Launch / Award Event #96 Empower the Global Internet Standards Testing Community

Summary

This discussion centered on the official launch of the Global Internet Standards Testing Community (GISTC) at the Internet Governance Forum, aimed at promoting secure internet environments through collaborative testing and knowledge sharing. Wouter Van Den Bosch, Community Manager International of Internet.nl, explained that after the 2013 launch of their open-source testing tool, various organizations worldwide began using it independently, but lacked broader interaction and coordination. The new community seeks to address this gap by creating a cooperative body where organizations can share experiences, develop next steps together, and raise awareness about security-related internet standards deployment.

Walter Kobes demonstrated Internet.nl as a testing tool that allows users to easily assess website and email domain security, providing not only results but concrete improvement recommendations. The tool processes over 5 million scans annually in the Dutch version alone and has been adopted by countries including Brazil, Denmark, Germany, and France. Alena Murawska from RIPE NCC emphasized the critical importance of internet standards for global connectivity, highlighting how policy makers increasingly recognize their role in economic development and national security, particularly with regulations like NIS2 making certain standards mandatory.

International speakers shared their experiences: Gilberto Zorello described Brazil’s successful implementation called “STOP” with Portuguese interface and integration into their Safer Internet Program, while Daishi Kondo from University of Tokyo discussed email security research and the need for policy frameworks to drive adoption. The community welcomes all interested organizations, from government agencies to academic institutions, and plans to coordinate future development of testing standards including potential post-quantum cryptography support.

Keypoints

## Major Discussion Points:

– **Launch of Global Internet Standards Testing Community (GISTC)**: The primary focus was officially launching an international community around Internet.nl, an open-source testing tool that helps organizations assess their compliance with internet security standards like IPv6, DNSSEC, and email security protocols.

– **Internet.nl Tool Capabilities and Global Adoption**: Detailed explanation of how the testing tool works, showing real-time examples of website security assessments, and highlighting its successful implementation in multiple countries including Brazil (called “STOP”), with emerging adoption in Germany, France, and research use in Portugal and by the European Commission.

– **Policy and Regulatory Drivers for Internet Standards**: Discussion of how government policies, particularly the EU’s NIS2 regulation, are making internet security standards increasingly mandatory, with examples of successful “comply or explain” approaches in the Netherlands and the European Commission’s multi-stakeholder forum on internet standards deployment.

– **International Experiences and Benefits of Collaboration**: Presentations from Brazil, Japan, and the Netherlands showcasing different approaches to internet standards testing, emphasizing how international cooperation can help bridge policy gaps, share best practices, and accelerate adoption of security measures across different cultural and regulatory contexts.

– **Community Building and Future Development**: Focus on creating an open community where governments, academia, and technical organizations can collaborate, share experiences, learn from each other’s challenges, and coordinate future developments including potential additions like post-quantum cryptography testing.

## Overall Purpose:

The discussion aimed to officially launch the Global Internet Standards Testing Community, bringing together international stakeholders to promote the adoption of internet security standards through collaborative testing, knowledge sharing, and coordinated policy approaches.

## Overall Tone:

The tone was consistently professional, collaborative, and optimistic throughout the session. It maintained a welcoming and inclusive atmosphere, emphasizing partnership and mutual benefit rather than competition. The speakers demonstrated enthusiasm for international cooperation and showed genuine interest in expanding the community, ending on a celebratory note with the official launch and invitation for continued engagement.

Speakers

– **Wouter Van Den Bosch**: Community Manager International of Internet.nl, a testing tool for internet security standards

– **Walter Kobes**: Colleague at Internet.nl, technical expert who explains the Internet.nl testing tool functionality

– **Alena Muravska**: Representative of RIPE NCC (Regional Internet Registry), responsible for IP address allocation and registration, expert in internet standards and protocols

– **Gilberto Zorello**: Project Manager from Brazilian Network Information Center (NIC.br), implements decisions and projects for Brazilian Internet Steering Committee (CGI.br)

– **Daishi Kondo**: University of Tokyo, researcher specializing in email security

– **Doreen Booghaart**: Online moderator for the event

– **Nico Caballero**: GAC Chair (Governmental Advisory Committee) within ICANN

**Additional speakers:**

– **Annemieke Toersen**: Platform Internet Standards in the Netherlands (mentioned as being present but did not speak in the transcript)

– **Flavio Anais**: Systems development manager at NIC.br (mentioned by Gilberto as being present)

– **Santosh Pandit**: Online participant who asked a question about post-quantum cryptography

– **Peter**: Reporter in the Netherlands (mentioned in closing remarks)

# Global Internet Standards Testing Community Launch: Discussion Report

## Executive Summary

The Internet Governance Forum witnessed the official launch of the Global Internet Standards Testing Community (GISTC), marking a significant milestone in international cooperation for internet security standards deployment. This session brought together representatives from the Netherlands, Brazil, Japan, and various international organisations to establish a collaborative framework for testing and promoting internet security standards globally.

The discussion centered on the evolution of Internet.nl from a Dutch national testing tool to an international open-source platform, with the new community structure designed to facilitate knowledge sharing and coordinate development efforts across different jurisdictions.

## Background and Community Formation

### Origins of the Initiative

Wouter Van Den Bosch, Community Manager International of Internet.nl, explained the genesis of the global community initiative. Following the 2013 launch of Internet.nl as a Dutch national tool, the platform became open source to enable international adoption. However, while various organisations worldwide began implementing their own versions independently, there was a lack of broader interaction and coordination between these implementations.

The catalyst for formalising this community came through a meeting in March, where representatives from different countries recognised the need to create a cooperative body. This gathering highlighted the potential benefits of sharing experiences, developing coordinated next steps, and raising awareness about security-related internet standards deployment through collaborative efforts.

Van Den Bosch emphasised that the active use of testing tools provides organisations with crucial insights into their country’s security status, enabling more informed policymaking responses.

### Community Structure and Objectives

The newly launched community operates on principles of openness and inclusivity, welcoming participation from governments, academic institutions, and technical organisations interested in standards testing. The primary objectives include facilitating knowledge sharing between international implementations, coordinating future development of testing standards, and creating mechanisms for addressing emerging security challenges such as post-quantum cryptography integration.

## Technical Capabilities and Global Adoption

### Internet.nl Tool Functionality

Walter demonstrated the testing tool’s capabilities during the session, despite some initial microphone difficulties. The platform serves as both an individual testing service and a comprehensive dashboard system, processing over 5 million scans annually in the Dutch version alone. The tool evaluates websites and email domains across multiple security standards, including IPv6 implementation, DNSSEC deployment, RPKI, DNS security, and email security protocols.

Crucially, Internet.nl goes beyond merely identifying security issues by providing concrete improvement recommendations. The tool’s interface presents results in an accessible format, enabling both technical specialists and policy makers to understand security postures and necessary improvements.

The technical architecture supports localisation and customisation, allowing different countries to adapt the interface and testing parameters to their specific needs while maintaining core functionality.

### International Implementation Experiences

The global adoption of Internet.nl has yielded diverse implementation approaches. Brazil’s implementation, branded as “STOP” (which stands for “Test Standards” in English), represents one of the most comprehensive adaptations. Gilberto Zorello, Project Manager from Brazilian Network Information Center (NIC.br), detailed how the Portuguese-language interface became integral to the Safer Internet Program.

Brazil is currently running version 1.7 and testing version 1.9 of the tool. The Brazilian approach extends beyond simple testing to include comprehensive support mechanisms: technical training programmes, ISP guidance meetings, and recognition awards for companies following security recommendations. NIC.br created an award for best operational practices and conducts ICT enterprise surveys every two years through CETIC.br.

Denmark, Germany, and France have also adopted the platform, while Portugal and the European Commission utilise it for research purposes. Walter noted that international users have been instrumental in identifying improvements and suggesting enhancements, creating a collaborative development cycle that benefits all implementations.

## Policy and Regulatory Context

### European Regulatory Framework

Alena Muravska, representing RIPE NCC, provided context on the evolving regulatory landscape, specifically mentioning the NIS2 regulation and its impact on internet standards deployment. She emphasised that while governments play an increasingly important role in promoting these standards, their efforts must complement rather than replace the open collaborative processes that have maintained internet innovation and accessibility.

### Successful Policy Integration Models

The Netherlands’ “comply or explain” approach was highlighted as a successful model for government-led standards promotion. This framework requires organisations to either implement recommended security standards or provide explanations for non-compliance, creating accountability without mandating specific technical solutions.

Van Den Bosch also suggested that economic buying power from customers demanding secure services could be a significant driver for standards deployment, positioning testing tools as enablers of informed customer choice.

## International Perspectives

### Japanese Experience

Daishi Kondo from the University of Tokyo provided comparative analysis based on email security research. His findings demonstrate that adoption of email security measures is significantly influenced by policy frameworks and security culture, with the Netherlands achieving high adoption rates through initiatives like the Comply or Explain List and Internet.nl.

In contrast, Japan lacks similar policy mechanisms or counterpart tools to Internet.nl, creating adoption challenges for email security measures. Kondo emphasised that international cooperation is essential to bridge policy and cultural gaps affecting security standards adoption.

### Brazilian Integration Success

Gilberto highlighted the importance of language localisation, noting that the Portuguese interface was crucial for adoption in Brazil where English proficiency is limited. The Brazilian approach demonstrates how testing tools can be successfully integrated into comprehensive national cybersecurity programmes.

## Future Development and Emerging Challenges

### Post-Quantum Cryptography Integration

Online participant Santosh Pandit asked about the community’s approach to post-quantum cryptography support. Walter confirmed that post-quantum cryptography capabilities will be added to the Internet.nl testing suite when relevant standards are established and widely accepted, ensuring quantum-proof ciphers for web and email servers.

### Community Coordination and Next Steps

The community will hold a prioritisation meeting in October in the Buskerud room in the hotel to establish priorities for the first year of operation. Nico Caballero, GAC Chair within ICANN, expressed interest in government cooperation mechanisms, particularly for countries interested in implementing DNSSEC, cryptography, and other standards.

Additionally, the Internet Standards Security Coalition report presentation was scheduled for Friday morning at 9 o’clock in Room 1.

## Participation and Engagement

The session included both in-person and online participants, with Doreen Booghaart serving as online moderator. Annemieke Toersen from platform Internet Standards Netherlands was introduced but did not speak during the session. The community encourages participation through various channels, including a QR code signup process mentioned during the presentation.

## Conclusion

The launch of the Global Internet Standards Testing Community represents a significant step towards coordinated international cooperation in internet security standards deployment. The strong foundation of successful national implementations, combined with diverse international experiences, provides a solid basis for community development.

The session concluded on a celebratory note with cake, marking the formal launch of this collaborative initiative. The community’s success will depend on its ability to balance technical excellence with policy effectiveness, local adaptation with global coordination, and current needs with future challenges in internet security standards deployment.

Wouter Van Den Bosch: Good morning. Welcome to this launch event with the name Empower the Global Internet Standards Testing Community. My name is Wouter Natus van den Borch and I’m the Community Manager International of Internet.nl, a testing tool that my colleague Wouter Kobes will tell you more about in a minute. Why an international community? After its launch in 2013, the community behind Internet.nl made the decision that the software behind it would be open source and available for anyone to use. Also, a testing environment was created that more and more people started to use. Some organizations decided to use the existing toolkit, other organizations built their own, but more or less with the same goal, testing how secure their and their country’s internet environments are. Contact remained between organizations one-on-one between the interested parties and Internet.nl itself. There was no broader interaction. And the people behind Internet.nl aspired to change this. After a few months in preparations, in March this year, representatives from different countries and organizations met for the first time. They decided that there’s merit in creating a cooperative body in which they can work together, share experiences, and agree on and or develop next steps. The next meeting is scheduled in somewhere in October and will be defined for prioritizing in the first year. As a global internet standards testing community is open to all with an interest to start working with this tool, we decided to do an official launch here at the Internet Governance Forum. As an internet standards deployment and the spreading of the knowledge why this is crucially important for a more secure and safer environment, it is important to work with governance. By working together, it becomes easier to raise awareness around and raise the deployment of security-related internet standards. And by creating a community, the profile of the work and its outcomes is raised considerably. Additionally, all involved can learn from each other’s experiences, from their outcomes and how they can be used, from challenges and how they were overcome, from the arguments used to convince superiors to partnerships making cooperation possible, et cetera, et cetera. And this may go for more experienced organizations as much as those with a first interest. Other forms of added value may lay in more enhanced cooperation in the future and perhaps coordination on future steps. Formulation of common ambitions or outreach programs all adhere to and perhaps even the creation of a more formal organization. But why should I join or you join this community, you might ask. For starters, because the active use of this tool provides you and your organization the insight how secure or insecure organizations in your country are and allows you for knowledge and insight for responses and policymaking. But let me as an introduction stop here and introduce the people around me. I’m here with Walter Kobus of Internet.nl. I’m with Elena Murawska of RIPE NCC. Online are Gilberto Zorelli of NIC.pr and Daishi Kondo of the University of Tokyo. Also with me is Annemieke Toersen of the platform Internet Standards in the Netherlands and Doreen Booghaartwho is our online moderator. So first I’m going to ask Walter to explain to you what Internet.nl is and what it does. So Walter, the floor is yours.

Walter Kobes: Yes, thank you very much, Wout. And let me go to the next slide. Yeah, so I will shortly explain to you the Internet.nl testing tool and what you can… Is my sound working? Yeah, it is. I think it’s your problem. So you can… I will shortly explain to you where Internet.nl can be used for and how it works. So basically it is a testing tool in which you can easily test either your website or email domain name. Showing right now is the results of the IGF 2025 website which, as you can see in our vision, there are still some improvements available and basically this reporting does not only tell you what is good and what is wrong but also gives you concrete steps how to improve them. And luckily if you look to other parts of the Norwegian government, you will see that they perform better. So for instance, this is the Norwegian digital gateway that actually has only very minor improvements still recommended by us. So this is the individual testing in which, well, basically everyone can test their own domain names right now if you go to Internet.nl. However, for organizations it’s mostly required to scan a lot of domain names and on a regular basis. For this we have also a dashboard available. This allows for creation of reports, scheduled scanning, trend monitoring over time and basically in total we have seen that just for the Dutch version of this code base we see over 5 million scans annually both on the individual test and the dashboard testing happening right now. As was mentioned by Wout, this source code is open source available and it has throughout the years already been picked up by other countries. So these are a few examples of the use of Internet.nl around the world in Brazil, Denmark and we see new instances starting in Germany, France, etc. And also the project is used in various measuring projects in Portugal, European Commission, in which they do not present the website themselves but they use it to generate reports for their research. And over the years many of these international people have worked with Internet.nl but also gave us feedback and helped us improve the product more and more which is of course also why we’re trying to create this community to make this code base even more widely known but also get something back from the community to make

Wouter Van Den Bosch: the product even better. So that’s in real short the introduction on Internet. Thank you very much Wouter and as you can see that if you go to Internet.nl you can type in the name of your own organization and immediately see how secure or insecure your organization is but also you get the advice on the steps that you could take to make yourself more secure. So it’s something you can do here or later at home and show to the people responsible for ICT what they can do. Let me go to the next speaker and Alena Murawska is going to tell you about how important Internet standards are and why we are having this discussion and why RIPE NCC supports the Internet.nl initiatives already for quite some years. Alena the floor is yours. Thank you Wouter. Good morning

Alena Muravska: colleagues here in the room but also colleagues online and I’m very grateful for this opportunity to be a part of this important launching event. It’s an important milestone for the global technical Internet standard testing community. So I’m Alena Murawska and I represent the RIPE NCC here. We are a regional Internet registry and in this function we are responsible for the allocation and registration of IP address and autonomous system numbers. Why I am mentioning this? So we have two core principles of the Internet and the registration is one of them and the registration ensures that the resources are globally unique and traceable. That makes the Internet global actually. But the second principle of the Internet is actually the protocol standardization. It’s a development and the adoption of open standards that define how devices communicate over the Internet. So and together registration and standardization have enabled the Internet to function as a global and permissionless platform for innovation. Internet standards are agreed upon technical specifications that underpin the infrastructure of the Internet. Many of you in the room are familiar with all of this so bear with me. Actually my explanation is more referred to the people who are less technical in the room. So the Internet open standards are the building blocks that enable interoperability, comparability and consistency across the thousands of networks. Open standards also enable Internet scalability, security and resilience. At the same time they support the innovation and grow because they allow people and organizations to create new services that make them available worldwide without needing permission. So open Internet standards are publicly available and deployed through the process that are transparent and open to broad participation and organizations as Internet Engineering Task Force, IETF, many of you are very familiar with it, plays a central role in this process. Other policy makers are placing a growing emphasis on Internet standards and they recognize their critical importance for the economic development and and National Security in this changing world. While the governments play a key role in promoting and supporting these standards, their efforts must complement, not replace, the open and collaborative process that have ensured that the Internet remains innovative and accessible for the past few decades. So we have seen various approaches when it comes to implementation of Internet standards because implementation is also a key to success. Successful examples include governments that have developed, for example, national IPv6 roadmaps in close cooperation with the technical community, ensuring that these roadmaps are grounded in the technical reality in their countries. On the other hand, more politically driven roadmaps without sufficient input from technical experts often failed to meet the expectations. So I would like to mention a good example of a successful governmental approach to RPKI. It’s a policy implemented by the Dutch Standardization Forum. They developed an apply or explain approach that made RPKI mandatory for governmental entities and public institutions. And in this case, monitoring RPKI metrics and close collaboration with technical community experts, they are the key factor to success. So we’ve also seen that your approach to Internet standards has gradually evolved over the years. And since 2019, so already six years ago, the European Commission has launched a series of initiatives to strengthen the role of the European Union in standardization processes and promote its vision for the Internet. And NIS2, as we all know, puts the deployment of key Internet standards in this spotlight even more. So the NIS2 implementing regulation adopted in 2024 requires operators to take appropriate technical and organizational measures, including the adoption of transition plans to modern network protocols, so think about IPv6 here, best practices for Internet routing security, such as RPKI, and measures for DNS and ML security. So these requirements are framed in technology-neutral and flexible manner, yet they reflect the growing governmental interest in driving the deployment of the standards. So the last activity that we’ve seen in this area is the European Commission’s established multi-stakeholder forum on the deployment of Internet standards, supported by NISA and national authorities. So this forum aims to identify the best practices, standards, and deployment techniques in the four areas which I already mentioned, so that’s network layer protocols, email security, DNS security, and routing security. So this initiative is welcome as long as leadership and decision-making stay anchored in the technical community. And why all this story? Because we believe that the testing community could play a key role in monitoring and deployment of adoption of the standards. Because of all the dimensions, testing ensures that standards are not only implemented, but also correctly and consistently deployed. So it helps prevent fragmentation, enforces interoperability, and raises the overall quality of the Internet infrastructure. So tools like Internet.nl are excellent examples in this process. So they help public and private institutions access their compliance, this established Internet standard, so Vaud already mentioned that as well. And on organizational level, testing contributes to more efficient processes and helps integrate security improvements into daily workflows. So on a broader scale, also testing fosters cooperation and collaborative learning, and it creates mechanisms for implementing standards and aligning the efforts of public administrators, service providers, and the technical community. Thank you.

Wouter Van Den Bosch: Thank you, Alena. I think that you showed from the technical community side how important it is to start deploying these standards, and also that it’s going to become more or less mandatory within the European Union within a year or two. The next speaker that is coming from Brazil is online, Gilberto Zorello. Please answer the question, how can you join and benefit from the global Internet standard testing community, as it’s now provisionally called? So what are your experiences in the past with running Internet.nl in the Brazilian way?

Gilberto Zorello: Good morning. We have a very good experience with Internet.nl here in Brazil. I’ll bring a short presentation about our experience. I would like to thank Internet.nl for the opportunity to participate in this event, this presentation about our experience with Internet.nl in Brazil. This is our agenda. I’m Gilberto Zorello, project manager from Brazilian Network Information Center, NIC.br, that implements the decisions and projects designed by Brazilian Internet Steering Committee, CGI.br, which is responsible for the coordination and integration of all Internet service initiatives in the country. Flavio Anais is here with me, too. He is the systems development manager at NIC.br. This presentation is about our experience with Internet.nl. We call the tool here in Brazil STOP. In English it’s Test Standards. STOP is part of a bigger program that we have, the Safer Internet Program, which aims to help Internet operators and service providers to reduce security incidents caused by vulnerabilities and configuration errors. We are interested in Internet.nl. Internet.nl is very important, because its recommendations are fully aligned with the objectives of the Safer Internet Program. STOP has a web interface in Portuguese, very important in Brazil, because people here don’t speak any English. We need a web interface in Portuguese. Its operation starts on December 21st. We are currently running the version 1.7 and testing 1.9. We intend to release the dashboard 2. The project is an initiative funded by NIC.br. The tool is disseminated in different cities across the country, through lectures at NIC.br technical events and ISP association fairs. NIC.br offers technical training on specific topics recommended. For instance, configuration of recursive and authoritative DNS service, RPKI and IPv6. The Safer Internet Program holds meetings with Internet service providers to provide guidance on how to implement the best security practice in the networks and how to use the top testing tool.

Wouter Van Den Bosch: We have new activities planned to promote the dissemination of good operational practice. NIC.br created the pickup best operation practice NIC.br award, which rewards institutions that implement continuous improvement in their networks. This year, the annual competition, this year’s competition, companies that configure their websites following top recommendations will be awarded. Gilberto, sorry, I can give you 30 seconds. Okay, finishing. The second activity, the Regional Center for Studies on Development of Information Society, CETIC.br, monitors the adoption of information and communication technologies, ICTs, in Brazil. The CETIC.br conducts ICT enterprise survey that measures the adoption of ICT small, medium, and large enterprises. The survey is conducted every two years. Next survey will check the readiness to meet the best security practices for websites of these companies used on top. Okay, that’s my presentation. I’m ready for questions if you need. Thank you very much, Gilberto, and it shows that it really works in Brazil, so thank you for showing that to us. We’re going to move to the totally other side of the world. We’re going to Japan, and we have a few questions for you. So, Gilberto, we have a few questions for you. We have Daishi Kondo with us, who is now with the University of Tokyo, and he is going to answer the following question. Daishi, what is your experience with the email security research so far, and how do you expect to benefit from international cooperation in the internet of the international community?

Daishi Kondo: Okay. Hello. Good morning, I should say. I’m Daishi Kondo from the University of Tokyo, and one of my research interests is email security. And these days, actually two weeks ago, I presented the email security work in Denmark in the conference, which is called TMA. And we stored several statistics about email security implementations. And from my experience in my email security research, I have realized that the adoption of email security measures is greatly influenced by the policy frameworks and the security culture. For example, the Netherlands has initiatives such as Comply or Explain List and Internet.nl, which have contributed to a high adoption rate of email security measures. On the other hand, Japan lacks similar policy mechanisms or counterpart to Internet.nl. In order to promote the better adoption, it is essential to bridge the needs, policy, and cultural gaps. I believe that the first step in international cooperation is to understand the nature of the differences through collaboration. Thank you very much.

Wouter Van Den Bosch: Thank you, Daishi. What it shows is that we already have a lot of people from around the world joining the community, and that we’re going to ask more people to join. First, I’m going to ask Doreen if there’s any comments made online that she would like to read out.

Doreen Booghaart: Yes, thank you. We have one comment online from Santosh Pandit. In case you were taking questions, he asked, will the community support a journey towards post-quantum cryptography and its use at Internet.nl?

Wouter Van Den Bosch: That is a very good question. What I can say is that we’re going to have a report, but that’s by the Internet Standards Security Coalition of the IGF. It will be presented on Friday morning at 9 o’clock in Room 1. Where this community is concerned, I can imagine, but I’m looking at Walter, that this is an issue that will come up in the near future as one of the potential testing points. But is it being considered already, or is it something that is future, Walter?

Walter Kobes: Yes, most definitely that will be added to the Internet.nl testing suite in due time. And of course, once that’s relevant, you want to be sure that the ciphers used by your web and email server are indeed quantum proof. But that’s something to be added in the future.

Wouter Van Den Bosch: I can imagine that it will, but what the time is, that is harder to set at this moment, because we need the standards to be in place and accepted in a broad way. I’ve got time for one question before we go to the official launch. Is there a question in the room? Then we have a microphone that will go around, so please put up your hand so we can have one question. Yes, the gentleman there. Does this microphone work? Please introduce yourself first.

Nico Caballero: Well, thank you. Can you hear me? Because I can’t hear myself, but anyways, this is weird. So I just wanted to know.

Wouter Van Den Bosch: Please introduce yourself.

Nico Caballero: My name is Nico Caballero. I’m the GAG Chair, Governmental Advisory Committee within ICANN. And I wanted to know if there’s any way to cooperate with governments, with at least certain governments who are very interested in implementing not only DNSSEC, but also symmetric and asymmetric cryptography. Sorry, too early in the morning. Need more coffee. And some other standards. My question is would there be any kind of, let’s say, task force or group or somebody we can contact, I mean specific governments who might be interested in implementing the standards and some way forward?

Wouter Van Den Bosch: I’ll take it first, and then I give it to Walter. I think that the idea behind the community that we are launching in the moment is that everybody with an interest in – I will start again because you didn’t have your phone on. The idea behind the community is that all organizations with an interest in testing the situational standards in their country can participate. So that could be from a governmental angle. It could be from a research angle, academia. It could be from a technical community who also advises members. So all different sort of parties can join and have already joined. So if you would like to promote this in the GAG, then we would be more than welcome to do so. There is a set of standards at this moment that is in the program, but the idea is to develop the program further in the future. And that is something that we hope to also be able to coordinate on between all the different parties so we can set the next steps together. So that’s the idea behind starting this international community. So let’s talk a little bit after the session and we can see how we can promote this further. And would you like to add, Walter?

Walter Kobes: I fully agree and I think the added value of the tool is not to show what standards are implemented and what not, but also to give you the means to implement these standards that are not yet supported. So that is the goal of the program and I think we should get in touch.

Wouter Van Den Bosch: So thank you very much for the question. And we only have half an hour, so I’m already seeing people waving there that we should stop in time. But I want to thank you very much for coming and showing your interest in the launch of this international community. You heard what Internet.nl is, what it does, and why deployment of Internet standards is crucial. And you have heard the experience of the people already working with the tool from the Netherlands, but also in Brazil and in Japan. We could have staged some others, but we have only 30 minutes. Now it’s time to officially launch the international community in which we are going to cooperate to make everyone understand why not deploying the new generation security-related Internet standards and ICT best practices for that matter should no longer be an option for anyone manufacturing devices or offering digital services, etc. Just like it should no longer be an option to not procure ICTs secure by design as an organization. I can’t think of a bigger driver towards deployment than economic buying power, personally. You have a legislation, but if your customer doesn’t want you anymore because you’re not delivering, then you’re out of business. To get there, all concerned need to become more aware of the current situation and feel the pressure shown by this testing tool. How can you join our community? In a moment, Wouter will show you a QR code and you can sign up on a form and you will receive information for the future meeting, probably in October. I’d say, Wouter, let’s launch the Global Internet Standards Testing Community, the GISTC, but not before I welcome you to a bilateral meeting that you can ask questions if you like. It’s on Thursday morning, 10.30 in the Buskerud room in the hotel. If you’d like to have questions and answers, please come to that meeting and we will be there answering your questions. Thank you for joining. Wouter, please launch our… I’m not seeing this slide anymore, but we have some cake to celebrate this launch. Here’s the slide, so let’s go. We’re launching. We’re launching. Thank you very much for joining. Thank you very much for joining. Thank you, presenters, Wouter, Alena, Gilberto, Daishi. Thank you, Doreen, for the online moderation. Peter for reporting, he’s in the Netherlands, and for the scribes and the technical people for really perfect preparation that we’ve had with you. So, thank you very much and I hope to meet you in the community room on Thursday. Thank you. Workshop 2 workshop 2. Workshop 2. Workshop 2. Workshop 2. Workshop 2. Workshop 2. Workshop 2.

Agreement points

Open source approach and international collaboration are essential for Internet standards testing

Speakers

– Wouter Van Den Bosch
– Walter Kobes
– Gilberto Zorello

Arguments

Internet.nl became open source after 2013 launch to enable global use, but lacked broader interaction between organizations until now

The open source code has been adopted by multiple countries including Brazil, Denmark, Germany, and France

Brazil successfully implemented Internet.nl as “STOP” with Portuguese interface as part of their Safer Internet Program

Summary

All speakers agree that making Internet.nl open source has enabled global adoption and that international collaboration through a community structure will enhance the tool’s effectiveness and reach

Topics

Infrastructure | Cybersecurity

Testing tools must provide actionable guidance beyond just identifying problems

Speakers

– Walter Kobes
– Alena Muravska

Arguments

Internet.nl is a testing tool that evaluates websites and email domains, providing concrete improvement steps beyond just identifying problems

Testing communities play a key role in monitoring standards deployment and ensuring correct implementation

Summary

Both speakers emphasize that effective testing tools must not only identify security issues but also provide concrete steps for improvement and ensure proper implementation

Topics

Infrastructure | Cybersecurity

Government and policy support are crucial for standards adoption

Speakers

– Alena Muravska
– Daishi Kondo
– Nico Caballero

Arguments

Governments are placing growing emphasis on internet standards for economic development and national security

Japan lacks policy mechanisms similar to Netherlands’ initiatives, creating adoption challenges for email security measures

Government cooperation through advisory committees like ICANN’s GAC could help promote standards implementation

Summary

All three speakers recognize that government policy frameworks and support mechanisms are essential drivers for successful internet standards adoption

Topics

Legal and regulatory | Infrastructure | Cybersecurity

Similar viewpoints

Both speakers emphasize the value of creating a structured international community for knowledge sharing and collaborative improvement of Internet standards testing tools

Speakers

– Wouter Van Den Bosch
– Walter Kobes

Arguments

Representatives from different countries met in March to create a cooperative body for sharing experiences and developing next steps

International users have provided valuable feedback that has helped improve the product over time

Topics

Infrastructure | Cybersecurity

Both speakers advocate for comprehensive approaches that combine regulatory requirements with practical support mechanisms like training and incentives to drive standards adoption

Speakers

– Alena Muravska
– Gilberto Zorello

Arguments

NIS2 regulation requires operators to adopt modern network protocols, routing security practices, and DNS/email security measures

The Brazilian implementation includes technical training, ISP guidance meetings, and awards for companies following security recommendations

Topics

Legal and regulatory | Cybersecurity | Infrastructure

Both speakers recognize that testing tools serve broader policy purposes beyond technical assessment, helping inform national security strategies and cross-cultural cooperation

Speakers

– Wouter Van Den Bosch
– Daishi Kondo

Arguments

Active use of testing tools provides organizations insight into their country’s security status for policymaking responses

International cooperation is essential to bridge policy and cultural gaps affecting security standards adoption

Topics

Cybersecurity | Legal and regulatory

Unexpected consensus

Economic market pressure as a primary driver for security standards adoption

Speakers

– Wouter Van Den Bosch

Arguments

Economic buying power from customers demanding secure services could be a major driver for standards deployment

Explanation

While most speakers focused on technical and regulatory approaches, Van Den Bosch uniquely emphasized market-driven adoption through customer demand, suggesting economic incentives may be more powerful than regulatory compliance

Topics

Economic | Cybersecurity

Future technology integration planning

Speakers

– Walter Kobes
– Doreen Booghaart

Arguments

Post-quantum cryptography support will be added to Internet.nl testing suite when relevant standards are established

The community provides a platform for bilateral meetings and ongoing collaboration opportunities

Explanation

There was unexpected consensus on the need to plan for emerging technologies like post-quantum cryptography, showing forward-thinking approach beyond current standards

Topics

Cybersecurity | Infrastructure

Overall assessment

Summary

Strong consensus exists on the value of international collaboration for Internet standards testing, the need for actionable testing tools, and the importance of government policy support. All speakers agreed on the open source approach and community-building efforts.

Consensus level

High level of consensus with complementary perspectives rather than disagreements. The speakers represented different geographical regions and organizational types but shared common goals for improving Internet security through standards deployment. This consensus suggests strong potential for successful international cooperation and community development.

Different viewpoints

Role of government vs. technical community in standards implementation

Speakers

– Alena Muravska
– Nico Caballero

Arguments

While governments play a key role in promoting these standards, their efforts must complement rather than replace the open collaborative processes that have kept the internet innovative and accessible

Government cooperation through advisory committees like ICANN’s GAC could help promote standards implementation

Summary

Muravska emphasizes that government efforts must complement, not replace, open collaborative processes and warns against politically driven approaches without technical input. Caballero focuses on expanding government cooperation through advisory committees, representing a more government-centric approach to standards promotion.

Topics

Legal and regulatory | Infrastructure | Cybersecurity

Unexpected differences

Primary drivers for standards adoption

Speakers

– Wouter Van Den Bosch
– Alena Muravska

Arguments

Economic buying power from customers demanding secure services could be a major driver for standards deployment

NIS2 regulation requires operators to adopt modern network protocols, routing security practices, and DNS/email security measures

Explanation

This represents an unexpected philosophical difference in a collaborative launch event. Van Den Bosch emphasizes market-driven adoption through customer demand as potentially more effective than legislation, while Muravska focuses on the importance of regulatory frameworks like NIS2. This disagreement on whether market forces or regulatory compliance should be the primary driver for standards adoption was not anticipated in what appeared to be a unified community launch.

Topics

Economic | Legal and regulatory | Cybersecurity

Overall assessment

Summary

The discussion shows minimal direct disagreement, with most tension arising from different emphasis on approaches rather than fundamental opposition. The main areas of subtle disagreement involve the balance between government/regulatory approaches versus market-driven and technical community-led approaches to standards implementation.

Disagreement level

Low level of disagreement with significant implications for community direction. While speakers generally align on the importance of internet standards and testing tools, their different emphases on regulatory compliance versus market forces, and government involvement versus technical community leadership, could influence how the community develops its strategies and priorities. These philosophical differences may become more pronounced as the community moves from launch to implementation phases.

Partial agreements

Similar viewpoints

Both speakers emphasize the value of creating a structured international community for knowledge sharing and collaborative improvement of Internet standards testing tools

Speakers

– Wouter Van Den Bosch
– Walter Kobes

Arguments

Representatives from different countries met in March to create a cooperative body for sharing experiences and developing next steps

International users have provided valuable feedback that has helped improve the product over time

Topics

Infrastructure | Cybersecurity

Both speakers advocate for comprehensive approaches that combine regulatory requirements with practical support mechanisms like training and incentives to drive standards adoption

Speakers

– Alena Muravska
– Gilberto Zorello

Arguments

NIS2 regulation requires operators to adopt modern network protocols, routing security practices, and DNS/email security measures

The Brazilian implementation includes technical training, ISP guidance meetings, and awards for companies following security recommendations

Topics

Legal and regulatory | Cybersecurity | Infrastructure

Both speakers recognize that testing tools serve broader policy purposes beyond technical assessment, helping inform national security strategies and cross-cultural cooperation

Speakers

– Wouter Van Den Bosch
– Daishi Kondo

Arguments

Active use of testing tools provides organizations insight into their country’s security status for policymaking responses

International cooperation is essential to bridge policy and cultural gaps affecting security standards adoption

Topics

Cybersecurity | Legal and regulatory

Key takeaways

The Global Internet Standards Testing Community (GISTC) was officially launched to facilitate international cooperation in testing and deploying security-related internet standards

Internet.nl has proven successful as an open-source testing tool with over 5 million annual scans and adoption across multiple countries including Brazil, Denmark, Germany, and France

Government policy frameworks and security culture significantly influence the adoption rates of internet security standards, with the Netherlands showing high success through ‘comply or explain’ approaches

NIS2 regulation will make deployment of modern network protocols, routing security, and DNS/email security measures mandatory for EU operators

Testing communities play a crucial role in ensuring standards are not only implemented but correctly and consistently deployed to prevent fragmentation

International collaboration is essential to bridge policy and cultural gaps that affect security standards adoption across different countries

Economic pressure from customers demanding secure services could be a major driver for standards deployment, potentially more effective than legislation alone

Resolutions and action items

Community members can join by signing up through a QR code form to receive information about future meetings

Next community meeting scheduled for October to prioritize activities for the first year

Bilateral meeting scheduled for Thursday morning at 10:30 in the Buskerud room for questions and answers

Post-quantum cryptography support will be added to Internet.nl testing suite when relevant standards are established

Follow-up discussion planned between organizers and ICANN GAC Chair to explore government cooperation opportunities

Continued promotion of the community through various channels including government advisory committees

Unresolved issues

Specific timeline for implementing post-quantum cryptography testing remains undefined, pending establishment of accepted standards

Formal organizational structure for the community has not been finalized – currently described as ‘provisionally called’ GISTC

Concrete mechanisms for government cooperation and task force formation need further development

How to effectively bridge policy and cultural gaps between countries with different security adoption rates

Specific coordination methods for future standards development and community input processes

Suggested compromises

Technology-neutral and flexible approach to NIS2 requirements while maintaining technical community leadership in decision-making

Multi-stakeholder forum approach that includes government, technical community, and private sector participation

Gradual expansion of testing standards based on community feedback and technical readiness rather than rigid timelines

Successful examples include governments that have developed, for example, national IPv6 roadmaps in close cooperation with the technical community, ensuring that these roadmaps are grounded in the technical reality in their countries. On the other hand, more politically driven roadmaps without sufficient input from technical experts often failed to meet the expectations.

Speaker

Alena Muravska

Reason

This comment provides a crucial insight into why some government initiatives succeed while others fail, highlighting the critical importance of technical community involvement versus purely political approaches. It introduces a nuanced understanding of governance effectiveness.

Impact

This comment shifted the discussion from simply promoting standards to examining the quality and approach of implementation. It established a framework for understanding successful versus unsuccessful deployment strategies, which influenced how subsequent speakers framed their national experiences.

STOP has a web interface in Portuguese, very important in Brazil, because people here don’t speak any English. We need a web interface in Portuguese.

Speaker

Gilberto Zorello

Reason

This seemingly simple observation reveals a profound barrier to global technology adoption – language accessibility. It challenges the often English-centric approach to technical tools and highlights how localization is not just helpful but essential for meaningful adoption.

Impact

This comment introduced the practical reality of global deployment challenges beyond technical considerations. It demonstrated that successful international expansion requires cultural and linguistic adaptation, not just technical replication, adding depth to the community’s understanding of what ‘global’ really means.

From my experience in my email security research, I have realized that the adoption of email security measures is greatly influenced by the policy frameworks and the security culture. For example, the Netherlands has initiatives such as Comply or Explain List and Internet.nl, which have contributed to a high adoption rate of email security measures. On the other hand, Japan lacks similar policy mechanisms or counterpart to Internet.nl.

Speaker

Daishi Kondo

Reason

This comment provides empirical evidence of how policy frameworks directly impact technical adoption rates, offering a comparative analysis between countries. It moves beyond theoretical discussion to concrete evidence of what works and what doesn’t.

Impact

This observation reinforced Alena’s earlier point about successful government approaches while providing specific comparative data. It helped establish the value proposition for the community by showing measurable differences in adoption rates based on policy support, strengthening the argument for coordinated international efforts.

I can’t think of a bigger driver towards deployment than economic buying power, personally. You have a legislation, but if your customer doesn’t want you anymore because you’re not delivering, then you’re out of business.

Speaker

Wouter Van Den Bosch

Reason

This comment introduces market forces as potentially more powerful than regulatory compliance in driving standards adoption. It challenges the assumption that legislation is the primary driver and suggests that consumer/customer demand might be more effective.

Impact

This insight reframed the entire discussion about deployment strategies, suggesting that creating market pressure through awareness and testing might be more effective than relying solely on regulatory mandates. It positioned the testing community as a market-enabling force rather than just a compliance tool.

Will the community support a journey towards post-quantum cryptography and its use at Internet.nl?

Speaker

Santosh Pandit (online participant)

Reason

This question demonstrates forward-thinking about emerging security challenges and tests the community’s adaptability to future standards. It shows engagement with cutting-edge security concerns and challenges the community to consider its evolution.

Impact

This question pushed the discussion beyond current standards to future challenges, demonstrating that the community needs to be adaptive and forward-looking. It showed that participants are thinking strategically about the community’s long-term relevance and technical evolution.

Overall assessment

These key comments transformed what could have been a simple product launch into a sophisticated discussion about the complex interplay between technology, policy, culture, and economics in global standards deployment. The comments collectively established that successful standards adoption requires: technical excellence, policy support, cultural adaptation, market incentives, and forward-thinking evolution. They shifted the conversation from ‘what we do’ to ‘how and why it works differently across contexts,’ creating a more nuanced understanding of the challenges and opportunities facing the global internet standards testing community. The discussion evolved from promotional to analytical, with each insight building on previous ones to create a comprehensive framework for understanding global technology deployment challenges.

Will the community support a journey towards post-quantum cryptography and its use at Internet.nl?

Speaker

Santosh Pandit (online participant)

Explanation

This is important as organizations need to prepare for quantum-resistant security measures, and testing tools like Internet.nl will need to incorporate post-quantum cryptography standards once they are established and widely accepted.

How can governments cooperate with the community, particularly those interested in implementing DNSSEC, cryptography, and other standards? Is there a task force or contact point for governments?

Speaker

Nico Caballero (GAG Chair, ICANN)

Explanation

This addresses the need for structured government engagement in Internet standards deployment, which is crucial given the regulatory requirements like NIS2 and the role of policy frameworks in driving adoption.

How to bridge policy and cultural gaps between countries to promote better adoption of email security measures?

Speaker

Daishi Kondo (University of Tokyo)

Explanation

This is important because adoption rates vary significantly between countries due to different policy frameworks and security cultures, and understanding these differences is essential for effective international cooperation.

What will be the specific priorities and focus areas for the community’s first year of operation?

Speaker

Wouter Van Den Bosch

Explanation

This needs to be determined at the October meeting and is crucial for establishing the community’s direction and concrete objectives.

How can the community coordinate on future development of standards and testing capabilities beyond the current set?

Speaker

General discussion context

Explanation

This is important for ensuring the community remains relevant and can adapt to evolving Internet security standards and requirements.