Cyberdiplomacy at the EU – Personal highlights

On January 30th 2021, I ended a fantastic 2,5 year adventure working in the European Union institutions. I spent this time at the EU Institute of Security Studies, the EUISS, where I worked on the EU Cyber Direct project, providing research support to the European External Actions Service in its cyberdiplomacy endeavours. I have decided to dedicate my full time on my PhD research at the Vrije Universiteit Brussels at IMEC-SMIT and the Brussels School of Governance, where I will be part-time affiliated with the Hannah-Arendt Institute. My doctoral research titled “Prevention of securitization of contentious content through architectural interventions on online platform” will focus on platform governance, the organic spread of misinformation and online radicalisation.

My time at the EU left me with many impressions and some accomplishments. At the start it felt like I had been living in Rome all these years and was suddenly summoned to work in Vatican City. The impressive architecture of institutional buildings in Brussels, which I had so often walked past, now felt like cathedrals for democracy (and bureaucracy…), the centrality of Brussels in the European empire, even more epitomised by the inner Brussels bubble and hierarchies, its jargon and odd customs,… at times working for the EU felt similar to working for the Holy Roman Empire. This feeling eventually evaporated, and I started understanding more about the inner workings of the greatest peace project (and experiment?) ever set up. I started developing a deep respect for the work of the European Union, despite all its defects.

Providing research support for the EU’s cyberdiplomacy efforts felt quite meaningful, like we were contributing something useful. Every country in the world is navigating its way through the digital revolution, and the growing pains that this transformation brings. Mass societal connection to the information highway brings many benefits, but also exposes society to many vulnerabilities. Some countries have been taking advantage of these vulnerabilities, and see strategic benefits in exploiting the digital holes that are left by those building our digital infrastructure at a breakneck speed. The EU’s vision on this global occurrence I found is one of collective progress. This strategy has paid off after the continent was ravaged by internal war. Cooperation works from the EU’s perspective. This may seem a bit naive from the outside, but in the few years that I was working on the EU Cyber Direct project, I saw an EU trying to understand other countries and regions’ cybersecurity positions in order to collaborate better. They tried to broker conversations at the United Nations for peace and stability, and support other countries in developing cybersecurity strategies.

I participated in a few of these support opportunities, speaking about EU cybersecurity cooperation in Costa Rica, Chile, Singapore and Ethiopia. Traveling for these conferences gave me new insights on how we think about security of the internet from different perspectives. I bundled these insights in 3 regional engagement mappings for the European External Action Services, one on Latin-America, perspectives which I condensed in a blog post for the Elcano Royal Institute, one on Africa, and one on Southeast Asia that is still forthcoming.

During my time working with the EU Cyber Direct project, we connected hundreds of experts, academics and digital rights activists to EU policymakers, putting them in the same room to exchange perspectives. The COVID-19 pandemic made that aspect harder, but working on cyberdiplomacy truly made me understand the value of human-to-human contact. I mentioned this importance in my opening statement that I was honoured to make at the 2019 UN multistakeholder intersessional of the Open Ended Working Group on Developments in the Field of ICTs in the Context of International Security.

In the statement I made an analogy of human interaction to the DNS system. People are just as much connected through routing points that are of significant importance in their community as computers. These human routing points too have a role to play in connecting everyone in their directory to other parts of the world. This is for me what multistakeholderism is about. Now that I’m no longer working for the EU, it hopefully sounds more sincere when I say; the EU really wants to stimulate multistakeholder interactions. Perhaps the union doesn’t always come up with the best results or draws the right conclusions, but the intentions are valid. For this UN OEWG session, it funded the participation of 40 civil society actors out of 200-something participants. These are all routing points in their civil society community. They need to be in this room. Their presence is key to making sure a broad variety of actors has a say in the security and stability of the internet, so a robust human DNS must be built between them.

The point I wanted to make in that statement, was the need to get a variety of actors involved in the cyberdiplomacy conversation. After all these years I still can’t really point my finger on what cyberdiplomacy is. ‘The use of diplomatic tools to further national interests in cyberspace and foster cyberstability’ is how I’ve come to describe it. I am aware that it remains a vague concept for many. I supported the European Security and Defense College in the creation of an e-learning module on cyberdiplomacy to demystify it for European diplomats, an endeavour I actually enjoyed embarking on. Cyberdiplomacy intersects on so many fields, most of which I have dabbled in during my not-so-junior-but-still-not-senior career. It was a joy to bring it all together and make it understandable for the broad community of actors that are needed to engage in this field. The e-learning is also openly accessible to anyone, as we don’t just need diplomats doing cyberdiplomacy.

My time at the EUISS was not exclusively spent on cyberdiplomacy and the EU Cyber Direct project. I was grateful to also be able to contribute to Deputy Director Florence Gaub’s strategic foresight efforts. These allowed me to develop my insights on the security threats that stem from social media, which are not a topic of debate in cyberdiplomacy. There are good reasons to keep social media, misinformation and other content issues out of security debates, which are at the centre of cyberdiplomacy. For one, it remains problematic to securitize content, and it plays in the hands of global actors who would prefer to gain greater sovereign control over information that circulates within their borders and reaches their citizens. It does however also negate the fact that there are security threats stemming from content that circulates on the internet. On January 6th 2021, a mix of extremists, Trump supporters en conspiracists stormed the US capitol building, supposedly to ‘take back the steal’ and protest the election loss of Donald Trump. Five people died in this riot. One year earlier, we predicted a scenario of civil unrest in the US fuelled by online misinformation and extremists organising in online groups. Our scenario was supposed to take place in 2024, but the global pandemic fermented many underlying rotting issues and stank up the place faster than I expected.

The artificial wall held up in the international discussion between harmful code – harmful content also leaves a vacuum for those countries that are dealing with the growing pains of societal digital connection. There are many countries seeing the waves of instability stemming from the internet, but see no clear solution to avoid it from turning into conflict. Without global discussions on this issue, countries cannot support each other in finding viable, human rights-respecting solutions to this problem. This vacuum is easily filled by actors supporting more online repression and surveillance to guarantee stability. If I had had more time and space at the EUISS, I would have still written a brief about the need for global capacity building and best practice exchanges on dealing with disinformation in a rights-and-rules-respecting way. I honestly believe this is an important next challenge where the EU can lead. I might however be too early for these efforts. The EU first needs to find its own balance, and gather more evidence for its policy making on this issue itself. We’re also still figuring out how to navigate this delicate issue. At some point it would be good for the EU to support other countries experimenting with rights-respecting interventions, to acquire evidence and investigate the effectiveness and impact of such interventions.

These issues of misinformation an online hatred fester all around the world on social platform that are ran by companies that seem unbound by any national legislation, and unbothered by their societal responsibility or lack of democratic input. In my view, most of these platforms are inherently problematic because of the business model and architectures that guide their social interactions. That is why, as part of the What If series, I wrote out my utopian ideal of a social media platform in 2024 where users could get their news as well as engage socially.

The key importance of such an interest-based social platform are: trained moderators who are part of the community and understand the norms, context and tone; and a subscription/wallet based monetization.

I see many challenges ahead for the open internet, as geopolitical interests are seeping into internet governance issues increasingly more often. One such example was the discussion on a potential ban of the Chinese social media app TikTok. I wrote a piece on Directionsblog how the concerns with TikTok are framed as cybersecurity concerns, but they are actually more a matter of national security where states such as the US don’t want data of their citizens to fall into the hands of a country like China. If states truly want to tackle the cybersecurity problems with platforms like TikTok, the solution is not to ban the platform and harm user rights that have formed communities on these platforms. The solution is to create a rights-and-rules based social media, for ALL social media platforms.

When the mindset of a free and open internet starts disappearing from the security discussion, the internet will start fragmenting on several layers. A lot has been written about how the internet will not fragment, especially on the DNS layer, but geopolitics can intervene in several other layers of the internet. For the last What If scenario that I made at the EUISS, I hypothesized what a fragmented internet would really look like on the Physical, Data and Application layers of the internet (loosely based on OSI & TCP/IP model).


The global network of information has always gone through processes of decentralisation and centralisation. In a potential return to decentralisation, it is important to keep regions from fragmenting their internet space and cutting off or inhibiting the flows of communication. I am sure the EU can have an important role to play in stimulating cooperation and ensuring other countries from keeping the lines open. I look forward to keep working towards these goals in the future, even outside of the European Institutions.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s