As 2026 unfolds, Internet governance is not collapsing but being restructured. Authority over developing Internet policies and norms is no longer primarily negotiated through debates on participation, open processes, or the role of governance institutions that, for better or worse, continue to operate. Instead, power over these core resources is increasingly exercised through national security and cybersecurity policies, criminal law frameworks, and alliance-based coordination, operating alongside—and frequently beyond—the remit of traditional Internet governance venues. The multistakeholder model remains formally intact. Institutions such as the IGF, ICANN, and the technical community continue to function. Yet their capacity to shape outcomes is increasingly constrained by parallel regimes grounded in national security, hybrid threat response, and enforcement-driven cooperation. What is emerging is not a binary “splinternet,” but a layered governance environment in which legal, security, and technical logics overlap unevenly.

Three developments are particularly consequential: the post-WSIS+20 trajectory of the IGF, the institutionalisation of international cyber norms through the UN Permanent Mechanism, and the consolidation of cybercrime law and security doctrine as dominant governance vectors.

WSIS+20 and the IGF: Institutional Continuity, Limited Authority

The WSIS+20 outcome and the decision to grant the IGF institutional permanence reaffirmed the language of multistakeholderism. However, permanence has not translated into authority. By 2026, the IGF increasingly functions as a space of legitimation and dialogue, rather than one of agenda-setting or decision-shaping.

Governments now routinely legislate and negotiate Internet-relevant rules through security legislation, trade instruments, and international law, prioritising speed, enforceability, and strategic alignment over consensus. The IGF continues to convene diverse actors, but its outputs remain non-binding and its influence largely indirect. Multistakeholder governance persists, but in a more constrained, consultative role.

This reflects a deeper shift. Internet governance is no longer primarily about coordinating technical or social norms in a cooperative environment. It is now entangled with national security, economic sovereignty, and geopolitical competition, domains where multistakeholder processes have limited traction.

The UN Permanent Mechanism: Legal Continuity Amid Fragmentation

Running in parallel to WSIS+20—but often underappreciated in Internet governance debates—is the establishment of the UN Permanent Mechanism for Responsible State Behaviour in Cyberspace, operational from March 2026. Adopted in mid-2025 after five years of negotiation within the UN Open-Ended Working Group, the mechanism institutionalises the UN cyber norms acquis and reaffirms the applicability of international law in cyberspace.

This development represents a structural turning point rather than a culmination. Driven by sustained diplomatic engagement, the mechanism shifts cyber diplomacy from episodic norm articulation toward institutional continuity. Its importance lies in implementation. Through voluntary reporting, peer dialogue, capacity-building, and regional cooperation, the mechanism offers a pathway from affirmation to application. Reaffirmed norms on due diligence, protection of critical and critical information infrastructure, cooperation in incident response, and ICT supply chain security provide concrete guidance for state behaviour, even without binding force.

At the same time, the mechanism operates within an increasingly crowded governance landscape. Its long-term relevance will depend on coherence with parallel initiatives, including the Global Digital Compact, the Budapest Convention on Cybercrime, and regional cybersecurity strategies. The challenge is not norm creation, but coordination and interpretation.

Cybercrime Law as a Governance Accelerator

The most immediate governance effects in 2026 are emerging through international law. The UN Cybercrime Convention, now entering its implementation phase, marks a decisive turn toward state-centric regulation of online conduct, data access, and cross-border cooperation.

Although framed as a response to cybercrime, the Convention’s implications extend well beyond criminal enforcement. Provisions on jurisdiction, data access, and cooperation directly affect Internet intermediaries, registries, and infrastructure operators, transforming compliance into an operational and legal concern. In parallel, the International Criminal Court’s draft policy on cyber-enabled crimes further integrates digital infrastructure into accountability frameworks for international crimes.

At the same time, parallel policy debates are unfolding within technical governance communities, most notably around DNS abuse mitigation, registrar and registry obligations, and content-related enforcement, using distinct vocabularies, assumptions, and institutional logics. While criminal law frameworks speak in terms of offences, evidence, and jurisdiction, technical forums continue to frame the same phenomena as matters of abuse prevention, operational security, or contractual compliance. These conversations proceed largely in isolation, with limited cross-referencing or shared interpretative frameworks.

Whether this disconnect results from deliberate institutional separation or from established governance practices that have not adapted to shifting political and legal realities remains an open question. What is clear is that the resulting fragmentation complicates compliance, blurs accountability, and places infrastructure operators in the position of navigating overlapping expectations articulated in incompatible terminologies.

Together, these developments signal a shift from norm-based governance to enforcement-driven regulation. Power increasingly accrues to actors with legal and coercive capacity, placing pressure on globally distributed, non-state governance arrangements and challenging long-standing claims of technical neutrality.

Security Doctrine and Hybrid Threats: Why Infrastructure Matters Now

Overlaying these legal developments is the consolidation of national and organisational security doctrines treating cyberspace and Internet infrastructure as integral to collective defence and hybrid threat response. This is not a sudden securitisation, but the development of a trajectory set over the past decade.

NATO’s 2016 recognition of cyberspace as a domain of operations, operationalised in the 2022 NATO Strategic Concept, frames malicious cyber activity and attacks on digital infrastructure as tools of strategic competition below the threshold of armed conflict. The Strategic Concept, together with NATO’s Cyber Defence Policy and updated Resilience Commitments, identifies telecommunications networks, undersea cables, cloud and satellite systems, and data services as foundational to both societal resilience and military effectiveness.

EU-NATO Joint Declarations and U.S. cybersecurity strategy documents reinforce this logic, embedding Internet infrastructure within hybrid threat doctrine. By 2026, infrastructure is no longer viewed solely as a civilian or technical substrate, but as a dual-use asset—a vulnerability, a target, and, in some cases, a lever of deterrence and response.

Trust, in this context, is redefined. It is grounded less in technical criteria or institutional neutrality, and more in political alignment, supplier risk assessments, and alliance-based threat perceptions. The result is functional fragmentation: overlapping compliance regimes, divergent security expectations, and geographically contingent obligations.

For institutions such as ICANN, the Regional Internet Registries, and standards bodies, this creates sustained tension between formal neutrality and de facto integration into security ecosystems.

International Law Is Under Pressure, Not Defeated?

What is unfolding is not the collapse of international law in cyberspace, but the erosion of its integrative function—in cyberspace and beyond. Universal norms increasingly give way to plurilateral arrangements; due process is reframed as an operational constraint; legality follows power more often than it disciplines it. Yet international law has not disappeared. Its application remains open to interpretation, contestation, and shaping, particularly during implementation phases, where technical realities and institutional practices still matter.

Where Multistakeholder Governance Still Has Leverage

For those committed to multistakeholder governance, 2026 calls for adaptation rather than defence.

• Shift from process to function: Demonstrate practical relevance by developing implementable guidance on DNS abuse, lawful access safeguards, and infrastructure resilience. Internet governance extends well beyond the management and sale of domains and IP numbers; it directly affects security, trust, and the stability of the global network and tghe community behind it.
• Engage international law early: Focus on implementation phases, where interpretation and technical realities still shape outcomes. The multistakeholder community should ensure effective and visible representation in ongoing international processes and use existing platforms to build consensus in support of a globally interoperable Internet.
• Reframe neutrality: Present neutrality as a commitment to procedural integrity- transparency, proportionality, and accountability—rather than disengagement from contested policy debates.
• Build cross-institutional coalitions: Fragmented engagement reduces influence. Coordinated positions across technical, policy, and legal communities are essential.
• Engage security actors strategically: Exclusion is no longer viable. Constructive engagement enables dialogue, boundary-setting, and the protection of core Internet principles.

Final Prognosis

The multistakeholder model emerged in a period characterised by comparatively higher levels of trust, policy convergence, and shared assumptions about the Internet as a cooperative global resource. By 2026, those conditions have materially changed, and Internet governance is adjusting in response. The issue now is less about institutional survival than about where and how influence is exercised within an increasingly complex governance environment.

Formal multistakeholder institutions continue to operate and retain legitimacy. At the same time, authority over Internet-related policy outcomes is increasingly shaped through security alliances, criminal law frameworks, and enforcement-oriented cooperation mechanisms that function alongside, and often independently of, traditional Internet governance venues. This coexistence reflects a redistribution of power rather than a wholesale rupture.

International law in cyberspace has not collapsed, but the scope for shaping its interpretation and implementation is becoming more constrained. As legal and security regimes harden, influence shifts toward actors able to engage early in implementation phases, coordinate across institutional boundaries, and translate abstract commitments into operational practice. Conversely, reliance on process alone, without engagement across adjacent legal and security domains, risks diminishing relevance.

Internet governance is being reshaped. The question is no longer where it is going, but who will still be able to influence the outcome. That space is narrowing—but it has not yet closed.