Daily Archives

Cooperation Working Group session
23 November 2021
16:00 (UTC + 1)

JULF HELSINGIUS: Unfortunately, my video doesn't work, but we're ready to go. You will have to do without my face. I assume you can still hear me? Okay. Welcome to the Cooperation Working Group. Unfortunately, my face is not showing ‑‑ okay, I'll sort it out later. I'll get things going first. So, you can see the agenda we proposed, and I don't think at this point there is much change on that. There is one AOB item, which is Peter Koch has asked for a small time slot to talk about the Database Working Group recommendations, so that will be at the end.

The technicality is, the minutes of the previous meeting had been posted. I haven't seen any comment on those so I guess we can approve those as well. And then there is the usual housekeeping things. So, if you have questions, put them into the Q&A, and when you speak, state your affiliation and speak slowly and clearly.
I think we're done with the beginnings, and unless my co‑chairs want to add something, I will hand over to Desiree for the next part.

DESIREE MILOSHEVIC: Thank you, everyone. Welcome to the Cooperation Working Group session. We have the agenda bashing, which I believe Julf already spoke about. One point for the tech team is that we may want to have on the screen a presentation in the AOB, or other section for Peter to talk into the AOB section. So, with that, I'll just move on to the other point in the agenda, which is the selection of co‑chairs.

As, you know, we had an open call for co‑chair selection sometime in October, October 25th. Usually the process takes two weeks for interested parties to make their ‑‑ notify us about their interest via mailing list. We have extended that period until November 11th, and we have not had any nominations apart from some feedback from a prior interested candidate who said, because of his workload, he is no longer able to put their name forward. We have discussed this on the mailing list as well, asking for clear support of members for Achilleas and Julf to continue as co‑chairs and we hope you are not just lazy but we would really appreciate you showing some support for our co‑chairs.

And I would like to open this for discussion, if there are any comments or anyone ‑‑ members would like to echo their support for the selection. And probably, Julf, you are managing the chatroom, so if there is any comments, please let me know.

JULF HELSINGIUS: Sure, so far no comments. There is a support for Julf and Achilleas from Jim Reid and applause from Brian.

DESIREE MILOSHEVIC: Good. Thank you. That's a selection. So we have decided to ‑‑ looking at the suggestions that were received on the mailing list, that the co‑chairs should create a willing pool of candidates for the next selection, and we have taken that comment and we also have to report that there was already one interest expressed on the mailing list for a person who would consider stepping up as a co‑chair. With that, I could thank everyone who expressed their support and passed it back to Achilleas to introduce the next item on the agenda.

ACHILLEAS KEMOS: Thank you, Desiree. The first point of the substance in the agenda is the declaration of principles, so we'll have Chris Buckridge of the RIPE NCC talking to us about the submission of RIPE NCC to the EU, simply to say that the declaration of principles, it's a long story starting away from already the Tunis agenda and then the OECD and then the European Commission, I remember, had quite a long story about the so‑called combat acronym principles, but more to Chris now to tell us about the declaration of digital principles.

CHRIS BUCKRIDGE: Thank you, Achilleas. I'm going to just load my slides here.
Okay. So, I am going to talk a little bit about principles, statements of principles, collections of principles, and I am possibly ‑‑ I am certainly aware that I am possibly opening up a much bigger topic than I have time for today. With that in mind, there is an article on RIPE Labs which I would direct you to in this presentation, helpfully with the same title, but I would say go look at that afterwards rather than now because I'll cover all of it here as well.

So, jumping in here: Anyone who has been involved in Internet governance discussions for a while will have come across statements of principles aplenty. It's something in the last decade we have seen, a countless number of statements of principles. I think we have even had discussions at the IGF about how many principles there are and is there a way to bring them together into some cohesive bubble. I have included a few examples on here, you if go either to the article or to the slides you can click on those links and get to them, but it's just a small sample. And I am also ‑‑ you can see here, the red squares, you see a lot of common language that makes its way across the different ones. So open architecture, distributed architecture is discussed a lot. Multistakeholder approach is also a very common area.

How useful these principles are: If you have head Felipe's article about RIPE NCC defining the criticality of some of our services, that's actually used some of these Internet Society five critical principles, as a building block. That's been quite useful. I think how you judge principles is how much they are actually used and how they are reflected in the more practical outcomes down the line, and that's probably a less easy one to answer there.

So this presentation and this discussion really came about because the co‑chairs asked us to talk a little bit about the fact that the RIPE NCC had responded to this open consultation on an EU declaration of digital principles, which is, I believe, part of the Digital Compass 2030 work that the Commission is preparing.

That open consultation included a roadmap, and that roadmap includes some examples of the kind of principles that they were thinking would be involved in this document, and I have included that there, as you can see, just a draft, this is not the Commission saying these are the final ones; this was just giving some examples.

Now, the RIPE NCC's response to this was to say these are great, these are interesting principles and a good starting point, but maybe it's important to go one level up and really reinforce the commitment that the Commission and the EU institutions have to globally interoperable unfragmented Internet. Now, this is language that the EU has used in many situations, it's language very common to a lot of the sort of western democracy countries that commit to these kinds of principles. It's not always reflected in the kinds of legislation or regulation that come through. So part of our suggesting this was to have it, once again, on the record, in those principles, something that when we, as RIPE NCC, or you, as community, talk to our public policy makers, we can point back to it and say hey, you committed to this and what you are proposing now doesn't align with that. So have a think about how to do it better.

It also aligns very much with the EU's commitment to global human rights, the importance of access to the Internet for everyone, and, by having it here in the EU's declaration of digital principles, it would actually serve as a good public policy example globally. So, I mean, the EU, I think, for better and worse, really sets the agenda in many ways, often with digital legislation, digital regulation. Having this really baked into the EU's documents would be a really useful and important thing to do.

So that was the submission we made to the EU. We're waiting to hear what the next steps of that process are.

But, it got us thinking ‑ and I say "us" here, really talking about those of us in the RIPE NCC working in the public policy space ‑ about RIPE principles, and about: Is there maybe a need for us, would it be useful for us to have RIPE principles more clearly or more sort of explicitly documented? And that's a bit what I'm bringing here and bringing in this article on RIPE Labs, is a chance to think about that. I expect there is a couple of responses that would be possible and probably well‑grounded in fact. The first would be wait, haven't we already done this? RIPE has a whole collection of policies, a whole collection of RIPE documents, it has had task force outputs, it has had statements by the community, statements by the RIPE NCC Executive Board, all of these sort of represent principles and contain references to principles that RIPE itself follows. Going all the way back to RIPE‑001, the first RIPE document, its terms of reference for the RIPE community, that's essentially a collection of principles, very much principles about how RIPE operates, but principles, nonetheless.

The other question is, is it right to formalise RIPE communities in a list? And I think the RIPE Task Force on Accountability made a really good point here of saying that yes, there are high level principles that the RIPE community would call this round, give support, but writing them down might not be the best idea, partly because it might exclude people who don't feel the same from discussion. Those principles may change over time, and do we really want to have that set in stone?

But then sort of going to the other side. From the RIPE NCC's perspective, and you'll hear more about this from my colleague Suzanne, we're engaging an awful lot with Internet governance, Internet regulation discussions at the moment, and that's not likely to diminish in the near future, and the RIPE NCC's argument and advocacy in that space, could that be really strengthened if we had a sort of solid RIPE principles document that pulled together a lot of those principles that are already there, in effect into a single cohesive statement? Maybe. That's a possibility.

So, then I have taken it to the next step of actually suggesting what some of these principles might be, and here I want to absolutely come in with a caveat: This is not the work of RIPE NCC, the secretariat. This is the work of the community to agree on these principles, and so what I am presenting here is very much just a draft, some thoughts that I have brought to the table, but I hope just as a conversation‑starter, not as sort of, here are the principles, do you like them or not? And then move on.

But, what I have tried to do is pull together a few principles, and I think there is eight, all told, or nine, that reference very explicitly what's already there in the RIPE documents and in RIPE policy. So, I'll take you through a couple of them.

First, some community principles. Participation in RIPE is open to anyone with an interest in IP addressing. That's pretty standard language for how we talk about RIPE in a lot of the documents. Is it broad enough? I'm not sure, maybe that needs to be considered.

RIPE is accountable only to itself as an open, inclusive community of people interested in the technical coordination of Internet networks.
Again, I'm not sure this is the right language for it, but that's part of what came through in that RIPE Accountability Task Force final report. Is that the language that we want to sort of bring into this?
And then policies for distribution and registration of number resources should be developed via open, bottom‑up, transparent, inclusive community process with conclusions reached by consensus. Again, I think that's a pretty fundamental principle for the RIPE community. I'd be interested to hear if others feel the same.

Moving to technical and operational principles. Registration of Internet number resources is vital to the stable operation of the Internet globally. I think that is something that is sort of agreed really by the existence of RIPE itself, that registration is so important that we need to make sure that there are institutions to do this.

Growth and innovation on the Internet depends on the continued availability of IP address space, therefore widespread deployment of IPv6 should be a high priority. That's really drawing on the RIPE community's statement on IPv6 from 2007, I believe.

And finally, some legal political principles. Internet number resources should be provided in a fair and impartial manner to end users. Internet number resources are not regarded as property. Now, that's something that's in our SSA, but also elsewhere, but it's, I think, a principle that is not without some contention at the moment, given the emergence of the market. So perhaps something to discuss there.

And that the means of communication should not be affected by political discussions or disputes. That's going back to the RIPE NCC's Executive Board's statement which was very much in relation to the application of sanctions. Is that something that the community gets behind and sees as important?
So, I am throwing these out there. And I don't think we'll be able to have so much discussion on this session. It would be great to have discussion on the mailing list. Do these look like anything you would think of as RIPE principles? And if not, what's missing? I'm really curious to hear that. Some very initial thoughts from my side, I talked about in those principles registration as important. Conservation and aggregation or routability are also talked of as principles for the regional Internet registries, but are they as solid as principles as they once were? I think the discussion in the Address Policy Working Group earlier today touched on that and sort of addressed that those are a bit more open to discussion now.

So, at that, I think I'm going to leave it. There is a link there to the article, and I think someone posted it in the chat as well. But I know we had a lot more to discuss today. I'll hand back to the Chairs. If we have time for a bit more discussion, that's great, otherwise see you on the list. Thank you.

ACHILLEAS KEMOS: Thank you, Chris. We don't ‑‑ we have a question, just one question from Michele Neylon: "Could these principles help when lobbying?"

CHRIS BUCKRIDGE: And the answer is ‑‑ well, I was going to say the answer is absolutely yes, but we don't lobby. If we don't use that particular word, no, absolutely, I think to answer you ‑‑ the principle of your question, Michele, I think it could be useful in talking to governments, talking to policy makers, to have a sort of concise, specific document to point back to and say these are the values that the RIPE community is committed to, this is the authority and legitimacy that we're bringing to the table when we talk to you. So, yeah, that's absolutely a possibility.

ACHILLEAS KEMOS: Okay. Before passing to audio questions, I just see one that is repeating on the question, the Q&A, by Alex de Joode have from Amsterdam IX and Peter Hessler, an Internet citizen, "Questions about RIPE only accountable to itself."

CHRIS BUCKRIDGE: Yes, and I am absolutely happy to get those questions and I would say that is word for word, if I'm ‑‑ what I took from the RIPE Accountability Task Force, and I was ‑‑ I'm ‑‑ I would be really keen to hear from people who were part of that Task Force on how sustainable that is or how much that ‑‑ what they would think about that statement, which is quite unequivocal in the final report, being taken out of context, which I guess I have done here. And I think the response we're seeing to taking that out of context is a valuable one. I think maybe it needs to be thought through a little bit more, how we actually talk about RIPE accountability there.

ACHILLEAS KEMOS: Okay. Thank you, Chris. So, we have two people on the audio queue. First, Brian Nisbet.

BRIAN NISBET: Hello. So, Chris, the opening line there is IP addressing and, you know, an interest in IP addressing, and I suppose my question is: Have we, as a community, not gone beyond that? I mean, operations of the Internet is that piece. Or are you thinking of, I suppose, for political reasons, trying to somewhat stay in our lane with this declaration of principles?

CHRIS BUCKRIDGE: What I have done is refer back to the language that is on the website in sort of describing what RIPE is. I think, you know, there is value in managing scope. But I do take the point that, you know, saying it's just about IP addressing is perhaps a little limiting. So I think that's a really valuable conversation to have.

BRIAN NISBET: Cool. Thanks.

ACHILLEAS KEMOS: Thank you. And Leo Vegoda.

LEO VEGODA: I wanted to make a comment specifically on the accountability issue. I think the statement that was in the Accountability Task Force was made on the basis that everyone and anyone can be a part of the RIPE community, but I think it's really important to think about that from the perspective of if the answer to a question doesn't make any sense, we're asking the wrong question. So, I think within the RIPE community, we have accountability to each other, we develop policies for distribution of Internet number resources, we're accountable to the networks that we distribute those resources to, we're also indirectly accountable to the users of those networks, and to the users of the database registration information that is published, and I think all of those need to be called out, and I think the reason that those weren't called out was: Well, if you are interested, you'll participate. If you participate, you are a part of the community. And so, I don't think that we probably have a disagreement. I think we just need to write it down in a better way. But I think it's really important that we write it down in a better way and I am very grateful for all of the provocative statements that you made in your blog post, because I feel it's a brilliantly provocative blog post and a great presentation, so thank you very much.

ACHILLEAS KEMOS: Chris, any more thoughts?

CHRIS BUCKRIDGE: No, that's it from me, only to say I look forward to maybe some more discussion on the mailing list, but, yeah, thank you all for the comments.

ACHILLEAS KEMOS: Indeed. There is now questions from Andrei and also Alexander is asking, but ask to take the microphone, but we have to pass to the next point, so if you have time at the end or otherwise, as we said, this is going to be definitely on the mailing list.

CHRIS BUCKRIDGE: To quickly answer Andrei's question, if you look in the article, there are links for each of those principles to where I have taken them from in other RIPE documents or policies, so yes, please have a look.

DESIREE MILOSHEVIC: I guess we need to move on. So, we'd like to thank everyone for their questions. And, Julf, if you introduce the next one. Thank you.

JULF HELSINGIUS: The next speaker is Suzanne Taylor from the RIPE NCC.

SUZANNE TAYLOR: Thank you to the Chairs for inviting me to speak. So, let me just share my screen here. Sorry about that delay everyone.

So, I want to start by saying, first of all, that there is so much EU regulation happening at the moment that has the potential to affect the RIPE community, but I have ten minutes here today, so we decided to focus just on giving you an update on NIS 2, because we feel that this is one of the potential legislations that really has a big impact on the RIPE NCC, on our membership and on the RIPE community.

We have also written a RIPE Labs article that goes over not only NIS 2 but also all of the other EU regulations in much more detail than I can do today so please do have a look at that.

ACHILLEAS KEMOS: There seems to be a black square in front of your presentation. Do you have some application covering it or something?

SUZANNE TAYLOR: I don't. But...
Okay. So, I just want to give a very quick recap to make sure that we're all on the same page. So the original directive on security of network and information systems came out into enforcement in 2018, and it was the first EU‑wide cybersecurity legislation, so its aim was to boost security and to ensure the stability of digital services across the EU because our economies and societies have become so reliant on them. And it applied to digital service providers and operators of essential services. Those were the two different categories that it broke providers down into.

Now, because it was a directive, that meant that Member States could define their own operators of essential services and the RIPE NCC was looked at by the Dutch government but was not ultimately included.

So, the update to this, NIS 2, was brought out by the European Commission in December of 2020, and the aim was to harmonise the directive across the Member States because they had found that the Member States had defined "operators of essential services" very differently and it was very different compliance happening across the Union. And in this update, they actually did away with the old concepts and replaced "operators of essential services" with "essential entities" and "digital service providers" with "important entities".

So, who is who? This is the list of who is considered an essential entity and who is considered an important entity. And these two different categories are subject to different supervisory regimes or obligations. So, essential entities are subject to an ex‑ante regime and important entities to an ex‑post regime.

Now, some of the main points of NIS 2 are that essential entities are ‑‑ have different security requirements, they have compliance checks that they need to perform. There is different incident reporting requirements, and they also have to designate an EU representative for coordination on these topics. It also gives a larger role to ENISA, the EU cybersecurity agency, and, importantly, management and even boards can be held personally liable for non‑compliance with some pretty significant fines, up to 2% of annual turnover or €10,000,000.
What's the problem here? We laid out three main arguments here. The QR code that you see there will take you to the section of our website where we include all of our responses to open consultations, so you can find more on NIS 2 and see our response along with all of the other legislative proposals that we have responded to.

When it came to NIS 2 our three main arguments were, first of all this, it could have unintended consequences and overreach, because this directive is trying to regulate route name server operators, even those that are not based in the EU, so that would include, for example, the US Government, and we had questions there about how that would apply to them and how compliance and enforcement could work.

We also think that it encourages other governments to potentially reciprocate with their own national legislation, and of course then you run the risk of divergent legislation, leading to a divergent Internet.

So our second point was that we felt that the Directive, as it's been proposed by the Commission, could potentially actually reduce resilience of the DNS rather than support it because we think that these obligations are quite burdensome on route name server operators.

And third, and possibly most importantly, we felt that the Directive's proposal goes against the multistakeholder approach to Internet governance, and, in particular, that it counters the IANA stewardship transition about who should be in charge of the Internet's core functions.

So, we responded to those in our capacity as k‑root operator because route name servers had been included in the Directive, but we felt we had this larger argument to make as an organisation that's been involved in Internet development for a long time.

So there are also are some other concerns about the Directive that have been raised by other members of the community. Those don't affect the RIPE NCC directly, but there are mandatory identification checks when register domain names, for example, and this applies to all top level domain registries serving EU citizens, even if they are not themselves located within the EU. So, we also feel that this has the potential to place a lot of burden on the registries that's going to lead to higher costs that they will have to pass on to their customers and that, in turn, is going to limit their ability to compete in what really is a global market when you are looking at the registry industry.

And we also have questions about how you could possibly enforce compliance here when you are talking about registries not based within the EU.

So, just very briefly, don't let this slide overwhelm you, but I wanted to take you through very quickly the EU legislative process.

So basically, when the Commission comes up with a new idea or an update to an existing piece of legislation, it goes through these different phases, and there are different points where the public can give its feedback, and this is how the RIPE NCC responded to one of these open consultations. Coincidentally, this is actually just changed, it's going to become a little simplified going forward, but once the Commission comes out with its proposal, it then goes to parliament for a first read and they develop their own position on it so they can come up with amendments that they then vote on in order to adopt that position.

And the Council, which is made up of the EU Member States, also develops its own position, and there are some horizontal working parties that the Commission is actually somewhat involved in that process, along with when it comes to cybersecurity, for example, some other agencies like Europol and ENISA. So, once the three institutions, the Commission, the parliament and the Council, have each developed their own position, it then goes into what's called trilogue negotiations, where the three try to come to an agreed upon compromise that's been adopted by the parliament. And if it's a directive, then it's left to Member States to transpose that into the their national laws. If it's a regulation, it applies across the board to all Member States.

So the parliamentary sessions are a little more transparent while the Council sessions tend to be very closed. As I mentioned, we responded to the public consultation with those three arguments and, at the end of that, we actually explicitly asked for route name servers to be excluded based on those arguments we had laid out. We then engaged with the relevant MEPs who were in charge of the NIS 2 Directive, and we're really happy to report that we have had some success on the parliament side of things at least because the committee in charge of the file actually excluded route name servers in their amendments and they voted on that and that was adopted at the end of October.

So parliament as a whole is going to vote on that in December, but we expect that to go through with the exclusion of route name servers. And I just want to point out here their reasoning in their report because I thought it was really nice. So they said: "Root name servers should be out of scope; regulating them is contrary to the EU's vision of a single, open, neutral, free, secure and unfragmented network and could encourage and empower States advocating for a top‑down, state‑controlled Internet governance approach, instead of the multistakeholder approach."
It's really, really nice to see some of our arguments echoed there.

At this point, it's now up to Council, the EU Member States, to come up with their own position on the Directive and the latest draft of that we saw was from the 11th November, and they may end up proposing to include only providers with a significant footprint in the EU. So for root name server operators, it would be those with more than ten sites in the EU, and that would still include the RIPE NCC. But we're engaging with the Dutch Government and several others and we're trying to explain our arguments and our concerns and the Council's expected to vote on its final adoption of its position on the 3rd December at the Telecommunications Council meeting.

But, what was quite exciting was, just as the session started today, we actually got word that it's possible that there is either a more recent update to their draft position that might be excluding the root name server operators, so we will have to wait to see if that's the case and if that's what's voted on, but that was really, really encouraging to hear.

So, my last slide is, what can you do? Well, you can certainly learn more about the NIS 2 Directive and how it has the possibility to impact you, and I have included there a few of the different articles and recitals of particular importance that I think might be of interest. The QR code there on the side is also that link to the RIPE Labs article that does explain more about all of the different regulation. And it is left up to the Council at this point. You can talk to your government contacts there. We need as much support as we can get from the different Member States, and you can play a part in helping explain the problems that you see and making sure that those technical implications are understood.

And other than that, it's just up to us to keep sharing information, keep the discussion alive on the Cooperation mailing list and on RIPE Labs and to make sure that we're all in the know about different developments, which we will keep doing for you for sure.

So, that's it from me. I am not sure if there is any time for questions.

JULF HELSINGIUS: We are extremely short on time, but there is one question in the Q&A, and there is one comment, so the comment first, which is from Michele Neylon, saying: "The obligation for the main registration applies to registrars and registries, not just registries."
SUZANNE TAYLOR: Yes, that is true.
JULF HELSINGIUS: And the question is from Alexander Isavnin: "Do RIPE NCC participate only in EU open consultations? Will RIPE NCC participate in such consultations in service region outside EU?"

SUZANNE TAYLOR: Yes, so we absolutely do participate in open consultations with other governments across the 76 countries in our service region, and again, you can find the list of all of those on the website if you use the QR code there that I included.

JULF HELSINGIUS: Thank you. This was very, very enlightening, I think, for many of us, and I guess we can continue the discussion on the mailing list, hopefully.

SUZANNE TAYLOR: Yes. Let's do that.

JULF HELSINGIUS: Right. I hand over to Desiree for the next one.

DESIREE MILOSHEVIC: Thank you, Julf. It's my pleasure to introduce our next speaker, who is Anriette Esterhuysen. She is the Chair of the United Nations Internet Governance Multistakeholder Advisory Group. She has been chairing that group for a few years. And we welcome Anriette to tell us a little bit more about the 16th Internet Governance Forum and that will be held in Poland, and we'll have a short journey. The floor is yours, welcome.

ANRIETTE ESTERHUYSEN: Thank you so much, Desiree, for inviting me. It's really a pleasure for me to be in this RIPE meeting. In fact, it wasn't quite intimidating because your meetings are so well organised. As the IGF, we have a lot to learn.
Just to tell you briefly what to expect from this year's IGF and it feels very appropriate to do this after Suzanne's presentation because I think it's precisely because there is such a flood of initiatives to introduce various kinds of regulation that impacts on the Internet, it's precisely that we need the IGF, that we need a space like the IGF, where we can actually talk from a multistakeholder perspective about the intended and the possibly unintended consequences. Just to give you a sense of where the IGF is and the pandemic impacted hugely on the IGF, as on many other forums. And in addition to that, there is the cooperation process within the United Nations, there was this new document released last year, the roadmap for digital cooperation. It was followed up by an options paper. And so there is this whole dialogue at a sort of geopolitical level about what is happening with digital cooperation, the status of it, where it should be located and concentrated, and whether the IGF is sufficiently strong, or effective to be a space for that. So that really has been in the background of the IGF's work this year.

And then, of course, the Internet governance ecosystem keeps expanding. And this raises the question of where does the IGF fit in? What is the specific value add that the Internet Governance Forum brings to this process? A question which I feel Chris Buckridge actually answered really brilliantly in his blog. Then there is also the pressure on the IGF to be outcome‑orientated, but, at the same time, everyone recognises the strength of the IGF is that it doesn't negotiate outcomes. So, this is a bit of a paradox and it impacts on how we try and evolve the IGF. And the goals that are important: inclusion, being relevant, being focused, financial sustainability. Addressing the sort of high level demand for more place in the IGF by governments without losing the IGF's essential community‑driven characters, so all of this is impacting on how we are organising the IGF. You might also have heard of the leadership panel, this is a new structure, calls for nominations went out last week, or about two weeks ago. The deadline is 29 November, and this is a new high‑level body that will play an advisory role but also it's intended to increase the visibility of the IGF. And another new document issued by the United Nations Secretary General called "A Common Agenda", which is proposing ‑ I think very interesting for RIPE participants ‑ the idea of a global digital compact that would then be presented at a summit in 2023.

But we can come back to all of this and how we think the IGF can consolidate its role in these processes. So to talk specifically about where we are now.

The IGF is more than an event. It has these inter‑sessional activities. The best‑practice forums, there are two operating this year: one on cybersecurity, looking at norms and how norm can foster trust and security; and one looking at gender disinformation and misinformation.
Two new networks went to policy this year, the policy network on environment and the policy network and universal and meaningful access. And these policy networks are intended to operate within the framework of the IGF, so they are open and inclusive, anyone can participate in them, but they do try to formulate policy recommendations. So they are a little bit more outcome‑orientated than most other aspect of the IGF. And then dynamic coalitions, there are 22 at the moment, they are self‑organised communities of practice.
And, in fact, some of the IGF's most important work takes place in those completely independent autonomous dynamic coalitions.

There are also national and regional IGF initiatives and these have grown into I think really the ‑‑ in a way where the IGF has taken root and where it's really awareness of multistakeholder Internet governance at a local level. So, there are many of these. We have around 137 at the moment. And I won't dwell on that. I think many of you participate in these. Of course, EuroDIG is a flagship regional IGF.

The structure of the IGF programme this year, it will have a big annual event with more than 200 sessions in these different tracks. High level track for leaders, for all parliamentary, etc. There was also, it's just coming to a close, virtual preparatory engagement phase, and this was a way of building more focus in the discussion, ensuring that we go to the an schedule forum in December with a bit more preparation in the sessional work I have mentioned. It's hybrid, so that's very important and very challenging. It's much easier actually, in 2020 the IGF was fully virtual, we had more than 7,000 participants, or around 7,000, but hybrid is challenging, combining face‑to‑face and online, but that is what we're doing. In other words, we'll use ‑‑ all sessions will have an online dimension even if it is also taking place physically in a room with people sitting listening and speaking.

Important is the issue areas we focus. It's a bit small but I'll just read through them.

The main focus areas are universal access and meaningful connectivity and economic and social inclusion and human rights, and these were developed based on input from the community. Then there are these four areas which are emerging and cross‑cutting, and that might feature again on the programme next year. Emerging regulation, as Suzanne's presentation pointed out, and I said earlier, was a really important concern for the IGF community.

Environmental sustainability and climate change, increasingly important for people in the sector. And then inclusive Internet governance ecosystems, this is what I was talking about, all these new initiatives to facilitate cooperation in the digital sphere, in the world of digital governance and then trust security and stability.

So the programme is structured on these things, and at Council discussion will be captured and documented so that we do have, at the end of the event, key messages in all of those issue areas. You will also find, if you look at the meeting background document, there are actually specific policy questions that came from the community. There are these high‑level tracks. The parliamentary track is interesting, it's focusing specifically on legislative approaches for a user‑centric digital space, quite broad, but they are looking at regulation as well. And then there are other activities, as there usually is at an IGF: There is space for bilateral meetings, there is an IGF village, there are remote hubs in different parts of the world, there will be an exhibition of [lost connection] done by people, there is a competition that the host country is organising, a performance by a pianist, music night and so on. So it is, in fact ‑‑ I am not sure if we'll have as many participants as we did at the Berlin IGF, but we're trying to go on much of the lessons that we learned from Berlin. So we do hope to give people an experience that adds value at different levels.

So, that's it from me. Let's talk a little bit more. I am sure you might have questions. Ill come back to this slide here in case some of you do have questions about some of these more recent developments around the IGF.

And just in closing, I really do want to thank you all of you. There are people in this room right now, in RIPE 83, who are very active supporters of the IGF, and the technical community's participation in these broader general policy discussions is just indispensable. If there isn't good content on the technology, the processes, the protocols that drives the Internet, we won't find good policy being made by decision‑makers, so your participation in the IGF is essential.

Desiree, back to you.

DESIREE MILOSHEVIC: Thank you so much, and also thank you for agreeing to speak today. I am hearing an echo... I may ask some of my co‑chairs to take it over if it continues.

So, in the chat room, we are seeing a lot of hands applaud. Thank you all, and there is no particular questions apart from one from Maria Hall, and I don't know, Maria, if you would like to ask the question or I can read it. The question is:

"What's the background for the IGF leadership programme?" If you'd like to respond to that one.

ANRIETTE ESTERHUYSEN: Thanks for that question, so that dates back to something called the High‑Level Panel on Digital Cooperation which was convened by the UN Secretary General in, I think, 2019, roughly 2018/2019, and the report of this panel then became, or part of the report found its way into the Roadmap For Digital Cooperation. And there was this proposal from the UN Secretary General that a new high level multistakeholder body be established. That was then put out for open consultation again earlier this year. The community responded. The Multistakeholder Advisory Group that I chair did some work on it as well and it was quite contentious, I think there were different perspectives on it. It wasn't clear how it would relate to the existing MAG. So that's really the background.

In the end, what the UN Secretary General decided was to name it not a multistakeholder high‑level body but to name it a leadership panel, and the idea is that it can act as an interface between the IGF, which really exists outside of the UN system, even though it's part of the UN, on a day‑to‑day basis, it operates outside of it. So the idea is that this panel can be a bridge between the IGF and member state processes, intergovernmental processes. It is made up of two people from COO or Minister level from various ‑‑ from all the different stakeholder groups, government business, civil society and technical community. And if you go to the IGF website, you will find a very brief terms of reference for it, as well as explanation of how it would relate to the magnificent and then the call for nominations. But I think, you know, we're still in the implementation, I think we'll have to figure out exactly where it fits in and what it does.

I see Chris is posting the RIPE NCC's comment and response, which was, I think excellent.

DESIREE MILOSHEVIC: Thank you, Anriette. I see there are no more questions, and we know that you have a very tight schedule, so we'd really like to thank you for taking us through all the IGF structure and what we can expect, and hopefully many of us will register online or be there in person.

And with that, I would like to move to the AOB part of the agenda, where we have Peter Koch from the Database Working Group talking about the task force findings and recommendations. If someone could upload Peter's slides. Thank you.

PETER KOCH: Hi, can you see my slides? Thanks to the Chairs for sneaking me in at the final minute for the short presentation of what the Database Requirements Task Force came up with.

So, first of all, our results have, meanwhile, been published as RIPE‑767. You can go to the website and read it all there. We delivered the results to the RIPE Chair as representative of the RIPE community, and now the community has to ‑‑ invited, of course, to digest what the recommendations are and then decide on ways forward.

We have split ourselves and present parts of the recommendations in various Working Groups, partly because there is an easy one‑to‑one of a recommendation in a working group, and, in this case, we have a couple of recommendations regarding the amount of data and accuracy, and so on and so forth, and we don't necessarily expect that the Cooperation Working Group is taking the work up, but there might be stakeholders particularly present in this Working Group that might be interested in the outcomes or recommendations, I should say.

So I'm jumping ahead until, like here, you find the whole slide set uploaded. There is a lot of detail about what we did and how many sessions we had and so on and so forth. The report contains a dozen or so recommendations, and I have picked four for this group to maybe digest and think about.

It's all about technical things, RPSL, RPKI and so on and so forth, but a couple of those, as you see at the end, publishing legal addresses of resource holders or not, and dealing with particular information, personal information in the database.

So, this is one recommendation. We had lots of discussion about what data accuracy actually means because obviously accuracy is something that needs to be weighed against expectations and different stakeholders might have different expectations on what to find. So this is a quote from the report. You can dive in there. And we recommend that the full legal name of the resource holder would be registered, the contact information for admin and texting, we know that, and the country code for where the resource holder is legally based, and that might help certain stakeholders to get to further information.

We did not recognise the full postal address should be a baseline requirement because it's not really for operational coordination; it is present and it can be got to with a certain amount of effort.

Next one:
Next recommendation is about the amount of data and the granularity of information that would be stored in the database. This is already presented to the Address Policy Working Group, if I'm not mistaken, so the basic idea is the resources holders, which usually translates into LIRs, are fully responsible for the registration of their assignments, or whether or not they make assignments in the first place. And our recommendation is that they don't have to submit data for each and every address block they assign into the RIPE database, which is especially important if that are small chunks of address space that are, for example, assigned to individuals to avoid unnecessary personal information in the database. Again, the report contains a bit more of detail, but this is ‑‑ this is an important thing.

We also recommend, at the same time of course, that the assisted registry checks should be continued to make sure that there is a documentation available for the RIPE NCC when it comes to more details of the registration.

Next one...
We generally recommend to get rid of PERSON objects and replace them by ROLE objects, so this is not only a syntactical change, but of course the recommendation goes in the direction of avoiding personal information in the first place, and that should be supported by moving from one type of object to another, even though, of course, you could, if you really dearly wanted, enter personal information and ROLE objects but you aren't supposed to.

And finally, that we could not really arrive at a consensus for the publication of the legal address resource holders. We understand that there are certain needs, but the Database Task Force, after going through the pros and cons, and the community feedback, could not agree on going ahead with a general requirement ‑‑ or, sorry, a general recommendation to publish that legal address of resource holders. There are other ways to get to those and I mentioned the country code of the resource holder in the first place.

And that's basically those four. What's happening next:

The Chair team will coordinate with the relevant Working Groups and various Working Groups, and the community in total will discuss, hopefully discuss what the recommendations are and what to do with them, and there will be a slot in the Community Plenary on, I believe, Friday, if not Thursday, to go in more detail through these recommendations and make the community aware.

Thanks a lot for your attention. And I'll answer any questions if there is time.

DESIREE MILOSHEVIC: Thanks so much, Peter, for running us through the end of the hour, and very briefly presenting the final recommendations. I suggest we take this also to the mailing list, and I'd like to thank everyone who participated, asked questions and given support to the co‑chairs, Julf and Achilleas, and, of course, special thanks to the transcribers and do not forget to rate our session.

Thank you very much, and we look forward to seeing you again.

JULF HELSINGIUS: Thank you, everybody.

ACHILLEAS KEMOS: I look forward to having a real coffee.
(Coffee break)