Doing business online is only going to get more difficult from here on. That’s the verdict of a landmark piece of research looking into the mess of national regulations out there.
The study, released this week, comes from the Internet & Jurisdiction Policy Network, a high-level international organization that tries to get major Internet policy players to work more closely together. The group’s 2019 Status Report warns of a “dangerous spiral of uncoordinated policy making” that threatens the cross-border nature of the Internet.
The policies in question aren’t necessarily bad—they include things like privacy, cybersecurity and anti-hate-speech laws—but they increasingly differ from country to country, and some countries have even been trying to enforce their national rules outside their borders.
That’s a recipe for legal uncertainty, high compliance costs, and perhaps a gradual shift towards the so-called splinternet, where the Internet as we know it effectively fractures.
“What we see now is that legal uncertainty prevails, especially for small and medium-sized companies that cannot possibly know what laws around the world apply to their cross-border data flows,” said Paul Fehlinger, the policy network’s co-founder. “Very large entities can manage this, but smaller actors struggle. This legal uncertainty will hamper the development of the digital economy and especially hamper the growth of new entrants.”
Fehlinger warned that the problem will only get worse with the proliferation of Internet-connected devices and autonomous systems, which will lead to an increase in the amount of data flowing between countries.
Little optimism
The survey is the first of its kind, parsing unattributed opinions from corporate giants such as Google, Facebook, Siemens and AT&T, plus governments around the world and an assortment of academics, activists and international organizations.
Of the 150 contributors, 95% agreed the next three years will see increasing clashes between different countries’ digital rules. A mere 4.5% thought there was “sufficient international coordination and coherence” to fix the problem—these few optimists were all governments and large tech firms, though it’s not clear which ones.
“In their comments, surveyed experts also identified the lack of rules to govern conduct on the Internet as a risk,” the report noted. “As one surveyed expert noted, as in every game with no rules, it is the strongest that will prevail.”
The study was launched at the Internet Governance Forum (IGF) in Berlin—the IGF is a United Nations-backed talking shop where governments, corporates and activists discuss issues around the functioning of the Internet. And at this year’s conference, the splinternet trend was on many minds.
German Chancellor Angela Merkel warned delegates that the global Internet could “become unstable and vulnerable to attack” if it becomes fractured—the result not just of clashing laws, but also of countries such as China and Iran putting up virtual walls between their parts of the Internet and the rest, and of states shutting down the Internet within their borders during elections or times of unrest.
“There would be more surveillance,” Merkel said. “State filtering and the censorship of information would increase.”
Some delegates expressed the same frustration that was on display in the Internet & Jurisdiction Policy Network report—that international coordination is dangerously lacking.
“We have had a lot of dialogue. We know all the challenges,” said Olga Kyryliuk, Ukraine’s representative in a regional Internet governance group, during a panel session on the splinternet phenomenon. “But nothing is changing. We have to move to the stage where we move to the solutions.”
“So-called global Internet”
One problem is the contested nature of the Internet: is it a “global commons” that floats above countries and their old-school borders and governments, or should it reflect the restrictions and rules of the offline world?
“The Internet has worked very well so far,” said Walid al-Saqaf, a senior lecturer at Södertörn University in Stockholm, pointing to the global bodies that regulate the Internet’s technical standards. “It is dangerous for governments to intervene in the process [of governing the Internet]. It will cause a massive rupture of the network… The Internet’s main value is the global commons. That’s something we [should] remind over and over to the institutions that would like to impose ‘sovereignty’ on their [national networks].”
Not so, argued public policy consultant Andrew Campling, who said the “so-called global Internet” was overly dominated by “U.S. cultural norms and standards” and therefore does not reflect other regions’ values.
“If [the situation] continues as is, the so-called splinternet is both inevitable and necessary, at least on a regional level, to allow different cultural norms and standards to reassert themselves,” said Campling. “Otherwise we will continue down the path of increased centralization and all-pervasive corporate surveillance.”
While this argument plays out, the casualties include companies trying to do online business around the world.
“The exercise of sovereignty in the digital age needs to take into account the [international] impact of national decisions,” said Fehlinger. “That is the challenge, because we are interconnected and because servers located in one country can service citizens across the world.”
“The Internet as a technology was technically designed to be cross-border, but societies have not planned or prepared for that,” Fehlinger added. “For 50 years since the birth of the Internet we could ignore those decisions. But decisions will be made now, and even inaction can have impact on how cross-border the Internet will be in the future.”
More must-read stories from Fortune:
—The ECB’s new mantra: ”Men go to war and the women pick up the pieces”
—CEOs are facing fierce pressure on climate change—from their own kids
—After a violent “yellow vest” anniversary, what’s next for the movement?
—In the wake of Brexit, Amsterdam is the new London
—These are the jobs artificial intelligence will eliminate by 2030
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.
