Full Report
For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted “to prevent immoral activities.” No additional explanation was given. The timing couldn’t have been worse: communities still reeling from a major earthquake lost emergency communications, flights were grounded, and banking was interrupted. Afghanistan’s blackout is part of a wider pattern. Just since the end of September, there were also major nationwide internet shutdowns in ...
Analysis Summary
# Regulation/Compliance: Governmental Mandates for Internet Shutdowns (Jurisdiction-Specific)
## Overview
This compliance summary addresses the regulatory environment surrounding **deliberate, mandated nationwide or localized internet shutdowns** ordered by sovereign governments, as evidenced by actions in Afghanistan, Tanzania, Cameroon, Pakistan, Nigeria, and others. This practice represents the ultimate form of infrastructure control, overriding standard connectivity regulations. The core "requirement" here focuses on the *actor* imposing the shutdown, not the entity maintaining connectivity.
## Key Details
- Issuing Authority: Sovereign National Governments (e.g., Taliban Government in Afghanistan).
- Effective Date: Varies by jurisdiction and event (e.g., specific dates in September 2025 in Afghanistan).
- Jurisdiction: Varies by country implementing the shutdown. The summary covers actions in Afghanistan, Tanzania, Cameroon, Pakistan, Nigeria, Russia, Ukraine, Israel/Palestine, Panama, and Belarus.
- Status: **In Effect** (as a governmental tool/tactic, though internationally scrutinized).
## Requirements
Since the mandates originate from a supreme governing authority exercising sovereign power, standard compliance frameworks (like NIST or ISO) **do not apply** to the act of ordering the shutdown itself. Instead, the framework is one of **State Sovereignty vs. International Legal Obligations.**
### Mandatory Requirements (For the Governing Authority Issuing the Order)
1. **Clear Legal Instrument (Where Civil Law is Claimed):** If the government claims adherence to national law, the shutdown mandate must presumably be traceable to a specific decree, emergency order, or relevant section of national security legislation. (Note: Based on the context, this documentation is often non-existent or opaque).
2. **Justification Transparency (Recommended International Norm):** While not universally mandatory for the actors described, international norms suggest providing official justification for service disruption (Afghanistan cited "immoral activities" for a localized shutdown).
### Recommended Practices (For International Bodies and Organizations)
1. **Documentation of Violations:** Maintain rigorous tracking of dates, duration, scope (local/national, cellular/broadband), and stated rationale for all shutdowns (as tracked by Access Now and the #KeepItOn coalition).
2. **Assertion of Human Rights Standards:** Continuously document how shutdowns violate internationally recognized digital rights, including freedom of expression and the right to access information (OHCHR guidance).
## Affected Organizations
- Industries: **All Telecommunications Providers (ISPs, Mobile Network Operators), Financial Services (due to interruption of banking), Air Traffic Control (due to grounded flights), and the General Public.**
- Organization Size: Not applicable to the mandate itself; the impact is national scale.
- Geographic Scope: Any jurisdiction where the government chooses to implement such a drastic measure.
## Compliance Timeline
Compliance timelines are **irrelevant** for the governmental entity imposing the order, as the order supersedes standard operational timelines.
- **Pre-Shutdown Phase:** Normal operations maintained.
- **Shutdown Duration:** Instantaneous cessation of service upon mandate enforcement.
- **Post-Shutdown Phase:** Immediate restoration (if the order is lifted) or transition to alternative, often degraded, communication methods.
## Implementation Guidance
### Assessment Phase (For Infrastructure Providers Facing Potential Orders)
- **Contingency Planning:** Develop "non-internet" communication strategies for critical services (emergency alerts, internal operations) assuming total network failure.
### Implementation Phase (Execution of a Government Order)
- **Verification Chain:** Establish a strict, verifiable internal process for acknowledging and implementing a government directive to shut down service, documenting the exact command source and time of enforcement.
### Validation Phase (Post-Shutdown)
- **Impact Assessment:** Log all operational and security impacts resulting from the mandated outage (e.g., failure of remote monitoring, customer service disruption).
## Technical Requirements
The core technical requirement is the **capability to execute granular or total network disruption.**
1. **Traffic Steering/Blackholing:** Mandated configuration changes at national peering points or core routing infrastructure to drop all traffic destined for specific protocols, IP addresses, or geographic locations.
2. **Cellular Network Control:** Ability to selectively disable specific cellular bands or tower functions based on government request.
3. **Bandwidth Throttling:** Capability to degrade service quality (latency/throughput) to render essential services unusable without total blackout.
## Penalties & Enforcement
This section addresses enforcement against **organizations that fail to comply** with a shutdown order, or enforcement against the **governments** that violate international norms.
- Fines: Not specified for non-compliance with the local order (non-compliance is usually met with extreme penalties by the state). No international fines apply directly to sovereign actors enforcing internal decrees.
- Other Consequences: Legal jeopardy, imprisonment, or closure for national service providers refusing an official government shutdown mandate.
- Enforcement: Direct physical control over infrastructure, legal prosecution under national laws, or military/security force intervention.
## Related Standards
No standards framework *endorses* these actions. Related standards address the **prevention or response to this scenario**:
- **UN Guiding Principles on Business and Human Rights:** Relates to the responsibility of governments to protect human rights and the responsibility of businesses to respect them.
- **International Human Rights Law:** Specifically concerning the right to freedom of expression and access to information (Article 19 UDHR/ICCPR).
## Resources
- Official Documentation: Official mandates from the enforcing governments (rarely made public).
- Guidance Documents: Access Now #KeepItOn Data Dashboard; UN reports on internet shutdowns and human rights.
- Tools: Network monitoring tools used by researchers (e.g., IODA) to detect the *effects* of compliance.
## Practical Recommendations
1. **For Telecommunications Providers:** Maintain clear, *documented* protocols for receiving and executing emergency service interruption orders from the government regulator. Critically, ensure these logs are secured off-network against local seizure.
2. **For International Stakeholders:** Advocate strongly for the establishment of clear international norms distinguishing between legitimate security measures and illegitimate censorship targeting political expression, protests, or elections.
3. **For Critical Sectors (Banking/Health):** Mandate reliance on non-internet-dependent backup communication channels for essential operational communication during times of high political instability.