IGF2024

Summary

This discussion focused on fostering an open and democratic internet in the digitalization era, with an emphasis on improving digital governance. Speakers from various backgrounds explored how to maintain transparency, accountability, and user privacy while preventing monopolistic control by tech giants and internet fragmentation.

Key points included the importance of multi-stakeholder governance models and personal digital sovereignty. Speakers emphasized the need for raising awareness about internet infrastructure and open standards among users. The role of regulation was discussed, with examples like GDPR highlighted as attempts to protect user privacy, though potential unintended consequences were noted.

Participants stressed the importance of international cooperation, particularly between developed and developing countries, to harmonize standards and practices. The need for flexible, adaptable regulations that can keep pace with technological change was emphasized. Speakers also discussed the importance of impact assessments and dialogue between technical communities and policymakers.

Digital literacy programs, especially those targeting girls and women, were proposed as crucial for empowering citizens to participate in discussions about internet governance. The importance of protecting and enforcing open standards and digital commons was highlighted, with suggestions for government support and financing of such initiatives.

Overall, the discussion underscored the complex challenges in maintaining an open, fair, and accessible digital ecosystem, emphasizing the need for collaboration between various stakeholders to address these issues effectively.

Keypoints

Major discussion points:

– The importance of open standards and a multi-stakeholder model for internet governance

– Balancing innovation with regulation and privacy protection

– Challenges of fragmentation and monopolistic control by tech giants

– Need for digital literacy and awareness among users

– Role of different stakeholders in supporting an open and fair digital ecosystem

The overall purpose of the discussion was to explore how to foster open digital architectures that support transparency and accountability while addressing challenges like privacy erosion and internet fragmentation. The speakers aimed to identify actionable steps different stakeholders can take to promote a democratic and accessible internet.

The tone of the discussion was largely collaborative and solution-oriented. Speakers built on each other’s points and offered perspectives from their diverse backgrounds in technology, law, policy, and government. There was a sense of urgency about the need to protect open standards and digital commons, but also optimism about potential solutions if stakeholders work together. The tone became more action-focused towards the end as speakers proposed concrete steps different groups could take.

Speakers

– MODERATOR: Session moderator

– Edmon Chung: CEO of DotAsia organization

– Henry Verdier: Ambassador for Digital Affairs, French Ministry of Defense and Foreign Affairs

– Paola Galvez: Civil Society, Latin American and Caribbean Group (GRULAC)

– Amrita Choudhury: Director of CCEI

– Nur Adlin Hanisah Shahul Ikram: Data privacy specialist at the National Islamic University, Malaysia

– Barkha Manral: Online moderator

Fostering an Open and Democratic Internet in the Digital Era

This discussion brought together experts from various backgrounds to explore how to maintain an open and democratic internet in the face of rapid digitalisation. The speakers focused on improving digital governance while addressing challenges such as transparency, accountability, user privacy, monopolistic control by tech giants, and internet fragmentation.

Key Themes and Discussions

1. Importance of Open Standards and Historical Context

There was strong consensus among speakers on the critical role of open standards in fostering innovation and interoperability on the internet. Henry Verdier emphasised that open standards are foundational to technological innovation, providing historical context with the example of the telegraph and the creation of the ITU. He highlighted specific examples of open standards such as TCP/IP, the web, Wi-Fi, Bluetooth, Linux, MySQL, and Apache. Paola Galvez noted their importance in preventing lock-in to proprietary systems. Edmon Chung stressed the need to protect open standards from neglect in favour of closed ecosystems, while Amrita Choudhury added that open standards should incorporate human rights and privacy considerations.

However, challenges to open digital architecture were identified. These included monopolistic control by tech giants, the risk of internet fragmentation into isolated ecosystems, security concerns compared to proprietary technologies, and a lack of funding and incentives for open systems development.

2. Multi-stakeholder Governance Model

Speakers advocated for a multi-stakeholder approach to internet governance. Edmon Chung reframed the concept of democracy in this context, moving away from traditional voting models to a more inclusive, participatory approach. He emphasised that the multi-stakeholder model allows diverse groups to participate equally, specifically highlighting the importance of including youth and the technical community. Amrita Choudhury highlighted the need for dialogue between technical communities and policymakers, while Paula Jervis stressed the importance of public participation in regulatory processes.

3. Personal Digital Sovereignty

Edmon Chung emphasized the importance of personal digital sovereignty in his opening remarks. This concept underscores the need for individuals to have control over their digital identities and data, which is crucial in maintaining an open and democratic internet.

4. Balancing Regulation and Innovation

The discussion acknowledged the complex challenge of balancing innovation with regulation and privacy protection. Nur Adlin called for flexible, adaptable regulations to keep pace with technological change, mentioning the OECD recommendation for agile regulation governance. Amrita Choudhury emphasised the importance of impact assessments to avoid unintended consequences of regulation. Paula Jervis argued for technology-neutral and future-proof regulations.

Henry Verdier suggested imposing data portability and interoperability by default in public policies. Edmon Chung noted that the IETF now includes human rights and privacy considerations in protocol discussions, demonstrating a shift towards incorporating these concerns into technical standards.

5. Digital Literacy and Awareness

Speakers unanimously agreed on the critical need for improved digital literacy and awareness among users. Henry Verdier stressed the importance of raising awareness about how internet infrastructure works, including the need to educate friends and family about the distinction between internet infrastructure and specific companies or platforms. Paola Galvez emphasised the need for digital literacy programmes, especially for underrepresented groups such as girls and women. Edmon Chung argued that users need a better understanding of underlying technologies, while Nur Adlin highlighted academia’s role in researching ethical frameworks and offering digital literacy programmes.

Amrita Choudhury made a thought-provoking comment about the practical aspects of accessibility and usability, especially in developing countries. She emphasised the need for services to be easy to use, available in multiple languages, and mobile-friendly.

6. International Cooperation and Global Perspectives

The discussion underscored the importance of international cooperation in harmonising standards and practices. Paola Galvez mentioned the Council of Europe AI Convention and the UNESCO recommendation on the ethics of AI as examples of international standards. She also emphasized the importance of fostering international cooperation between developing and developed countries.

Nur Adlin provided concrete examples of how data privacy laws are evolving globally, including in non-Western countries. She mentioned the Kingdom of Saudi Arabia’s personal data protection law and Malaysia’s recent amendment to its data privacy law. This highlighted the dynamic nature of digital governance across different regions and the need for flexible, adaptable regulations that can accommodate diverse global contexts.

Edmon Chung identified improving collaboration between global multi-stakeholder models and local multilateral systems in internet governance as a critical issue for the coming years. This would help prevent unintended consequences of local legislation on global internet standards.

Unresolved Issues and Future Considerations

Despite the productive discussion, several issues remained unresolved:

1. How to effectively balance open standards with security concerns.

2. Specific ways to prevent fragmentation of the internet into isolated ecosystems.

3. How to increase funding and incentives for open systems development.

4. Methods to harmonise global multi-stakeholder models with local/regional regulations.

The speakers suggested some approaches to address these challenges, including flexible regulations that can keep pace with technological change while still protecting user rights, technology-neutral regulatory frameworks, and creating digital public infrastructure and goods with government support to complement market-driven development. Henry Verdier proposed creating a foundation to finance open standards, digital commons, and public goods as a potential solution to support these initiatives.

In conclusion, the discussion highlighted the complex challenges in maintaining an open, fair, and accessible digital ecosystem. It emphasised the need for collaboration between various stakeholders to address these issues effectively, while also recognising the importance of adapting approaches to diverse global contexts and rapidly evolving technologies.

MODERATOR: As we are running, like, is we are like, for the 8 minute. So, hello, everyone, I can send thank you for joining. So, I will send you a credit to internet in the digitalization error. Session, which is organized by the. Into our backup. I’m not well, so. An area, so from the net mission. Asia, so where can anyone and also. This session is about the. Open center, look at the Internet and. As we may know that that Internet is a foundation of the. This is our emerging technology and is open to all. And interoperate people rely on their open protocol. In this short, we are, we are going to be focused on be serving and upholding the foundational principles of the Internet by maintaining user centric. Passport is and advocating for the continued and influence of the open standard. Our goal is to advance the transformation of the Internet into the close. And, um, and to the ecosystem. So, in this discussion, we are going to raise tools. It’s a, it’s a by nation of the crucial issue. That car impasse open nature of the Internet. So, we are going to begin by addressing the challenges. Post by the open standard in a rapidly evolving technological landscape. In this session, we are going to have the speaker. Henry, but here. He’s an ambassador for the Dissident Affairs, French Ministry of Defense and Foreign Affairs. And Paolo Gervais, founder and director of the Indoneia Lab, and Amrita Choudhury, who’s the director of the CCEI, and Edmond Cha, CEO of the DotAsia organization, and Adeline Hanissa, data privacy specialist at the National Islamic University, Malaysia. So, first of all, I would like to welcome to the speaker the very beginning question for the opening remarks of them. So, the first question will be like, how can we restore the diplomacy of open digital architecture that support the transparency and accountability while also preventing the erosion of the user privacy, public state control by test giants, and the fragmentation of the internet into the isolated ecosystem? So, I would like to welcome and invite the speaker to respond to this question based on your expertise. So, Edmond, would you like to go first for giving the opening remark in response to that question?

Edmon Chung: Sorry, is it? If you’re asking for me, sure. I guess it’s me, because the audio is coming through a little bit shaky. I guess, hello, everyone. This is Edmond. I think, first of all, I think the topic itself is… is very timely. In fact, maybe slightly overdue. This is something that is very important in terms of how we look at democratizing the governance of different platforms and how we utilize the internet in an open and interoperable way. So I was just going to give a little bit of an introduction and then come back to Pio’s question about the first policy question. First of all, I guess one of the things that I find quite encouraging, especially in the development of the internet governance ecosystem, especially with the protocol side, is the IETF, or the Internet Engineering Task Force. In the last couple of years, I kind of reconnected with the Internet Engineering Task Force, the IETF. But before that, actually, I was participating all the way through about 2014, and human rights considerations, privacy considerations, were almost unheard of. Last year, in 2023, I started re-engaging in the IETF discussion, and to my surprise, and actually pleasantly surprised, when we talk about protocol these days, actually beyond what we call the security considerations or even internationalization considerations, human rights and privacy is now a feature prominently in protocol discussions as well, and I think that’s a very healthy development. And when we talk about as this, the way that this session frames it in terms of a democratic approach, we’re really not talking about what somebody, you know, what may people point to democracy is in terms of voting and a bit more antagonistic kind of a campaigning and voting, but a democratic approach for the internet governance aspect, in my mind is much more participatory. And also what we have come to to to treasure and call a multi stakeholder model. And when we talk about multi stakeholder, of course, stakeholders include youth and the technical community, which makes the biggest difference, because even in multilateral forums, there would be multi stakeholder kind of consultation. But a lot of times it’s much more focused on civil society and the industry. But when we talk about a multi stakeholder and democratic model, we’re talking about youth and technical community, being able to participate in an equal footing. And I think that’s the major difference here. Now, back to Pio’s opening question about the issue of privacy platforms and fragmentation of the ecosystems. I think they kind of come hand in hand. And in essence, an open digital architecture, I think it’s not only built on interoperability between systems and between jurisdictions. One of the kind of a high interest topic these days is is about digital sovereignty. A lot of times when we talk about digital sovereignty, we talk about, or countries or governments like to talk about data localization, much more in terms of digital sovereignty, a national digital sovereignty. But I think when we think about digital architecture and we really want to address privacy and we really want to address issues about multinational platforms, we need to deal with digital sovereignty in a personal level, whether we have personal digital sovereignty. And I think for countries, governments who really want to support privacy and support data, quote unquote, localization, you have to take it to another level for personal to be able to have ownership, the ability to move data and the ability to withdraw consent about their own personal data. And that I think is the key aspect because privacy by design doesn’t mean confidentiality of the data. It means that the platforms do not keep data at all from the start to begin with. And that’s what I think personal digital sovereignty is about. I will stop you for pause here because I’ve taken enough time, but I understand that there are a couple of points, but I want to start with the note that multi-stakeholder model is really comes hand in hand with number of the issues we have today and that digital sovereignty, we need to dig down to the level of personal digital sovereignty.

MODERATOR: Thank you, Edmond. As you mentioned, like the multi-stakeholder model is quite important even for the open and digital architecture, which can support to the transparencies and accountability. And so I… I would like to ask Mr. Henry, from the government perspective, how do you see how to foster the deployments of the Open Digital Architects that can support the transparencies and accountability?

Henry Verdier: Thank you for the invitation. Thank you for this very important topic. That’s the question, I feel. So I’m very happy to be there. Maybe I could start with a very funny story that I discovered recently. In 1865, that’s a while, the French emperor, Napoleon III, discovered this new technology, the telegraph. And they thought, wow, that’s a very promising technology. How can we be sure that there will be a resource for peace and prosperity in commerce? For them, commerce was a source of peace. And they said, we should be sure that we’ll find a way to be sure that we can send international telegraphs, telegrams. So they did convene an international conference in Paris, 1865, and they did decide to develop together open standards for telegrams. And to enforce this, they did install the first ever international organization, the ITU. At this time, it was the International Telegraph Union. It became the International Telecommunication Union. So that’s a long story. And I want to share with us, maybe we know this, but we have to recall it. This story of open standards is the story of Internet and everything good that did happen. You could not conceive the Internet revolution and now the AI revolution without TCP, IP, the web, Wi-Fi, Bluetooth, Linux, MySQL, Apache, and whatsoever. The real story of Internet revolution is this one, that the story of open standards. The question is not, should we protect them or do they matter? The question is, why does other actors don’t recognize this importance? Why do most of our co-citizens make a confusion between big tech companies and public actors like states and these Internets? That’s not just, I totally agree with what Edmond said, the multi-stakeholder governance is at most important, but that’s not enough. For me, the question is a good balance between common and enclosure and how to protect the common and the commons. For this, I just share with you a few ideas, but the open standard, they are not directly attacked because everyone is using them, so they are not directly attacked, they are just neglected. They are neglected in a time of intense competition and a movement on re-enclosure because to find a business model, the most easy is to capture your customers and to constrain them to remain in your small enclosure. So the question is, how to do politics without being politicized? Because the question is really politic, that’s about how do we want to live together, and it’s not politicized because it’s not right or left or this party or this party. And that’s an important question. Sorry, sadly, I don’t have the answer, but I just have a few ideas. First, because you are the youth of the world, and I’m an old veteran of this, I started my first internet company in 1995. I remember at this time, more people knew how those… stuff did work. And now most of our contemporaries, my daughters for example, they don’t pay attention. They say I’m in internet when they are in TikTok or Facebook. So first we have to raise the awareness of our friends and families and to re-explain that there is something named internet, there is something named the web, there is something else that is a company, etc. Probably we can afford to have different policies. I think that most people make the confusion. For example, they told me the GDPR, so the European regulation on privacy, is fragmentizing the internet. I said no, the internet is an infrastructure, like roads, and I try to regulate companies like cars. So I can on one hand protect the open, decentralized, free, distributed, unique internet, and on the other hand ask for some accountability and responsibility to companies. You have to understand this. We have to say to our friends and colleagues, don’t be passive consumers. Pay attention, be skeptical, try to understand how it works. So I will finish with this because we have three minutes. But my point is that this is about politics. We have to raise the level of awareness, we have to explain again and again, and we have to have a clear view that this revolution would not have been possible without an important set of open standards, and that the power of this time did just use it. Maybe they did hack this. They are not the owner of this, and we have the right to reclaim and to protest and to say, no, you are just using our infrastructure. Please respect it.

MODERATOR: Thank you, Mr. Henry. for giving the lots of ideas that we, as a young person, we have to think about how we should be navigate with the open internet and also the other challenges. So I would like to ask to the parlor, how do you see as a young person regarding the accountability and transparency of open architecture? Maybe we can think about from the privacy perspectives or yeah, the floor is here.

Paula Jervis: Thanks so much. Well, let me first give why I do believe the open standards are so key. And this comes from a perspective from a lawyer. My background is in law. I’m actually here, I’m happy to hear diverse perspectives, Edmond, Mr. Henry that are experts on the technical part, but I’ve been working in technology policy for the past 12 years from the private, the government sector and now as an independent consultant with civil society organization. And I’ve always seen open standards as key and core of interoperable internet. So these two ideas, I really believe that it allows for innovations without exclusivity and showing that no one is locked into proprietary systems. And on the other side, I can truly see the power and the potential on transparency. I’ve worked in public procurement solution in my country and with Columbia, and later I can explain this use case, but I truly believe that using open standards, open source tools, standardized data really help enhance transparency in governments and also reduce barriers for a small business for instance. But the other part is how it promotes inclusion. My whole career I’ve tried to bridge the digital gender gap. Today during the opening ceremony we’ve heard from the different excellencies and authorities how important is this and how this gap is increasing rather than bridging. And I do believe that open standards make it easier to create tools that are accessible to everyone and that can help girls, women get into this digital era promoting open standards with a gender lens. I can speak more about this later. Now going to your question Fiyo about privacy and how we can foster the development of open digital structures supporting these principles. So this may not come as a surprise but as a lawyer I truly believe that we need to approve regulation or regulatory frameworks that can be really implemented. And that means having multi-stakeholder discussions that bring legitimate regulation because I’ve seen many cases in Latin America. I am from Peru and I can tell how sometimes these regulations are approved without the appropriate discussion in Congress. And when it’s time to implement it’s very hard. This is one thing. Second, to encourage the adoption of privacy by design principles. So many times I’ve heard countries that do not have data protection laws and that’s a problem and issue that should be tackled because data protection regulation is a must to prevent the erosion of users’ privacy. But even though we do not have this, I truly believe that private sector and civil society can work hand in hand so that this principle of privacy by design can be implemented. design can be from the very beginning of any development of technology. Ensure that all the companies with the data are protected, really embed strong safeguards to protect the user data. I may be running out of time so I’ll last but not least just my only point that I would like to add, the importance of fostering international cooperation between developing countries and developed countries. It is really important to collaborate across borders, to harmonize the standards practices, to ensure the global flow of information without compromising local privacy norms and also to set international standards that can help also because we want our economies to prosper and this can be an idea for it to follow for instance the Council of Europe AI Convention which is the first one of its kind, the UNESCO recommendation on the ethics of AI. So that’s for now, thank you for the invitation, sorry for saying this lastly. Thank you Paula for your intervention,

MODERATOR: like you highlight about the importance of the international cooperation. You know like yesterday there was a session talking about privacy and data related to for using especially the data coming from the global south and they talk about how the people from the global south are using the internet and even the data from the global south are also using for the developing the AI and its related evolution. So that is what we can see that we also need to foster the international cooperation for making sure that those who are those people around the world need to be respectful of on their data and privacy with that way. So I will call to our last speaker, Amrita, how do you see that the accountability and transparency in your opinion is?

Amrita Choudhury: Thank you. And thank you for having me. And let me tell you, I’m not a technologist. I just work on policy. So I will be looking at it from a socio-political lens. If you want to actually foster an open digital architecture system, which actually supports transparency and accountability, and I think this is what most governments and even civil society are asking from companies today, I think even the open standards has to kind of, I would not say work hard, but at least look at certain aspects. For example, at times the security of the systems is a concern. And that’s where many of the monopolistic technologies get an edge, that they have the security standards upgraded, et cetera. But I agree with most of the panelists. Like for example, concepts like human rights by design and privacy by design should be enshrined in any kind of technology which is open standard or even proprietary for it to work, because I think those are fundamental things which any platform of any kind should have it. In terms of erosion of privacy, that’s a huge concern globally. We see the number of data breaches. We see the antitrust issues which are coming up daily in different countries without consent. Children’s data, et cetera, is used. So I think any kind of platform, and obviously we do think that when you have an open architecture where people build upon it with software, with other technologies, these would be considered. I think there should be more discussion. It should not be just technical people there. The other relevant stakeholders, I would not say multi-stakeholder, but I would say the actors who are important need to be there, not for tokenism, but actually when things are being built, they can give their perspective. Look, have you considered these issues that these things are there, that the systems don’t have biases. We have been talking about AI. We do talk about data sets of global South going, but there are biases, there are racial biases. Are we kind of taking those into consideration? How transparent and accountable are those systems on how it is being used? So I think those things are important. In terms of when you have issues about, the second aspect which you had is monopolistic control of tech giants. I think first we have to agree that the systems work. It is easy for everyone to use. They understand the pulse of people. We cannot deny a Google or a Facebook or a Meta giving those services which everyone can use. So if you want to have those kinds of services given to people, it has to be easy to use. It has to be in different languages so that different people can use it, not only English. And it has to be very easily usable. For example, if you are in a developing country, it has to be mobile friendly. 90% of the people use it in mobile, but if you’re building systems for laptops, it’s not going to work. So you have to look at the practicality. And for that, you need funding. And I think if governments or even foundations can put in a lot more money or give them incentives to work, I think it can help to support the open data or open systems of people who are building upon it, even technologists who are working on it. And these are my perspectives. You know, they may differ, but I think having regulations to encourage them would help. And if you’re talking… about fragmentation of the internet into isolated ecosystem, again, all fragmentation is not bad. You may argue that, one may argue that even IPv6 has fragmented, but it is also a different technology, right? Because when you want to go to IPv6, you have to change your infrastructure, your equipments. And that’s why many, even ISPs are not investing in it. And Henry mentioned GDPR is also considered a fragmenter, but was it necessary to protect the data privacy of Europeans? I guess so. So not all fragmentation is bad. And countries and nations would obviously want to protect their interests. We’ve seen a lot of things, right? We’ve seen the Snowden revelations, we have seen other things, and there are countries who are snooping on the others too, nation states and bad actors. So one may want to protect their interest, but you have to see the cost at which you are protecting. Is it really going to help you and the others in the long run, or is it going to harm? So I think it’s a very thin line. I may be saying a controversial statement, but it needs to be seen what kind of fragmentation are we talking about. So I’ll end it at that.

MODERATOR: Thank you, Arita. Mostly when we are talking about the fragmentation, it’s why we have various definition of the fragmentation as well, right? So you also highlight about how it is, how we can seize the fragmentation in some what way and how we can make sure the accountability and transparency and even talking about the assessings platform like the Google service and the other kind of like this. So I’ve actually, I’m Peter, is not the last speaker. My apology. We also have a data specialist, Niu Ai-Ling. So I would like to give the floor. to her stick to the five minute as we are running out of that. We are about to run out of the time. So Eileen, how do you see about this matter in your prospective? Eileen, the floor is yours. Can you unmute yourself? Technician, could you please have to unmute to the link? Hello, Technician. Hi. Hi, everyone.

Nur Adlin: Can you hear me? Okay. Okay. Assalamualaikum warahmatullahi wabarakatuh. Good day. Good day. Good afternoon, ladies and gentlemen. It’s an honor to be here today among such distinguished experts and missionaries. I am Dr. Nur Adelina Hanissa. And my academic and professional journey has focused on the intricate relationship between law, technology, and innovation. As a legal scholar specializing in data privacy, I have dedicated my career to exploring how we can leverage the transformative power of digital technologies while safeguarding fundamental principles such as privacy, fairness, and inclusivity. In my work, I aim to bridge the gap between technological advancement and regulatory framework, emphasizing fostering trust and accountability in our rapidly evolving digital ecosystem. Today, I am excited to discuss a topic that is central to these efforts, an open and democratic internet in the digitization era, improving digital governance. for the Internet B1. The digital age presents us with immense opportunity but also challenges that require thoughtful and collaborative solutions. By balancing innovation and responsibility, I believe we can build a digital future that is fair, inclusive and resilient for everyone. We can foster a digital architecture while addressing these pressing challenges using a multifaceted approach and multi-stakeholder collaboration, including governments, the private sector, academia and civil society. I would like to emphasize more on the significant role of regulation in ensuring accountability, creating uniform standards, curbing monopolies and having a balanced approach. The EU GDPR is a good example of comprehensive data protection regulation. According to the EU Commission, the GDPR aims to give citizens back control over their data and simplify the regulatory environment for businesses. Moreover, GDPR has established itself as a benchmark for other countries to follow. GDPR enhances transparency, safeguards privacy rights of EU citizens and aligns with open standards like ISO 27001 and W3C standards that promote principles like data portability and interoperability, which help mitigate monopolistic control. These harmonious regulations help reduce the complexity and compliance and prevent fragmentation. Data privacy laws are emerging and being amended as we speak. For example, the Kingdom of Saudi Arabia’s personal data protection law came into force last year and became fully enforceable in September this year. Another example is my country, Malaysia. Just amended its data privacy law this year. year, introducing updates including mandatory data breach notification and rights to data portability. The UN trade and development reported that 137 out of 194 countries have data privacy laws. Regulations need to be flexible and updated to reflect the technological advancement. This adaptability ensures that regulation will not become obsolete in the face of rapid technological change. Robust regulation must be accompanied by effective enforcement to ensure the organization’s compliance. When it comes to compliance, there is no one-size-fits-all solution for each organization to address its unique circumstances. Even in a country without data privacy regulations, since privacy practices almost have similar templates, tech companies can voluntarily adopt self-imposed best practices like implementing privacy by design, such as encryption, anonymization, and data minimization to foster trust and innovation. A common misconception is that strong regulations stifle innovation. However, research has proven otherwise. An overly rigid or outdated regulation can hinder innovation, particularly for smaller players. The OECD, in its recommendation for agile regulation, governance to harness innovation has provided guidance to countries on how to adapt regulatory framework and institutions to challenges and opportunity of innovation to enable better governance outcomes. So the key of this regulation is the balancing between the innovation and regulation. Thank you.

MODERATOR: Thank you, Lynn. You mentioned about the current example, and even though the GDPR is, you know, from the… Global North side, there are also the core issues that you mentioned about, these can be the reference that we can practice, but in the Global South as well, why having like a flexible regulation and adopting the policy by referring to the standards. Thank you for mentioning about this, and I have to pass the floor to our online moderator for the next part of our session, Barkha, the floor is yours.

Barkha Manral: Thank you, thank you for passing on. So it’s a very good answer we get from the speaker. So we have a connecting, not so connecting, but he has a connecting questions, which can be around for the session, but I would like to request every speaker to stick to two minutes because we are lacking from the time. So the question is, how can open standards be enhanced to better accommodate the pace of technological change and foster agility and responsiveness in addressing emerging challenges and opportunities? So as Noor was the last one to speak, so I would like to pass the floor to Noor and if she can just quickly sums it up in two minutes.

Nur Adlin: Yeah, thank you very much, Barkha, actually, I already mentioned before, in order to ensure the agility of the regulation, they must consider all the factors, and it must be not be rigidly audited. It must be updated from time to time, that’s all from me, thank you.

Barkha Manral: Thank you. Thank you for so quick and small answer. You had just completed in like two seconds only, thank you for that. Then I will request Edmond to like highlight whatever his answer for this question is.

Edmon Chung: Sure, thank you, well, I guess I touched on that a little bit. But I would add that the protocols development or the open standards. development, whether it is in IETF or other parts of the internet governance ecosystem, I think itself needs to improve in terms of evolving the governance processes and to more agile ability to address. But I think the one of the things that is really critical in the next few years is how the global multistakeholder model works with the local multilateral systems that have legislations and so on. I think I agree with Henry earlier very much that whereas the standards are not under threat right now, it’s largely neglected. And that is reflective of some of the local legislations as well or regional. When we look at GDPR, I don’t think on its own, it creates any kind of fragmentation. It’s actually a very genuine, in my mind, it’s a genuine attempt to bring privacy to the forefront. But what it did unintentionally was that what was legislated for a higher user level for privacy actually had a impact on domain registrations, for example, where the who is information and the registration information is suddenly disappeared. And that is the kind of threat that fragmentation brings. And that comes back to, I think, one of the key issues is how do we work? How does the local legislation work to complement the global multistakeholder model whereby the technical community and civil society and the academia are all participatory in the agenda setting as well as decision making process and then inform the local legislation so that the two of them don’t step over each other? I think that is what the internet governance ecosystem really need to figure out in the next few years, which addresses the issue of the pace of technical change and the agility in the standards development process. Okay, thank you.

Barkha Manral: Thank you, Edmund. So, I would ask the same questions to Amrita, although she already informed that she’s not a technical person, but still when we talk about the challenges and opportunities in any emerging technology, we still consider and always consider the policy makers. So, I would like Amrita to answer this.

Amrita Choudhury: Thanks, Barkha. If you’re sayingthat how can open standards be enhanced to better accommodate the pace of technology, I think more dialogue between the technical communities who are into standard making and also those who are using these standards to build up within the countries, they may not have the same technical expertise. So, having more dialogues on that amongst the different actors or the people who would be impacted. Impact assessment is important and I’m taking it from what Edmund has cited as an example that many times the unintended impact of a regulation is not part of all this. So, better impact assessment would be something. Obviously, when you are using open standards, et cetera, some things, you know, the scalability of the technologies which are being made is something which needs to be looked at. The security, many times, you know, you have scale to something else, but then there may be hidden costs for developers and I’m talking from those who use these standards later. The compliance and enforcement parts later on, I think those are certain things which come to me at the top of the mind which needs to be looked at. Thank you.

Barkha Manral: Thank you, Anita. So, I would like Paola to answer it.

Paula Jervis: So, yes, well, I think, first, know your neutral frameworks, and I could cite as an example, the Council of Europe AI Convention on AI, the rule of law and human rights. Yesterday on the session of Ambassador Baron Barrett mentioned how difficult it was to find a regulatory framework that is technology neutral, right, that can be future-proofing, that’s the word he used. And I found that very, very important, because how to design these standards that apply to technologies that keep changing. I mean, we’ve seen AI doing some, performing some actions in 2022, and now, well, I don’t know what will happen next year, right? So, flexibility implementation is a must, in my opinion, allow for variability in how these standards are applied. But this comes with a dynamic, and I would say temporal, if not annual, or not as much annual feedback loops, right? For instance, for this Council of Europe Convention, for instance, they have created this group that will review the document along the time, because if it must be updated, it should be. So, I truly believe that this could be nice solutions, and I cannot avoid mentioning digital literacy, because we cannot forget the citizens that are the ones being impacted by these technologies. When I was working in the government of Peru, I created a program called Digital Girls Peru, and once again, I need to repeat on the gender gap. So, creating digital literacy programs is a must, and it’s possible, and that’s why I mentioned it, because I know people from governments and private sector are hearing. So, we need to invest in programs that are targeted to girls and women, because we need them to understand how these open standards, how these technologies are working. are part of this discussion as well and nowadays that and I see this question in enhancing democratic and citizen engagement nowadays and especially in Peru all the regulation must be under a public participation process but how can this public participation process be effective if our citizens do not understand what is being regulated discussed or even created in the standards right so this is a leg I would say that is fundamental for the future of internet thank you. Thank you Paula for the brief and answering the previous

Barkha Manral: question at the same time so coming to Henry as propolis somewhere linked with the digital world and I find that Henry’s fault is somewhere about digital affairs so I would like to update discussion that how can digital affairs still contribute and still manage the balance between the open standards and making it the private at the same time to better accommodate the technological pace and changes we are facing as by age or by the years we are passing down.

Henry Verdier: Thank you. Thank you. I think that one conclusion of this exchange is that we have to enforce open standards and digital commons developing them and promoting them is not enough we need to do more and that’s for diplomats but also for ministry for civil society for companies and for other ministries for example and that’s very important we have to use it and to contribute when I was in charge of the French IT department I did pass an executive order if I may to say that public servants have the right and the duty to contribute to open source because they were not sure to have the right then we have to pay attention to protect when we regulate or when we legislate. I give the point to Edmond I know very well the controversy and the UBIS. I have also the French seat at the ICANN. I can tell you that we could have fine solutions, but a lot of people wanted to sell those data and didn’t really look for solutions. The French law, for example, we have very old GDPR for 40 years, but a lot of very personal data has to be public. If you run for an election, for example, you have to tell it publicly. So we could have decided to say some important data necessary for global security has to be online. It was really possible, but you have to think about this when you prepare the law. Probably we should in every public policies impose data portability and interoperability by default. So it would be a great service to open standards. We have to go further and to finance a bit, and with Jonas here, we try to convince Europe to launch a foundation to finance open standards, digital commons, and public goods. And that’s my last point, I think, inspired by the Indian example, that at some point you have to contribute and that digital public infrastructure and public goods matters. We cannot just wait and see and expect that the market will fix everything. We have to inject some resources in this ecosystem. That’s all.

Barkha Manral: Okay, thank you for the answers. So we will now like to open the floor for the Q&A part. So if anyone has any questions, they can raise their hand in the Zoom chat, and for the on-site, you can take care of. You can tell if there are any questions, we can take of them. Otherwise, I will like to tell the Zoom people if they can ask their question. technical team there.

MODERATOR: I think there’s a comment on that, so I’m sure we can go through it. Okay.

Barkha Manral: In that case, so there’s a question from Aviran Kanduria. So it’s an open question for all the speakers, whoever wants to answer it. The question states that, what actionable steps can different stakeholder groups implement right away to support an open, fair, and accessible digital ecosystem? I would appreciate if each of the speakers could address this from the perspective of their respective stakeholder group, and you can answer. Dakini is asking the same question to every speaker, and we would like that each of the speakers get the chance to speak on this particular question. So let’s start with Edwin.

MODERATOR: Sure. Sorry.

Barkha Manral: We only have five minutes, so let’s stick to one minute.

Edmon Chung: Yeah, I’ll be very quick. I mean, I think in response to the question from the technical community, I actually agree very much with what Henry mentioned earlier. Nowadays, users don’t know enough of the underlying technology, like even the domain name system or how email works or how HTTP works. People need to be a little bit more aware in order to address issues like barriers of entry that is created by walled gardens, what we call privately owned public spaces like Facebook. How do we deal with that to redefine some of the how things are implemented in a more open manner to address the interoperability of the digital ecosystem? So I think from the technical community’s perspective, I think a lot of the platforms in the drive to quote unquote make things easier for newcomers are actually, kind of trapping us into walled gardens where barriers of entries are struck up and that needs to be reversed. And people needs to actually, I believe in the future where people’s digital literacy actually is increased and is able to operate the internet in the way that we want more.

Barkha Manral: Fio, if any of the audience speaker would like to answer it. Like we have lack of time and we want to cover it. Go ahead.

Henry Verdier: Do you hear me? And that’s my conclusion. I see another question. I don’t see the question anymore. But the question was about how to implement human rights et cetera, within protocols. I just want to say that you won’t find a technical answer to a particular problem. So we need also to do politics. We need to stand for human rights, free speech, et cetera, everywhere. And not expect, because this would be the technosolutionist mistake.

Nur Adlin: From my perspective, thank you for the question, Aviral. I really love this question because it really meet a collective effort to make it worse. For the perspective of government, they need to implement enforce inclusive policies and laws. And for the private sector, they need to adopt some best practices for human rights. privacy by design, even though it depends on their uniqueness of their circumstances, it is more into art, not based on a science. So it depends on their own creativity. For the civil society, they need to advocate their users’ rights, raise awareness to inclusion, and collaborate with policymakers to shape equitable governance. And for the academia, they need to research ethical frameworks and offering accessible digital literacy programs to empower marginalized communities. I think together we can build a digital future and internet that we want. Thank you.

Barkha Manral: Okay, then I will request Averil to take a group photo, and from there, Fiyu can help us.

MODERATOR: Thank you, everyone. We would like to have a group photo, so please stay tuned to our moderator and speaker, and also organizer. Thank you. Averil, have you taken the picture? Oh, thank you. Thank you, everyone. Thank you, speakers, for joining the session

Barkha Manral: and putting up your points. Thank you.

MODERATOR: Thank you, everyone.

Agreement Points

Importance of open standards for the Internet

Henry Verdier

Paola Galvez

Edmon Chung

Amrita Choudhury

Open standards are foundational to the Internet and technological innovation

Open standards promote interoperability and prevent lock-in to proprietary systems

Open standards need to be protected and not neglected in favor of closed ecosystems

Open standards should incorporate human rights and privacy considerations

All speakers emphasized the crucial role of open standards in fostering innovation, interoperability, and protecting user rights in the digital ecosystem.

Need for flexible and adaptable regulations

Nur Adlin

Paola Galvez

Amrita Choudhury

Need for flexible, adaptable regulations to keep pace with technological change

Regulations should be technology-neutral and future-proof

Importance of impact assessments to avoid unintended consequences of regulation

Speakers agreed on the necessity of creating flexible, technology-neutral regulations that can adapt to rapid technological changes while avoiding unintended negative consequences.

Importance of digital literacy and awareness

Henry Verdier

Paola Galvez

Edmon Chung

Nur Adlin

Need to raise awareness about how Internet infrastructure works

Importance of digital literacy programs, especially for underrepresented groups

Users need better understanding of underlying technologies

Academia’s role in researching ethical frameworks and offering digital literacy programs

Speakers collectively emphasized the critical need for improved digital literacy and awareness among users, particularly focusing on underrepresented groups and the role of various stakeholders in promoting this understanding.

Similar Viewpoints

These speakers advocated for a multi-stakeholder approach in internet governance, emphasizing the importance of inclusive dialogue and participation from diverse groups in shaping policies and standards.

Edmon Chung

Amrita Choudhury

Paola Galvez

Multi-stakeholder model allows diverse groups to participate equally

Need for dialogue between technical communities and policymakers

Importance of public participation in regulatory processes

Unexpected Consensus

Government’s active role in promoting open standards

Henry Verdier

Nur Adlin

Government role in enforcing open standards and digital commons

Regulations like GDPR can serve as benchmarks for data protection

Despite coming from different perspectives (government and academia), both speakers agreed on the positive role governments can play in promoting and enforcing open standards and data protection, which is somewhat unexpected given the often-criticized role of government intervention in technology.

Overall Assessment

Summary

The speakers generally agreed on the importance of open standards, the need for flexible and adaptive regulations, the significance of digital literacy, and the value of multi-stakeholder governance in the digital ecosystem.

Consensus level

There was a high level of consensus among the speakers on core principles, suggesting a shared vision for an open, inclusive, and user-centric digital future. This consensus implies a strong foundation for collaborative efforts in addressing challenges in internet governance and digital policy-making.

Different Viewpoints

Impact of regulations on internet fragmentation

Henry Verdier

Amrita Choudhury

Henry mentioned GDPR is also considered a fragmenter, but was it necessary to protect the data privacy of Europeans? I guess so.

Regulations like GDPR can serve as benchmarks for data protection

While Henry Verdier views GDPR as potentially fragmenting the internet, Amrita Choudhury sees it as a positive benchmark for data protection.

Unexpected Differences

Perception of internet fragmentation

MODERATOR

Amrita Choudhury

Fragmentation of the Internet into isolated ecosystems is a concern

Not all fragmentation is bad. You may argue that even IPv6 has fragmented, but it is also a different technology, right?

While the moderator presents fragmentation as a concern, Amrita Choudhury unexpectedly argues that not all fragmentation is negative, citing technological advancements like IPv6 as an example of beneficial fragmentation.

Overall Assessment

summary

The main areas of disagreement revolve around the impact of regulations on internet fragmentation, the approach to incorporating human rights and privacy into digital systems, and the perception of internet fragmentation itself.

difference_level

The level of disagreement among speakers is moderate. While there are some differing viewpoints, particularly on the effects of regulation and the nature of internet fragmentation, there is general agreement on the importance of open standards, privacy protection, and multi-stakeholder governance. These differences highlight the complexity of balancing various interests in internet governance and the need for continued dialogue among stakeholders.

Partial Agreements

Both speakers agree on the importance of incorporating human rights and privacy into digital systems, but differ on the approach. Choudhury emphasizes embedding these principles directly into open standards, while Adlin focuses on flexible regulations to achieve the same goal.

Amrita Choudhury

Nur Adlin

Open standards should incorporate human rights and privacy considerations

Need for flexible, adaptable regulations to keep pace with technological change

Similar Viewpoints

These speakers advocated for a multi-stakeholder approach in internet governance, emphasizing the importance of inclusive dialogue and participation from diverse groups in shaping policies and standards.

Edmon Chung

Amrita Choudhury

Paula Jervis

Multi-stakeholder model allows diverse groups to participate equally

Need for dialogue between technical communities and policymakers

Importance of public participation in regulatory processes

Key Takeaways

Open standards are foundational to the Internet and technological innovation, promoting interoperability and preventing lock-in to proprietary systems

There are challenges to open digital architecture including monopolistic control by tech giants and potential fragmentation of the Internet

Regulations need to balance innovation with protection of user rights and privacy

A multi-stakeholder governance model is important for inclusive Internet governance

Digital literacy and awareness programs are needed to help users understand Internet infrastructure and technologies

Resolutions and Action Items

Governments should implement and enforce inclusive policies and laws related to digital governance

Private sector companies should adopt best practices for human rights and privacy by design

Civil society groups should advocate for users’ rights and collaborate with policymakers

Academia should research ethical frameworks and offer digital literacy programs

Unresolved Issues

How to effectively balance open standards with security concerns

Specific ways to prevent fragmentation of the Internet into isolated ecosystems

How to increase funding and incentives for open systems development

Methods to harmonize global multi-stakeholder models with local/regional regulations

Suggested Compromises

Flexible, adaptable regulations that can keep pace with technological change while still protecting user rights

Technology-neutral regulatory frameworks that can be future-proofed

Balancing innovation with regulation through impact assessments and stakeholder dialogue

Creating digital public infrastructure and goods with government support to complement market-driven development

When we talk about as this, the way that this session frames it in terms of a democratic approach, we’re really not talking about what somebody, you know, what may people point to democracy is in terms of voting and a bit more antagonistic kind of a campaigning and voting, but a democratic approach for the internet governance aspect, in my mind is much more participatory. And also what we have come to to to treasure and call a multi stakeholder model.

speaker

Edmon Chung

reason

This comment reframes the concept of democracy in internet governance, moving away from traditional voting models to a more inclusive, participatory approach. It introduces the multi-stakeholder model as a key concept.

impact

This set the tone for the discussion, emphasizing the importance of diverse stakeholder participation in internet governance. It led to further exploration of how different groups can contribute to an open and fair digital ecosystem.

The real story of Internet revolution is this one, that the story of open standards. The question is not, should we protect them or do they matter? The question is, why does other actors don’t recognize this importance?

speaker

Henry Verdier

reason

This comment shifts the focus from whether open standards are important to why their importance is not widely recognized. It challenges participants to think about the broader context and perception of open standards.

impact

This comment deepened the discussion by highlighting the need for greater awareness and recognition of open standards’ role in the internet’s development. It led to conversations about raising awareness and educating the public about internet infrastructure.

So if you want to have those kinds of services given to people, it has to be easy to use. It has to be in different languages so that different people can use it, not only English. And it has to be very easily usable. For example, if you are in a developing country, it has to be mobile friendly.

speaker

Amrita Choudhury

reason

This comment brings attention to the practical aspects of accessibility and usability, especially in developing countries. It highlights the importance of considering diverse user needs in technology development.

impact

This comment broadened the discussion to include considerations of accessibility and inclusivity in technology design. It led to further exploration of how to make open standards and technologies more accessible to diverse global users.

Data privacy laws are emerging and being amended as we speak. For example, the Kingdom of Saudi Arabia’s personal data protection law came into force last year and became fully enforceable in September this year. Another example is my country, Malaysia. Just amended its data privacy law this year.

speaker

Nur Adlin

reason

This comment provides concrete examples of how data privacy laws are evolving globally, including in non-Western countries. It illustrates the dynamic nature of digital governance across different regions.

impact

This comment added depth to the discussion by providing specific examples of how different countries are addressing data privacy. It led to a more nuanced conversation about the global landscape of digital governance and the need for flexible, adaptable regulations.

Overall Assessment

These key comments shaped the discussion by broadening its scope from technical aspects of open standards to include considerations of governance models, public awareness, accessibility, and global regulatory trends. They encouraged a more holistic view of digital governance that considers diverse stakeholders, practical implementation challenges, and the need for ongoing adaptation to technological changes. The discussion evolved from focusing solely on the importance of open standards to exploring how to make them more widely recognized, accessible, and adaptable to diverse global contexts.

How can we improve digital literacy and awareness about the underlying technologies of the internet?

speaker

Edmon Chung and Henry Verdier

explanation

Both speakers emphasized the importance of users understanding how internet technologies work to address issues like walled gardens and barriers to entry.

How can we balance innovation and regulation in the rapidly evolving technological landscape?

speaker

Nur Adlin Hanissa

explanation

The speaker highlighted the need for flexible regulations that can adapt to technological advancements while still protecting user rights.

How can we better integrate human rights considerations into internet protocols and standards?

speaker

Henry Verdier

explanation

The speaker mentioned this as an important area that requires both technical and political approaches.

How can we address the digital gender gap through open standards and digital literacy programs?

speaker

Paula Jervis

explanation

The speaker emphasized the need for targeted programs to increase digital literacy among girls and women.

How can we improve the collaboration between global multistakeholder models and local multilateral systems in internet governance?

speaker

Edmon Chung

explanation

The speaker identified this as a critical issue for the next few years to prevent unintended consequences of local legislation on global internet standards.

How can we better assess and mitigate the unintended impacts of regulations on open standards and internet technologies?

speaker

Amrita Choudhury

explanation

The speaker suggested that better impact assessments are needed to understand the full effects of new regulations on the internet ecosystem.

How can we develop and implement technology-neutral regulatory frameworks that are future-proof?

speaker

Paula Jervis

explanation

The speaker highlighted the challenge of creating regulations that can apply to rapidly changing technologies.

How can we create and fund a foundation to finance open standards, digital commons, and public goods?

speaker

Henry Verdier

explanation

The speaker suggested this as a potential solution to support and enforce open standards and digital commons.

Summary

This discussion focused on the intersection of Environmental, Social, and Governance (ESG) principles with cybersecurity and internet governance. Panelists explored how ESG frameworks can address sustainability and cybersecurity challenges in the digital age. A key point was the significant environmental impact of data centers and digital infrastructure, with speakers noting the high energy consumption and carbon footprint of these technologies. The need for more sustainable practices in the tech industry was emphasized, including the use of renewable energy sources for data centers.

The conversation also touched on data protection as a crucial aspect of ESG, with panelists stressing the importance of treating data security as a fundamental pillar rather than an afterthought. The potential use of blockchain technology for enhancing transparency in ESG reporting was discussed, though concerns about its energy consumption were raised. Participants highlighted the need for more specific ESG standards tailored to different regional realities, particularly in the Global South.

The discussion emphasized the importance of multi-stakeholder collaboration in developing effective ESG policies and regulations. Panelists suggested expanding the ESG framework to include cybersecurity explicitly, proposing the acronym ESGC. The need for stronger regulatory frameworks and accountability measures for big tech companies was also discussed. The session concluded with calls for more inclusive global conversations on ESG, ensuring representation from diverse regions, particularly Africa and other developing areas. Overall, the discussion underscored the complex interplay between sustainability, data protection, and cybersecurity in the context of ESG and internet governance.

Keypoints

Major discussion points:

– The importance of discussing ESG (Environmental, Social, Governance) issues in relation to internet governance and cybersecurity

– Challenges around energy consumption and environmental impacts of data centers and internet infrastructure

– The need for more specific ESG standards and regulations related to internet/technology issues, especially for developing countries

– Balancing data protection and privacy with ESG reporting and transparency goals

– Expanding ESG to include cybersecurity (ESGC) as a key consideration

The overall purpose of the discussion was to explore the intersection of ESG principles with internet governance and cybersecurity practices, and to consider how to enhance sustainability and accountability in the tech sector.

The tone of the discussion was generally constructive and forward-looking. Panelists shared insights from their areas of expertise while acknowledging challenges and areas for improvement. The conversation became more action-oriented towards the end, with participants and panelists suggesting concrete next steps and areas for further collaboration and research.

Speakers

– Moderator: Session moderator

– Thais Aguiar: Lawyer and researcher in digital rights from Brazil

– Jasmine Ko: Convener of Hong Kong IGF, Certified ESG analyst, Researcher on eco-internet

– Alina Ustinova: Head of youth Russian IGF, Representative of Center for Global IT Cooperation, Specialist in emerging technologies regulation

– Marko Paloski: Coordinator of IGF Macedonia, Part of Youth Coalition on Internet Governance

– Denise Leal: Part of Youth Coalition on Internet Governance, Brazilian youth program participant

– Osei Manu Kagyah: The Institute for ICT Professionals Ghana, Session rapporteur

Additional speakers:

– Peter Zanga Jackson, Jr.: From Liberia, works for regulator

– Chris Odu: From Nigeria, EC Web Technology

– Nicolas Fiumarelli: No specific role/expertise mentioned

The discussion explored the intersection of Environmental, Social, and Governance (ESG) principles with cybersecurity and internet governance. Panelists examined how ESG frameworks can address sustainability and cybersecurity challenges in the digital age, emphasizing the need for more comprehensive and tailored approaches to these issues.

Environmental Impacts of Digital Infrastructure

A central theme of the discussion was the significant environmental impact of data centers and digital infrastructure. Jasmine Ko highlighted the high energy consumption and carbon footprint of these technologies, while Denise Leal stressed the importance of considering the location and community impacts of data centers. Marko Paloski advocated for the use of renewable energy and efficiency measures to mitigate these environmental challenges. The panelists agreed on the urgent need for more sustainable practices in the tech industry, with a recurring emphasis on transitioning to renewable energy sources and improving energy efficiency in data centers.

ESG Standards and Implementation

The discussion revealed both agreements and differences in approaches to ESG implementation. Alina Ustinova proposed expanding ESG to ESGC, explicitly including cybersecurity as a key consideration. Jasmine Ko mentioned specific ESG standards such as GLI and SASB, highlighting the need for alignment across different frameworks. Denise Leal emphasized the need for ESG standards tailored to the realities of the Global South and called for more specific internet-related ESG standards. This difference in focus reflects the complexity of applying ESG principles globally.

Thais Aguiar argued that ESG reporting should go beyond mere compliance to foster trust, while Marko Paloski stressed the need for government regulation to enforce ESG standards. These viewpoints suggest a shared recognition of the need for more robust ESG implementation, albeit with different emphases on voluntary versus regulatory approaches.

Cybersecurity and Data Protection

The discussion highlighted data protection as a crucial aspect of ESG, with panelists stressing the importance of treating data security as a fundamental pillar rather than an afterthought. Alina Ustinova, drawing from her experience in “the most attacked country in the world in terms of cyber attacks”, proposed implementing laws with criminal liability for data breaches. This suggestion aligns with the broader call for stronger regulatory frameworks and accountability measures for big tech companies.

Multi-stakeholder Collaboration and Inclusivity

Speakers emphasized the importance of multi-stakeholder collaboration in developing effective ESG policies and regulations. Jasmine Ko stressed the need to align expectations across stakeholders on ESG reporting. Denise Leal advocated for including marginalized communities in creating ESG standards, particularly those tailored for Global South realities. This focus on inclusivity was echoed by audience members who called for stronger representation from diverse regions, particularly Africa and other developing areas, in global conversations on ESG.

Actionable Steps and Future Directions

The session concluded with several suggested action items:

1. Expanding research on eco-internet impacts across more regions

2. Pushing to change ESG to ESGC, emphasizing cybersecurity as a key component

3. Developing ESG standards specific to internet governance issues

4. Creating regulations with criminal liability for data breaches

5. Implementing a more human-centric approach to ESG and internet governance

The moderator also noted an upcoming session on e-waste solutions, highlighting the interconnected nature of these sustainability challenges.

In summary, the discussion underscored the complex interplay between sustainability, data protection, and cybersecurity in the context of ESG and internet governance. It highlighted the need for more nuanced, inclusive approaches that consider regional contexts, leverage technology responsibly, and balance voluntary initiatives with regulatory frameworks to drive meaningful progress in this critical area. The session also revealed the need for further education on ESG concepts, particularly in relation to developing countries, and emphasized the importance of diverse global representation in shaping future ESG standards and practices.

Moderator: Please welcome to proceed and welcome the speakers. Hi, everyone. Yes. We can hear you. You need to unmute your mic.

Thais Aguiar: Hi, I’m Thais lawyer in Brazil, lawyer and researcher in digital rights for me it’s a pleasure to be here with you today, and also with my dear friends and fellows in the panel hoping to have a great discussion today. We’re talking about the ESG and privacy and data protection, and hope you enjoy this panel with us.

Moderator: Thank you very much so allow me to please introduce my speakers. I’ll start with you Jasmine, please introduce yourself. And then when we are done with our side speakers will move to online.

Jasmine Cole: Hi, everyone. This is Jasmine Cole, I based in Hong Kong so I’m a convener of Hong Kong IGF. Also I’m affiliate with ISO Hong Kong and also Asia. So I’m now also, you know, Cisco, which is certified ESG analysts. So it’s a cert that get recognized on, you know, doing the ESG governance and analysis work. So, also I am a researcher and project leads on the eco internet in. And that’s, that’s how I find the relevance between sustainability and also the IGF.

Alina Ustinova: Thank you. Hi everyone. My name is Alina cinema I am based in Moscow. I’m the head of youth Russian IGF, and also I represent Center for Global IT Cooperation. We do researchers on different topics covered IT, and especially emerging technologies. So I specialize in emerging technologies regulation and the emerging technologies topics that are brought to anything connected with new technologies. And I also try to bring these topics to the youth and to let their opinions be heard among Russian legislative and also different experts. And we also try to cover ESG as well. It’s not like so popular in Russia though, but still there are many opinions about it and we try to bring them up today.

Marko Paloski: Thank you. Hello everyone, I’m Marko Pauski coming from Macedonia. I’m coordinator of the IGF Macedonia and also part of the Youth Coalition on Internet Governance here. I would say this topic is, I’m, how can I say, this year I got in this topic, but as previously mentioned also in Macedonia, this topic is not that much talked about, but now the private sector, especially the international organization and corporation that are here are starting to implement this or request this. So that’s why I’m also getting interested in trying to get involved in this topic because it’s, how can I say, in the future must, and also to implement it as better as possible. So, yeah.

Denise Leal: Thank you very much, Denise. Hello everyone, I hope you are hearing me well. It’s a pleasure to be here with you today. We are talking about this important topic, ESG, and you might question yourselves, what does it mean? Why are we here talking about this? And you will soon discover it. I am part of the Youth Coalition on Internet Governance. I am Brazilian and I was part of the Brazilian… youth program. I am happy to be here. I am also part of the YouthLock IGF organization team. And well, we’ve been diving into so many discussions and it’s really important and really nice that we do have sustainability as a topic in this IGF. I am looking forward to our discussions and I am also happy that we have teams in our room. Welcome everyone. It’s so important that we have an inclusive and also a sustainability session.

Moderator: Thank you very much, my dear panelists. We’re also joined with our rapporteur. His name is Osei. So he’s here. He’s going to take notes on whatever they were going to be discussing. So on this session, we’re going to explore two main critical fields. So the first, we’re going to see how cybersecurity can also enhance transparency, but also safeguard personal data and how this ESG can also, I mean, cybersecurity can enhance sustainable practices. And we have three policy questions that are going to be guiding the discussion today. And I’ll just mention them, but then when I go to a specific speaker, I’ll ask specific questions to each one of them. So the first policy questions that we’re going to be considering says, how do we, why do we need to discuss the ESG in an governance forum? What are sustainability and cybersecurity challenges in ESG systems and how can technology verify and check information accuracy in reports? So moving directly to my first speaker and I’ll start with you, Alina. And my question to you is why are we discussing ESG in governance? Why is it important for us to discuss ESG in governance?

Alina Ustinova: Well, I’ll try to be brief because I would like to share more details like later, but I think that it’s, as you see, like if you look at the name of the topics, we barely discuss ESG. It’s usually connected with some kind of ecological thing, like the infrastructure that is destroying some of the ecological specifics. And especially, for example, in Russia, we have a digital north thing, which is where we try to put our center for data because it is cold and we can protect it there. But still, we should understand that it could be really damaging for the ecological system there and we should also consider everything that goes because sometimes we do not consider this. Sometimes we think that the phone we use, sometimes we throw it away and never look back what happens to it and where it ends up on some kind of a storage. As you know, there is a big, big technological dumpster in one African country and unfortunately, there are a lot of broken and forgotten things that we do not consider. And five years from now, we probably can be in a very dangerous, risky situation. This is why we should talk about ESG in the first place. And of course, the second is kind of cyber security, but we’ll talk about it a little bit later. Thank you.

Moderator: Okay, thank you so much, Alina. Jasmine, you mentioned that you’re ESG certified, right? So, how do you see the current ESG framework address the issue of sustainability and cyber security challenges?

Jasmine Cole: Right, thank you very much. Actually, for what different people have different understanding, knowledge level of ESG, but just to be very brief, within the ESG framework in the social center, the second letter, when it comes to social equity and also the cyber security level, how safe, how people feel safe and how inclusive is internet center and also the service they’ve been using is actually part of the many, many, many index within the ESG framework. But the ESG framework itself has its limitation as well, because as you know, we do have different ESG framework being used such as a GLI, Global Reporting Initiative, second one, SASB, the Sustainability Accounting Standards Board, also the TCF, TCFD, the task force on climate-related financial disclosures, so et cetera, et cetera, just so many standards that people are using. I’m just mentioning those which are more common to use. And actually, if you don’t mind, I want to jump a little bit back on what Anina mentioned about the damage on the ecology from the internet sector itself. Because it involved data center. It involved the operation of it. The energy consumption, the amounts being very soaring. Because we need cooling, we need heating, the system itself, the infrastructure to manage the data center. And this is actually part of the research that I’ve been doing, that eco-internet index. We’ve been mentioning the carbon footprint of the data center across 14 Asia-Pacific jurisdictions. So we’re looking into continuing the research and also to expand it to more Pacific islands and to further Asia. Because mostly now, we are just around the east and the southeast Asia, but not yet to the West Asia. So we’re looking forward to expand our research scope on that one. Last thing to add on. So why we talk about ESG? It sounds like a very commercial term in IGF. But the important is that if you have noticed the reason why people start to do ESG is because we care about the environment. And we need to acknowledge that there is always a carbon footprint when we are into this internet sector. And whoever here, we’re using a laptop, we’re using the screen here, we’re using the light tank here, you know. Wow, actually a lot of things, even just the event itself, it’s consuming a lot of energy. So it is just an affordable topic. And impacts that actually have on the environment. And it is under the big umbrella of sustainability. And I just want to wrap a little bit, this, the effort of sustainability have actually been done, been doing by the ICANNs, ITF, ITU, and of course, my organization as well, DotAsia. So I just want to recognize that there have been works that have been done on sustainability and related to the IGF community.

Moderator: I’m thinking very much, Jasmin, that was really insightful. So when I’m speaking about the ESG issue, another important aspect is data. Like data protection and all that. So now to you, Marco. In what ways can technology verify and enhance accuracy on sustainability reporting while protecting personal data?

Marko Paloski: Hello, thank you for the question. And yeah, I would say it’s a good question. I would give here some, okay, a few examples, how can we use the technology for better accuracy and also verifying the stuff. The first one that is also under tests and development, it’s what we can do is also use the blockchain for transparency and also seeing, I mean, this technology can provide good records of the ACG-related data, such as supply chain, compliance, or emission reporting. Another thing that it also is the IoT sensors, because especially for those kind of data, sometimes we use IoT in the, like we mentioned, in the data centers, in the rooms that we are using, or in the model, not models, but the hardware stuff that we are using because of the consumption of energy or other stuff. So it could be used to monitor and to see the precise data and accuracy. Also we can use, I mean, the topic AI for a part-time detection, because we can see if over a long period of time, if something changed or if drastically changing to check it out if it’s, I mean, that’s the accurate data or something else. About the protection of the personal data, I would say as the previous examples, maybe we use encryption because of these data is very crucial, especially some of the data might be, how can you say, in the process, because some of these data might be publicly available, anonymized, so it can be protected in some way from the data and privacy. And yes, tools or different privacy or federal learnings analysis for sustainability data without exposing individual level details, like I mentioned. Sometimes this information could not be publicly shared with all of the details. I would also want to revert to the question that was, I mean, the first one, but what she also mentioned. I was reading one research analysis on how in the past, because five, 10 years ago, it was promoted to use cloud or something. You want to save, like, don’t buy a CD. You can have a cloud service where you can watch whenever you want. And the cost from production for everything for that CD to come will cost the environment. But now that’s, I think, the smaller issue. If you buy a CD, for example, I get the CD and DVD, you are maybe saving more the earth than using the stream services. Because someone on the stream services always is watching. Or you don’t need to watch it to scroll. I don’t know. There was, like, every click or every sent email on the internet costs energy. Maybe not you, because maybe I will use it with a phone, which uses less consumption than a laptop. But the service in the background uses more consumption than what we are currently doing and what we have in the past doing. So I think it’s a crucial thing. And it’s getting more and more bigger, especially how the data centers are managed. I mean, built. I don’t say that we need to stop building this, but to find some way. Because even if there is no data center, of course, there are a lot of servers. But the data centers are the one big black hole for energy or something like that. So yeah, I just wanted to point out that time is literally changing. And now not everything that we do in the cloud is like, oh, I’m not using that laptop or, I don’t know, TV or DVD for streaming. So I’m saving energy. Maybe you, yes, but the data center is spending much more energy and environment, I would say. Yeah, thank you.

Moderator: Well, thank you so much, Marco. So picking up from the same discussion, I want us to talk more about the data conception of this. I mean, the conception of these data centers. And Denise, now, coming to you. How can we address the environmental challenges associated with the energy consumption of data centers and communication networks? So we have seen Jasmine and Marco have spoken about the data conception of these data centers. So what would be your? Toru on that.

Denise Leal: Hey everyone. So when it comes to ESG topic, we have to understand that ESG is a standard for sustainability, but not only environmental sustainability, but also governance and social sustainability. We talk, when we talk in technology, what is ESG and why we discuss it. We need to discuss the standards of sustainability, social, environmental and governance sustainability, because technology has a huge impact in all of these categories and has changed how we live in society, how we work and with what we work and also has a huge impact in environmental environment. And then we come to this question that is related to energy consumption and data centers. So we have lots of topics related to data that are important here, the reports and other aspects, but specifically talking about energy consumption, we need to consider it as Marco said very well, maybe it was more sustainable to use CDs or DVDs than to use the way we storage data now and informations, because we really use not only energy, but a lot of space and physical space. Many people don’t really understand that when they are keeping their photos online, they are actually using another space that is located in another part of the road. And sometimes in a very important aspect is where are we using this, where are being this data center? indicators are located and what are the environmental impacts and in which communities are these impacts? Because sometimes we think that the way we are impacting the world with the exploration of the environment and the exploration for technology use, it’s well, it’s not seen in other places, but it’s really well seen, especially in marginalized countries where we get the, where we mine to get the important things we need to build our technology and where we storage places that build the technology and this internet that we have now. So it’s important to consider in ESG that the impacts of internet are not so obvious and they need to be considered in these standards. So what I think when it comes to internet governance and what I’ve seen reports is it’s easy to say beautiful things in the reports, in the sustainability reports, but we need to pay attention because when it comes to internet, it’s not, it’s not so obvious that we have another kind of impacts and specifically we need more standards related to internet use and internet aspects because we don’t have enough standards that could take care of this kind of impacts. So what I wanted to call the attention and call for action that I would like to leave in this talk about energy consumption of data centers and communication networks is that we need to pay attention on how we build technology, how we build and how we spend our and use energy and we need to have more specific standards on internet issues and aspects related to ESG. because ESG is a tool to, how can I say, secure, verify and check if enterprises are working well and in a sustainable way. But it’s very easy to work well when you don’t verify internet issues and other aspects of cybersecurity and how you actually make the reports and what you were really caring about when you make these reports. Thanks. I think I talked a lot. I hope it was clear.

Moderator: Thank you so much for that. Jasmine, what ethical considerations should organizations prioritize when aligning cybersecurity practices with ESG goals?

Jasmine Cole: Thank you. It’s not an easy question to answer on because, you know, a little bit similar with what Dennis has been mentioning. When it comes to reporting, it always has to look good. And, you know, the people, the consultant that you pay for doing the ESG report, they get your money. So, you know, you can imagine like what could be their incentive, you know, how much, sometimes there’s like a tricky dynamic in between on data accuracy and transparency. And the considerations when it comes to linking up cybersecurity and ESG, it’s, I think it’s about the organization itself. The leader have to have a clear alignment with their stakeholders, including their employee, including the community they serve, their customer, the supply chain, the upstream, the downstream. They have to be more using a multi-stakeholder approach like the IGF doing something like that. Come to an expectation alignment. Second thing, when it comes to buy-in, it’s important to think about what could be the pain point from each stakeholder when they have to report on the level of, you know, cybersecurity standards and to check the box of different, and that’s when we talk. about cybersecurity level. First thing is about, I think I’m losing track, but I think first thing is about the incentive. So after the pinpoint, it’s about the incentive. So how could you motivate and encourage people to do extra work to measure the data, measure the performance, track it, and trace it? A lot of work have been behind the scenes, actually. A lot of cost, a lot of time involved. So it’s a long and could be a painful but rewarding process in the long term for sustainability of the organization. Sustainability in terms, not just in terms of environmental sustainability, but also the business sustainability. Because nowadays, the business center itself, now it’s a big trend to write on ESG. But of course, we have to remember that there’s also risk and concern about greenwashing. So it’s another topic. I’m not going to talk more about it. But it’s good that we acknowledge there are risks and concerns. This is how we move forward constructively.

Moderator: Thank you very much, Jasmine. Now I want to open the floor to the participants. If you have a contribution from whatever that has been discussed up to this point before I move, I get deeper to other questions. Can you help me pass the mic back there?

Audience: Firstly, my name is Peter Zanga Jackson, Jr. I’m from Liberia, a developing country. And during the opening section, we were told that IGF, no one should be left out. And so when the first orator started her deliberations, she spoke about EGS. And you said you would tell us what EGS is. And she started to talk about EGS, but she didn’t tell us what EGS was. OK, I’m from the regulator. How do I? use the concept of ESG, excuse me, ESG, such that it benefits the society in which I serve. So this is where my little frustration or confusion is. I thought I’d let you know.

Moderator: Okay, so first, if you, before I leave it to my panelists to elaborate more, so first, I think I mentioned earlier that ESG stands for Environment, Sustainability, and Governance. So the discussion that we are having today is about that too, in relation to what? Environmental, social, sorry, Environment, Social, and Governance. So we are talking about ESG in relation to cybersecurity today. So do you guys want us to speak more, Denise? Denise wants to talk.

Denise Leal: Yeah, thank you, Thais and Milenio. So answering to his question, I think it’s an important question. ESG is not always an easy and common topic among many countries and many places. I remembered when I used it to work doing the reports, it wasn’t easy to see how it impacted people’s lives, but it does impact when it makes enterprises think about how they are being sustainable, not only in the environmental way, but also in the social way and the governance way. When it comes to governance, it’s the internal structure of the enterprise. So how they, if they have governance tools, if they have security, but not physical security, the security in a way, their processes are secure and safe in many ways. They don’t have corruption and things like that. But when it comes to social, it’s when we see the impact. in people’s lives because we have a lot of standards that are related to the impact in the society. So if we work with NGOs, if we have allocated money to the society, if we give back what we are receiving in our work, in what we are selling and stuff like that. When it comes to environmental, it’s the easier way because we usually associate, we used to see the word sustainability as an environmental word. But it’s not only an environmental word, what is to be sustainable? This is the discussion, this is the idea, to be sustainable is not only to be sustainable in environmental, but also in society, in our governance model. So the discussion here in this session, we are focusing more in cybersecurity, in data centers, in this stuff because it’s internet governance related, but we can see a lot of impact in other places too. And when it comes to internet, we can see, we could elaborate a lot. But what I wanted to ask, to answer for you, to your question is, we don’t have a lot of regulations in many countries. Many countries don’t talk about ESG, but we do have these internal policies in their enterprises that used to help them to get funds because they have ESG standards, they are accomplishing with it, they have sustainability. So what I think we can do as civil society and as government is, if we explain, if we have more understanding of ESG, we can assure, we can accomplish with the standards within the enterprises because they want to accomplish it, because they will get money and fund. from accomplishing it, so how we can develop more standards that will be useful for us, and they will get benefits from accomplishing them, and we as civil society and government will get also benefits from them to accomplish it. I don’t know, I think it’s clear now. I hope it’s clear now.

Moderator: Is that clear? Yes, Denise. Okay, perfect. I’ll take one more from on-site, and then we’ll move to online. So I’ll take one more from on-site, and then we’ll move to online. Yes. Okay, good evening, ladies and gentlemen.

Audience: I hope I’m audible. Okay, my name is Chris Odu from Nigeria, EC Web Technology, and my question is for one of the panelists, which is Marco. I think I’m glad to be having, I’m part of this conversation, and one thing you talked about which caught my interest is blockchain technology. You did mention you want to use, talking about blockchain technology for transparency of the data, which is a very good thing, but however, I do have some concerns because for you to be able to use the blockchain technology, you need blockchain nodes on the network, and these nodes actually consume a whole lot of energy. Okay, so that’s a bit contradictory, so I would like you to just help me with that so that I’m not, I don’t find myself in a lot of confusion. Thank you very much, okay.

Marko Paloski: Yeah, thank you for the question. What I mentioned is that it’s also in the testing phase and those kind of things, but the idea was to use on the lower edge, like on the Internet of Things, to use the blockchain for secure and accurate transmission of the data, to use on that kind of stuff, so I totally agree with that, and I sometimes got in the conflicts when discussing about blockchain and there’s now the electronic. money and those kind of things but not always all the blockchain technology doesn’t mean that it use that much power and data I mean we are using we are seeing the Bitcoin and those kind of stuff which is your consumption a lot but not every aspect and how it’s implement depends on on that but it’s still in Texas face so I never try it I mean this is from what getting through and the research so but on that point

Moderator: please let me move to online and then get back to the last one side so tight

Thais Aguiar: so thank you mark and indeed those were important considerations for us also we see here that as Denise said we need to discuss sustainability in a broader meaning for us as stakeholders to understand and implement ESG in the way the society needs and wants for sustainable development in a broad sense so bring some additional points on data protection and ESG we see that data protection is a cornerstone of ESG principles especially as organizations increasingly rely on digital systems to manage sustainability and governance efforts so when you see poor data governance or breaches not only in undermines trust but also compromise the integrity of ESG reporting so this raises critical questions about accountability in data stewardship so our organization treating data protection as a fundamental ESG pillar or is in an afterthought in their sustainable strategies so I wanted to leave this provocative question to Alina to so that Alina can share with us how can we assure that ESG commitments to data protection go beyond compliance to actively foster transparency trust and long-term stakeholder engagement so thank you I think this for the question

Alina Ustinova: I guess it’s like a very important issue I will speak from my personal experience I come from I come from the most attacked country in the world in terms of cyber attacks I guess my data my personal that has been five times stolen and sold to someone I receive lots of calls that I don’t take because it’s from numbers I don’t know just because there’s lots of breaches to the system and it’s not because like my data is not protected well but probably because like it’s so much attacked so that We can understand that probably what the companies don’t just don’t need to consider only ESG I guess we should move from ESG to ESG C Where C stands for cyber security and to implement these standards because it’s not only about cyber security companies that protect our data It’s about the cyber security issue in each company that protects our data as well. We should consider that Each company should be responsible for the data it stores not only in data centers, but also we use computers we use internet social media everything and everything that we use has its own creator and the company that is responsible for everything we have because if For example, your phone is stolen. It’s not just the phone you can buy a new phone You can restore his data but if your data is stolen, it’s basically like your personality is stolen if someone can use it to Pretend to be you to use your bank account to steal your money So what we did in Russia, we implemented a law but companies not just pay penalty If this data is stolen, it has a criminal liability for the data stores So I guess that one of the question one of the answer to this question is to have implemented a law which considers that company A crime criminal liable for everything they do with your data because otherwise they will not complain Unfortunately, the big penalties. It’s not a issue for them They can pay they have lots of money, especially the big tech companies but probably if they have something like you will be sent to jail so like some years or you will be your Company could not work. For example on the on this market if you do not complain to the law I guess this something that they can listen and sometimes we Need to do very very risky and destructive things to make them, you know, listen and complain. Thank you

Moderator: I wanted to confirm with you. Is there any contribution from online speakers? I mean from online attendees If you can help me check the chart All right. If we don’t have a line, then we can move on site. Osei. Thank you.

Audience: Thank you very much. I hope I’m audible enough. So this topic is quite interesting in the sense that how can we hold big companies accountable or, say, big tech accountable, and it’s such a very delicate matter. It seems that we are plundering our environment. And my question to my able panelists here is that in a few sentences, two lines, what is the way forward? So let’s bring finally to the conclusion, we are at the top of the hour, right? So I want to hear from my panelists, what do we need to do moving on? Like ask now both things we need to do. Thank you.

Moderator: Are any of the panelists ready to respond?

Alina Ustinova: As I said, I guess we need to change ESG to ESGC and try to move it to every possible panel we can, because otherwise they will just talk to ESG and think it’s more about ecological thing, as we usually think, and not like social thing. Because sometimes social governance are not like, you know, they don’t bring it up. They usually stand only on E, on environmental, and others are just forgotten. So if you set ESGC, that means that they will consider also data protection as well. That’s my point.

Jasmine Cole: Okay, thank you. So perhaps from the very grassroots individual level, it’s to, like for the audience here, to rethink what we’ve been talking about, and try to digest and reflect on how, you know, how does it make sense or not make sense. You know, you can always criticize on many things that you’ve been listening, because it’s about your own judgments. And it’s also about your personal experience. And now it’s like your homework to think about how do you convert the information that you absorb, transform it into something that you can do as an output. So the very, very general term is to keep paying attention, you know, like follow the trend. You know, there are some work that’s been done by different organizations. I mentioned in the beginning, so you can always search it up online. And for my part is to continue doing my eco-internet research. And as I say, we are expanding our research scope, and also to refine our research methodology. So always finding a way to improve, and also bring ESG into IGF, and also bring IGF and cybersecurity into the ESG center. So the major agenda that is in our mind is to integrating and fostering collaboration and dialogue between the two segregated kind of segregated center of ESG and IGF. So that’s my moving on. Thank you.

Moderator: All right. Do you want to say?

Marko Paloski: I will give it a few words. I mean, it’s a very good question because, yeah, we are finally discussing, but what is the next step forward? I mean, we cannot change it from here, but how we see. I would say maybe because the data centers, they will be growing. I mean, the next years, not just the big tech companies, but we now see that the countries are building. Other smaller companies, everyone is, how can I say, going to debt because of the services and data requests. I would say maybe the first thing is going with renewable energy to try to use that, and maybe build data centers where there are a lot of sun, or maybe that you can later use it for electricity and all those kind of stuff. But what is important here, not with just renewable, but also with other, I would say that the government and the policymakers should get bigger role here because, yeah, we agree that we’re going to do this, and it’s better. And the companies are sharing a lot of, I don’t know, like saying to 2030, we’re going to be 100% renewable, those kind of things. But how many people know if they are exactly doing this in the details? So I think that there must be some. kind play of the government and policy makers to make this regulation. Okay, 2025 all data centers must be, I mean 2025 is so close, 2030 all the data centers must be renewable or must have this, more of this kind like a strict regulation because there are still five years to the R6 actually, but to have to implement because without regulation or like we are doing sometimes I think with the plastic in the ecosystem where yeah we need to stop plastic doing but nobody is doing, I mean it’s reverting to the person of course, also we should be, how can I say, mindful how we are using the technology and everything because sometimes we are so used to it, we are using, I don’t know, you play YouTube song on your computer whole day and you’re not even listening, why is that or something like that, but my point is that we need to have some kind of regulation here so to make more strict and to get more serious because like this yeah every company is like mentioned going with the trend but if I don’t want I won’t go with the trend and nobody will do anything to you, yeah might be costly, sometimes it can be cheaper not to go with the trend but nobody is getting, how can I say, how can I say, for that that you are not following the regulations or if it’s not in the policy, yeah that would be my answer. Thank you

Denise Leal: yeah thank you Milenium, just a few words, what I wanted to very much, I wanted to say something, to give us my topic in this discussion is that I believe and I see that we need regulations that are made for and in the global south, we use standards, sustainability standards that usually comes from Europe or USA but we need to create also specific regulations that are related to the reality of global south. And why am I saying that? Because we have these groups, these communities, traditional communities, indigenous and people that have very different realities and they need to be considered in what it means to be sustainable. In ESG or other discussions, so that to happen, we need to better work and improve in regulations, law and policies made by these people. We have to stop using only regulations that come, types of regulations and models of regulations that come from a part of the world and apply it everywhere and sometimes it doesn’t really protect specific interests of people who are so marginalized. So I would recommend that we start reading and understanding also what these communities have to say about these discussions on sustainability and that could be used also in other topics, not only ESG.

Moderator: Thank you so much, Denise. I think that’s really an important point. I think there’s this approach that is called the human-centric approach. So I think that that should be something that we can consider in this kind of a discussion, have people who are affected in these kind of fields, all the stakeholders that are involved in these kind of issues, put them in the table or in the room all together, discuss, understand their needs and then all together come with a solution that we think may work and help us. Yeah, so I want to close the discussion but before I do that, I wonder if any of my panelists, one or two, can help me suggest what actionable steps can stakeholders, let’s say be it the government, the civil societies or the technical communities, use to enhance transparency and accountability in sustainability reporting?

Thais Aguiar: If I may add to Melania’s question, to complement, I would like to I ask you all also, in terms of actionable points, what role should global regulatory frameworks play to harmonize ESG, data protection, and cybersecurity standards across different regions to ensure consistent and equitable implementation?

Moderator: So again, any of the panelists who is ready to take any of the two questions? Mine was the steps that the stakeholders can take to enhance transparency and accountability. Well, you are not easing on us.

Audience: So the question of collaboration, I would say, with stakeholders and government is quite a tricky one, because it’s all about interest. Yeah, it’s all about interest. The big technology, I would say, industry will always have their interest. Government will also have their interest. But that’s where we need to push for the advocacy. That’s where all of us in this room, that’s all of us interested in saving our environment, interested in pushing this cause. We need to push this topic to every corner of the world and holding our leaders accountable, holding industry or, say, stakeholders accountable. That’s the only way we can make progress or we can move forward. But if you are to leave it that way, or, say, if you are to freestyle, your guess is as good as mine. Thank you.

Moderator: OK, Nicolas, you had something to say?

Nicolas Fiumarelli: Hello, everybody. Nicolas Fimarelli. I may revamp the issue about the blockchain, because you can use blockchain to actually accurately measure if, in real-time, you can actually do something like this. real-time if the ESG parameters, right? So that could be a way to disclosure if an organization do this false ESG or quick quick fixes to fit on the ESG reporting, but then on the long term they are not like complaining, right? So if you have a way to measure and to have a real-time blockchain having this information, you will actually disclosure if this organization is not complaining with the ESG.

Moderator: All right, okay now since I don’t have, is there anyone want to contribute before I move to a rapporteur to help us summarize what we have discussed?

Denise Leal: Yes, just to to add something to this question that Thais has asked us about harmonizing the global regulatory frameworks and harmonizing ESG data protection and cyber security standard across different regions. I think that this ESG is pretty global actually and it’s used across the globe. The same, they’re very much the same standards. But what I think we need is to have more specific standards depending on the realities of different regions. So I would not say that we need always to have the, we could and it’s good to have global standards but we also need to have specific standards that apply to different realities. So in terms of how we explore these countries and how we protect these countries and how we make this in enterprises sustainable in each different reality because it’s very different when you were talking about a place that have traditional people who are impacted very differently and have a very different relation with nature and society. So we need there also to consider these different realities, to create different standards, to be more effective in protecting and being sustainable. That’s what I wanted to add. Thank you.

Moderator: Thank you so much to my panelists. And before we close, I would like to invite our rapporteur to summarize for us what we have discussed.

Osei Manu Kagyah: It’s been such a forward-looking conversation. I hope we’ve all enjoyed ourselves. I wanted to make it quite interactive, actually. I’ll come to the summary. So I’m going to take a step here and go out there and hear a word from our participants, and also their interventions or suggestions. And I’ll make a quick run-up. I think we still have a few minutes. So just a few words from our participants, what they have to say about this. Would you like to contribute to this topic?

Audience: Thank you. I like your idea that you discussed today, that regulation and input should be at different levels. Alina told about very top level of contributing cybersecurity to ESG problem at the level of international and from intergovernmental perspective. Another of our colleagues told about implementation into local regulation synchronized in between the regions and between different countries. Another one topic I’ve heard about implementation in the corporate level, in the individual responsibility of each company, not just to find the reasons and to find arguments not to do so, but to find the resources, find the energy to implement the proper standards, despite the fact they are not set up into the regulation. Thank you. Thank you very much. Okay, I think I’m audible. I don’t want to say much, but for me, when I want to speak, I would like to focus more on my primary constituency, which is Africa. I think we should have more collaborations to see that Africa also comes into this kind of conversations, and like the other participants also said, no one should be left behind. How can we include everybody so that these conversations do not just remain in some certain areas of the world, but also extend to other continents as well, least developed and other categories as well. So that’s my own contribution I would like us to just do, and the key word is collaboration, more collaboration. Thank you. Thank you very much. What an amazing end to a very

Osei Manu Kagyah: fruitful discussion. So I then proceed to my reporting. So this topic is quite exceptional in a sense that globally, ESG concerns has been gaining prominence with this rapid growth growing cyber security industry. Both industries are emerging on our way into session, but seldom in these discussions are these perspectives be open » Thanks. We got a fair idea how the cycles are which are in tela data and comes from the data centers , and we had a fair idea of blockchain could be explored, that’s why we had a fair idea of data protection, transparency in reporting ESG, and also most importantly, awareness and effective communication we need around ESG topics. We also had a fair idea of how the conversation should be moved from ESG to ESGC, and not more about the ecological, but also the data protection. We dovetailed into that conversation, more research, more advocacy, and fostering collaborations. Renewable energy could be also explored. So it has been such an insightful conversation, and we hope to continue this conversation through further future discussions and other sessions which seek to explore. I think tomorrow there’s a session on effective e-waste solutions for a sustainable digital future, where Yasmin is the speaker, and just pass by and we can further move this conversation.

Moderator: further. Thank you very much. Over to you my able moderator. Thank you so much, our dearest rapporteur. That was well noted. So I would like to thank everyone for attending this session and much appreciation to my panelists and my online moderator. Thank you so much, this was very interesting. Have a nice evening. Thank you all. Denise, can we take a picture together everyone? Yes, please. For the online. Bye. Thank you all. Thanks, everyone. Bye. . . . . . . . . . .

Agreement Points

Importance of ESG in Internet Governance

Alina Ustinova

Jasmine Ko

Denise Leal

Thais Aguiar

ESG impacts environmental sustainability of internet infrastructure

ESG frameworks address social equity and cybersecurity

ESG standards needed for internet-specific sustainability issues

ESG reporting should go beyond compliance to foster trust

The speakers agree that ESG is crucial for internet governance, addressing environmental sustainability, social equity, cybersecurity, and fostering trust in the digital ecosystem.

Environmental Challenges of Data Centers

Jasmine Ko

Marko Paloski

Denise Leal

Data centers consume significant energy and have large carbon footprints

Renewable energy and efficiency measures needed for data centers

Need to consider location and community impacts of data centers

The speakers concur on the significant environmental impact of data centers and the need for sustainable solutions, including renewable energy and consideration of community impacts.

Technology for ESG Reporting and Data Protection

Marko Paloski

Nicolas Fiumarelli

Blockchain can provide transparent records of ESG data

IoT sensors can monitor precise sustainability data

AI can be used for anomaly detection in ESG reporting

Data encryption and privacy-preserving analytics needed

Use blockchain for real-time measurement of ESG compliance

The speakers agree on the potential of various technologies like blockchain, IoT, and AI to enhance ESG reporting accuracy, transparency, and data protection.

Similar Viewpoints

Both speakers emphasize the need for strong government regulations and enforcement to ensure compliance with ESG and data protection standards.

Alina Ustinova

Marko Paloski

Implement laws with criminal liability for data breaches

Government regulation needed to enforce ESG standards

Both speakers advocate for more inclusive and diverse approaches to ESG standards and reporting, considering different stakeholders and global realities.

Denise Leal

Jasmine Ko

Create ESG standards tailored for Global South realities

Align expectations across stakeholders on ESG reporting

Unexpected Consensus

Expansion of ESG to include Cybersecurity

Alina Ustinova

Jasmine Ko

Move from ESG to ESGC to include cybersecurity

ESG frameworks address social equity and cybersecurity

Despite coming from different backgrounds, both speakers unexpectedly agree on the importance of integrating cybersecurity into ESG frameworks, suggesting a growing recognition of digital security in sustainability discussions.

Overall Assessment

Summary

The speakers generally agree on the importance of ESG in internet governance, the environmental challenges posed by data centers, the potential of technology in ESG reporting and data protection, and the need for more inclusive and enforceable ESG standards.

Consensus level

There is a high level of consensus among the speakers on the main issues, with some variations in emphasis and approach. This strong agreement suggests a growing recognition of the interconnectedness of environmental, social, governance, and cybersecurity issues in the digital realm, which could lead to more holistic and effective approaches to internet governance and sustainability.

Different Viewpoints

Approach to ESG implementation

Alina Ustinova

Denise Leal

Move from ESG to ESGC to include cybersecurity

Create ESG standards tailored for Global South realities

Alina Ustinova advocates for expanding ESG to ESGC to include cybersecurity, while Denise Leal emphasizes the need for ESG standards tailored to the Global South’s realities.

Technology for ESG reporting

Marko Paloski

Nicolas Fiumarelli

Blockchain can provide transparent records of ESG data

Use blockchain for real-time measurement of ESG compliance

While both speakers advocate for blockchain use, Marko Paloski focuses on transparent record-keeping, while Nicolas Fiumarelli emphasizes real-time measurement of compliance.

Unexpected Differences

Focus on data centers vs. broader ESG implementation

Jasmine Ko

Denise Leal

Data centers consume significant energy and have large carbon footprints

Need to consider location and community impacts of data centers

While both discuss data centers, Jasmine Cole unexpectedly focuses on energy consumption and carbon footprint, while Denise Leal emphasizes community impacts, highlighting different priorities within the same issue.

Overall Assessment

summary

The main areas of disagreement revolve around the approach to ESG implementation, the role of technology in ESG reporting, and the focus of ESG standards (global vs. regional).

difference_level

The level of disagreement is moderate. While speakers generally agree on the importance of ESG in internet governance, they differ on implementation strategies and priorities. These differences reflect the complexity of applying ESG principles globally and could lead to challenges in developing universally accepted standards and practices.

Partial Agreements

Both speakers agree on the need for more specific ESG standards, but Marko Paloski emphasizes government regulation, while Denise Leal focuses on tailoring standards to Global South realities.

Marko Paloski

Denise Leal

Government regulation needed to enforce ESG standards

Create ESG standards tailored for Global South realities

Similar Viewpoints

Both speakers emphasize the need for strong government regulations and enforcement to ensure compliance with ESG and data protection standards.

Alina Ustinova

Marko Paloski

Implement laws with criminal liability for data breaches

Government regulation needed to enforce ESG standards

Both speakers advocate for more inclusive and diverse approaches to ESG standards and reporting, considering different stakeholders and global realities.

Denise Leal

Jasmine Ko

Create ESG standards tailored for Global South realities

Align expectations across stakeholders on ESG reporting

Key Takeaways

ESG (Environmental, Social, Governance) is increasingly important in internet governance and needs to include cybersecurity considerations

Data centers have significant environmental impacts that need to be addressed through renewable energy and efficiency measures

Technology like blockchain and IoT can enhance ESG reporting and data protection, but also raise new challenges

ESG standards and implementation need to be tailored for different regional realities, especially in the Global South

Multi-stakeholder collaboration and government regulation are needed to improve ESG practices and accountability

Resolutions and Action Items

Expand research on eco-internet impacts across more regions

Push to change ESG to ESGC to explicitly include cybersecurity

Develop ESG standards specific to internet governance issues

Create regulations with criminal liability for data breaches

Include marginalized communities in developing ESG standards

Unresolved Issues

How to balance blockchain’s potential for ESG reporting with its energy consumption

Specific ways to harmonize global ESG frameworks while addressing regional differences

How to incentivize companies to go beyond compliance in ESG reporting

Concrete steps for different stakeholders to enhance ESG transparency and accountability

Suggested Compromises

Use blockchain selectively for critical ESG data tracking rather than broadly

Develop global ESG standards but allow for regional-specific additions

Balance strict regulation with incentives for companies to improve ESG practices

ESG is not always an easy and common topic among many countries and many places. I remembered when I used it to work doing the reports, it wasn’t easy to see how it impacted people’s lives, but it does impact when it makes enterprises think about how they are being sustainable, not only in the environmental way, but also in the social way and the governance way.

speaker

Denise Leal

reason

This comment provides important context about the challenges and real-world impact of ESG, expanding the discussion beyond theoretical concepts.

impact

It shifted the conversation to focus more on practical implications and challenges of implementing ESG principles across different contexts.

I come from the most attacked country in the world in terms of cyber attacks… We can understand that probably what the companies don’t just don’t need to consider only ESG I guess we should move from ESG to ESG C Where C stands for cyber security and to implement these standards

speaker

Alina Ustinova

reason

This comment introduces a new perspective on integrating cybersecurity more explicitly into ESG frameworks, based on real-world challenges.

impact

It sparked discussion about expanding ESG to ESGC and considering cybersecurity as a core component of sustainability frameworks.

We need regulations that are made for and in the global south, we use standards, sustainability standards that usually comes from Europe or USA but we need to create also specific regulations that are related to the reality of global south.

speaker

Denise Leal

reason

This comment challenges the one-size-fits-all approach to global standards and highlights the need for context-specific regulations.

impact

It broadened the discussion to consider regional differences and the importance of inclusive policy-making in ESG and sustainability efforts.

You can use blockchain to actually accurately measure if, in real-time, you can actually do something like this. real-time if the ESG parameters, right? So that could be a way to disclosure if an organization do this false ESG or quick quick fixes to fit on the ESG reporting

speaker

Nicolas Fiumarelli

reason

This comment introduces a concrete technological solution to address transparency and accountability challenges in ESG reporting.

impact

It shifted the discussion towards practical technological solutions for improving ESG implementation and reporting.

Overall Assessment

These key comments shaped the discussion by expanding it beyond theoretical concepts of ESG to consider real-world challenges, regional differences, and practical solutions. They highlighted the need for a more nuanced, inclusive approach to ESG that considers cybersecurity, regional contexts, and leverages technology for transparency. The discussion evolved from defining ESG to critically examining its implementation and proposing innovative ways to enhance its effectiveness globally.

How can we develop more specific ESG standards that apply to different regional realities, particularly in the Global South?

speaker

Denise Leal

explanation

This is important to ensure ESG standards consider the unique contexts and needs of different regions, especially marginalized communities and traditional peoples.

How can we expand research on the carbon footprint of data centers to more Pacific islands and West Asia?

speaker

Jasmine Ko

explanation

Expanding this research would provide a more comprehensive understanding of the environmental impact of internet infrastructure across different regions.

How can we integrate cybersecurity more explicitly into ESG frameworks?

speaker

Alina Ustinova

explanation

Adding cybersecurity as a fourth pillar (ESGC) would ensure data protection and security are given proper consideration in sustainability assessments.

How can blockchain technology be used to measure ESG parameters in real-time while addressing energy consumption concerns?

speaker

Nicolas Fiumarelli

explanation

This could provide a way to enhance transparency and accountability in ESG reporting, while also addressing the environmental impact of blockchain technology itself.

How can we ensure Africa and other least developed regions are included in ESG and cybersecurity conversations?

speaker

Audience member (unnamed)

explanation

This is crucial for ensuring global representation and addressing the unique challenges and perspectives of developing regions in ESG implementation.

What role should global regulatory frameworks play in harmonizing ESG, data protection, and cybersecurity standards across different regions?

speaker

Thais Aguiar

explanation

This is important for ensuring consistent and equitable implementation of ESG standards globally while respecting regional differences.

Summary

This discussion focused on the concept of regulatory sandboxes, a tool for experimenting with new technologies and regulations in a controlled environment. Bertrand de La Chapelle introduced the topic, explaining that sandboxes can be used to test innovative applications, explore regulatory challenges, and foster collaboration between public and private sectors.

Participants shared experiences and insights from different regions. Thiago Moraes discussed Brazil’s approach to AI-focused sandboxes, emphasizing the importance of preparation and stakeholder engagement. Adam Zable provided an international perspective, highlighting the diversity of sandbox implementations worldwide and the distinction between European and East Asian approaches.

Maureen Amutorine shared insights on sandboxes in Africa, noting the prevalence of fintech sandboxes and the challenges faced by regulators. Katerina Yordanova discussed the European context, particularly the AI Act’s sandbox requirements and the need for clear incentives for participation.

The discussion explored various challenges in implementing sandboxes, including resource constraints, trust-building between regulators and innovators, and protecting intellectual property. Participants emphasized the importance of transparency, clear methodologies, and addressing potential disincentives for companies to participate.

The conversation also touched on the potential of sandboxes to bridge knowledge gaps between regulators and innovators, particularly in rapidly evolving tech sectors. Participants stressed the need for better communication about sandbox initiatives and their benefits to encourage participation and build trust.

In conclusion, the discussion highlighted sandboxes as a promising tool for agile regulation and innovation, while acknowledging the complexities and challenges in their implementation across different contexts and sectors.

Keypoints

Major discussion points:

– The concept and purpose of regulatory sandboxes for testing new technologies and regulations

– Different approaches to sandboxes in various regions (e.g. EU vs. East Asia)

– Challenges and incentives for both regulators and companies to participate in sandboxes

– The importance of preparation and methodology in setting up successful sandboxes

– Building trust and transparency between regulators and companies through the sandbox process

The overall purpose of the discussion was to explore the concept of regulatory sandboxes, share experiences from different regions, and discuss best practices and challenges in implementing them effectively.

The tone of the discussion was largely informative and collaborative, with speakers sharing insights from their experiences and research. There was an emphasis on the potential benefits of sandboxes, while also acknowledging the challenges in implementation. The tone became slightly more cautionary towards the end when discussing potential disincentives for participation, but remained constructive in proposing solutions.

Speakers

– Bertrand de La Chapelle – Chief Vision Officer of the Datasphere Initiative (Moderator)

– Moraes Thiago – Data Protection Authority of Brazil

– Adam Zable – Research fellow at the GovLab

– Morine Amutorine – Resource associate at the Datasphere Initiative

– Katerina Yordanova – Senior legal expert at the University of Leuven

Additional speakers:

– Farouk Yusuf Yabo – Permanent Secretary at the Federal Ministry of Communications, Innovation and Digital Economy in Nigeria

– Luis Fernando Castro – Former member of PGI, the Brazilian Internet Steering Committee

– Sophie – Mentioned as putting information in the chat, likely part of the organizing team

Regulatory Sandboxes: Exploring Innovation and Regulation in Controlled Environments

Introduction:

This discussion, moderated by Bertrand de La Chapelle of the Datasphere Initiative, focused on regulatory sandboxes as tools for experimenting with new technologies and regulations in controlled environments. Participants from various regions shared insights on sandbox implementation, challenges, and best practices.

Purpose and Types of Sandboxes:

De La Chapelle introduced the concept of sandboxes, noting that they exist along a spectrum. Examples include regulatory sandboxes focused on compliance and testing existing regulations, and operational sandboxes used to test new applications and technologies. Adam Zable from the GovLab elaborated on how different regions emphasize various aspects of sandboxes, with the European Union approach tending to focus more on regulatory compliance and risk mitigation, while East Asian countries like South Korea emphasize economic growth and regulatory flexibility.

Regional Approaches and Experiences:

Participants shared diverse experiences from their respective regions:

1. Brazil: Moraes Thiago discussed Brazil’s preparation to launch a sandbox focused on the applicability of data protection regulation articles to AI. He emphasized the importance of thorough preparation and stakeholder engagement before launching the sandbox.

2. Africa: Morine Amutorine shared insights on sandboxes in Africa, noting the prevalence of fintech sandboxes and the challenges faced by regulators. She highlighted examples including the EcoBank Pan-African sandbox and Kenya’s Communications Authority using a sandbox to identify innovations not covered by existing regulatory frameworks.

3. European Union: Katerina Yordanova discussed the European context, particularly the AI Act’s sandbox requirements. She noted significant differences in member states’ needs and approaches to regulatory sandboxes across various sectors.

Methodology and Best Practices:

Several key points emerged regarding the implementation of successful sandboxes:

1. Thorough preparation and stakeholder engagement

2. Transparency and public engagement to build trust

3. Clearly defined stages in the sandbox process

4. External evaluation of sandbox effectiveness

5. Addressing intellectual property protection concerns upfront

Challenges and Incentives for Participation:

The discussion explored various challenges in implementing sandboxes and potential incentives for participation:

Challenges:

1. Resource constraints and lack of expertise for regulators

2. Trust issues, particularly in Eastern Europe where companies may be hesitant to share information with regulators

3. Knowledge gaps between public authorities and tech developers

4. Potential risks for regulators in implementing sandboxes

Incentives:

1. Access to valuable data sets for companies

2. Regulatory clarity for innovators

3. Removing fees to lower barriers to entry, especially in low-income areas

Building Trust and Transparency:

Speakers emphasized:

1. Clear communication about sandbox initiatives and their benefits

2. Addressing potential disincentives for companies to participate

3. Using ‘closed room’ arrangements to protect sensitive information while allowing necessary sharing

4. Engaging the public through various means, as exemplified by the Norway Data Protection Authority’s podcast about their sandbox

Global Initiatives:

De La Chapelle mentioned the Global Sandboxes Forum and Africa Sandboxes Forum initiatives, demonstrating ongoing efforts to share knowledge and best practices in this evolving field.

Unresolved Issues and Future Directions:

The discussion highlighted several areas requiring further exploration:

1. Developing standardized sandbox practices while accommodating regional differences

2. Effectively bridging knowledge gaps between regulators and innovators

3. Balancing incentives for both large companies and smaller startups to participate

4. Creating a framework that addresses common challenges for companies participating in sandboxes

5. Exploring ways to mitigate risks for regulators implementing sandboxes

Conclusion:

The discussion underscored the potential of sandboxes as tools for agile regulation and innovation while acknowledging the complexities in their implementation across different contexts and sectors. The Datasphere Initiative announced plans to release a series of use cases and experiences from past sandboxes at a meeting in Paris in February, demonstrating ongoing efforts to share knowledge and improve sandbox practices globally.

Bertrand de La Chapelle: Maureen. And then Maureen, if you can, as well. She hasn’t turned on her video, so I’ll just… Oh, she’s coming. My video is coming one shortly. I’m trying to seek something, but I’m here, I’m online. Okay, we don’t see them on the screen at the moment, but can you display… Can you display the Zoom feed? And for people in the room and online, hello, everyone. We’re going to start literally in one minute. I’m just trying to get the people on the screen. Two left. But can you display them so that when they come back, we have them? Because… Okay. So, as we wait for people to be displayed, because they are supposed to be online, it’s my pleasure to welcome all of you here physically and online. And actually, if you can grab the bottle of water that is there, I think it would be great if I have one. Yes, there they are. So, as I said, it’s my pleasure to welcome you both online and offline. My name is Bertrand de La Chapelle. I’m the Chief Vision Officer of the Datasphere Initiative. And today, we’re going to talk about sandboxes. So, sandboxes is a term that is emerging very strongly around, and it’s a little bit mysterious for a lot of people. So, before we get into the discussion, I want to paint a very quick picture about what we’re talking about and why do we think it is important to have a discussion about sandboxes. You know, the term refers to what we’re all familiar with when we have kids. It’s this place where you can play. And it’s also a place where you can experiment. You can build something, see if it works. If it doesn’t work, you restructure, you organize something different. It’s something that is limiting the consequences of the experiment to the sandbox itself. It’s been used in research. You can have a sandbox to experiment some techniques. You can have a sandbox in various environments. And what we’re going to talk about today is this tool for experimentation in an environment that is connected to technology and the public authorities and the rules that apply to technology. And when I say rule, it’s not only regulation. It can also be the guiding principles, the self-organizing principles or the self-regulatory principles that a particular sector is adopting. And so this notion of sandbox, and we’re increasingly in the work in the Datasphere Initiative using this also as a verb, like to sandbox, meaning using a sandbox to experiment. This is something that is increasingly considered around the world as a tool for agile frameworks or for developing agile frameworks and providing an experimentation space for things that are innovative. It’s either to foster innovation or it is to deal with an innovative application and see what is the interfacing, for instance, with regulation. Which means, in particular, that we can make a rough distinction. It’s a little bit, not a caricature, but a strong distinction. But you can see sandboxes that are regulatory sandboxes or operational sandboxes. Without delving too much in the detail, you can have a sandbox that is mostly about what are or should be the rules. And another that is about literally experimenting, particularly with certain types of data, especially when it is sensitive data, you want to have a space that is enclosed. And actually, there’s an analogy that comes to mind as I speak, which is we’re all familiar with the notion of an air gap computer. An air gap computer is something that is not connected to the internet. So if something is wrong on the system, if you’re testing a malware or something like that, you don’t want this to go on the network. And so you create an environment that is under certain rules and protected. That’s what we’re talking about when we’re talking about sandboxes. And the studies that we’ve conducted as part of the Datasphere Initiative have recorded at that stage more than 70 countries who have in one way, shape or form used sandboxes in their preparation of a law, in the implementation of the law, or in thinking about whether a particular law applies or whether a particular law should be changed. You can have also hybrid mechanisms, but what is important is that it can come at different stages of a process. And we will discuss that a little bit further in the meeting. It can come, as I said, very early on to anticipate the problems that may be caused by a particular technology. And in the context of AI, it’s particularly relevant, even the speed at which the technology changes. But it can be also regarding existing regulations, whether they hinder innovation or whether they are applicable to a new technique. It can also be in the course of the development of a legislation to organize the consultation and the participation of different actors. I was mentioning the regulatory sandboxes and the operational sandboxes. What we’re going to talk about today is mostly about regulatory sandboxes, i.e. when there is a public authority that has a responsibility or takes the initiative to set up a particular process to engage a group of private and civil society actors in the experimentation or the exploration of the challenges around a particular technology. And what is important is whatever the shape or form, whether it is early in the process, whether it’s purely regulatory or operational, most sandboxes actually go through predetermined stages. So you have a very early phase that is basically dependent upon the readiness of the public authority to launch a sandbox because it’s a new type of interaction. It’s different from the traditional, I would say command and control adoption by purely the processes of the parliament and traditional consultations. So there is a question of do the public authorities have the preparation to organize and manage a sandbox? The second thing is the early stage of setting up the sandbox exercise is extremely important. How do you identify the relevant stakeholders, the different actors that should be participating? What is the exact purpose of the sandbox? And if you miss the early stage, if you do not spend enough time, you actually are launching into an exercise that will not produce what you’re actually wanting to produce. So the concept of sandbox has generated a lot of interest. It’s a practice that is growing on many different issues. And this is something that we’ve documented in the DataSphere initiative. But it is something that is relatively new, that is still intimidating for a lot of actors because let’s be honest, it is wonderful when it works well, but there are challenges in setting it up. If the methodology is not implemented correctly, it can incur risks for the public authorities, but also for the private actors who engage in the process. And so the methodology is important. And overall, to summarize, sandboxing is a form of, it’s an approach, it’s a spirit. And it is very complex. It’s a process, it’s a process. And it is very close to the multi-stakeholder approach. And I think it’s very topical to have this session here at the IGF, because it’s a way to insert a multi-stakeholder spirit or approach at the national level, not necessarily at the global level, but at the national level. And sometimes as a sub-national level, because it can also be used by municipalities, for instance, but a way to introduce multi-stakeholder consultation and participatory processes in the traditional rule-setting procedures. So, as the DataSphere initiative, we have launched in Rio. We have done a report that you can find online at the website, thedatasphere.org, a report that we produced for the UK government in the context of their presidency of the G7 in 2021. And we also launched in Rio, Brazil, on the occasion in July this year, on the occasion of the G20 presidency of Brazil, a global sandboxes forum that I’d be happy to discuss with you afterwards, which has the purpose of bringing together the actors who are doing sandboxing or are intending to do sandboxes to exchange experiences and connect. And Sophie here is putting in the chat more connections to the work online. And so our goal is to socialize the concept, and it’s the reason why we have this session here. And I have a few people around the table, physically and virtually, with the purpose of actually exploring two things with a big emphasis on the first one and a little bit on the second one. The first thing is to delve more in detail within the concept itself around people who have actually have the experience of doing sandboxes or studying how they work, and basically addressing the why to sandbox, when to sandbox and how to sandbox. And the second thing afterwards is that sandboxing is a trust building exercise between actors who don’t necessarily have a lot of confidence in each other. And so one of the prerequisites for an effective sandboxing is that we work on having buy-in and increasing the trust between the different actors so that they can engage. So without further ado, and sorry, I forgot to mention that apart from the Global Sandboxes Forum, we also have underway a dedicated program for Africa, which is an Africa sandboxes forum. And Maureen can say more in particular about this. So without further ado, getting into the first thing, and don’t hesitate to use the chat to make comments, ask questions, and Sophie will be following this. I now turn to the person on my right, who is Thiago Moraes, who is with, among other things, with the Data Protection Authority of Brazil, because they have, and they are embarking into a sandbox effort on a very interesting topic, which is the applicability of the articles of the data protection regulation in Brazil to AI. And what is interesting, and I’d like you to elaborate a little bit on this, is that you did also a very intense preparatory work beforehand, illustrating what I was saying earlier, that preparation before launching a sandbox is an important thing. And there’s also the question of the connection between different regulatory authorities on some of those topics. So Thiago, if you wanna shoot first.

Moraes Thiago: Yeah, and thanks Bertram for the invitation from the data sphere. And I think it’s very relevant opportunity to have the discussion in such important forum for us, because as you said, the collaborative approach that sandboxes should have embedded in it, and the IGF is all about this in its principles. And it’s also very curious, and maybe I’ll start from here, saying that we started looking in sandboxes because they were like two years ago, actually, when we were delving more and more in the AI governance, AI regulation topic, and how it connects with data protection. We start to hear this new buzzword, which was the sandbox, the regulatory sandbox. And I have to acknowledge that it’s very important that the work of the Data Sphere at that moment, you had one of the main reports on the topic. I mean, there was also, of course, a nice work from the World Bank Group. The German government also had some nice publication, but yours were the first report focused on our data-oriented sandbox, which has a lot to do with what we do, since there is a big chunk of data, which is personal data, that’s the role of DPAs to be concerned with. So, yeah, first of all, I’d like to thank for the nice report that you published some years ago. But from that, we saw, okay, actually here, it’s something that can be really, truly hands-on, which is important. I work in this unit in the DPA that’s related with how to cope with innovation and how we make, actually, regulation for and with innovation. And, of course, not any kind of innovation, but the responsible ones, innovation that’s adequate to regulations such as the Data Protection Legislation. Because of that, we decided to, okay, let’s do a throughput study. So, we started with a benchmark research. I think that was the first step of what we should look about, so we could understand more of the methodology of the sandbox. And, of course, your work was part of it, but many of these others that I mentioned. And also, we did some interviews, not only with other regulators in Brazil, from other economic sectors, agencies, but also with our peers. So, we talked with data protection authorities from other countries, like Norway, who has a very interesting AI-focused privacy sandbox. We talked with the ICO in the UK, Canal, Singapore, and also Colombia. So, this was very interesting, because we saw that the way that privacy regulators have been dealing with sandbox is a bit different from what we see in, for example, financial sector, where one of the main outputs of the sandbox is to really give this bigger leeway, giving more flexibility, to lower barriers to the innovative process developed there. In the meanwhile, what privacy regulators are usually concerned about is how often the innovators are being able to cope with this complex legal framework. framework, which can be the protection ones. So there was a lot of like guidance and support involved with it. And from there, we all that like partnerships were important. We did a first cooperation with the Development Bank of Latin America, in the Caribbean’s CAF, where one consultant, Mr. Armando Guia worked with us. So we did with that design of what we were aiming in our sandbox, we saw that we needed to understand better some provisions of our data protection law that was connected with the topic. So most specifically, we have this Article 20, which is about algorithmic decision making. So very similar to what we have in the GDPR, Article 22. And we saw that among several things, the topic of transparency was there. So this another buzzword, algorithmic transparency, okay, maybe we could look what that means, the sense of our relationship. And with that, we shared with society, we did an open consultation to collect input. This was done in the last year. And from then, we now have been advancing to actually start launching it because now we have a better idea where we want to go. This, the results of the consultation has not been shared yet, but we are going to share it just because we want to make sure that everything that our technical teams has analyzed is a consensus with our high board. So we are in this phase right now. And in parallel, what we’re doing in the meanwhile, we are gathering some expert support because we saw that that was differential in several cases, like for example, Norway, because countries that didn’t do that, they had a lot of trouble thinking that the sandbox can be an interesting tool, but they couldn’t see the complexity of it. So I mean, when we have a more mature institution, like let’s take the ICO in the UK, which has been running on for 20 years as a DPA, and they have put in 300 staff, so they could have a dedicated unit for that. That’s not our reality. We are a three years old DPA, our innovators unit has four people that cannot deal only with sandbox and not only with AI, we have blockchain, we have pats, we have several other technologies to follow up, and not only sandbox work. So we decided, okay, we need experts with us. And we did this partnership now with the UNDP, who is helping us to bring a partner university to work with us. So we’ll have a more stakeholder group working on that with us. And we also see that a last part that we still miss are missing before starting the launch is awareness raising campaign, because after all this trouble, if we cannot connect with, with potential participants, like going to incubators, talking with startups, or just like data driven companies that would be interested in knowing more, we can have a risk here of like making the call for for projects and no participant being really interested. Because as you said, trust is important part of that. I will, I’ll keep that for the next part. But this is definitely key, if we want to make a successful sandbox. So thanks for an opportunity. And I pass the floor to you.

Bertrand de La Chapelle: Thank you so much, Diego. I think one thing that I want to emphasize is that, in many cases, people understand the notion of sandbox in one angle in particular, which is the temporary lifting of some of the regulatory constraints to enable the testing of new applications. This is particularly what has been done in the fintech environment. which has been one of the first test bed and testing grounds for sandboxes. What I think it’s important to understand is that it may be one feature sometimes on a sandbox, but it’s not a necessity. And in the case of the Brazil DPA, it is not about lifting a regulation. It’s about looking at how a particular article applies to a particular type of sector. The second thing is, you highlight very clearly, and I was asking a little bit, the why, the when, and so on. I think the effort that you’ve made to talk to other actors and the comment that you made regarding the maturity of an operator is a very important one, because you use the expression, which is basically having a dedicated unit. I think it makes sense to consider that in the future, as sandboxing becomes a more widespread practice, every government, every regulator, and so on, will have to have a pole of competence to help people who need to implement a sandbox. And in that regard, given the levels of maturity that are different, the sharing of practices and experiences among all of those who have done sandboxes is a very important element, and that’s one of the reasons why we generated the Global Forum on Sandboxes. Which leads me, actually, to another dimension, and I will pass the floor to Adam Szabo, who is a research fellow at the GovLab, who has been following those issues for quite some time, to ask you, Adam, to offer perspective on sandboxes for certain regions of the world, because we’re talking a lot about sandboxing, particularly in the European Union at the moment, because of the explicit mention of the use of sandboxes on the AI Act, because you may know that the AI Act requires all governments in Europe to put in place a sandbox by 2026. But what I would like to hear from you is, how do you see, for instance, the differences in approaches between different regions, and particularly in Asia versus Europe or the US, in your view, given your experience in that regard? Adam, the floor is yours.

Adam Zable: Thank you. Can you hear me? Okay, fantastic. First, thanks so much for inviting me to speak. As Bertrand said, I can provide something of an international comparative perspective, because over the past year, I have been working as a Datasphere Initiative Fellow on sandboxes. So I’ve been doing research on sandboxes for data and AI around the world. And so that’s pretty much the question I can answer about the differences between regions in terms of sandboxes. And I would just like to, I mean, I think my comments here are going to really put a finer point, a pin in the point that both of the previous speakers, Bertrand and Thiago, have already mentioned, which is, so right now, there is really an incredible diversity of sandboxes around the world. They differ so much in terms of their objectives, their scope, intended impact, and the regulatory flexibility allowed for the participants. You have local sandboxes, you have international sandboxes, and you have national sandboxes, which are by far the majority in terms of data and AI sandboxes. My research has shown that there are around 19 data and AI sandboxes at the national level, 15 of which are regulatory sandboxes, which are the, I think, the main focus of this session. And the other two are operational or data sandboxes, and the other two are, you could say, hybrid of some kind. But I think the main difference that I have seen in the approaches to sandboxes in different regions, is this question of regulatory flexibility, and really just the the underlying objectives of the sandbox, what the government, the implementing entity, what their goal is in creating the sandbox. And I have seen two main camps here. The first can be considered kind of the European approach. It is built off of, I think, a number of EU member states’ governments’ data sandboxes, and some now for AI. And again, as Bertrand has said, in the AI Act, every member state is required to establish an AI sandbox within the next few years. These sandboxes, as well as others from other countries that have taken the model, they really focus on regulatory certainty, risk mitigation, and compliance. The idea, I think, of many of these sandboxes is to, you know, as sandboxes do, they provide a controlled testing environment with collaboration between the innovators and the regulators. But here, the focus is really mostly on identifying risks, ensuring compliance with existing regulations, and promoting the sharing of best practices. Fostering competitiveness is an element here, but they are primarily aimed at ensuring regulatory compliance, making sure that the regulatory environment, which is taken as a given, they take that as a given and they ask, how can we better enable companies to compete while complying with this regulation? So that is, I would say, perhaps the main or most, in terms of number of countries implementing sandboxes, this is a very prominent approach. But there is another camp that is… is very different, right? So the sandboxes, there’s just an incredible variety of implementation. But the other main camp that I see can be considered in a reductive sense to be at the East Asian approach, I would say. Singapore and South Korea specifically have done this a lot, also Japan. But taking just one, you can see it very prominently in the South Korean approach. South Korea has, for a number of years, implemented a regime of sandboxes in different fields and different sectors. But the focus of the South Korean sandboxes is much more on economic growth, technological innovation, and regulatory flexibility that encourages experimentation rather than compliance. The South Korean example specifically, they specifically shift the paradigm from restrictive regulation and compliance to permitting activities in the sandbox unless they are explicitly prohibited. So they can temporarily, in these kinds of sandboxes, they can temporarily restrict the application of certain regulations. Whereas in the EU, the regulatory environment is taken as a given. And the regime in South Korea that includes sandboxes includes other elements of agile governance as well, such as rapid regulatory confirmation and temporary permitting and other measures that allow businesses to begin their operations after safety checks but before legislative updates. And just in the same vein as legislative updates, in these sandboxes, when the regulator and companies come together, it’s not only to make sure that the company is complying with the law, but also to make sure that also to bring the company and the regulator in to help understand where the law might be changed to better accommodate the new technology that is being experimented with in the sandbox. If I may interject here, my understanding is that it can even go as far in the case of Singapore, of doing something on a completely exploratory manner, like in a very early stage, just to get the different actors to have a better mutual understanding of what the challenges might be, even without the objective of developing a legislation or changing the legislation. Is that indeed the case? Yes. So Singapore has a very interesting, Singapore has a few different sandboxes, but the one that I think is most relevant here, they have a generative AI sandbox where it’s very different from other kinds of sandboxes you see elsewhere, and it can’t really be classified, I think, as a regulatory or operational sandbox necessarily. But that one brings together the main, you know, some of the biggest companies in the world. And I believe the goal there is they, the Singapore, the IMDA, they developed some guidelines, and they bring all these companies together to work on these guidelines and to implement them and to develop them further. So in a very, and they’re guidelines for trusted use of generative AI, if I’m not completely mistaken.

Bertrand de La Chapelle: Yeah. So all distinctions, thank you, Adam. All distinctions are always a little bit caricatural, because it’s, of course, there are applications in the EU that will be more flexible, and some in Asia that will be different. But it’s interesting to look at the huge diversity. And I would make an analogy here. You know, if you look at countries as different as European and US, I mean, the US, the UK, France, and, and Germany, they’re all representative democracy countries with a parliament with a different institutional structure. But the arrangement within those countries in terms of institutions is extremely different. And I think we can consider the same thing for sandboxes. The spirit of sandboxing is an experimental, proactive, participatory and discussion building and trust building exercise. There are many different ways to implement in terms of purpose in terms of how it’s structured, when, or the reason why it is being set up. There are common elements. But just like you can have a parliament a Prime Minister and a Supreme Court, you can have very different organizations of the relationship between those two entities, three entities, and in sandboxing it’s the same. You can have different stages, different roles of the public actors and the private actors. Sometimes you can even have a sandbox that is triggered or initiated by a private actor saying, I really would like the landscape to be explored together because there’s a new technology and I don’t know how the regulatory frame is going to apply. So thank you for this distinction between the different regions and I would like to continue the exploration of the globe in a certain way by going to first Maureen Amoutourine, who is a resource associate at the Datasphere Initiative and who is in charge in particular of what I mentioned earlier, which is the Forum on Sandboxes in Africa. Maureen, can you give us a little bit of a perspective on how the notion of sandboxes is being used in Africa or envisaged in Africa?

Morine Amutorine: Yes, sure. Thank you, Bertrand. I hope you all can hear me well. Perfect, thank you. So under the Africa Forum on Sandboxes for Data, one of the recent activities that we’ve been involved in to feed into our report on an outlook on Africa when it comes to sandboxes is mapping sandboxes across the continent. Where are they? What are they focusing on? Who’s running them? And, you know, to really get insights about what’s happening on the continent. And so we have come across a number of case studies over of sandboxes, and surprisingly, most of them are in the FinTech sector. Over 90% of the sandboxes on the continent are in the FinTech sector. So the goal there is, of course, for competitive advantage, really, for most of them. But maybe for my insights, really, about Africa today, I’m going to share about a case of one sandbox that is run by a government organization, which is the Kenya Communications Authority. And their sandbox is focusing on anything ICT. And so one thing that we have identified is there, well, from engaging with the people in that sandbox, is there is the need for the experimentation of regulations and guidelines for innovators is high. And that’s one of the things that we have learned across all case studies. When a sandbox is set up, the applications are usually overwhelming, which means that the appetite of the people to understand, to have regulatory clarity is there, both in the private sector, but also in the public sector. And so one of the things we identified for the Kenya Communications Authority, for example, they were interested in learning what innovations cannot be covered by their former frameworks of regulation. Because they realized there’s lots of innovation happening, but they were not sure their old frameworks would be able to regulate these emerging solutions. And so that was their motivation for starting the sandbox. And when they did, one of the other things that they learned along the way was the need for multi-regulators in the same sandbox. Because they realized one solution can cut across different sectors. And this is a sandbox that is actually new. They have not yet started having many participants. because one other lesson that we have been picking up is most participants sometimes are not ready for the sandbox, the application will come in and you realise whatever is coming in people are not yet ready for the sandbox, rather to participate in the sandbox maybe based on the level of their innovation, where they are at, their understanding of the sector for which they are trying to innovate and so there are also those cases of accepting people into a sandbox takes long, why? Because the regulator has to take on the responsibility of making sure that people who are getting into the sandbox are ready to participate in the sandbox. But why this case is interesting is because again it’s a government entity, the Kenya Communications Authority is a government entity, it’s one of a kind because the rest of the sandboxes in Africa are about fintech and the way that it’s been approached is the level of experimentation, as much as I must mention that there’s not much documentation online that we have found about sandboxes, so we have had to look for people to interview, have one-on-one which sometimes of course takes a bit of time, but for the few that we have engaged, the idea of regulatory experimentation is very welcome and is picking ground on the continent because even with a few stakeholders that we have engaged, there is so much interest in setting up sandboxes, but the lessons we are learning from people who are already running these sandboxes is this idea of preparation before starting a sandbox, for the goal of the sandbox to be very clear, because we’ve had people talk about this issue where a sandbox is supposed to say, based on a cohort, it’s supposed to test a particular type of technology but then you’re getting people applying with all sorts of other things. because there was not good communication probably with the public for them to understand exactly what happens, what is expected in a sandbox. So I think in a nutshell I can say that almost, let me see, about 34 countries on the continent have sandboxes, of which of course most of them are in the fintech sector, in the financial sector for fintech, but other sectors are picking interest because of dialogue that is happening, but also the community that we as the Data Sphere Initiative have been trying to put together through the Africa Forum on Sandboxes for Data project. Yes, I’ll stop here for now. Thank you, Maureen. I think this is something

Bertrand de La Chapelle: that is becoming recurrent, the degree of interest that is being triggered and in the regard the uncertainty about how to do it and whether actors are actually ready. This is why it is so important to, one, have the preparatory process to bring people up to speed and I want to give another example in that regard. In Lithuania, somebody who was participating in a workshop, an online workshop we were doing, was mentioning that for an upcoming sandbox that they are planning to do, they will have actually a few weeks bringing together the actors who are going to participate in the sandbox, both from private and public authorities, to actually do a preparatory work before the sandboxing exercise itself. This is why the methodology is so important and the methodology may vary a little bit depending on the purpose, as was mentioned already, but in all cases the preparatory work is absolutely a key criteria for success and this is why it is so important to share the lessons from the different experiments. If there is a domination of fintech sandboxes, not all lessons can be transposed identically, but still you can learn and have information from other regions or people who have developed sandboxes in other topics than the ones that a regulator is contemplating. Thank you, Maureen. Let me move to Catherine now, who is a senior legal expert at the University of Leuven and you’ve heard the different perspectives on how to do it in Brazil, the other regions, the different types, the different reasons why people want to do sandboxing, when they should do it and how they should do it. What comes to mind when you listen to those elements and can you share what are the lessons from what you’ve been working on?

Katerina Yordanova: Yes, first of all, thank you, Bertrand, for organizing the panel. for organizing this workshop and also for inviting such inspirational speakers. I was really listening very carefully for what they shared from their respective regions. And yeah, what comes to mind really is that something that you started the workshop with by emphasizing that when we’re talking about sandboxes, we are really having a problem or more like a challenge to identify what exactly is this that we are talking about, because there are so many approaches to them and there are so many ways to do them. And I personally don’t think that’s a bad thing, because I do not really subscribe to a one-size-fits-all approach, not only worldwide when we’re talking about sandboxes, but also inside the European Union. Because I mean, I work inside the EU framework and legal framework, and also if we talk about regulatory sandbox framework. And even inside EU, where we have so many laws that are basically the same for all of us, I see many differences in terms of the needs of member states that want to have regulatory sandboxes, not only when we’re talking about AI sandboxes, but in other sectors as well. But also the way that they need to approach them, so those sandboxes can actually be useful for them and their economies. And in the recent years, I would say that maybe I have the fortune to work mostly with member states that have zero experience with regulatory sandboxes inside EU, which is kind of an exciting setting, because you actually need to start from scratch and be creative, but also be wise. Because a lot of those countries, including my country of origin, which is Bulgaria, we don’t have these kind of resources that the UK would have, and Tiago already mentioned some of those differences that are quite obvious, and at the same time we also do have these lessons that we learn from GDPR, because GDPR was a huge monumental threshold that changed a lot of things in the regulatory landscape in the EU, and of course one of those things was the creation of this network of competent authorities that had to monitor GDPR, which was a challenge, and this challenge became more apparent the more time passed, so if you look at this report that the Fundamental Rights Agency came up, I think it was last June, they actually had some very, not surprising, but concerning remarks, and it was that different member states like Bulgaria, like Slovenia, that do not have that rich resources, do not really succeed in implementing GDPR in a meaningful way compared to countries like France, for example, and it’s going to be the same when we talk about the AI Act, because of course those resources are not just magically going to appear, and that’s when we are talking about the sandboxes, which of course the AI Act establishes an obligation for the member states to have at least one working by 2026, there we have a problem, because the regulatory sandboxes, the way that they are described in the AI Act, are a very expensive exercise, and that’s why when we are looking at this obligation from the perspective of a member state that has zero experience with sandboxes in general, then this price becomes even greater, because you need to learn how to do it, first realise why you have to do it, okay, you have the obligation. but then you need to realize how you can do this to actually attract some people to apply in the sandbox. And then you have the methodology part where you need to figure out what’s the best methodology that works for you, for your structure, for the fact if you’re a federal-like state or not, because there’s, of course, a lot of differences there. And when you figure all this preparatory work, which can take more than a year or two, depends on how many people work on it, it’s just then when you can start informing the society, informing the other stakeholders, and try to prep them to get excited for the opportunity to work in the sandbox. So I would say that these differences, realizing those differences, and working within the limitations inside the member states, and inside countries in general, but it’s very vital because, yes, the idea of experimental regulation and legislation is super exciting, especially for legal scholars, but at the end of the day, we need to figure out what’s the maximum that we want to achieve, and what’s the realistic results that we can achieve. And of course, it’s better to have something than have nothing. So I’m very pragmatic about the whole approach to sandboxes in general.

Bertrand de La Chapelle: But Katarina, do you feel that the AI Act is sufficiently making the case of the benefit of using a sandbox instead of basically presenting it as an obligation? Because there’s a sort of feeling that it basically says you have to do a sandbox, but the reason why you should be doing this is not necessarily elaborated fully, and this resonates very strongly with the problems that we in this community at the IGF have when explaining why we should have a multi-stakeholder approach. Because in many cases, it’s an injunction to use a multi-stakeholder approach with a lot of uncertainty on how you can do it. Do you think the case for why to use this is sufficiently made?

Katerina Yordanova: No, I personally don’t think it is. sufficiently made. I mean, if you ask the Brussels bubble, yeah, it’s amazing. It’s great. We want to do it. It’s perfect. It’s not really. And it’s not only that we can’t explain to the companies that are the potential participants in the sandboxes, why would they want to participate. But it’s also that sometimes it’s hard to explain to the regulators why would they want to do it. And I would say that because we talked about those different types of sandboxes, where you have wavering of certain rules of the laws that serve as an incentive for participants. And of course, in EU, that’s not something that we can do to that extent, maybe we can lift certain administrative rules here and there. And Hungary, actually, in their fintech sandbox, they have a good, a good use case. But it’s not, in my opinion, sufficient to inspire someone to dedicate, let’s say, six months of their time to work in the sandbox, especially if you’re talking about SMEs that have limited resources. So one of the things that I personally feel strongly about is that if we don’t have in Europe, if we don’t have the ability to offer this waiver of certain rules, also, because we get this common laws on the European level, maybe we can offer something else. And that’s what the data, where data comes into play. And again, I will give this example from Bulgaria, where we are currently trying a very weird bottom up approach to make a sandbox. And one of the things that we offer as an incentive is our data sets that are privacy preserving. So you can be sure that GDPR is sufficiently, the rules of GDPR are sufficiently implemented in this data sets, but also offering data sets that not necessarily have anything to do with personal data, because we have a really vast amount of non personal data that can be useful for innovators. when they’re developing their products.

Bertrand de La Chapelle: Thanks, I think it’s what came to mind as you were speaking about lifting rules. If you look at a structure like the European Union where you have different instruments regarding directives or regulations, lifting rules is harder to do when the instrument was directives because it would require coordination between the different States. Whereas when it is a regulation, it’s probably possible to decide to lift something, but I’m not sure that the competence of the commission is sufficient to take the unilateral decision to lift a particular provision on something that has been adopted by the whole community of 27 nations. So I don’t want to belabor on this, but thank you for the remark regarding the difference between putting something in a text and having to actually implement it and developing it when there’s no past experience. I want to pose here before we get to the second thing, because actually what you mentioned, Katharina, on the incentives is a very good segue to the second part that I wanted to raise regarding the trust question and why is it beneficial, but also why different actors may want or not want to participate in a sandbox. But before that, let me open the floor and the room to anybody who would want to ask a question, including online, if Sophie, you see anybody in the chat having a comment. And if you want to ask a question, please introduce yourself beforehand. Anybody? Yeah, looks like it’s working.

Farouk Yusuf Yabo: Okay, thank you very much for a very interesting presentation. My name is Farouk Yusuf Yabo. I’m the permanent secretary at the Federal Ministry of Communications, Innovation and Digital Economy in Nigeria. So I have two questions. One is to find out whether there is a standard methodology, if you like, or framework that is generally used for running a sandbox. Now, I’ve had two versions of the sandbox, the regulatory and the operational. I also want to check which part does the one we are running falls in, because it appears to me to be somewhat in between. So our goal was to create opportunity for individuals and small startups that do not have the resources to navigate around the regulatory space or even around payment for certain government owned rights. For example, access to frequency. So we wanted to create a pre-frequency that will allow for technologists to come in and then run frequency related technology projects. And it’s meant to be a national thing because we noticed there are so many people around who are into different things, but who may not necessarily be able to come on, follow the process. Is it mostly on access to free spectrum, for instance? Yes, access to free spectrum, but not free in this case. We issue spectrums for non-commercial uses, but you pay. So, but many of the people may not be able to pay or follow the process. So we just decided to create an access and run a competition of some sorts. Is it, for instance, applicable to rural access? Yeah, it could be for anything. Could be rural access.

Bertrand de La Chapelle: The reason why I ask is because there were references in some sandboxes being developed particularly or explored in Brazil regarding lifting some constraints regarding local communities, municipalities, making community services when the operators are not.

Farouk Yusuf Yabo: Yeah, so that’s part of it, but we wanted to make it very wide open. Community, it could be materials, it could be for some podcasts, it could be for anything that somebody wants to use. It could be for metering, it could be for anything that young talents can come in and demonstrate. So I wanted to know where does this fall? Is it a regulatory, is it an operational one? The goal is to allow access for people who ordinarily cannot pay or cannot get access based on the constraints of payment and other procedures. Thank you very much.

Bertrand de La Chapelle: Thanks for the question. A very quick answer on the two questions. One, as always, nuance is always the name of the game. So whenever you make a dichotomy between a regulatory or an operational, I mentioned later on that there is the hybrid notion and that most often it is on the spectrum. I mean, the comment that Katerina was mentioning is that even if you do something on the regulatory, you may have an incentive, which is you get access to a particular data set to work with it, which you wouldn’t have access to in normal conditions. The second thing is I can respond with three letters on the question, is there a standard methodology or framework? No, actually it’s two letters. It’s three letters in French. It’s no. There is no standard established methodology. However, nuance is the key word again. This is precisely the kind of work that we’re trying to do by gathering the experiences. What are the lessons you can draw? And I mentioned at the beginning, what is emerging clearly is the stages. You have the preparatory stage, which can be on the responsibility of the initiator of the sandbox or the actor wants to do a sandbox. Then you have the actual setting up of the procedure with a certain number of questions or what is the exact purpose? What is the range of stakeholders that have to be engaged? What is the type of data that has to be accessed if that is the case? Or what is the problem that has to be solved? And who is going to be in charge of this? Like as Thiego was mentioning, sometimes you have multiple regulators that may be involved. Who’s taking the lead? Is it something that is one regulator organizing it or is it something where there is a sort of third party facilitator in the government or outside that comes and organizes the discussions? Then you get the actual operation of the thing. But the preparatory phase is fundamental. The operation can last for a certain period of time. And one thing that people forget as well as not paying attention enough to the early phase is the exit of a sandbox is an important thing. How do you implement the solutions that have been developed on the occasion of the sandbox on an ongoing basis afterwards? Particularly if the sandbox has involved certain actors in the private sector and not others. How do you ensure that there is not a… distortion of the competitive environment. So, formalizing the methodology is clearly one of the objectives of the Global Sandboxes Forum that we’re having. The first phase being that people will listen to what is happening in the different other countries. Any other comments? Yes. Go ahead.

Luis Fernando Castro: Quick question. Thanks Bertrand. I’d like to ask any of you. Can you tell who you are? Sorry, I’m Luis Fernando Castro from Brazil, former member of PGI, the Brazilian Internet Steering Committee. I’d like to ask you, all of you, if you can bring any concrete experience that showed successful in this matter of sandbox.

Moraes Thiago: Yeah, go ahead. Yeah, I guess I’m from Brazil. So, I mean, as I said, in the case of the DPA, we’re still finishing the design phase. So, of course, talking the success of implementation is not yet ready. Although, I could say that the design itself has been quite mature. So, yeah, we have some expectations. I think we’ll start working from the next year. But even now in Brazil, we already have like some very nice experience from the financial institutions. Like in Brazil, there was something very interesting that this central bank has done a partnership together with the security, the stock markets authority and also the security. So, exactly. So, basically, the three of them have three independent but also interdependent sandbox in the sense that any participant can join any of these three. And if whatever they are doing has synergy with the other markets, they actually go together and work together in the initiative. So, it’s a model for this kind of joint corporations. Of course, it’s still all within the financial sector, but so that’s something to look for the challenge that come when it overlaps. And yeah, you can find a nice experience talking about other DPAs or the data protection authorities. You can look for the ICO and in Norway, I can share with you like we did a benchmark study that’s in Portuguese that has some interesting use cases. There are also these reports from the World Bank Group that I mentioned focused on fintech sandboxes. So, definitely, there are a lot of interesting use cases. And of course, there’s always room for growing more maturity, but yeah, sure, there are.

Bertrand de La Chapelle: Maybe to move to the next thing I want to also mention, unless there is a question from the online part, Sophie. One thing that I want to highlight is that we will have a dedicated meeting in Paris in February on the occasion of the summit on AI that the French government is going to host at the end of February. And on that occasion, one of the things that we will be releasing that we’re finalizing at the moment is precisely a series of use cases and comments about what have been experiences in the past. Because as Thiago was saying, there’s a lot about fintech, but for the fields that we’re talking about, there are some different elements and it’s good to be able to document and the paper will have a certain number of elements. I want to shift and please, if you have specific examples that you want to share on the occasion of the comments afterwards, don’t hesitate. What I want to finish with and explore a little bit is what I mentioned at the beginning. A sandbox is an exercise to bring people together and make people address policy issues in a different way. It’s basically turning the problems that different actors have with each other, like governments considering that the private sector is not doing what it should be doing, or the private sector considering that the governments are not regulating the way they should be regulating. It’s turning this into addressing a problem that people have in common by saying there’s a new technology. How does the existing regulatory framework apply? Should we change it? Should we improve it? Should we develop a new one? This is something that is important because the implementation of the new agile regulations needs to be iterative. It needs to be able to adapt to the evolution of the technology itself. There’s no better way than having a space for the different actors to talk to one another. All this is wonderful. There is a real interest for sandboxes. There’s an emerging methodology that’s being developed on the basis of experiments. There are benefits, but as Thiago and others were saying, it can be costly. It requires an awareness and a preparation to run it correctly. It can take long. The outcome is not certain. If you embark on a legislative process, you basically know what are the steps, and especially if there’s a majority in your parliament, you know how it’s going to go. There’s a bit of negotiation, but you know how the voting is going to go in the end. When you embark in any type of multi-stakeholder process as a government entity, it is less predictable. There’s an irony. A tool that is intended to produce legal predictability is a process that cannot guarantee that the thing will be successful. This is why the methodology is so important. But that is on the governmental side, and there’s also, because we have to be transparent, there’s also the personal challenge for the people who are the regulators, because there’s a risk. If this doesn’t function properly, are you going to be blamed for not having fulfilled the objective? There may be reasons for government authorities to hesitate to launch a sandbox. This is why I was asking Katharina, making the argument on the benefits needs to be strengthened, and the methodology as well. But now I want to go to the other side. Are there disincentives to companies to get into a sandbox? Is there a fear that what you’re going to explain to a public authority is going to be taken against you, because you have revealed how your system is going to operate? So I want to throw the question on the floor and maybe start in the reverse order, starting with Katharina. What are the disincentives?

Katerina Yordanova: And I like you mentioning the access to data as an incentive. Well, yeah, the disincentive… It really depends on where we are looking at all over the world, because again, coming from Eastern Europe, I would say that companies in general are very, very unwilling to talk with the regulator and explain how their system works, precisely because they think that at some point in the future, what they shared could be used against them. So there’s a lot of distrust, which is I guess in some way historical, but it’s still there. And another concern that I’ve met with companies I talked about sandboxes was regarding their IP rights. So the rights of like patents and trade secrets, these kinds of things, especially when their product is in an earlier stage of development, and some sandboxes actually offer the ability of participants to communicate between each other. If you look at the digital sandbox in the UK, that’s the case. So in that particular instance, they are very worried that somewhere among this process, they may have their rights infringed in some way, and they are looking for some more guarantees on the side of the regulators.

Bertrand de La Chapelle: When I listened to what you were saying, you know that, for instance, in the procedures for mergers and acquisitions, you have the notion of closed rooms where you can access the data about the financials of a company and so on, if you are the acquirer. I see a sort of analogy, actually, when you can talk about the IP and so on, but there needs to be a framework, to come to your question, that establishes clearly what can be used and cannot be used, which is not easy, I suppose, because how do you take into account an idea that emerged from seeing what somebody has shown? This is why sometimes exploring how an existing legislation applies to a new technology is a little bit different from really revealing everything about the new technology and having to test it and making it. Can you elaborate, Catharina, just briefly on this notion of incentivizing actors by providing access to a data set, because I think it’s an important element.

Katerina Yordanova: Well, this. This was actually something that we were inspired by the digital sandbox, actually. And it’s a very interesting type of sandbox that ICF developed. And it was basically what they were doing there in a very limited use cases. They were asking the participants that were already selected if they need specific data that they can provide for them. And that was done either by connecting them with a data, with someone acting a bit like a data intermediary in a way, or by curating certain data set either by using real data or synthetic data. So that was the idea that ICF had. So we took that and complemented it with, first of all, with what we have in terms of specific data sets in this institute that we are working together to create the sandbox. So that could be mostly like data related to urban environment, because that’s a bit of a specialty of the institute. But also, we assigned some curators of data sets that contain personal data that can basically make a bit of a, if you wish, compliance exercise of the data set. So they helped the companies to use data sets that had data that was already in compliance with GDPR. So they were a bit more certain that they are compliant, not with the AI, because, of course, not enforceable and applicable yet, but with GDPR, which is currently, in my opinion, the biggest problem for SMEs, at least in Bulgaria. They still haven’t figured out how to apply it correctly. But yeah, that helped quite a lot as an incentive.

Bertrand de La Chapelle: Thank you very much, Maureen, and Adam, and then Thiago. Any thoughts on this question of how to overcome these incentives?

Morine Amutorine: So I can go first. and probably share something that I have learned from the EcoBank’s Pan-African sandbox, which ideally is EcoBank providing an API to solution.

Bertrand de La Chapelle: Can you put your video on or is the bandwidth not good enough?

Morine Amutorine: Yeah, my bandwidth is not good enough actually.

Bertrand de La Chapelle: We prefer to be able to hear you. Go ahead.

Morine Amutorine: Sorry, yeah. Yeah, so yes, I was saying that the EcoBank sandbox is literally EcoBank providing APIs to the developers to be able to build on top of what they already have. And so the incentive there for the developers has been the ability to access a small percentage of data about their clients because Africa has had financial inclusion as one of the biggest goals for the financial sector. And so having access to like the bankers’ information, not in its entirety, it’s definitely, I mean, from what they explained, the process that they do for the developers to access the APIs, they definitely have done their systems well over time. So that alone is an incentive that the developers are able to use their API and build on top of it and they’re able to access some bit of data. But other than FinTech, which of course both the clients, the solution providers and the bank are both benefiting, I’ve noticed that for sandboxes, regulatory sandboxes, which are not necessarily for FinTech, regulatory clarity has been just good enough for the people to want to participate in these sandboxes, at least for the few cases that I’ve looked at. But I also know that I’ve come across some opinion papers about participants in sandboxes who have thought that probably the regulators were not well-equipped to… run the sandbox. But we know also that that sometimes comes from the point that regulators, their background probably doesn’t put them in the best place to understand everything about technology and the new emerging technologies. So sometimes you’ll find cases where things are taking long, but that’s because probably the regulators are trying to do enough due diligence on the technology to be sure that they understand what they are regulating. So but the idea of just innovators getting regulatory clarity has been good enough incentive, at least for the cases that we have looked at for now.

Bertrand de La Chapelle: I think one of the one of the challenges is the gap of understanding between public authorities and the tech developers, where a lot of the public policy actors are confronted to a rapidly evolving technology and are having difficulties keeping up with the changes. Also, because some of what is being developed is not made public yet. And so you are thinking in terms of regulating what is visible, but you’re not regulating for what is going to come up. And vice versa, when the private actors are developing something, they don’t necessarily know what is fully the applicable legal landscape, if it is a sector where they were not before. I’ve had the discussions with people developing AI applications or foundational models, who are talking about how this will be used for medical applications. And it was striking to understand that they didn’t necessarily know the entire regulatory framework that applies to any medical device, using expert systems and so on already. They were just thinking that it was starting almost from a blank page. So bridging this gap between the public actors and the private sector technologies is one of the objectives of putting in place an appropriate sandbox. Adam, any feedback? And I actually would like, as you asked the question, to have you chime in on the incentives and disincentives as well. Adam, your term?

Adam Zable: Yeah, so I think I think that there are a number of, you can call them disincentives or challenges, for any company to participate in any kind of collaboration with a regulating entity. And I think that there’s kind of, there may be a somewhat standard set of issues that always get repeated. And I think the solution to some of these problems, and it’s not just with the entities participating in the sandbox, but also with the broader society, there’s a lot of fragmentation in the field, as I mentioned, a huge amount of diversity among different sandboxes, which has caused the practices and the ability of regulators to evaluate what’s happening in the sandbox and to build trust. All of those things are difficult to build and standardize when the question of some kind of a standard guideline that the question came up, that is made very difficult by this fragmentation that we see around the world. And these challenges or disincentives that are likely very similar in all the cases of sandboxes around the world. Perhaps there could be some kind of a framework that very quite, quite simply and straightforwardly addresses some of these challenges that could be introduced by the regulator at an early stage of interaction with the participating companies. But such a framework does not exist right now. I think what regulators can do to build trust and try to alleviate some of these disincentives, is transparency and trying to build engagement with not just the participating entities in the sandbox, but also spread the word about the sandbox, the existence of the sandbox, what a sandbox is, what it is trying to do, get the word out to people. Because right now, knowledge about sandboxes is very low. And even though a lot of governments have sandboxes and are even more working to build more sandboxes, most people have no idea what a sandbox for data, even just fintech sandboxes, most people don’t know what they are. So if I could take one example that’s been brought up before by Thiago, I think, is Norway. Norway’s data protection officer runs a data and AI sandbox, and they do all sorts of things to engage the public and stakeholders and build transparency. My favorite thing that they do is they have a podcast about the sandbox. I think, I don’t know what they talk about, but they not only post updates on the website and they have a newsletter, but they also have a sandbox podcast. And I think that’s quite novel and interesting. They also, they organize workshops, they participate in international conferences. They really make an effort more than any other government that I’ve seen to really get the word out about the existence of these sandboxes. In most cases, most sandboxes around the world, the way that they advertise the sandbox’s existence is by posting an invitation to apply to the sandbox on their webpage. They don’t even make a real effort to get the word out to companies that the sandbox exists and is taking applications. So I think you’ve… As a regulator, you’ve got to try to build trust through transparency and getting the word out in proactive ways. Another thing, just briefly, that the Norwegian DPA did was they hired a consulting firm to conduct an external evaluation of the sandbox’s effectiveness. I think that was really another very indicative of the approach that the Norwegian DPA is taking because they produced something like a 50-page report on how the sandbox is going, providing recommendations for how to improve it. That kind of thing is very, very important at this early stage of sandbox development around the world. And then just finally, I will mention this just because Katarina brought up IP protections as a disincentive, or rather the lack of IP protections as a disincentive. One thing that, again, in Norway, the sandbox does is they tell the companies upfront that participants retain ownership of intellectual property brought into sandbox collaborations. I think that kind of thing could be done by more regulators, is just to be upfront about the potential disincentives and how the regulator is addressing those disincentives within the design of the sandbox.

Bertrand de La Chapelle: Thank you. Thank you, Adam. There are, without belaboring, there are other comments that were made in previous discussions regarding the history of interactions with a particular regulator and a particular type of companies, whether there is bad blood that existed beforehand, the fact that some of the smaller companies may sometimes be more inclined to engage, but at the same time not having the bandwidth to do it, while the large companies are probably relying tendentially more on the traditional lobbying mechanism. mechanism than other. So this is a landscape, and I just wanted to make sure that as we are advocating and supporting the notion that sandbox approach is a really important tool, we don’t belittle the challenges in making it just like we don’t belittle the challenges of making it a multi-stakeholder element. So we have the last five minutes here. I will go in this direction. A very quick contribution on the discussions we had and then you can close. I’m sorry, you need the… Yeah, it’s good, it’s good.

Audience: Thank you for the opportunity. You see, different jurisdictions will have different priorities. I think that’s very important to take. Now, having said that, the regulators are seen as tax collectors by most people. So in places like Africa, where people tends to have little income in terms of their ability to pay for big charges, one key disadvantage would be for, I mean, exposing a small company to the fact that they have to pay and they have actually committed themselves, there is no exit route. I think that’s one. And so what we did was try to get that objective was to ensure no payments, right? So you don’t have to pay anything. You are allowed to come in, use the same services, which you would have put there is when a lot of money and processes. So I think as one of the key disincentives for sandboxes, get audience, stakeholders getting engaged is the fact that they have to be made to take responsibilities that in some cases are difficult for them to handle. So I think one of the key issues is for us to make sure we break the barriers of entry, especially for areas where we’re dealing with low income category of entrants that holds the ability to maybe develop concept ideas, but they don’t have resources to make sure these things are done too. So I think that’s the point.

Bertrand de La Chapelle: Thank you. Thank you. It’s very interesting because we haven’t discussed that much the situation where the regulator is actually distributing a shared common resource and is therefore collecting revenues from the availability of this. And just, we were talking about lifting a regulatory obligation. One of the regulatory obligation may be paying for having access to this. That’s an interesting use case. Tiago, you have the, basically the final word. Go ahead.

Moraes Thiago: Okay, so, well, can you? Is it working? Yeah, it’s working. So, yeah, well, I, we’ve basically, I call it. It’s not working very well. Yeah, I think it’s. No, the battery is, battery is off. Do you have another one? Because the battery is off. Can you give me this one? Okay. So, well, just to conclude then, I think I should also highlight that beyond everything that has been said, there are also other external positivity factors that we should be aware of. So, for example, just of being part of a collaborative approach that involves the regulator, because if a company use that in a good way, it can actually share with the potential consumers, the affected subjects, how actually this is bringing more trust to whatever they are innovating there. So I think this is connected to the idea of trust. And for that, well, since we don’t have more time, I think I’ll finish for here, but I’d like to thank the Dr. Sphere for this amazing discussion with so many other experts, and I hope to continue to be in this environment for further maturity for Sandboxes.

Bertrand de La Chapelle: This will definitely be the case. I want just to finish by highlighting, first of all, thanking you all as panelists and the people who attended the session for this discussion. I want to highlight that Sophia has shared in the chat, a certain number of links to resources. Please go to the website, thedatasphere.org to basically have the more information. And the final element is that this is a new avenue. This is a way for the different actors to basically explore what the multi-stakeholder approach can be at the national and even sub-regional levels. And I really encourage you to think about how this can be developed and integrated in your respective processes. And the Data Sphere Initiative team is there to give you information in the context of the Global Sandboxes Forum, and also to assist you and support whatever effort you want to engage in on a topic of interest. Thank you very much. Enjoy the rest of the IGF. Thank you.

Agreement Points

Importance of thorough preparation before launching a sandbox

speakers

MODERATOR

Moraes Thiago

Katerina Yordanova

arguments

Thorough preparation and stakeholder engagement is crucial before launching a sandbox

Brazil’s DPA is using a sandbox to test AI’s applicability to data protection regulations

Lack of resources and expertise can be a barrier for regulators implementing sandboxes

summary

Speakers agreed that careful planning and preparation are essential for successful sandbox implementation, including stakeholder engagement and resource allocation.

Diversity in sandbox approaches across regions

speakers

MODERATOR

Adam Zable

Moraes Thiago

Morine Amutorine

arguments

There is no standard methodology, but common elements are emerging like defined stages

The EU approach focuses on regulatory compliance and risk mitigation

East Asian countries like South Korea emphasize economic growth and regulatory flexibility

Africa has seen mostly fintech sandboxes so far, with growing interest in other sectors

summary

Speakers highlighted the variety of sandbox approaches across different regions, each tailored to specific regulatory and economic contexts.

Similar Viewpoints

Both speakers emphasized the importance of trust and clarity in encouraging participation in sandboxes, noting that companies may be hesitant to engage without assurances of regulatory certainty and protection.

speakers

Katerina Yordanova

Morine Amutorine

arguments

Companies may be hesitant to share information with regulators due to distrust

Regulatory clarity is a key incentive for innovators to join sandboxes

Unexpected Consensus

Importance of incentives for sandbox participation

speakers

Katerina Yordanova

Audience

arguments

Access to data sets can be an incentive for companies to participate

Removing fees can lower barriers to entry, especially in low-income areas

explanation

Despite coming from different perspectives, both speakers highlighted the importance of providing tangible incentives to encourage participation in sandboxes, particularly for smaller or resource-constrained entities.

Overall Assessment

Summary

The main areas of agreement included the importance of thorough preparation, the diversity of sandbox approaches across regions, the need for trust-building and regulatory clarity, and the significance of providing incentives for participation.

Consensus level

There was a moderate level of consensus among speakers on the fundamental principles and challenges of sandboxes. This consensus suggests a growing understanding of sandbox best practices, while also highlighting the need for flexibility in implementation across different contexts and regions.

Different Viewpoints

Approach to regulatory flexibility in sandboxes

speakers

Adam Zable

Moraes Thiago

arguments

The EU approach focuses on regulatory compliance and risk mitigation

East Asian countries like South Korea emphasize economic growth and regulatory flexibility

Brazil is taking a collaborative approach involving multiple regulators

summary

Adam Zable highlighted the contrast between the EU’s focus on compliance and risk mitigation versus East Asian countries’ emphasis on economic growth and flexibility. Moraes Thiago presented Brazil’s approach as a middle ground, involving collaboration between multiple regulators.

Incentives for sandbox participation

speakers

Katerina Yordanova

Morine Amutorine

Audience

arguments

Access to data sets can be an incentive for companies to participate

Regulatory clarity is a key incentive for innovators to join sandboxes

Removing fees can lower barriers to entry, especially in low-income areas

summary

Speakers presented different views on what incentivizes participation in sandboxes. Katerina Yordanova emphasized access to data sets, Morine Amutorine highlighted regulatory clarity, while an audience member suggested removing fees as a key incentive.

Unexpected Differences

Regional differences in trust towards regulators

speakers

Katerina Yordanova

Morine Amutorine

arguments

Eastern European companies tend to be more distrustful of engaging with regulators

Regulatory clarity is a key incentive for innovators to join sandboxes

explanation

While Katerina Yordanova pointed out a high level of distrust towards regulators in Eastern Europe, Morine Amutorine suggested that regulatory clarity is a key incentive for participation in Africa. This unexpected difference highlights how regional contexts can significantly impact the effectiveness of sandbox initiatives.

Overall Assessment

summary

The main areas of disagreement revolved around regulatory approaches, incentives for participation, and regional differences in trust and implementation of sandboxes.

difference_level

The level of disagreement among speakers was moderate. While there were clear differences in approaches and perspectives, there was a general consensus on the value of sandboxes as a tool for innovation and regulation. These differences highlight the need for flexible, context-specific approaches to implementing sandboxes across different regions and sectors.

Partial Agreements

Both speakers agreed on the importance of building trust for sandbox participation, but emphasized different aspects. Adam Zable focused on public engagement and transparency, while Katerina Yordanova highlighted the need to address IP protection concerns.

speakers

Adam Zable

Katerina Yordanova

arguments

Transparency and public engagement are important for building trust in sandboxes

Addressing IP protection concerns upfront can incentivize participation

Similar Viewpoints

Both speakers emphasized the importance of trust and clarity in encouraging participation in sandboxes, noting that companies may be hesitant to engage without assurances of regulatory certainty and protection.

speakers

Katerina Yordanova

Morine Amutorine

arguments

Companies may be hesitant to share information with regulators due to distrust

Regulatory clarity is a key incentive for innovators to join sandboxes

Key Takeaways

Sandboxes provide controlled environments for experimenting with new technologies and regulations, with regulatory sandboxes focusing on compliance and operational sandboxes testing new applications.

There is no standard methodology for sandboxes, but common elements are emerging like defined stages and thorough preparation.

Transparency, public engagement, and addressing concerns like IP protection are important for building trust and incentivizing participation in sandboxes.

Regional approaches to sandboxes vary, with the EU focusing more on compliance while East Asian countries emphasize economic growth and flexibility.

Challenges for sandbox implementation include lack of resources/expertise for regulators and distrust from companies in sharing information.

Access to data sets and regulatory clarity are key incentives for companies to participate in sandboxes.

Resolutions and Action Items

The Datasphere Initiative will release a series of use cases and experiences from past sandboxes at a meeting in Paris in February.

The Datasphere Initiative team is available to provide information and support efforts to develop sandboxes through the Global Sandboxes Forum.

Unresolved Issues

How to effectively bridge the knowledge gap between public authorities and tech developers in sandbox environments

Best practices for incentivizing both large companies and smaller startups to participate in sandboxes

How to standardize sandbox practices globally while accommodating regional differences and priorities

Suggested Compromises

Using ‘closed room’ type arrangements to protect companies’ IP and sensitive information while still allowing necessary sharing in sandboxes

Removing fees for sandbox participation to lower barriers to entry, especially in low-income areas

You can have a sandbox that is mostly about what are or should be the rules. And another that is about literally experimenting, particularly with certain types of data, especially when it is sensitive data, you want to have a space that is enclosed.

speaker

Bertrand de La Chapelle

reason

This comment introduces the key distinction between regulatory and operational sandboxes, providing a framework for understanding different sandbox approaches.

impact

It set the stage for the rest of the discussion by establishing a fundamental categorization of sandboxes. Subsequent speakers often referred back to this distinction when describing specific sandbox implementations.

The South Korean example specifically, they specifically shift the paradigm from restrictive regulation and compliance to permitting activities in the sandbox unless they are explicitly prohibited.

speaker

Adam Zable

reason

This insight highlights a fundamentally different approach to sandboxes, contrasting with the European model focused on compliance.

impact

It sparked a discussion about regional differences in sandbox approaches and objectives, leading to a more nuanced understanding of how cultural and regulatory contexts shape sandbox implementation.

Even inside EU, where we have so many laws that are basically the same for all of us, I see many differences in terms of the needs of member states that want to have regulatory sandboxes, not only when we’re talking about AI sandboxes, but in other sectors as well.

speaker

Katerina Yordanova

reason

This comment challenges the assumption of uniformity even within a seemingly homogeneous regulatory environment like the EU.

impact

It deepened the conversation by highlighting the complexity of implementing sandboxes across different contexts, even within a shared regulatory framework. This led to further discussion about the need for flexible approaches.

One of the things we identified for the Kenya Communications Authority, for example, they were interested in learning what innovations cannot be covered by their former frameworks of regulation.

speaker

Morine Amutorine

reason

This insight reveals how sandboxes can be used proactively to identify regulatory gaps, rather than just testing compliance.

impact

It shifted the discussion towards considering sandboxes as tools for regulatory learning and development, not just for testing or compliance purposes.

Companies in general are very, very unwilling to talk with the regulator and explain how their system works, precisely because they think that at some point in the future, what they shared could be used against them.

speaker

Katerina Yordanova

reason

This comment brings attention to a significant barrier to sandbox participation – distrust between companies and regulators.

impact

It led to a discussion about the importance of trust-building measures and transparency in sandbox design, highlighting a critical challenge in sandbox implementation.

Overall Assessment

These key comments shaped the discussion by moving it from a general overview of sandboxes to a nuanced exploration of regional differences, implementation challenges, and the diverse objectives of sandbox initiatives. The conversation evolved from defining sandboxes to examining their practical applications, cultural contexts, and potential barriers to success. This progression deepened the analysis, highlighting the complexity of sandbox implementation and the need for flexible, context-specific approaches.

How to develop a standard methodology or framework for running sandboxes?

speaker

Farouk Yusuf Yabo

explanation

A standard methodology could help guide implementation of sandboxes across different contexts and countries.

What are concrete examples of successful sandbox implementations?

speaker

Luis Fernando Castro

explanation

Examining successful cases could provide valuable insights and best practices for others implementing sandboxes.

How to address intellectual property concerns in sandboxes?

speaker

Katerina Yordanova

explanation

IP protection is a key concern for companies participating in sandboxes and needs to be addressed to encourage participation.

How to improve public awareness and understanding of sandboxes?

speaker

Adam Zable

explanation

Increased public awareness could lead to greater participation and trust in sandbox initiatives.

How to evaluate the effectiveness of sandboxes?

speaker

Adam Zable

explanation

External evaluations, like the one conducted in Norway, could help improve sandbox design and implementation.

How to address the resource constraints of smaller companies in participating in sandboxes?

speaker

Bertrand de La Chapelle

explanation

Ensuring smaller companies can participate is important for inclusive innovation and regulation.

How to design sandboxes that are accessible to low-income participants?

speaker

Audience member

explanation

Addressing financial barriers to entry is crucial for encouraging participation from diverse innovators, especially in developing regions.

Summary

This open forum focused on promoting tech companies’ role in ensuring children’s online safety. The discussion brought together perspectives from various stakeholders, including UNICEF, government organizations, academia, and tech companies.

Speakers highlighted the importance of a proactive approach to child online protection, emphasizing the need for safety-by-design principles in product development. They stressed the significance of a comprehensive strategy involving multiple sectors, including government, civil society, and the private sector. The discussion underscored the global nature of online risks to children and the need for international cooperation to find effective solutions.

Key points included the need for tech companies to conduct child rights impact assessments, implement robust child protection policies, and raise awareness about online safety. Speakers emphasized the importance of balancing protection with children’s rights to access information and express themselves freely online. The role of positive parenting and digital literacy for both children and parents was also highlighted.

Examples of initiatives were shared, such as China’s efforts to regulate online content for minors and Tencent’s Minor Protection Center providing guidance to families. The potential benefits and risks of AI in children’s online experiences were also discussed, with a call for responsible innovation in this area.

The forum concluded by emphasizing three key concepts: proactive engagement from tech companies, comprehensive multi-stakeholder strategies, and the need for global solutions to ensure children’s online safety.

Keypoints

Major discussion points:

– The importance of protecting children’s safety and rights online, while balancing with other rights like access to information and freedom of expression

– The need for a multi-stakeholder approach involving government, tech companies, civil society, and others to address online child protection

– The role and responsibility of tech companies in designing safe products/services and implementing child protection measures

– Promoting digital literacy and awareness among children, parents, and society about online risks and safety

– Addressing emerging challenges from new technologies like AI while leveraging tech solutions for protection

Overall purpose:

The goal was to highlight the critical role of tech companies in safeguarding children online and fostering dialogue between different stakeholders on creating a safe digital environment for children.

Tone:

The tone was largely formal and professional, with speakers presenting information and perspectives from their respective fields. There was an underlying sense of urgency and importance placed on the topic. The tone became slightly more personal and relatable when speakers shared anecdotes or spoke from personal experience as parents.

Speakers

– Moderator: Shenrui Li, UNICEF China

– Zhao Hui: Secretary General of China Federation of Internet Society (CFIS)

– Dora Giusti: Chief of Child Protection, UNICEF China

– Afrooz Kaviani Johnson: Global Lead on Child Online Protection, UNICEF

– Dandan Zhong: Secretary of Party Committee, School of Information and Communication Engineering, Communication University of China

– Li Yi: Founder of APE Programming

Additional speakers:

– Sally Hsakli: Former cultural counselor at the Embassy of Saudi Arabia in China, professor at the history department of Imam University

– Liang Lingling: Family education specialist, Tencent Minor Protection Center

Expanded Summary of the Open Forum on Promoting Tech Companies’ Role in Ensuring Children’s Online Safety

Introduction

This open forum, facilitated by UNICEF China, brought together diverse stakeholders to discuss the critical role of technology companies in safeguarding children’s online safety. The discussion featured perspectives from government organizations, academia, tech companies, and international organizations, highlighting the need for a comprehensive and collaborative approach to address this global challenge.

Key Themes and Discussion Points

1. UNICEF’s Global Approach to Child Online Protection

Afrooz Kaviani Johnson, Global Lead on Child Online Protection at UNICEF, presented UNICEF’s global approach, emphasizing four key priority areas:

a) Policy and governance

b) Safe and empowering digital environments

c) Children’s digital literacy and resilience

d) Data and evidence

Johnson stressed the importance of recognizing children’s interconnected rights in the digital environment, as outlined in the UN Convention on the Rights of the Child and General Comment No. 25. She highlighted the need for companies to conduct child rights impact assessments and implement “safety by design” principles in product development.

2. China’s Efforts in Promoting Child Online Safety

Zhao Hui, Secretary General of China Federation of Internet Society (CFIS), detailed their work in four main areas:

a) Research on children’s online safety needs

b) Development of industry standards and guidelines

c) Promotion of public awareness

d) International cooperation

Zhao emphasized the importance of engaging multiple sectors, including government, tech companies, and civil society. He also mentioned CFIS’s collaboration with UNICEF on research regarding children’s online safety needs in China.

3. Specific Online Risks and Challenges

Dora Giusti, Chief of Child Protection at UNICEF China, highlighted specific online risks faced by children, including sexual abuse, cyberbullying, economic exploitation, and exposure to harmful content. She emphasized the need for comprehensive protection strategies.

Dandan Zhong from the Communication University of China discussed challenges faced in China regarding children’s internet use, including the potential risks and benefits of AI-driven applications in enhancing child safety.

4. Tech Companies’ Initiatives

Liang Lingling presented Tencent’s Minor Protection Center, which focuses on:

a) Implementing minor protection features across products

b) Conducting research on online risks

c) Promoting digital literacy

d) Collaborating with stakeholders to create a safer online environment

Li Yi, founder of APE Programming, discussed their work in teaching coding to children using a four-in-one training model. He emphasized the importance of incorporating AI into education while simultaneously teaching critical thinking skills to children.

5. Multi-stakeholder Collaboration

Speakers unanimously agreed on the necessity of a multi-stakeholder approach to effectively address online child protection. This includes collaboration between government bodies, tech companies, civil society organizations, and academic institutions.

Johnson mentioned the global digital compact as an opportunity for stakeholders to come together and address child online safety on a global scale.

6. Balancing Protection with Children’s Rights and Agency

The discussion emphasized the need to balance child protection with respecting children’s rights and agency in the digital world. Speakers stressed the importance of age-appropriate protection measures, promoting digital literacy for both children and parents, and empowering children to understand and use technology responsibly.

Key Takeaways and Action Items

1. Technology companies must play a proactive role in protecting children online by implementing safety by design principles, conducting child rights impact assessments, and developing AI applications with child safety in mind.

2. A multi-stakeholder, collaborative approach involving government, tech companies, civil society, and academia is essential for addressing child online safety effectively.

3. There needs to be a balance between protecting children online and respecting their rights, agency, and developmental needs.

4. Promoting digital literacy for both children and parents is crucial for ensuring online safety.

5. Ongoing research and data collection on children’s online behaviors, risks, and needs are necessary to inform policy and product development.

6. International cooperation and knowledge sharing are vital in addressing the global nature of online risks to children.

The forum concluded with a commitment to continued collaboration between stakeholders to promote safe digital environments for children, integrate child rights principles into product design processes, and conduct further research to inform policy and practice in the field of child online safety.

Moderator: . . . . . . . . . . . . . . . . . . . . . . . . . So, first, please allow me to introduce or distinguish the guests and the speakers. Ms. Zhao Hui, from the China Federation of Internet Society, and also our Dora, the Chief of Child Protection of UNICEF China. And also we are delighted to have our global lead on child online protection, which is Ms. Afro, who is joining us online and later will share her insight on our UNICEF strategy on child online protection. And myself is Li Xunrui. I’m from UNICEF China. As a child protection officer, I’m glad to facilitate this session. So now, shall we start? We will start by the Secretary General of CFS, Ms. Zhao Hui, will give us a presentation on CFS work in China. The floor is yours, Ms. Zhao Hui, please.

Zhao Hui: Good afternoon. I’m delighted for the forum on promoting tech companies to ensure child life safety. On behalf of the China Federation of Internet Societies, I’d like to extend warm congratulations and welcome to our distinguished guests. The China Federation of Internet Societies started in May 2018. We are honored to hold a consultative status with the United Nations Economic and Social Council. Currently, we have 524 members, including major Internet corporations like Tencent, Baidu and Douyin. China is one of the largest Internet markets in the world. with almost 1.1 billion users, including 196 million minors. As new technologies like AI and big data take off, the Chinese government is focusing on protecting children online. Chinese President Xi Jinping has emphasized the importance of creating a clean and positive online environment, especially for young users. Since China joined the UN Convention on the Rights of the Child, the government has been working to protect children online through laws, enforcement, courts, and education.

Moderator: Notably, Cyberspace Administration of China has introduced the regulations to protect minors in cyberspace. Special actions are carried out to improve the online environment for minors during the summer months. Companies are doing their part, and other groups like schools and media outlets are involved too. This has created a strong atmosphere in societies. There is growing concern about efforts to protect children online. In keeping with the theme of this forum, I’d like to share four main areas of action. First, setting up a specialized institution. In 2022, we set up a special committee with China Song Qinglin Foundation, Tencent, and 39 other organizations to protect children online. The committee has encouraged people to get involved. in protecting children online. We host conferences, offer online courses, set industry standards, recognize practices. Second, public welfare actions. We launched the AdSprout program, a public welfare initiative to improve online safety for children. We run in Xinjiang, Shandong, Guangdong, and Shaanxi. We also made online safety guide to schools in 12 cities. Third, research and reports. We worked with UNICEF to research children’s online safety. Visiting 12 counties in four provinces, the findings were put together in a report called Children’s Online Safety Needs Research. We released the report on the protection of minors in cyberspace 2024, which reviewed China’s progress in areas such as legislation and platform practices. Fourth, international collaboration and exchanges. We have hosted events on children’s online protection at international such as the IGF, the UN Human Rights Council, and the World Internet Conference. This event has helped raise global awareness on this issue. In 2024, CFII and UNICEF launched the responsible innovation in technology for children’s collection. Outstanding cases will be recommended to the UNICEF Global Case Database, contributing

Zhao Hui: China’s experiences to the technological innovation efforts of Internet companies worldwide. Ladies and gentlemen, children are our future, and it is a social responsibility to use technology for good. Let us join hands to improve children’s digital literacy online, and we can create a secure and healthy online environment for everyone.

Moderator: Thank you, Zhaohui. Mr. Zhao summarized how CFII as a network, as a civil organization, could unite efforts from society, from the Internet companies, and from the government, and demonstrate how China’s approach to strengthen the safeguarding of children’s online. And also, Mr. Zhao mentioned that CFII has a good and fruitful relationship with UNICEF China. So now we invite Dora Drusty, the Chief of Child Protection of UNICEF China country office, to give us opening remarks. Dora, please. Good afternoon. I think this mic goes on. Good afternoon. I hope you can hear me. Distinguished panelists, thank you for joining us today.

Dora Giusti: Thank you to the audience. So today we are hosting this open forum to highlight the critical role that technological companies play in the development of children’s digital literacy. So I would like to start by thanking all of you for being here. play in safeguarding children in the digital environment and the purpose is really to foster dialogue and collaboration among different stakeholders represented here, so tech companies, policy makers, researchers and practitioners on creating a safe digital environment. A child goes online for the first time every half second and in China, as Ms. Zhao mentioned, there are 196 million children online with an internet penetration rate of 97%. The internet provides great opportunities for children to learn, to stay connected, but the internet was not created for children, so there are potential risks and harms that have been identified and that are on the rise and with diversified patterns that are happening across the world. Some of these risks and harms include misuse of data and economic exploitation, cyber bullying and harassment, and more severely sexual abuse and exploitation online, and the use of AI and extended reality also offer an opportunity, but they have also exacerbated these risks as perpetrators can potentially use this reality to take advantage of children. So my colleague Bruce will speak in a moment about UNICEF’s global approach, but I just want to highlight that UNICEF supports a multi-sectoral and multi-stakeholder approach to the issue of digital safety with emphasis on policies and laws, on protection services when children require support, management of responsibility of tech companies, and also preventive efforts. So UNICEF China has been working with China Federation of Internet Societies since 2019 to promote the safe digital environment and also with the Communication University of China that is the other host in this event and UNICEF China is committed to responsible business practices in the digital environment. So at the moment, as Ms. Zhao mentioned, we’re working on a sort of action-oriented research to foster dialogue and exchange among companies and among their experience in safety by design practices. So how companies are integrated child rights principles and safety principles in their products and services. And this is a process, so it’s not pure documentation, it’s really a process that involves dialogue and sharing so that it can strengthen the processes and products of these companies but also guide other companies in building safe products. We’ve also worked on AI and child rights. Together we worked on an AI standard for children based on the UNICEF policy guidance on AI for children as well on also identifying positive and missing practices in Chinese companies. UNICEF China has also promoted unprecedented research on behaviors and risks and needs of children which will be published soon and hopefully will inform companies and policymakers. We also work with other partners on strengthening child protection systems and services with the welfare sector and also with the justice sector. So I just want to highlight the role of the tech sector in responsible innovation. And the role is key, critical in shaping a safe digital environment. So first of all. It is key that there is a balance between technological innovation and the responsibility to protect children. And this means that companies can introduce child rights principles and produce products that are designed and aligned with safety by design. So they also need to undertake impact assessment, identify risks and align their products using a safety by design framework. Also companies should fight tech with tech. So if there are dangers and risks in the products and services and platforms, they can use AI and tech to make sure that these products are safe, but also that these platforms or contents are removed. They can implement mechanisms to take down these harmful contents and also report to the authorities and also use AI to make sure that children are reached out and get some counselling or support as they require. Then they have a preventive role to raise awareness of children among parents, among educators of potential risk and how to navigate safely. And finally, I mean, make child protection as a key priority. So at the moment what happens across the world, often in companies, is that it’s delegated to different areas, but this should be a key priority of all tech companies and it should be a high level priority mainstreamed across the different areas. And obviously the role of the tech sector that we’re discussing here today is fundamental, but for success we also need to remember, and I go back to my earlier point, that we need a comprehensive strategy engaging multiple stakeholders, as I mentioned, with laws that regulate the tech companies, but also… with preventive efforts that are systemic, for example, in school, with protection services that can respond to the needs of children. And also, we should remember that safety online is a global challenge, and for a global challenge, we need global solutions. So international cooperation, finding solutions together, is a must. And with this spirit that today we’re here, bringing together different stakeholders to share different perspectives, to share the challenges and the solution. So I hope this forum will provide some of these insightful discussions that will lead to some concrete recommendations, and that we can join hands to ensure these global solutions are found to ensure children are safe online. Thank you. Okay, thank you, Dora. Thank you, Dora, for sharing the diverse and promoting way of UNICEF China engaging with Chinese government and the civil society, exploring opportunities and highlighting the tech companies’ role in safeguarding children’s online safety.

Moderator: Thank you, Dora. And then we will shift to the global perspective, and I would like to invite our colleague, Afru, who is joining us online, to share UNICEF’s view on how child online protection could be further strengthened and the role of technology companies in this important issue and topic. Please, Afru, the floor is yours.

Afrooz Kaviani Johnson: Thank you so much. Thank you so much for the invitation. It’s a pleasure to join you, albeit remotely. May I confirm that you can see my slides?

Moderator: Just a second, Afrooz, we are cutting.

Afrooz Kaviani Johnson: I’m sharing my screen. I am sharing my screen. Can you see it or is it better to manage it from there?

Moderator: Just spare us with 5 seconds.

Afrooz Kaviani Johnson: No worries.

Moderator: Our colleague is still solving a technical problem and they try to start sharing from our end. Please kindly wait for us.

Afrooz Kaviani Johnson: No problem. In the interest of time, I can start speaking while they set it up. Does that work for you?

Moderator: Of course. Of course, please.

Afrooz Kaviani Johnson: Okay. Thank you so much. So, I think the scene has already been set by the opening remarks with respect to the incredible opportunities that the digital environment provides for children and the need to address the risks. So, this is really the critical question, how we can maximise the benefits of digital technology for children while mitigating the risks of harm. And one of UNICEF’s global strategic goals is to protect every child from all forms of violence and exploitation. And in today’s age, this includes forms of violence and exploitation that are enabled or facilitated by digital technologies. And in order to design effective prevention and response strategies, we have to be specific about the risks that we’re talking about. And at global level, we have identified four key priority areas. The first is to protect children from sexual abuse and exploitation facilitated by digital technologies. The second is to protect children from bullying, harassment and other forms of violence online. The third is to protect children from economic exploitation and misuse of their personal data and the fourth to protect them from harmful content online. So UNICEF’s work globally is guided and shaped by the principles in the United Nations Convention on the Rights of the Child and General Comment No. 25 by the Convention’s treaty body. And these principles really ensure a balanced and rights-based approach. Perhaps I can check in there to see if you’re able to see my screen or not yet. Yes, we are able to see your screen but it’s quite small. It’s a technical issue from our end but please continue. I think, yeah, you can change the slide, please. Okay, so you can see or some people can see a slide that says guiding principles. Anyway, I will not take up time with talking about the technical issues but let me just talk through some of these key principles that guide our work in this area and that should also guide the work of technology companies. So the first is really understanding that children’s rights are interconnected, they’re interrelated, they’re indivisible. So this means that efforts to protect children online necessarily intersect with their other rights in the Convention on the Rights of the Child such as their access to information, their freedom of expression, their freedom of association, privacy and education. So while measures to protect children and to, you know, realise their rights to protection are critical, they cannot arbitrarily limit other rights. The second key principle to highlight is that we need to recognise and support children’s agency and resilience. So this includes giving weight to what children think and seeking their views when we’re considering policy design as well as technology design and implementation. The third point is to recognise that children are not a homogenous group. When we talk about children, we’re talking about everyone under the age of 18, which is a very broad range of children, but there are also children who face particular risks in the digital environment, for example, children with disabilities. So steps are necessary to make the digital environment safe, but also counter any biases that may lead to overprotection or exclusion of certain groups of children. The fourth key principle is the need to consider risks and opportunities that shift with children’s age and developmental stage. So like I mentioned, you know, when we look at this age range up until the age of 18, the needs and considerations for protecting a two-year-old are very different, for example, than protecting a 10-year-old versus protecting a 17-year-old. And then the other point here is that risks and solutions need to go beyond, you know, this artificial distinction between online and offline. And finally, the point is that we need to underpin all our interventions by using the most up-to-date and robust data, research, monitoring and evaluation that are accessible. So in summary, when we’re thinking about these guiding principles, we must recall that protecting children in digital spaces requires thoughtful, inclusive and evidence-based strategies. Now, the evolution of digital technologies has uppaced many countries’ legislative and regulatory frameworks, as well as educative and support services that are required to keep children safe. So as was mentioned by the previous speakers, you know, catching up really requires a collaborative and cross-sectoral approach. It calls for an expanding community of people and sectors committed to protecting children. And we can only achieve this by leveraging skills and capabilities across different sectors. including digitalization, criminal justice, social services, education, health, civil society, and the private sector. And of course, the focus of this session, you know, the private sector, we know that the private sector plays a pivotal role in shaping children’s digital experiences. The digital environment is highly commercialized. When we’re talking about businesses in this space, it’s ranging from social platforms and search engines to mobile operators to e-retail services and data brokers. And all of these playing a really important and influential role in the design and deployment of digital tools and experiences that impact children’s rights both directly and indirectly. And with this influence obviously comes both an opportunity and a responsibility to respect children’s rights and ensure their safety online. And importantly, this responsibility is not limited to companies whose primary audience is children. It extends to all of those whose products or services may impact children. And the responsibility also extends beyond just the big tech giants, which we often think of when we’re thinking about this topic. But rather, companies of all sizes and across all sectors are increasingly adopting digital technologies in ways that pose potential actual risks to children. So, all companies, regardless of their size or sector, have a responsibility to respect children’s rights and to enable the remediation of any adverse child rights impacts that they cause or contribute to. And this responsibility is laid out in the UN Guiding Principles on Business and Human Rights and the Child Rights and Business Principles. And every company has a different level of influence and potential to affect children’s rights. Conducting child rights impact assessments can allow companies to identify specific risks and challenges and help shift from the reactive approaches that we’ve often seen to more proactive, preventative measures. The Committee on the Rights of the Child really emphasises corporate accountability. They state that states should require businesses to undertake child rights due diligence and in particular to carry out child rights impact assessments in order to prevent and address any risks to children. And UNICEF, we’ve heard about the experience in China, but globally we’ve collaborated with companies and stakeholders to develop practical tools for child rights impact assessments and due diligence, as well as other influences in the business ecosystem, spanning investors, standard setters and industry associations to drive action. We’ve also provided policy guidance. Some of this was mentioned in the first opening remarks, for example on AI, also on data governance. And these resources are really designed to help companies understand their impact and take action to respect children’s rights. We also engage with companies through multi-sectoral alliances, such as the We Protect Global Alliance, which brings together governments, companies, civil society and international organisations to tackle the specific issue of online child sexual abuse and exploitation. Across these efforts, let me emphasise that UNICEF does not endorse any company, brand, product or service, rather all our efforts are guided by the goal of improving outcomes for children at scale. So this includes by building an open knowledge base of practical guidance on responsible business conduct in relation to child rights in the digital age. To drive positive change, UNICEF has developed recommendations addressing those four priority areas that I mentioned at the beginning. These include actions relating to strengthening systems and services, engaging companies, policy advocacy, legal reform, community action and research. I’m not sure if you’re yet seeing my screen. If you are, you’ll see that there’s a QR code, which you can scan to read more from our policy brief. In closing, I really want to emphasise that it is a unique opportunity at this moment for us to anticipate and address potential risks to children when we’re thinking about technology design and governance. It was just a couple of months ago that member states agreed, you know, this new global digital compact and it really gives us an opportunity to reinforce the commitment to children’s rights in the digital age. And this environment that we want to create needs to ensure accountability, but at the same time, it needs to be encouraging of companies to actively identify problems and persist in finding solutions. And this means collaborating across different sectors, engaging with children, young people, experts and researchers, and maintaining open dialogue about successes and challenges. By sharing these insights and learning, I’m very optimistic that we can achieve meaningful change. Thank you. Thank you.

Moderator: Thank you a lot, Afro. And thank you for introducing the UNICEF position on safeguarding child online protection and also the guiding principles. And I would like to highlight again the last two words you introduced as proactive as a way of interpreting responsibility of the ICT companies and also at scale, I believe it’s embedded in the gene of ICT companies. So thank you, Afro, again for joining us and deliver this insightful sharing speech. And next, I would like to invite Dr. Sally Hsakli, the former cultural counselor at the Embassy of Saudi Arabia in China, and the professor at the history department of Imam University. The floor is yours, doctor, please.

Speaker 1: Thank you, Dr. Hsakli, and ladies and gentlemen. and following the difficulties for children online safety. I am honored to share with the CFIS, alongside with UNICEF China and Communication University of China. Thank you for all of you. Today we gather to address a recent concern ensuring tech companies prioritize the children online will be. Our discussion will revolve around three perfect aspects. They call it online, children online and I like in future parents even with the children even parents online they need companies to with that not just the children they need protect even the parent or the old people they need prefer. Ensuring safe technology and for education firstly tech companies must design innovation, protects and services that prioritize children’s safety and privacy. That involves consideration considering the children and needs and riot during the development process. We are we argue companies and adopt child country appropriated interdiction safety future and parental control into the products. By doing so we can make we can might risk. and to create a safe online environment. Effect policies and measures. Secondly, tech companies must establish and implement robust policies and child online protection. This includes developing clear guidelines the delegating terms and overseas protection effort and utilising technical and manual review process. We encourage collaboration between companies and government and organisations to share best practice and drive collective progress. Lastly, rising awareness about child online protection is critical. Tech companies must assume responsibility for promoting safety through education and publicity initiatives. We advocate for increased public engagement encouraging individuals to participate in shaping a safer online ecosystem. Together we can foster future culture and responsibility. In conclusion, our collective efforts can be significant impact to children online safety. We urge each companies to advertise an invitation safety solution, implement effective policies and promote awareness. Let us unite to build a digital future where children and adults can thrive free from harm. Thank you very much. Thank you. Thank you a lot. Sorry, I can’t see. I lost. I forgot my eyes, my glasses.

Moderator: My glasses and I can’t read. Thank you. No problem. Thank you. Thank you, doctor. I think the doctor highlighted that at the very beginning stage, at the design stage, the ICT companies should consider the safety by design and the child rights when they develop products and platforms and also agreements think alike that it’s very important to have industrial regulation on the guidance, which is the CFRS and you have China and also a lot of ICT partners we are devoting into this progress. And the next I would like to invite Mr. Zhong Dandan, the Secretary of Party Committee, School of Information and Communication Engineering of the Communication University of China. Please, the floor is yours.

Dandan Zhong: Thank you, respected Secretary General of CFRS, Ms. Zhao Hui, Chief Child Protection University of China, Ms. Dora, ladies and gentlemen, good afternoon. It’s my great honor to participate in the 2024 IGF Open Forum on promoting tech companies to ensure children’s online safety. My name is Dandan Zhong, the Director of International Office at Communication University of China. In this era of digital intelligence, we are fortunate to gather here to discuss a highly relevant and urgent topic of children’s online safety. Communication University of China was founded in 1954, and this year marks our 70th anniversary. So we are regarded as a cradle of talents for China’s media and industry, for broadcasting and television, as well as we know, in the University for the Education of Information Communication. With the rapid development of the Internet, the wave of information networking has swept across the globe. As of June 2024, the number of Internet users in China has reached nearly 1.1 billion, an increase of 7.42 million compared to December 2023, with an Internet penetration rate of 78%. The number of underage Internet users in China continues to grow, exceeding 193 million, and the Internet penetration rate among minors has risen to 97.2%. The wide spread of availability of the Internet has led to an increasing number of scenarios where children can access and use emerging technologies. The importance of Internet-related scientific and technological advancement in the lives of children is becoming increasingly evident, presenting various opportunities for their growth while also bringing numerous challenges. How Internet companies can fulfill their social responsibilities through technological innovation and better serve the vast underage user space has become one of the focal points of social concern. CUC has always placed high emphasis on the construction of disciplines related to emerging technologies. and cybersecurity, actively promoting the integration of technological progress and social responsibilities and has a strong academic foundation in the field of intelligent media networks, encourage internet companies to, it’s right? No voice, okay. In responsible technological innovation, CEC scientific research team has participated in the response to technological innovation for children project initiated by the China Internet Development Foundation together with the foundation and the UNICEF. They have conducted a collection of typical corporate case studies to gain a deeper understanding of the practices of internet companies in responsible technological innovation against the backdrop of China’s strong emphasis on the online protection of children. This initiative aims to on earth corporate examples that actively fulfill social responsibilities in the field of internet technology innovation, providing safer, healthier and more beneficial products and services for children by sharing successful experience. It further stimulates the innovation awareness and a sense of responsibility across a society. Unlike traditional internet application, AI driven internet application incorporate intelligent technologies such as machine learning, deep learning, natural language processing and analogy graphs. The use of this technologies helps provide greater benefits for children such as using motor, motoring quality content recommendations and a company shape for special groups. However, this emerging intelligent technologies also pose many risks to children, including unfairness, data privacy concerns and internet addiction. Therefore, internet companies should deepen communication, enhance consensus and strengthen cooperation with stakeholders such as government departments, research institutions and social organizations. This collaborative efforts aims to find global guidelines and the rules for protecting children. The collaborative efforts aims to find a global guideline and the rules for protecting children online safety, thereby promoting the healthy development of emerging technologies and better benefit people around the world. Here, I call upon all the esteemed guests to join us in our efforts to ensure that internet applications bring greater benefits to the most vulnerable and deserving children. We must take effective measures to minimize risks as much as possible. Through this open forum, I hope we can reach a consensus on children’s online safety and actively promote global technology companies to ensure the safety of children online. And thank you for your attention.

Moderator: Thank you. Thank you a lot, Ms. Zhong, for bringing our voice from the academia. And in Zhong’s sharing, she also mentioned that the importance of our proactive action to prepare the emerging technologies, for example, the AI-driven internet applications. And that’s also an important reason why we also bring the voices from the ICT companies to join this open forum. And for next two speakers, they will come from the ICT industry. For next, let’s welcome Liang Lingling from the Tencent Matter Protection Camps, family education specialist. Please, the floor is yours.

Speaker 2: Okay, thank you. Distinguished leaders, honorable guests, ladies and gentlemen, it’s an honor to participate in this workshop and deliberate on building our multi-stakeholder digital future. Today, I would like to present on the topic of heritage in the digital age, cultivating responsible online behavior. In the context of globalisation, conflicts regarding mobile phone usage time between parents and children have become prevalent. In China, due to parents’ prolonged working hours, children’s academic stress, and a scarcity of peer playmates, children are increasingly inclined to use online entertainment as their main form of entertainment. Confronted with this challenge, China has implemented a stringent weekly time limit of three hours for…next slide, please. Confronted with this challenge, China has implemented a stringent weekly time limit of three hours for handheld games, accompanied by anti-divergification and purchase restrictions. Tencent, as an internet enterprise, not only complies with these regulations, but also takes the initiative to provide parental guidance and consulting services for the public good. The Tencent Customer Service Manor Protection Centre represents a crucial step in this regard. Since 2017, our centre has expanded from a team of 20 to a professional team of 500. A national hotline has been established to assist manors in their utilisation of digital products. To date, it has served over 36 million domestic users. thereby augmenting internet literacy, safety awareness, family education, and online mental health. Next, please. We have assembled a team of educational psychology counselors, offering complimentary one-on-one online homeschooling counseling services to benefit a larger number of parents in the digital age. A public service homeschooling AI model has been launched furnishing families with personalized educational counsel and solutions. Next, please. We have mobilized 280,000 volunteers across the nation to engage in the work of safeguarding manners on the internet. On the 39th International Volunteer Day, we recognize the outstanding family education volunteers and outstanding volunteer service teams of the year 2024. Ms. Dora Justine, okay, she’s here today. How lucky. Director of the Child Protection Division of the UNICEF office in China was invited to address the event, during which she stated that positive parenting is an efficacious strategy for promoting family harmony, child wellbeing, and child protection. We advocate for this concept. Research indicates that parents’ digital literacy can influence children’s perspectives on online activities. When parents serve as exemplary models in terms of internet usage, and possess the ability to discern online information, children are more likely to perceive the internet as a tool for learning and personal development. Through patient guidance and effective communication, parents and children can reach a consensus on the appropriate purpose and duration of Internet use, thereby guiding children to utilize the Internet purposefully and responsibly. I would like to share a case. There was a 16-year-old boy whose father initially failed to comprehend his gaming activities. Subsequently, upon realizing that their child was engaged in gaming due to a profound interest in tanks, the father purchased a model tank and accompanied the child to visit several military museums. Currently, their child is studying tank design at university. This exemplifies that with the presence of supportive systems for children’s responsible online behaviors, they can achieve remarkable feats. In China, we collaborate with local governments, academic institutions, and social organizations for the common good, with a focus on the well-being of minors. Looking ahead, we will continue to make contributions to the development of youth in the digital age. Thank you.

Moderator: Thank you. Thank you a lot, Ms. Liang, for introducing the practices and the promising experience from the Minor Protection Center that gave us an example of how to hear the voice from children and also highlight the importance of parenting skills, which is also a focus area of UNICEF China’s work in China. We highlight a lot of positive parenting and also the digital literacy, not only for children but also for the community, for the family. Thank you again, Ms. Liang. And next, I would like to invite Mr. Li Yi, the founder of APE Programming, to introduce his work. Thank you. Thank you. Please, the floor is yours.

Li Yi: Thank you. Hello, everyone. I’m honored to be with you today at IGF 2024. I was fortunate to have grown up during the internet era. And at that time, I was a programmer. For me, programming weren’t just a way to make a living. It taught me valuable skills like logical thinking, creativity, and problem solving. I realized how beneficial these skills could be for a young mind in the long term. And that’s why my team and I founded YBC seven years ago. Today, we have trained over 5 million students in coding. We foster children’s development through four key aspects, which I refer to as the four-in-one training model. One language, which is programming language. One way of thinking, which is computational thinking. One ability, which is innovation ability. And one perspective, which has a view of the future. Our products are designed with children’s safety in mind from the very start. Each product undergoes testing multiple times before launch to ensure there’s no harmful content. We also consider the different stage of student development to ensure our products are friendly and safe for kids of all ages. Besides being a programmer and an educator, I’m also a father of three. Unlike me, today’s children are growing up in the age of AI. Whether we like it or not, we are all witnessing the dawn of AI. And it will profoundly influence and shape our kids’ lives. As a company that cares about child safety, child safety, we recognize the potential benefits and the threat posed by AI. As an educator and a father, I constantly think about how AI will impact education and how children can grow up well in the new era. AI can absorb knowledge and information so efficiently and widely, much more than a single person could ever learn. This makes AI a fantastic assistant in helping children gain knowledge. We have already begun to incorporate AI into education, helping kids understand what AI is, how it works, and how to use it more effectively. However, AI is not all-powerful. Currently, AI still makes mistakes, and humans need to identify the results generated by AI and make the final decisions. We hope that, through our efforts, children can approach AI more wisely, rather than simply trusting or rejecting it. AI also presents certain threats. We want the children to be aware of this danger so that, when they encounter AI-based schemes, such as a deepfake, they can recognize them and protect themselves. Our company is committed to public welfare and is dedicated to helping more children understand the future world of technology. We strive to share the wisdom behind great scientists to the next generation. It’s a challenging task, but we deeply care about the long-term benefit for children. It is commitment to their future. It’s why we are dedicated to this mission. Thank you.

Moderator: Thank you a lot, Mr. Li, sharing her insightful opinions, not only on behalf of the founder of a technology company, but also perspective from a father. Thank you again, Mr. Li. For today, we only got one hour, but I believe this open forum is successful, and I would like to conclude with three key words. The first one is proactive, as highlighted by Ms. Afro, the global leader on child online production of InDesign headquarters. The proactive is why we try to highlight the importance of promoting technology companies to participate in this important topic. And the second one is comprehensive strategy, highlighted by Dora. That’s the reason why today we invite multiple stakeholders and from diverse background, they also have diverse promoting practices experience to share their insight. And the last one is global solution, also highlighted by Dora, is the reason why we meet here and the importance of this open forum to give us a platform to discuss and exchange our promoting experience. And I would like to conclude by thank you all for participating and sharing your insight. And also please stay tuned to next year. We may meet again at the IGF 2025. Thank you all. Thank you again for attending this open forum. Bye-bye. Bye-bye. you you

Agreement Points

Multi-stakeholder collaboration for child online safety

Dora Giusti

Afrooz Kaviani Johnson

Dandan Zhong

Speaker 2

Zhao Hui

Collaborating across sectors to address emerging risks

Partnering with academic institutions for research

Working with local governments and organizations

Engaging multiple sectors including government, tech companies, and civil society

Multiple speakers emphasized the importance of collaboration between various stakeholders, including tech companies, governments, academic institutions, and civil society organizations, to effectively address child online safety issues.

Proactive measures by tech companies to ensure child safety

Dora Giusti

Afrooz Kaviani Johnson

Dandan Zhong

Li Yi

Implementing safety by design principles

Conducting child rights impact assessments

Developing AI-driven applications with child safety considerations

Incorporating AI into education while teaching critical thinking

Speakers agreed on the need for tech companies to take proactive measures in ensuring child safety, including implementing safety by design principles, conducting impact assessments, and considering child safety in AI development and education.

Similar Viewpoints

These speakers emphasized the importance of empowering children and parents with digital literacy and critical thinking skills to navigate the online world safely and responsibly.

Afrooz Kaviani Johnson

Speaker 2

Li Yi

Supporting children’s agency and resilience online

Promoting digital literacy for both children and parents

Empowering children to understand and use AI responsibly

Unexpected Consensus

Addressing mental health in relation to online safety

Speaker 2

Afrooz Kaviani Johnson

Offering mental health support for online issues

Protecting children from bullying, harassment and other forms of violence online

While mental health is not typically a primary focus in discussions about online safety, both speakers highlighted the importance of addressing psychological impacts of digital experiences on children.

Overall Assessment

Summary

The main areas of agreement included the need for multi-stakeholder collaboration, proactive measures by tech companies, empowering children and parents through digital literacy, and addressing both technical and psychological aspects of online safety.

Consensus level

There was a high level of consensus among the speakers on the fundamental approaches to child online safety. This consensus suggests a shared understanding of the complexities involved and the need for comprehensive, collaborative solutions. The implications of this consensus are positive for developing effective strategies to protect children online, as it indicates alignment among various stakeholders on key principles and approaches.

Different Viewpoints

Approach to AI integration in children’s digital experiences

Afrooz Kaviani Johnson

Li Yi

Conducting child rights impact assessments

Incorporating AI into education while teaching critical thinking

While both speakers acknowledge the importance of addressing AI’s impact on children, they differ in their approaches. Johnson emphasizes the need for child rights impact assessments, while Li focuses on integrating AI into education and teaching critical thinking skills.

Unexpected Differences

Overall Assessment

summary

The main areas of disagreement revolve around the specific approaches to protecting children online and integrating new technologies like AI into their digital experiences.

difference_level

The level of disagreement among the speakers is relatively low. Most speakers share common goals but propose different strategies or emphasize different aspects of child online safety. This suggests a multifaceted approach may be necessary to address the complex issue of children’s online safety effectively.

Partial Agreements

All speakers agree on the importance of protecting children online, but they propose different methods. Giusti emphasizes safety by design, Johnson focuses on recognizing interconnected rights, and Li advocates for empowering children to use AI responsibly.

Dora Giusti

Afrooz Kaviani Johnson

Li Yi

Implementing safety by design principles

Recognizing children’s interconnected rights in the digital environment

Empowering children to understand and use AI responsibly

Similar Viewpoints

These speakers emphasized the importance of empowering children and parents with digital literacy and critical thinking skills to navigate the online world safely and responsibly.

Afrooz Kaviani Johnson

Speaker 2

Li Yi

Supporting children’s agency and resilience online

Promoting digital literacy for both children and parents

Empowering children to understand and use AI responsibly

Key Takeaways

Technology companies play a critical role in protecting children online and need to implement safety by design principles, conduct child rights impact assessments, and develop AI applications with child safety in mind.

A multi-stakeholder, collaborative approach involving government, tech companies, civil society, and academia is essential for addressing child online safety effectively.

There needs to be a balance between protecting children online and respecting their rights, agency, and developmental needs.

Specific online risks to children that need to be addressed include sexual abuse, bullying, economic exploitation, and exposure to harmful content.

Promoting digital literacy for both children and parents is crucial for ensuring online safety.

Resolutions and Action Items

UNICEF and China Federation of Internet Societies to continue collaboration on promoting safe digital environments for children

Tech companies to integrate child rights principles and safety features into product design processes

Continued research and data collection on children’s online behaviors, risks, and needs to inform policy and product development

Unresolved Issues

Specific metrics or standards for evaluating the effectiveness of child online safety measures

How to address potential conflicts between child protection measures and other digital rights like privacy or freedom of expression

Strategies for protecting children from emerging AI-related risks while still allowing them to benefit from AI technologies

Suggested Compromises

Balancing technological innovation with responsibility to protect children by implementing age-appropriate safety measures

Using AI and technology solutions to enhance online safety while also teaching children to use these technologies responsibly

A child goes online for the first time every half second and in China, as Ms. Zhao mentioned, there are 196 million children online with an internet penetration rate of 97%.

speaker

Dora Giusti

reason

This statistic powerfully illustrates the scale and urgency of the issue of child online safety, especially in China.

impact

It set the tone for the discussion by emphasizing the critical importance and timeliness of addressing online child protection.

So UNICEF’s work globally is guided and shaped by the principles in the United Nations Convention on the Rights of the Child and General Comment No. 25 by the Convention’s treaty body. And these principles really ensure a balanced and rights-based approach.

speaker

Afrooz Kaviani Johnson

reason

This comment introduces a rights-based framework for approaching child online protection, balancing safety with other rights like access to information and freedom of expression.

impact

It shifted the discussion from purely protective measures to a more holistic approach considering children’s various rights and developmental needs.

Conducting child rights impact assessments can allow companies to identify specific risks and challenges and help shift from the reactive approaches that we’ve often seen to more proactive, preventative measures.

speaker

Afrooz Kaviani Johnson

reason

This insight highlights a concrete step companies can take to improve child safety, moving from reactive to proactive approaches.

impact

It provided a specific actionable recommendation for tech companies, steering the conversation towards practical solutions.

Unlike traditional internet application, AI driven internet application incorporate intelligent technologies such as machine learning, deep learning, natural language processing and analogy graphs. The use of this technologies helps provide greater benefits for children such as using motor, motoring quality content recommendations and a company shape for special groups. However, this emerging intelligent technologies also pose many risks to children, including unfairness, data privacy concerns and internet addiction.

speaker

Dandan Zhong

reason

This comment thoughtfully explores both the potential benefits and risks of AI technologies for children, adding nuance to the discussion.

impact

It broadened the conversation to include emerging AI technologies, highlighting the need for ongoing adaptation of child protection strategies.

Whether we like it or not, we are all witnessing the dawn of AI. And it will profoundly influence and shape our kids’ lives. As a company that cares about child safety, child safety, we recognize the potential benefits and the threat posed by AI.

speaker

Li Yi

reason

This perspective from a tech company founder and parent acknowledges the inevitability of AI’s impact on children, calling for a balanced approach.

impact

It brought the discussion full circle, connecting the technical aspects of AI with real-world implications for children and families, and emphasizing the need for education about AI.

Overall Assessment

These key comments shaped the discussion by progressively broadening its scope from basic online safety concerns to a more comprehensive view of children’s rights in the digital age. They highlighted the scale of the challenge, introduced rights-based frameworks, suggested practical steps for companies, and explored the complexities of emerging AI technologies. The discussion evolved from identifying problems to proposing solutions, while consistently emphasizing the need for collaboration among various stakeholders to ensure children’s safety and rights in an increasingly digital world.

How can AI be effectively incorporated into education to help children understand and use it wisely?

speaker

Li Yi

explanation

As AI becomes more prevalent, it’s crucial to teach children how to interact with and critically evaluate AI-generated content.

What are effective strategies for balancing technological innovation with child protection responsibilities?

speaker

Dora Giusti

explanation

Finding this balance is key for tech companies to create safe products while continuing to innovate.

How can tech companies implement ‘safety by design’ principles in their product development process?

speaker

Dora Giusti

explanation

Integrating safety considerations from the earliest stages of product design is crucial for protecting children online.

What are best practices for conducting child rights impact assessments in the tech industry?

speaker

Afrooz Kaviani Johnson

explanation

These assessments are critical for companies to identify and address potential risks to children’s rights.

How can international cooperation be strengthened to develop global solutions for online child protection?

speaker

Dora Giusti

explanation

Given that online safety is a global challenge, finding collaborative international solutions is essential.

What are effective ways to improve digital literacy among parents to better guide their children’s online activities?

speaker

Liang Lingling

explanation

Parents’ digital literacy significantly impacts children’s perspectives on online activities and safety.

Summary

This discussion focused on digital inclusion and innovation in the domain name system, particularly regarding new generic top-level domains (gTLDs). Participants explored challenges and opportunities in making the internet more accessible and diverse globally.

Key points included the importance of linguistic diversity in domain names, with speakers emphasizing the need for internationalized domain names to better serve non-English speaking communities. The discussion highlighted the challenges faced by underserved regions, particularly Africa, in participating in the domain name market due to cost barriers and limited awareness.

Speakers debated the definition of success for new gTLDs, with some arguing that traditional metrics like registration numbers may not fully capture their impact. The concept of “lowercase innovation” was introduced, suggesting that seemingly small changes can lead to significant improvements in accessibility and usability.

The Applicant Support Program was discussed as a mechanism to increase diversity in gTLD applications, though some participants noted that more comprehensive, long-term support may be necessary for true success. The discussion also touched on the need for realistic expectations, acknowledging that not all new gTLDs will succeed in the market.

Participants shared experiences from previous gTLD rounds, highlighting the time and investment required to establish successful domains. The importance of community involvement and tailored business models for different regions was emphasized.

Overall, the discussion underscored the complex balance between fostering innovation, ensuring inclusivity, and maintaining the stability and security of the domain name system. Participants agreed on the need for continued efforts to make the internet more representative of global linguistic and cultural diversity.

Keypoints

Major discussion points:

– The importance of linguistic diversity and inclusion in the domain name system

– Challenges and opportunities for new generic top-level domains (gTLDs), especially in underserved regions

– The need for realistic expectations about the success rate of new gTLDs

– ICANN’s Applicant Support Program and efforts to increase participation from underserved regions

– Different perspectives on how to measure success for new gTLDs

The overall purpose of the discussion was to explore ways to foster innovation and digital inclusion through the domain name system, particularly as ICANN prepares for the next round of new gTLD applications. Participants shared experiences from previous rounds and discussed strategies to increase participation from underserved regions.

The tone of the discussion was generally constructive and collaborative, with participants offering different perspectives on challenges and potential solutions. There was a sense of cautious optimism about the potential for new gTLDs to promote inclusion, balanced with realistic acknowledgments of the difficulties involved. The tone became more solution-oriented towards the end as participants discussed concrete ways to improve the application process and support for new gTLDs.

Speakers

– Adam Peake: Moderator

– Jennifer Chung: Works for .Asia corporation, manager of .Kids top level domain name, former member of IGF multi-stakeholder advisory group, leader of IGF Support Association

– Lucky Masilela: CEO of Zakaar (manager of .za domain), leader of Registry Africa group (manages .Africa and city domain names)

– Kristy Buckley: Leading ICANN’s Applicant Support Program

– Sajid Rahman: ICANN board member, background in international banking and venture capital

– Rebecca McGilley: ICANN board member

– Maarten Botterman: ICANN board member

– Ram Mohan: Chief Strategy Officer for Identity Digital, former ICANN board member, current chair of ICANN’s Security Stability Advisory Committee

Additional speakers:

– Paulus Nirenda: From Malawi (audience member)

– Nick Wenban-Smith: Employed by Nominet (audience member)

Digital Inclusion and Innovation in the Domain Name System: A Comprehensive Discussion

This summary provides an in-depth analysis of a discussion on digital inclusion and innovation in the domain name system, with a particular focus on new generic top-level domains (gTLDs). Adam Peake introduced the panel of experts from various sectors of the internet governance ecosystem, including domain registry operators, ICANN board members, and industry leaders.

Key Themes and Discussion Points

1. Linguistic Diversity and Inclusion

A central theme of the discussion was the critical importance of linguistic diversity in the domain name system. Ram Mohan, Chief Strategy Officer for Identity Digital, emphasised that linguistic diversity should be “a core outreach goal” and “a significant metric” for measuring success in the next round of gTLDs. This sentiment was echoed by Jennifer Chung, representing DotAsia and managing the .Kids domain, and Sajid Rahman, who highlighted the opportunity for new gTLDs to serve underrepresented languages and scripts.

The speakers agreed that promoting internationalized domain names (IDNs) is crucial for better serving non-English speaking communities and making the internet more representative of global linguistic diversity. This approach was seen as essential for driving adoption of new gTLDs and fostering true digital inclusion.

2. Challenges and Opportunities in Underserved Regions

The discussion highlighted significant challenges faced by underserved regions, particularly Africa, in participating in the domain name market. Lucky Masilela, CEO of Zakaar and manager of the .za domain, pointed out the limited success of African gTLDs due to market conditions, noting that there are only 3.5 million domain name registrations for a continent of 1.4 billion people.

High costs and the need for long-term investment were identified as major barriers, even in developed markets. Nick Wendman-Smith from Nominet emphasised the complexity and resource-intensive nature of launching and sustaining a new gTLD, citing the Welsh community’s experience as an example.

Despite these challenges, speakers saw opportunities for innovation. Lucky Masilela shared the example of M-Pesa in Africa, demonstrating how mobile technology addressed financial inclusion needs in underserved markets. He also suggested a business model involving cities or municipalities as applicants for new gTLDs, which could potentially address some of the challenges faced in the African market.

3. Defining and Measuring Success for New gTLDs

A significant point of discussion was how to define and measure the success of new gTLDs. Ram Mohan argued against using the number of domain registrations as the sole metric, introducing the concept of “lowercase innovation” through memorable domain names. He suggested that the impact of new gTLDs might only be visible years after their introduction.

Jennifer Chung supported this view, stating that success can mean different things for different regions and communities. However, Lucky Masilela emphasised the importance of sustainable business models over time, suggesting that registration numbers remain important for achieving scale and enabling innovation, especially in price-sensitive markets.

4. Realistic Expectations and Market Forces

Several speakers, including Ram Mohan and Sajid Rahman, stressed the importance of having realistic expectations about the success rates of new gTLDs. Ram Mohan argued that allowing some gTLDs to fail is a natural part of market forces and should be expected. He suggested that ICANN should include an estimation of the number of TLDs that will not succeed as part of its planning for the next round.

5. Improving the Next Round of New gTLDs

The discussion yielded several suggestions for improving the next round of new gTLD applications:

a) Enhanced Applicant Support: Christy Buckley emphasised the need for an improved Applicant Support Program targeting underserved regions. She explained that the program offers a 75-85% discount on evaluation fees and extended support for the first three years of operation. Rebecca McGilley added that there should be a balance between providing support and encouraging eventual independence for new gTLDs.

b) Registry Service Provider (RSP) Pre-evaluation: Rebecca McGilley explained the RSP pre-evaluation process and its potential to reduce costs for applicants.

c) Focus on Linguistic Diversity: Sajid Rahman and others stressed the importance of promoting IDNs and linguistic diversity in the next round.

d) Leveraging Lessons Learned: Jennifer Chung highlighted the value of applying insights from previous rounds to improve the process.

e) Realistic Planning: Ram Mohan advocated for incorporating realistic expectations about success rates and market demand into the planning process.

Unresolved Issues and Future Considerations

Despite the productive discussion, several issues remained unresolved:

1. How to precisely define and measure success for new gTLDs, especially those serving niche communities.

2. Striking the right balance between providing support for new gTLDs and encouraging their eventual independence.

3. Addressing the high costs and long-term investment required for new gTLDs, even in developed markets.

The conversation also generated important follow-up questions, such as how to increase the amount of African content on the internet (currently less than 15%) and how to develop more price-sensitive domain name offerings for the African market.

Conclusion

The discussion underscored the complex balance between fostering innovation, ensuring inclusivity, and maintaining the stability and security of the domain name system. While there was general agreement on the importance of linguistic diversity and support for underserved regions, differences in perspective emerged regarding the definition of success and approaches to market challenges.

As ICANN prepares for the next round of new gTLD applications, the insights from this discussion highlight the need for a multifaceted approach that considers diverse stakeholder perspectives, regional differences, and the long-term sustainability of new gTLDs. The conversation demonstrated a cautious optimism about the potential for new gTLDs to promote inclusion, balanced with a realistic acknowledgment of the challenges involved in expanding the global domain name space.

The panel concluded by mentioning an upcoming workshop on multilingualism, IDNs, and universal acceptance, highlighting the ongoing efforts to address these critical issues in the domain name system.

Adam Peake: you you you you you you . . . . . . . . . . . . . . . . . . . . . to bring new geographies online, to bring new brands from the Global South online, to bring more content, access to more content and available connectivity. I don’t think you really need to hear too much from me. I will run through our speakers and try to do this in a way that will also introduce what they’re going to talk about. I will begin with Sajid from across the table. Sajid is an ICANN board member, a member of the ICANN community, a background as an international banker, leader in the financial sector, venture capital firms, but also a business strategist who’s very active in the Global South, bringing development to what we were thinking of as underserved regions. And so he will give us a perspective as an ICANN board member and also member of the community about the discussions we’re having around the enhancing what’s available to you is top level domain names and the new GTLD programs. Lucky Masarela is the CEO of Zakaar, which is the manager of the largest CCTLD in Africa, South Africa’s .za domain name. And also he’s the leader of the Registry Africa group, which are the managers of the .Africa top level domain name and city names for Cape Town, .Durban, Joburg, which are also managed by Zakaar. So bringing a perspective of someone who’s been bringing in new communities into the domain name space. Jennifer Chung on my right, works for one of the leaders of the .Asia corporation and manager of the .Kids top level domain name. Many of you will know Jennifer also as a member or former member of the IGFs multi-stakeholder advisory group and also leader. of the IGF Support Association, so a great supporter of the IGF. Coming soon, we hope, will be Ram Mohan, who’s the Chief Strategy Officer for a company called Identity Digital, which is running the largest number of new top TLDs, around 500. He’s also a former ICANN board member and the current chair of ICANN’s Security Stability Advisory Committee. So he will join us when he’s finished with another session in another room. We have quite a packed schedule. And last but not least is my colleague, Christy Buckley, who is leading our Applicant Support Program. Christy is online and will give a perspective from how the staff is organizing this particular activity and what we’re hoping for and what we’re achieving at the moment with the work that the new GTLD program and the Applicant Support Program are working on. So with that, I would like to begin turning over to Jen, Jennifer and Lucky. Lucky, I hope your microphone will be working. To give us a perspective as two people representing organizations that introduce top level domain names in an earlier round when we introduced new TLDs to the internet. Lucky for .Africa, Jen .Kids and also the earlier experience with .Asia. So I think Jennifer, if you would like to begin and here’s a microphone.

Jennifer Chung: Thanks Adam for that really lovely introduction. So I’ll talk a little bit about the experience .Asia had. I always like to say .Asia is one of the middle children, not a legacy TLD, but definitely not part of the new round. It was quite interesting for DotAsia because it was really in response to DotEU, which is obviously with the CCs, but it was an initiative to support the Asia-wide collaboration and upholding the ethos really of the Asia-Pacific community. Then there was quite a lot of will, geopolitical will and community will to actually have this namespace. It actually pioneered quite a lot of different things. Our sunset, our sunrise policies were now used in a lot of different ways when you look at the different registry policies that you see right now. It was also one of the very first top-level domains that offered IDN registrations after of course the CCTLD fast-track that was passed through back in 2009. We started offering internationalized domain names in our namespace starting from 2011. Now, moving back a little bit and talking about the new GTLD part, we also do manage.Kids, which is a kids-friendly for kids by kids namespace, and that came in the 2012 round. I’m sure Christy will be really happy to talk to you a little bit more about the applicant support program. But one of the very interesting things about.Kids was, in the last round, it was the only recipient for the applicant support program. So we are happy to share lessons we’ve learned, happy to share the feedback, and of course, we’re looking forward to learning more about the applicant support program coming up. I think I’ll stop here because I could talk at length, but I’d love for Adam to moderate.

Adam Peake: Thank you, Jen. I think the link between.Asia is one of, as you said, not quite a legacy, but an in-betweener, that is important in the lessons of.Kids. I wonder, Lucky, hoping that your microphone will work. if you could give us an introduction to the work you’ve been doing with .Africa and perhaps some of the city names. But also, what motivated you to apply for a GTLD in the 2012 round? How’s it being used? And, yeah, any words of wisdom about, you know, what you’re thinking for the next round as well, and applicant support? And over to you, and fingers crossed this works. Jen has very kindly offered to continue a little bit and perhaps touch on the questions I was asking Lucky, and I will just pop to the desk and see what we can find over there. So Jennifer, thank you very much for your help.

Jennifer Chung: Thank you, Adam. Like I said, I’m happy to talk more about, you know, what we were thinking behind some of the reasons. Well, not really for .Asia, because I think all of us already know the reasons why .Asia was applied for, but I will talk a little bit about .Kids. I think it was really, at the time, a response to the children’s rights and children’s welfare community concerns over the over-commercialisation of .Kids, wanting this namespace to become exemplary, you know, GTLD with children’s rights and interests at heart. So, something central to the .Kids namespace is that there was a best practices and guiding principles that were actually crafted and created by child-led organisations, children’s rights and welfare organisations, to make sure that this is something that they can definitely back behind. They actually form part of the advisory committee. that we all often consult with when we come across interesting cases of, you know, possible abuse. There’s very, very strong, strict policies on many of the categories that go beyond, above and beyond many of the different registry operator policies right now. So happy to talk about that. And another important thing I wanted to bring up is there’s always this notion when you start applying for a new GTLD, you think that it will be used for something, you envision different uses for it. But when we actually look at the real use cases, we’ve always been surprised because we’re like, oh, okay, it’s been used for not only educators and children who actually want to, you know, express themselves online as well. We also saw some interesting clothing brands that use interesting .kids names, such as copycat.kids to launch their products, to look at their markets. We looked at futureleaders.kids as well. And they actually provide high-quality educational materials for children to look at, like tutorial modules as well. And also artclubs.asia is an interesting example that actually spans both, I guess, the child community or youth or child community and also the use of Asia as, I guess, the name and the identity that they have online. One thing also that I’ve looked at when we were going through this whole idea of, you know, how can we foster innovation? How can we use this opportunity, having a GTLD, having a new GTLD? How can we use this to further innovation, both in terms of our business models, because there’s a lot of different use cases, as well as pushing forward the innovation in policymaking? And I think three of the things I want to highlight is having. and active suspension quite early on in the domain name life cycle to send the signal to market to kind of you know serve as a warning for people who might look at registration for nefarious purposes to you know kind of back off and understand that the same space is being organized being governed by policies that are quite you know open for innovation but definitely guarding against abuse. Having stable pricing policies is always a very good use case for innovation because a lot of small and medium businesses a lot of individual entrepreneurs really want to know that they’re able to use this namespace to grow their business which they might be starting startups or something like that to be able to fit that into a startup budget. And then finally I guess this is back to this ICANN world as well to foster innovation and inclusion to you know I think it’s happening now as well to stop kind of over requiring RSPs or registry service evaluation process for every single thing. So I think for a lot of registry operators when we’re looking at our business model looking at business use cases, we really want to have predictability to be able to look at how we can grow innovation, how we can introduce this to new markets, how we can have new markets interested to apply for this upcoming new round as well so hopefully that gives us a little bit more introduction of what we’re thinking.

Adam Peake: Thank you very much. Thank you Jen, that was brilliant. And I’m going to try Lucky again. How are you doing Lucky? I’m hoping your microphone is unmuted and please see if you’re able to speak to us.

Lucky Masilela: Good afternoon. Yes, I hope I’m clear. Yes. You can hear me well.

Adam Peake: I don’t hear you but I see your microphone seems to be working there.

Christy Buckley: I can hear Lucky. online. This is Christy.

Lucky Masilela: Oh, perfect.

Adam Peake: Christy, I see you were trying to say something and we can’t hear you either.

Lucky Masilela: Oh, okay. You can’t hear me there?

Adam Peake: Right. It seems the audio Zoom isn’t coming into the room. Sajid, I wonder if I could put you on the spot and jump around and give us an introduction and some comments on what you heard from Jen in particular, but also your thoughts on the program, particularly notions around innovation and inclusion. That would be great. And apologies

Sajid Rahman: for the jump. Thanks, Adam. When Adam mentioned to me a few hours back that I need to talk about domain names and inclusion and innovation, I was really scratching my head on how to connect domain name with innovation. I can understand the inclusion bit of it. So, you know, if you look at the whole digital divide inclusion aspects of it, there are three fault lines that we can think of. So the first fault line is along the line of access to internet. How we can ensure that the people across the world, irrespective of where they are based, can access internet uninterruptedly. So that’s the first fault line that needs to be addressed. The second fault line is the fault line of bias. So just to give you an idea, on the first fault line, there are even today, in 2024, around 2 billion people don’t have access to internet. Between north and south, in north, 93% of the people have access to internet. In south, it may go up to 42%. Between capital city, between urban city and rural city, the percentage varies from 92% in urban to anywhere between 20% to 30% in poor, some cases even more. So the percentages varies a lot based on where you are set up. So access to internet is the first fault line that we need to address if we want to improve digital inclusion. The second fault line is around biases. As much as we believe that internet is in a way, is a result of human biases that we live in. So if you look at it, there was a data that the facial recognition that is used, in case of dark skinned color women, 44% of cases, their facial recognition may be faulty, compared to 1% into a white male. So it sort of reflects the people who are developing the internet and working behind it. So the second fault line is the line around biases. The third fault line, I think, is the fault line of innovation. As we go around the world, there is a challenge of innovation and access to innovation, whether it is an innovation around web infrastructure, whether it’s an innovation around artificial intelligence, whether it’s an innovation on the latest that is coming out with quantum computing and everything. So the third fault line, which is a fault line of innovation, that impacts how people are included in the internet of today and will be included in the internet of tomorrow. If we look at all these three fault lines, where ICANN really comes handy, is the first fault line to address, which is access to internet. Now, if you look at the new GTLD programs that we are working on, so the new GTLD programs is an issue of digital identity. We believe that as more and more domain names are allowed, and more and more domain names are allowed, allowed to exist, like .asia or .africa or all the other domain names, there will be more people who will create better identity on the internet. And that will obviously improve the digital inclusion or access to internet for a wider group of people who are entrepreneurs, who are individuals, who wants to create an identity on the internet. So new GTLD really helps in that way. Then there’s this question of internationalized domain names. So non-Latin scripts. So as we improve the international domain names, then we’ll have people who are of different languages and others. They will at least have an identity which is a non-Latin script, but an identity they can relate with. So that is an important part of this whole ICANN initiative. The third one is, of course, universal acceptance. And we can talk about it a lot in different. I was told by Adam not to touch upon that in details, because we apparently have another program to do that. But the point is that that is also a critical part of how ICANN helps into the new GTLD programs. The second thing is, of course, the whole grant, which Martin is here, who has been leading it for a while from the ICANN side. So the grant program is essentially designed for people on the under-resourced areas to help them get into internet, the people who are working on the different parts of the world, ensuring that they have more people in terms of infrastructure, in terms of innovations. The people who are not represented well are somehow financially supported so that they can access the grant program and can get into the internet. So that’s another critical part of it that works out. Do you want me to continue? We have time? OK.

Adam Peake: Thank you very much. I like the three fault lines idea. So thank you. Let’s just see. Christy, would you like to have another go and see if we can hear you in the room? We could see that the microphone was working. And perhaps now the captioning will show that you’re also. coming through. So over to you, Christy, please.

Christy Buckley: Thanks, Adam. Can you hear me OK?

Adam Peake: Yes. Yes.

Christy Buckley: Hooray. OK. It’s great when technology works. So greetings, everyone, and thanks very much, Adam. I wanted to just say hello from Vancouver, Canada, where it’s four in the morning here, so apologies if I’m not entirely awake yet. But it’s wonderful to see everyone online and also in the room. Thanks for joining this session today. I wanted to share a few observations about digital inclusivity and the domain name system and also highlight how ICANN’s Applicant Support Program is intended to foster broader and more diverse participation in technical internet infrastructure. As some of my colleagues have highlighted, we’re already seeing exciting examples of innovation and global participation in GTLBs, or generic top-level domains, and we hope that the next round of GTLBs will open even more doors for both. From the lens of digital inclusion, one thing that I’ve observed is that concepts and definitions and methodologies for assessing digital inclusion do not typically include any mention of technical internet infrastructure like GTLBs, nor the need for universal acceptance of GTLBs with different languages or scripts, and we have another session related to this tomorrow. And so while definitions of digital inclusion vary, the focus generally falls on access, connectivity, skills, and participation. However, when infrastructure is discussed, it usually refers to internet connectivity, devices, or online services. The underlying technical infrastructure of the domain name system, and who has the ability to participate in or shape that infrastructure, often gets overlooked. when talking about digital inclusion. And as I think about this, it actually reminds me of some of the previous work that I did in a previous life in global food systems. So we know that everyone needs to eat food. But when we look at a plate of food, we rarely think about the complex network of local and global systems that brought those ingredients, those foods together on the plate. And the same holds true for the internet. Millions of people use it every day, and yet very few people think about the infrastructure and relying it, the policies governing it, and who has opportunities to participate in managing that infrastructure or in shaping those policies. I know that many in the internet community are eager to see greater participation and accessibility and inclusion in managing internet infrastructure. And one key opportunity that I see to advance this is ICANN’s Applicant Support Program, which Jennifer had spoken about earlier. It’s often described as a sort of scholarship for GTLB applicants, and it aims to make the process more accessible globally. It offers fee reductions and capacity development and access to professional volunteer resources. And in doing so, the program fosters, the intent is to foster more innovation and ensure diverse participation in that technical infrastructure of the internet, which is, again, a critical but often overlooked aspect of digital inclusion. I’ll speak a bit more in detail about the Applicant Support Program, but for now, I just wanted to emphasize that it’s a sort of tangible way to help foster that the future of the internet is inclusive and innovative and globally representative of the next billion users. Thanks.

Adam Peake: And thank you that we finally got to hear you as well as see you. Thank you. Lucky, perhaps I think it’s time to try you again and we’re having some success getting people online and speaking. So again, if we can come back to that original question that Jen started to cover, when you applied for .Africa and also the city names we mentioned, Joburg and Durban, et cetera, what was the motivation and what was your sort of inspiration and hope for those TLDs? Hope in how that they would be used and have those hopes been met and a little bit of also for you, what’s next? So hoping that the audio works, over to you, Lucky, and thank you.

Lucky Masilela: I hope you can hear me now. Am I audible?

Adam Peake: Yes, we can. Yes, you are.

Lucky Masilela: Thank you. Yeah. Look, thanks, Adam. I think one can answer the question in multiple facets, following the topic around digital inclusion and some of the inhibitors. So we broke ranks in 2012 and we applied for .Africa, .CapeTown, .Durban and .CapeTown, those four names. And ideally, we were looking to bring the continent of Africa into the mainstream. We had to make sure that Africa is also participating in this digital world, in the digital space. More than anything else, we had this dream that the African community felt that they had missed out in the previous round. And they wanted to have this domain name, .Africa, being utilized not only as a digital identity, but as an instrument that would be used to unite the continent, as an instrument that will be used to express the cultural. interests, the cultural diversity of the continent. And that is what was underlying some of the important pointers towards the application. And then for us, it was also one of those great honors by the African community to support us and also identify us to be the ones who are leading this campaign of applying for the domain name and now I’m referring to .Africa when I say the domain name, and also to be the administrators of the name. And we had also to do the marketing for us. Really, it gave us a lot of comfort and confidence that was bestowed on us by the continent. Now, the interesting thing was we’re talking about this inclusiveness where we succeeded. We must also try and look where we failed, because it is where we failed where we need to be focusing at to understand how we go further. In that last round of domain names or GTLDs, there were at least 1,900 names. And there were 13 names that were applied for from Africa, the entire continent, continent of 1.3 plus probably 1.4 billion people. Only 13 names were applied for. And of all the 13 names, only five are still active. And I’m referring to .Africa, .CapeTown, .Deben, .Jobec, and .MTN. Now, the dream of inclusiveness begins to falter immediately. The fault lines, because here are 13 names that do not see the end of day. And now we are looking at the next round. The first round on its own had its own challenges. Challenge of pricing, 185,000 per name, per domain name, and it is also restricting. When you think about it on the continent, how do we begin to get the continent of Africa to be included in this space? Now we look at only 13 names, and most of those 13 names, if not all of those 13 names, the applicants of those names were all in the Southern Hemisphere or in Southern Africa. And up until today, those names are still administered by entities that would be based in Southern Africa for the rest of the world, for the rest of the continent. So for us, this is a litmus test of the success of using inclusiveness, digital inclusiveness, by looking at where have we succeeded and where have we failed as a continent, or as an ecosystem in the DNS space, you know, are the domain names beginning to achieve on what is required or what is expected from us? When we look at the GTLD names and look at how they have performed in the last 10 years, we can still see that, in particular, the geographics have not been able to have some stellar performance that is outstanding. DotAfrica on its own today is ranked fourth in the geographic names with 51,000 names. And this is nowhere next to what would be ideal for a continental name. I mean, we should be looking at being closer to DotAsia as an example, who are the leaders in the pack, but all other names. are becoming difficult to achieve. We can only look at the CCTLD and say, our second level domains, our CO2, ZD, or web and net are the stellar performers. And you compare the same number in South Africa across the continent, you realize that again, the biggest challenge when we talk of inclusiveness is that a continent of 1.4 billion people has only shy of 3.5 million registrations. Now, 3.5 million registrations in this continent, it’s very small. It just shows on the degree or the percentage of penetration or the usage. And we need to find out where are these bottlenecks, where are we losing the plot? Why is it that we are not participating? One of the thing is free names, possibility of people not being literate or being a commercially viable space or other things that we still must find. I think the DNS market, the Africa DNS market study must still find out why we are not growing. But one of the things that I was thinking about earlier on today was if we continue having free names, they are not going to be a solution for the continent. If you think of the Gmail as an example, it is offered for free and it has really put a damper on all the other 3TLDs. And it also puts a damper onto any other GTLD that would enter the market. And we need to have a conversation around to what extent will the Gmail continue being provided, especially on the continent, because it is really, it is a weed amount. the critical CCTLDs in the continent. Now, another thing once we move away from that, it’s managing, who manages those country CCTLDs? We still have CCTLDs that are administered outside the continent. Now, that on its own, it limits on this inclusiveness that we want to achieve, that we want to talk to. Now, it also makes it difficult for our own software developers to participate and build and develop their own solutions. Now, this immediately takes me to the next round. Just looking at the next round, if the previous round in 2014 gave the results that we have the numbers that I presented and the demise of 13 to five names, what will the next round bring for Africa as a whole? It seems like we are heading for another similar failure for the continent, but the rest of the world might be fine. If today it is projected that a domain name will be 285,000 per name and discounted at 85%, and you think of the economies on the continent, what is important? Is it a domain name or bread on the table? Or take your kids to school? The priorities shift and such that there is not going to be a single entity or company that will want to pay whether it is 35,000 US dollars or 285. I do not see that happening. And the next round means it will still be excluding a lot of players from the continent. There is a round that has just begun of your registry service providers. It equally, the evaluation process or the mechanism for that requires a. exorbitant amounts of money to the region of $90,000 to be evaluated to be a service provider. That immediately marginalizes all the service providers on the continent. You will find that the service providers that will be participating in the next round are going to be from the Northern Hemisphere. We’ll have nothing coming from the Southern Hemisphere or the third world countries. And that also further stems this approval on exclusivity. And I can go on and talk about solutions. How do we think we should do this? Not necessarily providing the names or this process for free for the continent, but creating enabling mechanisms. And we are discussing in this direction. And I hope, you know, as we look at the challenges and the beauty whilst we’re celebrating Dode Africa, but I thought, let me bring another dimension on some of the challenges that I think need to be addressed as we discuss the digital inclusion. I will take a break and come back here to deal with other issues. Thanks. Thanks, Ed.

Adam Peake: Thanks very much, Laki. And the solutions part, perhaps, Jen, you can also start thinking of ideas from what Laki’s been presenting to us here about what are the solutions. And I will mention that you’re quite right about the challenges, Laki, with the notion of 1.4 billion people and only three, five billion, sorry, million names registered. We have looked at that. We’ve done, ICANN and the community has looked at DNS studies, marketplace studies for Africa, and have tried to respond to that with different ways to encourage. And of course, there’s the Coalition for Digital Africa bringing together not just ICANN, but the TLD, sorry, the Country Code Top-Level Domain Community. and also yourself and other operators, the Smart Africa groups and others who are working more directly in the development processes. And perhaps some of the ICANN board members who are in the room might want to comment at some point on some of the work we’re doing there. But Christy, I wonder if we can come back to you and ask you if you could say a few words, you know, what we’re doing in engagement activities for the next round, and also how the Applicant Support Program is going to address some of the issues that Lucky referenced there. If that’s all right, thank you. Over to you, Christy.

Christy Buckley: Sure. Thanks so much, Adam. And Lucky, thank you so much for sharing your perspective and observations from the last round. And I think my understanding in working very closely with the ICANN community on developing the next round, and in particular the Applicant Support Program, is that there’s a lot of emphasis and attention and desire to make sure that the next round has global, diverse participation. And one of the opportunities for helping to support that is the Applicant Support Program. In fact, the community provided guidance recommendations on outreach and communications for the Applicant Support Program, which asked ICANN to emphasize underserved communities, nonprofits, social enterprises, and community groups. And so far on the Applicant Support Program, which just opened to receive applications last month, outreach and communications for that has really only targeted underserved regions so far, and not at all in more developed economies just yet. The Applicant Support Program is open for 12 months, and the idea behind that is to give applicants a really long runway to learn about the program, to build their understanding about it, and hopefully to apply. And when they do apply, get access to all of the… supports available, which includes not just the fee reductions in the GTLD evaluation fee, but also access to volunteer professional service providers, as well as a capacity development program that ICANN is constructing right now. And so what’s interesting just in the first months, and I can’t provide detailed numbers just yet because I don’t want to take the wind out of our sails on Wednesday when we announce the numbers, but just in the first month we are already seeing interest in the applicant support program from all corners of the world and all regions, including Africa, which is really fantastic because it’s only been open for just a few weeks. But we’re also under sort of no illusion that ICANN and the ICANN community can do this alone, right? So while we’re putting a lot of resources and effort into spreading awareness and understanding about the next round and the opportunities therein, especially to advance digital inclusion, we’re also relying on the ICANN community and the broader internet governance community to spread the word, to raise awareness, to help people understand the relevance of the debate name system and GTLDs to the work that they’re already doing. And that’s where this broader community, including the IGF, comes in. I will note that similar to the 2012 round, but again only DocKids was able to take advantage of it, the fee reduction provided to supported GTLD applicants is really intended to be meaningful and significant. And so this will be a 75 to 85 percent discount on the GTLD evaluation fee. That’s sort of the base fee of evaluating the application, but also on some conditional evaluations. So for example, if you are a supported applicant that applies for a geographic name, that’s a conditional evaluation that would also be receiving the same discount of 75 to 85 percent. If you’re a community priority evaluation applicant, you’re applying for a top-level domain that represents a community, that’s another evaluation fee that again would be receiving that 75 to 85 percent discount. So the idea is to, you know, provide financial support not just in a sort of one-time, you know, discount, but also to think about the whole life cycle and journey of the applicant and how do we support and sustain more diverse entrants to this space over that course of that life cycle. And so ICANN did research to understand, you know, what other sort of similar programs like the Applicant Support Program tend to provide, and it’s usually this beyond the sort of one-time upfront investment you’re providing that long-term capacity development training and support. For supported applicants that become registry operators like DocKids, there would also be a discount in the annual base registry agreement fees. And so that’s something that we’re again trying to help the first few years of a supported applicant becoming that registry operator to kind of help them get up to speed in the market and run their business. We’re providing that discount in the longer term for the first three years post-operation. I know that there’s been some discussion about the fee for the registry service providers, and even I’ve heard some folks in the community talk about the fact that, you know, that was not considered in terms of like how do we provide support for registry service providers. So it just wasn’t a policy recommendation, but it’s something that has gained a lot of interest and discussion since the registry service provider program has launched. And, you know, I think it’s interesting to consider that in terms of the future continuous improvement of future next rounds. How can we further improve the opportunities for diverse participation in all aspects of the next? round, not just on the GTLD side, but also the RSP side. Adam, did I address your question? Is there anything else you want me to speak to?

Adam Peake: I think that’s brilliant. Thank you very much, Christy. And I just wanted to say, I think what’s clear from this is that there’s many thousands of hours of work have gone into looking at reviewing the 2012 process and making improvements for this latest round. And while it sounds when we say the word ICANN has done, it’s important to remember that this is a community of volunteers. The staff guide the process. But these ideas and these improvements, these mechanisms come from our multi-stakeholder community, of course. I was wondering, so we I mentioned perhaps board member might want to respond on an ASP related issue or one of the comments from from from from Lucky. But really, Sajid, if that’s something you want to pick up on or if it’s we’d like to continue on to Jen and the opportunities and challenges.

Sajid Rahman: But you know, I was previously talking about the three fault lines, right? So the fault lines that is essentially causing a digital divide. And if you look at the first fault line that I talked about, which is how to make people access to Internet, I think it’s very important to create the ability for different people to participate in the system. At the end of the day, if we believe in the hypothesis that competition creates innovation, then the more open we we make it for people to join through different support programs, the better competition we’ll have, the better innovation we’ll have and the whole ecosystem will flourish. So on the application support program, we have done a lot of work. Martin, I know you wanted to say something, but or Becky.

Rebecca McGilley: Thanks. Christie’s talked a lot about the applicant support program, but it is based on longstanding policy and policies. that the community implemented to support diversity and inclusiveness on the internet. And the support, as Christy noted, will be meaningful in terms of both the application fee reduction, also enabling applicants, supported applicants, to participate in auctions in a meaningful way. And unlike the 2012 round, in this round, we will be contemplating support, ongoing support, to enable the domain to get up and running. So deferred, discounted ICANN fees and the like, all that are going to be very important. Ultimately, there needs to be a market that supports a domain. So it’s not intended to be forever. But the goal would be to provide enough support to ensure that the domain is able to operate and able to educate people about its existence and create a market and create interest in it. So it’s a very important aspect of increasing access to the internet locally across the world.

Adam Peake: Thank you, Becky. Thanks, Ajit.

Lucky Masilela: Adam.

Adam Peake: Yes.

Lucky Masilela: If I may come in.

Adam Peake: Please, Lucky.

Lucky Masilela: And thanks for those comments that have been made regarding the solutions. and how this applicant support program is being implemented and rolled out to include people from the underdeveloped world or countries. But one of the things that I want us to think of and consider, think of it very strongly, whilst we’re talking of bringing in other mechanisms, training and other support mechanisms, what if we make this leap of faith and say, based on the evidence that we have, there is empirical evidence that currently the four GTLDs in Africa, dot Africa, dot Cape Town, Durban and Joburg, have not been very successful, but they’ve been successful in the sense that they are still active 10 years later, and they are growing very slowly. Dot Africa has just made the turn the corner, there is growth. What if we use that very lessons that we have in our hands that we have seen and allow those very entities to be the ones working with the local communities, to give training to the local communities, those potential applicants on the continent, to be trained or given support by the guys who are on the ground, the guys that have seen it, the guys that have walked the journey. And I’m referring here to Registry Africa. Registry Africa has been very active in growing these domain names, these geographics, and I believe we have been successful. I believe that the model that is a business model that we have shared at the last Africa Strategy Session in Istanbul, where we believe that if we were to create a model whereby there’s a sponsor or an applicant, and that applicant would be a city or a municipality, a county, or even a community. These will be the entities that apply for a domain name, and that domain name, they will then appoint an operator consisting of a registry and a registry back-end provider, and this could be a local provider, and this could be done as a build, operate, and transfer basis, and they would be building this on behalf of this city or municipality. The interest for the city and the municipality is to provide service to its residents and derive revenue from the utilities or the services that they’re providing to their citizens, and out of that, they grant each citizen, each utility holder a domain name, an email address, and that email address would enhance the delivery of bills and the settlement of bills based on what would be utilized. We believe such a model, when applied or implemented on the continent and underserved or underdeveloped countries, it would attract more players, more participants, and this needs some kind of understanding that we have seen it. We have walked this ground. We think we understand what is the best mechanism of bringing about inclusion, and this is my submission to this audience that consider this business model of an applicant being a city municipality, gaining or getting access to their discount, appointing a registry operator and a back-end provider. to be the ones who are doing the work, and building websites alongside that, providing. And we are looking now at where is the next wave of a domain name. For us, the next wave for domain names, when we talk of inclusivity and innovation, is getting more of our own participating in e-commerce. E-commerce is the next great space for domain names. If we can participate extensively, solid in that space, we would have been able to achieve a lot in this space. Thanks, Adam.

Rebecca McGilley: So, I just want to say something that Lucky mentioned that’s very important. Part of the program for applicant support will be sort of pro bono assistance in terms of, we’re looking for people to help applicants with writing applications, understanding the legal issues, but also the business models. And so, what Lucky was saying about learning the lessons from what .Africa, .CapeTown have done, and how they’ve grown, and the insights that you’re providing, Lucky, are critically important. And I hope we will have a lot of people who will volunteer to be part of the applicant support to get that kind of hands-on, on-the-ground experience with it. But I know that’s something that the applicant support program is putting together as the outreach for the pro bono, for the sort of non-monetary, but very critical support in terms of business models and dealing with the paperwork and the like. So, there’s also a question from Neil in the chat about the prospect of an applicant for the registry service provider pre-evaluation form. The cost for the evaluation of back-end service providers is, like the cost of the GTLD program in general, cost recovery. So, there is a $92,000 projection, but that is based on a certain number of applicants, and the fee itself will go down if we get more applicants for that. The other thing that’s really important to keep in mind is, in the last round, every evaluation, every application included an evaluation of the back-end service provider. And so, there was a cost to the applicant in the form of that evaluation. That won’t be here this time because the registry service providers are being evaluated on a sort of once-and-done process. So, there are savings and benefits that will accrue to supported applicants, and applicants in underserved regions from the program itself. And then, finally, the question of sort of whether there should be applicant support for back-end registries raises really important stability and security issues. Back-end service providers are businesses that are going to be operating multiple top-level domains all around the world, and the very last thing that we should allow to happen is to not thoroughly evaluate the ability of that service provider to provide high-quality service. And that costs money. That evaluation costs money. So, although I think we understand and agree with the desire to have globally located back-end service providers, we have to balance that with the absolutely critical stability and security requirements and take into account the fact that this once-and-done evaluation process will benefit applicants globally who will not have to bear the costs of those as part of the evaluation process.

Adam Peake: Thanks, Becky, and thanks for the – oh, go ahead, Martin, please.

Maarten Botterman: Hi, this is Maarten Botterman. Sorry for – just to add to what Becky said, another big difference between the first round was that there were just a handful of back-end providers. Actually, there’s now a market with choice, including non-profit organizations and CCs, so you have much more offer and much more reasonable pricing as well. Just wanted to add that part. Thank you, Martin. Thank you, Becky,

Adam Peake: for your comments. It’s very helpful, very kind of you. Just wanted to welcome Ram Mohan to the room. I know you’ve been in much demand in other sessions, so Ram, as I mentioned, is the Chief Strategy Officer for Identity Digital and one of the largest operators of the new TLD batch from 2012. And wanted to say we’ve been talking about – Lucky and Jen have been talking about their experience from 2012 and Jen from before with .Asia and how that’s worked, and Lucky’s made some very important points about inclusion and how we can get people applying from the African content, etc. But please make an introduction and give us some ideas. Thank you.

Ram Mohan: Thank you so much. Can you hear me? Okay, great. Thank you so much, and my apologies for joining this session late. I was speaking at another one. So I want to focus my comments on two areas. One is that we look at innovation with a lowercase I rather than innovation with an uppercase I. Let me explain what that means. Often the success of programs is only seen years out. And in the meanwhile, you have many prognosticators who pre-decide and who say that a program has failed or has succeeded based on conventional metrics. Metrics, for example, in the domain name industry, such as how many domains have been registered. And you find especially a prevalent logic inside of the domain name industry that focuses on success almost directly correlated to the number of domains that people have registered. But I’d like to say that that is actually a myth. If you look at my own company and the 300 plus domain names that we have, I can tell you that we have success in all of them. Not in the way of looking at it purely from a commercial, is it a profit-making enterprise, one TLD at a time? One way of looking at innovation for us has been in the existing domain name space prior to the various rounds that ICANN has introduced. The gold standard has been .com in the GTLD space and businesses, organizations applying for a .com, getting a .com domain name. name. We are now in a situation where it’s somewhere in the order of 17 or 18 characters that you have to string together to get an open name that is just easily available in .com without paying any kind of a premium. So just to give you an example, if I say, I want to get roms studio, if I type in romsstudio.com, it’s hard to get. It’s probably gone. Even if I type in roms-studio, even that is hard to get. And what you’ll find is engines that come back and say, how about romsstudioonline.com? How about romsdigitalstudio.com, et cetera, right? The lowercase i innovation that has happened is, with the advent of new TLDs and the availability of them, is that I can go and get rom.studio, or I can get rom.photography, or whatever it is, right? And there is innovation that has come about just by that. Because you’re bringing communities that were otherwise forced to get very long strings that are often not easy to remember, often not easy to relay. Those strings are now no longer as important, because you can get memorable, descriptive strings available directly in the domain space. And I think that is true innovation that is being fostered. So that’s the one thing that I’d like to make a point on. The second is on, we’ve talked here about diversity and inclusion. The thing here is that, if you do not get to linguistic diversity combined with the other kinds of diversity that ICANN is looking for, you’re going to fail. There has to be linguistic diversity as a core outreach goal, as a core model for a definition of success. It’s not the only determinant of success, but it ought to be a significant factor and a significant metric that you measure, because the world that we know is not a world of English and Spanish and Chinese and Arabic. The world that we know is far more multilingual, but we do not have systems at the domain name space or the domain name level that can reflect the actual reality of the people of the world. For that, we need to really have a focus on linguistic diversity. I’m pleased that there is a session tomorrow on universal acceptance and internationalized domain names. It’s not enough to just say, let us get names in your language, let us get names accessible online. We have to also look at, are the various languages and the communities that have those languages, do they have the knowledge, understanding, awareness to be able to participate in what you’re bringing forward? Because when they do that, you will find lowercase innovation coming through.

Adam Peake: A nice new way to look at this, gen.asia and language and the issues around that. How do you respond to this idea of lowercase innovation based on language and inclusion? Thank you.

Jennifer Chung: Thanks, Adam. I thought we weren’t supposed to talk about it, but I’m happy. As ever, to be able to say more, I think especially coming from Asia-Pacific, language is ultimately so important. Almost none of us in Asia-Pacific has English as our first language. Some of us, it’s our second language, third language, or even fourth language. It’s really important for the community that we’re trying to serve to actually serve their needs, for them to be able to not only know they can navigate the internet in their own language, that they have the know-how to do so. And I’m really happy to hear both from Becky and also Christy at the improvements that have been made towards the Applicant Support Program, because obviously DOT Kids was a beneficiary. Not a single beneficiary of the 2012 round Applicant Support Program, but I mean, we’re happy in that way. But looking at it overall, that is a sign that there’s a lot more things that need to be improved coming to the new round. Where can we really target and provide this benefit? International domain names is one of the priorities that ICANN has said time and time again that they are looking for the new round. Even this morning, we heard from Curtis that this is what ICANN really wants to happen, to be able to serve the underserved or underrepresented regions, to be able to get these people online, being able to use these new domain names in a way not only to benefit the community, but in a way that allows for innovation, allows for market-driven innovation and entrepreneurship. The lowercase i, see, English is not my first language either, that Ram was saying, is so critical. It’s so critical. And I think especially for Asia-Pacific, because linguistic diversity is so broad, more than just that, it is, we’re talking now about digital inclusion and language justice. And I think that’s something that Ram touched on is really near and dear to DotAsia’s heart, of course, DotKids as well. What we’re trying to look, our wishes, if we had three wishes for what DotAsia wants to see for the next round is, of course, more applicants coming in from Asia Pacific region. We are a huge region with most of the world population and growing and more from community applicants because I heard both from Becky and Chrissy that the improvements done for these different evaluation processes, including three reductions, that is very important. But in addition to that, to provide the knowledge and the upskilling that allows them to succeed and sustain their business, that’s the most important part. So more from community, that the community priority evaluation should lean towards supporting those who want to be community and not just kind of looking at it from the lens of, oh, we must weed out these people or these organizations that are trying to game the system. Of course, every single system will have people who are looking to look for the loopholes, but the outset of how we’re trying to organize and design these programs really should be for people who want to use this for the benefit of that community. So hopefully that answers a little bit more. And the final little bit on internationalized domain names, my last wish, perhaps, that it’s now on the equal footing to all the different ASCII domain names, the English language domain names that you see. So that could be not something that’s weird or new, but that becomes something that’s really common and nobody blinks an eye at it.

Adam Peake: Thanks. We switched it on. I put a link into the chat about the workshop tomorrow and the words beginning for that session are that the internet must be multilingual and inclusive is the first sentence of the description there. So we have about 24 minutes left, 20 minutes left, something like that, 20 minutes left. Are there any questions from the audience? You’re here being very attentive and patient at the beginning. So would anybody like to raise a hand and we’ll pass a mic around. Or the same for any question online. If not, I would like to go back to… Could you pass the microphone backwards, please? I would like to go back to Lucky and his comment about solutions. I don’t think we should miss that.

Paulus Nirenda: Thank you very much. Paulus Nirenda from Malawi. I just wanted maybe to raise the issue, one of the issues that Lucky, which is success of the new GTLDs that were put up in the last round, especially those from Africa, Africa.Johannesburg.Cape Town, they haven’t been as successful as expected. And I think that this applies to quite a few other new GTLDs. I don’t know if in the next round there is an evaluation on this and how ICANN wants to move forward with the success of new GTLDs.

Ram Mohan: Thank you. I hope you can hear me. So, I want to say we should expect not all GTLDs will succeed. We should walk away from this idea that just because ICANN introduces a new GTLD program and they have hundreds if not thousands of new GTLDs that come through, that they all must be successful. I think the, at least from ICANN’s point of view, the goal has to be to create a level playing field and to make sure that the ingredients for success are present and accessible to all. Those ingredients include the applicant support, they include the technical knowledge, they include linguistic ability, they include universal acceptance, things like that. The rest of it, where there are market forces that come to bear, I really think we should allow economics and market forces to do what they do well rather than try to engineer some kind of social experiment to arrive at some definition of success.

Sajid Rahman: If I can add a few points, the whole multi-stakeholderism that ICANN is very proud of essentially means that all the different voices get heard and get built into the different activities and policies that we form. As a result of that, this multilingualism, which is an issue, and that’s why you see different activities like UA Days and international domain names and many initiatives including application support programs that have been taken. But I completely agree with Ram that at the end of the day, it needs to make sense for someone to continue a domain name indefinitely. I mean, the application support program can only continue up to a certain extent, it cannot be infinite.

Lucky Masilela: Yeah, if I may come in, I think I’m quite excited. by Ram’s approach to complex issues, he explains them with lower and upper cases, and of course it makes sense the more he pulls context into that. And starting with the second point where he talks to diversity inclusion, and in particular the linguistic diversity, for us, one of the things that we picked up in early days is that this is very critical, the issue of linguistic diversity. And this was supported by the fact that there is less than 15% of African content, I’m talking about history books, our music, etc., that is available on internet. And it makes it difficult for the African child to go into internet and find sufficient information of themselves, something that had been created and generated by themselves, across the multiple languages on the continent. And that, again, for us, becomes an inhibitor to this digital inclusion. And we need to start bridging that gap to this digital inclusion by ensuring that more African languages are translated into, or more internet content is translated into African languages, so that this can be accessible to the larger community. And with that, we will see more people participating, and we’ll see more appreciation for what we are discussing today, the DNS, the domain name, and the inclusiveness. And then those lower cases and innovation, it is well and good, again, there are certain things that are price sensitive. Whilst we say The success of a domain name is not the number of names that you would have sold. It proves slightly different, you know, when you don’t have the numbers to begin to innovate around. We have been able to innovate as an entity around names like your co.za. We’ve been able to build other solutions because we have scale. We don’t need to reach the scale that would be taking away from our creativeness or what you would call the uppercase innovation. It tells us that numbers do matter, especially for certain markets. You need to be price sensitive on the African continent. You cannot charge any fee that is very far from the market conditions. That will make it even more difficult for people to participate. So we need to be grappling. For us, we are grappling with all those things. How sensitive can we be to the pricing? Make sure that it’s correct. And once the numbers are there and the scale is there, then we begin to bring in innovation. We bring more solutions into this thing so that this domain name is not just what it is, blank and boring. But we put color, we put flair into these things. This reminds me of a different solution that was innovated on the continent. I don’t know. Most of you might not or could have heard of it. Banks, for a very long time, have been excluding a lot of the citizens across the continent. And one mobile operator realized that we have a lot of people who are not banked. And we can use our platform, our mobile platform, to make sure that people are not banked. people have access to cash, access to money, or they can use this tool, this mobile phone, to make payments and transact, buy tomatoes, pay for the piki-piki or that taxi in town. And that brought in M-Pesa. And that was the innovation, when people felt marginalized by banking systems, that they couldn’t qualify, they couldn’t fulfill some of these KYC. And then another instrument was developed, which was more accommodating. And I’m seeing that for us again, if we want to have this inclusiveness properly addressed, we have to think with an uppercase innovation and come up with solutions that are going to bring more participants in the third world or those underdeveloped or underserved markets. We have to think outside what we are starting. We are on the right track, but let’s think again, if is this all that we can do? Is this sufficient? Does this provide a foolproof solution for what we want to achieve inclusiveness? History will judge us that we have not done enough. We have failed to think far and fast to ensure that we include those that are marginalized. Thank you.

Adam Peake: We have over to Jen again, and then I have Nick Wendman-Smith behind me, asking questions. Oh, go to Nick, please.

Nick Wenban-Smith: Oh, thank you, Adam. I think that works, I hope. Very strange with headphones, not headphones. So yeah, so my name is Nick Wendman-Smith. I am employed by a company called Nominet. And from our perspective, from the last round of the new GDG, from our perspective, from the last round of the new GTLDs, I wanted to just share a little bit of a story because although the United Kingdom is, you know, one of the G7, wealthy nations, we had areas of significant deprivation and social challenges and I think that’s the case even in the very wealthiest of countries. So we were very interested to get a better digital presence for the Welsh community, which is a population about five million and includes some of the very poorest parts of the United Kingdom. And I have to tell you that when we approached the Welsh elected officials in terms of the cost of the new GTLD applications, plus of course the technical time and infrastructure and expertise required, and to make it twice as bad they wanted two because they wanted the one in the Welsh version, because part of this is about linguistic diversity, so they need to have two application fees plus two letters of credit for the continuing obligations thing, which is also extremely expensive. Now I want to be positive to say that actually it’s been a very good initiative and over the course of time they’ve now got a lot of very high profile registrations, for example the national sport is rugby and so they use a dot Wales and a dot Cymru domain names for their national sport, for the local government, for the musical and cultural things are all very well represented online and they have now I think between the two 20,000 domains under registration which is sustainable. But I wanted to say that it has been, first of all it required an investor which was prepared to take a lot of risk and over the long time and that investor was nominate in fact, so we paid the application fees and we did all of the things that they needed to do and then it has taken the order of 12 years of continuous investment and over a long long period of time before you see any sort of return. So I suppose what I’m just saying, while the applicant support program is being still refined within ICANN, you just need to understand that even for sophisticated applicants with relatively deep pockets, it was quite a hard piece of work and it required a lot longer. Certainly the business models that we put together, which our finance team signed off on when we paid for the applications, were well far off the mark, is what I would say, and I think just urge everybody to sort of try to, whatever you can do to help people with the applications, it’ll need ten times that what you’re currently, in order to get these things off the ground, because it’s a hugely complex process and a hugely expensive and technically time-consuming one, even for people who are experts in the area. That’s my thoughts on that, I don’t know, it’s already a question, I’m just saying, you need to do more.

Adam Peake: Over to Jen, who’s been doing a lot already. Do more, Jen, thank you.

Jennifer Chung: Okay, actually, I was really happy to go after Nick, because I was going to bring back the example of .Kids, which was the sole recipient of the applicant support programme back in 2012. We didn’t launch until about two years ago, it’s taken a very, very long time, and .Asia is actually the organisation behind all of this. We are supposedly on a cost recovery basis, but really, we have underwritten everything, the know-how on how to create the registry policies, leveraging on our registry back-end providers, of course, to do all of that, and I foresee coming into the new round, I mean, talking again about success, right, looking at, if we’re looking at pure numbers, that’s just one measurement of success. I think success means… means different things to different people. I like how Lucky has mentioned time and time again as well, and it’s really important to stress the African continent really needs to look at this, whether or not this new GTLD program for them coming in the new round, what success will look like for the African region, and I could bring it back to Asia Pacific, what does success might look like for Asia Pacific? Is it more applications with internationalized domain names? Is it more brands coming in? Is it more SMEs? Is it more innovative applications? I think the answer is all of the above, and I think right now as a community as well, we’re trying to refine the ways to be able to get to the success. Not only, of course, ICANN, the organization, but ICANN is also a community who’s trying to look at lessons learned from the previous round to be able to apply them and create solutions that allow for innovation, but not to the point where this new, as a new applicant, you want to be able to eventually independently run your domain, not always have this guard rails around or training wheels, as I like to call them, forever, because that is not really a true sense of success. So being able to give that boost and that help to the underserved regions, to the markets that really need this, but don’t know how, I think that is the balance we really have to strike here.

Adam Peake: Ram, please.

Ram Mohan: Briefly, success for ICANN in this next round perhaps should include some estimation of the number of TLDs that will not succeed, because that is the market reality. And we really, I think, are doing a lot of work to make sure that we’re not just doing this for all of us a disservice by going into this with an idea that 100% success rate or else. And I think that’s unrealistic. That’s not how the marketplace works. We ought to have a recognition of that. We also ought to recognize that in some cases the need may be apparent but the demand may not be evident, right? Just because there is a need for something doesn’t mean that the people who profess to have the need will be willing to go and stand up and, you know, open up their wallets and buy that name, right? So I think some level of realism and some level of, you know, projecting and being quite clear that while the new TLD program will and should work on diversity, applicant support, especially linguistic diversity, which is close to my heart as well, while all of those things are there, if you do all of those things you should still expect some level of failure.

Adam Peake: Final comment and then we’ll probably have to wrap up, I think.

Sajid Rahman: Thank you. I mean, like, you know, wearing my investor hat, we always accept some failures. And I’ve seen companies launching products, which are which do very well till they start charging for it. So, you know, there is always this reality and, you know, there are realities that we need to accept, but we continue to support. I mean, like I said, you know, I can listen to the voices. The whole idea of multistakeholderism is to listen to voices around and, you know, do whatever we can to support.

Adam Peake: Thank you very much, everybody, for your time. this afternoon. We mentioned there is a workshop tomorrow afternoon around the issues of multilingualism, IDNs, universal acceptance, so please look at the schedule for a workshop number 150. Want to thank particularly online Lucky and Christy. Lucky for the challenges you’re facing across the region and also solutions and issues that are very relevant to the whole of WSIS and not just discussions with an ICANN community, so very relevant. To Jen for just being very kind and helpful throughout and providing a lot of useful information, particularly at the beginning while I was running around there. Thank you, incredibly kind. And Sajid for the default nine scenarios and ideas. Ram, I like lowercase innovation and the importance of language, so I think it’s been very helpful and very grateful to all of you for being here and to our speakers. So thank you. The end. Bye. Thank you. Thank you.

Agreement Points

Importance of linguistic diversity in new gTLDs

Ram Mohan

Jennifer Chung

Sajid Rahman

Need for linguistic diversity and local content to drive adoption

Opportunity to serve underrepresented languages and scripts

Focus on linguistic diversity and internationalized domain names

Speakers agreed on the critical importance of linguistic diversity in new gTLDs to foster digital inclusion and better serve diverse communities.

Need for realistic expectations about gTLD success

Ram Mohan

Sajid Rahman

Need to allow for some gTLDs to fail as part of market forces

Realistic expectations about success rates and market demand

Speakers emphasized the importance of accepting that some gTLDs will fail due to market forces and that success should not be expected for all new gTLDs.

Importance of applicant support for underserved regions

Christy Buckley

Jennifer Chung

Rebecca McGilley

Importance of applicant support program for underserved regions

Enhanced applicant support program targeting underserved regions

Need to balance support with eventual independence for new gTLDs

Speakers agreed on the significance of the Applicant Support Program in fostering participation from underserved regions while emphasizing the need for eventual independence.

Similar Viewpoints

Both speakers highlighted the challenges of launching and sustaining new gTLDs, emphasizing the high costs and long-term investment required, even in developed markets.

Lucky Masilela

Nick Wendman-Smith

Limited success of African gTLDs due to market conditions

High costs and long-term investment required even for developed markets

Both speakers argued for a more nuanced understanding of success for new gTLDs, beyond just the number of registrations, considering factors like community needs and regional differences.

Ram Mohan

Jennifer Chung

Success should not be measured solely by number of registrations

Success can mean different things for different regions/communities

Unexpected Consensus

Acceptance of gTLD failures as part of the process

Ram Mohan

Sajid Rahman

Need to allow for some gTLDs to fail as part of market forces

Realistic expectations about success rates and market demand

Despite coming from different perspectives, both speakers unexpectedly agreed on the need to accept that some gTLDs will fail, viewing it as a natural part of market dynamics rather than a policy failure.

Overall Assessment

Summary

The main areas of agreement included the importance of linguistic diversity in new gTLDs, the need for realistic expectations about gTLD success, and the significance of applicant support for underserved regions. There was also consensus on the challenges of launching and sustaining new gTLDs, and the need for a nuanced understanding of success beyond registration numbers.

Consensus level

Moderate consensus was observed among speakers on key issues. While there were differences in perspectives, particularly regarding the definition of success and the approach to market challenges, there was general agreement on the importance of inclusivity, linguistic diversity, and the need for support in underserved regions. This level of consensus suggests a shared understanding of the complexities involved in expanding the gTLD space and the need for balanced approaches that consider both market realities and inclusivity goals.

Different Viewpoints

Measuring success of new gTLDs

Ram Mohan

Lucky Masilela

Success should not be measured solely by number of registrations

Importance of sustainable business models over time

Ram Mohan argues against using the number of domain registrations as the sole metric for success, emphasizing innovation and community needs. Lucky Masilela, while acknowledging other factors, stresses the importance of registration numbers for achieving scale and enabling innovation, especially in price-sensitive markets.

Expectations for gTLD success rates

Ram Mohan

Kristy Buckley

Need to allow for some gTLDs to fail as part of market forces

Importance of applicant support program for underserved regions

Ram Mohan argues for realistic expectations about gTLD success rates, suggesting that some failure should be expected as part of normal market forces. Christy Buckley, while not directly contradicting this, emphasizes the importance of support programs to foster broader participation and success in underserved regions.

Unexpected Differences

Overall Assessment

summary

The main areas of disagreement revolve around how to measure the success of new gTLDs, the balance between market forces and support for underserved regions, and the expectations for gTLD success rates.

difference_level

The level of disagreement among the speakers is moderate. While there are differing perspectives on certain issues, there is also a significant amount of common ground, particularly in recognizing the importance of linguistic diversity, supporting underserved regions, and acknowledging the complexities of the gTLD market. These differences in perspective contribute to a richer discussion and highlight the multifaceted nature of the challenges and opportunities in expanding the gTLD space. The implications of these disagreements suggest that a balanced approach, taking into account various stakeholder perspectives, will be crucial in shaping the future of the gTLD program.

Partial Agreements

All speakers agree on the importance of considering regional and community-specific factors in defining success for new gTLDs. However, they differ in their emphasis: Lucky Masilela focuses on sustainable business models, Jennifer Chung highlights the need for diverse metrics beyond registration numbers, and Ram Mohan stresses the importance of realistic market expectations.

Lucky Masilela

Jennifer Chung

Ram Mohan

Success can mean different things for different regions/communities

Need for linguistic diversity and local content to drive adoption

Realistic expectations about success rates and market demand

Similar Viewpoints

Both speakers highlighted the challenges of launching and sustaining new gTLDs, emphasizing the high costs and long-term investment required, even in developed markets.

Lucky Masilela

Nick Wenban-Smith

Limited success of African gTLDs due to market conditions

High costs and long-term investment required even for developed markets

Both speakers argued for a more nuanced understanding of success for new gTLDs, beyond just the number of registrations, considering factors like community needs and regional differences.

Ram Mohan

Jennifer Chung

Success should not be measured solely by number of registrations

Success can mean different things for different regions/communities

Key Takeaways

New gTLDs face significant challenges in underserved regions like Africa due to market conditions and high costs

Linguistic diversity and local content are crucial for driving adoption of new gTLDs

Success of new gTLDs should not be measured solely by number of registrations

The next round of new gTLDs should focus on fostering innovation and inclusion, particularly for underserved regions and languages

Realistic expectations are needed about success rates and market demand for new gTLDs

Resolutions and Action Items

Enhance the applicant support program to better target and assist applicants from underserved regions

Focus on promoting internationalized domain names and linguistic diversity in the next round

Provide more comprehensive, long-term support to help new gTLDs become sustainable

Unresolved Issues

How to define and measure success for new gTLDs, especially those serving niche communities

How to balance providing support for new gTLDs with encouraging their eventual independence

How to address the high costs and long-term investment required for new gTLDs, even in developed markets

Suggested Compromises

Accept that some new gTLDs will fail as part of normal market forces, while still providing support to increase chances of success

Consider alternative business models for new gTLDs, such as the city/municipality sponsorship model suggested by Lucky Masilela

Often the success of programs is only seen years out. And in the meanwhile, you have many prognosticators who pre-decide and who say that a program has failed or has succeeded based on conventional metrics. Metrics, for example, in the domain name industry, such as how many domains have been registered.

speaker

Ram Mohan

reason

This comment challenges the conventional way of measuring success in the domain name industry, introducing the concept of ‘lowercase i’ innovation.

impact

It shifted the discussion from focusing solely on registration numbers to considering other forms of innovation and success in the domain space.

There has to be linguistic diversity as a core outreach goal, as a core model for a definition of success. It’s not the only determinant of success, but it ought to be a significant factor and a significant metric that you measure, because the world that we know is not a world of English and Spanish and Chinese and Arabic.

speaker

Ram Mohan

reason

This comment highlights the critical importance of linguistic diversity in achieving true digital inclusion.

impact

It broadened the conversation to include the need for multilingual approaches in domain names and internet governance.

Banks, for a very long time, have been excluding a lot of the citizens across the continent. And one mobile operator realized that we have a lot of people who are not banked. And we can use our platform, our mobile platform, to make sure that people are not banked. people have access to cash, access to money, or they can use this tool, this mobile phone, to make payments and transact, buy tomatoes, pay for the piki-piki or that taxi in town. And that brought in M-Pesa.

speaker

Lucky Masilela

reason

This comment provides a concrete example of innovation that addressed a specific need in underserved markets, relating it back to the domain name discussion.

impact

It encouraged participants to think more broadly about innovation and inclusion, considering solutions that may be outside traditional domain name approaches.

Success for ICANN in this next round perhaps should include some estimation of the number of TLDs that will not succeed, because that is the market reality. And we really, I think, are doing a lot of work to make sure that we’re not just doing this for all of us a disservice by going into this with an idea that 100% success rate or else.

speaker

Ram Mohan

reason

This comment introduces a realistic perspective on success rates, challenging the notion that all new TLDs must succeed.

impact

It prompted a more nuanced discussion about expectations and metrics for success in the next round of TLDs.

Overall Assessment

These key comments shaped the discussion by broadening the perspective on what constitutes success in the domain name industry. They moved the conversation beyond simple metrics like registration numbers to consider linguistic diversity, innovative solutions for underserved markets, and realistic expectations for success rates. This led to a more nuanced and comprehensive dialogue about digital inclusion and the role of new TLDs in fostering innovation and addressing global needs.

How can we address the low number of domain name registrations in Africa (only 3.5 million for a continent of 1.4 billion people)?

speaker

Lucky Masilela

explanation

This highlights a significant gap in digital inclusion and domain name adoption in Africa, which needs to be investigated to improve participation.

How can we create enabling mechanisms for the next round of gTLDs to increase participation from the Global South, particularly Africa?

speaker

Lucky Masilela

explanation

This is crucial for ensuring more diverse and inclusive participation in the next round of gTLD applications.

How can we address the issue of CCTLDs still being administered outside the African continent?

speaker

Lucky Masilela

explanation

This impacts digital sovereignty and local control over internet infrastructure in Africa.

How can we make the Registry Service Provider (RSP) evaluation process more accessible to providers from the Global South?

speaker

Lucky Masilela

explanation

The current high costs ($90,000) for RSP evaluation may marginalize service providers from developing countries.

How can we improve the success rate of new gTLDs, particularly those from Africa?

speaker

Paulus Nirenda

explanation

Understanding the factors behind the limited success of some new gTLDs is important for improving future rounds.

How can we increase the amount of African content (currently less than 15%) available on the internet?

speaker

Lucky Masilela

explanation

This is critical for improving digital inclusion and making the internet more relevant for African users.

How can we develop more price-sensitive domain name offerings for the African market?

speaker

Lucky Masilela

explanation

Affordability is a key factor in increasing domain name adoption in developing markets.

How can we better support applicants throughout the entire lifecycle of launching and operating a new gTLD?

speaker

Nick Wendman-Smith

explanation

Even for well-resourced applicants, the process of launching and sustaining a new gTLD is complex and requires long-term support.

How can we realistically assess and prepare for the potential failure rate of new gTLDs in the next round?

speaker

Ram Mohan

explanation

Understanding that not all new gTLDs will succeed is important for setting realistic expectations and planning appropriate support mechanisms.

Summary

This workshop focused on innovative approaches to teaching AI fairness and governance, emphasizing the use of serious games and project-based learning. The speakers discussed the importance of making AI education more inclusive and accessible across diverse educational systems globally.

Tayma Abdalhadi highlighted the need for interdisciplinary approaches to AI education and the importance of empowering users through effective feedback loops. Ayaz Karimov introduced the concept of serious games, explaining their effectiveness in teaching complex subjects like AI. He demonstrated this with an example of a cybersecurity game called “Duck Code.”

Melissa El Feghali discussed the benefits of project-based learning in non-formal educational settings, emphasizing its flexibility and potential for community engagement. The speakers addressed challenges in implementing these methods, including issues of access to resources and expertise.

The discussion touched on the importance of cultural adaptability in AI education methods and strategies for measuring the effectiveness of interactive tools. The speakers also addressed concerns about screen time and the responsible use of AI tools like ChatGPT in educational settings.

Key recommendations included focusing on grassroots efforts, creating flexible learning frameworks, and promoting AI literacy. The speakers emphasized the need for contextualization in educational games and the importance of teaching critical thinking skills when using AI tools.

The workshop concluded with a call for educators to adapt their teaching methods to incorporate AI tools effectively, encouraging students to use these technologies as aids for creativity and critical thinking rather than as substitutes for original work.

Keypoints

Major discussion points:

– Using games and gamification to teach AI fairness and governance concepts

– The importance of project-based learning and non-formal education settings for teaching AI topics

– Strategies for making AI education culturally adaptable and accessible globally

– Challenges in implementing AI education initiatives, including access to resources and expertise

– Concerns about screen time and responsible use of AI tools like ChatGPT by students

Overall purpose:

The goal of this discussion was to explore innovative approaches for teaching AI fairness and governance, with a focus on interactive and engaging methods like serious games and project-based learning that can be implemented in diverse educational contexts.

Speakers

– Raneem Zaitoun, Workshop moderator

– Tayma Abdalhadi, Research Analyst on Human-Centered Technology, UN Regional Youth Advisory Group

– Ayaz Karimov, Researcher in Gamification and AI Education, Head of Product, Swiss Cyber Institute

– Melissa El Feghali, Youth Representative, World Organization of the Scout Movement (WOSM)

Innovative Approaches to Teaching AI Fairness and Governance

This hybrid workshop, featuring both in-person and online participants, explored innovative methods for teaching AI fairness and governance. The discussion focused on interactive and engaging approaches that can be implemented across diverse educational contexts globally, featuring insights from experts in human-centered technology, gamification, and youth education.

Speakers and Their Presentations

1. Ayaz Karimov – Researcher in gamification and AI education, Head of Product at Swiss Cyber Institute

Karimov introduced the concept of serious games as an effective tool for teaching complex subjects like AI. He distinguished serious games from regular games, explaining that while regular games are played for entertainment, serious games have specific educational goals. Karimov demonstrated this approach with an example of a cybersecurity game called “Duck Code,” which was played at the Global Cyber Conference in Switzerland. He highlighted key elements of effective educational games, including narrative, progressive difficulty, realistic scenarios, and clear objectives.

2. Tayma Abdalhadi – Research Analyst on Human-Centered Technology, UN Regional Youth Advisory Group

Abdalhadi emphasized the importance of an interdisciplinary approach to AI education, involving both technical and non-technical perspectives to provide a comprehensive understanding of AI concepts. She discussed the dynamic relationship between users and AI technology, highlighting issues of algorithmic bias and the importance of empowering users through effective feedback loops. Abdalhadi stressed the need for cultural adaptability in AI education methods, adapting learning materials to local realities and cultural contexts.

3. Melissa El Feghali – Youth representative at the World’s Organization for the Scouts Movement

El Feghali advocated for project-based learning in non-formal settings, allowing for more flexible and inclusive learning environments. She emphasized how this approach breaks down barriers of participation for youth, fosters collaborative learning, and enables real-world customization. El Feghali noted that the impact of project-based learning extends beyond the immediate activity, creating a “ripple effect” that continues to influence learners and their communities.

Key Themes and Approaches

1. Interdisciplinary and Inclusive Education

2. Serious Games and Gamification

3. Project-Based Learning

4. Cultural Adaptability and Contextualisation

Challenges and Concerns (from Q&A)

1. Screen Time Management: Karimov raised concerns about managing screen time, particularly for younger learners. He introduced the concept of ‘cyber disease’ and emphasized the importance of limiting screen time. El Feghali suggested that many educational games could be designed without requiring screen time at all.

2. Access to Resources and Expertise: El Feghali highlighted the lack of access to digital tools and expertise as a significant barrier to AI education in many contexts.

3. Responsible Use of AI Tools: The speakers addressed challenges posed by AI tools like ChatGPT in educational settings, particularly concerns about cheating. Abdalhadi emphasized the need to teach critical thinking skills when using AI tools, encouraging students to compare information from multiple sources and understand that AI outputs are not always entirely accurate.

4. Contextualizing Project-Based Learning: El Feghali discussed the importance of adapting project-based learning to local contexts and resources, emphasizing flexibility and creativity in implementation.

Recommendations and Future Directions

1. Focus on Grassroots Efforts: Emphasize local initiatives and community engagement in AI education.

2. Create Flexible Learning Frameworks: Develop adaptable educational approaches that can be tailored to different contexts and learning styles.

3. Promote AI Literacy: Karimov stressed the importance of understanding AI concepts, including technical aspects like hallucination in language models.

4. Adapt Educational Goals: Abdalhadi suggested reframing educational objectives to focus on critical thinking and creativity rather than just content production when using AI tools.

5. Implement Feedback Loops: Ensure that users of AI technology have opportunities to provide input and shape the development of AI systems.

6. Encourage Collaborative Learning: El Feghali emphasized the value of peer-to-peer learning and community engagement in non-formal educational settings.

Conclusion

The workshop concluded with a call for educators to adapt their teaching methods to incorporate AI tools effectively. The speakers highlighted the potential of serious games, project-based learning, and culturally adaptive approaches in making AI education more accessible and engaging. They emphasized the need for ongoing research into the effectiveness of these methods and the importance of developing AI literacy across different age groups and contexts.

The discussion revealed diverse perspectives on implementing innovative approaches to AI education, with speakers offering complementary strategies to address the challenges of teaching AI fairness and governance in a rapidly evolving technological landscape. At the end of the workshop, participants were provided with a digital handbook and additional resources to support their efforts in AI education.

Raneem Zaitoun: Hello. Thank you so much for joining us in person and online and welcome to the workshop. So workshop 232 and innovative approaches to AI teaching and fairness. A little bit more about our session today. So we will be exploring innovative methods to teach AI fairness and governance and this workshop will combine some expert insights, interactive sessions, example games, as well as policy discussions to foster inclusive and impactful discussions around education. So if you please move on to the next slide. Perfect. So let me introduce to you our speakers for today. We have over here Ayaz Karimov. He is a researcher in gamification and AI education and also a head of product at Swiss Cyber Institute. We also have our online speaker Tayma Abdelhadi. She’s a research analyst with a focus on human-centered technology. She’s a United Nations Regional Youth Board member as well and over here we also have Farhadi. She is a global youth representative at the World’s Organization for the Scouts Movement. All right. Next slide please. So for our workshop agenda today we will be delving into serious games and how we can use serious games for AI education and teaching AI fairness. We will then discuss policy questions on inclusivity, frameworks and the like. We’ll delve into an example game session for you and we’ll be talking about project-based training for practical learning as well. we’ll finish it off with a Q&A session where you can ask questions to any of our speakers, and we will also be asking questions to the speakers itself. And so without further ado, I think we are going to get started with the objectives of this session. If possible, could you please move to the next slide? Next slide, please. Yes, awesome. So some of the objectives for this session will be exploring AI fairness principles, discussing some frameworks around governance and AI, and introducing innovative teaching methodologies to enhance understanding. As this is a hybrid setup, we are looking to have our online participants ask questions through the Zoom itself and interact online, and all of the in-person attendees, please save your questions for later during the Q&A session, and we’ll have an interactive segment later on. Can we please move on to the next slide? And the next one, please. All right, perfect. So I’m going to get started with our online speaker, Tayma Abdelhadi. Tayma, if you could get started for us. So I’ll pass it off to her. Hello, everyone. Hello, Tayma. We can all hear you. Go ahead.

Tayma Abdalhadi: Thank you so much for this introduction, and thank you so much for this very, very important topic and session today. I’ll be the introduction for this session, and I’ll start from the fairness topic. And I think this is important because we have been pretty much inclusive in discussing policies and discussing how can we make this more fit with the human rights sector, but we are not inclusive when it comes to technology. Oftentimes, we keep the information and discussions regarding to how we shape the AI to the technical people, and I think that’s very, very wrong because it’s pretty much an interdisciplinary field right now. What I mean that it’s a dynamic relationship between the users of this technology and the technology itself. When we use the AI model, we shape it by the information we give it, but it also shapes our understanding of the topics that we give it and ask it about. That means it’s no longer just an input-output aesthetic output situation. It’s a dynamic situation, and if we do not empower the users by knowledge and by feedback loops, we will have a pretty skewed AI model, or we will have frustrated users. This leads to multiple problems. The first one is when you’re focusing on algorithms themselves, we can have bias. This bias can be eliminated in two ways. The first way is by the makers themselves who are our students, our future makers of technology. If we manage to install those concepts of fairness and how can we think about the human that we’re making the technology to as the code is being automated and we’re allowed more time and space to think critically and imagine scenarios, then we can mitigate or at some point create safeguard methodologies to protect the users against algorithmic bias. The second part is the users themselves. If we empower users through an effective feedback loop, that means we can officially install and mitigate further damage by the bias that’s held. happening. I’m totally against a concept that was installed traditionally, which is if the product is wrong, then we retrieve it, we fix it, and then we send it back. But right now, we don’t have that luxury because you simply don’t have any competitive context as a user. If you use, for example, ChatGPT and it gives you an answer, then you assume that’s the full truth answer, unless you take it and then you spread it on Reddit, like, for example, the David Mayer case, where some users raise concerns that we do not get any information if we ask it about certain names. It could be a privacy tactic. It could be a censorship tactic. But we don’t have enough transparency from the AI model that tells us what is exactly happening. And the most dangerous thing is when it only gives us a little bit of information and we think that’s all information available. One example that this could be dangerous in is when a political, when you ask it about a political figure and it gives you all the great, nice stuff that it did, but then it does not give you the part where you might think badly of them. This can be used. This can abuse the Privacy Act, for example, in the EU. And it can allow certain information to go through AI models and certain information not. While the user thinks this is the full truth and this is an unbiased opinion. This is also in the perfect cases. But we don’t also talk about the unintended cases that AI might be used in. One of my colleagues is in Africa and they say that sometimes when the teachers in elementary school have internet, they try to get pictures online to show their students about animals, about other countries. And the only truth they know is that static pictures. So imagine those communities being a target to a misinformation campaign where you have AI generated images. How can you explain? this audience that only knew the truth through static images because they don’t have enough access to internet, that there is something called AI generation and these images need to be fact-checked. I believe this is very, very important. I think role scenario playing and serious games and education is not just for computer science students or people in that disciplinary, but it’s also a part, it should be a part of the policies of companies who are deploying this technology as a way to humanize and to imagine further scenarios of how the technology is being used in this speedy, extremely fast-moving world. We need to think for two minutes and say, okay, if I deploy this tomorrow, what might the impact be? And who do I need to measure and imagine that impact? And the second question is more important. And I believe this is one of the key messages that we’re here to deploy. And this is part of conferences like this, where we bring diverse people and have messages discussed and see other aspects too.

Raneem Zaitoun: All right. Thank you so much, Tayma. If we could go back one slide, please. All right. So now I’ll pass it off to Ayaz to speak a little bit more about the use of serious games for teaching AI fairness. Yes.

Ayaz Karimov: Yeah. I can hear myself. So it means actually you can also hear me. Today, I will talk a little bit about the serious games and I will also show you one game that I made and we played last month in Switzerland at Global Cyber Conference. So it could be good examples of actually how we use the game there to teach the cyber security or cyber literacy. But before I start talking about everything, let’s talk about the games and the serious games like that. Maybe it’s the first time even you heard about this term serious games. The main difference between the game and the serious game is that actually when you play the game, you just play for the sake of, like, getting entertained, just to achieve something. But in the case of the serious games, you totally have totally different ultimate goal. For example, let’s say, actually, if your game is about health, let’s say, then your ultimate goal is to get healthier. If the game is about education, then your ultimate goal is to learn something or to teach something in a very, very good way. So you don’t care, actually, if you get entertained or not, but your first goal is totally different thing. But of course, then it comes to entertainment, the other stuff. So the main difference between the serious games and the games is that actually you have the one goal, and beyond this goal, you also have some kind of things to achieve, let’s say. I also did the research about the serious games, whether they really help the learner to achieve something or not. But I also put another research that was carried by other co-researchers about the serious games and their effectiveness. And the research shows that actually when you use the games, it generally positively impacts the motivation, engagement, and academic outcome. So in the general case, actually, you will have very, very good results from the games. But having said this, I also want to say that actually not all games are good for everyone. So hereby, we need to highlight the importance of personalized learning. But as I mentioned, in most of the cases, the serious games are considered as a very, very efficient tool to teach hard topics, something like AI or, let’s say, the STEM subjects. And why these games are good, another perspective is that most of the games are simulation-based. So even if you play the board game or, let’s say, if you play the other strategy games, in most of the cases, you get the simulation from the real life. So while you play the game, maybe your brain doesn’t understand, actually, what’s happening there. But actually, you learn something there which can be implemented in the daily life. in the real life as well. So that’s very, very strong tool actually nowadays. And I also put in the last bullet point, I put some types of the game, but today I will particularly talk about the puzzle game, which is very, very good way of this puzzle game is the escape room game. And what happens there is that actually you have the challenge in the game and you try to do some kind of actions. You try to solve this challenge. And once you solve this, then you move to another level and another level and you just try to escape the room, let’s say. If you can go to the next slide, please.

Raneem Zaitoun: And next one, please. So we cannot see the slides, like if you’re sharing them because we cannot see them. Sorry, everyone, a bit of a technical issue. All right, while we work on that, I could get started.

Ayaz Karimov: I will just briefly talk about this game. I will stand up because I also put some games from this games that I prepared with one game designer from Portugal. And the game’s name is the Duck Code. And the idea is that actually, if you can go to the next slide, please. So the idea is that actually we have a hacker and the hacker did the hacking in the four cities previously in Europe. So the story starts with like that. And then it’s the one hotel in Zurich. And the idea is that the fifth attack was going to happen or is going to happen in this hotel room. And the players are put in this hotel room and they try to make sure that actually they find some kind of clues so that they can stop this hacking. So the narration of the narrative of the game works like this. And it’s pretty much simple clues. So we didn’t use actually anything hard because the idea was that actually, if you put here like some kind of coding challenge or something like this, not everyone is going to. solve this. So we had really, really simple clues, which also helped them to learn some kind of cyber literacy, but at the same time, really get entertained. Can we go to the next slide, please? Yes. So again, we had the four hacks happened, and the next one is going to happen in Zurich. And our hacker left some of his belongings in this room. And in this, I will show you some of these items in the room so that you can understand what kind of belongings we are talking about, and why even we use these belongings in the game, because I guess that’s a very important point to highlight. If you go to the next slide, please. So now in the next slide, I will talk about six different things to you. So if you want to use the game, or if you want to create your own game, then you can just take a note, or I don’t know, just keep in your mind that actually, those are the most efficient, or those are the main techniques that actually you need to implement. So here, our question is that what you can do as a professional to make sure that the game is engaging, and it really teaches something. If you can go to the next slide, please. So the first one is the narrative. When I start introducing the game, if you remember, I started directly talking about some kind of background information, right? Like the hacking happened in some countries, it came to the Zurich, and actually, we had the one game master. Basically, this is the person who was leading the game. The game master was pretending to be the detective in the game. So he was in the same room with our players, and he was showing some kind of things, and he was just trying to pretend that actually he is also trying to solve this with them. So the first rule is that actually, you really need to have the good narration in the game. If you don’t have the narration, it generally fails, actually. Can we go to the next slide, please? This progressive difficulty, what does it mean, actually? In the first clue, let’s say that in your game, if you have the three or four clues, you always should start with the basic one. And if you use the basic, basic, basic, basic, then most of the time, actually, your game fails again. So the idea here in this game techniques is that you always have the level one, let’s say difficulty one. In the level two, you have at least a little bit more difficulty. If you don’t have the more difficulty, then it’s also another problem. And in our case, we also implement the same thing. And here, maybe it’s also good to mention, especially you don’t have to have so many challenges in one game. We had only two challenge, actually. We just had the one basic and one very, very hard one. Can we go to the next one, please? And the realistic scenario. So here, we bought a pot from the shopping. And what we did is actually we broke this pot in the room. And why did we do this is actually, normally, if you run away from there, highly possible is that actually you crash something and something fall down, right? And in the game, we did these things a lot. Like we just threw away some books, some glasses fall down, and that there was some juice on the floor. These kind of things, actually. When you have these really realistic things that actually happen, or some kind of actions in the game, the most players actually really, really like it. You can also integrate this kind of realistic things in the game as well. For example, in our case, we were using the pieces of the pot here, just pieces of the pot to create some kind of challenge for the players. So that’s why we didn’t only create this realistic scenario, but also use them as part of the challenge. Can we go to the next slide, please? The clear objective. So when you play the game, at least I guess it’s the core of all the learning activities, not only the serious games, but it’s pretty much important in the games as well. So basically, when you have the game, you cannot tell the players that you will win when you escape the room, right? It’s not that pretty much objective. You have to be clear. that actually what are the exact things that actually they need to do. For example in our narration we started by saying that you will have the two clues and that one the first part is there and the second part is there so they had the clear goals or clear objectives actually what they are going to do. By the way in this game just since this is in the picture I also want to say is actually we use exact documents that we try to find from the public resources as a crime office so we really pretend like it’s the real document from the crime office that’s why it has too much detail there. Can we go to the next one please? Yes and now actually my colleague Melissa is going to talk about the project.

Raneem Zaitoun: Yes so now we’ll pass it off to Melissa to talk about project-based training for practical learning.

Melissa El Feghali: Hi everyone so we’ve seen through the interactive example that Ayaz gave us how we can transform very abstract ideas such as AI fairness into tangible and engaging ones but the idea is how do we scale these approaches and how do we use project-based learning how do we use it to transform these experiences into sustainable and teaching methods and impactful methods that we can use in that are non-formal such as scout groups, community spaces, youth movements etc. So I’m going to talk about three things the first answer is why use gamification for project-based learning so gamification that uses games challenges and simulation is a natural fit for project-based learning but why because first of all it encourages active problem-solving and critical thinking but also it creates a very flexible environment to learn. So it makes learning accessible, because usually we’re used to traditional curricula where we have to follow it. But in these examples, we have the flexibility to experiment around in the places that are doing these games. And also, it builds engagement through clear objective, realistic scenarios, and the progressive difficulty that Ayaz talked about previously. The second question that you might ask is, why use these settings, and why do these settings work? So non-formal educational environments, such as scout groups, youth clubs, and community spaces are ideal for project-based learning, because they break down the barriers of participation for youth. So we have more flexibility to experiment, as I said, and we don’t have the barriers of who has access in terms of financials to access these places or not. And it fosters collaborative learning, where people work in groups, and they learn about empathy, and they build collectively ownership over the solutions that they come up with. And finally, it enables real-world customization. So youth can adapt challenges to local contexts. So they can adapt the game, for example, to local AI fairness issues, such as accessibility to schools or the technological resources that are available or not. The third thing I want to talk about is impact. So how do we scale the impact? Project-based learning doesn’t just stop when the activity ends. It creates a kind of ripple effect that goes on. So if, for example, someone in a scout group creates an AI challenge game about AI fairness, they can take this game to another scout group, to another school, to another youth club. And so from one idea, you can generate multiple ideas, and it creates this ripple effect, because participants gain ownership of the game that they’ve created. it can be adapted to multiple communities. So it’s not just like a fixed game that I’ve created and it only works within their context. So I just want to say that project-based learning supported by gamification empowers communities to democratize access to AI fairness and AI fairness education. So by integrating clear objectives, by creating realistic scenarios, by doing this progressive difficulty, a way of learning stuff, we can bridge the global concepts that are sometimes very complex and that we’re not able to break down, such as AI fairness, to local context and lived realities and we can make learning more inclusive, engaging and scalable. So one last thought to leave you with is think about the communities that you live in, think about the youth that are around you within these community spaces and how can you use project-based learning methods to introduce them to topics such as AI fairness and ensure that the message scales beyond just the session that you’re giving or the room that you’re in. Thank you.

Raneem Zaitoun: Okay, great. Can we move on to the next slide, please? Thank you, Melissa. All right, so now we’re launching into a Q&A panel discussion. We’ll start off with a couple of questions we have from our end then I’ll open up the floor to any questions that the audience may have. So I will start off with our online speaker, Tayma. So Tayma, my question for you is how can we ensure that the methods used to teach AI fairness and governance are culturally adaptable and accessible across diverse education systems globally?

Tayma Abdalhadi: I think this has two main factors that we need to take in mind. The first one is grassroots effort. It’s really damaging that technology comes from top to bottom when we go from a global scale to local communities because no matter how we try to understand the context we can never get it as the person who’s living there. And luckily, because the technology is such spreading worldwide, we can always find individuals within those communities who understand the local reality but also has the enough qualifications or at least the ability to connect with those global entities and then get them to speak to the local entities’ circumstances. Whether it was internet access, any cultural difference, it could be the simple story I told you about in classrooms where you don’t have much access to internet or materials. And if reached to the right person, it could impact a change in the technology itself. The second thing, as I always say, it’s the feedback loop. We can’t always say that when we put this little button that says feedback or support, that it’s enough motive or it’s suitable for everyone to report through it. We need to go and see what actually motivates people to make an impact and to deliver their voices. And most importantly, how can we make sure that those voices that have been delivered are actually getting the counterfeedback they deserve? So if I tell one company that their videos do not have enough markdown and they look too realistic and could be used in misinformation, and then I don’t see any impact, it will disencourage me to provide feedback again. And that will create frustrated users from one end, but also a broken loop of understanding and feedback from the other. So it’s mainly grassroot work. It’s empowering individuals and making their voices heard by updates, by working within the community to provide solutions that work for them.

Raneem Zaitoun: So I will now pass off the next question for you. What strategies would you recommend for measuring the effectiveness of interactive tools such as simulations or serious games and teaching complex concepts like algorithmic fairness?

Ayaz Karimov: I guess we already discussed about how games are good for this teaching, especially hard subjects. There has been other research actually why people are using the games. And actually one of the reasons actually, for example, if you want to teach biology or physics, it’s very, very hard subject to teach. So that’s why they were just trying to find some ways, and one of these ways is serious games. But I guess the question here maybe we need to ask is that what type of game I need to use? Because, for example, if I am a teacher, the first question that comes to my mind is that actually there are dozens of games, like the board games, simulation games, strategy games, like that. Which one to use in my classroom? And actually, the best way is to do this. Actually, you do some test iterations that actually one day you start with the board game. In the second day, you play the strategy game. In the third game, you play the puzzle game. And you just try to see actually which one is the best for your entire classroom, because I guess that was the best strategy to do. And that was the one thing actually we did with one biology teacher in our research. So I would say actually testing different games and trying to see actually which one is much more impactful, at least from the eyes of the teacher.

Raneem Zaitoun: Perfect. Thank you so much. Our next question goes to Melissa. So, Melissa, my question for you. What are the key challenges youth groups may face in implementing project-based training, learning for AI governance? And how can policymakers support these initiatives?

Melissa El Feghali: Okay. I’m going to talk about one challenge that I think is essential. It affects a lot of other things, and it’s access. It’s lack of access. Access in terms of resources, but also in terms of expertise. So a lot of youth movements lack the expertise in terms of mentorship, but also in terms of the technology that is being used or the tools that are provided to them. So three things that I think are very important to policymakers to take into consideration. The first thing is, of course, investing in infrastructure to have better access to digital tools, and also to digital literacy programs. The second thing is to create partnerships. Create partnerships not just between governments and private sectors, but also between the civil society sector. And in that way, there’s bigger room to share expertise from both sides. Third thing that is the most important is to support the flexible learning networks or frameworks that are available out there. So, when you give flexibility to the participants or to the people creating these initiatives, you have more room to experiment, to fail and then to build upon it. And this is a very important concept when it comes to project-based learning and the whole process that is used. So, if these three conditions are met, then for sure the challenges would be less challenging, let’s say, for the people who are trying to do this. And youth will be empowered in that way to have to not just learn about this concept but also be part of the solutions that are being created and have it be more flexible in terms of contextualization and the communities that they live in and that way it’s more relatable to them. Thank you.

Raneem Zaitoun: All right. Thank you so much for that, Melissa. Now, I will open up the floor to the audience if anyone has any questions to ask our wonderful speakers. Online as well. So, both online and on-site. Gulcan, if you have any questions through the Zoom Q&A, please let us know and we’d be happy to answer any of the questions as well. All right. Go ahead. All right. I’ll come up to you and give you the mic. Sorry. Excuse me.

Audience: Thank you. Thank you very much. Thank you very much for the speakers, for the great information. I have just only one question, which is related to the screen time and how we can control, knowing that these tools is really very beneficial and with a very good intention to improve and develop, how we can manage the screen time and maybe the impact of the screen time or the access of screen time. Thank you.

Raneem Zaitoun: Should I? Yes.

Ayaz Karimov: if whoever wants to go. Yes, very, very, very good question. Actually, it has a name in the academia as well. It’s called like the cyber disease like that. It’s not only when you watch the screen too much or when you use the VR or AR, your brain like the loses itself. And if you like to watch your phone too much, your head is going to ache too much. And that’s why it’s called like the cyber disease. That’s very good point. I know some information is actually what could help for this, but actually it is still very, very huge problems, particularly for this immersive technologies, because everyone is talking about this technologies, but when it comes to using them, actually, it’s very challenging because not anyone can use this for a longer time. So normally it depends on the learner’s age or a little bit more detailed, of course, is needed to say something exactly. But normally, at least from the one of the research that actually I did, if the children’s age is between the eight to 12, then the normal playing time for the educational games should be maximum 40 minutes. So it’s considered like the one lesson per day, it’s enough. Normally one lesson is approximately 40 minutes in the countries that actually I live in. So it’s 40 minutes is acceptable. But of course, if you get tired, I know that actually you get to play with more fun and there are also other dimensions as well. For example, are you using this time only to play some games? Because also some games are designed in a ways that actually it doesn’t impact you that much. So actually you don’t have to really make your eyes tired. So it really depends on the game. But most of the time, the shortest answer is 40 minutes if the children’s age is up to 12.

Melissa El Feghali: I can add to that on what Ayaz said. It really depends on the game. that you’re aiming for. A lot of the games that can be created don’t even need to use screen or have screen time. And this is exactly one of the points we talked about the flexibility of these kinds of settings. You can do a whole game about AI fairness and education and outdoor settings where you wouldn’t even need any screen or screen time and you can relay the message in a creative way. So I think it really depends on the game, how you want to design it, what’s the context you’re in and what are the resources provided as well.

Raneem Zaitoun: Thank you. Tayma, is there anything to add?

Tayma Abdalhadi: I would echo what Melissa said on the flexibility of hybrid games, especially for children. And I think that’s a very important topic because oftentimes we focus on the digital solution staying in a digital world where we miss the core idea that it depends on logic. And at the end of the day, if you want to humanize something, you don’t need a screen for you to tell you how to humanize it. You just imagine, you use your imagination, use relevant cases and scenarios and that does not necessarily need a screen for you to do.

Raneem Zaitoun: All right. Perfect. Thank you, everyone. Do we have any other questions from the audience? I’m standing up in case I need to hand the mic to anybody. Any other questions? All right. Perfect.

Audience: Yeah. So I think one question or query that I have is when it comes to contextualizing project-based learning or even engaging learning or non-form education, many times what happens is that if you do not bring in or the elements, trying to bring all those elements as it is, like bringing the originality, when you contextualize it, that tends to really degrade the level of engagement or the brightness of that product. So have you any examples of any contextualized project-based learnings or initiatives that really has depicted that originality or has not even degraded with what it is supposed to be? So we’d love to know that. My question is, recently there have been a number of parents and teachers complaining about children using ChatGPT, whether to learn or to do assignments. I’d like to hear your thoughts on that. Do you have any tips on how? how to teach your and use ChatGPT in your own context. Thank you.

Raneem Zaitoun: All right, so I guess if we could tackle maybe each speaker asked answers one question, I think it’s most efficient.

Melissa El Feghali: I can answer the first question. So I have a lot of examples we can even discuss after the session if you’re interested. It really depends on the thing to contextualize. So for example, I was part of a training that teaches about peace education and peace is a very broad subject that can be like perceived in a different way in different contexts. And so this program is done around the world in different schools and in different communities. The idea is you keep the same concept. You can even keep the same game, but you have to change the instructions within the game. So for example, we used to do a game about human rights. Okay. And we have to show the difference between visible and invisible violence, and we show them real life examples. So in every community or country that we go to, we change these examples of scenarios and get scenarios from within the same community or country so that the people so that the children can relate to the stories that they reading. So instead of just saying that bullying happened in a school, we give a specific example about a specific type of thing that is usually mentioned in bullying within that community. So that’s a very small example, but it doesn’t devalue the concept or the idea you’re trying to portray. It makes it even more relatable. So that’s the idea about contextualization. You can have a set of games that you can take around, but you can’t keep it exactly the same. So that’s just a very short example.

Ayaz Karimov: Right. Yeah. And I will take the second question, which was about this. Let’s start from one thing. If you didn’t know, already AI, at least the mother of this boy is saying that. Yeah. Yeah. Yeah. Killed his son. So if you didn’t read the news like in the beginning of the November one one guy did the suicide and that there is still in Investigation, but actually there is very high possibilities that actually it was because of the AI because AI basically was misleading and Again, we can discuss it actually how it happened and why it happened and it happened in the characterized dot AI if you don’t if you know the tool that was that so it’s not the charge of it him. I guess they are even using for other stuff and actually it’s not even the children like that I know pretty much many people that actually they treat you with as a dear Psychologists, which shouldn’t be the case so I guess here the main important thing is that actually this AI literacy come to the stage because when what’s the first education we get in our lives is that in the school at least most of us learn how to read and write and that’s called literacy and then you become a little bit older and older you someone teaches you how to use the computer and that’s called digital. They teach you though how to be safe in the Internet then you learn a little bit cyber literacy and I guess now it’s the time to highlight the importance of that literacy. Actually, many governments are doing some stuff about this, I know that the Netherlands and also in the United Arab Emirates. They have the huge initiative about this a elitist and a particular prompt engineering So that you don’t get to believe that what the AI always tells you but you also have the enough knowledge to understand what’s wrong and what’s not. But it doesn’t and it’s the same thing with the LLM’s this AI tools. They give you the something and they pretends that actually they are telling the truth, but they don’t tell the truth they just hallucinate because it’s just the element they just try to give you some random answer. So the AI literacy basically helps you to not to get to these hallucinations and to make sure that actually you use these things efficiently. So my short answer would be really focus on this AI literacy. And I guess it’s not only for the children. At least I know that half of my friends or people around me, they don’t have the enough AI literacy, I guess, to be able to use these tools.

Raneem Zaitoun: All right. Thank you. Tayma, is there anything to add for any of the questions?

Tayma Abdalhadi: Yes. I want to add something on the second question because I’ve been working a bit with Child Online Safety. And this has been a reoccurring question. And I think this has to do with how we’re approaching AI tools, and especially generative text tools. The first one is, it’s very, very important to make sure that the children know that this is not reality, or at least it’s not the full reality. And this is what I was talking about, about not having comparative contexts. Even us when we’re dealing with chat GPT, when we’re on our own in the chat, we think this is the full truth. And we don’t have any way to compare that or to verify it. So for children, it’s important to be like, okay, this is the answer from one AI model. How about we try other AI models? Or how about we also try humans and ask the teacher or the mother or the sibling? And that way, they are built with a comparative system that they can always verify and check whatever is coming out of the internet, really, not just AI models. This was also a problem with Facebook before AI models came about. It just got upgraded with LLMs. The second part is, what is the goal of the homework? And I think this is a critical problem for all educators. If the goal is just to memorize or just to achieve an essay, then you’re failing as an educator to actually adapt with the technology. And the important thing is that you’re trying to teach your child how to have critical thinking using the LLMs. So instead of being like, okay, instead of writing your homework, how about you ask it what subjects you can write about? And then also make sure they understand that whatever is coming out of this LLM should not be satisfying for them to present on their behalf. That they have this energy and they have this creativity and they have this style in writing that no AI language model can replicate. And no matter how perfect, there’s no such thing as perfect or this perfect answer that we can get from the AI models. It’s the answer that you actually generate using your imagination, your experiences, whatever language that you have. And this should be rewarded, not just the grammatically correct, the perfect language answer. And I think this falls heavily on the educator’s side.

Raneem Zaitoun: All right. Thanks so much, Tayma. Okay. Is there any other questions from the audience? Okay. So I think we are going to wrap it up. Can I please go on to the next slide? All right, everyone. Thank you so much for your time and your attention for this workshop. We have provided actually a digital handbook that you can access. If you could please go on to the next slide. So here are some resources that we’ve included for yourself. You can scan the QR code. You get a digital handbook that way. It has a lot of our key takeaways from this session. And as well as some of the presentation slides. And team contact details. So if you’d like to connect with us through LinkedIn and the like, we have all of that for you. Once again, thank you so much for your time and attention. And it was a pleasure. Thank you. Thank you, everyone.

Agreement Points

Importance of interdisciplinary approach in AI education

Tayma Abdalhadi

Melissa El Feghali

Importance of interdisciplinary approach

Project-based learning in non-formal settings

Both speakers emphasize the need for diverse perspectives and flexible learning environments in AI education, promoting a more comprehensive understanding of AI concepts.

Need for cultural adaptability in AI education

Tayma Abdalhadi

Melissa El Feghali

Cultural adaptability of teaching methods

Contextualization of learning materials

Both speakers stress the importance of adapting AI education methods to different cultural contexts and local realities to ensure relevance and effectiveness.

Importance of critical thinking in AI education

Tayma Abdalhadi

Ayaz Karimov

Teaching critical thinking with AI tools

Need for AI literacy

Both speakers emphasize the need to develop critical thinking skills when using AI tools and the importance of AI literacy in education.

Similar Viewpoints

All speakers advocate for flexible and adaptive approaches in AI education, emphasizing the need for continuous feedback, experimentation, and adjustment of teaching methods.

Tayma Abdalhadi

Ayaz Karimov

Melissa El Feghali

Importance of feedback loops

Testing different game types

Creating flexible learning frameworks

Unexpected Consensus

Non-digital approaches to AI education

Ayaz Karimov

Melissa El Feghali

Screen time management

Project-based learning in non-formal settings

Despite discussing digital tools, both speakers unexpectedly agree on the value of non-digital or limited-digital approaches in AI education, addressing concerns about screen time and emphasizing the importance of real-world, hands-on learning experiences.

Overall Assessment

Summary

The speakers generally agree on the need for interdisciplinary, culturally adaptive, and critical thinking-focused approaches in AI education. They also emphasize the importance of flexibility, feedback, and real-world application in teaching methods.

Consensus level

There is a high level of consensus among the speakers, particularly on the need for innovative and adaptive teaching methods in AI education. This consensus suggests a strong foundation for developing comprehensive and effective AI education strategies that can be applied across diverse contexts and learning environments.

Different Viewpoints

Approach to screen time management

Ayaz Karimov

Melissa El Feghali

Ayaz addresses the issue of managing screen time when using digital educational tools. He discusses the concept of ‘cyber disease’ and the importance of limiting screen time, especially for children.

Melissa El Feghali: I can add to that on what Aya said. It really depends on the game that you’re aiming for. A lot of the games that can be created don’t even need to use screen or have screen time.

While Ayaz emphasizes the importance of limiting screen time, Melissa suggests that many educational games can be designed without requiring screen time at all.

Unexpected Differences

Overall Assessment

summary

The main areas of disagreement were minor and primarily focused on different approaches to implementing AI education and managing screen time.

difference_level

The level of disagreement among the speakers was relatively low. Most speakers presented complementary viewpoints that enhanced the overall discussion on AI education and fairness. This low level of disagreement suggests a general consensus on the importance of AI literacy and the need for innovative, inclusive approaches to AI education.

Partial Agreements

Both speakers agree on the importance of AI literacy, but they differ in their approach. Tayma focuses on critical thinking and comparing multiple sources, while Ayaz emphasizes understanding technical concepts like hallucination in language models.

Tayma Abdalhadi

Ayaz Karimov

Tayma advocates for teaching children to approach AI tools critically. She emphasizes the importance of comparing information from multiple sources and understanding that AI outputs are not always the full truth.

Ayaz emphasizes the importance of AI literacy in education. He argues that understanding AI, including concepts like hallucination in language models, is crucial for effective and safe use of AI tools.

Similar Viewpoints

All speakers advocate for flexible and adaptive approaches in AI education, emphasizing the need for continuous feedback, experimentation, and adjustment of teaching methods.

Tayma Abdalhadi

Ayaz Karimov

Melissa El Feghali

Importance of feedback loops

Testing different game types

Creating flexible learning frameworks

Key Takeaways

Serious games and project-based learning are effective tools for teaching complex AI concepts like fairness and governance

AI education needs to be interdisciplinary and inclusive, involving both technical and non-technical perspectives

Contextualizing and adapting learning materials to local realities is crucial for effective AI education globally

There’s a need for increased AI literacy among both youth and adults to use AI tools responsibly

Feedback loops and grassroots efforts are important for making AI education culturally adaptable and accessible

Resolutions and Action Items

Implement project-based learning and serious games in non-formal educational settings to teach AI fairness

Focus on developing AI literacy programs for various age groups

Create partnerships between governments, private sector, and civil society to improve access to digital tools and expertise

Unresolved Issues

How to effectively measure the impact of interactive tools like serious games in teaching AI concepts

Balancing screen time and digital engagement with other forms of learning, especially for younger students

How to fully address the challenges of AI tools like ChatGPT being used for cheating in academic settings

Suggested Compromises

Using hybrid approaches that combine digital and non-digital elements in AI education games and activities

Adapting existing educational games and materials to local contexts while maintaining core concepts

Reframing educational goals to focus on critical thinking and creativity rather than just content production when using AI tools

What I mean that it’s a dynamic relationship between the users of this technology and the technology itself. When we use the AI model, we shape it by the information we give it, but it also shapes our understanding of the topics that we give it and ask it about.

speaker

Tayma Abdalhadi

reason

This comment introduces the important concept of the bidirectional influence between AI and its users, highlighting the complexity of AI’s impact.

impact

It set the tone for discussing AI fairness as a dynamic, evolving issue rather than a static technical problem. This framing influenced subsequent discussions on education and policy approaches.

The main difference between the game and the serious game is that actually when you play the game, you just play for the sake of, like, getting entertained, just to achieve something. But in the case of the serious games, you totally have totally different ultimate goal.

speaker

Ayaz Karimov

reason

This comment clearly defines serious games and distinguishes them from regular games, providing a foundation for understanding their educational potential.

impact

It led to a deeper exploration of how games can be used as educational tools, particularly for complex topics like AI fairness.

Project-based learning doesn’t just stop when the activity ends. It creates a kind of ripple effect that goes on.

speaker

Melissa El Feghali

reason

This insight highlights the long-term impact and scalability of project-based learning approaches.

impact

It shifted the discussion towards considering the broader, long-term effects of educational methods beyond just immediate learning outcomes.

We need to go and see what actually motivates people to make an impact and to deliver their voices. And most importantly, how can we make sure that those voices that have been delivered are actually getting the counterfeedback they deserve?

speaker

Tayma Abdalhadi

reason

This comment emphasizes the importance of user feedback and engagement in shaping AI systems, highlighting a often overlooked aspect of AI development.

impact

It broadened the discussion from just education to include the importance of ongoing user input in AI development and governance.

If the goal is just to memorize or just to achieve an essay, then you’re failing as an educator to actually adapt with the technology. And the important thing is that you’re trying to teach your child how to have critical thinking using the LLMs.

speaker

Tayma Abdalhadi

reason

This comment challenges traditional educational goals and proposes a shift towards teaching critical thinking in the context of AI tools.

impact

It sparked a discussion on how educational approaches need to evolve in response to AI technologies, moving beyond concerns about cheating to considering how to leverage AI for better learning outcomes.

Overall Assessment

These key comments shaped the discussion by broadening its scope from simply teaching AI fairness to considering the complex, dynamic relationship between AI and society. They highlighted the need for innovative, engaging educational approaches like serious games and project-based learning, while also emphasizing the importance of ongoing feedback loops and critical thinking in both AI development and education. The discussion evolved from a focus on specific teaching methods to a more holistic consideration of how to prepare individuals to engage with and shape AI technologies in responsible and impactful ways.

How can we create effective feedback loops between AI users and developers to improve AI fairness?

speaker

Tayma Abdalhadi

explanation

This is important to ensure AI models are continuously improved based on real-world usage and to address potential biases or issues that emerge.

What are the best practices for designing serious games that effectively teach AI fairness concepts?

speaker

Ayaz Karimov

explanation

Understanding optimal game design techniques is crucial for creating engaging and educational experiences around complex AI topics.

How can we measure the long-term impact of project-based learning initiatives on AI governance understanding?

speaker

Melissa El Feghali

explanation

Assessing the lasting effects of these educational approaches is key to refining and scaling successful programs.

What strategies can be employed to manage screen time effectively while using digital tools for AI education?

speaker

Audience member

explanation

Balancing the benefits of digital learning tools with concerns about excessive screen time is important for healthy implementation of AI education programs.

How can AI literacy programs be developed and implemented for different age groups and contexts?

speaker

Ayaz Karimov

explanation

Developing targeted AI literacy initiatives is crucial for ensuring responsible and informed use of AI technologies across society.

What are effective ways to teach children how to critically evaluate AI-generated content?

speaker

Tayma Abdalhadi

explanation

Equipping young learners with skills to assess AI outputs is essential in an era of increasing AI-generated information.

Summary

This discussion focused on children’s rights and safety in the digital space, featuring panelists from various countries and organizations. The conversation highlighted the importance of protecting children online while also ensuring their rights to access, participation, and information are respected. Several key initiatives were presented, including Saudi Arabia’s National Framework for Child Safety Online, Albania’s integration of child protection into its cybersecurity agenda, and Australia’s e-Safety Commissioner’s work on education and prevention.

Panelists emphasized the need for a multi-stakeholder approach, involving governments, private sector, civil society, and children themselves. The Global Cybersecurity Forum’s efforts to develop child protection frameworks in multiple countries were discussed, as well as the role of child helplines in supporting children’s online experiences. Industry perspectives were provided, noting trends in companies’ approaches to children’s rights, including more sophisticated age-appropriate content classification and risk assessments.

Challenges were identified, such as the need for better data transparency from companies and the importance of addressing lesser-known issues affecting children online. The discussion also touched on recent regulatory developments, like Australia’s new legislation restricting social media access for children under 16. Participants stressed the importance of digital literacy, resilience-building, and critical reasoning skills for young people navigating the online world.

Overall, the discussion underscored the complex nature of ensuring children’s safety online while promoting their rights and highlighted the ongoing need for collaboration, innovation, and child-centered approaches in addressing these challenges.

Keypoints

Major discussion points:

– National strategies and frameworks for child online protection, including examples from Saudi Arabia, Albania, and Australia

– The role of technology companies in protecting children’s rights online

– The importance of child helplines in supporting children’s online experiences

– Challenges and innovations in online safety education and awareness

– The need for international collaboration and data sharing on child online protection

The overall purpose of the discussion was to explore different approaches to embedding children’s rights and safety within the digitalization agenda, with a focus on making the digital world a safe space for children to learn, play and explore.

The tone of the discussion was largely informative and collaborative, with panelists sharing insights from their respective countries and organizations. There was a sense of urgency around the topic, but also optimism about progress being made. The tone became slightly more concerned when discussing emerging challenges like changes to Internet standards that could bypass safety measures, but overall remained constructive throughout.

Speakers

– Jumana Haj-Ahmad: Deputy Representative for the UNICEF Gulf Area Office

– Floreta Faber: Deputy Director-General of Albania’s National Cyber Security Authority

– Maimoonah Al Khalil: Secretary General of the Family Affairs Council in the Kingdom of Saudi Arabia

– Alaa Al-Fadil: Global Cyber Security Authority in Saudi Arabia

– Paul Clark: Executive Manager of Education, Prevention and Inclusion at Australia’s E-Safety Commissioner

– Helen Mason: Director of Operations of Child Helpline International

– Richard Wingfield: Director of Technology Sectors, BSR, London office

– Afrooz Kaviani Johnson: UNICEF (co-moderator)

Additional speakers:

– Vicky Harisi: Harvard University, works on artificial intelligence and child’s rights

– Godsway Kubi: Lead facilitator for Internet Society Online Safety SIG

– Andrew Camping: Trustee with Internet Watch Foundation

Child Online Safety: A Global Perspective on Rights and Protection

This comprehensive discussion brought together experts from various countries and organisations to address the critical issue of children’s rights and safety in the digital space. The conversation highlighted the complex challenges of protecting children online whilst ensuring their rights to access, participation, and information are respected.

National Strategies and Frameworks

A key focus of the discussion was the development of national strategies and frameworks for child online protection. Maimoonah Al Khalil, Secretary General of the Family Affairs Council in Saudi Arabia, presented the country’s National Framework for Child Safety Online, launched in 2023. This framework covers four main areas: awareness, enablement, prevention, and protection, with ten tracks to achieve progress in these areas.

Alaa Al-Fadil from the Global Cyber Security Authority in Saudi Arabia discussed the ambitious Child Protection in Cyberspace initiative, which aims to develop child protection frameworks in numerous countries, upskill 60 million people, and protect 150 million children globally. Notably, the Global Cybersecurity Forum’s Child Protection in Cyberspace Global Summit held in Riyadh concluded with 12 key recommendations for the global community.

Floreta Faber, Deputy Director-General of Albania’s National Cyber Security Authority, explained how Albania has integrated child online protection into its cybersecurity strategy for 2025 and new cybersecurity law. Albania has also established a reporting platform for illegal online contact and is working with schools to raise awareness. The country is currently engaged in public discussions about addressing issues with social media use by children.

Paul Clark, Executive Manager of Education, Prevention and Inclusion at Australia’s E-Safety Commissioner, highlighted Australia’s focus on education programmes tailored to specific needs of children and young people, covering various age groups from zero to five up to young adults in their early 20s. The eSafety Commissioner also focuses on specific vulnerable groups, such as young people with disabilities, LGBTIQ+ teens, and Aboriginal and Torres Strait Islander youth.

Industry Practices and Responsibilities

Richard Wingfield, Director of Technology Sectors at BSR, provided insights into evolving industry approaches to child protection. He noted a shift from basic parental controls to more sophisticated methods, including children’s rights impact assessments for new products and features. Wingfield emphasised the need for better data transparency from companies regarding their child protection efforts.

Paul Clark discussed the promotion of safety by design principles in Australia, emphasising the importance of building safety measures into platforms and apps from the beginning, rather than adding them as afterthoughts.

Supporting and Empowering Children Online

Helen Mason, Director of Operations of Child Helpline International, highlighted the crucial role of child helplines in supporting children’s online experiences. She discussed how these helplines have adapted to provide multiple channels of access, including chat and various online means, to meet children where they are in the digital space. Mason noted that mental health and violence are the top reasons for children contacting child helplines, emphasizing the importance of raising awareness about these services.

Paul Clark emphasised the importance of engaging youth voices in policy development, citing Australia’s eSafety Youth Council as an example of ensuring young people’s perspectives are heard and acted upon.

Jumana Haj-Ahmad, Deputy Representative for the UNICEF Gulf Area Office, stressed the need to balance protection with children’s rights to access and participation online.

Floreta Faber highlighted the importance of addressing the needs of vulnerable groups in online safety initiatives.

Data and Research

Several speakers emphasised the importance of data collection and research on children’s online experiences to inform policy and interventions. Helen Mason discussed collecting data on help-seeking behaviours and issues faced by children through child helplines. Alaa Al-Fadil mentioned conducting surveys and research to inform policy, while Paul Clark stressed the importance of evaluating the impacts of new regulations and interventions.

Richard Wingfield called for improved transparency and data sharing by companies to better understand and address online risks to children.

Challenges and Emerging Issues

The discussion touched on several challenges and emerging issues in the field of child online safety. These included:

1. Balancing safety measures with children’s rights to access information and participate online

2. Addressing potential unintended consequences of age restrictions for social media access

3. Ensuring child protection considerations are integrated into the development of new Internet standards and technologies

4. Improving transparency and data sharing from technology companies about their child protection efforts

Regulatory Developments

Paul Clark mentioned upcoming Australian legislation to prevent children under 16 from accessing certain social media sites. This sparked a discussion on different regulatory approaches across countries.

International Collaboration

A recurring theme throughout the discussion was the need for international collaboration and knowledge sharing in addressing child online safety. Jumana Haj-Ahmad emphasised that the diversity of perspectives in the discussion underscored the need for collective action to ensure children’s safety in the digital space. The importance of international collaboration in Internet standards development to ensure child protection was also raised in an audience question.

Conclusion

The discussion highlighted the complex nature of ensuring children’s safety online while promoting their rights. It underscored the ongoing need for collaboration, innovation, and child-centred approaches in addressing these challenges. The speakers demonstrated a high level of consensus on the importance of multi-stakeholder collaboration and comprehensive strategies, suggesting a growing global recognition of the complexity of the issue and the need for coordinated efforts across sectors and regions.

As the digital landscape continues to evolve, it is clear that protecting children online will remain a critical global priority. This will require ongoing dialogue, research, and adaptive strategies to address emerging challenges and opportunities. The discussion emphasized that continued collaboration and innovation are essential to create a safer online environment for children while respecting their rights to access, participation, and information.

Jumana Haj-Ahmad: Okay, good afternoon everybody and thank you so much for joining us today. We’re delighted to have you all with us, both in person, in the room and online. And a very warm welcome to my co-moderator, Afrooz Kavyani-Joneson, who is joining me from UNICEF. Afrooz, thanks for joining us. My name is Joumana Haj Ahmad and I’m the Deputy Representative for the UNICEF Gulf Area Office. I am honored to help guide this discussion on a very important topic that resonates deeply to all of us. Children’s rights and safety in the digital space. As we all know, the Internet and digital technologies offer a lot of opportunities for children and adolescents to learn, to develop, to grow. But at the same time, these technologies and tools come with a lot of risks that require our attention and action. This session focuses on embedding children’s rights and safety within the digitalization agenda, ensuring that the digital world becomes a safe space, a place where children are protected, but at the same time, they’re learning, they’re playing, and they’re exploring. Today, we will be hearing from different countries, we will be hearing from different stakeholders, from different sectors about their efforts to make the digital space a safe space for children and adolescents. The diversity of perspectives, the diversity of the people joining this discussion, really emphasizes and underscores that a collective action is needed to ensure that children and adolescents are safe in the digital space. So, I will start by introducing our amazing and esteemed panelists. Dr. Maymoun Al-Khalil, Secretary General of the Family Affairs Council in the Kingdom of Saudi Arabia. Ms. Alaa Al-Fadl, Global Cyber Security Authority in Saudi Arabia. Ms. Floretta Faber, Deputy Director General from the National Cyber Security Authority, Albania. Mr. Paul Clark, Executive Manager of Education, Prevention and Inclusion, E-Safety Commissioner, Australia. And back to Ms. Helen Mason, Director of Operations, Child Helpline International, Netherlands. Sorry, I forgot Mr. Richard. Apologies for that. Mr. Richard Wingfield, Director of Technology Sectors, BSR, London office. Thank you all for joining us in this exciting discussion. As we start the discussion, I would like to really flag two key points. The first one, as many of you know, it is estimated around one in three Internet users worldwide is a child. And this number underscores the importance of speaking about children’s rights and having children’s rights at the center of any discussion that relates to digital technology. Even for services that are not explicitly designed for children. Also, I think the second point is that we need to think about those children as real lives. Those children could be your own son or daughter, could be your nephew or niece, could be the son or daughter of a neighbor. So as we talk today about the importance of safety in the digital space of children, we need to put the lives of these children in our minds and hearts. And think about what experience are these children going through? Is it really a safe space that we’re offering them? Is it a space that is allowing them to grow and to learn and to make the best out of this opportunity that is being offered? I would like… Do you hear me? Okay. So I’d like to start with a question to Dr. Maimouna Al-Khalil. The IGF is being held in the Kingdom of Saudi Arabia this year, which aligns well with the Kingdom’s strong digitalization agenda and its focus on child online protection. Could you share with us how the Family Affairs Council is integrating child online protection into the national agenda, into national policies, and coordinating with the different stakeholders and different departments?

Maimoonah Al Khalil: Thank you very much. I hope I’m audible to everyone. I’d like to start by thanking you for inviting me to participate in this dialogue and to share our national work here in the Kingdom on child online protection. There are numerous initiatives taking place today in Saudi Arabia from government agencies, NGOs, and private sector on child online protection. To coordinate these efforts and to enable greater impact for these initiatives and to apply a holistic approach that covers all aspects of child online safety, the Family Affairs Council in 2023 launched the National Framework for Child Safety Online. This framework has four main areas, one being awareness, two being enablement, three being prevention, and four being protection. Now, there have been 10 tracks that have been put into place to achieve progress in these four areas. I will only give a few examples because I know we only have four minutes. Under awareness, for example, we have a track on school curricula where we will be working with the Ministry of Education to look at development of tailored material that targets specific groups of children, age-related, so that the material that is not there is created, and the material that exists is also revisited to embed some awareness information, and also to develop separate independent material to be accessible online at any time. Under enablement, for example, we have capacity-building efforts to prepare teachers and parents mainly with the set of skills they require to detect any dangers that children might face online, and another track for integrated governance in order to have an integrated approach for what children are exposed to online. Under prevention, we have a measure that is based on research and data in terms of looking at how can we do to prevent from the beginning any kind of issues that children might face online, and basically this framework is aimed as an instrument to coordinate all of these efforts that are underway to bring focus to this issue, and to make sure that the public spheres, the private spheres, and the NGOs are working together towards one vision. Now, we cover a number of domains, including cyber security, data protection, privacy, even the psychological aspect of what children go through is very important, and protecting from any cyber crimes that are identified by national law. Now, there have been 12 government entities that have already been identified as stakeholders and partners in this effort, including also the private sector and active NGOs in this regard. The role of the Family Affairs Council in this particular guideline and framework is to coordinate all of these efforts, to monitor these efforts, to report on the progress of these efforts to the center of government, and to identify any gaps by suggesting remedial initiatives. Now, our efforts focus on stakeholder coordination mainly, partnering with decision makers, educators, service providers, and to establish a government model that brings everyone together for the benefit of the child, and our focus areas on enhancing digital literacy, protecting children’s data, and building a culture of safe online behaviors through awareness campaigns and family support. Our outcome-oriented approach is in addressing and finding the gaps, where are the gaps that we can start working on, and leveraging and advancing technology. So, technology here in this sense is a danger, but it can also be an ally and a helper, and aligning efforts with global best practices. I’d like to end by a recent initiative that has brought together national efforts. It was a Family Affairs Council-led national awareness campaign, but in actuality what made it succeed was every entity that came and joined this campaign that focused on promoting child online’s digital safety, promoting healthy digital practices and behaviors, and advocating for parental controls, artificial intelligence, reporting tools, support channels that are existing here in the kingdom and shedding light and bringing them to the fore in every way we could, whether online or through the channels of other participating entities. The targeted segment in this particular campaign were teachers, parents, and caregivers. So this is just a snapshot of the framework, and I hope you enjoy it. Thank you.

Jumana Haj-Ahmad: Thank you so much, Dr. Maimouna, for sharing this overview, and being here in Saudi Arabia has allowed me to also see the consultative approach that you led the process, that you applied in leading the process of the development of the strategy, which really, I think, helped a lot in having the different stakeholders on board, including children, and until now I remember those interactive consultations with the children that the Family Affairs Council led, which was an amazing process. Now I would like to go to Alaa Al-Fadil from the Global Cyber Security Forum. Since its launch, the Global Cyber Security Forum has prioritized child protection as a core initiative. Can you share with us more about the Forum’s mission and your strategy for strengthening commitment and action to ensure children’s safety within the digitalization agenda?

Alaa Al-Fadil: Thank you, Jumana, for the question. Allow me to extend my appreciation to the UNICEF for inviting us to this important session of IGF 2024. So allow me first to start by addressing the question that the majority of the audience might have, which is why the Global Cyber Security Forum is considering child protection in cyberspace as a key priority and core initiative within its mandate. As you know, the unique positioning of the GCF is that, considering the cybersecurity beyond the technical aspects, our work spans all areas, from geopolitics, technical, behavioral, social, under which the child protection is a priority. And as you know, the GCF was entrusted to deliver the Child Protection in Cyberspace initiative stated by His Royal Highness Prince Mohammed bin Salman. Our key targets for this initiative include, first, developing a child protection framework in more than 50 countries, upskilling 60 million people, and protecting 150 million children globally. So to achieve these targets, we have developed an extensive research to develop a robust strategy. These initiatives include, first, a deep assessment of the global landscape, globally, with the validation of key insights from global experts, as well as including reviewing reports, initiatives, organizations, and programs. Second, a global survey to cover 41,000 people, from parents and children, from 24 countries across six regions. And I invite you all to read the report, Why Children are Unsafe in Cyberspace. It’s available from our website, the Global Cybersecurity Forum. So now, when it comes to the delivery model of our initiative, mainly this initiative, it’s structured under one fundamental principle, which is strengthening and complementing existing efforts of major stakeholders. That’s why we are partnering with UNICEF, ITU, WorkProtect, DQ, to deliver on our initiatives project. Finally, to maximize the impact of this initiative, we conducted and organized the Global Cybersecurity in conjunction with the Global Cybersecurity Forum, the CPC Global Summit, in collaboration with our STEAM partners. And it was here in Riyadh last October. The summit was concluded with a 12-key recommendation for the global community. And I believe there is no better way to conclude than with a quote from His Royal Highness, Prince Mohammed bin Salman, in his welcoming statement to the participants of the GCF annual meeting at the CPC Summit. It reads as follows, cyberspace is closely linked to the growth of economy, the prosperity of society, the security of individuals, and the stability of nations. Thank you.

Jumana Haj-Ahmad: Thank you so much, Alaa, and for all the hard work. I know how you personally also led the preparations for the Global Summit on Child Protection. And it was an amazing summit with, as you said, with a lot of ambitious commitments made to make the digital space a safer space for children. Now I’d like to pass it on to Afrooz. Over to you, Afrooz. Thank you, Jamana.

Afrooz Kaviani Johnson: Can you hear me in the room? We can hear you, yes. Wonderful. So I’m glad that we can use technology to connect. And sorry, we’re not there in person, but I’m really happy to now go from the incredible developments within Saudi Arabia and the global picture from the Global Cyber Security Forum to hear from our colleagues and collaborators in Australia. So I have a question for Mr. Paul Clark, who, as Jamana mentioned, is the Executive Manager of Education, Prevention and Inclusion at Australia’s E-Safety Commissioner. So we know that Australia’s E-Safety Commissioner is implementing many measures to improve online safety for children. So really keen to hear from you, Paul, about your prevention and educative work in particular, realising that there is many other facets of work of the Commissioner, and to hear how you’re really ensuring that these efforts resonate with children and families across Australia to really make a difference in children’s lives. And because the theme of our session today is also about innovation, what are some of those key innovations that you’re introducing in this area?

Paul Clark: Thanks, Paul. Thank you, Afrooz. And thank you very much, everyone. It’s an absolute honour to be here today. For some of you who may not be as familiar with our work, I thought it might be interesting just to give a little bit of background about E-Safety, just to point out that when we were established 15 years ago, we were actually the children’s E-Safety Commissioner. In addition to our focus on education and awareness raising, we also pioneered the world’s first scheme to support individuals with legislative powers that enabled us to have harmful cyberbullying content removed for an individual. So now, while our responsibility extends to all Australians, and that’s reflected in our current name, children and young people will always remain an absolute priority for us. E-Safety in our education programs now, and it was quite a challenge for me to try and fit this into four minutes because there is quite an extensive range of programs there. We really want to focus on the specific needs of children and young people in different circumstances, always keeping in mind their fundamental rights to protection, participation and access to information. So this includes now programs, resources and training to support young people, their carers and educators from the zero to five age group, right up to young adults in their early 20s. Now in doing this, we’ve also ensured that we prioritise within these young people’s age groups. We know that specific cohorts are more at risk, and quite often these cohorts are those who are most likely to get the most benefit from engaging online. So in the Australian context, young people with a disability, for example, are more likely than the national average to encounter… at harmful and hurtful treatment online and hate speech and even physical threats. They’ve also been more likely to come across harmful content such as graphic violence and self-harm material. In Australia we know that LGBTIQ plus teens are much more likely than the national average to experience hurtful and hateful online interactions and also more likely than the national average to engage in risky online behaviours themselves and sharing personal information and sending messages that are sometimes inappropriate. And of course for Australia Aboriginal and Torres Strait Islander youth are much more engaged than the general population in using the internet for cultural connections and staying informed about the world around them whether that be politics or news. But despite these positive cultural and newsworthy interactions sadly First Nations young people are three times more likely than the general population to be the targets of online hate and have offensive things said to them because of their race, ethnicity or gender. So when we talk about innovation of all the work we do I thought I wanted to call out two this evening, sorry today for you, that are really close to our hearts. Central to our commitment to children’s rights is our eSafety Youth Council. That’s a diverse group of young people for the ages of 13 to 24 from every state and territory in the country to ensure that young people’s voices are not just heard but acted upon when developing solutions, support and in helping us frame policy that impacts on young people. If we reflect on Article 12 of the Convention of the Rights of the Child it states that children have the right to express their views freely in all matters affecting them. Our Youth Council is really key for us to keep this principle at front and centre of the work we do. It’s not about doing work for young people, it’s about doing work with them. Our Youth Council has been involved in such a broad range of work at eSafety, everything from helping review content for our youth pages and to support teaching and our education models but also in shaping more broader policy decisions that will have a direct impact on young people. For an example they recently made a formal submission to the Australian Government’s social media inquiry and they’ve taken part in social media summits in two of our states, New South Wales and South Australia and they continue to be in high demand both within eSafety but also too from other key external stakeholders. And that leads me talking about those summits to children’s access to social media online and balancing rights and protections. I’m sure many of you would have heard now of the recent legislation that has just passed in Australia that’s going to prevent young people from under the age of 16 from accessing certain social media sites. These provisions are going to come into effect over the next 12 months and that’s when over that 12-month period is when we’re going to be able to specify which services and what regulatory mechanisms are going to be required to have this legislation enacted. There’s an awful lot of work to do in this space over a very short period of time and we’re building on our considerable work to date on these issues. We know that the relationship for young people between mental health, social media and online engagement is complex but we’re continuing to contribute our insights and research to assist the government and ensure that any new legislation such as this is effective in its measures and minimises the unintended consequences. But regardless of the access of young people, sorry, regardless of the age to access these certain sites, for us prevention and education will always be a foundation of eSafety’s work. It’s more important than ever for young people that we continue to work with them to build their digital literacy, their resilience and critical reasoning skills so that they’re prepared for the online environment regardless of what age they begin to engage with it. So as we continue to navigate a really complex landscape of online safety in a global world, we remain committed to listening to young voices, collaborating with other regulators and adapting our approach to meet the evolving needs and challenges in this digital world. Thank you. Thanks Paul. Incredible and really heartening to hear how the eSafety

Afrooz Kaviani Johnson: Commissioner is taking on board Article 12 of the CRC and really embedding that within all of your work. We should also note that we’re going to have some time for questions, hopefully at the end. So audience online and in the room, please start thinking about questions you may like to put to our panellists. So thank you. Thanks Paul. From Australia, I’m really delighted now to go to Albania and I have a question for Ms Floreta Faber, who as Jomana mentioned is the Deputy Director-General of Albania’s National Cyber Security Authority. So we’re really interested to hear how Albania is integrating child safety into its cyber security agenda. I hear that there is a new cyber security law in Albania and this includes a dedicated chapter on children. So could you tell us more about this and how you’re ensuring that ministries and departments are equipped with the latest knowledge and skills to effectively empower and support children online? Thank you very much for giving us the opportunity to be

Jumana Haj-Ahmad: part of this really fascinating discussion. Albania is a small country and we are very happy to be next to Australia now and we have been involved, really the Albanian government is committed to securing a resilient digital future for the Albanian people and especially for the young generation. And in order to realise this vision, of course we are focused on strongly protecting our critical and important infrastructures, but also protecting children

Floreta Faber: online. It is one of the main pillars of our work. The commitment is reflected in the inclusion of child online in the cyber security strategy for 2025 and we had it on the previous but now more developed in the new law on cyber security, which you mentioned, which came into force this May. The new law on cyber security is tasked with, has tasked the National Cyber Security Authority, undertaking all the measurements, the cooperation and coordinating of the work with all the institutions which are responsible for safety and protection of children and young people online, in order to create a safer online environment in Albania. This means preparing the new generation capable of benefiting from all the advantage of the new technologies and information technology, but also know the challenges of the new development and showing them that in today’s world the digital personality is of a high importance. In Albania we have seen this in different ways in order to address the issue. First, in order to, we believe it’s important to create a legal framework and the necessary mechanism that make all our government institutions but also the civil society work together. When I say public institution, the National Cyber Security Authority is coordinating the work, but State Police, Ministry of Education, State Agency for Child Rights and Protection, Audiovisual Media Authority, Electronic and Postal Communication Authority, People’s Advocate, they all play their own role in this field. We are trying to coordinate all the work that all the institutions do, in order to make sure that we cover the whole country with the issues on protecting children online. The National Cyber Security Authority has a reporting platform, where citizens can report directly cases of illegal online contact and also issues online. Last year we had a low number, but this year we have had over 250 cases, which people have reported to us, so we all send those cases to the police. In cases, we have done a questionnaire with children, which we have met through the Year in Awareness in-person events, and we have found out that TikTok and Snapchat is the most used platform from the young people. Especially when we had issues with TikTok, lately we sent our materials also to the Audiovisual Media Authority, who is directly talking with TikTok in order to prevent cases of using illegal contact. The FDA has implemented a number of initiatives during the years in order to protect children online. We are developing our strategy on protecting children, but in the last four or five years especially we have been working with ITU, UNICEF, U.S. government also support in trying to develop a number of initiatives in the country where we have been able to have various educational materials, videos, manuals, brochures, ways of awareness. And if I mention only in 2024, our authority together with the Children Protection Authority and with the support of UNICEF, we have organized, I can bring you some example, we have been on 28 schools around the country, 13 cities, 1,500 young students we have been talking with directly. We have been training the trainers, about 400 teachers in those schools, about 200 safety officers in schools in order to have everyone aware and educated and knowing which is the phone call they can make, where they can report in their cases. And we have organized a number of workshops and roundtables with different authorities, with teachers representative from local government, from high level government in order for everyone to play a role, what are the changes needed to be done and what is the awareness needed. We have some really cases of where kids have issues out of using the social media. And I can say that lately, when I say lately, like in the last month or two, we have the entire Albanian government addressing the issue for need of awareness in protection of children online. We are having a public discussion, it’s open to all schools around the country, talking with teachers, parents and students, how to address the issue. We have had our Prime Minister Edi Rama, who has been talking in a number of those consultations, addressing the issue, and we are trying to find what’s the best way to address the issue. Now, we are also talking, are we closing TikTok and Snapchat in Albania? But what we’re determined to do is really to address the issue, whatever is the best way to have our kids online, it’s as you said, our kids, our nieces and our nephews. If I quote the Albanian Prime Minister, he said there is no solution if there is no direct involvement in family, schools, both parents and teacher, and of course, all the government institutions in order to increase, expand, and say for, expand the safety parameter for our children. One new item where I would like to add, we believe that international collaboration for protecting children online is absolutely important, on top of the events that will continue next year in February on the day of Internet of Children Safety Online, we’re putting, we’re chairing an event with 13 countries from Southeast European Cooperation Process Initiative in order to speak not only sharing the experience, but try to share the resources we have for protecting children online. And in the process, I am happy to see that in a way the same as Australia, we have seen that the online protection of children is not enough. In the new strategy 2530, we’re, we’re putting the protection of all citizens online with a special emphasis and a special chapter, because we, we understand that in particular children, teachers, safety officers should be equipped with necessary knowledge, but also underrepresented in groups, it’s very important to be involved in all our work. We have started already doing events, but the new strategy is going to have a more organized framework on how to speak with people with different disabilities, Roma community, LGBT down community, people over age 65, and all those groups. So thank you very much for giving us the opportunity to share some of our experiences.

Afrooz Kaviani Johnson: Thank you so much, Floretta, that was amazing. And I know that it was a hard task that we gave everyone to try and, you know, synthesize the developments in four minutes, but really fantastic to hear the accelerated progress, I think, particularly in recent years, and just the whole of society effort that that is being led in Albania. Thank you. So from Albania, I’m really happy now to introduce again, Mr. Richard Wingfield to give us a different perspective from from his organization, which is BSR, Business for Social Responsibility. So Richard, really interested to hear about your work with companies. So we’ve, you know, there’s been a couple of mention of some tech companies so far. And just to hear what are the gaps and promising trends that you are seeing in relation to current industry practices, when it comes to children’s rights and technology, over to you, Richard.

Jumana Haj-Ahmad: Great, well, thank you so much for for inviting us. And I’m really glad to be able to talk about our experience.

Richard Wingfield: So for those of you who are not familiar, BSR is a global nonprofit, and we work with companies to turn human rights principles and laws and standards into practice using the framework of the UN Guiding Principles on Business and Human Rights. And as part of our human rights work, we’re increasingly being asked by companies to integrate respect for children’s rights into their products and services, but also their broader business and corporate responsibility strategies, processes and plans. And we’ve worked with UNICEF and a number of other actors over the years with our member companies, and we have over 300 of the world’s largest companies who are members and others. And the last few years have definitely seen an increasing interest in ensuring that children’s rights are protected in the digital environment. And that may come from regulatory requirements, such as the Digital Services Act or the Online Safety Act in the EU and the UK, which talk about looking at risks to children and the protection of fundamental rights. It could mean undertaking children’s rights impact assessments. It could mean looking at how companies are using their reporting and disclosure obligations. In all of these different ways, companies thinking about the importance of protecting children and the rights of children as part of their broader human rights responsibilities when it comes to technology and the digital environment. So I’ve tried to put together a few of the promising trends and then a few of the gaps to try and answer your question as helpfully as possible. The first promising trend is that the approaches that we’re seeing companies take to protecting children online are definitely evolving and becoming more sophisticated. So historically, we saw largely that efforts were focused on just parental controls. So really just giving parents the sort of the power to control their children’s online experience and sort of putting all of the effort and emphasis onto parents. This is still helpful, definitely, but we’re seeing more sophisticated approaches taken. So these can mean things like different kinds of content classification for different age groups of children, promoting digital safety education and how to use technology and products safely, undertaking more risk assessments of new features and services and thinking about how they will affect children, introducing different controls and access requirements for different age groups based on the development stage of children. So just becoming a lot more sophisticated in the techniques that are used to try to keep children safe online while still protecting their rights. We’re also seeing new regulation really driving a lot of efforts. And I mentioned some examples a moment ago. So we’re seeing in the EU, for example, the Digital Safety Act requires large online platforms and search engines to consider risks to children, including to children’s rights and to undertake risk assessments of changes to their products and services as well. In the UK, our Online Safety Act, which is now coming into force, also forces companies to think about risks to children and particularly experiences of harmful content or behaviour online. The Australian Online Safety Act and some of the regulatory developments in Australia have also been referenced. And I know the role of the E-Safety Commissioner has sort of been an example to many regulators around the world in terms of its approach to keeping children safe online. And then finally, we’re also seeing more companies do children’s rights impact assessments. So these are specific targeted assessments as new products and features are being developed to really think about how they may impact upon children’s rights, as set out in the Convention on the Rights of the Child, and then to take steps. mitigate risks to children as they’re finalised. There are still some gaps, one of which is the moment the impacts on children online have very much been driven largely by safety considerations and while this is incredibly important it’s also important to remember the opportunities to promote and advance children’s rights that come through technology and so thinking about how you integrate considerations around protecting children’s right to freedom of expression, their right to privacy, and other important fundamental rights as part of these assessment processes is an area where we think more work could be done. We’re also seeing that assessments are generally focused on a lot of like very well-known high-profile issues, for example things like children’s sexual abuse material, bullying and so forth and what we would like to see I think is a greater emphasis and a more holistic approach to the four ways that children can be impacted online and so that greater attention is paid to some of the lesser known issues, for example the way that children might be exploited in supply chains or forced labour issues, the protection of children’s privacy online as well. And the other gap that I think I want to highlight is at the moment we still don’t have enough transparency, so a lot of companies are undertaking this work but it’s not necessarily made public. We know that a number of companies have concerns around disclosing information because of legal liability risks or reputational risks, but we would love to see companies talking a lot more about the efforts that they are making, not just the changes in terms of products or features that they have created, but the actual process by which they engaged in undertaking those assessments, including how they engaged with children and children’s rights organisations so that that stakeholder engagement aspect is much more apparent and visible. We’d also finally maybe like to see a bit more data being produced by companies, so we know that there is an increasing emphasis by regulators on certain metrics around, for example, types of harmful content. Again it would be great to see companies producing more of this data proactively and perhaps also becoming more nuanced in the data that’s provided, so we could see how different age groups of children are being affected or how different vulnerable groups, and Floretta mentioned some of the other groups who might be impacted specifically, for example, ethnic minorities, young girls or children who identify as LGBTQ+. So there’s definitely some area for improvement but we are seeing some promising trends as well.

Afrooz Kaviani Johnson: Thanks a lot Richard. I think BSR has quite a unique view on these issues, so I think that was extremely insightful in a very limited time, but just giving us some cause for optimism, but also really clear areas where more work is needed. So I’m going to hand back to Germana and the

Jumana Haj-Ahmad: panellists in the room. Thank you Afrooz and thank you so much for the insightful interventions, amazing work really done in different sectors. And now we’d like to come back to Miss Helen Mason, the Director of Operations of the Child Helpline International. Thank you so much for being with us. The child helplines, which are operating in 130 countries, play a crucial role in supporting children across various aspects of their lives, including their online experiences. So can you share with us some insights from your data on children’s online experience and lives, but also how you’ve been using technology to enable a safer environment for children digitally?

Helen Mason: Thank you and good afternoon, that’s better. Well, it’s been a pleasure to be on this esteemed panel with my fellow panellists today, and thank you very much for the invitation. So yes, I will answer the question. Thank you very much for the question. But I’d also like to start by, I suppose, start by talking about the characteristics of child helplines, that child helplines are a response mechanism for children and young people in any aspect of their lives, and also a preventative mechanism as well. And I also want to highlight that I think that while the legislation is changing, by any of the accounts we’ve heard today, we are still designing retroactively for the online space in regard to children’s rights, and that’s very much evident in our own work. To mention here as well, that child helplines are key to the response to online harms as part of the We Protect model national response, and to that effect, over the last years, we’ve been developing different methods and capacity buildings around this type of issue that might come through to a child helpline. That means capacity building for our members, it also means around data frameworks, collecting data from our members on these types of issues. So regarding the question and regarding the data that’s collected by our child helpline members, important to say perhaps that it’s a unique resource, the data that we collect directly from the voices of children, in the sense that it’s also a byproduct really of the conversations that go on between children and young people and child helpline counsellors, and collecting that data and being able to collect that data in a timely fashion is really crucial to the way we can use that information to amplify children’s voices. So suffice to say that technology has had a huge impact on that particular aspect of our work in terms of data capture, data analysis, and also now looking at, for example, AI tools to analyse the chat information that comes through from child helplines, from children to child helplines. So in terms of the actual data we collect, of course, it can provide a unique insight into the lives of children, and it can be a very robust data source in terms of help-seeking behaviour, and we do believe that it should form part of policy and programming, you know, national, regionally, and globally. I would like to state that the most common reason for children and young people to contact a child helpline is mental health first and foremost, and violence secondly, and those are 32 percent and 24 percent of counselling contacts respectively. So we can also state that based on the data we collect that girls are more likely to contact child helplines than boys, with 52 percent of contacts coming from girls. And I think that what I would also like to share here is that our latest report on online child sexual exploitation and abuse, we see cases increasing as of 2018 when we first started to collect bespoke data on this, and that we also, I would say, report substantial issues around disclosure, substantial issues around taboos, substantial issues around under-reporting, and of course it’s very important for us to develop methods and strategies to deal with this together with our members and together with our different and many partners, including UNICEF, including We Protect, ICMEC, IWF, for example. I also want to highlight what we can also read in the data, is that in terms of non-binary contacts we can also see that there’s higher incidence of suicidal ideation, and those reports are more likely to be made via online methods. And I think that another aspect of the data that we see is around the method of contact, so child helplines optimally operating 24-7, free of charge, over the years have adopted and launched multiple channels of access, so you’ll be quite familiar, perhaps in your own country, with child helpline access that is coming through chat, through all types of online means, through voice as well, but essentially through all the different places that child children themselves are present. So it’s incredibly important that as child helplines being responsive to children, they need to be present in the places where children are. So that of course means working with different online platforms to develop ways to intersect with those platforms, to provide seamless referral to a child helpline service. So I think that bearing in mind that child helplines have always existed at the intersection of technology and child rights, partnerships with the industry is absolutely vital, and over the last years we’ve been spending time developing partners carefully with industry partners. partners like Snapchat, like Meta, Roblox, Discord, to see how those referral mechanisms can be integrated within platforms so that children and young people can find help when they need it, when it’s time critical. And so one of the big challenges we have is around raising awareness, raising awareness that, for example, a child might not know that there’s a crime committed, they might not be able to talk or disclose this information, so raising awareness in a preventative sense is absolutely vital, and that for us, of course, simply means raising awareness that you can talk to a child helpline about these issues. So I want to just close now. I want to say as well what really matters to me and Child Helpline International is also the 50-plus countries around the world without this kind of service. So given the role that we identify for child helplines in responding to online harms, it’s urgent and it’s our aim to fill that gap by 2030 to have a child helpline in every country of the world so that when a child needs to speak to someone, wherever they are, they can contact a child helpline. Thank you.

Jumana Haj-Ahmad: Thank you so much, Helen. We also have a child helpline here, actually, in Saudi Arabia, and I had the chance to discuss with the director some of the priority issues that Saudi children face here, and it’s very similar to also what you were saying, mental health is a key issue, and being subjected to violence is also another. Okay, so I think we have some time. We have seven minutes, and we are able to take a few questions from the floor here and a few from colleagues joining us online. So we have two questions here, so I think you’ll need to speak in the mic. Try to speak from where you are, and let’s see, but I doubt it. I think you’ll need the mic.

Audience: Hello, my name is Vicky Harisi, I’m from Harvard University and I work on artificial intelligence and child’s rights. My question, and first of all, thank you for all the amazing work that all of you do, it’s super impressive. I think my question is mostly for Mr. Clark from Australia, and I’m very curious to hear if you have tried to collect any data about adolescents’ reaction on your government’s decision to ban some social media platforms from them. I’m just curious to hear if you have any sense about this. Thank you. Thank you.

Paul Clark: As I mentioned, our youth council did provide formal submissions. We haven’t, as now, the mechanisms come into play, and we’re looking at which platforms will be excluded and the leverage that we’re going to have to use to look at how that’s implemented. I think we will be undertaking more study. Up to this date, most of our research, which is always published on our website, has looked at particular cohorts of young people to understand their experiences online, so to understand the benefits they receive, how they’re engaging and using technology, but also the specific risks that they’re facing. Part of the implementation of this legislation for us is we will be doing a full evaluation, so we’re about to now start a baseline research piece to really get that clear understanding and to follow that over the next two years to evaluate the legislation, so that’s not something that we have available right at this moment. Let’s take a question from participants online over to you, Afrooz, and then we’ll come back here, because we have two more questions here in the room, but I see that there is a hand up online. God’s Way Kubi. Yes, there’s a hand up online. I’m not sure if I can give… Hello, can you hear me? Yes, we can hear you. Great. Please go ahead. Please, can I be allowed to share my video? I don’t know. Okay, so while that is being worked on, I can go ahead. Okay, thank you so much.

Audience: Actually, I’m God’s Way Kubi, the lead facilitator for Internet Society Online Safety SIG, and I think I joined this quite a little bit late, but the conversation alone keeps me more interested, especially coming to listen to Mr. Paul Clark first. I got more interested, and so online safety, I would just like to say that we are currently working on projects. Yes, so actually, my intention is to get more collaboration from this organization, so we are working on a project in that developing a comprehensive online safety benchmark that will be used globally, and this will serve as a valuable tool for organizations and individuals, and our focus basically is on child online safety and also the use of social media and websites, how individuals could basically protect themselves using this particular site, but our focus is on children. So our target regions are actually sub-Saharan Africa, Southeast Asia, Latin, and North America. Those are some of the regions that we are hoping to engage some key organizations in those regions, particularly so that we could be able to cover a wider range and also to have a comprehensive online safety benchmark being done. So having had a project that Mr. Clark and other panelists have worked on, I would greatly like that maybe possibly if they could share their emails, I would like to collaborate on any of the projects they are currently working on and also get involved in our project as well to make our own also a success, because we are the Internet Society. We are trying to make it global. We are putting it on a global scale, so getting an organization involved and collaborate on this project is one of the key things that we value, so that is the little I could say from my end, but I think the chat is being disabled, so I’m unable to share. I saw an email, so I don’t know. Thanks, Godzway. No, that’s great. I mean, that’s one of the wonderful things about IGF, right, making the connections. We can talk with the technical folks and see how we can exchange contacts. Thank you so much. You’re welcome. Back to you, Jomana. Thank you so much, Afrouz.

Afrooz Kaviani Johnson: We have five minutes left. If we can take quickly one question from the room here. Over to you. Thank you. Hi there. My name is Andrew Camping.

Audience: I’m a trustee with Internet Watch Foundation. Really interesting presentations. You may or may not be aware that there are changes in Internet standards which will bypass content filtering and parental controls, exposing children to inappropriate, age-inappropriate content much more easily, and also allow tech companies to give them plausible deniability, a horrible phrase, so that they don’t see some of that illegal or unsuitable content. Is that something that you’re aware of, and how do we get more child protection groups involved in the development of Internet standards to prevent these things from happening in the future? Really appreciate your thoughts. Thank you.

Jumana Haj-Ahmad: I’m happy to jump in. Yes, please go ahead. Sorry, I was just going to jump in with two quick, quick points around that.

Paul Clark: One of the key things we push, initiatives we push in Australia, is safety by design. All these add-on parental controls and safety measures that are completed at the tail end often just demonstrate the failure in understanding and setting up a platform or an app with safety as the primary principle to begin with. One of the following pieces of legislation which the Australian government is about to bring in, post the age restriction piece, is an Internet duty of care. So putting a legal obligation back on the platforms that they must keep the safety and security of their users paramount. And so they will be held responsible for that. Thank you, Paul. I know that we have two more questions here in the room, but unfortunately we will need to close this session. So I would like to thank our esteemed panellists for your participation with us today and for the audience for joining us. Thank you so much for the rich discussion.

Jumana Haj-Ahmad: Thank you. Thank you, everyone. Thank you. Thank you.

Agreement Points

Developing comprehensive national strategies for child online protection

Maimoonah Al Khalil

Alaa Al-Fadil

Floreta Faber

Paul Clark

Developing comprehensive frameworks and policies

Coordinating efforts across government, private sector, and civil society

Integrating child safety into cybersecurity agendas

Implementing education and awareness programs

Multiple speakers emphasized the importance of developing comprehensive national strategies that involve various stakeholders to protect children online.

Engaging youth voices in policy development

Paul Clark

Helen Mason

Engaging youth voices in policy development

Providing accessible helplines and support services

Both speakers highlighted the importance of involving young people in the development of policies and services that affect them.

Collecting and analyzing data on children’s online experiences

Helen Mason

Richard Wingfield

Alaa Al-Fadil

Collecting data on help-seeking behaviors and issues faced by children

Improving transparency and data sharing by companies

Conducting surveys and research to inform policy

Multiple speakers emphasized the importance of collecting and analyzing data to better understand children’s online experiences and inform policy decisions.

Similar Viewpoints

Both speakers advocate for integrating safety measures into the design of digital platforms and services from the outset, rather than relying solely on after-the-fact solutions like parental controls.

Paul Clark

Richard Wingfield

Promoting safety by design principles

Evolving approaches to child protection beyond parental controls

Both speakers emphasize the importance of addressing the specific needs of vulnerable groups in online safety initiatives and support services.

Floreta Faber

Helen Mason

Addressing needs of vulnerable groups

Providing accessible helplines and support services

Unexpected Consensus

Collaboration between government and private sector

Maimoonah Al Khalil

Alaa Al-Fadil

Helen Mason

Richard Wingfield

Developing comprehensive frameworks and policies

Coordinating efforts across government, private sector, and civil society

Partnering with platforms to integrate help services

Conducting children’s rights impact assessments for new products/features

There was an unexpected level of agreement on the need for collaboration between government, private sector, and civil society in addressing child online safety. This consensus spans across different regions and sectors, indicating a growing recognition of the need for multi-stakeholder approaches.

Overall Assessment

Summary

The main areas of agreement include developing comprehensive national strategies, engaging youth voices, collecting and analyzing data on children’s online experiences, promoting safety by design, and addressing the needs of vulnerable groups.

Consensus level

There is a high level of consensus among the speakers on the need for multi-stakeholder collaboration and comprehensive approaches to child online safety. This consensus suggests a growing global recognition of the complexity of the issue and the need for coordinated efforts across sectors and regions. The implications of this consensus could lead to more effective international cooperation and knowledge sharing in developing and implementing child online safety measures.

Different Viewpoints

Approach to regulating children’s access to social media

Paul Clark

Floreta Faber

Australia is pushing for safety by design as a key initiative. This approach emphasizes building safety measures into platforms and apps from the beginning, rather than adding them as afterthoughts.

Albania is trying to find what’s the best way to address the issue. Now, we are also talking, are we closing TikTok and Snapchat in Albania?

While Australia focuses on safety by design and legal obligations for platforms, Albania is considering more restrictive measures like potentially closing certain social media platforms for children.

Unexpected Differences

Overall Assessment

summary

The main areas of disagreement revolve around the specific approaches to implementing child online protection strategies, ranging from education and awareness to legal frameworks and potential platform restrictions.

difference_level

The level of disagreement among the speakers is relatively low. Most participants agree on the importance of protecting children online and the need for comprehensive strategies. The differences mainly lie in the specific implementation approaches, which are often complementary rather than contradictory. This low level of disagreement suggests a generally unified direction in addressing child online protection, which could facilitate more effective international cooperation and knowledge sharing in this area.

Partial Agreements

All speakers agree on the need for comprehensive national strategies to protect children online, but they differ in their specific approaches and focus areas. Some emphasize legal frameworks, others focus on education and awareness, while some prioritize coordination across different sectors.

Maimoonah Al Khalil

Alaa Al-Fadil

Floreta Faber

Paul Clark

The Family Affairs Council in Saudi Arabia launched the National Framework for Child Safety Online in 2023. This framework covers four main areas: awareness, enablement, prevention, and protection, with 10 tracks to achieve progress in these areas.

The Global Cyber Security Forum (GCF) is leading a Child Protection in Cyberspace initiative with ambitious targets. The initiative aims to develop child protection frameworks in over 50 countries, upskill 60 million people, and protect 150 million children globally.

Albania has included child online protection in its cyber security strategy for 2025 and in the new law on cyber security. The National Cyber Security Authority is tasked with coordinating efforts across institutions to create a safer online environment for children.

Australia’s E-Safety Commissioner focuses on education programs tailored to specific needs of children and young people. These programs cover various age groups from zero to five up to young adults in their early 20s.

Similar Viewpoints

Both speakers advocate for integrating safety measures into the design of digital platforms and services from the outset, rather than relying solely on after-the-fact solutions like parental controls.

Paul Clark

Richard Wingfield

Promoting safety by design principles

Evolving approaches to child protection beyond parental controls

Both speakers emphasize the importance of addressing the specific needs of vulnerable groups in online safety initiatives and support services.

Floreta Faber

Helen Mason

Addressing needs of vulnerable groups

Providing accessible helplines and support services

Key Takeaways

Many countries are developing comprehensive national strategies and frameworks for child online protection, involving coordination across government, private sector, and civil society

Industry practices are evolving beyond basic parental controls to more sophisticated approaches like children’s rights impact assessments and safety-by-design principles

There is a need to balance protecting children online with empowering them and respecting their rights to access, participation, and privacy

Data collection and research on children’s online experiences is crucial to inform policy and interventions, but more transparency is needed from companies

Accessible support services like child helplines play a vital role in responding to online harms and collecting data on children’s experiences

Resolutions and Action Items

Australia to implement new legislation restricting social media access for under-16s and introducing an Internet duty of care for platforms

Albania to develop a new strategy for 2025-2030 focused on protecting all citizens online, with special emphasis on children and underrepresented groups

Child Helpline International aims to establish child helplines in 50+ additional countries by 2030

Unresolved Issues

How to effectively engage children and youth voices in policy development related to online safety

Addressing potential unintended consequences of age restrictions for social media access

Improving transparency and data sharing from technology companies about their child protection efforts

Ensuring child protection considerations are integrated into the development of new Internet standards and technologies

Suggested Compromises

Balancing safety measures with children’s rights to access information and participate online

Combining technological solutions with education and awareness programs to protect children online

The diversity of perspectives, the diversity of the people joining this discussion, really emphasizes and underscores that a collective action is needed to ensure that children and adolescents are safe in the digital space.

speaker

Jumana Haj-Ahmad

reason

This comment sets the tone for the entire discussion by emphasizing the need for collaboration across sectors and stakeholders to address child online safety.

impact

It framed the subsequent presentations as part of a collective effort, encouraging speakers to highlight collaborative approaches.

To coordinate these efforts and to enable greater impact for these initiatives and to apply a holistic approach that covers all aspects of child online safety, the Family Affairs Council in 2023 launched the National Framework for Child Safety Online.

speaker

Maimoonah Al Khalil

reason

This introduces a concrete example of a coordinated national approach to child online safety, demonstrating how policy can be implemented.

impact

It provided a model for other countries to consider and set a benchmark for comprehensive policy approaches discussed by subsequent speakers.

Central to our commitment to children’s rights is our eSafety Youth Council. That’s a diverse group of young people for the ages of 13 to 24 from every state and territory in the country to ensure that young people’s voices are not just heard but acted upon when developing solutions, support and in helping us frame policy that impacts on young people.

speaker

Paul Clark

reason

This comment highlights the importance of including children’s voices in policy-making, aligning with Article 12 of the Convention on the Rights of the Child.

impact

It shifted the discussion towards the importance of child participation in online safety initiatives, influencing subsequent speakers to address this aspect.

The approaches that we’re seeing companies take to protecting children online are definitely evolving and becoming more sophisticated. So historically, we saw largely that efforts were focused on just parental controls. So really just giving parents the sort of the power to control their children’s online experience and sort of putting all of the effort and emphasis onto parents. This is still helpful, definitely, but we’re seeing more sophisticated approaches taken.

speaker

Richard Wingfield

reason

This comment provides insight into the evolving corporate approaches to child online safety, moving beyond simple parental controls.

impact

It broadened the discussion to include the role of private sector innovation in addressing online safety, prompting consideration of multi-stakeholder approaches.

Child helplines optimally operating 24-7, free of charge, over the years have adopted and launched multiple channels of access, so you’ll be quite familiar, perhaps in your own country, with child helpline access that is coming through chat, through all types of online means, through voice as well, but essentially through all the different places that child children themselves are present.

speaker

Helen Mason

reason

This comment highlights the adaptation of support services to meet children where they are in the digital space, demonstrating practical application of child-centric approaches.

impact

It introduced the perspective of direct support services, rounding out the discussion by addressing the immediate needs of children facing online risks.

Overall Assessment

These key comments shaped the discussion by emphasizing the need for collaborative, comprehensive, and child-centric approaches to online safety. They highlighted the importance of policy frameworks, youth participation, private sector innovation, and accessible support services. The discussion evolved from broad policy considerations to specific implementations and direct support mechanisms, providing a holistic view of the challenges and solutions in ensuring children’s safety and rights in the digital space.

What data has been collected on adolescents’ reactions to Australia’s decision to ban some social media platforms for users under 16?

speaker

Vicky Harisi from Harvard University

explanation

This information would provide valuable insights into how the target population views and is impacted by the new legislation.

How can child protection groups become more involved in the development of Internet standards to prevent bypassing of content filtering and parental controls?

speaker

Andrew Camping, trustee with Internet Watch Foundation

explanation

This involvement could help ensure that child safety considerations are integrated into Internet standards from the beginning, rather than added as an afterthought.

How can organizations collaborate on developing a comprehensive global online safety benchmark?

speaker

Godsway Kubi from Internet Society Online Safety SIG

explanation

Collaboration on this project could lead to a more robust and widely applicable tool for improving online safety, particularly for children.

How can companies be encouraged to be more transparent about their efforts to protect children’s rights online?

speaker

Richard Wingfield from BSR

explanation

Increased transparency could lead to better understanding of effective practices and areas for improvement in protecting children’s rights in the digital space.

How can child helplines be established in the 50+ countries currently without such services?

speaker

Helen Mason from Child Helpline International

explanation

Expanding child helpline services globally would provide crucial support and protection for children in countries currently lacking these resources.

Summary

This discussion focused on the global threat of ransomware and efforts to combat it through the Counter Ransomware Initiative (CRI). Panelists defined ransomware as a form of cybercrime where attackers encrypt victims’ data and demand payment for its release. They noted its evolution from simple encryption to more complex extortion tactics, highlighting its increasing frequency, scope, and severity worldwide.

The CRI, launched in 2021, was described as a coalition of nearly 70 countries working to build collective resilience against ransomware. Key benefits for member countries include capacity building, enhanced information sharing platforms, and strengthened computer emergency response teams. The initiative operates through four main pillars: the International Counter-Ransomware Task Force, policy development, diplomacy and capacity building, and public-private partnerships.

Panelists emphasized the importance of public-private collaboration in addressing ransomware, noting that private sector entities often detect threats before governments and own critical infrastructure frequently targeted by attacks. The role of cyber insurance in countering ransomware was discussed, with panelists highlighting its potential to improve cybersecurity resilience and assist in incident response.

The discussion also touched on the increasing vulnerability of emerging markets and developing countries to ransomware attacks. Panelists stressed the importance of international cooperation and proactive preparation to combat this threat effectively. They concluded by emphasizing that no country is immune to ransomware and that a collective, global effort is necessary to address this persistent cybersecurity challenge.

Keypoints

Major discussion points:

– Definition and current state of ransomware as a global threat

– Overview of the Counter Ransomware Initiative (CRI) and its activities

– Benefits of CRI membership for countries

– Public-private sector collaboration to combat ransomware

– Role of cyber insurance in countering ransomware attacks

The overall purpose of the discussion was to provide an overview of the ransomware threat landscape and explain how the Counter Ransomware Initiative is working to combat this global challenge through international cooperation and public-private partnerships.

The tone of the discussion was informative and collaborative. The speakers aimed to educate the audience about ransomware and the CRI’s efforts while emphasizing the importance of countries and organizations working together to address this shared threat. The tone remained consistent throughout, with speakers building on each other’s points in a constructive manner.

Speakers

– Jennifer Bachus: Moderator, Number two in the State Department Cyberspace and Digital Policy Bureau

– Elizabeth Vish: Senior Director of International Cyber Engagement at the Institute for Security and Technology, member of the CRI Public-Private Sector Advisory Panel

– Dan Haney: Head of Incident Handling Department at Nigeria’s Computer Incident Response Team, Coordinator of the Diplomacy and Capacity Building Track of the Counter Ransomware Initiative

– Audience: Attendees asking questions

Additional speakers:

– Niles Steinhoff: Cyber Foreign Policy and Cybersecurity Coordination Division at the German Federal Foreign Office

Ransomware: A Global Threat and Collaborative Response

This discussion focused on the global threat of ransomware and efforts to combat it through the Counter Ransomware Initiative (CRI). The panel, moderated by Jennifer Bachus from the U.S. State Department, included experts Elizabeth Vish from the Institute for Security and Technology, Daniel Onyanyai from Nigeria’s Computer Incident Response Team, and Nils Steinhoff from the German Federal Foreign Office.

Understanding Ransomware

Ransomware was defined as a form of cybercrime where attackers encrypt victims’ data and demand payment for its release. The panelists noted its evolution from simple encryption to more complex extortion tactics, highlighting its increasing frequency, scope, and severity worldwide. Nils Steinhoff provided insight into the professionalisation of ransomware, describing it as “cybercrime as a service” with specialised vendors along the criminal supply chain.

Elizabeth Vish emphasised a significant shift in ransomware targeting, noting a “substantial growth in ransomware attacks in emerging markets” over the past two years. This expansion to developing countries and economies with fewer cybersecurity resources has heightened the global nature of the threat. Vish also briefly touched on the potential impact of artificial intelligence on future ransomware attacks.

The Counter Ransomware Initiative (CRI)

The CRI, launched in 2021, was described as a coalition of nearly 70 countries working to build collective resilience against ransomware. Daniel Onyanyai explained that the CRI “aims to build global resilience, bringing together countries to build global resilience, and also to offer support to member countries in case they are hit by ransomware.”

Key benefits for member countries include:

1. Capacity building

2. Enhanced information sharing platforms

3. Strengthened computer emergency response teams

The initiative operates through four main pillars:

1. The International Counter-Ransomware Task Force

2. Policy development

3. Diplomacy and capacity building

4. Public-private partnerships

CRI Membership and Information Sharing

Nils Steinhoff outlined the CRI membership process:

1. Interested governments write a letter of intent to the co-chairs of the Diplomacy and Capacity Building Pillar

2. A 14-day silence procedure allows members to object

3. If no objection is raised, the country becomes a member

Onyanyai highlighted that CRI members can request urgent assistance through established platforms, with technical teams from member countries providing support during ransomware incidents. He also mentioned specific information-sharing platforms developed by CRI members:

– Malware information sharing platform (Lithuania)

– Crystal Ball platform (UAE and Israel)

– CRI Portal (Australia)

Additionally, Onyanyai noted the mentorship aspect of CRI, where more advanced countries can mentor less advanced ones in handling ransomware threats. Information about member countries can be found on the CRI website (kamtaransomware.org).

CRI Stance on Ransom Payments

Onyanyai explained the CRI’s position on ransom payments:

– The CRI has a “no pay” policy for ransomware

– Most member countries endorse this statement, but it’s non-binding

– Individual countries may have their own policies on ransom payments

Public-Private Collaboration

Panelists emphasised the importance of public-private collaboration in addressing ransomware. Elizabeth Vish articulated the private sector’s willingness to collaborate, stating, “The private sector really does want to collaborate with mutual respect with the public sector… They want to work with governments and they specifically want to work with the CRI.”

Private sector entities often detect threats before governments and own critical infrastructure frequently targeted by attacks. Vish highlighted that the private sector can contribute through threat intelligence sharing and providing examples of successes and failures from which others can learn. She also mentioned IST’s blueprint for ransomware defense, available in multiple languages, which highlights actions small and medium-sized enterprises can take to reduce vulnerability to ransomware attacks.

The Role of Cyber Insurance

The discussion touched on the role of cyber insurance in countering ransomware. Panelists highlighted its potential to improve cybersecurity resilience and assist in incident response. Onyanyai mentioned that the CRI is working to enhance engagement with insurance companies, while Vish stressed that preparation is key to avoiding ransom payments and noted the role of cyber insurance in improving overall cybersecurity measures.

Conclusion

The speakers demonstrated a high level of agreement on the severity of the ransomware threat, the need for international and public-private collaboration, and the importance of proactive measures and information sharing. They concluded by emphasising that no country is immune to ransomware and that a collective, global effort is necessary to address this persistent cybersecurity challenge.

The discussion highlighted the complex and evolving nature of ransomware threats, the importance of initiatives like the CRI in fostering international cooperation, and the crucial role of public-private partnerships in combating this global cybersecurity issue. As ransomware continues to target a broader range of victims, including those in emerging markets and developing countries, the need for a coordinated, multi-faceted approach to building resilience and response capabilities becomes increasingly apparent.

Jennifer Bachus: of you joining us online remotely who have not experienced the fun of IGF. We do have technical difficulties on a somewhat regular basis. I’m really sorry but I’m just gonna warn you in advance that there are kinks in the system. At least that was my experience yesterday and already can feel that a little bit today. But anyway with that very I just want to say hello. To introduce myself my name is Jennifer Backus. I’m the number two in the State Department cyberspace and Digital Policy Bureau and I am the moderator today. At least I will be when my mic is not cutting out. I just want to thank all of you for joining us in this session, this open forum on ransomware. I think everybody in this room is here because you recognize the incredible threat to the entire world that it’s a global shared threat that we need to address. It’s impacted our schools, it’s impacted our hospitals, it pretty much impacts everybody around the world, our citizens, our government, and everything we’re trying to do in a digitally interconnected world. For those of you who are not familiar with the Counter Ransomware Initiative or CRI as we call it, it’s a coalition focused on cooperating internationally to address the threat and develop policies and mechanisms that reduce the incentives of ransomware. It is a multi-stakeholder model and and it has a private sector component and a large and diverse group of countries involved. And so I hope that today’s discussion will be an interest to many of IGF’s participants. I’m so happy to have with us today three great panelists. First of all, Daniel Onyanyai. Oh man, I’m really gonna kill your name. I’m sorry. I might let him say his own name because I think it’s super rude. Okay. He serves in the office of the National Security Advisor as the head of Incident Handling Department at Nigeria’s Computer Incident Response Team, the CERT. In this role, he oversees key aspects of national cybersecurity including vulnerability management, digital forensics, incident response, and risk mitigation. He also, to today’s discussion, serves as coordinator of the Diplomacy and Capacity Building Track of the Counter Ransomware Initiative. Niles Steinhoff, who’s online, currently serves in the Cyber Foreign Policy and Cybersecurity Coordination Division at the German Federal Foreign Office. He supports the German cyber ambassador, Maria Adlebar, who together with Nigeria is leading the Diplomacy and Capacity Building Track. Welcome. And then also online is Elizabeth Visch, who is Senior Director of the International Cyber Engagement of the Institute for Security and Technology, which is a member of the newly launched CRI Public-Private Sector Advisory Panel. Elizabeth leads IST’s work, engaging international audience with recommendations from IST’s work on the future of digital security and the ransomware task force. She works on cybersecurity best practices, including how the public and private sector can collaborate. The multi-stakeholder community can offer cyber capacity building for developing countries. I also have to say, Elizabeth is a veteran of the State Department and worked in our Bureau, so is an embodiment of the multi-stakeholder approach to these issues. So great to have all of you here. So I have questions, which is what I think I’m supposed to do next, but if anyone has a different approach, just let me know. We’re gonna start with Niles. And so can you help us define ransomware a little bit more precisely? Can you give us an overview of the ransomware state of play? Over to you, Niles. Hello and good afternoon from Berlin, Germany. Can you hear me in the room?

Speaker: Somebody think that looks good? Great, thank you very much. So let’s hope for no more kinks in the technical setup. And thank you for organizing this very important and timely session at the IGF in Riyadh. I’ve been asked to talk a little bit about defining ransomware and giving you a little bit of a state of play. And I would start with a very brief definition and then get into the details about actors, numbers, international peace and security, and also ransomware generally is an act of decrypting a victim’s data and holding them for ransom to unlock this data. I think this is nothing new and it’s been around for quite a while. Mostly these attacks are financially motivated by cybercriminals who follow opportunities to ransom entities, mostly in the commercial sector, and have less of a strategic outlook on who they ransom. What we see globally is that this very profitable business has specialized to become a service. Cybercrime as a service, where we, along the criminal supply chain, observe specialized vendors such as initial access brokers, the ransomware groups themselves who then ransom the victims for money, but also afterwards money laundering experts in the illegal sector, so to say. What we see nowadays is less so the decryption of data on a victim’s system, but more the extortion to not publish the exfiltrated data. So instead of regaining access to your own system, which might not be super needed anymore if businesses have good business continuity plans and backups, the sensitive data within the commercial data that a company has is usually published on the Internet on so-called leak sites to increase the pressure on these stakeholders. So what we also observe, at least in Germany, we have a growing concern not only about financially motivated actors, but more so about strategically motivated actors or advanced systems within the context of geopolitical tension may disguise as random ransomware actors in order to conduct cyber sabotage operations that would then not be distinguishable from regular ransomware groups who may also wipe data. But this is something we have not observed yet in Germany. So this is a bit what we have. We started with the simple I lock you out of your system, pay me type of ransomware actors, and now we went in an ecosystem that extorts companies for not publishing their data or information in the data on third parties. If you go by the numbers, ransomware is a hugely profitable economic business for these malicious actors. Last year in 2023, according to Chainalysis, a blockchain analysis company, the obtained crypto assets surpassed 1.1 billion US dollars in assets. The average ransom paid was around 620,000 US dollars. But victims always pay less ransom because the business continuity plans are becoming better and better. So from 2021, where about half of the companies paid ransom, now we have about a third, or last year we observed about a third of companies paying ransom. The majority of victims is in the commercial sector. And of course, you know, as I said, mostly these criminals are motivated by financial motives, so they go for the weakest link in the chain, so to say. But we would also say that the, of course, commercial impact of the ransom paid is not the actual impact when we talk about, let’s say, later on the effects of international peace and security, when for example public utility groups. Maybe on the groups, we, roughly speaking, Germany tracks 100 ransomware groups, but 5% of these groups are responsible for around 50% of all the acts. So it’s a pretty, if you want to say, if you speak in industries, it’s a very concentrated industry overall, with the biggest players in the game currently being still, or last year before they were taken down, Lockbit, Blackbuster, and 8Base. I want to also touch a bit on the broadcast meeting conveyed under the auspices, so to say, or the logo of the CRI. As I said, economic damages are not just one element, you know, the damage of the ransom paid to a company, but the problem with the ransomware ecosystem is that it attacks those that are mostly more vulnerable in terms of cyber security, and that often are public service providers. For example, in the healthcare sector, and provide you an example from Germany from last year, we had a ransomware attack on a regional communal IT service provider. they were ransomed and their services are still in recovery mode 15 months afterwards and it affects the life of 1.7 million citizens and 20,000 public workers who cannot use their computers to provide basic services such as child support, such as unemployment benefits, which in Germany are paid at the communal level and it shows that the societal impact and the really destabilizing effect of ransomware that it has on communities and this has been recognized at the level of the United Nations both within the briefing that the United Kingdom but also within the open-ended working group under the auspices of the first committee where we just passed a resolution recognizing the threat of ransomware to international peace and security. I just want to close by saying you know it’s not obviously only terrible, well it is pretty bad, but at the same time it is not such that governments aren’t doing anything against it. So the problem of course with cybercrime is often that you have actors who are not within your own jurisdiction and you need cooperation between governments and if that voluntary will to cooperate is not there, what do you do? So Germany and I think a lot of other jurisdictions are prosecuting individuals and malicious actors to disrupting ransomware groups and not only the operational sides but also getting the encryption and decryption keys, seizing crypto wallets or also as we recently did in Germany seizing crypto asset mixers which would launder illicitly obtained funds into legitimately looking crypto assets. I think one of the good examples was the Operation Thronos earlier in February of this year where multiple law enforcement agencies around the world cooperated to seize assets and server infrastructure of the biggest ransomware group BlockBit and also I think it led to a few arrests if I remember correctly in more than one country and some people say it’s playing a game of whack-a-mole but in the end that is not true. It is a persistent process by which those that want to slowly but steadily take out both the operational infrastructure but also the criminal ecosystem that underpins its profitability. So I will leave it at that. Back over to Riyadh. I hope I stayed roughly within my time limit and I look forward to the rest of the discussion. Thanks so much for that.

Jennifer Bachus: So Elizabeth, building on that, recognizing that ransomware is of course an evolving threat, what do you foresee as the possible evolutions of the threat in the coming years?

Elizabeth Vish: Thank you so much and I’m happy to speak a bit about that. So the first thing I would say is that we’re seeing really substantial growth in ransomware attacks in emerging markets. It used to be that originally a lot of these criminals were attacking mostly companies in the Western Europe, United States, Australia, etc. In the last two years we’ve really seen a dramatic expansion of attacks against entities and companies and non-profits in the developing world in economies where there aren’t enough cybersecurity professionals, there aren’t enough resources to defend effectively. And at the same time, the criminals are also continuing to attack entities in the developed world. So it’s really in the globe. The other thing I would say is that we have also seen that the things that defend against ransomware, things like building resilience, building backups, having a reconstitution plan, the things that companies and entities can do to prepare for a cyber attack work for both ransomware and for other types of attacks. And so we would really encourage the use of cyber defenses, things like using multi-factor authentication, etc., in order to reduce the threat that ransomware poses. And then the other thing I would say is that over the next few years, we really anticipate that artificial intelligence may play a role in changing the nature of offenders. The tools that will be readily available to attackers could very well not just enhance their operations, but also afford them the ability to move at speeds that make it harder for defenders. So we would flag that while we haven’t seen really substantial adoption of artificial intelligence by ransomware threat actors yet, we would highlight that that could certainly come. And the other thing I’d say is that for all of the threat is evolving, a lot of what we see is the same old stuff, where ransomware attackers will get in through vulnerabilities that haven’t been fixed and will both encrypt the data and steal the data. And so there’s a lot of really basic things that people can do to defend that are still very effective. I’ll highlight that IST published the blueprint for ransomware defense. We published it in Portuguese, Spanish, and English. And it highlights things that small and medium-sized enterprises can do to make their surfaces less vulnerable to ransomware attacks. And we found that if those had been implemented in a few case studies, the ransomware attackers from succeeding. So we’d highlight that. And then we’d also say that the reality is that a lot of these criminals won’t necessarily face prosecution because they are resident in jurisdictions that don’t choose to prosecute cybercriminals. And so it’s really important that we take a proactive self-defense posture. I’ll stop there. Thank you.

Jennifer Bachus: Thanks, Elizabeth. Daniel, can you tell us more from your point of view about the CRI, what it is, why it was started, from your perspective?

Daniel Onyanyai: Okay. Thank you very much. CRI, I want to appreciate Niels and Vish for giving us a background about this ransomware. The CRI is a global coalition of governments and organizations that are coming together to build collective resilience against these threat actors. You know, where attackers, in a way, hold systems, lock systems, and then steal critical data and then request for ransom before they can release it. So it has become a global pandemic, and that is what necessitated the CRI. And the CRI aims to build global resilience, bringing together countries to build global resilience, and also to offer support to member countries in case they are hit by ransomware. Of course, you know, you cannot fight these criminals in isolation. So we have networks. Like, you know, now the ransomware ecosystem has been formed in a way that, you see, we have the ransomware operators on one hand, then we have the ransomware affiliates on the other hand, and then we now have the access brokers on another hand, each of them with different responsibilities but working together, and then sharing the ransom based on percentage. So it’s a big organized crime. So the CRI was formed so that countries can be well prepared, build collective resilience with one another, and then target these threat actors and hold them responsible for their actions, and also to cut off their illicit finance, you know, how they launder money through this cryptocurrency. So we want to be able to cut off that incentive, because the goal is just money. So if you can cut it off, you’ll be able to reduce their crime. And, of course, also to bring in the private companies so that we can improve on protections also. because the government alone cannot fight this criminal. We need the private sectors who can also, because they develop the softwares, they develop the systems, most of these attack, they see it more than we can see them, you know, from the government perspective. And so the CRI wants to make sure that the private sectors are… And then the other aspect is that we need to collaborate with one another to also build this resilience. Then why was this CRI, when was it launched or how did it start? Now, after the COVID, we discovered cybercrime, you know, continue to increase cyber attack, continue to increase because of the escalating impact of ransomware. Today, ransomware has increased in frequency, ransomware has increased in scope, and ransomware has also increased in severity. Before we used to have these, it started with just a single extortion method, lock your system or lock your data, then request for ransom, you pay ransom. You know, of course, there’s no guarantee whether you will get it, it’s just how it was. And then it moved to double extortion, whereby they lock up your system or your data, and then they also exfiltrate those data. And then, you know, threatening that if you don’t pay the ransom, then they will release the data to the public, thereby making the victims, you know, to take immediate action. But currently, it has now moved to multiple extortion method, which even if after targeting the victim, they also move to the clients or customers of the victim, you know, to also, that the access is to make them to take action and to get those things. So because of this escalating impact, that was why the CRI was formed. And also, you know, that another second reason is that the cross-border nature of cybercrime, you know, ransomware actors can be in any jurisdiction and be committing these crimes. And so, we need international cooperation for us to be able to bring them to justice. We need international cooperation for us to cut off their source of… That is one other reason. And the other reason is that government have come to realize that there is this urgent need, you know, for proactive solutions. You can’t just sit back. You need to be proactive, you know, before the attack. So countries need to put in place measures, you know, to keep themselves safe and put in place mechanisms. It could be in form of policies, in form of guidelines, but the end goal is that everybody must put in place structures to be able to withstand these people and also to support one another. Then CRI started specifically in 2021. It was launched and it was, you know, initiated by the United States government. In 2019, 2020, you will see that, you know, the number of attacks in most countries, like for example, in the United States, as at 2020, 2021, the number of ransomware attacks that was recorded was over 2,000 as at that point. And so, if you look across different countries, you will see so many countries recording thousands of attacks within a year. And so, there was this urgent need to, you know, bring countries together so that they can discuss this, the impact of ransomware. And so, in 2021, governments and organizations came together, even though it was a virtual gathering, to discuss, you know, to align their strategies, their policies, and their concerns so that they will be able to fight, to build collective resilience against these ransomware actors. So, that was how it began in 2021. Thank you. Thanks for that. And

Jennifer Bachus: CRI is doing to tackle ransomware now. Absolutely. So, currently, after the last

Speaker: summit, which the United States hosted in Washington in early October, the CRI’s members are broadly, let’s say, organizing around the idea that to address ransomware, we, as the, you know, states that are members of the CRI, need to tackle the problem in a holistic way by disrupting the criminal ecosystem that really underpins the profitability of ransomware attacks. So, not only address ransomware actors, but address the profitability to reduce the incentives. Right now, the CRI is organized along four work streams, we could say, that focus on building resilience, on cooperation, on policies, and on, you know, as much as possible attacks. I want to maybe just give you a rundown of the four pillars, which are called the International Counter-Ransomware Task Force, the so-called Policy Pillar, the Diplomacy and Capacity-Building Track, and the newest addition, the new work stream on public-private partnership that Daniel just mentioned, and I think Elizabeth, too. To start with, as, you know, Jennifer, as you said, the CRI is a multi-stakeholder, but also multi-agency model. If we want to address the ecosystem, we need to bring everybody in on the government side and on the company side who has the right tools to address the system, cyber security agencies, its police forces, it’s those that deal with crypto-assets laundering, but it’s also those that deal with diplomacy and with capacity-building. To give you an idea about the different work streams, maybe to start with the International Counter-Ransomware Task Force, where mostly police agencies, so cyber emergency response teams, come together under the leadership of Australia and Lithuania. Over the three years of its existence, the so-called ICRTF, I’m not going to repeat that name all the time, has developed two information-sharing platforms where members can share tactics, techniques, and procedures, but also indicators of compromise on ransomware attacks, and Australia has developed a website where Daniel has said, you know, one important element is also solidarity, so members can ask ongoing ransomware attack. Secondly, we have the policy pillar under the leadership of the United Kingdom and Singapore that have really worked around common challenges outside of just law enforcement that help tackle the ransomware ecosystem. Because they’ve been so active, I’m going to give you three examples, I think, that really highlight the variety and the width, so to say, of the Counter-Ransomware Initiative. France and Netherlands worked on cyber insurance, because cyber insurance is really both a tool to diversify and spread risks across the economy, but also to incentivize good behavior for companies in order to become more cyber secure and comply with basic cyber hygiene that Elizabeth outlined. Secondly, Australia released a playbook for businesses that helps them prepare for and react to and recover from small and medium-sized businesses that usually don’t have their own IT department to deal with cyber security. And then thirdly, Albania led a project on the implementation of Rule 15 of the International Financial Action Task Force that deals with the regulation of crypto assets. So, you know, this policy pillar shows you the width of the ecosystem that the criminals use, but we also address within the CRI. And then the last, or second to last, and then I’ll stop, we have the Diplomacy and Capacity Building Pillar that Nigeria and Germany, so me and my cyber ambassador Maria Adeba are chairing, where we try to, you know, connect or help people find more resources on capacity building, because, as you can see, As you can see from the variety of topics, capacity building is not only about technical capacities for emergency responders, but it really requires a lot of entities in your government to be up to date and to be able to work together with their agencies. And to close with, I want to highlight Canada’s work on public-private partnership, because as Daniel said, the software we use, the infrastructures that even our government systems run on, are often maintained and updated and held cybersecure by private companies. They see something in the networks, sometimes even before we do, and therefore having a solid foundation for public-private partnership, and IST has done some great work on these types of public-private partnerships, it’s absolutely key to have this holistic view on the profitability of the cybercrime ecosystem that is ransomware today, and we hope that over the next year we will find productive ways to advance on this public-private cooperation. And maybe one last fact, we’re closing in on 70 members, and we almost doubled in size by two years, and I think this really, really underlines how big of an issue ransomware has become all over the world, for any country, along these different lines of work.

Jennifer Bachus: Thanks, appreciate that. And for you, Daniel, what do you see as the benefits of CRI to member countries? Okay, so there are a lot of benefits for members, just like Nils mentioned. The first is capabilities. The CRI is really concerned because you need to build capacities for member countries so that they can be able to respond, maybe identify a ransomware attack,

Daniel Onyanyai: they will be able to have the capabilities to detect, to respond, and to also disrupt the activities of this criminal. So you enjoy that we provide capacity building through different collaborations with organizations that offer. These are already members of the CRI. We have the Council of Europe, we have the Interpol, we have so many of them who are also willing to join the CRI. And another benefit is that we have an enhanced information sharing platforms within the CRI. We have developed platforms, platforms like the malware information sharing platforms, which was developed by Lithuania. And then we have another platform we call the Crystal Ball, which was developed together between UAE and Israel. Australia also developed the CRI Portal. These platforms will help member countries to report incidents, seek urgent assistance. We have had instances, for example, like in Nigeria, when a private organization reported an incident, a ransomware attack to us. So immediately we escalated. And then it didn’t take up to some hours, few minutes, few hours, we started getting response from countries. And so the platform is there. So immediately you go into the platform for urgent assistance. Every country on that platform will be notified immediately. And then you will begin to see support from other countries. So there is nothing more reassuring than knowing that when, as a country, you are under attack, you have other backups, you know, from other member countries who are willing to support you and ensuring that you recover from such attacks. And also on the Crystal Ball platforms and on the MIS platform, you receive threat intelligence that will enable countries to stay proactive and to glean on the experience of other countries who are going to ransomware attacks. So you also find indicators of compromise in that place for you to enrich your platforms to be able to detect the activities of these. We also provide on those platforms, we have access to resources. So you have access, country-shared resources on that platform that is available only to member countries. And also what CRI, another thing that, another benefit you can enjoy is that CRI is committed to strengthening the capacities of the computer emergency response teams of member countries so as to, you know, make them to have, to be able to detect these activities, to conduct investigations, you know, of ransomware activities. So there are quite a whole lot of benefits that you can enjoy by joining the CRI. This is just to mention a few of them. Thank you.

Jennifer Bachus: Thank you for that. So Elizabeth, as was noted, the public-private cooperation within CRI are the pillar. The public-private cooperation has existed for a long time, what are the expectations for this sort of enhanced role in CRI? That’s a really great question and thank you.

Elizabeth Vish: First of all, I want to say thank you to the United States and to Canada for the work that Canada has done to launch the public-private sector advisory panel. The team at Public Safety Canada has been working hard to get everyone who can be part of it engaged in rowing in the same direction. My thoughts are that the private sector really does want to collaborate with mutual respect with the public sector and IST runs the Ransomware Task Force, which is a group of more than 60 experts that come together to combat ransomware. It’s a coalition led by the Institute for Security and Technology. We’re a non-profit think tank, so we can bring people together in sort of a neutral third space to talk about the ransomware threat. And we’ve heard a lot from our members. They want to work with governments and they specifically want to work with the CRI. They really think that they have a lot to offer to help combat this threat and that includes things like threat intelligence, that also includes things like examples of successes and examples of failures from which you can learn. I always really love to highlight that there are lessons learned from failures and if we learn those lessons, then we can avoid the failures in the future. There are lots of things that the private sector could do. They have the capacity to help governments recognize threats. They have the capacity to build and improve resilience. Private sector entities that are really capable of handling response when an incident or an attack occurs. I’ll also highlight that the private sector owns and operates a significant portion of critical infrastructure and critical infrastructure are the frequent targets of ransomware incidents. So it’s really important that the private sector be part of the conversation when it comes to addressing threats of ransomware. So my expectations for the advisory panel or the advisory group, it’s intended to bring together experts from both the public and private sectors to collaborate on cybersecurity issues related to ransomware, its primary recommendations and strategies to address ransomware threats, enhance cybersecurity measures, and strengthen national and international cyber resilience. We’re working on a work plan right now that will outline how the group is going to collaborate over the next year when it comes to building that collaboration between CRI members and the private sector. Our focus is really on providing advice and support to CRI members and to support, for example, Mills mentioned efforts related to insurance and how insurance can play a role in enhancing cybersecurity preparedness. That’s an area where most insurance companies are private companies. And so exchange of information and advice regarding that could be an opportunity for the CRI members to better target their engagement with insurance companies and better improve sort of the collaboration so that the insurance companies can do more. There’s some work that we’re doing at IST, which was, again, we’re sort of a nonprofit think tank that relates to the role that insurance can play in improving resilience. And so that’s just one of very many examples of the ways that the private sector can contribute. And we hope that CRI members will engage in a really robust conversation with the six members of the private sector advisory group so that we can help address this threat, which all of us face. Thanks, Elizabeth. And I know if you’re involved in this, there will be robust engagement. So I have no worries on that front.

Jennifer Bachus: So I know we have comments online, but also I want to start by, first of all, acknowledging the very full room here, which I’m very pleased to see. And to see if any of you here in the room have questions that you want to pose. I see one over there. And then I see one over there. And we’ll see whether we take more than one at once. So go ahead, please, sir. Good afternoon.

Audience: I’m Rapitson from Cambodia. So first of all, thank you for the moderator and panelists. And I would like to ask if Cambodia is indeed a member of the CRI. And if it is not, what is the criteria to join the CRI? Thank you.

Jennifer Bachus: I think I can answer that question, but maybe somebody else wants to instead. My understanding is Cambodia is not yet a member of CRI. There is a process through which you put in an application, and the CRI members consider it. But there is, I don’t know if Niels or if one of the people wants to elaborate a little bit more specifically on that. I could. Or Daniel, do you want to take it from the floor? Up to you. Okay. Just, okay. Continue. All right. Thank you for the question.

Speaker: The application process is relatively simple. The interested governments would write a letter of intent. The co-chairs of the Diplomacy and Capacity Building Pillar, which would be Nigeria and Germany. Daniel in the room maybe could give you the contact information afterwards. And then there’s a 14-day silence procedure under which members can object to the membership request.

Audience: And if no objection is incurred, the country that applied for membership would become a – write a letter, wait around 14 days, and if no objection is signaled, then you would become a member. Okay. Let me add this. You know, we have never seen countries objecting other countries, you know, from not joining. So you don’t have to be afraid of that. All right. Thank you.

Jennifer Bachus: Yeah. I think we try to recognize that this is a shared communal threat and that the more countries that come together to battle the threat, the stronger we’ll all be. And then with that, sir, I think you had a question over there. So hi. This is Adnan Malik. I’m from Pakistan.

Audience: Thank you, Daniel. Thank you, Nils. Thank you, Elizabeth, for the insightful discussion. But I’m still having a hard time navigating, you know, the support points. I mean, how do you guys provide support to the member state entities? For example, if I have to give you, for instance, if you know Case per Sky, they have this initiative, no ransom. You know, so like the decryption keys. So they have like a list of directories. So if you got attacked, if you’re an individual or maybe an entity and you got attacked by any popular ransomware, what they do is they provide you with a decryption key since, you know, it’s a very huge platform and they got a good threat intelligence teams. So I’m still trying to navigate the, you know, support. I mean, how that goes, how that work. Are you guys involving your technical teams or is it a consultancy only? The second point is, is there a directory where we can find the, you know, who are already part of the CRI? I mean, I would also, you know, love to see if my country were there. So yeah. Thank you.

Daniel Onyanyai: Okay. Okay. So you can find information. We have a website, kamtaransomware.org. And then for the other first question, the support we offer comes from the technical teams of the member countries. For example, if you request for support, the U.S. SART may decide to offer that support, the Australian SART. And that is why one of our goal is to strengthen the capabilities of the computer emergency response teams who are directly involved in responding to incidences like that. So in terms of the decryption key, first of all, when you report, if it’s a known cybercrime group and the decryption of any of the countries who are offering support to you, they will be able to release it to you. But if there are other things, you know, for example, you are faced with a new ransomware group maybe that have been in assistance in another country. So they will have more experience. So and if they have none, they can request for the indicators of compromise and some artifacts to also you send it to them like the one that happened in Nigeria. We extracted those indicators of compromise, those artifacts, and then forwarded it to those countries or those organizations who are offering support. For example, like the Interpol, we offered to them because none of them had the key to decrypt it, but they also have to also assist in the investigation process. So it depended on how well you want their support, whether you want to provide it to them or you want to give them a channel to provide support for you. But in any case, it is the technical agency or team of member countries that usually offer those investigative support. Thank you.

Jennifer Bachus: I don’t know if I answered the question correctly. Do either of the people online have anything they want to add? Elizabeth Niels? OK. Can you hear me? Did you have anything you wanted to add? Yeah. OK. Nothing to add. Great. Do we have another question from the room? OK. I saw there were. I will acknowledge that my ability to read the questions or comments is limited here in the room, but I think we might have somebody. No, it just seemed maybe that was just participants. That was exciting. Any other? OK. I think we have like maybe five more minutes. Oh, there is a question. Great. Am I audible? Yes.

Audience: Can you tell us a little bit more about how effective cyber insurance is in countering ransomware attacks? Thank you very much.

Daniel Onyanyai: OK. What we did is cyber insurance is actually what the CRI has been pushing. We have also made, involved the insurance companies of members’ countries. We had sessions with them, and we have also come up with guidelines on how the insurance company can come in to assist when it comes to ransomware attack so that they will be able to cover up for so many things. So we have done a lot to bring them on board. But it depends on how the countries, you know, because they are also subject to your country’s law. So it’s not like the CRI is overriding the country’s law. But what we have done is to always is to bring up, you know, those guidelines, those guidance, and also involve them. And before the summit, we had a session with them. And then after then, there was a guideline that was produced of which countries in collaboration with the insurance sector or the, what would I call it now, the responsible agencies, the responsible insurance agency in their country, or the regulator of the insurance sector in their countries. For example, like in Nigeria, we had to, for us to endorse that guidance or that statement, we have to involve them in it, and we endorsed it. So it means that for us in Nigeria, we are going to no guidelines or guidance that is released by the CRI. Does it need to identify them to pay? To pay? Okay, no, okay, to pay the ransom is not for us in the CRI, it is a no pay. So we have a statement to that that we don’t encourage and member countries should not pay ransom. And many member countries endorse that statement. So but as to whether your country will allow payment in some ways is dependent on your country. Even though most country endorse that statement of no pay, some country is the binding statement, it’s a non-binding statement. But most countries decide to leave it open as to whether to pay or not to pay. But for us in Nigeria, we don’t pay ransom and we don’t encourage. So even though at the back, people may decide to pay, it’s left for them, but for us as a nation, it is a no pay. Smith, you wanted to add something?

Elizabeth Vish: Yeah, absolutely. I think, so more broadly, as the potential to play a role in increasing resilience. I would say that there’s some great research that the Royal United Services Institute in the UK has done related to the role that insurance can play in reducing ransomware attacks. One role that insurance can play is helping the companies that they insure to improve their cybersecurity resilience and reduce their vulnerability to ransomware attacks. And that’s not something that all insurance companies do, but it can certainly play a role. The other thing that insurance companies can do is to help companies that they insure get attacked, they can help those companies to reconstitute their networks and get back up and running more quickly. Some insurance companies, when an attack occurs, bring on specific incident responders to help the company that was insured, that purchased the insurance, to respond more quickly. But I would just refer you to that research by Russi. It’s a really good paper looking at the role that insurance can play. Obviously, they are looking from a UK perspective, but I think that the UK perspective can be valuable for many different global operating contexts. Thanks. And then the other, oh, the other thing I’ll highlight, which I think just, is the statement that was produced at the end of the last CRI summit in October, that does sort of mention the best practices for response and includes that as part of a sort of overall approach to responding to an incident. It was endorsed, as mentioned, by many members and by some insurance consortiums. So I would just highlight that as a place that people go to approach a response to an incident. And it offers the perspective that some insurance companies have endorsed. So those are both really good resources to go to when it comes to insurance and ransomware. Thank you. Thank you very much. There’s two questions in the chat, which I will launch, and I think then we are coming to the end. One is, how do you authenticate if a private organization who is developing software is legitimate? And the second is, how well is third world countries

Jennifer Bachus: prepared to deal with this situation like this on their own? So I will see who wants to take one or both of those questions. Would you like to start with the second question? Anyone? I can jump in on the second question. IST does an annual report on the ransomware threat. We’re mostly looking at data from leak sites, so it’s not perfect data.

Elizabeth Vish: But I would say that overall, we’ve really seen the number of attacks against emerging markets, against emerging economies in developing third world countries go up. We’ve seen them go up over the last two years that we’ve done this report. We’ve really seen the increase in attacks against especially critical infrastructure in many places. And also sort of, to be frank, like the place where money is so things like banking and financial institutions, we’ve seen attacks against government actors and government entities like pension funds. So there was a case where cyber criminals attacked the pension fund of a small Caribbean island nation that made it hard for retirees to get their money, which is obviously a real threat to human health and wellbeing. And we don’t… So that’s really why we are underscoring the value of collaborating between government and private sector and also why we’re underscoring the importance of preparation. We have a joke, prepare, don’t pay. And we don’t mean that in the, you can’t pay, but rather avoid paying by preparing. You won’t get attacked, therefore you won’t have to even think about the payment conversation if you can be well-prepared. So I’ll sort of highlight that as the best way. I would also highlight that, when it comes to the question of… I don’t think that anyone should be dealing with this threat on their own. I think that the collaboration cert to cert, which has been highlighted here already, collaboration between national cybersecurity authorities, like in the US we have the cybersecurity and critical infrastructure authority. The Spanish government has NCBA. There are many sort of national authorities that would like to collaborate with one another. I’ll highlight that the State Department actually… Has collaboration when it comes to building national CSIRT capacity and also including in collaboration with Nigeria. And I think that that’s really the future of defending against this threat is improving partnerships and improving collaboration. The private sector really does wanna contribute, wanna play a role, both in investigating and disrupting these criminals and also in preparing for and recovering from this threat. So I would also encourage national authorities in developing countries to think about how they can get collaboration, to improve collaboration with the private sector. So that no one is alone, but rather we’re all addressing this threat together.

Daniel Onyanyai: Okay, so just to add, when you join the CRI, you are no longer alone. And to deal with some of these issues, what CRI has done is to provide kind of another country. You know, we mentor maybe a country who is less advanced when it comes to handling these kind of threats. So the collaboration, in quotes, will not be that whatsoever thing you need. So you can request from your mentor, they will guide you on the process to go. But the responsibility for you to authenticate a private organization still lies in your country. And then if, as a country, you don’t have what it takes to identify that, you can seek assistance through the CRI. And those assistance can be provided to do it. I don’t know if you understand that. On how to do it, it’s not like the CRI will come to your country and do this authentication. But then there are guidance, there are best practices, and there are resources that can be provided for member countries, you know, to be able to authenticate the private organization that provide those software. So that is why I said you are not alone. You can always seek for assistance, and you can also have access to the resources provided. Thank you.

Jennifer Bachus: Thanks for that. And I wish I could give everyone another shot to say a last word, but I’m getting the wrap-up sign, actually, pretty insistently at this point, and the closed captioning has ended. So I think that is going to end this event. I just wanted to thank our panelists for the amazing collaboration and work, and for all of you for showing up here today. Ransomware is an incredibly challenging issue that will take all of us to continue to battle it, and just to say that there is no country that is immune, and we all need to work together. So thanks to everybody. Thank you for joining us remotely. Thank you for joining us in person, and I look forward to seeing you all around IGF. Thanks.

Agreement Points

Ransomware is a significant global threat

Speaker

Daniel Onyanyai

Elizabeth Vish

Ransomware encrypts data and demands ransom for decryption

Ransomware is a profitable criminal business model

Attacks have evolved to multiple extortion methods

Attacks are expanding to emerging markets and developing countries

All speakers agree that ransomware is a serious and evolving global cybersecurity threat with significant financial and operational impacts.

Collaboration is crucial in combating ransomware

Speaker

Daniel Onyanyai

Elizabeth Vish

Jennifer Bachus

CRI has four main work streams to address ransomware holistically

CRI is a global coalition to build resilience against ransomware

Private sector wants to collaborate with mutual respect

Collaboration between government and private sector is key

All speakers emphasize the importance of collaboration, both between countries and between public and private sectors, in effectively addressing the ransomware threat.

Similar Viewpoints

Both speakers highlight the importance of information sharing and threat intelligence in combating ransomware, whether through CRI platforms or private sector contributions.

Daniel Onyanyai

Elizabeth Vish

CRI provides information sharing platforms for members

Private sector can provide threat intelligence and improve resilience

Unexpected Consensus

Importance of preparation in avoiding ransom payments

Daniel Onyanyai

Elizabeth Vish

CRI is working to enhance engagement with insurance companies

Preparation is key to avoiding ransom payments

While coming from different perspectives (government and private sector), both speakers emphasize the importance of preparation and proactive measures in dealing with ransomware threats, including the role of insurance.

Overall Assessment

Summary

The speakers show strong agreement on the severity of the ransomware threat, the need for international and public-private collaboration, and the importance of proactive measures and information sharing.

Consensus level

High level of consensus among speakers, implying a unified approach to addressing ransomware threats through initiatives like the CRI and emphasizing the global nature of the challenge.

Different Viewpoints

Unexpected Differences

Overall Assessment

summary

The speakers demonstrated a high level of agreement on the nature of the ransomware threat, the importance of the Counter Ransomware Initiative (CRI), and the need for public-private cooperation in addressing cybersecurity challenges.

difference_level

Low level of disagreement. The speakers presented complementary information and perspectives, reinforcing each other’s points rather than contradicting them. This alignment suggests a unified approach to addressing ransomware threats, which could be beneficial for coordinated international efforts through the CRI.

Partial Agreements

Similar Viewpoints

Both speakers highlight the importance of information sharing and threat intelligence in combating ransomware, whether through CRI platforms or private sector contributions.

Daniel Onyanyai

Elizabeth Vish

CRI provides information sharing platforms for members

Private sector can provide threat intelligence and improve resilience

Key Takeaways

Resolutions and Action Items

Unresolved Issues

Suggested Compromises

What we see globally is that this very profitable business has specialized to become a service. Cybercrime as a service, where we, along the criminal supply chain, observe specialized vendors such as initial access brokers, the ransomware groups themselves who then ransom the victims for money, but also afterwards money laundering experts in the illegal sector, so to say.

speaker

Niles Steinhoff

reason

This comment provides crucial insight into the evolving nature of ransomware as a specialized, service-oriented criminal enterprise. It highlights the complexity and sophistication of modern cybercrime operations.

impact

This comment set the stage for a deeper discussion on the various components of the ransomware ecosystem and how to combat it effectively. It led to further exploration of the different actors involved in ransomware attacks.

The first thing I would say is that we’re seeing really substantial growth in ransomware attacks in emerging markets. It used to be that originally a lot of these criminals were attacking mostly companies in the Western Europe, United States, Australia, etc. In the last two years we’ve really seen a dramatic expansion of attacks against entities and companies and non-profits in the developing world in economies where there aren’t enough cybersecurity professionals, there aren’t enough resources to defend effectively.

speaker

Elizabeth Vish

reason

This comment highlights a significant shift in the targeting of ransomware attacks, drawing attention to the vulnerability of emerging markets and developing countries.

impact

This observation led to a discussion about the need for global cooperation and capacity building, especially for countries with fewer resources to combat cybercrime.

CRI aims to build global resilience, bringing together countries to build global resilience, and also to offer support to member countries in case they are hit by ransomware.

speaker

Daniel Onyanyai

reason

This comment succinctly explains the purpose and approach of the Counter Ransomware Initiative (CRI), emphasizing the importance of international cooperation.

impact

It shifted the conversation towards discussing specific actions and benefits of the CRI, leading to a more detailed exploration of how countries can work together to combat ransomware.

The private sector really does want to collaborate with mutual respect with the public sector… They want to work with governments and they specifically want to work with the CRI. They really think that they have a lot to offer to help combat this threat and that includes things like threat intelligence, that also includes things like examples of successes and examples of failures from which you can learn.

speaker

Elizabeth Vish

reason

This comment emphasizes the crucial role of public-private partnerships in combating ransomware, highlighting the willingness and potential contributions of the private sector.

impact

It led to a discussion about the specific ways in which the private sector can contribute to the fight against ransomware, including through threat intelligence sharing and lessons learned from past experiences.

Overall Assessment

These key comments shaped the discussion by highlighting the evolving nature of ransomware threats, the global impact especially on emerging markets, the importance of international cooperation through initiatives like the CRI, and the crucial role of public-private partnerships. The conversation progressed from defining the problem to exploring collaborative solutions, emphasizing the need for a multi-faceted, global approach to combating ransomware.

How can artificial intelligence impact ransomware attacks in the future?

speaker

Elizabeth Vish

explanation

AI could enhance attackers’ operations and speed, making it harder for defenders to respond. This is an important area to monitor as AI capabilities evolve.

How can small and medium-sized enterprises implement effective defenses against ransomware?

speaker

Elizabeth Vish

explanation

SMEs often lack resources for cybersecurity. Understanding practical, accessible defenses for smaller organizations is crucial to reducing overall vulnerability.

What are the best practices for cyber insurance in countering ransomware attacks?

speaker

Audience member

explanation

The role of cyber insurance in preventing and responding to ransomware attacks is an evolving area that requires further exploration and guidance.

How can developing countries improve their preparedness and response capabilities for ransomware attacks?

speaker

Audience member

explanation

As attacks against emerging markets increase, understanding how to build capacity and resilience in developing countries is crucial for global cybersecurity.

How can authentication processes for legitimate software developers be improved?

speaker

Audience member

explanation

Ensuring the legitimacy of software developers is important for preventing potential security vulnerabilities and maintaining trust in digital systems.

What are effective strategies for public-private collaboration in combating ransomware?

speaker

Elizabeth Vish

explanation

Enhancing cooperation between government and private sector entities is seen as crucial for addressing the ransomware threat comprehensively.

Summary

This discussion focused on harmonizing strategies for implementing and following up on the World Summit on the Information Society (WSIS) and the Global Digital Compact (GDC). Participants explored how the Internet Governance Forum (IGF) could support these processes and what aspects should be coordinated.

The panel emphasized the importance of avoiding duplication and fragmentation in digital cooperation efforts. They highlighted the IGF’s role as a flexible, inclusive platform for addressing emerging digital issues and suggested it could be strengthened to support GDC implementation. However, concerns were raised about attempts to undermine the IGF and the need to renew its mandate.

Participants stressed the enduring relevance of WSIS’s vision for a people-centered information society, while acknowledging the need to address new challenges like AI and data governance. They discussed the importance of coordinating efforts across UN agencies and leveraging existing frameworks like the WSIS action lines.

The discussion touched on geopolitical tensions and the need for international solidarity in digital cooperation. Panelists expressed fears about the centralization of processes and the potential weakening of multi-stakeholder approaches. However, they also voiced hope for creative solutions and strengthened cooperation through existing mechanisms.

Overall, the conversation highlighted the complex interplay between WSIS, GDC, and IGF processes, emphasizing the need to build on past achievements while adapting to new realities in digital governance. The discussion underscored the ongoing challenges of ensuring inclusive, effective digital cooperation in a rapidly evolving technological landscape.

Keypoints

Major discussion points:

– The relationship between WSIS, the Global Digital Compact (GDC), and the IGF

– The need to coordinate and harmonize implementation of WSIS and GDC outcomes

– The role of the IGF in supporting digital cooperation processes

– Challenges to the multi-stakeholder model and the IGF’s mandate

– The importance of building on existing frameworks rather than creating new ones

The overall purpose of the discussion was to explore how to harmonize strategies for coordinated implementation and follow-up of the WSIS and GDC processes, with a focus on the role of the IGF.

The tone of the discussion was thoughtful and constructive, with participants offering nuanced perspectives on complex issues. There was a sense of urgency about the need to strengthen existing mechanisms like the IGF rather than creating new processes. The tone became more concerned towards the end as participants expressed fears about fragmentation and weakening of multi-stakeholder approaches, but also hopeful about the potential for creativity and collaboration to address challenges.

Speakers

– Anrienette Esterhuysen: Moderator

– Justin Fair: U.S. State Department

– Jorge Cancio: Swiss government, Office of Communications

– Christine Arida: Government of Egypt

– Anita Gurumurthy: IT for Change, India; Global Digital Justice Forum

– Amrita Choudhury: Civil society representative, past member of MAG

– Bic: From Vietnam

– Nigel Cassimire: Caribbean Telecommunications Union

– Jason Pielemeier: Global Network Initiative (multi-stakeholder organization)

– David Fairchild: Government of Canada, Geneva Mission

– Gitanjali Sah: ITU

Additional speakers:

– Valeria Betancourt: Online moderator, APC

– Bruna: Rapporteur, MAG member

– Flavio: (no additional information provided)

Expanded Summary of Discussion on Harmonising WSIS, GDC, and IGF Processes

This discussion focused on harmonising strategies for implementing and following up on the World Summit on the Information Society (WSIS) and the Global Digital Compact (GDC), with particular emphasis on the role of the Internet Governance Forum (IGF). The session began with a spectrogram exercise to gauge participants’ views on key issues, followed by a structured discussion on coordinating these processes to avoid duplication and fragmentation in digital cooperation efforts.

Spectrogram Exercise:

The session opened with a spectrogram exercise, where participants were asked to position themselves along a spectrum in response to questions about the relationship between WSIS, GDC, and IGF processes. This interactive element highlighted the diversity of opinions and set the stage for the subsequent discussion.

Key Themes and Arguments:

1. Role of the IGF in Implementing WSIS and GDC Outcomes

There was broad agreement on the importance of the IGF as a key platform for GDC follow-up and implementation. Amrita Choudhury and Jason Pielemeier emphasised the IGF’s role as an ongoing mechanism for flexible stakeholder engagement. Nigel Cassimire suggested that the IGF could be a place to develop concrete targets for GDC implementation.

However, some speakers highlighted challenges facing the IGF. David Fairchild, representing the Canadian government, expressed concern that the IGF is under threat and needs a strengthened mandate in the upcoming WSIS+20 review. Jorge Cancio from the Swiss government cautioned against viewing the IGF as a standalone solution, emphasising that it is part of a larger WSIS architecture.

2. Global Digital Compact (GDC) and its Relationship to WSIS

Participants discussed the GDC as a new initiative that builds upon the WSIS framework. There was emphasis on the need to integrate the GDC with existing WSIS processes rather than creating parallel structures. Speakers highlighted the importance of leveraging the WSIS Action Lines, which provide a framework for addressing various aspects of the information society, in implementing the GDC.

3. Coordination and Harmonisation of Digital Cooperation Processes

Participants stressed the need to build on existing frameworks rather than create new ones. Gitanjali Sah advocated for leveraging the existing WSIS framework and UN mechanisms like the United Nations Group on Information Society (UNGIS), which coordinates UN agencies’ efforts on information society issues. Jorge Cancio warned against the duplication and proliferation of new forums and processes.

Anriette Esterhuysen argued for updating the WSIS Action Lines to address new issues like artificial intelligence (AI) and data governance. This view was echoed by Amrita Choudhury, who emphasised the importance of addressing developing country needs in AI policy.

4. Challenges and Opportunities in Digital Cooperation

Several speakers highlighted ongoing challenges in digital cooperation. David Fairchild noted fragmentation between member states on the vision for internet governance. Jason Pielemeier stressed the need to resist efforts to weaken the IGF and the multi-stakeholder model.

Anriette Esterhuysen pointed out tensions between geopolitics and corporate interests in the digital space, introducing the concept of “neo-illiberalism” to describe the current global context. She emphasised the importance of international solidarity in addressing digital challenges.

David Fairchild raised concerns about the centralisation of processes, warning of a “New Yorkification” that could potentially exclude some voices. However, Jorge Cancio saw an opportunity to update the global architecture creatively.

5. Progress and Gaps in Digital Inclusion

Speakers acknowledged both progress and persistent challenges in digital inclusion. Gitanjali Sah highlighted significant achievements in areas like telecentres and distance learning. However, Amrita Choudhury noted persistent challenges in connectivity and digital divides, particularly in developing countries.

Anriette Esterhuysen called for a renewed focus on the WSIS vision of a people-centred information society. This sentiment was echoed by other participants who stressed the importance of addressing inequity and renewing commitment to civil society participation.

6. Role of Civil Society

Several speakers emphasized the crucial role of civil society in these processes. There was concern about ensuring meaningful civil society participation in both the WSIS and GDC processes, as well as in the IGF. Speakers noted the challenges faced by civil society organizations, including limited resources and the need for capacity building.

Key Takeaways and Unresolved Issues:

1. The IGF is seen as a crucial platform for implementing WSIS and GDC outcomes, but its role and mandate need to be strengthened, particularly in light of the upcoming WSIS+20 review.

2. There is a need to coordinate and harmonise various digital cooperation processes, including the GDC, with existing WSIS frameworks to avoid duplication and fragmentation.

3. Existing WSIS frameworks, including the Action Lines, and UN mechanisms like UNGIS should be built upon rather than creating entirely new structures.

4. Significant progress has been made in digital inclusion, but major challenges and divides persist, particularly in developing countries.

5. There are tensions between different visions for internet governance among member states, highlighting the need for continued dialogue and compromise.

6. Civil society participation remains crucial, but faces challenges in terms of resources and meaningful engagement.

Unresolved issues include how to balance multilateral and multi-stakeholder approaches in digital cooperation, how to address the centralisation of digital governance processes, and how to ensure adequate funding and resources for the IGF and civil society participation.

Conclusion:

The discussion highlighted the complex interplay between WSIS, GDC, and IGF processes, emphasising the need to build on past achievements while adapting to new realities in digital governance. While there was broad agreement on the importance of coordination and the central role of the IGF, participants also acknowledged significant challenges in ensuring inclusive, effective digital cooperation in a rapidly evolving technological landscape. The conversation underscored the ongoing need for dialogue, compromise, and creative solutions to address these complex issues, particularly as the international community approaches the WSIS+20 review.

Anrienette Esterhuysen: And also to tell you we’re going to do this session a little bit differently. I’ll shortly be asking you all to take your headset and stand up. But before we do that, I just want to introduce the session. I’m going to take this off for now. I hear an echo. You know what it is? It’s my Zoom. I need to switch my speaker on. So welcome, everyone, and thanks for joining us. We’ve heard a lot about WSIS. We’ve heard a lot about the Global Digital Compact in the last few days. Is there anyone in the room who doesn’t know what WSIS stands for? I dare you. No, I’m serious. Is there anyone who doesn’t know what WSIS stands for? Well, that’s good. GDC? And this session, we actually want to build on all the previous discussions, because there’s been many of them, and I think we’re all together actually paving this way towards a better understanding of how these processes relate to one another, but specifically how we can harmonize strategies for coordinated implementation, and that’s what we’re going to talk about today. We have a fantastic panel. I’m going to give your names later, and they can say a little bit more about themselves. We have… Rita Choudhury from India, representing civil society, also past member of the MAG. Jorge Cancio from Switzerland, from the Swiss, from Barcom, the Swiss Ofcom, the Swiss Office of Communications. We have online Jason Pilemeyer over there from a multi-stakeholder initiative called GNI, Global Network Initiative, a membership organization. We have David Fairchild from the government of Canada in the Geneva Mission, very closely involved in all of this. And online we have Anita, Anita Goramurti from IT for Change in India, but also part of something called the Global Digital Justice Forum. I want to introduce my colleague, my online moderator, Valeria Betancourt from APC, who leads APC’s global governance work. And we have as our rapporteur, Bruna, and who is also on the MAG. And then Gitanjali from the ITU, also known as Ms. Wusses. I’m gonna use that because someone, and I’m not a grandmother Wusses, so really enjoy that label. So before we start, I’m gonna ask everyone now to get up. Get up, put your bags down, put your cell phones down, most importantly, put your cell phones down or put them in your pocket, but take this with you. Can I just take this with us? Yes. Valeria, you can stay there. I can stay here, yeah, to channel the participation. So you have to be there. I want you to go into that open space at the back. Just stand around, and I’m going to make you think, work, and talk, and walk. And we’re going to do a spectrogram exercise. Has anyone ever done a spectrogram before? No. You have, good. So I’m going to make a statement. And then based on your reaction to the statement, and remember, it’s the IGF, you are here as individuals, you’re not here as delegations, even though you might think you are. And so you can just have a gut reaction. If you agree with that statement, I want you to stand over there. If you disagree violently over there, if you’re uncertain, just position yourself somewhere along an imaginary line. I haven’t said anything yet. Okay, here’s the first statement. The Global Digital Compact provides exactly the agenda which the IGF needs to become more focused and effective. If you agree over there, if you disagree over there, if you think there’s a little bit of both, somewhere in the middle. Okay. Okay, let me ask someone, I’m going to ask you, sorry to do this to you, Justin, but you are kind of, I would say, just off center, just off center left. Why do you stand here? What is your view? Sorry, the idea is that as you listen to people, I’ll ask other people, you can put your hands up if you want to contribute. If you feel that the response is making you shift your position a little bit, then move your body to shift. Either you disagree even more, or you actually find yourself moving a little bit.

Justin Fair: I would say that the GDC is a good outcome. I think it has a good plan, norms. principles, some of the commitments, all that’s good, some of the way forward, but if you it’s still a negotiated document and there was a lot of kind of compromise from different folks in it, and so ultimately I don’t think it’s perfect by any stretch of the imagination, but I would still say if I’m in the center left camp here that it’s it’s fairly good and something that can be built on going forward. On the IEGF, I think that there’s a lot in there for the IEGF. Now some of this is was explicit and I think there is was thought through how the IEGF, but some of it is how the IEGF responds to that. It’s not what New York or what member states tell the IEGF to do, but also there’s work there and I think now the question is does the IEGF community agree that there’s work that’s relevant for the community here to take forward.

Anrienette Esterhuysen: If I was standing over there, I think I would have moved a little bit. I think these agendas are what we make of them. Anyone on that side who disagrees that the GDC gives the IEGF what it needs, that want to share their view? No one here wants to speak. Flavio, no. Anyone else who wants to comment on this? Jorge, do you want to say anything?

Jorge Cancio: Yeah. Sorry. Jorge Cancia, Swiss government. My question would be, where’s the money for the IEGF, for instance? I think the GDC is a reasonable outcome for the negotiation it was, so it could have been much worse if we look at the initial draft, for instance, but it leaves many things open and now So, similarly to what Justin said, the ball is in the air, we have to kick it into the right direction, and the IJF community has a very important role to play there. But I think on the substance, there are many interesting, reasonable things we have to address. I’m completely in agreement with that. But on the architecture, I think there are some dangers there.

Anrienette Esterhuysen: Thanks, Jorge. Valeria, is there anyone online that wants to… I see Christine there as well, I see Anita and Jason. If you were in the room, where would you stand? GDC gives the IJF exactly the agenda it needs, or you don’t think so? Anita and… Yes, Christine, and then Anita.

Christine Arida: I would be leaning towards the right of the rule, but then I might take a few steps, because there’s some truth to that, just not completely.

Anrienette Esterhuysen: And, Christine, just introduce yourself to everyone.

Christine Arida: Sorry, I’m Christine Arida with the government of Egypt.

Anrienette Esterhuysen: Thanks, Christine. Anita.

Anita Gurumurthy: Thank you. I just wanted to say I would stand in the middle and agree with Jorge and Justin, because I think we mustn’t also forget that the objective of the GDC was not to actually provide direction for improving the IJF or make it effective. That was not the stated objective. And, of course, I think where is the money is a very, very important question. On the other hand, I do think that the GDC broadens the issues at stake for an inclusive information society, which the IJF can and must take up.

Anrienette Esterhuysen: Thanks, Anita. I’m just going to ask Justin to introduce himself, because I forgot to do that earlier.

Justin Fair: Justin Fair, U.S. State Department.

Anrienette Esterhuysen: Okay, now you all did fairly well there. The next statement is, the concept of an inclusive, people-centered information society that came out of the WSIS is obsolete. Agree on this side, disagree on that side. I think people are right when they say the IJF lacks diversity. Okay, anyone want to say why they are standing where they are standing? There are quite a few people in the middle.

Amrita Choudhury: Hi, my name is Amrita. I think while the WSIS talks about information society, I think it’s still important because many of the visions in the WSIS have not been met yet. Like for example, we are not connected yet. But again, the WSIS talks about internet and how it is used. So even if you’re talking about digital technologies or any emerging technologies, they come under the overview of how internet is used. So you may use different ways, but the basic essence of WSIS still runs true. I would not call it obsolete. You may want to add a bit of it to it, like information and digital societies like Netmundial tried to do. That’s my take.

Anrienette Esterhuysen: Any of you, I’ll come to you just now, Justin, but are people still using the concept of information society at all in their own disciplines or their works? Or the concept of knowledge society?

Anita Gurumurthy: In fact, Annarette, we work very closely with many UN agencies. So we’ve expanded it into information and knowledge societies at the ITU. The Council Working Group on WSIS calls it information and knowledge societies to include UNESCO’s work, FAO’s work. even more than that. And in fact, I heard the ADG of UNESCO say yesterday, they’re also now

Anrienette Esterhuysen: including, they’re linking data to data and information and how they relate to one another into transforming into knowledge. So they still have that concept there. Justin, yes, you’re actually in exactly the same spot you were before. Diplomats.

Justin Fair: No, I stayed here because I somewhat agree that I think that if you look back at the original WSIS documents, a lot of the norms and principles, we’ve seen an evolution of those from, you know, through the years, including through WSIS plus 10. And then even more recently with GDC, where that seems to have been updated. And that was one of the key elements of WSIS. A lot of the development plan has evolved over the years, including with the SDGs coming on top of it, which seems to have changed a lot of the development. And then one key thing the WSIS did is provide some framework on how different UN agencies or stakeholders can cooperate on certain areas, and then how they can come together through different processes in a follow-up and review. And all of that seems to have changed over the years. So I think in that way, going back to, you know, to those that are purists and look back to the original, it seems to have way changed from early 2000s on that. But I agree with Gitanjali, that just means that it’s an evolving process, and not to get too rigid in, you know, these exact outcomes from many years ago, because I think that there is a lot that’s been kind of evolved since then, updates, developments, new processes, things of that nature, which have kind of breathed new life into that. And so the question just going forward is how to do that, how to take a framework that has matured over the years, has changed and evolved, is still effective, but only if we can continue to strengthen it and evolve it. Sorry, you want us to move?

Anrienette Esterhuysen: So people, please come inside, please come inside so that we can, that we can, we’re nearly finished, so I think it’s fine. Okay, so anyone else who was standing on this more sort of that information society is an obsolete concept that wanted to add anything? Okay, then I’m going to go to my last statement, which was none of them turned out to be as provocative as I hoped they would, but this one might. The multi-stakeholder approach to digital cooperation entrenches existing dynamics of power and influence. The multi-stakeholder approach entrenches the status quo, existing dynamics of power and influence and internet governance. If you agree over here, somewhere in the middle over there, if you disagree that the multi-stakeholder approach entrenches existing dynamics of power and influence, over there, you agree. Can I, are you willing to speak? Just introduce yourself.

Bic: Hi, I’m Bic from Vietnam. So I think, you know, people, we talk more and more about this concept today, multi-stakeholders, but from, you know, my background, you know, and in the region as well, I feel like it’s still very much state-centric. So when we talk about that, then maybe, you know, it poses a challenge to the existing system.

Anrienette Esterhuysen: Yeah, I think we, I think there was a lot of people in civil society during WSIS who supported the multi-stakeholder approach, believing that it would give them more power and influence. And I’m not sure they always… feel they really got that. But anyone there who feels that the multi-stakeholder approach has created more inclusion, democratization, anyone who wants to offer a view, introduce yourself, please.

Nigel Cassimire: Yes, Nigel Casimir from the Caribbean Telecommunications Union. I think if you look at the difference between something like the WSIS Outcome Document and the GDC, you see a lot more commitment and multi-stakeholder. So I think it just takes time, right? What multi-stakeholder is trying to do is influence the multilateral framework. And you’re seeing, I would say, influence, certainly, right? It’s not something that will happen overnight. So I don’t think it entrenches. I think it is working, but slowly to gain influence in the multilateral space.

Anrienette Esterhuysen: Thanks, Nigel. And I must say, I follow your work quite closely. And I think what I see in the Caribbean is actually a real demonstration of how partnership and collaboration just deepens over time. Anyone online who want to respond to this statement? Valeria is there? No. Anyone there who really supports the multi-stakeholder approach and wants to add? Anita, please go ahead and then we’ll give it to one more person and then you can all sit down.

Anita Gurumurthy: Okay. I agree with my colleague from Vietnam that there is always in the world, you know, power. And, you know, we’re not starting on a fresh slate each day. So just like the power of the state, there’s also the power of the market and the power of big business. And all business, you know, is not the same. And therefore one very important thing. is I’d like to point to an interesting idea of multistakeholderism, which was enunciated by Netmundial in 2014, not the 2024 one, but the 2014 one, which says that internet governance should be built on democratic multistakeholder processes, ensuring the meaningful and accountable participation of all stakeholders. The respective roles and responsibilities of stakeholders should be interpreted in a flexible manner with reference to the issue under discussion. And what I think, therefore, is it’s important to remember that multistakeholder is not one thing, because, for instance, we can’t change a monopoly market situation with stakeholder interventions. You need regulation. So the role of the state and regulation, for instance, you cannot run a community network, you know, with interference from the state. So you need communities. So I really think that it’s extremely important to situate the idea of multistakeholderism in context. And without context, multistakeholderism is just an empty signifier. Thanks.

Anrienette Esterhuysen: Thanks, Anita. And I mean, I would just add one other thing that I think it’s important. And I think the Netmundial Sao Paulo guidelines also point this out. Stakeholder groups are not homogenous. There’s so much diversity between governments within civil society. The private sector is enormously diverse. So I think that’s the other thing that we also need to keep in mind. Okay, any last reflections on this topic? No. So you can sit down. I think a little bit more moving around would have been good, but we didn’t have enough space. Thank you very much, everyone, for participating in this exercise. So, everyone, while you take your seats. I hope everyone can still hear me. I now would like us to begin to think and unpack in a little bit more detail, more concretely, what we mean by coordinated implementation, follow-up and review, and ways of approaching this that takes us from WSIS to GDC and maybe back to WSIS again, but however you see that. So the first question that I want to ask, and I’m going to ask not a specific panelist, the panelists can decide who wants to respond, but the first question is, where is this first question? We at the IGF, we’re part of the IGF process at the moment, how do you see the IGF, but concretely, supporting these important processes that took place in 2024? We have the net model plus 10, which produced these guidelines on how to deepen and strengthen multi-stakeholder processes within multilateral, intergovernmental spaces, but also in multi-stakeholder spaces. We had the pact of the future, and part of the pact of the future is obviously the global digital compact, which gave us these quite high level objectives and commitments, and highlight some of the new and emerging areas that we are facing in digital governance. So yes, anyone want to respond specifically how you see the IGF? I think there’s probably a lot of consensus in this room that we want the IGF to be a key part of GDC follow-up and implementation, but some concrete suggestions. about how that can be done. Any one of our speakers online or in the room that want to, Amrita, please go ahead. You take the first step. And then I invite the other panelists to respond.

Amrita Choudhury: Thank you, Henriette. I’m taking a stab on behalf of the working group of MAG on IGF strengthening and strategy because we, and many of you are part of that group. And so this group has been trying to work a bit on it. And we’ve, as a community, created a working, a vision document for IGF. It’s also there on the website. I’m not too sure where the link is. So there has been discussions on how the IGF can contribute not only to the GDC, but also ally with the WSIS discussions and the others so that in a coordinated way, the IGF can work. There are various steps which have been proposed in terms of action. For example, to formalize IGF’s evolution, try to make the IGF model more strategic, and to also have, for example, a track where the implementation of GDC could be discussed in an open multi-stakeholder platform because even the GDC document recognizes the IGF, the national regional IGFs and its entire ecosystem. So that’s one. Even the Sao Paulo guidelines actually talk about, the NetMundial Plus 10 actually talks about IGF being the custodian to have more discussions on the implementation of many of these, how the multi-stakeholder process can be enhanced by different others who want to actually improve upon the processes, et cetera. Similarly, as I mentioned, the follow-up track of the GDC is something which has been spoken about, and how complementary relationship with the other WSIS partner institutions could be developed and strengthened. I would urge all of you to look at the vision document. I think the community has come up with fairly a good one, which is a bit more actionable. You are welcome to give more comments and I’ll leave it at that for now.

Anrienette Esterhuysen: Thank you, Marita. And maybe just to take a step backwards and ask the panelists, and actually if as many of you can respond to this as possible. When we talk about this harmonizing of strategies for implementation and follow-up of the WSIS and GDC, what exactly is it actually that we’re talking about? When we say there needs to be coordination, that we need to avoid duplication, what is it that we feel should be coordinated? There’s so many different elements of this process. There’s participation, there’s implementation and planning, follow-up, collaboration, partnerships. There’s also gathering evidence and research and identifying problems. So what do you think are the key processes where we need to facilitate a more harmonized approach? And Jason, do you want to start off with that? I know you’re speaking from a multi-stakeholder organization’s perspective. Do you want to respond to the IGF question? You’re welcome to respond to the IGF question.

Jason Pielemier: Thanks, Henriette. That’s what I had actually mentioned in the chat when you asked for comments on that. So maybe I’ll touch on that and maybe it helps segue to your second question. I think that the… So I want to build quite a bit on what Marietje was saying. I think that the… the Netmundial document itself did a good job of identifying the importance of avoiding fragmentation and duplication of fora at a stage earlier this year before the GDC had been concluded and I think a lot of what people had in mind at that moment was the GDC and the GDC went through a number of rounds of evolution and negotiation including opportunities for public comment and thankfully I think ended up in a place where some of what many in the stakeholder community saw as potential duplication was ironed out and we ended up avoiding creating new forums and spaces which is particularly important as the Netmundial São Paulo Principles and Outcome document indicate because of the challenges that stakeholders in particular, stakeholders from global majority, stakeholders coming from civil society, have a lot of challenges from a resource perspective in tracking, engaging, traveling to, and participating in multiple processes simultaneously and so I’m pleased that we were able to avoid some of that duplication at the end but I think there are still many open questions about the extent to which the GDC and its follow-up will be efficiently coordinated with WSIS and I think as the Netmundial Principles noted, the IGF is probably one of the best ways in which to ensure that coordination not just the annual IGF, but of course, the regional and national IGFs, which creates sort of a continuing, existing, well-known set of spaces where a diverse range of stakeholders have proven to be able to come together to address a pretty wide range of important digital issues. So to me, the role of the IGF is really as a kind of ongoing mechanism for engagement. It’s a flexible, the IGF doesn’t have a narrow mandate by any means. So the sort of substance and focus of what is engaged, what stakeholders engage on in the IGF is very flexible. And I think the question for us, and this kind of leads you to your second question is, so what specifically can and should we be focusing on? What are the tracks, whether using existing dynamic coalitions or thinking about new processes? The vision document is clearly an important piece of this puzzle. What are the specific things that we as part of the IGF community can now do to ensure that not only WSIS and the principles and objectives behind that process, but also the GDC continue to move forward in a coordinated and as participatory as possible manner. So that all starts, I think, with the need to renew the mandate for the IGF, which is critical and we shouldn’t get ahead of ourselves. That still has to happen. And of course that happens in the context of the WSIS Plus 20 review. And I think Jorge alluded to earlier the importance of resources, right? The IGF has done an incredible amount in terms of the number of people it’s brought together, the number of… conversations, the range of topics addressed, with a fairly shoestring budget. And so if we’re going to ask the IGF, to bolster its role as this sort of interstitial tissue between these various processes around these topics, it needs to be resourced sufficiently and effectively.

Anrienette Esterhuysen: And thanks a lot for that, Jason. And Anita, I see you want to respond to my question about what it is, particularly in your case, from a civil society perspective, that you feel should be coordinated.

Anita Gurumurthy: Thanks, I think the question has two parts, you know, what should be coordinated and why, and I think you put it extremely succinctly, it’s extremely complex, and therefore, how to get to it should be guided by what’s the imperative. So the imperative here is, and in our view, if I could, I would dare say on on the behalf of some civil society organizations, the WSIS does remain, in some ways, I think, the mother framework. And I do think that there is an abiding vision in WSIS, and maybe I’m a hopeless romantic, but when I see those mentions of people-centered information society, I think we have a long way to go. But the very fact that the global community could commit to it, today, the what of coordination and harmonization is just grown exponentially. So we really need to look at the data and AI revolution. And that is why the GDC took a kind of a timely approach to flag the what. And I would say that updating the WSIS Action Alliance, for instance, through ideas of standards for digital public goods, what are the common standards? You know, what are the ethical standards? Also looking at private platform services and addressing the fragmentation of network standards, looking at democratic integrity and addressing hate speech, or looking at the data for development agenda and saying, what are the rule based you know, arrangements for data sharing at a global, regional, national, and subnational levels to achieve the SDGs. These are some what’s, but I think more important than the what for harmonization and coordination are two very important issues with the why. The first is without coordination and without harmonization, we will not be able to realize the vision of equality and inclusion. And therefore, coordination is very, very important to address the inequity that the GDC recognizes is characteristic of the information society. And we do need, I think, to pay attention to this kind of inequity. And the second reason I think why we need to coordinate and harmonize is the inclusion, participation, and the rightful agency of civil society requires a renewed commitment at this conjuncture. And I think there, if I might say the GDC falls short a little bit, it hasn’t, you know, been very vocal in its commitment or to renew its commitment to the participation of civil society. And here we need, I think, 21st century imagination of, and that’s why we think of the WSIS and cherish the memories of 2003 and five, because civil society said that, you know, multilateralism in its, you know, in its old bottle will not do, right? So we need, I think, a truly transparent, democratic, accountable governance of digital technologies at all levels. And this is one of the reasons, and this is one of the whys for justifying increased coordination and harmonization. I’ll leave it at that.

Anrienette Esterhuysen: Thanks a lot, Anita. And I think it’s fine to be a hopeless romantic about WSIS. I know of at least three WSIS relationships that are still going on and two WSIS babies, as we used to refer to them. And they’re now a young adult. Jorge, you wanted to respond and then David, I see you too. So let’s hear what you feel we should focus on harmonizing and coordinating as part of this process from a government perspective and from a Jorge perspective.

Jorge Cancio: Yeah, thank you, Henriette. So Jorge Cancias with government again, maybe there’s a personal but also a government perspective. I think if we’re talking about babies, I would start to say the GDC actually is a baby of WSIS. So when did it start really at the IGF 2017 in Geneva? We had a discussion about updating digital cooperation and then we had the high level panel on digital cooperation. And finally, we had the GDC after some years in the pandemic and everything. As Anita said, the GDC gives some impulses on the what we have to do. So data governance, meaningful connectivity nowadays, human rights, artificial intelligence governance, so many things. And what is the role of the IGF in that game? So that was also part of the question. I would zoom out and say the IGF, you cannot just talk about the IGF because the IGF is part of the Swiss army knife that is composed by the WSIS architecture. And the WSIS architecture are parts that are about mandates of organizations like the ITU who have been under WSIS investing hundreds of millions into connectivity, into capacity building, into outreaching to many countries. It is the action lines and there is also UNDP, UNESCO, all the UN organizations. You have the CSTD, which is the follow. up place where member states meet but also stakeholders meet together and then give a feedback to the UN system in New York. We have the WSIS forum where we look every year where the action lines stand, where we can update things. And then we have the IGF. And the IGF, you have to see it in the context of that Swiss Army knife. And it is there to have an open discussion on equal footing to identify emerging topics. That is completely valid today, I think. And what is specially needed, I think, is to avoid a proliferation of processes. So if you have a Swiss Army knife and something doesn’t work, you try to improve it. You try to get the blade again, that it cuts properly, whatever. But you don’t take another Swiss Army knife. And then you have to. And you don’t know which one to use. And you spend your time in that. So I think it’s time to use this impulse to update WSIS. But not only the IGF, the whole of the architecture. And there, I think, the Sao Paulo Multistakeholder Guidelines can give us inspiration. Because it’s not only about multistakeholder processes like the IGF or ICANN. It’s also about more traditional multilateral processes where we can learn from the practice, the test bedding the IGF and other fora have been doing for 20 years. Thank you.

David Fairchild: who cover horizontally digital issues. So I have a privilege of covering a number of UN and multilateral processes in the space. I’ll try to be succinct so that we at least can move on to some other questions. And I’ve asked this question before. So what is the difference between WSIS in 2005, 2015, and 2025? And I think if you answer that to yourselves, I think you start to realize why the GDC exists. You can draw whatever answers you want away from it, but the GDC reflected the needs of some member states who felt that the WSIS or the architecture was missing the boat on certain areas. And so the negotiations of the GDC really reflects, unfortunately, yes, a multilateral process. I think we can all have a chin wag offline about how multi-stakeholder it was. But nevertheless, we were all at the table as member states and signed on to what is the GDC. So we can’t go back in history and change it whether we want to or not. But what I think is critical to understand is that there were member states who were actively undermining the IGF, actively undermining ICANN, actively undermining the internet governance model that exists today. You don’t see that in the news. You won’t see that in the final document. But I think if you talk to member states and they’re willing to tell you a little bit more, what you didn’t see was probably more important than what you saw as the final product, because what you did see in the negotiations was a clear differentiation of an ideological view of the future of the internet and how it should be governed, how the digital space needs to exist going forward. And I think that’s kind of bringing me – I think that is one of the most critical things that people need to understand. It is not all rose-colored glasses and status quo ante and we just move along and renew and things will carry on as they are. I think the second point here is as a like-minded, five eyes, G7 chair country, Canada needs to recognize is that there are valid needs that have been identified through the GDC that we need to take care of. And I think that’s where the impetus to take a real serious look at the WSIS process, not necessarily talking about updating the action lines, but I think we need to see whether they’re still fit for purpose and how they need to perhaps reflect some of the demands that have been coming forward. And the IGF, frankly, was under and remains under attack. I don’t wanna diminish the point, nor amplify it too high. If you go and look at the UN General Assembly 79, the ICT for development resolution that was just passed, there was a very minor voted change to diminish the language that was agreed in the GDC six weeks ago on how we refer to the IGF. They voted to, the G77 put forward a vote to diminish the word, to take out the word, the IGF as the primary multi-stakeholder forum. They voted to have the primary removed. So these are small data points, but on an aggregation level seem to suggest that for whatever reason, there are certain countries, certain blocks who have a different view of what the IGF is or isn’t and where it should go in the future. We tried to negotiate for the IGF to be stabilized and permanentized through the GDC. We were not successful. And so we are now in an inflection point as how do we sort of resuscitate our efforts through the negotiations, but to carry this forward through 2025. And so I think, I’m trying to give you something new to play with so we don’t just sort of hear the same old, same old that we heard from multiple workshops over the previous days. And so I think the other point we need to really pay attention to is how does the WSIS review and GDC implementation really play into the long game, which is 2030? And the SDG review. And I think if you go and look at the pact of the future, there are over 240 references in the pact to. development as a word search, which really suggests what is it that we really are trying to address. And I think what we are looking at is a convergence of, at a different time, digital ran on its own track, and there was the analog development world over on another track, and they ran in parallel. And we had the WSIS Action Lines and the Millennium Development Goals, which became the Sustainable Development Goals. We are seeing a convergence. We are living now in a digitalized 21st century. And I think we really need to take a step back and look at the architecture, and yes, Canada does not believe that we need to duplicate. We are looking for efficiency, and I think the system as it exists is more than capable. I mean, the IGF is a 20-year established and trusted environment. But there are member states who say, well, it only discusses internet governance. They seem to forget the second half of the same paragraphs from the Tunis Agenda, which says the IGF is actually responsible for considering digital issues, digital public policy issues. Every new issue can find a home in the IGF as long as we are willing to reconsider the existing language. And I’ll stop there.

Anrienette Esterhuysen: Thanks. Valeria, I’m out of the Zoom, so you can just tell me. My Zoom disconnected. Does Jason want to react? Jason wants to react. Jason, do you want to react directly to David? Because I think Geetanjali wants to give his perspective. But go ahead, Jason. Let’s hear from you first.

Jason Pielemier: Yeah, no, I just put a comment and I’ll read it out loud for folks who can’t see it. But just quick plus one to David’s points that I think should really help us focus on the WSIS plus 20. I think there’s perhaps a tendency with GDC and other things to sort of take our eye off of the ball here. The WSIS plus 20 should be an opportunity not only to expand the mandate of the IGF, but to strengthen that mandate and strengthen the institution of the IGF. But that’s not. guaranteed, right? That is going to depend on the conversations and the negotiations that happen this year. And I think we need to kind of redouble our focus on that because if we don’t, there is a chance, as David alluded to, there are some who I think would push for the IGF to be weakened. And I think that would take us in the wrong direction. So I just wanted to kind of footstomp on that point quickly and hand it back to you.

Anrienette Esterhuysen: Yeah. Thanks, Jason. But I think I also heard David say, and maybe I didn’t hear correctly, but that this is not, when we talk about the what, to use Anita’s framing, the what is not just the IGF. There’s a bigger what and a longer term what out there as well. And it also sounds to me, David, from what you’re saying, that a big part of the what is building the kind of commonality and collaboration that WSIS did manage to achieve between North and South and between the developed and the developing world. And I think it’s wise of you to have reminded us that things are more fragmented in some ways. And Gitanjali, you work in the IT, you’re part of the WSIS process and you work in the UN system itself. From your perspective, what is the most important what and why?

Gitanjali Sah: Thank you, Anirudh. In fact, WSIS for us has been really the UN in action in terms of digital cooperation, the beautiful framework of WSIS action lines that we implement based on our mandates, like WHO has e-health, ILO has e-employment, UNESCO has mostly the knowledge societies one. So it’s a beautiful framework that all UN agencies are working together to implement. strengthen Anita’s point, you know, we should really build on this framework and the strength that we have. And it’s really not true that the action lines are very outdated. Because if you look at the WSIS forum page, you will see that the WSIS action lines are being updated in terms of like the emerging trends, the opportunities and challenges every year by the UN agencies involved. So you can see very, very beautiful presentations on the evolution of the context of each action line and what are the emerging trends. So you can have a look at it online. Also in terms of the existing mechanisms, we really feel, and ITU has been saying this, Doreen said it a couple of times, WSIS forum and IGF are really the successes of the WSIS where multi-stakeholders have got the platform to voice their opinions and to be part of the UN process. So really, the WSIS review gives us an opportunity to look at it. And from the UN perspective, the interagency mechanism of the UN called UNGIS, the United Nations Group on Information Society, that’s really an effective mechanism and that should be built on and used by the UN system. So we have rotational chairpersonship of ITU, UNESCO, UNDP and UNCTAD, along with the regional commissions and more than 35 members of the chief executive boards. So the frameworks and the systems are all in place and we should definitely utilize them. The other thing that brought back memories in the previous session is, again, what you and Anita have been talking about, that we have built this community to this point that now we are talking about things like emerging technologies like AI, but where did we start in 2006-2007? We really have to remember that effort, especially by civil society, the open source movement. the indigenous languages, the cultural aspects that UNESCO has been doing. You know, with the IDRC, we actually set up these telecentres in India, in the villages in India, where we were looking at how telecentres, post offices could be converted into telecentres, where they could provide e-governance services. You know, distance learning was a revolution in so many countries, where young girls could actually study because of distance education, you know. So we really need to also think of what we have achieved, like on the ground, all of us who’ve been working together so hard for all these years. And of course we’ve evolved from all of those technologies to now we are talking about AI, meta, new emerging technologies, but we really need to think about those challenges that we faced and overcame as well. The community radio stations, Anita will know about them, that we built in villages that provided information to the villagers, you know. So we’ve come a long way and we must commend the community

Anrienette Esterhuysen: for that as well. Thanks a lot for that, Geetanjali. And I think the sad thing is that we’ve come a long way, but also when it comes to digital inclusion, we’ve not come nearly far enough and many of those challenges still remain. We’ve now got less than 10 minutes left and I’m going to ask, I’m going to take just two inputs from the audience, very briefly, and then I’m going to ask the panel to share their closing comments with them. So I see a hand there. Juan, anyone else who wants to comment from the audience? No. So Nigel, you have to be very brief because we’ve got five minutes, less than five minutes left. So a bite-sized comment.

Juan: Yes, I don’t want to repeat many things that have been said. So I will concentrate on, if we want to coordinate, go back to there. We need to focus that each process should focus in their unique characteristic. The WSIS Forum should focus in their unique characteristic, the IGF should focus in its unique characteristic. I’m not going into it, into that now, because we don’t have time. But we should, in order to be efficient with what was from WSIS, the framework for WSIS, we have to get it to the, to make it efficient, and each one to what it has, including the intergovernmental process in the CSTD. If each one focus in their own characteristic, without duplicating, then they will need to create the communicating links between all of them, and in order to be efficient.

Nigel Cassimire: Nigel? Yes, thank you, I’m being heard? Okay. Nigel Casimir from the CTU again. I’m just wondering if the IGF could be, whether primary multi-stakeholder or just multi-stakeholder gathering, whatever, could be the multi-stakeholder place where we develop targets for the implementation of the GDC. The GDC is kind of high-level stuff, and maybe in this multi-stakeholder space, we could identify what are some of the specific things we want to see done under the GDC by a particular time. And maybe develop some performance targets for it.

Anrienette Esterhuysen: Thanks a lot for that, Nigel. So you know, it feels to me that we actually needed much more time with this session, but I think many sessions feel like that. And I mean, just to close us, and maybe to pave the way for further work, I want to ask each of the panelists. Firstly, do you think that the IJF should change its name to the Digital Cooperation Forum? And just a yes-no response. But then what I want you to close with is what are your fears and your hopes for this process of harmonizing GDC and WSIS implementation? I want you to start with your fear. Can you still hear me? Good. And start with your fear and end with a hope. So let’s start with our online speakers. Jason, why don’t you go first? Change

Jason Pielemier: the name or not. Yes, no. Your fear and your hope. No. And my fear is I think that the IJF, as we’ve talked about, it depends on—its strength is drawn from the broad and diverse range of stakeholders who are able to participate in it across the international IJF event, but also the national and regional ones, and all of the interstitial work, intersessional work. So hosting the IJF in countries where journalists, Wikipedia editors, women, LGBTQ people are systematically discriminated against or harassed, that works directly counter to that strength. It weakens the IJF. And it is, I don’t think, unintentional by any means. So that is a fear that I have, that the IJF will continue to be co-opted, will be diluted. And I think we need to to acknowledge that that is happening, acknowledge that there are countries that are working against the IJF, its mandate renewal and extension, and efforts to strengthen it. My hope is that we, the multi-stakeholder community, that support the IGF can resist that, can push back on that. And I think that’s going to take a lot of work, but I’m encouraged by the NetMundial process, encouraged by sessions like this one, encouraged by all of the incredible work that people in this room virtually and in person do. And I hope we can continue to work together, even if we don’t always agree on every topic, to support and strengthen the IGF going forward.

Anrienette Esterhuysen: Thanks, Jason. Anita.

Anita Gurumurthy: Thank you. My answer is, I don’t know. I mean, I’m ambivalent about the name, what’s in a name, but I want to actually answer your question about fear and hope by also responding to our esteemed contributor from the government of Canada. I think that for civil society, we are caught at a moment politically at this point in time, between very, very scary geopolitics and greedy geoeconomics. It’s really frightening, I think. And therefore, somebody said, we are not in an epoch of neoliberalism as so many social movements have fought against neoliberalism. Today, we are caught in neo-illiberalism. So we have the worst of both, right? We have illiberal politics and we have the greed of corporations. So in my view, I would like a better understanding among nation states, better understanding among peoples. And like Jorge said, I think regardless of whether it’s good practices in multi-stakeholderism or good practices in other fora, like the Biodiversity Convention, which has benefit sharing mechanisms with communities, with indigenous peoples, we really need to look at international solidarity as a unifying principle. And I’m not the first one to speak about it. And I really, really think that we should go beyond narrow blocks. And, you know, I’m quite happy. to question the G77 and my own government for a healthy politics. So at some level, I think that we need to understand why people are doing what they are doing and what they’re trying to protect, right, in an AI economy where most people are left behind. So we reject bad politics and we reject very poor economics. What we really want is a solidarity vision of interdependence and mutual reciprocity. Thank you.

Anrienette Esterhuysen: Thanks, Aineta. Amrita.

Amrita Choudhury: I agree to what Anita mentioned and even Jason mentioned and what you were saying. There are gaps which need to be addressed, not necessarily creating new structures. And what Gitanjali mentioned, we need to also sometimes look back and see the reach we have currently. If you look at the IGF and its structure, it’s huge. If you’re saying the IGF is not working on new things, look at what, for example, the Policy Network on AI or Internet Fragmentation is doing. The challenge today is when the reports come out, who is viewing it? Is it going to the necessary governments to see that they also reflect, like the policy P&AI is working mostly on developing nations, sustainability, labor wages, which are critical things for developing countries. Are the messages going? There have been many things which have come up from many of the meetings to strengthen the IGF. But have they really been implemented? Obviously the leadership panel did come in, the multi-year themes have come in, but how much more has it been used by the member states? I think that’s also important. There are gaps, but many things are being cribbed about. You can use these platforms. So I would say use existing resources and I’ll leave it at that. Thanks a lot.

Anrienette Esterhuysen: David.

David Fairchild: I’ll be very quick because I saw you got the two minutes.

Anrienette Esterhuysen: It will be done in three minutes, so you can relax.

David Fairchild: Okay. I’m agnostic to the name. I think it’s what color the cat is and whether it catches my statement. My fear is that we’re witnessing a centralization and a New Yorkification which in some parts is justified for the multilateral system but is being done at the detriment of the existing system and I’ll leave it there. Because I think what we’re suffering from is from a collective proximity bias. It’s like what have you done for me lately as opposed to what has WIS has done over 20 years and I think my hope I’ll leave with is sort of like that we wake up in time to sort of realize that the IGF actually does serve the entire community but and in that is in fact one of our positions is by stabilizing the funding and stabilizing the IGF we can actually bring it to where the voices need to be heard. I mean this is a very homogenous community at the IGF and we struggle every year to bring the different voices the different opinions around the table because that’s you know you can’t make a pearl without sand.

Gitanjali Sah: Thanks David. And Reda I’ll just share the hope that you know ITU as a UN agency specialized agency on digital we stand ready to support provide our secretariat support to all not only to member states but you know we have sector membership academia so we are there to support and to ensure that there is the process going forward as multi-stakeholder and you know that in the vision of WIS is beyond 2025 we do see some of these strengthened foundations of WIS. Thank you.

Jorge Cancio: So to the brand I think the IGF is already has been for many years the digital cooperation or governance forum if the rebranding is good for branding purposes let’s be open about it. My fear is that the entire WIS system or the UN system doesn’t deliver on the promises. on really having a digital present where nobody is left out. And one fear there is that this proliferation of processes of fora makes the inclusivity and the work more difficult. And the hope is really the creativity of this and many other communities in being able to find solutions together. And I think that with that creativity that we’ve witnessed many times here in the IGF, we are able to update the global architecture, which is just a means to deliver on the goals we want to have to have a digital fair present and future.

Anrienette Esterhuysen: Thanks very much, Jorge. And I’m really sorry that we ran a bit over time. And I think, I mean, if there’s one key takeaway here, is that there’s a lot more to be said about the what. And I think also about the how. But I think the one key takeaway for me from your inputs in this session, and Valeria, I lost my Zoom connection. So I want to apologize to online comments that we’ve not included. But I think the lesson here is that even after 20 years more, if we add Geneva of WSIS implementation, we’re still grappling with issues of power, with issues of inclusion, with delivery and implementation. We recognize the strengths of the multi-stakeholder approach. We recognize its weaknesses. And I think we do see the IGF as a place where we can address that. And we see NetMundial as one of the tools we can use. But I think, so for me, any new process that’s trying to set up and enter this arena of digital cooperation really needs to keep in mind complexity and can we really afford to start new processes which after 20 years will be at this moment of learning and realization and solidarity and lack of solidarity that we are at now. We really can do better, I think. So let’s continue and let’s use our WSIS and our IJF processes to do this. So thanks very much everyone for your participation and thanks to everyone in the room and thanks to our tech people. Apologies. Thanks very much to Jason and Anita and all

Jason Pielemier: the online participants. Thank you, Henriette. Thank you, Bruno. Thank you, Valeria.

Agreement Points

IGF as key platform for GDC follow-up and implementation

Amrita Choudhury

Jason Pielemier

David Fairchild

Nigel Cassimire

IGF as key platform for GDC follow-up and implementation

IGF as ongoing mechanism for flexible stakeholder engagement

IGF under threat, needs strengthened mandate in WSIS+20 review

IGF as place to develop concrete targets for GDC implementation

Multiple speakers agreed on the importance of the IGF as a platform for implementing and following up on the Global Digital Compact, emphasizing its flexibility and multi-stakeholder nature.

Need to build on existing frameworks rather than create new ones

Jorge Cancio

Gitanjali Sah

Juan

IGF part of larger WSIS architecture, not standalone solution

Build on existing WSIS framework and UN mechanisms like UNGIS

Focus on unique characteristics of each process (WSIS Forum, IGF, etc.)

Several speakers emphasized the importance of leveraging and improving existing frameworks and processes rather than creating new ones, to avoid duplication and increase efficiency.

Similar Viewpoints

Both speakers expressed concern about threats to the IGF and emphasized the need to strengthen its mandate and resist efforts to weaken the multi-stakeholder model.

David Fairchild

Jason Pielemier

IGF under threat, needs strengthened mandate in WSIS+20 review

Need to resist efforts to weaken IGF and multi-stakeholder model

Both speakers highlighted the importance of updating existing frameworks to address emerging technologies like AI, with a focus on the needs of developing countries.

Anita Gurumurthy

Amrita Choudhury

Need to update WSIS Action Lines to address new issues like AI and data governance

Importance of addressing developing country needs in AI policy

Unexpected Consensus

Recognition of persistent digital divides despite progress

Gitanjali Sah

Amrita Choudhury

Anita Gurumurthy

Significant achievements in areas like telecenters and distance learning

Persistent challenges in connectivity and digital divides

Need for renewed focus on people-centered information society vision

Despite coming from different perspectives, these speakers all acknowledged both the progress made in digital development and the persistent challenges, suggesting a nuanced understanding of the current state of digital inclusion.

Overall Assessment

Summary

The main areas of agreement centered on the importance of the IGF in implementing the GDC, the need to build on existing frameworks, and the recognition of both progress and persistent challenges in digital inclusion.

Consensus level

Moderate consensus was observed on key issues, with some divergence on specific approaches. This suggests a shared understanding of the importance of digital cooperation, but potential challenges in agreeing on specific implementation strategies.

Different Viewpoints

Role and effectiveness of the IGF

Jason Pielemier

David Fairchild

Jorge Cancio

IGF as ongoing mechanism for flexible stakeholder engagement

IGF under threat, needs strengthened mandate in WSIS+20 review

IGF part of larger WSIS architecture, not standalone solution

While Jason Pielemier views the IGF as a flexible mechanism for engagement, David Fairchild emphasizes the need to strengthen its mandate due to perceived threats. Jorge Cancio, however, sees the IGF as part of a larger WSIS architecture rather than a standalone solution.

Approach to digital cooperation processes

Anita Gurumurthy

Jorge Cancio

Gitanjali Sah

Need to update WSIS Action Lines to address new issues like AI and data governance

Avoid duplication and proliferation of new forums/processes

Build on existing WSIS framework and UN mechanisms like UNGIS

Anita Gurumurthy advocates for updating WSIS Action Lines, while Jorge Cancio warns against creating new forums. Gitanjali Sah suggests building on existing frameworks, showing different approaches to addressing digital cooperation.

Unexpected Differences

Perception of WSIS relevance

Anita Gurumurthy

David Fairchild

Need for renewed focus on people-centered information society vision

Fragmentation between member states on vision for internet governance

While Anita Gurumurthy advocates for renewing focus on the WSIS vision of a people-centered information society, David Fairchild highlights the fragmentation among member states regarding internet governance. This unexpected difference shows contrasting views on the relevance and unity of the WSIS vision in current discussions.

Overall Assessment

summary

The main areas of disagreement revolve around the role and effectiveness of the IGF, approaches to digital cooperation processes, and the relevance of existing frameworks like WSIS in addressing current challenges.

difference_level

The level of disagreement is moderate, with speakers generally agreeing on the importance of digital cooperation but differing on specific approaches and priorities. This implies a need for further dialogue and compromise to develop a cohesive strategy for implementing the GDC and WSIS outcomes.

Partial Agreements

All speakers agree on the importance of the IGF and digital inclusion, but differ on how to achieve these goals. Amrita focuses on the IGF’s role in GDC implementation, Anita emphasizes addressing inequity and civil society participation, while Gitanjali highlights past achievements in digital development.

Amrita Choudhury

Anita Gurumurthy

Gitanjali Sah

IGF as key platform for GDC follow-up and implementation

Address inequity and renew commitment to civil society participation

Significant achievements in areas like telecenters and distance learning

Similar Viewpoints

Both speakers expressed concern about threats to the IGF and emphasized the need to strengthen its mandate and resist efforts to weaken the multi-stakeholder model.

David Fairchild

Jason Pielemier

IGF under threat, needs strengthened mandate in WSIS+20 review

Need to resist efforts to weaken IGF and multi-stakeholder model

Both speakers highlighted the importance of updating existing frameworks to address emerging technologies like AI, with a focus on the needs of developing countries.

Anita Gurumurthy

Amrita Choudhury

Need to update WSIS Action Lines to address new issues like AI and data governance

Importance of addressing developing country needs in AI policy

Key Takeaways

The IGF is seen as a key platform for implementing WSIS and GDC outcomes, but its role and mandate need to be strengthened

There is a need to coordinate and harmonize various digital cooperation processes to avoid duplication and fragmentation

Existing WSIS frameworks and UN mechanisms should be built upon rather than creating entirely new structures

Significant progress has been made in digital inclusion, but major challenges and divides persist

There are tensions between different visions for internet governance among member states

Civil society participation and addressing inequity remain important priorities

Resolutions and Action Items

Use the upcoming WSIS+20 review as an opportunity to strengthen the IGF’s mandate

Update WSIS Action Lines to address new issues like AI and data governance

Develop concrete targets for GDC implementation through the IGF

Ensure IGF discussions and outputs reach relevant government stakeholders

Unresolved Issues

How to balance multilateral and multi-stakeholder approaches in digital cooperation

How to address the ‘centralization’ and ‘New Yorkification’ of digital governance processes

Whether the IGF should be renamed to reflect its broader digital cooperation role

How to ensure adequate funding and resources for the IGF

How to bring more diverse voices into IGF discussions

Suggested Compromises

Focus each process (WSIS Forum, IGF, etc.) on its unique characteristics to avoid duplication

Use existing IGF structures like Policy Networks to address emerging issues rather than creating new forums

Be open to rebranding the IGF if it helps communicate its broader role, while maintaining its core functions

The multi-stakeholder approach entrenches existing dynamics of power and influence in internet governance.

speaker

Anrienette Esterhuysen

reason

This provocative statement challenged assumptions about multi-stakeholder processes and sparked reflection on power dynamics.

impact

It led to a nuanced discussion about the strengths and limitations of multi-stakeholder approaches, with participants offering different perspectives based on their experiences.

The GDC is a baby of WSIS. […] And what is the role of the IGF in that game? So that was also part of the question. I would zoom out and say the IGF, you cannot just talk about the IGF because the IGF is part of the Swiss army knife that is composed by the WSIS architecture.

speaker

Jorge Cancio

reason

This comment provided important historical context and framed the IGF as part of a larger ecosystem of digital governance mechanisms.

impact

It broadened the discussion beyond just the IGF to consider how different mechanisms and processes fit together in the overall digital governance landscape.

And from the UN perspective, the interagency mechanism of the UN called UNGIS, the United Nations Group on Information Society, that’s really an effective mechanism and that should be built on and used by the UN system.

speaker

Gitanjali Sah

reason

This comment introduced a specific UN mechanism that many participants may not have been familiar with, highlighting existing coordination efforts.

impact

It added depth to the discussion about coordination mechanisms and emphasized building on existing structures rather than creating new ones.

My fear is that we’re witnessing a centralization and a New Yorkification which in some parts is justified for the multilateral system but is being done at the detriment of the existing system and I’ll leave it there.

speaker

David Fairchild

reason

This comment raised concerns about shifts in power and decision-making within the UN system that could impact existing digital governance processes.

impact

It introduced a note of caution into the discussion and prompted reflection on the potential downsides of changes to the existing system.

For civil society, we are caught at a moment politically at this point in time, between very, very scary geopolitics and greedy geoeconomics. It’s really frightening, I think. And therefore, somebody said, we are not in an epoch of neoliberalism as so many social movements have fought against neoliberalism. Today, we are caught in neo-illiberalism.

speaker

Anita Gurumurthy

reason

This comment provided a broader geopolitical and economic context for the challenges facing digital governance, introducing the concept of ‘neo-illiberalism’.

impact

It elevated the discussion to consider larger global trends and their impact on digital governance, encouraging participants to think beyond just technical or procedural issues.

Overall Assessment

These key comments shaped the discussion by broadening its scope from specific mechanisms like the IGF to the larger ecosystem of digital governance. They encouraged participants to consider historical context, existing structures, power dynamics, and global geopolitical trends. The discussion moved from technical details to more fundamental questions about the goals and challenges of digital cooperation in a complex global landscape. This led to a rich, multifaceted conversation that highlighted both the progress made and the significant challenges that remain in achieving inclusive and effective digital governance.

How can the IGF be more effectively resourced to fulfill its expanded role in coordinating digital cooperation processes?

speaker

Jason Pielemier

explanation

Jason highlighted the need for sufficient resources for the IGF to effectively coordinate between various digital cooperation processes, which is crucial for avoiding duplication and fragmentation.

What specific actions can be taken to update the WSIS Action Lines to address current digital challenges like AI governance and data sharing?

speaker

Anita Gurumurthy

explanation

Anita suggested updating WSIS Action Lines to include modern digital issues, which is important for ensuring the continued relevance of WSIS framework in addressing current technological challenges.

How can the IGF develop concrete targets for implementing the Global Digital Compact?

speaker

Nigel Cassimire

explanation

Nigel proposed using the IGF to develop specific implementation targets for the GDC, which could provide a clearer roadmap for achieving the GDC’s high-level objectives.

What steps can be taken to ensure that the WSIS+20 review strengthens rather than weakens the IGF’s mandate?

speaker

Jason Pielemier

explanation

Jason emphasized the importance of using the WSIS+20 review to strengthen the IGF, which is crucial for maintaining a robust multi-stakeholder forum for internet governance.

How can we improve the dissemination and impact of IGF outputs, particularly to governments and policymakers?

speaker

Amrita Choudhury

explanation

Amrita highlighted the need for better communication of IGF outcomes to ensure they influence policy decisions, which is essential for the IGF to have real-world impact.

What strategies can be employed to resist attempts to weaken or co-opt the IGF?

speaker

Jason Pielemier

explanation

Jason expressed concern about efforts to undermine the IGF and called for strategies to counter these attempts, which is important for preserving the IGF’s integrity and effectiveness.

How can we foster greater international solidarity in digital cooperation efforts?

speaker

Anita Gurumurthy

explanation

Anita emphasized the need for international solidarity in addressing digital challenges, which is crucial for overcoming geopolitical tensions and ensuring equitable digital development.

What measures can be taken to avoid the ‘New Yorkification’ of digital cooperation processes while maintaining necessary multilateral engagement?

speaker

David Fairchild

explanation

David raised concerns about centralization of processes in New York at the expense of existing systems, highlighting the need to balance multilateral and multi-stakeholder approaches.