 The European Commission is right to insist that critical infrastructure must be secure, resilient, and protected from undue foreign influence. In an era defined by geopolitical rivalry, cyber operations below the threshold of war, and the weaponisation of economic dependencies, it would be negligent not to scrutinise who builds and maintains the systems that keep European societies running.
The Commission’s Cybersecurity Act proposal to exclude “high-risk” foreign suppliers from critical sectors reflects a long-overdue recognition that cybersecurity is not merely a technical problem but a structural and political one. Infrastructure embeds power. Supply chains encode dependency. And digital systems, once deployed, shape the limits of sovereignty far more than abstract declarations ever could. Yet while the premise is sound, the policy as currently articulated leaves too many fundamental questions unanswered. If Europe is serious about securing its infrastructure, it must confront not only who should be excluded, but how, at what cost, and with what consequences for Europe’s place in a deeply interconnected digital world. The Problem of Embedded Dependency One of the most striking gaps in the Commission’s proposal is its limited engagement with legacy infrastructure. European networks — particularly in telecommunications — are not greenfield projects. They are the product of decades of procurement decisions, commercial incentives, and regulatory fragmentation. Equipment from vendors now deemed “high risk” is already embedded deep within core and access networks across multiple member states. Once hardware is embedded, dependency becomes structural. It is not easily reversed without redesigning systems, retraining staff, renegotiating maintenance contracts, and accepting periods of operational risk. This is not an abstract concern: operators have repeatedly warned that forced and accelerated replacement carries significant financial and technical costs, potentially affecting service quality and investment capacity. The Commission’s proposal gestures toward phased implementation, but it does not yet grapple with the political economy of de-risking. Who pays for the transition? Will the EU provide financial support, or will the burden fall disproportionately on operators — and ultimately consumers — in certain member states? Without a credible funding strategy, the policy risks entrenching inequalities between markets rather than strengthening collective resilience. Who Decides What “High Risk” Means? Equally unresolved is the question of classification. The proposed framework would allow the Commission, or a group of member states, to initiate a risk assessment that could lead to supplier exclusion. But the criteria remain deliberately broad: national security concerns, foreign interference, market concentration, and geopolitical context. This ambiguity is politically convenient, but strategically dangerous. Risk is not static. Nor is it confined to adversaries of the moment. If supplier risk is fundamentally tied to state power and political leverage — as the Commission implicitly acknowledges — then today’s trusted partner could become tomorrow’s vulnerability. The uncomfortable but necessary question is this: would Europe ever apply this logic consistently beyond its current focus on China? For decades, the United States has been treated as categorically “low risk,” even as European data, cloud infrastructure, and software ecosystems have become deeply dependent on American companies and subject to U.S. law. Recent geopolitical tensions — including explicit threats tied to territory, trade, or security commitments — illustrate that alliance does not eliminate asymmetry. A credible risk-based framework must therefore be principled rather than selective. If exclusions are perceived as politically motivated rather than analytically grounded, Europe will struggle to defend them legally, diplomatically, and normatively. Security Without Strategic Isolation? There is also a deeper tension at the heart of the proposal: the trade-off between security and openness. Europe’s digital economy does not exist in isolation. Innovation, resilience, and cybersecurity itself depend on global cooperation, shared standards, and cross-border supply chains. A policy that increasingly equates foreign origin with unacceptable risk risks drifting into strategic isolation — or at least strategic fragmentation. Excluding suppliers may reduce certain categories of risk, but it can also reduce competition, slow deployment, and lock Europe into a narrower technological trajectory. In sectors where Europe lacks strong domestic alternatives, exclusion without parallel investment becomes a defensive gesture rather than a strategic one. If digital sovereignty is the goal, it cannot be achieved through restriction alone. It requires sustained investment in European capabilities, research ecosystems, and market scale — none of which can be conjured through regulatory exclusion. The Legal and Normative Dimension There is also a normative dimension that Europe cannot afford to ignore. The EU has long positioned itself as a defender of rule-based governance, proportionality, and non-discrimination in digital policy. Supplier exclusion regimes that lack transparency or objective criteria invite legal challenge — not only from affected companies, but from trading partners and international institutions. If Europe wishes to set a global precedent for responsible infrastructure security, it must show that its decisions are evidence-based, proportionate, and legally robust. Otherwise, it risks legitimising similar measures elsewhere that are far less restrained — including by authoritarian states eager to justify protectionism or technological nationalism under the banner of “security.” A Necessary Policy — Incomplete as Strategy The Commission is right to act. Doing nothing is no longer an option. The idea that Europe can indefinitely rely on globally distributed, politically neutral supply chains is an illusion that the past decade has thoroughly dismantled. But securing critical infrastructure is not merely a question of exclusion. It is a question of managing dependency, financing transition, defining risk honestly, and preserving cooperation where it remains essential. Without addressing these dimensions, the policy risks becoming symbolically powerful but strategically thin. Europe does not need less openness; it needs structured, conditional openness grounded in realism rather than nostalgia. If this initiative is to succeed, it must evolve from a defensive posture into a coherent strategy — one that acknowledges power, cost, and consequence as inseparable from security.  In the first part of this series, I looked at the DNA’s overall structure and direction, and flagged some of the broader concerns it raises. After spending more time with the text, however, additional issues start to emerge.
In this second instalment, I want to focus on two such issues: interconnection and the risk that the DNA could end up pulling Content Delivery Networks (CDNs) into telecom-style regulation. Once you start examining these questions, a third one inevitably follows: what all of this could mean for Internet Exchange Points (IXPs) — an area where Europe is, somewhat paradoxically, a global success story. These are not technical footnotes. They go to the heart of how the Internet functions, how the digital single market operates, and whether the EU’s regulatory choices genuinely support competitiveness, innovation, and growth. 1. Interconnection: the Internet’s Quiet Foundation Interconnection rarely features in political debates, yet it is one of the main reasons the Internet works at all. At its most basic level, interconnection is how independently operated networks exchange traffic with one another. It is what turns thousands of autonomous networks into a single, global Internet. Historically, interconnection has been governed by commercial agreements, not by regulators. Networks peer or purchase transit based on efficiency, performance, and cost. This decentralised, market-led model has allowed the Internet to scale, remain resilient, and support innovation without central coordination. For Europe, interconnection is fundamental. It enables cross-border digital services, lowers costs, supports competition between networks, and allows new entrants to reach users without needing permission from incumbents. In practical terms, it is one of the core enablers of the digital single market. 2. How the DNA Risks Re-regulating Interconnection While the DNA preserves commercial interconnection in formal terms, it materially lowers the threshold for regulatory involvement, creating a pathway — rather than a mandate — for the re-regulation of interconnection over time. The DNA does not explicitly announce a shift toward regulating interconnection. But regulatory change rarely comes that way. Instead, the proposal expands the role of national regulatory authorities in ensuring “end-to-end connectivity,” promoting “ecosystem cooperation,” and resolving disputes between actors involved in connectivity and traffic exchange. This language should ring a bell. It closely resembles arguments that large telecom operators have made for years to justify regulatory intervention in interconnection — including claims that upstream actors should be compelled to contribute financially to network costs. The risk is that interconnection gradually moves from being a commercial arrangement to a regulated relationship. Once regulators are empowered to intervene beyond narrowly defined cases of market failure, incentives shift:
From a competitiveness standpoint, this can be problematic. The Draghi report on European competitiveness makes clear that Europe already struggles with fragmentation, regulatory friction, and barriers to scale. Re-regulating interconnection would add friction where none is needed and undermines one of the Internet’s most successful governance models. 3. What This Means for Internet Exchange Points (IXPs) Any serious discussion of interconnection must also consider Internet Exchange Points. IXPs are one of the Internet’s quiet success stories, and Europe hosts two of the largest and most important in the world: DE-CIX in Frankfurt and AMS-IX in the Netherlands. IXPs are neutral infrastructures that allow networks to exchange traffic efficiently, locally, and at low cost. They reduce latency, improve resilience, and enhance competition. They are also a major reason why Europe has been such an attractive place for CDNs, cloud providers, and global networks to deploy infrastructure. Europe’s leadership in IXPs did not happen by accident. It is the product of decades of regulatory restraint and legal certainty. IXPs thrive because peering at their facilities is voluntary, decentralised, and commercially negotiated. Changing the interconnection regime — even indirectly — puts this model at risk. If interconnection becomes subject to routine regulatory intervention:
One of the striking omissions in the draft DNA is the lack of recognition of IXPs as strategic digital infrastructure. At a time when the EU speaks about resilience, sovereignty, and competitiveness, failing to protect the conditions that made DE-CIX and AMS-IX global hubs is a serious blind spot. 4. CDNs: Not Named, but Very Much in the Crosshairs A second issue that becomes apparent on closer reading of the DNA is the position of Content Delivery Networks. Formally, the proposal insists that it does not regulate content or cloud services. CDNs are not explicitly named as regulated entities. But regulatory scope is often shaped less by what is named and more by definitions, authorisation regimes, and dispute mechanisms. The DNA repeatedly emphasises the convergence of telecom networks, cloud, and edge computing into a broader “digital networks” ecosystem. It also reshapes the general authorisation framework and strengthens dispute resolution mechanisms between “undertakings” involved in connectivity and interconnection. This creates a real risk that CDNs — particularly those with infrastructure deployed inside Member States — could be treated as falling within telecom-style regulation. Not because the DNA clearly mandates it, but because it provides regulators with the conceptual and legal tools to argue that it should. 5. Why This Matters for Europe’s Digital Future Pulling interconnection and CDNs into telecom-style regulation would have predictable consequences:
This sits uneasily with Europe’s ambition to attract talent, lead in AI and cloud, and strengthen its strategic autonomy. An open, well-functioning Internet is not a side issue; it is a prerequisite for innovation, economic growth, and security. 6. What Needs to Change If the DNA is to support Europe’s digital ambitions rather than undermine them, several adjustments are essential:
Closing Note This piece is part of an ongoing series examining the draft Digital Networks Act as it moves through the EU legislative process. Given the scope and complexity of the proposal, no single article can capture all of its implications. Subsequent instalments will look more closely at the role of national regulators, the risk of market fragmentation, and whether the DNA genuinely aligns with Europe’s competitiveness and security objectives. The DNA is ambitious. But ambition alone is not enough. Interconnection, CDNs, and IXPs are not peripheral concerns — they are central to how the Internet works and to whether Europe can compete in the next phase of the digital economy. Getting these issues wrong would not just be a regulatory mistake; it would be a strategic one. Executive Summary
The leaked draft of the proposed Digital Networks Act (DNA) marks a significant shift in EU electronic communications policy. While it formally preserves core principles like net neutrality, competition, and consumer protection, it weakens their practical enforceability. By reframing interconnection, traffic management, and ecosystem relations as primarily commercial matters, the draft reduces the role of public law safeguards and regulatory oversight. The most profound change is on the way the DNA treats interconnection. Technically, the Internet’s scalability, neutrality, and resilience rely on an interconnection model based on settlement-free peering and competitively priced transit, where capacity expansions respond to predictable traffic growth rather than bilateral negotiations. Congestion is treated as a network failure to be remedied through timely upgrades of ports, backhaul, and routing—not as an economic imbalance. This model ensures that quality of service is determined by network design rather than commercial affiliation, preserves the end-to-end principle, and allows new services to reach users without prior negotiation. BEREC has repeatedly found that EU interconnection markets function effectively, with traffic asymmetries reflecting normal demand patterns, and that there is no evidence of systemic congestion or market failure warranting traffic-based contributions or regulatory restructuring. The draft DNA departs from this evidence-based framework by treating interconnection congestion as a commercial dispute resolved mainly through bilateral negotiation or alternative dispute resolution. This enables operators to delay or condition capacity upgrades to strengthen bargaining positions, effectively monetising quality of service. While nominally maintaining access-level net neutrality, the approach permits de facto discrimination at the interconnection layer—functionally equivalent to paid prioritisation but outside the safeguards of the EU’s Open Internet Regulation. Politically, the DNA shifts from a rights-based, competition-oriented governance model toward an infrastructure-centric regime that favors incumbent telco operators and codifies their narrative on traffic imbalance and investment incentives. This risks fragmenting the Digital Single Market, raising barriers for smaller and European service providers, weakening regulatory oversight, and contradicting BEREC’s warnings that monetising interconnection undermines openness, competition, and long-term sustainability. In summary, the draft DNA departs from empirical evidence and regulatory guidance, aligns with incumbent lobbying telco positions, and underestimates the tangible risks to the open Internet, competition, innovation, and consumer welfare. If adopted without substantial revision, it could distort the European Internet ecosystem, accelerate market concentration, weaken practical net neutrality, and threaten the Digital Single Market. 1. Open Internet and Net Neutrality: Formal Continuity, Substantive Regression 1.1 The DNA’s approach The DNA formally integrates the Open Internet Regulation (EU) 2015/2120 into a broader regulatory framework, explicitly stating that it does not alter the “fundamental principles” of equal and non-discriminatory treatment of traffic. However, the draft simultaneously:
1.2 Comparison with BEREC conclusions BEREC has consistently concluded that:
The DNA diverges sharply from these findings by implicitly treating traffic asymmetry and interconnection disputes as systemic problems requiring regulatory reframing. 1.3 Policy risk By relocating critical neutrality issues to the interconnection layer and framing them as commercial disputes, the DNA creates a credible pathway for paid prioritisation and de facto discrimination without formally breaching access-level neutrality rules. This undermines the effectiveness of net neutrality while preserving its appearance. 2. “Fair Share” and Network Contributions: De Facto Adoption Without Accountability 2.1 Embedded assumptions Although the DNA avoids explicit references to “fair share” or mandatory network contributions from content and application providers (CAPs), it embeds the underlying logic by:
2.2 BEREC’s position BEREC has repeatedly found that:
The DNA disregards these conclusions without presenting new empirical evidence. 2.3 Policy risk The result is a stealth policy shift that enables outcomes previously rejected by EU institutions, without the transparency, safeguards, or democratic scrutiny that an explicit “fair share” proposal would require. 3. Interconnection and Access: From Open Architecture to Negotiated Bottlenecks 3.1 Structural change The DNA reframes interconnection as:
This marks a departure from the long-standing European approach that treated interconnection as a foundational element of end-to-end connectivity and market openness. 3.2 BEREC comparison BEREC has emphasised that:
3.3. Policy Risk The draft DNA risks dismantling the invisible regulatory scaffolding that keeps interconnection competitive, replacing it with negotiated bottlenecks that entrench power, fragment the Single Market, and are extremely difficult to unwind. 4. Alternative Dispute Resolution (ADR): Privatising Regulatory Outcomes 4.1 The role of ADR in the DNA The draft DNA strongly promotes ADR for both consumer disputes and interconnection conflicts between undertakings. While ADR can be useful for individual disputes, its expanded role raises concerns when applied to systemic market issues. 4.2 Structural imbalance ADR mechanisms:
4.3 Policy Risk By substituting regulatory oversight with negotiated outcomes, the DNA weakens the ability of NRAs and BEREC to address structural competition and neutrality issues, effectively privatising regulatory enforcement. 5. Competition and Market Structure: Incumbent Bias and Consolidation 5.1 Implicit policy choices The DNA repeatedly prioritises:
Competition is treated as instrumental rather than as a core policy objective. 5.2 Impact on smaller operators and innovators Smaller ISPs, alternative networks, and new market entrants:
This outcome is inconsistent with EU competition policy and digital innovation goals. 5.3 Policy Risk The policy risk is that the DNA hardcodes an incumbent-centric market structure by subordinating competition to scale and “investment certainty,” accelerating consolidation, weakening smaller operators and innovators, and ultimately undermining the EU’s own competition and digital innovation objectives. 6. Consumer Protection: Indirect Harm, Limited Remedies 6.1 The missing consumer perspective While the DNA includes extensive transparency obligations, it fails to address:
6.2 BEREC alignment BEREC has consistently stressed that consumer harm in connectivity markets is often indirect and systemic, requiring proactive regulatory safeguards rather than reliance on transparency and switching alone. 6.3 Policy Risk The policy risk is that the DNA normalises a shift from citizen-centred network governance to infrastructure-centred bargaining, redefining connectivity as a private commercial outcome rather than a public interest service—thereby eroding the EU’s ability to detect, attribute, and correct systemic consumer harm before it becomes structurally embedded. 7. Institutional Balance and Regulatory Capture Concerns 7.1 Shift in governance The DNA:
7.2 Alignment with incumbent lobbying The narrative structure and policy assumptions of the DNA closely mirror positions advanced by large telecom operators and industry associations, particularly regarding traffic imbalance, investment incentives, and ecosystem “fairness.” This raises legitimate concerns about regulatory capture and the marginalisation of evidence-based regulatory conclusions. 7.3 Policy Risk The policy risk is that the DNA recalibrates EU digital governance away from independent, evidence-based regulation toward a negotiation-driven regime shaped by incumbent preferences, creating a perception—and eventual reality—of regulatory capture that weakens institutional credibility, exposes the EU to legal challenge, and undermines trust in the Union’s capacity to govern critical digital infrastructure in the public interest. 8. Conclusions and Policy Imperatives 8.1 Strategic assessment The draft Digital Networks Act cannot credibly be framed as a technical simplification or neutral regulatory adjustment. It constitutes a strategic redirection of EU digital policy, moving away from a rights-based, competition-driven model and towards an infrastructure-centric regime in which access, interconnection, and market outcomes are increasingly shaped by private negotiation rather than public rule-setting. This shift has implications that extend well beyond the telecommunications sector. By prioritising scale, bargaining power, and incumbent sustainability over contestability and openness, the DNA risks weakening the structural conditions that have historically enabled European digital innovation, cross-border growth, and service diversity. In effect, it trades a dynamic, entry-friendly ecosystem for a more static model optimised around large, vertically integrated actors. 8.2 Competitiveness, growth, and the open Internet Europe’s digital competitiveness has never depended on global platform dominance or network scale alone, but on open connectivity, low barriers to entry, and predictable regulatory safeguards that allow new services, applications, and business models to emerge. The DNA’s reorientation threatens these foundations in three ways:
Rather than strengthening Europe’s digital position, the DNA risks locking in low-growth equilibrium dynamics, where rents are redistributed within the connectivity layer while innovation and value creation migrate elsewhere. 8.3 Policy imperatives To safeguard long-term competitiveness, growth, and the integrity of the open Internet, the following corrections are essential:
8.4 Closing warning Absent these corrections, the DNA risks reshaping Europe’s Internet from an open, innovation-enabling infrastructure into a managed network of negotiated access, with adverse consequences for competition, growth, and digital sovereignty. Once embedded, such a shift would be structurally difficult to reverse, diminishing the EU’s capacity to sustain a healthy digital ecosystem and weakening its ability to compete in an increasingly innovation-driven global economy. Disclaimer: This post is part of an ongoing series analysing the draft Digital Networks Act (DNA). Given the size and complexity of the proposal, each instalment focuses on a specific set of issues that deserve closer scrutiny as the legislative process unfolds.  In the midst of Iran’s brutal internet blackout — imposed as nationwide protests surged and authorities cut off connectivity to suppress dissent — a curious actor emerged as both lifeline and lightning rod: Starlink. According to The New York Times, satellite broadband from Elon Musk’s SpaceX appears to have been made freely available for users inside Iran, allowing some citizens to circumvent Tehran’s near‑total communications shutdown.
On its face, this sounds like unequivocal good news. In societies where digital censorship and blackouts have become tools of repression, any mechanism that pierces the information blockade and reconnects people with the world is welcome. Starlink has already proven its utility in Ukraine, Venezuela, and other contested environments. Forced offline by state fiat, Iranians scrambling for access turned to reactors in orbit — a striking demonstration of technology’s promise to uphold freedoms when governments snuff them out. Yet beneath the apparent triumph lies a deeper unease. The geopolitics of connectivity are changing, and fast — often without public debate, legal frameworks, or democratic oversight. For decades, global connectivity infrastructure — from undersea cables to satellite spectrum — was coordinated through intergovernmental bodies like the International Telecommunication Union (ITU), a United Nations specialized agency responsible for managing spectrum, orbital slots, and setting standards to ensure cross-border digital services respect international law and sovereign rights. Increasingly, that model is giving way to a new paradigm in which private technology companies wield de facto control over how people connect to the internet, where they access information, and even how states can exert power. Starlink’s role in Iran illustrates this shift starkly. A private U.S. company, operating a constellation of satellites beyond the jurisdiction of any single state, has bypassed Iranian law and state control to deliver connectivity inside Iranian territory. That’s an extraordinary power — one that previously belonged only to governments. The idea that a Silicon Valley firm can effectively override a sovereign government’s efforts to control the internet inside its borders — and become a counterpart to nation-state diplomacy and crisis response — raises urgent questions about governance, accountability, and the future of international law. The benefits for Iranian citizens are tangible. Families separated by borders can reconnect. Journalists can share information with the world. Protesters can document state abuses and organize when local networks fail. In these circumstances, Starlink appears to act as a digital lifeline, preserving the very freedoms that authoritarian regimes seek to suppress. But access is far from universal. Terminals are expensive, availability is limited, and authorities can still attempt jamming and electronic countermeasures. For many, the technology remains out of reach, deepening inequalities in who can exercise digital freedoms. The more profound concern lies in the precedent this sets. While Starlink is celebrated in authoritarian contexts, there is little to prevent a private company from acting in ways that undermine democratic processes elsewhere. Imagine a fictional scenario: a satellite company called SkyNetix, based in a powerful country, deploys broadband in a small democracy undergoing a heated election. In coordination with political factions sympathetic to an authoritarian neighbor, the company deliberately throttles access to news outlets and social media platforms supporting the democratically favored party while ensuring uninterrupted connectivity for channels aligned with the authoritarian-backed faction. In this scenario, a private firm, acting across borders and without oversight, becomes a tool for manipulating democratic processes — a stark demonstration of the geopolitical and ethical dangers of privatized global connectivity. This possibility is not purely speculative. Every major satellite constellation, every global content delivery network, every cloud-based infrastructure provider now holds the power to shape information flows across borders. That is influence traditionally reserved for states, now wielded by corporations whose priorities are determined by internal boards and shareholders rather than democratic institutions. The United Nations and the ITU must rise to the occasion. The old model of international coordination — effective when states were the principal actors in communications infrastructure — is overdue for modernization. The explosive growth of private satellite constellations, cross-border digital platforms, and multinational data flows calls for updated global norms and enforcement mechanisms that clarify when and how private connectivity services can operate across borders, protect human rights, respect state sovereignty, and ensure democratic accountability. Without these, intergovernmental organizations risk losing credibility as governance defaults to corporate interests. This is not simply a matter of law or treaty; it is a question of who shapes the future of global communication. Connectivity has always been political. From undersea cables cut in wartime to regimes controlling internet backbones, access to information is power. What is new is the scale and reach of private actors: a single constellation of satellites can now determine who sees the news, who can organize protests, and in extreme scenarios, who wins or loses political contests. The Iran case demonstrates one side of this reality: a private actor using its power to empower individuals in the face of authoritarian repression. Yet the fictional SkyNetix scenario reminds us that the same infrastructure could be used to erode democratic institutions, manipulate public perception, or favor external authoritarian interests over sovereign will. The dual nature of these technologies — liberating for some, destabilizing for others — underscores the urgent need for global oversight. The role of the ITU is critical. As the body responsible for coordinating the technical and legal frameworks for spectrum use and orbital slots, the ITU is uniquely positioned to establish rules for satellite deployment and operations that respect sovereignty and human rights. But technical coordination alone is insufficient. The United Nations more broadly must strengthen norms for digital infrastructure, ensuring that cross-border networks cannot be weaponized against democracies, manipulated to suppress citizens, or leveraged in geopolitical power plays. Without such frameworks, private companies will continue to define the rules by which connectivity — and by extension freedom, security, and democracy — operates worldwide. Connectivity is no longer just a utility; it is a geopolitical instrument. Starlink’s intervention in Iran highlights the immense potential for technology to empower citizens under repression, but it also exposes how private companies now command powers once reserved for states, shaping information flows, influencing political outcomes, and redefining sovereignty. The people of Iran deserve access to information. But the rest of the world must also ask: who holds the keys to that access, whose interests do they serve, and what rules govern this extraordinary power? Without urgent international oversight and the enforcement of global norms through bodies like the ITU and the broader UN system, we risk leaving the future of digital connectivity in the hands of corporate boardrooms, not democratic institutions — a shift with profound implications for the future of sovereignty, democracy, and the very fabric of the global order.  When I look back at 2025, the word that keeps coming back to me is not speed, or innovation, or AI. It’s fragility. Not the fragility of technology itself — the systems mostly work — but the fragility of the political, institutional, and normative arrangements that once gave digital transformation a sense of direction. The guardrails that made the internet feel like a shared global project are still there on paper, but in practice they’re thinner, weaker, and far more conditional than they used to be. For roughly three decades, the global internet rested on a loose but surprisingly resilient settlement: openness over control, interoperability over fragmentation, cooperation over dominance, and at least a nominal commitment to human rights. That settlement was never perfect, but it held. In 2025, it’s clear that it’s no longer holding in the same way. What’s emerging instead isn’t a new order. It’s a patchwork. A fragmented digital landscape shaped by geopolitical rivalry, transactional diplomacy, corporate concentration, and a growing willingness by states to trade long-term openness for short-term advantage. The story of 2025 isn’t that the internet is “breaking.” It’s that the world that sustained it is. The Quiet Retreat from Internet Freedom For much of the internet’s history, the United States acted — sometimes awkwardly, often inconsistently — as the system’s anchor. It defended the multistakeholder model in global forums, resisted efforts to formalise state control at the UN, and framed internet freedom as both a democratic value and a strategic interest. By 2025, that posture has changed in ways that are hard to ignore. Internet freedom has largely disappeared as an organising principle of US foreign policy. It hasn’t been rejected outright — it’s just no longer driving decisions. Instead, the focus has shifted to industrial competitiveness, export controls, national security, and technology rivalry with China. You can see this shift clearly in multilateral negotiations. The US still shows up, but often selectively: pushing back against language that might constrain American firms and its own ideology, while showing much less appetite for sustained coalition-building around openness, global public goods, or institutional reform. Multistakeholder language remains, but the political energy behind it is thinner. Funding priorities tell the same story. Global internet freedom initiatives that once sat near the center of US digital diplomacy now feel peripheral, while bilateral and minilateral tech deals absorb most of the attention. This isn’t abdication by accident — it’s reprioritisation. The consequence is structural. When there’s no consistent advocate for openness, multilateral institutions drift. Sovereignty-first logic fills the vacuum. Consensus still happens, but more often through ambiguity than shared purpose. Power doesn’t disappear when leadership retreats — it simply moves elsewhere. The End of Distance This retreat is compounded by another shift that felt impossible to miss in 2025: the deep integration of Big Tech into the political orbit of Washington. This is no longer about lobbying at the margins. US big tech and AI firms help frame national security debates while US chipmakers shape export control policy. The distance between corporate power and state power has collapsed. That collapse is felt far beyond the US. From Europe’s perspective, regulatory disputes with American platforms increasingly feel geopolitical rather than legal. Enforcement of competition rules, data protection, or platform accountability is often met with warnings about innovation, security, or strategic alignment. For many outside the US, it’s no longer clear where American public interest ends and corporate interest begins. The result is a growing sense that global digital governance is asymmetric: rules apply downward, leverage applies upward. That perception matters. It weakens trust, fuels regulatory assertiveness, and accelerates fragmentation — even among allies. Europe’s Digital Sovereignty Paradox In 2025, Europe re-engaged in the pursuit of digital sovereignty—but it is still unable to figure out how to bridge the gap between policy and power. The re-emergence of this urgency is largely a reaction to the “Trump factor” as the prospect of a more transactional and unpredictable U.S. administration has reignited fears of technological blackmail. This has sparked intense infighting among member states regarding their dependence on foreign tech; while some push for a radical decoupling to build a homegrown "EU Stack," others argue that Europe lacks the industrial scale to survive without American hyperscalers. Despite being a regulatory superpower through the AI Act and the DMA, Europe’s sovereignty agenda remains more rhetorical than operational. Ambitions for resilience are constantly undermined by a lack of investment in infrastructure and compute, leaving projects like the Chips Act struggling to gain traction against established global ecosystems. Sovereignty is currently functioning as a defensive reflex—a way to regulate against external influence—rather than a proactive strategy to lead in innovation. In a world that rewards speed and scale, Europe remains trapped in a cycle of regulating a future it has yet to build. China’s Strategic Clarity China, by contrast, ends 2025 with a level of coherence that’s hard to ignore. Its digital strategy spans infrastructure, platforms, standards, AI, data governance, and international engagement — and it’s embedded in long-term industrial planning and foreign policy. This isn’t abstract. You see it in Digital Silk Road projects providing cloud services, smart city technologies, and surveillance infrastructure across Africa, the Middle East, and Asia. You see it in China’s growing influence in standards bodies, particularly around 5G and emerging technologies. You see it in coordinated positions in multilateral negotiations that consistently emphasise data sovereignty and state authority. What’s different this time is that China isn’t just participating — it’s offering a full alternative. Countries are no longer choosing between connectivity and isolation. They’re choosing between digital ecosystems, each with different governance assumptions and political trade-offs. AI as the Defining Issue of 2025 If one technology crystallised all these tensions in 2025, it was artificial intelligence. Like the early internet, AI exposes and deepens inequalities — but not just in connectivity. The divides are now about data, skills, energy, and access to compute. And unlike the internet, AI is capital-intensive and centralised. Frontier model development is concentrated in a handful of firms, overwhelmingly in the US and China. Access to GPUs, cloud infrastructure, and large-scale datasets determines who can innovate and who can’t. Export controls and pricing structures shape participation in very real ways. Universities, startups, and public institutions in many developing countries aren’t excluded by censorship — they’re excluded by cost. The digital divide has returned, measured in compute hours and megawatts. Chips, NVIDIA, and the New Dependency No company captures the political economy of AI better than NVIDIA. By 2025, control over advanced AI chips has become a gatekeeping function — not just for innovation, but for economic development and national capability. Governments now negotiate directly with chipmakers and hyperscalers to secure access to compute. Export controls shape alignment as much as security. For many countries in the Global South, the problem isn’t talent or ambition — it’s access. This isn’t just a market issue. It’s a governance problem. We’re relying on private actors to supply what has effectively become critical infrastructure. Infrastructure, Standards, and Quiet Power Beyond chips, power in 2025 flew also through less visible channels: subsea cables, cloud regions, satellite constellations, internet exchange points, and technical standards. Standards-setting, in particular, has become one of the most decisive battlegrounds and will continue to be for the forthcoming future. AI safety benchmarks, digital identity systems, and smart city protocols embed governance assumptions long before any law is passed. China, India, and a growing group of middle powers invest heavily here. Western engagement often feels fragmented and reactive. Infrastructure is no longer neutral. It’s strategic. The Global South Isn’t Waiting Anymore One of the most underestimated shifts of 2025 is the agency of the Global South. Rather than waiting for leadership from Washington or Brussels, many countries are building their own digital pathways. India’s digital public infrastructure — Aadhaar, UPI, data-sharing frameworks — is being adapted elsewhere. The African Union is pushing for continental coherence on data policy. South–South cooperation on skills and AI capacity is growing. The posture has changed. Engagement with China, Western firms, and multilateral institutions is pragmatic and selective, driven by development needs rather than ideology. Transactional Politics, Everywhere All of this sits within a broader transformation in international relations. In 2025, digital cooperation is openly transactional. Market access is exchanged for regulatory concessions. Infrastructure financing comes with political strings. AI partnerships are framed as security arrangements. Trust erodes, long-term cooperation weakens, and fragmentation becomes the default rather than the exception. Human Rights: Still There, But Thinner Perhaps the most worrying shift of all is what’s happening to human rights. For decades, human rights provided the normative backbone of internet governance: privacy, freedom of expression, due process. In 2025, those principles are still referenced — but their practical force is fading. National security, child protection, and misinformation are routinely used to justify surveillance, content restrictions, and AI-driven decision-making, often without meaningful safeguards. This isn’t limited to authoritarian systems. Democracies increasingly deploy similar tools, narrowing the gap in practice even if intentions differ. AI accelerates the problem. Algorithmic systems shape access to welfare, credit, jobs, migration, and justice — but accountability becomes diffuse, harm probabilistic, and redress elusive. Human rights institutions themselves are under strain, underfunded, and politicised. The risk is that rights become decorative language rather than real constraints on power. Multilateralism Turns Inward One of the clearest through-lines of 2025, for me, was how visibly multilateral digital governance became more state-centric. WSIS+20, the UN cybercrime convention negotiations, and the Global Digital Compact all pointed in the same direction. None of these processes collapsed. In fact, on paper, they can be read as successes: consensus was preserved, institutions were reaffirmed, and cooperation was repeatedly invoked. But taken together, they also revealed something deeper — a quiet but consequential rebalancing of power away from the multistakeholder model and back toward governments as the primary, and increasingly exclusive, decision-makers. WSIS+20 captured this tension perfectly. The Internet Governance Forum was given permanent status, which mattered enormously for continuity and institutional memory. Data governance was acknowledged as central. And yet, the price of consensus was ambiguity. The outcomes stabilised what already exists rather than opening new space for shared problem-solving. In parallel, the UN cybercrime convention exposed the risks of this shift far more starkly. Despite widespread concern from civil society, technical experts, and parts of the private sector, the process remained overwhelmingly state-driven, with weak safeguards and broad definitions that many fear will be abused in practice. Meanwhile, the Global Digital Compact echoed familiar language about inclusion and cooperation, but ultimately reinforced a vision of digital governance anchored firmly in intergovernmental negotiation, with non-state actors consulted rather than meaningfully empowered. Governments increasingly see digital issues — from data and AI to cybercrime and content — as extensions of sovereignty and security, not shared global challenges requiring distributed governance. This will continue in 2026. Fragility as the Defining Condition If there’s one takeaway from 2025, it’s this: the fragility of the international order and the fragility of the internet are inseparable. As trust between states erodes, so does the willingness to maintain a shared digital commons. As institutions weaken, power concentrates with those who control infrastructure, capital, and leverage. The future of the internet won’t be decided by technology alone. It will depend on whether we can rediscover a minimum commitment to cooperation over control, rights over expediency, and legitimacy over dominance.  The halls of the United Nations are currently echoing with the self-congratulatory hum of a crisis averted. With the adoption of the WSIS+20 outcome document, diplomats are exhaling in collective relief. In the final hours of negotiation, the specter of a recorded vote—a move that would have shattered the fragile, twenty-year-old consensus on how the world governs the internet—was narrowly dodged. The "multistakeholder model" has been saved. The "people-centered" vision has been reaffirmed. The champagne, one assumes, is being chilled.
But beneath the veneer of diplomatic triumph lies a more unsettling reality. What occurred in New York was not a resolution of the profound ideological rifts that define our digital age; it was a masterclass in the art of the "gilded cage." We have preserved the structure of global cooperation while trapping within it the same unresolved grievances, power asymmetries, and structural failures that have haunted the World Summit on the Information Society (WSIS) since its inception in 2005. WSIS+20 has achieved consensus without closure. And in the fast-moving world of artificial intelligence and splintering networks, a consensus built on avoidance is a dangerous foundation. The Illusion of Permanence The headline victory of WSIS+20 is the decision to grant the Internet Governance Forum (IGF) permanent status. For nearly two decades, the IGF lived on death row, its mandate subject to the whims of five- or ten-year renewal cycles. By embedding the IGF structurally within the UN system, Paragraph 99 of the outcome document effectively declares that the "experiment" of multistakeholder dialogue—where civil society, tech giants, and governments sit at the same table—is now a permanent feature of the international order. On the surface, this is a triumph for the open internet. It insulates the forum from the cyclical hostage-taking of high-stakes political bargaining. But permanence changes the chemistry of power. By removing the threat of expiration, we have also removed the urgency for reform. Furthermore, the document contains a Trojan horse: Paragraph 101, which calls for the IGF to facilitate a dedicated "dialogue among Governments." While framed as a benign request for peer-to-peer exchange, it touches the third rail of internet governance. If we are not careful, we are witnessing the birth of a two-tier system: a "talk shop" for the masses and a "decision room" for the sovereigns. If the IGF becomes a place where governments deliberate in private while the rest of the world waits in the hallway to be "consulted," we will have preserved the name of the forum while hollowed out its soul. The Ghost of Enhanced Cooperation For those who hoped WSIS+20 would finally bury the cryptic phrase "enhanced cooperation," the outcome document serves as a cold awakening. The persistence of “enhanced cooperation” in the outcome document confirms what some of us suspected going into WSIS+20: the majority of governments form the Global South are not prepared to let this issue fade quietly into procedural ambiguity. The fact that this debate remains unresolved twenty years after the Tunis Agenda is not merely a case of institutional inertia. It is a symptom of a deeper, unaddressed trauma in the Global South. For the G77 and China, enhanced cooperation isn’t just about technical protocols; it is a proxy for their lack of a seat at the table where the real rules of the digital economy are written. What diplomats rarely say aloud is that the current system is perceived by much of the world as a Western-centric hegemony wrapped in the language of "openness." By failing to transcend this debate, WSIS+20 has ensured that the next decade will be defined by the same tug-of-war between those who want an internet without borders and those who want an internet defined by borders. We haven't solved the problem; we’ve simply scheduled it for 2035. The Centralization of the "Agile" UN Then there is the matter of the United Nations Group on the Information Society (UNGIS). The outcome document envisions an "enhanced role" for this body, aiming to synchronize the sprawling digital mandates of the UN—from the Global Digital Compact to the Pact for the Future. In the abstract, coordination is a virtue. The digital landscape is currently a chaotic mess of overlapping forums. However, there is a fine line between coordination and consolidation. The G77’s subtle warnings about this shift should be read as a "red alert." When the UN speaks of being "agile" and "effective," it is often a code for streamlining decision-making processes. The danger is that in the name of efficiency, we move toward a quiet centralization. If digital governance becomes an inter-agency steering mechanism accountable upward to the UN Secretariat rather than outward to the global community, the "multistakeholder ethos" becomes a mere checkbox in a bureaucratic manual. We risk trading the messy, vibrant participation of the public for the sterile efficiency of a committee. The $100 Billion Silence Perhaps the most damning indictment of the WSIS+20 process is its treatment of financing. Paragraphs 62 through 67 are a graveyard of familiar promises: blended finance, public-private partnerships, and the creation of yet another "assessment mechanism." It is the same script we read in 2005. The digital divide is no longer a gap; it is a canyon. While the Global North debates the ethics of generative AI, large swaths of the Global South are still struggling with the basic electricity required to charge a smartphone. The refusal to engage with "common but differentiated responsibilities"—the principle that those who have benefited most from the digital revolution should bear the greatest burden for its global expansion—is a failure of moral imagination. The inability to be creative about financing is not a technical hurdle; it is a political choice. It signals to the developing world that their inclusion is a secondary priority to the preservation of existing financial hierarchies. This is where the consensus is at its thinnest. You cannot build a "people-centered" information society on a foundation of systemic underfunding. The Road to 2035: Honesty Over Harmony The WSIS+20 outcome document is a masterpiece of diplomatic balancing. It says all the right things about human rights, internet fragmentation, and the "digital public good." But balance is often just a sophisticated way of avoiding the hard truths. The enthusiastic reception of this document in Western capitals risks overlooking a critical signal: the Global South does not feel heard. They have signed the document, yes, but they have not bought into the vision. They have accepted the consensus because the alternative—a total breakdown of the system—was too risky. But a "forced" consensus is an unstable one. As we look toward the 2035 review, the task is no longer to draft better sentences. The task is to rebuild the trust that has been eroded by twenty years of unfulfilled promises. This means:
WSIS+20 kept the lights on. It kept the actors on the stage. But the play is still the same, and the audience is growing restless. If the next decade is spent celebrating this "consensus" rather than addressing the grievances it conceals, then 2035 will not be a celebration—it will be a funeral for the global internet. The diplomats have done their job; it’s time for the entire internet community to do theirs.  The second revision of the WSIS+20 outcome document doesn’t reinvent anything — and that’s precisely its strength. Rev2 builds on the foundation laid in Rev1 by tightening the facts, updating the data, and giving a bit more shape to how follow-up and implementation should work. It sharpens references to UN-wide processes, adds clarity around timelines and coordination, and generally reads as a document that’s moving from drafting to doing. Crucially, it preserves the rights-based, people-centred and multistakeholder character that has defined WSIS from the start.
What Rev2 really does is consolidate the direction introduced in Rev1. It doesn’t change the political balance or reopen settled debates; instead, it reinforces a trajectory and prepares the WSIS+20 commitments to be applied in practice — more grounded, more coherent, and better aligned with the evolving UN digital landscape. In other words: Rev2 does not shift the normative direction introduced in Rev1. Instead, it consolidates it, preparing WSIS+20 as a realistic, actionable instrument for the next phase of global digital cooperation. Key Changes: What’s New / Different in Rev2
Section-by-Section Reflections Preamble & Overall Framing Where Rev1 already struck a balance between aspirational vision and operational readiness, Rev2 retains that balance. The Preamble in Rev2 does not reintroduce rhetorical density or revert to “zero-draft” style specificity; instead, it preserves the concise, formal tone established in Rev1. References to the WSIS legacy remain, and the updated data underpinning the digital context adds a modest but meaningful realism to the framing. Connectivity, Digital Inclusion & ICT for Development One of the most concrete changes comes in this section: Rev2 recalibrates global ICT access and Internet-usage numbers based on updated data. This matters — it refreshes the evidence base for calls to close digital divides, and may strengthen political will for further action. At the same time, the document keeps the same multidimensional understanding of digital inclusion (connectivity, affordability, digital literacy, accessibility, etc.). Implementation, Institutional Follow-up & UN-wide Coordination Perhaps the most significant upgrade in Rev2 is the clearer, more explicit guidance on follow-up. It tasks UN coordination mechanisms — particularly UNGIS — with developing a joint implementation roadmap and aligning WSIS+20 with parallel processes such as the Global Digital Compact. This gives the document a more operational character: high-level commitments are linked to concrete mechanisms, timelines, and responsibilities. However, while this strengthening of UN-system coordination is welcome, it should not be interpreted as an invitation to centralise decision-making or dilute multistakeholder participation. WSIS has always been built on the premise that governments, civil society, the technical community, and the private sector each have essential, distinct roles to play. As negotiations proceed, safeguarding that balance will be critical to ensuring that implementation remains inclusive, legitimate, and true to the spirit of WSIS. Rights, Multistakeholder Governance, Emerging Technologies & Data Governance Here, stability is the rule: Rev2 does not water down or remove any of the human-rights, inclusion or governance language from Rev1. The document retains its commitment to open, secure, interoperable Internet; to inclusion of vulnerable groups; to data governance, privacy, digital public goods; to multistakeholder participation. The fact that Rev2 touches these areas only to reaffirm them — rather than to revise or expand drastically — suggests continuity. Tone, Readability, Usability Rev2 retains the phrasing of Rev1. The updates — data, implementation language — are integrated without creating an entirely new document. What This Means (and What It Confirms from Rev1) The shift introduced in Rev1 — moving the WSIS+20 process away from broad restatements and toward something far more operational — is fully confirmed in Rev2. Nothing in Rev2 walks back the commitments or balance struck in Rev1; instead, it steadies them. The text reads less like a negotiation still in motion and more like a framework stepping into its implementation phase. One important signal is the treatment of the Internet Governance Forum. Rev2’s language around the IGF’s permanent status suggests that there is now broad political comfort — and perhaps even emerging consensus — with the idea that the IGF will remain a standing component of the global digital governance ecosystem. This is not a small shift. For years, renewing the IGF’s mandate has been a recurring anxiety. Rev2’s framing points to a recognition that an open, multistakeholder IGF is indispensable, especially in a fractured geopolitical moment. Another notable development is how Rev2 leans into UNGIS as a practical coordination mechanism for the post-WSIS landscape. Rather than inventing a new institutional structure — or reopening old machinery debates — Rev2 signals that the UN system should make fuller and more effective use of UNGIS, which already exists, already convenes the relevant agencies, and can be scaled without reinventing the wheel. This is a sensible direction: institutional continuity tends to work better than institutional proliferation. But it also places more weight on UNGIS to deliver coherence across agencies, especially as WSIS follow-up intersects with the Global Digital Compact and other UN processes. Both of these evolutions — a more secure IGF and a more central UNGIS — point to the same underlying issue: funding. Rev2 does not ignore this. It flags the need for sustained financial resources to ensure effective implementation, capacity-building, digital inclusion, and institutional support. The challenge here is obvious: without dedicated and predictable funding streams, much of the ambition around WSIS+20 risks being aspirational rather than actionable. The document’s references to finance are measured but clear: implementation will fail if it relies solely on voluntary or ad-hoc contributions. This places pressure on Member States and donors to treat digital cooperation not as a discretionary extra, but as core infrastructure for development. For stakeholders — governments, civil society, the technical community, and the private sector — Rev2 therefore offers a more grounded operational map. It brings updated data, clearer timelines, more explicitly defined roles, and signals about the institutional architecture that will carry WSIS forward. This enhances its credibility and its potential traction. And from a monitoring and advocacy perspective, Rev2’s factual updates matter. They help refine baselines, expose the remaining gaps, and strengthen evidence-based arguments around investment, inclusion, infrastructure, and capacity-building. In that sense, Rev2 doesn’t just tidy Rev1 — it deepens its foundations and sharpens the path forward. Overall Assessment: Rev2 as a Policy-Ready Document Rev2 does not represent a paradigm shift. Instead, it is a strategic fine-tuning — preserving the normative backbone of Rev1 while making the outcome document more practical, up-to-date, and aligned with the evolving UN digital cooperation environment. It reads as a grounded, coherent, and ready for the realities of implementation diplomatic text. For the Internet community which advocated a rights-based, inclusive, multistakeholder digital future — Rev2 offers continuity, realism, and a better scaffold for action. It's also worth recognising the work of the co-facilitators. Through Rev1 and now Rev2, they've managed to keep the document anchored in the spirit and history of WSIS, while navigating a geopolitical environment that is anything but simple. Their steady hand is visible throughout: balancing competing priorities, safeguarding long-standing WSIS principles, and keeping the process inclusive and constructive. In a moment when digital governance is pulled in many directions, that balance is no small achievement. The accelerating digital transformation of our societies has revealed a simple truth: coordination alone is no longer enough. As countries—particularly in the Global South—navigate an increasingly complex technological landscape, the United Nations must evolve from convening discussions to enabling delivery. Strengthening the United Nations Group on the Information Society (UNGIS) is therefore not a bureaucratic adjustment; it is a strategic necessity for ensuring that digital cooperation becomes a driver of equitable development and measurable progress toward the Sustainable Development Goals. At the same time, collaboration has never been more important. As the work of UN agencies becomes increasingly intertwined with the technologies shaping daily life—from digital public infrastructure to artificial intelligence—and as multistakeholder governance models mature, no single institution can deliver the WSIS vision on its own. The ecosystems we have built demand shared stewardship. Achieving the WSIS targets in this new era requires deeper cooperation across agencies, across regions, and across sectors—governments, civil society, the technical community, academia, and the private sector. A strengthened UNGIS must become the connective tissue that enables these actors to work together with coherence, speed, and purpose. This document proposes a reframing of UNGIS—from an inter-agency coordination table to a systemic enabler of digital public goods, rapid crisis response, and accountable support to Member States. It argues for a UNGIS that is architectural rather than administrative: a federated network of regional hubs, anchored by a light central secretariat, capable of translating WSIS action lines into region-specific solutions and SDG accelerators. Such a model broadens ownership, strengthens local relevance, and ensures that digital cooperation is shaped not only in Geneva or New York but across Africa, Asia-Pacific, Latin America, and the Arab States. Central to this vision is an uncompromising commitment to inclusivity. Structural Global South majorities, youth and gender representation, and meaningful roles for civil society and the technical community are not symbolic gestures—they are essential design choices for legitimacy and effectiveness. A stronger UNGIS must leverage new operational tools: incubators for digital public infrastructure, open policy sandboxes, capacity credits that fund participation from low-income countries, and rapid technical support during moments of digital crisis. These mechanisms bridge the gap between high-level commitments and practical outcomes on the ground. This transformation also requires a predictable, blended, and transparent funding model, with safeguards to prevent capture and ensure that resources flow to where they are most needed. Maintaining ITU as the administrative host—paired with stronger governance, dual reporting, and independent audits—offers a stable foundation while reinforcing neutrality and accountability. Above all, the strengthened UNGIS outlined here is guided by a simple principle: measure results, not meetings. Success should be reflected in expanded connectivity, deployed digital public goods, improved national policies, empowered local institutions, and measurable advances in SDG indicators. The steps proposed—adopting a charter addendum, piloting a regional hub and DPI incubator, and formalizing a co-secretariat arrangement—are concrete, achievable, and designed to build confidence through action rather than rhetoric. By embracing these reforms, UNGIS can become the collaborative, accountable delivery engine the UN system needs: one that elevates Global South leadership, operationalises WSIS commitments, and ensures that digital cooperation becomes a catalyst for inclusive and sustainable development. You can read the proposal below.  To compete globally, Europe must refine its regulatory model, not dismantle it.
Europe is once again flirting with the idea that deregulation is the key to digital competitiveness. Across the continent, political leaders, business associations, and well-resourced lobbyists insist that trimming legislation is the only way to invigorate innovation, attract investment, and match the pace of Silicon Valley. It is a narrative that flatters anxieties and promises quick fixes — Europe is too slow, too cautious, too bureaucratic, too fragmented. If only it would shed some rules, the argument goes, its digital sector would finally take flight. But this is a dangerous misunderstanding of Europe’s true challenge. The problem has never been the quantity of regulation; it is the quality of governance. Europe’s digital policy ecosystem suffers from slow implementation, uneven enforcement, overlapping mandates, and institutional fragmentation. Weakening the rules themselves will not fix these structural issues. On the contrary: deregulation pursued as political spectacle rather than strategic reform risks undermining the very foundations of Europe’s digital autonomy. And, crucially, it would betray the commitments Europe has spent a decade exporting to the rest of the world. The Draghi Report — repeatedly invoked by deregulation advocates — has been widely misread. Draghi does not call for a bonfire of regulations. He calls for coherent, predictable, and high-capacity governance: eliminating contradictions between laws, accelerating decisions, investing in enforcement, and strengthening coordination across the Single Market. Europe, he argues, is held back not by high standards but by the inability to apply them consistently or quickly enough. Cutting rules without addressing these governance failures is not modernization. It is abdication. The political momentum, however, is pushing in a very different direction. As it was recently reported, the largest technology companies have entrenched themselves in Brussels at unprecedented scale, deploying more lobbyists than even the oil and pharmaceutical industries. Their objective is not to nurture European innovation but to neutralize or weaken the Digital Services Act (DSA), Digital Markets Act (DMA), and General Data Protection Regulation (GDPR) — the pillars of Europe’s attempt to rebalance power between platforms, competitors, and citizens. In parallel, the United States has applied sustained pressure, accusing Brussels of “discriminating” against American firms and hinting at potential retaliation unless the EU softens its regulatory posture. This cross-Atlantic pincer creates a political environment in which deregulation can be framed as pragmatism rather than capitulation. But the consequences are unmistakable. Every dilution of a rule, every exemption carved out for a dominant platform, every delay in enforcement shifts power away from European institutions and toward actors who are already shaping global digital ecosystems. Europe risks drifting from rule-maker to rule-taker in a domain where governance translates directly into economic advantage, democratic resilience, and geopolitical leverage. There is another dimension to this debate that is too often overlooked: optics and credibility. For years, Europe has urged — and in some cases pressured — other regions to adopt its regulatory language and high standards. The GDPR became a global reference point because Europe championed it as a model of ethical digital governance; many countries aligned their data protection frameworks to it. The DSA and DMA were heralded as the beginnings of a global shift toward accountability, transparency, and fairness in digital markets. European officials routinely present these laws as proof that democracy can govern technology without smothering it. To now water down these very frameworks — under domestic political pressure, lobbyist influence, or geopolitical anxiety — would be more than shortsighted. It would be hypocritical. Europe cannot position itself as the world’s moral authority on digital rights while simultaneously diluting the very rules it has spent years evangelizing. Such inconsistency would erode the EU’s soft power, weaken trust among international partners, and undermine the credibility it needs to set global norms in artificial intelligence, data governance, and platform accountability. Reputational costs aside, the human impact of deregulation is even more significant. The GDPR is the foundation of data rights; weakening it would leave citizens more vulnerable to surveillance, manipulation, and opaque data practices. The DSA introduces mechanisms to challenge algorithmic decisions and hold platforms accountable for harmful design. The DMA is designed to prevent gatekeepers from exploiting their dominance and choking off competition — a prerequisite for any meaningful European tech ecosystem. And watering down the AI Act would be even more consequential, stripping away the safeguards meant to ensure that high-risk AI systems are transparent, explainable, and subject to democratic oversight. Without these protections, citizens would face automated decision-making with fewer rights, weaker redress mechanisms, and greater exposure to discriminatory or unsafe AI applications. Watering down these laws would not accelerate innovation; it would expose European users to greater risks, entrench monopolistic power, and dismantle protections that citizens have come to rely on. It would shift the burden from companies back onto individuals, forcing them to navigate a digital environment increasingly shaped by commercial interests rather than democratic principles. If Europe retreats from its regulatory achievements, it also cedes its most important competitive asset: trust. European innovation does not thrive despite strong protections — it thrives because of them. Trustworthy data ecosystems encourage user engagement; predictable rules attract long-term investment; fair markets allow startups to scale. The notion that protection and competitiveness are opposites is a false dichotomy, one often promoted by actors who stand to benefit from lower standards, not by those who care about Europe’s long-term capacity to govern its own digital destiny. Instead of weakening its frameworks, Europe should strengthen the institutions that give them life. What the EU needs is not deregulation but governance reform: faster decision-making, clearer interpretation of rules, and better enforcement tools. A cross-directorate Digital Implementation Corps, for example, could harmonize guidance, coordinate investigations, and accelerate responses across member states. A Single Market Compliance Passport could reduce the bureaucratic burden on startups, replacing 27 parallel compliance processes with a single certification recognized across the continent. Meanwhile, dominant platforms — whose operations impose systemic risks — should be required to fund the regulatory capacity that supervises them, just as financial institutions support market regulators. Europe must also invest in digital infrastructure that operationalizes its values. A pan-European “data fabric” would allow cross-border data flows for health, climate, research, and mobility, enabling innovation within a trusted, rights-preserving ecosystem. Public AI testing commons could give SMEs access to high-quality synthetic and anonymized datasets, helping them develop competitive systems without compromising privacy or requiring costly proprietary data. These are structural investments that build capacity rather than erode standards. On the global stage, Europe should continue to lead in shaping democratic technology governance, forming coalitions with like-minded countries to align standards on algorithmic transparency, AI safety evaluations, and cross-border data access. This is not idealistic; it is strategic. In a world where digital rules are being written by authoritarian regimes and corporate giants, Europe’s unique value lies in its ability to define norms that others can trust. Deregulation cannot deliver this future. It cannot make Europe faster, only looser; not more competitive, only more dependent. The most dangerous myth in today’s policy debate is that regulation inherently slows innovation while deregulation frees it. History shows the opposite. Strong, clear, predictable rules create the stable ground on which innovation grows. Conversely, environments dominated by a few unregulated actors stifle competition, distort markets, and ultimately suppress the very creativity they claim to unleash. Europe stands at a crossroads. One path promises the illusion of speed — an easy political win, a few headlines about cutting red tape, and temporary applause from industries accustomed to getting their way. But the cost of this shortcut would be profound: geopolitical vulnerability, reputational damage, diminished rights for citizens, and a hollowed-out digital economy dependent on decisions made elsewhere. The other path is harder but far more powerful: the path of governance. It requires rebuilding institutions, streamlining processes, enforcing rules with conviction, and investing in infrastructures that turn values into capabilities. It means embracing reform not as retreat but as refinement — simplifying where needed, clarifying where required, and strengthening where essential. Europe does not need to abandon its regulatory identity to become innovative. It needs to modernize it. It must remember that its greatest achievements in the digital sphere have come not from mimicking Silicon Valley but from charting a different course — one anchored in rights, fairness, and democratic accountability. If Europe can harness this legacy rather than dismantle it, it will not simply compete in the digital world. It will define it. The choice is not between regulation and growth. It is between governance and drift. And Europe cannot afford to drift.  Why keeping Regulation (EU) 2015/2120 intact is essential for innovation, competition, and citizens’ rights.
Imagine it’s the year 2030, and you wake up in your mid-sized European city to the soft hum of your smart home devices. You pour a cup of coffee, check your emails, and fire up your favorite AI-driven personal assistant to organize your day. But something feels off. The video call for your remote job keeps freezing, with faces pixelating and voices lagging, while your employer’s preferred platform is suddenly forced into a slow lane by your internet provider unless they pay an exorbitant premium. You try to access a new AI-driven learning app that promised personalized lessons, only to watch it stall endlessly. Streaming your favorite shows, which used to be effortless, now requires an upgraded service plan, while alternative platforms crawl along at glacial speeds. You glance at your router, lights blinking in frustration, realizing that your options are limited; the local market is dominated by three giant telecom companies that dictate what you can and cannot access with ease. The vibrant, free-flowing digital landscape that once felt boundless now feels constrained, a maze controlled by invisible gatekeepers whose decisions shape your every click, view and download. This unsettling scenario illustrates what could happen if Europe were to repeal its Open Internet Regulationas part of its telecoms regulation reform. Regulation (EU) 2015/2120 guarantees end-users the right to access and distribute lawful content and use applications and services of their choice without discrimination by internet service providers (ISPs). It ensures that traffic is treated equally, prohibiting blocking or throttling except in narrowly defined circumstances. This regulation is a cornerstone of Europe’s digital ecosystem, safeguarding freedom of expression, innovation, competition and, significantly, consumer protection. The importance of the Open Internet Regulationcannot be overstated. It ensures that the internet remains a medium for free expression and access to information. Without these protections, ISPs could engage in opaque traffic-management practices, favoring certain content while throttling others, effectively deciding which voices and services succeed. Technically, this would involve deep packet inspection (DPI), a network technique that examines the content of data packets as they pass through the network, enabling ISPs to discriminate based on type, source, or destination of traffic. DPI could allow providers to throttle streaming platforms they do not own or prioritize specific corporate services, fundamentally altering the architecture of the internet from a neutral medium to a controlled pipeline. This principle of equality is crucial not only for individual users but also for start-ups and small companies. In a landscape dominated by large incumbents, the regulation levels the playing field, allowing innovative services to emerge and compete on merit rather than financial leverage or pre-existing network deals. Telecom companies have already shown a willingness to circumvent the spirit of the open internet regulation. In Germany, Deutsche Telekom’s “StreamOn” mobile tariff was ruled by the Bundesnetzagentur to be incompatible with EU net neutrality rules. The zero-rating plan exempted certain streaming services from data caps, giving them preferential treatment and disadvantaging competitors. The European Court of Justice confirmed that such tariffs violated the principle of equal treatment of traffic, leading to regulatory orders to phase them out by 2023. More recently, Deutsche Telekom has been accused of creating artificial bottlenecks at network entry points, effectively demanding content providers pay for “unrestricted access” to its customers, a de facto fast-lane arrangement. Meta Platforms even ended its direct peering relationship with DT in 2024 after alleging that the telco’s practices were putting subscribers behind a paywall for certain services. Telefónica in Spain has faced similar scrutiny for zero-rating and preferential service arrangements that favor their own content platforms over independent providers. These real-world cases demonstrate that, even with regulation, telcos are actively seeking ways to tilt the playing field in their favour. Imagine, then, if these companies were granted their wish and the Open Internet Regulationwas completely repealed. The landscape would likely become a patchwork of fast lanes and slow lanes dictated entirely by commercial deals, with start-ups and independent innovators systematically disadvantaged. Users would have fewer choices, higher costs, and more exposure to throttled or blocked content. Emerging technologies like AI, edge computing, and real-time IoT applications would face unpredictable performance and barriers to entry, slowing innovation across the continent. The scenario would mirror a dystopian vision of dependence on telecom giants—but on a far larger and more systemic scale. Europe’s digital ecosystem would be dominated by a handful of entrenched incumbents, eroding the principles of fairness, openness, and democratic access. The Open Internet Regulationunderpins the European digital single market, harmonizing rules across member states and preventing fragmentation. This harmonization ensures that companies can operate across borders without navigating a patchwork of national regulations, fostering a more competitive and innovative environment. The “best-effort” nature of the internet, which has historically allowed countless innovators to build applications without needing permission from network providers, is preserved through this regulation. Yet, the regulation faces pressure from telecom operators who argue that rising traffic volumes, driven by video streaming, cloud gaming, IoT, and AI workloads, necessitate a relaxation of rules. They claim that allowing paid prioritization and special treatment for certain services would incentivize investment and network expansion. While network investment is indeed crucial, weakening the fundamental principles of the open internet is not the solution. Regulatory stability is essential for long-term innovation and market confidence. The European Commission has noted that the current rules remain effective in protecting end-users’ rights and promoting open access to the internet. Even within the EU, there is no unified support for reopening the rules. According to reports, several Member States have expressed reservations about the European Commission’s plan to “reset” telecoms regulation as part of its upcoming Digital Networks Act. National governments fear that the proposed overhaul could weaken competition safeguards embedded in the current framework, notably those derived from Regulation (EU) 2015/2120, and shift excessive power toward large network operators. These countries argue that loosening market obligations or allowing greater industry consolidation would not guarantee higher investment but could instead erode consumer choice and slow broadband deployment in smaller markets. Their stance underscores a broader concern: rather than reforming Europe’s telecom framework to accommodate the demands of dominant incumbents, the EU should preserve the open, competitive environment that has fueled innovation and connectivity over the past decade. Reopening or diluting the regulation would risk creeping discrimination. Even limited carve-outs for specialized services could evolve into broader exceptions, allowing ISPs to act as gatekeepers, prioritizing content based on commercial arrangements rather than technical necessity. This could manifest in technical scenarios such as quality of service (QoS) throttling, where packet scheduling algorithms are manipulated to favor certain traffic flows while constraining others. Such practices directly disadvantage smaller providers and start-ups, as their traffic could be systematically delayed, leading to latency-sensitive applications, like real-time AI-driven analytics or remote surgery platforms, performing unreliably. This would undermine competition, stifle innovation, and erode consumer choice. The telecom lobby’s push for flexibility often conflates traffic management with investment needs, but these arguments overlook the broader societal and economic value of an open internet. Europe’s digital infrastructure must prioritise user rights and equitable access, resisting pressures that could lead to a tiered, unequal internet. The debate over traffic growth and new technologies often misses the core point. While it is true that traffic is increasing and new technologies such as 5G, full-fiber networks, edge computing, and AI services are emerging, these trends do not justify compromising the principle of equal treatment. Traffic growth has always been part of the internet’s evolution, and the regulation already allows for reasonable traffic management for objectively justified technical reasons. Advanced network management techniques, such as traffic shaping or congestion management, can be employed without discriminating among services, maintaining optimal network performance while preserving neutrality. New technologies benefit from an open internet precisely because it ensures that the network layer remains neutral and decoupled from the application layer. AI-driven services, cloud platforms, and innovative applications can develop without negotiating special deals with ISPs or facing barriers imposed by preferential treatment for established players. For example, machine learning models that require high-volume real-time data transfers, such as autonomous vehicle coordination systems or federated learning applications, rely on consistent and predictable network access. Any preferential throttling could compromise performance, safety, and fairness. The regulation thus indirectly fosters innovation by maintaining a level playing field where small and large companies alike can compete. Specialized services with specific quality requirements, such as telemedicine or autonomous driving support, are already accommodated under the regulation without affecting general internet access. This demonstrates that flexibility and openness are not mutually exclusive. Focusing solely on traffic figures distracts from the structural importance of the regulation. The critical question is not how much data flows through networks, but who controls access to that data and whether any actor can distort competition. Weakening the regulation would shift the focus from building more capacity to determining who can pay for faster access, granting undue advantage to telecom incumbents and large content providers. Such a shift would have long-term consequences for innovation and user choice, especially as new technologies like AI, IoT, and cloud services increasingly form the backbone of the economy. Europe should stop treating the Open Internet Regulation as relic of the past and start recognising it as the foundation of digital resilience and competitiveness. Rather than reopening or rewriting it, policymakers should focus on:
If Europe holds this line, it can lead globally in establishing a rights-based model of connectivity—a model that balances innovation with fairness, user empowerment with competition, and economic growth with democratic values. The best way to end this debate is to reaffirm that an open, neutral internet is not negotiable—it’s Europe’s greatest digital asset. |