The global internet is undergoing a quiet but profound transformation. As the United States retreats from its traditional leadership role in internet governance—preoccupied by domestic polarization, a narrowed strategic vision, and growing corporate capture—the resulting vacuum is being filled not by allies but by authoritarian powers. China and Russia, in particular, are seizing this moment to push a model of the internet defined by sovereignty, surveillance, and state control.

Europe should be the counterweight. Armed with some of the world’s most progressive digital regulations—the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and the Artificial Intelligence Act—the European Union (EU) has demonstrated its ability to shape the digital world in the image of democratic values. These instruments, despite their shortcomings, reflect a rights-based approach to technology governance, one that contrasts sharply with the laissez-faire model of Silicon Valley and the coercive frameworks promoted by Beijing and Moscow.

But the EU’s internal ambition has not translated into external strategy. In international forums where the future of the internet is being contested—such as the International Telecommunication Union (ITU), the United Nations Human Rights Council, and major negotiations in Geneva and New York—Europe’s footprint remains surprisingly faint. While EU officials occasionally sponsor side events or publish position papers, these interventions are often disjointed, siloed, and lacking in sustained political heft.

Authoritarians are writing the rules

Meanwhile, authoritarian actors are playing the long game. China, for instance, has identified institutions like the ITU as strategic venues to embed its political values into the technical underpinnings of the internet. Under banners such as “New IP” and the more recent “Future Vertical Communication Networks,” Beijing has advanced proposals that would enable greater centralization, content traceability, and top-down control. These efforts are highly technical in presentation but unmistakably political in consequence: They represent an attempt to reconfigure how the internet functions and who controls it.

Russia has pursued a complementary path, using the United Nations system to legitimize its vision of “digital sovereignty.” This is particularly evident in its efforts to shape international cybersecurity norms and define the rules of engagement in cyberspace. In 2019, Moscow successfully pushed for a resolution creating a process for a global cybercrime treaty, dominating early drafts with a framing that could justify censorship, restrict civil liberties, and entrench surveillance—all under the pretext of public safety. These developments are unfolding through the United Nations Ad Hoc Committee on Cybercrime, with active backing from like-minded states.

Against this backdrop, the EU appears reactive and fragmented. Part of the problem is bureaucratic: Responsibility for digital policy is splintered among various directorates-general within the European Commission, national ministries, and EU foreign policy instruments. This institutional sprawl hampers agility and coherence. Another part is political: Many EU member states do not treat digital diplomacy as a strategic priority, and they have failed to invest in the technical and legal expertise needed to engage in arcane but consequential negotiations, such as ITU standard-setting or the Open-Ended Working Group (OEWG) on Cybersecurity.

Even when the EU does manage to formulate a position, it often struggles to speak with a unified voice. Coordination mechanisms like COREPER or the Council Working Party on Telecommunications offer some structure, but these are rarely sufficient in the high-velocity, geopolitically charged environment of multilateral diplomacy. Compromise tends to water down ambition before it even reaches the negotiating table.

A UN battleground for digital power

This failure to project a coherent external agenda is more than a missed opportunity—it is a strategic vulnerability. If the EU does not actively defend its digital rights model abroad, then it risks seeing the global system drift toward norms that contradict its own. The danger is not only that the rest of the world moves away from open, rights-respecting internet principles. Instead, it is that these illiberal norms begin to creep back into the frameworks that underpin the internet globally, potentially weakening protections even within Europe’s borders.

Nowhere is this more apparent than in the United Nations system, which has emerged as a central arena in the contest for internet governance. At the United Nations, processes such as the Global Digital Compact (GDC), the WSIS+20 review, and the OEWG are laying the groundwork for future rules on platform governance, data flows, cybersecurity, and digital rights. These are not abstract debates—they are producing draft texts and political declarations that, in theory, could harden into treaties or influence national laws.

Yet in these negotiations, the EU too often remains on the sidelines. Delegations often lack political mandates, strategic coherence, and technical depth. Unlike China, which sends coordinated, high-level teams that advance a consistent digital agenda, the EU tends to operate in silos. Its contributions, when they come, are piecemeal and often diluted by the need for intra-European consensus.

A moment for European leadership

The EU’s inability to counter this influence risks marginalizing its regulatory model. If global norms are written without Europe at the table, the GDPR, the DSA, and the Artificial Intelligence Act may increasingly become regional exceptions rather than global standards. Worse, the EU could come under pressure to align with international frameworks that fall short of its own protections, weakening its credibility and undermining its normative leadership.

There are diplomatic costs as well. Many countries in the Global South look to the United Nations system for leadership and capacity-building on digital policy. When the EU fails to engage meaningfully, it forfeits its influence over global norms and the chance to build partnerships based on shared values. Authoritarian states are quick to fill the gap—by offering infrastructure, training, and governance models that prioritize state control over individual rights.

This is not a matter of capability. Europe has the legal frameworks, technical expertise, and democratic legitimacy to lead. What it lacks is vision—and political will. Despite years of regulatory innovation, the EU has not built the diplomatic infrastructure needed to match its ambitions. There is no senior political figure with the mandate to lead a global digital diplomacy agenda, no coherent strategy linking domestic regulation to foreign policy, and no sustained investment in the multilateral forums where the future is being negotiated.

To fill this void, the EU must stop acting like only a regulator and start thinking like a global power. That means giving the European External Action Service a clear digital mandate, appointing a dedicated envoy, and turning its world-class internal regulations—the GDPR, DSA, DMA—into a coherent foreign policy strategy. The EU should fund open, rights-respecting digital infrastructure and invest in capacity-building across the Global South, offering a credible alternative to China’s state-led model. At the same time, it must forge strategic alliances with democratic partners to shape global norms, vote in technical standards bodies, and defend multistakeholder governance. 

If the EU wants to preserve an open internet, it needs to start acting like the internet is a geopolitical asset—because its rivals already are.

A pillar of foreign policy

The European Union can no longer afford to remain on the sidelines of global internet governance. In Geneva’s diplomatic corridors, whispers are growing that the European Commission does not intend to fill the now-vacant position of digital affairs adviser to the United Nations. If true, this is more than just a bureaucratic oversight. It is a symptom of a deeper strategic malaise.

Europe must act with urgency and purpose. It must treat internet governance as a central pillar of foreign policy, not a niche technical issue. That means investing in long-term diplomatic strategies, empowering negotiators with political backing, and forging meaningful partnerships—especially with the Global South. Just as crucially, it must ensure that the values it defends in Brussels are championed abroad, not lost in translation.

Konstantinos Komaitis is a resident senior fellow with the Atlantic Council’s Democracy + Tech Initiative at the Digital Forensic Research Lab (DFRLab).

Further reading

Wed, Apr 23, 2025

How the US retreat from the UN endangers the future of internet governance

New Atlanticist By Konstantinos Komaitis

A recent meeting of an obscure United Nations body reveals how the Trump administration is challenging decades of consensus-based work on internet development.

Internet Technology & Innovation

Mon, Jul 28, 2025

Latin America’s ambitious satellite internet plans are about more than Starlink and SpaceSail

New Atlanticist By Olivia Torres

Increasing access to the internet is much more complex than a zero-sum competition between the United States and China for influence in the region.

Internet Latin America

Wed, Jul 2, 2025

To avoid an AI data-center bubble, Washington must change how it works with US states

New Atlanticist By Trisha Ray

Without better state-federal coordination, the United States risks sinking billions into stranded capacity, with taxpayers footing the bill.

Artificial Intelligence Politics & Diplomacy

Image: Members of the European Parliament are seen in the hemicycle during the election of the new President of the European Parliament during the first plenary session of the newly-elected European Assembly in Strasbourg, eastern France, on July 16, 2024. Photo by Nicolas Roses/ABACAPRESS.COM REUTERS