Uncategorized Archives | Page 44 of 138 | Digital Watch Observatory

Session at a glance

Summary

This discussion focused on addressing international crimes enabled by cyber operations, specifically examining how international criminal law can strengthen global cybersecurity and prosecute core international crimes committed through digital means. The session was jointly hosted by the International Criminal Court (ICC) and Microsoft, featuring experts from policy, private sector, and civil society backgrounds.

Professor Marko Milanović, Special Advisor to the ICC’s Office of the Prosecutor, outlined the forthcoming ICC policy on cyber-enabled crimes, which explains how the Rome Statute applies to international crimes committed or facilitated by cyber means. The policy addresses war crimes, genocide, crimes against humanity, and aggression that involve digital technologies, emphasizing that the ICC is prepared to prosecute those who use technology to commit these serious crimes. Examples include using AI to facilitate attacks on civilians, disseminating humiliating imagery of prisoners of war online, or conducting direct incitement to genocide through social media.

Panelists highlighted several critical challenges in investigating and prosecuting cyber-enabled crimes. Estonian prosecutor Kati Reitsak emphasized the importance of international partnerships and trust-building, noting similarities between organized crime and international crimes in their cross-border nature. The preservation and authentication of digital evidence emerged as a major concern, particularly given that these cases can take decades to prosecute while digital evidence is ephemeral and easily altered.

Microsoft’s Michael Karimian discussed the private sector’s crucial role in evidence collection, attribution, and international cooperation, while acknowledging potential conflicts of interest when tech companies provide services to various parties in conflicts. Civil society representatives Katitza Rodriguez and Chantal Joris stressed the importance of adhering to international human rights standards during investigations and avoiding overly broad surveillance powers that could undermine the very evidence needed for prosecutions.

The discussion concluded that while existing international criminal law is adequate for addressing cyber-enabled crimes, success requires unprecedented cooperation between states, private sector entities, and civil society organizations to overcome the unique challenges posed by the digital nature of these crimes.

Keypoints

## Major Discussion Points:

– **ICC’s Proposed Policy on Cyber-Enabled International Crimes**: The International Criminal Court’s Office of the Prosecutor is developing a groundbreaking policy document that explains how existing Rome Statute crimes (genocide, war crimes, crimes against humanity, and aggression) can be committed or facilitated through cyber means, rather than creating new categories of crimes.

– **Evidence Collection and Preservation Challenges**: Panelists extensively discussed the unique difficulties of collecting, preserving, and authenticating digital evidence in cyber-enabled crimes, including issues with evidence disappearing quickly, the need for rapid response, maintaining chain of custody over decades-long investigations, and the risk of platforms deleting crucial evidence.

– **Multi-Stakeholder Cooperation and Partnerships**: The discussion emphasized the critical importance of collaboration between various actors including international courts, national prosecutors, private sector companies (especially tech platforms), civil society organizations, and intelligence agencies to effectively investigate and prosecute these cross-border crimes.

– **Human Rights Considerations and Conflicts of Interest**: Significant attention was given to ensuring that investigations respect international human rights law, avoid legitimizing mass surveillance or repressive practices, and manage potential conflicts of interest when tech companies both hold evidence and provide services that may facilitate crimes.

– **Practical Implementation and Case Prioritization**: The panel explored which types of cases might be prioritized initially (starting with smaller, less complex cases), the challenges of attribution in sophisticated cyber operations, and how traditional legal frameworks need to adapt to address the unique aspects of cyber-enabled international crimes.

## Overall Purpose:

The discussion aimed to explore the legal, operational, and technical challenges involved in prosecuting international crimes committed through cyber means, highlighting the ICC’s forthcoming policy as a significant milestone while examining the roles of various stakeholders in strengthening global cybersecurity and accountability for core international crimes.

## Overall Tone:

The discussion maintained a professional, collaborative, and forward-looking tone throughout. Participants demonstrated expertise while acknowledging the complexity and novelty of the challenges. The tone was constructive and solution-oriented, with panelists building on each other’s points and offering practical insights. There was a sense of cautious optimism about the potential impact of the ICC’s policy, balanced with realistic assessments of the significant challenges ahead. The atmosphere remained respectful even when addressing sensitive topics like conflicts of interest and human rights concerns.

Speakers

**Speakers from the provided list:**

– **Harriet Moynihan** – Head of Accountability in International Law at the Oxford Institute of Technology and Justice at the Blavatnik School of Government, University of Oxford; Associate Fellow in the International Law Programme at Chatham House; Session moderator

– **Marko Milanović** – Professor; Special Advisor to the International Criminal Court, specifically to the Office of the Prosecutor on Cyber Enabled Crimes

– **Chantal Joris** – Senior Legal Officer at Article 19; focuses on freedom of expression

– **Katitza Rodriguez** – Policy Director for Global Privacy at the Electronic Frontier Foundation

– **Michael Karimian** – Director of Digital Diplomacy at Microsoft

– **Kati Reitsak** – Prosecutor at the State Prosecutor’s Office of the Republic of Estonia; has over 10 years of experience combating organized crime and recently moved to dealing with international law and international crimes

– **Audience** – Various audience members who asked questions during the Q&A session

**Additional speakers:**

– **Chelsea Smith-Hurst** – Microsoft representative; helped with online moderation questions during the Q&A (mentioned but did not speak in the transcript)

– **Joeri Bokovoy** – Finnish Green Party member; audience questioner

– **Aaron Clements-Hunt** – Works for the Heartland Initiative; audience questioner

– **Vilda** – Criminologist; audience questioner

– **Christian Faizili** – Public prosecutor from the Democratic Republic of Congo; audience questioner

– **Meredith** – Works with the Business and Human Rights Resource Center; audience questioner

Full session report

# Addressing International Crimes Enabled by Cyber Operations: A Comprehensive Discussion Report

## Introduction and Context

This discussion, jointly hosted by the International Criminal Court (ICC) and Microsoft, brought together leading experts from policy, private sector, and civil society backgrounds to examine how international criminal law can address core international crimes committed through digital means. The session was moderated by Harriet Moynihan, Head of Accountability in International Law at the Oxford Institute of Technology and Justice, and featured distinguished panellists including Professor Marko Milanović, Special Advisor to the ICC’s Office of the Prosecutor on Cyber Enabled Crimes, alongside representatives from civil society organisations, the private sector, and national prosecution services.

The discussion centred on the ICC’s forthcoming policy on cyber-enabled crimes, which represents a groundbreaking initiative in international criminal law. This policy addresses how existing Rome Statute crimes—genocide, war crimes, crimes against humanity, and aggression—can be committed or facilitated through cyber means, rather than creating entirely new categories of international crimes.

## The ICC’s Policy on Cyber-Enabled International Crimes

### Policy Framework and Scope

Professor Marko Milanović outlined the comprehensive nature of the ICC’s proposed policy, explaining that it focuses on applying existing international criminal law to cyber-enabled crimes rather than expanding the Rome Statute’s scope. The policy addresses four core areas: genocide, war crimes, crimes against humanity, and aggression when committed through digital technologies. Additionally, it covers offences against the administration of justice under Article 70 of the Rome Statute, such as hacking court systems or intimidating witnesses through cyber means.

Milanović provided specific examples of cyber-enabled crimes the ICC is prepared to prosecute: using artificial intelligence to facilitate attacks on civilians, disseminating humiliating imagery of prisoners of war online, conducting direct incitement to genocide through social media platforms, and attacks on critical infrastructure that could cause severe humanitarian consequences. He emphasised that the policy serves dual purposes: providing internal guidance for the Office of the Prosecutor’s operations and communicating publicly how the Rome Statute applies to cyber-enabled crimes.

### Civil Society Support and Human Rights Considerations

Civil society representatives strongly supported the policy’s approach of focusing on existing Rome Statute crimes rather than creating new categories. Katitza Rodriguez from the Electronic Frontier Foundation noted that this approach helps avoid overly broad cybercrime laws that could undermine human rights. She emphasised that all investigations must respect international human rights law frameworks, including principles of necessity, legality, proportionality, and transparency with proper oversight mechanisms.

Chantal Joris from Article 19 reinforced these concerns, highlighting that whilst internet shutdowns and mass surveillance often violate freedom of expression and can exacerbate harms for communities impacted by conflict, most do not rise to the level of international crimes. She specifically noted that direct attacks on ICT infrastructure and internet shutdowns could potentially constitute international crimes depending on their scale and impact.

## Evidence Collection and Preservation Challenges

### Digital Evidence Vulnerabilities

One of the most significant challenges identified relates to the unique nature of digital evidence in international crimes prosecutions. Katitza Rodriguez highlighted the fundamental challenge: “evidence in this context must last. We are talking about 10, 20, 30 years. A video recorded today might remain courtroom ready for a long period of time, even 20 years from now. One mobile phone clip can expose a massacre and be published on YouTube. An algorithm can delete that proof forever.”

Rodriguez provided a specific example of YouTube’s automatic extremism filter purging channels and videos of human rights researchers and journalists documenting Syrian conflicts, illustrating how platform content moderation policies can inadvertently destroy crucial evidence. She also referenced the Guatemala National Police Archive case and Patrick Ball’s work on statistical analysis of human rights violations, demonstrating how digital documentation can provide crucial evidence for accountability efforts.

### Technical and Procedural Requirements

Michael Karimian from Microsoft detailed the technical complexities involved in evidence preservation, emphasising that digital evidence requires rapid identification and preservation using sophisticated technical capabilities. Estonian prosecutor Kati Reitsak reinforced these concerns from a practical perspective, explaining that investigators must preserve and collect evidence following strict standards to ensure admissibility in court, particularly given that digital evidence is heavily contested.

Reitsak also highlighted the need to overcome institutional siloing, noting that successful cyber-enabled crime investigations require cooperation between different units within law enforcement agencies, such as cybercrime units and international crimes units. She compared this to organised crime investigations, which also require extensive technical capabilities and cross-border cooperation.

## Multi-Stakeholder Cooperation and Partnerships

### The Essential Role of Private Sector Cooperation

Throughout the discussion, there was strong consensus that private sector cooperation is essential for successfully prosecuting cyber-enabled international crimes. Michael Karimian outlined the crucial roles that private companies play in rapid evidence preservation, attribution, cross-border cooperation, and ensuring procedural integrity in investigations.

Karimian explained that attribution—one of the most complex challenges in prosecuting cyber-enabled crimes—requires the ability to track activity across different digital infrastructures and jurisdictions, capabilities that often reside primarily within private companies. He noted that successful investigations require judicial frameworks with international partners and technical expertise that goes beyond traditional law enforcement capabilities.

### Trust and Cross-Border Cooperation

Kati Reitsak emphasised the critical importance of personal connections and trust between partners in successful cross-border investigations. She noted that these investigations require swift action and reliable information sharing, which depends not only on formal frameworks but also on established relationships between investigators across different jurisdictions.

Reitsak provided examples of successful prosecutions in France, the Netherlands, and Norway for Syria-related cases, and mentioned Estonia’s specific rules about in absentia proceedings and the genocide network at Eurojust as examples of effective cooperation mechanisms.

### Civil Society as Evidence Holders

Civil society organisations emerged as crucial stakeholders in the evidence ecosystem. Rodriguez highlighted that civil society organisations often hold crucial evidence and documentation that may be the last remaining proof of atrocities, requiring collaboration with prosecutors. This positions civil society not merely as advocates but as essential partners in the investigative process.

## Conflicts of Interest and Corporate Accountability

### The Dual Role of Technology Companies

One of the most challenging aspects of the discussion concerned the complex position of technology companies in cyber-enabled international crimes. Chantal Joris identified a fundamental tension: “The reality is as well that very often those same tech companies are the ones that provide services to conflict parties, cloud computing services, surveillance technologies, AI capabilities that are also very much needed to perpetrate those exact crimes that the policy seeks to address.”

This tension became particularly evident during the question-and-answer session, when Aaron Clements-Hunt directly questioned Microsoft’s provision of services to Israeli entities whilst simultaneously positioning itself as a partner in international justice efforts. This exchange illustrated the real-world complexities of public-private partnerships in this space.

### Managing Corporate Responsibility

In response to civil society feedback, Milanović noted that the ICC policy will include language acknowledging potential criminal responsibility of corporate executives, representing an attempt to balance the need for private sector cooperation with recognition of their potential liability. This represents a significant development in how international criminal law addresses corporate involvement in international crimes.

## Case Prioritisation and Prosecution Strategy

### Different Strategic Approaches

The discussion revealed different perspectives on how the ICC should begin prosecuting cyber-enabled crimes. Professor Milanović advocated for starting with smaller, less complex cases, particularly Article 70 offences against the administration of justice, such as hacking court systems. He argued that “a good way to start would be, for example, an Article 70 case, so a case about the administration of justice. Somebody hacks the court… Those are easier cases to deal with.”

Michael Karimian offered a different perspective, arguing that cases involving widespread harm to critical infrastructure and essential services should be prioritised because they pose substantial risks to human life and send clear international signals.

Kati Reitsak supported the general principle of starting with smaller cases but suggested that war crimes or crimes against humanity cases would be preferable starting points as they provide broader possibilities for establishing new legal precedents in cyber-enabled crime prosecutions.

## Practical Challenges and Unresolved Issues

### Attribution and Technical Complexity

Attribution emerged as one of the most significant technical challenges in prosecuting cyber-enabled crimes. The discussion acknowledged that sophisticated cyber operations often involve multiple layers of obfuscation designed specifically to complicate attribution efforts, requiring extensive technical expertise and international cooperation.

### Outstanding Questions from Practitioners

Several practical questions remained unresolved during the discussion. Christian Faizili from the Democratic Republic of Congo raised a specific concern about how prosecutors can prove command responsibility via digital traces when forensic laboratories are destroyed in conflict zones, highlighting the intersection between traditional conflict dynamics and new technological challenges.

Questions were also raised about gaming platforms and voice chat monitoring, illustrating the breadth of digital spaces where potential evidence of international crimes might be found.

### Institutional Capacity Gaps

Both Reitsak and Karimian acknowledged that traditional law enforcement institutions often lack sufficient technical capabilities for complex cyber investigations. This represents a significant institutional challenge that requires law enforcement agencies to develop new capabilities or rely heavily on external expertise.

## Human Rights Safeguards and Concerns

### Avoiding Legitimisation of Mass Surveillance

Civil society representatives consistently emphasised the importance of ensuring that cyber-enabled crime investigations do not legitimise mass surveillance or repressive practices. Rodriguez specifically warned against the ICC relying on evidence gathered through abusive surveillance powers, arguing that this could undermine both the legitimacy of prosecutions and the broader human rights framework.

### Platform Policies and Content Moderation

The discussion highlighted concerns about platform content moderation policies that may inadvertently destroy evidence. Rodriguez noted that platforms face incentives to mass delete information to avoid liability, potentially destroying evidence before courts can examine it. This prompted discussion about the need for platforms to implement public interest exceptions for content with educational, documentation, or newsworthy value.

## Broader Impact and Future Directions

### The ICC’s Leadership Role

Multiple speakers emphasised that the ICC’s policy will likely have impact far beyond the ICC itself. Harriet Moynihan described it as “a groundbreaking initiative that can lead the way for national jurisdictions and set important legal precedents.” Kati Reitsak noted that national courts can look to the ICC as a beacon and be encouraged by its systematic approach to cyber-enabled international crimes.

### Policy Development Timeline

The discussion concluded with concrete next steps for policy development. The ICC Office of the Prosecutor has received many comments during the public consultation phase and will take these on board as they revise the draft policy. The policy is expected to be formally promulgated at the Assembly of States Parties later this year.

### Supporting Research and Documentation

The UC Berkeley Human Rights Center’s submission to the Office of the Prosecutor regarding Mali was mentioned as an example of academic institutions contributing to the development of this area of law. Additionally, ongoing research efforts are supporting the practical implementation of the policy framework.

## Conclusion

This discussion represented a significant milestone in the development of international criminal law’s response to cyber-enabled crimes. The ICC’s forthcoming policy addresses a critical gap in international justice mechanisms by providing a framework for prosecuting serious international crimes committed through digital means.

The conversation revealed both the promise and the challenges of this initiative. While there was broad support for the policy’s approach and recognition of the need for multi-stakeholder cooperation, significant practical challenges remain around evidence preservation, attribution, conflicts of interest, and the development of new institutional capabilities.

Perhaps most importantly, the discussion demonstrated that addressing cyber-enabled international crimes requires extensive cooperation between diverse stakeholders with different capabilities and perspectives. The success of this effort will depend on building trust between partners, managing conflicts of interest, and developing new technical and legal capabilities that bridge traditional boundaries between different sectors and jurisdictions.

As the ICC moves forward with implementing this policy, the frameworks and partnerships developed through this initiative will likely prove crucial for maintaining accountability for international crimes in the digital age. The broad engagement from various stakeholders suggests a strong foundation for this work, while the practical challenges identified highlight areas where continued development and cooperation will be essential.

Session transcript

Harriet Moynihan: At this point, Harriet was tired when she heard that she would no longer be on time and was decided to quit. Relax. Relax We are all women. We are all women. Is this… a quake? I thought it was a quake. So they will give you a sign? I’m not sure. Well, good afternoon everyone. Both to those of you who are joining us here in the room and those of you joining us online. Welcome to… to this session on addressing international crimes enabled by cyber operations. I’m Harriet Moynihan, I’m Head of Accountability in International Law at the Oxford Institute of Technology and Justice at the Blavatnik School of Government, University of Oxford. I’m also an Associate Fellow in the International Law Programme at Chatham House and I’m delighted to be moderating this session. I’m also going to be joined online by Chelsea Smith-Hurst of Microsoft, who’s going to be helping with online moderation questions once we get into the Q&A. Today we’re going to look at how international criminal law within both national and international judicial settings can help to strengthen global cyber security and address core international crimes which are committed through cyber means. And of course by international crimes we mean war crimes, genocide, aggression and crimes against humanity. And this session is going to highlight the forthcoming policy of the International Criminal Court on international crimes committed by cyber means and that’s obviously a significant milestone in investigating and prosecuting such crimes at the international level. This session is being hosted jointly by the International Criminal Court and by Microsoft and I’m delighted to say that both are represented here today. And in this panel we’re going to have the opportunity to explore some of the legal, operational and technical challenges in this area by hearing from a range of experts from policy makers to private sector, to civil society and the special advisor to the International Criminal Court on cyber enabled crimes. And I should add that at Chatham House where I’ve been working we’re conducting a research project on this very issue which seeks to complement the work of the International Criminal Court and we’re going to be publishing a research paper that dives into some of the broader legal and practical issues around this area and that paper will be published in January. Today our panellists are going to look at the evolving cyber threat landscape, challenges in the collection and attribution of evidence, the need for stronger multi-stakeholder cooperation in this area, and ways to strengthen accountability generally. And the way that we’re going to do this is we’re going to have a moderated panel discussion, and then we’re going to open it up to Q&A, both from you here in the audience and those of you joining us online. But before that, let me introduce our speakers. We’re joined online by two speakers, first of all Professor Marko Milanović, who amongst many other roles is the Special Advisor to the International Criminal Court, specifically to the Office of the Prosecutor on Cyber Enabled Crimes. Welcome Marko. Also joining us online, we have Michael Karimian, who’s Director of Digital Diplomacy at Microsoft. And here in the room, the stellar panel continues. We have Kati Reitsak, who’s a prosecutor at the State Prosecutor’s Office of the Republic of Estonia. We have Chantal Joris, who’s Senior Legal Officer at Article 19. And last but not least, we have Katica Rodriguez, Policy Director for Global Privacy at the Electronic Frontier Foundation. I’d like to start the conversation by turning to Marko. Marko, could you set the scene for us a bit by telling us a bit more about the Office of the Prosecutor’s proposed policy in this area? How does it relate to the various initiatives that are going on worldwide in relation to cyber crimes? And what does it mean for the work of the International Criminal Court? Thank you so much, Kerit.

Marko Milanović: And allow me to welcome everybody, both online and offline, also on behalf of the Office of the Prosecutor of the ICC, to this event that we have jointly organized together with Microsoft. And thank you so much, Kerit, for moderating the panel. The Office of the Prosecutor launched this effort to formulate a policy document, which will be used both for its internal purposes, but also for communicating with the public, which does several things. It explains how the Rome Statute of the International Criminal Court can be applied to the commission or facilitation of international crimes by cyber means. That’s the first thing it does. It also explains how other than the core international crimes, also the offenses against the administration of justice, which interfere with the working of the court as such, can also be committed and facilitated by cyber means. And then it goes on into various practical questions about the investigation, prosecution of these crimes, about the cooperation that the office needs to have with national authorities and the capacities that the office needs to build to essentially be able to investigate these offenses properly. So that is the point of this policy. The policy has now finished the public consultation phase. We have received many comments from states, from civil society, including organizations represented at this panel, from academics, from various other stakeholders, which we will take on board. And the policy will then be revised and adopted by the Office of the Prosecutor and formally promulgated at the Assembly of States Parties later this year. So that is the core idea of this policy. And the message that the Office of the Prosecutor essentially wants to send is that it is ready, it is prepared to prosecute those who use these technologies to commit international crimes. Here, it is really important to emphasize as Harriet did in her introduction, that we’re not talking here about normal, ordinary cybercrime like hacking, unauthorized access to a computer system, fraud, the dissemination of imagery of child sexual abuse, and so on. What we’re here talking about is genocide, war crimes, feminism, anti-aggression, and all of these crimes, including offenses against the administration of justice, can be committed by cyber means. AI, for example, can be used to facilitate attacks against civilians or the civilian population during an armed conflict, which is a war crime. Online technologies can be used to disseminate humiliating imagery of prisoners of war, which can also be a war crime, depending on the intensity of the suffering that these individuals are exposed to. Attacks against critical infrastructure, against airports, against air traffic control can qualify, for example, as murder, as a crime against humanity. Direct and public incitement to genocide can very easily be committed by social media, and so on. So that’s the core thing that the policy does. It really explains how cyber tools, including AI, can be used to commit these crimes. It also emphasizes the facilitation aspect. Many of these crimes can be committed, and most of them will be committed by traditional kinetic means, but cyber will be used to facilitate them. Everything from obtaining targets to conducting monetary transactions using cryptocurrency, for example, in a way that facilitates the commission of these crimes. The office is ready to prosecute these crimes, and that is the key signal that it wishes to send through this policy. and Marko Milanović, Harriet Moynihan, Kati Reitsak, Chantal Joris, Michael Karimian And also, perhaps, if you can talk about what makes a successful investigation when you’re looking at these cross-border type crimes.

Kati Reitsak: Thank you, Harriet. Thank you, everyone, for gathering here today, in here and online. So, yeah, it’s true. My main experience is more than 10 years combating organized crime. And just recently, I think maybe four or three years ago, I moved on to deal with cases concerned international law and international crimes. So, but there are so many similarities. If we are talking about core international crimes, there is very often a state actor at play. And if you are thinking about traditional organized crime, they often attempt to function as a state. within the state. It’s like a parallel force. It maintains the hierarchy with clearly defined roles and assignments. Organized crime also collects and distributes finances as they see fit, provides financial assistance to those who need and enforces its own system of punishment if someone were to break the rules. So, if we think in these concepts, we see that there are actually very many similarities between a wannabe state, like an organized crime group, traditional one, or a really legal state. So, we then have to assess both the jura and the facto powers of these persons acting within these systems and understand how these systems work kind of beneath the surface. Also, I have to say that in jurisdiction wise in Estonia there are also very many similarities. For example, core international crimes, Estonia exercises universal jurisdiction over them as they are considered as crimes that every state, every civilized state should be interested in prosecuting them. And the cross-border element is also something that is similar to those two. Because like organized crime, also crimes against humanity, they don’t know any state borders. And they are not limited by it, but they might seek profit all over. So, I think that what makes a successful investigation, both in organized crime and in crime against humanity, and in international crimes is a judicial framework with your partners. You have to have a very good partnership with all the other state and state actors. And if we are talking about criminal investigations, I think you all agree that information and evidence sharing is of the essence. And you have to trust the partner that you share your information and evidence with because otherwise you might be putting danger to your witnesses and your sources. So personal contacts that have always been very helpful in combating organized crime which acts cross-border and I think in international crimes as well. We have to build those personal connections because sometimes time is of essence. Especially if we are talking about cyber-enabled international crimes. Just tackling like a network, it needs to be very, very, very swift. And it is based on personal communication and personal sources. So it all comes down to willingness of the partners to investigate and get some good results. And of course as we go on, all the evidence is being very, very heavily contested in courts. As you see already, if you are looking at the media, you see that if there is a news clip already one of the parts of this clip might call it fake news. This is doctor, this is not true. So in this digital area that we are living in, it is very difficult to know what is the truth, true truth. and what is doctored. And therefore, for investigators also, it presents a challenge to preserve and collect evidence in a way that it will be fully admissible later on in a court of law. As I mentioned, these personal connections that we use to tackle organized crime with, they are also being formed at international level concerning international crimes. For example, I would just point out the genocide network at the moment in Eurojust. And do not be fooled by the name, it’s not only limited to genocide, but the members of this network actually share the experiences of investigating both war crimes and crimes against humanity as well. So I think I will stop here and thank you.

Harriet Moynihan: Thank you, Kati, and thank you for highlighting the importance of partnership and trust and cooperation and indeed giving examples of some of the forums that exist at the moment to try and promote that. And you mentioned the genocide network and the great work that they do. Michael, if I may turn now to you, and thank you for joining us online. The role of the private sector is very important in this space because, as we’re hearing, by their very nature, cyber-enabled crimes are likely to involve infrastructure that will traditionally be owned by the private sector. It might be social media companies, it might be cloud services, it might be computer networks. And so it would be really interesting to hear from you about what role you see for the private sector in this space, perhaps particularly in relation to things like collecting evidence, because obviously some platforms will hold evidence. How do prosecutors go about getting that evidence? Well, they’ll have to approach tech companies or they’ll have to go through states to do so. So any thoughts you have on that? in general but also in relation to evidence would be really interesting to hear. Over to you.

Michael Karimian: Absolutely and thank you Harriet not just for facilitating today’s discussion but also for the important work of yourself and colleagues at Chatham House and the research project that you’re undertaking and of course thank you to Marko and colleagues at the Office of the Prosecutor for their essential work in developing the policy. It’s been a real privilege to witness and support that work from the outset and I’m very glad to be part of this discussion today. Evidence preservation and collection in cyber-enabled international crimes presents a number of technical, legal and operational challenges and I think Microsoft’s experience could highlight several critical roles that the private sector can play in effectively addressing these challenges. Roles that are explicitly recognized in the ICC OTP’s forthcoming policy on cyber-enabled crimes and also further expanded upon in Chatham House’s important upcoming research. First I think rapid identification and preservation of digital evidence are crucial just as Kati was touching upon. Cyber-enabled crimes can often leave behind digital traces that are quite ephemeral and easily lost, deleted or altered and a number of technology companies have developed quite sophisticated technical capabilities for rapid detection, attribution and preservation of digital evidence. For example at Microsoft our digital crimes unit the DCU routinely uses advanced threat intelligence, machine learning and sophisticated analytics to identify and preserve relevant evidence from cyber operations swiftly and accurately and these capabilities allow companies like Microsoft to secure time-sensitive digital evidence long before traditional law enforcement methods can respond and that’s a critical element which is highlighted in the OTP’s drug policy as essential for successful prosecutions. Second, in terms of attribution, which is one of the most complex challenges in prosecuting cyber-enabled international crimes, the private sector brings unique technical capabilities. You know, accurate attribution requires the ability to track and correlate activity across different digital infrastructures and jurisdictions. And Microsoft’s global telemetry and network visibility, which is detailed quite extensively in our annual digital defense report, enables quite granular tracking of cyber-threat actors, including state-sponsored groups and sophisticated criminal networks. This capability aligns with Chatham House’s research, which emphasizes the need for robust technical partnerships to enhance prosecutorial confidence and attribution. Third, the cross-border nature of cyber-enabled crimes demands unprecedented international cooperation, not only among law enforcement, but significantly with the private sector. And again, the OTP’s draft policy explicitly underscores the importance of such cooperation networks, where you see emphasis on the value of private sector expertise in navigating jurisdictional complexities. And, you know, at Microsoft, we have firsthand experience with such cooperation, including partnerships like our recent collaboration with Europol, where investigators are being directly embedded within the European Cybercrime Center. Those types of partnerships really help to streamline international evidence sharing and overcome procedural hurdles, which, again, has been identified by Chatham House as a major bottleneck in prosecuting cyber-enabled crimes. Finally, in terms of ensuring evidence visibility in court, as we just touched upon, again, that requires private sector entities to follow quite rigorous standards in digital forensics and chain of custody management. At Microsoft, we have been proactively investing in building evidence handling capabilities compliant with international legal standards, again, recognizing the emphasis both OTP and Chatham House place on meeting rigorous. legal thresholds for evidence collection and admissibility. You know, by sharing best practices and technical standards, I think companies can also help court to build robust, credible cases against perpetrators. I guess I’ll end by saying that the private sector’s role seems to really extend far beyond just, you know, sort of passive cooperation, and instead it must really involve quite active partnership in evidence collection, attribution, international coordination, and ensuring procedural integrity. And Microsoft’s experience seems to be relatively consistent with the OTP’s forthcoming policy and Chatterhouse’s comprehensive analysis, all of which I think demonstrates that strong public-private collaboration is advantageous, but also indispensable for effectively prosecuting cyber-enabled international crimes.

Harriet Moynihan: Thanks, Michael. And I think what comes out of your remarks there is the fact that the private sector are involved throughout the process, from the very beginning of an investigation right through to evidence being submitted to court in a trial. And it’s also that word partnership coming out again, and thank you for the example you gave of the partnership with Europol. I’d like to turn now to another sector, another actor, civil society, and to you, Katitza. You work for the Electronic Frontier Foundation, and it would be really interesting to hear about what role you see for civil society here, how they can help, and perhaps maybe what the ICC

Katitza Rodriguez: should learn from the experience of civil society in this area. Okay, so thank you for the very kind invitation. We are actually really glad to see the prosecutors that draft policy on cyber-enabled crimes, especially because it explains how technology can be used to commit or facilitate crimes. Crucially, it sticks to Rome statute crimes rather than creating new types of crimes. This is important because it helps guard against the very pitfalls we have witnessed when a state has adopted overly broad cybercrime laws that have been used at the domestic level to undermine human rights. We submitted comments on the OTP policy consultation together with Derecho Digitales. We came up with a few recommendations. From time, I will just share a few ones. One is, and I will focus on evidence in this case. First, evidence in this context must last. We are talking about 10, 20, 30 years. A video recorded today might remain courtroom ready for a long period of time, even 20 years from now. One mobile phone clip can expose a massacre and be published on YouTube. An algorithm can delete that proof forever. Second, the Rome Statute is crystal clear that every investigation must fulfill or respect international human rights law. Meaning that the prosecutor and the authorities must gather detailed proof and detailed evidence under a framework of necessity, legality, proportionality, legitimate aim, and transparency and, of course, oversight mechanisms which are embedded in international human rights law and standards. And third, overly broad surveillance and cybercrime status have jailed journalists and silent dissidents. The ICC should ensure not to rely on evidence gathered through such abusive surveillance powers and avoid risk legitimizing repression and intentionally undermining its own cases. It’s the time for everyone to work together. to ensure justice can be delivered. And I think this is a good way of working holistically in these cases. And why does it matter? Because if the evidence disappears or it is tainted by abusive surveillance powers, the perpetrator walk free and the Rome Statue promise to victims is broken. And that’s serious things. I’m thinking on the Guatemala National Police Archive, 18 million pages of paper records were discovered in a collapsed warehouse. Later, using prosecution from disappearance and crimes against humanity, we had an interview with Patrick Ball, which is a data scientist analyst on the Human Rights Data Analysis Group, who told us that regime files have been central for documentary and data analytic evidence in trials of former heads of state in a couple of countries, where he identified patterns of repressions. In those cases, former dictators, police, and military leaders were convicted of war crimes, war crimes against humanity, disappearance, and genocide. Without contemporaneous record, and Patrick told us, our work, his work, would have been immensely harder. The digital age has not changed that lesson. It has merely shifted the evidence from dusty papers to bites. And so they rely a lot on preservations and collaborations with the courts to preserve the evidence. So for lack of time, I will focus on just one topic, which is improper incentives to destroy evidence. But there are other topics that we like to talk about, territoriality or about joint investigations, too. But on the improper incentives to destroy evidence, we are concerned that sometimes routine platforms functions are threatened with criminal or civil liability, and companies. When this happens, companies try to comply, over comply with the law to avoid fines, steep fines. This creates an incentive for companies to mass delete information, content that can be used in litigation, that can be used, can serve as evidence in courts. The result is that the very material prosecutors need in a case is wiped and possibly permanently destroyed before any court can see it. This is a case study. We have concerns of this global liability concerns and their own concerns about community standards. Platforms are being incentivized to delete conflict-related materials on a huge scale. And a paper that we wrote a few years back, where we document how YouTube used a new automatic extremism filter that was purging channels and videos of human rights researchers and journalists documenting Syrian conflicts. So our recommendation to the OTP is not only to caution about free expression, but also to ensure about the risk of destroying important evidence and the risk from state-compelling companies or companies voluntarily destroying evidence that can be used in courts. And we ask that much good can come from collaboration. And one of the things that could be done that the OTP should avoid is incentivizing these blanket takedowns orders and instead should encourage platforms and states to honor public interest exceptions so that content with educational documentation or newsworthy information remains online, even if it is not public. even if it’s graphic. So some of that is some of our concerns. NGOs, there are a lot of NGOs working in humanitarian response and in conflict documentations, whether contemporaneous or after the fact, may also hold the last, that we should collaborate with those NGOs because they may hold the evidence. And there are needs to ensure that, for instance, and that’s the words of my colleague, of this friend, Patrick Ball, that it’s documented cases and they use change of command and way of ensuring that the evidence is authenticated and that it still can serve in the court. And it can be done with a preservation order without relying on mass surveillance or abuse of surveillance powers that will end up not only, that will end up also impacting human rights. And I will stop here because of the five minutes.

Harriet Moynihan: Thank you so much. Thank you, Katitza. And you’ve really underlined the importance of international human rights law, which is always good to hear, and the role of civil society and the importance of preserving evidence, which is difficult when these cases can take so long. And now we have another voice here from civil society as well as Chantal being a very impressive international lawyer. So I’d like to turn to you, Chantal. I know you work for Article 19 focusing on freedom of expression. So it would be interesting to hear if you have any thoughts on how that fits into this place. Also, if you have anything you want to pick up from Katitza and if there are potentially any things that the ICC needs to be bearing in mind when it’s prosecuting these cases. Yes, absolutely. Thanks and thanks everyone for joining us at lunchtime or right after lunchtime.

Chantal Joris: Yeah, so I wanna agree with Katitza for sure. We think it’s a very important initiative together with many other human rights organizations. We have documented extensively the way in which digital rights violations, freedom of expression violations exacerbate harms. for Communities Impacted by Conflict or Prosecution or Crimes against Humanity, Occupation, and so on. So, we have, Article 19, been calling systematically on accountability mechanisms, also, for example, the International Court of Justice, as it assesses genocide cases, for example, in South Africa against Israel, to consider also the role of the human rights violations, free expression violations, digital rights violations, even if they may, in certain instances, directly amount to genocide or one of the other substantive crimes under the Rome Statute, but they certainly can play such an important contributing factor, be it in directly carrying out these more, perhaps, kinetic crimes, but also in contributing to a culture of impunity, in concealing evidence, and in potentially prolonging the situation of conflict or prolonging the situation in which these mass atrocities can take place. So, good initiative. Also, it will also be an important contribution, I mean, you mentioned there are so many discussions about how international law can apply, does it have responses to these new technologies, evolving technologies, so it’s also a very important contribution to that general discussion, I think. I think, perhaps, three main comments. So, we have also recommended that the policy, and of course the ICC, focus perhaps a bit more on direct attacks. Marko mentioned critical infrastructure, that should include also, of course, ICT infrastructure. For example, there is such an increased use now of internet shutdowns through various means, kinetic means, non-kinetic means. and others who are working on the digital transformation of the internet, the digital transformation of the internet by using the internet as a genetic means that have extreme implications now in conflict zones and, again, other zones impacted by atrocity crimes. And those should really also be considered more extensively. In fact, two certain forms of online harms have on human rights defenders, on journalists, on specifically those communities that, specifically in very restrictive information environments that we, of course, often see in those settings. They are key stakeholders, of course, for the evidence, to bring evidence to the prosecutor. I also want to mention, we’ve talked about the role of private entities, technology companies, and the policy does mention them as an important potential partner. It is a reality. They often hold important evidence. They might be able to assist and cooperate in the prosecution, investigation of crimes. The reality is as well that very often those same tech companies are the ones that provide services to conflict parties, cloud computing services, surveillance technologies, AI capabilities that are also very much needed to perpetrate those exact crimes that the policy seeks to address. So, I think that that sort of big challenge that we are facing, given that we have tech giants that are essentially used by every institution and every conflict actor at the same time, that needs to be spelled out better, I think, in the policy. And there needs to be a recognition that the ICC doesn’t only rely on them, but also needs to put them on notice of legal risks that are involved with the proliferation of these services. How to avoid unintended consequences? Again, Katitza has touched upon it, the responses to cyber security threats, cyber crimes, very often fall short of international human rights standards, both in terms of the substantive offences, but also in terms of how they are investigated. So I think it’s very important that there is a clear distinction between the OTP being active in investigating, prosecuting crimes under the Rome Statute, but not being too generous in extending cooperation with any domestic authorities that could go beyond what is really covered by the Rome Statute. And as a last point, I think that just means that it’s very important that any human rights consequences are really carefully considered, that is through engagement, close engagement with civil society. We have this Article 21, Paragraph 3 in the Rome Statute, of course, that says in terms of the substantive crimes, but also in terms of any prosecutions, human rights need to be considered. I think there is much to learn as well from human rights bodies, taking the example of the idea of cyber torture, for example, has been quite extensively looked at under human rights standards. I think those are aspects that also the ICC can learn from and also avoid, we’ve talked about this yesterday, any fragmentation of how, for example, a torture concept in the cyber domain is understood as opposed to in the human rights aspect. Thank you, Chantal, and thank you for mentioning the impact on civilians and

Harriet Moynihan: journalists and human rights defenders. It’s obviously quite easy to have these conversations in the abstract, but victims are and should be centred to this. You also mentioned conflicts of interest and thinking about how to manage those when partnerships are put together, which which are very necessary. I’d like to have a bit of a more relaxed conversation with the panel now just for a short time before I open it up to questions. While I’m doing so, please be thinking of questions that you might like to ask, both those of you in the room and those of you online. I think there’s a Zoom facility for raising questions, so do have them ready. Marko, if I may come back to you, it’s clear that what we’ve heard is that there’s all sorts of different ways in which cyber-enabled crimes can be carried out. For example, a commander using his phone to send a message to his troops to incite genocide. But at the other end of the spectrum, perhaps a massive cyber attack which uses very complex malware. We’ve also heard about mass surveillance. Obviously the ICC’s resources are finite. Do you have a sense of which kind of cases might be prioritised? And this is actually to all of the panel, but Marko perhaps to start with you. Are there some types of cases that would particularly benefit from being prioritised here under the new policy?

Marko Milanović: It’s a really interesting question, Harriet. Of course, it’s one that I cannot answer by reference to anything going on right now in the sense of what the Office is actually investigating. I will say two things. First of all, even today, even the most traditional kind of kinetic crime cases will involve digital evidence. All of my predecessors talked about digital evidence as sort of being indispensable to modern investigations. That’s true. So every kind of investigation that, for example, was dealt with by the tribunals for Yugoslavia or Rwanda a couple of decades ago would today involve analysing people’s phones, analysing social media postings, analysing various kinds of cyber operations, digital records and so on. So in that sense, every single ICC case will have a huge digital aspect. Our policy, though, does not mainly deal with that. Like, so, I mean, the whole question of digital evidence is so big that our policy only touches upon it. So, again, our main focus is really on how can a person be held responsible for enabling an international crime by cyber means, or by committing an international crime by cyber means. And if the question is, what’s the best first case, you know, my own sense would be, it would actually be nice to start relatively small. You know, so Michael talked about attribution being like a huge issue in many cyber operations. You know, it will be really difficult to prosecute a case, a first case dealing with, you know, super sophisticated state actors who are very well versed in hiding their tracks. You know, you don’t necessarily need to start off that way. You know, a good way to start would be, for example, an Article 70 case, so a case about the administration of justice. Somebody hacks the court, which has actually happened a few years ago. You know, somebody falsifies evidence before the court uses AI to submit fake evidence to the court, intimidates witnesses or prosecutors or judges by using online means. Those are easier cases to deal with. And, you know, if it was up to me, you know, a first digital or cyber case would be something fairly modest rather than something enormous. But, you know, I think that’s a good way of testing various abilities and capabilities. But it really all depends on the facts. It really all depends on what the prosecutors have before them at any given time.

Harriet Moynihan: Thanks, Marko. Starting small sounds sensible in this area, which is pretty new and cutting edge, and establishing a good precedent would be good. Opening up to the other critics, what are your thoughts? Well, I’m not a prosecutor, but I have an idea.

Katitza Rodriguez: I’m not an expert on the Roma status, I will defer that to the experts, but an idea that I have and that we have been discussing in my office is that investigated use of cross-border malware campaign that are targeted against ethnic groups and against the diaspora community that have been used actually for transnational repression, but we are wondering to what extent to understand the scope and the impact of those campaigns against this ethnic group in order to see whether they may rise to the level of a Roma status crime or not. They may or may not, but there’s so much we don’t know about the scope and the scale and purpose of the use of malware in this context, so I would try to learn more of those details. And of course, we may find, as the policy seems to suggest, that some of these are facets of larger campaigns and persecutions that have both online and offline campaigns. And that’s why, just tying to the submission, when we were talking about the definition of cyber, we were saying that it can be used not only to directly harm people, but in order to identify targets from other attacks too. They could be used to locate targets for a physical attack, for physical persecution, but so we do envision and we hope that perhaps malware and other mechanisms would turn out to be part of this larger pattern again with online and offline elements. So it’s not only also about the data, it’s not just about the physical, but when it comes to, you know, attacks against ethnic groups that have led to actually death, disappearance and repression.

Harriet Moynihan: Thank you. And that actually relates to a question I had, which is, obviously, as I said, the ICC’s resources are somewhat limited, and the draft policy makes clear that the prosecutor’s only going to pursue the gravest cases, and in traditional cases that usually… does mean death and serious injury. But in the cyber-enabled crimes context, do we need to think about gravity more broadly or differently? Chantal, did you have any thoughts on that or on anything that Katitza said in this regard, which some of the points that Katitza herself was making?

Chantal Joris: I mean, perhaps I would agree with Marko starting small is a good idea. I think also starting small could mean, again, for example, prosecuting a crime against humanity and explicitly recognising the chapeau elements, like what are indications of a widespread systemic attack on the civilian population that is needed for a crime against humanity? And there, looking at questions around internet shutdowns, mass surveillance and so on, or looking at a war crime around impeding humanitarian assistance, looking at has this happened also through attacks. So it could also be another way to just more emphasise that role in the commission of more kinetic attacks. I think also when it comes to what you mentioned around the assessment of harm, assessment of gravity is obviously very complicated as we have these more sort of kinetic, physical notions of harm. I think at least, I mean, there are so many, on the one hand, indirect consequences. Again, a shutdown might, you know, kill someone because they can’t communicate with the hospital, or even further down the line, there can be psychological consequences. So other types of harms, but I also think we should not completely forget any sort of broader societal impacts, economic impacts. They might not neatly fit under any of the crimes under the Rome Statute, but I do think they need to be considered as well, and the ICC should be cognisant of those broader effects of what a mass surveillance campaign can produce within a population, and consider those aspects as well.

Harriet Moynihan: Thank you. Katy, as a prosecutor, I can’t resist asking you, what would be your sort of first kind of case? What would you be? I suppose there’s no such thing as an easy case, but perhaps one of the priority cases in this area. Do you have a sense for that?

Kati Reitsak: Yeah, I think that at first, as a national prosecutor, if I were a national judge, I would really like the ICC to show us the way by choosing whether a war crime or a crime against humanity. Because this would give us, kind of the ICC, the more broader possibility to say the essence of this new terminology that is being used, like cyber-enabled and how will it start to fit in ICC’s work. And I also want to say that I think that national courts can look up to ICC as a kind of beacon leading the way and being maybe encouraged by the ICC’s very systematic approach to cyber-enabled international crimes. If we are talking, of course preferably, I would not have any cases of war crimes or crimes against humanity, but in Estonia you would have to take into account the very, very strict in absentia rules. So I think this is also, and it depends of course on the state, on the rules, but for example in Estonia you cannot indict anyone unless you have pressed charges and the person has been present to see the charges and has had the possibility to personally get acquainted to the material of the criminal investigation. And then maybe later on, maybe in trial stage, if this person has been present to see the criminal investigation and has had the possibility to personally get acquainted to the material of the criminal investigation and has had the possibility to personally get acquainted to the material of the criminal investigation. If this person then leaves, then we can kind of carry on without him or her. But yeah, the rules in national courts are even sometimes a bit more stricter than in international courts, if we are talking about. So I would choose a case where I would have a suspect, like present. So this is definitely something that I would choose. Also, a war crime and a crime against humanity. Maybe a war crime episode could be more individual. You don’t have to have that many aspects. It doesn’t have to be very, very large-scale. For example, if we are talking about genocide, I think that the burden of proof there is much higher and much more difficult to obtain, for example, than if we are talking about war crimes or crimes against humanity. So definitely, I agree with Marko that it should be smaller, start with small steps, but still significant enough to lead the way.

Harriet Moynihan: Yeah, thanks, Kati, for thinking about some of the practical and procedural issues that come up in these cases. And you mentioned about having the suspect in the jurisdiction. Obviously, in the cyber context, often these operations are carried out remotely. Certainly, if we’re thinking about a cyber attack, and that can be one of the problems that the suspect is in a jurisdiction that refuses to extradite. So I can see why you’d like that as a starting point. Michael, I’ve been leaving you a long time. Thank you for being patient. But I had a question for you, which is for all the panel, but to you to start with, which is really to think about the ICC’s policy more broadly. What are the wider benefits? Do we think there are wider benefits? Do you think states will embrace this? We have heard from Kati that this policy could lead the way. And I certainly think it is groundbreaking and significant. Do you see it as having impact beyond just the ICC?

Michael Karimian: So, in brief, the answer is yes, Harriet. Firstly, I’ll just maybe turn to the other questions you’ve posed to the panel. In terms of prioritising cases, absolutely a long-term view is essential. In an ideal world, once the policy has been released, we would see dozens of cases in front of the court, but of course, perhaps that’s not so likely. Ultimately, it’s up to the prosecutor to decide which cases to prioritise, but one way to think about it would be cases that involve widespread harm to critical infrastructure, as Chantal mentioned, but also critical services such as healthcare, humanitarian organisations or essential utilities. Those are sectors we already see being highly targeted by threat actors anyway, and there are two reasons why I think it’s beneficial to focus on such cases. One is that these attacks pose substantial risks to human life and wellbeing, even if their immediate physical harm might not seem as direct as traditional kinetic violence. Also, prioritising such cases sends a clear international signal about the unacceptable nature that such cyber operations pose when they endanger civilian populations. Again, just briefly, Harriet, on the question of gravity, of course traditional definitions focus on physical violence and direct casualties, but of course cyber-enabled crimes can lead to severe, widespread and prolonged disruptions of essential services, as well as significant economic damage and psychological impacts, again, as has already been mentioned. And so I do think we should consider how such assessments can incorporate not just immediate physical harm, but also the scale, scope and duration of those indirect humanitarian consequences that cyber-enabled crimes can cause. That’s something which perhaps we need to expand upon further. In terms of that question you mentioned there, Harriet, of wider benefits of the ICC’s involvement, I am optimistic that states will embrace the ICC’s initiative on cyber-enabled crimes, because these threats affect everyone really, they transcend borders. There will undoubtedly be challenges and sensitivities around sovereignty and jurisdiction. But despite this, the ICC’s involvement can significantly enhance the legitimacy of international efforts to hold cybercriminals accountable, and quite importantly, to set legal standards and precedents elsewhere. Additionally, I think the ICC’s focus can simulate more robust national action. So Estonia leads the way in its application of the principle of universal jurisdiction. We’d love to see more countries taking such action. Perhaps we will see that. But of course, other benefits we might see include fostering better cross-border cooperation and encouraging public-private partnerships, all of which I think would ultimately contribute to greater global cybersecurity and resilience.

Harriet Moynihan: Thank you, Michael. Thank you for addressing all of those points. And I’m thinking through a bit how this policy could have wider benefits. I’d like to hear from you as well. We start with you, perhaps, Katitza, about the idea of the policy leading the way and having wider impact. So, yeah. Well, I agree with the prosecutor about a specific case that will lead the way, but I want to build upon the last speaker’s comments. I think it’s clear that every year that computer systems are used in various ways in committing, like, mass killings or all kinds of crimes under the Rome Statute. And I think there will be many, many more cases as technology advances and the prosecutors and the authorities start investigating those cases.

Katitza Rodriguez: But at some point, I think, when I was reviewing the draft policy, the OTP mentioned that military cyberattacks targeted against civilians, perhaps including civilian ICT systems, civilian data, and groups of civilians, could conceivably constitute war crimes. even without causing tangible physical injury. And we think that this perspective is useful because of just how important ICT systems are in people’s life, culture, family, life. It’s not just like a hobby, it’s part of how communities and society organize themselves and talk to themselves. And it’s also about organize themselves when there is like a bomb coming and we need to leave the area and maybe we need that mechanism of communication to be able to go to a safe place. And being cut off of that is just like problematic. So cyber attacks against communications infrastructure but also against data or things that will not allow people to get health information or information that is crucial to get timing could be really problematic. And that may lead eventually to personal injury but not directly and I think that’s equally important.

Harriet Moynihan: Thank you. Before we open it up, Kati, Chantal, I’d be interested in your thoughts on this sort of wider question. I mean the question about whether states would be interested in this policy, whether they will be leading the way. There have actually been some states, I should say, that have prosecuted war crimes which involve cyber means. So for example, fighters in Syria who have been filming pictures of dead bodies or maimed bodies and putting them online. They’ve been prosecuted in France and the Netherlands and I think Norway as well actually. So it would be interesting to hear your thoughts on this as a state prosecutor.

Kati Reitsak: Okay, thank you. As Katicia very well pointed out that our societies are changing and the values that we kind of tend to take granted like with all this information technology systems, they are totally different than for example, 10 or 20 years ago. But if you think of the judiciary system. in many countries, the people who are working in judiciary, for example, judges, this is a position for life. So, it means that we might have in the judiciary system very many people who are not, like, they don’t feel comfortable with dealing with this digital era that has dawned upon us, right? So, more and more we have to rely on technical expertise as well. So, I think that, and it’s probably the same in every country, that there always will be people who are willing and wanting to learn and to develop their knowledge. And I think that we should be, and we should help them and assist them. And of course, the private sector’s assistance, the trainings, the investigators have to be trained. So, from a very practical viewpoint, as you pointed out, yes, there are videos and it’s not that complicated to to see whether it’s authentic and what’s the metadata behind this video or a photograph. But still, as they are going more complex and complex, and as you pointed out, these foreign actors, they might be cross-border, we will never see them. And we will have to tell and explain to the court how exactly a very, very sophisticated digital attack has been committed. It definitely needs high-level expertise from outside of the investigative authorities. And just on that point, I would like to point out that, for example, in Estonia, we have a cyber crimes unit in our central criminal police, right? But international crime is being investigated by security service. totally different authorities, with totally different kind of, not background, but their data and their intelligence and their focus is on different things. Therefore, if we are talking about very successful investigations, we also have to see that siloing your data and information between investigative authorities is not an answer, you have to also cooperate and exchange the knowledge that one or the other unit actually has in order to have a successful investigation.

Harriet Moynihan: Thank you. So, joined up not just in a cooperation between states, but even within a state. Yes, very interesting. Thank you. And Chantal, over to you for any final thoughts on this. Yeah, I think from the perspective of civil society, I think we can, also for us,

Chantal Joris: we can use the policy as well in our advocacy. We have plenty of conversations about the role of taking on conflicts. For example, we had one two days ago at IGF itself. So, I think it just helps also to complete the picture from different angles. And also, Kati, you mentioned that it might also be leading the way in terms of the domestic authorities. The ICC has so many jurisdictional constraints plus this element of gravity that you mentioned that makes it a fact that they will not be able to prosecute that many cases. So, I think I find it also very interesting to think about strategic litigations in front of domestic courts under universal jurisdiction provisions. And then, we have the policy showing that it is not something totally far-fetched. And it contains a lot of interesting examples that can be used to think about how we can push the needle further in this aspect. Thank you so much. Well, we’ve got lots of food for thought there.

Harriet Moynihan: And thank you to the panel for coming. for setting us up for the Q&A. So now is the chance, if you’d like to raise a question. We have a microphone here. We already have one questioner. That’s perfect. So feel free to form a queue if you’d like to raise a question. And also, for those of you joining us online, please do type in your questions to Zoom and Chelsea, my online moderator, will help to get those to us. So if I could turn to the first questioner to say your question, please.

Audience: Yeah, Joeri Bokovoy from the Finnish Green Party. Chantal mentioned about crimes against humanity or human rights violations in suppression of information networks. One thing that comes to mind is in, and this is the question more, I guess, to Marko, in which, I guess, capacity does this apply to also partial suppression of network, which we have seen, especially recently in the Southeast Asian territories, where internet shutdowns have been used to push users more to telecommunications in traditional way, which are more easy to surveil and break their privacy in that way. And I have a second question about, Katitza was mentioning the removal of evidence by social media platforms. There are known cases of organized crime being perpetrated or conspired through gaming platforms as well, like the PlayStation Network or different other services, which a lot of them don’t even record or monitor the voice chats, because it’s much cheaper for them to either turn it off in the regions where they’re forced to or just leave it on and not deal with it at all, and basically wash their hands in the regions where they’re not. What can be actually done about that?

Harriet Moynihan: Thank you very much for both questions. So the first question was about… the suppression of networks and internet shutdowns, and thinking about how the proposed policy might be relevant to that. And Marko, perhaps if I turn to you on that one

Marko Milanović: initially. Well, thank you. I mean, it’s an excellent question. So I have to preface it, though, by doing this horrible lawyerly thing, which is to make some… Marko, we’ve lost the sound. I’m not sure if you’re muted. It’s okay, your end. It might be our end. Just give it a minute. Testing. You’re back. Yes. Perfect. Thank you. Good. So the key point I want to make is that most internet shutdowns are human rights violations, right? In particular, they violate freedom of expression. To date, of the examples of various internet shutdowns that many states have done, it is really difficult to find an example of an internet shutdown that could be justified in human rights terms. So most internet shutdowns violate human rights in a relatively straightforward way. However, it is difficult to say, though, that every internet shutdown is a crime for which individuals accrue responsibility at the international level. For example, a crime against humanity. A crime against humanity is defined, for instance, as an act which takes place in the context of a widespread or systematic attack against the civilian population. Crimes against humanity include, for example, things such as murder or extermination. They could include persecution, which is a discriminatory denial of fundamental rights. And one could think of an extreme type of an internet shutdown that could qualify as, for example, persecution. But the vast majority of internet shutdowns will not be criminal. and many others. So that is the sort of point I would make. Remember our policy is not about human rights online, it is about international crimes committed by cyber means. And so only a smaller subset of human rights violations in the digital context will actually accrue criminal responsibility directly under international law. There might again be some shutdowns that could be justified. You saw, for example, how a few days ago Iran shut down the internet on its territory in order to stop cyber attacks from Israel, right, in the context of an armed conflict. That is one of those rare situations where you could think of a justified shutdown, maybe, maybe. Yeah, again, so the fact that most internet shutdowns violate human rights does not however translate to an international crime is the point I would make.

Harriet Moynihan: Thanks Marko, very clearly explaining the distinction there. The other question was about the removal of evidence by social media and the question I mentioned in particular gaming platforms and the fact that they do not even monitor voice chats sometimes, so there is this problem with having evidence and retaining it. I do not know if any of you would like to either pick up on that question or the question about internet shutdowns. Of course, Katitza, you had mentioned this issue of internet shutdowns, so do you have any thoughts on that question?

Katitza Rodriguez: No, I was mentioning more whether it rises or not to a Roma statute crime, and that was more my question from the prosecutor because we are not like super experts on all the court cases that are under the Roma statute right now, so it was whether or not it could potentially rise. I did not understand the question on evidence, on platform, what was the question? I think it was about the fact that you had been talking about preservation of evidence and that sometimes social media platforms have been accused of deleting evidence. With gaming platforms, that might be a problem because sometimes they have even less sort of transparency around what they are doing and they may not even be retaining, recording the evidence at all. We don’t want retention. Retention is different than preservation. Preservation is linked to a specific crime. It’s for a specific period. It’s not mass surveillance. So I don’t know if he is specifically concerned about… What we say in EFF, if it did exist, it will be low access to that data. Some companies have certain policies about how long they retain certain data. Now, when we ask preservation, you know, is when there is like… They don’t have all the necessary information right now to probably… But they ask authorities to preserve it for a period of time for a specific investigation. The nuance in the Romance Statute is that these crimes take 20, 30 years. It’s not crimes that come very fast. They take years and years to change in governments and be able to persecute someone. And how we preserve the evidence and how that will work, how we do a change of cost and custody in a way that, for instance, civil society, who may be more up to date with where evidence and violations have happened, can learn from the traditional human rights in Europe, who have been doing Romance Statute for years, documenting abuses, and trying to do it in the digital age with a chain of custody and all the knowledge that we have about harsh metadata and trying to have these standards. So whenever is the time to bring the case to justice, the evidence can pass a test that the court settles for admissibility of evidence in the court. And that was my point. Not to try to establish laws that will… And I don’t know if that was his concern, that will record all chat or voice communications on all platforms, because that will be the…

Harriet Moynihan: Chantal Joris, Harriet Moynihan, Kati Reitsak, Chantal Joris, Katitza Rodriguez, Michael Karimian Chantal Joris, Harriet Moynihan, Kati Reitsak, Chantal Joris, Michael Karimian Chantal Joris, Harriet Moynihan, Kati Reitsak, Chantal Joris, Michael Karimian

Chantal Joris: Chantal Joris that also, or alignments, that will also favour one side of the conflict over the other. And that’s even on the moderation level and then, of course, even if moderation or removal might be justified then there’s a question around how do you preserve that sort of evidence, what sort of mechanisms you have in place with accountability mechanisms or certain vetted CSOs or international courts so that evidence doesn’t get lost. And again, we’re often talking about extreme… extremely restrictive information environments where journalists are threatened, killed, have to go into exile, where the only evidence that you have really comes from those users that simply witness what’s happening.

Harriet Moynihan: Thank you. And I suppose just one point that’s come out of our Chatham House research is that some of the bigger companies have quite sophisticated systems for at least holding evidence and for providing that evidence to law enforcement, whereas some of the smaller companies, and you mentioned the gaming platforms, but there may be other smaller companies who just not as set up for this. Their procedures aren’t perhaps ready and there may be a role for training and cooperation around those issues. We don’t, as far as I’m aware, we don’t have any questions online yet, so I’m going to throw it back to you, the in-person audience, and we have a question over to you.

Audience: Yeah, good afternoon everyone. I’m Aaron Clements-Hunt. I work for the Heartland Initiative. Thank you Harriet and all the panelists for a really thought-provoking discussion so far. My question is to Michael. There seems to be a pretty clear tension between Microsoft’s admirable work in partnership with the ICC and their now well-documented involvement or links to cyber-enabled crimes. I’m talking in particular about the fact that since the Hamas attack on Israel in October 2023, Microsoft has surged capacity and services to Israeli state entities, including the Ministry of Defense and the IDF. So my question, Michael, is, is Microsoft really in a position to lead private sector efforts to address international crimes enabled by cyber operations when the company itself can be credibly linked to those very crimes? Thank you. So Michael, I didn’t go to you before on the questions we had earlier, so

Harriet Moynihan: feel free to pick up on any of the ones we’ve had already, including the idea of companies cooperating on evidence. But that question was obviously about this question I suppose that came up earlier about the sort of potential for conflicts of interest. how tech companies approach those. As we’ve heard, tech companies are important in this space, their cooperation is vital. But at the same time, it’s important that conflicts of interest are managed. So if you could talk to that. Thank you, Harriet. Glad to do so.

Michael Karimian: Firstly, in terms of the question on internet shutdowns, I really appreciated Marko’s articulation of the way in which the policy will likely relate to internet shutdowns, just broadly, if anyone is interested on this topic. Access Now has done tremendous work in its coalition and campaign in shedding light on the impacts and widespread use of internet shutdowns. And that’s available online at their Keep It On webpage. Definitely encourage colleagues and interested stakeholders to take a look at that. In terms of the earlier question as well on online gaming platforms, historically, the issues we’ve seen there have more fit into the categories of child sex abuse material online, so CSAM, as well as terrorist and violent extremist content, TBEC. But that’s not to say that actually we won’t see connections to the crimes relevant to this policy, more crimes, crimes against humanity and genocide in online gaming platforms, if we take a very long term view as to how actors may engage in those platforms in the long term. As some stakeholders might know, UC Berkeley’s Human Rights Center just submitted evidence to the OTP in relation to a case in Mali, evidence in Mali, which really demonstrates the use of multimedia and outrages upon personal dignity. And actually, it’s possible to see how you would witness similar uses of multimedia in online gaming platforms, too. And so this question of retention in such platforms is really critical. And so, just as you touched upon, Harriet, how companies of different sizes This is a really important topic and I appreciate that it has been brought up. There has been a lot of information in the public domain about this, and Microsoft recently published a blog post in the past month or so, which is available online, and of course I would encourage anyone interested to please take a moment to read that. The blog post seeks to provide insights to the work that Microsoft has been doing to better understand the issues. So for example, we’ve hired an external third party to undertake an independent assessment to identify the extent to which the allegations that came out in the press in January and February were truthful, and as well the company has been undertaking its own investigations in this space by engaging with Microsoft’s subsidiary in Israel, and with that it was found that actually there is no direct connection between the provision of Microsoft services and the conflict in Gaza, and there is work now underway to improve how human rights due diligence is applied in these contexts built upon the company’s long-standing human rights policies and practices. To the kind of question, Aaron, which you pose as well about the conflict of interest and tensions here, and Harry, you picked up on this earlier, this also came up in the discussion so far, that this is a challenge whereby these large platform companies provide products and services to a wide range of customers around the world, and those customers in turn can use products and services in harmful ways. This is a challenge that has existed across how companies apply the UN guiding principles on business and human rights. an extent to which they can effectively conduct human rights due diligence and, where needed, have remedy and transparency in place. This is not unique to the issues that we’re discussing here in the context of the ICC’s, OTP’s upcoming policy but it does demonstrate I think not just the responsibility that companies have. Companies of course have a responsibility to respect domestic law, they also have a responsibility to respect international law including international criminal law. And when Microsoft’s human rights policy was last debated, which I believe was 2019, and the policy is available at microsoft.com slash human rights, intentionally the wrong statute was included in the list of human rights frameworks and individual conventions and frameworks which the company looks to when it seeks to uphold its corporate responsibility to respect human rights. And so that recognition is there and this policy I think will go a long way to assisting technology companies including Microsoft among others to be better at respecting international criminal law as well as identifying the role that they can play in helping all actors address cyber-enabled crimes. Thank you Michael and I recommend that blog post

Harriet Moynihan: as well. We are also going to have another opportunity to go to in-person questions if there are any questions. I think there was one over there so thank you. If you’d like to say where you come from before you say the question thank you. Of course, I also want to remind you that there are two more people who want to ask the questions. Thank you so much for an excellent panel.

Audience: My name is Vilda and as a criminologist I’ve spent a lot of time looking at traditional crime versus cybercrime and the differences between them and obviously there are a lot of similarities but in my opinion cybercrime has so many unique elements to it that it’s hard to sort of treat them the same way. So I would love to hear your thoughts on this. When setting up a system to deal with cybercrime, where do we, in which part can we use the tools that we already know and where do we have to start from scratch? Thank you. Thank you. And now Kati, I’m going to go to you on that but

Harriet Moynihan: you’re very welcome to touch on any of the things that we’ve heard in all the questions if you have thoughts. I mean it’s similar to the point in a way that we were talking about organized crime and cybercrime but if in your experience you’re seeing anything that’s, you know, some of the unique features that the questioner mentioned and how those can be addressed.

Kati Reitsak: Thank you for the question. Yes, it might seem and it definitely is that investigating cybercrime, there are so many nuances that one must know in order to get the evidence from the private partners, in order to seize the evidence quickly, as I said, as it is very, very prone to being deleted. So, this is the cooperation part which in some ways is the same but investigators have been training, have had extensive training also on how to, for example, seize digital devices in order not to compromise the material that is in the digital devices. Also, we should not forget digital currency because we have to, as organized crime and crime in itself, you know, there is financial interests moving in these circles also and in order for the crime not to pay, states also have an obligation to seize possible criminal assets, whether they are in a physical or crypto form also and this needs a specific knowledge and training. and our investigators in cybercrime units are trained to do that. But in the end, sometimes it all comes down to the good old ways of collecting evidence. For example, you have to have, as these are all covered crimes, you don’t necessarily have a victim if we’re talking just about cybercrimes. And who could point out the actor, you need intelligence. You need good old-fashioned intelligence, which is very difficult to get if these actors are not in your own country. And this, of course, then intelligence agencies and their partnerships are coming to role. If we are talking about organized crime, cyber-enabled international crime, I wanted to point out this aspect before. And also, when civil society was talking about communicating with victims and witnesses, actually, and collecting evidence themselves. In a matter of trust, it’s also important not the partners only to trust each other, but the victims and witnesses to trust the law enforcement in order to turn to us. Because in many countries, it’s not like that. In Estonia, we see that most people, we trust law enforcement and we don’t fear retaliation if we turn to the police, right? But it’s not like that in many countries. So, even if we have, for example, citizens of other countries who are on Estonian territory and could be valuable witnesses or victims of international crimes, it’s also difficult to gain that trust. Because they’re in a foreign country, they don’t know. They don’t know what’s going on, they don’t know the traditions or the background. So this is also something we have to address as law enforcement representatives. Also, if we are talking that digital evidence might disappear, so can human evidence disappear. Because judicial systems are very different of how we accept a person’s testimony. For example, if we go to trial in Estonia, just this written paper, maybe in pre-trial phase, this means nothing, it’s nothing, unless I have to bring the person into court, they have to be cross-examined, and then it will be like good evidence. Otherwise, I will not be able to use this kind of pre-trial piece of paper testimony, maybe only if the person is dead, or yeah, maybe, that’s about it. But this is our own national kind of specifics, every national system has its own. So we have to think about preserving human evidence as well. Maybe because you are absolutely right, after 10, 20 years, 30 years, these crimes against, I’m sorry, these international crimes, they don’t have any statute limitations.

Harriet Moynihan: Thank you, and interesting to hear some of the similarities as well as the differences and unique features. Now we haven’t got many minutes left, so we’re going to have the two questions together, and if you could be brief, and the responses will be brief, then we can stick to time. Over to you.

Audience: Yes, thank you. My name is Christian Faizili, I’m a public prosecutor from the Democratic Republic of Congo, and thank you for the insightful presentation and discussion. The situation in the DRC, as you know, recently, our courthouse has been destroyed when the M23 took over the town. So I would like to know how can prosecutors prove command responsibility via digital traces if our forensic labs in Goma and Bukavu are destroyed? Another one is how can Article 28 of the Rome Statutes apply for foreign officials enabling civil war crimes? If not, how do we close these impunity gaps? Thank you very much. Thank you. Hi, my name is Meredith. I’m with the Business and Human Rights Resource Center. Thank you for this fantastic panel. My question actually is for Marko about any updates to the draft policy. Chantal had pointed out that the language is very much in favor of corporate cooperation for getting what’s needed in order to effectively implement the new policy. But is there a shift now that we can expect in relation to accountability, given, as you mentioned, that making sure that individuals are accountable for these crimes is the key ethos behind the document as such, including tech executives who may be involved in execution of some of this, whether or not there is explicit instructions coming from a state? Thank you.

Harriet Moynihan: Thank you very much to both of you. Given time, we’re going to have very quick responses. Marko, I think one of those questions was directed to you, but if you wanted to pick up on any of them, then please do. I just have one minute.

Marko Milanović: Sure. On superior responsibility, I would simply direct you to looking at the draft policy. The draft policy directly addresses questions of liability for modes of liability other than direct commission, and it includes a discussion of superior responsibility. So we do think that an individual can be responsible by those means by article 28 of the statute, including for cyber-enabled crimes. I will not talk about specific situations though. On the question of corporate actors and accountability, we have had very productive engagement with civil society organizations in particular, those focused on business and human rights, and we took their comments on board, and you will see the exact formulations the policy will use when the final text comes out, but I can assure you that the policy does include language that acknowledges the potential criminal responsibility of corporate executives. Thank you, Marko, and thank you for being brief. I’m sure that we all have further comments, but I’m very conscious of time, so I would just like to take this moment to do a bit

Harriet Moynihan: of summing up before we close. I think we’ve heard that existing international criminal law is very much fit for purpose and able to deal with cyber-enabled international crimes, and we look forward to the proposed policy coming out, but we’ve also heard a lot about the challenges, a lot of which relate to the cross-border nature of these crimes and the digital evidence and managing that. We’ve been reminded about the importance of international human rights law and also conflicts of interest in managing those. Above all, cooperation networks are vital, and we’ve heard about the importance of partnerships and given many examples of those, and I’m sure there will be more to come as they’ll need to be strengthened in order to tackle these kind of crimes. So we look forward to not only the policy itself, but the influence it will surely have on different national jurisdictions as they think about how to prosecute cyber-enabled crimes. It remains for me to thank you in the room for actively participating and for your questions, to thank those of you who joined us online, and to thank this wonderful panel. If you could join me in thanking them. And finally, thank you to Microsoft and the International Criminal Court for co-hosting this event, and I’ll end it there. Thank you. Thank you.

Marko Milanović

Speech speed

144 words per minute

Speech length

1569 words

Speech time

653 seconds

The ICC Office of the Prosecutor is developing a policy to address international crimes committed through cyber means, focusing on genocide, war crimes, crimes against humanity, and aggression rather than ordinary cybercrime

Explanation

The policy explains how the Rome Statute can be applied to international crimes committed or facilitated by cyber means, distinguishing these from ordinary cybercrimes like hacking or fraud. The focus is specifically on the core international crimes under ICC jurisdiction.

Evidence

Agreed with

– Kati Reitsak

Agreed on

Starting with smaller, less complex cases for ICC prosecution

Disagreed with

– Michael Karimian

Disagreed on

Case prioritization strategy – complexity vs. scope

Katitza Rodriguez

Speech speed

140 words per minute

Speech length

1840 words

Speech time

784 seconds

Civil society supports the policy’s focus on existing Rome Statute crimes rather than creating new crime categories, which helps avoid overly broad cybercrime laws that undermine human rights

Explanation

The Electronic Frontier Foundation appreciates that the policy explains how technology can be used to commit existing crimes rather than creating entirely new categories of crimes. This approach helps guard against the pitfalls of overly broad cybercrime laws that have been used domestically to undermine human rights.

Evidence

EFF submitted comments on the OTP policy consultation together with Derecho Digitales with specific recommendations

Major discussion point

ICC Policy on Cyber-Enabled International Crimes

Topics

Human rights | Legal and regulatory | Cybersecurity

Agreed with

– Marko Milanović

Agreed on

Support for ICC policy focusing on existing Rome Statute crimes

Evidence must remain admissible in court for decades, but algorithms and platform policies can delete crucial proof forever

Explanation

Digital evidence in international criminal cases must last for 10-30 years to remain courtroom ready, but automated systems can permanently delete this evidence. A single mobile phone clip can expose a massacre, but an algorithm can delete that proof forever.

Evidence

Reference to Guatemala National Police Archive with 18 million pages of paper records used in prosecutions, and Patrick Ball’s work on regime files being central for trials of former heads of state

Major discussion point

Evidence Collection and Preservation Challenges

Topics

Legal and regulatory | Human rights | Cybersecurity

Agreed with

– Michael Karimian
– Kati Reitsak

Agreed on

Evidence preservation challenges in cyber-enabled crimes

Human rights | Legal and regulatory | Cybersecurity

Cross-border malware campaigns targeting ethnic groups and diaspora communities for transnational repression should be investigated to determine if they rise to Rome Statute crime levels

Explanation

There is much unknown about the scope, scale and purpose of cross-border malware campaigns targeted against ethnic groups and diaspora communities used for transnational repression. These campaigns should be investigated to understand whether they may rise to the level of Rome Statute crimes.

Evidence

These campaigns may be facets of larger persecution campaigns with both online and offline elements, where malware could be used to identify targets for physical attacks or persecution

Major discussion point

Case Prioritization and Prosecution Strategy

Topics

Human rights | Cybersecurity | Legal and regulatory

Michael Karimian

Speech speed

142 words per minute

Speech length

1809 words

Speech time

761 seconds

Digital evidence in cyber-enabled crimes is ephemeral and easily lost, requiring rapid identification and preservation using sophisticated technical capabilities

Explanation

Cyber-enabled crimes leave behind digital traces that are easily lost, deleted or altered, requiring swift action. Technology companies have developed sophisticated capabilities for rapid detection, attribution and preservation of digital evidence that can secure time-sensitive evidence before traditional law enforcement can respond.

Evidence

Microsoft’s Digital Crimes Unit uses advanced threat intelligence, machine learning and sophisticated analytics to identify and preserve relevant evidence from cyber operations

Major discussion point

Evidence Collection and Preservation Challenges

Topics

Cybersecurity | Legal and regulatory

Agreed with

– Katitza Rodriguez
– Kati Reitsak

Agreed on

Evidence preservation challenges in cyber-enabled crimes

Disagreed with

– Katitza Rodriguez

Disagreed on

Evidence preservation approach – targeted vs. mass retention concerns

The private sector plays crucial roles in rapid evidence preservation, attribution, cross-border cooperation, and ensuring procedural integrity in cyber-enabled crime investigations

Explanation

Private sector entities bring unique technical capabilities across multiple areas of cyber-enabled crime investigation. They provide essential services from the beginning of investigations through to evidence submission in trials, requiring active rather than passive cooperation.

Evidence

Microsoft’s global telemetry and network visibility enables granular tracking of cyber-threat actors including state-sponsored groups, and partnerships like collaboration with Europol where investigators are embedded within the European Cybercrime Center

Major discussion point

Public-Private Partnerships and Cooperation

Topics

Cybersecurity | Legal and regulatory

Estonia leads the way in applying universal jurisdiction principles, and the ICC’s focus could encourage more countries to take similar action

Major discussion point

Broader Impact and International Cooperation

Topics

Legal and regulatory | Cybersecurity

Kati Reitsak

Speech speed

118 words per minute

Speech length

National courts can look to the ICC as a beacon leading the way and be encouraged by its systematic approach to cyber-enabled international crimes

Explanation

The ICC’s systematic approach to cyber-enabled international crimes can serve as guidance for national prosecutors and courts. This leadership role can encourage national jurisdictions to develop their own capabilities and approaches to these complex cases.

Major discussion point

Broader Impact and International Cooperation

Topics

Legal and regulatory | Cybersecurity

Chantal Joris

Speech speed

141 words per minute

Speech length

Broader Impact and International Cooperation

Topics

Human rights | Legal and regulatory

Harriet Moynihan

Speech speed

171 words per minute

Speech length

2966 words

Speech time

1035 seconds

The policy represents a groundbreaking initiative that can lead the way for national jurisdictions and set important legal precedents

Explanation

The ICC’s policy on cyber-enabled crimes is described as groundbreaking and significant, representing an important milestone in investigating and prosecuting international crimes committed through cyber means. It is expected to have influence beyond just the ICC itself.

Evidence

The policy is being jointly hosted by the ICC and Microsoft, and Chatham House is conducting complementary research to be published in January

Major discussion point

ICC Policy on Cyber-Enabled International Crimes

Topics

Legal and regulatory | Cybersecurity

Audience

Speech speed

141 words per minute

Speech length

689 words

Speech time

292 seconds

The distinction between traditional and cyber crimes requires understanding which existing tools can be used versus where new approaches must be developed from scratch

Explanation

A criminologist’s perspective highlighting that while there are similarities between traditional crime and cybercrime, cybercrime has many unique elements that make it difficult to treat them the same way. The question focuses on identifying where existing tools can be applied versus where completely new approaches are needed.

Major discussion point

Attribution and Technical Challenges

Topics

Cybersecurity | Legal and regulatory

Agreements

Agreement points

Starting with smaller, less complex cases for ICC prosecution

Speakers

– Marko Milanović
– Kati Reitsak

The ICC Office of the Prosecutor is developing a policy to address international crimes committed through cyber means, focusing on genocide, war crimes, crimes against humanity, and aggression rather than ordinary cybercrime

Civil society supports the policy’s focus on existing Rome Statute crimes rather than creating new crime categories, which helps avoid overly broad cybercrime laws that undermine human rights

Summary

Both speakers support the approach of applying existing international criminal law to cyber-enabled crimes rather than creating entirely new categories of offenses

Topics

Legal and regulatory | Human rights | Cybersecurity

Legal and regulatory | Cybersecurity

Unexpected consensus

Private sector as indispensable partner despite potential conflicts of interest

Speakers

– Michael Karimian
– Chantal Joris
– Katitza Rodriguez

Arguments

Strong public-private collaboration is indispensable rather than merely advantageous for effectively prosecuting cyber-enabled international crimes

Tech companies often provide services to conflict parties while simultaneously holding evidence needed for prosecutions, creating complex conflicts of interest that must be managed

Companies face improper incentives to mass delete information to avoid liability, potentially destroying evidence before courts can examine it

Explanation

Despite representing different perspectives (private sector vs civil society), there is unexpected consensus that private sector involvement is essential while simultaneously acknowledging the serious conflicts of interest and challenges this creates

Topics

Cybersecurity | Legal and regulatory | Human rights

Need for technical expertise from outside traditional law enforcement

Speakers

– Kati Reitsak
– Michael Karimian

Arguments

Successful investigations require judicial frameworks with international partners and extensive technical expertise from outside investigative authorities

Attribution is one of the most complex challenges in prosecuting cyber-enabled crimes, requiring ability to track activity across different digital infrastructures and jurisdictions

Explanation

A state prosecutor and private sector representative unexpectedly agree that traditional law enforcement lacks sufficient technical capabilities and must rely on external expertise, representing acknowledgment of institutional limitations

Topics

Legal and regulatory | Cybersecurity

Overall assessment

Summary

There is strong consensus among speakers on the fundamental challenges of cyber-enabled crime prosecution, the need for multi-stakeholder cooperation, evidence preservation difficulties, and the value of the ICC policy as a guiding framework. Agreement spans across different sectors (prosecutors, civil society, private sector, academia) on core operational and legal principles.

Consensus level

High level of consensus with significant implications for successful implementation of cyber-enabled crime prosecution. The broad agreement across diverse stakeholders suggests strong foundation for developing effective international cooperation mechanisms and legal frameworks, though practical implementation challenges around conflicts of interest and technical capabilities remain to be addressed.

Differences

Different viewpoints

Case prioritization strategy – complexity vs. scope

Speakers

– Marko Milanović
– Michael Karimian

Arguments

Starting with smaller, less complex cases like Article 70 offenses against the administration of justice would be preferable to establish capabilities before tackling sophisticated state actors

Cases involving widespread harm to critical infrastructure and essential services should be prioritized as they pose substantial risks to human life and send clear international signals

Summary

Marko advocates for starting small with less complex cases like administration of justice offenses to build capabilities, while Michael argues for prioritizing cases with widespread harm to critical infrastructure that send stronger international signals, representing different strategic approaches to establishing precedent.

Topics

Legal and regulatory | Cybersecurity

Evidence preservation approach – targeted vs. mass retention concerns

Speakers

– Katitza Rodriguez
– Michael Karimian

Arguments

Companies face improper incentives to mass delete information to avoid liability, potentially destroying evidence before courts can examine it

Digital evidence in cyber-enabled crimes is ephemeral and easily lost, requiring rapid identification and preservation using sophisticated technical capabilities

Summary

Katitza focuses on the problem of over-deletion by companies trying to avoid liability, advocating for targeted preservation orders, while Michael emphasizes the need for rapid technical preservation capabilities, representing different perspectives on balancing evidence preservation with privacy concerns.

Topics

Human rights | Legal and regulatory | Cybersecurity

Unexpected differences

Scope of gravity assessment for international crimes

Speakers

– Michael Karimian
– Chantal Joris

Arguments

Cases involving widespread harm to critical infrastructure and essential services should be prioritized as they pose substantial risks to human life and send clear international signals

Explanation

While both speakers acknowledge that cyber operations can cause significant harm beyond direct physical violence, they disagree on how broadly to interpret gravity. Michael advocates for including infrastructure attacks with indirect humanitarian consequences in prioritization, while Chantal is more cautious about expanding the scope, emphasizing that most digital rights violations don’t rise to international crime levels despite their serious impact.

Topics

Human rights | Legal and regulatory | Cybersecurity | Infrastructure

Overall assessment

Summary

The discussion reveals relatively low levels of fundamental disagreement, with most tensions arising around strategic approaches rather than core principles. Main areas of disagreement include case prioritization strategies (starting small vs. high-impact cases), evidence preservation approaches (targeted vs. comprehensive), and the scope of gravity assessment for international crimes.

Disagreement level

Low to moderate disagreement level. The speakers largely agree on the importance of the ICC policy, the need for multi-stakeholder cooperation, and the application of existing international criminal law to cyber-enabled crimes. Disagreements are primarily tactical and strategic rather than fundamental, which suggests good prospects for developing consensus approaches while allowing for different implementation strategies based on specific circumstances and institutional capabilities.

Partial agreements

Similar viewpoints

Both civil society representatives emphasize the critical importance of maintaining human rights standards in cyber-enabled crime investigations and prosecutions

Speakers

– Katitza Rodriguez
– Chantal Joris

Arguments

All investigations must respect international human rights law frameworks including necessity, legality, proportionality, and transparency with proper oversight mechanisms

Topics

Human rights | Legal and regulatory | Cybersecurity

Both speakers acknowledge the dual role of technology companies as both essential partners in investigations and potential contributors to the crimes being investigated

Speakers

– Michael Karimian
– Chantal Joris

Arguments

The private sector plays crucial roles in rapid evidence preservation, attribution, cross-border cooperation, and ensuring procedural integrity in cyber-enabled crime investigations

Tech companies often provide services to conflict parties while simultaneously holding evidence needed for prosecutions, creating complex conflicts of interest that must be managed

Topics

Cybersecurity | Legal and regulatory | Human rights

Both speakers see the ICC policy as having significant influence beyond the ICC itself, serving as guidance for national jurisdictions

Speakers

– Kati Reitsak
– Harriet Moynihan

Arguments

National courts can look to the ICC as a beacon leading the way and be encouraged by its systematic approach to cyber-enabled international crimes

The policy represents a groundbreaking initiative that can lead the way for national jurisdictions and set important legal precedents

Topics

Legal and regulatory | Cybersecurity

Takeaways

Key takeaways

The ICC’s proposed policy on cyber-enabled international crimes represents a groundbreaking initiative that applies existing Rome Statute crimes (genocide, war crimes, crimes against humanity, aggression) to cyber means rather than creating new crime categories

Digital evidence preservation is critical but challenging due to its ephemeral nature – evidence must remain admissible for decades while platforms may delete it through automated systems or compliance policies

Public-private partnerships are indispensable for successful prosecutions, with tech companies providing crucial capabilities in evidence preservation, attribution, and cross-border cooperation

International human rights law must be respected throughout investigations, with concerns about avoiding evidence gathered through abusive surveillance powers

Starting with smaller, less complex cases (like Article 70 administration of justice offenses) would be preferable to establish precedents before tackling sophisticated state actors

Cross-border cooperation and trust between partners are essential, requiring both formal frameworks and personal connections for swift action

The policy will likely have broader impact beyond the ICC, leading the way for national jurisdictions and setting important legal precedents

Resolutions and action items

The ICC Office of the Prosecutor will revise the draft policy based on public consultation comments and formally promulgate it at the Assembly of States Parties later this year

Chatham House will publish a research paper on cyber-enabled international crimes in January to complement the ICC’s work

Microsoft mentioned ongoing work including hiring external third parties for independent assessments and improving human rights due diligence processes

The policy will include language acknowledging potential criminal responsibility of corporate executives based on civil society feedback

Unresolved issues

How to effectively manage conflicts of interest when tech companies both provide services to conflict parties and hold evidence needed for prosecutions

Whether and how internet shutdowns and mass surveillance campaigns could rise to the level of Rome Statute crimes versus human rights violations

How to assess gravity in cyber-enabled crimes context – whether traditional focus on death and physical harm needs to be expanded to include indirect humanitarian consequences

How prosecutors can prove command responsibility via digital traces when forensic labs are destroyed in conflict zones

How to address evidence preservation challenges with smaller gaming platforms and companies that lack sophisticated retention systems

How to build trust with victims and witnesses from different countries who may fear law enforcement

How to preserve human evidence over the decades-long timeframes typical for international crimes prosecutions

Suggested compromises

Platforms should honor public interest exceptions for content with educational, documentation, or newsworthy value even if graphic, rather than implementing blanket takedown orders

Evidence preservation orders should be used for specific investigations rather than mass surveillance or blanket data retention requirements

The ICC should focus on cooperation with vetted civil society organizations and accountability mechanisms for evidence preservation rather than requiring broad platform monitoring

This comment brought crucial practical reality to the discussion by highlighting how national procedural requirements can be even more restrictive than international ones. It shows how cyber-enabled crimes, often committed remotely, create particular challenges for domestic prosecution.

Impact

This observation grounded the theoretical discussion in practical prosecutorial challenges, leading to consideration of jurisdictional issues and the importance of having suspects physically present. It influenced the conversation about which cases to prioritize and highlighted the complexity of cross-border cyber crimes.

Overall assessment

Explanation

Automated content removal systems may delete crucial evidence of international crimes, requiring mechanisms to preserve such content for potential prosecutions while respecting community standards.

Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.

Nri Collaborative Session Navigating Global Cyber Threats Via Local Practices

Session at a glance

Summary

This discussion focused on navigating global cyber threats through multi-stakeholder cooperation, examining how national, regional, and international collaboration can build stronger cybersecurity frameworks while balancing innovation, security, and human rights protection. The panel featured representatives from Internet Governance Forums across Ecuador, Netherlands, Panama, Serbia, and South Africa, moderated by Jennifer Chung from DotAsia.

Carlos Vera from Ecuador IGF emphasized four key principles for addressing AI and IoT cybersecurity concerns: security by design, local empowerment through capacity building, participatory governance involving all stakeholders, and global frameworks adapted to local realities. He stressed that ethics must apply not only to end users but also to governments and companies handling sensitive information. Dejan Djukic from Serbia’s registry operator highlighted the challenge of regulation keeping pace with rapidly evolving technology, noting that community involvement is essential since regulatory responses are often too slow. He illustrated the complexity of DNS abuse mitigation through a recent case involving illegal weapons sales, demonstrating how multi-stakeholder cooperation between registries, registrars, and law enforcement is crucial for effective action.

Lia Hernandez from Panama emphasized that cybersecurity must become a permanent state policy rather than shifting with political administrations, and that legal frameworks need updating to address new cybercrime trends. Dennis Broeders focused on the critical challenge of information sharing for cybersecurity resilience, explaining how various stakeholders—intelligence agencies, companies, and threat intelligence firms—have institutional disincentives to share valuable security information despite its collective benefits. Latty Thlaka from South Africa described their comprehensive national approach including the Cybersecurity Hub and multi-stakeholder structures, while acknowledging tensions between cybersecurity laws and privacy protections. The discussion concluded with consensus that cybersecurity requires inclusive governance, harmonized international frameworks, continuous capacity building, and recognition that defending networks ultimately means defending people, democracy, and human dignity in the digital world.

Keypoints

## Major Discussion Points:

– **Balancing Innovation with Security in Emerging Technologies**: The panel discussed how AI and IoT are transforming communities while creating new cybersecurity risks, particularly for local communities with limited digital literacy. Key concerns include data privacy violations, vulnerable infrastructure in smaller organizations, and the need for “security by design” approaches.

– **Information Sharing Challenges and Incentives**: A significant focus on the barriers to cybersecurity information sharing between organizations, including intelligence agencies, companies, and threat intelligence firms. The discussion highlighted how different stakeholders have conflicting incentives – companies fear reputational damage and liability, while intelligence agencies prioritize secrecy over transparency.

– **Multi-stakeholder Cooperation and Governance**: Emphasis on the need for inclusive, multi-stakeholder approaches to cybersecurity that involve government, private sector, civil society, academia, and local communities. Several speakers stressed that underrepresented groups, including youth and marginalized communities, must have seats at the decision-making table.

– **Regional Variations in Legal Frameworks**: Discussion of how different regions are adapting international cybercrime conventions (Budapest Convention and UN Cybercrime Convention) to local contexts, with speakers noting that “one size fits all” approaches don’t work and that legal frameworks must consider local political, geographical, and economic realities.

– **Capacity Building and Local Empowerment**: Strong emphasis on the need for comprehensive education and capacity building programs that go beyond technical training to include citizens, local leaders, and law enforcement. Speakers highlighted the importance of utilizing local talent from universities and ensuring cybersecurity becomes a sustained state policy priority rather than changing with political administrations.

## Overall Purpose:

The discussion aimed to explore how national, regional, and multi-stakeholder cooperation can build stronger global cybersecurity resilience while balancing innovation, security, and human rights protection. The session focused on examining the tension between cybersecurity legislation and privacy/data protection, sharing best practices from different regions, and identifying actionable approaches for addressing evolving cyber threats through inclusive governance models.

## Overall Tone:

The discussion maintained a collaborative and constructive tone throughout, with speakers building upon each other’s points rather than disagreeing. The atmosphere was professional yet accessible, with moderator Jennifer Chung effectively facilitating engagement between panelists and audience members. The tone became increasingly solution-oriented as the session progressed, moving from problem identification in the early presentations to concrete recommendations and calls for action in the latter portions. There was a consistent emphasis on pragmatism over idealism, with speakers acknowledging the complexities and trade-offs involved in cybersecurity governance while maintaining an optimistic outlook about the potential for multi-stakeholder cooperation to address these challenges.

Speakers

**Speakers from the provided list:**

– **Jennifer Chung** – Moderator, affiliated with DotAsia

– **Carlos Vera** – Executive Director of ISOC Ecuador, affiliated with IGF Ecuador

– **Dennis Broeders** – Professor of Global Security and Technology, Senior Fellow at the Hague Program on International Cyber Security, Institute of Security and Global Affairs at Leiden University, Project Coordinator of EU Cyber Direct, affiliated with Netherlands IGF

– **Lia Hernandez** – Founder of Appendatech, affiliated with Panama IGF, Panamanian lawyer working in Central American region and Spanish-speaking Caribbean

– **Dejan Djukic** – CEO of RNIDS, affiliated with Serbia IGF

– **Latty Thlaka** – Chairperson of the South Africa IGF multistakeholder committee, affiliated with South Africa IGF

– **Bangladesh IGF representative** – Mohammad Abdullah Gono, Secretary-General of Bangladesh Internet Governance Forum

– **Godsway Kubi** – Lead facilitator for online cybersecurity, representing Ghana IGF, online moderator

– **Mary Uduma** – Representative from Nigeria Internal Registration Association, .NG managers

– **Audience** – Dr. Nazar (specific role/title not clearly mentioned)

**Additional speakers:**

– **Emmanuel** – Remote participant who asked questions online (specific role/expertise not mentioned)

Full session report

# Navigating Global Cyber Threats Through Multi-Stakeholder Cooperation: Discussion Report

## Introduction

This discussion examined building global cybersecurity resilience through multi-stakeholder cooperation, bringing together representatives from Internet Governance Forums across multiple countries. Moderated by Jennifer Chung from DotAsia, the session featured Carlos Vera (Executive Director of ISOC Ecuador), Dennis Broeders (Professor at Leiden University), Lia Hernandez (Founder of Appendatech, Panama), Dejan Djukic (CEO of RNIDS, Serbia), Latty Thlaka (Chairperson of South Africa IGF), with audience participation from Mohammad Abdullah Gono (Secretary-General of Bangladesh IGF), Godsway Kubi (Ghana IGF), and Mary Uduma (Nigeria Internal Registration Association). Godsway Kubi also served as online moderator, facilitating questions from the online platform.

Jennifer Chung opened by highlighting the scale of the challenge: “Global cyber crime is projected to cost 10.5 trillion annually by this year,” emphasizing the need for collaborative approaches to address cybersecurity threats while balancing innovation, security, and human rights protection.

## Key Speaker Perspectives

### Emerging Technology Challenges: AI and IoT Security

Carlos Vera from Ecuador IGF addressed cybersecurity concerns in AI and IoT technologies, outlining four fundamental principles. First, security by design, ensuring cybersecurity is embedded from initial development stages. Second, local empowerment through capacity building, investing in training citizens and local leaders. Third, participatory governance involving all stakeholders. Fourth, global frameworks adapted to local realities.

Vera highlighted specific concerns including data privacy violations in communities with limited digital literacy, vulnerable infrastructure in smaller organizations lacking cybersecurity resources, and trust issues affecting rural communities and minorities.

Significantly, Vera reframed the ethics discussion: “We are talking about ethics, but it’s not only what you as a user can and cannot do. It has to be also with what governments and what companies can and cannot do. They have all the information, they have all the knowledge. They only do not release the final user. So we have to work on ethics also beyond the final users.”

### Information Sharing Challenges

Dennis Broeders identified information sharing as a critical barrier to effective cybersecurity cooperation. He explained how various stakeholders have institutional disincentives to share valuable security information despite collective benefits.

“Sharing would be fantastic. I love sharing, it’s very nice. But institutionally, many of these organisations are biased against sharing. They have no interest in sharing or they have interest in sharing certain things, but not other things,” Broeders observed.

He noted that intelligence agencies prioritize secrecy, companies fear reputational damage from disclosing incidents, and threat intelligence firms view information as intellectual property. However, he highlighted successful models, particularly C-certs and the cert community, which are effective at information sharing due to their health and safety approach rather than security-focused mindset.

Broeders also distinguished between public and private approaches to infrastructure management: “We have larger and larger companies doing things that traditionally were public utilities, but we have put them in the hands of private corporations who do not have a public ethos. They have a private ethos, they’re there to make money.”

### Regulatory Implementation and Multi-Stakeholder Cooperation

Dejan Djukic from Serbia highlighted challenges of regulation keeping pace with rapidly evolving technology. He emphasized that while regulation is necessary, it is often too slow to follow technology evolution, requiring community involvement to fill gaps.

Djukic provided a concrete example involving illegal weapons sales websites, describing a multi-week process involving registrars, police, and prosecutors that demonstrated how multi-stakeholder cooperation between registries, registrars, and law enforcement is crucial for effective action.

He noted that stricter regulations like the NIS2 directive create compliance costs, raising questions about whether expanding reporting obligations will actually create more resilience as intended.

### Global South Perspectives on Policy Continuity

Lia Hernandez from Panama emphasized that cybersecurity must become permanent state policy rather than shifting with political administrations: “It’s necessary that the states establish the issues of cybersecurity or cybercrime like as a state policy. Most of the countries in Central America and the Caribbean, they change of government every four or five years. And for that reason, they also change the priorities.”

Hernandez argued that legal frameworks need updating to address new cybercrime trends and expressed skepticism about existing international conventions, suggesting countries should take the best elements from both the Budapest Convention and UN Cybercrime Convention rather than wholesale adoption.

### Human Rights and Multi-Stakeholder Governance

Latty Thlaka from South Africa described their national approach, including the Cybersecurity Hub and multi-stakeholder structures, while acknowledging tensions between cybersecurity laws and privacy protections. She mentioned specific frameworks including the SADC strategy and AU Malabo Convention.

Thlaka emphasized that “Cybersecurity resilience is not just about defending networks, it’s about defending people, democracy, and dignity in a digital world,” framing cybersecurity as fundamentally a human rights, development, and governance issue.

She described South Africa’s comprehensive legal framework but acknowledged implementation challenges and potential overreach, noting growing tension between cybersecurity laws and constitutional duties to uphold privacy and data protection.

## Audience Participation and Additional Perspectives

Mohammad Abdullah Gono from Bangladesh IGF reinforced the importance of community-based awareness and multi-stakeholder engagement, arguing these approaches are more effective than top-down strategies.

Mary Uduma from Nigeria’s .NG registry emphasized that capacity building with law enforcement is crucial for effective cybercrime response, noting that many law enforcement agencies lack technical understanding necessary to effectively investigate and prosecute cybercrimes.

Online questions facilitated by Godsway Kubi included inquiries from Emmanuel about international frameworks for Global South law enforcement agencies, highlighting the global nature of these challenges.

Dr. Nazar from the audience highlighted that local universities create skilled young people whose talents are underutilized by companies and governments, raising questions about better integrating available local cybersecurity expertise.

## Key Themes and Observations

The discussion revealed several recurring themes. Multi-stakeholder cooperation emerged as essential, with all speakers emphasizing that cybersecurity challenges require collaborative approaches involving government, civil society, private sector, technical community, and citizens.

Information sharing was recognized as crucial but facing significant practical barriers, with institutional disincentives preventing effective implementation despite acknowledged benefits.

Capacity building across all stakeholder groups was consistently emphasized, extending beyond technical training to include broader digital literacy and understanding.

The effectiveness of internet governance organizations, particularly C-certs, was noted as a successful model for information sharing due to their health and safety approach rather than security-focused mindset.

## Different Approaches to Implementation

While speakers agreed on fundamental principles, they offered different perspectives on implementation strategies. Dennis Broeders emphasized the need for regulation when private companies prioritize profit over public interest, arguing that voluntary cooperation has limitations.

Carlos Vera, however, emphasized citizen empowerment and democratic accountability: “We, the citizens, have not to forget that we are the boss, really. If the government doesn’t have the capacity to share the responsibility, the accountability, and the decision-making process, we can change the government. And if the company doesn’t work observing the right condition of the consumers, we can change the company.”

## Conclusion

The discussion demonstrated cybersecurity as a complex challenge requiring coordinated responses across multiple domains. Speakers consistently moved beyond technical solutions to address questions of accountability, democratic governance, and human rights in the digital age.

The session highlighted both the potential for multi-stakeholder cooperation and the practical challenges of implementation, from institutional barriers to information sharing to the need for policy continuity across changing governments. The conversation emphasized that cybersecurity is not merely a technical issue but a governance challenge requiring inclusive approaches that protect both networks and fundamental human rights.

Carlos Vera’s closing emphasis on citizen agency provided a framework for understanding cybersecurity governance as fundamentally about democratic participation and accountability, where citizens have both responsibility and power to influence the future of cybersecurity governance.

Session transcript

Jennifer Chung: My name is Jennifer Chung, I’m with DotAsia, and I’ll be your moderator for today. Just a quick housekeeping note for the people sitting in the U-shape. These mics are pushed to talk, so they’re not the ones that are on the entire time. Just a quick reminder. So, navigating global cyber threats. In an increasingly interconnected world, cyber security challenges are growing in scale and complexity. Global cyber crime is projected to cost 10.5 trillion annually by this year, posing serious risks to institutions, economies, and fundamental rights. So this session is going to look at the good practices and the actual impacts, how national, regional, multi-stakeholder cooperation can build stronger and more resilient cyber security frameworks while balancing innovation, security, and the protection of human rights. We’ll have a key focus on the tension between the cyber security legislation on the one hand, and existing privacy and data protection matters on the other. In some cases, stricter regulations on service providers, such as DNS operators, may also inadvertently undermine effective, rights-respecting security mechanisms that are already in place. We’re going to hear from all the different speakers from NRIs around the world here up on the stage. But, of course, this is a dialogue, and we invite everybody that can see down there. If you’d also like to move up to the U-shape, we really do welcome you. If you’re not comfortable, I think there’s also mics on either side as well. We’d love to hear your thoughts on this. We have an expert panel to set the stage for everyone. I’m going to do a very quick introduction, and then I’m going to go into the policy questions that I will ask them. To my right, we have Mr. Carlos Vera. He’s the Executive Director of ISOC Ecuador. Next to him, we have Mr. Dennis Broeders, the Professor of Global Security and Technology, a Senior Fellow at the Hague Program on the International Cyber Security, and Institute of Security and Global Affairs, Leiden University. He’s also the Project Coordinator of EU Cyber Direct. He’s also affiliated with the Netherlands IGF. Next to Dennis, we have Ms. Lia Hernandez. She is the founder of Appendatech, and she’s also affiliated with Panama IGF. To my left, we have Mr. Dejan Djukic. He’s the CEO of RNIDS and also affiliated with Serbia IGF. And finally, but not least, we have next to Dejan, Ms. Latty Thalaka. She is the chairperson of the ZIA IGF multistakeholder committee and is affiliated with South Africa IGF. So with this illustrious panel, actually, and good NRI colleagues, I’d like to turn first to Carlos to speak really from your point of view, IGF Ecuador as well. In a world where AI and IoT are increasingly shaping our lives, what are the key cybersecurity concerns faced by local communities? And how can we strike a balance between fostering innovation and ensuring security in these emerging technologies?

Carlos Vera: Thank you. Good morning, everyone. And thank you for the opportunity to speak here at the IGF 2025 in Norway. I’m Carlos Vera from Internet Society Ecuador and from IGF Ecuador in Lattyn America. Please allow me to read you to necessary time constraints. As we agree today, AI and IoT are no longer distant concepts. They are in our homes, schools, hospitals, and increasingly in our local governments and public service. This technology offers great potential, but they also bring real cybersecurity risks, especially for local communities. Let me highlight three of the most pressuring concerns. First, data privacy and misuse. IoT devices collect a lot of information about us. But in smaller communities where the digital knowledge may be limited, that data is often collected without real understanding or consent. This creates real risk of surveillance, profiling, or unintentional harm. Second, vulnerable infrastructure. Local authorities and small organizations often lack resources to protect the digital systems. That makes a prime target for cyberattacks, especially ransomware, which can cripple schools, hospitals, or even our water systems. And third, trust and inequality. When AI systems are biased or when IoT systems fail, people lose trust. And those who are already vulnerable, rural communities, minorities, low-income groups, are often the ones most affected. So, how do we move forward? How do we embrace innovation while also protecting our communities? Let me suggest four principles. One, security by design. We must demand that AI and IoT systems are secure from the beginning. Two, local empowerment. We need to invest in training and capacity building, not just for engineers in big tech corporations, but for the citizens, for the local people, for the local leaders. They are the ones who manage, who use, who maintain the system, and they deserve the tools and knowledge to do it safely. Three, participatory governance. That’s what we call and we are talking about all these IGF in Norway, the multistakeholder governance. It is really necessary to participate. We need inclusive process where citizens help shape how AI and IoT are used in our lives. And let me have a small reflection about this. While United Nations, European Commission on Union and ITY, they play a key role in the making of standards of participation in the IGF, we still need more civil society spaces like internet society, when the civil society, the academy, the private sector and the tech community can participate. And four, global frameworks for local action. In this kind of things, in this kind of public policies, in this kind of law, one size fits all doesn’t work. We need to take account of the local community, the necessities and reality. And I have another reflection here about the ethics. We are talking about ethics, but it’s not only what you as a user can and cannot do. It has to be also with what governments and what companies can and cannot do. They have all the information, they have all the knowledge. They only do not release the final user. So we have to work on ethics also beyond the final users. And without security, without cyber security, there is no sustainable innovation. And finally, a call to action. Let’s empower our communities to lead the way. Thank you very much for your question Jennifer.

Jennifer Chung: Thank you Carlos. You brought together actually very, very important points and thank you for setting the scene about that. I think the four points that you gave us to take away is actually very good action points that we need to have security by design, local impairment and participatory governance especially when we’re looking at the multi-stakeholder model here. Actually a quick reflection before I go to our next speaker is this morning I heard at one of the sessions he came up and he said he was a coder and he said I’m here, I’m listening to all these policy people speak but where are the people who make and do and code? We really need to bring in all of these communities that actually can take action from the policy that we’ve shaped here to be able to have real impact. So I think that’s actually very important to have that as well. I’m now going to move on to Mr. Dejan Djukic and I know for RNIDS you are the CCTLD for Serbia and also of course Serbia IGF and maybe a little shift towards that question. Do you think and will stricter regulations on tech service providers really and truly improve overall security? What are the costs for both service providers and end users?

Dejan Djukic: Thank you for interesting question, good afternoon everyone. Regulation is necessary as threat becomes more and more sophisticated every minute but in most cases regulation is too slow to follow technology evolution. We have many examples of that like GDPR now needs two directives so the evolution of regulation and technology are not fast at the same time. So that’s the reason why community involvement is essential. So we cannot sit and wait for the regulator to solve all our problems. raising awareness that is something that we have to do constantly. Improvements are needed, following up to stricter regulation can help us to be the top of our game, perhaps much faster than it’s done nowadays. Five years ago, we didn’t have those sophisticated threats like today. However, TechKip’s security on a top priority reinvents solutions to protect infrastructure and services it provides. That is what keeps our system stable and running. Caution is also needed by all parties, however, especially for lawmakers. In general, it’s really challenging to find balance between privacy and security. When we speak about time age before NIS2 directive, our TLD decided to collect fewer personal data in our database and we came to that solution in cooperation with Data Protection Authority. But now when NIS2 came into force in most countries in EU and we are preparing our local laws, we will have to collect same amount of data as time before of the most probably we collected before. So, when we started first time our domain registration in our TLD, we collected documents and we are allied with GDPR, we decided that no documents are needed to collect. In our zone, abuse is small and we have 150,000 domain registrations and around 100 domain reported abuse in 2024. So, of course, the law applies to everyone, but numbers are cruel sometimes. And definitely there will be cost for users and operators as well. Because operators have to improve their systems, but users also have to be prepared to use those improved systems as well. And when we speak from perspective of DNS operator, established as a private foundation like Serbian TLD, multi-stakeholder cooperation is essentially important. So since we don’t have any executive power regarding fighting abuse and cyber crime, involvement of relevant parties are necessary. So on a local level, we cooperate many with organizations in order to raise awareness. With our partners, we organized many cyber security conferences, workshops, and hackathons. So also in concrete cases of cyber crime, we also need the assistance of relevant authorities. So I can raise an example from a few days ago. It was a situation with several domain names that with the website that are offering illegal weapons on them. Since we are not dealing as a registry with the content, we contacted the registrar to check the registration data. And after the registrar confirmed that data is correct, we couldn’t do much. And we started to communication with the local police, cyber crime police, and after continuous communication of few days and mostly few weeks, they managed to provide public prosecutor order and we finally suspended those several domains used for weapon selling. So that’s just one illustration, an example how cooperation is important and sharing relevant data and knowledge among stakeholders is crucial. Thank you.

Jennifer Chung: Thank you very much, Dejan. You actually touched on a whole host of really critical items that has actually been discussed very much now, DNS abuse, in the ICANN context as well, looking at how it’s not just policymaking in a very narrow scope there, but. In actual practice, registry operators, registrars as well, as well as local jurisdiction, local law enforcement, there is a whole host and chain of how you can actually address and mitigate and report and finally do any takedowns, if that is what it is. I do note that, you know, the original question was asking really about stricter regulations, but you gave us a very comprehensive mapping of what it actually means to the end user, to the operators, and actually for the Internet, I guess, as a whole as well. So thank you for that sharing. So now I’m going to turn over a little bit to policy approaches. I’m going to go over to Ms. Lia Hernandez. So Lia, I guess from your point of view as founder of Epanditec and also from the Panama IGF point of view, which policy approaches can be adopted to effectively educate social media and Internet users to identify and avoid emerging cybercrimes such as online scams and phishing attacks? Lia.

Lia Hernandez: Thanks, Jennifer. Are you hearing me? Yeah. Good morning. Well, good morning. My name is Lia Hernandez. I am a Panamanian lawyer. I’m based in Panama City, but my work is focused more in the Central American region and the Spanish speaker Caribbean. So I’m going to talk based on my experience in my region, mainly in my region and in some countries in Lattyn America, because we have the same issues regarding to the application of cybersecurity or cybercrime standards. And actually, I think that to effectively educate the users on social media, social network, on the Internet is not enough the capacity building. It’s necessary that the states establish the issues of cybersecurity or cybercrime like as a state policy. Most of the countries in Central America and the Caribbean, they change. of government every four or five years. And for that reason, they also change the priorities. So maybe in Panama right now, my hometown, cybersecurity is a priority. But in five years, there’s not going to be a priority anymore because a new government and the EU party arrived to the power. So for that, I think that it’s not enough to say that we have a commitment with the cybersecurity or we have a commitment with the cybercrime. We must really be and incorporate in our agendas the agenda of the governments and the policymakers topics as cybersecurity, digital security, cybercrime. And also, it’s very important to adequate our legal frames war to the new trends on cybercrime times. We have two main cybercrimes conventions in the world, the Budapest Convention and the recently approved United Nations Cybercrime International Convention. I know that not all of us, we are agreed with the test of these two conventions. But most of the governments of our region have approved and have signed Budapest. But till now, they haven’t adequate their local legislation. So for that, I think that it’s necessary to take the best of all of these documents, the Budapest Convention and the UNESCO Convention, and maybe adequate our legal frames war because if we don’t have a crime in our criminal code, it’s very difficult to avoid these kind of conducts in the cyber space. So I also have to say that there is not sufficient the legal frame wars, the reference. We must take actions. We must take action. Stop saying that cybersecurity is the priority in my country. We just educate the citizens, from the kids, to the teenagers, to the senior people, and to explain then how the internet really works. which are the rigs to use the internet for this or this way. And don’t tell them, you shouldn’t do this or you shouldn’t act like this. Because when you talk with the kids and you say don’t do that, they are going to try to do it. So it’s better to explain them how really works the internet and the consequence of they don’t use the internet in the right way. And after that, talking about the good, the bad and the ugly of the internet. And we must educate them so they know how to identify the real risk. So I think that this is my opinion about this question, Jennifer, Mike. Thanks.

Jennifer Chung: Thank you, Lia. Especially bringing up, you know, there is always this shift when you have a shift in administration, there is a shift in priorities. And the fact that we do have the two conventions also doesn’t mean that, you know, it has been reflected in all over, you know, global and I guess to the local jurisdictions and legislations as well. Very important part about capacity building. I think it needs to be done holistically across the board as well. Now we are going to turn over to Dennis, Dennis Broeders. I guess maybe with the context of what you heard from the previous speakers, I don’t know if you can pull this into, you know, your response as well. The question really is how can national and regional multi-stakeholder cooperation help build a stronger global cybersecurity resilience? Dennis.

Dennis Broeders: Thank you, Jennifer. I will try to draw in a few things, but I will focus on a much more smaller, but actually quite big element. So I want to focus on the relationship between cybersecurity, information sharing and resilience. So keeping it a little small. So most countries also internationally say, okay, the value of information sharing is like a mantra, right? Then also the value of public-private cooperation in information sharing. is also a mantra. So I’m talking about the sharing of information about digital vulnerabilities, about incidents, about methods of states and criminal actors, so threat intel in short, right? So everybody realizes the value of information sharing for digital resilience, and yet in practice, it proves to be something that is actually very difficult. I’ve seen many forums also here talking about it. In my country, the Netherlands, every single cybersecurity strategy we had underlines the importance of information sharing, and every single strategy we had says we need to do better, right? So that’s where we are. Most recent cyber strategy, 2022, 2028, again, puts information sharing front and center, and also acknowledges that information exchange is still fragmented, and it undermines the cyber resilience of companies, of organizations, and of society as a whole. And to a certain extent, and I think many people realize that that’s easily explained, right? All the organizations that have information that would affect others, that would benefit others, they also have good or at least understandable reasons not to share that information. So information is often not shared, and there are reasons for that, right? If you look at different organizations, intelligence agencies, right? They have lots of information. They never tire of telling us, right? We know everything, but they have a professional focus on national security that comes with an emphasis on secrecy. They have limited incentive to share information with others. Internationally, they have a quid pro quo relationship with their sister organizations in other countries, and they also have an organizational interest in keeping certain vulnerability behind because they may prove useful for their own work. So transparency there is not optimal, let’s put it that way. Then we have companies, governments, organizations, they all have information that is useful when they have been breached or attacked. Bigger companies will have information about what they see in their own networks that will be useful for others. But when it comes to breaches and vulnerabilities, they also have very little incentive to share. It can lead to reputational damage. It can open them up for claims, for liabilities. So sharing, and also sharing does not necessarily get them any meaningful response from other companies, right? So why share? Then we have threatened our companies, right? The manions of the world, basically. They have a lot of data. They have a lot of information on their clients, mostly. Mostly the big companies do Western big companies, so they have mostly biased information with a Western bias. When you talk to them, they see the value of sharing, but they’re not that eager to share, which is also logical because it’s their business model to use and market that information. So resilience, societal resilience is nice, but profits is better. So no transparency, there’s client privilege, and there’s NDAs on the information. The most effective sharers, hooray for internet governance, I think are the C-certs and the cert community, right? They have a long-standing tradition in the international community of exchanging information, and they see it as a core value to do so, right? So internet governance organizations, they focus on the resilience of the internet as a global network, and they work more along the lines of what you would call like a health and safety approach, right, rather than a security approach, and that does something. Okay, having said that, how do we overcome blockages to information sharing, right? I have a few points to make, three points. So one is a little philosophical in nature, right? So starting where we left off with the C-certs, basically, say, okay, how can we extend the logic of health and safety to more forms of information sharing, right? Can we get more levels or sorts of information in the frame of sort of first medical responders where we try to make sure that the patient is okay rather than into a security frame of mind where we’re looking for, okay, who is at fault, why have they done it, what are the consequences, who is liable, et cetera, right? So there is a balance there to look for. Related to that, because I think these communities are communities of trust, and someone mentioned this before, is how can we create communities of trust? And I think this audience here is probably well aware that certain sectors, for example, like the banking and financial sectors in the Netherlands but elsewhere as well, they have created what they call information sharing and analysis centers, right, the so-called ISACs. In these ISACs, sectors exchange information about incidents, threats, and vulnerabilities. There is no question that banks are each other’s competitors, right? That is clear. But they do have a common interest in sort of keeping the digital financial system as healthy and as well-functioning as possible. So that helps. What also helps is the closed nature of ISACs, right? It’s a closed system, there’s a trust system, there’s even an amber system and a red system, what kind of information gets written down. So it’s a community of trust, but it’s also often facilitated by the government. So this is something where governments can do something. Lastly, and the NIS2 Directive has already been mentioned, there’s always regulation, right? The regulation is not always the best option forward, but for example, in the Netherlands, if we look at the implementation of the EU NIS2 Directive, that will mean that in the Netherlands 5,000 companies will now have reporting obligations and certain obligations to have preventative measures, as opposed to the 200 that were designated like that before. That is a huge difference. The idea is, of course, that this will create more resilience, whether that’s actually the case is something that we will have to see in the future. I’ll leave it at that.

Jennifer Chung: Thank you, Dennis. That was a lot of very good information and a lot to unpack. I’m not even going to attempt to try to summarize any of this before we go to our next speaker, but I think you really highlighted the big problem and the tension between having this information and the incentive to share, and shifting that paradigm to what you mentioned as health and safety instead of liability and faults. I think that really allows us to look at it a little more clearly. I think on the other context, before I go to our next speaker, is this has also played out in the ICANN context for those who do participate in ICANN policymaking, and I guess that community as well. There has been a lot of tension and a lot of urgency from the part of law enforcement. to request for information, but the problem still is how do we authenticate these requesters? How can we make sure that, you know, we have the obligation or, you know, the legal framework to do so and to disclose this information? So thank you very much for highlighting this, you know, very inherent tension between that. Hopefully we’ll be able to dig out some and tease out some possible solutions going forward, but I do see that it is not on one party or two parties, but it is a whole host of considerations. And again, multi-stakeholder is what we’re talking about here. So with our last but not least speaker, I’d like to go over to Ms. Latty Thaka from South Africa IGF. And I’d like to get a little sense of what the best practices are and the impacts, and I think she wanted to give a little bit of thread of the legislation and regulation in South Africa right now and what the recommendations are, I guess, coming forward for cybersecurity and that part from the South African point of view.

Latty Thlaka: Okay. Thank you, moderator. My name is Latty from South Africa. I am the chairperson of the South African Internet Governance Multi-Stakeholder Committee. I think just before I start, I just need to remind us that cybersecurity is not just a technical challenge. It is a human rights development and governance issue. The only way to address it meaningfully is through multi-stakeholder cooperation at national, regional, and global level. So going into best practices, South Africa strongly supports a multi-stakeholder approach to cybersecurity. We collaborate globally and regionally through AU Malabo Convention, the SADC strategy. We also participate in GFCE and ITU’s African initiatives. Nationally, we have built structures like the Cybersecurity Hub, which is a project by the Department of Communications and Digital Technologies. It is a national computer security incident response team project that was established to make cyberspace an environment where we can all safely communicate, socialize, and transact in confidence. This project works with stakeholders from civil society. It works with government. It works with the private sector. It works with the technical community and academia in preventing and responding to threats. Our South African Police Services and State Security Agency also coordinates cybercrime investigations and threat intelligence together with private sector and ISPs. And I think it’s also worth noting that our IGF is also very strong when it comes to addressing and engaging in matters of cybersecurity, where cybersecurity is not just discussed annually or allocated annually. It’s also integrated in all the thematic areas. And I think we’ve also seen firsthand the impact of an action where data has revealed a 22% year-on-year increase in ransomware incidents targeting South African institutions. We have had, I think amongst others, digital fraud in the banking sector. We’ve had ransomware attacks on public institutions. Ordinary citizens are also getting attacked on a daily basis. And in addressing these, we are active in research on cybersecurity. We have a few initiatives, and I’ve already mentioned the cybersecurity hub. We’ve also got the Cyber Command Center, and where legislation is involved, we have a national cybersecurity policy framework, the Cyber Crimes Act, and the POPI Act, the Protection of Personal Information Act. However, we’ve also noticed the growing tension between the cybersecurity laws and our constitutional duty to uphold privacy and data protection, where our Cyber Crimes Act criminalizes malicious activity, while the POPI Act protects personal data. Together, they offer a legal balance, but the test really lies in the implementation, and without proper oversight, there’s a risk of overreach, public distrust, and suppressed digital freedoms. We found that the law enforcement sometimes maybe faces delays due to legal processes required under POPI Act to access digital evidence, and civil society has also raised concerns over potential overreach in surveillance protections of the Cyber Crimes Act. So I think we just need to strengthen oversight mechanisms, such as judicial review for data access, and update laws to ensure proportionality, necessity, and transparency in surveillance. And I think that’s why we’re also just calling for three things. We’re calling for policy coherence, where cybersecurity strategies must go hand-in-hand with privacy protections and rights-based governance. We’re also calling for global and regional collaboration through harmonized laws, shared intelligence, and joint incident response. And we also need to have an inclusive governance where youth, civil society, and underrepresented groups have a seat at the table. Our National Internet Governance Forum has proven that this model does work, and if we don’t act decisively, we risk widening the digital divide, weakening human rights, and undermining regional trust. So we just need to remember that cybersecurity resilience is not just about defending networks, it’s about defending people, democracy, and dignity in a digital world. South Africa is ready to collaborate, we’re ready to lead, we’re ready to learn, and we cannot afford to wait.

Jennifer Chung: Thank you very much, Latty. I think that ending was actually very important for us to remember, and we’re not just defending the networks, we are defending humans. Thank you also for sharing all the work that is being done right now with South Africa. I think, you know, I hear a thread amongst all the speakers that this is a multi-stakeholder effort that we need to address cybersecurity risks, but we need to balance it with privacy and we need to balance it with having inclusive governance where underrepresented groups do have a seat at the table. For the next 20 minutes, we have an open floor, and I think I already see some indications that we would like some, yep, speaking over there. I think this is Bangladesh IGF, Anu, please go ahead, Anu.

Bangladesh IGF representative: Hello, Jennifer, thank you. This is Mohammad Abdullah Gono, Secretary-General, Bangladesh Internet Governance Forum. As cyber threats grow in scale and complexity, it is clear that while the challenges are global, the responses must be grounded in local realities. In Bangladesh, we have witnessed how community-based awareness, capacity building, and multi-stakeholder engagement can help counter cyber threat more effectively than top-down approach alone. The Bangladesh Internet Governance Forum has been working to promote trust, security, and responsible digital practice by fostering collaboration between government agencies, civil society, the private sector, and youth groups. Our local cybersecurity framework are aligned with global norms, but are also tailored to our unique socio-economic and digital context. We believe that regional and local internet governance forums play a critical role in sharing best practice and ensure that cybersecurity is not just a technical issue, but a shared social responsibility. By building resilience from the ground up, we strengthen the global digital ecosystem. Let us continue working together across borders and stakeholder groups to ensure a safe, more inclusive digital future for all. Thank you, Jennifer.

Jennifer Chung: Thank you very much, Anu. I am also going to see if we do have anything online. We do have our online moderator, Godsway, who is checking online. He has reminded everyone who is participating remotely to also indicate whether or not you would like to ask questions or actually give some comments. Godsway, are there any questions and comments, or requests to take the mic?

Godsway Kubi: Hello, everyone. I hope I am audible. Okay, so I am Godsway Kubi, the lead facilitator for online cybersecurity, and also representing Ghana IGF here. I think for now, we don’t have much questions, but I am hoping that before we finish the session, there will be some questions.

Jennifer Chung: Thank you very much, Godsway. I see on the floor, Mary Uduma.

Mary Uduma: Thank you very much for giving me the opportunity to speak. If we are to navigate globally and locally, cyber trade via a local partnership, we have mentioned already the multi-stakeholder process, so there is a lot of collaboration to be done. a lot of capacity building to be done, and a lot of awareness creation. There are some people that are scrupulous and they don’t even know that they are being attacked. So in the password management, cyber hygiene, so those are some of the things, and collaborating with law enforcement. And the law enforcement needs a lot of capacity or capacitation. So capacity building and development with the law enforcement is very key. That’s what we have started in Nigeria, in the Nigeria Internal Registration Association, the .NG managers. We have this capacity building and exchanges and engagement with our law enforcement to be able to bring to fore some of the threats, and they also understand the threats as well. So those are the few things I just want to mention because the panelists, they’ve already mentioned a lot of them. But collaboration, capacity building, sensitization, and engagement with the law enforcement would help us navigate those streets. They are very, very rare. Thank you.

Jennifer Chung: Thank you, Mary. Thank you for sharing the perspective from Nigeria and also, of course, West Africa. I’m looking around the room to see if there’s any hands up. Of course, colleagues who are sitting in front of us, please, you are welcome to come over to the U-shape to take the mics as well. I know there are mics on the side of the room if you would prefer that as well. If not, I’m gonna use a little bit of moderator prerogative. I see Dr. Nazar. Nazar, please go ahead. Nazar, one second, you need to turn on your mic.

Audience: You will not have to use it, touch it, don’t touch. That’s what they’re saying. Thank you so much, Jennifer and team NRIs from all over the globe. My intervention on this front will be let us also focus on the local talents in terms of our universities are creating and co-creating a lot of young people with a lot of skills. And what I find is that the local conception in terms of companies and the governments and even civil societies are not actually using these local talents and the local skills that have been created by our universities. So while we are talking about, you know, combating all these cyber threats, we need to focus using the resources that are there. The young people from the universities, they are very learned on ICTs and cyber security. But the applications and the skills from the local content are not being properly utilized. So I think that will be my contribution so I can also yield time to others to contribute as well. be ensuring that we use the local content that is available to combat both the local and global cyber security threats. Thank you.

Jennifer Chung: Thank you, Nizar. Thank you, Nizar, for reminding us that, you know, we absolutely need to rely on local talent and local content to also combat all of this. I do have one comment online which I’ll go first and then I’ll come to you, Carlos. So, Godsway, please go ahead and read out the question.

Godsway Kubi: Okay. Okay. So, I think Emmanuel is asking, you know, what international frameworks do we have to empower law enforcement agencies in the Global South?

Jennifer Chung: Thank you, Godsway. So, before I go to Carlos, I’m wondering if anybody up here on the panel or anybody in the room would like to answer Emmanuel’s question. The question, again, is, you know, what international framework we have to empower law enforcement agencies in the Global South? Read it again so you have some time to think about the answer. While you’re ruminating on this answer for Emmanuel, I’d like to go to Carlos. Please go ahead.

Carlos Vera: Thank you again. I think that one of the main words or concept we have to have is share. We share the room. We were in the same room yesterday in the main hall with Joseph Gordon Leavitt. And in one moment, the girls were saying aloud, I love you, I love you, I love you. And of course, I said, thank you, thank you. And this nice-looking guy looked at me and I said, let’s share. Let’s share. That’s what we have to say to government, to big tech companies. Let’s share accountability, responsibility, cybersecurity. The decision-making process is a shaded process. That’s why we strongly support the multistakeholder process. and share, share, share. This is the key issue for all of us. Thank you, Jennifer.

Jennifer Chung: Thank you, Carlos. That was a great analogy. Maybe Joseph Gordon-Levitt can solve all our cyber crime and cyber security problems, you know, just drawing the attention and asking everyone that you need to share information. He has a PhD in computer science. We should call him to this room. Maybe that’s how we’re gonna solve all of this, right? He will help us solve the IGF renewal, all of that. Dennis, please go ahead.

Dennis Broeders: Maybe a short comment on my neighbor. Sharing would be fantastic. I love sharing, it’s very nice. But institutionally, many of these organizations are biased against sharing. They have no interest in sharing or they have interest in sharing certain things, but not other things. So we have to realize that while some of these corporations have goodwill, many of them are in the business of making profit and they will share what they need to share. So what we increasingly see now is we have larger and larger companies doing things that traditionally were public utilities, but we have put them in the hands of private corporations who do not have a public ethos. They have a private ethos, they’re there to make money. And we sort of let it happen. That’s one thing, but to sort of rely on ethical frameworks and asking them to share and basically rely on their goodwill, I think is not the way forward. We have seen time and time and time again that when push comes to shove, they will go for the dollar and not for the public interest.

Jennifer Chung: If I may actually ask a follow-up question, because in your first intervention and just now, you said incentives are not there for sharing. What incentives do you think could oblige or could be to incentivize the sharing, I guess, for different parts and different organizations?

Dennis Broeders: I think it varies. I mean, I haven’t thought the whole thing through, but the ISAC example shows you where. Competitors are actually able to agree on some common ground where they say, okay, we all benefit if the larger financial system and the transactions between us are safe, right, that’s something where they go, okay, that’s where we can cooperate. On other things, I think the general rule is when industries start saying, no, we’ll do it ourselves, we’ll self-regulate, we’ll do ethical framework, we’ll do all these things, that means they’re afraid of regulation, right, that’s the only reason they’re stepping forward to do this. That means that regulation may be the way forward, right, so you can’t expect private companies to fully embrace a public task in a public way, right, that’s not what they’re there for, but we have a long history of having private companies subjected to certain rules to make sure the public interest is safeguarded, this is not a new thing, right, we have been doing this for centuries, there is a way of organizing this between public and private parties where you weigh in as a government and say, but this is the public interest, this needs to be safeguarded, so I’m afraid it’s regulation.

Jennifer Chung: That is definitely one answer, regulation does answer certain things, but probably doesn’t encompass everything as well. I’m going to use moderator prerogative to kind of come back to Dejan Djukic because, you know, listening about this and of course being in the DNS industry, being part of CCTLD, I wonder if you have some reactions regarding this because of course .Asia is also a registry operator, we have to follow our jurisdiction, what kind of laws that we need to follow, when we have court papers or court orders to do certain things, that’s how we take action, but perhaps from the Serbian point of view for the CCTLDs, are there similarities, do you have thoughts on this?

Dejan Djukic: Yeah, I still believe that information sharing is important, I gave a recent example from a couple of days ago, so we received a complaint from some international… organization or NGO, I’m not sure at the moment what they are, and they are sending us a couple of emails and notification that they find out that those websites are selling illegal weapons and that there are many of those sites in our zone. So we can easily say to them, send those emails to local police and do whatever you want. But we try to discover our data correct, and we also use our contact in police and public prosecutor office to make them to do something. So without that information, we couldn’t do nothing. Now we have 10 websites down with really illegal content. So without sharing information, we couldn’t do nothing. But I think it’s still important, and I believe it.

Jennifer Chung: Thank you, Dejan. I’m actually having trouble pressing this button here. Having the hot mics the whole time is bad, but not being able to press the mic to actually speak is also bad. So inherent tension, again, with voice. I don’t want to leave the question unanswered that we received online from Emmanuel, but I’m wondering if Leti or maybe Lia would like to address that question. And the question is, you know, what international framework do we have to empower law enforcement agencies in the Global South? And I’m assuming empowering law enforcement agencies, I guess maybe he means how they can take action, because I feel like law enforcement is pretty empowered everywhere. So maybe an adjustment to his question.

Latty Thlaka: Thanks, Jennifer. From my point of view, I don’t like to recommend Budapest Convention or maybe the UN Convention, because I have any consideration of each of these two tests. Actually I think that Budapest Convention was created like a convention for the European Union countries, and some other countries around the world have adapted their legal framework of then, but… For example, the reality of the global south countries are not the same as the realities on cyber security or cybercrime in the European Union countries. So I don’t want to say like you should follow the text of the recommendation of Budapest or the UN cybercrime conventions, I think that we should take the best of both documents and then see what is better or what is what fits in our local legal framework.

Jennifer Chung: Thanks, Lia and Leti, did you want to add to this?

Latty Thlaka: No, I think I share her sentiments, but I think just to add on that, maybe just briefly is that South Africa, we participate in the Global Forum on Cyber Expertise. So I think maybe that could contribute to answering the question.

Jennifer Chung: Yes, pressing the button to actually speak. There is one question that we just received in the Zoom room. So if I could just have Kotswe read out the question, or I think it’s maybe a comment.

Godsway Kubi: Yeah, I think so. OK, so I said, what are the global implications to the varied approaches adopted within the AI posture across EU and the US and implications to service provider certifications? So that’s the first question, and should I read it all or go one after the other? I think this question is quite long. It is quite long, but maybe just read the entire thing with respect to it. OK, OK. The second one states that, what does this mean for global South circummarism of this variable certified services? The implications of this AI posture on the cybersecurity and cybercrime posture is critical for. So I think the first question is, the second one is a follow-up of this first one.

Jennifer Chung: So while our speakers and others in the room think about this, I want to see if there’s any other questions online and in the room.

Carlos Vera: About the law enforcement?

Jennifer Chung: You have one? Okay, please go ahead.

Carlos Vera: Okay. There is a lot of frameworks. Every law is jurisdictional, but in issues like electronic commerce or cybersecurity, we need a legal framework from the United Nations, for example, and they have several committees that work on specializing on this kind of things. So even though the law is jurisdictional, geographically restricted to one country, we need a legal framework, and UNUDI and some of the bodies work all the time providing this kind of legal framework. Thank you.

Jennifer Chung: Thanks, Carlos. I don’t see any more hands or questions in the room. Nazar.

Audience: Yes, I just wanted to add on the Interpol, it’s called the Interpol Cybercrime Directorate for the – there are so many, and even the ITU has one for the – has one framework for the – that can assist the local enforcement agencies, for example. The Interpol Cybercrime Directorate is one of those, and I think Interpol is very known for being intercontinental, interregional, and it plays a part in the local context as well.

Jennifer Chung: Thank you, Nazar, for sharing that and reminding us about this. I think without that, then I’d like to ask our speakers in reverse order, so in the reverse order that I initially asked you to speak. to just do a very quick wrap and really just the one takeaway that you want us to really take away from this session. So I will begin with Latty, please.

Latty Thlaka: I think maybe we’ve also seen from the question that was posed that it is a need for harmonization. So we need to harmonize our laws. We need global and regional collaboration in doing that. And we need to ensure that there is inclusive governance. But I need maybe just to leave us with one thing. And it’s something that I mentioned before is that we need to prioritize human rights when talking cyber crimes, when talking cyber security, because if we don’t, we risk widening the digital divide and maybe weakening human dignity. So let’s not undermine our efforts as a globe, as regions and countries. Thank you.

Jennifer Chung: Thank you, Latty. Dennis, one takeaway?

Dennis Broeders: Yeah, maybe I’ll stick with my theme of information exchange. So I mostly focus on the national level. But if we look at the international level, there is a lot to be gained. I think there really is a lot to be gained. We know it’s possible, right? We have a global community of CSIRTs that are exchanging information in a trust-based system. I don’t know if ISACs, for example, talk to each other in a sectoral way, in a broader sense, probably. This morning, I heard a speaker from Albania saying, okay, they’re really invested in sort of getting more information exchange in a regional way. But I think getting that going and also finding a way to sort of get more private information into that mix, that would be really good, albeit not necessarily easy.

Jennifer Chung: Thank you, Dennis. Lia?

Lia Hernandez: I want to remark that capacity building and regulation is not enough. We should work. It’s like there are not two… topics that we should work separately. We should still increasing the capacities and the knowledge of the population from their kids to the older generations. And that is this. In some countries, any conventions or any regulation has worked. That doesn’t mean that the others, that the regulation, they’re also going to work in your region or your country. We should take of consideration the politically, geographically, and economically context before to adapt or adequate like a regulation in any region of the world.

Jennifer Chung: Thank you, Lia. Dejan Djukic?

Dejan Djukic: Thank you. I believe that permanent activities on improving security of system infrastructure and following actual threats is a good approach. So also raising the awareness together with relevant partners on the local and international level could bring improvements constantly. Regulations, of course, is important, but usually very slow. So all of us have to do more before regulators find out the solutions. Thank you.

Jennifer Chung: Thank you, Dejan Đukić. And I guess I’ll leave the last word to Carlos.

Carlos Vera: Thank you. It’s not easy to get the shaded process from government or from international organizations. But we, the citizens, have not to forget that we are the boss, really. If the government doesn’t have the capacity to share the responsibility, the accountability, and the decision-making process, we can change the government. And if the company doesn’t work observing the right condition of the consumers, we can change the company. We cannot buy their product or service. So we have a real power. We are not only passive actors. We are active actors. And we have to use our power. to also be part of the decision in this kind of things. Thank you very much for everything.

Jennifer Chung: Thank you, Carlos. I do note that, you know, perhaps the person who asked the remote question didn’t actually hear an answer to his question or her question, but we’re happy to take this to the NRI mailing list, hopefully to get further experts to answer this. I’m not going to attempt to summarize what has been a very rich discussion, especially on the many, many issues that, and many, many ways that different NRIs, different jurisdictions, different countries are tackling cybercrime, and on all the mitigation efforts, the inherent tension of info sharing, the actual practices of, I guess, CCTLDs and registry operators, and especially, I would say most importantly, with my bias on, we need to make sure it’s an inclusive governance. We need to make sure the underserved, the voices that always get left behind are not further left behind in this conversation about mitigating, about combating cybercrime and looking at best practices. So with that, I thank you all for your time. Thank you to the panelists. Thank you to the questions. Thank you to all in the room for a great session. Thank you.

Carlos Vera

Speech speed

113 words per minute

Speech length

Private Sector Accountability and Regulation

Topics

Human rights | Economic | Legal and regulatory

Disagreed with

– Dennis Broeders

Disagreed on

Role of regulation versus voluntary cooperation in information sharing

Latty Thlaka

Speech speed

139 words per minute

Speech length

929 words

Speech time

399 seconds

Multi-stakeholder approach is essential for addressing cybersecurity as a human rights and governance issue

Explanation

Cybersecurity is not merely a technical challenge but encompasses human rights, development, and governance issues. The only meaningful way to address these complex challenges is through multi-stakeholder cooperation at national, regional, and global levels.

Evidence

Bangladesh IGF representative

Speech speed

94 words per minute

Speech length

181 words

Speech time

115 seconds

Community-based awareness and multi-stakeholder engagement are more effective than top-down approaches

Explanation

In Bangladesh’s experience, community-based awareness, capacity building, and multi-stakeholder engagement have proven more effective at countering cyber threats than top-down approaches alone. This grassroots approach builds resilience from the ground up and strengthens the global digital ecosystem.

Evidence

In Bangladesh, we have witnessed how community-based awareness, capacity building, and multi-stakeholder engagement can help counter cyber threat more effectively than top-down approach alone.

Major discussion point

Multi-stakeholder Cooperation and Governance

Topics

Cybersecurity | Development | Sociocultural

Agreed with

– Carlos Vera
– Latty Thlaka
– Jennifer Chung

Agreed on

Multi-stakeholder cooperation is essential for effective cybersecurity governance

Collaboration between government agencies, civil society, private sector, and youth groups is critical

Explanation

The Bangladesh Internet Governance Forum promotes trust, security, and responsible digital practices through fostering collaboration between multiple stakeholder groups. This collaborative approach ensures that cybersecurity becomes a shared social responsibility rather than just a technical issue.

Evidence

The Bangladesh Internet Governance Forum has been working to promote trust, security, and responsible digital practice by fostering collaboration between government agencies, civil society, the private sector, and youth groups.

Major discussion point

Multi-stakeholder Cooperation and Governance

Topics

Cybersecurity | Legal and regulatory | Development

Dennis Broeders

Speech speed

180 words per minute

Speech length

1592 words

Speech time

529 seconds

Information sharing is valued but difficult in practice due to organizational disincentives

Explanation

While most countries and organizations recognize the value of information sharing for digital resilience, it proves very difficult in practice. Organizations that possess valuable threat information also have understandable reasons not to share it, creating a persistent challenge for cybersecurity cooperation.

Evidence

Disagreed with

– Carlos Vera

Disagreed on

Role of regulation versus voluntary cooperation in information sharing

Regulation may be necessary when industries propose self-regulation to avoid stricter oversight

Explanation

When industries start proposing self-regulation, ethical frameworks, and voluntary measures, it typically indicates they fear government regulation. Since private companies cannot be expected to fully embrace public tasks in a public way, regulation becomes necessary to ensure public interest is safeguarded, following centuries of precedent in balancing public and private interests.

Evidence

When industries start saying, no, we’ll do it ourselves, we’ll self-regulate, we’ll do ethical framework, we’ll do all these things, that means they’re afraid of regulation, right, that’s the only reason they’re stepping forward to do this. We have a long history of having private companies subjected to certain rules to make sure the public interest is safeguarded, this is not a new thing.

Major discussion point

Private Sector Accountability and Regulation

Topics

Legal and regulatory | Economic | Cybersecurity

Agreed with

– Dejan Djukic
– Lia Hernandez

Agreed on

Regulation alone is insufficient and must be balanced with other approaches

Disagreed with

– Carlos Vera

Disagreed on

Role of regulation versus voluntary cooperation in information sharing

Lia Hernandez

Speech speed

133 words per minute

Speech length

– Carlos Vera
– Mary Uduma
– Audience

Agreed on

Capacity building and education are fundamental to cybersecurity resilience

Dejan Djukic

Speech speed

131 words per minute

Speech length

772 words

Speech time

353 seconds

Regulation is necessary but too slow to follow technology evolution, requiring community involvement

Explanation

While regulation is necessary as cyber threats become more sophisticated, regulatory processes are too slow to keep pace with technological evolution. Examples like GDPR needing additional directives demonstrate this lag, making community involvement essential rather than waiting for regulators to solve all problems.

Evidence

Agreed with

– Dennis Broeders
– Mary Uduma

Agreed on

Information sharing is crucial but faces significant practical barriers

Mary Uduma

Speech speed

119 words per minute

Speech length

208 words

Speech time

104 seconds

Capacity building with law enforcement is crucial for effective cybercrime response

Explanation

Law enforcement agencies need significant capacity building and development to effectively address cyber threats. Collaboration, capacity building, sensitization, and engagement with law enforcement are essential components for navigating cybersecurity challenges, as demonstrated by initiatives in Nigeria with the .NG registry managers.

Evidence

The law enforcement needs a lot of capacity or capacitation. So capacity building and development with the law enforcement is very key. That’s what we have started in Nigeria, in the Nigeria Internal Registration Association, the .NG managers. We have this capacity building and exchanges and engagement with our law enforcement to be able to bring to fore some of the threats, and they also understand the threats as well.

Major discussion point

Capacity Building and Education

Topics

Cybersecurity | Development | Legal and regulatory

Agreed with

– Carlos Vera
– Lia Hernandez
– Audience

Agreed on

Capacity building and education are fundamental to cybersecurity resilience

Audience

Speech speed

106 words per minute

Speech length

272 words

Speech time

153 seconds

Local universities create skilled young people whose talents are underutilized by companies and governments

Explanation

Universities are creating and co-creating many young people with strong ICT and cybersecurity skills, but local companies, governments, and civil society organizations are not properly utilizing these local talents and skills. While discussing combating cyber threats, there’s a need to focus on using available local resources and capabilities.

Evidence

Universities are creating and co-creating a lot of young people with a lot of skills. And what I find is that the local conception in terms of companies and the governments and even civil societies are not actually using these local talents and the local skills that have been created by our universities.

Major discussion point

Capacity Building and Education

Topics

Development | Cybersecurity | Sociocultural

Agreed with

– Carlos Vera
– Lia Hernandez
– Mary Uduma

Agreed on

Capacity building and education are fundamental to cybersecurity resilience

Organizations like Interpol Cybercrime Directorate and ITU provide frameworks for law enforcement assistance

Explanation

International organizations such as Interpol’s Cybercrime Directorate and ITU offer frameworks that can assist local law enforcement agencies. Interpol is particularly valuable for being intercontinental and interregional while also playing a role in local contexts.

Evidence

The Interpol Cybercrime Directorate is one of those, and I think Interpol is very known for being intercontinental, interregional, and it plays a part in the local context as well.

Major discussion point

Regional and International Cooperation

Topics

Cybersecurity | Legal and regulatory | Infrastructure

Godsway Kubi

Speech speed

129 words per minute

Speech length

198 words

Speech time

91 seconds

Online participation in cybersecurity discussions needs facilitation and encouragement

Explanation

As an online moderator, Godsway emphasizes the importance of facilitating remote participation in cybersecurity discussions. He actively encourages online participants to engage by asking questions and providing comments, ensuring that remote voices are included in the dialogue.

Evidence

I am hoping that before we finish the session, there will be some questions.

Major discussion point

Multi-stakeholder Cooperation and Governance

Topics

Cybersecurity | Development | Sociocultural

Jennifer Chung

Speech speed

157 words per minute

Speech length

2589 words

Speech time

984 seconds

Multi-stakeholder dialogue requires inclusive participation from all communities including technical implementers

Explanation

Jennifer emphasizes that effective cybersecurity policy requires bringing together not just policy makers but also the people who actually implement and code solutions. She highlights the need to bridge the gap between policy discussions and technical implementation by including coders and technical practitioners in governance discussions.

Evidence

Agreements

Agreement points

Multi-stakeholder cooperation is essential for effective cybersecurity governance

Speakers

– Carlos Vera
– Latty Thlaka
– Bangladesh IGF representative
– Jennifer Chung

Arguments

Need for security by design, local empowerment, participatory governance, and global frameworks for local action

Multi-stakeholder approach is essential for addressing cybersecurity as a human rights and governance issue

Community-based awareness and multi-stakeholder engagement are more effective than top-down approaches

Multi-stakeholder dialogue requires inclusive participation from all communities including technical implementers

Summary

All speakers agree that cybersecurity challenges require collaborative approaches involving government, civil society, private sector, technical community, and citizens rather than top-down or single-stakeholder solutions

Topics

Cybersecurity | Legal and regulatory | Development

Information sharing is crucial but faces significant practical barriers

Speakers

– Dennis Broeders
– Dejan Djukic
– Mary Uduma

Arguments

Information sharing is valued but difficult in practice due to organizational disincentives

Information sharing is essential for combating cybercrime, as demonstrated by recent illegal weapons case

Capacity building with law enforcement is crucial for effective cybercrime response

Summary

Speakers acknowledge that while information sharing is recognized as valuable for cybersecurity, organizations face institutional barriers and disincentives that make practical implementation challenging

Topics

Cybersecurity | Legal and regulatory | Infrastructure

Capacity building and education are fundamental to cybersecurity resilience

Speakers

– Carlos Vera
– Lia Hernandez
– Mary Uduma
– Audience

Arguments

Investment needed in training for citizens and local leaders, not just engineers in big tech

Education should explain how internet works and consequences rather than just prohibiting actions

Capacity building with law enforcement is crucial for effective cybercrime response

Local universities create skilled young people whose talents are underutilized by companies and governments

Summary

All speakers emphasize that comprehensive capacity building across all stakeholder groups – from citizens to law enforcement to local talent – is essential for building cybersecurity resilience

Topics

Development | Cybersecurity | Sociocultural

Regulation alone is insufficient and must be balanced with other approaches

Speakers

– Dejan Djukic
– Lia Hernandez
– Dennis Broeders

Arguments

Regulation is necessary but too slow to follow technology evolution, requiring community involvement

Cybersecurity must be established as state policy rather than changing with government priorities

Regulation may be necessary when industries propose self-regulation to avoid stricter oversight

Summary

Speakers agree that while regulation is necessary, it has limitations in keeping pace with technology and must be complemented by community involvement, stable policy frameworks, and appropriate oversight

Topics

Legal and regulatory | Cybersecurity | Infrastructure

Economic | Legal and regulatory | Cybersecurity

Unexpected consensus

Arguments

Private corporations prioritize profit over public interest and cannot be relied upon for voluntary sharing

Regulation may be necessary when industries propose self-regulation to avoid stricter oversight

Citizens have power to change governments and companies that don’t share responsibility and accountability

Summary

Dennis argues that regulation is necessary because private companies will prioritize profit over public interest and cannot be trusted to voluntarily share information for the public good. Carlos, however, emphasizes that citizens have the power to change both governments and companies through democratic and market mechanisms, suggesting a more optimistic view of voluntary cooperation and citizen empowerment.

Topics

Legal and regulatory | Economic | Cybersecurity

Approach to international cybercrime conventions

Speakers

– Lia Hernandez
– Carlos Vera

Arguments

Legal frameworks need to be updated to address new cybercrime trends and adequately criminalize cyber activities

International frameworks like UN committees provide legal frameworks despite jurisdictional limitations

Summary

Lia expresses skepticism about existing international conventions like Budapest and UN Cybercrime Convention, arguing that they don’t fit the realities of Global South countries and that local legal frameworks should take the best from both rather than following them wholesale. Carlos, however, supports international frameworks from UN bodies as necessary for cross-border issues like cybersecurity, despite jurisdictional limitations.

Topics

Legal and regulatory | Cybersecurity | Human rights

Unexpected differences

Trust in voluntary corporate cooperation

Speakers

– Dennis Broeders
– Carlos Vera

Arguments

Private corporations prioritize profit over public interest and cannot be relied upon for voluntary sharing

Citizens have power to change governments and companies that don’t share responsibility and accountability

Explanation

This disagreement is unexpected because both speakers are discussing the same goal of improving cybersecurity cooperation, but they have fundamentally different views on human nature and institutional behavior. Dennis takes a more pessimistic, regulatory approach based on historical evidence, while Carlos maintains an optimistic view of citizen empowerment and democratic accountability.

Topics

Economic | Legal and regulatory | Cybersecurity

Overall assessment

Summary

The main areas of disagreement center around the role of regulation versus voluntary cooperation, approaches to international legal frameworks, and trust in institutional behavior. Most speakers agreed on the fundamental challenges and goals but differed on implementation strategies.

Disagreement level

The level of disagreement is moderate and primarily methodological rather than fundamental. Speakers largely agreed on the core problems (need for information sharing, multi-stakeholder cooperation, capacity building) but disagreed on the best mechanisms to achieve these goals. This suggests that while there is broad consensus on cybersecurity challenges, there are significant differences in preferred governance approaches that could impact policy implementation and international cooperation efforts.

Partial agreements

Economic | Legal and regulatory | Cybersecurity

Takeaways

Key takeaways

Cybersecurity is fundamentally a human rights, development, and governance issue that requires multi-stakeholder cooperation at national, regional, and global levels

Information sharing is critical for cybersecurity resilience but faces significant institutional barriers due to competing interests between intelligence agencies, private companies, and threat intelligence firms

Four key principles for addressing AI and IoT cybersecurity: security by design, local empowerment through capacity building, participatory governance, and global frameworks adapted for local action

Regulation alone is insufficient – it’s too slow to keep pace with technology evolution and must be combined with community involvement and continuous awareness raising

There’s an inherent tension between cybersecurity legislation and privacy/data protection rights that requires careful balance and proper oversight mechanisms

Local talent and university-trained cybersecurity professionals are underutilized resources that should be better integrated into cybersecurity efforts

Cybersecurity must be established as permanent state policy rather than shifting with changing government priorities

The most effective information sharing occurs in trust-based communities like C-certs and sector-specific ISACs that use a health and safety approach rather than a security/liability framework

Resolutions and action items

Continue discussions on the NRI mailing list to address unanswered technical questions about AI posture differences between EU and US

Strengthen oversight mechanisms including judicial review for data access in cybersecurity investigations

Update laws to ensure proportionality, necessity, and transparency in surveillance activities

Invest in capacity building for law enforcement agencies to better understand and respond to cyber threats

Create more sector-specific Information Sharing and Analysis Centers (ISACs) to facilitate trusted information exchange

Develop harmonized laws and shared intelligence systems for regional and global collaboration

Ensure inclusive governance by giving underrepresented groups, youth, and civil society meaningful participation in cybersecurity policymaking

Unresolved issues

How to create effective incentives for private companies to share cybersecurity information when it conflicts with their profit motives

How to authenticate and verify legitimate law enforcement requests for information while protecting privacy rights

How to adapt international cybersecurity frameworks (like Budapest Convention and UN Cybercrime Convention) to fit diverse local contexts and legal systems

How to address the global implications of varied AI governance approaches between regions like EU and US for service provider certifications

How to balance the need for rapid response to cyber threats with the slower pace of democratic regulatory processes

How to ensure continuity of cybersecurity policies across changing government administrations

How to effectively utilize local cybersecurity talent that is currently underemployed by governments and private sector

Suggested compromises

Shift from security/liability framework to health and safety approach for information sharing to reduce organizational resistance

Create closed, trust-based information sharing systems with tiered access levels (amber/red systems) to balance transparency with security needs

Combine voluntary industry self-regulation with targeted government regulation where public interest requires intervention

Take the best elements from both Budapest Convention and UN Cybercrime Convention rather than adopting either framework wholesale

Establish permanent cybersecurity policies that transcend political changes while allowing for adaptive implementation based on local contexts

This comment powerfully challenges the victimization narrative often present in cybersecurity discussions by emphasizing citizen agency and democratic power. It reframes citizens from passive recipients of protection to active agents of change with real power over both governments and corporations.

Impact

As the final substantive comment, this provided an empowering conclusion that tied together themes of accountability, democratic participation, and multi-stakeholder governance. It reinforced the session’s emphasis on inclusive governance while providing a call to action that elevated citizen responsibility and power.

Overall assessment

Explanation

This explores creating more effective local cybercrime legislation by combining strengths of existing international frameworks rather than adopting them wholesale

IGF Intersessional Work Session Dc

Media Hub

Lightning Talk #215 Governance in Citizen Science Technologies

Session at a glance

Summary

Karen Soacha presented her research on governance in citizen science technology, speaking from her multiple roles as a practitioner at the Institute of Marine Sciences, a team member managing a citizen observatory platform, part of a group conceptualizing pan-European research infrastructure for citizen science, and co-chair of a participatory science network connecting Latin America, the Caribbean, and the Ibero Peninsula. She focused on citizen observatories, which are platforms combining technologies, data, people, and standards that support both data collection and digital community creation in citizen science projects. Soacha emphasized that over 300 such platforms exist in Europe alone, with some like iNaturalist hosting over 253 million data points that support thousands of citizen science projects worldwide.

The core argument centered on the need for transparent governance models in citizen science platforms, as these technologies have significant agency and influence beyond being mere tools. Soacha’s research identified that platforms negotiate their roles in three key areas: ownership, sharing, and accountability of data, and can act as enablers, gatekeepers, or mediators. She presented a framework and set of principles to help platforms reflect on and openly communicate their governance approaches. Using her own MINCA citizen observatory as an example, Soacha described implementing multi-stakeholder governance involving participatory, academic, mobilizing, and facilitated communities, though she acknowledged this approach is extremely challenging in practice.

The presentation highlighted specific governance innovations including consent commons (visual icons to communicate data use terms), data citation guidelines that notify users when their data is used, and treating validated citizen science data as commons rather than individual property. Soacha concluded by calling for platforms to clearly communicate their governance models and for decision makers and funders to demand transparency in platform governance principles.

Keypoints

**Major Discussion Points:**

– **Governance transparency in citizen science platforms**: The need for citizen science technologies and platforms to openly communicate their governance models, principles, and decision-making processes to users and stakeholders, moving beyond treating these platforms as mere neutral tools.

– **Multi-stakeholder governance challenges**: The practical difficulties of implementing participatory governance models that include diverse communities (participatory, academic, mobilizing, and facilitated communities) and the ongoing struggle to make such complex governance structures functional.

– **Data ownership and commons approach**: The tension between individual data contributors’ rights and treating validated citizen science data as a commons, especially when community knowledge adds value to originally submitted data through validation and identification processes.

– **Platform agency and positionality**: Recognition that citizen science platforms themselves have agency and make decisions about data ownership, sharing, and accountability, rather than being passive infrastructure, and the need to make these roles explicit.

– **Practical implementation of governance principles**: Specific examples of translating governance principles into actionable features like consent commons (simplified terms of use), data citation guidelines, user notifications about data usage, and data sharing agreements.

**Overall Purpose:**

The discussion aims to present ongoing research on governance models for citizen science platforms, advocating for greater transparency and participatory approaches in how these platforms operate, manage data, and engage with their diverse user communities.

**Overall Tone:**

The tone is academic yet practical, with the speaker being honest about challenges and limitations. Karen Soacha maintains an earnest, research-focused approach while acknowledging the ambitious and sometimes “polemic” nature of their proposals. The tone remains consistently reflective and self-aware, particularly when discussing the gap between idealistic governance models and practical implementation challenges.

Speakers

– Karen Soacha: Works at the Institute of Marine Sciences; Manager/team member of a citizen observatory (citizen science technology platform); Part of a group of 13 organizations working on conceptualizing pan-European research infrastructure for citizen science; Co-chair of a participatory science network connecting practitioners, researchers, and communities across Latin America, the Caribbean, and the Ibero Peninsula; Originally from Colombia; Researcher and practitioner in governance of citizen science technology

Additional speakers:

No additional speakers were identified in this transcript beyond those listed in the speakers names list.

Full session report

# Comprehensive Summary: Governance in Citizen Science Technology

## Introduction and Speaker Background

Karen Soacha, originally from Colombia, delivered a comprehensive presentation on governance models in citizen science technology platforms. Speaking from her multifaceted role as a manager of a citizen observatory platform, team member of a group conceptualising pan-European research infrastructure for citizen science, and co-chair of a participatory science network connecting practitioners across Latin America, the Caribbean, and the Ibero Peninsula, Soacha brought both theoretical knowledge and practical implementation experience to her discussion of this emerging field. She works at the Institute of Marine Sciences and collaborates with a network of nine cities in Science Plateau.

## The Scale and Significance of Citizen Science Platforms

Soacha began by establishing the substantial scope of citizen science technology platforms, noting that through inventory work conducted by 13 organizations working together during 3 years to think about research infrastructure for citizen science in Europe, they identified more than 300 platforms in Europe alone. These citizen observatories—a term she uses interchangeably with “citizen science platforms”—represent combinations of technologies, data, people, and standards that support both data collection and digital community creation. The scale of their impact is exemplified by platforms like iNaturalist, which hosts over 253 million data points supporting thousands of citizen science projects worldwide. These platforms contribute significantly to environmental, biodiversity, and health research fields, making their governance structures a matter of considerable importance.

## Reframing Platform Agency and Responsibility

A central theme of Soacha’s presentation was the fundamental reconceptualisation of citizen science platforms from passive tools to active agents with their own governance models and principles. She argued that whilst researchers and citizen science projects represent one aspect of the ecosystem, the platforms themselves have evolved into entities that “have agency” and “have principles” and “have governance models.” This perspective challenges the traditional view of technology platforms as neutral infrastructure, instead positioning them as stakeholders with significant influence over how citizen science operates.

Soacha emphasised that these platforms are “mainly negotiating in three areas: ownership, sharing, and accountability.” Within each area, platforms make decisions about “how the data is appropriated, by whom, under which rule, how the data is shared by whom, and under which benefit, and who accounts for the benefit.” This framework provides a systematic approach to understanding platform governance and reveals the complex decision-making processes that occur behind seemingly simple data collection interfaces.

## Platform Roles and Governance Framework

Through her research, Soacha presented a framework for platforms to reflect on their roles in relationships with users and stakeholders. She specifically mentioned that platforms can function as gatekeepers or mediators, with these roles representing different approaches to managing the three key areas of data ownership, sharing, and accountability. The recognition of these varied roles underscores the need for platforms to be explicit about their governance approaches rather than operating under assumptions of neutrality.

## Multi-Stakeholder Governance: Theory and Practice

Soacha presented her own MINCA citizen observatory as a case study in implementing multi-stakeholder governance models. Her approach involves engaging four distinct types of communities: participatory communities (the public generating and validating data), academic communities (researchers for validation and knowledge exchange), mobilising communities (local NGOs for ground engagement), and facilitated communities (governments and other actors necessary for territorial transformation or data access). This comprehensive model aims to ensure that all stakeholders have input into platform governance decisions.

However, Soacha was notably candid about the implementation challenges, acknowledging that “it’s extremely challenging” and “very complicated to see all these actors and trying to do these demands.” She admitted that claiming such a system is fully functional would be “very ambitious” and “not” accurate. This honest assessment highlights the gap between theoretical governance models and practical implementation, suggesting that the field is still in early stages of developing workable multi-stakeholder approaches.

## Data Commons and Individual Rights

One of the most thought-provoking aspects of Soacha’s presentation concerned the treatment of validated citizen science data as commons rather than individual property. She explained this concept through a practical example: when a citizen contributor submits a photograph they cannot identify, and community members with relevant knowledge provide identification, the validated data becomes more than the original contributor’s individual submission. As Soacha put it, “the photo that you didn’t know what it is and has been identified by people with knowledge… now that have added value is by the community and not just only you.”

This approach leads to treating validated data as commons whilst still respecting individual contributor rights through recognition and notification systems. Soacha acknowledged this concept as “polemic” with “many implications” related to digital data ownership and commons theory, indicating ongoing tensions between individual rights and collective benefit in citizen science platforms.

## Practical Governance Innovations

Despite the theoretical challenges, Soacha described several practical innovations her platform has implemented to improve governance transparency and user engagement:

**Consent Commons**: Recognising that users rarely read lengthy terms of use agreements, Soacha’s team developed simplified visual communication (like Creative Commons) to communicate data use terms. As she noted, “Most of us, we know that every time that we go to a new platform and you say, do you accept the terms of use? How many of you are reading the terms of use? We don’t have time.”

**Data Citation Guidelines**: The platform implements systems to notify users when their contributed data is used for research or policy purposes, providing recognition and maintaining connection between contributors and the impact of their participation.

**Data Sharing Agreements**: These agreements explicitly communicate how validated data will be treated as commons whilst respecting individual contributor rights, representing an attempt to balance competing interests transparently.

## Field-Wide Challenges and Key Messages

Soacha positioned her work within broader challenges facing the citizen science community, sharing three main takeaways from her research. She noted that documenting governance models and principles for platforms is “fundamental” but remains in “initial steps” across the field. This represents a significant gap in understanding how different platforms operate and make decisions about data and community management.

Her recommendations focused on two primary areas. First, she called for platforms themselves to communicate their governance models and principles clearly to users and stakeholders, moving beyond assumptions of neutrality to explicit statements of their approaches to ownership, sharing, and accountability. Second, she urged decision makers and funders to require transparency in governance from citizen science platforms, suggesting that external pressure may be necessary to drive greater transparency in platform operations.

## Ongoing Research and Future Directions

Throughout her presentation, Soacha emphasised that research into citizen science platform governance remains in early stages and represents ongoing work. She described many aspects of platform agency and governance models as “not very well known within our citizen science community” and mentioned that their research findings are available as a living document in Zenodo. This positioning suggests significant opportunities for future research and development in understanding how platforms influence citizen science outcomes.

The step-by-step implementation approach Soacha advocated reflects a pragmatic recognition that comprehensive governance transformation is unrealistic, but incremental improvements in transparency and participation remain achievable goals. She acknowledged being “a little bit faster” through certain sections due to time constraints, indicating the depth of work still being explored in this area.

## Conclusion and Implications

Soacha’s presentation represents an important contribution to understanding governance challenges in citizen science technology platforms. By reframing platforms as active agents rather than passive tools, she opens new avenues for research and policy development in this emerging field. Her honest assessment of implementation challenges, combined with practical examples of governance innovations, provides a realistic foundation for future work in what she clearly positions as ongoing research in its initial steps.

The presentation highlights the tension between idealistic multi-stakeholder governance models and practical implementation constraints, whilst demonstrating that meaningful improvements in transparency and user engagement remain possible through incremental approaches. As citizen science platforms continue to grow in scale and influence, Soacha’s call for explicit governance communication and external accountability measures becomes increasingly relevant for ensuring these powerful tools serve their communities effectively and transparently.

Session transcript

Karen Soacha: Hi! Thank you so much for attending this session. So, let’s start. Let’s see if some people are motivated by the topic. I hope so. I hope so. Also, someone is online. And thank you also for joining that. Okay, my talk is going to be about governance in citizen science technology. And as I said, it’s an ongoing journey. It’s part of our research. And also, I am here as a practitioner and as a researcher on the topic. My name is Karen Soacha. I work in the Institute of Marine Sciences. But, I am like holding different t-shirts today and for me it’s important sharing why. My first t-shirt is I work in a citizen observatory. It means in a citizen science technology itself. Part of the team managing and supporting this platform. And I will go later a little bit about what does it mean. I am also part of the group of organization that is right now working on conceptualizing the pan-European research infrastructure for citizen science. We are a group of 13 organizations working together during 3 years to think what could be the research infrastructure for citizen science in Europe. And my last t-shirt, but not least, is I am the co-chair of a participatory science network that is focused on connecting practitioners, researchers, and communities across Latin America, the Caribbean, and the Ibero Peninsula. I am originally from Colombia. Then those are like the 3 t-shirts that I am connecting right now in my talk and from where this research that I am sharing with you today is coming from. So, those are 3 messages that I will try to explain throughout my research. And those are like among the 3 takeaways that I want to share with you today. Is that the governance of citizen technologies, especially participatory platforms as we call, must be transparent. I think that I have been listening to this message since yesterday and today, especially in the plenary talk. Citizen observatories play a critical role in contribution of data, especially in the fields of environmental, biodiversity, health. And that need implies to have governance models that respond to this participatory nature. And third, documenting the governance models and also the principles that those platforms are having are fundamental, but the truth is we are still ongoing. It’s a task still under development and you will see today that we are like an initial steps in that regard within the field. Then first, let’s start with what is a citizen observatory? Is someone familiar with this term here? No? No one? Okay. I will be using during my talk the term citizen observatory or citizen science platform, like in the same way, that’s why I want to clarify at the beginning. When I say citizen science platform, all those technologies, web or mobiles or other kind of technologies including like a do-it-yourself devices that support the collection of data, the creating of community in citizen science. But every time that I talk, familiar with the term citizen science? Okay, one person. But just very quickly, when we talk about citizen science, it’s the active engagement of public in the creation of science that can be from designing research question to publishing the results. All within collecting the data, validating the data. The most common approach that we know in citizen science is people actively contributing with data, but people also can contribute in any point of the research. Then those platforms that we talk here is those supporting this process of citizen science. And there are many kind of platforms out there. Just in Europe, we are working on an inventory and we can identify more than 300 platforms. Out there, supporting citizen science. We are focusing nowadays in one very specific, that is citizen observatories. The term that we are using is because we call citizen observatories in this context the combination of technologies, data, people, standards that support data collection but also very important for us, the creation of the digital community behind that. Those platforms allow engagement in participatory science. And we also within the community try to point out that citizen observatory is the mix of the social and technical component that we cannot talk of this platform as a merely infrastructural software or hardware devices. When we talk about citizen observatory, we talk about this nice combination of the people, the standard, the processes, the knowledge that is exchanged as well as the software, the hardware and all other infrastructure all this makes. So, I will go a little bit faster in this point, but I just want to point out why it’s important and we will consider talking about governance in citizen observatories as important and the role that CEOs is providing to the benefit of society. Citizen observatory right now as facilitators, they support right now billions of data among the world that is open and accessible for using in research and in decision making. This information is allowing us to take better decisions and especially timely because society and especially public have the capacity to collect data in a time that many other actors don’t have. That’s why scientists and especially in this case I’m talking with a teacher also as a researcher, we don’t have, we need to work with the society to have this data at that time. And to respond to challenges that right now is asking for us to be faster. Biodiversity laws, climate change and many others. This is just a very short image, but I think it’s very clear. One of the most well-known citizen observatories across the world, that is a naturalist, I don’t know if anyone here uses it, that nowadays has available more than 253 millions of data. And this is just one of the platforms across the world, maybe most well-known with the most amount of data, but there are many others out there that are benefiting with many data across the world. So with this context that I was just trying to say why it’s important, those platforms, is why are we working on governance and ethics. And here I am trying to talk from two voices. One, talking as a manager or part of the team manager, one of the citizen observatories that is called MINCA, but also as a researcher that tries to contribute to the field that is important to talk about these topics for us. I think that these initial sentences in this context are more than, it’s not necessarily to go deep on that, but what we are trying to make a call right now is, in our field we used to believe that the platforms are a tool still. In citizen science we used to believe that the people doing citizen science, the researchers are the ones having all the agency. But the truth is, one is the people doing the research and the citizen science project, and other things are the platforms out there supporting the data collection. And those platforms themselves nowadays provide open services for hundreds of projects. Just iNaturalist is supporting the collection of data for more than, let me just go back for a moment. Oh, the data is not here. But it’s thousands of projects. Thousands of projects. Thousands of citizen science projects are putting their data there. Then, what we want to call in the community or make a call in the community is, those platforms have agency. Those platforms have principles, those platforms have governance models. And it’s a topic that still is not very well known within our group or within our citizen science community. And our reflection is, should we be open about these governance models and about these principles behind these platforms, that even if they are open and free, are holding the data of many citizen science projects behind. And then is when our research starts. And now I’m going to be a little bit faster in this point. And it’s those platforms’ positionality, and we have been doing research about the positionality of these platforms. And essentially what we identified is, those platforms are mainly negotiating in three areas, that is ownership, sharing, and accountability. And in each of these areas, it means how the data is appropriated, by whom, under which rule, how the data is shared by whom, and under which benefit, and who accounts for the benefit. Each platform can take different roles. Some platforms can act as an enabler, And I will give some examples in our own case, with our own platform, how are we acting in different ways in this. Then we put out there an initial proposal of a framework to invite the citizen science platform to reflect about their roles. What are they doing related to the data that they are managing? Are they acting of a gatekeeper? Are they just keeping the data for certain kind of users, protecting under certain kind of arguments? Or are they opposite? They are acting as a mediator between the users of the data and other stakeholders. There are different roles that we are inviting with this tool to the platforms to openly display these roles. As well as we are proposing the framework, we are working in a set of principles that as a platform we are also reflecting and trying to share with other platforms. I will not go deep on this, but I will share with you some examples of how we are transforming these principles in actions within our platform. This is an open document and living document that is already available in Zenodo and that we are taking in different spaces for feedback and working with other users, managers, stakeholders. So related to these principles, what we are trying to share also is what is the background of these principles. Those are coming from different initiatives, some of them in Colombia, some of them here in Europe, like our network of nine cities in Science Plateau that we were testing and we were working then to understand the governance dynamics that they have and how they have been building this model of governance and how they have been building this in certain way these principles. But what I want to go deeper here and let a little bit of time for the Q&A session is essentially our contribution right now is the framework as a tool for reflecting by the platform which role, the principles that I already shared with you, and how are we putting this in practice is with the MINCA governance models, the MINCA citizen observatory and through standards, protocols and data sharing agreement that we are implementing within the platform. The first is the MINCA governance models, that is, I will share with you, is one of the most challenging, I have heard during these two days the multi-stakeholder model for governance is the most important one, but in fact implementing this even in a citizen science platform has been extremely challenging for us, I will share that with you. The consent commons, the data citation and the data sharing agreements. So related to our governance model, we are a group of 15 people managing this citizen science technology that in practical terms is a web and an app and all these people behind working on principles, curation of data, ethics, communication, policy, but this is just a small group putting in practice something bigger, that is the communities that are really important for us. We call this like a four type of community. We call it participatory community, that is essentially the public and the people out there generating data and validating that. The academic community, usually we have alliances with researchers and other kind of universities to really engage on validation and exchange of knowledge with the participant. We call, sorry, mobilizing community. The mobilizing community are usually the local NGOs that we need on the ground to really engage people. We are not like as a platform going there to the people, use the platform. Usually we provide or we invite the people that is on the ground, social organizations, conservationists to engage, this is what we call mobilizing. And facilitated community is what we call governments and other kind of actors that are necessary to do any kind of transformation in the territory or even have the access to collect some data. Then for our governance model, all of these actors are necessary to sit and to try to consulate to take over decision of the platform and reflect their needs and their expectation in terms of settings, functionalities, protocols, and process. This is our expectation, in fact, it’s extremely challenging, it’s extremely challenging. We create this that is nice, always like kind of drawing to say, okay, we are going to have a panel by the different actors, we are going to have notes by regional areas, we will have an executive board, we will have a coordination team. There are many lessons learned behind this because it’s, in truth, saying that this is functional is very ambitious, it’s not. It’s very complicated to see all these actors and trying to do these demands. But what we are doing, trying to implement step by step. One implementation that we have done is something called consent commons, for instance. One is how to make transparent the agreements or the terms of use behind the platform. Most of us, we know that every time that we go to a new platform and you say, do you serve the terms of use? How many of you are reading the terms of use? We don’t have time. This is going to be our life. This is an initiative like creative commons that through an icon try to communicate very easy to the participant who is managing to the data, if there is transfer to the personal data for other purposes beyond the platform. I know it’s pretty ambitious right now, but we implemented with the expectation that in the future could work, that many people would easily recognize these icons and instead of reading a terms of use of 15 pages, is going to understand that this implies, for instance, that one important for us is there is no transfer of data outside of the platform, personal data. It’s important for us to communicate. We have this icon saying to the user, but it’s part of our commitment, but it’s still ongoing. Also, we are working on the recognition of the data produced by the users. And one of these is we create citation guidelines. We are working in a process where the people receive a notification of who is using their data. It means if you produce a data, then if someone was using for a research article, for a policy, or for any other purpose, you receive daily in your email a notification of who owned and where purchased. We are working on that, and it’s part of the benefit of taking back to the user. And maybe one last but a little bit, I can say, polemic in some point of view is the idea of the data as a commons. Citizen science data rely a lot on the validation of the data by the community. Even if you produce a photo of right now a plant that you don’t know, you log to the platform, there are many people there saying, this is what you are seeing is this. Then we started to have the conversation. Now the photo that you didn’t know what it is and has been identified by people with knowledge on that is only your photo, and now that have added value is by the community and not just only you. That’s why we create that data sharing agreement, and it’s part that we are saying to our community, we respect your rights, but once the data is in our platform and it’s validated, it’s started to think of data as a commons. And this has many implications, but also we think it’s part of the discussion nowadays about this digital safe data and what is a data as a commons. What tensions are we facing? Many human procedural technology. I have been talking about that throughout my days, and I want to keep with my two minutes for the questions, sorry because I was taking longer. And actions that we are invited to take is last platforms. We need to communicate clearly our governance models and principles. People need to understand and decision makers and funders need to ask for that by the platforms. And it’s necessary to engage and keep growing in this field to really, because citizen science, and even if it’s bringing a lot of data for many, we are not really working, there is not a lot of development in terms of governance and principles. Thank you so much.

Karen Soacha

Speech speed

166 words per minute

Speech length

Data governance | Digital business models

Continued development in governance and principles is necessary for the citizen science field

Explanation

Karen concludes that the citizen science field needs ongoing development in governance and principles. Despite the valuable data contributions from citizen science, she argues there hasn’t been sufficient development in governance frameworks and ethical principles.

Evidence

She states that ‘citizen science, and even if it’s bringing a lot of data for many, we are not really working, there is not a lot of development in terms of governance and principles.’

Major discussion point

Future Actions and Recommendations

Topics

Data governance | Capacity development

Agreements

Agreement points

Similar viewpoints

Unexpected consensus

Overall assessment

Summary

This transcript contains a presentation by a single speaker (Karen Soacha) discussing governance in citizen science technology. There are no multiple speakers present to form agreements or consensus points.

Consensus level

Not applicable – single speaker presentation format with no multi-party discussion or debate to assess consensus levels.

Differences

Different viewpoints

Unexpected differences

Overall assessment

Summary

This transcript represents a single-speaker presentation by Karen Soacha about governance in citizen science technology. There are no disagreements present as this is not a multi-speaker discussion or debate. Karen presents her research findings and recommendations without opposition or alternative viewpoints from other speakers.

Disagreement level

No disagreement level applicable – this is a monologue presentation rather than a discussion with multiple perspectives. The speaker does acknowledge internal tensions and challenges within her own work (such as the difficulty of implementing multi-stakeholder governance models), but these represent practical implementation challenges rather than disagreements between different speakers or stakeholders.

Partial agreements

Similar viewpoints

Takeaways

Key takeaways

Governance of citizen science technologies must be transparent and responsive to their participatory nature

Citizen science platforms have agency and influence beyond being mere tools – they affect thousands of projects and hold significant amounts of data

Platforms negotiate data relationships through three key areas: ownership, sharing, and accountability

Multi-stakeholder governance models are theoretically important but extremely challenging to implement in practice

Data validated by community knowledge should be considered as commons rather than individual property

There are over 300 citizen science platforms in Europe alone, with some like iNaturalist holding over 253 million data points

The field of citizen science governance and principles is still in early development stages

Resolutions and action items

Platforms need to communicate their governance models and principles clearly to users and stakeholders

Decision makers and funders should require transparency in governance from citizen science platforms

Continued development and research in governance and principles is necessary for the citizen science field

Step-by-step implementation of governance models rather than attempting full transformation at once

Implementation of consent commons, data citation guidelines, and data sharing agreements as practical governance tools

Unresolved issues

How to effectively implement multi-stakeholder governance models in practice remains extremely challenging

The tension between individual data ownership rights and community-validated data as commons needs further resolution

How to ensure users actually understand simplified terms of use icons and consent mechanisms

How to balance platform agency with user rights and community needs

The broader question of digital data ownership and what constitutes data as commons in citizen science contexts

Suggested compromises

Using simplified icons (similar to Creative Commons) to communicate terms of use instead of lengthy legal documents

Implementing gradual, step-by-step governance changes rather than attempting comprehensive transformation

This moment of honest vulnerability about implementation challenges is particularly insightful because it acknowledges the gap between idealistic governance models and practical reality. Rather than presenting a success story, Soacha admits the difficulties, which adds credibility and realism to the discussion.

Impact

This admission shifts the tone from prescriptive to exploratory, acknowledging that multi-stakeholder governance in citizen science platforms remains an ongoing challenge rather than a solved problem. It invites further research and collaboration rather than presenting final solutions.

Overall assessment

Speakers

Knowledge graph

In-depth analysis

Session at a glance

Summary

This discussion focused on bridging the digital divide through language inclusion as a fundamental pillar of digital rights and internet governance. The panel, moderated by Ram Mohan and featuring experts from organizations like ICANN, Unicode Consortium, and various domain registries, explored how linguistic diversity remains an overlooked barrier to digital inclusion despite global efforts to expand internet access. With over 7,000 languages spoken worldwide, the dominance of a few major languages online prevents billions of users from fully participating in digital spaces.

Panelists highlighted numerous challenges, including limited multilingual content availability, poor machine translations, cultural irrelevance in literal translations, and bias in AI systems toward dominant languages. They emphasized that these barriers create a vicious cycle where younger generations lose fluency in ancestral languages, further weakening the user base for language inclusivity efforts. The discussion revealed that while technical solutions like Unicode character encoding and internationalized domain names exist, the primary obstacles are awareness, implementation, and adoption rather than technological limitations.

A central theme emerged around the need for a fundamental paradigm shift from “English first” to “multilingual by design” approaches. Speakers stressed that language accessibility should be treated as a core component of digital infrastructure rather than an afterthought or localization add-on. They advocated for universal acceptance by design, where technology serves languages rather than forcing languages to adapt to technology.

The panel discussed various practical solutions, including government incentives, educational initiatives, procurement requirements that prioritize multilingual support, and public-private partnerships. They highlighted successful examples like hackathons teaching students to build bilingual websites and community grants supporting indigenous language preservation. The discussion concluded with calls for stronger multi-stakeholder collaboration through initiatives like the Coalition on Digital Impact (CODI) to coordinate efforts and accelerate progress toward a truly multilingual internet that ensures meaningful connectivity for all users.

Keypoints

## Major Discussion Points:

– **Language barriers as a fundamental obstacle to digital inclusion**: Despite global efforts to expand internet access, linguistic diversity remains an overlooked barrier, with over 7,000 languages worldwide but only a few dominant languages represented online, preventing billions from fully participating in digital spaces.

– **The need for a paradigm shift from “English-first” to “multilingual-by-design”**: Panelists emphasized moving away from treating multilingual support as an afterthought or localization add-on, instead making it a foundational element of digital infrastructure from the beginning of development processes.

– **Technical solutions and standards already exist but lack widespread implementation**: The underlying technology for multilingual internet experiences (Unicode, internationalized domain names, universal acceptance) has been largely developed, but the challenge lies in awareness, adoption, and overcoming inertia in existing systems.

– **Multi-stakeholder collaboration is essential for progress**: Success requires coordinated efforts across governments (through policy and incentives), private sector (through inclusive design practices), civil society organizations, educational institutions, and language communities themselves.

– **Cultural preservation and economic opportunities**: Multilingual internet access is crucial not only for preserving endangered languages and cultural heritage but also for enabling meaningful economic participation and safer online experiences for non-English speaking populations.

## Overall Purpose:

The discussion aimed to explore how language accessibility can be integrated into internet governance and digital rights frameworks, examining both the challenges preventing linguistic inclusion online and practical solutions for creating universal access and acceptance across all languages.

## Overall Tone:

The discussion maintained a consistently collaborative and solution-oriented tone throughout. While panelists acknowledged significant challenges and barriers, the conversation remained optimistic and forward-looking, with participants sharing concrete examples of successful initiatives and practical next steps. The tone was professional yet passionate, reflecting the speakers’ deep commitment to digital inclusion. The discussion concluded on an encouraging note with calls to action and invitations for broader participation in addressing these challenges collectively.

Speakers

**Speakers from the provided list:**

– **Ram Mohan** – Chief Strategy Officer of Identity Digital (domain name registry company), Chair of the Coalition on Digital Impact (CODI)

– **Christian Daswon** – Executive Director of the Internet Infrastructure Coalition, Co-founder and co-facilitator of CODI, Online moderator for the session

– **Theresa Swinehart** – ICANN representative, oversees policy implementation, DNS abuse programs, Universal Acceptance and internationalized domain names work

– **Toral Cowieson** – CEO of the Unicode Consortium (nonprofit, open source, open standards body focused on ensuring communication in all languages on all devices)

– **Jennifer Chung** – Vice President of Policy for DotAsia Organization (DotAsia top-level domain registry operator)

– **Sophie Mitchell** – Chief Communications Officer at DOTAU (Registry Operator for Australia)

– **Manal Ismail** – National Telecom and Regulatory Authority of Egypt, European Sector member working on internationalized domain names and universal acceptance

– **Audience** – Multiple audience members who asked questions during the session

**Additional speakers:**

– **Mohammed Abdul Haq Onu** – Secretary General of Bangladesh Internet Governance Forum

– **Gabriel** – Audience member who asked about website implementation challenges

– **Elisabeth Carrera** – Wikimedia Norway representative

– **Roberto Gaetano** – Individual user representative who commented on multilingualism improvements

Full session report

# Comprehensive Discussion Report: Bridging the Digital Divide Through Language Inclusion

## Executive Summary

This comprehensive discussion examined language inclusion as a fundamental pillar of digital rights and internet governance, bringing together experts from organizations including ICANN, Unicode Consortium, and various domain registries. The panel, moderated by Ram Mohan (Chief Strategy Officer of Identity Digital and Chair of the Coalition on Digital Impact) and Christian Daswon (Executive Director of the Internet Infrastructure Coalition), explored how linguistic diversity remains a critical yet overlooked barrier to meaningful digital participation despite global efforts to expand internet access.

Ram Mohan opened by highlighting that while over 7,000 languages are spoken worldwide, only a handful dominate online spaces, preventing billions of users from fully participating in digital environments. Panelists emphasized that this creates not merely inconvenience but genuine safety risks, economic exclusion, and cultural erosion. The conversation maintained a consistently collaborative and solution-oriented tone throughout, with participants sharing concrete examples of successful initiatives while acknowledging significant systemic challenges that require coordinated multi-stakeholder responses.

## Key Participants and Their Perspectives

The discussion featured diverse expertise across technical standards, policy implementation, and regional perspectives. **Theresa Swinehart** from ICANN provided insights into policy implementation and DNS abuse programs, emphasizing that no single organization can solve multilingual internet challenges alone. **Toral Cowieson**, CEO of the Unicode Consortium, offered technical perspectives on character encoding while acknowledging limitations in supporting oral-only languages. **Jennifer Chung** from DotAsia Organisation consistently advocated for paradigm shifts from “English first” to “multilingual first” thinking, while **Sophie Mitchell** from DOTAU shared Australia’s experiences with Indigenous language preservation. **Manal Ismail** from Egypt’s National Telecom Regulatory Authority contributed policy and regulatory perspectives, particularly around government incentives and procurement approaches.

Audience participation enriched the discussion significantly, with **Mohammed Abdul Haq Onu** from Bangladesh highlighting Universal Acceptance challenges despite 250 million Bangla speakers and three years of Universal Acceptance Day events at the Bangladesh Internet Governance Forum focusing on Bangla language. **Elisabeth Carrera** from Wikimedia Norway shared optimistic news about AI systems learning minority languages, noting that Northern Sami Wikipedia sees “88% bot/AI traffic vs 12% human traffic, with AI desperately trying to learn the language.” **Roberto Gaetano** provided a particularly thought-provoking critique of the community’s own practices, using an Animal Farm metaphor to highlight how even multilingual advocates often default to English-dominant behaviors.

## Fundamental Barriers to Digital Linguistic Inclusion

### The Scale of Exclusion

The discussion established that linguistic barriers represent a massive yet underappreciated form of digital exclusion. This exclusion extends beyond basic access to what Sophie Mitchell termed “meaningful connectivity” – the ability to use the internet for essential services like healthcare, education, and government services rather than merely basic functions like social media.

Jennifer Chung introduced a critical safety dimension through a personal example about her elderly father and healthcare appointments, explaining that language barriers create cybersecurity vulnerabilities as people cannot identify suspicious content or phishing attempts in unfamiliar languages. This reframing elevated the discussion from convenience to safety, demonstrating how linguistic exclusion creates tangible harm.

### Technical Infrastructure Challenges

Toral Cowieson provided crucial insights into the invisible infrastructure of digital privilege, explaining that “for those of us in majority languages there are many things that we can take for granted. So for example, can I exchange currency, date and time format, time zone adjustments, usage of numerical symbols or decimals and commas separators used appropriately.” This comment grounded the discussion in concrete, granular examples of digital exclusion that most people never consider.

The technical challenges extend beyond basic character encoding. Theresa Swinehart highlighted Universal Acceptance issues that prevent proper functionality of internationalized domain names across applications and systems. She provided a simplified definition: “the resolvability of one’s experience with one’s address or with one’s website or with one’s domain name and for that to interface through the different applications.”

An audience member (Gabriel) raised practical implementation barriers, noting that font rendering and screen reader accessibility remain obstacles for website creators wanting to implement their native languages, even when they have the motivation to do so. Toral mentioned the issue of “Tofus” – little squares that appear when characters don’t render properly – illustrating ongoing technical challenges.

### Cultural and Generational Impact

The discussion revealed how digital linguistic exclusion creates vicious cycles of cultural erosion. Jennifer Chung presented a stark statistic: “90% of the world’s languages might become extinct at the end of this century. That’s like, that is a big loss, not in terms of how we communicate, but really, it’s human culture.” This reframed the entire discussion from a technical accessibility issue to a cultural preservation crisis.

Sophie Mitchell provided specific context from Australia, where the population includes 8.5 million people born overseas out of 28 million total, and “about half of its 250 Indigenous language groups” have been lost due to colonization, with many remaining languages endangered and originally oral rather than written. Manal Ismail explained how limited multilingual content availability and poor machine translations create cycles where younger generations lose fluency in ancestral languages, further weakening the user base for language inclusivity efforts.

## The Paradigm Shift: From English-First to Multilingual-by-Design

Jennifer Chung introduced what became the central theme of the discussion: “The one thing that will accelerate it the most is actually a paradigm shift to thinking about looking at it as multilingual first as opposed to English first. To look at it by, you know, multilingual by design, universal acceptance, UA by design.” This concept was immediately adopted and referenced by multiple other panelists throughout the remainder of the discussion.

Manal Ismail provided an equally powerful articulation of the required change: “So instead of making languages change technology, we need to start making technology serve languages.” This phrase captured the power dynamic at the heart of the digital divide, showing how current systems force linguistic communities to adapt to technology rather than technology adapting to serve diverse communities.

The speakers demonstrated strong consensus that language inclusion must be treated as foundational digital infrastructure rather than an afterthought. This represents a fundamental shift from treating multilingual support as a localization add-on to making it a core design principle from the beginning.

## Technical Solutions and Implementation Challenges

### Existing Infrastructure and Capabilities

The discussion revealed that many technical foundations for multilingual internet experiences already exist but suffer from implementation and adoption challenges. Toral Cowieson explained that Unicode encoding has addressed core technical limitations, but challenges remain in engaging language communities and ensuring full user experience. He provided a specific example of how the spaceship emoji renders differently in various tools, noting that Canva works correctly because “Unicode was in its technical stack.”

Theresa Swinehart outlined ICANN’s support for internationalized domain names and Universal Acceptance through technical standards, education programs, and partnerships with universities. She highlighted a successful hackathon in Bahrain with 60 students creating bilingual Arabic-English websites. However, she emphasized that the primary obstacles are awareness, implementation, and adoption rather than technological limitations.

### Gaps in Current Approaches

Despite technical progress, significant gaps remain in supporting the full spectrum of linguistic diversity. Toral Cowieson acknowledged that the Unicode Consortium focuses on written languages, stating: “that is not something that the Unicode Consortium is addressing at this point because of the work still to be done with the written scripts.” This creates a fundamental limitation for many Indigenous and minority languages that were traditionally oral.

Elisabeth Carrera from Wikimedia Norway highlighted the need for quality text and data to be available under open licenses, noting that AI systems need access to quality multilingual data, but much existing content in minority languages isn’t available under open licenses for training purposes. Christian Daswon referenced the Creative Commons CC Signals program as addressing some LLM scraping concerns.

## Policy and Governance Approaches

### Government Incentives and Regulatory Frameworks

The speakers demonstrated strong agreement on the potential for government policy to drive multilingual adoption, though they emphasized different mechanisms. Manal Ismail advocated for comprehensive regulatory approaches, suggesting that governments should integrate multilingual support into digital accessibility laws, procurement requirements, and national digital transformation strategies. She proposed both incentive-based approaches like tax breaks and grants, and regulatory mandates making language support prerequisites for government contracts.

Jennifer Chung focused on de-incentivizing non-compliance through procurement processes and requiring Universal Acceptance readiness reporting in tenders. This approach uses market mechanisms rather than direct regulation to encourage adoption. Theresa Swinehart preferred soft enforcement mechanisms including education system requirements, government agency leadership by example, and procurement policy preferences.

### Leading by Example

A recurring theme was the importance of government agencies and educational institutions demonstrating multilingual technologies in their own operations. Theresa Swinehart emphasized that leading by example through government agencies using multilingual technologies creates both awareness and market demand. This approach avoids regulatory mandates while creating practical demonstrations of feasibility and benefits.

The discussion also highlighted the role of educational integration through university modules, hackathons, and curriculum development to create awareness among the next generation. This educational approach addresses both technical capacity building and cultural change needed to support multilingual internet development.

## Multi-Stakeholder Collaboration and Coordination

### The Essential Role of Partnership

There was unanimous agreement among speakers that the complexity of creating a multilingual internet requires coordinated efforts across multiple stakeholder groups. Theresa Swinehart stated definitively that “no single organization can solve multilingual internet challenges alone; success requires coordinated multi-stakeholder approach.” Toral Cowieson reinforced this by noting “we can only be successful together.”

Christian Daswon introduced the Coalition on Digital Impact (CODI) as a coordinating mechanism, explaining that it “aims to bring together diverse stakeholders and coordinate existing efforts rather than duplicate work.” This approach recognizes that numerous organizations are already working on various aspects of multilingual internet development, but coordination and communication need improvement.

### Clarifying Roles and Responsibilities

Toral Cowieson highlighted that strengthening existing cross-stakeholder work requires clarity on roles and responsibilities, better communication, and accountability measures. The discussion revealed that while many organizations have relevant expertise and programs, language communities often lack clear pathways to engage and contribute to solutions.

The speakers agreed on working simultaneously on supply and demand sides – creating user awareness while building technical capabilities. This dual approach recognizes that lack of demand reduces supply incentives and vice versa, requiring coordinated efforts to break the cycle.

## Economic and Social Benefits

### Business Case for Multilingual Internet

The discussion revealed strong consensus on the business case for multilingual internet access. Theresa Swinehart explained that multilingual internet access creates economic opportunities by connecting businesses with previously unreachable consumer populations. Sophie Mitchell noted that capacity building and digital skills training in native languages increases economic participation and civic engagement.

However, Christian Daswon identified a critical gap in available data, asking “How can we gather data that shows if people build tools for language inclusion at the last mile, recipients will use the Internet more?” He explained that while the benefits seem obvious, hard data is needed to convince businesses to commit time and resources to language inclusion tools.

### Social and Cultural Value

Beyond economic benefits, speakers emphasized the social value of multilingual internet access. Sophie Mitchell highlighted how digital inclusion enables access to essential services like healthcare, education, and government services in users’ native languages. Jennifer Chung positioned language preservation as maintaining cultural identity and human heritage while enabling meaningful digital participation.

The discussion also revealed how multilingual internet access contributes to civic engagement and democratic participation. When people can access government services, educational resources, and civic information in their native languages, they become more engaged citizens and participants in democratic processes.

## Artificial Intelligence: Opportunity and Opportunity

### AI’s Positive Potential

Elisabeth Carrera from Wikimedia Norway provided optimistic news about AI’s role in minority language development, saying “I just thought I’d add a little bit of optimism” before sharing that Northern Sami Wikipedia sees significant AI traffic with systems “desperately trying to learn Northern Sami.” She framed this as hopeful: “So I think there’s hope.”

Sophie Mitchell explored the potential of AI translation technology, asking thoughtful questions about “whether technology will help solve it” while acknowledging both opportunities and challenges in AI-assisted multilingual internet development.

### Data Inequality Concerns

Christian Daswon framed AI challenges in terms of data inequality, noting that “in the era of advancing AI, when people are using the internet directly with LLMs. There are these data-rich languages and many, many, many data-poor languages.” This creates new forms of digital divide where AI systems amplify advantages for languages with abundant training data while marginalizing those without.

The discussion highlighted the need for quality text and data to be available under open licenses for AI training, but also recognized language communities’ concerns about giving up ownership rights. This tension between open data needs and community control represents an ongoing challenge requiring careful balance.

## Practical Implementation Strategies

### Individual and Organizational Actions

The discussion concluded with concrete action items for participants. Theresa Swinehart suggested that individuals can contribute through personal networks and professional connections to raise awareness and create opportunities. Each participant was encouraged to contact two people in their networks to raise awareness about multilingual internet opportunities.

Organizations were encouraged to integrate language awareness into existing educational curricula and professional programs rather than creating entirely new initiatives. This approach builds on existing infrastructure while expanding scope to include linguistic inclusion considerations.

### Systemic Changes Required

Beyond individual actions, speakers identified systemic changes needed across multiple sectors. Government agencies and organizations were urged to lead by example by implementing multilingual technologies in their own operations. Stakeholders were encouraged to treat language inclusion as a requirement in procurement processes and tender evaluations.

The discussion emphasized working with existing successful initiatives rather than starting new competing programs. Toral Cowieson noted the importance of “connecting existing successful initiatives rather than starting new programs, and making it easier for language communities to participate.”

## Unresolved Challenges and Future Directions

### Technical and Implementation Gaps

Several significant challenges remain unresolved. The question of how to effectively support oral-only languages that lack written representation in digital systems represents a fundamental gap that current technical approaches cannot address. Font rendering and accessibility tool limitations continue to prevent website creators from implementing native languages, even when they have the motivation to do so.

### Data and Evidence Needs

Christian Daswon identified critical data gaps that prevent effective business cases for multilingual internet investment. He emphasized the need to gather evidence showing that language inclusion tools increase internet usage. Without this evidence, convincing businesses to invest in language inclusion tools remains challenging.

The discussion also revealed the need for better data collection from last-mile connectivity providers to understand what tools and support they need for language inclusion. This direct feedback from practitioners could inform more effective solution development.

### Cultural and Behavioral Change

Roberto Gaetano provided perhaps the most challenging critique, using an Animal Farm metaphor to highlight how even multilingual advocates often default to English-dominant behaviors: “We behave in a way that I would call the syndrome of animal farm, in the sense that we all say, okay, all languages are equal, but then in practice we behave as if we have one language that is more equal than the others.” He noted this in the context of interpretation services and panel behavior.

This comment challenged the audience to examine their own practices, not just advocate for policy changes, highlighting the need for cultural change within the very communities promoting linguistic inclusion.

## Conclusions and Path Forward

The discussion demonstrated remarkable consensus among diverse stakeholders on both the urgency of addressing linguistic barriers to digital inclusion and the fundamental approaches needed. Jennifer Chung concluded by emphasizing: “It’s absolutely a language justice movement. And again, repeating multilingual first and UA by design.”

The Coalition on Digital Impact (CODI) emerged as a concrete mechanism for ongoing coordination, with Christian Daswon inviting continued engagement through CODI postcards and the call to action. The commitment to survey last-mile connectivity providers and gather evidence of language inclusion benefits represents practical next steps toward building stronger business cases for investment.

However, Ram Mohan raised a closing concern about AI potentially leading to “one language to rule them all,” highlighting ongoing challenges in the AI era. The discussion revealed the depth of systemic change required, moving from “English first” to “multilingual by design” thinking requires not just technical solutions but fundamental shifts in how digital systems are conceived, developed, and implemented.

The path forward requires sustained multi-stakeholder collaboration, with clear roles and responsibilities, adequate funding for both technical development and community engagement, and ongoing commitment to treating language inclusion as foundational digital infrastructure rather than optional enhancement. The discussion provided both the conceptual framework and practical starting points for this essential work, while acknowledging the significant challenges that remain in creating a truly multilingual internet that serves all of humanity’s linguistic diversity. The reference to UNESCO’s International Decade of Indigenous Languages provides additional context for the urgency of this work.

Session transcript

Ram Mohan: Good morning and good day. My name is Ram Mohan and welcome to the session Bridging the Digital Divide, Language Inclusion as a Pillar. Despite global efforts to expand Internet access, linguistic diversity remains an overlooked barrier to digital inclusion. With over 7,000 languages spoken worldwide, the dominance of a few major languages that are online prevents billions of users from fully participating in digital spaces. Today’s workshop will explore how language accessibility can be integrated into Internet governance as well as digital rights frameworks and what connectivity strategies can ensure universal access and universal acceptance. What we have here is a panel of experts and leaders who’ve been working in the multilingual domain name and multilingual space and we will have both a bit of a policy discussion as well as a conversation about actual use cases that demonstrate both the need as well as the ability to solve. for the actual problems of digital inclusion. So let me begin first with some introductions. Let me start with myself. My name is Ram Mohan. I am the Chief Strategy Officer of Identity Digital, but which is a domain name registry company. But I’m here in addition to that as the chair of an exciting and newly formed group, the Coalition on Digital Impact or CODI in short. And we’re really pleased to be here and we invite you to become a part of CODI by going to codi.global. Let me turn to my online moderator, Christian, ask him to introduce himself and then carry on from there.

Christian Daswon: Happy to do so. I am the online moderator for today. My name is Christian Dawson. I’m Executive Director of the Internet Infrastructure Coalition. We’re a tech trade association. We have been working for over a decade on issues involving universal acceptance. And I’m proud to be a co-founder and co-facilitator of the CODI effort that we’ll talk a little bit about today.

Ram Mohan: Theresa.

Theresa Swinehart: Yes. Ah, ah. There we go. This is a press the button one. Okay, fantastic. Let me try that again. Theresa Swinehart, I’m with ICANN. I oversee our work with regards to policy implementation and various other aspects on DNS abuse and some of the programs that we have that are across collaboration with the community and the board as well. In one area in particular here is our work on not only the next round of top level domains which will afford opportunities. but also Universal Acceptance and our work around internationalized domain names. So very excited to be here and to look forward to the discussion.

Ram Mohan: Thank you. Thank you so much. Let me turn to you, Toral.

Toral Cowieson: Great. Good morning. Good afternoon. Good evening, everyone. Thank you, Ram and Cody, for this invitation. I’m Toral Cowieson. I’m the CEO of the Unicode Consortium. Unicode is a nonprofit, open source, open standards body whose mission is to ensure that everyone can communicate on all devices in their own languages. Digital inclusion starts with Unicode, starts with the work of Unicode, which includes character encoding.

Jennifer Chung: Thank you, Ram and Cody, for the invitation. My name is Jennifer Chung. I’m Vice President of Policy for DotAsia Organization. We are the DotAsia top-level domain registry operator. In terms of internationalized domain names, we have done quite a lot of work and, of course, we support Universal Acceptance and looking forward to the discussion. Back to you, Ram.

Ram Mohan: Thank you so much. Sophie, let me come to you.

Sophie Mitchell: Thanks very much, Ram. Hi, everyone. I’m really pleased to join you from here in Australia. I’m Sophie Mitchell. I’m the Chief Communications Officer at the DOTAU, so the Registry Operator for Australia. And yeah, OUTER is really committed to enhancing digital inclusion and improving the utility of the internet or the DOTAU for the benefit of all Australians. We do quite a bit of work in this space through our public benefit and grants program, which we may touch on in the course of this evening. So, thanks, Ram. Back to you.

Ram Mohan: Thank you so much. And Manal.

Manal Ismail: Thank you, Ram. Hello, everyone. My name is Manal Ismail. I’m with the National Telecom and Regulatory Authority of Egypt and I’ve been a member of the European Sector for some 5 years. working on introduction of internationalized domain names and universal acceptance efforts and now progressing multilingual internet experiences for quite a number of years now and I look forward to our discussion today. Thank you Ram, back to you.

Ram Mohan: Thank you Manal, so we are looking to have a discussion here in a couple of parts but the first part I thought that might be useful to illustrate the nature of the issues that are facing us and the kinds of not just challenges but also some potential solutions that might be there. We thought it might be instructive to ask folks who are actually doing the work of inclusion and to have them share what they are finding from the ground. So Toral, shall I turn to you and ask you for what you’re seeing in your role and in your organization’s role in this area.

Toral Cowieson: Certainly, thank you so much. So when we’re looking at digital inclusion, for those of us in majority languages there are many things that we can take for granted. So for example, can I exchange currency, date and time format, time zone adjustments, usage of numerical symbols or decimals and commas separators used appropriately. If I am using an application, does the country name appear appropriately. And so those are things that we take for granted but that’s not necessarily the case for those in digitally disadvantaged language communities. And I think that’s where the bulk of the work has to be done, Ram, when you mentioned the 7,000 languages. The majority of languages, the characters of those languages are encoded, but it’s all of those other things that we take for granted. Can I search on my emoji in the language that I use? So there’s still a lot to do, and I think even with IDNs, we know that from a content perspective, that full representation and that full user interface is not there.

Ram Mohan: Thank you, Toral. Jen, what do you see?

Jennifer Chung: I guess in terms of multilingual internet, I think that is really the foreground and the background and all through the entire thread of what we’re looking at. I’m going to take a half step back, because when you look online and you’re searching online, if your language is not English, is not your native language, you’re not really searching in that language. I will take out my phone, I’ll be searching in Chinese, I’ll be speaking in Cantonese to my phone as well. So that’s the first thing. And of course, the content also still, right, online, almost 50% of that content is still in English. And of course, even though English is most widely spoken language, in terms of population, in terms of breadth, it is not the native language or first language or even second or third languages for a lot of people who use the internet and those who, of course, are yet to come online. I think it’s really important to remember the other part of the need to actually think about why we need this multilingual internet is if we don’t have this, exactly what you said, all these languages will go away. I think there was a statistic somewhere that said, you know, 90% of the world’s languages might become extinct at the end of this century. That’s like, that is a big loss, not in terms of how we communicate, but really, it’s human culture. So just kind of just putting this out there as a first kind of demonstrating the need and something that we really do need to start looking at and doing something about.

Ram Mohan: Thank you, Jen. Sophie, what has your experience been in the regions that you and your organization have been involved in?

Sophie Mitchell: Thanks, Ram. So, yeah, just taking it back to here in Australia, I think Australia is one of the greatest countries in the world. I, of course, would say that. But we have about 30% of our population are actually born overseas. So they don’t just come from parents who were born overseas, they are themselves born overseas. That’s in a population of 28 million, it’s about 8.5 million people or thereabouts that are born overseas. Some of those come with English language skills, but many, of course, do not. So that’s our migrant population. But, of course, Australia was a colonised country. So first Australians who’ve been living here for many thousands of years actually have 250 language groups, or indeed they did when the British arrived and settled Australia. Unfortunately, through the process of colonisation over the last 200 plus years, that we’ve lost about half of those Indigenous language groups and many of those are endangered today. So certainly echo what Jen was saying, and that is an issue here in Australia is capturing those endangered languages. Because, of course, the other problem we have in capturing them is that they weren’t written languages, they were oral languages and told through a culture of storytelling. And, of course, that culture was impacted adversely by colonisation because Indigenous families were, children were separated from their families and moved on to reservations, as has occurred in many colonial countries. And so a lot of that knowledge was lost. So really, we’re starting from a step back in trying to find those languages, preserve those languages. And then, of course, then we can address some of the digital inequities that we see with Indigenous communities. And I’m sure we’ll go on to talk about those this evening. Thanks, Ram. .

Ram Mohan: Thank you, Sophie. So, as you heard from, you know, Jen, what you’re saying, as well as what you just shared with us, Sophie, the challenges are not just in representing languages, but in some cases, representing languages that have no written representation. Toral, how does that work, you know, from the perspective of the Unicode Consortium?

Toral Cowieson: That’s certainly a very real issue, and in fact, Unicode’s work is really around written languages, so that is not something that the Unicode Consortium is addressing at this point because of the work still to be done with the written scripts. So, I’m curious to hear how others are addressing that, but that’s just the reality of Unicode’s mission.

Ram Mohan: Manal, what is your perspective on other challenges that may exist when it comes to, you know, getting the internet to be more multilingual?

Manal Ismail: Thank you, Ram, and from a government perspective, of course, truly multilingual internet is crucial for digital inclusion. It’s essential for the continued growing of online population and necessary to have the next billion users connect meaningfully to the internet. As already mentioned, we have already one-third of the world’s population still offline, and it was quite alarming to read in the Fact of the Future that progress on most of the SDGs is either moving too slowly or has regressed below the 2015 baseline. So, I think we need to think about the reasons and how to make sure technology is really serving humanity in that respect. And while digital inclusion really promises global information access, language remains a fundamental axis of inequality and a barrier that’s commonly overlooked. It hinders equitable, meaningful digital participation. It restricts individuals’ access to critical services, limits economic opportunities, and as already Jen mentioned, it erodes cultural identity. And we have a long list of challenges here. The limited availability of online multilingual content, poor quality or absence of machine translations, cultural irrelevance resulting from literal translations without really cultural localization. As you already mentioned, some platforms and softwares prioritize a small subset of global dominant languages. And this also touches on the bias in AI and natural language processing. High cost of building robust digital tools, making it economically unfeasible. Sometimes really deprioritizing language accessibility in favor of faster and broader market scalability. And even when it comes to trainings, they are often delivered in dominant languages resulting in digital literacy gaps. And all this unfortunately results in a vicious cycle with younger generations not being fluent in ancestral languages, thus weakening even more the user base for potential language inclusivity. I’ll leave it at this. Back to you, Ram. Thank you.

Ram Mohan: Manal, that is powerful what you just said. And you listed not just the some of the challenges, but also some of the consequences of not addressing these challenges. Theresa, what are your points of view on the policy gaps, as well as some of the technical challenges that we’re seeing? And what is your organization doing to help bridge those? And I’d also be interested to hear your views on what you think are the remaining inequities even after the work that is being done.

Theresa Swinehart: Those are a lot of questions. We have a couple hours, right? So there’s a couple factors, and I think what I’m really quite struck by in these conversations is the internet itself. And within our context of what ICANN does, the addressing space is an incredibly powerful medium. And its goal is to be unfragmented and enable more people to come online. And yet at the same time, we are seeing a saddening erosion of use of languages around that. And so from that, I think we need to cross this barrier of, yes, the internet was originally designed in the context of the use of Roman character sets, and that’s just a historical factor. Had it developed in a different part of the world, it would have been different. But how do we now create the right awareness that we can bridge into these areas? And so from ICANN’s perspective, we’re engaged in quite a few different things. One is the work around internationalized domain names. And so from a technical standpoint, enabling the use with language tables and various others. on the technical interface from that standpoint. And there’s a lot of material around that and colleagues working on that. And with that, you know, how does one not only have one’s email or anything of that sort, but also to the right or to the left of the dot, if I can put it that way, in the context of Arabic scripts. So, working with many communities there. And then partnering with many other organizations with regards to awareness of universal acceptance. Now, the term universal acceptance may sound a little bit odd, but what it actually means is the resolvability of one’s experience with one’s address or with one’s website or with one’s domain name and for that to interface through the different applications and enable a communication. Now, that’s a very simplified description of it. And I think the engineers would probably just pull me aside and say that’s, you know, there’s a lot more to this. But the point is that we have a demand for languages. You know, UNESCO is running a decade of indigenous languages and this is quite important for preserving languages, whether they’re written or oral. But we now need to do an awareness that there is a demand and the supply needs to meet the demand. And that disconnect is one that’s fundamentally important. It is feasible to have one’s entire experience online as one would expect offline. But we need to now take that next step to make that feasible. I’ll just do one more thing and then I’ll hand it over. So we have been engaged with many others. We have a partnership, MOU, with UNESCO, with many other organizations and working with them for awareness, but also have a universal acceptance day that is really looking at creating awareness. at local levels about the opportunities that can occur if one works towards this. So we have a lot of work to do, but I’m hopeful. And for oral languages, that is the content that can then be online, and it’s fundamentally important around that. So a few things here and there, and I’m happy to add on later.

Ram Mohan: Thank you. Thank you, Theresa. So, Sophie, I’m just going to come to you and ask, what kinds of incentive-based approaches have you and your organisation thought of as effective ways for the adoption of digital content and services in local languages?

Sophie Mitchell: Thanks, Ram. I think one of the things we’re focused on here, and I think Theresa summed it up really nicely then when she said we need supply to meet demand. And so part of the problem we see here is that Indigenous languages aren’t widely spoken, and we also have a really quite a big skills gap in Australia in our Indigenous population. So that has been mapped. The government’s been doing some work since the early 2020s on the Indigenous digital inclusion, and we do have in Australia an Indigenous digital inclusion index. So this gap is actually mapped, and we’ve just had funding to continue that index over the next three years. So there’s an access gap, so Indigenous access, there’s an ability gap, so that’s that skills gap, and also an affordability gap, because we do see in Australia that our Indigenous population are more likely to live in remote areas and therefore less likely to have access to high-paying jobs in those areas. And so ARDA, as I mentioned earlier, does through its public benefit fund have a community grants program through which it funds a number of initiatives. And the initiatives we’ve really tried to fund over recent years have been about supporting both recording Indigenous languages so that they can be used, and also increasing the skills of Indigenous communities, so their digital skills, so that they can participate in the digital economy, and upskill so that they, you know, may get jobs and I guess also can participate. in civic society and access government services as well, because that’s another area we see gaps. People who lack those digital skills tend to use the internet in a more simplistic way. So often for social connection, so using social media or for telephone calls, but they don’t extend that use for other purposes. So it can be quite exclusionary and they’re things we’re looking to try and improve so we can increase that economic participation and grow Australia’s digital economy. Thanks, Ram.

Ram Mohan: Fantastic. So Jen, Sophie just brought in this concept of meaningful connectivity, right? It’s not enough to simply be connected and stream and use for social media, but make that connectivity more meaningful. What do you see in the Asia Pacific region in terms of meaningful connectivity? Many governments and other folks are spending lots of money connecting populations, but what challenges exist to make connectivity meaningful to get populations to actually achieve agency online?

Jennifer Chung: Thanks, Ram. I’m gonna pick up on the last word. You mentioned agency is absolutely the most important part because after you connect the populations who are previously unconnected or underserved, they might not know how to use technology. They might not know what kind of ways they can search. For example, like I said, they wouldn’t know that they could search on with their native language if all the content they see right now is in a different language that they don’t understand. Capacity building is definitely the key thing here, but then targeted to actually bringing them online to understand what they can do. There could be e-services, there could be education. and the different parts of capacity building must really direct to the populations that are most vulnerable for them to understand. One thing that I really want to point out is multilingual internet is not only about preserving language. In fact, having it in the thinking that multilingual internet actually makes it safer. And you know, for example, I like to take my father, who’s a bit elderly now, if I tell him that he needs to do certain things on this website to make an appointment for his health checkup, he would most likely be like, I won’t want to do this if I can’t read this. I don’t know. I don’t understand. I have to find someone else to explain to me all these different procedures. But if everything is able to be searched, navigated content wise, also in his native language, he will feel a lot better. Another thing I want to point out is, you know, we talk all about, you know, different bad actors online try to spoof these things, but actually understanding the language makes it much easier for perhaps populations who don’t have English as a first language to first understand, oh, this actually looks a little bit strange to me and understand that, you know, I’m fortunate to be able to understand that when, you know, I see some spoof email or something like that, I won’t click on it because that looks strange to me and I can read the English. But for someone who absolutely don’t understand these characters at all, that could be a huge mystery. And I think understanding that having this is actually makes for a safer Internet is something that we need to think about.

Ram Mohan: Thanks Jen. Christian, you’ve been helping work on this area for quite a long while. And you know, recently you helped co-found Kodi. What is happening there to help address some of these challenges?

Christian Daswon: Thanks Ram. I’m really glad that Jen brought up cyber security. I think that’s a very important topic. There are a number of different reasons why focusing on digital inclusion is so important right now, and that is certainly one of them. There are, surfacing all of the reasons why it is important to act on this at the moment, it’s one of the goals of CODI as an initiative. The initiative is focused on attempting to bring together all the different parts of the community that are going to need to collaborate together in order to make a difference, to move this forward. One of the fundamental things that we sort of have to realize is that the underlying technology in many ways has been complete and has been complete for some time. What we’re dealing with is a situation where the awareness is required because we are fighting inertia. And there’s a timeliness now in the era of advancing AI, when people are using the internet directly with LLMs. There are these data-rich languages and many, many, many data-poor languages. And so you get into these situations where we need to advance all of the arguments for people to put the effort in to go ahead and take the technologies that already exist and advance them towards multilingualism. And so we need to bring the arguments about cybersecurity, about the importance of inclusion so that they can be part of the digital economy and grow the economy. But also, as we were saying, because we can’t lose the stories and the histories that exist from these cultures. There are many reasons why we learn history in order to make sure that we don’t repeat it, but also so that we can live harmoniously in societies and not advance towards war and disharmony. and all of these different arguments are the things that we need to bring to bear. So we’ve got a number of initiatives that we’re pulling together with CODI. Some are simple. One of them that we’re advancing at the moment is we’re starting to try to figure out how to gather data that will show that if people build tools for language inclusion at the last mile, it will be more likely that the individuals who are recipients of those tools will use the Internet more. It’s quite obvious that that would be the case, but in order for businesses to go ahead and commit time and resources, quite obvious isn’t good enough. They actually need hard data, and there aren’t really a lot of studies that show these sorts of things. So that’s just one example of some of the many projects that we’re going to be putting together and advancing with CODI, and we’re hoping that you join us.

Ram Mohan: Thanks so much. Manal, in terms of government initiatives to support language accessibility in digital spaces, what has been the experience with your government?

Manal Ismail: Thank you. Thank you very much. When the Internet fails to speak your language, it’s not just inconvenient, it becomes a barrier to health, education, and livelihood. As Sophie hinted, governments have an important and powerful role in encouraging the development and adoption of multilingual digital content in order to foster digital inclusion. This can be a mix of both regulatory approaches but also incentive-based approaches in order to balance enforcement. with support of frameworks and capacity building. Regulatory approaches may include mandating multilingual access for key digital platforms and services, especially in public sectors, expanding digital accessibility laws and regulations to explicitly include language accessibility alongside disabilities, and making multilingual support a prerequisite for public procurement contracts or national projects. As for the incentives, these may also include offering targeted grants and funding for projects that develop digital tools, content or platforms in underrepresented languages, providing tax breaks or reductions or subsidies even to companies that integrate inclusive language practices, and forming public-private partnerships also with technology firms and or universities to build and maintain inclusive digital ecosystems. It would be also good to establish a recognition or some sort of certification program for digital inclusion and digital language inclusion in order to recognize platforms that meet government requirements in that respect. Finally, also investing in capacity building and training programs for developers and translators as needed. So, in a nutshell, in order to ensure that inclusive language support is not an afterthought but a core pillar of national digital transformation strategies, Effective government strategies should integrate regulatory mandates to ensure compliance, incentive schemes to ensure investment and innovation, and collaborative frameworks to ensure sustainability and community participation. Thank you Ram, back to you.

Ram Mohan: Thank you Manal. Toral, what are the fundamental technical limitations or design paradigms that have historically contributed to the Internet’s bias linguistically towards just a few dominant languages?

Toral Cowieson: So I think, you know, the technical limitations have been, at least from a Unicode perspective, have been addressed on our side, but where the challenge is, is really engaging the language communities themselves for the remaining work to be done. And that’s where, you know, when I talked about kind of that full immersed experience, that’s where the limitation is. And, you know, part of it is on the Unicode side is people don’t know that there is work to be done, and how do we effectively equip and empower those communities to be part of the solution to ensure that solution is in place. So that’s really, that’s really the issue. And, you know, our member organizations have tended to be the big tech companies, and originally the priorities were the majority languages. But now they are also realizing that it doesn’t, it serves their better interests as well to make sure these other communities are online. And so we do see organizations like, you know, certainly Google, Meta, Airbnb, where they have access to native speakers. and they’re bringing those individuals into that work for that full experience. So, you know, from a kind of a core technology perspective, it’s just getting language communities.

Ram Mohan: Thank you, Toral. I’m going to turn to now, you know, we’ve spent some time looking at the challenges, identifying some of the barriers that exist. Let’s turn our attention to practical things that we can actually do. So, I’m actually going to turn to each of the folks here on the panel and I’m going to ask you this question. Looking at the landscape of existing efforts, what is one area where you see significant potential for accelerating progress towards a multilingual internet? So, let me ask that and turn to you, Jen, first.

Jennifer Chung: The one thing that will accelerate it the most, I think the one thing that will accelerate it the most is actually a paradigm shift to thinking about looking at it as multilingual first as opposed to English first. To look at it by, you know, multilingual by design, universal acceptance, UA by design. That actually sets us up for success because when we have that mentality, all of the stakeholder groups would be, the governments will understand exactly what Manal says. You know, this is part of national strategy. It’s not an afterthought. For those who are coding, they will know this is what it is that we learn. This is how we do it instead of doing it the previous way. In terms of, you know, private sector too, that’s also the incentive. So, that is really the mind shift that’s the one thing that will accelerate it.

Theresa Swinehart: I think it’s spot on to have a paradigm shift, that one should have an expectation that one’s experience online is the same as offline. I think there’s a couple areas where one can look at that. One is around education and educating and creating modules in coursework, whether it’s around policy or around technical areas. We run a program where we are working with universities on specific modules to have awareness and education around these areas. We just recently ran a hackathon in Bahrain, which was incredible to watch 60 students have a task of coming up with a website and how to have that be able to work in both Arabic and in English. So I think there’s some very pragmatic, very specific things to do. I think there’s also some other areas around procurement and that there is just an expectation that one is going to in the future need to supply things in this kind of way. And to add on to that, I think that there’s also opportunities as we’ve talked about. We open the next round next year with applicant support for specific categories to create the opportunity to have what one wants to the right or the left of the dot in one’s language. But it’s fundamentally that there is a paradigm shift, as has been said, about the expectation is, as a user, have the experience in the online digital world as one would in the offline world. And the benefit is not only societal. It’s not only the opportunity to engage with a hospital or a university or education or provide that information and retain cultural norms and cultural values. One’s home, you know, that is anchored in who we are as individuals and how we communicate with each other. There’s also economic opportunities from a business perspective. You know, there’s entire populations that have no consumer interest potentially in whatever somebody is providing because they don’t have a connection because of the language barrier. So, it’s not about economics only, it’s about society and affording that ability for everybody to have that experience in the Internet. And so, I think we have many, many, many things to do. From ICANN’s perspective, we’re doing some of them very specific and partnering with others because nobody can do this alone.

Ram Mohan: Thanks, Theresa. Sophie, one area where you see significant potential for accelerating progress towards a multilingual Internet?

Theresa Swinehart: Thanks, Ram. I find it really difficult because I think both Jen and Theresa there have hit on two really key elements. I think, yeah, people don’t participate because they’re, in many cases, because they’re excluded so they can’t, and that mindset shift isn’t there. I’ve spent a lot of time thinking, since I was invited to speak on this panel, about whether technology will help solve it. So, will AI translation actually accelerate it or be part of the problem? Because do we worry about a multilingual Internet if you don’t have to, or if you’ve just got those translation skills there? So, I think that that’s not really a mindset shift, but I do think it will be a very big shift and I hope accelerate the availability of the Internet for those who are currently excluded. But I do still think it’s that upskilling. Even if you have the language skills, certainly I know we find in migrants in Australia, many arrive without English skills, but they actually, many of them don’t have great skills in their own native languages either. So, if you’re illiterate, that’s probably a barrier to using the Internet in any language. So, we spend a lot of time focusing on multilingual abilities, but I think it’s also, sorry, technology, but I think it’s also upskilling people with digital skills in whatever language they have as well.

Ram Mohan: Christian.

Christian Daswon: For as long as I’ve been coming to IGF, we’ve been talking about connecting the next billion. We are, we are focusing our attention on how we can connect the unconnected. And there are lots of stakeholders who are doing that, putting efforts into last mile connectivity. We’ve spent time here talking about meaningful connectivity. And earlier today, you asked Jen what she thought it would take to add language along with access devices and training into the definition of meaningful connectivity everywhere. What I would really like to do is to go out individually to all those stakeholders to have a survey, to actually go to the people that are connecting the unconnected with last mile and ask them en masse, try to gather up that information and then disseminate it. Because all of us then need to take what they are saying they are missing, what they are telling us they are missing, and we need to figure out how we can collectively build those tools. So what I want most is I want direct information for the people that aren’t making it happen now and for them to tell us how we can make it happen.

Ram Mohan: Toral?

Toral Cowieson: Yeah, thank you. Those are hard answers to follow. I don’t know what to add. So I actually want to build off of something that Theresa said, that no one can do this alone. And I think, you know, the one key thing is strengthening the work that’s already happening across stakeholders. You know, when we think about all the stakeholders who are required, NGOs, governments, tech companies, standards organizations, language communities, and really taking a step back and organizing ourselves, kind of clarity around the roles and responsibilities that each of us have. in this multilingual internet, and then communicating that effectively, because there’s so much work. We talked about UNESCO’s International Decade of Indigenous Languages, for example, and all the other initiatives, ICANN’s initiatives, for example, and how do we bring those together in a way that we can make it clear for how language communities can be engaged? Because I think we make it so hard, and it’s hard to know, all of us have so many things coming at us. How do we make it easier? And then how do we engage and empower those communities to be, again, part of that solution? So, you know, my thoughts are really around our work across stakeholders and the responsibility that we have to one another, to the language communities, and how do we hold ourselves accountable to success? You know, like Christian said, we’ve been talking about that next billion for a long time, and how are we actually demonstrating that we’re bringing that to closure in some way? So, thanks, great question.

Ram Mohan: Thank you. Manal?

Manal Ismail: Thank you, Ram, and I truly believe that the most significant mindset shift needed from all stakeholders, as we mentioned, across the internet ecosystem, is to treat language equity not as a localization add-on that comes as an afterthought, but as a core driver of global meaningful participation and a foundational layer of digital infrastructure. I mean, same as connectivity, as cyber security. And accordingly, rather than thinking of linguistic plurality as a challenge that we need to fix, and sometimes by adding translations later. or by trying to find workarounds, we all know how IDNs were introduced and keep it if there is demand. I think we need to think of multilingual by design, as Jen also mentioned, as an integral to inclusive, scalable and ethical digital infrastructure innovation. We also need conscious and deliberate, maybe national initiatives that involve all stakeholders, like has been mentioned also the importance of collaboration in that respect. Such initiatives could be government-supported, publicly-funded, open-source-based, something that could provide high-quality language resources, tools or APIs for underrepresented languages. So instead of making languages change technology, we need to start making technology serve languages. Thank you, Ram. Back to you.

Ram Mohan: Thank you, Manal. That’s a really powerful way to encapsulate what we’re trying to do. Technology should be serving languages rather than the other way around. So let me ask a question. You know, we have here in our panel, we have diverse perspectives, technical perspectives, civil society, industry, government. So, Christian, let me start with you. How can these diverse stakeholders collaborate and coordinate so that we can amplify their impact in promoting linguistic inclusion in digital policies?

Christian Daswon: I think we have a lot of people with a lot of good intentions and a lot of us don’t know exactly what it is we need to do to put those good intentions to active good. There are lots of programs that do active good in here. We’ve heard about some of the active good programs that ICANN has been doing for a long time in this area. One of the things that we’re doing with COTI is we’re trying to find all the people that are doing active good. We’re trying to bring them into a sort of single coordinating stream where people can talk to one another about things that are going on and raise programs that need to get done. I think there just needs to be a lot more talking and a lot more organization around all of the efforts that are going on so that we can centralize them and surface other ways to help that will get people to be able to raise their hands and say, well, that’s the kind of work that I can do. I’ve been looking for a way to contribute to these efforts. I’m ready.

Ram Mohan: Theresa, what do you think? How can we better coordinate and collaborate among the various stakeholders? If the goal is to have language as a pillar of digital inclusion strategies worldwide, what can we do better?

Theresa Swinehart: I think not be shy to pursue ideas. By that I mean different organizations may be engaged, I’ll just give some examples, with educational modules around internet-related issues or digital inclusion-related aspects or how certain things function. Are there opportunities there to add on additional modules around language awareness, around internationalized domain names or universal acceptance or how to build that in? I think sometimes looking at things in isolation and our own work in isolation, we lose sight of the opportunity that for somebody who’s involved in a, let’s say, policy track of education for international relations, let’s say, by example. It might not make sense to create awareness that there is actually the opportunity to have one’s own language online and what that would entail. But a chapter or two in a book that is part of that sets off that awareness. In a business school, awareness that one actually, from a business standpoint, has a population that could very well be interested in using their own languages for educational institutions or for medical professions, that one serves a population. Many of us, when we go to our medical facility, it may say, if you need somebody to help interpret this, please contact this number and we can provide these languages. Where is that online? Where is that source of the click down? So I think that there’s, we tend to look at either our areas of work in isolation or our sectors in isolation, and we need to do what we can to help connect the dots. And in those dots, what are the opportunities, what are the tools in the toolbox for different sectors, different organizations to fully serve a population that is not only speaking with Roman character sets, by example, from a technical standpoint, but is speaking so many different languages and some of them are written in oral. And how does one then go to serve them? So it’s a big task, but I would say if each of us walked away today and said, here are the two things I’m going to follow up on and the two people I know in wherever it might be, I’m going to contact and say, hey, did you know? it could go a long way.

Ram Mohan: Jen, what mechanisms are missing or need strengthening when we look at collaboration and coordination?

Jennifer Chung: I think both Christian and Theresa have actually hit on a lot of these points, and Toral as well, and when she mentioned, you know, you can’t go at it alone. Missing things still, I mean, just filling in the gaps, I think what it is. Theresa’s last call for action really is personal for all of us here at the table and those in the room as well. Making that connection, connecting the two dots, understanding that each of the organizations, DotAsia, of course, we have a lot of work that we do in IDNs, and we do a lot of work in capacity building, but in the act of doing all these things, we come across different organizations also in the region that can help us with these efforts, especially when we’re looking at CODI, you know, connecting good things that people are doing and allowing them to do them together. So again, I mean, the answer is the same thing, filling in the gaps in the way that we know how. I think that is what is missing and that really takes a collective effort.

Ram Mohan: Thank you so much. So let me turn to you, Manal, with a different question. So we’ve been talking here about, you know, the principles of linguistic diversity and multilingual by design. So how can these principles become more explicitly embedded into digital rights frameworks and more embedded in governance discussions?

Manal Ismail: Thank you, Ram. Can you hear me? Yeah, so, as I mentioned earlier, This could be extended in laws and regulations that already support disabilities and this could be also part of such laws and regulations. And have this expanding the digital accessibility laws and regulations to explicitly include language accessibility alongside disabilities. And also through the regulatory and approaches we’ve mentioned and the incentives that could be done as well. And I believe also as everyone mentioned it’s a multi-stakeholder thing and it’s also as a special characteristic that we need to work on the supply and demand side at the same time. As some have already mentioned, even the demand side they don’t know they can have this service. So they see everything in Latin, in English or whatever dominant languages and they don’t know that this luxury is even possible. And on the other side, the supply side, they don’t see it visible from a business point of view. So we need to work on wearing the demand side and triggering the supply side at the same time. And maybe governments can help with national initiatives, help with government support or public funds. And lastly, also connecting the dots and making sure that we’re all pushing in the same direction as everyone else mentioned. I think one good thing about the Universal Acceptance Global Day that we can learn from, it started globally and now it’s connecting with on-the-ground national activities, which I think is a good thing that we can also follow when we talk about a really multi-lingual and digital future.

Ram Mohan: Thanks Manal. Let’s go to getting questions and really an interaction with the audience. Let’s start online, Christian.

Christian Daswon: Sure, we do have one question in the chat. Feel free if you’re in the chat to add others and we’ll also welcome people to come to the mics as well. You’ll go into the queue next. Fantastic. A question from Nicholas Fumarelli. How can countries accelerate IDN compliance and readiness in the light that these measures are not advancing from year to year at the same pace of other adoptions, such as RPKI validation enabled networks or DNSSEC deployment? What can be alternatives other than law enforcement on this topic? I’ll read the rest. We’re actually having a fragmentation of languages due to this. Some efforts from UASG to reach popular software owners, messaging apps, among others. But how can, for example, local chapters help? Do you have any examples of soft enforcement for UA readiness? To note, UA is also part of UNESCO Rome X framework. Would anybody on our panel like to take this?

Ram Mohan: I think Theresa is probably closest to the response to that question. Christian, I think there were several questions in there. So, let’s get to just one thing that perhaps…

Christian Daswon: So, let’s see. Let’s focus in on the idea soft enforcement for UA readiness. How can on the idea soft enforcement for UA readiness? How can countries accelerate IDN compliance and readiness with soft enforcement mechanisms?

Theresa Swinehart: So, I think that there’s many different ways, and we saw efforts around with IPv6 at different points. I think that there’s soft ways to do it are through the education system and the next generation through the schools and the opportunities to both create awareness but maybe require that some of the digital engagement is done through the use of internationalized domain names or universal acceptance tools and work with the technical community in order to make sure that the schools have that capacity. That creates awareness for the next generation, which is essential if we want to actually preserve languages moving forward. Maybe it’s also soft ways through requirements of medical facilities or government social facilities that are providing to their citizens that the government agencies themselves look to have those mechanisms put into place and work with providing that for their citizens in their languages. Many countries have multiple languages, and then they have indigenous languages as well that they could serve. So, I think leading by example is essential that if one wants to actually have this resonate, one has to lead by example around that. I think that there’s other ways within the context of the private sector. Maybe if one’s procurement policy may suggest that one would encourage the use of that, and if not, to be willing to help to figure out how different agencies could do that or different bidders could do that. So, I think that there’s many, many different ways to build it into one’s own effort, but part of it is walking the talk and leading by example. I think that’s an important fundamental step around that.

Ram Mohan: Thank you. Jen?

Jennifer Chung: I don’t know if I like the phrase soft enforcement, but really I think we’re looking at incentivizing, especially when you’re looking at industry. I think a lot of, you know, registries, registrars, we are incentivized to be able to do this, you know, in our own internal systems as well. And then I want to pick up on something that Theresa mentioned. Not so much, again, not so much self-enforcement, but de-incentivizing. I think Manal also touched on it when she mentioned, you know, tax incentives, tax breaks, putting it, requiring it in the procurement process in kind of stages where you first, you know, prioritize those contractors that do have this. And then finally, you know, in the end, you know, this would become a requirement. And then including the requirement of reporting of UA readiness in tenders, I think that, you know, combined would have the effect that I think the answer was looking for. Yeah.

Ram Mohan: Thank you, Jen. Let’s go to the gentleman here.

Audience: Thank you. This is Mohammed Abdul Haq Onu, or everybody call Onu. I’m a Secretary General of Bangladesh Internet Governance Forum. Myself with Bangladesh Internet Governance Forum actively organizing Universal Acceptance Day event for the last three years with a special focus on Bangla language. I truly welcome this discussion on language inclusion. Using the digital device is not only about infrastructure, it is about ensuring every community can access the internet in their own language. In Bangladesh, our efforts to promote UA and local script adoption have shown that digital inclusion become meaningful when people can use technology in their native language. Despite the challenges spoken by over 200 Bangla languages, 250 million people still face challenges in full UA readiness. I urge global stakeholders to treat language inclusion as a core digital right to invest in technical and policy framework. that support meaningful internet access in multilingual access also. Also challenges meaningful internet connectivity, especially rural areas. Thank you.

Ram Mohan: Thank you so much for your thoughtful intervention, appreciate it. Let’s take another question from the audience there.

Audience: Hello, my name is Gabriel and I have a question regarding implementation. So for someone wanting to implement a website in their own language, it’s often that you would get into trouble with, for example, font rendering not displaying it properly or the font not having support. And when you get into other accessibility things like screen readers, if even those are mandated, they might not have support for that language. So my question is then how do you ensure that the underlying tools that people are using to build websites are accessible to these languages so that other people who are educators or bloggers can make websites in their own languages without having to have deep knowledge about how all these things about font rendering or technology works. Thank you.

Ram Mohan: Thank you so much. I think, Toral, that is adjacent to some of the core things that you’re doing, so perhaps you want to take that.

Toral Cowieson: Yeah, it’s a great question. I’ll give you an example. I was recently working with a designer on some stickers or something, and we were using, let’s say, the spaceship emoji, and what are the different languages in which you could search for that. And we put it into one tool. I’m not going to say which organization. And we were getting a lot of Tofus, right, little squares with just nothing that was useful. And then we put it, I said, let me try it in Canva. And I put that same block of information into Canva and everything rendered correctly. And what that told me is that Canva had built Unicode, had Unicode in its technical stack. Technology stack. And what was different about how Canva was approaching it is their products are built to be world ready. So Canva is not a Unicode member, so I’m just, let me just put that out there. But it really depends on what tools you’re using. And if Unicode is in the tech stack, that will make it easier for your website development to happen. So it’s really finding the right tool and not being frustrated that something isn’t working the way that you were hoping that it would. But there are solutions that are out there. And if Unicode is in the tech stack, that can accelerate the work.

Ram Mohan: And Christian, I wonder whether that idea that Toral was just speaking about and what the gentleman was identifying as a real need may be one of the kinds of initiatives that might be useful on a global scale.

Christian Daswon: Well, I think that’s exactly why the organization that we’re trying to build is focused on listening. Because identifying where there are gaps is an important thing that we need to be doing. But also where there is effective work that needs to be connected with the people who need to know that it’s being done is also a vital tool that needs to be done as well.

Ram Mohan: Thank you so much. I’ll go to the lady there on my right.

Audience: Hi, my name is Elisabeth Carrera, and I’m with Wikimedia Norway. And one of the many things we do to do with language diversity is we support the community that creates and curates Northern Sami Wikipedia. So we’re sort of the movement behind Wikipedia. And I just thought I’d add a little bit of optimism when it comes to tech and language. diversity. Well, what we’re seeing now, you mentioned we should make technology serve languages. I think technology is quite keen to go bilingual, full force. With our encyclopedia in Northern Sami, currently, human traffic is about 12%. And Northern Sami is a tiny language. The remaining traffic is bots, spiders, large language models, desperately trying to learn Northern Sami. So I think there’s hope. One of the obstacles we’re facing with small languages is just the same that we faced when we first started gaining like public access, general access to the internet here in Norway in the 1990s. There isn’t enough text, quality text and quality data available. So frustratingly, in Northern Sami, in this case, text is available. It’s just not available under open licenses. So it’s not there to be scraped. So if you want tech to learn multilingual approaches quickly, we need to make available what we have. So that’s the first step. And it’s a very elementary step that we can easily make. And even public entities don’t realize how much of a difference they can make by making their data sets available under open licenses. So just a small piece of optimism, we can easily do this.

Ram Mohan: Thank you so much, Christian.

Christian Daswon: I’ve got a couple of thoughts. First of all, one of the things that we have been doing as we’ve been trying to organize CODI is a movement that we are trying to start in this area is talking to a number of groups who are doing important work in this space. And I want to say that the work that Wikimedia Foundation and Wikipedia are doing is phenomenal. They’re doing incredible things when it comes to language and in the areas where we are talking about the challenges that are coming because of AI. They’re doing it not just in languages, but in cultural contexts, right? And the things that they’re doing there are incredibly impressive. I think that you’re right, that open needs to be an important component of what it is we’re talking about. Of course, open has its own challenges in the era of LLMs because large data scraping is a challenge for a lot of people who are designed to have open environments. Yesterday, I joined the kickoff call for a Creative Commons program called CC Signals that’s trying to address some of the concerns that people have when it comes to scraping in open environments for LLMs. And that’s an area that we’re going to try to connect CODI to. I encourage everybody to take a look at the efforts that are happening there because I agree with you, it’s very important and hopeful.

Ram Mohan: Thank you. Toral?

Toral Cowieson: Great, thank you for that positive news there. I just wanted to comment on this notion of open. And this is where we’ve hit some concerns from language communities that by granting rights that they are giving up something. And that is an ongoing challenge. One of the distinctions that we’ve been working on as we’ve been talking with language communities is this open license is the only way for full participation and access for other users. And being really clear that by licensing that you are granting licensing but you’re not giving up. You still retain ownership. And I think that distinction is clear as we can make it. And I’ve had to work with our general counsel on this a bit because it can be very easy to get deep into the legalese and I think that frightens and scares off language communities, rightfully so. and just raises some huge concerns, but that open license piece is a huge step towards access.

Ram Mohan: Thank you. We have another question from the audience on my left.

Audience: Yes, Roberto Gaetano, Uralo Individual Users. This is not really a question, it’s rather a comment or a contribution on the question, what can we do to improve multilingualism? I think that I agree completely with what has been said, that we need a paradigm shift. We have really a cultural problem with this, and this is something that is now, that we are subject to this particular mentality. We behave in a way that I would call the syndrome of animal farm, in the sense that we all say, okay, all languages are equal, but then in practice we behave as if we have one language that is more equal than the others. And let me make an example. In a lot of meetings we have interpretation, also here in the main room at ICANN meetings we have several situations in which we have interpretation. And the situation is more often than not that the panel consistently speaks in English. And the interpretation is used by people who speak English. in the audience to understand, to listen in their own language. And just rarely there’s a question from the audience in a different language and then maybe somebody from the panel as a courtesy replies in that language. But why can’t we establish the rule, the behavior that when we have interpretation and your language is one of the interpreted languages, why don’t you speak in your own language or in the language that you are more comfortable with than in English? I think that this cultural change is done like every cultural change by little steps. We don’t need huge changes, but just make the people think that there are more languages. This will not achieve the 7,000 languages having same status over the internet, but at least we can start moving slowly in that direction.

Ram Mohan: Thank you so much. In many ways, I think, especially with the advent of large language models and artificial intelligence engines, we’re quickly moving to a path where we may end up having one language to rule them all, rather than the diversity of languages that really represents the world around us. So, thank you so much. I’m going to ask each of the panelists one sentence that sums up what you want to provide to our audience as a takeaway, but only one sentence. Let me start with you, Sophie.

Sophie Mitchell: Oh, Ram, that’s unfair. I’m still ruminating on the question from the last gentleman about animal farm. So, I almost want my one overarching thought to be, let’s not be animal farm. and let’s ensure that all languages are equal. But I think, am I allowed one more? Sorry Ram, I’m already breaking your rule.

Ram Mohan: Please go ahead.

Sophie Mitchell: I was just gonna say it’s such a multifaceted issue that I really think it does require a multi-stakeholder response. And I think if we start quantifying the benefits for people, then we might be able to see better unification and unified action. And I’d love to see that.

Ram Mohan: Thank you. Toral, one sentence.

Toral Cowieson: We can only be successful together.

Ram Mohan: Thank you. Manal.

Manal Ismail: We need to all continue working on the supply and demand side together. Multilingual by design, not an afterthought. Thank you.

Ram Mohan: Thank you. Jen.

Jennifer Chung: It’s absolutely a language justice movement. And again, repeating multilingual first and UA by design.

Ram Mohan: Thank you, Theresa.

Theresa Swinehart: Lead by example and connect everybody to change this.

Ram Mohan: And last word, Christian.

Christian Daswon: My sentence is, there are Cody postcards on the corner table over there. You should grab one and let’s do more together than we can apart.

Ram Mohan: Thank you so much. That concludes this session. Thank you.

Ram Mohan

Speech speed

118 words per minute

Speech length

1390 words

Speech time

704 seconds

Over 7,000 languages exist worldwide but only a few dominate online spaces, preventing billions from full digital participation

Explanation

Despite global efforts to expand Internet access, the dominance of a few major languages online creates a significant barrier to digital inclusion. This linguistic inequality prevents billions of users from fully participating in digital spaces, making language diversity an overlooked aspect of connectivity efforts.

Evidence

Over 7,000 languages spoken worldwide with dominance of few major languages online

Major discussion point

Barriers to Digital Inclusion Through Language

Topics

Multilingualism | Digital access | Cultural diversity

Sophie Mitchell

Speech speed

146 words per minute

Speech length

836 words

Speech time

341 seconds

Digital inclusion gaps exist not just in access but in meaningful connectivity, with people using internet only for basic functions like social media rather than essential services

Explanation

There’s a distinction between basic internet access and meaningful connectivity that enables full participation in digital society. People with limited digital skills tend to use the internet in simplistic ways, primarily for social connection through social media or phone calls, but don’t extend usage to access government services, education, or economic opportunities.

Evidence

People who lack digital skills tend to use internet for social connection via social media or telephone calls but don’t extend use for other purposes like accessing government services

Major discussion point

Barriers to Digital Inclusion Through Language

Topics

Digital access | Inclusive finance | Future of work

Australia has lost about half of its 250 Indigenous language groups due to colonization, with many remaining languages endangered and originally oral rather than written

Explanation

Colonization has severely impacted Indigenous languages in Australia, with about half of the original 250 language groups lost over 200+ years. The remaining languages face endangerment, and the challenge is compounded by the fact that these were oral traditions passed through storytelling rather than written languages, making digital preservation more complex.

Evidence

Jennifer Chung

Speech speed

185 words per minute

Speech length

1250 words

Speech time

404 seconds

Language barriers create safety risks online as people cannot identify suspicious content or phishing attempts in unfamiliar languages

Explanation

When users cannot understand the language of online content, they become more vulnerable to cybersecurity threats. People who don’t understand English or other dominant languages online cannot recognize suspicious emails, phishing attempts, or fraudulent websites, making multilingual internet access a cybersecurity issue as well as an inclusion issue.

Evidence

Agreed with

– Manal Ismail
– Theresa Swinehart

Agreed on

Paradigm shift from English-first to multilingual-by-design approach

De-incentivizing non-compliance through procurement processes and requiring Universal Acceptance readiness reporting in tenders

Explanation

Rather than relying solely on enforcement, governments can use procurement processes to incentivize multilingual readiness by prioritizing contractors who demonstrate Universal Acceptance capabilities. This creates market incentives for companies to develop multilingual technical capabilities.

Evidence

Prioritizing contractors with UA readiness in procurement, requiring UA readiness reporting in tenders, using staged approach from prioritization to eventual requirement

Major discussion point

Policy and Governance Approaches

Topics

Digital standards | Data governance | Multilingualism

Agreed with

– Manal Ismail
– Theresa Swinehart

Agreed on

Government policy and procurement can drive multilingual adoption

Language preservation maintains cultural identity and human heritage while enabling meaningful digital participation

Explanation

Multilingual internet access serves dual purposes of preserving cultural heritage and enabling practical digital participation. By supporting languages digitally, we both maintain cultural identity and ensure that speakers of those languages can meaningfully engage with digital services and opportunities.

Evidence

Multilingual internet preserves language and culture while enabling digital participation

Major discussion point

Economic and Social Benefits

Topics

Cultural diversity | Multilingualism | Human rights principles

Manal Ismail

Speech speed

102 words per minute

Speech length

Agreed on

Paradigm shift from English-first to multilingual-by-design approach

Language inclusion should be treated as foundational digital infrastructure like connectivity and cybersecurity, not as localization add-on

Explanation

The most significant paradigm shift needed is treating language equity as core digital infrastructure rather than an optional feature added after primary development. Language accessibility should be considered as fundamental as connectivity and cybersecurity in digital infrastructure planning and implementation.

Evidence

Treat language equity as core driver of global meaningful participation and foundational layer of digital infrastructure, same as connectivity and cybersecurity

Major discussion point

Paradigm Shift Requirements

Topics

Infrastructure | Digital standards | Multilingualism

Agreed with

– Jennifer Chung
– Theresa Swinehart

Agreed on

Paradigm shift from English-first to multilingual-by-design approach

Working simultaneously on supply and demand sides – creating awareness of possibilities while building technical capabilities

Explanation

Effective multilingual internet development requires coordinated efforts on both supply and demand sides of the equation. Many potential users don’t know multilingual digital services are possible, while service providers don’t see visible business cases, requiring simultaneous awareness-building and capability development.

Evidence

Demand side doesn’t know multilingual services are possible when they see everything in dominant languages, supply side doesn’t see visible business case, need to work on both sides simultaneously

Major discussion point

Practical Implementation Strategies

Topics

Capacity development | Digital access | Multilingualism

Toral Cowieson

Speech speed

143 words per minute

Speech length

1175 words

Speech time

492 seconds

Many technical aspects taken for granted in majority languages don’t work properly for minority languages, including currency exchange, date formats, and search functionality

Explanation

Users of majority languages can take for granted that basic digital functions like currency exchange, date and time formatting, numerical symbols, and search capabilities work seamlessly. However, these fundamental features often don’t function properly for users of minority languages, creating barriers to full digital participation even when basic language support exists.

Evidence

Examples include currency exchange, date and time format, time zone adjustments, numerical symbols, decimal and comma separators, country names appearing appropriately, emoji search in native languages

Major discussion point

Barriers to Digital Inclusion Through Language

Topics

Digital standards | Multilingualism | Digital access

Unicode Consortium focuses on written languages, leaving gaps in supporting oral-only languages that lack written representation

Explanation

While Unicode has made significant progress in encoding written scripts, the organization’s mission is specifically focused on written languages, creating a gap in support for oral-only languages. This limitation means that communities with purely oral traditions face additional challenges in digital representation beyond what Unicode can address.

Evidence

Theresa Swinehart

Speech speed

148 words per minute

Speech length

Paradigm Shift Requirements

Topics

Human rights principles | Multilingualism | Digital access

Agreed with

– Jennifer Chung
– Manal Ismail

Agreed on

Paradigm shift from English-first to multilingual-by-design approach

Soft enforcement mechanisms include education system requirements, government agency leadership by example, and procurement policy preferences

Explanation

Rather than relying on legal mandates, governments can promote Universal Acceptance and multilingual internet adoption through educational requirements, leading by example in their own digital services, and using procurement policies to encourage private sector adoption. This creates market incentives while building awareness among the next generation.

Evidence

Education system requirements for digital engagement through internationalized domain names, government agencies implementing multilingual services for citizens, procurement policies encouraging UA adoption with support for implementation

Major discussion point

Policy and Governance Approaches

Topics

Online education | Legal and regulatory | Capacity development

Agreed with

– Manal Ismail
– Jennifer Chung

Agreed on

Government policy and procurement can drive multilingual adoption

No single organization can solve multilingual internet challenges alone; success requires coordinated multi-stakeholder approach

Explanation

The complexity and scope of creating a truly multilingual internet means that no individual organization, whether technical, governmental, or civil society, can address all the necessary components alone. Success requires coordinated efforts across multiple stakeholder groups with different expertise and capabilities.

Evidence

Christian Daswon

Speech speed

164 words per minute

Speech length

1452 words

Speech time

528 seconds

Coalition on Digital Impact (CODI) aims to bring together diverse stakeholders and coordinate existing efforts rather than duplicate work

Explanation

CODI is designed to address the coordination challenge in multilingual internet development by bringing together different parts of the community that need to collaborate. Rather than creating new programs, the focus is on connecting existing successful initiatives and helping people with good intentions find ways to contribute effectively to ongoing efforts.

Evidence

CODI focuses on bringing together different community parts that need to collaborate, surfacing arguments for cybersecurity and inclusion, finding people doing active good and bringing them into coordinating stream

Major discussion point

Collaborative Solutions and Stakeholder Coordination

Topics

Interdisciplinary approaches | Capacity development | Multilingualism

Agreed with

– Toral Cowieson
– Theresa Swinehart
– Sophie Mitchell

Agreed on

Multi-stakeholder collaboration is essential for success

Need better data collection from last-mile connectivity providers to understand what tools and support they need for language inclusion

Explanation

To effectively support multilingual internet adoption, there’s a need for systematic data collection from organizations working on last-mile connectivity to understand their specific needs and challenges. This information can then guide the development of appropriate tools and support systems for language inclusion at the local level.

Evidence

Survey of stakeholders connecting the unconnected to gather information about what they’re missing, then collectively build needed tools based on their input

Major discussion point

Collaborative Solutions and Stakeholder Coordination

Topics

Digital access | Capacity development | Data governance

Audience

Speech speed

123 words per minute

Speech length

Paradigm Shift Requirements

Topics

Cultural diversity | Multilingualism | Human rights principles

Agreements

Agreement points

Paradigm shift from English-first to multilingual-by-design approach

Speakers

– Jennifer Chung
– Manal Ismail
– Theresa Swinehart

Arguments

Need fundamental shift from “English first” to “multilingual first” thinking, with Universal Acceptance designed in from the beginning rather than added later

Technology should serve languages rather than forcing languages to adapt to technology limitations

Language inclusion should be treated as foundational digital infrastructure like connectivity and cybersecurity, not as localization add-on

Users should expect same online experience as offline experience, with language accessibility as core expectation rather than luxury

Summary

All speakers agree that the fundamental approach must shift from treating multilingual support as an afterthought to making it a core design principle from the beginning, treating language accessibility as foundational infrastructure rather than optional add-on

Topics

Digital standards | Multilingualism | Human rights principles

Multi-stakeholder collaboration is essential for success

Speakers

– Toral Cowieson
– Theresa Swinehart
– Christian Daswon
– Sophie Mitchell

Arguments

We can only be successful together

No single organization can solve multilingual internet challenges alone; success requires coordinated multi-stakeholder approach

Coalition on Digital Impact (CODI) aims to bring together diverse stakeholders and coordinate existing efforts rather than duplicate work

Multi-stakeholder response needed for multifaceted issue

Summary

There is unanimous agreement that the complexity of creating a multilingual internet requires coordinated efforts across multiple stakeholder groups, with no single organization capable of addressing all necessary components alone

Topics

Interdisciplinary approaches | Capacity development | Multilingualism

Language barriers create cybersecurity vulnerabilities

Speakers

– Jennifer Chung
– Christian Daswon

Arguments

Language barriers create safety risks online as people cannot identify suspicious content or phishing attempts in unfamiliar languages

Cybersecurity is one of the important reasons why focusing on digital inclusion is so important right now

Summary

Both speakers recognize that language barriers make users more vulnerable to cybersecurity threats because they cannot identify suspicious content in languages they don’t understand

Topics

Cybersecurity | Multilingualism | Digital access

Government policy and procurement can drive multilingual adoption

Speakers

– Manal Ismail
– Jennifer Chung
– Theresa Swinehart

Arguments

Governments should integrate multilingual support into digital accessibility laws, procurement requirements, and national digital transformation strategies

De-incentivizing non-compliance through procurement processes and requiring Universal Acceptance readiness reporting in tenders

Soft enforcement mechanisms include education system requirements, government agency leadership by example, and procurement policy preferences

Summary

All speakers agree that government policy, particularly through procurement processes and regulatory frameworks, can create effective incentives for multilingual internet adoption

Topics

Legal and regulatory | Data governance | Digital access

Cultural diversity | Multilingualism | Human rights principles

Unexpected consensus

Economic benefits of multilingual internet access

Speakers

– Theresa Swinehart
– Sophie Mitchell
– Manal Ismail

Arguments

Multilingual internet access creates economic opportunities by connecting businesses with previously unreachable consumer populations

Capacity building and digital skills training in native languages increases economic participation and civic engagement

Incentive-based approaches like tax breaks, grants, and public-private partnerships can encourage private sector adoption of multilingual technologies

Explanation

While the discussion was primarily framed around cultural preservation and digital rights, there was unexpected strong consensus on the business case and economic benefits of multilingual internet access, suggesting market-driven solutions alongside policy approaches

Topics

Economic | Digital business models | Multilingualism

AI and technology as both opportunity and threat for language diversity

Speakers

– Sophie Mitchell
– Audience
– Christian Daswon

Arguments

Question whether AI translation will accelerate multilingual internet or be part of the problem

Northern Sami Wikipedia seeing 88% bot/AI traffic vs 12% human traffic, with AI desperately trying to learn the language

In the era of advancing AI and LLMs, there are data-rich languages and many data-poor languages creating new challenges

Explanation

There was unexpected consensus that AI presents both opportunities and risks for language diversity – while AI systems are actively seeking to learn minority languages, they may also create new forms of digital divide between data-rich and data-poor languages

Topics

Digital standards | Multilingualism | Technical Solutions and Infrastructure Development

Overall assessment

Summary

The speakers demonstrated remarkably high consensus across multiple dimensions: the need for paradigm shift from English-first to multilingual-by-design thinking, the essential role of multi-stakeholder collaboration, the importance of government policy in driving adoption, and the recognition that language barriers create both cultural and security vulnerabilities. There was also unexpected agreement on economic benefits and the dual nature of AI as both opportunity and threat for language diversity.

Consensus level

Very high consensus with strong alignment on fundamental principles, implementation strategies, and the urgency of action. The implications are significant as this level of agreement among diverse stakeholders (technical, policy, civil society, government) suggests strong potential for coordinated action and indicates that the multilingual internet movement has moved beyond awareness-building to practical implementation planning. The consensus also validates the approach of treating language inclusion as core digital infrastructure rather than optional feature.

Differences

Different viewpoints

Scope of organizational mission regarding oral-only languages

Speakers

– Toral Cowieson
– Sophie Mitchell

Arguments

Unicode Consortium focuses on written languages, leaving gaps in supporting oral-only languages that lack written representation

Australia has lost about half of its 250 Indigenous language groups due to colonization, with many remaining languages endangered and originally oral rather than written

Summary

Toral explicitly stated that Unicode’s mission is limited to written languages and cannot address oral-only languages, while Sophie discussed the need to preserve oral Indigenous languages. This represents a gap in coverage rather than disagreement on approach.

Topics

Digital standards | Multilingualism | Cultural diversity

Unexpected differences

Role of AI translation in multilingual internet development

Speakers

– Sophie Mitchell

Arguments

Digital inclusion gaps exist not just in access but in meaningful connectivity, with people using internet only for basic functions like social media rather than essential services

Explanation

Sophie raised uncertainty about whether AI translation would help solve multilingual internet challenges or potentially reduce the need for true multilingual internet development. This was an unexpected point of ambivalence in an otherwise unified discussion, though other speakers didn’t directly address this concern.

Topics

Digital standards | Multilingualism | Digital access

Overall assessment

Summary

The discussion showed remarkable consensus among speakers on both the problems (language barriers to digital inclusion) and solutions (multilingual-by-design approaches, government incentives, stakeholder coordination). The few disagreements were primarily about organizational scope limitations rather than fundamental approaches.

Disagreement level

Very low disagreement level. This consensus suggests strong alignment in the multilingual internet community but may also indicate potential groupthink or lack of diverse perspectives on implementation challenges. The unified approach could facilitate coordinated action but might benefit from more critical examination of different strategies and their trade-offs.

Partial agreements

Cultural diversity | Multilingualism | Human rights principles

Takeaways

Key takeaways

Language inclusion must be treated as a foundational pillar of digital infrastructure, not an afterthought or localization add-on

A paradigm shift from ‘English first’ to ‘multilingual first’ thinking is essential, with Universal Acceptance designed in from the beginning

Technology should serve languages rather than forcing languages to adapt to technological limitations

No single organization can solve multilingual internet challenges alone – success requires coordinated multi-stakeholder collaboration

Digital inclusion through language accessibility creates both social benefits (cultural preservation, safety, civic participation) and economic opportunities (reaching new consumer populations)

The underlying technology for multilingual internet largely exists, but awareness, implementation, and coordination are the primary barriers

Language barriers create safety risks online as users cannot identify suspicious content in unfamiliar languages

90% of world’s languages might become extinct by end of century without digital preservation efforts

Meaningful connectivity requires more than just internet access – it needs language accessibility, digital skills, and relevant content

Resolutions and action items

Individual participants committed to contacting two people in their networks to raise awareness about multilingual internet opportunities

Coalition on Digital Impact (CODI) established as coordinating mechanism for stakeholders working on language inclusion (accessible at codi.global)

CODI to conduct surveys of last-mile connectivity providers to identify what tools and support they need for language inclusion

CODI to gather data showing that language-inclusive tools increase internet usage to provide business case for implementation

ICANN to continue Universal Acceptance education through university modules, hackathons, and partnerships

Participants encouraged to integrate language awareness into existing educational curricula and professional programs

Government agencies and organizations urged to lead by example by implementing multilingual technologies in their own operations

Stakeholders to treat language inclusion as requirement in procurement processes and tender evaluations

Unresolved issues

How to effectively support oral-only languages that lack written representation in digital systems

Whether AI translation will accelerate multilingual internet adoption or become part of the problem by reducing incentives for native language development

How to balance open licensing needs for AI language model training with language communities’ concerns about giving up ownership rights

Specific mechanisms for quantifying and demonstrating the economic benefits of multilingual internet investment

How to address font rendering and accessibility tool limitations that prevent website creators from implementing native languages

Strategies for overcoming the vicious cycle where lack of demand reduces supply incentives and vice versa

How to scale successful local initiatives to global implementation

Methods for ensuring cultural context and localization beyond literal translation

Suggested compromises

Soft enforcement mechanisms for Universal Acceptance readiness through education, procurement preferences, and leading by example rather than regulatory mandates

Phased approach to procurement requirements – first prioritizing contractors with multilingual capabilities, then eventually making it mandatory

Working simultaneously on supply and demand sides – creating user awareness while building technical capabilities

Integrating language inclusion modules into existing educational programs rather than creating entirely new curricula

Focusing on strengthening and coordinating existing initiatives rather than launching new competing programs

This comment was particularly insightful because it called out the hypocrisy within the very community discussing linguistic inclusion. Using the Animal Farm metaphor, he pointed out how even multilingual advocates default to English-dominant behaviors in practice.

Impact

This comment created a moment of uncomfortable self-reflection that was evident in Sophie Mitchell’s response, where she admitted to ‘ruminating’ on his point. It challenged the audience to examine their own practices, not just advocate for policy changes.

Overall assessment

Explanation

Better data on the concrete benefits of language inclusion could help unify different stakeholders around common goals and justify investments

Day 0 Event #257 Enhancing Data Governance in the Public Sector

Session at a glance

Summary

This discussion focused on enhancing data governance in the public sector, featuring experts from Latin America, the United States, and Papua New Guinea who examined challenges and opportunities in implementing effective data governance frameworks. Luca Belli from Brazil emphasized that while over 150 countries have adopted data protection laws, including all BRICS nations, these laws are necessary but insufficient for successful digital transformation. He argued that countries must complement data protection legislation with strategic investments, multi-stakeholder governance, and locally-adapted solutions rather than copying policies from developed nations. Belli highlighted successful examples from BRICS countries, particularly India’s Digital Public Infrastructure (DPI) approach and China’s substantial investments in domestic technology development.

Chelsea Horn from American University outlined the fundamental components of data governance, including data stewardship, usage controls, security measures, and quality metrics. She stressed that effective data governance requires breaking down silos within government, fostering collaboration, and building public trust through ethical data handling practices. Horn emphasized the importance of standardized frameworks and training as relatively low-cost starting points for improving data governance.

Nancy Kanasa from Papua New Guinea provided a practical perspective on implementing data governance in a developing nation context. She explained that Papua New Guinea recently approved its National Data Governance and Data Protection Policy in September, prioritizing governance over protection due to existing institutional challenges. Kanasa highlighted significant obstacles including fragmented data ecosystems, limited civil society input in policy development, infrastructure constraints, and cultural resistance to change within government departments. The discussion concluded with recognition that successful data governance implementation requires addressing both technical and cultural barriers while ensuring that solutions are contextually appropriate and financially sustainable for developing nations.

Keypoints

## Major Discussion Points:

– **Data protection laws are necessary but insufficient for effective digital transformation** – Luca Belli emphasized that while over 150 countries have adopted data protection laws, these alone don’t drive innovation without accompanying investments, multi-stakeholder cooperation, and practical implementation strategies.

– **Multi-stakeholder governance is critical for both policy development and implementation** – All panelists stressed the importance of involving government, private sector, academia, and civil society in data governance frameworks, with particular emphasis on building public trust and ensuring inclusive policy-making processes.

– **Developing countries need context-specific approaches rather than copying developed nation models** – The discussion highlighted how countries like India (with Digital Public Infrastructure) and China (with massive industrial investment) have created innovative solutions tailored to their specific circumstances and capabilities.

– **Cultural and institutional barriers pose significant challenges to data governance implementation** – Nancy Kanasa from Papua New Guinea illustrated how government departments resist data sharing due to siloed thinking, fear of change, and misunderstanding of data governance concepts, representing broader challenges faced by developing nations.

– **Breaking down data silos while maintaining security requires balancing openness with protection** – The panel explored the tension between enabling data sharing for better public services (like one-stop citizen services) and maintaining robust data protection, particularly in resource-constrained environments.

## Overall Purpose:

The discussion aimed to examine practical approaches for enhancing data governance in the public sector, particularly focusing on challenges and opportunities in developing countries. The session sought to share lessons learned from different regional experiences (BRICS countries, Pacific Islands) and provide actionable insights for building effective, inclusive data governance frameworks that can support digital transformation while protecting citizen rights.

## Overall Tone:

The discussion maintained a pragmatic and collaborative tone throughout, with speakers acknowledging both opportunities and significant challenges in implementing data governance. The tone was notably realistic rather than overly optimistic, with panelists candidly discussing failures and limitations alongside successes. There was a consistent emphasis on learning from diverse global experiences rather than promoting one-size-fits-all solutions. The conversation became increasingly focused on practical implementation challenges as it progressed, particularly around cultural change and resource constraints, reflecting the real-world complexities faced by practitioners in this field.

Speakers

**Speakers from the provided list:**

– **Judith Hellerstein** – Moderator of the session on “Enhancing Data Governance in the Public Sector”

– **Sarai Tewita** – Online moderator, handling questions from online audience participants

– **Luca Belli** – Professor at FGV Law School in Rio de Janeiro, Director of the Center for Technology and Society, expert in data governance with focus on Latin America and BRICS countries

– **Chelsea Horn** – Senior lecturer at American University in Washington DC, Co-president of the Washington D.C. Internet Society chapter, expert in data protection, privacy and security concerns

– **Nancy Kanasa** – Lead for data governance and data protection within the Department of ICT with Papua New Guinea government

– **Audience** – Various audience members asking questions during the Q&A session

**Additional speakers:**

– **Guy Berger** – Working with the G20 on data governance in the public sector

– **Robert Sun** – Online participant from Cambodia who submitted questions

Full session report

# Enhancing Data Governance in the Public Sector: A Comprehensive Discussion Report

## Introduction and Context

This discussion on “Enhancing Data Governance in the Public Sector” brought together international experts to examine the challenges and opportunities in implementing effective data governance frameworks, particularly in developing countries. The afternoon session was moderated by Judith Hellerstein, with online moderation by Sarai, and featured perspectives from Latin America, the United States, and Papua New Guinea. The conversation addressed the critical gap between policy development and practical implementation, exploring how countries can build robust data governance systems that serve both citizen needs and national development goals.

## Key Participants and Their Perspectives

The discussion featured three primary speakers, each bringing distinct regional and professional perspectives. Lillian Nalwoga was originally scheduled to speak but her plane was delayed.

Luca Belli, Professor at FGV Law School in Rio de Janeiro and Director of the Center for Technology and Society, provided insights from his extensive work on data governance across Latin America and BRICS countries. His perspective emphasized the importance of digital sovereignty and context-specific solutions for emerging economies. He noted that materials from his research are available at cts.fgv.br and cyberbrics.info.

Chelsea Horn, Senior Lecturer at American University in Washington DC and Co-president of the Washington D.C. Internet Society chapter, offered expertise in data protection, privacy, and security concerns from a developed country perspective. Her contributions focused on the technical and structural components necessary for effective data governance frameworks.

Nancy Kanasa, Lead for data governance and data protection within the Department of ICT with Papua New Guinea government, provided crucial real-world insights from a developing nation context. Her practical experience implementing data governance policies offered grounding for the theoretical discussions and highlighted the cultural and institutional challenges faced by practitioners.

Additional contributions came from Guy Berger, working with the G20 on data governance in the public sector, and Robert Sun, an online participant from Cambodia, who raised important questions about metrics and implementation challenges.

## The Insufficiency of Legal Frameworks Alone

A central theme throughout the discussion was the recognition that data protection laws, while essential, are insufficient for achieving effective digital transformation. Luca Belli emphasized this point strongly, noting that while over 150 countries have adopted data protection laws, including all BRICS nations, these laws represent only the beginning of the journey towards effective data governance.

Belli argued that “data protection law is essential, but really not enough to be able to foster a sustainable digital transformation.” He stressed that countries must complement data protection legislation with strategic investments, multi-stakeholder governance, and locally-adapted solutions rather than simply copying policies from developed nations.

This perspective was reinforced by Nancy Kanasa’s practical experience in Papua New Guinea, where she observed that government departments often prioritize technical infrastructure over governance frameworks when implementing data protection measures. She explained that “when I say data protection, it is the technical part of data protection… they think it’s to do with the infrastructure. So they put more effort in the infrastructure and not the framework, the governance framework.”

## Implementation Challenges and Regional Perspectives

### The Implementation Gap

The discussion revealed a significant gap between policy creation and implementation across different contexts. Belli noted that countries like Brazil excel at stakeholder input during policy creation but struggle with stakeholder participation during implementation phases. He highlighted Brazil’s success in digitizing more than 4,200 public services but noted ongoing challenges in ensuring effective governance of these systems.

Chelsea Horn addressed this challenge by outlining five fundamental components necessary for effective data governance: clear data ownership and stewardship, usage controls and policies, defined circumstances for data use, robust collection, storage, processing, and security protocols, and compliance metrics. She emphasized that these components must work together systematically rather than being implemented in isolation.

### BRICS Countries and Innovation Examples

Luca Belli highlighted successful examples from BRICS countries, particularly praising India’s Digital Public Infrastructure (DPI) approach and specifically mentioning the DEPA (Digital Data Empowerment and Protection Architecture) as a concrete example of innovative governance frameworks. He argued that emerging economies often develop innovative strategies precisely because of resource constraints, leading to more creative and locally appropriate solutions.

Belli’s analysis of digital sovereignty was particularly noteworthy, as he defined it as countries’ ability to “understand, develop, and regulate technologies domestically to exercise control and self-determination.” This concept extends individual data protection principles to the national level, addressing concerns about technological dependence on foreign platforms and infrastructure.

### Pacific Island Nations’ Unique Challenges

Nancy Kanasa provided detailed insights into the specific challenges faced by Pacific Island nations, using Papua New Guinea as a case study. She explained that Papua New Guinea recently approved its National Data Governance and Data Protection Policy in September, deliberately prioritizing governance over protection due to existing institutional challenges. She noted that expatriates often questioned why they put “data governance and data protection” rather than “data protection and data governance” in their policy title.

Kanasa highlighted several significant obstacles, including fragmented data ecosystems, limited civil society input in policy development, infrastructure constraints, and cultural resistance to change within government departments. She noted that “most of the policies that are drafted within the government from my country, we don’t have much input from the civil society that we really need.”

Currently, the police clearance certificate is the only government service working online in Papua New Guinea, illustrating the early stage of digital transformation. The country is also exploring the global cross-border privacy rules framework as part of their governance approach.

## Multi-Stakeholder Governance and Capacity Building

### The Critical Role of Civil Society

All panelists emphasized the importance of multi-stakeholder governance, though they acknowledged significant gaps in current practice. Chelsea Horn stressed that civil society partnerships are crucial for building public trust by providing impartial oversight and transparent research about government data practices.

However, the discussion revealed substantial challenges in achieving meaningful stakeholder engagement. Nancy Kanasa’s candid admission about the lack of civil society input in Papua New Guinea’s policy development process highlighted how multi-stakeholder rhetoric often fails to translate into practice.

### Skills and Capacity Challenges

The discussion highlighted significant capacity challenges across different contexts. Luca Belli noted that Brazil alone needs 700,000 cybersecurity professionals, illustrating the scale of the skills gap in data governance and cybersecurity. This shortage affects both the public and private sectors’ ability to implement effective data governance frameworks.

Nancy Kanasa described Papua New Guinea’s establishment of a National Data Governance Steering Committee to provide coordination and ensure multi-stakeholder input, as well as the launch of a secure data actions platform in 2024 as practical steps toward building capacity.

## Technical Challenges and Global Platform Dependence

### Infrastructure and Platform Dependencies

A significant concern raised during the discussion was the dominance of global technology platforms and infrastructure providers. Luca Belli noted that “most people in the global south… are primarily connected to social media of one enterprise… the way in which their data are hoovered and processed is not defined by the law but is defined by the very same corporation.”

He provided a specific example of how Meta.ai is automatically downloaded and people contribute data for free, illustrating how platform dependencies can undermine national data governance efforts regardless of strong national laws. The discussion highlighted how the dominance of few cloud infrastructure providers (AWS, Microsoft Azure, Google Cloud) can challenge effective data governance.

### Emerging Technology Considerations

Guy Berger raised questions about the integration of AI and other emerging technologies into public services, asking about the implications for data governance frameworks. The discussion touched on how countries need to consider these evolving technologies when designing governance frameworks, though specific solutions remained largely unresolved.

## Practical Implementation Strategies

### Low-Cost Improvement Approaches

The discussion identified several practical, low-cost approaches for improving data governance implementation. Chelsea Horn suggested that countries could begin with creating structured frameworks, standardizing data definitions, and investing in training programs through organizations like the International Telecommunication Union (ITU).

Luca Belli emphasized the importance of making solutions “cheap and easy” to implement, contrasting this with current data protection laws which are often perceived as difficult and costly. He mentioned GovStack as one example of available open-source solutions that countries could leverage, and suggested building on countries’ existing strengths rather than attempting to build comprehensive systems from scratch.

### Balancing Protection and Sharing

The conversation highlighted ongoing tensions between data protection and beneficial data sharing. While Chelsea Horn emphasized the need for robust protection frameworks, audience members argued for equal attention to both protection and sharing to enable accountability and innovation, including local AI development.

Nancy Kanasa’s approach in Papua New Guinea of prioritizing governance frameworks before protection measures illustrated one strategy for addressing this balance, though she acknowledged this approach faced resistance from some stakeholders who expected protection to come first.

## Audience Engagement and Unresolved Questions

The session included audience participation with two microphones available for questions. Robert Sun from Cambodia raised important questions about metrics and measurement of data governance effectiveness, highlighting the need for better evaluation frameworks.

Other audience members contributed perspectives on balancing data protection with data sharing for accountability purposes, and the importance of ensuring that governance frameworks enable rather than hinder beneficial uses of data for public good.

## Key Takeaways and Future Directions

The discussion revealed several areas of strong consensus among the diverse participants. All agreed that data protection laws alone are insufficient for effective digital transformation, that multi-stakeholder governance is essential, that context-specific solutions are needed rather than copying developed nation models, and that cultural and organizational barriers present major implementation challenges.

However, significant challenges remain unresolved, including how to break down data silos between government departments, how to overcome cultural resistance to change within government agencies, how to address fundamental dependency on foreign infrastructure providers while maintaining sovereignty, and how to build adequate skills and capacity for effective implementation.

The conversation demonstrated that successful data governance implementation requires addressing both technical and cultural barriers while ensuring that solutions are contextually appropriate and financially sustainable. The emphasis on practical, low-cost improvements and the recognition that emerging economies often develop innovative strategies due to resource constraints provides hope for creative solutions to persistent challenges.

Ultimately, the discussion highlighted that data governance remains a complex and evolving challenge requiring ongoing dialogue between academics, practitioners, and civil society to bridge the gap between policy aspirations and practical realities. The path forward appears to require continued collaboration and adaptation as countries work to develop governance frameworks that serve their specific contexts and needs.

Session transcript

Judith Hellerstein: Good afternoon. Thanks for everyone. We are starting in a few seconds. So if everyone can take a seat we are going to our session today on enhancing data governance in the public sector. I am Judith Hellerstein. I am going to be the moderator along with my online moderator over here, Sarai. And today’s session is Enhancing Data Governance in the Public Sector. We will have representation from Luca Belli is at the end. He is from the Latin American Caribbean He is an expert in data governance. Next to him is Chelsea Horn. She is a professor at American University on data governance as well as being the co-president of the Washington D.C. Internet Society chapter. And then our host is Nancy Kanasa with the government of Papua New Guinea and we are also talking about the use case of data governance in Papua New Guinea. Again, I am Judith Hellerstein and this… This is Sara, and for those who are online, Sara will be working to get your questions and answers to you, and also maybe to hopefully feature some of you. I will gather questions from the audience, and we have two mics on either side, so when we start the Q&A, we’ll ask you to come up to the mic and give your name and what sector you’re from. Thanks so much, and let me turn it over to Luca, who will be our first presenter. Thank you.

Luca Belli: Good morning. Thank you very much, Judith and friends, for organizing this panel. I think I will take off my headphones not to hear myself. I think you can hear me. My name is Luca Belli. I’m a professor at FGV Law School in Rio de Janeiro, where I direct the Center for Technology and Society there, and over the past years, we have done quite a few research on several topics related to data governance and in the public sector, especially in two of our main areas of focus, which is Latin America and the BRICS grouping, so Brazil, Russia, India, China, and South Africa, plus the six new countries that have adhered as of last year. The ideas I want to share are directly related to the research we have conducted over the past years, and everything actually I’m mentioning is available in open access on the website of our Center, cts.fgv.br, and also on the dedicated website of our CyberBRICS project that analyzes and compares the digital policies of the BRICS grouping, which is cyberbrics.info. So the first thing that I want to stress is that I think over the past… Especially since the pandemics, we have witnessed a great scramble to digital transformation in most countries, but not necessarily all countries organize it in a very structured and coherent way. And even if we have heard over the past 15 years that data is the most valuable asset or a new asset class, there is this difference between the type of policies that are usually adopted, especially data protection policies that is essential for digital transformation, but then what happens in practice in terms of leveraging data for digital transformation, especially of the public sector. And here I think that some of the initiatives that we have mapped in the BRICS grouping could be very interesting. The first example that could come to my mind is the fact that China, all BRICS members have adopted data protection laws over the past years, but I will get into this in a couple of minutes. Before this, I would like to mention also some interesting complementary initiatives that make the adoption of data protection more meaningful, especially for the public sector. First, investments and very well-focused industrial policy in China is a very good example, but also investment in innovation. And here I think that India comes to mind, creating digital public infrastructures precisely to digitize public services through open software, interoperable software. And then Brazil has been also leading the path in terms of digitalization of public services. There are now more than 4,200 public services that have been digitized in Brazil over the past five years, which is quite a record. Brazil is also investing in the creation of data spaces. to make the use of data, local use of data more easy, particularly for the government. And here our research on digital transformation encounters two other streams of our research, one on data protection and the other one on digital sovereignty. The one on digital sovereignty that we have developed over the past five years, it’s really about understanding to what extent these countries have managed to understand, develop and regulate digital technologies, which is how we define it, digital sovereignty, understanding, developing, regulating digital technologies in order to exercise control, power, self-determination over the technology. And this is actually, it makes it easy to connect it to data sovereignty, meaning being able to understand how data intensive technology function, develop them ideally domestically and regulate them effectively. Actually, if you take our Brazilian data protection law, one of the key principles is informational self-determination. So the fact that every individual must be able to control data, to know how data is used and by whom. And you can, what we stress in our research on data sovereignty is that you can think about it also in a collective fashion. So not only the individual being able to understand how data is used and control it, but also the nation itself being able to understand who is hoovering up data, how data are utilized and with whom are shared. So this is also something that we have stressed and analyzed deeply in our research and also then coming back to my first point, the essential nature of data protection laws, which is something that all BRICS members have adopted over the past 10 years, especially over the past five and more than 150 countries in the world have adopted, including Most of global south countries have already adopted data protection law, but then why you may wonder people are not developing an enormous quantity of Data driven innovation if there is all such legislation well because the data protection law is essential Is necessary but not sufficient. So if you don’t also articulate it with investments and with multi-stakeholder Cooperation and here I’m speaking about multi-stakeholder governance not to pay lip service to multi-stakeholder Thinking or philosophy if you want, but to really thinking about the government working with the private sector working with academics Working with civil society actors to identify how data could be used by whom to direct investment and finding because this innovative Research that can be elaborated by researcher then translates into products and services and to keep it in so Regulated that those who maintain the control on the data are the individual users but also those who reap the benefit of it is the local community and not necessarily a Let’s say a handful of global corporations that are in this moment hoovering all data from global south and Let’s say giving back Not a lot after at least in fiscal terms. And so yeah, that’s my what are my initial provocations on this issue stressing that’s this this all the elements I’ve shared are freely available online and Yeah, I think that we have to be if I can give also a provocation and the suggestion We have to be a little bit more critical on how we Translate the nice policies and regulation we spend a lot of time to developing into concrete action and I think that for this Both investments and multi-stakeholder governance are critical

Judith Hellerstein: Thanks so much Luca for your presentation will next move over to Chelsea and she’s also going to talk about some of the biggest challenges that countries face when trying to get started with data governance in the public sector. So I’ll move over to Chelsea.

Chelsea Horn: Thank you Judith. Hello and good afternoon. My name is Chelsea Horne and I am a senior lecturer at American University in Washington DC. So thank you for having me and thank you in particular to Judith and to Nancy, our organizers. It’s an honor to be a part of this really important discussion. My research focuses on data protection and in particular in privacy and security concerns, but today my remarks be more at a high level. So I want to give more of an overview of some of the major concerns that we should be thinking about when we talk about data governance. When we talk about data governance it might sound like something that’s massive and has a lot of complexities. It’s because it does, but fundamentally at its core it’s something about, it’s something very simple. It’s just thinking about how we collectively manage and how we use people’s information and it’s hopefully with the aim of improving the lives and bettering our communities. So that’s the ideal version of data governance. So thinking about a quick overview or what are some of the major questions we think about data governance. It’s to think about five things. First, who is responsible for what data? So thinking about data ownership and stewardship. Do we have data stewards? Who’s taking control of it? Is there somebody in charge? Are there multiple departments? But thinking about who is responsible for what data. Secondly, what actions can be taken with specific data? So thinking about controls, settings, usage policies, what can be done with the data that’s being collected. Third, when and what and under what circumstances data can be used. Fourth, how data is collected, stored, processed and secured. So thinking about, that’s a very big one, it’s a and Laura. I will say it quickly, but that’s a massive part of data governance, making sure that the collection storage, processing and security of these data is very well thought out. And finally, fifthly, having metrics for measuring the data quality and compliance, so making sure that there are checks in place to make sure that the data governance frameworks are being applied correctly, accurately and effectively. And finally, the last but not least, making sure that we are able to optimize the value of data while mitigating the risks, ensuring compliance, and building public trust. Effective data governance is not just a bureaucratic exercise, it’s a foundation for delivering essential public services more efficiently. It’s about safeguarding privacy, fostering trust in institutions and making sure that the power of data is harnessed ethically and effectively. So, to conclude, I would like to highlight a couple of key considerations, first, a solid data governance plan, sorry, a solid plan for data governance is crucial, as it ensures information is managed wisely and it enables governments and the public sector to make better decisions and deliver more effective strategies. Second, to make sure that we’re fostering broad collaboration, that we’re breaking down data silos within the government, and as well as making sure that we’re actively engaging the public sector in the data governance process. And third, and finally, to think about how we are going to be building trust and ensuring ethical use by establishing these robust data governance frameworks that make sure that they protect privacy, prevent misuse, and that they ensure that the data is handled in an ethical and meaningful fashion. So, I’ll finish my remarks there.

Judith Hellerstein: ≫ Thanks so much for setting the scene there. And next we’ll talk about, move over to Nancy Kanasha, who’s really talking about a news case in her country in Papua New Guinea where data governance is a pretty new concept and idea and also where they just passed last year a data protection and data privacy policy and they’re working on creating a data governance law and data protection law which is all very new concepts for people in Papua New Guinea who haven’t really had that much experience on privacy issues and data governance.

Nancy Kanasa: Thank you, Judith. Good afternoon, everyone. I’m Nancy Kanasa. I lead data governance and data protection within the Department of ICT with Papua New Guinea government. It is a privilege to share our journey towards building an all-of-government approach to managing data responsibly and securely. In Papua New Guinea, data governance is still a very new concept for us, for the government. The agenda is also new, but it’s one that is rapidly gaining traction recently due to digital transformation reforms. Most government departments prioritize data protection over data governance. And when I say data protection, it is the technical part of data protection. As the department responsible for ICT policy and coordination across government, the Department of ICT plays a central role in shaping how data is managed, shared and protected. The department is also a very new established department. In 2020, the department started implementing the need for digital transformation reform across all of government. One of these reforms came to be data governance and data protection. All government departments face fragmented inconsistencies. The National Data Governance and Data Protection Policy was approved and came into effect on September. The National Data Governance and Data Protection Policy, this policy is for all of government departments and any actors that come to make business with government departments in regard to data. The policy establishes clear principles for data handling, including transparency, purpose limitation, and data minimization, which are core tenets of the European GDPR. We are also exploring adoption of the global cross-border privacy rules framework, which we believe will help us align with global best practices and enable secure data exchange across borders, which is a critical step towards Papua New Guinea’s participation in the global digital economy. Why are we leading this work in data governance? The decision for the Department of ICT to lead this work is driven by real and urgent challenges that we’re facing as a third world country. Fragmented data ecosystem, inconsistent practice across agencies, and limited use of data for informed decision making. Without proper data governance, digital transformation efforts risk falling short. That’s why we’re moving now to improve transparency, public trust, and more strategic national planning. Our current implementation is the policy framework. We’re looking at a centralized oversight, a national data governance steering committee which is currently in progress to provide eye level coordination and ensure multi-stakeholder input from government, civil society and all the actors. Secure interoperability. Our secure data actions platform was launched in 2024. It has now been piloted across ministries. For instance, citizens can access, can already access police clearance certificate online and that is the only government service online across all of government that has been piloted and is currently working. The key challenges that we have like any other countries, we have gaps in digital transformation, legal alignment and workforce skills and we also need deeper engagement from communities, academics and the private sector to fully realize our goals. From the government, working from the government, I can truly say that the government, most of the policies that are drafted within the government from my country, we don’t have much input from the civil society that we really need. So when policy is drafted and when it’s approved and we come to realize that the civil society kind of have no say in the policy. So they kind of, we see that they are kind of left out from what has already been established. So like I said, like many other developing nations, Papua New Guinea face infrastructure limitation, gaps between policy and departmental practice, financial and human resource constraint, and public awareness. We need a lot of public awareness in regard to data and data governance and the need for framework, governance framework, multi-stakeholder collaborations. So to conclude, I want to thank my fellow speakers and our moderators. Thank you.

Judith Hellerstein: Thanks so much, Nancy. We were supposed to have another speaker, Lillian Nalwoga, but her plane got delayed and she only just landed. So she is not going to be able to give her part. But it just means that we’ll have a lot more time for questions and answers from you. And I just wanted also to make sure that people line up on either side and also that we have any questions from our online audience. I’ll first turn to online. Do we have any questions? Not yet. Not yet. OK. Well, I have some other questions right now until we get some other questions from the audience. But we would love to hear your questions and comments. But first, I’ll ask Luca, what lessons can we learn from digital transformation and data governance in the BRICS countries that you’ve mentioned? And if you can elaborate a little bit more on that.

Luca Belli: Yeah, I think that one of the main points that could be learned is that adopting data protection law by itself is essential, but really not enough to be able to foster a sustainable digital transformation. The elaboration of the policymaking that to be of high quality must be as inclusive as possible. And here, I think that’s something that, again, one has to. to mention, to praise multi-stakeholder approach, not only for the sake of multi-stakeholder reason, because if it is organized in an effective and efficient way, multi-stakeholder participation really increases a lot the quality level of the output of the process, of the regulation that will be adopted. But then it’s also very important to use this, to leverage this in the implementation. And it has a cost to implement a policy, of course. And this is why, for instance, if we take the example of data protection, we have seen over the past 10 years at least sometimes very intense criticism about the law, because it increases the cost. But then it increases the cost if you consider compliance with it as a cost and not as an opportunity to have a far to it. We have actually new types of businesses, of products and services that can be created to comply with the law. And actually that is very interesting. It is precisely what happens in India, where they are leveraging DPIs to implement the law. And I think that sometimes it’s very interesting to study developing countries precisely, because as they don’t have the same level of institutional maturity and the same type of resources of highly developed countries, they have to find some different strategies to be effective. And I think that the Indian strategy, everyone knows about the ADAR, which is the digital identity, but a few people know about the DEPA, the Digital Data Empowerment and Protection Architecture, which is a software, a constant manager that allows people, data subjects, to manage the concept to personal data. And that is in use since at least 80 years in the financial sector. It is going to be… widen up to all type of data now with the entering force of the Digital Personal Data Protection Act 2023. And so that is a very interesting, I think, case study to understand that if you are in a developing world and you know that your citizenry does maybe not have the skills to understand very well the law, you know that it is not easy to implement the law, copying and pasting from Europe is not necessarily the best option. First, because as any good academic, I would tell you that you should not copy and paste, but you should study. You should study what the others have done and what are the reasons why it may have succeeded or failed. And so I think that the Indian example to leverage the DPIs and the software skills that they have to help implement this is something very interesting. The Chinese example of putting billions to construct new products and services that can already bake the values that their law, the people, the personal information protection law embeds into legislation is also something very interesting. I think that Brazil is very unique in terms of multi-stakeholder governance, but I’m a little bit critical because the Brazilian approach is very good for policy suggestions, to gather stakeholder inputs, to shape, to elaborate the policy, but it’s quite limited in stakeholder participation, multi-stakeholder governance for implementation, which is what the Indians are very good at. So I think that there is a lot to be learned from studying developing world, if we can use this term, approaches to data governance, and maybe not only focusing on the most developed countries.

Judith Hellerstein: Thanks so much for that very elucidative answer. My next question will be… to Chelsea and it is question is how can public sector bodies effectively partner with civil society organizations? I mean Nancy touched on it but a bit that it’s very difficult sometimes to partner with the from governments to partner with civil society or academia or private sector how can they do that and strengthen it build public trust but sometimes it’s not very strong with government and others and so I’ll let you answer that question. Thank you Judith.

Chelsea Horn: You touched upon it in your question itself but one of the reasons why having a multi-stakeholder approach and talking and working for the government to talk and work with civil society, academia, NGOs and other types of outside of government agencies is exactly to build that public trust. Sometimes there can be suspicions of why government is collecting data even if there’s the government is putting forward information saying that this is how we’re using your data why we’re using it what we need it for and how we’re going to protect it there still might be some type of suspicion or worry about governments owning and using that type of sorry not owning using and collecting that type of data so what the civil society and other members of the multi-stakeholder group can offer is in theory and hopefully in practice an impartial view and opportunity to research and transparently provide information about how and what the government is doing with that data so those partnerships are absolutely crucial in making sure that we’re ensuring transparency but not just for it to say that we are doing transparency but making sure that it is credible rigorous and informative for the general public so the the trust element and how the multi-stakeholder approach can offer that trust in an imperical matter its really really critical and why those partnerships are really important and how we aproach them.

Judith Hellerstein: Thank you so much. We do have an online question and I’ll give it to Sarai to represent who the online question is from.

Sarai Tewita: Thank you, Judith. Good afternoon. This is a question from Robert Sun from Cambodia. I think this relates to Luca’s comments and presentation. Do you have a report on data governance that I can download? And question two, are there any metrics for platform or applications to ensure data sovereignty?

Luca Belli: Can I reply that? Yeah. I have quite a few reports and publications on this. I think that pretty much all of them are in open access. There is a nice website called cyberbricks.info where you can literally find dozens of reports, including on data sovereignty. And again, let me also stress, because I’m fairly aware that when one uses the S word of sovereignty, a lot of people get a little bit nervous. And rightly so, because there are conceptions of the digital or data sovereignty notion that flirt very much with authoritarianism and protectionism. But there are also others that are very much based into promoting national development, national competition and empowering people through technology. Actually, we have a book called Digital Sovereignty in the Bricks that was published in December by Cambridge University Press. And you find it also freely available both on the website and Cambridge University Press and on our website that illustrates some of the examples of how this has happened in the BRICS countries. However, again, here I think that is my word of caution and I think that one should really make a difference between the policy and the declarations and then what happens in practice. That is why I think that leveraging multi-stakeholder governance also in the implementation and not only in the conception of the policy is key here. Because to translate the policies in concrete actions, you need to have this kind of coordination, communication and ideally cooperation. And it also costs money, obviously. It costs money, so that is why investments are critical. But if you have a well-focused industrial policy, then your investment really triggers a new area of products and services that are developed at the domestic level. And China or India are very good examples of this, to some extent South Africa as well. In Brazil, I think that there are a lot of paradoxes in Brazil and if I can just add a very interesting example of one of those paradoxes, as I was mentioning, Brazil has more than 3,200 public services, which is a stellar record. Brazil has data protection law since 2018, entering force in 2020 that mandates data security. Brazil is a data protection authority. Brazil has at least seven or eight different sectoral regulations in information security spanning from banking sector to telecom sector. So you might say, well, Brazil is heaven of data governance, right? Well, it is not. And there is actually ransomware and cyber incidents are booming in Brazil at the same time climbing the ranking of the most cyber secure countries, because it has adopted a lot of very interesting and very good policies, but also in the top five of the most attacked. and vulnerable countries. Why? Because data governance and data security and cyber security are still perceived as a cost and not as an opportunity to make. In this moment, there are more than 700,000 cyber security professionals that are needed in the country, so it would be 700,000 jobs that you would have created immediately if you were to invest in capacity building, for instance, right? So I think that if you start considering data governance not as a cost of compliance that everybody hates, but as an opportunity to make money, that I think is the secret ingredients to make a successful digital transformation. Because yes, it will cost money in training and in capacity building and infrastructure development, yes, of course, but after some years, you will have an enormous return on investment.

Judith Hellerstein: Thanks so much. Do we have another online question yet? Okay, so I’ll have another question. This is for Nancy. And the question is, how can Pacific Island nations develop resilient and inclusive data governance frameworks that not only look towards building trust within the government and capturing the data, but also uphold indigenous data sovereignty and support sustainable development?

Nancy Kanasa: Thank you, Judith. In the Pacific, I speak for Pacific because PNG is Papua New Guinea is in the Pacific. We have a lot of our context is quite different. I mean, every country is different. And the data governance initiative is very new for us. And I think we have to look at our context and the issues that are currently within our country and not follow just like Lucas said, just copy or cut and paste from a developed country and put it in because it will not work for us and that was some of the Some of the things that we’ve been doing in With the PNG government. We’ve came up with a policy and we were asked by a lot of Expatriates that we’ve worked with in regard to why did you put data? Governance and data protection and not data protection and data governance so looking back at that we have used cases in Use cases with other government departments and we’ve realized that data protection is not gonna solve our problem our problem is Governance, we like governance in all the government departments So I think that also goes with the other Pacific Islands, it’s we have to have data governance framework within and After that, we could have protection Data protection to come in place because in PNG we when you talk about data protection They in Papua New Guinea, sorry, they think it’s to do with The infrastructure So they put more effort in the infrastructure and not the framework the governance framework And this is one of the issue that we faced in my country and the Pacific. Thank you

Judith Hellerstein: Thanks so much do we have a question online yes, could you go to the mic Thank you so much and then introduce yourself to

Audience: Thank you to the panelists, my name is Guy Berger I’m working with the G20 on this data governance in the public sector. So I’ve got two questions quickly for Luca, question of procurement of systems in the public service. As we know, AI agents are going to be using incredible volumes of data in their autonomous and hard-to-trace ways and they will also likely feed data back to the vendor. And so the question is, as this technology becomes integrated in the public service, does it make a mockery of effective data governance possibility? My second question goes to Chelsea. Data protection, as you said, is especially important. I think we’ve seen this in the US with the centralization and abuse of data under Doge. But I want to ask you about the other side of data governance, because while upholding data security and data protection, there’s also governance that promotes data sharing inside the public service and open data for the outside, which of course can help with accountability, local AI development, etc. Shouldn’t one give equal attention to that side of data governance, not only to the data protection side? Thank you.

Luca Belli: Yes, I think that in your question, there was already a sort of answer I would hint to, which is the reason why I’m really keen on stressing that adopting data protection law is essential, but far from being sufficient to be sure that these values and obligations and rights are de facto correspond to the reality of how data are processed, right? And I think that you raise a very good point, which is the fact that pretty much everyone in the world, out of China and Russia, depends on a cloud infrastructure that is provided by three corporations, AWS, Microsoft Azure, and Google Cloud. And I think that’s a very good point. and well the Chinese have their own and they are exporting it globally as well and Russia depends on China so it’s not really so often in this but here’s the point if you if you spend a lot of time crafting the best possible data protection law and also lavish efforts into defining a very good institutional framework that can work well but at the end of the day the way in which data is processed is defined by the architectures of a specific service that and the way in which data is hoovered is defined by a few very dominant players it’s very it’s really useless and let me give you a very concrete example that I have been providing for the past 10 years I think and very few countries except India have understood this in most of the global south people don’t have access to meaningful connectivity they are connected to meta family of apps social media without entering into what this means for competition and democracy let’s focus on the data this means that most people in the global south in Brazil 78% of the population that does not have meaningful connectivity there is a very good report by SETIC of last year these people are primarily connected to social media of one enterprises so they are they are giving or even if you have the best possible law the way in which their data are hoovered and processed is not defined by the law is defined by the very same corporation that and let me give you a very explicit example about this and why there is difference between Brazil and India for instance in 2021 right in the middle of the pandemic meta announced that all data metadata of whatsapp would be merged with at the time meta did not exist yet but with Facebook and in the middle of the pandemic social distancing in distance in the global south whatsapp was the only way for communicating I if I had to book a COVID test, my pharmacy network only accepted booking it to WhatsApp, the WhatsApp business account of the pharmacy network. What does it mean? That it was simply not possible for the Global South to have the actually meaningful choice that was given in Europe. Do you want to accept this term or refuse them? So pretty much everyone in the Global South has accepted in January, between January and May 2021, that all their data are hoovered by WhatsApp and then transferred to Facebook and now Meta. Same thing with Meta.ai that has been automatically downloaded in all smartphones of everyone in the world. So what does it mean that everyone now is contributing data and trading for free Meta.ai and probably as we had reports in 2015 that people in several Global South countries, including Brazil, thought that WhatsApp was, that Facebook was the internet. I’m pretty sure, I would bet that in six months, maybe not even a year, we will have, if we do the same kind of survey in the Global South, people will think that Meta.ai is AI because they have understood very well what Lessig was writing 25 years ago, that you regulate technology not only by the law, but also by the code, by the architecture, and they are doing it very well. And that is what I think most countries in the world, except maybe China and India, have not understood yet. Brazil is doing a lot of effort to try to design its own solution, but the huge problem is that, well, usually governments start to work well after two years, two and a half, and then they have six months to work and then they have elections. So it’s very difficult to have sustainable change in these conditions.

Judith Hellerstein: Thanks so much. Chelsea?

Chelsea Horn: Yes. Thank you for the question. I think it’s a very important question. Just to remind everyone, it’s more or less that We need to have data protection data governance frameworks that are securing information But also isn’t there something to be said about having more open? frameworks to I Certainly, but more data doesn’t necessarily mean better results, but I can see many compelling cases, especially when it comes to health and research that having access to more data and more information can Create quicker and more innovative solutions That’s a very compelling reason and we also see that we hear that quite often from the the platforms that the reason why they need So much data about us is because they can offer us better services. They can offer more personalized recommendations There’s different stakes involved with when the government has information and they’re sharing information Especially between different departments and how it was collected versus how the private sector has it. So those are Little bit apples and oranges the comparison but to think about There’s many use cases I’m trying to imagine something like Facial recognition if we have biometric information about a missing child’s face We could very likely find them within minutes and that’s a wonderful I mean, I’m promising a lot of things from the technology, but we see that also even in Fiction shows where they are trying to imagine these things where the data allows for very positive use cases My personal take on it is I think that that’s wonderful. I think that we see more harms though And I have more concerns about the way those protections are being Guaranteed and offered to us. So It’s it’s a bit of push and pull Is a bit of push and pull but we do need to like I think without having protection having open shared data Is is a concern and a worry to have but so there needs to be some sort of framework that’s protecting that that’s protecting citizens so It’s a balancing act so but I would say I’m It’s easier to say open, and it’s harder to put in the frameworks. I think that’s why there’s such emphasis on data protection. And I would even say I know that in your remarks, Nancy, you mentioned about data governance, prioritizing that over data protection. But in good data governance frameworks, which you are outlining here, implicitly data protection is a part of that. So not necessarily like the primary driving force, but it’s already being built in there from what you described. So it’s definitely a component.

Judith Hellerstein: Thanks so much. Do we have other questions from the audience? Okay. While we go think about some questions, and then we’ll get back to you. But I was going to ask Chelsea or Luca, what are the practical low-cost options for public sector to take that they can improve data quality? And also try, how are we going to break down some data silos? As you all know in each of the departments, many of the public sectors are silo-based, and they don’t want to step on inside other people’s, other departments’ toes or do other things. But oftentimes the goal is, how are we going to help the citizens? We want the citizens to be able to do one-stop shopping and not have to, you hear the same refrain from many other places, that, oh I wish that I only had to fill out the form once instead of 5,000 times. But how do we do that and effectively share the data between the agencies when most of the countries don’t have any data sharing laws? So, whoever wants to tackle first.

Luca Belli: Well, that is a $1 billion question, and if one had a very good answer, I think the problem would already be solved. I think that my first suggestion, coming back to my previous comments, would be not to copy and paste what has been done in Estonia or Norway, because it will likely not work in Ecuador or Zimbabwe, because you have to think about local realities first. And that is why I think it is very interesting to study what emerging developing economies do, not because I think they are better or worse than others, but because they know very well the limits of the policies in their countries. So, the fact that if you have… And I can witness this firsthand. I mean, in Brazil, data protection law was introduced in 2018, and it simply means that before that, pretty much no one, there was no specialist of data protection. So, how can you think that the law, by magic, would regulate the sector, the economy, the society, the democracy even, right? Because the digital data intensive technologies are nowadays essential for our democratic processes. So, if you do not embed data protection in that, meaning being very transparent in which kind of purposes, for which kind of purposes you use the data, and which kind of consequences this might have, that has enormous consequences, not only on society and democracy, sorry, not only on society and economy, but also on the democracy. Now, the fact that you bet on alternative strategies, regulatory strategies to tackle this, it might be more successful. And again, you have to leverage what you know to do well. and that is the Indian case of the DPI. They have a very large population of highly skilled information society, information engineers and information and data scientists that they have leveraged to do DPIs, to do software, to directly translate the normative command into architecture. That is what China has done. They have, they know they have, they are an industrial powerhouse and they have lavished billions, literally, to produce the technology they wanted to have. And the result is that after 20 years, they are not dependent on any other country. And even if you sanction them, that actually is productive for them because they coordinate internal market to be to outcompete you. So that is the kind of thinking that I think global South countries should have. Of course, this does not happen overnight. And actually, last year, we did a study on data protection, data security and open data in public sector in Brazil, together with the UN University. And actually, we mapped the regulation that already exists in Brazil. And then we wanted to go farther. So we did, it was the moment where everyone was speaking about GPTs. And so we did a chatbot that could help local municipalities or public servants to draft their own policies. But then we ended up realizing what everyone ends up realizing when you want to do something that is related to AI, that the code is something that doesn’t cost too much to do, but having it running on something costs you a lot. And so if you do not have computing infrastructure that is cheap and available, and you all depend from the same enterprises, then you end up losing what we call digital sovereignty. So being able to understand the technology, develop it and regulate it.

Judith Hellerstein: Thanks so much, Luca. Chelsea, do you have any comments?

Chelsea Horn: Sure, so I’ll leave you first. So it’s like what are some low-cost ways? Comparatively low cost would be to go back to the question of who’s managing what data and how. So to create a structured framework within the government or whichever department or agency will be responsible for the data. So thinking about just a structured format and to formalize that in a standardized way. Similarly thinking about how you can whoever’s in charge of that can standardize the ways that they’re understanding data. So like a word like the word like a term location, it can mean many different things. So thinking about a general location, a specific location, down to a house, large, where are we at? So standardizing what you mean by what is being what data is being collected is a very simple way of starting to think about who and what data and it will improve the data quality. And along those similar lines thinking about investing again comparatively low cost in training and workshops across whoever will be managing those types of data. There’s certain organizations like the ITU has a online course on data governance. And so there are other organizations too. So in having that type of standardized training and workshops across whoever will be managing and however that structure response is a relatively low cost way of approaching these these issues.

Judith Hellerstein: Thanks so much. I think the the question is also is from what I own and in especially in a lot of global south countries and developing countries is that it’s not so much also is it is a silos, but it’s also the culture. Many countries, many citizens are loathe to change processes on government agencies and they dont want to change policies since they were working so long. And you cant get as many as these work done without that. So you can have best system and the bestvpolicy and data, but if you dont have best companies working on it, how are we going to change the culture of the society?

Nancy Kanasa: Okay, firstly i would say that the question really goes well

in my country what is happening, with the goverment are are feeling like not content with the changes coming in in regard to sharing their personal data or government departments opening up to another government department to have interoperability with systems. So they feel that what has worked for them is not going to work if something new is added on. So they use a lot of excuses like, for example, the Department of Health would say that, oh, my act, we are mandated, and our act does not allow us to share data. But then the very same data is also required by the Department of Education. And so the changes are not really accepted with each government department because they probably fear the technological change and with that I think we need more awareness with the public in regard to educating public for the data and the importance of data and coming from the government we are doing that and we also face challenges in financial side and also challenges in educating our citizens because this is some of the new approaches that we’re taking so yeah that’s from my end thank you.

Judith Hellerstein: Thanks so much we have like two minutes left for our panel but I just want to get and maybe Luca might have since he’s worked with a lot of developing countries might have some ideas on how to get around this cultural change which seems to be a big problem in a lot of smaller countries.

Luca Belli: I think that’s more than a cultural change which is very difficult to trigger I think that people so the reason why we all use social media or several apps that are very common is that they are cheap and easy so the way I think that the successful ingredients to trigger this cultural change if you want is to make this cheap and easy and that is the reason why if you analyze the implementation of data protection law is maybe not as effective as we would like because it is perceived as extremely difficult even Byzantine to implement to understand and not cheap but costly because you have to hire specialists that will do it for you. Now there are already solutions that are even in open source for I mean the ITU has been working for years on the GovStack which is a certain set of building blocks for digital public infrastructure there are a lot of example that can already be adopted so yeah I think that you if you want to translate to policy into actions and cultural change, you need investments and you need training. And so I think that if you use already what we have for training, maybe you will not need so much in terms of investment, but you need a little bit of both if you want to trigger change.

Judith Hellerstein: Thanks so much. I’m just going to turn to the panel for any closing thoughts in the last 45 seconds that we have. Luzra, do you have any closing thoughts? Chelsea, any closing thoughts for you? No. Nancy, otherwise I wanted to thank the panel so much for the topics and the discussion here. We could talk a long time about this because, you know, he mentioned the GovStack in the ITU and yes, it may be open source, but then you need to be implementing them with engineers and other things which other countries don’t have. And so it’s like a cat’s cat and cat’s crown. So we could be talking for a long time about this, but I just wanted to thank very much for everyone for coming and staying to the end. And thanks so much for being our panelists. I hope you enjoyed it. Thank you.

Luca Belli

Speech speed

149 words per minute

Speech length

3827 words

Speech time

1534 seconds

Data protection laws are essential but far from sufficient for sustainable digital transformation – countries need investments and multi-stakeholder cooperation to translate policies into concrete actions

Explanation

Belli argues that while over 150 countries have adopted data protection laws, this alone doesn’t lead to data-driven innovation. He emphasizes that effective digital transformation requires complementary investments in industrial policy, innovation, and multi-stakeholder governance that involves government, private sector, academics, and civil society working together.

Evidence

Belli argues that global dependence on three major cloud providers means that data processing is ultimately controlled by these corporations rather than national laws. He warns that even the best data protection legislation becomes ineffective when the actual data processing architecture is determined by dominant global players.

Evidence

Global dependence on AWS, Microsoft Azure, and Google Cloud (except China and Russia); Brazil’s example where 78% of population without meaningful connectivity depends on Meta’s family of apps; WhatsApp data merger with Facebook/Meta during pandemic when people had no meaningful choice

Major discussion point

Balancing Data Protection with Data Sharing and Innovation

Topics

Infrastructure | Legal and regulatory | Economic

Chelsea Horn

Speech speed

184 words per minute

Speech length

1491 words

Speech time

485 seconds

Effective data governance requires five key components: data ownership/stewardship, usage controls, circumstances for data use, collection/storage/processing/security protocols, and compliance metrics

Explanation

Horn outlines a comprehensive framework for data governance that addresses fundamental questions about data management. She emphasizes that effective governance must systematically address who controls data, what can be done with it, when and how it can be used, how it’s secured, and how compliance is measured.

Evidence

Five specific components: who is responsible for what data; what actions can be taken with specific data; when and under what circumstances data can be used; how data is collected, stored, processed and secured; metrics for measuring data quality and compliance

Major discussion point

Data Protection Laws Are Necessary But Not Sufficient for Digital Transformation

Topics

Legal and regulatory | Human rights | Infrastructure

Agreed with

– Luca Belli
– Nancy Kanasa

Agreed on

Data protection laws alone are insufficient for effective digital transformation

Civil society partnerships are crucial for building public trust by providing impartial oversight and transparent research about government data practices

Explanation

Horn argues that multi-stakeholder approaches involving civil society, academia, and NGOs are essential for building credible public trust in government data practices. She contends that these external partners can provide impartial analysis and transparent information about how governments collect and use data, addressing public suspicions about government data collection.

Evidence

Nancy Kanasa

Speech speed

118 words per minute

Speech length

1134 words

Speech time

574 seconds

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Explanation

Kanasa argues that Papua New Guinea deliberately prioritized data governance over data protection in their policy framework because their primary challenge is organizational governance rather than technical protection. She explains that when people hear ‘data protection’ in PNG, they think of infrastructure rather than governance frameworks, missing the fundamental organizational issues.

Evidence

Fragmented data ecosystems and inconsistent practices across agencies limit effective decision-making and digital transformation progress

Explanation

Kanasa identifies systemic challenges in Papua New Guinea’s government data management, including fragmented approaches across departments and inconsistent practices that hinder effective governance. She explains that these issues prevent the government from making informed decisions and slow digital transformation efforts.

Evidence

All government departments facing fragmented inconsistencies; limited use of data for informed decision making; the risk that digital transformation efforts will fall short without proper data governance

Major discussion point

Balancing Data Protection with Data Sharing and Innovation

Topics

Infrastructure | Legal and regulatory | Development

Judith Hellerstein

Speech speed

148 words per minute

Speech length

1260 words

Speech time

510 seconds

Cultural resistance to change in government agencies is a major barrier to implementing data governance policies, even when the best systems and policies are in place

Explanation

Hellerstein identifies that in many global south and developing countries, citizens and government agencies are reluctant to change long-standing processes and policies. She argues that without changing the culture of society and government institutions, even the best data governance systems and policies will fail to achieve their intended outcomes.

Evidence

Observation that many countries have citizens who are loathe to change government processes that have been working for a long time; the challenge that you can have the best system and policy but without cultural buy-in, implementation fails

Major discussion point

Practical Implementation and Cultural Change Barriers

Topics

Sociocultural | Development | Legal and regulatory

Agreed with

– Nancy Kanasa

Agreed on

Cultural and organizational resistance presents major implementation challenges

Citizens desire simplified government services through one-stop shopping rather than filling out multiple forms across different departments

Explanation

Hellerstein highlights the common citizen complaint about having to repeatedly provide the same information to different government departments. She emphasizes the need for effective data sharing between agencies to enable citizens to complete government transactions more efficiently, though this is complicated by the lack of data sharing laws in most countries.

Evidence

The common citizen refrain of wishing to ‘fill out the form once instead of 5,000 times’; the challenge of breaking down data silos between departments when most countries don’t have data sharing laws

Major discussion point

Balancing Data Protection with Data Sharing and Innovation

Topics

Development | Legal and regulatory | Sociocultural

Audience

Speech speed

148 words per minute

Speech length

195 words

Speech time

78 seconds

AI agents integrated into public services may undermine effective data governance due to their autonomous operation and data feedback to vendors

Explanation

The audience member (Guy Berger) raises concerns about AI procurement in public services, noting that AI agents will use large volumes of data autonomously in ways that are difficult to trace. He questions whether the integration of such technology into public services makes effective data governance impossible to achieve.

Evidence

AI agents using incredible volumes of data in autonomous and hard-to-trace ways; AI systems likely feeding data back to vendors

Major discussion point

Balancing Data Protection with Data Sharing and Innovation

Topics

Legal and regulatory | Infrastructure | Human rights

Data governance should give equal attention to promoting data sharing and open data, not just data protection, to enable accountability and local AI development

Explanation

The audience member argues that while data protection is important, data governance frameworks should equally emphasize the benefits of data sharing within public services and open data for external use. He contends that this approach can improve government accountability and support local AI development initiatives.

Evidence

Examples of data sharing helping with accountability and local AI development; the observation that there are two sides to data governance – protection and sharing

Major discussion point

Balancing Data Protection with Data Sharing and Innovation

Topics

Legal and regulatory | Development | Human rights

Disagreed with

– Chelsea Horn

Disagreed on

Approach to balancing data protection with data sharing

Sarai Tewita

Speech speed

121 words per minute

Speech length

50 words

Speech time

24 seconds

International collaboration and knowledge sharing are essential for developing effective data governance frameworks, as evidenced by cross-border questions and engagement

Explanation

Sarai facilitates international dialogue by presenting questions from remote participants, demonstrating the global nature of data governance challenges. Her role in connecting online participants from different countries (like Robert Sun from Cambodia) shows the importance of cross-border knowledge exchange in addressing data governance issues.

Evidence

Question from Robert Sun from Cambodia about data governance reports and metrics for data sovereignty; facilitation of online participation in the discussion

Major discussion point

Multi-Stakeholder Governance and Implementation Challenges

Topics

Development | Legal and regulatory | Sociocultural

Agreements

Agreement points

Data protection laws alone are insufficient for effective digital transformation

Speakers

– Luca Belli
– Chelsea Horn
– Nancy Kanasa

Arguments

Data protection laws are essential but far from sufficient for sustainable digital transformation – countries need investments and multi-stakeholder cooperation to translate policies into concrete actions

Effective data governance requires five key components: data ownership/stewardship, usage controls, circumstances for data use, collection/storage/processing/security protocols, and compliance metrics

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Summary

All speakers agree that having data protection legislation is necessary but not sufficient – effective data governance requires comprehensive frameworks, proper implementation, and addressing fundamental organizational challenges before technical protection measures can be effective.

Topics

Legal and regulatory | Development | Infrastructure

Multi-stakeholder participation is essential for effective data governance

Speakers

– Luca Belli
– Chelsea Horn
– Nancy Kanasa

Arguments

Multi-stakeholder participation significantly increases policy quality during elaboration, but countries like Brazil excel at stakeholder input for policy creation while lacking stakeholder participation in implementation

Civil society partnerships are crucial for building public trust by providing impartial oversight and transparent research about government data practices

Government policies often lack meaningful civil society input, leaving communities without voice in established frameworks

Summary

All speakers emphasize the critical importance of involving multiple stakeholders – government, private sector, academia, and civil society – in both policy development and implementation phases, though they acknowledge significant gaps in current practice.

Topics

Sociocultural | Legal and regulatory | Human rights

Context-specific solutions are needed rather than copying developed country models

Speakers

– Luca Belli
– Nancy Kanasa

Arguments

Countries should study local realities rather than copy-paste solutions from developed nations – emerging economies often develop innovative strategies due to resource constraints

Pacific Island nations need context-specific approaches that address governance challenges first, as infrastructure-focused data protection doesn’t solve fundamental organizational problems

Summary

Both speakers strongly advocate for developing locally appropriate solutions that address specific national contexts and challenges rather than simply adopting frameworks from developed countries.

Topics

Development | Legal and regulatory | Sociocultural

Cultural and organizational resistance presents major implementation challenges

Speakers

– Nancy Kanasa
– Judith Hellerstein

Arguments

Government departments resist change due to fear of technological transformation and concerns about data sharing mandates, requiring extensive public awareness and education efforts

Cultural resistance to change in government agencies is a major barrier to implementing data governance policies, even when the best systems and policies are in place

Summary

Both speakers identify cultural resistance within government institutions and society as a fundamental barrier to implementing data governance reforms, requiring significant change management and education efforts.

Topics

Sociocultural | Development | Legal and regulatory

Infrastructure | Legal and regulatory | Development

Unexpected consensus

Prioritizing governance frameworks over technical protection measures in developing contexts

Speakers

– Nancy Kanasa
– Luca Belli

Arguments

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Explanation

This represents unexpected consensus because conventional wisdom typically emphasizes data protection first. However, both speakers from different perspectives (practitioner and academic) agree that fundamental governance structures must be established before technical protection measures can be effective, particularly in developing country contexts.

Topics

Legal and regulatory | Development | Infrastructure

The limitations of global technology dependence on data governance effectiveness

Speakers

– Luca Belli
– Audience

Arguments

The dominance of few cloud infrastructure providers (AWS, Microsoft Azure, Google Cloud) undermines effective data governance regardless of strong national laws

AI agents integrated into public services may undermine effective data governance due to their autonomous operation and data feedback to vendors

Explanation

This unexpected consensus emerges around the recognition that technological dependence on global platforms and AI systems fundamentally challenges the effectiveness of national data governance frameworks, regardless of how well-designed the policies are.

Topics

Infrastructure | Legal and regulatory | Economic

Overall assessment

Summary

The speakers demonstrate strong consensus on fundamental principles: data protection laws are necessary but insufficient, multi-stakeholder governance is essential, context-specific solutions are needed, and cultural/organizational barriers present major implementation challenges. There is also agreement on the need for practical, low-cost approaches and balancing protection with beneficial data sharing.

Consensus level

High level of consensus on core principles with significant implications for policy development. The agreement suggests a mature understanding of data governance challenges that transcends traditional academic-practitioner divides. However, the consensus also reveals the complexity of implementation challenges, suggesting that while there is agreement on what needs to be done, the practical pathways remain difficult. This high level of agreement among diverse stakeholders (academic, government practitioner, and international participants) indicates that data governance discourse has evolved beyond basic concepts toward more nuanced implementation challenges.

Differences

Different viewpoints

Priority between data governance and data protection frameworks

Speakers

– Nancy Kanasa
– Chelsea Horn

Arguments

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Data governance must balance protection with beneficial data sharing for accountability and innovation, though protection frameworks should be established before enabling broader data access

Summary

Nancy argues that data governance should come first because in PNG context, people think data protection means infrastructure rather than frameworks, and governance problems need solving first. Chelsea suggests protection frameworks should be established before enabling data access, implying protection should precede or accompany governance rather than follow it.

Topics

Legal and regulatory | Development | Infrastructure

Approach to balancing data protection with data sharing

Speakers

– Chelsea Horn
– Audience

Arguments

Data governance must balance protection with beneficial data sharing for accountability and innovation, though protection frameworks should be established before enabling broader data access

Data governance should give equal attention to promoting data sharing and open data, not just data protection, to enable accountability and local AI development

Summary

Chelsea emphasizes the need for protection frameworks first before enabling data sharing, expressing more caution about potential harms. The audience member argues for equal attention to both protection and sharing, suggesting less emphasis on protection-first approaches.

Topics

Legal and regulatory | Development | Human rights

Unexpected differences

Fundamental sequencing of data governance components

Speakers

– Nancy Kanasa
– Chelsea Horn

Arguments

Data governance should be prioritized over data protection in developing contexts because governance frameworks address fundamental organizational issues before technical protection measures

Low-cost improvements include creating structured frameworks, standardizing data definitions, and investing in training programs through organizations like ITU

Explanation

This disagreement is unexpected because both speakers are addressing similar developing country contexts and practical implementation challenges, yet they have fundamentally different views on whether governance structures or protection frameworks should be prioritized first. Nancy’s PNG experience suggests governance must come first, while Chelsea’s framework implies structured protection elements should be built in from the start.

Topics

Legal and regulatory | Development | Infrastructure

Overall assessment

Summary

The main areas of disagreement center on implementation sequencing (governance vs. protection first), the balance between data protection and sharing, and approaches to context-specific solutions. Most disagreements are about methodology rather than fundamental goals.

Disagreement level

Moderate disagreement level with significant implications – the speakers largely agree on goals (effective data governance, multi-stakeholder approaches, context-specific solutions) but differ substantially on implementation strategies and sequencing. These methodological differences could lead to very different policy outcomes, particularly regarding whether developing countries should prioritize governance structures or protection frameworks first, and how to balance protection with beneficial data sharing.

Partial agreements

Infrastructure | Legal and regulatory | Development

Takeaways

Key takeaways

Data protection laws alone are insufficient for digital transformation – countries need complementary investments, multi-stakeholder cooperation, and implementation strategies to translate policies into effective action

Effective data governance requires five core components: clear data ownership/stewardship, usage controls and policies, defined circumstances for data use, robust collection/storage/processing/security protocols, and compliance metrics

Developing countries should prioritize context-specific solutions rather than copying frameworks from developed nations, as emerging economies often develop innovative strategies due to resource constraints

Multi-stakeholder governance significantly improves policy quality during development but many countries struggle with stakeholder participation during implementation phases

Digital sovereignty involves understanding, developing, and regulating technologies domestically to maintain control and self-determination over data-intensive systems

Cultural resistance to change within government departments presents a major barrier to data governance implementation, requiring extensive public awareness and education efforts

The dominance of few global cloud infrastructure providers (AWS, Microsoft Azure, Google Cloud) can undermine national data governance efforts regardless of strong domestic laws

Resolutions and action items

Papua New Guinea established a National Data Governance Steering Committee to provide coordination and ensure multi-stakeholder input

Papua New Guinea launched a secure data actions platform in 2024, piloted across ministries with police clearance certificates now available online

Recommendation to leverage existing open-source solutions like ITU’s GovStack building blocks for digital public infrastructure

Suggestion to invest in standardized training programs and workshops across government departments managing data

Proposal to create structured frameworks and standardize data definitions as low-cost initial improvements

Unresolved issues

How to effectively break down data silos between government departments when most countries lack data sharing laws

How to overcome cultural resistance to change within government agencies that prefer existing processes

How to balance data protection with beneficial data sharing for innovation and accountability

How to address the fundamental dependency on foreign cloud infrastructure providers while maintaining data sovereignty

How to ensure meaningful civil society participation in policy implementation rather than just policy development

How to make data governance solutions affordable and accessible for developing countries with limited resources and technical expertise

How to address the skills gap in data governance and cybersecurity professionals needed for effective implementation

Suggested compromises

Prioritize data governance frameworks over data protection in developing contexts to address fundamental organizational issues first, with protection measures following

Focus on making solutions ‘cheap and easy’ to implement rather than comprehensive but complex frameworks that are perceived as costly and difficult

Leverage existing technical skills and infrastructure strengths (like India’s software expertise for Digital Public Infrastructure) rather than trying to build everything from scratch

This question introduces the complexity of AI governance and challenges the panel to consider whether current data governance frameworks are adequate for emerging technologies. It also pushes back on the emphasis on data protection by advocating for data sharing and openness.

Impact

This question elevated the discussion to consider future challenges and the tension between protection and utilization of data. It prompted nuanced responses about balancing competing interests and highlighted the evolving nature of data governance challenges.

Overall assessment

Explanation

This highlights the capacity building and technical implementation challenges that create barriers between policy development and practical implementation in developing countries.

Day 0 Event #259 Motorolas Digital Inclusion Initiative

Session at a glance

Summary

This discussion focused on Lenovo Foundation and Motorola’s Digital Inclusion of Endangered Indigenous Languages Initiative, presented by Santiago Mendez Galvis, Gianluca Diana, and Delaney Gomez-Jackson. The Lenovo Foundation, part of the global Lenovo Group operating in over 180 countries, aims to impact 15 million people through technology access and education programs. The organization has developed six major digital inclusion initiatives, including solutions for hearing impairment, ALS support, and cultural heritage preservation.

Gianluca Diana outlined Lenovo’s commitment to responsible AI development, emphasizing their comprehensive AI policy framework and participation in global governance initiatives like the EU AI Pact and UNESCO AI Business Council. The main focus shifted to their Indigenous Language Support program, which addresses the critical gap in endangered language representation on mobile devices. Delaney Gomez-Jackson explained that approximately 40% of the world’s 6,700 languages are endangered, with UNESCO estimating one indigenous language is lost every two weeks.

The initiative has successfully localized several endangered languages onto smartphone interfaces since 2021, including Kaingang and Nheengatu from South America, Cherokee from the United States, Konkani and Kuvi from India, Maori from New Zealand, and Ladin from Italy. Most recently, they launched Zapotec keyboards supporting five script layouts for communities in Oaxaca, Mexico. Their selection criteria include UNESCO endangerment classification, digital inclusion status, community input, and availability of subject matter experts.

The presentation detailed their collaborative approach with Professor Ambrosio Gutierrez Lorenzo for the Zapotec project and Professor Paul Vitasot for the Ladin localization, emphasizing community leadership and acceptance throughout the process. During the Q&A session, representatives from Ghana, Benin, and Mauritius inquired about expanding the program to African languages and replication processes. The team confirmed they welcome requests from NGOs and communities, not just governments, and have made over one million translated words available as open source resources. The initiative aligns with UNESCO’s International Decade of Indigenous Languages (2022-2032) and demonstrates how technology companies can contribute to cultural preservation and digital inclusion.

Keypoints

## Major Discussion Points:

– **Lenovo Foundation’s Digital Inclusion Mission**: The presentation outlined Lenovo Foundation’s broader charitable mission to empower communities through technology access and education, targeting 15 million people globally through various digital inclusion initiatives including sign language translation, ALS avatar solutions, and cultural heritage preservation.

– **Indigenous Language Endangerment Crisis**: The speakers highlighted the urgent need for language preservation, noting that approximately 40% of the world’s 6,700 languages are endangered, with UNESCO estimating one indigenous language is lost every two weeks, potentially resulting in 3,000 extinct languages by century’s end.

– **Motorola’s Indigenous Language Support Initiative**: The core focus was on Motorola’s specific program to digitize endangered languages on smartphones, including detailed case studies of their work with languages like Zapotec (Mexico), Latin (Italy), Cherokee (US), Kaingang and Nheengatu (Brazil), and others, involving community workshops and collaborative keyboard development.

– **Community-Centered Approach and Selection Criteria**: The discussion emphasized their four-pillar selection process based on UNESCO endangerment classification, digital inclusion status, community consent and input, and availability of subject matter experts, with strong emphasis on respecting indigenous communities’ wishes and leadership in the digitization process.

– **Replication and Future Expansion**: Audience questions from representatives of Ghana, Benin, and Mauritius led to discussions about how other regions, particularly Africa, could access or replicate this initiative, with speakers explaining their open approach to working with NGOs, universities, and community leaders rather than requiring government channels.

## Overall Purpose:

The discussion aimed to present Motorola and Lenovo Foundation’s Indigenous Language Support Initiative as part of their broader digital inclusion efforts, demonstrating how technology companies can contribute to cultural preservation while making technology more accessible to underrepresented communities. The presentation served both as a showcase of their work and an invitation for other communities to engage with their program.

## Overall Tone:

The discussion maintained a consistently professional, collaborative, and respectful tone throughout. The presenters demonstrated cultural sensitivity when discussing indigenous communities and emphasized partnership rather than top-down implementation. The tone became more interactive and encouraging during the Q&A session, with speakers showing genuine interest in expanding their work to new regions and communities. There was an underlying sense of urgency about language preservation balanced with optimism about technology’s potential to help address this crisis.

Speakers

– **Santiago Mendez Galvis**: Representative of the Lenovo Foundation (Lenovo’s Charitable Arm), focuses on empowering communities with access to technology and education through digital inclusion initiatives

– **Gianluca Diana**: Colleague at Lenovo, specializes in policy and AI, works on responsible AI development and global policy engagement

– **Delaney Gomez-Jackson**: Works with Lenovo Foundation and Motorola, leads the Digital Inclusion of Endangered Indigenous Languages Initiative, specializes in language localization and community engagement

– **Audience**: Multiple audience members including representatives from Ghana (West African youth IGF coordinator) and Benin (youth IGF Benin representative)

– **Dharam Gokhool**: President of the Republic of Mauritius

– **Juliana Rebelatto**: Team member participating remotely via Zoom, works on the indigenous languages initiative and community partnerships

Additional speakers:

– **Osei Keja**: From Ghana, West African youth IGF coordinator, interested in language preservation initiatives in Africa

– **Yao Senou**: From Benin, represents youth IGF Benin, interested in replicating language digitization processes in Africa

Full session report

# Comprehensive Summary: Lenovo Foundation’s Digital Inclusion of Endangered Indigenous Languages Initiative

## Introduction and Participants

The discussion centered on Lenovo Foundation and Motorola’s Digital Inclusion of Endangered Indigenous Languages Initiative, presented by three main speakers: Santiago Mendez Galvis (Lenovo Foundation representative), Gianluca Diana (Lenovo policy and AI specialist), and Delaney Gomez-Jackson (Digital Inclusion of Endangered Indigenous Languages Initiative lead). The session also featured remote participation from Juliana Rebelatto, a team member working on indigenous languages initiatives and community partnerships.

## Organizational Context and Broader Initiatives

Santiago Mendez Galvis opened the presentation by establishing the context of Lenovo Foundation’s charitable mission. As the charitable arm of the global Lenovo Group, which operates across more than 180 countries with 70,000 employees, the Foundation aims to empower communities in need through technology access and education. The organization has set a target of impacting 15 million people globally through various digital inclusion initiatives, maintaining partnerships with over 100 organizations worldwide.

Santiago briefly outlined six major digital inclusion initiatives, including the LIBRAS project for hearing impairment in Brazil, partnership with the Scott Morgan Foundation for ALS avatar solutions, collaboration with Tech to the Rescue for nonprofit empowerment, work with universities in China on cultural heritage, mental well-being support for Gen Z, and the indigenous languages initiative being discussed.

## Responsible AI Development Framework

Gianluca Diana provided context regarding Lenovo’s commitment to responsible AI development, though his presentation was interrupted by President Gokhool. Diana outlined Lenovo’s comprehensive internal policy frameworks and governance structures for ethical AI implementation. He highlighted Lenovo’s engagement in the global AI policy landscape, including their role as a signatory of the EU AI Pact, membership in the UNESCO AI Business Council, and support for the Canadian Voluntary Code on responsible AI.

Diana explained that Lenovo regularly hosts panel discussions and workshops on responsible AI with government officials and industry experts worldwide, ensuring their indigenous language initiatives are developed within an ethical framework that prioritizes community benefit.

## The Indigenous Language Endangerment Crisis

Delaney Gomez-Jackson presented statistics contextualizing the urgency of their initiative. Approximately 40% of the world’s 6,700 currently spoken languages are classified as endangered, with UNESCO estimating that one indigenous language is lost every two weeks. This could potentially result in 3,000 extinct languages by the end of the century.

The initiative specifically addresses the gap in endangered indigenous language representation on mobile devices. As Delaney explained when discussing Professor Paul Vitasat’s perspective: “Mobile phones are like the pencil of the 21st century, and having minority languages and having Ladin in them has the same importance of having a language in a book in the centuries before.”

## Community-Centered Selection Process and Implementation

The program employs a four-pillar selection process: UNESCO endangerment classification, digital inclusion status, community consent and input, and availability of subject matter experts. Community acceptance and leadership serve as guiding principles throughout the entire process, with decisions made by communities themselves while the technical team provides support.

The program welcomes requests from NGOs and communities, partnering with universities and nonprofit organizations rather than requiring government channels. This accessibility removes bureaucratic barriers that might prevent communities from accessing technological support for language preservation.

## Successful Projects and Technical Implementation

Since 2021, the initiative has successfully localized several endangered languages onto smartphone interfaces. The implemented languages include Kaingang and Nheengatu from South America (2021), Cherokee from the United States (2022), Konkani and Kuvi from India (2023), Maori from New Zealand and Ladin from Italy (2024), and Zapotec keyboards supporting five script layouts for communities in Oaxaca, Mexico (2024).

The technical work involves addressing challenges with Unicode, Gboard, and CLDR support. The Zapotec keyboard project involved workshops across five communities in Oaxaca, with community-led decision making determining keyboard layouts. The Ladin localization required creating new terminology for modern technology concepts, involving extensive collaboration with cultural institutes and language experts, including Professor Paul Vitasat.

## Open Source Commitment

The initiative has made over one million translated words available as open source resources at Motorola.com for educators, researchers, and industry experts. Juliana Rebelatto emphasized that the program aims to inspire other companies and organizations to support minority languages and engage with communities, representing a collaborative rather than competitive approach to cultural preservation.

## Global Interest and African Expansion

The discussion revealed significant interest from African representatives. Osei Keja, representing Ghana as the West African youth IGF coordinator, highlighted critical situations facing African languages, noting that some dialects have only two remaining speakers according to BBC reports. Yao Senou, representing youth IGF Benin, expressed interest in replicating the initiative across different regions, noting that Benin alone has approximately 60 different dialects requiring revitalization support.

The team confirmed their openness to working with African communities and organizations, emphasizing that official government channels are not required for participation. When President Gokhool asked about working through NGOs versus government channels, the team clarified their preference for direct community engagement.

## Questions and Responses

During the Q&A session, three main questions were addressed:

1. **Osei Keja** asked about addressing deeper challenges beyond interface translation, specifically ensuring that digitized languages evolve and remain culturally relevant over time.

2. **Yao Senou** inquired about replicating the initiative across different regions, particularly in Benin with its 60 dialects.

3. **President Gokhool** questioned whether the program works through NGOs or government channels.

The presenters responded by emphasizing their community-first approach, willingness to work globally, and preference for direct community engagement. They offered to share contact information for follow-up discussions.

## Future Commitment and Timeline

The initiative operates within the framework of UNESCO’s International Decade of Indigenous Languages (2022-2032). The team employs ongoing community-needs assessment to guide future implementations rather than following a predetermined roadmap.

Juliana Rebelatto articulated the program’s philosophy: “We truly believe that small steps, like the creation of a keyboard, can change lives, and we hope this will trigger others to follow our path.” The sustainability model relies on continued corporate commitment combined with community engagement and academic partnerships.

## Conclusion

The presentation demonstrated a comprehensive, community-centered approach to addressing indigenous language endangerment through technological innovation. The Lenovo Foundation and Motorola initiative shows how corporate resources can support cultural preservation while maintaining community agency and academic rigor.

The strong interest from African representatives and the team’s openness to global expansion suggest significant potential for scaling these efforts. The initiative’s commitment to open-source principles and industry collaboration, combined with their community-first methodology, provides a model for how technology companies can meaningfully contribute to cultural preservation while respecting indigenous communities’ sovereignty over their cultural heritage.

The program’s alignment with UNESCO’s International Decade of Indigenous Languages provides an international framework for their continued efforts through 2032, with the potential to inspire broader industry engagement in cultural preservation initiatives.

Session transcript

Santiago Mendez Galvis: Hello, everybody. My name is Santiago Mendez, and I’m here with my colleagues Gianluca Diana and Delaney Gomez-Jackson, and we’re going to talk to you about digital inclusion and the Motorola initiative that we have called Indigenous Language Support. First of all, let us talk a little bit about who we are. We’re part of the Lenovo Group, which covers over 180 countries. We have 70,000 employees, and with more than 30 manufacturing sites spread all across the world. On top of that, we have our research and development labs spread out in 18 different countries. So we are a total global organization, and I’m here representing the Lenovo Foundation. The Lenovo Foundation is the Lenovo Charitable Arm, and we focus on empowering the ones who need it with access to technology and education. As you will see later on from the project that my colleague Delany is going to talk to you, digital inclusion is very close to our heart, and it’s completely aligned to our mission. On top of that, we are targeting to impact through our programs 15 million people, and we’re on target to achieve that during this year. And just to show you a little bit about the outreach of our community impact. So as you can see on the map above us, we have over 100 partners spread out all over the world. We have different layers, and I’m not going to take you through all of them because it will take us a lot of time. However, today we’re going to focus on one very, very specific, which is very also innovative, which is the indigenous language support, which you will see later on. But on top of that, we have created another, we have a full set of digital inclusion initiatives. Here I’m going to share with you six of them that you can review. I mean, one of them will go in deep in the next slides. However, you know, I just wanted to very quickly highlight what we’re doing in the field. So let’s start with, we have converted, we create a solution for people with hearing impairment in Brazil that translate sign language, which is called the LIBRAS project. It’s the one you can see. We’ll have also partnered with Scott Morgan Foundation in the creation of an avatar solution with people with ALS. We empower nonprofits with digital solutions, thanks to our partnership with Tech to the Rescue. On the cultural side, we have partnered with universities in China to utilize cultural heritage moments. Of course, you know, like the multi-indigenous program you’ll hear in a minute. And we have also worked to support the mental well-being of Gen Z in different places, all to make sure they find ways to communicate better. So having said that, I’ll hand over to my colleague, Gianluca Diana, who is going to talk a little bit about our digital engagement.

Gianluca Diana: Thank you, Santi. And before I hand over to Delany, I just want to give you a very brief overview of what we’re doing in terms of policy and AI. Because at Lenovo, we are strongly committed to responsible AI development, both through how we design our technology and how we engage globally with policymakers. And our mission is really to have advanced, trustworthy, human-centric AI, and to contribute helping shaping ethical transparency, transparent policy through international cooperation. And we really believe in that innovation and AI can only thrive when supported by strong governance aligned with key principles like fairness, accountability, transparency, and human oversight. Internally, we have a comprehensive AI policy framework that guides the way we build and deploy AI systems, ensuring legal compliance, privacy, data protection, and ethical standards across the entire AI life cycles. And this is enforced through a strong internal governance led by our responsible AI committee and our chief AI officer. Also, we engage externally, and Lenovo is very active in contributing to the AI global policy landscapes. We are indeed very proud to be one of the first signatories of the European Union AI Pact.

Audience: I am Mauritius, the president. It’s all right. All right. Oh, thank you very much. Just to say hello to you. Nice to meet you. I’m going to listen to you. Thank you. I’m going to talk about what we realize.

Gianluca Diana: Yes, in a minute. Okay. Okay. Thank you. Thanks. We are also a member of the UNESCO AI Business Council, and we are a supporter of the Canadian Voluntary Code on Responsible AI. And we are also engaging in terms of AI policy around the world. We host several panel discussions and workshops on responsible AI, gathering government officials, EU institutions, and industry experts to have open discussions on responsible AI. Just recently, we hosted one in the Italian Senate in Spain, but also more at the global level outside of Europe, in Tokyo, Sao Paolo. And through these initiatives, we really want to promote cross-sectoral collaboration to ensure that AI serves society in positive, human-centered ways. And now I will just hand over to Beleni that will focus on the Motorola Intelligent Language Program.

Delaney Gomez-Jackson: Great. Thank you, Gianluca. Today, I’ll be introducing Lenovo Foundation and Motorola’s Digital Inclusion of Endangered Indigenous Languages Initiative. Motorola and Lenovo Foundation’s Digital Inclusion Initiative has the main goal of serving communities through raising awareness of endangered indigenous languages. The Digital Inclusion Initiative also aims to address the needs of indigenous people through easier access to technology, as well as bring action toward the revitalization of endangered languages. Finally, it aims to help empower future generations of indigenous communities to use technology in their native language. In 2020, we discovered a gap in the representation of endangered indigenous languages on mobile phones. While smartphones are becoming more globally available and used, they are not fully accessible to many indigenous communities since they lack indigenous language representation. We took the first step to address this gap by launching the first user interface in two South American languages, Kaingang and Ningatu, in 2021. In 2022, we joined UNESCO in the kickoff of the International Decade of Indigenous Languages from 2022 to 2032. We hope that this Digital Inclusion Initiative will help to promote the written usage, as well as the overall daily usage, of indigenous languages so that technology can become accessible for all, in alignment with Lenovo’s mission of smarter technology for all. The Digital Inclusion Initiative aims to bring awareness to the language revitalization cause. Approximately 40% of the 6,700 languages that are currently spoken are in danger of becoming extinct. UNESCO estimates that one indigenous language is lost every two weeks, meaning that by the end of the century, almost 3,000 languages will no longer be in use. In addition to this, oftentimes indigenous languages are not well supported by governments and therefore do not have many educational or media programs centered around them. It is important to highlight the revitalization of endangered indigenous languages. As language is an important part of culture, consider the histories, stories, and traditions which are shared through such languages. By joining in this language revitalization effort, languages and cultures can be uplifted and preserved. The criteria for selecting languages for a Digital Inclusion Initiative is based on four main pillars. First is the classification. regarding how endangered a language is based on factors such as intergenerational transfer. The UNESCO language endangerment classifications have five levels, excluding a non-endangered status, which are vulnerable or endangered, definitely endangered, severely endangered, critically endangered, and extinct. We also assess the language’s digital inclusion status. For example, whether the language has received support from Unicode or Gboard. Community input and feeling regarding the digitization of a language is paramount to the success of the initiative. We understand the importance of respecting indigenous languages and cultures, and the fact that not every community wants their language digitized the same way, if at all. We must respect all decisions and not push our goals ahead of their needs. Finally, we assess the availability of subject matter experts to guide the project in the direction of the community’s needs. Subject matter experts, such as professors or scholars, are also often the bridge which helps connect us to these indigenous communities. Over the past five years, we have collaborated with subject matter experts, scholars, community leaders, and community members across the world to include indigenous languages onto our smartphones. In 2021, we collaborated with Ningatu and Kaingang speaking communities to localize these languages into the user interface of our smartphones. Ningatu, considered to be severely endangered by UNESCO’s classification system, is spoken by indigenous communities in the Amazon regions of Brazil, Colombia, and Venezuela. Kaingang, a definitely endangered language, is spoken in Southern Brazil. Likewise, in 2022, we became the first phone manufacturer to fully support Cherokee, spoken in the United States, on the user interface of our smartphones. Cherokee is considered to be endangered by UNESCO. In 2023, we localized Congaree, spoken in Northern India, onto our mobile phones. Additionally, we collaborated with the Kalinga Institute of Social Sciences to create a writing system that was then made into a smartphone keyboard for the Kuvi language, spoken in Eastern India. For the first time, the Kuvi community could type in their native language on their smartphones. In 2024, we localized Maori, spoken in New Zealand, as well as Latin, spoken in Italy, onto our phones. And last week, we launched our newest addition to the Digital Inclusion Initiative, a Zapotec keyboard supporting five script layouts. I’ll now speak on some details of our localization and keyboard creation processes for two particular communities. Zapotec is an endangered language spoken by about 490,000 people in Oaxaca, Mexico. There are more than 50 Zapotec languages, some of which are mutually intelligible with one another. This means that sometimes, speakers of different Zapotec languages can understand each other. UNESCO categorizes the Zapotec languages as definitely endangered, since younger generations are becoming increasingly monolingual in Spanish. Zapotec languages can be divided into four main groups, Northern Zapotec, Southern Zapotec, Isthmus Zapotec, and Valley Zapotec. The focus of this project was Valley Zapotec, because our SME for this phase of the initiative is connected with this region. For this phase of the initiative, we worked with Professor Ambrosio Gutierrez Lorenzo, Professor of Linguistics at the University of Colorado, Boulder, and he is also a native speaker of Teotitlan Zapotec, spoken in the Central Valley of Oaxaca. Through this project, he helped us understand the landscape of the Zapotec languages, as well as connect us to the five communities that were involved in this phase. And these five communities were San Pablo Guila, Teotitlan del Valle, Santa Ynez Yatzeche, San Bartolome Cuiolana, and San Miguel del Valle. With Ambrosio’s leadership, we helped to host workshops in these communities for the development of the keyboard. Each community had a workshop that covered topics such as the sound system of the language, the alphabet, keyboard layout discussions, and keyboard testing. The guiding principle throughout the workshops was community acceptance and leadership. It was crucial that these communities made the decisions about the keyboards, while our team could provide technical advice when needed. Between the days of each workshop, the globalization team at Motorola worked with Professor Ambrosio and the community to develop multiple iterations of the keyboards according to the layouts that they had devised during the workshop. Decisions that were considered by our team and the communities included how many rows the keyboard should have, how to include characters that are specific to Zapotec languages, and the layout of the entire keyboard, including numbers, symbols, and special characters. Our team wanted the keyboards to be representative of the communities. Some of the communities requested images to be on the space bar. For example, the Teotitlan community requested a symbol of a cloud with a lightning going through it to appear on the space bar since it is symbolic of their community. As the first Zapotec keyboard on a smartphone, this project has made it possible for these communities to write in Zapotec on their smartphones for the very first time. In Oaxaca City, we hosted a large workshop in which participants from all five communities were invited to discuss the project at large. Members of the different communities were able to see each other’s work and discussions were had about the importance of language revitalization for the Zapotec community. Overall, community feedback was positive. People remarked that the keyboard was important for the revitalization of the language as well as very practical for daily use. And now I’ll talk about one of our localization projects for the Latin language. Latin is categorized as definitely endangered and is spoken by about 32,000 people in the Dolomite region of Italy. It is an autochthonous language, meaning that it is native to the region. Since it is a minority language that does not have a kin state or an associated political entity supporting it, the impact of this project is powerful and highlights the importance of helping to promote minority languages. While Latin is taught in schools in some areas, there are not many protective measures for the language in other areas. In these areas, Latin is not used in administrative scenarios, nor in the media, nor at public events, and nor in education. With the increase in globalization in the Dolomite region, it is important to ensure that a minority language such as Latin is preserved. Thus, our team collaborated with Professor Paul Vitasot, who is a professor of Romance Philology at the Free University of Bozan-Bolzano, as well as a team of Latin translators to localize over 200,000 words that now appear in the user interface of our smartphones when a user selects Latin as the device language. To make important decisions towards the digitization of the language, Professor Paul Vitasot had several meetings among translators and representatives of three Latin cultural institutes, Badia, Fassa, and Fodon. In some cases, and even in an entire domain of a language, Latin had never been used before. For example, the terminology related to the use of different functions of the camera. One case was the term bokeh effect, and this was crafted by Latin translators and linguists who created a word in Latin which roughly translates to the equivalent of an effect with undefined contours. Another difficult aspect of an initiative like this was the choice on which of the written dialects to use. There is essentially one Latin dialect per valley, but the team decided to use the variety of Valbadia, which is the most widely spoken and used. However, the team made a concerted effort to use words and forms that are as comprehensible as possible throughout the entire Latin territory. Thank you. Laudan speakers can now use their smartphones with a Laudan user interface, thus helping to highlight the importance of including endangered indigenous languages in this technology. Professor Paul Vitasat believes that having Laudan in these mobile phones shows not only for the Laudans, but to all users of smaller languages in the world, that their language was not only useful for the 20 centuries before our time, but will be useful also in the future. Definitively, this project will help Laudan and other minority languages to be more visible. Mobile phones are like the pencil of the 21st century, and having minority languages and having Laudan in them has the same importance of having a language in a book in the centuries before. As leaders of technology, Lenovo Foundation and Motorola recognize our responsibility to positively influence society through environmental and social governance. We are committed to the international decade of indigenous languages from 2022 to 2032 and look toward community feedback to improve our process. We also value sharing our process with the public We also value sharing our process with the public so that others can join the language revitalization and digitization causes. Through this digital inclusion initiative and the communities that we have collaborated with, we have translated and open sourced over 1 million words that are available at Motorola.com so that they can be downloaded by educators, researchers, and industry experts aiming to promote the revitalization of endangered indigenous and minority languages. With the core tenets of passionate employee experts, a commitment to respect for diverse and underrepresented cultures, commitment to quality through collaboration of scholars and institutions, and a vision for an impact broader than Motorola devices, the digital inclusion of indigenous languages initiative will continue. We will now take questions for our Q&A session.

Audience: Hello everyone. Good morning. I hope I’m audible enough.

Santiago Mendez Galvis: Hello. We hear you.

Audience: Good. My name is Osei Keja. I’m from Ghana and very excited to be part of this conversation. I’m also the rep for West African youth IGF coordinator. This particular topic is of very great interest because in my country, Ghana, there are two dialects which are only one dialect which two people only speak is going to stand by BBC report last year. I didn’t see much of work being done in Africa and maybe more on that will help. Beyond interface translation, I would like to know how the Motorola intends to address the deeper challenges when it comes to ensuring that digitized languages evolve and remain culturally relevant. Also, about co-creation of local communities. If you can just provide clarity on that, I would be grateful. Thank you very much.

Santiago Mendez Galvis: Thank you.

Delaney Gomez-Jackson: As you know, we have done localization and keyboard projects. If I understand your question correctly, it’s how can we expand beyond that beyond the digitization to really impact communities? And what I can say on that is we when we look to initiate new phases of the project, we make sure that we work very closely with the community to ensure that something like localization or keyboard creation is part of their needs. As I mentioned before, community acceptance and feedback is one of our primary parameters for when we decide to include and work with the community into our phones. And so when it comes to other sorts of initiatives that expand beyond localization and keyboard projects, we really want to collaborate with the community to ensure that another sort of project fits that. So it really is a case by case basis, depending on what the community wants and how they feel that their language can best be preserved and represented.

Santiago Mendez Galvis: Thank you, Delany. And so just to reinform that, then when we partner with organizations in the regions that the language are developed, then we’re pulling resources also into their own, let’s say, ecosystem. So at the same time, we’re kind of revitalizing the community around the language. Do we have any other questions? Yes, please.

Audience: Can you hear me? Yes. Okay. Hello, everybody. My name is Yao Senou. I’m from Benin. I represent the youth IGF Benin. Thank you for your presentation. I just have one quick one. I was a bit late, so I didn’t follow all the slides you presented. I want to understand how do you actually select the language you work on? And also the second question is, at the current stage of the process you’ve developed, how we can replicate it into other regions like Africa? You know, mostly we are one tiny country and we have 60 different dialects that people want to revitalize. And since we’re also looking at how to include people, everybody, into the digital inclusion sphere, so how we can replicate what you already developed in those contexts? Thank you very much.

Santiago Mendez Galvis: Thank you.

Delaney Gomez-Jackson: I can take this question. I have put back onto the slides our parameters for language selection. And so these parameters include various things such as the official UNESCO endangerment status of the language. So we work with languages that are endangered. So this can include the vulnerable slash endangered category, the definitely endangered category, severely endangered, and critically endangered categories. We also assess whether the language has been supported by Unicode, for example, or Gboard or CLDR. So we look at all of these technical aspects of digital inclusion to see where the language falls in that. And then, as I mentioned before, community input and feeling regarding the digitization. So as Motorola and Lenovo Foundation, we want to ensure that the community is respectfully involved from the beginning to the end of the process. So we work with the community to figure out what sort of digitization process will best suit their language preservation needs. And then, finally, the availability of subject matter experts to guide the project in the direction that the community wants. So these can be community leaders. These can be professors or scholars, basically anyone who can help us bridge that gap between us to the community to ensure that everyone can respectfully communicate their needs with one another. And then I’ll pass it over to my colleague, Juliana Rebelatto, who is here over Zoom to answer the second part of the question, which is how something like this project can be replicated or how other communities can go through this process.

Juliana Rebelatto: Thank you so much, Delaney. Can you hear me all right?

Santiago Mendez Galvis: Yes, we can hear you.

Juliana Rebelatto: Well, thank you for your question. And I’m sorry to hear about the language of your community that only has two speakers. We understand the importance of those actions. And I would say that there are a couple of ways that one community could replicate the work that we’re doing. I’ll give an example of what’s happening with the Kaingang community in the south of Brazil. They’re using our smartphones to bring the technology and the language into classrooms. So, of course, that is an expansion of what we’re doing. The actual replication, I would say, fits into the second example I will give. Based on the language, Latin in Italy that we speak. supported. There have been continuity studies that researchers used our corpus, the data, the data set, the language set that we made available in Motorola.com web page, and they’re working on building machine translation models for their communities to be able to further use the language, for example. I would say that for languages such as the ones that have not been part of our program yet, one thing that could be possible to be done is for us to initiate a conversation, because like Delaney mentioned earlier, we’re always looking at how else we can contribute to communities, so we’ll be happy to share our email addresses, and hearing out what the community’s needs are helps us define the next steps of our journey. Motorola and Lenovo Foundation are fully committed to digital inclusion. Lenovo’s mission is smarter technology for all, so we take real respect on any type of needs that the community has. Of course, we cannot make promises, but we can, of course, be committed to listening to your needs and understanding how else we could be collaborating with the language.

Santiago Mendez Galvis: Thank you very much, Juliana. Do we have any other questions in the audience, or do we have any questions online? No questions online. Anyone else?

Dharam Gokhool: Good morning. Good morning. Myself, the President of the Republic of Mauritius. I’ve traveled a long distance to come to this conference, and I must congratulate the speaker and other speakers, because it has to do deal with cultural heritage, and I find it very interesting that Motorola is partnering with UNESCO for the preservation of indigenous languages. I have a very simple question, that is, in terms of requests that are channeled to UNESCO and the Motorola Foundation, could NGOs also forward requests based on the criteria that you have mentioned, or should it be channeled officially by governments?

Delaney Gomez-Jackson: Juliana, would you like to take that question?

Juliana Rebelatto: I can, yes. Thank you. Nice meeting you virtually. So, yes, I’ll be happy to share my email address in chat, and you’re welcome to share requests. We’re open to listening to what the community’s needs are. It does not need to come through government official requests. We have been partnering up with professors from universities, from local universities, as well as nonprofit organizations, and this is normally the model of work we do. We partner up with nonprofit organizations to make payments to the translators that are going to be working with us, and to the researchers that are going to be onboarded in our initiative phase. We want to make sure everyone works in the initiative. It’s treated the same way as any translator or linguist of any other widely spoken language is. That’s why it is important that we also have a contact of a nonprofit organization. But, yes, short answer is feasibilities of that that we would be happy to hear out what your requests would be. We’ll be glad to assess the

Gianluca Diana: . Just to summarize, so it doesn’t have to be an NGO. It’s mostly about the subject matter experts for the specific language, and how they can help us to build the program. So, we can share later our contacts, and we can actually follow up. Okay. Thank you very much.

Santiago Mendez Galvis: Do we have something online?

Delaney Gomez-Jackson: Um, just a request to share email addresses.

Santiago Mendez Galvis: Any other comments? Maybe, Juliana, would you like to add something?

Juliana Rebelatto: Yeah. I think one piece of information that has always helped for adding here is one curiosity that normally comes to us. A question is how this program initiated, and what motivated Motorola and Lenovo Foundation to look into languages that are normally not seen in technology. I would say that the reason the three of you are there speaking, and the reason that we’re doing the work since 2019 when we initiated the research is precisely the gap that we have identified. We identified that digital, that endangered indigenous languages are not fully well represented, and certainly not represented well enough in technology. We hope this speech and this initiative that we have been delivering to the globe will inspire others, will inspire other companies, other groups to look into minority languages, and to, you know, talk to the community and hear out what they have to say, what is important for them. We truly believe that small steps, like the creation of a keyboard, can change lives, and we hope this will trigger others to follow our path.

Santiago Mendez Galvis: And just a little bit, like, would you mind to share any roadmap? You know, we don’t have to formalize, but is there anything we could share with the audience about, like, future languages? Because there’s still a few years to come.

Juliana Rebelatto: Yes, we normally do not fully cover a stiff roadmap. Like, I answered two questions before, we’re always looking out to the current community needs, and the actual goals that we have are aligned with the community needs, first and most important of all. What I can say, Santi, is that we have been at UNESCO’s kickoff event for the International Decade of Indigenous Languages, and that was in 2022. The decade is declared from 2022 to 2032, so although there is no defined cadence for us to announce new languages, we are fully committed to the UNESCO decade, and we’re going to be constantly looking at what else could be done, what other languages in the globe could be part of our initiative, so that we announce them, and we work closely with expert matters, subject to expert matters, the community, translators, professors, leaders of the community, and government parties to make sure that we are onboarding more. So, there is no predefined roadmap, but there is certainly one that we’re very excited to keep on working on, and we are committed up until the end of the UNESCO’s International Indigenous Languages.

Santiago Mendez Galvis: Thank you, Juliana. I think then we are good to go. Any last questions for the audience before we finish? Then, on behalf of Mott and the Lenovo Foundation, we thank you for taking your time to listen to us, and wish you a very nice day. Thank you, everyone. Thank you. Thank you.

Santiago Mendez Galvis

Speech speed

133 words per minute

Speech length

696 words

Speech time

312 seconds

Lenovo Foundation’s Digital Inclusion Mission and Global Impact

Explanation

Santiago presents the Lenovo Foundation as the charitable arm of Lenovo Group that focuses on empowering those in need with access to technology and education. The foundation operates globally with ambitious targets to impact millions of people through various digital inclusion programs.

Evidence

Lenovo Group covers over 180 countries with 70,000 employees, 30+ manufacturing sites worldwide, and R&D labs in 18 countries. The foundation has over 100 partners globally and targets impacting 15 million people. Specific initiatives include LIBRAS project for hearing impairment in Brazil, Scott Morgan Foundation partnership for ALS avatar solution, Tech to the Rescue partnership, cultural heritage work with Chinese universities, and Gen Z mental well-being support.

Major discussion point

Digital inclusion and global technology access

Topics

Development | Sociocultural

Agreed with

– Delaney Gomez-Jackson
– Juliana Rebelatto

Agreed on

Digital inclusion as a fundamental mission

Gianluca Diana

Speech speed

115 words per minute

Speech length

380 words

Speech time

197 seconds

Responsible AI Development and Policy Framework

Explanation

Gianluca emphasizes Lenovo’s commitment to responsible AI development through both internal governance and external policy engagement. The company believes that AI innovation can only thrive when supported by strong governance aligned with principles like fairness, accountability, transparency, and human oversight.

Evidence

Lenovo has comprehensive AI policy framework ensuring legal compliance, privacy, data protection, and ethical standards across AI lifecycles. Internal governance includes responsible AI committee and chief AI officer. External engagement includes being first signatories of EU AI Pact, member of UNESCO AI Business Council, supporter of Canadian Voluntary Code on Responsible AI. They host panel discussions in Italian Senate, Spain, Tokyo, and Sao Paolo.

Major discussion point

Responsible AI governance and policy engagement

Topics

Legal and regulatory | Human rights

Delaney Gomez-Jackson

Speech speed

136 words per minute

Speech length

2352 words

Speech time

1030 seconds

Indigenous Language Digital Inclusion Initiative Overview

Explanation

Delaney explains that the initiative addresses the critical gap in endangered indigenous language representation on mobile phones, discovered in 2020. The program aims to serve communities by raising awareness, providing easier access to technology, and empowering future generations to use technology in their native languages.

Evidence

Agreed with

– Juliana Rebelatto

Agreed on

Community-centered approach to language preservation

Over 1 million translated words have been open-sourced and made available for educators, researchers, and industry experts

Explanation

Delaney highlights the broader impact of the initiative beyond Motorola devices by making linguistic resources publicly available. This open-source approach enables educators, researchers, and industry experts to contribute to language revitalization efforts.

Evidence

Over 1 million words translated and open-sourced, available at Motorola.com for download by educators, researchers, and industry experts. Core tenets include passionate employee experts, commitment to respect for diverse cultures, commitment to quality through scholar collaboration, and vision for impact broader than Motorola devices.

Major discussion point

Open-source approach to language preservation resources

Topics

Sociocultural | Development

Agreed with

– Juliana Rebelatto
– Audience

Agreed on

Need for global expansion of language preservation initiatives

Audience

Speech speed

150 words per minute

Speech length

320 words

Speech time

128 seconds

African communities face significant language endangerment challenges, with some dialects having only two remaining speakers

Explanation

Audience members from Ghana and Benin highlight the critical situation of language endangerment in Africa, where some dialects are on the verge of extinction. They express interest in expanding the initiative to address the numerous endangered languages across African countries.

Evidence

Ghana has dialects with only two speakers remaining according to BBC report. Benin has 60 different dialects that need revitalization. Limited work being done in Africa compared to other regions.

Major discussion point

Language endangerment crisis in African communities

Topics

Sociocultural | Development

Agreed with

– Delaney Gomez-Jackson

Agreed on

Urgency of language preservation crisis

There is interest in replicating the initiative across different regions, particularly in Africa where countries have numerous dialects needing revitalization

Explanation

Audience members express strong interest in understanding how the Motorola initiative can be replicated in their regions. They seek guidance on the process for expanding the program to address the numerous endangered dialects in African countries.

Evidence

Questions about replication process for Africa. Benin mentioned as having 60 different dialects needing revitalization. Interest in digital inclusion for everybody in the digital sphere.

Major discussion point

Scaling language preservation initiatives globally

Topics

Development | Sociocultural

Agreed with

– Delaney Gomez-Jackson
– Juliana Rebelatto

Agreed on

Need for global expansion of language preservation initiatives

Dharam Gokhool

Speech speed

100 words per minute

Speech length

100 words

Speech time

59 seconds

Official government channels are not required for requests, as the program works directly with subject matter experts and community organizations

Explanation

President Gokhool inquires about the process for submitting requests to the UNESCO-Motorola partnership, specifically whether NGOs can directly submit requests or if government channels are required. The response clarifies that direct community engagement is preferred.

Evidence

Question from President of Republic of Mauritius about whether NGOs can forward requests based on mentioned criteria or if requests should be channeled officially by governments.

Major discussion point

Accessibility of language preservation programs to communities

Topics

Legal and regulatory | Development

Juliana Rebelatto

Speech speed

148 words per minute

Speech length

– Santiago Mendez Galvis
– Delaney Gomez-Jackson

Agreed on

Digital inclusion as a fundamental mission

Small technological steps like keyboard creation can significantly impact lives and language preservation efforts

Explanation

Juliana argues that seemingly small technological interventions, such as creating keyboards for indigenous languages, can have profound effects on language preservation and community empowerment. These tools enable practical daily use of endangered languages in digital contexts.

Evidence

Belief that small steps like keyboard creation can change lives. Examples of communities using smartphones to bring technology and language into classrooms. Researchers using corpus data to build machine translation models.

Major discussion point

Impact of incremental technological solutions on language preservation

Topics

Sociocultural | Infrastructure

Agreements

Agreement points

Community-centered approach to language preservation

Speakers

– Delaney Gomez-Jackson
– Juliana Rebelatto

Arguments

Community acceptance and leadership are guiding principles, with decisions made by communities while technical advice is provided by the team

The program welcomes requests from NGOs and communities, partnering with universities and nonprofit organizations rather than requiring government channels

Summary

Both speakers emphasize that successful language preservation requires community leadership and decision-making, with technology companies providing support rather than imposing solutions. They agree that communities should drive the process while receiving technical assistance.

Topics

Sociocultural | Human rights | Development

Digital inclusion as a fundamental mission

Speakers

– Santiago Mendez Galvis
– Delaney Gomez-Jackson
– Juliana Rebelatto

Arguments

Lenovo Foundation’s Digital Inclusion Mission and Global Impact

Indigenous Language Digital Inclusion Initiative Overview

The program aims to inspire other companies and organizations to support minority languages and engage with communities

Summary

All Lenovo/Motorola speakers share a unified commitment to digital inclusion as a core organizational mission, specifically targeting underserved communities and endangered languages to ensure technology accessibility for all.

Topics

Development | Sociocultural

Urgency of language preservation crisis

Speakers

– Delaney Gomez-Jackson
– Audience

Arguments

Indigenous Language Digital Inclusion Initiative Overview

African communities face significant language endangerment challenges, with some dialects having only two remaining speakers

Summary

Both the presenter and audience members acknowledge the critical nature of language endangerment globally, with specific recognition that many languages are on the verge of extinction and require immediate intervention.

Topics

Sociocultural | Development

Need for global expansion of language preservation initiatives

Speakers

– Delaney Gomez-Jackson
– Juliana Rebelatto
– Audience

Arguments

Over 1 million translated words have been open-sourced and made available for educators, researchers, and industry experts

The initiative is committed to UNESCO’s International Decade of Indigenous Languages (2022-2032) without a predefined roadmap but with ongoing community-needs assessment

There is interest in replicating the initiative across different regions, particularly in Africa where countries have numerous dialects needing revitalization

Summary

All parties agree on the need to scale language preservation efforts globally, with the company committed to expanding their initiative and audience members expressing strong interest in replication across different regions, particularly Africa.

Topics

Development | Sociocultural

Development | Legal and regulatory | Sociocultural

Unexpected consensus

Open-source approach to proprietary technology solutions

Speakers

– Delaney Gomez-Jackson
– Juliana Rebelatto

Arguments

Over 1 million translated words have been open-sourced and made available for educators, researchers, and industry experts

The program aims to inspire other companies and organizations to support minority languages and engage with communities

Explanation

It is unexpected for a commercial technology company to open-source over 1 million translated words and actively encourage competitors and other organizations to replicate their work. This demonstrates unusual corporate altruism in prioritizing social impact over competitive advantage in the language preservation space.

Topics

Sociocultural | Development

Direct community engagement bypassing government channels

Speakers

– Juliana Rebelatto
– Dharam Gokhool

Arguments

The program welcomes requests from NGOs and communities, partnering with universities and nonprofit organizations rather than requiring government channels

Official government channels are not required for requests, as the program works directly with subject matter experts and community organizations

Explanation

The consensus that a major corporate initiative can and should bypass official government channels for cultural preservation work is unexpected, especially when discussed with a sitting president. This represents agreement on grassroots empowerment over traditional diplomatic protocols.

Topics

Legal and regulatory | Development | Sociocultural

Overall assessment

Summary

The discussion demonstrates strong consensus across all participants on the critical importance of language preservation, the need for community-centered approaches, and the urgency of scaling digital inclusion initiatives globally. Key areas of agreement include the crisis of language endangerment, the effectiveness of community-led technology solutions, and the need for direct engagement with communities rather than government intermediaries.

Consensus level

Very high consensus level with significant implications for the future of indigenous language preservation. The alignment between corporate commitment, academic support, and community needs creates a strong foundation for expanding these initiatives. The unexpected willingness of a commercial entity to open-source resources and encourage replication suggests a paradigm shift toward collaborative rather than competitive approaches to cultural preservation technology.

Differences

Different viewpoints

Unexpected differences

Overall assessment

Summary

The discussion showed remarkable consensus among all speakers on the importance of indigenous language preservation, digital inclusion, and community-centered approaches. The only tension emerged around implementation pace and scale.

Disagreement level

Very low disagreement level. This was primarily a presentation format rather than a debate, with speakers from Lenovo/Motorola presenting their initiative and audience members asking clarifying questions. The minimal disagreement around implementation approaches reflects different regional urgencies rather than fundamental philosophical differences, which actually strengthens the overall consensus on the importance of the work while highlighting the need for adaptive strategies based on local contexts.

Partial agreements

Development | Legal and regulatory | Sociocultural

Takeaways

Key takeaways

Lenovo Foundation’s Indigenous Language Support initiative addresses a critical gap in digital inclusion by bringing endangered languages to smartphone interfaces and keyboards

The program has successfully implemented 8+ languages across multiple continents since 2021, with community-led decision making as the core principle

Approximately 40% of world languages are endangered with one lost every two weeks, making technological preservation efforts urgent

The initiative has open-sourced over 1 million translated words for broader educational and research use

Community acceptance and collaboration with subject matter experts are essential prerequisites for language digitization projects

The program operates through partnerships with universities, NGOs, and cultural institutes rather than requiring government channels

Small technological interventions like keyboard creation can have significant impact on language preservation and community empowerment

Resolutions and action items

Team committed to sharing contact information with interested communities and organizations for potential collaboration

Ongoing commitment to UNESCO’s International Decade of Indigenous Languages (2022-2032) with continued language assessment and implementation

Open invitation for NGOs and communities to submit requests based on established criteria without requiring government approval

Continued collaboration with existing communities to expand beyond basic digitization based on their specific needs

Unresolved issues

No specific roadmap or timeline provided for future language implementations beyond the 2032 UNESCO commitment

Limited discussion of how to scale the initiative to address the vast number of endangered languages globally, particularly in Africa

Unclear resource allocation or capacity limitations for handling multiple simultaneous requests from communities

No detailed explanation of technical requirements or infrastructure needed for communities to participate

Insufficient detail on how the program measures long-term impact on actual language revitalization beyond technological implementation

Suggested compromises

Case-by-case assessment approach for expanding beyond localization and keyboard projects based on individual community needs

Flexible partnership models working with various types of organizations (universities, NGOs, cultural institutes) rather than requiring specific institutional structures

This comment was particularly impactful because it brought urgent, real-world context to the discussion with specific data about language extinction. It highlighted geographical gaps in current efforts and personalized the crisis by referencing a language with only two remaining speakers, making the abstract concept of language endangerment concrete and immediate.

Impact

This comment introduced a sense of urgency and geographical awareness to the discussion, prompting the presenters to address how their model could be replicated in underserved regions. It shifted focus from celebrating achievements to acknowledging gaps and considering scalability and global equity in language preservation efforts.

Overall assessment

Explanation

This highlights a research gap in understanding and addressing endangered language preservation efforts specifically in African contexts.