Defining Terrorism and Violent Extremism

The first source that practitioners can use when attempting to define and identify terrorist and violent extremist actors or content are definitions. These could be government definitions in a country where the practitioner operates, or, in some instances, tech companies, especially established ones, may have developed their own working definitions to assess groups and activities more proactively. However, relying solely on definitions can be problematic, as countries disagree on the core elements that define terrorism. Even when areas of convergence exist, additional layers of inconsistency may make it difficult for a practitioner to categorize and identify terrorism.

GIFCT’s Global Definitions of Terrorism map seeks to support practitioners by allowing for the comparison of 82 definitions of terrorism and violent extremism from countries and intergovernmental bodies. The map contains 60 national definitions of terrorism, 4 intergovernmental bodies’ definitions of terrorism, and 18 countries’ definitions of violent extremism. 

The second source practitioners can use when attempting to identify terrorist or violent extremist actors or content is a government or intergovernmental designation list. Designation lists outline individuals or organizations that a particular government or intergovernmental body, such as the United Nations, has identified as being involved in terrorist activities. Being included on a designation list carries a range of penalties, including criminal, financial, and travel-related restrictions. Accordingly, designation lists are a foundational part of broader counterterrorism frameworks and provide a legal backing for actions taken by tech companies against certain listed groups or individuals. However, just like with definitions, there are areas of convergence and divergence in which individuals and organizations are added to designation lists by the respective governments.

GIFCT's Risk Mitigation Supplement seeks to provide more information about the pros and cons of designation lists, as well as contextual information to mitigate the potential risks that might emerge when relying on these lists.

Due to the lack of universally agreed upon definitions of terrorism, as well as GIFCT’s global mandate, GIFCT does not rely on a single definition of terrorism or violent extremism to guide its work. Instead, GIFCT works to facilitate broad dialogue and analysis of how terrorism and violent extremism manifest across the ideological spectrum and across offline and online dimensions. To support its Member companies, and the broader stakeholder community in actioning terrorist and violent extremist activity or content online, GIFCT ensures that its Working Groups, its global events and engagements, and its academic research produced by its academic wing, the Global Network on Extremism and Technology (GNET), contain a diverse group of global practitioners from a range of sectors who can provide insight into the current trends in terrorism and violent extremism online.

GIFCT’s cross-platform tools and protocols, such as the GIFCT hash-sharing database and the Incident Response Framework, which help tech companies identify and when applicable take action on content on their platforms, are guided by refined parameters informed by GIFCT member and multi-stakeholder feedback. These frameworks are designed to be flexible enough to adapt to evolving threats while also capturing areas of strong consensus among members. GIFCT originally established the hash-sharing database taxonomy in 2017 to include images and videos produced by individuals and entities on the United Nations Security Council’s Consolidated Sanctions List. The initial taxonomy sought to establish a common baseline for inclusion that tech platforms could agree upon, preventing differences in operational definitions of ‘terrorism’ and ‘terrorist content.’ Following the terrorist attacks in Christchurch, New Zealand in March 2019, in which the perpetrator live-streamed his attack, GIFCT expanded the taxonomy to enable hash-sharing of content when the attackers or accomplices produce violent content. 

GIFCT’s taxonomy expanded again following the 2021 Taxonomy Report to include attacker manifestos and branded propaganda materials such as PDFs. Rather than following any single government list, GIFCT now uses a set of criteria that allows for labels referencing designated entities on the 1267 Sanctions List, behavioral labels that categorize content by type, or incident labels created from Incident Response Framework (IRF) activations. 

While incident labels for the hash-sharing database correspond to perpetrator-produced content from the offline terrorist or mass violence attack that activated the IRF, behavioral labels categorize content by type of terrorist or violent extremist behavior associated with the content including: the glorification of terrorist acts, graphic violence related to offline terrorist or violent extremist events, terrorist recruitment and instruction, and imminent credible terrorist threats.

GIFCT's Behavioral Definitions of Terrorism page breaks down the behavioral indicators that are most commonly referenced in government definitions of terrorism and violent extremism.