In my 16 December 2020 blog, I reported that the European Commission had unveiled important initiatives that touch on the Domain Name System (DNS), including domain name registration data and DNS services providers. On 26 February, the ICANN organization held a Stakeholder Assembly with the European Commission to provide the community with the opportunity to hear directly from the Commission on these initiatives, and to discuss the possible impact they may have on the DNS and the broader ICANN community. The recording can be accessed here.
These initiatives are:
- The proposed Digital Services Act (DSA) Regulation.
The DSA would introduce obligations concerning illegal content that would apply to digital services providers that offer services in Europe, regardless of whether they are established in Europe. DNS service providers are in scope.
- The EU Cybersecurity Strategy.
The Cybersecurity Strategy, which is not a legislative initiative, puts forward several DNS-related actions, such as the "DNS4EU" initiative. The Commission will also, in liaison with member states and industry, undertake what it describes as measures to accelerate the uptake of key internet standards including IPv6 and well-established internet security standards and good practices for DNS, routing, and email security.
- The proposal for a revised Directive on Security of Network and Information Systems (NIS2 Directive).
The NIS2 Directive applies to all DNS service providers. This includes recursive resolvers and operators of authoritative servers for the root zone, top-level domains (TLDs), and all other domain names below the TLDs. Under the NIS2 proposal, DNS services are deemed essential services. Operators of DNS services offering services in Europe will have to implement cybersecurity measures and report any incidents that have a significant impact on the provision of their services. The small and micro business exemptions do not apply to TLD name registries or DNS service providers.
Moreover, NIS2 includes provisions about domain name registration data, introducing obligations to collect, maintain, and provide access to specific domain name registration data upon lawful and duly justified requests of legitimate access seekers.
The proposed DSA Regulation and NIS2 Directive are currently open for public comment. The European Commission will summarize all the feedback received and present it to the European Parliament and Council with the goal of feeding into the legislative deliberations.
ICANN org intends to submit feedback for both initiatives, and we encourage others in the community to provide their feedback.
To access information on the public comments, click on the below links:
-
The last day for NIS2 Directive feedback is 18 March 2021.
-
The last day for DSA feedback is 31 March 2021.