learning in scaling effective approaches.

## Conclusion

This IGF session successfully demonstrated that affordable connectivity for education, health, and empowerment is achievable through collaborative approaches that address multiple dimensions of the digital divide simultaneously. The Vodacom Tanzania Foundation’s success in connecting 250 schools at $22 per school provided concrete evidence that innovative partnerships and creative approaches can overcome traditional barriers to rural connectivity.

The session’s collaborative tone and focus on practical solutions highlighted the importance of multi-stakeholder partnerships, evidence-based approaches, and comprehensive strategies that address infrastructure, affordability, digital literacy, and capacity building together. The recognition of Vodacom Tanzania Foundation serves not only as acknowledgement of their achievement but also as encouragement for other organisations to pursue similar initiatives.

The discussion demonstrated that while challenges remain – including rural infrastructure costs, device affordability, and digital literacy gaps – successful models exist and can provide blueprints for scaling affordable connectivity initiatives across sub-Saharan Africa and beyond.

Josef Noll: Good morning everyone and welcome to the IGF session 2-3 on the award for the first telecom operator, for the first operator giving us affordable access for education, health and empowerment. And I’m very, very glad to have with me Claire Sittop from the GSMA Mobile for Development, Sudhir Dixit from the IEEE Connecting the Unconnected, George Pereira from the EU Commission responsible for DG Connect, 5G, 6G and whatever is coming up, Nicholas Nazar from the Internet Society in Tanzania, Asrat Mulatu from the Internet Society in Ethiopia, Suveina Farah, our guest of honour from the Vodacom Foundation in Tanzania and n.n. from the GIZ. Our online moderator is Catherine Kimambo here on my side and our rapporteur is Jonathan Moringani from the Basic Internet Foundation. So the way we organise the session is that we see that connectivity is still the challenge number one. What we’ve done in the past is, sorry next slide please, we have the collaboration with GSMA to actually address the challenge of Africa, South of Sahara, 75% of people basically being unconnected and out of that the coverage gap is rather small, 15%, but the usage gap is a lot, lot bigger, 59%. 59% don’t use these. and others. We have a lot of people who are interested in using the mobile broadband, though they would have the chance to use it. And that has been the question for us, what can we do in the future? And based on the experience of having connected 250 schools, next slide, we follow an approach of where we say, we work together with universities and universities, we build a research and education network, enable universities to connect, and get our students to go out to connect schools, and together with the operators, we then build, connect the schools, and build the community learning and living labs. These are basically the takeaways, and with the next slide, I then just show you the practical story, some of our mobiles are interfering, sorry for that, how we work with the community. And you see, like, Catherine, with one of our installations at the schools, reaching 20 to 25 kilometre. Without any further delay, I will then open up the floor for Claire, our collaboration partner at GSMA, please, Claire, can you tell us a bit more about M4D and the things you are doing?

Clair Sibthorpe: So, I’m Claire, and I’m the co-founder of M4D, and I think you can tell us a bit more about M4D and the things you are doing. Inclusion, and gender in the mobile development department at GSMA, and we are very much looking at trying how we can help with three primary things, so that people, almost all folks that they work with have access to mobile technology to meet their life needs, and as you highlighted, there is a coverage gap and also a big usage gap and in our research we are seeing that the biggest challenge is in terms of being able to use it, is lack of affordable, affordable technologies. Thank you very much for joining us for this session on Internet of Things. We’ve heard a lot about digital handsets and devices, literacy and skills, but there’s also issues around lack of relevant content and services, safety and security concerns. And so I think, you know, taking a holistic approach to both improving affordability skills, improving safety and security and ensuring relevant content is really needed that there is a not-be-left-behind in this, you know, our increasingly digital world. So I think the sort of collaboration, the kind of collaboration that you’ve been doing and talking about is absolutely critical if we’re going to address this sort of multitude of issues. And those who are unconnected are disproportionately rural women, poor communities, lower education and persons with disabilities. So we really need to be focusing on specifically these segments if we’re going to ensure that they’re not being left behind. So thank you very much for the partnership and for the initiative that you’re doing.

Josef Noll: Oh, thanks so much, Claire. That was a short, fantastic introduction. And so without any further delay, Sudhir Dixit from the IEEE Connecting the Unconnected. Can you give us the pathway from standards? What is IEEE helping us to connect every single human on this earth?

Sudhir Dixit: Thank you very much, Joseph. Good morning to all of you. My name is Sudhir Dixit. I don’t have much time. So basically I’d like to talk about what IEEE is doing as far as the standardization of technologies for rural communication is concerned. So some of you may know that IEEE is a member-driven organization which has about half a million members around the world. IEEE stands for Institute of Electrical and Electronics Engineers. It has many different divisions, and one of the divisions is Standards Association. And in the Standards Association, there is an organization called New Standards Committee. So any new standards that people would like to propose, they come to this committee. And in this committee, there is something called Rapid Reaction Standardization Activities Process, whereby every idea that is submitted, it gets considered in a very short time, and it goes to project authorization request phase, where it goes into the study group to be made standard. So what happens is that there is something called Rural Communication Standards Activities Program within this New Standards Committee. So all the proposals that come here, they get considered, as I said before. And there are four goals of this Rural Communication Interconnect Program. One of them is to study socioeconomic and regulatory issues related to rural broadband. The other one is to study existing rural broadband infrastructure. Third one is to study normal broadband architecture from 6G perspective. And fourth is to propose new standards. So just to give an example, this is a new body within the New Standards Committee. About a year ago, we had 15 proposals that were considered by Rural Communication Standards Activities Committee. Out of those 15, which came from around the world, five of them, they never showed up during the meeting. So 10 were evaluated, and they were discussed. and out of those ten, one was selected to move forward, to project authorization phase. And out of that, and that was made into a project that is called P1962 project. So this is the only project that is going forward for standardization within the… As far as the rural broadband infrastructure, by utilizing solar panels as optical communication receivers. So the idea is that people have these solar panels at home, and they will act like receivers of optical signals directly wherever they may be coming from. So that has been considered to go forward for standardization by the IEEE Standards Committee. And that was approved only recently, about a month ago. And the kickoff meeting of this study group is going to take place on 1st of July 2025. So in summary, what I would like to say is that anybody as an individual or an organization is free to submit their idea or a proposal for potential standardization to be called a standard by IEEE. And I would also like to mention that many of us think that technology is the success, but that is really not true. to be successful, you need to have the technology of course, you need to know what the user needs are, what the market needs are, and there have to be standards in place. Without standards, no manufacturer will build products because they are looking for volume to justify investment in any manufacturing process. So standards are a very important part of the overall process to have an infrastructure that will be deployed at a larger scale. So with that, I’ll stop here.

Josef Noll: Thank you so much, Sudhir, and of course, without standards, we wouldn’t have Wi-Fi, we wouldn’t have connectivity, we wouldn’t be anywhere. So from that one, I give the floor over to Xoxo Pereira. Xoxo, you are driving with 5G, 6G connectivity all around Europe and the world. Give us your take on connecting the unconnected.

Josh Perrera: Good morning, everyone. My apologies for not being there. Thanks, Josef, for the kind invitation. I don’t know if I have time to present my slides, but indeed, as Josef has mentioned, we have been for a long time trying to provide an ensure coverage for all in Europe. This is not easy, and this is not straightforward, because as it was already mentioned by Sudhir, the issue is that there are market interests that make it that return on investment is not guaranteed, namely for the rural areas that Sudhir mentioned. So in the context of our programs, we have defined, first of all, the so-called 5G action plan. that aimed at providing access to everyone, everywhere, not only in the major cities, but also across the major transport paths in Europe. And this was done already in 2016. This was later expanded in the digital compass of 2021 to make sure that there would be effectively 5G everywhere by 2030. So this is now much more precise, and a taxing objective. But it’s not only the issue of coverage. It’s also the types of services that people will be able to receive. We have addressed this in two main areas. In order to cover the main transport paths in Europe, we have launched an activity called 5G corridors for cross-border connectivity, because it is important that the fact that you move from one country to the other, that you do not lose services. And especially for those people living near the borders, this is a major issue. And the other activity is centers around the so-called 5G communities. This started initially as the so-called project Wi-Fi for All, which provided grants for remote communities to be able to provide service to the local community, focusing around the so-called strategic development entities, which are schools, hospitals, but also the firefighters, the police, ambulances, libraries. So this type of community… community services are the main targets of these 5G communities. So, we went from Wi-Fi for all to 5G for all in these communities. And this represents a significant investment that is still going on with the objective of providing gigabit connectivity for all households in Europe, which is a big undertaking. All means really covering not only the major conurbations, but even all remote outlets across rural areas. And the second one is to ensure this delivery of advanced services. And it’s not only education and health, but it’s also safety, public protection and these activities that are again mostly in rural areas that have to do with smart agriculture. The objective being of really promoting these advanced services and addressing the digital divide to make sure that people can really have the full benefits of this connectivity. There are still many challenges ahead. It’s not only ensuring proper coverage, as I said, return on investment. It does not make this attractive for these sparsely populated areas. But really providing these advanced services to these smaller communities is again a challenge. So, what are the costs? Who is going to cover this? All of this makes it difficult. But one major, I would say, and critical aspect is the actual involvement of communities. Because what I mentioned before, the 5G corridors and the 5G communities, usually involve municipalities to provide these services, to provide the connectivity in the last mile. But in many areas, if you’re talking about an isolated farm or things like this, we are not talking about municipalities. How can the community, how can the individuals really get involved in all of this and have the full benefits? With this, I give the floor back to Josef. Thanks.

Josef Noll: Thanks, George, for the insights of the 5G for all and the community driven. And I think that brings us directly over to you, Nazar, right? Because Tanzania is community driven. What is your take?

Nazar Nicholas: Thank you, Josef, for the opportunity to speak today. My name is Dr. Nazar Nicholas Kirama and I currently work for the Internet Society. And I am also the Community Networks Champion, advocating for connectivity in Tanzania. I think one of the things that we need to realize is that there is an issue of investment for the shareholders and also there is an issue of digital divide in rural and urban Tanzania. And the number of telecom dark areas in Tanzania is still very high because of the issues of investment on infrastructure. And this exacerbates the number of people who are still not… and a lot of people who are here are connected to the Internet. And the reality on the ground is, for example, if you are in Dar es Salaam, the commercial city of Tanzania, as you move maybe like 15, 20, 30 kilometers away from the commercial capital, you start experiencing, instead of 5G, you start experiencing 3G, 2G and sometimes no G. And the issue is about really, like I’ve said, is about the cost of investment. The infrastructure is very high. There is an issue of also even in those areas where people are connected, the Internet is still very unreliable. And also we have another issue in there of digital literacy. We have to really understand that the infrastructure is very expensive. Much as we would like the telecom operators to be everywhere, the issue is really investment in infrastructure. I wanted to highlight one of the impacts that we have been working together with Joseph and Basic Internet Foundation to connect. We are able to connect schools using a very simple basic equipment. And the appeal is for those who believe in a holistic approach to the Africa digital. thank you very much.

Josef Noll: Oh, thanks so much, Nassar. And I think the views that you had from Tanzania, that is the views which might be slightly different in Ethiopia. So, Azrat, could you tell us what the situation is in Ethiopia?

Asrat Mulatu: Okay, good morning, everyone. And thank you, Joseph, for inviting me and raising this very critical question. So, the issue of this, you know, attracting and scaling up stakeholders’ involvement in providing affordable connectivity for schools, health stations, and communities needing a multi-point strategy, because that’s very critical. So, because everyone has its own interest. So, one of the key points would be, you know, policy initiatives and regulatory frameworks. So, in Ethiopia, the Ethiopian Communications Authority, ECA, is, you know, creating these policies, like through tax breaks, universal service fund, which they are already finalizing the framework, and the public-private partnerships, which are very critical. So, this could have, you know, give a sales connectivity business case for ICBC and other stakeholders. Beside that, the second critical point is, we have to demonstrate, you know, projects and pilots in these underserved areas. as a proof of concept so that they can see tangible social impacts, which is another very critical point. From the third point, we can have some kind of financial models, blended financial models, that can de-risk investments for ISPs and other multi-stakeholder interest groups can chip in as we go. The other one is very important, local ownership and demand generation. We have to engage local administrations, school admins and community associations early in the process so that we have local buy-ins and sustainability, which is very important. In the long term, it will bring new demands for services as they enjoy the different aspects of it. Then, maybe the last point, we can have data-driven advocacy, because one of the problems I have seen in Ethiopia is lack of awareness of what such initiatives could bring to the local community in several areas. We have to demonstrate the reason for investment, which is very important, and what kind of social value of connectivity it can bring. This needs evidence-based arguments, empirical evidence, so that we can build political confidence, which is one of the challenges here in Ethiopia. The other one is to build financial momentum so that we can expand the pilot to other places. As a summary, this issue is very critical, especially in Ethiopia. We are under-connected in many places. Only connectivity is in rural areas. That is the biggest challenge in Ethiopia. Much of the population is not living in urban areas, unfortunately. This needs to scale up. with a stakeholder approach, aligning policies, showcasing impact, and mobilizing mixed funding mechanisms so that we can build grassroots ownership along the way. So, Ethiopia is growing in digital momentum, as you can see, in many aspects, so this might, you know, piggyback on these advancements and efforts so that smart inclusive engagement is brought. So, these are the facts in Ethiopia. Thank you, Josef.

Josef Noll: Thank you so much, Asrat. And we talked so much about digital public infrastructures here at the IGF, and of course, Asim, you from GIZ, you are heavily involved in all these discussions on policies. Could you give us your contribution or your take from the GIZ in this area of connectivity and infrastructures and so on? Thank you, Josef. And first of all, thank you

Asim Adeel: for having me on this panel. And you know that I’m a fan of your work. I totally believe that access to quality education and healthcare is not only a privilege, but it’s kind of a fundamental right. It’s a fundamental human right. Yet, across many parts of the world, we totally see that, and especially in Africa, these essential services still remain out of the reach of millions of people due to the high costs, infrastructure gaps, and geographic barriers. This is where the concept of affordable access for education and health becomes crucial. It really focuses on breaking down these barriers by leveraging inclusive, low-cost solutions. Yes, at the forefront of GIZ, the German Development Corporation, which is supporting our partners’ countries to harness Championships in Digital Culture. Hello everybody, again I’m Inayat Olaby. I’m program coordinator at G Motor media-technology. I will be conveying Martin malt Some media technologies such as digital solutions, such as those are covered with the offices to provide access to communities and our major platform which is already providing services for millions global We have learned to apply for to the multilanguage fixtures which aligned with the local needs and national standards. not only this, but in healthcare, sports for eHealth and mHealth including mobile apps and digital partnership that also advances on the to building cross-border digital infrastructure that supports not just health but also broader digital solutions. are very essential for GIZ work. and sport ministries of education and learning into national strategies. ensure not just innovation, but Also in general to interoperability as part of our rise in climate change. These collaborations ensure not just with the national policies. program to cofinally with private sectors for the innovations that promote affordable access to essential services. I’m sorry, my throat is a little bit dry, so I will keep drinking. For example, the startups and companies receive support to develop scalable solutions under this DEVELOPPP program. GIZ’s work is guided with a couple of principles, which are some of them I would like to highlight. Let’s say the local ownership. We totally believe that the programs are co-designed and with the local governments and communities for long-term impact. And other of the things which we really consider is scalability. That the initiatives start small, but are designed for the national and regional scale-up. Gender inclusion, a special focus for the women and the young for the marginalized groups. Cross-sector partnership, like with the civil society, startups, as well as with the multilateral cooperation. With these examples, I would just like to conclude here my discussion and I would say that the affordable access for education and health is more than a development objective. It is a commitment to dignity, equity and opportunity. With digital tools, strong partnerships and community-driven solutions, GIZ is really helping to ensure that no one is really left behind. Thank you.

Josef Noll: Thank you so much, Asim. Your commitment to dignity and the point out to the opportunities. Sveina, we worked together for the last, I don’t know, three, four, five years, and we went through many downgrades, but at the end of the day, I see really the highlights. So I’m very pleased to have you as the guest event owner. We didn’t get you over here yet, but we’ll do it symbolically afterwards. So please tell us about the journey and your commitment from Vodacom Tanzania to launch the Affordable Access. Thank you so much, Josef, and thank you for

Suveina Farah: having me. It’s unfortunate that I couldn’t be there with everyone in Norway, but happy to be able to join online. That’s the power of technology nowadays. But in a nutshell, I just wanted to highlight with regards to our work as Vodacom Tanzania Foundation. First and foremost, we believe in the power of partnerships, and that in itself speaks volumes of what we have been able to do for the last 20 years. This year, the foundation turns 20 years, and we’ve been able to improve more than 10 lives across health, education, as well as economic empowerment. And this is purely because we believe in the power of technology and connecting people to a better future. But if I may, I’d like to touch on some of the work that we’ve worked on when it comes to affordable access, as well as connectivity in the education sector. In the past, we’ve been able to provide and connect more than 250 schools across Tanzania, providing ICT hardware, building computer labs, as well as tablets and routers, so that the schools can be connected to the internet, but also they can access thousands of materials and resources for the students and educators, as well as provide affordable and reliable internet to them all. This has enabled access to digital learning materials and platforms that have improved education outcomes. Our recent impact assessment shows that there has been considerable improvement, significant improvement in educational outcomes in the schools that we work with. have supported. But over and beyond that, we’ve also understood that there are gaps, and most of them are a result of digital literacy, specifically on the teacher training side of things. And the last two years, we’ve shifted our focus towards the digital skills and empowering teachers with the right skills and literacy and learning tools to be able to serve the students, but also further communicate to the communities on the importance of that. We’ve expanded school connectivity to underserved and rural areas, and this is through partnership with the likes of our Universal Communication Service Access Fund, as well as the World Bank and the government of Tanzania through the private partnership program that we do have, sorry, public-private partnerships program that we do have called Digital Tanzania Project. And that’s, in the last three years, all telecom operators have been able to deploy more than 700 towers in rural areas to connect. We’ve gone over and above what we have committed, but also we are embarking on a mission to upgrade our network to 4G coverage to ensure that what Dr. Nazar had mentioned, that when someone has 5G coverage in the city, how do we also make sure that or ensure that someone in the rural area has the same access, and not necessarily maybe 5G, but at least 4G and not 2G anymore. We’ve collaborated with many partners, Catherine sitting on the panel there with African Child Program, but as well as recent, we’ve signed a memorandum of understanding with the Tanzania Institute of Education to zero rate their platform, which is a platform that provides resources to teachers in 184 centers. But we’ve also connected all those learning centers to ensure that they do get timely updates on their platforms, as well as scaling affordable internet solutions and maintaining the infrastructure there. Our purpose in general is to drive the digital divide in education and to bridge the digital divide in education and this we do it by ensuring that every student and teacher has the tools and connectivity they need to thrive in a digital world but to also advance Tanzania’s vision of inclusive technology enabled learning for all. On investments on infrastructure with Tanzania as a country, I believe we have been making many strides over the past years. If I look back 10 years to where we are today, there has been significant investment on infrastructure. There are still significant hurdles that we need to cross over everything from energy and power in rural areas all the way to accessible roads so that these infrastructures, these towers can be maintained and ensure that we provide the connectivity that is needed to the citizens and to the public in those areas. But digital literacy has been at the core of what we do and we see significant improvements with regards to the programs that we run. And last but not least, affordability of devices. I believe there’s quite a lot of interventions that we can put in place as telecom operators but as well as government. While there is, where we do enable access, usage is still very low and this is because of the small percentage with regards to smartphone penetration. And nowadays, through smartphones, they can access resources and would also drive further the improvement of educational outcomes but also access to different facilities from multiple sectors. Last but not least, I’d just like to conclude by thanking Joseph and everyone in the room and also insisting that partnerships are key if we want to see the digital world or a thriving digital world that we want in place. Thank you very much, Joseph.

Josef Noll: Thanks, Sevena. And of course, it’s a bit difficult, but we want to really acknowledge the partnership which you brought across. And for this partnership, we have Sudhir from IEEE, we have Claire and Ruth from GSMA, we have Shosh from the EU Commission, and us, and we’d love to symbolically give you this one over to Catherine, who will carry it, hand carry it, to Tanzania. So congratulations to the award. And I hope that your inspiration which you are giving to us here in the room for connecting the 250 schools at a price down to 60,000 Tanzanian shillings for a 10 megabit per second link without data cap, which is about $22 to connect a school with unlimited data. That has really been the game changer in Tanzania, and we really hope that this is scaling up to the whole of Tanzania. Thank you so much. Having said that, if you have a question, this is the time for you to jump in. You have so much expertise here. Please go ahead and bring your questions across. The mic is over there, and the online questions is also here. So while we have one participant going to the mic, then we take one online question, which is, Nassar, that is to you and to you, Savannah, and that is, what are the policy frameworks in Tanzania to actually foster, our

Nazar Nicholas: thank you very much. So, Nye, I want to have you do a presentation on what is in the school connectivity. We can more mobile, I am so having direct internet at a school, you know, that’s very important, that’s very important for any person needing contactDavide the regulator has come up with, you know, the framework to see how they can accept, you know, smaller operators. So, you know, I think it’s very important to recognize the importance of connectivity, especially in the rural areas. So, you know, the Tanzania digital economy framework, 2024, 2034, that one also recognizes the importance of connectivity, especially in the rural areas, if at all, you know, Tanzania and

Catherine Kimbambo: rural areas, and I think thispis officer Vodikonee, thank you outside for relating that much and I can say for now, thanksake the second panel, it addresses why operators engage in such initiatives and what are the potential benefits.

Suveina Farah: For Vodikonee, it is embedded in our purpose, and we are a purpose-led organisation, and our purpose speaks on, one, empowering people, two, protecting the planet, and, three, maintaining trust. and throughout across all our commercial activities purpose is embedded whether it’s through digital inclusion financial inclusion accessibility or ensuring that our actions our activities are not harming the planet and what we do to ensure that there’s restoration and reforestation as well with regards to our activities so that is why that is our why we believe that as a technology company as a telecommunication company we can connect people to a better future on the aspect of what is our what what what is the benefit one is that having increasing digital literacy increasing digital skills we’re seeing an uptake of data services but also on the other end is that to be able to reach people to be able to improve lives we need to be a digital connected world but also access to educational resources actually access to health facilities we’ve worked across these three different pillars of health economic empowerment as well as education and we’re seeing remarkable improvement in all the regions that we work with as well as as well as better improving lives of Tanzanians we believe also that it is our duty as as an investor in the country to ensure that our work improves the lives of the Tanzanians

Josef Noll: thank you thanks and we have uh someone wanted to ask a question from the room please introduce yourself and we only have two and a half minutes left so very short answers please thank you

Audience: thank you very much joseph my name is uh barack cotiano i chair the association of community networks in kenya and i have partnered with basic internet as well in community connectivity in kenya uh some quick points uh first congratulations vodacom tanzania for showing the way and working towards lowering and the Cost for Connectivity. Now quickly, in addition to the issues that have been raised, evidence-based research is key in addressing this particular topic of affordable access for education and health. One of the learnings from the projects that I have done with the Basic Internet Foundation is measurements using the network cell infolight. And this has been key in actually identifying areas that do not have an adequate signal that can provide meaningful access to the community. As we speak, there is still approximately 70% of sub-Saharan Africa that does not have meaningful access and that is still using 2G, while the Global North has already moved out of 2G or some of the countries that are at the sunset phase of 2G. So this is an area that we need to deal with. Secondly is capacity building, targeting the government, targeting civil society, targeting private sector players and academia. We attempted a similar approach in Kenya, we only succeeded with 45 schools because the government said education is free, so why are you talking of charging the schools yet you know very well that we have a policy framework that dictates that education is free. Thirdly is the issue of advocacy, which we are doing here. I’m happy to see Naza from the Internet Society, I’m also a member of the Internet Society chapter and the association and the chapter and many other stakeholders are engaged in advocacy to make sure that we create more awareness in this. Lastly, the definition of meaningful access varies. For instance, right now in Kenya as per the education framework… You have to conclude, we only have 10 seconds left. 10 seconds, yeah. Meaningful access is 50 MB. while in some environments or contexts we are talking about Gigabyte.

Josef Noll: Sorry, that was a long closing remark. I think we covered all the points. If you have more points, I’m very happy that you joined us. Thank you so much. And by this one, I close the session. And again, we are looking forward to have more telecom operators to join us and ISPs on the path for affordable access, for education, health and empowerment. Thank you, everyone. Raise for a picture, I think. Yeah.

Agreement points

Partnerships and collaboration are essential for successful connectivity initiatives

Speakers

– Josef Noll
– Clair Sibthorpe
– Asrat Mulatu
– Asim Adeel
– Suveina Farah

Arguments

Collaboration between universities, operators, and communities to build research networks and connect schools

Biggest challenge for mobile technology usage is lack of affordability, digital literacy, relevant content, and safety concerns

Multi-stakeholder approach aligning policies, showcasing impact, and mobilizing mixed funding mechanisms needed

GIZ supports digital solutions guided by local ownership, scalability, gender inclusion, and cross-sector partnerships

Partnerships are essential for digital transformation and have enabled Vodacom Foundation to improve 10 million lives over 20 years

Summary

All speakers emphasized that addressing connectivity challenges requires collaborative approaches involving multiple stakeholders including governments, private sector, civil society, and communities working together

Topics

Development | Economic | Infrastructure

Rural connectivity faces significant infrastructure and investment challenges

Speakers

– Josh Perrera
– Nazar Nicholas
– Asrat Mulatu
– Suveina Farah

Arguments

Challenge remains in return on investment for sparsely populated rural areas

Rural areas experience degraded connectivity with 3G, 2G or no service just 15-30km from commercial centers

Ethiopia faces under-connectivity challenges with most population living in rural areas

Significant hurdles include energy, power in rural areas, and accessible roads for tower maintenance

Summary

Speakers consistently identified rural areas as facing the greatest connectivity challenges due to infrastructure limitations, investment barriers, and geographic obstacles

Topics

Infrastructure | Development | Economic

Digital literacy and capacity building are critical components of connectivity solutions

Speakers

– Clair Sibthorpe
– Asim Adeel
– Suveina Farah
– Audience

Arguments

Biggest challenge for mobile technology usage is lack of affordability, digital literacy, relevant content, and safety concerns

GIZ supports digital solutions guided by local ownership, scalability, gender inclusion, and cross-sector partnerships

Focus shifted to digital skills and teacher training to address gaps in digital literacy

Capacity building targeting government, civil society, private sector and academia is essential

Summary

Multiple speakers agreed that providing connectivity infrastructure alone is insufficient; digital literacy training and capacity building across all stakeholder groups is essential for meaningful access

Topics

Development | Sociocultural

Standards and regulatory frameworks are fundamental for scalable connectivity solutions

Speakers

– Sudhir Dixit
– Josh Perrera
– Nazar Nicholas
– Asrat Mulatu

Arguments

Standards are critical for manufacturers to justify investment and build products at scale

EU launched 5G action plan in 2016 and digital compass in 2021 targeting 5G everywhere by 2030

Tanzania has regulatory frameworks accepting smaller operators and digital economy framework 2024-2034 recognizing rural connectivity importance

Ethiopian Communications Authority is creating policies including tax breaks, universal service fund, and public-private partnerships

Summary

Speakers agreed that proper standards and supportive regulatory frameworks are essential foundations for achieving scalable and sustainable connectivity solutions

Topics

Legal and regulatory | Infrastructure

Similar viewpoints

Both speakers highlighted the same successful Tanzania school connectivity project, demonstrating practical implementation of affordable connectivity with measurable educational outcomes

Speakers

– Josef Noll
– Suveina Farah

Arguments

Successfully connected 250 schools in Tanzania at cost of 60,000 Tanzanian shillings ($22) for 10 Mbps unlimited data

Vodacom Tanzania provided ICT hardware, computer labs, tablets and routers to over 250 schools with significant educational outcome improvements

Topics

Development | Infrastructure | Sociocultural

Both speakers emphasized the stark digital divide in connectivity quality, particularly the persistence of outdated 2G technology in rural and underserved areas

Speakers

– Nazar Nicholas
– Audience

Arguments

Rural areas experience degraded connectivity with 3G, 2G or no service just 15-30km from commercial centers

70% of sub-Saharan Africa lacks meaningful access and still uses 2G while Global North has moved beyond 2G

Topics

Infrastructure | Development

Both speakers emphasized the importance of targeting essential community services (schools, hospitals, emergency services) as anchor points for connectivity initiatives

Speakers

– Josh Perrera
– Asrat Mulatu

Arguments

5G corridors for cross-border connectivity and 5G communities focusing on schools, hospitals, and emergency services

Multi-stakeholder approach aligning policies, showcasing impact, and mobilizing mixed funding mechanisms needed

Topics

Infrastructure | Development | Sociocultural

Unexpected consensus

Technical innovation in rural connectivity solutions

Speakers

– Sudhir Dixit
– Josef Noll

Arguments

Solar panels can be utilized as optical communication receivers for rural broadband infrastructure

Successfully connected 250 schools in Tanzania at cost of 60,000 Tanzanian shillings ($22) for 10 Mbps unlimited data

Explanation

The consensus on innovative, low-cost technical solutions was unexpected given the diverse backgrounds of speakers. Both emphasized creative approaches to overcome traditional infrastructure limitations – one through dual-purpose solar panels, another through ultra-affordable connectivity pricing

Topics

Infrastructure | Development

Device affordability as a critical barrier beyond connectivity

Speakers

– Clair Sibthorpe
– Suveina Farah

Arguments

Biggest challenge for mobile technology usage is lack of affordability, digital literacy, relevant content, and safety concerns

Low smartphone penetration limits usage despite improved access

Explanation

Unexpected consensus emerged that even when connectivity is available and affordable, device costs remain a significant barrier. Both speakers from different organizations independently identified smartphone affordability as limiting actual usage of available services

Topics

Economic | Development

Overall assessment

Summary

Strong consensus emerged around four main areas: the critical importance of multi-stakeholder partnerships, the particular challenges of rural connectivity, the necessity of digital literacy alongside infrastructure, and the foundational role of standards and regulatory frameworks

Consensus level

High level of consensus with complementary rather than conflicting viewpoints. The agreement suggests a mature understanding of connectivity challenges across different regions and sectors, with implications for coordinated global action on digital inclusion initiatives

Different viewpoints

Primary barriers to connectivity adoption

Speakers

– Josef Noll
– Clair Sibthorpe

Arguments

Coverage gap is 15% but usage gap is much larger at 59% in sub-Saharan Africa

Biggest challenge for mobile technology usage is lack of affordability, digital literacy, relevant content, and safety concerns

Summary

Josef Noll focuses on the usage gap as the primary issue, suggesting infrastructure exists but isn’t being used, while Clair Sibthorpe emphasizes multiple systemic barriers including affordability, digital literacy, content relevance, and safety concerns as the core challenges

Topics

Development | Infrastructure | Sociocultural

Role of standards versus practical implementation

Speakers

– Sudhir Dixit
– Josef Noll

Arguments

Standards are critical for manufacturers to justify investment and build products at scale

Successfully connected 250 schools in Tanzania at cost of 60,000 Tanzanian shillings ($22) for 10 Mbps unlimited data

Summary

Sudhir Dixit emphasizes that standards are essential for scalable solutions and manufacturer investment, while Josef Noll demonstrates that practical implementation can succeed with existing technology at very low costs without waiting for new standards

Topics

Infrastructure | Economic | Development

Policy framework effectiveness

Speakers

– Audience
– Nazar Nicholas

Arguments

Kenya’s education policy framework creates challenges as government considers education free, complicating school connectivity initiatives

Tanzania has regulatory frameworks accepting smaller operators and digital economy framework 2024-2034 recognizing rural connectivity importance

Summary

The audience member highlights how policy frameworks can create barriers (Kenya’s free education policy conflicting with connectivity charges), while Nazar Nicholas presents Tanzania’s frameworks as enabling solutions through regulatory acceptance of smaller operators

Topics

Legal and regulatory | Sociocultural | Development

Unexpected differences

Technology readiness versus immediate implementation

Speakers

– Sudhir Dixit
– Josef Noll

Arguments

Solar panels can be utilized as optical communication receivers for rural broadband infrastructure

Successfully connected 250 schools in Tanzania at cost of 60,000 Tanzanian shillings ($22) for 10 Mbps unlimited data

Explanation

Unexpectedly, the IEEE representative focused on future innovative technologies (solar panel optical receivers with 2025 kickoff) while the practitioner demonstrated immediate success with existing technology at extremely low costs. This suggests a disconnect between standards development timelines and urgent connectivity needs

Topics

Infrastructure | Development

Overall assessment

Summary

The discussion revealed surprisingly few fundamental disagreements, with most speakers sharing common goals of improving connectivity. Main disagreements centered on prioritization of barriers (infrastructure vs. usage vs. systemic issues), implementation approaches (standards-first vs. practical deployment), and policy effectiveness across different countries

Disagreement level

Low to moderate disagreement level with high consensus on goals but different perspectives on methods and priorities. The implications suggest that multiple parallel approaches may be needed rather than a single solution, and that successful models like Tanzania’s should be studied and adapted rather than waiting for perfect standards or policies

Partial agreements

Similar viewpoints

Both speakers highlighted the same successful Tanzania school connectivity project, demonstrating practical implementation of affordable connectivity with measurable educational outcomes

Speakers

– Josef Noll
– Suveina Farah

Arguments

Successfully connected 250 schools in Tanzania at cost of 60,000 Tanzanian shillings ($22) for 10 Mbps unlimited data

Vodacom Tanzania provided ICT hardware, computer labs, tablets and routers to over 250 schools with significant educational outcome improvements

Topics

Development | Infrastructure | Sociocultural

Both speakers emphasized the stark digital divide in connectivity quality, particularly the persistence of outdated 2G technology in rural and underserved areas

Speakers

– Nazar Nicholas
– Audience

Arguments

Rural areas experience degraded connectivity with 3G, 2G or no service just 15-30km from commercial centers

70% of sub-Saharan Africa lacks meaningful access and still uses 2G while Global North has moved beyond 2G

Topics

Infrastructure | Development

Both speakers emphasized the importance of targeting essential community services (schools, hospitals, emergency services) as anchor points for connectivity initiatives

Speakers

– Josh Perrera
– Asrat Mulatu

Arguments

5G corridors for cross-border connectivity and 5G communities focusing on schools, hospitals, and emergency services

Multi-stakeholder approach aligning policies, showcasing impact, and mobilizing mixed funding mechanisms needed

Topics

Infrastructure | Development | Sociocultural

Key takeaways

The digital divide in sub-Saharan Africa is primarily a usage gap (59%) rather than coverage gap (15%), with affordability being the biggest barrier to mobile technology adoption

Successful school connectivity can be achieved at low cost – Tanzania connected 250 schools for $22 per school with 10 Mbps unlimited data

Multi-stakeholder partnerships between universities, telecom operators, governments, and communities are essential for sustainable connectivity solutions

Standards development through organizations like IEEE is critical for manufacturers to justify investment and scale production

Policy frameworks including tax breaks, universal service funds, and public-private partnerships are necessary to make rural connectivity economically viable

Digital literacy and teacher training are as important as infrastructure – focus must shift beyond just providing connectivity to building capacity

Evidence-based research and measurement tools are key to identifying areas lacking adequate connectivity and demonstrating impact

Rural connectivity faces multiple challenges including high infrastructure costs, energy/power issues, poor road access, and low smartphone penetration

Resolutions and action items

Vodacom Tanzania Foundation received symbolic award recognition for their affordable access initiative connecting 250 schools

Catherine Kimambo to hand-carry the award to Tanzania as acknowledgment of the partnership

IEEE P1962 project approved for standardization of rural broadband infrastructure utilizing solar panels as optical communication receivers, with kickoff meeting scheduled for July 1, 2025

Vodacom Tanzania signed memorandum of understanding with Tanzania Institute of Education to zero-rate their platform serving 184 learning centers

Call for more telecom operators and ISPs to join the affordable access initiative for education, health and empowerment

Unresolved issues

How to address the fundamental economic challenge of return on investment for rural connectivity in sparsely populated areas

Varying definitions of ‘meaningful access’ across different countries and contexts (50 MB in Kenya vs Gigabyte requirements elsewhere)

Policy conflicts where governments declare education free but connectivity initiatives require funding mechanisms

How to scale successful pilot projects to national and regional levels sustainably

Addressing the smartphone penetration gap that limits usage even when connectivity is available

How to ensure community involvement and local ownership in isolated areas beyond municipal reach

Suggested compromises

Blended financial models that de-risk investments for ISPs while involving multiple stakeholder interest groups

Starting with small initiatives designed for national and regional scale-up rather than attempting large-scale deployment immediately

Focusing on strategic development entities (schools, hospitals, emergency services) as anchor points for community connectivity

Upgrading networks gradually (ensuring rural areas have at least 4G when cities have 5G, rather than maintaining 2G)

Cross-sector partnerships combining civil society, startups, and multilateral cooperation to share costs and risks

We are seeing that the biggest challenge is in terms of being able to use it, is lack of affordable, affordable technologies… but there’s also issues around lack of relevant content and services, safety and security concerns. And so I think, you know, taking a holistic approach to both improving affordability skills, improving safety and security and ensuring relevant content is really needed

Speaker

Claire Sibthorpe

Reason

This comment reframes the connectivity problem from a purely technical/infrastructure issue to a multifaceted challenge requiring holistic solutions. It introduces the critical insight that access alone isn’t sufficient – usage barriers are equally important and complex.

Impact

This comment established the foundational framework for the entire discussion, shifting focus from just connecting people to ensuring meaningful, sustainable usage. It influenced subsequent speakers to address multiple dimensions of the connectivity challenge rather than focusing solely on technical solutions.

to be successful, you need to have the technology of course, you need to know what the user needs are, what the market needs are, and there have to be standards in place. Without standards, no manufacturer will build products because they are looking for volume to justify investment in any manufacturing process.

Speaker

Sudhir Dixit

Reason

This comment provides a crucial business reality check, explaining why technical solutions alone fail without standardization and market viability. It bridges the gap between idealistic connectivity goals and practical implementation challenges.

Impact

This insight added a layer of economic realism to the discussion, helping other participants understand why connectivity initiatives struggle to scale. It influenced the conversation to consider market dynamics and standardization as essential components of sustainable connectivity solutions.

the issue is really investment in infrastructure. Much as we would like the telecom operators to be everywhere, the issue is really investment in infrastructure… if you are in Dar es Salaam… as you move maybe like 15, 20, 30 kilometers away from the commercial capital, you start experiencing, instead of 5G, you start experiencing 3G, 2G and sometimes no G.

Speaker

Nazar Nicholas

Reason

This comment provides stark, concrete evidence of the digital divide with a vivid example that makes the abstract concept tangible. It challenges assumptions about connectivity progress and highlights the rapid degradation of service quality outside urban centers.

Impact

This ground-truth perspective grounded the discussion in reality, moving it away from theoretical solutions to acknowledge the harsh realities faced by rural communities. It influenced subsequent speakers to address practical implementation challenges and the need for innovative, cost-effective solutions.

We’ve been able to provide and connect more than 250 schools across Tanzania, providing ICT hardware, building computer labs… at a price down to 60,000 Tanzanian shillings for a 10 megabit per second link without data cap, which is about $22 to connect a school with unlimited data.

Speaker

Suveina Farah

Reason

This comment provides concrete proof that affordable connectivity is achievable, offering specific metrics that demonstrate scalable success. It transforms the discussion from theoretical possibilities to documented achievements with measurable impact.

Impact

This comment served as the culminating evidence that the approaches discussed throughout the session can work in practice. It validated the collaborative approach and provided a concrete benchmark for other initiatives, shifting the conversation from ‘whether it’s possible’ to ‘how to replicate and scale’ such successes.

evidence-based research is key… measurements using the network cell infolight… there is still approximately 70% of sub-Saharan Africa that does not have meaningful access and that is still using 2G, while the Global North has already moved out of 2G

Speaker

Barack Cotiano

Reason

This comment introduces the critical importance of data-driven approaches and highlights the stark global digital divide with specific statistics. It emphasizes that meaningful access requires proper measurement and evidence-based interventions.

Impact

Though coming at the end, this comment reinforced the need for systematic, research-based approaches to connectivity challenges and provided sobering statistics that contextualized all previous discussions within the broader global inequality framework.

Overall assessment

These key comments collectively transformed what could have been a superficial discussion about connectivity into a nuanced exploration of systemic challenges and practical solutions. Claire’s holistic framework set the stage for comprehensive analysis, while Sudhir’s business reality check and Nazar’s ground-truth perspective ensured the discussion remained grounded in practical constraints. Suveina’s concrete success story provided hope and validation, while Barack’s evidence-based approach reinforced the need for systematic solutions. Together, these comments created a progression from problem identification through practical constraints to proven solutions, establishing a blueprint for addressing connectivity challenges that balances idealism with realism and theory with practice.

How can we scale up the successful Tanzania model of connecting schools at $22 per school with unlimited data to other countries and regions?

Speaker

Josef Noll

Explanation

This is important because the Tanzania model has proven successful in connecting 250 schools affordably, and scaling this approach could address connectivity gaps across sub-Saharan Africa where 75% remain unconnected

What specific policy frameworks and regulatory mechanisms are needed to incentivize telecom operators to invest in rural connectivity where return on investment is not guaranteed?

Speaker

George Pereira and Asrat Mulatu

Explanation

This addresses the fundamental challenge that market interests don’t align with rural connectivity needs, requiring policy interventions like tax breaks, universal service funds, and public-private partnerships

How can we effectively measure and demonstrate the social impact of connectivity initiatives to build political confidence and financial momentum?

Speaker

Asrat Mulatu

Explanation

Evidence-based arguments and empirical evidence are needed to convince governments and investors of the value of connectivity investments, particularly in underserved areas

What are the most effective approaches to address digital literacy gaps, particularly in teacher training and community education?

Speaker

Suveina Farah and Claire Sibthorpe

Explanation

Digital literacy has been identified as a major barrier to technology adoption, with specific challenges in training educators who can then serve students and communities

How can smartphone penetration be increased in rural areas to enable better access to digital resources and services?

Speaker

Suveina Farah

Explanation

Low smartphone penetration is limiting usage even where connectivity exists, and addressing device affordability is crucial for meaningful access

What constitutes ‘meaningful access’ and how should this definition vary across different contexts and countries?

Speaker

Barack Cotiano

Explanation

There’s inconsistency in defining meaningful access (50 MB in Kenya vs. Gigabyte in other contexts), and standardizing this definition is important for policy and investment decisions

How can community networks and local ownership models be better integrated into national connectivity strategies?

Speaker

George Pereira and Nazar Nicholas

Explanation

Community involvement is critical for sustainability, but there’s a need to understand how to effectively engage communities beyond municipalities, including isolated areas

What evidence-based research methodologies should be used to identify areas lacking adequate signal coverage for meaningful access?

Speaker

Barack Cotiano

Explanation

Proper measurement tools and methodologies are needed to accurately assess connectivity gaps and guide infrastructure investment decisions

How can the IEEE standardization process be leveraged more effectively to develop rural communication technologies?

Speaker

Sudhir Dixit

Explanation

Only 1 out of 15 proposals was selected for standardization, suggesting a need to better understand how to develop viable standards for rural connectivity solutions

Summary

This discussion at the Internet Governance Forum in Norway focused on achieving “net positive digital sustainability,” exploring how digitalization can deliver environmental and societal benefits beyond merely reducing harm. The session was moderated by Natalie Becker Aakervik and featured speakers from Norwegian government agencies, major technology companies like Google and Huawei, infrastructure providers, and international organizations.

Jan Eyvind Velure from the Norwegian Communications Authority introduced the core concept, explaining that net positive sustainability requires balancing the digital “footprint” (negative environmental impacts from infrastructure and devices) against the “handprint” (positive impacts when digital services enable efficiency in other sectors). Norway has conducted a comprehensive lifecycle analysis of its digital infrastructure, finding that digital devices account for 75% of current emissions, though data centers are expected to grow fastest due to AI demands.

Industry representatives presented various approaches to the challenge. Kenneth Frederiksen from Huawei outlined a five-layer framework for measuring green indices across equipment, facilities, networks, operations, and vertical enablement, citing examples where ICT technologies can deliver up to 10 times improvement in other industries. Anton Aschwanden from Google emphasized their commitment to 24/7 carbon-free energy by 2030 and highlighted AI applications that have already saved millions of tons of emissions through tools like eco-routing in Google Maps.

Jon Gravrak from Bulk Infrastructure advocated for locating data centers near renewable energy sources in northern regions and creating industrial ecosystems that reuse waste heat from data centers. Daniel Dobrygowski from the World Economic Forum stressed the importance of digital trust and multi-stakeholder governance, noting that only 44% of people globally are comfortable with business uses of AI.

Minister Karianne Tung emphasized Norway’s goal to become the world’s most digitalized country by 2030 while maintaining sustainability, announcing upcoming data center strategies that will require heat reuse analysis. The discussion revealed significant challenges, with Pernilla Bergmark from the World Benchmarking Alliance noting that the ICT sector’s emissions have remained stable rather than declining as needed, and that many handprint claims lack rigorous measurement.

The panelists agreed that achieving net positive digital sustainability requires unprecedented collaboration between governments, industry, and civil society, supported by better measurement frameworks, knowledge-based governance, and incentive alignment. The overarching message was that while the challenge is complex, digitalization remains essential for addressing global challenges, requiring careful steering rather than restriction to maximize positive impacts while minimizing environmental costs.

Keypoints

## Major Discussion Points:

– **Net Digital Sustainability Framework**: The concept that digitalization should deliver net positive environmental and societal outcomes, not just reduce harm. This involves balancing the “footprint” (negative impacts like energy consumption and emissions) against the “handprint” (positive impacts through enabling other sectors to be more efficient) while accounting for rebound effects.

– **Data Centers and AI’s Growing Energy Demands**: The rapid expansion of AI workloads and data centers is driving significant increases in power consumption. Speakers discussed the need for strategic placement of data centers near renewable energy sources, improved cooling systems, and innovative heat reuse solutions to minimize environmental impact.

– **Measurement and Governance Frameworks**: The critical importance of developing robust, science-based measurement systems to track both footprint and handprint impacts. Norway’s pioneering lifecycle analysis and planned open-source dashboard were highlighted as examples of knowledge-based governance approaches.

– **Multi-stakeholder Collaboration and Trust**: The necessity of cooperation across sectors, borders, and stakeholder groups to achieve sustainable digital transformation. Digital trust was emphasized as fundamental to long-term innovation success, requiring alignment of technology development with human values and expectations.

– **Innovation vs. Regulation Balance**: The challenge of fostering continued technological innovation while implementing appropriate governance structures. Speakers emphasized that sustainability, innovation, and value creation are interconnected rather than competing priorities.

## Overall Purpose:

The discussion aimed to explore how digitalization can become a net positive force for sustainability and justice, addressing the guiding question: “What kind of governance is needed to ensure digitalization drives net positive sustainability, innovation and value creation?” The session sought to move beyond simply minimizing digital harm to actively creating positive environmental and societal outcomes.

## Overall Tone:

The discussion maintained a consistently collaborative and optimistic tone throughout, characterized by solution-oriented thinking and shared commitment to sustainability goals. While speakers acknowledged the significant challenges ahead, the atmosphere remained constructive and forward-looking. There was notable alignment among panelists from different sectors (government, industry, academia, international organizations) on core principles, with healthy debate around implementation approaches rather than fundamental disagreements. The tone became increasingly action-oriented as the session progressed, with concrete examples and commitments being shared.

Speakers

**Speakers from the provided list:**

– **Natalie Becker Aakervik** – Moderator for the session on sustainable digital growth

– **John Eivind Velure** – Director General of the Norwegian Communications Authority (ENCOM), responsible for digital security, artificial intelligence, and data protection

– **Nicolai Lovdal** – Assistant Director for Digital Sustainability at ENCOM, with 20 years of experience as entrepreneur, researcher, and strategy consultant at the intersection of technology, innovation, and sustainability

– **Kenneth Fredriksen** – Senior Vice President of Huawei Europe region and subsidiary board director for the Nordic and Baltic cluster, with 25 years in the ICT industry

– **Anton Aschwanden** – Head of Google’s Government Affairs and public policy for Switzerland, Austria, and international organizations in Europe, with over 20 years of experience in technology, innovation, and sustainability

– **Jon Gravrak** – CEO of Bulk Infrastructure, a leading provider of digital infrastructure in Norway

– **Daniel Dobrygowski** – Head of Governance and Trust at the World Economic Forum, leads work on trustworthy technology including the Digital Trust Initiative, attorney and educator at Columbia University

– **Pernilla Bergmark** – Research Lead Financial Systems Transformation for the World Benchmarking Alliance, former principal researcher on ICT sustainability at Ericsson

– **Karianne Tung** – Minister of Digitalization and Public Governance of Norway since 2023, leading voice on digital transformation, AI regulation and public sector innovation

**Additional speakers:**

None identified beyond the provided speakers names list.

# Net Positive Digital Sustainability Discussion at Internet Governance Forum Norway

## Executive Summary

This session at the Internet Governance Forum in Norway explored achieving “net positive digital sustainability” – where digitalisation delivers environmental and societal benefits that exceed its negative impacts. Moderated by Natalie Becker Aakervik, the discussion brought together representatives from Norwegian government agencies, technology companies including Google and Huawei, infrastructure providers, and international organisations to examine governance approaches for sustainable digitalisation.

The discussion revealed both opportunities and challenges in achieving net positive outcomes, with strong consensus on the need for multi-stakeholder collaboration and evidence-based governance, while highlighting tensions around regulatory approaches and measurement methodologies.

## Conceptual Framework and Norwegian Leadership

Jan Eyvind Velure from the Norwegian Communications Authority introduced the net positive concept through a simple illustration: “So if you add a handprint, subtract the footprint and adjust for the rebound effect, only then can we know if we achieve a net positive result worth celebrating.” This framework considers three components: footprint (negative environmental impacts), handprint (positive impacts when digital services enable efficiency improvements), and rebound effects (increased usage offsetting efficiency gains).

Nicolai Lovdal, Assistant Director for Digital Sustainability at ENCOM, presented findings from Norway’s comprehensive lifecycle analysis of its digital infrastructure. Norway is the second country in the world to conduct such an assessment, following France. The research revealed that digital devices currently account for 75% of the sector’s emissions, while data centres are expected to experience the fastest growth due to increasing AI demands. Lovdal announced plans to develop an open-source dashboard for measuring digital sustainability impact to share internationally.

## Industry Perspectives

### Technology Companies

Kenneth Fredriksen from Huawei outlined a five-layer framework for measuring green indices and presented statistics showing that ICT technologies can deliver up to 10 times improvement in other industries compared to ICT’s own emissions. He warned against over-regulation, arguing that being too restrictive on footprint reduction could limit handprint opportunities. He referenced how a 2017 “fun fact” about energy consumption from watching Gangnam Style had become outdated, illustrating how quickly efficiency improvements occur.

Anton Aschwanden from Google emphasized their commitment to achieving 24/7 carbon-free energy by 2030 and highlighted AI applications delivering measurable benefits, such as eco-routing in Google Maps. He noted that AI models are now 100 times more energy efficient than earlier generations while raising concerns about preventing the digital divide from becoming an AI divide.

### Infrastructure Innovation

Jon Gravrak from Bulk Infrastructure advocated for strategic placement of data centres near renewable energy sources and creating industrial ecosystems that reuse waste heat. He made a compelling argument about generational responsibility: “I think our kids, they will not accept that we now build a new industry without making sure we use the energy twice.”

Gravrak proposed treating digital and energy systems as integrated, coining the term “digital energy” and suggesting data centres could provide grid balancing services while their waste heat supports industrial processes.

## Government Strategy and Policy

Minister Karianne Tung outlined Norway’s goal to become the world’s most digitalized country by 2030. She announced several policy measures including:

– A forthcoming data centre strategy requiring heat reuse analysis

– Prohibition of cryptocurrency mining due to energy inefficiency

– Focus on circular economy approaches for device lifecycle management

– Requirements for waste heat reuse

The Minister emphasized the need for regulation that enables rather than restricts innovation.

## International Governance and Trust

Daniel Dobrygowski from the World Economic Forum stressed the importance of digital trust, presenting statistics showing only 44% of people globally are comfortable with business uses of AI. He argued that sustainable innovation requires public acceptance: “History has taught us that we cannot innovate, at least not over the long term, if we lose trust.”

## Critical Assessment of Progress

Pernilla Bergmark from the World Benchmarking Alliance provided a sobering assessment, noting that ICT sector emissions have remained stable rather than declining as required. Only 20% of assessed companies are on track to meet emission targets, and AI-driven companies have increased operational emissions by up to 150%.

Bergmark challenged optimistic handprint narratives, stating that handprints “can also be adding emissions in other sectors,” emphasizing the need for rigorous measurement methodologies that avoid cherry-picking and over-generous extrapolation.

## Key Areas of Agreement and Tension

### Strong Consensus

– Multi-stakeholder collaboration is essential across sectors and borders

– Evidence-based policy making requires robust measurement frameworks

– Strategic infrastructure development should prioritize renewable energy integration

– International knowledge sharing and common standards are necessary

### Areas of Disagreement

– **Regulatory approach**: Industry representatives warned against over-regulation limiting innovation, while government officials advocated for specific policy measures

– **Progress assessment**: Contrasting views on current achievements, with some highlighting efficiency improvements while others emphasized concerning emission trends

– **Priority balance**: Tension between immediate footprint reduction versus long-term handprint maximization

## Emerging Solutions

The discussion highlighted several promising approaches:

– Waste heat reuse from data centres for industrial applications

– AI applications for sustainability optimization across sectors

– Open-source measurement tools for international collaboration

– Industrial co-location strategies around data centres

## Unresolved Challenges

Key challenges requiring further work include:

– Developing standardized international measurement methodologies

– Creating proper business incentives for sustainable practices

– Addressing global digital equity with 2.6 billion people still offline

– Building public trust in AI and digital technologies

– Accurately accounting for rebound effects in sustainability calculations

## Conclusions

The discussion demonstrated mature understanding of digital sustainability challenges with broad agreement on solution directions. Achieving net positive digital sustainability requires unprecedented collaboration between governments, industry, and civil society, supported by better measurement frameworks and aligned incentives.

While the path forward is complex, participants agreed that digitalisation remains essential for addressing global challenges. Success requires careful steering to maximize positive impacts while minimizing environmental costs, with continued collaboration and innovation from all stakeholders to ensure digitalisation becomes a force for positive transformation.

Natalie Becker Aakervik: joining us globally, a warm welcome to sustainable digital growth, net negative, net zero, or net positive. I’m Natalie Becker-Arkovic and I’ll be your moderator for this session. It’s so lovely to have you here this morning. Well, this session will explore the concept of net digital sustainability. What is that? Well, that is the idea that digitalization should not only reduce harm, but actively deliver net positive environmental and societal outcomes, redefining how we measure and how we manage a truly sustainable digital transformation. So, digital infrastructure and services are transforming our societies, as we know, from data centers to mobile networks. They are the key drivers of innovation and sustainability, and they have a growing environmental impact that requires really a more responsible approach. Data centers are particularly important in this conversation and in this transformation. Their power consumption has increased sharply and is expected to continue rising, driven by the large AI models and also global demands that we see for connectivity. By aligning infrastructure and governance and accountability with our shared global goals, this session invites really a cross-sectoral dialogue on how digital transformation can become a force for sustainability and for justice. Now, the guiding question, what kind of governance is needed to ensure digitalization drives net positive sustainability, innovation and value creation, will be a core guiding question that we will try and answer during the session. And through keynotes and a panel discussion, we will try and do this. However, what I would like to do first is introduce the people who are going to be framing this session, who are really going to be setting the tone for us and laying the foundations for the conversations that are coming in our panel discussions. I would like to welcome Jan Eyvind Vellure. He’s the Director of the Norwegian Communications Authority, or ENCOM. Two values they have, responsible and bold. And digital sustainability is one of its strategic focus areas. As a leader at ENCOM, he is responsible for digital security, for artificial intelligence, and for data protection. He is also the Director of the Norwegian Communications Authority, intelligence and the regulation of electronic communication in Norway. He will share the stage with Nikolai Lovdal, who is the Assistant Director for Digital Sustainability at ENCOM, and he will be introducing Nikolai, who has 20 years of experience as entrepreneur, researcher, strategy consultant at the intersection of technology and innovation and sustainability. And Jan, Ivan and Nikolai will really, as I said, frame the concept of what net digital sustainability means. And they will present the case of Norway, highlighting Norway’s journey towards developing a data-driven dashboard for sustainable digital governance. So, please join me in welcoming Jan-Ivan Villora to the stage.

John Eivind Velure: Jan-Ivan, the floor is yours. Thank you, Nathalie. Thank you. Excellencies, distinguished guests, colleagues and friends, good morning and welcome again to day zero of the Internet Governance Forum here in Norway. At ENCOM, and as the Director General, it is my honor to open a session that asks a bold yet responsible question. How can we make sure that the digital wave we are riding becomes a net positive force for people and the planet? First of all, let me try to frame it. So, where do we stand today? The ICT sector alone already accounts for about 2 to 4 percent of global greenhouse gas emissions, and that share is likely to grow. Science-based targets require us to cut absolute ICT emissions by 45 percent between 2020 and 2030, to stay at the one-and-a-half degree pathway. So, although energy efficiency per bit keeps improving, our absolute footprint still rises, driven in particular by data-hungry AI workloads. So we need digital infrastructure and new technology, of course, because this is powering health, it’s powering education, security and business growth. But as a society, we must also answer how do we shrink that footprint while scaling the handprint, the positive knock-on effects that digitalization can deliver. So what does net positive mean? Allow me to try to frame net digital sustainability with a simple illustration. Showing on the screen on the left block, the footprint, that is, of course, the negative impact of digital infrastructure and devices. Its energy consumption is carbon emitted, its material use and biodiversity lost. And on the other side, the right block, that is the positive impact, its emissions and resources avoided when other sectors use digital services. Smart grids, telemedicine, precision farming, for naming a few. In addition, we also have the rebound effect. When things get more efficient, more cheap, we tend to use more of it, which reduces again the positive handprint effect. So if you add a handprint, subtract the footprint and adjust for the rebound effect, only then can we know if we achieve a net positive result worth celebrating. So governance in this. That is, of course, everything we do to steer the balance. That are the rules, the incentives, the standards, it’s the open data, it’s of course inside companies, between companies, within nations, across borders. So, the guiding question for today is, what kind of governance is needed to ensure that digitalization drives net positive sustainability, innovation and value creation? Of course, to solve this is not a solo project. We need to work together. It spans public and private sector, regulators and innovators, from the north to the south. And that is, of course, precisely the spirit of the Internet Governance Forum. It’s a multi-stakeholder arena, where we can test ideas and build common rulesets. Norway has begun to walk the talk, by measuring our national digital footprint and developing an open data-driven dashboard. To share that journey, I’m pleased to pass the floor to my colleague and Enkom’s Assistant Director within Digital Sustainability, Nikolaj Løvdal, who will take us from concepts to concrete action.

Nicolai Lovdal: Nikolaj, the stage is yours. So, the government of Norway gave us a task. We want you to reduce the footprint and increase the handprint. And while doing so, you should also drive innovation and value creation. Is that possible? Yes, of course it is. We will have a knowledge-based approach to this. And there’s a strong link between sustainability, innovation and value creation. So, how did we start on this task? Well, the first thing we did was to start saying we have to understand the footprint. So, we did a full lifecycle analysis of the entire digital infrastructure of Norway. We also did scenario analysis. towards 2030-2050. We included CO2 emission, energy consumption, use of materials and also nature. The report is not published yet but if you’re super curious, let’s see, there’s a small QR code down there, so if you are able to catch it from where you’re sitting or look at the presentations afterwards, you can already now download a version because we have asked for feedback. It’s super important for us that we agree that this is actually where we stand, so this can become a common reference in Norway. This is also the place I think I want to say, anyone from France here? We want to send a tribute to France because you guys were the first one doing something like this, so we more or less did a copy morph of you. So, going to the findings. The total emission from the digital infrastructure of Norway is pretty much the same as the direct emission from domestic air travel. Another interesting finding was that the digital devices, they account for 75% of the footprint today. But moving forward, we expect the data center segment to grow fastest and have the highest growth on footprint. That’s mainly caused by AI and energy, but I have to also add that in Norway, a bit special case maybe, it’s also because we’re an attractive country because we have access to renewable energy in this country. It was a lot of work to do that analysis. We can’t do that every year, it will be too costly, both for us as a public institution, but also for the companies that were sharing the data, so we need to do this more efficiently. So, moving forward, we will design a new So, moving forward, we will design, build and test a data-driven open source dashboard or index dashboard, maybe more correct. So, we will basically move towards A framework for governing the net biosphere impact from digitalization. So allow me to briefly talk about the most important design principles of this. It should maybe have started with saying it has to add value for us and for all the stakeholders, so especially the companies. First of all, we will gather data as digital as possible. It will be science-based, transparent. It will be of course fully aligned with international metrics like EU and the standards of ITU and stuff that most of you use. It will be modular and open source, and we will consider to publish it as a digital public good. We will, as the next step, so what will we do as the next step? Well, on Footprint it’s quite straightforward. In close collaboration with companies and industry associations, we will simply build this beta version. On the handprint it’s a bit more of a challenge, since the nature of how you measure it is quite different. That’s where true uncertainty and stuff comes in. But we will do a stab and look at how can we actually measure it? How can we do and make sure that we can discuss this in a meaningful way? Because of course we can’t do that in a better way than we do it today. So, I’m going to end by saying we will first build this for Norway, but it’s designed to share. So even if we’re a small team, we really would like to collaborate internationally, especially with the doers. Thank you. Thank you.

Natalie Becker Aakervik: Thank you Nikolaj Lovdahl and thank you Jan Eyvind for sharing those wonderful perspectives and also for setting the tone and the foundation so well for the conversations that are to follow in this session. Now our keynote speakers are up next and they’re going to share their points of view on net positive sustainable or rather net positive digital sustainability. They will share those with us in individual presentations and then we’re going to be moving into a panel discussion as well, ladies and gentlemen. So first up I would like to introduce our first keynote speaker. Kenneth has spent all of his 25 long year career in the ICT industry having worked for both or rather European, American and Chinese suppliers. The last 14 years he has spent at Huawei and Huawei Technologies in various leadership positions. He is currently the senior vice president of Huawei Europe region and a subsidiary board of director for the Nordic and the Baltic cluster as well. So he is going to share their point of view on net positive sustainability and they have a special focus on the development of green indices for ICT as outlined in their green management white paper. So without further ado I’d like to give a warm round of applause to Kenneth Frederiksen, the senior vice president for Europe region for Huawei. Please join us on stage. The floor is

Kenneth Fredriksen: yours. A warm round of applause. Thank you. Thank you Natalie and good morning everyone, ladies and gentlemen, distinguished guests both offline and online. As mentioned I’m basically probably going to outline this topic more from a infrastructure perspective. Huawei is a relatively large infrastructure provider doing an end-to-end portfolio of all kinds of digital infrastructures and as part of our work we have done a green management white paper which is basically addressing how to govern, execute and plan ICT organizations, green targets and ambitions. And one important component of this white paper is as already mentioned, the green indices, trying to address the different impact of the different layers of digital infrastructure, both from a footprint perspective but also from a handprint perspective. And I’ll briefly go through these different layers which we basically have categorized into five layers of infrastructure and also, you know, the final and maybe most important one, which is related to the handprint of ICT infrastructure. So if we look at, basically, you can also address this from a bottom-up approach but also from a top-down approach. But if we start at the bottom, which is basically the basic equipment layer, here you have the impact of the different equipment product components individually. The facility layer is more than the combined site or data center layer of all these different technologies being at a site level, where you also measure the overall site energy efficient level. Then you go one step further, which is the network layer, which is basically measuring the overall energy efficiency of the whole network and then you measure the output of the network in terms of performance and quality. At the operational level, you look at the cross network impact, where basically you measure the impact of data across networks from A to B. And then at the enablement layer, the fifth layer, you look at the impact of introducing ICT technologies into other verticals. So going into a bit more detail, I mean at the site level, a typical site or a data center can look very different or basically it looks unique for every setup. So in order to address the impact of a site or a data center facility, you need to go into the details. of the equipment in the site and you need to analyze both from an energy perspective what kind of energy being used but also how to better optimize the performance of the different components together as a unit. There’s also different features of course you can introduce in order to optimize and to improve energy consumption. At the network level you have the energy efficiency index which is basically measuring the energy being used in order to provide a certain number of data traffic and this has been a very typical way of measuring energy or network efficiency but now it’s also very important to include the quality and the performance part into this because by only focusing on efficiency you might compromise quality and performance of the network such as coverage speed of the network which then may have a overall negative impact of the total omission or performance of the network. You need to look at both, you cannot just look at only the energy consumption part on the data traffic but you also need to look at how these measures then impact the quality and the user experience of the network. Then at the operational level you look at the end-to-end traffic of data from basically the consumer back to the data center and vice versa. As an operator of such facilities you have two main areas to focus on. To improve the energy efficiency which is basically looking at how to optimize the performance of the network, the site, the data center level and the different components involved and you can look at how to reduce the emission factors which is basically then for the operators to make sure that you try to use as green energy as possible either from purchasing it or developing your own energy production facilities. And also very importantly is of course the vertical enablement index which is basically the handprint part. How to enable new verticals, new industries to be more green, more sustainable by introducing ICT technologies. This is a simple example of how ICT technologies have been introduced in the mining industry and basically what we see as a more kind of a general finding is that introducing ICT technologies into new verticals have a potential of up to 10 times improvement in those industries compared to the emission created at the ICT industry level which means that in this case as you can see it has an 8.4 times positive net factor of introducing ICT technologies. And in order to achieve this at least Huawei very much encourage continuous dialogues at industry level among the suppliers of course but the industry standard organizations, government authorities, we need to work together in furthering and improving the standardization of these ICT solutions and the requirements of it but also trying to work together to create ecosystems to increase the handprint potential of ICT technologies. Thank you very much.

Natalie Becker Aakervik: Thank you so much Kenneth for your presentation there. Introducing our next keynote speaker Anton Heads Google’s Government Affairs and public policy for Switzerland, Austria, and international organizations in Europe. With over 20 years of experience in technology, innovation, and sustainability, Anton’s focus is on building collaborations, a key word here in the conversations not only for today, but in the coming weeks, collaborations and partnerships across various sectors, whether it’s economy, politics, or civil society, or even academia. He’s also a strong advocate for using artificial intelligence to achieve sustainability goals, such as the Sustainable Development Goals, and he advises BrainForest.Global, which is a non-profit focused on forests, biodiversity, and climate action. Please join me in welcoming Anton Aschwanden. The floor is yours.

Anton Aschwanden: Hello, thank you. Good morning, everyone. So technology and AI are probably among the most powerful tools we have to tackle climate change and building a sustainable future. And yet we know that the challenge is really big. We know that there’s a big challenge on energy questions, and I think addressing this duality is a key task we’re having together. No one can do it alone, not a single company, not a single sector. And that’s why we’re really glad to be here at IGF. We were a strong supporter of the IGF for years, and we’re looking forward to the debates this week. Thanks to the Norwegians as well for bringing us together. And really, this commitment to sustainability begins at our own operations. We’re doing that globally, but also locally, to manage our operations really in a sustainable way. Some of you, I don’t know. they are Norwegians in the crowd. We’re about to deepen our roots here in Norway by building a data center in Schien, which is the capital of the Telemark county. So it’s roughly 100 kilometers from here. So this is a key priority for us to really be sustainable across the globe, but also locally. To reduce emissions, and this is really a key work we’re working on, this is like we matched 100 percent of our global and annual electricity with renewable energy every year since 2017. And our ambition is still as big and even bigger because we’re aiming to operate 24-7 carbon-free energy and achieve net zero across our entire value chain by 2030. So what does that mean? That means that every Google search, every YouTube video you’re going to watch will be running by completely green energy. And we’re making progress. You see it on the slides. 10 of our great regions already achieving 90 percent clean energy, carbon-free. But we have to admit as well, this is a challenging task. You see on the very map above me as well that some regions are still behind. So we need to deepen collaboration, work on technical progress, work together, collaborative spirit as we have here at IGF. So now let’s address the elephant in the room, the energy footprint of AI. We tackle this by really a relentless obsession on efficiency. And this goes on several levels. The first level being our data centers. They are now already like a factor 1. 8 times more efficient than average, and we are delivering 4 times more compute power for the same electricity as we did 5 years ago. And then the next layer is the breakthroughs on the hardware. I don’t know if you heard about the latest TPUs, the Tensor Processing Units, the latest AI chips, and it’s really incredible the progress that has been made over the last years. They’re now like 30 times more efficient than the first generation. And then the next level are the AI models. There we see the same kind of increase of efficiency, now cutting the energy required to train an AI model by a factor of 100. And I think this is really key. As the AI adoption grows, this really radical commitment to efficiency will be more important than ever. So let’s come to the footprint of AI, to the handprint after the footprint. And we really see many, many tools where AI can play a key role. We’ve done a study with BCG that AI can help mitigate 5-10% of global greenhouse gas emissions, and we’re doing that with tools that empower people. You see one illustration from the transport field eco-routing in Google Maps. We saved 2.7 million metric tons of greenhouse gas emissions in 2024 alone, which is the equivalent of taking off the road roughly 630,000 cars per year. Another illustration from the transport field is our project GreenLight, where we can cut emissions together with cities at intersection by up to 10%. Or taking a… an illustration from the energy field, our solar API which supports rooftop solar deployment now available for half a billion buildings across 40 markets. Let me end with an illustration on climate adaption. For years, predicting floods was almost impossible. You only had a warning phase of one or two days and sometimes only a few hours. And now, with improved prediction models, we now manage to warn people up to seven days in advance. So, this is, if you imagine, really impressive, 100 countries, 700 million people, and instead of only giving a warning a few hours before, together with partners like the UN, NGOs, we are able now to warn people up to seven days in advance. Not only saving lives, but livelihoods. So those were just a few illustrations, and I think the crucial point I’m making is that digitization can be a really powerful force for a sustainable planet. I invite you all to also pass at our booth. We’re going to highlight some of the projects I just mentioned, and I’m looking forward to the discussion with my fellow co-panelists today and to your questions. Thank you so much. Anton. Right, ladies and gentlemen, so I hope you enjoyed that presentation.

Natalie Becker Aakervik: Our next speaker is Jan Gravrok. He’s the CEO of Bulk Infrastructure. Bulk Infrastructure is a leading provider of digital infrastructure right here in Norway. He is a strong believer in building something bigger than ourselves, and that Norway can play a key role in Europe’s digital and green brain. Now he will share the company’s point of view on digital sustainability with us. with a special focus on how large data centers can support the energy grid with flexibility and how data centers could act as a cornerstone business with local support and value creation. That’s going to be an exciting presentation as well, so I hope you’re looking forward to it. Without further ado, I’d like you to join me in giving a very warm welcome to Jon Gravrock.

Jon Gravrak: Thank you. Hello everyone, good to see you, good morning. So I’m representing Bulk Infrastructure and we are a Nordic-based data center operator and developer and operator, and we also build fiber networks. So I wanted to talk a bit about this today, our planet. And I think we’re definitely going into the digital society, to the data age, but it’s still the humble beginning and we still have an opportunity to make our digital society a truly sustainable one. And I think that’s all about our mission in Bulk. How can we make our digital society sustainable? And our governing thought, looking at this planet, is that we have to think a bit differently. We have to choose the locations of the digital foundation, the data centers, carefully. They should be located next to surplus of renewable energy, because data centers are consuming energy and we need to be careful where we put them. We think we need to look up north. We have abundance of renewable power, both on the European side and on the American side, if you look up north. It’s actually shorter fiber distances to cross the continents the further north you get. The climate is colder. It does reduce the power consumption of our data centers and it can scale for the future, which is important. for those GPUs. In bulk, we try to think like an industrial company. What does it mean to bring an industrial mindset into this digital infrastructure world? Well, first of all, we think you need to think long-term. You have to do things today that will have an effect 10, 20, 30, maybe 50 years ahead of time. And what we’re doing today, that’s based on decisions that were made 10, 15 years ago. So you need to keep that long-term logic with you. Secondly, we think you need to really think about industrial scale. So you cannot only solve digital problems locally. You have to find a bigger role, a bigger scale to make it truly industrial. In bulk, we think that what we do in Norway, making use of the renewable power surplus here should benefit all of Europe. So sometimes we talk about building the European engine room for the digital society. Thirdly, an industrial mindset requires you to think about people and capabilities. Yes, these are the machines that we’re kidding for, but it’s still a people business. You need to bring in those young people, teach them capabilities of the future that can benefit all of us. And I wanted to touch upon two sustainability aspects of what we’re doing. The first one, definitely linking to the electricity or energy system. So if you look at this picture, there’s a data center in the foreground. That’s not only any data center, it’s our latest one, and it’s tailored to fit with generative AI. And it’s already housing the GB200s for the ones interested, which is the latest and greatest of NVIDIA GPU technology. And in the background of this picture, you see another interesting thing, which is Kristiansand transformer station. So this is Norway. biggest transformer station. It handles a lot of the surplus of power production in our part of the world. And I think sustainability is about seeing this energy system in the background together with the digital system in the foreground. We actually talk about digital energy and there’s so many synergies to explore here. I already touched upon the first one which is that location of the data centers matters a lot. It’s easier to transport data through fiber networks than it is to transport power through electric grids. And it’s much more efficient. So you have to think carefully about where you put these large data centers of the future. Secondly, there’s simple things which you’ll have to understand on a local level. How can the data centers, you know, play in sync with the grid? And in Norway it’s so that it is really cold and especially in the winter time. So we spend by far the most energy in the winter as a society. But the data centers, they actually consume most power in the summer because that’s when we need to cool down those servers. So seeing those seasonal synergies and using them to optimize the grid, that’s one example of a synergy. Another one is, as we unfortunately saw in Spain and Portugal this summer, or this spring I should say, as we bring more and more distributed power generation, solar, wind, etc. into the grid system, we create new problems for ourselves. And those problems relate to the frequencies of how the power is distributed. And you need to constantly rebalance those frequencies in the grid. And again, data centers with our backup batteries can contribute to that frequency balancing. It’s another synergy. It’s all about electricity. I also think we need to talk about, sorry, oh, too many slides. We need to talk about building cornerstone businesses. So as data centers, we’re often just flying in, consuming the power and never meeting anyone locally. We think you have to build these data centers together with the local communities. You have to build the future cornerstone businesses like the old industries did before. And on this picture is one example of that. It’s to engage on sustainability initiatives together with the local municipality. This is Vennesla in the South of Norway. And another example I wanted to show is this. We have to take care of our youth. So this is Christopher, our supervisor on connectivity and fiber in the data center business. And he’s teaching these 17-year-old kids that’s studying to become electrical engineers how to think about connectivity in the data centers. And for the ones that didn’t know, the newest AI setups require tens, if not hundreds of thousands of independent fiber connections just to work. So we need that youth to come in, but it’s also part of building a cornerstone business that you give the local youth an opportunity to take part in something which is bigger than themselves. And finally, just to summarize what I say, we need to build an industry around this. We need to have the long-term thinking and the scalable thinking. We need to think about the digital industry as an integrated one with the energy industry. We need to think about digital energy. And as Jensen Huang here says, for countries and regions that have surplus of renewable power, we really need to think about exporting intelligence and not just the raw material of power. Thank you so much. Thank you.

Natalie Becker Aakervik: We’re really looking forward to having all of our keynote speakers in the panel discussion so we can engage and take a deeper dive into this very important conversation. And great to see you, our audience, and again acknowledging our global audience who’s watching from online. So nice to have you here at this presentation. So up next, our next speaker leads the World Economic Forum’s work on trustworthy technology and trusted word that’s coming up a lot in this forum, so important in our day and age that we are in, including the Digital Trust Initiative, the Global Coalition for Digital Safety and Connected Future Initiative. He’s also an attorney and educator, Daniel teaches at Columbia University, and his work has been featured in the Harvard Business Review, Wired, and other publications which I’m sure that our audience is very familiar with. So Daniel will present the World Economic Forum’s point of view on net positive sustainability as we’ve mentioned a core concept and the core of this conversation, with a special request to explore the role of digital trust at a handprint potential of emerging technologies really, he’s going to be focusing on that, and the handprint of emerging technologies with a positive impact in shaping a more sustainable digital future. So we’re going to hear from Daniel now, and I’m going to ask you to give another warm rousing, warm round of applause, our audience, to Daniel Dobrygowski, Head of Governance and Trust at the World Economic Forum. Let’s hear it. Daniel. Excellent.

Daniel Dobrygowski: Thank you very much for that warm introduction, and I truly appreciate the Government of Norway and IGF inviting us out and giving us the opportunity to have this discussion. This is an excellent way, obviously, to start the IGF. In many ways, this theme of sustainability, governance, innovation, trust, highlights some of the key themes of our IGF meeting this week. Digital trust and resilience. on responsible innovation, universal access, and digital rights, and digital cooperation. Today, I wanna talk a little bit about the intersection between those different themes and how innovation, sustainability, governance, and trust are absolutely vital when we’re thinking about new and emerging technologies. So first, let’s talk a little bit about innovation. One of the key innovations we think about, AI, is likely to introduce enormous benefits to individuals and to society as a whole. We stand to become more effective and more efficient in almost every human endeavor, from medicine to communications to the provision of government services. But without clear and effective guardrails for that innovation, there’s a chance that all of this will come at tremendous cost to individuals, to society, and to the planet. Those guardrails and the choices that we make in setting them are what we mean when we talk about good governance. And this is where the forum’s work on digital trust comes in. In order to be trustworthy in the development and deployment of new and emerging technologies, we need to decide collectively about what those guardrails guiding our decisions around technology should look like. What we found is that the base expectation for individuals in determining whether they trust these technologies is whether the development and use of those technologies meets people’s expectations and represents their values. Some values and expectations are, of course, dependent on cultural, national, and other contexts. But some are more widely held, like those set out in the Universal Declaration of Human Rights, and some are even more basic than that. People don’t want or expect technology that does them harm. People don’t expect or want technologies that degrade the environment that supports our lives. And looking at those reasons and more, I think we can see that AI doesn’t seem to be measuring up in terms of trust, at least not yet. Here we have research from the firm Edelman and their 2025 trust barometer, and shows that only 44% of people globally are comfortable with business uses of AI. Now this is a bad trajectory. History has taught us that we cannot innovate, at least not over the long term, if we lose trust. That means we need to do better about how we ensure that people’s expectations guide our decisions around technology. This is governance in its most basic sense, developing rules or principles for how we decide how to develop these technologies. And making good decisions is fundamentally a multi-stakeholder and interdisciplinary effort. Again, here’s where we wanna talk about digital trust. It’s multi-stakeholder because it takes all actors, nations, companies, civil society, and individuals working together in order to identify what our expectations are in terms of new technologies. And also to define the guardrails for those technologies which we will accept. And it’s interdisciplinary because there’s no one source of trust. It’s systemic and interconnected. And here’s what I mean by that. Looking at the forum’s digital trust model, you can see we need to protect a variety of different issues. We need to have intersections between a variety of different disciplines in order to build trust. All of these areas must interact in order to have trustworthy technology development. And here. to highlight one of the areas that we talk about, sustainability. As we discussed today, we need to ensure that technologies are developed and deployed in a sustainable way. This is a basic expectation that people have of technologies. And as digital technologies increasingly consume resources such as energy, water, a trustworthy technology company, or a government that wants to incentivize trustworthy technology, must consider sustainability as part of its obligations. So here briefly, you’ve heard a lot about AI footprint, handprint. Here’s how we found that that works. Let’s consider one aspect, as Kenneth brought up, of AI development, data centers. Data centers are a vital component of digital infrastructure, and they support a variety of applications, not just AI, cloud computing, complex data processing. AI’s rapid expansion is increasing the demand we place on these centers. And this is likely to increase significantly every year for the near future. Our estimate from January is a 50% annual increase through 2030. And so that gets us to the handprint. If AI is significantly increasing our energy use, we can use AI to potentially offset that. And there’s two ways we can do that. One, I think as Anton mentioned, we can make AI more efficient. We can have it use energy more efficiently through more efficient hardware, through more efficient models, by making better data centers. And we can also use AI to make other energy uses more efficient. That’s the sustainability handprint that we talked about for AI. What we found in our work is that through grid optimization, energy management, renewables forecasting, and energy storage, we can use AI to bolster the tools that we’ve already developed to support sustainability. So as I mentioned earlier, this is based on choices we have to make. And this is what brings together the themes of the week. If our innovations have caused a problem, and severe environmental toll is certainly a problem, then it may be possible for us to innovate our way out of that problem, but only if we decide to do that. Only if we decide that digital trust is important, and only if we decide that good governance is worth pursuing and cooperate in defining what that looks like, so we can have both innovation and sustainability, and thereby build trust. Thank you very much.

Natalie Becker Aakervik: Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you so much, Daniel, for that very interesting and in-depth presentation on trust, and such an important part of this conversation as well. Now, I’m going to introduce our next speaker before we engage in a panel discussion with the great speakers, and diving deeper, as I said, into the topics that they’ve touched upon in their presentations. So, while focusing now on the financial sector sustainability impact as a research lead in the World Benchmarking Alliance, Penelope Bergmark was earlier the principal researcher on ICT sustainability, and that is the sustainability impact at Ericsson, where she conducted peer-reviewed research, and led standardization on topics connected to assessment of sustainability of digital, in particular, focusing on climate and other environmental topics. And as a standardizer, Penelope has been very active, really, in bodies such as ITU, ISO, ETSI, and other co-led methodologies in development for avoided emissions, smart, sustainable cities, and net zero and decarbonization strategies as well. So, without further ado, I will leave it up to her to talk more about the subject. She’s going to be sharing the World Benchmarking Alliance’s point of view on net positive sustainability, and also. discussing approaches for greening digital companies and also advancing handprint frameworks to measure and enhance their impact. Please join me in welcoming Pernilla to the stage. Pernilla Bergmark who is the research lead financial systems transformation for the World Benchmarking Alliance and again a warm round of applause ladies and gentlemen. Pernilla. Thank you so

Pernilla Bergmark: much Natalie and thank you Norway and IGF for inviting me. As you can hear my voice is not perfect today so I hope it will last for this presentation. I represent an organization called WBA World Benchmarking Alliance. We provide benchmarks and data and insights to policymakers, civil society and to the industries to help understand how they are delivering on social and environmental impacts. We do that across 2,000 companies across industries and 200 of them are from the tech sector and that I will refer to today. As we have heard today already we can divide impacts from digital into three categories. We have the first order impacts which is also the footprint which has been referred to earlier. We have the second order impacts which is the avoided but also added emissions when ICT is used or digital solutions are used in different sectors and we have the higher order effects called rebound. I by that challenge a bit the previous speakers by saying that the handprint is not only about avoiding emissions in other sectors but it can also be adding emissions in other sectors so that’s an important thing to remember. If you as you heard also from the first speaker There is a trajectory which tells us how much the ICT sector should reduce its emissions between 2020 and 2040 by 45 percent. That is based on the normative framework which was developed by ITU and SBTI and so forth. This is not really what we are seeing happening yet. Based on research until 2020 we can see that the footprint has really not started to decline but it’s stable while it should decline by seven percent basically a year. So as WBA we are working with the ITU. We have a report that we publish on an annual basis called the Green Digital Report. In this report we are looking at the first footprint of the sector and we are also rating companies in relation to their commitments, in relation to their performance and also in relation to how transparent they are. We can see also there that we are not really on the right track. So in comparison with 2020 we can see that telecom operators have actually reduced operational emissions somewhat but at the same time we can see that AI driven companies have increased their operational emissions with up to 150 percent. And also we can see that while these companies are investing quite heavily in renewables it’s not always renewables which leads to additionality but it’s definitely something which is good. But we can also see that there is a concentration of emissions, so only 10 out of 164 companies that reported are actually providing half the emissions. We can also see when it comes to targets that it’s below 20 percent of the assessed digital emissions which are in the target which is where companies are on the track with meeting the target. And we can also see that while over half the companies have targets we can see that only 45 percent of emissions are under a target. So that remains a lot to do and especially when we come to what’s called scope free the value chain emissions that are just 58 companies. I should speed up a bit. Let’s go to the second order effect whether this is net positive net negative or net zero for the sector. This is not a new discussion. Already in 2008 there was a famous report called the smart 2020 that looked into the handprint and proposed solutions that could help reduce emissions globally. It came out with the conclusion that 15 percent of overall global emission could be reduced by the ICT sector by the digital sector. However if we look at recent data from our word in data we can see that if we look at all the sectors where ICT is supposed to reduce this handprint we can see that they are not reducing by 15 percent. Then you can maybe say that the ICT without the ICT sector it would have been even worse. We cannot know that but we are definitely not seeing this delivered as of yet. What can we say about more recent development? Of course if you compare with 2008 we are a highly digital society which we were not at that point. But we can also see that the claims that are made today are very similar to the claims made in 2008 but we are adding like new buzzwords to describe them. We have the methodology development and standardization has developed a lot. Our understanding of this handprint is much deeper today but many of the studies which are presented are quite limited in scope or they are still quite crude. So it’s very hard to know where the sector is as a whole. We see in those studies that there is often a cherry-picking. That means that you have chosen solutions which are delivering the positive effects rather than looking at all solutions. There is also double counting and also over generous extrapolation from small studies to wider effect. So there is definitely a need for in-depth studies, wider studies. And also these higher order effects rebound are often omitted while they have a substantial impact in reality. So there are a lot of key questions that remains to be answered. So I’m looking forward to discuss that with my fellow panelists. Thank you for listening. Thank you so much for that presentation. I’m going to ask you to kindly have a seat over here. Thank you so much. We are going to be heading into our panel discussion. So we’re going to invite our speakers who along with Pernilla have also contributed here with their presentations.

Natalie Becker Aakervik: So, thank you so much, Pranila. I would like to invite back onto stage, please join me in giving a warm round of applause, our audience, and you at home can too, our global audience who are watching from online. Please join me in welcoming again, Jon Gravik, please, Gravrak, please join us on stage. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Let’s go ahead, here, please. Anton. Anton. Anton. Kenneth. Kenneth. Kenneth. Kenneth. It keeps everybody’s energy up. Please join us, Kenneth. And then we have Jon Iven, Jon Iven. Jon Iven. Jon Iven. Jon Iven. Jon Iven. over there, over there, okay? And Daniel, please join us on stage. Okay. Okay. And we have a, thank you so much. Joining us also in this panel discussion, ladies and gentlemen, we have Karianne Tung, who serves as our Minister of Digitalization and Public Governance since taking office in 2023. She has been a leading voice on digital transformation, AI regulation and public sector innovation in Norway. Last year, she presented the government’s new national digitalization strategy, a roadmap really guiding Norway’s digital development towards 2030, with the goal of becoming the most digitalized country in the world. Please join me in welcoming Karianne Tung, our Minister for Digitalization and Public Governance. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. I have the opportunity to hear from our various speakers, their take on, well, their take on the guiding question of how to… obtain a net positive result, not just do no harm but actually how do we positively turn this around, and that is what we’re going to be diving into here. Without further ado, I want to just also say thank you to our panel for your wonderful contributions and looking now at how we together can move forward towards net positive right. Where do we start? There’s so much to talk about and so many interesting points that you’ve all raised, but we have to start somewhere, so let’s start here. Minister Tunga, I’m going to direct the first question to you. What kind of governance do you believe is needed to ensure that digitalization really drives net positive

Karianne Tung: sustainability, innovation and value creation? Thank you moderator for the question. I believe that digitalization is the tool that we need to solve huge societal challenges, but also to chase down the possibilities that comes with the digitalization. That is also why I set the goal of being the most digitalized country in the world by 2030. Norway is already quite a digitalized society, but we still have a way to go and a continuous way to go. One year ago in Norway, we then established a new ministry for digitalization and public governance. We did that because we saw the need for better coordination and better steering of digitalization across sectors, but also working across borders internationally, so that we could find the positive sides of digitalization. Because we really need to cooperate across borders to be able to find the pathway, both for public sector, but also the business sector, to work together to be able to do this in a sustainable way, in an energy efficient way as well. Because we know we can use digitalization as a positive tool, but also with digitalization. we see emissions, we see challenges, and to be able to tackle these challenges we have to work together as well. So, cooperation, standardization and clear goals is the way I’m working with digitalization.

Natalie Becker Aakervik: Thank you so much for answering that question, Minister. Jan Eyvind, over to you. What is your take on that? Thank you, Natalie. Of course, I’d like to add to what Minister Tonge said.

John Eivind Velure: Of course, we at the Norwegian Regulator, the Norwegian Communications Authority, are first known as a regulator, of course. But in our mandate, it’s very clear that we have a mandate to drive sustainability, innovation and value creation also across the sector. That is also related to equipment and services and now also, of course, the data centers. So, we find it helpful to view the green and digital transitions as one continuous innovation journey. So, that is why also digital sustainability and innovation is one of our core strategic pillars at ENCOM. So, first of all, I think we, and it might be obvious, but the governance must be knowledge-based. That is core. So, as also we have informed about today, we began by commissioning a full lifecycle analysis of the footprint of the Norway networks, data centers and devices. So, we have a shared reference point that we can start talking around. We have a common language. That is very important. Second, the governance must also stimulate innovation and business growth. So, we see and research shows that sustainability drives competitive advantage. So, regulators need to understand emerging technologies and even co-create solutions. solutions. And at ENCOM, we try to cooperate also with the industry, with the telecom industry. And I have one example of that, that we are also, we have the tower companies where we learn how the tower site batteries may be used to stabilize the power grid. That is one example. So, and third, we also must strengthen partnership, as also Kayane Tong said, and international cooperation. So, we have a strong tradition of working with industry and NRAs, but we also must use the multi-stakeholder model to increase this. So, knowledge, innovation and collaboration, I think that is three words.

Natalie Becker Aakervik: Great. Three great keywords to take forward into this conversation. Kenneth, over to you.

Kenneth Fredriksen: Well, I think from our perspective, obviously, it’s not only about sustainability for the society, it’s also about making sure that we can sustain a sustainable industry for ourselves. I mean, unless we are able to continue to innovate and drive down the energy efficiency of our equipment, our industry itself is not going to be sustainable. But as I also said in my presentation, it’s extremely important to create ecosystems to maximize the potential of the handprint of ICT technology. I mean, and I think also awareness of the energy used of such technology is extremely important among a broader audience. I always use a very, you know, it’s starting to become an old fun fact, but back in 2017, we did an assessment on, you know, trying to find examples to understand better how much energy is actually used. And for those who remember the gangbang style video on YouTube, that video by 2017 had consumed equal CO2. emissions to the taxi industry in Germany in one year. And that puts things into perspective and was kind of a wake-up call, I think, also for the industry to understand that we have to continue to innovate if we are going to be able to meet the data explosion. Thank you so much and that really does paint a

Natalie Becker Aakervik: picture very clearly for us of the challenge and the task ahead and why these conversations are so important. Coming over to you, Anton. Yeah, I would love to bring in another thought when talking about sustainable digital

Anton Aschwanden: development. I think, obviously, it’s an ecological aspect but it’s also a social aspect and we’re today super privileged to be here in Norway where you’re one of the leading digital nations. But it’s also a reality that 2.6 billion people on this planet Earth are still offline. So I think this is, when talking about sustainable digital development, we also need to think on how we can assure that this current digital divide is filled with sustainable infrastructure, obviously, but that we also make sure that this digital divide doesn’t suddenly become an AI divide. And those are our current topics we’re working on. So speaking about infrastructure, I think it’s key not only to think about the Northern Hemisphere, so to say, but also, and this morning there was a debate about subsea cables in the other room, that we think on how we connect people. And as Google, this is one of the priorities we’re having, like connecting the African continent as an illustration, but then also like building subsea cables where they do not exist right now, for example, between the Southern American continent and Africa and Africa directly going over to the Pacific region without going over the over the north. I think this is really key that we not only think about like ecological questions, but also like about the investments, doing it obviously in a sustainable way. And then the skilling, it was already mentioned there. I think in this age, when talking to people working at Google, they ask me, what should I do with this AI thing? And I just say, take the basic classes, take their offerings from Google, like prompting classes, AI essentials. But there are many, many offerings.

Natalie Becker Aakervik: Go out, try it out, do the upskilling. I think this is my key message here, that we really have this sustainable development in a global sense. Anton, thank you for your contribution. I’d like to come over to you now, Daniel. You raised some very interesting points in your talk as well. And how would you answer this question? What kind of governance is needed to ensure that digitalization drives net positive sustainability, innovation and value creation? Yeah, I think that’s a great question.

Daniel Dobrygowski: It’s really a question of measurement and decision making. I think sometimes global cooperation is difficult, right? Sometimes it’s easy, like it is on this panel, right? We all sort of agree on where we want to see the world in the future. We all sort of agree on how important sustainability is. But the real question is, how do you get there? And that’s a question of the decisions we make. We’re unlikely to slow the pace of innovation, right? But as Minister Tong said, we can still steer it. And it’s better steering that we need. In order to have better steering, we need better inputs. And this gets to what my colleague John Elvin said. We need better reference points among all the stakeholders who are developing these technologies, who are making decisions about these technologies. And one of those reference points are accurate measurements about how much new technologies are impacting our sustainability goals, how much they’re either, how much the footprint costs, how much the handprint can alleviate. This is fundamentally the question that we all need to work together to figure out what good looks like and then how do we measure whether we’re achieving that?

Natalie Becker Aakervik: Thank you so much, Daniel. Tropician Pinnilla, World Benchmarking Alliance, what do you say to that question?

Pernilla Bergmark: So I agree very much with what has been said that the digital divide is there and of course there has to be access to digital technologies for all, not only for the wealthy part of the world. But at the same time, I think companies need to come to, especially the handprint side, and not so much from a marketing perspective, but rather to look into what are the opportunities, but what are also the risk, which are the solutions we should use, and how can we make sure to maximize those, and also which are the solutions, or not solutions, maybe the wrong word, but what are the services that we should avoid? So there is one infrastructure layer, but there is also the service layer on top that we need to be careful about.

Natalie Becker Aakervik: Thank you so much, Pinnilla, from the World Benchmarking Alliance for that response. And then I’d like to go over to Jan, bulk infrastructure, how would you answer that question?

Jon Gravrak: Well, I think there’s many questions being addressed here, but I think I’m coming back to, I mean, our digital society having to be linked with the energy system. I think they’re so closely interlinked to begin with, that we have to see them almost as one. And I think as we’ve learned through, I think, generations, the energy system is not a local one. It works best when you can think about it, at least in continental terms, or at least maybe even global terms. And I think that’s some of the thinking we need to apply now that we integrate the digital system into that as well. And for sitting here in Norway, I think our role in Europe is very important. And I think we are fortunate enough to have, you know, surplus of renewables. energy in this part of the world and we’re fortunate enough to be quite close to continental Europe but also with a coastline where our next neighbor is actually North America if you cross the Atlantic and and if you even go let’s say across the Arctic then then you actually hit Asia. I think there’s something here that I think there need there’s a need for bold leadership to see how this digital system could evolve not tomorrow but but actually to serve you know our planet for for generations ahead and then I think we need to think about how to build those power-consuming data centers in places where they can piggyback on what nature is already offered us and where we can maybe build new renewable energy and so on and fuel let’s say the digital needs via fiber networks in a slightly different way and I think that has to be seen in side by side by sovereignty issues which is another part of this but I think we need to overcome both right we need to build local solutions with the right robustness for our local societies but we also need to work together to find the truly sustainable solutions in between countries and even in between continents.

Natalie Becker Aakervik: Thank you so much for for that answer Jan. Now our next question is diving a little bit deeper into this I’m going to give the word again to Minister Tung to answer the question and then I’m going to ask our panelists if they would like to answer to that question but we have a number of other deeper questions that are potentially more specific to your industries that I’m also going to pose so you’ll have an option but Minister Tung also and the next question I’d like to ask you is how can we reduce the environmental footprint of digital infrastructure while maximizing the handprint and its positive contributions

Karianne Tung: to society and and sustainability? Thank you well It’s easy and it’s hard, because as a minister or as a politician, you then have to be able to have two thoughts in your head at the same time. And that can be hard enough sometimes. You have to have the thought that you are going to reduce emissions directly from the digital infrastructure and from digitalization. And then you have to thought that you have to use digitalization as a tool for making the green and digital transformation possible. And being a politician, being reelected, you have also to get the people on board, to be able to have these two thoughts at the same time. So easy to say, maybe a little bit harder to do in practice as well. But a foundation for doing this exercise about two thoughts is knowledge. And I think my colleague here, Jon Avin, mentioned it earlier also. Knowledge is crucial for being able to develop good policies and good plans, good strategies, and ENCOM have now made the lifecycle analysis of emissions from digitalization in Norway. We are the second country in the world. So using that knowledge, the benchmark and the measurements that ENCOM has mentioned, I think it’s crucial for being able to do both at the same time, because we need to have success with digitalization. We need to use AI and other technologies for our healthcare services. We need to use it to make our businesses excel. We need to use it to keep secure and safe and to collaborate across borders internationally as well. So based on the knowledge, which the report and lifecycle analysis from ENCOM, I will use that here in Norway to make good policies. We are now a couple of days, couple of weeks away from launching our new data center strategy. We know data centers uses a lot of energy today, but we’ll use more in the years to come. So make data centers efficient, energy efficient. sustainable is important, but also data center is important for keeping security, digital sovereignty, and so forth. And I think there are some research shown here in Norway, that if you are able to reuse the excess heat from data centers, you will reduce the use of 10% from power, from energy in Norway as well. So making the data center efficient is important for us, but also making the data centers good so that we can have safe digital infrastructures in the years to come.

Natalie Becker Aakervik: Thank you so much for answering that question, Minister, and some very salient points there. So I would like to pose that question to the panel, but keeping in mind that this is not an easy challenge. This is not an easy challenge we’re talking about. This is challenging for real, as somebody said earlier on. So the question then about how can we actually reduce the environmental footprint of digital infrastructure while maximizing the handprint, I would like to pose to the panel if you would like to answer that. The other questions or potentially things that you can touch on inside that is innovation, let’s say in digitalization, including lots of new and emerging technologies such as AI, blockchain, and IoT. What is the link between sustainability and innovation? How do we make that bridge? Also value creation, keeping the idea of net positive in mind. How can we make sure that data centers contribute to societies where they operate and create lasting value? And then the question on data, what gets measured gets done. That we know. So then do we have the right frameworks in place to measure the footprint and handprint? And then awareness. Mindset, what kind of mindset is needed? And values for sustainability leaders to shape digital infrastructure for the next generation? And what roles do the variety of stakeholders? play in ensuring trustworthy, just and sustainable digital innovation? I’m going to go over to you again, Jan, because I know that mindset and stakeholders were potentially things that you wanted to touch upon in answering your question. Please go ahead.

Jon Gravrak: Thank you so much. I think these are big questions and we need to think big thoughts. So, I mean, our sustainability framework is about location, which I spent a lot of time on, then it’s obviously to build, let’s say, data centers which consume as limited energy as possible with the support of the suppliers here. And then we also think around the ecosystem. How can data centers be a good citizen, you know, in a very local ecosystem? And I think the third one is interesting here, because the minister talked about excess heat, right, and our ability to make reuse of that heat. And I think it’s not a new problem, because all power-consuming industries have for 120 years had the same problem, that heat is a byproduct of the core process and it’s released to the atmosphere. But I think our kids, they will not accept that we now build a new industry without making sure we use the energy twice. I think that’s the difference. So we are the ones that have to resolve it, or at least we’re looked upon by our kids that the ones that should resolve it and not leave it to them. And I think it’s a big problem. So, yeah, the easy part is maybe reuse some of that heat in the big cities to heat up apartments and so on. But it’s not really a great solution, because there’s not enough need for heat in the cities. And by the way, the data centers shouldn’t reside next to the big cities. They should reside close to the power in rural areas. So in my opinion, the solution here is to build industrial use of heat. You need to find and stimulate opportunities for other industries that actually need heat. It could be breweries. could be food production, could be protein production, where they co-locate with the big data centers. Then we can solve many problems in one go.

Natalie Becker Aakervik: Thank you so much for that. Thank you for that. Daniel, what would you like to touch on in answering that question? And I can repeat the question, it’s how do we reduce the environmental footprint of digital infrastructure while maximizing the handprint? But is there anything in particular that you want to touch on? Do we have the right frameworks, data, value creation, innovation, awareness? Are we aware enough, are we accepting the challenge? How difficult is this, really? Yeah, I think this gets back to what Jan was pointing out.

Daniel Dobrygowski: For a long time, industries that use a lot of energy also generate a lot of waste heat. Why hasn’t that been collected? I think the issue is that the incentives haven’t aligned. In a lot of countries, especially ones that are heavily invested in developing AI and other innovations, electricity is fairly cheap and waste heat is essentially free. How can we realign incentives to ensure that there is the kind of business case you want to see in order to capture that heat, to think ahead about what we’re gonna do for these data centers? Or how do you incentivize more efficient uses of energy? I think in some cases, that takes care of itself because more efficient AI models generally cost less, so therefore the electricity costs less, there’s a cost savings there. But how do you incentivize the use of that sort of heat? I think that’s the big question we need to answer in order to get through the sustainability issues that this raises and maybe increase the handprint at the decrease of the footprint and the nomenclature we’ve been using. Thank you.

Natalie Becker Aakervik: Thank you for that, Daniel. Then also, I’d like to come back to you, Kenneth. How would you like to answer the question and how do you want to dive more deeply into this so that we get to the nitty gritty and have some actionable takeaways?

Kenneth Fredriksen: I think it’s important to keep in mind that this is both a global challenge and also a local. challenge, both in negative and positive terms. I think it’s extremely important that Europe, for example, doesn’t end up over-regulating itself, like we perhaps have done in the past, to kind of handicap ourself in terms of realizing the handprint potential. Because these are two very interconnected things. Unless you are properly doing the footprint job, you cannot realize the handprint potential. But if you are too restrictive on the footprint part, you’re going to limit your handprint opportunities as well. And in order to finance the innovation and continuous development of the handprint, you need to have value creation. And that is on the handprint part. So it’s very connected. And I think we, as Kariana said, we need to be able to have several thoughts in our head at the same time to understand the overall picture and the total picture of this. Because if we only focus on reducing the footprint part, we’re going to limit ourselves a lot on the handprint, especially in the short term. Because I think a lot of the potential will be realized longer down the road. And you need some investments, both in terms of the transition period and, of course, also in terms of money and resources.

Natalie Becker Aakervik: Absolutely. Minister Steng, I’d like you to keep that in mind, that question, as you talk about keeping two thoughts in mind. And, Vanilla, if I may come over to you. Answering that question, how do we minimize the footprint, maximize the handprint, but looking specifically, then, at frameworks as well. Data, for example, what gets measured gets done. Do we have the right frameworks to measure the footprint and the handprint? And to really understand and steer towards this net positive effect that we’re talking about.

Pernilla Bergmark: I think, basically, we have been working on the methodologies and the standards for a long time. So I would say the basic standards are probably there, but it’s also about using them to make claims, but then also to supervising what’s happening, what is the data coming out, and to learn from that. So, as I mentioned in my presentation, of course, we see, when we benchmark companies, that there are leaders that are doing really well, but then it goes all the way down to the bottom, and the sector as a whole is not really where it needs to be. And I think those initiatives, like in Norway, and also previously with ASEP, which, I know quite well from before, I think that those are good, but there are also methodological challenges and learnings to to get from those.

Natalie Becker Aakervik: Thank you. Thank you so much for that. I wanted to hop over to to to Anton from from Google and just also to to ask about that question, how do we do this for real? It’s a challenge, obviously. And do you want to bring in a strand around innovation as well and to answer it with that? Yeah, I think it’s really about collaboration.

Anton Aschwanden: We have now a significant present with with infrastructure here in Europe, too. And like not a single company or a single actor or sector can do that alone. So I think it’s about like sharing best practices as well. I was mentioning that that we are about to deepen our roots here in Norway with with an upcoming data center in and she in in in the telemark country. But we already have other data centers in the region. I mean, I’m in Finland and like thinking about like, how can you better cool the infrastructure to like in this case with water cooling and then also share those best practices? I think this is this is this is one element in this really pursuit of increase the efficiency of of of those infrastructures. And and we’re doing our part there. And then it’s also collaboration in the sense of having access to to better data. I was mentioning some cases with the eco routing previously in my speech. But there are also platforms like environment inside Explorer where like local communities, cities can get more data on where they can improve their their their own system, for example, heating or transport. So I think this this is really. And that’s why we’re so so so happy that that the Norwegians are taking the lead here, that that’s in the true multistakeholder spirit to to exchange solutions and best practices. And again, I can only invite you to come to our booth afterwards where we have some of the tools I mentioned before.

Natalie Becker Aakervik: Thank you, Daniel. And we do invite you to visit all of the booths outside. We had a fantastic exhibition outside and it’s going to be there all week, so I hope you have time. The word data keeps popping up, so what gets measured gets done. Do we have the right frameworks? Do we really understand and steer towards what it takes?

John Eivind Velure: I’m going to pose that question to you, Jan Eyvind. What do you have to say on that? I think I’m the first to admit that this is a challenging task. It’s difficult. And also as a traditional regulator, we are not used to actually put this high on the agenda. We have done so in the last couple of years and now we are starting to see some results, putting in some effort. But I think that is a key issue that regulators, governments need to put this high on the agenda to start. And then you also need to seek knowledge because our start here with this analysis, of course we have used a methodology, but we need more. We need to learn from each other, we need to share data and we need to develop this so that we have a common basis. The politicians need this to also take decisions. And I think we have just started here and this needs to be developed further. And we are too small to do this by ourselves. So by meeting here, I think that is also spreading the word. It’s very important. And to initiate further collaboration, that is the key to succeed, I think.

Natalie Becker Aakervik: Thank you so much, Jan Eivind. And then coming over to you, Minister Thang. I knew there were potentially several things you wanted to respond to, so to give you the opportunity, do you want to start? do so and also in terms of awareness and accepting the challenge how aware are Norway and other nations and companies when it comes to achieving this net positive digital sustainability?

Karianne Tung: Thank you. Norway has high ambition when it comes to digitalization but also cutting emissions and to be sustainable and we want to lead the way. So we are doing a couple of things already. I just want to mention them quickly. First we are demanding from industries also new data centers that they have to do analysis on how they can reuse their heat already to try to move over from just wasting heat and to reuse it in neighborhoods or for new industries as well. So that is one thing we have to do better when it comes to the circular economy because today most emission from digitalization is not from data centers but they are from mobile phones, iPads and like hardware. So to be able to keep your hardware longer to fix it if it’s broken and so forth to work with the citizens and their mindset on how they use things are important. And also we are now trying to prohibit mining of cryptocurrency in Norway because we can see that mining is not energy efficient. So that’s what we are trying to do so that we can keep the data center that we really need in the future for making digitalization possible in our society. So we are getting there. We are doing some hard action and some more soft actions but we need to do more to be sure that we are able to get that positive in the future. Thank you so much, Minister Tung. And on that note I would like to say thank you so much to our esteemed panel and thank you to our audience also for joining us.

Natalie Becker Aakervik: We truly appreciate it. wondering if there was anyone in the panel who wanted to contribute just a 60 second kind of wrap-up or 30 to 60 second wrap-up final final thoughts if not we’ll wrap up but I’m going to give you the opportunity to do so.

Jon Gravrak: Yeah I’ll take my chance. I think my wrap-up is simply that we’re still we have to accept that we’re still at a very humble beginning of what we’re building now of digital societies and my encouragement is that to think about that as an integrated part of our energy system and to do our kids a favor and make this one a sustainable one. Thank you so much please go ahead. I’m gonna be

Kenneth Fredriksen: short I think in order to solve any challenge you need to continue to innovate and the best way of innovating is to make sure you have proper competition so I think innovation and competition is going to be a key solution to these challenges. Thank you. Daniel. I guess I’ll just contribute to

Daniel Dobrygowski: one one of the words we talked about a little bit was justice. We might refer to it as fairness in the forums framework and I’m sure there’s some Rawlsian legal philosophers is like oh they’re the same thing I see you but the that’s the point of this right to talk to to innovate in an unsustainable way it’s not fair it’s not just to people aren’t sitting here to people who are not born yet to future generations really need to put this in the context of what’s fair and what’s just and work together in order to create both the incentives and the measurements in order to have a sustainable innovation society going forward. Thank you so much for those parting words. Daniel. Just to add of

Natalie Becker Aakervik: course foster innovation make business cases but perhaps you also need some

Anton Aschwanden: regulation. There we go. I saw you raise your finger. Anton. Yes very grateful for this discussion. I think it’s crucial to look at the footprint but let’s also put things into perspective like right now the data set consumption worldwide according to the International Energy Agency is 1.5 percent. of global electricity. So I’m talking of everything, not our operations. Obviously it’s a challenge, it’s increasing, we need to work on it. But let’s not forget about like, this is the foundation of like all economies, society and all the potential solution. So my request would really be to see the opportunities of AI for good, also within the UN system. Now we have IGF this week, and in two weeks AI for good in Geneva, really see what’s happening and what potential solutions are out there.

Natalie Becker Aakervik: Thank you so much Anton. Minister Karianne Tung.

Karianne Tung: Yeah, and to follow up on Anton as well, I often say, and people remember, I think that one plus one is more than two, because it’s about cooperation. The government can do it alone, parliaments can do it alone, business sector can do it alone, citizens can’t do it alone. We all have to do it together within the framework of cooperation, but I also believe in the framework of regulation. Regulation which is not tight or too tight, but regulation that can define and make innovation possible. Thank you so much, Minister Tung

Natalie Becker Aakervik: And thank you so much to our esteemed panelists, our great speakers from all around the world who have made time to be here and have these very important conversations that affect all of us, that affect all of us. So thank you so much, our audience here, our audience globally. Let’s give our panelists a warm round of applause. Thank you so much for joining us. Thank you very much. Thank you. Thank you so much. Okay, then you might have to come down.

Agreement points

Multi-stakeholder collaboration is essential for digital sustainability

Speakers

– Natalie Becker Aakervik
– John Eivind Velure
– Daniel Dobrygowski
– Karianne Tung

Arguments

Multi-stakeholder approach needed across public and private sectors

Governance requires knowledge-based approach, innovation stimulation, and international partnerships

Multi-stakeholder collaboration essential as no single actor can solve challenges alone

Need cooperation across sectors and borders with clear goals and standardization

Summary

All speakers agree that digital sustainability challenges cannot be solved by any single entity and require coordinated efforts across public and private sectors, regulators, innovators, and international boundaries.

Topics

Legal and regulatory | Development | Infrastructure

Knowledge-based governance with proper measurement frameworks is crucial

Speakers

– John Eivind Velure
– Nicolai Lovdal
– Daniel Dobrygowski
– Karianne Tung

Arguments

Governance requires knowledge-based approach, innovation stimulation, and international partnerships

Norway conducted full lifecycle analysis as foundation for evidence-based policy

Need better reference points and measurements to guide decision-making

Need cooperation across sectors and borders with clear goals and standardization

Summary

Speakers consistently emphasize that effective governance must be grounded in solid data and evidence, with proper measurement frameworks to guide policy decisions and create common reference points.

Topics

Legal and regulatory | Infrastructure | Development

Innovation and efficiency improvements are key to sustainability

Speakers

– Kenneth Fredriksen
– Anton Aschwanden
– Jon Gravrak

Arguments

Innovation and competition are key solutions to sustainability challenges

AI models now 100 times more energy efficient than earlier generations

Need industrial co-location solutions for heat reuse beyond urban heating

Summary

Industry representatives agree that continuous innovation and technological efficiency improvements are fundamental to achieving digital sustainability goals.

Topics

Infrastructure | Economic | Development

Strategic location of data centers near renewable energy sources

Speakers

– Jon Gravrak
– Anton Aschwanden
– Karianne Tung

Arguments

Location of data centers matters – should be near renewable energy sources in northern regions

Digital sustainability must address both ecological and social aspects

Norway requiring new data centers to analyze heat reuse opportunities

Summary

Speakers agree that data center placement should be strategic, considering proximity to renewable energy sources and opportunities for energy efficiency and heat reuse.

Topics

Infrastructure | Development | Economic

Similar viewpoints

Both Norwegian officials present a unified approach to digital sustainability measurement, emphasizing the need for comprehensive frameworks that account for both positive and negative impacts of digitalization.

Speakers

– John Eivind Velure
– Nicolai Lovdal

Arguments

Net positive means handprint benefits minus footprint costs, adjusted for rebound effects

Developing open-source dashboard for measuring digital sustainability impact

Topics

Infrastructure | Legal and regulatory | Development

Industry representatives from major technology companies share optimistic views about the handprint potential of digital technologies, emphasizing significant positive impacts that can outweigh negative footprints.

Speakers

– Kenneth Fredriksen
– Anton Aschwanden

Arguments

ICT solutions can deliver 10x improvement in other industries vs ICT emissions

AI can help mitigate 5-10% of global greenhouse gas emissions through optimization

Topics

Economic | Infrastructure | Development

Both researchers present critical assessments of current progress, highlighting gaps between expectations and reality in both public trust and corporate performance on sustainability targets.

Speakers

– Daniel Dobrygowski
– Pernilla Bergmark

Arguments

Trust in AI low with only 44% comfortable with business AI uses

Only 20% of assessed companies are on track to meet emission targets

Topics

Economic | Legal and regulatory | Infrastructure

Unexpected consensus

Need for regulation that enables rather than restricts innovation

Speakers

– Kenneth Fredriksen
– Karianne Tung
– Anton Aschwanden

Arguments

Risk of over-regulation limiting handprint potential in Europe

Need regulation that enables innovation rather than restricts it

Digital sustainability must address both ecological and social aspects

Explanation

Surprisingly, both industry representatives and government officials agree on the need for balanced regulation that facilitates rather than hinders innovation, showing alignment between private and public sector perspectives on regulatory approach.

Topics

Legal and regulatory | Economic | Infrastructure

Acknowledgment of current inadequate progress despite technological advances

Speakers

– Pernilla Bergmark
– Anton Aschwanden
– John Eivind Velure

Arguments

Current sector performance shows emissions not declining as required

Data centers consume 1.5% of global electricity but provide foundation for all economies

International collaboration essential for developing common standards

Explanation

Despite representing different perspectives (critical researcher, industry advocate, and regulator), speakers unexpectedly converge on acknowledging that current progress is insufficient and more coordinated effort is needed.

Topics

Infrastructure | Economic | Development

Overall assessment

Summary

Strong consensus exists on the need for multi-stakeholder collaboration, knowledge-based governance, strategic infrastructure placement, and balanced regulation that enables innovation while ensuring sustainability.

Consensus level

High level of consensus with speakers from different sectors (government, industry, research, international organizations) aligning on fundamental principles. This suggests a mature understanding of digital sustainability challenges and broad agreement on solution approaches, which bodes well for coordinated action and policy development.

Different viewpoints

Regulatory approach to digital sustainability

Speakers

– Kenneth Fredriksen
– Karianne Tung
– Anton Aschwanden

Arguments

Risk of over-regulation limiting handprint potential in Europe

Need regulation that enables innovation rather than restricts it

Need investment in subsea cables and connectivity for underserved regions

Summary

Kenneth warns against over-regulation that could handicap Europe’s ability to realize handprint potential, while Minister Tung advocates for specific regulatory measures like prohibiting cryptocurrency mining and requiring heat reuse analysis. Anton suggests some regulation may be needed alongside innovation.

Topics

Legal and regulatory | Economic | Infrastructure

Priority focus between footprint reduction and handprint maximization

Speakers

– Kenneth Fredriksen
– Pernilla Bergmark

Arguments

ICT solutions can deliver 10x improvement in other industries vs ICT emissions

Current sector performance shows emissions not declining as required

Summary

Kenneth emphasizes the significant handprint potential and warns against being too restrictive on footprint, while Pernilla focuses on the concerning reality that the sector is not meeting emission reduction targets and questions handprint claims.

Topics

Development | Infrastructure | Economic

Assessment of current progress and future potential

Speakers

– Anton Aschwanden
– Pernilla Bergmark

Arguments

AI models now 100 times more energy efficient than earlier generations

AI-driven companies increased operational emissions by up to 150%

Summary

Anton highlights significant efficiency improvements in AI technology and emphasizes the 1.5% global electricity consumption perspective, while Pernilla presents data showing AI-driven companies have dramatically increased their operational emissions.

Topics

AI and Emerging Technologies Impact | Infrastructure | Economic

Unexpected differences

Perspective on current AI energy consumption impact

Speakers

– Anton Aschwanden
– Pernilla Bergmark

Arguments

Data centers consume 1.5% of global electricity but provide foundation for all economies

AI-driven companies increased operational emissions by up to 150%

Explanation

This disagreement is unexpected because both speakers are presenting data-driven perspectives, yet they reach different conclusions about the urgency of the AI energy consumption problem. Anton emphasizes the relatively small percentage and foundational importance, while Pernilla highlights the dramatic increase in emissions from AI companies.

Topics

AI and Emerging Technologies Impact | Infrastructure | Economic

Overall assessment

Summary

The main areas of disagreement center on regulatory approaches (market-driven vs. policy-driven solutions), the balance between footprint reduction and handprint maximization, and assessments of current progress versus future potential in AI energy efficiency.

Disagreement level

Moderate disagreement with significant implications. While speakers share common goals of achieving net positive digital sustainability, their different approaches could lead to conflicting policy recommendations. The disagreements reflect broader tensions between industry perspectives emphasizing innovation and efficiency gains versus regulatory/academic perspectives emphasizing the need for immediate emission reductions and stronger oversight.

Partial agreements

Similar viewpoints

Both Norwegian officials present a unified approach to digital sustainability measurement, emphasizing the need for comprehensive frameworks that account for both positive and negative impacts of digitalization.

Speakers

– John Eivind Velure
– Nicolai Lovdal

Arguments

Net positive means handprint benefits minus footprint costs, adjusted for rebound effects

Developing open-source dashboard for measuring digital sustainability impact

Topics

Infrastructure | Legal and regulatory | Development

Industry representatives from major technology companies share optimistic views about the handprint potential of digital technologies, emphasizing significant positive impacts that can outweigh negative footprints.

Speakers

– Kenneth Fredriksen
– Anton Aschwanden

Arguments

ICT solutions can deliver 10x improvement in other industries vs ICT emissions

AI can help mitigate 5-10% of global greenhouse gas emissions through optimization

Topics

Economic | Infrastructure | Development

Both researchers present critical assessments of current progress, highlighting gaps between expectations and reality in both public trust and corporate performance on sustainability targets.

Speakers

– Daniel Dobrygowski
– Pernilla Bergmark

Arguments

Trust in AI low with only 44% comfortable with business AI uses

Only 20% of assessed companies are on track to meet emission targets

Topics

Economic | Legal and regulatory | Infrastructure

Key takeaways

Net digital sustainability requires achieving net positive outcomes where the handprint (positive impacts) exceeds the footprint (negative impacts) adjusted for rebound effects

Knowledge-based governance is essential – Norway’s lifecycle analysis provides a foundation for evidence-based policy and common reference points

Multi-stakeholder collaboration across sectors and borders is critical as no single actor can solve sustainability challenges alone

Digital infrastructure location matters significantly – data centers should be positioned near renewable energy sources, particularly in northern regions

Innovation and competition are key drivers for solving sustainability challenges, but must be balanced with appropriate regulation

AI and emerging technologies present both challenges (increased energy consumption) and solutions (potential to mitigate 5-10% of global emissions)

Waste heat reuse from data centers represents major untapped potential, requiring industrial co-location solutions beyond urban heating

The digital divide (2.6 billion people offline) must not become an AI divide, requiring sustainable infrastructure development globally

Current sector performance is insufficient – emissions are not declining at the required 45% rate by 2030, with only 20% of companies on track

Resolutions and action items

Norway will launch a new data center strategy requiring heat reuse analysis for new facilities

Development of an open-source dashboard for measuring digital sustainability impact in Norway

Prohibition of cryptocurrency mining in Norway due to energy inefficiency

Continued international collaboration through multi-stakeholder forums like IGF

Industry commitment to sharing best practices and developing common standards

Focus on circular economy approaches for device lifecycle management

Unresolved issues

How to create proper business incentives for waste heat capture and reuse when electricity is cheap

Balancing innovation needs with sustainability requirements to avoid over-regulation limiting handprint potential

Developing accurate methodologies for measuring handprint effects across different sectors

Addressing the challenge of cherry-picking in sustainability studies and avoiding double counting

Scaling local solutions to continental and global levels while maintaining sovereignty

Creating frameworks that account for rebound effects in sustainability calculations

Establishing trust in AI technologies when only 44% of people are comfortable with business AI uses

Suggested compromises

Regulation should enable innovation rather than restrict it – finding the balance between necessary oversight and innovation freedom

Thinking about digital and energy systems as integrated rather than separate – treating them as ‘digital energy’

Accepting that multiple thoughts must be held simultaneously – reducing direct emissions while using digitalization as a tool for broader sustainability

Focusing on both ecological and social aspects of sustainable digital development to address global inequities

Balancing short-term footprint concerns with long-term handprint potential, recognizing that investments are needed for transition periods

So if you add a handprint, subtract the footprint and adjust for the rebound effect, only then can we know if we achieve a net positive result worth celebrating.

Speaker

Jan Eivind Velure

Reason

This comment introduced a crucial mathematical framework for understanding net digital sustainability by clearly defining the three components needed for true measurement. The inclusion of the ‘rebound effect’ – where efficiency gains lead to increased usage – was particularly insightful as it challenges simplistic calculations of digital benefits.

Impact

This framework became the conceptual foundation for the entire discussion, with subsequent speakers referencing footprint vs handprint throughout. It elevated the conversation from vague sustainability goals to concrete measurement methodology and influenced how other panelists structured their presentations.

I by that challenge a bit the previous speakers by saying that the handprint is not only about avoiding emissions in other sectors but it can also be adding emissions in other sectors so that’s an important thing to remember.

Speaker

Pernilla Bergmark

Reason

This was a critical intervention that challenged the prevailing optimistic narrative about digital technology’s positive impacts. By pointing out that digital solutions can also increase emissions in other sectors, she introduced necessary nuance and skepticism to the discussion.

Impact

This comment shifted the tone from predominantly celebratory to more analytically rigorous. It forced other participants to acknowledge the complexity of measuring true impact and led to more honest discussions about the challenges of achieving net positive outcomes.

But I think our kids, they will not accept that we now build a new industry without making sure we use the energy twice. I think that’s the difference. So we are the ones that have to resolve it, or at least we’re looked upon by our kids that the ones that should resolve it and not leave it to them.

Speaker

Jon Gravrak

Reason

This comment powerfully reframed the sustainability challenge in generational and moral terms, moving beyond technical solutions to ethical responsibility. It personalized the abstract concept of sustainability by invoking intergenerational justice.

Impact

This shifted the discussion from technical feasibility to moral imperative, adding urgency and emotional weight to the conversation. It influenced subsequent speakers to consider not just what’s possible but what’s necessary from an ethical standpoint.

History has taught us that we cannot innovate, at least not over the long term, if we lose trust. That means we need to do better about how we ensure that people’s expectations guide our decisions around technology.

Speaker

Daniel Dobrygowski

Reason

This comment connected sustainability to the broader issue of digital trust, introducing the crucial insight that technical solutions alone are insufficient without public acceptance. The reference to historical precedent added weight to the argument.

Impact

This broadened the discussion beyond environmental metrics to include social acceptance and governance, leading to more nuanced conversations about stakeholder engagement and the need for transparent, participatory approaches to digital sustainability.

Unless you are properly doing the footprint job, you cannot realize the handprint potential. But if you are too restrictive on the footprint part, you’re going to limit your handprint opportunities as well.

Speaker

Kenneth Fredriksen

Reason

This comment articulated a key tension in digital sustainability policy – the balance between regulation and innovation. It highlighted the interconnected nature of environmental impact and technological advancement, challenging binary thinking about regulation vs. innovation.

Impact

This comment influenced the policy discussion by introducing the concept of regulatory balance. It led Minister Tung and others to discuss ‘smart regulation’ that enables rather than constrains sustainable innovation, shifting the conversation toward more sophisticated governance approaches.

So I think this is, when talking about sustainable digital development, we also need to think on how we can assure that this current digital divide is filled with sustainable infrastructure, obviously, but that we also make sure that this digital divide doesn’t suddenly become an AI divide.

Speaker

Anton Aschwanden

Reason

This comment expanded the sustainability discussion to include global equity and justice, connecting environmental concerns to social sustainability. The concept of preventing an ‘AI divide’ was particularly prescient given current technological developments.

Impact

This broadened the scope of the discussion from primarily environmental concerns to include social justice and global equity. It influenced subsequent conversations about the need for inclusive approaches to digital sustainability that consider both developed and developing nations.

Overall assessment

These key comments fundamentally shaped the discussion by introducing critical complexity and nuance to what could have been a superficial conversation about ‘green tech.’ The mathematical framework established early on provided structure, while subsequent challenges and expansions prevented the discussion from becoming overly optimistic or narrow. The conversation evolved from technical presentations to a more sophisticated dialogue that balanced environmental, social, economic, and ethical considerations. The interplay between these comments created a multi-dimensional understanding of digital sustainability that acknowledged both opportunities and challenges, ultimately leading to more realistic and actionable insights about governance needs and stakeholder responsibilities.

How can we actually measure the handprint effectively, given its complex and uncertain nature?

Speaker

Nikolai Lovdal

Explanation

Lovdal acknowledged that measuring handprint is more challenging than footprint due to uncertainty and different methodological approaches, indicating this as an area requiring further development

How can we ensure that handprint studies avoid cherry-picking, double counting, and over-generous extrapolation?

Speaker

Pernilla Bergmark

Explanation

Bergmark highlighted methodological issues in current handprint studies and emphasized the need for more rigorous, comprehensive approaches to measuring positive impacts

How can we prevent the digital divide from becoming an AI divide?

Speaker

Anton Aschwanden

Explanation

Aschwanden raised concerns about ensuring equitable access to AI technologies globally, not just digital infrastructure, as a sustainability and justice issue

How can we create proper business cases and incentives for capturing and reusing waste heat from data centers?

Speaker

Daniel Dobrygowski and Jon Gravrak

Explanation

Both speakers identified the need to realign economic incentives to make heat reuse financially viable, as current cheap electricity costs don’t incentivize efficiency

How can we develop international collaboration frameworks for sharing the Norwegian dashboard methodology?

Speaker

Nikolai Lovdal

Explanation

Lovdal expressed interest in international collaboration and sharing their open-source dashboard approach, but specific frameworks for this collaboration need development

What are the most effective regulatory approaches that enable innovation while ensuring sustainability?

Speaker

Multiple speakers including Minister Tung and Anton Aschwanden

Explanation

The balance between regulation and innovation was discussed but specific regulatory frameworks that achieve both goals need further exploration

How can we better integrate digital infrastructure planning with energy system planning at continental or global scales?

Speaker

Jon Gravrak

Explanation

Gravrak emphasized the need to view digital and energy systems as integrated, but specific mechanisms for this integration at large scales require further research

What methodologies can accurately account for rebound effects in handprint calculations?

Speaker

Pernilla Bergmark

Explanation

Bergmark noted that rebound effects are often omitted from studies despite having substantial real-world impact, indicating a need for better methodological approaches

How can we develop standardized international metrics that align with existing frameworks like EU and ITU standards?

Speaker

Nikolai Lovdal and Jan Eyvind Velure

Explanation

Both speakers emphasized the need for common reference points and standardized approaches, but specific harmonization mechanisms need development

What are the most effective approaches for building industrial ecosystems around data center waste heat utilization?

Speaker

Jon Gravrak

Explanation

Gravrak suggested co-locating heat-using industries with data centers but specific strategies for creating these industrial ecosystems need further research

Summary

This panel discussion, titled “Nowhere to Hide, Accountability to Fight Global Ransomware,” brought together international experts to address the escalating global ransomware threat. Moderated by Giacomo Paoli Persi from UNIDIR, the panel featured representatives from Australia’s cyber affairs, El Salvador’s UN mission, Microsoft, and the Cyber Peace Institute. The discussion opened with alarming statistics showing ransomware attacks have increased by nearly 300% in the past year, with Microsoft tracking over 600 million cyber attacks daily.

Ambassador Brendan Dowling emphasized that ransomware has evolved from a cybersecurity issue into a national security threat, citing examples of attacks on small Pacific Island nations like Tonga’s health system and Australia’s Medibank incident affecting 10 million citizens. The panelists identified several key factors driving ransomware growth: the emergence of “ransomware as a service” models that lower barriers to entry, the use of cryptocurrency enabling anonymous payments, and the existence of safe havens where cybercriminals operate with impunity, particularly in Russia.

Julie Rodriguez Acosta highlighted how the attack on Costa Rica’s government infrastructure served as a wake-up call for Latin American nations, demonstrating ransomware’s potential to disrupt essential public services and undermine governance. The Cyber Peace Institute presented preliminary research findings showing that of 300 analyzed threat actors, 54% of those attributed were linked to Russia, with over 2,700 incidents recorded across 90 countries, primarily targeting healthcare and U.S. organizations.

The discussion emphasized that effective countermeasures require coordinated international cooperation, moving beyond viewing ransomware as merely a technical problem to recognizing it as a societal threat requiring whole-of-nation responses. Panelists stressed the importance of meaningful public-private partnerships, capacity building across different regions, and the need for states to implement stronger accountability mechanisms while supporting vulnerable organizations that lack cybersecurity resources.

Keypoints

## Major Discussion Points:

– **Ransomware as a National Security Threat**: The panel emphasized that ransomware has evolved beyond a cybersecurity issue to become a national security crisis affecting critical infrastructure, healthcare systems, and essential government services. Examples included attacks on Tonga’s National Health Information Service and Costa Rica’s government infrastructure, demonstrating how these attacks impact entire societies rather than just individual organizations.

– **Evolution of the Ransomware Ecosystem**: Speakers discussed how ransomware has become industrialized through “ransomware-as-a-service” models, lowering barriers to entry for cybercriminals. The threat landscape has been further complicated by cryptocurrency enabling anonymous payments, AI enhancing attack sophistication, and the emergence of specialized roles like initial access brokers.

– **Safe Havens and Attribution Challenges**: A significant focus was placed on how ransomware groups operate with impunity from certain jurisdictions, particularly Russia, where there are limited legal consequences. The panel discussed various accountability mechanisms including sanctions, law enforcement cooperation, and active disruption measures, while acknowledging their limitations.

– **Public-Private Collaboration Models**: The discussion explored successful partnerships between government and private sector entities, including Microsoft’s pilot program with Europol and Australia’s approach of embedding government cyber experts in private companies during incidents. The importance of information sharing and moving away from treating ransomware as a private sector problem was emphasized.

– **Data-Driven Analysis and Global Mapping**: The Cyber Peace Institute presented preliminary findings from their global ransomware mapping project, showing that 54% of attributed threat actors are linked to Russia, with healthcare being the most targeted sector. This research highlighted the need for evidence-based approaches to understanding and combating ransomware.

## Overall Purpose:

The discussion aimed to bring together diverse stakeholders (government officials, NGOs, private sector, and international organizations) to examine the evolving ransomware threat landscape and explore collaborative approaches to accountability, prevention, and response. The panel sought to move beyond viewing ransomware as merely a technical issue and instead frame it as a global security challenge requiring coordinated international action.

## Overall Tone:

The discussion maintained a serious and urgent tone throughout, reflecting the gravity of the ransomware threat. Speakers consistently emphasized the escalating nature of the problem and the inadequacy of current responses. While acknowledging some positive developments (like improved detection rates and international cooperation initiatives), the overall sentiment was one of concern about the growing sophistication and impact of ransomware attacks. The tone was collaborative and solution-oriented, with speakers building on each other’s points and emphasizing the need for multi-stakeholder cooperation, though there was an underlying frustration with the persistence of safe havens and the challenges of attribution and accountability.

Speakers

– **Giacomo Paoli Persi** – Head of the Security and Technology Program at the United Nations Institute for Disarmament Research (UNIDIR), Panel Moderator

– **Brendan Dowling** – Ambassador for Cyber Affairs and Critical Technology of Australia

– **Julie Rodríguez Acosta** – Minister Counselor for the Permanent Mission of El Salvador to the United Nations

– **Francesca Bosca** – Chief Strategy Officer at the Cyber Peace Institute

– **Chelsea Smethurst** – Director for Cyber Policy and Diplomacy at Microsoft

– **Nedalcho Mihay** – Cyber Threat Analyst with the Cyber Peace Institute

– **Vilda** – Criminologist (audience member who asked a question, identified herself as having written a master’s thesis on ransomware)

**Additional speakers:**

None identified beyond the speakers names list.

# Comprehensive Report: “Nowhere to Hide, Accountability to Fight Global Ransomware” Panel Discussion

## Executive Summary

This panel discussion, moderated by Giacomo Paoli Persi from the United Nations Institute for Disarmament Research (UNIDIR), brought together international experts to address the escalating global ransomware crisis. The discussion featured Ambassador Brendan Dowling (Australia’s Ambassador for Cyber Affairs and Critical Technology), Julie Rodríguez Acosta (Minister Counselor for El Salvador’s UN Mission, participating remotely from New York), Francesca Bosca (Chief Strategy Officer at the Cyber Peace Institute), Chelsea Smethurst (Director for Cyber Policy and Diplomacy at Microsoft), and Nedalcho Mihay (Cyber Threat Analyst with the Cyber Peace Institute).

The panel opened with alarming statistics demonstrating significant increases in ransomware attacks, with Microsoft tracking over 600 million cyber attacks daily and 415,000 attacks per minute. The discussion fundamentally reframed ransomware from a technical cybersecurity issue into a comprehensive national security threat requiring whole-of-society responses, with vivid examples ranging from attacks on small Pacific Island nations to major incidents affecting millions of citizens.

## Opening Context and Threat Landscape

### Why Ransomware Persists Despite Awareness

Giacomo Paoli Persi opened the discussion by addressing a fundamental question: why ransomware continues to proliferate despite being a well-known threat. He identified three key factors: technology factors that make ransomware accessible, the availability of commercial off-the-shelf tools that lower barriers to entry, and systemic failures in countermeasures that allow the threat to persist.

### Unprecedented Growth Statistics

Chelsea Smethurst provided sobering statistics from Microsoft’s threat intelligence, revealing that the company tracks “over 600 million cyber attacks daily” and “415,000 attacks a minute.” She reported a 275% increase in ransomware usage over 12 months, establishing the dramatic scale of the current threat landscape.

Francesca Bosca supplemented these figures with financial data, noting that according to Chainalysis, “victims paid more than 1 billion US dollars in 2023” to ransomware operators, demonstrating the massive economic impact of these attacks.

## Ransomware as a National Security Threat

### Real-World Humanitarian Impact

Ambassador Brendan Dowling provided compelling examples that demonstrated how ransomware transcends traditional cybersecurity boundaries to become a humanitarian crisis. His description of the situation in Tonga was particularly striking: “Last week, the National Health Information Service in Tonga was shut down by a ransomware attack. We have deployed a team from Australia to assist them with recovery… At the moment, in hospitals in Tonga, people are using paper and pen to deliver healthcare to their people.”

Even more profound was Dowling’s account of the cascading social consequences from Australia’s Medibank incident, which affected 10 million citizens. He revealed that “we saw women and families facing domestic violence from partners who weren’t aware of the health treatment that their spouse or their mother or their sister had been seeking, and had to be moved to safe houses to escape violent partners or former partners.” This example powerfully illustrated how data breaches can trigger real-world violence and endanger lives.

### Impact on State Capacity and Governance

Julie Rodríguez Acosta provided insights into how ransomware affects state capacity, drawing on the experience of Costa Rica’s government infrastructure attack. She explained that such attacks can “disrupt essential public services and compromise the confidentiality of citizens’ personal data,” ultimately undermining “public trust in the state’s ability to secure digital systems.”

## The Ransomware-as-a-Service Ecosystem

### Industrialization of Cybercrime

Dowling provided detailed insights into the sophisticated business model behind modern ransomware operations, describing “a service industry where you can talk to a liaison person or a broker who will connect you with the person who will conduct the initial attack on a system.” He noted that “most ransomware groups will just take 20% of the profit” from attacks they facilitate.

Bosca highlighted the role of specialized actors within this ecosystem, including initial access brokers who sell access to compromised networks, facilitating ransomware deployment by other actors. This division of labor has significantly lowered barriers to entry for conducting sophisticated attacks.

## Data-Driven Analysis of Global Ransomware Patterns

### Cyber Peace Institute Research Findings

Despite technical difficulties with screen sharing, Nedalcho Mihay presented preliminary findings from the Cyber Peace Institute’s comprehensive global ransomware mapping project. Their analysis of 2,717 ransomware incidents across 90 countries revealed that over half targeted US organizations, with healthcare being the most affected sector.

The attribution data showed that while 52% of analyzed threat actors remain unattributed, among the 300 threat actors they could identify, 54% of those attributed were linked to Russia. This finding reinforced concerns about safe haven jurisdictions and the concentration of ransomware operations in specific geographic regions.

## Enabling Factors and Criminal Infrastructure

### Cryptocurrency as a Fundamental Enabler

Dowling made a striking assertion about cryptocurrency’s role: “this crime type didn’t exist before cryptocurrency. Cryptocurrency enabled the long-range launching of ransomware attacks across the globe.” This insight identified cryptocurrency as a fundamental enabler that transformed ransomware from a localized nuisance into a global threat.

### Safe Haven Jurisdictions

Throughout the discussion, speakers consistently identified safe haven jurisdictions as a critical enabling factor. Smethurst emphasized that “safe havens where ransomware groups operate with impunity, primarily in Russia, enable continued criminal activity.” The attribution data showing the concentration of threat actors linked to Russia reinforced this concern.

### Targeting Vulnerable Infrastructure

Chelsea Smethurst provided a crucial statistic: “over 90% of successful ransomware attacks target unmanaged devices,” highlighting how attackers focus on organizations with limited defensive capabilities. This targeting pattern creates a cycle where those least able to defend themselves become the most attractive targets.

## Response Mechanisms and International Cooperation

### Government Responses and Active Disruption

Dowling outlined Australia’s multi-faceted approach, which includes “financial sanctions, travel restrictions, and active disruption of ransomware infrastructure.” Australia has also implemented practical support measures, such as deploying assistance teams to help Tonga recover from ransomware attacks, and is introducing a ransomware payment reporting scheme.

### International Frameworks

Rodríguez Acosta emphasized the role of international frameworks, noting that “the UN framework for responsible state behavior includes norms about preventing malicious actors from operating with impunity.” She highlighted El Salvador’s advocacy for including ransomware discussions in UN mechanisms and leveraging international cooperation through UN, OAS, and bilateral partnerships.

## Public-Private Collaboration and Emerging Technologies

### Innovative Partnership Models

Smethurst described a pilot program with Europol announced “earlier this month,” representing novel approaches to combining private sector technical capabilities with government investigatory powers. Dowling emphasized the importance of “creating safe spaces for information sharing without regulatory consequences.”

### Artificial Intelligence and Future Threats

The discussion touched on AI’s dual role in ransomware. Rodríguez Acosta noted that AI enhances “sophistication of social engineering and phishing campaigns,” while Smethurst expressed interest in “how creative uses of artificial intelligence tools will evolve to counter ransomware in the coming years.”

### Blockchain Technology Questions

An audience question about blockchain technology revealed that speakers acknowledged their knowledge was outdated in this area. Bosca expressed specific interest in exploring “how to use blockchain for ransomware resistance and incident attribution” and “how you can integrate blockchain with AI for automated threat detection.”

## Capacity Building and Multi-Stakeholder Approaches

### Addressing Global Disparities

Bosca emphasized that “inclusive capacity building across different sectors and geographies is essential for meaningful collaboration,” noting significant disparities in cybersecurity capabilities. She advocated for expanding collaboration beyond government-private sector partnerships to include civil society organizations for “victim-centered responses and ethical frameworks.”

### Supporting Vulnerable Nations

The discussion highlighted how smaller nations address capability gaps through international cooperation. Rodríguez Acosta explained how “small nations like El Salvador leverage international cooperation through UN, OAS, and bilateral partnerships to combat ransomware.”

## Key Challenges and Future Directions

### Persistent Implementation Challenges

Despite broad agreement on the nature of the threat, several challenges remain unresolved. The non-cooperation of safe haven jurisdictions, particularly Russia, represents a significant ongoing obstacle. The development of scalable models for public-private collaboration that can be replicated globally also requires further work.

### Research and Development Needs

The discussion identified several areas requiring further attention, including the development of victim-centered response protocols, ethical frameworks for ransomware incidents, and research into emerging technologies like blockchain applications for cybersecurity.

## Conclusion

This comprehensive panel discussion successfully demonstrated the evolution of ransomware from a technical cybersecurity issue to a multifaceted crisis requiring coordinated international response. The speakers showed remarkable consensus on the nature and scale of the threat, while identifying practical approaches for enhanced collaboration and response.

The discussion’s strength lay in its integration of diverse perspectives from government, private sector, civil society, and international organizations. The vivid examples of real-world impact effectively demonstrated why ransomware requires urgent, comprehensive action that goes beyond traditional cybersecurity approaches.

Moving forward, the challenge lies in translating shared understanding into effective implementation, scaling successful collaboration models, and addressing the fundamental enablers that allow ransomware operations to continue with relative impunity. The innovative approaches discussed provide promising templates, but sustained international cooperation will be essential to address this evolving global threat.

Giacomo Paoli Persi: Good afternoon, ladies and gentlemen. It is my pleasure to welcome you to this panel titled Nowhere to Hide, Accountability to Fight Global Ransomware. My name is Giacomo Persi Paoli, I’m the head of the security and technology program at the United Nations Institute for Disarmament Research, UNIDIR, and I have the pleasure of being your moderator today. So welcome, whether you’re joining us here in person in Oslo or online, we really look forward to engaging with you throughout this event. If you’re following us here in the room, please be mindful that you have to wear your headset and we are actually broadcasting on channel five for this meeting. Over the course of the panel, there will be the opportunity for you to engage with our expert speakers and ask questions. If you are here in the room, you will see microphones at the periphery of the seating area and if you are online, please do submit your questions in the chat. We have a dedicated moderator that will be passing them on to me and then I will extend them to our expert speakers. So why ransomware? Well, ransomware has emerged as an urgent global challenge with attacks growing by nearly 300% last year alone. Now ransomware in itself is a new. So the question comes, how is it possible that despite the fact that we all know what ransomware is, it’s still having such a devastating impact on cyber security? How come that these percentages keep growing? And that’s probably a combination of different factors. On one side, there is definitely the technology factor, the technology factor that is making these ransomware campaigns more complex, more sophisticated, more difficult to detect, quicker to deploy at scale. There is also another evolution of the threat landscape, which is the emergence of commercial off-the-shelf ransomware tools or cybercrime as a service that has really broadened the base and lowered the barriers for cybercriminals that are willing to engage in this malicious behavior. So, on one side, we have definitely the threat that is continuously evolving and becoming increasingly complex. And on the other side, we probably have a failure, a systemic failure to find the right countermeasures to mitigate this threat. And these countermeasures start from basic cyber hygiene of individuals and they escalate up to organizational and governmental and intergovernmental responses. So, through the panel today, we’re really hoping to get different perspectives from speakers that are representatives of different stakeholder communities that can really help us understand better not only how is the threat evolving, but also what can we do to monitor, to detect and to respond to such a ubiquitous threat as is ransomware. So, I’m very happy to be joined by great speakers today. I will introduce them. They’re both here in the room and joining us online. Starting here on my immediate left, Brendan Dowling, the Ambassador for Cyber Affairs and Critical Technology of Australia. On his left, Francesca Bosco, Chief Strategy Officer at the Cyber Peace Institute. Further down the table, we have Chelsea Smethurst, Director for Cyber Policy and Diplomacy at Microsoft. And joining us online, I hope, Julie, you can hear me. It’s Julie Rodriguez Acosta, Minister Counselor for the Permanent Mission of El Salvador to the United Nations. So, we will give each speaker an opportunity to share some of their initial remarks. And then we have structured this panel through a series of questions. questions and answers. At any point, please do feel free to jump in. There will be hopefully a dedicated time towards the end to collect your questions, but particularly for following us online, do not wait until that moment to start writing them in the chat. It will make our life a lot easier if you, you know, proactively start to asking your questions. So I would like now to give the floor to Ambassador Dowling here on my left for his remarks, please.

Brendan Dowling: Thanks Giacomo and thanks everyone for joining us. Ransomware is the most prominent cybersecurity threat that we’re facing globally. As Giacomo just went through, it is a sophisticated industry. It’s not new, but it is getting more effective. There is more money being made and then there are more criminal groups taking advantage of this crime type. Importantly, the way that the ransomware ecosystem has developed means it no longer, you no longer need to be a sophisticated cyber criminal group to be able to conduct a ransomware attack. We have this service industry where you can talk to a liaison person or a broker who will connect you with the person who will conduct the initial attack on a system. There will be people who will fence your data, the data for you, who will conduct each element of the operation for you. So it is now an accessible crime type. And for most ransomware groups, they will just take 20% of the profit from the attack that you conduct. So it’s become democratised, industrialised, and it is ubiquitous. What we’re seeing, what we’re worried about is that ransomware groups seem to be targeting the more smaller, more vulnerable parts of our society. They’ve realised that attacking large infrastructure, like with the colonial pipeline attack, is bad for business. It’s actually more effective to conduct a higher volume of attack, even if you’re extracting A lower value ransom. What we’re seeing at the moment in Pacific Islands, some countries with populations fewer than 100,000 people are being targeted by cybercrime groups operating out of Russia. Last week, the National Health Information Service in Tonga was shut down by a ransomware attack. We have deployed a team from Australia to assist them with recovery, but it’s astonishing that in a country the size of Tonga, one of the most remote islands in the Pacific, is being targeted, not at their government or business level, but the National Health Information Service. At the moment, in hospitals in Tonga, people are using paper and pen to deliver healthcare to their people. Nurses are struggling to process and triage patients because of this attack. So for anyone who doubts how much of a scourge this crime type is globally, that is the sort of activity that we are seeing now. In Australia, we had an attack against the Medibank private health insurance company. 10 million Australians had their sensitive health data compromised. For anyone who thinks ransomware is a technical issue, out of that incident, we saw women and families facing domestic violence from partners who weren’t aware of the health treatment that their spouse or their mother or their sister had been seeking, and had to be moved to safe houses to escape violent partners or former partners. These are not cyber issues. These are not technical issues. These are whole of nation security and safety issues. What can we do about it? It’s really hard. This is a crime type that didn’t exist before cryptocurrency. Cryptocurrency enabled the long-range launching of ransomware attacks across the globe. So that financial… Financial innovation has made finding this crime much more difficult. We need better access to crypto exchanges, to sharing intelligence amongst national jurisdictions to try and disrupt those parts of the ecosystem. This is a crime type that relies on a lot of brokers, a lot of middle operators who make this system functional. We need to get better at disrupting the entire ecosystem. In Australia, we apply financial and travel sanctions against cybercrime actors. This is an important measure, but it’s a limited measure. We also engage in hard disruption of the ecosystem. Earlier this year, we fried the servers of the people who hosted the data in the ransomware attack against Medibank. But this crime type thrives because too many jurisdictions are not doing enough about it. National groups are operating out of safe harbours, safe jurisdictions, where there are few legal consequences. Primarily, these groups are operating out of Russia, not solely, but we need jurisdictions to take this more seriously. That’s why we supported mechanisms like the Cybercrime Convention to try and get more national jurisdictions to cooperate and work together to combat this crime type. Finally, attacks succeed because of basic vulnerabilities. It would be excellent if cybercriminals were forced to use their most sophisticated techniques, but they can get by exploiting common or known vulnerabilities because we’re not doing enough to patch, because technology companies are not making it easy enough to upgrade software and to replace end-of-life hardware. This needs to be a global response to hit all aspects of both the ecosystem in which this crime type thrives, but also how we better build up our resilience. We also need to talk about it more openly. There is a sense of shame amongst businesses or organisations or entities that no one wants to be open about this. And so I get attacked today and my neighbour gets attacked tomorrow. because I didn’t share the information about it. So this is a really important conversation. This crime type is getting worse. It is targeting the most vulnerable. And at the moment we are not winning.

Giacomo Paoli Persi: Thank you. Thank you ambassador for starting us off, like touching on many points that I’m sure will be picked up by speakers in their remarks and definitely during our Q and A. I would like now to pivot online and welcome Julia connecting from New York. I hope you can hear me and see us okay. And Julia, if you’re ready, the floor is yours.

Julie Rodríguez Acosta: Thank you so much. I hope that you can see me and listen to me okay. Greetings for the hot New York City. Today is really, really hot. Let me begin by extending my sincere appreciation to the organizers for convening this timely and important discussions. I cannot think of a better group of stakeholders to reflect on how we can collectively counter the impacts of one of the most pressing information security threats of all time. My first point is that as I just mentioned, cyber crime is ransomware is just not a cyber crime. It has effectively evolved into a national security crisis around the globe. And its consequences are tangible and personal and affects individuals like you and me. Business, hospitals, schools, local governments, they all have been targets. No one is immune. So beyond these immediate impacts, ransomware also has broader implications for international peace and security, including its potential risks to the financing of weapons of mass destruction. So in this context, the United Nations continues to offer a platform to advance dialogue, promote international cooperation and build collective responses. Notably, ransomware was not included in the first annual progress report of the Open and Working Group that is currently addressing these issues in 2022. And as I say, ransomware. So, despite growing concern expressed by many delegations during that year’s discussions on existential threats to information security, El Salvador was among the groups of countries that advocated for its inclusions, and we were pleased to see ransomware formally acknowledged in the second Progress Annual Report. So, the ransomware attack that crippled Costa Rica’s government infrastructure set off a wake-up call for many. It demonstrated how ransomware can affect not only institutions, but also states’ ability to deliver essential services and maintain governance. Since then, El Salvador has consistently advocated for a strong language that addresses ransomware directly, especially as we face new threats exacerbated by other emerging technologies like artificial intelligence. I was just, as was just mentioned, AI has enhanced the sophistication of social engineering and phishing campaigns, further expanding the ransomware threat landscape. We also support language reflecting concern over the rise of ransomware as a service model that allow individuals without technical backgrounds to launch highly disruptive attacks. This evolving business model significantly lowers the barrier to entry for cyber criminals and amplifies the capabilities of more technical, sophisticated actors. The threat to critical infrastructure and its potential implications for international peace and security must not be underestimated. We also have supported advancing a more holistic view of the ransomware ecosystem, one that includes effective prosecution, disruption of technical enablers, and also breaking the financial cycle that sustained the threat. One of the favorite elements that was introduced in the recent discussion is the recognition of the importance of a human-centric approach, one that prioritizes understanding and addressing the real-world impacts of individuals and communities. So still much remains to be done, from improving international cooperation and victim support to strengthening deterrence mechanisms, and also the adoption of common standards. I will stop here, but definitely I will look forward to hearing the perspective of other speakers and continue this critical conversation, and thank you so much for having me online.

Giacomo Paoli Persi: Thank you, Julia, for sharing your initial remarks. We’ll come back to you with a couple of questions. But now I would like to move to Francesca from the Cyber Peace Institute. We’ve heard already with the first two interventions how one of the main challenges about countering ransomware is actually our ability to track ransomware initiatives or campaigns and trace the various actors and their malicious actions. So Cyber Peace Institute has been working on something on this topic. So over to you.

Francesca Bosca: Thank you so much and thanks a lot to the organizers and to Giacomo’s moderator. It’s a pleasure to contribute to today’s discussion. Allow me indeed to give a bit of context on the work of the Institute to give also some food for thought for the discussion. The Cyber Peace Institute is an international non-governmental organization that is devoted to reduce the harms from cyber attacks on people’s lives by assisting vulnerable communities. And we do this in a very concrete way starting by analyzing cyber threats, hence also the participation today in advocating for responsible behavior in cyberspace based on the evidence that we gather. At the core what we do is indeed we conduct in-depth analysis of cyber incidents and thanks to this knowledge we both provide the free cybersecurity support to other civil society organizations and under-resourced organizations. And we use this knowledge to engage in international forums also like this one to promote a responsible behavior in cyberspace, emphasizing the human-centric approach and advocating for the protection of fundamental rights and freedoms online. And also by monitoring emerging technologies like Julie was just mentioning, artificial intelligence, also we anticipate how future cyber threats might impact on the threat landscape of vulnerable communities. As a tangible example of how we work and building on the excellent remarks that Giacomo, the Ambassador and Julie just mentioned on the prevalence of ransomware, giving also some concrete examples, we would like to contribute… Thank you to all of you for joining us today. Considering the persistence of ransomware threat actors and the increasing harm caused by ransomware operations worldwide, at the end of March we decided to have a sort of threat-focused type of analysis and type of work, which is the project that we are currently doing. Phase one is a global mapping of ransomware threat actors, their geographies, affiliations and targets, providing basically evidence-based support to stronger multilateral actions. And then phase two will evaluate the state compliance with the UN cyber norms, judicial cooperation, and the misuse also of the technical infrastructure, paving the way for more accountability mechanisms. If you allow me still, let’s say, five minutes, we would like to share with you the very first initial findings. And to do this, I’m joined by my colleague, Nadelcho, online, who will present the preliminary findings from our work. Nadelcho, the floor is yours.

Nedalcho Mihay: Hello. Thank you, Francesca. It’s a pleasure being here. And without further ado, I’ll share my screen now. Thanks. Just to make sure you can see it. Yeah. Is that good?

Giacomo Paoli Persi: Not yet, but I’m sure it will come soon. We still cannot see your screen, Nadelcho.

Francesca Bosca: We can see your name, but not your screen.

Nedalcho Mihay: I’m sorry. I don’t know.

Giacomo Paoli Persi: I’d like to then start the transition towards the more interactive part of the discussion but I’m also looking at our colleagues in the back that are taking care of the tech. Whenever you are ready to show the screen, please just flag and we will go back to Nadellcio. So Chelsea, I’d like to come to you, first of all to thank you and Microsoft for convening this event and for the leadership that Microsoft has been showcasing in really promoting multi-stakeholder discussions on this interesting and important topic. I see that perhaps the screen issue has been resolved but since we kind of see online an infinite repetition of the same screen, while the technology is still being sorted, perhaps I come to you Chelsea with the first question and then we can go back to Nadellcio, which is how has the kind of global ransomware threat evolved in recent years and what trends are most concerning today and this may be actually a very good introduction to then what Nadellcio is going to show.

Chelsea Smethurst: Yeah, fantastic. Thank you for inviting me. So I think just briefly, Microsoft produces a digital defence report annually, usually in October of every year and what we’ve seen in terms of year-over-year changes for ransomware is a whopping 275% change just in the last 12 months in terms of increase in use of ransomware and there’s really been two sort of accompanying trends that have gone with this ransomware. J.M. Gannett, The New York Times. And I think the most significant thing is that we have seen two kinds of ransomware uptick that we’ve seen. One is, while we’ve seen the 275% use of over the last 12 months, we’ve also gotten better as a collective industry at actually defending against ransomware. And so we’ve seen, in terms of quantitative numbers, a 300% decrease in the overarching amount of ransomware that has gotten to the encryption phase, so what I sort of call the lockout phase. And that’s really significant, because once you get there, you’re really at the behest of the cybercriminals whom are using the ransomware. I think, secondly, one other point I’ll make, too, is that while we’ve seen some positive numbers to account for that really large increase in the use of ransomware, what we have not seen is that over 90% of successful ransomwares really attack unmanaged devices. And so these are very much your entities, like hospitals or NGOs, which will continue to be targeted because they have access to fewer resources. And so really thinking about what is the collective capacity to address ransomware, we’re really only as strong as our weakest link, and I think this is very true in the ransomware domain. So I think this is a little bit context, and I’d be happy to switch it over to the CyberPeace team now, because those give you a little bit of numbers in terms of what we’re seeing in the last 12 months with ransomware.

Giacomo Paoli Persi: Thank you, Chelsea, for this initial introduction, at least, into the threat landscape. Let’s try to go back online to Nadelche and see if we’re now in a position to share your screen and see your slides. I think it should work now. Yes, I confirm we can see it. Thank you.

Nedalcho Mihay: OK, thank you. Yeah, just an introduction. My name is Nadelche Mihailos, and I’m a cyber threat analyst with the CyberPeace Institute, with which I’ve been heavily involved in working with the incident tracer platforms. So as Francesco mentioned, the project consists of two phases. So I’ll skip this, and I’ll just go into the aims and objectives of the study. The aim is to compile a… the Statistically Representative Dataset on Global Ransomware Activity including the targets of ransomware attacks and the names and locations of ransomware threat actors and we had two objectives, the first is to create a database of threat actor profiles including the name of the threat actor, associated ransomware and location country and the second objective is to create a database of global ransomware incidents including target location, target sector and threat actor name Now I just want to very briefly touch upon our research methodology as it is a central part in the work of the analysis team so we start with the analytical questions and key terminology we create the data collection schemas for both the research and threat actors and incidents we define the key sources and then we document the limitations of our work which mainly revolve around the usual constraints of open source research and the current limits of AI and LLM as we incorporate automation in every step so the research was mainly guided by four analytical questions which threat actors have been responsible for the development, deployment or facilitation of ransomware operations, second ransomware threat actors operate from, originate in or are located in which countries or regions, third what open source indicators so that would be personnel, linguistic patterns, technical infrastructure contribute to the geographical attribution of ransomware threat actors and finally which locations and sectors have been most frequently targeted by ransomware attacks Now for data sources we use data shared by partners or gathered through open source intelligence in both structured and unstructured format and as we have incorporated all of our previous research from our cyber incident tracers that could have impacted the results of the data collection so initial analysis and findings we have analyzed information on around 300 threat actors 52% of them remain unattributed to a specific geographic location of the attributed threat actors 54% are linked to Russia followed by 8% linked to Iran, 7% to China in terms of the data collection on global ransomware incidents we have collected information on 2,717 incidents conducted by 184 threat actors against organizations in 22 sectors across 90 countries. More than half of all attacks were attacks against organizations in the United States. And more than a third were attacks against the healthcare sector, followed by non-profits and the ICT, with the top three most active threat actors in our database being LockBit, BlackCat, and Rebel. And the following slides illustrate how one of our graph analysis tools helps us with data analysis and visualization. The first one is an analysis of all incidents pivoted around targeted countries. The second one is a visualization of our research into threat actors, which have been grouped and mapped to countries they are connected to. You will notice that some actors appear linked to several countries, either because members were arrested in multiple jurisdictions or because several open source indicators connect them to more than one country. And finally, the last two slides present a simplified dashboard view of our initial results. First one are the results of our analysis into the targets of ransomware attacks. And the second are the results into the analysis of the perpetrators of ransomware attacks. On the top right, you can see the distribution of threat actors, connections to geographic locations. And on the bottom left, you can see the distribution of threat actors among the global ransomware incidents database. Thank you.

Giacomo Paoli Persi: Thank you, Nadelchev, for this inspiring presentation and being representative of the research community. I’m always in favor of bringing more evidence and data-driven decision-making to the table. So thank you so much to you and to the Cyber Peace Institute for this initiative. Really looking forward to see how it evolves. And before we go back now to the panelists and… and continue with our questions. I just wanted to remind colleagues online that you can start asking your questions if you want to use in the chat. We have Michael Karamean from Microsoft that is our great online moderator and he will make sure that those questions reach me here in the room. Ambassador, I would like to come back to you and also to you, Julia, because you both alluded to or mentioned the fact that ransomware is not just a cybercriminal behaviour, but it can escalate, it can reach the threshold of being a national security threat or at the very least a national security concern for a variety of reasons. Would you mind elaborate on your perspective on this?

Brendan Dowling: I think it’s a really important way of framing the issue. I think cybercriminals flourished in a context where we thought about ransomware as a cybersecurity issue that our CISOs or our ICT teams needed to be conscious of. But as we’ve seen the ramifications from ransomware attack resonate and ripple through society, I think increasingly we have to be conscious that these are not confined, they’re not purely cyber incidents, these are whole of nation incidents which governments need to take much more seriously. I think the important part of that message is when a entity, an organisation or a business is attacked, it shouldn’t be seen as just something that affects that business. Oftentimes the externalities of a ransomware attack are born by the community, they’re born by the broader government, they’re not just about the effect on that business. As I said before, if businesses or entities don’t talk or share information about their attacks, that actually… impedes the ability of their competitors or other people in the industry to protect themselves. So we need to start seeing ransomware as a much broader national threat to say, one, not only is it okay to talk about these types of attacks if they hit you, but actually we need you to do that to better protect our citizenry, to better protect our nation. So we’re doing a lot in Australia to drive that behaviour, increasing our expectations on industry to report attacks, making clear that if you seek assistance from the Australian Cyber Security Centre, that is not a bad thing, that is not something to be ashamed of, actually it’s a trusted government entity that can help you out. But when we see these attacks affecting society so broadly, it needs to be a whole-of-society response, not just something that’s seen as a manageable keep-it-within-yourself, it only affects you sort of attitude. So it’s taken us too long to get to this point, but now I think we’re realising because of the scale of the attacks that this is a national security threat that requires national and global responses. Thank you.

Giacomo Paoli Persi: Julia, I would like to come back to you as well, because in your remarks you also highlighted how, to some degree, what happened in Costa Rica was a wake-up call for many governments, and you alluded to the fact that even in El Salvador you’ve started to take proactive action and initiatives with respect to ransomware. So would you mind elaborating a little bit how you see ransomware as a potential national security concern?

Julie Rodríguez Acosta: Thank you so much, Jacomo. And yes, following on the remarks just delivered by Ambassador Dolin, first we see an increased number of ransomware attacks targeting critical infrastructure. So this is very concerning. These attacks, as it was mentioned, go beyond financial motivations and represent a clear violation of what we have as the guideline of responsible state behavior. So while many of these attacks really fall under the realm of cybercrime, there is growing evidence of the state-linked ransomware operations that are conducted with certain tacit state tolerance. So we even see cases where ransomware has been used, not primarily for financial gain, but as a vector to conduct denial-of-service attacks that affect the availability of system and national space. So this is linked with the case of Costa Rica, which was the first time that a national government was directly targeted in such a way. So this attack disrupted essential public services and compromised the confidentiality of citizens’ personal data. So beyond the first impact, it undermines public trust in the state’s ability to secure a digital system. And this is especially worrisome as all governments are trying to increase how they can digitalize public services. So there, and I mentioned this a little bit in my initial remarks, we also see linkages between ransomware and broader security concerns, particularly by the theft of cryptocurrency, as was mentioned by Ambassador Dowling. In some cases, these stolen assets have been reportedly being used to fund weapons of mass destruction programs and their delivery systems. And this is a direct threat to international peace and security. Also, the use of cryptocurrency complicates attribution and prosecution, making it more difficult to hold perpetrators accountable. So these are just some examples on how ransomware really intersects not only with national security, but also with broader international security architecture. And this evolving threat landscape demands close coordination between governments and multilateral institutions and other stakeholders, as it was mentioned by the

Giacomo Paoli Persi: Thank you, Julia. I’d like to go back to Chelsea and Francesca because both Microsoft and CPI, in a different way, you collect a lot of data and you have visibility in a way that perhaps other organizations don’t. So I would like to go back to where we started, which was with the recognition of how ransomware is increasing and the number of ransomware attacks has been growing significantly over the past 12 months. So based on the data that you have collected as a business, Chelsea, or as an organization that focuses on open source data with CPI, what can you share with us around the reasons behind why we’ve seen these numbers grow so much? Perhaps you can start, Chelsea, and then we’ll go to Francesca.

Chelsea Smethurst: Great, thank you. So I think there’s really three trends, but I’ll start with some sobering numbers. So at Microsoft, we track over 600 million cyber attacks daily. And if you break that down to a minute by minute basis, you’re looking at somewhere around 415,000 attacks a minute. And that’s just us as a company and what we have purview and visibility into. And so we’re up against a pretty large mountain, right, in terms of cyber attacks. But I would say there’s probably three things specific to ransomware that we’re really seeing on the Microsoft side. One is what we call ransomware as a service. And this is essentially a product, right? So this does two things. It lowers the barrier of entry for cyber criminals who want to use these tools and techniques because it’s easier, frankly. And then secondly, it allows scalability. So if it’s easy to just download a software and click a button and then get money and pay it out from it, you’re going to be able to do it, right? So that’s another reason why we see an uptick in the use of these technologies. And then secondly, right, the other thing I’ll mention, and it’s been mentioned by a couple of our panelists today, is the rise of cryptocurrency. And this is problematic for two reasons, right? It’s easy to get paid for these ransomware attacks. And then secondly, it’s really harder to track. And with anything with cybersecurity, if you can’t assign accountability and transparency, it’s really hard to really deter these attacks, right? If you can sort of hide behind your actions and it’s difficult to track. But I think finally, really the third and probably the most important factor in this issue is what we call safe havens. So these are geographic entities where, you know, you can actually base out of ransomware attacks against international victims, but they’re really not held accountable at the legal and international level. And it’s really difficult from an industry perspective to really target and sort of minimize these, what I call safe haven opportunities for ransomware. And so this is an area where I would like to see, I think, more collective international cooperation across both the private sector and also governments. And that’s something that I think we’ll see more of in the future.

Giacomo Paoli Persi: Thank you. Francesca?

Francesca Bosca: Yeah, maybe I can. So I guess some of the points were already made and maybe just on the first one, meaning the ease of access to tools and the rise of, let’s say, ransomware as a service that all the previous speakers mentioned, indeed, I would say, potentially also in a way amplified and enhanced by artificial intelligence and emerging technologies. So that this is definitely something that will impact the cryptocurrency ecosystem and the sort of widespread availability and relative anonymity of cryptocurrencies facilitate, obviously, the ransom payment and obviously is leveraged by perpetrator. The safe havens was mentioned. Maybe what I can add is something that was mentioned, I think, also before by Julian, and it’s an excellent observation, which is the, in a way, the expanding global digital footprint, especially with remote work, purely secure system and legacy infrastructure provides more vulnerability for threat actors to exploit. But this means also that they are trying, let’s say, to, in a way, optimize the way they work and use the same infrastructure basically for launching different type of criminal activities. So, and this is why the second phase of the program will focus specifically on exploitable and exploited, I would say, infrastructure, which is something that is also, I mean, not so well, I would say, or not so much investigated. And an output of this mapping will be able to demonstrate that the same infrastructure basically is likely used, for example, for other crimes beyond ransomware. And allow me to mention two other factors that we see when it comes to the, why, let’s say, the increase. There is also a sort of thriving, what we call initial access broker markets, meaning that you have brokers that specialize in obtaining and selling access to compromised networks, often of high value organizations, which ransomware groups basically exploit to deploy their malware. So it’s a sort of like cyber-organized crime form of activity, but with a very specialized, let’s say, professionals at the beginning, providing ransomware operators with the data that they need to then carry out the attack. And then let’s not forget another very important point. We’ve seen ransomware groups shifting from, let’s say, opportunistic attacks, so launching widespread attacks against, let’s say, as many individuals as possible, to more strategically targeting critical infrastructure, like, for example, healthcare, education, even civil society with limited cybersecurity resilience, but high sensitivity to disruption. And that’s interesting because, I mean, I was checking the, still the criminal profits hit records high because, according to Chainalysis, a victim paid more than 1 billion of US dollars in 2023, facilitated through cryptocurrency, which means that still criminals are getting quite some profit out of it.

Giacomo Paoli Persi: Thank you. If we have time at the end, I’d like to go back to this kind of driver discussion, because, you know, in basic kind of criminal studies, you know that criminals need I think all normatives need means and need opportunities in order to perpetrate their crime. And there is a lot of discussion around the means and how the means are evolving, whether it is technology, whether it is cryptocurrency, whether it is permissive regulatory regimes that allow them to or enable them to do what they do. But I don’t think there is necessarily a lot of, or enough, focus on opportunities, which is what are the weaknesses of the system that they can then exploit in order to. And one could argue the regulatory one is probably a hybrid between both a means and an opportunity. But if we have time, I’d like to discuss more. But going back to a point that Chelsea mentioned around safe havens, I would like to come back to you, Brendan, about what mechanisms currently exist to hold states accountable when ransomware groups operate with impunity within their borders. So what can states do?

Brendan Dowling: It’s a tough one. We have an established norm on this issue that was agreed as part of the 11 norms of responsible state behaviour, which essentially said states should take responsibility to prevent malicious cyber actors from operating with impunity in their territory. But we still see this happening quite commonly. We then look to what international measures do we have that can help us address that issue? One is bilateral. We engage with several attacks that have been launched from Russian territory against Australia or partners in the region. We engage with the Russian government and we make clear that we expect action to be taken against these actors. Usually there is no response. So a big part of that problem is that we have a government that is not taking seriously and is in fact likely profiting from some of the criminal activity. We’ve then used sanctions to try and target the people who are behind the attacks. These are a limited measure, they do have an impact, they do have a deterrent, but the problem of attribution is a challenge and then sanctions, if a person does not have financial assets in your country, are always going to have limited effect. Law enforcement responses have to be part of the response. When we do find cyber criminals in jurisdictions who will cooperate, ensuring the digital evidence is made available to support successful law enforcement and prosecution. And that’s where the Budapest Convention, where the Cybercrime Convention, will hopefully bring more states to take seriously legal measures to combat cyber criminals who may come across their jurisdiction. Finally, we consider that disruption measures have to be part of their solution. When you’ve exhausted all other avenues to achieve a law enforcement response, when you have safe havens where people are operating from with impunity, finding active disruption measures to take down infrastructure, to throw sand in the gears to make life harder for these actors has to be an important part of the response. Again, challenging, time-consuming, attribution can be a difficulty, but we have had success against groups like Lockbit, where there has been significant enough impacts on their infrastructure to disrupt their operations for some time. The Counter Ransomware Initiative, I think, has been a really effective grouping that has brought countries together to talk about building up cooperation to combat ransomware. That’s still a work in progress, but I think a much broader church of countries are coming together to take this seriously. So, we’re going in the right direction. Here the sort of figures that Chelsea shared. There is a long way to go to seriously put a dent in this crime.

Giacomo Paoli Persi: Thank you. I’d like to come back to you, Julia, to look at more of the multilateral side of this equation. But before I do, I just wanted to share with perhaps Chelsea and Francesca an interesting question that came online, so you have the time to think about it, while Julia gives us her multilateral perspective. And the question reads, is there any research on how blockchain deployment is correlated to the mitigation of cyber threats? If no, how do we promote this research topic? And if yes, what is the outcome? So anything that you can think of related to the use of blockchain in this context would be very, very useful. But now, Julia, coming back to you, what role do you think should the UN play, not only in establishing norms, but also potentially in establishing frameworks for state accountability in cyberspace?

Julie Rodríguez Acosta: Thank you so much, Giacomo. And as Ambassador Dowling just highlighted, at the UN we have this framework for responsible state behavior that basically outlines expectations on how states should act in cyberspace, and includes voluntary non-binding norms, reaffirmation of the applicability of international law, and also building. So one of the key principles is that critical infrastructure must be protected and respected, and is effectively off limits. However, while the framework says the reality on the ground tells us a different story, as we see from this Cyber Peace Institute research, data and reporting continue to show a rise in hostility and pervasive cyber activity, including ransomware attacks that often target the very infrastructure meant to be protected. So the UN… And then it should continue to play a central role in promoting the implementation of these norms, encouraging the state to take operational actions at the technical level to enhance compliance, and this includes the advancement in cooperative measures, information sharing, joint investigations, but also reinforcing norms that clearly outline unacceptable behaviors, especially those that undermine trust, security, and stability in cyberspace. So more broadly, international community must work together to disrupt the ransomware business model and build resilience. You see, national policies, laws, and technical capabilities are not enough to address what is inherently a transnational threat, and no country can tackle this challenge in isolation, and thus we promote that we do this also through multilateral forums. So yes, you know, kind of rounding up, more international cooperation is needed, but it must be cooperation that is practical and action-oriented and focuses on disrupt, deter, and prepare, and have more effective response mechanisms so they can leverage.

Giacomo Paoli Persi: Thank you, Julia, for your perspective, and also to give Chelsea and Francesco a couple more minutes to think about this. I also thought I’d add, you know, being at UNIDIR, I have the privilege of having seen and having witnessed how the UN discussions have evolved, and we’re now getting to the point where the current open-ended working group is wrapping up its five-year mandate, and we are about to enter a new, a future permanent mechanism with some details already being agreed on and others still being up for negotiation, but it looks like that this new mechanism will have at least potentially the opportunity to really go focus more on the implementation of all the existing commitments that are already in place. And if we accept that beyond all commitments there has to be the political will to implement them, and if we take that as a given, because if there isn’t, then there is nothing really, no practical measure can work without the political will and commitment to implement it. But if we take that political commitment as a given, then I think there are a number of issues that can, where the UN and the multilateral approaches can really help, whether it is, as Julia was mentioning, Some states may not even be aware that their territory is being used as a safe or as a as a kind of a staging ground for ransomware campaigns. Or some may be aware but maybe don’t have the means to do anything with it. Technological means but also legal means because maybe they don’t have a national legislation that allows them to intervene. And all of these things, despite the fact that we’re talking about ransomware and cybersecurity which make them feel like new, they are not new in the UN system. There are many conventions that have been negotiated before that then have followed with practical instruments and measures that have been developed in order to help states implement them and comply with the commitments. So you know perhaps there will be an opportunity to develop like a model law or a model legislation for those countries that need to adopt some sort of regulatory measures at the national level that would enable them to then intervene and disrupt a ransomware campaign emanating from their territory. These things, you know, you need to have legal coverage to do certain things. If you want to share evidence with your neighbor, if you want to cooperate, these require very well-developed regulatory frameworks or cooperation mechanisms that would require a little bit of assistance in developing. And with that, I turn back to Francesca and Chelsea and ask if you had the chance to think about the topic of blockchain and whether or not you are aware of any work or any research that has been conducted to explore the extent to which it can be helpful in this context.

Chelsea Smethurst: I can go next. Go. Great. So I’m not aware of the latest art around sort of cryptocurrency and Bitcoin and blockchain research, but just one brief point I’ll make is that cryptocurrencies are ultimately based on blockchain technology, right? And so if cryptocurrencies and financial transactions are actually processed through exchange. Thank you so much for joining us today, and I’m sure there’s a lot more to sort of assess on that topic, but it is an interesting part of the technology block or the technology platform that can be used for both positive means, right, but also criminal means too. So good question. I’m looking forward to Francisco’s points on this.

Francesca Bosca: That’s interesting because it’s a topic close to my heart because it was like two jobs ago I left, let’s say, when I was doing research on blockchain. So I mean, provided that it’s a little bit outdated information and I would need to, let’s say, to look into that again. So there are a couple of aspects, one from, let’s say, from a technical standpoint, I would say that I do see, and I remember, I mean, doing some research on how, for example, blockchain can be used as a sort of like, not, let’s say, the black sheep when it comes to cybersecurity, but on the opposite, and there are some practical implementation areas I’m thinking about, like the threat intel sharing, for example, that can be extremely beneficial when we think about cybersecurity. I’m thinking about identity and access management, for example, where obviously the decentralization of digital identities can help, for example, when it comes to decentralized security. So thanks to the distributed architecture and the consensus mechanisms, and obviously the fact that you have, I mean, the key strength of the blockchain resides basically in the immutable data ledger. I mean, obviously you can improve the audit trails and the data integrity. Again, outdated information, but I would suggest that there was. There were a couple of things that came to my mind. ENISA, so the EU agency, did some interesting work back in before COVID. So in 2019 on distributed ledger technology and cyber security. And there is also a work done by the World Economic Forum on blockchain cyber security in again in 2020. So these are the only two that, I mean, came to my mind. But again, because my knowledge is a little bit outdated. Can I just mention one thing where I can see it’s a very good question also, because I think it also helps us in thinking about, let’s say, potential future direction. What I would be really interested in seeing is, for example, how to use blockchain for ransomware resistance and incident attribution. And one interesting aspect that is kind of like collateral is also how you can integrate blockchain with an AI for automated threat detection as well.

Giacomo Paoli Persi: Thank you. And we may go back to the more general topic of which technologies exist out there that could help. But I’m also conscious of the time. And before I continue, we probably were a little bit too ambitious with the number of questions we have prepared. I’m conscious of the time that we have, 12 minutes before we have to wrap up this interesting session. So I also wanted to make sure I give the opportunity to colleagues in the room. If there is anyone who would like to ask a question, I see one. If you can please reach for the microphone on your right and introduce yourself, please, before asking the question.

Vilda: Yes, thank you. Can you hear me?

Giacomo Paoli Persi: Yes.

Vilda: Perfect. Thank you so much for an excellent panel. My name is Vilda. And I think ransomware is such an interesting type of crime. And as a criminologist, I’ll allow myself to say that it’s maybe my favorite kind of crime, at least from an academic perspective. And I have a question for Julie. and Brendan who’s tackling cyber crime from like a government sector because I wrote my master’s thesis on on ransomware and one of the many many interesting and unique aspects of ransomware is that it’s as far as I can tell the only type of crime or cyber crimes the only type of crime where the private sector is dominating both on crime prevention but also handling the incident and dealing with the aftermath so I was just wondering coming from a government perspective how in your in your respective countries how are you dealing with that sort of cooperation with the government and and the private sector, thank you.

Brendan Dowling: It’s really interesting question and you you’re right in cyber so much of the front line is in the hands of the private sector and in no other form of crime or attack type would we say oh well that’s that’s kind of completely a responsibility of the private sector and whether they tell anyone about it is their business and they’re on their own to kind of assist you with that so that does make a much more challenging environment some of the things that we’ve done in Australia to try and without using compulsion but to try and build a far more collective response to these crime types when we had a two major cyber incidents affecting millions of Australians going back to 2022 the government came out and very publicly engaged with those companies sent teams of police officers and cyber security experts from the government to sit in the headquarters of those companies and to provide assistance to launch the investigations in a very collaborative way now that was those were very large-scale incidents so that’s We have tried to create an environment where we normalise engaging with the government as soon as there is an incident, that sharing information with the government to aid in the response is not just a nice thing to do, but is actually the expected thing to do. We have introduced legislation that says if you as a private company engage with our cyber security centre, the information you share with them will not be used for regulatory purposes so you can trust there is a safe space to engage and seek that assistance. And now we are introducing a mandatory ransomware payment reporting scheme. So in all these measures we are trying to create an environment where it is not seen as purely something for a business or an entity to manage, it is seen as something that needs a collective response and that active engagement with the government, with law enforcement, with our cyber security experts is a normal way of responding to these incidents. It will take time, but I think it actually improves when that type of behaviour is modelled well by companies. Once some companies start to do this and it becomes a new norm that this is how you engage, that creates an environment where others are doing the same. So we are trying to make all these efforts to normalise that it becomes a collective response rather than just something that is dealt with in isolation.

Giacomo Paoli Persi: Thank you. Julia, would you like to come in on this question?

Julie Rodríguez Acosta: Yes, thank you so much for the question and I think this is very pertinent and I would like to provide some insights from the Global South perspective. I think this is very pertinent because there is often this idea that Ramswell were only targets large enterprises or companies that can afford to pay substantial ransom, but in reality, you know, small organisations around the globe are affected and the consequences for these small organisations are often massive. On a national level, we have this kind of like multi-stakeholder cooperation. Of course, as a government, we have enacted laws on cybersecurity and very recently on data protection because ransomware, often, you know, it’s related with data theft. So we wanted to make sure that we have in place all these laws that also protect personal data and privacy. And then, of course, these linkages with private industry, law enforcement agencies, and of course, as a small nation, we leverage a lot of cooperation that we can build through, you know, entities like the United Nations. We also have a lot of work with regional organizations like, for example, OAS. So we kind of like pivot everything that has been done in the international level that can help us. And then a lot, of course, we rely, as I was mentioning before, on a lot of bilateral cooperation, trying to learn for those who say that have more advanced capabilities to fight this threat. But as we have, you know, highlighted throughout the panel, it is global. So it is in best interest of all, you know, to have tried to leverage that level of cooperation so we all can combat the encounter run forward.

Giacomo Paoli Persi: Thank you. And actually, I would like to take this question and link it to the rest of the panel, because we did have in our list a question around successful models for public-private collaboration on cybersecurity that could potentially be scaled. So again, going back to you, Chelsea, and Francesca, you know, you have seen probably many different configurations of how the public and the private sector work together. What are some of the most successful? successful stories that you’ve seen or some of the models that you think could be used as an inspiration.

Chelsea Smethurst: So I’ll go ahead and start, but I really liked your question from the audience, but I’ll briefly say, so just earlier this month Microsoft actually announced a pilot program with Europol to integrate our digital crimes investigators into their European cybercrime center in The Hague, and I think these sort of novel model public-private partnerships are an interesting thing to try out across different sectors, right? Because then you’re marrying both the private sector expertise and sort of the front lines that we see in ransomware with the legal and investigatory powers of states and governments, and that’s a very powerful tool and I’d like to sort of see those models as applicable be replicated across different environments, but it’s a really great question and I think more to be seen on if this model with Europol will scale and also be successful, but I think just willingness to try to partner between private sectors and governments is a really great attempt, so.

Francesca Bosca: And maybe the other one that comes to mind is the ransomware task force, which I think see involved, I mean, it’s a multi-stakeholder effort with participation from across government, industry, civil society, and I think it was very well-received, very well-sustained, let’s say, and so, yeah, I think these are the ones that come to mind, and maybe just to advocate with my civil society head, I would say not only private sector and government should work together, but also including, I think, civil society organization can definitely bring an added value, I mean, there’s one aspect which is something that I try to highlight in the panel, so documenting basic data, So basically the impact that ultimately ransomware is having, as we said also and as remarked by the previous panelists, as a societal threat, not just a technical one or just not just a business related one. But it can also be a sort of like, in a way, supporting sort of like thinking outside the box. And civil society has a sort of like unique capacity to propose tests and proposals. So ethical frameworks supporting victim-centered response protocols reinforces the need for due diligence in digital infrastructure. So coupling it with, for example, what Brendan was mentioning before in terms of like the collaboration with law enforcement and the collaboration with the private sector. I think that also civil society can definitely play a role.

Giacomo Paoli Persi: Thank you. I’m conscious of the time. We have just over two minutes before we need to wrap up this discussion. So I would like to do one final round to all our speakers and give you the chance, starting with you, Ambassador, to 30 seconds. What is the one key takeaway you would like the audience here in the room and online to bring back after this session?

Brendan Dowling: I think working together on this issue, there’s private sector responses to build resilience as threat intelligence sharing. Microsoft helped us as we tracked down the perpetrator behind the Medibank attack. This affects every nation at all levels. We’ve been too slow to come together and act collectively against it. There’s no one lever. We need to pull all levers at once. So talking about this as a national policy issue in all your countries is crucial.

Giacomo Paoli Persi: Thank you. Coming to you, Julia, online, your key takeaway.

Julie Rodríguez Acosta: Thank you, Giacomo, and thank you so much to all the panelists. This has been really enriching. As you said, we are at the UN. and Francesca Pellicchino. They are working with the United States and other states to establish a permanent mechanism. These are critical opportunities for all states regarding their size and capacity. They can share insights on ransomware. We can design some mechanisms within the US to advance international cooperation and assist in finding ransomware together.

Francesca Bosca: I was reflecting on one of the first panels where I’m super happy to hear very concrete initiatives and good examples. My aspiration for the panel is to go out and say collaboration needs to be meaningful, not just tokenized. Collaboration is not just a buzzword that we need to have there, but it needs to make an impact. Allow me to say one thing that I forgot to mention before, which I think is important and we didn’t have time to dig into. Definitely the aspect of capacity building. Don’t take for granted that we are all on the same page. We got some very good examples from different areas of the world. We need to build an inclusive capacity building work stream across the different sectors and across the different geographies.

Giacomo Paoli Persi: Thank you. Chelsea?

Chelsea Smethurst: Finally, to close this off, I’d like to see how capacity building and skilling changes to tackle this problem. I think it’ll be an exciting next few years as we see creative uses of artificial intelligence tools to really counter ransomware. I don’t think that’s just going to sit in the hands of big tech providers. Looking forward to seeing how our countermeasures against ransomware will evolve. Thank you.

Giacomo Paoli Persi: Thank you very much. With that, all is left to do is to thank our speakers for sharing their experience and knowledge with us. Thank all of you in the audience, here in person and online. for participating and again thanks to Microsoft for bringing us together to discuss this very interesting topic. Thank you very much, thanks.

Agreement points

Ransomware has dramatically increased and represents a global threat requiring urgent action

Speakers

– Giacomo Paoli Persi
– Chelsea Smethurst
– Brendan Dowling

Arguments

Ransomware attacks have grown by nearly 300% in the last year, becoming the most prominent global cybersecurity threat

Microsoft tracks over 600 million cyber attacks daily, with ransomware showing a 275% increase in usage over 12 months

Ransomware-as-a-service model has democratized cybercrime by lowering barriers to entry and allowing non-technical criminals to conduct attacks

Summary

All speakers agree that ransomware has seen unprecedented growth (275-300% increases) and has evolved into the most prominent global cybersecurity threat, requiring immediate and comprehensive responses.

Topics

Cybersecurity

Ransomware is a national security issue, not just a technical cybersecurity problem

Speakers

– Brendan Dowling
– Julie Rodríguez Acosta

Arguments

Ransomware attacks have consequences that ripple through society and require whole-of-nation responses, not just cybersecurity solutions

The Costa Rica government attack demonstrated how ransomware can affect states’ ability to deliver essential services and maintain governance

Summary

Both speakers emphasize that ransomware transcends technical cybersecurity issues and represents a fundamental threat to national security, governance, and essential service delivery.

Topics

Cybersecurity

Safe havens and jurisdictional challenges enable ransomware operations

Speakers

– Chelsea Smethurst
– Brendan Dowling
– Nedalcho Mihay

Arguments

Safe havens where ransomware groups operate with impunity, primarily in Russia, enable continued criminal activity

Australia applies financial sanctions, travel restrictions, and conducts active disruption of ransomware infrastructure

52% of analyzed threat actors remain unattributed, while 54% of attributed actors are linked to Russia

Summary

Speakers agree that safe havens, particularly in Russia, represent a critical enabling factor for ransomware operations, with attribution challenges complicating response efforts.

Topics

Cybersecurity | Legal and regulatory

Multi-stakeholder collaboration is essential for effective ransomware response

Speakers

– Brendan Dowling
– Chelsea Smethurst
– Francesca Bosca
– Julie Rodríguez Acosta

Arguments

Successful collaboration requires normalizing government engagement and creating safe spaces for information sharing without regulatory consequences

Microsoft’s pilot program with Europol integrates private sector expertise with government investigatory powers

Multi-stakeholder efforts including civil society organizations can provide victim-centered responses and ethical frameworks

Small nations like El Salvador leverage international cooperation through UN, OAS, and bilateral partnerships to combat ransomware

Summary

All speakers emphasize the critical need for collaboration across government, private sector, and civil society, with various models being tested and implemented globally.

Topics

Cybersecurity | Legal and regulatory

Vulnerable sectors and populations are increasingly targeted by ransomware

Speakers

– Brendan Dowling
– Chelsea Smethurst
– Nedalcho Mihay
– Francesca Bosca

Arguments

Attacks on small Pacific Island nations like Tonga’s National Health Information Service show the global reach and societal impact of ransomware

Microsoft tracks over 600 million cyber attacks daily, with ransomware showing a 275% increase in usage over 12 months

Analysis of 2,717 ransomware incidents shows over half targeted US organizations, with healthcare being the most affected sector

Ransomware has evolved from opportunistic attacks to strategically targeting critical infrastructure with high sensitivity to disruption

Summary

Speakers agree that ransomware groups are increasingly targeting vulnerable populations and critical infrastructure, particularly healthcare and small nations with limited defensive capabilities.

Topics

Cybersecurity

Similar viewpoints

Both speakers identify cryptocurrency and safe havens as fundamental enabling factors for ransomware operations, with cryptocurrency making financial tracking difficult and safe havens providing operational security for criminals.

Speakers

– Brendan Dowling
– Chelsea Smethurst

Arguments

Cryptocurrency enables long-range ransomware attacks and makes financial tracking more difficult for law enforcement

Safe havens where ransomware groups operate with impunity, primarily in Russia, enable continued criminal activity

Topics

Cybersecurity | Economic

Both speakers emphasize the importance of inclusive, multi-stakeholder approaches that consider the needs of vulnerable populations and smaller nations, advocating for capacity building and international cooperation.

Speakers

– Francesca Bosca
– Julie Rodríguez Acosta

Arguments

Multi-stakeholder efforts including civil society organizations can provide victim-centered responses and ethical frameworks

Small nations like El Salvador leverage international cooperation through UN, OAS, and bilateral partnerships to combat ransomware

Topics

Cybersecurity | Development

Both speakers focus on future-oriented solutions, emphasizing the potential of emerging technologies and the need for comprehensive capacity building to address ransomware challenges.

Speakers

– Chelsea Smethurst
– Francesca Bosca

Arguments

Artificial intelligence tools show promise for evolving countermeasures against ransomware attacks

Inclusive capacity building across different sectors and geographies is essential for meaningful collaboration

Topics

Cybersecurity | Development

Unexpected consensus

The role of civil society in ransomware response

Speakers

– Francesca Bosca
– Brendan Dowling
– Julie Rodríguez Acosta

Arguments

Multi-stakeholder efforts including civil society organizations can provide victim-centered responses and ethical frameworks

Successful collaboration requires normalizing government engagement and creating safe spaces for information sharing without regulatory consequences

Small nations like El Salvador leverage international cooperation through UN, OAS, and bilateral partnerships to combat ransomware

Explanation

Unexpectedly, speakers from government, civil society, and international organizations all agreed on the critical role of civil society in ransomware response, which is unusual given that cybersecurity is often viewed as primarily a government-private sector issue.

Topics

Cybersecurity | Legal and regulatory

The need for active disruption measures beyond traditional law enforcement

Speakers

– Brendan Dowling
– Chelsea Smethurst

Arguments

Australia applies financial sanctions, travel restrictions, and conducts active disruption of ransomware infrastructure

Microsoft’s pilot program with Europol integrates private sector expertise with government investigatory powers

Explanation

There was unexpected consensus between government and private sector representatives on the need for active disruption measures, including ‘frying servers’ and novel integration models, which represents a more aggressive approach than traditional cybersecurity responses.

Topics

Cybersecurity | Legal and regulatory

Overall assessment

Summary

The speakers demonstrated remarkably high consensus across all major aspects of ransomware challenges and responses. Key areas of agreement included the dramatic scale of the threat, its evolution from technical to national security issue, the critical role of safe havens and cryptocurrency as enablers, the need for multi-stakeholder collaboration, and the targeting of vulnerable populations and critical infrastructure.

Consensus level

Very high consensus with no significant disagreements identified. This strong alignment suggests a mature understanding of the ransomware threat landscape and broad agreement on response strategies. The implications are positive for policy development and international cooperation, as stakeholders from government, private sector, civil society, and international organizations share common threat assessments and response frameworks. This consensus provides a solid foundation for coordinated action and suggests that the main challenge is implementation rather than agreement on the nature of the problem or general response approaches.

Different viewpoints

Role of civil society in ransomware response

Speakers

– Francesca Bosca
– Brendan Dowling
– Chelsea Smethurst

Arguments

Multi-stakeholder efforts including civil society organizations can provide victim-centered responses and ethical frameworks

Australia applies financial sanctions, travel restrictions, and conducts active disruption of ransomware infrastructure

Microsoft’s pilot program with Europol integrates private sector expertise with government investigatory powers

Summary

Francesca advocates for including civil society as a third pillar alongside government and private sector, emphasizing victim-centered approaches and ethical frameworks. However, other speakers focus primarily on government-private sector partnerships without explicitly including civil society organizations in their collaboration models.

Topics

Cybersecurity | Legal and regulatory

Unexpected differences

Emphasis on capacity building vs. enforcement

Speakers

– Francesca Bosca
– Brendan Dowling

Arguments

Inclusive capacity building across different sectors and geographies is essential for meaningful collaboration

Australia applies financial sanctions, travel restrictions, and conducts active disruption of ransomware infrastructure

Explanation

While both speakers acknowledge the global nature of the ransomware threat, Francesca emphasizes the need for inclusive capacity building and not assuming all stakeholders are at the same level, while Brendan focuses more on enforcement measures and active disruption. This represents an unexpected philosophical difference between capacity-building versus enforcement-first approaches.

Topics

Cybersecurity | Development

Overall assessment

Summary

The speakers showed remarkable consensus on the nature and scale of the ransomware threat, with disagreements primarily focused on implementation approaches rather than fundamental issues. Main areas of difference included the role of civil society in response efforts, preferred models for public-private collaboration, and emphasis between capacity building versus enforcement measures.

Disagreement level

Low to moderate disagreement level. The speakers demonstrated strong alignment on threat assessment and the need for collaborative responses, with differences mainly in tactical approaches and stakeholder inclusion. This suggests a mature policy discussion where the fundamental challenges are well understood, but implementation strategies are still evolving. The implications are positive for policy development, as the shared understanding of core issues provides a solid foundation for developing comprehensive responses that could incorporate multiple approaches.

Partial agreements

Similar viewpoints

Both speakers identify cryptocurrency and safe havens as fundamental enabling factors for ransomware operations, with cryptocurrency making financial tracking difficult and safe havens providing operational security for criminals.

Speakers

– Brendan Dowling
– Chelsea Smethurst

Arguments

Cryptocurrency enables long-range ransomware attacks and makes financial tracking more difficult for law enforcement

Safe havens where ransomware groups operate with impunity, primarily in Russia, enable continued criminal activity

Topics

Cybersecurity | Economic

Both speakers emphasize the importance of inclusive, multi-stakeholder approaches that consider the needs of vulnerable populations and smaller nations, advocating for capacity building and international cooperation.

Speakers

– Francesca Bosca
– Julie Rodríguez Acosta

Arguments

Multi-stakeholder efforts including civil society organizations can provide victim-centered responses and ethical frameworks

Small nations like El Salvador leverage international cooperation through UN, OAS, and bilateral partnerships to combat ransomware

Topics

Cybersecurity | Development

Both speakers focus on future-oriented solutions, emphasizing the potential of emerging technologies and the need for comprehensive capacity building to address ransomware challenges.

Speakers

– Chelsea Smethurst
– Francesca Bosca

Arguments

Artificial intelligence tools show promise for evolving countermeasures against ransomware attacks

Inclusive capacity building across different sectors and geographies is essential for meaningful collaboration

Topics

Cybersecurity | Development

Key takeaways

Ransomware has evolved from a cybersecurity issue to a national security threat requiring whole-of-society responses, with attacks growing 275-300% in the past year

The ransomware-as-a-service model has democratized cybercrime by lowering barriers to entry and enabling non-technical criminals to conduct sophisticated attacks

Cryptocurrency and safe haven jurisdictions (primarily Russia) are key enablers that make ransomware profitable and difficult to prosecute

Critical infrastructure and vulnerable populations (healthcare, small nations, NGOs) are increasingly targeted due to their high sensitivity to disruption and limited cybersecurity resources

Successful counter-ransomware efforts require coordinated multi-stakeholder collaboration between governments, private sector, and civil society organizations

Attribution remains challenging with 52% of threat actors unattributed, though 54% of attributed actors are linked to Russia

Public-private partnerships must normalize government engagement and create safe information-sharing environments without regulatory consequences

International cooperation through mechanisms like the UN framework, Budapest Convention, and Counter Ransomware Initiative is essential but implementation remains insufficient

Resolutions and action items

Australia’s mandatory ransomware payment reporting scheme to improve collective response and information sharing

Microsoft’s pilot program with Europol to integrate private sector expertise with government investigatory powers

Cyber Peace Institute’s two-phase project to map ransomware threat actors globally and evaluate state compliance with UN cyber norms

El Salvador’s advocacy for stronger UN language addressing ransomware and support for establishing permanent mechanisms for international cooperation

Australia’s deployment of assistance teams to help Tonga recover from ransomware attacks on their National Health Information Service

Unresolved issues

How to effectively address safe haven jurisdictions where ransomware groups operate with impunity, particularly Russia’s non-cooperation

Developing scalable models for public-private collaboration that can be replicated across different countries and sectors

Creating inclusive capacity building programs across different geographies and sectors to address varying levels of cybersecurity readiness

Establishing effective mechanisms for cryptocurrency tracking and regulation to disrupt ransomware financial flows

Determining the role of blockchain technology in mitigating cyber threats, with limited current research available

Addressing the challenge that over 90% of successful ransomware attacks target unmanaged devices in under-resourced organizations

Developing victim-centered response protocols and ethical frameworks for ransomware incidents

Suggested compromises

Creating safe spaces for private sector engagement with government where shared information will not be used for regulatory purposes

Balancing mandatory reporting requirements with incentives for voluntary cooperation and information sharing

Leveraging international organizations and bilateral partnerships to help smaller nations access cybersecurity capabilities they cannot develop independently

Integrating civil society organizations into public-private partnerships to provide victim-centered perspectives and ethical frameworks

Using the UN’s future permanent mechanism to focus on practical implementation of existing norms rather than creating new commitments

What we’re seeing at the moment in Pacific Islands, some countries with populations fewer than 100,000 people are being targeted by cybercrime groups operating out of Russia. Last week, the National Health Information Service in Tonga was shut down by a ransomware attack… At the moment, in hospitals in Tonga, people are using paper and pen to deliver healthcare to their people.

Speaker

Brendan Dowling

Reason

This comment powerfully reframes ransomware from a technical cybersecurity issue to a humanitarian crisis affecting the most vulnerable populations. It demonstrates the global reach and indiscriminate nature of ransomware attacks, challenging assumptions about who gets targeted.

Impact

This vivid example set the tone for the entire discussion, establishing ransomware as a human-centered issue rather than just a technical problem. It influenced subsequent speakers to adopt similar human-impact framing and contributed to the panel’s emphasis on ransomware as a national security threat.

For anyone who thinks ransomware is a technical issue, out of that incident, we saw women and families facing domestic violence from partners who weren’t aware of the health treatment that their spouse or their mother or their sister had been seeking, and had to be moved to safe houses to escape violent partners or former partners. These are not cyber issues. These are not technical issues. These are whole of nation security and safety issues.

Speaker

Brendan Dowling

Reason

This comment fundamentally challenges how ransomware is categorized and understood, revealing unexpected cascading social consequences that extend far beyond the immediate cyber incident. It demonstrates how data breaches can trigger real-world violence and endanger lives.

Impact

This observation became a central theme throughout the discussion, with multiple speakers subsequently emphasizing the societal and national security dimensions of ransomware. It helped shift the conversation from technical solutions to whole-of-society responses.

This crime type didn’t exist before cryptocurrency. Cryptocurrency enabled the long-range launching of ransomware attacks across the globe.

Speaker

Brendan Dowling

Reason

This insight identifies cryptocurrency as the fundamental enabler that transformed ransomware from a localized nuisance into a global threat. It provides a clear causal link between financial innovation and criminal evolution.

Impact

This observation was picked up by multiple subsequent speakers who elaborated on cryptocurrency’s role in ransomware operations. It helped frame the discussion around the intersection of financial technology and cybercrime, influencing later conversations about blockchain and financial tracking.

We also see cases where ransomware has been used, not primarily for financial gain, but as a vector to conduct denial-of-service attacks that affect the availability of system and national space… This attack disrupted essential public services and compromised the confidentiality of citizens’ personal data… it undermines public trust in the state’s ability to secure a digital system.

Speaker

Julie Rodríguez Acosta

Reason

This comment introduces a crucial distinction between financially-motivated ransomware and state-linked operations with broader strategic objectives. It highlights how ransomware can be weaponized to undermine governmental legitimacy and public trust.

Impact

This insight elevated the discussion to the level of international relations and state security, influencing the moderator’s subsequent questions about state accountability and the role of multilateral institutions in addressing ransomware threats.

So it’s as far as I can tell the only type of crime or cyber crimes the only type of crime where the private sector is dominating both on crime prevention but also handling the incident and dealing with the aftermath

Speaker

Vilda (audience member)

Reason

This observation from a criminologist provides a unique analytical framework that distinguishes ransomware from all other crime types. It highlights an unprecedented shift in crime response dynamics where traditional government roles have been largely assumed by private entities.

Impact

This comment prompted detailed responses from government representatives about public-private cooperation models and sparked discussion about the need to normalize government engagement in ransomware incidents. It helped frame the final portion of the discussion around collaborative response models.

We have this service industry where you can talk to a liaison person or a broker who will connect you with the person who will conduct the initial attack on a system… So it is now an accessible crime type. And for most ransomware groups, they will just take 20% of the profit from the attack that you conduct. So it’s become democratised, industrialised, and it is ubiquitous.

Speaker

Brendan Dowling

Reason

This comment reveals the sophisticated business model behind modern ransomware operations, showing how it has evolved from individual hacking to an organized criminal industry with specialized roles and profit-sharing structures.

Impact

This insight was reinforced by other speakers who discussed ‘ransomware as a service’ and influenced the discussion about why ransomware attacks have increased so dramatically. It helped explain the scalability and accessibility that drives the current ransomware epidemic.

Overall assessment

These key comments fundamentally transformed what could have been a technical cybersecurity discussion into a comprehensive examination of ransomware as a multifaceted global crisis. Dowling’s vivid examples of human impact in Tonga and Australia established an emotional and humanitarian foundation that influenced all subsequent speakers to frame their contributions in terms of real-world consequences rather than abstract technical challenges. The identification of cryptocurrency as the foundational enabler provided a clear analytical framework that other speakers built upon. The distinction between criminal and state-linked ransomware operations elevated the discussion to matters of international security and diplomacy. Finally, the criminologist’s observation about the unique public-private dynamics in ransomware response opened up crucial questions about governance and collaboration models. Together, these insights created a rich, multi-dimensional conversation that addressed technical, social, economic, political, and humanitarian aspects of the ransomware threat, demonstrating how individual thought-provoking observations can elevate and redirect an entire policy discussion.

How is it possible that despite the fact that we all know what ransomware is, it’s still having such a devastating impact on cyber security?

Speaker

Giacomo Paoli Persi

Explanation

This fundamental question about the persistence of ransomware despite awareness was posed at the beginning but not fully answered, requiring deeper investigation into the gap between knowledge and effective countermeasures

Is there any research on how blockchain deployment is correlated to the mitigation of cyber threats? If no, how do we promote this research topic? And if yes, what is the outcome?

Speaker

Online participant (via Michael Karamean)

Explanation

This question about blockchain’s potential role in cybersecurity mitigation was only partially addressed, with speakers acknowledging their knowledge was outdated and suggesting need for current research

How to use blockchain for ransomware resistance and incident attribution

Speaker

Francesca Bosca

Explanation

Francesca expressed specific interest in exploring blockchain applications for ransomware defense and attribution, indicating this as a promising research direction

How you can integrate blockchain with AI for automated threat detection

Speaker

Francesca Bosca

Explanation

This represents an emerging area combining two technologies that could enhance cybersecurity capabilities but requires further investigation

Research into exploitable and exploited infrastructure used for multiple criminal activities beyond ransomware

Speaker

Francesca Bosca

Explanation

Phase two of the Cyber Peace Institute’s research will investigate how the same infrastructure is used for various crimes, which is currently under-researched

What are the opportunities (weaknesses of the system) that criminals exploit, beyond just the means they use

Speaker

Giacomo Paoli Persi

Explanation

The moderator noted there’s insufficient focus on the ‘opportunities’ aspect of criminal behavior in ransomware, suggesting need for more research on systemic vulnerabilities

How creative uses of artificial intelligence tools will evolve to counter ransomware in the coming years

Speaker

Chelsea Smethurst

Explanation

Chelsea expressed interest in seeing how AI countermeasures against ransomware will develop, indicating this as an important area for ongoing research and development

Development of model laws or legislation for countries that need regulatory frameworks to intervene against ransomware

Speaker

Giacomo Paoli Persi

Explanation

The moderator suggested this as a potential area for UN work, noting that some states may lack legal frameworks to take action against ransomware operations in their territory

How to build inclusive capacity building work streams across different sectors and geographies

Speaker

Francesca Bosca

Explanation

Francesca emphasized the need for comprehensive capacity building research and implementation, noting that not all stakeholders are at the same level of understanding or capability