Governments can be prosecuted under human rights law if companies fail to protect critical infrastructure and freedom of expression on the internet, European countries agreed on Wednesday.
By adopting recommendations for internet governance tabled at the Council of Europe in Strasbourg, ministers of 47 countries clarified their responsibilities under existing law and took one step closer to cementing them in an internet treaty.
Jan Malinowski, head of information society at the Council of Europe, said this was the first time governments had acknowledged they had a legal responsibility to protect the internet - even beyond their own borders.
"We are with these principles of internet governance in a constitutional moment of the internet," Malinowski said. "The top of the pyramid rules should inspire everything else."
Governments can theoretically be held to account for disrupting or failing to prevent the disruption of the internet under the European Convention of Human Rights, following the move.
Mark Carvell, head of global internet governance policy at the UK Department for Culture, Media and Sport, said the UK would incorporate the Council of Europe's work into its own efforts to agree international principles - but did not back the treaty.
"We have to ensure there's nothing that creates new rights, new binding commitments or starts down the track of a new treaty," said Carvell.
"We have always had the sense that trying to negotiate treaties in this area is a non-starter because it will be out of date before you get anywhere. The way to consensus will develop."
Foreign Secretary William Hague set out the UK approach to internet governance at a speech in February. Hague has convened a conference of 70 countries in London in November to negotiate non-binding rules for internet governance.
Similar initiatives have been launched by the European Commission, the Organisation for Economic Co-operation and Development (OECD) and NATO.
Olivier Crépin-Leblond, managing director of Global Information Highway, an internet policy think tank, said different UK government departments disagreed over internet governance, while most international initiatives focused on narrow interests.
Crépin-Leblond said there was a danger that if internet governance rules were not formulated by all interested parties they would either represent the particular interests of one group or a lowest common denominator between competing initiatives. That would place stifling restrictions on the internet, said Crépin-Leblond, who is also an advisor to ICANN (the Internet Corporation for Assigned Names and Numbers).
The European Commission initiative seemed primarily concerned with law and order and how to keep control in the hands of governments, he said. Crépin-Leblond had taken part in consultations at the Council of Europe (CoE) and commended their approach.
Some industry and internet engineering representatives had protested that binding rules were not necessary because the internet already governed itself.
Ministers agreed Wednesday to uphold ten principles of internet governance: protection of human rights, democracy and law; multi-stakeholder governance; state responsibility; empowerment of users; universality; integrity, decentralised management; open standards, interoperability and end-to-end technical principles; open network; and cultural and linguistic diversity.
They also agreed the need to co-operate to preserve the integrity of the cross-border internet against cyber attacks. But states have been reluctant to share intelligence about vulnerabilities.