Global Principles for the Stability and Resilience of the InternetEuropean Commission

28 September 2011 - A Workshop on Security in Nairobi, Kenya


The Internet has become a key instrument for social, political and economic activities in developed countries and, as broadband penetration increases, will arguably become so also in developing ones. This implies a strong dependency on both the basic infrastructure of the Internet and on the services that use it. It is therefore vital that the resilience and stability of this global network and networks is ensured.

This is a task that no single stakeholder group – industry, public authorities, civil society, the technical and academic communities – can hope to succesfully achieve by itself. On the contrary, a multi-stakeholder approach, based on a clear demarcation and division of roles and responsibilities, must be sought.

Furthermore, as the Internet is a global network, no single country or region of the world can hope to guarantee the stability and resilience of "its own" Internet. Past and recent events demostrated that Internet disruptions – whatever their source – in one part of the world can easily produce negative effects in others.

On the other hand, the emergence of increasingly more sophisticated threats can easily lead public authorities, industry or other stakeholders to push for national and possibly uncoordinated approaches. While every sovereign State has the right to safeguard national security and the well-being of its citizens, including via national approaches to ensuring the resilience and stability of the Internet, an uncoordinated approach could in the long-run be harmful to national interests themselves, for example by depriving citizens, economic actors and public authorities of the benefits that a true global, interoperable Internet can bring.

"Hard law" approaches to this coordination problem, for example via treaties or similar insturments of international law, have been suggested and even implemented for some specific areas (e.g. the Council of Europe Budapest Convention on Cybercrime). However, an approach solely based on "hard law" may have inherent difficulties in coping with the urgency and the fast-moving nature of the challenges we are facing. Furthermore, it is necessary to analyse whether, in a multi-stakeholder environment, States should be the only actors "obliged" and therefore held potentially responsible for disruptions to the stability and resilience of the Internet; or whether an international regime of risk management and allocation of responsibilities/liabilities, similar to already existing contractual ones, could provide benefits.

A "principles-based" approach – i.e. devising global principles and guidelines that all stakeholders around the world could use as a reference in developing their own approaches to the matter – could bear fruits more efficiently and effectively. The mechanisms and processes to "translate" these principles into "action" should also be discussed, including on the basis of the role of principles in international law.

In the course of 2009 and 2010 the European Commission, in the context of its action plan on Critical Information Infrastructures Protection, worked with experts from EU Member States to develop draft principles and guidelines for the resilience and stability of the Internet. This workshop would be an occasion to present such principles and discuss with multiple stakeholders from across the globe their strong and weak points; compare them with other existing principles which aim, directly or indirectly, at strengthening the resilience and stability of the Internet; explore how "old" and "new" media could complement each other to achieve this goal; and serve as a basis for the development of global principles.


A brief substantive summary and the main events that were raised:

• Antti Peltomaki (European Commission) presented first briefly "European principles and guidelines for Internet resilience and stability", in particular highlighting the need to ensure close cooperation of private and public sector in this area.

• Michael Rotert (eco association) explained that from its origins Internet was supposed to be resilient. Moreover, different organisations, for instance ICANN, RIPE and other regional organisations are successfully fulfilling their task in ensuring the stability and resilience of the Internet. The issues that need to be addresses are external to the architecture of the Internet, for instance the issue of power supplies.

• Daniel Wilson (BBC) welcomed the actions of the European Commission in the area of Network and Information Security. He highlighted the need to ensure the right to receive and impart information. We problems in this area are not new for BCC, as it was experienced during Olympic Games in China and then, during the Arab uprising. Therefore, a debate on blocking websites in the spirit of multistakeholder approach is needed to answer the question on how to address those problems.

• Andrei Robachevsky (ISOC) said that the issue of the stability and resilience should not be considered as purely technical. The right balance between freedom of expression and human rights should be defined. Therefore, a fair debate is needed in the spirit of the multistakeholder approach. This also requires international cooperation.

• Ben Wagner (European University Institute) explained that it is important to ensure the stability and resilience of the Internet which would be free and open. This debate is of particular importance in the current political context.

• Teresa Reira (Member of the European Parliament) made a statement about the importance of ensuring the stability and resilience of the Internet.


The following points were raised in the discussion by the participants to the workshop:

- Key notions may require more precise definition, for instance what should be exactly the object of the stability

- Stability and resilience have a direct impact on the efficiency of the network. Practices such as filtering decrease the efficiency and resilience of the Internet

- Public authorities should have a possibility to intervene in the functioning of the Internet in very limited situations

- Some participants to the workshop claimed that the only way to ensure stable and resilient Internet is by ensuring net neutrality

 Concrete benchmarks may be developed to assess stability and resilience of the Internet

 So far, private sector was responsible for the stability and resilience of the Internet. The involvement of public sector at current stage should be well defined, for instance as the coordinator between different actors in the area of ICT.

 Also, the choice of regulatory measures should be well established. In many areas, soft law may be sufficient to address concerns related to Internet stability and resilience