Who is affected by the NIS2 Directive and what it means to the fight against online harms. – Pre 07 2024
by Dynamic Coalition on DNS Issues
17 June 2024 | 11:15 - 12:15 EEST | WS room 2 |
Consolidated programme 2024
Article 28 of the NIS2 Directive – the European Union’s updated version of the Network and Information Systems Directive– creates legal obligations for domain registries and entities providing domain name registration services in relation to the WHOIS database. This session will take a broad ecosystem approach to explore who is impacted by Article 28, and what the directive means for cross-industry collaboration in addressing online harms
Session description
In January 2023, the European Union’s update to the Network and Information Systems Directive, now known as NIS2, became law. As part of the vision for advancing cybersecurity in the Union, Article 28 of the Directive creates legal obligations for domain registries and entities providing domain name registration services in relation to the WHOIS database.
In the context of EuroDIG, this workshop intends to shed light on the ecosystem that will be affected by Article 28 of the NIS2 Directive and what the NIS2 directive might mean for coordination of the diverse actors in the ecosystem in addressing online harms. As part of this exercise, stakeholders will be invited to reflect on current contributions from across the DNS value chain to mitigate online harms and what additional cooperation may be required.
The session will take a whole-ecosystem approach considering a broad spectrum of stakeholders (registries, registrars, resellers, as well as proxy, hosting, cloud computing and data centre service providers) and touch upon what roles and responsibilities may fall to these members of the ecosystem.
The conversation seeks to unpack what level of cross-industry collaboration is implied in the directive, and how stakeholders from the DNS value chain may be expected to collaborate. The discussions will build on prior dialogues by the DC-DNSI and highlight possible strategies for broad ecosystem cooperation in addressing various forms of abuse online.
Format
This 60-minute session will open up with short remarks from the invited speakers. The session will be structured into two segments. The first will discuss who is in reach of the directive. The second half will touch upon existing practices across those stakeholders in the value chain, and what additional cooperation may ensue from the directive. The session will be highly interactive, bringing in-room and online participants early in between segments. The session will be supported by both an onsite and a remote moderator, as to ensure remote participants are easily involved in the discussion.
Further reading
NIS2 Directive, final text: https://eur-lex.europa.eu/eli/dir/2022/2555/oj
People
Key participants:
- Moderator: Regina Filipová Fuchsová, EURid
- Speakers:
- Georgia Osborn, DNSRF.
- Prudence Malinki, Markmonitor.
- Katrina Sataki, .lv and ICANN Board.
Video record
Messages
- Even with the fast approaching October 2024 deadline, the transposition of NIS2 is still underway, and many details will still be defined even after transposition, during the implementation phase. This is well documented in the DNSRF’s Article 28 transposition tracker.
- Small registries are concerned about the burden generated by the legislation. In the case of the European ccTLD community, they will need to rely on networks, such as CENTR, and the leadership of larger registries to devise harmonised policies and share lessons from their respective compliance efforts. There is also concern for impact on the local registrar ecosystem that works closely with the ccTLD community, but is less knowledgeable of developments in regional and global organisations.
- Registrars expect the directive will impact their operations, and express particular concern for the cost of implementing verification procedures and the prospect of a less harmonised and standardised registration experience.
- All stakeholders represented in the panel agreed on the importance of cross-industry collaboration to ensure harmonisation, avoid the fragmentation of the registrant experience, and share knowledge and expertise to support smaller players. Research, such as the DNSRF’s forthcoming work on KYC or future efforts to track the impact on the directive on curbing abuse are also means to draw evidence-based lessons on the effectiveness of proposed policies.