GPD launches framework for inclusive cyber policymaking

10 Mar 2017

We are delighted to share the beta version of our Framework for inclusive cyber policymaking, a tool to assist stakeholders in setting up and assessing inclusive or multistakeholder policy making processes.

There are plenty of examples of such processes in the internet governance field, from the NETMundial process, which resulted in a set of policy and governance recommendations, to the recent Internet Assigned Names and Numbers (IANA) transition, which saw the successful transfer of the US Government’s clerical and stewardship roles to the multistakeholder community.

But other policy areas have been slower to adopt inclusive processes; notably cybersecurity, where policy development is often closed to stakeholders, particularly civil society.

There are signs that this may be beginning to change. The Chair’s statement at the 2015 Global Conference on Cyberspace explicitly called for more multistakeholder approaches to cybersecurity policy making; while the Freedom Online Coalition (FOC)’s multistakeholder Working Group, An Internet Free and Secure, recently generated a set of recommendations – endorsed by FOC governments – for developing cyber policies which are rights-respecting by design.

But a key obstacle to further progress is the lack of tools and templates for setting up inclusive cyber policy processes – which, to be clear, can be complex and challenging. Without clear guidance, actors may find it difficult to even know where to begin, let alone how to assess the degree to which policy processes are adequately inclusive or multistakeholder. These challenges – which exist in any policy area – are particularly acute in cybersecurity, where few precedents exist for inclusive policymaking.

That’s where our Framework for inclusive cyber policy making comes in. It aims to serve as both a guide to setting up inclusive policy processes at the national level and a diagnostic tool for assessing, once implemented, how well the these processes measure up against a range of benchmark characteristics (open and accessible, diverse, collaborative, consensus-driven, evidence-based and transparent and accountable).

The Framework also takes into account processes such as the Cross Community Working Group model at ICANN, the Best Practice Forum approach at the IGF, as well as a range of approaches and processes outside the internet governance space. While this model is especially tailored for cybersecurity policymaking, it can be equally used for policymaking more generally.

The Framework consists of two key resources:

  • Characteristics of inclusive policymaking – A simple representation of six key characteristics of ‘inclusive policy making’ which apply across all of the policymaking stages. The characteristics are based on the principles and definitions found in numerous existing documents around inclusive governance, multistakeholderism and enhanced co-operation.
  • Diagnostic toolkit – A measurement tool to assess the extent to which a national policymaking process is inclusive, laying out indicators and sub-indicators for each individual characteristic. The toolkit also provides the user with a series of guiding questions against which to score each sub-indicator, and to add narrative justifications for each score. This tool can be used at different stages of the policymaking process.

We’ve chosen to release the Framework in beta because we see it as an iterative collaborative project; a tool which will respond and adapt to how actors decide to use it, rather than a finished product. We’d love to hear about your experiences using the tool, and suggestions on how to improve it. If you have any feedback you’d like to share – or questions about the tool – email daniela{@}