The Impact of the NIS2 Directive’s Article 28 on the DNS Industry

Report from the workshop at ICANN78 in Hamburg, 20 October 2023

The NIS2 Directive

The European Union took a significant step towards strengthening cybersecurity in 2016 with the introduction of the Network and Information Security Directive (NIS1). While this directive has strengthened the cybersecurity capabilities of Member States, its implementation has faced challenges, resulting in market fragmentation. In response to escalating digital threats and an increase in cyber-attacks, the NIS2 Directive was enacted, expanding and updating the scope of its predecessor. NIS2 introduces measures such as cybersecurity frameworks, national strategies, incident response teams and risk management protocols. It entered into force on 16 January 2023, and Member States are required to transpose its measures into national law by 17 October 2024.

Article 28 and the DNS industry

Sponsors logos ICANN78 Accompanying Programme

Article 28 of the Directive will have a particular impact on the domain name ecosystem, affecting various stakeholders such as domain name registration service providers, TLD name registries, and DNS service providers. It requires Member States to ensure the accurate collection and maintenance of domain name registration data in a dedicated database, in compliance with EU data protection law. Moreover, it mandates timely public disclosure of non-personal domain name registration data and permits access to specific data only through lawful requests, adhering strictly to data protection regulations. Compliance entails swift incident responses within 72 hours, public availability of data disclosure policies, and collaboration among TLD name registries and registration service providers to prevent data duplication.

Complying with Article 28 presents challenges for the DNS industry, including the potential variation in verification procedures across the 27 Member States and the need for businesses to adjust their structures to incorporate NIS2 guidelines. There is still a lack of clarity – and hence much debate – on which entities are covered by the Directive, jurisdiction and territoriality issues, and the requirements for non-EU entities offering services in the EU.

ICANN78 Day Zero Workshop: NIS2 Directive – Impact on the DNS Industry

The implications of Article 28 for the DNS industry were the focus of a day-long workshop organised by eco – Association of the Internet Industry in advance of the ICANN78 meeting in Hamburg, Germany, in October 2023. The workshop brought together stakeholders from the DNS industry, the European Commission, national governments, and the ICANN community to clarify and discuss the challenges facing the DNS industry and to come up with measured responses to the regulatory challenge of NIS2 to avoid fragmentation as much as possible.

As Thomas Rickert, Director Names & Numbers of the eco Association, the workshop moderator, put it: “Like it or not, we’re all on Team 28 now and have to make it work one way or the other”.

 

YouTube

By loading the video, you accept YouTube's privacy policy.
Learn more

Load video

Understand the Impact of the NIS2 Directive on the DNS Industry

Revenue and Growth in the German Internet Industry 2018–2025e (in billion EUR)

Based on discussions at the October workshop, this comprehensive report provides insights critical to understanding the intricacies of NIS2 and its impact on the DNS industry. It offers valuable perspectives and guidance for industry stakeholders navigating these regulatory changes.

  • Gain insights into the requirements and expectations underpinning Article 28 and the precise scope of the Directive, in particular challenging issues such as jurisdiction, the status of resellers and the legal basis for the collection of domain name registration data.
  • Take a look at national deliberations and the challenges of transposing the Directive into national law.
  • Explore the role of registration data in the fight against DNS abuse and the benefits of accurate data from the different perspectives of ccTLDs, gTLDs, law enforcement and small and large players in the DNS industry.
  • Learn about the operational and implementation challenges facing the DNS industry, including the importance of contractual arrangements between the various parties involved in the domain registration process, the importance of creating standardised domain name validation processes, what to do when validation fails, and how registries and registrars can deal with the disclosure clause and the 72-hour response time.

Sponsors

We thank the sponsors for their support of eco's ICANN78 Accompanying Programme

Your eco contact person for the report

Lars Steffen, photo

Head of International, Digital Infrastructures & Resilience

Lars Steffen
Tel: +49 (221) 7000 48 - 0
Email: lars.steffen(at)eco.de

Download the workshop report for free


    Yes, I want to receive eco's dotmagazine newsletter, which is sent usually once a month, with links to articles from dotmagazine and eco news.


    Yes, I want to receive the eco european newsletter, which is sent usually every six weeks, containing the latest developments on a political level in Berlin and Brussels and further insights from the eco Policy and Law team.



    eco Privacy Policy

     

    Please enter the code

    captcha