Executive Summary
Early this year, a broad alliance of citizens in Brazil published a Digital Sovereignty Charter. In it, they lamented the rampant extraction and manipulation of local data by large technology companies and urged the government to support interoperable and open technologies, and data centers for common use.
Halfway around the world, in another vast and populous country, the government of India has instructed all service providers to retain information about their users for five years, and to synchronize their systems’ clocks with only one source of time: the government’s own servers. These are provisions in the new Indian Computer Emergency Response Team (CERT-In) cybersecurity directions— a bid to increase security incident reporting and protect the country’s digital infrastructure.
Both pronouncements project a vision of sovereignty in cyberspace, but the way they want to get to that vision, and the actors driving it, could not be more different.
The Internet Society began this study with the intent of developing a position on digital sovereignty. Far from a monolithic ideal, what we found was a broad and ill-defined notion that different groups interpret and apply diversely across the world. These include governments that wish to control how Internet operations and resources are run; local businesses that decry the dominance of foreign tech platforms; indigenous communities that want to safeguard local knowledge and resources; and individuals who want to assert their autonomy over their interactions with devices, platforms, and how they manage their data.
This report seeks to understand the different approaches that exist, recognizing that each one will impact the Internet differently, and to propose a framework for analyzing these effects. To this end, it does not seek to solidify, or endorse, any single definition of, or position on, digital sovereignty.
This study narrows its scope to examine government-driven policies that have the explicitly co-opted digital sovereignty. It groups them according to their stated aims and assesses their impact on the technical foundation of the Internet. Our goal is to provide a nuanced guide to determining whether digital sovereignty policies may move us from an Internet that benefits everyone toward a series of fragmented, closed-off networks where the opportunities that arise from global connection are lost.[1]
It first presents a summary of policy trends in Asia-Pacific, Africa, and Europe — including Russia — then groups policies and measures based on (a) their objectives, and (b) the actors empowered to achieve their goals. This categorization highlighted two distinct approaches to digital sovereignty:
- Policies that assert national security through greater state control intend to enforce laws in the digital sphere to bolster national security. This approach relies on empowered state actors to centralize control of network operations, concentrate power in the state, and limit the authority of operators. This type of digital sovereignty poses significant risks to the Internet’s core values and characteristics and could lead to its direct fragmentation.
- Policies that seek economic self-determination driven by economic actors want to strengthen actors in the national economy and, to a lesser extent, ensure supply chain resilience. These measures do not intentionally interfere with network operations of the Internet. Instead, they try to boost local digital economies by enabling a level playing field, and lower barriers to entry by making data and other resources more accessible. Some of policies could be protectionist and may interfere with network operations. On the whole, they seek to increase the opportunities created by a global network and connected societies and economies and may improve conditions for local actors to take advantage of the Internet.
This report shows that digital sovereignty policies may adversely affect how the Internet works, and more importantly, our ability to make use of the Internet. To minimize the risk of disrupting the operations of this global resource on which our economies and societies increasingly depend, we strongly encourage policymakers to conduct an Internet Impact Assessment as part of their policy development processes, especially for measures that seek to address challenges in the digital environment.
Our initial analysis focuses on three regions, but acknowledges that digital sovereignty, whether implied or explicitly declared, is gaining traction in policy agendas across the world. Further studies on this issue may benefit from using this framework, and the Internet Way of Networking toolkit, to assess the effect that digital sovereignty policies may have on the global Internet, regardless of where these turn up.
Endnotes
[1] While we appreciate academic discourse on sovereignty as a political concept, this report focuses on the consequences of the practical implementation of this notion on the Internet — specifically, how state-driven digital policies are impacting the technical foundation and evolution of the Internet.