Rob Allen
Rob Allen
Patrick Fältström

Interview with Internet Hall of Fame Inductee, Patrik Fältström

Following his induction into the Internet Hall of Fame, we sat down with Patrik Fältström, Head of Security at Netnod, to discuss his work over the years, the challenges of interoperability, and how cybersecurity is always a group effort.

1. You are a strong advocate for the Internet as a group effort. Why is this so important?

Patrik Fältström: The Internet has developed through innovation in unknown territory. Every step forward has changed society in significant ways. That is why all involved parties must have the ability to influence things.

We cannot allow one entity to “drive the bus”. The multistakeholder model ensures that the best solutions are chosen collectively. It's our common future and the development of the Internet should continue as our collective effort. We must ensure that it remains open and accessible to everyone — regardless of language, country, or technical platform. 

2. Interoperability has been a recurring theme in your work. What are the biggest challenges today?

Patrik Fältström: Interoperability has always been a double-edged sword. On the one hand, it is essential for competition, innovation, and evolution. On the other hand, it can be at odds with market forces which tend towards single control in the hands of one large player, such as various lock-ins by dominant players.

We have seen how legislation can protect competition. But we should never forget the role of interoperability itself, which can prevent the need for prescriptive regulation.

Over the years, we have seen some examples of the relationship between interoperable platforms and the market: 

  • Email has been a great success providing interoperability across providers and platforms and enabling the digital communication underpinning a huge amount of market value.
     
  • Calendars have only been a partial success—you can send invites, but we still can’t easily see free/busy information across systems.
     
  • Chat services are still not interoperable, though the continued work in the IETF on Messaging Layer Security (MLS) will hopefully help here.
     

There are also examples where interoperability depends on formal standards, such as 5G, where organisations must among other things pay various fees.

Another area of focus has been Internationalized Domain Names (IDNs). Every new version of Unicode has to be checked to see which new characters can be safely used in domain names. That ongoing, detailed work, directly affects how people use the Internet in their own characters, alphabets and ultimately languages.

3. You are deeply involved in cybersecurity policy. What do you see as the most important issues right now?

Patrik Fältström: One of the key issues is the debate around NIS2 and the balance between ex-ante and ex-post regulation. At a general level, Netnod argues that ex-post legislation should be preferred: regulate outcomes after the fact, rather than prescribing solutions in advance.

But when ex-ante legislation is necessary, it must focus only on the effects and requirements, not on specific technical solutions. This principle is actually reflected by the EU, which has stated it aims to reduce ex-ante obligations as markets mature, specifically when one relies on market driven innovation, as in the electronic communication sector.

This links to what I often describe as the “What vs. How” distinction. Regulation should tell us what we need to achieve (operational resilience), not how to achieve it. If regulators dictate the “how,” they stifle innovation and risk locking us into fragile solutions.

Cybersecurity is also inseparable from cooperation across sectors. Organisations that strengthen their own cybersecurity are also strengthening society’s collective resilience. Coordination — both within and across sectors — is crucial. That way, individual efforts fit together, and we can build sustainable security even as the threat level increases.

Netnod’s role is to stay ahead of the curve, share knowledge, and help others improve their cybersecurity. That is part of our DNA.

4. You’ve now joined the Internet Hall of Fame, alongside previous inductees such as Vint Cerf and Tim Berners-Lee. How does that feel?

Patrik Fältström: It is very nice to be included — and also very humbling. Many of the Hall of Fame inductees are friends and colleagues with whom I have worked for many years.

It is good to remember that the Internet is built by people. Humans make the Internet, and we all need each other to do the work. The Internet has always been, and always will be, a group effort.

Read more about Patrik’s induction into the Internet Hall of Fame here.
 

Professional Highlights
 

December 1994: Co-author of RFC 1740 “MIME Encapsulation of Macintosh Files – MacMIME.”

March 2003: Co-author of RFC 3490 “Internationalizing Domain Names in Applications (IDNA).”

2011-2017: Chair of ICANN’s Security and Stability Advisory Committee (SSAC) 

August 2022: Co-author of RFC 9285 “The Base45 Data Encoding” (that is the format used for the covid passport QR-Code).

April 2023: Leading the Swedish team in NATO’s Cyber Defence exercise, Locked Shields, which lead to first place in 2023.

September 2025: Inducted into the Internet Hall of Fame

 

Related blog articles

Show all blog articles