52014DC0072

1.           Introduction

For over fifteen years, the EU has helped to sustain and develop the Internet: as an essential part of life and a fundamental pillar of the Digital Single Market, the Internet has fostered innovation, growth, trade, democracy and Human Rights[1]. Growth related to the Internet economy is forecast at almost 11% in the EU, with a contribution to GDP expected to rise from 3.8% in 2010 to 5.7% in 2016[2]. Small and medium-sized enterprises intensively using the Internet grow almost twice as fast as others[3]. This economic potential needs to be further exploited ensuring that individuals can access the content, goods and services they want, and control which personal data they want to share or not. Secure, stable and resilient networks form the basis of a trusted and flourishing Internet economy[4]. An open and free Internet in which all rights and freedoms that people have offline also apply online facilitates social and democratic progress worldwide.

Sustainable governance of the Internet involving all stakeholders[5] is essential to preserve these benefits. Internet governance involves a wide variety of organisations[6], and is broadly understood to refer to the "development and application by Governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet"[7].

Recently, conflicting visions on the future of the Internet and on how to strengthen its multistakeholder governance in a sustainable manner have intensified. Moreover, revelations of large-scale surveillance programmes and a fear of cybercrime have negatively affected trust in the Internet. Taken together, a continued loss of confidence in the Internet and its current governance could slow down innovation and the growth of European internet companies. It could also lead to pressure for new regional and national governance structures that might lead to a fragmentation of the Internet.

This Communication proposes a basis for a common European vision for Internet governance

l to defend and promote fundamental rights and democratic values, and multi-stakeholder governance structures that are based on clear rules that respect those rights and values[8],

l as a single, un-fragmented network, subject to the same laws and norms that apply in other areas of our day-to-day lives; and where individuals can benefit from their rights, and from judicial remedies when those rights are infringed.

l governed by a genuine multistakeholder model

· where the necessary inter-governmental discussions are anchored in a multistakeholder context in the full understanding that the Internet is built and maintained by a variety of stakeholders, as well as governments;

· where decisions are taken on the basis of principles of good governance, including transparency, accountability, and inclusiveness of all relevant stakeholders;

l with a strengthened and reformed Internet Governance Forum;

l with a globalised Internet Corporation for Assigned Names and Numbers (ICANN) and Internet Assigned Numbers Authority (IANA).

This Communication builds on the European Commission's previous Communication on Internet Governance in 2009, in particular regarding the strengthening of the multi-stakeholder model. It does not call for any new international legal instrument to address the issues of Internet governance[9].

This Communication focuses on the main policy areas relevant to the complex Internet governance ecosystem.  The main areas of current debate, namely the development of Internet governance principles, cooperative frameworks and core Internet functions are addressed in Sections 2, 3 and 4. Section 5 makes concrete proposals for how to strengthen the current multi-stakeholder model. Sections 6, 7 and 8 look ahead to some of the key issues that must be addressed in the context of Internet governance in the future, namely the strong interplay between technical norms and Internet policy, the key challenges in rebuilding trust, and conflicts of jurisdictions and laws. Many of the issues presented will be subject further specific consultations with stakeholders.

2.           A Principles Based Approach

The strength of the Internet lies in its open, distributed nature, based on non-proprietary standards which create low barriers of entry. The European Union has always been committed to the Internet as one single unfragmented space, where all resources should be accessible in the same manner, irrespective of the location of the user and the provider. This is especially so where they relate to human rights and some states, quoting security concerns, attempt to curb global connectivity of their citizens by censorship and other restrictions. Blocking, slowing down or discrimination of content, applications and services goes against the open nature of the Internet[10]. Even when faced with complex regulatory or political challenges, filtering traffic at borders or other purely national approaches can lead to fragmentation of the Internet and could compromise economic growth and the free flow of information. This does not exclude increased efforts towards diversification of the underlying infrastructure such as local internet exchange points and transmission capacity, which can strengthen the resilience and robustness of the Internet, as well as measures necessary to protect fundamental rights and to address concerns raised by revelations of large-scale surveillance and intelligence activities.

For over two years, the Commission has advocated an approach summarised by the COMPACT acronym[11]: the Internet as a space of Civic responsibilities, One unfragmented resource governed via a Multistakeholder approach to Promote democracy and Human Rights, based on a sound technological Architecture that engenders Confidence and facilitates a Transparent governance both of the underlying Internet infrastructure and of the services which run on top of it.

The COMPACT builds on the Tunis agenda of 2005. Since then there has been a proliferation of Internet governance principles in various fora but in most cases each one supported by a limited set of stakeholders, or limited in geographical scope[12]. A process leading towards a more broadly supported and coherent set of principles for Internet governance would be helpful in finding common ground.

The Commission supports establishing a coherent set of global Internet governance principles, consistent with fundamental rights and democratic values, with all stakeholders. The Commission will facilitate discussions among stakeholders, including via multistakeholder platforms and the High Level Group on Internet Governance[13]. The Commission invites the Council and the European Parliament to contribute to a common European position in all appropriate venues.

3.           A Cooperative Governance Framework

Mutually respectful dialogues between all stakeholders on the future development of global Internet governance are essential given the global economic and societal importance of the Internet. The Internet Governance Forum (IGF) has emerged from the World Summit on Information Society (WSIS) to facilitate forward-looking discussions amongst all stakeholders, many of whom had not cooperated closely before. It is important, however, to improve the quality and format of IGF outcomes to enhance its impact on global Internet governance and policy.

Stronger interactions between stakeholders involved in Internet governance should be fostered via issue-based dialogues, instead of through new bodies. This would allow relevant stakeholders to address specific challenges across structural and organisational boundaries. Such arrangements could be inspired by the distributed architecture of the Internet which should serve as a model for better interactions between all parties.

Moreover, a sustainable model needs to clearly define the roles of actors in the governance process, including the role of public authorities to fulfil their public policy responsibilities consistent with human rights online[14].  Such sustainability also needs a shared commitment by all stakeholders to a coherent set of Internet governance principles.

Accountability mechanisms for actors in the Internet space are essential, including organisations responsible for key Internet tasks. Mechanisms such as self-assessment and independent (peer) review can strengthen implementation and recommend improvements.

The Affirmation of Commitments of the Internet Corporation for Assigned Names and Numbers (ICANN), and its use of multistakeholder review panels could be one inspiration for other organisations and processes.

The Commission will engage with stakeholders to:

- strengthen the Internet Governance Forum, taking account of the Recommendations of the Working Group on Improvements to the IGF[15];

- clearly define the role of public authorities in the multistakeholder context, consistent with an open and free Internet;

- facilitate issues-based multistakeholder dialogue and decision-making across organisational boundaries.

4.           Globalisation of Core Internet Decisions

The Internet has become a key infrastructure with global dimensions. It works well without structural oversight by international intergovernmental bodies. At the same time, greater international balance within the existing structures can increase the legitimacy of current governance arrangements.

In 2005 the US government committed itself to work with the international community to address the public policy concerns with respect to the management of country-code top-level domains (ccTLD)[16]. However, this has not yet been fully implemented. In its 2009 Communication[17] the European Commission pointed to the incomplete internationalisation of Internet core functions and organisations.

Since 2009, ICANN has taken steps in this direction, most notably the establishment of operational hubs in Istanbul and Singapore in 2013. These steps are welcome. However, ICANN's status under Californian law with a contractual relationship to a single country has not changed. The exclusive relationship of ICANN with a single government – as illustrated by its Affirmation of Commitments – originates from the history of the Internet and must become more global in an era of the Internet as it has become a vital support function of societies and economies in the whole world. In October 2013 the leaders of organisations responsible for the coordination of the Internet's technical infrastructure called for accelerating the globalisation of ICANN and IANA functions in their Montevideo statement[18] on the future of Internet cooperation. The Global Multistakeholder Meeting on the Future of Internet Governance, to be hosted by Brazil in April 2014, should identify concrete and actionable steps to address the globalisation of ICANN and the IANA functions[19].

The Commission will work with all stakeholders to

- identify how to globalise the IANA functions, whilst safeguarding the continued stability and security of the domain-name system;

- establish a clear timeline for the globalisation of ICANN, including its Affirmation of Commitments.

5.           Multistakeholder Process

Multistakeholder processes in relation to the Internet have taken various forms ranging from simple networking to decisions with global impact such as those taken by ICANN and the specification setting processes of the Internet Engineering Task Force (IETF)[20]. However, the fact that a process is claimed to be multistakeholder does not per se guarantee outcomes that are widely seen to be legitimate. The Commission continues to support a genuine multistakeholder approach for Internet governance, which can provide this legitimacy.

In order to further strengthen the multi-stakeholder model, the European Commission proposes that multistakeholder processes in relation to Internet policies must fulfil – beyond their consistency with fundamental rights – at least the following requirements:

·Transparency. All stakeholders must have meaningful access to and information on the organisational processes and procedures under which the body operates. This should prevent in particular any proxy activity for silent stakeholders.

·Inclusiveness and Balance. Those responsible for an inclusive process must make a reasonable effort to reach out to all parties impacted by a given topic, and offer fair and affordable opportunities to participate and contribute to all key stages of decision making, while avoiding capture of the process by any dominant stakeholder or vested interests.

·Accountability. There should be clear, public commitments to give regular account to its stakeholders or independent supervisory bodies, and to allow any party to seek redress through effective dispute resolution mechanisms.

In addition, multistakeholder approaches should make appropriate efforts to counter the significant differences in the ability to participate across the various stakeholder groups to better ensure representativeness, e.g. by allowing remote participation by default. Further, it should be recognised that different stages of decision making processes each have their own requirements and may involve different sets of stakeholders. The Commission welcomes that some stakeholder groups are working on the development of multistakeholder guidelines and encourages further efforts. Sound multistakeholder processes remain essential for the future governance of the Internet. At the same time, they should not affect the ability of public authorities, deriving their powers and legitimacy from democratic processes, to fulfil their public policy responsibilities where those are compatible with universal human rights. This includes their right to intervene with regulation where required.

The European Commission is firmly committed to the multistakeholder model of Internet governance. The Commission calls upon stakeholders to further strengthen the sustainability of the model by making actors and processes more inclusive, transparent and accountable.

The Commission will work with stakeholders on the exchange of best practice.  

Enabling inclusive participation

The broad range of Internet-related policy areas, together with its complex institutional framework, represents an obstacle to effective participation in Internet policy making for many stakeholders. This can contribute to a general sense of non-inclusion and disenfranchisement. In this context, the needs of persons with disabilities must also be taken into account[21].Further efforts are also needed to expand multistakeholder structures in countries whose stakeholders are currently not sufficiently represented. The support of the European and North American Regional Internet Registries in the establishment of the African Regional Internet Registry is a good example.

One way to address this challenge is to facilitate access to forums and information by remote participation in meetings as a general rule. Further ahead, data mining and data visualization tools applied to openly available data and information on Internet policy and governance can enable broader stakeholder participation.

The Commission plans to develop an online platform, named Global Internet Policy Observatory (GIPO)[22] through which such information can be channelled and made widely accessible. GIPO aims to be a global online resource for monitoring Internet policy-making, regulations and technology to help identify links between different forums and discussions, in order to overcome "policy silos" and help to contextualise information. This would make it easier for stakeholders with limited resources to follow, understand and engage with Internet governance and policy.[23]

The Commission proposes to launch the technical development of the Global Internet Policy Observatory (GIPO) in 2014 as a resource for the global community.

The Commission calls on stakeholders to engage in capacity building in order to  establish and promote multistakeholder processes in countries and regions where such processes are not or less developed.

The Commission, together with recipients, will continue in 2014 to strengthen its development assistance programmes in support of media development and freedom of expression, as well as technological, policy and regulatory capacity-building related to the Internet.

There is some experience with operating a multistakeholder model for the formulation of Internet-related policies at the national level. In the EU, examples include the French Conseil national du numérique and the UK Multistakeholder Advisory Group on Internet Governance. Outside the Union, the Brazilian Comitê Gestor da Internet is a prominent example where the multistakeholder process is used in the consultative preparation of policies pertaining to the Internet[24]. Similar approaches might be usefully employed at European level to minimize future fragmentation of Internet governance related policies, possibly building on the experience of existing networks[25]. This would respond to the need to have an early upstream consultation mechanism in place that is adapted to the fast pace of technological change and the resulting implications on Internet governance related policies, through a continuous dialogue with a wide and complex range of stakeholder groups. Another important function could be to help coordinate the activities of existing advisory bodies in the EU whenever relevant. The Commission needs to be able to engage in a meaningful manner with the diverse set of Internet stakeholders in Europe, also including grass-roots initiatives that form an integral part of the Internet ecosystem.

The Commission will launch a broad consultation, of civil society, the technical and academic communities and European industry, as well as the European Parliament and Member States, on how to ensure adequate and transparent multi-stakeholder involvement in the formulation of future European Internet governance policies.

6.           Technical Norms Shaping the Internet

Technical details of Internet protocols and other information technology specifications can have significant public policy implications. Their design can impact on human rights such as users' data protection rights and security, their ability to access diverse knowledge and information, and their freedom of expression online. It also affects other stakeholders, including companies conducting business online, whose security concerns also need to be taken into account.

The Commission welcomes the efforts of the technical community to establish approaches to specification setting based on public policy concerns. Positive examples include technical guidance for privacy considerations in new protocols[26], the recognition of multilingualism for internationalised domain names, or accessibility standards for persons with disabilities. Such efforts are especially important as IP-based technologies are increasingly used in traditional economic sectors such as energy, transport, finance and health.

However, even where the technical discussion process is open, key decisions are frequently made by technical experts in the absence of broad stakeholder representation. An effective multistakeholder approach to specification setting on the internet will be based on efficient mutual interactions between technical and public policy considerations[27] so that technical specifications more systematically take into account public policy concerns. This is particularly important when legal rights of individuals, especially their human rights, are clearly impacted. At the same time, the distribution and administration of Internet resources follows rules that are created in multi-stakeholder processes.

The implications of this evolution in norm setting in relation to the Internet require an open public debate with all concerned.

It is also important to support the implementation of open standards by the European Internet industry and the involvement of the European Internet industry in the development of open internet standards.

The Commission, together with interested parties, including the European Internet industry, proposes to convene a series of workshops with international experts in law, ethics[28], social sciences, economics, international relations and technology. This expected output will be concrete and actionable recommendations to ensure coherence between existing normative frameworks and new forms of Internet-enabled norm-setting.

The Commission encourages all stakeholders to strengthen (and where appropriate create) structured mechanisms to allow regular, early and truly inclusive upstream participation, review and comment in technical decisions. These structured mechanisms should also strive towards consistency of technical decisions with human rights

7.           Building Confidence

Confidence in the Internet and its governance is a prerequisite for the realisation of the Internet's potential as an engine for economic growth and innovation. The safety, security, stability and resilience of the Internet are crucial to preserve and foster the economic and societal benefits of the digital ecosystem.

The Commission is addressing these challenges, notably via the reform of the EU data protection framework[29], the effective fight against cybercrime and an ambitious approach to cyber-security, such as the EU Cybersecurity strategy[30]. This strategy aims at making the EU online environment the safest in the world, while preserving and further promoting fundamental rights[31]. A rising number of activities online directly contravene the exercise of fundamental rights.

Cybercrime, including online child abuse[32], identity theft, cyber attacks and non-cash payment fraud, and other forms of unlawful processing of personal data pose a serious threat to confidence in the use of the Internet. The Commission is committed to drastically reducing cybercrime.

The role of the technical community is crucial, including by ensuring confidence in IP based communications and the resilience of cryptosystems to increase the trustworthiness of IP-based communications. This would support an effective fight against cyber-crime and ensure the privacy of users.

Large-scale surveillance and intelligence activities have also led to a loss of confidence in the Internet and its present governance arrangements. The Commission addressed some of these concerns notably in its Communication on rebuilding trust in international transfers of personal data[33]. The implications for global Internet governance must also be addressed.

The Commission will work with the Council and Parliament to achieve rapid adoption and implementation of key legislation, including the reform of the data protection framework and the proposed Directive on network and information security, in order to strengthen trust online.

The Commission is committed to working with partners to rebuild trust in the Internet, including through the strengthening of its global governance, which is an essential pre-requisite for a sustainable future for an open Internet.

8.           Conflicts of jurisdictions and laws

Like other cross-border activities, the Internet poses a series of challenges for the application of laws. While such challenges are not always specific to the Internet, the sheer quantity of cross-border transactions of various types which take place online, call for a more thorough reflection on how existing rules apply on the Internet.

Extraterritorial application of national law, often based on the geographies of the Domain Name System, has led to a number of contradictory legal decisions[34]. This can lead, for example, to cases where domain names used in one jurisdiction are revoked on the basis of provisions under another jurisdiction, depending on the geographical location of the registrar or registry.

Many activities on the Internet are increasingly governed by contractual arrangements between private companies and users on the Internet. Non-contractual obligations of e-commerce traders and intermediaries are also relevant in this context. The complexity and, in some cases, the opaqueness of these arrangements, including for what concerns provisions on applicable jurisdiction and law, may give rise to a certain degree of legal uncertainty.

From the point of view of private law, uniform European rules on jurisdiction and the recognition and enforcement of judgments and conflict rules exist in some areas, in particular in respect of contractual and extra-contractual obligations. These rules regulate such problems within the European Union. At the international level, conflict rules are insufficiently developed, leading to unsolved conflicts of laws beyond the Union. In particular for Internet related services that are inherently cross-border in nature, such as cloud-computing services, this complexity at international level can be harmful for growth.

Addressing the tension between an international Internet and national jurisdictions should also take into account the diversity of cases that can be subject to these conflicts, which are not apt to be addressed by one single mechanism.

The European Commission will launch an in-depth review of the risks, at international level, of conflicts of laws and jurisdictions arising on the Internet and assess all mechanisms, processes and tools available and necessary to solve such conflicts. All options for action at the Union or international level will subsequently be carefully considered, including possible legislative initiatives or additional guidelines as needed, subject to appropriate impact assessments. This work will build on existing policies.

9.           Conclusions

The European Union, and the world at large, needs to take a conscious position on the future shape and development of Internet governance. The Commission believes that the EU institutions and Member States need a common vision for the future model of Internet governance. The Commission plans a progress report in 2015 on the key elements outlined in this Communication in the context of global developments in Internet Governance.

The Internet should remain a single, open, free, unfragmented network of networks, subject to the same laws and norms that apply in other areas of our day-to-day lives. Its governance should be based on an inclusive, transparent and accountable multistakeholder model of governance, without prejudice to any regulatory intervention that may be taken in view of identified public interest objectives such as to ensure the respect for human rights, fundamental freedoms and democratic values as well as linguistic and cultural diversity and care for vulnerable persons. A safe, secure, sound and resilient architecture is the basis for trust and confidence of Internet users. At the same time, the innovation power of the Internet must be maintained with the full participation of the European Internet economy, building on a strengthened digital single market interconnected to the world. This requires careful yet robust stewardship.

The European Union is well placed to play its part in the good governance of the Internet, as it continues to evolve towards a modern networked society, with distributed centres of power and decision making. The Commission invites the Council and Parliament, the Economic and Social Committee, the Committee of the Regions, as well as Member States, to agree on a common vision as highlighted in this Communication and to defend it jointly in the forthcoming international debates.

[1]               See COM(1998)111, COM(1998)476, COM(2000) 202, OJ C 293, 14.10.2000, COM(2009)277, EP resolution 15.6.2010 (2009/2229(INI))

[2]               Boston Consulting Group, 'The $4.2 Trillion Opportunity – the Internet Economy in the G-20', 3/2012

[3]               McKinsey Global Institute 'Internet matters: The Net's sweeping impact on growth, jobs, and prosperity', 2011

[4]               Join(2013)1, 'Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace', 7.2.2013

[5]               According to the Tunis Agenda, Internet Governance should involve governments, the private sector and civil society (para 34), as well as intergovernmental and international organisations (para 35 (d), (e)) and include the contributions by the academic and technical communities (para 36).

[6]               See e.g. "Introduction to Internet Governance", http://www.diplomacy.edu/IGBook; Mapping Internet Governance project at http://idgovmap.org/;               http://www.icann.org/sites/default/files/assets/governance-2500x1664-21mar13-en.png

[7]               Working Definition of Internet Governance, as endorsed in the conclusions of the WSIS, see           http://www.itu.int/wsis.

[8]                      As enshrined in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, the European Convention on Human Rights and the EU Charter of Fundamental Rights

[9]               In addition, the actions foreseen in this Communication do not require any additional budget beyond current appropriations already foreseen in the current multi-annual financial framework.

[10]             COM(2013)627. Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic communications and to achieve a connected continent.

[11]             Presented at the occasion of the OECD's High-Level Meeting on the Internet Economy, 28.06.2011, http://ec.europa.eu/commission_2010-2014/kroes/en/blog/i-propose-a-compact-for-the-internet

[12]             e.g. OECD Council Recommendation on Principles for Internet Policy Making (2011); Deauville G8 Declaration (2011)

[13]             Commission Expert Group to ensure coordination at the European level in the follow-up to WSIS

[14]                    See paras 35 & 36 Tunis Agenda and COM(2009)277 para 2

[15]             See http://unctad.org/meetings/en/SessionalDocuments/a67d65_en.pdf

[16]             See http://www.ntia.doc.gov/other-publication/2005/us-principles-internets-domain-name-and-addressing-system

[17]             COM(2009)277

[18]             See http://www.internetsociety.org/news/montevideo-statement-future-internet-cooperation

[19]             The IANA functions include (1) the coordination of the assignment of technical Internet protocol parameters; (2) the administration of certain responsibilities associated with the Internet DNS root zone management; (3) the allocation of Internet numbering resources; and (4) other services related to the management of the ARPA and INT top-level domains (TLDs).

[20]                                            See http://www.ietf.org/about/

[21]             This will reflect the commitment undertaken by the EU when concluding the UN Convention on the Rights of  Persons with Disabilities, see http://www.un.org/disabilities/convention/conventionfull.shtml

[22]             See http://ec.europa.eu/digital-agenda/en/news/commission-plans-guide-through-global-internet-policy-labyrinth.

[23]             For the technical development of GIPO and indicative European Union contribution of EUR500,000 has been provisioned in the Horizon 2020 workprogramme for 2014-2015.

[24]             Other relevant examples include the "Internet" advisory committees to the OECD, as well as the Kenyan KICTAnet.

[25]             E.g. EuroDIG, http://www.eurodig.org/

[26]             See http://tools.ietf.org/html/rfc6973

[27]             See Regulation 1025/2012 of 25.10.2012 on European standardisation, Commission Decision of 28.11.2011 setting up the European Multistakeholder platform on ICT standardisation, see https://ec.europa.eu/digital-agenda/en/european-multistakeholder-platform-ict-standardisation

[28]             See also the opinion of the European Groups on Ethics in Science and New Technologies, http://ec.europa.eu/bepa/european-group-ethics/docs/publications/ict_final_22_february-adopted.pdf

[29]             COM(2012) 11, 25.1.2012, 'Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)'

[30]                    JOIN(2013) 1, 'Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace', 7.2.2013 and COM(2013) 48, 'Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union'

[31]                    As enshrined in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, the European Convention on Human Rights and the EU Charter of Fundamental Rights

[32]             Directive 2011/93/EU of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography, and replacing Council Framework Decision 2004/68/JHA and COM(2012) 196, 'European Strategy for a Better Internet for Children', 2.5.2012

[33]             Communication from the Commission to the European Parliament and the Council: Rebuilding Trust in EU-US Data Flows, COM(2013) 846.

[34]             A useful inventory of examples is available from the Internet and Jurisdiction project. See  http://www.internetjurisdiction.net/