The 3-Line Summary
- The seventh CRO-IGF met on 22 May 2024 at the Grand Hotel Adriatic in Opatija, within the MIPRO 2024 conference, with about 40 participants and two publicly voted topics: cybersecurity (the NIS2 Directive) and artificial intelligence.
- Debate ranged from Croatia's new Cybersecurity Act (in force since 15 February 2024) and its burden on small businesses, to practical compliance with the incoming EU AI Act, to 'AI sovereignty' through securing GPU capacity.
- For the first time the report records civil-society participation as even with the other sectors — and the whole edition reads as a close-up of EU regulation touching down in a member state.
Welcome — this is the Japan IGF Support Organization. This in-depth report on CRO-IGF 2024 (Croatian Internet Governance Forum) draws on official outputs, session records and on-site reporting. In a hurry? The three lines above and the diagrams carry the gist.
Conference at a Glance (from official records)
| Item | Detail |
|---|---|
| Official name | CRO-IGF 2024 (Croatian Internet Governance Forum) |
| Edition | 7th edition |
| Dates | 22 May 2024 |
| Venue | Grand Hotel Adriatic, Opatija — an independent event within the MIPRO 2024 ICT conference |
| Theme | Regional governance themes |
| Participants | 40 |
| Host | The CRO-IGF Organising Committee (coordinator: Ivana Jelačić of CARNET), opened by HAKOM Deputy Council President Mislav Hebel |
(See the source list at the end of this article.)
Discussion Digest — from the Session Records
Key exchanges extracted from session records and transcripts.
1. NIS2 and the New Cybersecurity Act — Practitioners Read the Law in Force Since February 2024
Sessions: Panel 'Cyber security — the NIS2 Directive' (moderated by Assoc. Prof. Tihomir Katulić, Faculty of Law; with A1 Hrvatska, CARNET/National CERT, HAKOM, Gama Global and Atos Convergence Creators)
- Croatia's Cybersecurity Act transposing NIS2 took effect on 15 February 2024; large telecoms see little change, but the real challenge is small businesses, which need help defining a set of measures rational and proportional to their scale [1][2]
- The law puts management responsibility up front — the damage lands on the entity itself, so leadership has every incentive to invest in cyber resilience; the pillars are education, governance and technical measures, with one blunt message recorded: education matters, but sanctions are needed too [1][2]
- Panellists introduced the new National Coordination Centre (NKS) channelling EU cybersecurity funds, proposed school- and university-level security competitions to build a talent pool, and noted that buying services can bridge the specialist shortage [1][2]
2. The AI Act — The World's First Comprehensive AI Law, Seen From Croatia
Sessions: Panel 'Artificial Intelligence' (moderated by Ana Smoljo, CARNET communications and CroAI board member; with CARNET's AI sector, Parser compliance, the Centre for a Safer Internet and the Faculty of Law)
- The AI Act was assessed coolly — technologically neutral, EU-only, riddled with exceptions and dependent on implementing acts, its practical value still to be proven — alongside the worry that the EU is hurting itself economically while others develop faster [1][2]
- Panellists flagged a protection gap — high-risk systems are regulated while video games, used mostly by children, are not — and argued the current copyright framework fails content producers whose work AI systems 'read' [1][2]
- A sovereignty thread ran through the debate: AI runs on GPUs, so whoever manufactures them can shape adoption elsewhere, and states need enough domestic processing power to keep their data at home — even as small offline language models on laptops and phones promise everyone a personal assistant [1][2]
3. The Public Picks the Agenda — an Open Vote and the First Record of Even Participation
Sessions: Overall proceedings (as recorded in the official final report and HAKOM's post-event report)
- This year the public directly chose the agenda, voting two topics — cybersecurity and AI — out of four proposed by the organising committee [1][2][3]
- Though small at about 40 participants, the official report states participation was evenly distributed across government and the public sector, private sector, academia and civil society — a first for a series whose reports had always logged civil society as under-represented [1][2][3]
- An evening timetable (15:30–19:10), a new LinkedIn page and RIPE NCC sponsorship all show the practical craft of keeping a small national IGF alive [1][2][3]
Three-Minute Short Talk — Your Questions Answered
Q. What did this meeting decide?
A. Nothing binding — it was a hands-on reading session where regulator, companies, academia and civil society jointly worked through two regulations landing in real life: the three-month-old Cybersecurity Act (NIS2) and the imminent EU AI Act.
Q. What was the most contentious topic?
A. Regulatory burden versus effectiveness. On NIS2, all agreed small businesses are the hard case, with one blunt view that education alone is not enough and sanctions must follow; on the AI Act, panellists called it exception-riddled, of unproven practical value, and possibly economic self-harm for the EU.
Q. Why should I care?
A. Critical-infrastructure security duties and AI rules are being drafted in many countries with the EU as the reference case — and the 'whoever makes the GPUs shapes AI adoption' sovereignty argument connects directly to any nation's semiconductor and compute policy.
What Is Croatia IGF? (for first-time readers)
Croatia IGF is a National or Regional IGF Initiative (NRI), aligning local internet governance discussion with global IGF principles.
Why It Matters to You
What was discussed here becomes the baseline for national digital policy, platform rules and AI regulation worldwide within a few years. The principles confirmed at the 2024 meeting are the foundation of the "next rules" for the phones, social platforms and AI services you use every day.
Sources & References
- Croatian Internet Governance Forum CRO-IGF 2024 – Final Report (PDF) — CRO-IGF組織委員会(CARNET公式サイト掲載) (accessed 2026-07-11)
- Održan 7. hrvatski Forum o upravljanju internetom(第7回開催報告) — HAKOM(クロアチア・ネットワーク産業規制庁) (accessed 2026-07-11)
- Forum o upravljanju internetom (CRO-IGF)(公式プロジェクトページ・歴代最終報告書一覧) — CARNET (accessed 2026-07-11)
Quotes are translated or condensed from the records listed above. Bracketed numbers [n] refer to the source list.
Related links
- IGF official (NRI list): https://www.intgovforum.org/en/content/national-and-regional-igf-initiatives
- Japan IGF: https://japanigf.jp/
- Yuki Nakazawa's blog: https://nkzw.jp/category/igf/
Revision History
Rev. 1 — published 6 June 2024, 10:00 (Article published)
Rev. 2 — updated 17 July 2026, 12:32 (Fully revised into the in-depth edition: added the 3-line summary, minutes digest, short talk, source list and diagrams (all quotes verified against the listed sources))
— 中澤祐樹

