The world’s leading digital media and regulatory policy journal

Debating digital policy in the US

The North America forum was held in Washington, DC on 5 and 6 December 2023. The forum focused primarily on regulatory issues in the US and discussions included US government policies, net neutrality, internet governance, responsible AI and spectrum. The debates were led by policymakers from North America and Europe


Net neutrality 


Privacy and data protection                              

Unsolicited communications                             

Future of internet governance                           

Trust in online content                                      

Responsible AI                                                  

The Digital Regulation Cooperation Forum        

The FCC Space Bureau                                      

The Inclusive Metaverse Index                           

FCC priorities

The first session of the forum was addressed by a commissioner from the Federal Communications Commission, who considered the way in which the US government was approaching the regulation of the internet and digital industries. He noted the risks of the government overregulating. The proposed framework under Title II (of the Communications Act of 1934)1 provides for sweeping powers to control the internet, he said. The frequently made comparison with utilities is inappropriate given the speed of change and innovation in the sector. The US is also, he argued, falling behind on spectrum allocation in comparison to competitors such as China, especially in the mid band. Spectrum is crucial to innovation and the US government holds ten times the spectrum available commercially. The solution could lie both in freeing up more federal spectrum, but also increasing the power in some existing commercial spectrum. Unlicensed spectrum has been a great success, but attention to licensed spectrum is now needed.

Expanding contributions to the Universal Fund

Government action has also been taken to remove and replace equipment that is not secure and actions are also being taken to prevent insecure carriers from connecting to US networks. It was noted that applications such as TikTok can capture a great deal of data. Turning to the Universal Fund, there was no reason, said a speaker, why companies that benefit from the subsidy provided for new networks should not also contribute. The full range of technology players, including social media and streaming companies, should be asked to pay a ‘fair share’. However, expanding the contribution base should go alongside an agreed budget framework.

Using trustworthy suppliers is important for security, but also an inducement to increase foreign direct investment, especially from industries concerned about vulnerabilities in areas such as intellectual property. Replacing equipment involves difficult geopolitical decisions. The US government is working with other international partners to make this more comfortable, for example by associating trustworthy supply with signatories and accession candidates to the Budapest Convention.2

Net neutrality (and why it’s back)

A speaker described the recent background in which net neutrality rules for broadband internet services in place from 2015 were repealed by the Restoring Internet Freedom Order under FCC Chairman Ajit Pai. With the new administration now having a majority on the Commission, new rules are expected to be in place by mid-2024 that will give the FCC more regulatory powers. The proposals include ‘bright line’ rules with no blocking of lawful content, no throttling for discriminatory purposes and no third party paid prioritisation. Optimisation for network management (eg for voice over email) is allowed but cannot be charged for. There is also a general conduct standard, where behaviour which violates the principles of net neutrality but not the bright line rules can be later found to be unlawful.

‘The wrong framework’

A panellist from a network provider said that this type of Title II regulation (see note 1) is only appropriate for monopolies such as utilities and not just on the grounds of being an essential service. Where there is the kind of competition that exists in the US, with a range of fixed, mobile and satellite providers each continually improving their services, it is the wrong framework.

A contributor from an advocacy group pointed out that common carriers are not necessarily utilities and the definition has never depended on market power. He noted that it was only through the original common carrier rules that the FCC was able to insist on competition on the network and therefore, he argued, ensure consumer access to the internet at all. Title II rules applied now would prevent, for example, landlords from enforcing service provider lock-ins in multi-tenant spaces and enabling users to choose their own providers. It was essential, he argued, that the FCC be given the powers to regulate the country’s primary and most important communications infrastructure.

Allowing traffic discrimination

A speaker from Ofcom described the review of rules in the UK. The aims were to ensure that consumers could access what they want over the internet, content providers could innovate and scale and, additionally, to make sure that networks were being used efficiently. ISPs were providing different levels of retail service, such as a higher price, super low latency package for gamers as the rules allowed, but had been doing little traffic management because of worries about contradicting net neutrality. New technologies have enabled ISPs to identify different types of priority traffic and Ofcom has explained that discrimination between different categories of traffic is allowed, but not discrimination within categories. This allows ISPs to focus on time-sensitive traffic. Zero rated offers can also be very beneficial. Charging may also be appropriate to enable adoption of new technologies such as driverless cars and remote surgery.

It was noted that since the repeal of net neutrality rules by the FCC, some 30 states had introduced them in some form. The new rules proposed by the FCC would supersede these state laws.

Spectrum in the US

The session began with a speaker from the cable industry explaining that cable companies are now using Wi-Fi to extend their networks and are now the fourth largest provider of mobile broadband services. Wi-Fi uses unlicensed spectrum which can be accessed by anyone, while MVNO (mobile virtual network operator) partners help with licensed spectrum. Cable operators also use shared spectrum, primarily through the Citizen’s Broadband Radio Service (CBRS). This demonstrates how a variety of spectrum access results in a diversity of services.

From the mobile industry perspective, said another contributor, growth in the industry, especially in 5G, requires much more spectrum to be made available especially when compared to what has been achieved in other countries. Comparing demand growth and capacity indicates a deficit of c. 1500 MHz over the next ten years.

One speaker also suggested that there should be greater information sharing between companies, who know their customers, and government, who are aware of security risks. This would better enable companies to take the right actions to secure their networks. It was noted that discussions on spectrum had taken place between the private sector and the Department of Defense, and this was a positive step. The US has been a ‘spectrum island’, out of step with much of the world due to its scale and therefore less perceived need for harmonisation. However, 5G has brought recognition that being different from the rest of the world creates problems of equipment supply and consequent security implications.

Privacy and data protection

The first speaker noted that there had been an increasingly sophisticated approach to the handling of data around the world in the five years since the General Data Protection Regulation (GDPR) had come into being. Countries were aware of the value of data in providing services. He cited India as a country which had moved to a more simplified set of data laws in order to help its smaller companies. In so doing it was leading an alternative for less developed countries to the EU approach. In the US the picture is more muddled, with 13 states now enacting comprehensive laws. These fall into two categories: those such as Virginia and Connecticut that have rules similar to the GDPR, and those such as Texas and California that have an approach towards the protection of individuals, especially children. California in particular has a very active and empowered regulator. In data flows,  changes to US privacy rules had enabled data flows between Europe and the US following the Schrems II issue,3 but there is some appetite globally for more data localisation.

The GDPR was thought to be technology neutral but concepts such as the right to be forgotten are difficult to apply in an AI context.

An industry panellist addressed concerns over lawful intercept. Traditionally law enforcement used phone intercepts, but now many countries are looking to apply lawful intercept obligations. This, he said, undermines the privacy principles that customers expect. If it’s going to happen, then it should be harmonised, with clear technological standards. Different requirements in each jurisdiction require particular solutions and this increases the number of system vulnerabilities.

Another speaker noted that, while global regulation was not going to happen, there were emerging common threads in approach which are encouraging for harmonisation.

One speaker offered the perspective that much of the regulation around the world stemmed from concerns about porous and unreliable data protections in the US. In this respect, a federal law would help, but would require a change of mindset.

New technologies such as AI are also challenging for data protection regulation. The GDPR was thought to be technology neutral but concepts such as the right to be forgotten are difficult to apply in an AI context. In the future, concerns need to extend beyond just personal data and include sensitive information in, for example, finance and critical infrastructure. Data sovereignty is an issue that also needs to be addressed, where concerns over personal data are preventing consumers from benefitting from services that use information sharing.

Unsolicited communications in Canada

The next speaker explained how the Canadian communications regulator, the CRTC, had built a new strategy for protecting Canadians from unsolicited communications and fraud. Prevention encompasses the three components of messaging, compliance and regulatory policy. Messaging had been expanded to include languages other than English and French and tying the timing to intelligence on scam campaigns. Compliance included targeted industry awareness and promoting ‘know your customer’ practices. Under regulatory policy, service providers had to implement specified protection measures, while the CRTC was also considering best practice from around the world and working with providers at a more operational level.

The future of internet governance

Multi-stakeholder events were widely discussed in this session. The UN-sponsored Global Digital Compact has involved over 150 events at the international, regional, national and local level during 2023. It was impossible for many smaller countries to keep track of the different processes. This is important where policies on issues such as digital inclusion are concerned. It was also noted that the negotiations were conducted by diplomats who frequently are not experts. It was important that technical communities attend, can table outcomes and experiences, and provide insights on the future direction of technology. It was also noted that other processes such as the World Telecommunication Standardization Assembly frequently intersect with issues of internet governance.

Trust and authenticity online

Key themes in the debate on improving trust online included being able to identify fake information and images, and the role of education in supporting digital literacy. One contributor noted that plagiarism is detected by getting hold of data from the rights holder and stakeholders need to work together in sharing information. The panel felt that the value of education was underestimated. Much could be solved if people changed behaviour and digital literacy should be pursued at all levels but especially among children. Finland was cited as an exemplar in this respect. The country’s position next to Russia and its disinformation had resulted in a culture of elementary school education and critical thinking within Finnish society. One suggestion was that regulators should work with their defence institutions in order to understand the issue better.

Another speaker pointed to the value of community moderation. While accepting that it fails in some instances, the diversity of viewpoints and broader contributions can result in outputs that are less biased. What is clear, said another speaker, is the danger in putting ‘the truth’ into the hands of a regulator which, in many countries, is close to the government and not independent.

Responsible AI

The first speaker explained some likely recommendations from a forthcoming NTIA report on artificial intelligence. The theme is that there needs to be an accountability chain, including the availability of comprehensive information, evaluation and testing of claims by third parties, and legal and regulatory consequences for misbehaviour. There is also a problem of competition. Only a few companies can build AI models, with resulting lack of downstream diversity. In the meantime the speaker drew attention to the recent presidential Executive Order4 which requires companies to report AI safety test results to the Department of Commerce. It was also noted that, in the absence of federal legislation, eight states have introduced policies or executive orders of their own.

Common law vs comprehensive framework

An industry speaker made the point that AI technologies have been in use for many years and for diverse purposes. Much is low risk and shouldn’t be swept into a regulatory regime that treats every use equally. He also noted that having multiple bodies looking at multiple sets of rules makes it difficult for companies to operate. In many cases there are existing laws that apply satisfactorily to protect consumers, for example. This point was supported by another speaker from a technology company, who emphasised the value that will be created and benefits delivered by AI over the coming years. It’s on the companies, he said, to build and deploy products responsibly, including partnering with academics and publishing research openly. On the regulation of AI, it was suggested that the US and EU were testing different approaches, with one building incrementally ‘common law style’ and the other adopting a comprehensive legal framework. Some speakers supported a ’piecemeal’ approach, noting that comprehensive legislation risked missing important use cases. In the end, AI regulation may end up being a combination of both.

The Digital Regulation Cooperation Forum

The forum heard from a representative from UK communications regulator Ofcom on the creation of the Digital Regulation Cooperation Forum (DRCF), a case study in regulatory cooperation. The DRCF consists of four members: Ofcom, the Information Commissioner’s Office (ICO), the Competition and Markets Authority (CMA) and the Financial Conduct Authority (FCA). The group came together after recognising that there are tensions between regimes (for example, for data protection, competition and online safety) and that a forum for cooperation is a way of working through these tensions jointly.  The three principles behind the Forum are coherence, collaboration and capabilities. Participation is voluntary. The team itself operates as a ‘hub and spoke’ of just 12 people, all of whom work for their member organisation and for DRCF on a part-time basis.  There are c. 100 people working on different projects across regulators. As well as a DRCF chief executive, each member regulator has its own DRCF director responsible for making sure the collaboration functions properly. This, it was noted, is not easy for teams used to focusing on their own remit. Combined teams work across a number of specific projects and in broader areas, such as horizon scanning the implications of new technology. There is also funding to create a digital hub for innovators to get help in navigating the regulatory system, to be launched in 2024. The Forum has also set out its future intent to align and streamline regulatory processes where appropriate, reduce duplication, provide clear guidance to online organisations and improve information sharing. It was noted that Canada had adopted a similar approach.

The FCC’s Space Bureau

In the next session the chief of the FCC Space Bureau,  Julie Kearney, described how the Bureau’s role is to create an enabling regulatory environment for the space sector. Behind this was the recognition that the vast majority of satellites now being launched are deployed into low earth orbit in order to provide internet connectivity on earth. Satellite subscribers are up 83 per cent since 2018. Satellite applications have doubled in number, including for novel space activities. The FCC believes that the next generation of communications will combine traditional ground-based airwaves with satellite signals, forming the next big leap in internet access to remote and rural communities and ultimately converging into a ‘single network’ incorporating 6G. There will be unknown new functions and features created around space infrastructure in the future.

The Inclusive Metaverse Index

A representative from Meta introduced The Inclusive Metaverse Index, primarily a diagnostic tool that enables comparisons between countries. This builds on the previous inclusivity index, in that it considers the impact of the ‘next generation internet’, or metaverse.  It is a research programme based on the two pillars of access and engagement.

The speaker noted that the methodologies for the research are not yet finalised and further work is under way. The project is run by Economist Impact (previously the Economist Intelligence Unit) and supported by Meta. More details can be found at

The North America Forum was sponsored by Cira and Wilkinson Barker Knauer.

1 Federal Communications Commission Seeks to Revive Net Neutrality Rules, 29 September 2023. Wiley.

2 The Council of Europe Convention on Cybercrime aims to harmonise laws and increase cooperation in fighting cybercrime. 69 states have currently ratified the convention.

3 The repeal of the Privacy Shield decision, which invalidated the legal basis for free data flows between the EU and US.

4 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. White House briefing, 30 October 2023.

5 The Inclusive Metaverse Index. Economist Impact.