|
Last week, I was in Brazil and had the chance to engage directly with CGI.br (the Brazilian Internet Steering Committee) and the broad community of stakeholders it brings together. The energy, openness, and shared sense of purpose that animate this ecosystem are rare anywhere in the world. Yet, in conversations with policymakers, technologists, and civil society leaders, I also heard a growing concern—that the very model that has made Brazil’s Internet a global example of participatory governance is now under threat. Those discussions prompted this reflection.
A Visionary Beginning In 1995, Brazil did something truly visionary. At a time when the Internet was little more than a curiosity in most of the world, the Brazilian government created the Comitê Gestor da Internet no Brasil or the Brazilian Internet Steering Committee (CGI.br). This was not a symbolic committee or a token advisory group. It was an audacious experiment in governance: government, private sector, academia, and civil society, each given equal voice, entrusted to guide the growth and stewardship of the Internet in Brazil. This decision was revolutionary. Across the globe, most countries approached the Internet either as a technical tool to be managed by bureaucrats or as a commercial product to be monetized by corporations. Brazil chose a different path: a multistakeholder model, in which the network would be governed collaboratively, with transparency and accountability at its core. This framework laid the foundation for one of the most vibrant and resilient Internet ecosystems outside the United States. In 2005, one of CGI.br’s most consequential decisions was to entrust its operational arm, the Network Information Center (NIC.br), with implementing its policies and managing Brazil’s core Internet infrastructure. Since then, NIC.br has become an essential pillar of Brazil’s digital society. Currently, NIC.br oversees several core services, including:
These are not abstract functions—they are the invisible scaffolding that keeps Brazil’s Internet robust, secure, and accessible. For thirty years, CGI.br has not only maintained technical excellence but has nurtured a culture of openness, trust, and collaboration. Policy decisions are debated and negotiated across sectors. Civil society groups have meaningful input. Academia contributes research, while industry provides operational expertise. The result is an Internet that is not a government monopoly, nor a playground for telecom giants or for big technology companies, but a commons—a shared space built with foresight and care. The creeping takeover And yet, all of this is now under threat. Over the past two years, Brazil’s telecommunications regulator, Anatel, has made moves that amount to a stealth takeover of the Internet governance space. The pretense is modernization, simplification, and efficiency. But the pattern is unmistakable: Anatel is seeking to collapse the longstanding legal distinction between telecommunications and Internet services, codified in the celebrated Norma 4 of 1995. In April 2025, Anatel formally repealed that separation, equating Internet access with telecommunications services. By July, a bill was introduced to expand Anatel’s authority over Internet infrastructure services—including IXPs, DNS, and cloud providers, most of which are currently stewarded by CGI.br. By September, the government issued a decree merely to clarify responsibilities between the two bodies. The trajectory is clear and already known: a regulator designed to oversee telcos is attempting to assert authority over the Internet itself. The justifications are always couched in technocratic language: regulatory simplification, fighting piracy, strengthening cybersecurity. Yet anyone familiar with Anatel’s recent actions sees the pattern for what it is: a political power grab. In a world where traditional telecom regulation is losing economic weight and prestige, Anatel is chasing relevance—without regard for the decades of multistakeholder governance that have made Brazil a model for the world. A Quiet Revolution That Worked To understand what’s at stake, it’s worth recalling what CGI.br and NIC.br have achieved. When a Brazilian entrepreneur registers a domain name ending in .br, it’s Registro.br—one of NIC.br’s four key arms—that ensures the system works smoothly and securely. Today, Brazil’s .br is one of the most stable and trusted country-code domains in the world, with over five million active registrations—more than any other in Latin America. Its operations are fully transparent and self-financed, avoiding the political capture that plagues many national domain systems. Then there’s IX.br, which runs one of the largest Internet exchange point (IXP) systems on the planet. In São Paulo alone, IX.br handles over 20 terabits per second of traffic, making it one of the world’s top five exchange hubs. That invisible infrastructure keeps Brazilian traffic local—reducing latency, cutting costs, and keeping data within national borders without resorting to censorship or surveillance. In 2022, when a submarine cable failure disrupted international routes, IX.br’s distributed architecture kept domestic services online. Few citizens noticed—but engineers around the world did. Meanwhile, CERT.br (Brazil’s Computer Emergency Response Team) has quietly become a global model for cybersecurity coordination. It was among the first in the Global South to institutionalize a trusted, neutral mechanism for handling cyber incidents. During the massive ransomware waves of 2017–2018, CERT.br’s collaborative model—linking telecom operators, banks, and civil society—kept Brazil’s networks resilient. Because it was not an arm of the government, companies and NGOs shared information openly, knowing it wouldn’t be weaponized for political purposes. Trust, not coercion, proved to be the real cybersecurity asset. And then there’s CETIC.br, the research center that produces some of the most comprehensive, publicly accessible data on Internet use and digital inclusion anywhere in the world. Every year, it publishes detailed national surveys on topics ranging from broadband access in rural schools to digital literacy and e-commerce. Policymakers rely on it. So do international organizations: UNESCO, the OECD, and the UN’s Internet Governance Forum (IGF) all cite CETIC.br’s datasets as models for evidence-based digital policy. Each of these institutions is technical in function but political in spirit. Together, they embody a philosophy that has defined Brazil’s approach to the Internet: that no single actor—especially not the state—should monopolize the rules of the digital game. Anatel’s Power Grab That principle is now under siege. In April 2025, Anatel revoked Norma 4, a foundational 1995 regulation that had clearly separated Internet services from traditional telecommunications. The change, little noticed by the public, effectively collapsed that distinction—giving Anatel a legal pretext to treat Internet infrastructure as just another branch of telecom. The agency’s ambitions have since expanded. Anatel has floated plans to extend its oversight to Internet exchange points (IXPs), the domain name system (DNS), and even cloud service providers—areas that have long fallen under CGI.br’s purview. Its argument is couched in bureaucratic terms: efficiency, modernization, coherence. But beneath the surface lies a shift in power from the many to the few. Anatel’s logic is steeped in the command-and-control mindset of the telecom era. It sees networks as assets to be licensed, taxed, and policed. But the Internet does not obey the same physics. Its vitality lies in decentralization, interoperability, and permissionless innovation. Handing its stewardship to a top-down regulator would be like asking a customs officer to curate culture or an accountant to run a rainforest. There are warning signs already. The so-called “network fees” proposal, which would have charged large content providers for delivering traffic to end-users, was a barely disguised attempt to turn the Internet into a toll road. Earlier, signed a cooperation agreement with Ancine in 2025 to fight audiovisual piracy, which gave Ancine the authority to order ISP blocks. More recently, it began drafting regulations for data centers—without public consultation, and with language so vague it could extend to cloud and hosting providers. Each of these actions chips away at the participatory ethos CGI.br has built. And once that ethos is gone, it won’t come back. Brazil’s Global Standing What makes this moment especially tragic is that Brazil has long been a global beacon of inclusive Internet governance. At the 2014 NETmundial conference in São Paulo—a response to Edward Snowden’s revelations about U.S. surveillance—Brazil hosted the world’s first truly global multistakeholder summit. Governments, companies, activists, and engineers drafted the NETmundial Principles, a landmark declaration affirming that Internet governance must be open, participatory, and rights-based. The event cemented Brazil’s reputation as a bridge between the Global North and South in digital policy. Those principles have since shaped discussions at the United Nations, the OECD, and the IGF. If Brazil lets CGI.br be sidelined now, it sends a dangerous message: that even the most successful experiments in digital democracy can be undone by bureaucratic ambition. It would hand authoritarian states a convenient talking point—proof that multistakeholderism is too fragile, too messy, too idealistic for the real world. What Brasília Must Do The Brazilian government faces a simple but profound choice: defend the model that has made it a global digital leader, or watch that legacy be erased. Defending CGI.br does not mean freezing it in time. The Internet has changed, and governance must evolve. But evolution must not mean erasure. Brasília can take three concrete steps:
These are not merely administrative choices. They are declarations of values—of what kind of Internet Brazil believes in. What’s at Stake Most Brazilians never think about IX.br when Netflix loads instantly or about CERT.br when a phishing campaign is thwarted. They don’t see CETIC.br’s data quietly informing school connectivity policies or Registro.br’s systems keeping e-commerce safe. That invisibility is CGI.br’s greatest triumph—and its greatest vulnerability. If Anatel’s encroachment succeeds, decision-making will shift from open debate to bureaucratic decree. The Internet will be redefined not as a commons but as a utility—regulated for compliance, not for creativity. Civil society will lose its seat; academia will lose its voice; innovation will slow. The world is watching closely. In China, “cyber sovereignty” has become an instrument of censorship and control. In Russia, the “sovereign Internet” law seeks to allow the Kremlin to cut off the country from the global web at will. Even in democracies, regulators are tightening their grip in the name of safety or efficiency. Against that backdrop, Brazil has stood for something different: the conviction that democracy can scale, that pluralism can be engineered into the very architecture of the Internet. Losing that would not just be a national tragedy—it would be a global one. Conclusion Thirty years ago, Brazil imagined a different future for the Internet—and made it real. CGI.br became a beacon of what shared stewardship could look like in practice: efficient, participatory, resilient. Today, that beacon flickers under the shadow of bureaucratic ambition. The question for Brazil is not whether it can modernize Internet governance. It’s whether it can do so without forgetting what made it special in the first place. In a world increasingly defined by digital authoritarianism, defending CGI.br is not nostalgia—it’s necessity. Brazil’s democracy, and the open Internet itself, may well depend on it. Comments are closed.
|
Categories
All
|