Dear Fiona, I take your point but in a paragraph about international cybersecurity I don’t see that it matters whether it has been used in WSIS or not. The agreement on what constitutes critical information infrastructure in the UN context postdates WSIS, as does AI and many other things that the review is referencing. It is also easy enough to make clear where this comes from in the text, though candidly anyone working in international cybersecurity policy in multilateral institutions will know what it means, which is the point. Best, Nick -- Nick Ashton-Hart APCO (m) +<tel:+971%2055%209548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Fiona Alexander <fionaa@american.edu> Date: Friday, November 14, 2025 at 7:48 PM To: Mona Gaballa <gaballa@isoc.org>, jen--- via wsis20 <wsis20@icann.org>, Ashton-Hart, Nick <nashtonhart@apcoworldwide.com> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Hi Nick I would actually agree with Mona in the context of WSIS +20. Neither the wording critical Internet infrastcture nor critical information infrastructure are commonly used phrasing in the context of WSIS. Perhaps it might be more common in the various New York based cybersecurity workstreams. Designating something as “critical” irrespective of the additional words can carry a variety of domestic regulatory obligations depending on the national jurisdiction. At the international level it’s not something I’ve seen used in regards to the Internet in this cluster, so as Mona’s comment highlights it doesn’t have an agreed definition, scope or shared understanding. Fiona ________________________________ From: Ashton-Hart, Nick via wsis20 <wsis20@icann.org> Sent: Friday, November 14, 2025 6:07 PM To: Mona Gaballa <gaballa@isoc.org>; jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation External Email: Use caution with links and attachments. Thanks Mona, for sending this around, I have one concern about and otherwise excellent statement. I question deletion of the reference to “critical internet infrastructure” - while the correct term is “critical information infrastructure,” protecting that as a form of critical infrastructure should be something we can all support. Critical infrastructure protection is a different order of magnitude than simply protecting infrastructure is, as critical infrastructure includes those forms of infrastructure which are necessary to life and health. I think we would all agree that the Internet is fundamental to health and welfare in the modern world. I would request that instead of deleting this phrase we simply call for the term to be corrected. I am of course always open to thoughts. -- Nick Ashton-Hart APCO (m) +<tel:+971%2055%209548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Mona Gaballa via wsis20 <wsis20@icann.org> Date: Friday, November 14, 2025 at 2:45 PM To: jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Hi everyone, Please find the Internet Society's intervention during the WSIS+20 Virtual Stakeholder Consultation on Rev1 earlier today. * On behalf of the Internet Society, I would like to begin by thanking you, DESA and the co-facilitators, for keeping the WSIS process as open and transparent as possible, and for welcoming stakeholders views on t views on the first revision of the zero draft. The Internet Society is committed to bridging the digital divide by supporting connectivity and sustainable infrastructure, and to ensuring the Internet remains an open, secure and trusted global resource for everyone. On this occasion, noting time is running short, we would like to offer some general remarks and recommendations to keep the text crisp, concise and action focused. The Internet is empowering more people, more services, and more development opportunities than ever. Which is precisely why the WSIS+20 review outcome document should reinforce what keeps it open, globally connected, secure, and trustworthy. Firstly, we would like to note that the section entitled “Enabling environment for digital development”, should explicitly include elements that help achieve an enabling environment. Paragraph 48 should include measures such as “proportionate taxation and licensing fees, access to finance, facilitation of public-private partnerships, multistakeholder cooperation, national and regional broadband strategies, efficient allocation of radio frequency spectrum, infrastructure sharing models, community-based approaches, and public access facilities.” Secondly, in paragraph 53, we note the reference to “critical Internet infrastructure”, which has no agreed definition, and would like to call for it’s deletion, as the paragraph already importantly recognizes the efforts to protect infrastructure. Additionally, we welcome the substantive changes introduced to the “Internet Governance” section. Including the permanent mandate of the Internet Governance Forum (IGF) and the recognition of the NETmundial+10 guidelines for multistakeholder collaboration and consensus building. As well as paragraph 120 which provides recommendations on how to strengthen coherence between the WSIS vision and GDC commitments. However, paragraph 101, which invites the Secretary-General to make proposals concerning future funding of the IGF , needs to be done in consultation with existing IGF funders and stakeholders to ensure stable, predictable, and sustainable financial support of the Forum. Regarding paragraph 119, we recommend retaining the call for multistakeholder advice to UNGIS to ensure more effective collaboration, information exchange, and to avoid duplication. As we noted in the previous consultation, the Internet Society will keep working with our global community of chapters, individual and organization members to translate these priorities into additional concrete recommendations as the process reaches its final stages. Our aim is the same as yours: a WSIS+20 outcome that people can rally around, that strengthens multistakeholder collaboration, and that keeps the Internet open, globally connected, secure and trustworthy for everyone. Warm regards, Mona Gaballa, Senior Advisor, Institutional Relations gaballa@isoc.org | +19082799933 [cid:b54d5039-cdbb-407d-8656-8b2572ce6bed] internetsociety.org | @internetsociety ________________________________ DATA HANDLING For data handling questions, please view our Privacy Policy<https://urldefense.com/v3/__https://apcoworldwide.com/privacy-policy/__;!!Ia...> or contact us at privacy@apcoworldwide.com<https://urldefense.com/v3/__https://*20privacy@apcoworldwide.com/__;JQ!!IaT_...> with any inquiries. CONFIDENTIALITY This email may contain material that is confidential, privileged and/or work product for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.

Dear all, Thanks to Mona for sharing the Internet Society’s intervention, and to Nick, Fiona, and Israel for the thoughtful points. I just wanted to add my perspective in support of keeping the recommendation to delete the reference to “critical Internet infrastructure.” The Internet is, of course, critical infrastructure in every practical sense. But using “critical Internet infrastructure” as an official term in the WSIS+20 text feels risky because: - There’s no shared definition for it in the WSIS process. - It brings regulatory and security implications that differ widely across countries. - Adding it now could open the door to confusion or to interpretations that support more state control or fragmentation. - The draft already covers the need to protect Internet infrastructure without needing this new term. So in short: the Internet *is *critical, but *the WSIS+20 outcome document shouldn’t adopt terminology that isn’t agreed, defined, or fully understood.* Cheers, Pari On Sat, Nov 15, 2025 at 4:49 PM Israel Rosas via wsis20 <wsis20@icann.org> wrote:

Hi Nick, all,

I think there are at least two aspects to consider about this language. An interesting discussion is whether it strategically makes sense to incorporate these references into the WSIS framework. On the other side, I also wonder about the practical implications of trying to incorporate a term whose shared understanding may be open to different interpretations when negotiators are running out of time in this process.

Best, Isra

Isra Rosas, Director, Partnerships and Internet Development Internet Society *From: *Ashton-Hart, Nick via wsis20 <wsis20@icann.org> *Date: *Saturday, November 15, 2025 at 9:35 AM *To: *Fiona Alexander <fionaa@american.edu>, Mona Gaballa < gaballa@isoc.org>, jen--- via wsis20 <wsis20@icann.org> *Subject: *[wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation

Dear Fiona,

I take your point but in a paragraph about international cybersecurity I don’t see that it matters whether it has been used in WSIS or not. The agreement on what constitutes critical information infrastructure in the UN context postdates WSIS, as does AI and many other things that the review is referencing. It is also easy enough to make clear where this comes from in the text, though candidly anyone working in international cybersecurity policy in multilateral institutions will know what it means, which is the point.

Best, Nick

-- Nick Ashton-Hart APCO (m) + <+971%2055%209548671>1 202 779 1072 nashtonhart@apcoworldwide.com

*From: *Fiona Alexander <fionaa@american.edu> *Date: *Friday, November 14, 2025 at 7:48 PM *To: *Mona Gaballa <gaballa@isoc.org>, jen--- via wsis20 <wsis20@icann.org>, Ashton-Hart, Nick <nashtonhart@apcoworldwide.com> *Subject: *Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation

Hi Nick

I would actually agree with Mona in the context of WSIS +20. Neither the wording critical Internet infrastcture nor critical information infrastructure are commonly used phrasing in the context of WSIS. Perhaps it might be more common in the various New York based cybersecurity workstreams.

Designating something as “critical” irrespective of the additional words can carry a variety of domestic regulatory obligations depending on the national jurisdiction. At the international level it’s not something I’ve seen used in regards to the Internet in this cluster, so as Mona’s comment highlights it doesn’t have an agreed definition, scope or shared understanding.

Fiona ------------------------------ *From:* Ashton-Hart, Nick via wsis20 <wsis20@icann.org> *Sent:* Friday, November 14, 2025 6:07 PM *To:* Mona Gaballa <gaballa@isoc.org>; jen--- via wsis20 <wsis20@icann.org

...

*Subject:* [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation

*External Email:* Use caution with links and attachments. Thanks Mona, for sending this around, I have one concern about and otherwise excellent statement.

I question deletion of the reference to “critical internet infrastructure” - while the correct term is “critical information infrastructure,” protecting that as a form of critical infrastructure should be something we can all support. Critical infrastructure protection is a different order of magnitude than simply protecting infrastructure is, as critical infrastructure includes those forms of infrastructure which are necessary to life and health.

I think we would all agree that the Internet is fundamental to health and welfare in the modern world.

I would request that instead of deleting this phrase we simply call for the term to be corrected.

I am of course always open to thoughts.

-- Nick Ashton-Hart APCO (m) + <+971%2055%209548671>1 202 779 1072 nashtonhart@apcoworldwide.com

*From: *Mona Gaballa via wsis20 <wsis20@icann.org> *Date: *Friday, November 14, 2025 at 2:45 PM *To: *jen--- via wsis20 <wsis20@icann.org> *Subject: *[wsis20] Internet Society's intervention during the WSIS+20 virtual stakeholder consultation

Hi everyone,

Please find the Internet Society's intervention during the WSIS+20 Virtual Stakeholder Consultation on Rev1 earlier today.

- On behalf of the Internet Society, I would like to begin by thanking you, DESA and the co-facilitators, for keeping the WSIS process as open and transparent as possible, and for welcoming stakeholders views on t views on the first revision of the zero draft. The Internet Society is committed to bridging the digital divide by supporting connectivity and sustainable infrastructure, and to ensuring the Internet remains an open, secure and trusted global resource for everyone. On this occasion, noting time is running short, we would like to offer some general remarks and recommendations to keep the text crisp, concise and action focused. The Internet is empowering more people, more services, and more development opportunities than ever. Which is precisely why the WSIS+20 review outcome document should reinforce what keeps it open, globally connected, secure, and trustworthy. Firstly, we would like to note that the section entitled “Enabling environment for digital development”, should explicitly include elements that help achieve an enabling environment. Paragraph 48 should include measures such as “proportionate taxation and licensing fees, access to finance, facilitation of public-private partnerships, multistakeholder cooperation, national and regional broadband strategies, efficient allocation of radio frequency spectrum, infrastructure sharing models, community-based approaches, and public access facilities.” Secondly, in paragraph 53, we note the reference to “critical Internet infrastructure”, which has no agreed definition, and would like to call for it’s deletion, as the paragraph already importantly recognizes the efforts to protect infrastructure. Additionally, we welcome the substantive changes introduced to the “Internet Governance” section. Including the permanent mandate of the Internet Governance Forum (IGF) and the recognition of the NETmundial+10 guidelines for multistakeholder collaboration and consensus building. As well as paragraph 120 which provides recommendations on how to strengthen coherence between the WSIS vision and GDC commitments. However, paragraph 101, which invites the Secretary-General to make proposals concerning future funding of the IGF , needs to be done in consultation with existing IGF funders and stakeholders to ensure stable, predictable, and sustainable financial support of the Forum. Regarding paragraph 119, we recommend retaining the call for multistakeholder advice to UNGIS to ensure more effective collaboration, information exchange, and to avoid duplication. As we noted in the previous consultation, the Internet Society will keep working with our global community of chapters, individual and organization members to translate these priorities into additional concrete recommendations as the process reaches its final stages. Our aim is the same as yours: a WSIS+20 outcome that people can rally around, that strengthens multistakeholder collaboration, and that keeps the Internet open, globally connected, secure and trustworthy for everyone.

Warm regards, *Mona Gaballa*, Senior Advisor, Institutional Relations gaballa@isoc.org | +19082799933 internetsociety.org | @internetsociety

------------------------------

DATA HANDLING

For data handling questions, please view our Privacy Policy <https://urldefense.com/v3/__https://apcoworldwide.com/privacy-policy/__;!!Ia...> or contact us at privacy@apcoworldwide.com <https://urldefense.com/v3/__https://*20privacy@apcoworldwide.com/__;JQ!!IaT_...> with any inquiries.

CONFIDENTIALITY

This email may contain material that is confidential, privileged and/or work product for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________

Learn more about the WSIS+20 Outreach Network and review relevant resources: https://go.icann.org/wsis20

Read the public archives for this mailing list: https://mm.icann.org/pipermail/wsis20/

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-- Pari Esfandiari President *Global TechnoPolitics Forum <http://www.technopolitics.org> * *Pario <http://www.parioconsultants.com>- Architects of Ideas* info@TechnoPolitics.org <info@technopolitics.org> *Linkedin Profile <https://www.linkedin.com/in/pariesfandiari/>* Tel: +1-202*-735-1415* (Office) : +1-310-435-0888 (Cell) : +44-731-210-4049 (Cell)

Hi, the term "Criticial information infrastructure" is established language in the multilateral cybersecurity negotiations under the 1st UNGA Committee and within the OEWG (now the new "Global Mechanism") since years. It has even an own acronym: "CII". This isa differentz von "critical infrastructure" (CI), that is energy, water etc. It is rooted in one of the eleven GGE norms from 2015: "States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions;". The norm was more specified later, inter alia by the recommendations of the Global Commission on Stability in Cyberspace (GCSC) in 2019 which added the need "to protect the public core of the Internet". The GCSC Final Report from 2019 proposed as an additional norm "State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.". The GCSC understanding of the public Internet core included both the "critical Internet ressources" (CIR) as domain names, Internet protocols, IP adresses, as discussed in the WSIS/IGF/ICANN context, as well as the whole underlying infrastructure of servers, (undersea) cables and satellites, as discussed in the various GGEs. A new element in the proposed GCSC norm was, that it calls on "state and non-state actors", that is, it went beyond the "narrow approach" of the GGEs/OEWG, which included only state actors, and supports the inclusion of non-govcernmental stakeholderrs in cybersecurity negotiations, an issue which is still unsettled in the new "Global Mechanism". Insofar it would make sense a. to avoid new language as "critical Internet infrastructure" and to go back to "critical information infrastrutcure" (CII) and b. to have stronger references to the UN cybersecurity negotiations and to call for the inclusion of non-governmental stakeholders in the new "Global Mechanism" . Wolfgang Ashton-Hart, Nick via wsis20 <wsis20@icann.org> hat am 15.11.2025 15:33 CET geschrieben:

Dear Fiona,

I take your point but in a paragraph about international cybersecurity I don’t see that it matters whether it has been used in WSIS or not. The agreement on what constitutes critical information infrastructure in the UN context postdates WSIS, as does AI and many other things that the review is referencing. It is also easy enough to make clear where this comes from in the text, though candidly anyone working in international cybersecurity policy in multilateral institutions will know what it means, which is the point.

Best, Nick

-- Nick Ashton-Hart APCO (m) + tel:+9715595486711 202 779 1072 nashtonhart@apcoworldwide.com mailto:nashtonhart@apcoworldwide.com

From: Fiona Alexander <fionaa@american.edu> Date: Friday, November 14, 2025 at 7:48 PM To: Mona Gaballa <gaballa@isoc.org>, jen--- via wsis20 <wsis20@icann.org>, Ashton-Hart, Nick <nashtonhart@apcoworldwide.com> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation

Hi Nick

I would actually agree with Mona in the context of WSIS +20. Neither the wording critical Internet infrastcture nor critical information infrastructure are commonly used phrasing in the context of WSIS. Perhaps it might be more common in the various New York based cybersecurity workstreams.

Designating something as “critical” irrespective of the additional words can carry a variety of domestic regulatory obligations depending on the national jurisdiction. At the international level it’s not something I’ve seen used in regards to the Internet in this cluster, so as Mona’s comment highlights it doesn’t have an agreed definition, scope or shared understanding.

Fiona

--------------------------------------------- From: Ashton-Hart, Nick via wsis20 <wsis20@icann.org> Sent: Friday, November 14, 2025 6:07 PM To: Mona Gaballa <gaballa@isoc.org>; jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation

External Email: Use caution with links and attachments. Thanks Mona, for sending this around, I have one concern about and otherwise excellent statement.

I question deletion of the reference to “critical internet infrastructure” - while the correct term is “critical information infrastructure,” protecting that as a form of critical infrastructure should be something we can all support. Critical infrastructure protection is a different order of magnitude than simply protecting infrastructure is, as critical infrastructure includes those forms of infrastructure which are necessary to life and health.

I think we would all agree that the Internet is fundamental to health and welfare in the modern world.

I would request that instead of deleting this phrase we simply call for the term to be corrected.

I am of course always open to thoughts.

-- Nick Ashton-Hart APCO (m) + tel:+9715595486711 202 779 1072 nashtonhart@apcoworldwide.com mailto:nashtonhart@apcoworldwide.com

From: Mona Gaballa via wsis20 <wsis20@icann.org> Date: Friday, November 14, 2025 at 2:45 PM To: jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Internet Society's intervention during the WSIS+20 virtual stakeholder consultation

Hi everyone,

Please find the Internet Society's intervention during the WSIS+20 Virtual Stakeholder Consultation on Rev1 earlier today. * On behalf of the Internet Society, I would like to begin by thanking you, DESA and the co-facilitators, for keeping the WSIS process as open and transparent as possible, and for welcoming stakeholders views on t views on the first revision of the zero draft.

The Internet Society is committed to bridging the digital divide by supporting connectivity and sustainable infrastructure, and to ensuring the Internet remains an open, secure and trusted global resource for everyone.

On this occasion, noting time is running short, we would like to offer some general remarks and recommendations to keep the text crisp, concise and action focused.

The Internet is empowering more people, more services, and more development opportunities than ever. Which is precisely why the WSIS+20 review outcome document should reinforce what keeps it open, globally connected, secure, and trustworthy.

Firstly, we would like to note that the section entitled “Enabling environment for digital development”, should explicitly include elements that help achieve an enabling environment.

Paragraph 48 should include measures such as “proportionate taxation and licensing fees, access to finance, facilitation of public-private partnerships, multistakeholder cooperation, national and regional broadband strategies, efficient allocation of radio frequency spectrum, infrastructure sharing models, community-based approaches, and public access facilities.”

Secondly, in paragraph 53, we note the reference to “critical Internet infrastructure”, which has no agreed definition, and would like to call for it’s deletion, as the paragraph already importantly recognizes the efforts to protect infrastructure.

Additionally, we welcome the substantive changes introduced to the “Internet Governance” section.

Including the permanent mandate of the Internet Governance Forum (IGF) and the recognition of the NETmundial+10 guidelines for multistakeholder collaboration and consensus building.

As well as paragraph 120 which provides recommendations on how to strengthen coherence between the WSIS vision and GDC commitments.

However, paragraph 101, which invites the Secretary-General to make proposals concerning future funding of the IGF , needs to be done in consultation with existing IGF funders and stakeholders to ensure stable, predictable, and sustainable financial support of the Forum.

Regarding paragraph 119, we recommend retaining the call for multistakeholder advice to UNGIS to ensure more effective collaboration, information exchange, and to avoid duplication.

As we noted in the previous consultation, the Internet Society will keep working with our global community of chapters, individual and organization members to translate these priorities into additional concrete recommendations as the process reaches its final stages.

Our aim is the same as yours: a WSIS+20 outcome that people can rally around, that strengthens multistakeholder collaboration, and that keeps the Internet open, globally connected, secure and trustworthy for everyone.

Warm regards, Mona Gaballa, Senior Advisor, Institutional Relations gaballa@isoc.org | +19082799933 internetsociety.org | @internetsociety

--------------------------------------------- DATA HANDLING

For data handling questions, please view our Privacy Policy https://urldefense.com/v3/__https://apcoworldwide.com/privacy-policy/__;!!Ia... or contact us at privacy@apcoworldwide.com https://urldefense.com/v3/__https://*20privacy@apcoworldwide.com/__;JQ!!IaT_... with any inquiries.

CONFIDENTIALITY

This email may contain material that is confidential, privileged and/or work product for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________ Learn more about the WSIS+20 Outreach Network and review relevant resources: https://go.icann.org/wsis20 Read the public archives for this mailing list: https://mm.icann.org/pipermail/wsis20/ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Thanks Fiona, we’re going to have to agree to disagree here. In particular on the assertion that WSIS is not a creature of NY processes generally speaking given the opposite is true. WSIS was adopted in NY, it is reviewed in NY - not just every 10 years, but annually - and its concepts have been mainstreamed in the work coming out of NY since it was adopted by UNGA in the first instance. The technical follow up has traditionally largely taken place at an operational level particularly in Geneva, but nobody should be in any doubt that there is no WSIS without the UN in New York. The issues that were once siloed in WSIS have not been for many years as the resolutions I reference are only two of many, many examples. As to your point about the public core to my way of thinking that’s neither here nor there: the discussion has been about whether the existing and recognized term, since 2004, of “critical information infrastructure” should be referenced by WSIS. Best, Nick -- Nick Ashton-Hart APCO (m) +<tel:+971%2055%209548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Fiona Alexander <fionaa@american.edu> Date: Saturday, November 15, 2025 at 1:09 PM To: Wolfgang Kleinwächter <wolfgang@kleinwaechter.info>, Ashton-Hart, Nick <nashtonhart@apcoworldwide.com>, Ashton-Hart, Nick via wsis20 <wsis20@icann.org>, Mona Gaballa <gaballa@isoc.org> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Thank you Wolfgang for all the helpful background and Nick for your perspectives. I think though it helps reinforce my point. These terms have a long fought history in the NY based cybersecurity silo, but they are not broadly used, agreed or even perhaps understood outside of that, even in the expert technical UN agencies in places like Geneva. WSIS and all that goes with it are not creatures of the NY processes generally speaking and it is why the heading of this section is “building confidence and security in the use of ICTs” - the 2000 language which predates OEWG and I believe even the GGE cyber norms work. Also to point out the GCSC public core norm wasn’t accepted in GGE, at least that is my recollection. i am not sure this resolution and associated modalities provide the space to bring about a shared and agreed understanding of a what can be a loaded term. Fiona ________________________________ From: Wolfgang Kleinwächter <wolfgang@kleinwaechter.info> Sent: Saturday, November 15, 2025 11:24 AM To: Ashton-Hart, Nick <nashtonhart@apcoworldwide.com>; Ashton-Hart, Nick via wsis20 <wsis20@icann.org>; Fiona Alexander <fionaa@american.edu>; Mona Gaballa <gaballa@isoc.org> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation External Email: Use caution with links and attachments. Hi, the term "Criticial information infrastructure" is established language in the multilateral cybersecurity negotiations under the 1st UNGA Committee and within the OEWG (now the new "Global Mechanism") since years. It has even an own acronym: "CII". This isa differentz von "critical infrastructure" (CI), that is energy, water etc. It is rooted in one of the eleven GGE norms from 2015: "States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions;". The norm was more specified later, inter alia by the recommendations of the Global Commission on Stability in Cyberspace (GCSC) in 2019 which added the need "to protect the public core of the Internet". The GCSC Final Report from 2019 proposed as an additional norm "State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.". The GCSC understanding of the public Internet core included both the "critical Internet ressources" (CIR) as domain names, Internet protocols, IP adresses, as discussed in the WSIS/IGF/ICANN context, as well as the whole underlying infrastructure of servers, (undersea) cables and satellites, as discussed in the various GGEs. A new element in the proposed GCSC norm was, that it calls on "state and non-state actors", that is, it went beyond the "narrow approach" of the GGEs/OEWG, which included only state actors, and supports the inclusion of non-govcernmental stakeholderrs in cybersecurity negotiations, an issue which is still unsettled in the new "Global Mechanism". Insofar it would make sense a. to avoid new language as "critical Internet infrastructure" and to go back to "critical information infrastrutcure" (CII) and b. to have stronger references to the UN cybersecurity negotiations and to call for the inclusion of non-governmental stakeholders in the new "Global Mechanism" . Wolfgang Ashton-Hart, Nick via wsis20 <wsis20@icann.org> hat am 15.11.2025 15:33 CET geschrieben: Dear Fiona, I take your point but in a paragraph about international cybersecurity I don’t see that it matters whether it has been used in WSIS or not. The agreement on what constitutes critical information infrastructure in the UN context postdates WSIS, as does AI and many other things that the review is referencing. It is also easy enough to make clear where this comes from in the text, though candidly anyone working in international cybersecurity policy in multilateral institutions will know what it means, which is the point. Best, Nick -- Nick Ashton-Hart APCO (m) +<tel:+971559548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Fiona Alexander <fionaa@american.edu> Date: Friday, November 14, 2025 at 7:48 PM To: Mona Gaballa <gaballa@isoc.org>, jen--- via wsis20 <wsis20@icann.org>, Ashton-Hart, Nick <nashtonhart@apcoworldwide.com> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Hi Nick I would actually agree with Mona in the context of WSIS +20. Neither the wording critical Internet infrastcture nor critical information infrastructure are commonly used phrasing in the context of WSIS. Perhaps it might be more common in the various New York based cybersecurity workstreams. Designating something as “critical” irrespective of the additional words can carry a variety of domestic regulatory obligations depending on the national jurisdiction. At the international level it’s not something I’ve seen used in regards to the Internet in this cluster, so as Mona’s comment highlights it doesn’t have an agreed definition, scope or shared understanding. Fiona ________________________________ From: Ashton-Hart, Nick via wsis20 <wsis20@icann.org> Sent: Friday, November 14, 2025 6:07 PM To: Mona Gaballa <gaballa@isoc.org>; jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation External Email: Use caution with links and attachments. Thanks Mona, for sending this around, I have one concern about and otherwise excellent statement. I question deletion of the reference to “critical internet infrastructure” - while the correct term is “critical information infrastructure,” protecting that as a form of critical infrastructure should be something we can all support. Critical infrastructure protection is a different order of magnitude than simply protecting infrastructure is, as critical infrastructure includes those forms of infrastructure which are necessary to life and health. I think we would all agree that the Internet is fundamental to health and welfare in the modern world. I would request that instead of deleting this phrase we simply call for the term to be corrected. I am of course always open to thoughts. -- Nick Ashton-Hart APCO (m) +<tel:+971559548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Mona Gaballa via wsis20 <wsis20@icann.org> Date: Friday, November 14, 2025 at 2:45 PM To: jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Hi everyone, Please find the Internet Society's intervention during the WSIS+20 Virtual Stakeholder Consultation on Rev1 earlier today. * On behalf of the Internet Society, I would like to begin by thanking you, DESA and the co-facilitators, for keeping the WSIS process as open and transparent as possible, and for welcoming stakeholders views on t views on the first revision of the zero draft. The Internet Society is committed to bridging the digital divide by supporting connectivity and sustainable infrastructure, and to ensuring the Internet remains an open, secure and trusted global resource for everyone. On this occasion, noting time is running short, we would like to offer some general remarks and recommendations to keep the text crisp, concise and action focused. The Internet is empowering more people, more services, and more development opportunities than ever. Which is precisely why the WSIS+20 review outcome document should reinforce what keeps it open, globally connected, secure, and trustworthy. Firstly, we would like to note that the section entitled “Enabling environment for digital development”, should explicitly include elements that help achieve an enabling environment. Paragraph 48 should include measures such as “proportionate taxation and licensing fees, access to finance, facilitation of public-private partnerships, multistakeholder cooperation, national and regional broadband strategies, efficient allocation of radio frequency spectrum, infrastructure sharing models, community-based approaches, and public access facilities.” Secondly, in paragraph 53, we note the reference to “critical Internet infrastructure”, which has no agreed definition, and would like to call for it’s deletion, as the paragraph already importantly recognizes the efforts to protect infrastructure. Additionally, we welcome the substantive changes introduced to the “Internet Governance” section. Including the permanent mandate of the Internet Governance Forum (IGF) and the recognition of the NETmundial+10 guidelines for multistakeholder collaboration and consensus building. As well as paragraph 120 which provides recommendations on how to strengthen coherence between the WSIS vision and GDC commitments. However, paragraph 101, which invites the Secretary-General to make proposals concerning future funding of the IGF , needs to be done in consultation with existing IGF funders and stakeholders to ensure stable, predictable, and sustainable financial support of the Forum. Regarding paragraph 119, we recommend retaining the call for multistakeholder advice to UNGIS to ensure more effective collaboration, information exchange, and to avoid duplication. As we noted in the previous consultation, the Internet Society will keep working with our global community of chapters, individual and organization members to translate these priorities into additional concrete recommendations as the process reaches its final stages. Our aim is the same as yours: a WSIS+20 outcome that people can rally around, that strengthens multistakeholder collaboration, and that keeps the Internet open, globally connected, secure and trustworthy for everyone. Warm regards, Mona Gaballa, Senior Advisor, Institutional Relations gaballa@isoc.org | +19082799933 [cid:b54d5039-cdbb-407d-8656-8b2572ce6bed] internetsociety.org | @internetsociety ________________________________ DATA HANDLING For data handling questions, please view our Privacy Policy<https://urldefense.com/v3/__https://apcoworldwide.com/privacy-policy/__;!!Ia...> or contact us at privacy@apcoworldwide.com<https://urldefense.com/v3/__https://*20privacy@apcoworldwide.com/__;JQ!!IaT_...> with any inquiries. CONFIDENTIALITY This email may contain material that is confidential, privileged and/or work product for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________ Learn more about the WSIS+20 Outreach Network and review relevant resources: https://go.icann.org/wsis20 Read the public archives for this mailing list: https://mm.icann.org/pipermail/wsis20/ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Thanks, everyone, for paying attention to this important issue. Agree with Mona and Fiona, and one should read para 53 of the WSIS+20 rev. 1, in its entirety, “We commend the significant efforts that have been taken by governments, the private sector, civil society and the technical community to build confidence and security and protect infrastructure, including critical Internet infrastructure, services, transactions and other digital activity, from the rising threat of malicious cyber activities and physical risks to infrastructure.” The first mentioning of infrastructure includes all infrastructure, so one could question why there’s a need to stress on one particular infrastructure, which (as Wolfgang mentioned) has no definition in other UN documents. When a new term, which is not defined, is included, it may cause more problems than provide solutions, and in this particular case it’s not even clear what the solution is, and to which problem. Wolfgang, you are right about the critical information infrastructure, but the norm from the GGE was not “more specified later” by the GCSC, because the two bodies were not even similar; one is under the UN umbrella, the other is not. GCSC may have specified whatever they want, but it doesn’t mean the UN will take their specification and use it in the UNGA resolutions. Nick, not sure what you mean that WSIS is “reviewed in NY… annually”. WSIS is noted in each ICT resolution, but that’s different from “reviewed”. The reviews are two - in 2015 and this year. Hope this is helpful. Best regards, Veni On Nov 15, 2025, at 16:35, Ashton-Hart, Nick via wsis20 <wsis20@icann.org> wrote:  Thanks Fiona, we’re going to have to agree to disagree here. In particular on the assertion that WSIS is not a creature of NY processes generally speaking given the opposite is true. WSIS was adopted in NY, it is reviewed in NY - not just every 10 years, but annually - and its concepts have been mainstreamed in the work coming out of NY since it was adopted by UNGA in the first instance. The technical follow up has traditionally largely taken place at an operational level particularly in Geneva, but nobody should be in any doubt that there is no WSIS without the UN in New York. The issues that were once siloed in WSIS have not been for many years as the resolutions I reference are only two of many, many examples. As to your point about the public core to my way of thinking that’s neither here nor there: the discussion has been about whether the existing and recognized term, since 2004, of “critical information infrastructure” should be referenced by WSIS. Best, Nick -- Nick Ashton-Hart APCO (m) +<tel:+971%2055%209548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Fiona Alexander <fionaa@american.edu> Date: Saturday, November 15, 2025 at 1:09 PM To: Wolfgang Kleinwächter <wolfgang@kleinwaechter.info>, Ashton-Hart, Nick <nashtonhart@apcoworldwide.com>, Ashton-Hart, Nick via wsis20 <wsis20@icann.org>, Mona Gaballa <gaballa@isoc.org> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Thank you Wolfgang for all the helpful background and Nick for your perspectives. I think though it helps reinforce my point. These terms have a long fought history in the NY based cybersecurity silo, but they are not broadly used, agreed or even perhaps understood outside of that, even in the expert technical UN agencies in places like Geneva. WSIS and all that goes with it are not creatures of the NY processes generally speaking and it is why the heading of this section is “building confidence and security in the use of ICTs” - the 2000 language which predates OEWG and I believe even the GGE cyber norms work. Also to point out the GCSC public core norm wasn’t accepted in GGE, at least that is my recollection. i am not sure this resolution and associated modalities provide the space to bring about a shared and agreed understanding of a what can be a loaded term. Fiona ________________________________ From: Wolfgang Kleinwächter <wolfgang@kleinwaechter.info> Sent: Saturday, November 15, 2025 11:24 AM To: Ashton-Hart, Nick <nashtonhart@apcoworldwide.com>; Ashton-Hart, Nick via wsis20 <wsis20@icann.org>; Fiona Alexander <fionaa@american.edu>; Mona Gaballa <gaballa@isoc.org> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation External Email: Use caution with links and attachments. Hi, the term "Criticial information infrastructure" is established language in the multilateral cybersecurity negotiations under the 1st UNGA Committee and within the OEWG (now the new "Global Mechanism") since years. It has even an own acronym: "CII". This isa differentz von "critical infrastructure" (CI), that is energy, water etc. It is rooted in one of the eleven GGE norms from 2015: "States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions;". The norm was more specified later, inter alia by the recommendations of the Global Commission on Stability in Cyberspace (GCSC) in 2019 which added the need "to protect the public core of the Internet". The GCSC Final Report from 2019 proposed as an additional norm "State and non-state actors should neither conduct nor knowingly allow activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet, and therefore the stability of cyberspace.". The GCSC understanding of the public Internet core included both the "critical Internet ressources" (CIR) as domain names, Internet protocols, IP adresses, as discussed in the WSIS/IGF/ICANN context, as well as the whole underlying infrastructure of servers, (undersea) cables and satellites, as discussed in the various GGEs. A new element in the proposed GCSC norm was, that it calls on "state and non-state actors", that is, it went beyond the "narrow approach" of the GGEs/OEWG, which included only state actors, and supports the inclusion of non-govcernmental stakeholderrs in cybersecurity negotiations, an issue which is still unsettled in the new "Global Mechanism". Insofar it would make sense a. to avoid new language as "critical Internet infrastructure" and to go back to "critical information infrastrutcure" (CII) and b. to have stronger references to the UN cybersecurity negotiations and to call for the inclusion of non-governmental stakeholders in the new "Global Mechanism" . Wolfgang Ashton-Hart, Nick via wsis20 <wsis20@icann.org> hat am 15.11.2025 15:33 CET geschrieben: Dear Fiona, I take your point but in a paragraph about international cybersecurity I don’t see that it matters whether it has been used in WSIS or not. The agreement on what constitutes critical information infrastructure in the UN context postdates WSIS, as does AI and many other things that the review is referencing. It is also easy enough to make clear where this comes from in the text, though candidly anyone working in international cybersecurity policy in multilateral institutions will know what it means, which is the point. Best, Nick -- Nick Ashton-Hart APCO (m) +<tel:+971559548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Fiona Alexander <fionaa@american.edu> Date: Friday, November 14, 2025 at 7:48 PM To: Mona Gaballa <gaballa@isoc.org>, jen--- via wsis20 <wsis20@icann.org>, Ashton-Hart, Nick <nashtonhart@apcoworldwide.com> Subject: Re: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Hi Nick I would actually agree with Mona in the context of WSIS +20. Neither the wording critical Internet infrastcture nor critical information infrastructure are commonly used phrasing in the context of WSIS. Perhaps it might be more common in the various New York based cybersecurity workstreams. Designating something as “critical” irrespective of the additional words can carry a variety of domestic regulatory obligations depending on the national jurisdiction. At the international level it’s not something I’ve seen used in regards to the Internet in this cluster, so as Mona’s comment highlights it doesn’t have an agreed definition, scope or shared understanding. Fiona ________________________________ From: Ashton-Hart, Nick via wsis20 <wsis20@icann.org> Sent: Friday, November 14, 2025 6:07 PM To: Mona Gaballa <gaballa@isoc.org>; jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Re: Internet Society's intervention during the WSIS+20 virtual stakeholder consultation External Email: Use caution with links and attachments. Thanks Mona, for sending this around, I have one concern about and otherwise excellent statement. I question deletion of the reference to “critical internet infrastructure” - while the correct term is “critical information infrastructure,” protecting that as a form of critical infrastructure should be something we can all support. Critical infrastructure protection is a different order of magnitude than simply protecting infrastructure is, as critical infrastructure includes those forms of infrastructure which are necessary to life and health. I think we would all agree that the Internet is fundamental to health and welfare in the modern world. I would request that instead of deleting this phrase we simply call for the term to be corrected. I am of course always open to thoughts. -- Nick Ashton-Hart APCO (m) +<tel:+971559548671>1 202 779 1072 nashtonhart@apcoworldwide.com<mailto:nashtonhart@apcoworldwide.com> From: Mona Gaballa via wsis20 <wsis20@icann.org> Date: Friday, November 14, 2025 at 2:45 PM To: jen--- via wsis20 <wsis20@icann.org> Subject: [wsis20] Internet Society's intervention during the WSIS+20 virtual stakeholder consultation Hi everyone, Please find the Internet Society's intervention during the WSIS+20 Virtual Stakeholder Consultation on Rev1 earlier today. * On behalf of the Internet Society, I would like to begin by thanking you, DESA and the co-facilitators, for keeping the WSIS process as open and transparent as possible, and for welcoming stakeholders views on t views on the first revision of the zero draft. The Internet Society is committed to bridging the digital divide by supporting connectivity and sustainable infrastructure, and to ensuring the Internet remains an open, secure and trusted global resource for everyone. On this occasion, noting time is running short, we would like to offer some general remarks and recommendations to keep the text crisp, concise and action focused. The Internet is empowering more people, more services, and more development opportunities than ever. Which is precisely why the WSIS+20 review outcome document should reinforce what keeps it open, globally connected, secure, and trustworthy. Firstly, we would like to note that the section entitled “Enabling environment for digital development”, should explicitly include elements that help achieve an enabling environment. Paragraph 48 should include measures such as “proportionate taxation and licensing fees, access to finance, facilitation of public-private partnerships, multistakeholder cooperation, national and regional broadband strategies, efficient allocation of radio frequency spectrum, infrastructure sharing models, community-based approaches, and public access facilities.” Secondly, in paragraph 53, we note the reference to “critical Internet infrastructure”, which has no agreed definition, and would like to call for it’s deletion, as the paragraph already importantly recognizes the efforts to protect infrastructure. Additionally, we welcome the substantive changes introduced to the “Internet Governance” section. Including the permanent mandate of the Internet Governance Forum (IGF) and the recognition of the NETmundial+10 guidelines for multistakeholder collaboration and consensus building. As well as paragraph 120 which provides recommendations on how to strengthen coherence between the WSIS vision and GDC commitments. However, paragraph 101, which invites the Secretary-General to make proposals concerning future funding of the IGF , needs to be done in consultation with existing IGF funders and stakeholders to ensure stable, predictable, and sustainable financial support of the Forum. Regarding paragraph 119, we recommend retaining the call for multistakeholder advice to UNGIS to ensure more effective collaboration, information exchange, and to avoid duplication. As we noted in the previous consultation, the Internet Society will keep working with our global community of chapters, individual and organization members to translate these priorities into additional concrete recommendations as the process reaches its final stages. Our aim is the same as yours: a WSIS+20 outcome that people can rally around, that strengthens multistakeholder collaboration, and that keeps the Internet open, globally connected, secure and trustworthy for everyone. Warm regards, Mona Gaballa, Senior Advisor, Institutional Relations gaballa@isoc.org | +19082799933 <Outlook-4s5kixou.png> internetsociety.org | @internetsociety ________________________________ DATA HANDLING For data handling questions, please view our Privacy Policy<https://urldefense.com/v3/__https://apcoworldwide.com/privacy-policy/__;!!Ia...> or contact us at privacy@apcoworldwide.com<https://urldefense.com/v3/__https://*20privacy@apcoworldwide.com/__;JQ!!IaT_...> with any inquiries. CONFIDENTIALITY This email may contain material that is confidential, privileged and/or work product for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________ Learn more about the WSIS+20 Outreach Network and review relevant resources: https://go.icann.org/wsis20 Read the public archives for this mailing list: https://mm.icann.org/pipermail/wsis20/ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ Learn more about the WSIS+20 Outreach Network and review relevant resources: https://urldefense.com/v3/__https://go.icann.org/wsis20__;!!PtGJab4!9GNUZMzy... [go[.]icann[.]org] Read the public archives for this mailing list: https://mm.icann.org/pipermail/wsis20/ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy ) and the website Terms of Service (https://www.icann.org/privacy/tos ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.