IGF 2025 - Day 3 - Workshop Room 2 - WS #106 Promoting Responsible Internet Practices in Infrastructure

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> DAVID SNEAD: Good afternoon everybody. Thanks so much for coming to our panel today. I'm David Snead hosting secure hosting alliance is a global initiative that is focused on improving safety and accountability and trust in the hosting industry. And we have great panel for you today. The panel this is actually going to be a typical panel presentation where we're going to have folks receive questions and provide answers as opposed to providing presentations.

So on the desk here, we have Jacqueline van de Werken, head of internet governance office in Portugal. Colleague Christian Dawson going to be our online moderator. Online we have Vivek Goyal of L.R., Lawrence Olawale‑Roberts Microboss. Irina Daneliya from the DRR Taylor, and Julija Kalpokiene from the Internet and Jurisdiction Policy Network.

So we have quite a number of people here. What I would like to do though is if folks have questions, please ask your questions during the presentation today opposed saving them to the end. Like to make statements folks are saying, not to questions. Save those to the end to not interrupt the flow here. So what I would like to is start off with some warmup questions.

So people would raise their hands and answer to these questions. Who here has heard of the term infrastructure provider in the context of internet governance? Raise your hand. If you or your employer are involved in leading on third‑party for web hosting or DNS providing? Worked on policies relating to harmful content? Give me an idea where people are and where their expertise lies. What I like to do to start off with is have the panelists talk about where they are or where their orientation is in the internet infrastructure. I would like to start off with Jacqueline. Talk about hosting.

>> JACQUELINE van de WERKEN: Thank you so much. So I'm Jacquelin van de Werken, civil society globally, Dutch sovereign, undertaking business all over world and leadership and owners are from the Netherlands technology based. So it means infrastructure surface so that the lowest layer in the stack.

And I also am here not only representing lesa cloud community, all members doing the same, and also Sysbee clouded infrastructure providers in Europe. There we have 34 members and we all like to share with you our ethical approach and private public cooperation approach to combat abuse and share with you combat abuse share with you, what our problems are next in planning what is appropriate approach for legislation.

So also David asked me, what actually happens when a user wants to see a website and how does it relate to the lowest layer in the stack? So that is because of the experience that if you go to a website and type in the name, any consumer or any user on the internet could do that, and then you see obviously the name of the website.

So the name through the DNS machine, of course, domain names or system, server or system. Convert in the IP address. IP address is key to the everything because typically, hosting provider, truest providers are owners and registered parties and ICANN, write and also in, of course, owners of the IP internet address.

Ownership gives a lot of responsibility and a lot of accountability, not always possible for the ES provider to execute on it. Gatekeeper and the gate, sort of the gate to any abuse measures.

On the other side, no management on content. No awareness of any content. Just only step in the chain of many commercial parties in between before website is demonstrated to the user. Maybe CDN network, caching or other resellers. So many in between chain dependency really. That's very beneficial to us to be here to speak to you but also regulators to explain how technically it's working, how regulation or private public cooperation can be efficient and effective because most of the time, it's really not. And so thanks.

>> DAVID SNEAD: Great.

>> BENNY VASQUEZ: Benny Vasquez, I am here representing Monolix. Primarily my time in the space is around software whether it's commercial or open source. I have spent a lot of time building communities in those spaces, give any kind of unique view for what, the interactions between IGF and infrastructure space in general.

>> DAVID SNEAD: Great. Thanks.

>> ANA NEVES: I'm Ana Neves from Portugal from the government as a stakeholder and I will be here not only to talk about regulation, but about other ways that governments could find useful to better serve well infrastructure providers and to holders of the cloud and how to better serve citizens. Thank you.

>> DAVID SNEAD: Great. Thanks. I would like to go to the folks online. Would you just talk a little bit about what your position is.

>> VIVEK GOYAL: Sure. Thank you David. Glad to be here. I am Vivek Goyal, Mumbai, India. Cofounder online brand protection company. Daily basis, we work with businesses and brands across the world and help them fight abuse. When we are daily spaces, identify abuse, harms, not only brands general public daily basis, work with internet providers, all manners of people, build whole chain that makes abuse happen, and request for help to take down the abuse. So I can share my views on our abuses in perpetuity and how infrastructure providers can do more to help take down directly.

>> DAVID SNEAD: Thanks. 

>> JULIJA KALPOKIENE: Pleasure to be here. Consultant on Tradix network and practicing lawyer. Doing this digital angle and regulatory perspective in Tradix Policy Network at the moment with my colleague, who is in person at the IGF.

We work on facilitating the Internet Infrastructure Forum which is effort to bridge the silos across the internet infrastructure, and this effort is facilitated by the Internet Jurisdiction Policy Network and, together, partnership with the industry association, see and clean DNS supported by the industry signed PAR Google, identity digital cloud fair, and AMS.

Effort is to improve coordination anti‑abuse efforts among infrastructure operators in their respective roles and capabilities perspective working with the industry on policy matters.

>> LAWRENCE OLAWALE‑ROBERTS: Thank you. Good day to everyone. So my name is Lawrence Olawale‑Roberts, Chief Executive of Microboss, midsize technology operating out of Nigeria, building out small networks in terms of structural. Have also participated on global project that connected Nigeria to Portugal and South Africa, so very much in the infrastructure and tech space.

What I have seen in terms of local practice gives good idea challenges are and definitely when we started this cause, can talk about means of mitigating this, but interesting perspective. Cause some challenges that funding and accessibility brings in local context. Back to you.

>> DAVID SNEAD: Great. Thanks Lawrence. Back to you. 

>> IRINA DANELIYA: Joining you from Moscow, Russia. Coordination center for the RU, manager for in‑country code top‑level domain names. We are responsible for making this domain, making people to be able to register domain name and to use them. We developed terms and conditions of the domain names registration together with technical partners, ensure support of registry, registry database and DNS service, but in addition to domain name registration, develop and support various projects aiming to ensure security of our domain names space. And also, social and educational projects in various areas. Back to you.

>> DAVID SNEAD: Super. We have in the room today folks who represent pretty much entire internet stack, but one of the things that is seems to be kind of difficult among folks in this industry and in this space is actually communication. So one thing to make a positive impact is the need for all the folks who are involved in this stack to trust each other so DNS providers need to trust hosts. Hosts need to trust ISPs. Hosts need to trust software providers. Why don't we start off with Julija, if you could just, folks on the panel could just talk a little bit about one step the industry could do to facilitate more trust in the environment.

>> JULIJA KALPOKIENE: Well spotted. Trust is very important for any work together. For effectiveness, trust is paramount. And when we look at responsible internet practices, for example, it is very important in abuse mitigation that appropriate action or actions are taken by the appropriate actors or actor of the appropriate level of the infrastructure at an appropriate time.

So in order to ensure effectiveness, and it's not just whack‑a‑mole where there is abuse one place, action is taken and resurfaces elsewhere. It is important that there is this trust and coordination and concerted action at the right level at the right time.

For that, many different things are very important including trust, which is the foundation for that, but also, coordinating, exchanging information, and so on.

So exactly that, trying to do, and started internet infrastructure forum, first thing to ensure everyone across the infrastructure talking the same language, understand each other, know what who is doing, what and when and how bringing people together go. So far, not been a place where those discussions could happen in the safe environment.

That is the effort we are currently undertaking, bring actors ready to do more and take action to be able to build that trust, to talk to each other which then can lead to coordinate and more effective and efficient action.

>> DAVID SNEAD: Great. So Jacqueline, let's say Vivek is reaching out to you to talk about a brand protection matter. What is necessary to happen for you to trust his discussion with you about brand protection matter?

>> JACQUELINE van de WERKEN: First of all, thanks Julija. We only know each other from the forum. In addition, also, in the country, also European level. We build code of conduct, so in order to increase our trust as business and hosting industry, yes, industry, we really reach out in addition to our own company policies, people using our service need to adhere, apply, and really commit to what we expect from proper user and for clean internet, avoiding abuse, avoiding illegal contents, all of these items, fair use policies. You know that.

In addition, sector level, we make codes of conduct. So anybody that is doing business with us, selecting us or sector, as being host and cloud provider, can make themselves known or orientate themselves how we work.

Of course, not everybody is a member. Of course, there is always parties that have difference in opinion, but the majority really want to, emphasize that the majority of our business is really having very ethical approach to this because we all want to have clean internet without illegal content and without abuse.

For that matter, again, we are managed hosting, we don't even have to operate key of the system. We do compute power and story ends. On the other hand, having administrative burden large compliance teams that have to work with regulations and, for example, brand protection, you can think of the U.S.A. as you are here also representative of the USA. Coming from Europe, DMCA typically having a different approach for taking down any action compared to what used to have e‑commerce director or Digital Service Act, very difficult for a provider to have global approach to any necessary take‑downs.

If we do, we take always the highest typically doing all compliance approaches, stricter approach and apply that globally. Safest. Like I say, a lot of administrative build burden and cost. We have to have in the country also compliance teams because we could global approach, but brand protection also locally differs because local laws are very different.

So what is deemed illegal by law, and when we can take action and when we can sort of step forward to discuss the matter, and after discussing the matter, see how we can take down any content. Has to go, first and all, in checks and balances. Also, dependent very much on local laws.

Really look forward very much to sort of global framework because it's criminal law, it's data protection law, also copy law. Everything is at stake. And copyright, if you don't do that properly, we ourselves, you know, we are being challenged. We could have lawsuits or we could have problems in our business.

So I think that description is very helpful to reach out to what we can do to make this more efficient. Vivek Goyal, I was going to ask you what would it take for you to trust Jacqueline.

>> VIVEK GOYAL: I mean, having heard Jacqueline, I trust her absolutely right now. That's a great start.

>> DAVID SNEAD: Not what I wanted to hear. We act intermediary between brand owner, business, and infrastructure provider. I completely agree here that every country has different jurisdictions that have to be followed. That is a cost of doing business in every jurisdiction.

We as people notify hosting providers about complaints or abuse is based on a few things. One, response. Figure acknowledgment, yes, we have received your complaint and how we are working on it, that's the first step. You will be surprised how many times we do not get it.

Second action on the complaint item, not talking about, yes, take down the complaint. If that complaint is not in law what you follow, please tell us, no, we cannot take action. This is why. Ability to reach out to somebody to understand those rules and regulations that you're following so that we can educate the brand and business accordingly.

If that is not done repeatedly, helps build trust, I can tell you from experience trust builds safer money, not everybody in the whole chain. We can indicate brand and businesses. What you are asking, unjustified because somebody created website saying your service is not good, does not mean we can take action and have it shut down. The process does not work like that where we can make sure when we spread complaints to the hosting providers, provide all information in the manner they need to evaluate it accurately and take action. Improve efficiency of that. Trust helps overall industry and commercial viable services to running business especially you're doing it across jobs.

>> DAVID SNEAD: I wanted to pivot to you a little bit because folks who are involved in the DNS and domain name world are often pressured to take a lot of action on abuse. Kind of how does the issue of trust resonate with you?

>> IRINA DANELIYA: There are a lot of discussing DNS domain name and abuse and what should be done to which extent domain name registries and registrars are responsible for content, for example, or should limit their attention only with such types of DNS abuse as phishing or control distribution.

Important aspect I wish had not regarding trust, which had not been mentioned yet, is actually responsibilities because registries and registrars mostly do not have expertise within the organization, judge whether domain name is abusive or not.

So we build relationship with so‑called trust notifiers or expert organizations who can identify abuse and go forward. Sometimes also can be called domain name reputation providers and having received information that this domain name is maliciously used quite often, expected to suspend it. In most cases, we do. What eventually these domain names jump out to be actually legitimate and owner of the domain name has lost some money because his web shop or bank was not available and who takes responsibility for these lost money and how it can split the responsibility between all those who notifies and those who can actually take action. These are the reasons discussions we had in my country and I believe that other countries have similar discussions, and at the moment we do not have a clear answer for how it best can solve this issue.

>> DAVID SNEAD: thank you. So if I were to summarize what you're saying, needs to be a level of knowledge within the participants who are in the internet infrastructure and the folks who are addressing abuse about the different aspects that make up internet infrastructure and where responsibility for the abuse might lie?

>> IRINA DANELIYA: Exactly. Not only knowledge, but also practical willingness to solve if there is wrong request, participate in solving the situation.

>> DAVID SNEAD: You would say for the infrastructure provider to be proactive trying to solve the problem themselves?

>> IRINA DANELIYA: Yeah.

>> DAVID SNEAD: So one of the things that comes up is how all of these different infrastructure providers work from the software side. How would you address abuse issues?

>> BENNY VASQUEZ: So I think the things that keep coming up, there's two primary themes I'm hearing. First one is engagement. He said just reply and explain why you think something is or is not abuse, why you think we should react or shouldn't react. That is engagement even though base level, first step toward building a connection.

Next thing that was brought up, we need to set connections or build connections between the different providers to make sure that you you're a known entity when you walk into a room.

When it comes to software side, if there is someone abusing software that I am building, or someone being abused by myself or in some way, you have to have those two things in order to be able to address it at all. Start a dialogue. My community says the base of it is building community, like IGF or something else that allows us to actually engage in a really, deep way so we can understand the problems that we're facing, understand, even define abuse, and then move from that into how we react collectively.

>> DAVID SNEAD: So this concept of known entity, Lawrence, you're from a part of the world where folks might not be known. How does that resonate with you?

>> LAWRENCE OLAWALE‑ROBERTS: So it's actually a big challenge here because pretty much while we are all held by the same policies, same laws, the infrastructures, infrastructure that we have locally also plays a limited part. So pretty much lots of what we have in our networks here, equipment that have had reached end of life maybe in a company in the Global North and was replaced with newer version, and because of the cost of setting up these networks, pretty much a lot of providers here not looking to build a network, looking for return on investment.

That entry point is so expensive to roll out. You have to buy lots of licenses or people pay hundreds of thousands for licenses to customize and integrate. You have to train new staff, engineering staff to be able to deal, operate, manage, and support those equipment.

To a large extent, we just look at the base OEM available in the market that you have a lot of engineers supporting locally, and you go for that equipment that have to working build off the network. Issue that provides, yeah, we are able to build off the network, but one, because those equipment no longer, have support, no longer receive support for the OEM, you end up with something that not only has reached end of life, but no longer has support.

Security becomes an issue because back doors hack box that can creep into the system. When you have, eventually maybe you decide to do this just for other stopper to be able to get into the market and plan that. When you have subscriber base and enough revenue, you would upgrade or migrate to more modern intelligence system for the issue now faced at that point is handshake. Find out the probable broken and have to build a new system all together.

So the issues that we face on our divide with this is where there are issues of abuse taking place, it's pretty much difficult to find out where the end points are. Or rather, it's a lot more work finding out where the bad actor is, what has been done, how it's been done, compared to if you have, if you roll out, I mean, go with a technology provided by OEM that has a lot of support, that has quality of service to end user coming to the end points to the last mile such that you can trace where these issues are coming from.

So where we don't get feedback, get any option in terms of bad actor activity, cybercrimes, and all of that, is not because there is no willingness or there's no trust to report such action back. Hardware and network topography makes it difficult because this was something that you should have been using century ago. 

>> DAVID SNEAD: I want to come back to the issue of outdated material, but someone, I think you have a question? Would you mind going to the mic.

>> VALENTINA: Thank you for organizing this, for being here. Valentina from Venezuela. Live in Spain, work for organization called Connections, secure and free connection.

I especially work on digital rights investigating internet censorship, aligns with DNS, a lot of stuff we're talking about since we're talking about CTLD, et cetera, and trust.

I want to ask something. For example, earlier this year, few months ago, CCCSDL Nicaragua deleted five records independent media outlets from Nicaragua without any warning and Nicaragua now domain owners haven't received any official explanation from these, from the ccTLD Nicaragua or government of Nicaragua itself, and we members of the Civil Society of Organizations considered this as a form of censorship, of internet censorship.

Question on trust. How can we trust ccTLD administrators to not use their power for censorship in the name of abuse regulation? Where do we draw the line between what we and governments consider abuse and what can be considered censorship for the people living in that country or international community as a whole?

>> DAVID SNEAD: So thanks for your question. What I would like to do is ask Irina maybe to answer the question specifically, and then broaden it a little bit to talk about censorship in general among the stack. Would that work for you?

>> IRINA DANELIYA: Yeah. I think that is perfect. I agree with that. Thank you.

>> DAVID SNEAD: Would you talk a little bit it about it in the DNS perspective? 

>> IRINA DANELIYA: Happy to do so. Really hard, deep details of this particular case, multiple reasons explaining what has happened and you need to investigate it better.

Fully agree that responsible behavior from either CCLDG registry is whether they take action. Definitely inform the domain name‑holder on why action is taken.

And also provide the mechanism to complain and to restore domain name functionality. If action has been taken by mistake or if the reason is eliminated, reason for the action is eliminated.

In our own statistics, we see around one 1 or 2% of total domain name take‑downs when the people reach out. Listen, we have solved the issue. We want our domain name being functional again, and they get it.

Definitely should be mechanism both to be informed and both to complain and this mechanism should be publicly available.

>> DAVID SNEAD: Okay, great. Thanks. Could you talk a little bit about censorship? I have a follow‑up question to that as well. 

>> ANA NEVES: From the governmental perspective, it depends on which kind of ‑‑ which governments are you talking to or of. So it's not easy to respond to that.

In our case, or in the European case, I think it will be very difficult to have this kind of censorship. As Nicaragua, it wouldn't happen so far. Never know, future, nowadays, but for the time being, we have to pay attention a lot on abuse mitigation and so many other thing related with the DNS and to not only, of course, website and social media, applications, et cetera so but it's, of course, reason of concern. Again, governments deal totally different according with their kind of nature.

>> DAVID SNEAD: Okay. Anybody else have any opinion about censorship or censorship issue? No? In addition to abuse, it's also a law enforcement and we have to apply sanctions. Of course, that is also sometimes debatable. We, on the other hand, pure criminal law, it's statute, so anything under that, yeah, yes, sort of. Gives us sort of instruction to us to adhere to that.

But yeah, for us also. Law enforcement, less debate for any action, but if it's like a notice, maybe have complaints about certain slogan or something, you know. Live in a very diverse world these days, so any slogan or any complaints could be politically biased. And what to do. What to do then? Do you take action for notice and talk down or no? We have, in addition to law enforcement, which is more centric, criminal law, it's in this area, it's for us to question, I think still repeat, it's burdensome for infrastructure service providers to have monkey on their shoulder to have to assess this and take these decisions because we are not responsible for contents. Lots of other parties further down in the chain before you end at the cause really.

So then we have two principles basically unlawful which resonates with the Digital Service Act, we refer to illegal content mistakenly. If not, qualification. We need to think, is it harmful but not unlawful? What is the context? But not unlawful for me as a lawyer. Difficult because on one hand, you could axe the request. On the other hand, if it's not mistakenly unlawful or simply illegal, leaves room for interpretation.

What we do private business globally is also, like I say, we have our acceptable use policies and we take liberty because we can do that based on preconstructing. Take the labor to have our own approach. So whatever we deem is not acceptable for our network and for use of our services, just put it in and that gives me the power to act and to say sorry. This is not acceptable to us and we take further steps that's, of course, continuous involvement, continuous intercept EU improvement.

>> DAVID SNEAD: Great. I see that you have a hand up.

>> VIVEK GOYAL: Quickly, especially like I said at the very end, if it's not acceptable to you, you take action. For example, I mean censorship is not always wrong. Sometimes it is absolutely needed. For example. I mean, you talked to any company and they are against it and they proactively take action to bring it down because it's universally accepted something which is harmful to everybody around.

Governments also required to sometimes act and do censorship. Deep fakes are causing havoc. I know in India, recently conflict with the neighboring country and there was so much fake news, government had to take step in and avoid situation of panic in the country. People living border area, safeguard them from news not genuine. Censorship is needed again. Without knowing the details, it's hard for them to judge whether action got are right or not. Can be used for positive or negative.

I completely emphasize hosting providers have to comply with the government regulations. Everybody is working with the laws of country in which they're working with.

>> DAVID SNEAD: Great. Thanks.

Did that give you information that you're looking for? Good to hear. So one of the things Jacqueline brought up initially was the code of conduct. I wanted to ask you about that because there is often tension between code of conduct or self‑regulation and governmental regulation. In fact, quite a number of the workshops here have talked about the failure of self‑regulation. How does that impact you as someone from the government?

>> ANA NEVES: So I have some insights that I would like to share with you today and putting it in context of the governmental behavior in the global cooperation world. And thing that local governments or national level have their own rules and then jeopardizes more common understanding of the situation worldwide level.

So I think it's interesting to raise here some of the main issues where I think I'm used to work and if and should be the role of government, how they can help. Sometimes they don't. I believe governments have a pivotal role in driving global cooperation maybe to address the challenges in the internet infrastructure ecosystem such as fragmented legal frameworks. Lack of coordination, and cross‑border inconsistencies. Governments must lead the way in harmonizing regulation and providing clear policies that encourage information providers to take proactive roles in abuse mitigation and security. governments can provide essential policies that support responsible internet practice. Going beyond just main system level actions we need to address ‑‑ sorry, I need some water. 

So I was saying that governments should go beyond just domain name system level action. We need to address not only commercial interests, but also the public code for fostering balance that ensures ethical and inclusive internet. In doing so, collaboration is key. Trust building among stakeholders is crucial as it is already said today, and governments uniquely positioned to facilitate dialogue reach areas like data protection, competition concerns, legal fragmentation. That's where only through multistakeholder collaboration, can we effectively address global challenges, phishing malware data security.

Very important inclusivity remains core issue. Governments must advocate for the representation of underserved user ensuring that internet remains accessible and inclusive. By supporting multilingual domains amortizing accessible for all, creating internet that affects global adversity and ensures equitable participation decisionmaking processing which currently tends to be dominated by commercial driven entities.

My key takeaways heart of internet government and governmental stakeholder, this follows national governments essentially driving five global approach to address the challenge presented by fragmented internet infrastructure ecosystem.

Governments must take active role in promoting inclusive, ethical, and responsible internet practices through collective action, particularly by fostering multistakeholder collaboration, implementing clear regulations, and/or governance actions, and to ensuring always security and inclusivity.

So national governments in partnership with national governmental organizations and other stakeholders need to drive efforts towards consistent regulations that foster collaboration and minimize fragmentation when one measures various internet governance.

>> DAVID SNEAD: Thank you. Lawrence, one of the things that Ana brought up is in the use of governments to help focus on under‑served or underdeveloped areas. What can governments or and private sector do to address the problems that you brought up about outdated infrastructure, about the expense of purchasing software?

>> LAWRENCE OLAWALE‑ROBERTS: Thank you. I believe that collaborative effort between government and some organized private sector promoters can ensure that required piece types of equipment, or rather, set a for standard certain equipments that should be at the core of each network if you were to provide some particular service.

Now we understand that major barrier for this is the cost and we have different point across African countries like Nigeria, for instance, has universal access fund. USSPF, it's called, but these funds are not. This fund should be deployed to this kind of interventions, but this isn't so. Rather, used for other reason, means other particular means. End up leaving private sector to fend for themselves. Yes, doing it or commercial level to be able to make some profit at the end of the day. But the fact still remains, to be able to do it right, certain sections might be necessary.

Going to bilateral agreements with other countries, they will try to target other providers other countries, note some kind where bring in these commitments, identify local partners to get on board and take up this equipment and pay when they become serviceable with some form of government guarantee.

Definitely has to be a lot more handshake between governments and the private sector to ensure that standard, minimum standards we set by government can also be met by local operators.

Where this is done reduces, to large extent, issues of abuse, backdoor criminality. Even where it happens, you know you have the right to right tools able to not only effectively monitor but identify where the bad actors are and you can go for them and either bringing down their service or shut off whatever it is they're using, perpetrating the crime they're doing.

>> DAVID SNEAD: Thanks. We talked about a commercial and governmental, but Bennie, we haven't talked about how the kind of, I don't know, what would I classify the open source community as?

>> BENNY VASQUEZ: Been its own piece.

>> DAVID SNEAD: Redheaded step‑child software industry?

>> BENNY VASQUEZ: Depends. People in open source really feels strongly about the ideals open source holds and pushes forward.

Honestly, every single thing that any of you touch has some amount of open source software involved in it or it releases on it. Relies on application called NTP, we all are absolutely every day relying on and it is not most commonly known but it keeps time sync'd between devices. You would be surprised how critical that is, but it is not engaged in as often as it should be by any of us. It's not thought of as often as it should be. When we are coming together to try to set up regulations of any kind or expectations or guidelines or anything like that, there is such a huge audience that needs to be considered whether or not they know IGF exists. They need to be considered in the decisions that are made at the government level.

Educating government officials on technology as a whole is a huge challenge, and so if you get to the point where, which is also challenge in its own, government says, okay we want to engage in regulations here, making sure they are educated enough to make intelligent decisions about regulation is so critical. We've seen it even recently in open source software, isn't understood strongly, and then there's regulation made about it and it has the potential to shut down applications and open source communities that we all rely on.

It's a very difficult position to be in with regard to like we want our regulators and people who are setting up or even advising the people who make regulations to be experts in all of these things. That is really hard. You do have to bring there experts to make sure all the voices are heard.

>> DAVID SNEAD: You're talking a little bit about coordination. I was wondering if you could talk a little bit about how that coordination looks to you and if it can particularly since Ana was talking about the need for governments to talk to the private sector to talk to whatever open source community is.

>> JULIJA KALPOKIENE: Exactly. Yes. Talking and communicating and understanding each other is very important. Was rightly noted before that, of course, there is receive regulation and regulating, but I think if the right incentives exist, self‑regulation could be much better because the industry knows what they're able to do. It can be more effective and better focused than the government approach because as other speakers have already said, governments have to understand whether regulating, how it functions, so they need to be educated, so it's a longer process and not as targeted.

So the first step is to bring the industry across stack to be able to talk to each other and understand who is able to do what, and then it is easier also to talk or involve different relevance stakeholders and also have dial‑up with regulators and governments.

But also to help each other to understand what are the requirements, what are the challenges, and how those can be overcome in different jurisdictions because internet is global, was rightly noted. We see increasingly a lot of fragmentation and regulation within the borders of the country and it's not really compatible.

>> DAVID SNEAD: Yeah. So would you talk a little bit this, kind of wrap this up, about this incompatibility, how at least do you deal with incompatible regulation in the different jurisdictions that you work?

>> JULIJA KALPOKIENE: First of all, as a company, and typically, that was different in telecom and datacom sector, I think we are, from internet perspective, technical‑focused entrepreneurs, we were less focused on regulations in the beginning. I mean, we did everything, I think already started like 20, 30 years ago, and see abuse. Yes. Focus and see abuse. And even the founders, they were the first to have these private/public sector approach before the world was sort of emerging and bots just didn't like it. Wanted to combat like CZM emergent on the internet. That was then. And now, gradually, of course, in addition to private/public initiatives, self‑regulation, we have that for many, many years.

Got e‑government regulation. Challenge indeed because when I'm talking hosting infrastructure, lowest computing power type of service we deliver for that purpose selected. Difficult. Actually mirror countries not having the key building without capacity to regulate what's inside. That is a challenge, also an opportunity to keep explaining and clarifying to governments how to do that.

As a private company you need to work together. Happy to work with you and also from the forum and, therefore, we are also united in the digital cloud coalition in the community, also in Brussels, president of Sysbee, we are very active there to be spokesperson for our sector to explain about the Digital Services Act or the Data Act for abuse, typically digital service and trust on content online all directives at regulation that want to just clean our networks and address this topic.

We have made videos, tried to do everything that is possible to explain how we effectively explain this and that regulation meets its purpose really. The goal is very clear and we embrace the same goal as a way towards resolving it. It is not always effective and creates a problem for us.

>> DAVID SNEAD: Okay. We're out of time here. Thank all panelists both here and online, and if you would join me in giving them a round of applause.

Thank you very much.

[applause]