Skip to Content

Cybersecurity & Standards

Dispatch: Internet Governance at the ITU

CDT attended the quadrennial agenda setting meeting of the the UN International Telecommunication Union (ITU)

The International Telecommunication Union (ITU) is a specialized agency of the United Nations that works on international telecommunications development, and the Plenipotentiary Conference (PP) is its highest policymaking body, convened once every four years. ITU PP-22 was held this year in Bucharest, Romania, from 26 September to 14 October. CDT participated in the ITU as part of the U.S. delegation to ensure that topics relating to internet governance, including artificial intelligence, internet of things, and cybersecurity are left out of the discussions and the ITU study mandate.

The reason for this is that the ITU, as a standards-setting body, lacks the necessary specialty for dealing with issues in technology, governance, and human rights. CDT prefers to encourage the connectivity goals of the ITU-D (the development sector).

CDT engages with the ITU for several reasons, the first of which is to serve as a watchdog for the protection of human rights. Second, we are aware that there are few to almost no civil society organizations involved in this highest level of policymaking, so we believe it’s important to represent those stakeholders. Third, our presence in the ITU ensures that the impacts policy decisions and strategies would have on internet freedom are discussed within the larger forum as emerging issues. Finally, CDT represents other standards bodies beyond the ITU, and is well-versed in the global landscape to steer the focus, identify the limitations, and emphasize the strengths of other standards organizations that are multistakeholder and open.

These are the outcomes and goals from the Bucharest meeting related to CDT’s mission and goals:


Connectivity was discussed on several occasions at the conference, most notably under its Development (ITU-D) sector. First, connection to the internet by refugee settlements was a topic. Several programs work in this area; for instance, Project Connect has ensured that schools all over the global South have strong internet connections. A new project under this banner was announced that targets refugee settlements, and is undertaken in partnership with the United Nations High Commissioner for Refugees and the government of Greece. 

The U.S.’ plenary statement against Russia also specifically called out the issue of internet connectivity, though the U.S. made no mention of internet shutdowns that followed the Mahsa Amini protests in Iran. This was interesting because the U.S. clarified a couple of weeks ago that sanctions against Iran on communication technologies were lifted. 

Finally, the connectivity discussions also covered the delivery of telecommunications through satellites, which falls under the Radio-telecommunication (ITU-R) sector. Notably, new actions for decommissioning and mitigating “space junk” came as part of a cluster of resolutions in the ITU-R.


By all accounts, this ITU session had a strong gender theme, which was an express goal of the host country, Romania. The Secretary-General-elect of the ITU, Doreen Bogdan-Martin, was the first woman elected to that office in 157 years, and her presence was reflected in the resolutions pushed in the conference. However, our observation was that, in the practice of gender mainstreaming, the ITU fell short. Gender considerations were proposed in a variety of high-stakes resolution amendments and, other than resolution 70, any mention of gender was removed from all of them. 

For example, two resolutions that proposed new language on gender were on ‘bridging the digital divide’ (res 139), in which women and girls and vulnerable communities were noted to be underrepresented online, and cybersecurity (res 130), in which women and girls would be encouraged to take up careers in the field. There were two main reasons put forward by the states that have opposed the inclusion of gender in these and other resolutions. First, it was argued that the ITU working customs do not repeat resolution texts, only reference it and, since res 70 passed, this did not need elaboration elsewhere. This counters the goals of gender mainstreaming. And the second reason amounted to an “All Lives Matter” argument, where opposing states argued that the ITU’s mandate is to ensure that men, as well as women and girls, need connectivity and that everyone, indeed, needs to be connected equally. As proponents noted in their remarks, this disregards the reality that the world is deeply unequal and the ITU must first recognize that underrepresented groups require significant resources in order to achieve equality.

There were dozens of strong statements on the importance of gender at the ITU officially recorded in the record of the meeting delivered by states in response to the failure to pass res 139 with a mention of gender and other groups affected by the digital divide.

Civil Society and Nongovernmental Stakeholders

The inclusion of nongovernmental stakeholders has been a thread in the ITU for decades, especially in the context of the relatively recent —  as compared to telegraph and telephony — innovation of multistakeholder global internet governance. In previous years, it was very difficult for parties outside of a government delegation to access the working documents or meetings of the ITU plenipotentiary. This particularly disadvantages civil society members and academics, while private sector members are often invited as experts to join government delegations. This situation is gradually changing, and we see more and more governments taking civil society and academic delegates with them, which gives those delegates privileged access. 

The ITU has been made available to participants designated “Sector Members,” who have applied and been accepted to participate in one or more of the three ITU sectors. At the PP-22, the lack of inclusion of nongovernmental delegates and stakeholders had been bridged in proposed resolutions to the ITU-T (Standards) sector, where partially open meetings might allow access for additional observing participants. However, in the proposed resolution texts at the ITU Bucharest meeting, these provisions were removed, specifically from res 130 on cybersecurity and from res 102 on internet standards. Proposed res 102 text, which elaborated various internet governance fora, was also struck out as part of the “no consensus, no change” working methods of the ITU meeting.

We must underline here that these are missed opportunities for the ITU to align its work within the broader internet governance world. At the same time, some have pointed out that the existing mechanisms for stakeholder participation in the ITU are underutilized, though the cause of that seems not to have been investigated.


The issues around cybersecurity (res 130) created a robust and heated debate. The Global Cybersecurity Agenda (GCA) was originally an initiative by a previous ITU Secretary-General, and was not a consensus work item for the ITU. PP-22 negotiations over the GCA were contentious because, while many aligned states would like to remove work on the GCA, it has managed to remain a recommendation (rather than a resolution) document to the ITU. This means that the ITU Council has the option to review, and give instructions to the SG to update it, if necessary. In the debate, some brought up that it is a valuable resource for global South countries that may not be able to create their own cybersecurity frameworks. The Global Cybersecurity Index was brought up as a functioning framework, but some argued it can continue without continued work on the GCA.

Over-The-Top Communications (OTT)

International Telecommunication Regulations (ITR) are treaty-level and have not been updated since 2012. Even then, they were so contentious that some governments did not sign them, maintaining their  status as parties to a previous treaty from 1988. The essential fight at the heart of the ITRs is the way telecom regulation has been kept away from regulating the internet, which has now effectively totally superseded telephony. Relatedly, there were resolution-level (not regulation-level) disagreements over how the ITU should handle Over-The-Top communications (OTTs), which have effectively replaced the telephony-dependent internet under the purview of the ITU. Yet, at the PP-22, there were no such major discussions aside from (res 206) on OTTs, which was uncontroversial and passed in the first plenary session. However, in the upcoming weeks, there will be an OTT taxation workshop in Geneva with the ITU-T/ITU-D, and we note that there might be some risks of the ITU oversight here that could stifle the open internet.

CDT remains engaged in the ITU process to represent the public interest and the importance of open standards fora, and to protect human rights. We hope to join our fellow civil society organizations who share this perspective, and have the capacity supported by aligned State members to engage in this high-level policymaking and agenda-setting, such that the open internet is protected.