2.4. Governance mechanisms revisited

The purpose of this chapter has been to describe three spheres of Internet governance—technical coordination, standards development and public policy governance—and to give examples of how the five mechanisms of governance outlined in the Introduction have been brought to play in each sphere.

It was noted in the Introduction that governance can be exercised through any, or a combination, of these mechanisms of rules, norms, markets, architecture and networks. Biegel, Weber and Vedel, whose models of Internet governance (along with those of Rhodes and Lessig) contributed to this typology, all agree that since each form has its own advantages and disadvantages, reliance upon any single mechanism of governance is likely to be insufficient, and that their application in concert may often be the most successful approach.[1]

This has been confirmed by this chapter’s survey of some of the most notable Internet governance institutions and initiatives in each sphere, and can be concisely illustrated by arraying the five mechanisms and three spheres in a matrix, as in Figure 2-3 below.

Figure 2-3. Governance types and mechanisms

Technical coordination

Standards development

Public policy




Cybercrime Act


IAB oversight


Spam blocklists


gTLD registriesa


Content regulationc


IPv4 allocationd


CA/Browser Forum





a. gTLD registries are given as an example of technical coordination through markets because their operations are governed by contracts negotiated with ICANN on commercial terms.
b. S/MIME is an example of standards development through markets because of the influence that RSA, Microsoft and Netscape had on the development and adoption of the S/MIME specification.
c. This is an example of public policy governance through markets because of the Australian government’s reliance on a co-regulatory code of practice drafted by industry as a component of its content regulation regime (and also its spam regime; see Section
d. Because the architecture of IPv4 constituted IP addresses as a limited resource, RIRs were required to tightly control the allocation of addresses from the pools they administered. Otherwise, IP addresses might have been allocated in a similar manner to domain names, without any limit on the number that an applicant could request.
e. The design of the DNSSEC protocol was constrained by the requirement that it be interoperable with the architecture of the existing DNS.

Accepting the need for balance between each of the mechanisms of governance, it would still be useful if there were some theoretical or empirical basis upon which to determine which mechanism or mechanisms, either alone or in combination, are most likely to be effective in a given issue area. For this purpose, Biegel proposes a five-step framework in which

we first identify the category of allegedly problematic conduct ... and determine through this identification, certain representative characteristics of the problem. Next, we explore the potential for consensus among the various stakeholders regarding both the nature and extent of the problem and the prospects for any sort of regulatory solution. Then we examine just how uniquely cyber this problem might be, and analyze the extent to which such a determination might help answer the question of how we might regulate the problem area. Informed by the analysis in the first three steps, we continue by exploring in detail the potential applicability of each of the three basic regulatory models identified in part 2. After going through all these steps, we seek to identify a synthesis, pointing whenever possible towards a combination of realistic approaches while trying in general to avoid major changes in the current regulatory structure.[2]

Although the three basic regulatory models of which Biegel speaks have been expanded into five mechanisms here, his approach remains capable of application by analogy. However the approach can be refined in two respects.

First, the sphere of governance in which the mechanism is to be applied should also be considered, to determine whether the mechanism in question is likely to be adequately legitimate and effective for application in that sphere. Taking legitimacy first, this is the normative basis upon which the exercise of a mechanism of governance is seen as justified by those it addresses.[3] What is legitimate in one sphere of governance may not be in another. For example, to be perceived as legitimate, the authority that underlies the exercise of public policy governance must normally be accepted by the governed through some form of political process, such as democratic accountability to a broad range of stakeholders.[4] The same is not normally required in the sphere of standards development, where provided that public policy issues are not engaged, technical merit alone is seen as sufficient to justify compliance.

It is therefore no coincidence that the predominant mechanism of governance in the public policy sphere has been rules, since the authority of the rule-maker is normally negotiated through a political process seen as legitimate within the international and/or domestic legal systems of its subjects. In contrast, the legitimacy of the other, more decentralised mechanisms of governance—norms, markets and architecture—is much weaker in the the public policy sphere, as they are too often invisible and unamenable to stakeholder input. Such policy-making may for example be driven, in the case of markets, by the “invisible hand of commerce,”[5] or in the case of architecture by unexamined accidents of network design that conflict with more fundamental social values, or in the case of norms by prejudice or vigilantism.

Moving on from legitimacy, the likely effectiveness of a given mechanism within a particular sphere of governance should also be considered. Whilst it makes sense to favour, by default, the continued use of the mechanisms of norms and markets for technical coordination, and norms and architecture for standards development, as these have generally been very successful in those spheres, they have been less effective as mechanisms of public policy governance. One reason is that since the type of regulatory issue involved in public policy governance “usually produces winners and losers and may be heavily contested,” its governance is more likely to require some sort of hierarchical force in order to be sufficiently effective.[6]

The mechanism of rules does not suffer from the same limitation. However it does suffer from other limitations that have already been observed, such as its incompatibility with the Internet’s cosmopolitanism and culture of decentralisation. Thankfully, the means of addressing these limitations has already been presented: by the use of rules not in an uncoordinated fashion as has largely occurred to date, but instead through the hybrid governance mechanism of networks. By exactly the same token, the limitations on the legitimacy of norms, markets and architecture in public policy governance can also be addressed.

This leads to the second refinement to Biegel’s approach that is needed, which lies in his failure to identify the “we” whom he refers to in recommending that “we identify a synthesis ... of realistic approaches.” It is contended here that “we” should be a multi-stakeholder governance network, which can combine the merits (and overcome the limitations) of both hierarchical and decentralised modes of governance, by coordinating the application of the most appropriate mechanisms of governance for a given issue area, and rendering their application accountable to the stakeholders of which the network is formed.

The purpose of the next chapter will be to bring this ideal down to earth, by considering how the currently rather abstract concept of a multi-stakeholder governance network might fit within the existing international system consisting largely of discrete geographically-bounded states and intergovernmental bodies formed by agreement between them.

A foretaste of the answer can be found in this chapter’s mention of government networks such as the London Action Plan, and the reforms that have begun to permeate more traditional intergovernmental bodies. Although such bodies have historically claimed authority to make rules through the democratic legitimacy they draw from their composition by national governments, this does not preclude them from adopting the alternative governance mechanism of networks, involving other stakeholders outside the governments’ constituencies.

In fact increasingly, even in contexts other than the Internet, international law is being made through networks rather than through rules as in years past. It can even be said that the international order itself, in the post-Westphalian age that is to be defined in the next chapter, has become an archetype of network governance writ large, characterised by multicentric authority and the use of soft power.

And the reverse may also be true: that public policy governance exercised through networks can, regardless of whether the organisation leading the process is traditionally intergovernmental in character, become a form of international (or, more subtly, transnational) law. This is another question that the following chapter will address.



Biegel, Stuart, Beyond Our Control?: Confronting the Limits of Our Legal System in the Age of Cyberspace (2001), 358; Weber, Rolf H, Regulatory Models for the Online World (2002) , 100; Vedel, Thierry, Four Models for Internet Governance (2005), 67


Biegel, Stuart, Beyond Our Control?: Confronting the Limits of Our Legal System in the Age of Cyberspace (2001), 224


See Section 3.4.1.


But not limited to this: Chapter 4 will discuss the options in detail.


Lessig, Lawrence, Code and Other Laws of Cyberspace (1999), 30


Holitscher, Marc, Internet Governance Revisited: Think Decentralization! (2004), 1. Naturally, this will vary from one issue area to another: see Section 4.2.