Explanatory Memorandum to COM(2020)775 - Assessment of cooperation of the .eu Registry operator with EUIPO with a view of combating abusive and speculative domain name registrations, pursuant Art. 16 of Reg. 2019/517 - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2020)775 - Assessment of cooperation of the .eu Registry operator with EUIPO with a view of combating abusive and speculative domain ... |
|---|---|
| source | COM(2020)775  |
| date | 02-12-2020 |
Contents
- Brussels, 2.12.2020
- Table of Contents
- 1. Introduction
- 2. Objectives and methodology
- 2.1 Objectives
- 2.2 Methodology
- 3. Cooperation between EURid and EUIPO to combat abusive and speculative domain name registrations
- 3.1 Early cooperation
- 3.2 Recent cooperation
- 3.3 Planned activities 2020-22
- 3.4 Assessment of the EURid-EUIPO cooperation, and recommendations for improvements
- 4. Cooperation with other Union bodies and national or international organisations
- 4.1 Cooperation with Europol
- 4.2 Collaboration with other bodies
- 5. Small and medium-sized enterprises
- 5.1 Registration procedure
- 5.2 Alternative dispute resolution
- 6. Conclusions
- 1.Introduction
- 2.Objectives and methodology
- 2.1 Objectives
- 2.2 Methodology
- 3.Cooperation between EURid and EUIPO to combat abusive and speculative domain name registrations
- 3.1 Early cooperation
- 3.2 Recent cooperation
- Availability check
- Alerts
- 3.3 Planned activities 2020-22
- 3.4 Assessment of the EURid-EUIPO cooperation, and recommendations for improvements
- 4.Cooperation with other Union bodies and national or international organisations
- 4.1 Cooperation with Europol
- 4.2 Collaboration with other bodies
- 5.Small and medium-sized enterprises
- 5.1 Registration procedure
- 5.2 Alternative dispute resolution
- 6.Conclusions
- Regulation (EU) 2019/517 on the implementation and functioning of the .eu top-level domain name and
COM(2020) 775 final
REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
Assessment of the cooperation of the .eu Registry operator with EUIPO and other Union agencies with a view of combating abusive and speculative domain name registrations, pursuant to Article 16 of Regulation (EU) 2019/517
3. Cooperation between EURid and EUIPO to combat abusive and speculative domain name registrations
The Commission is responsible for the .eu top level domain, which is currently used by 3.6 million end-users in the EU 1 . The .eu domain was established by Regulation (EC) No 733/2002 and by Commission Regulation (EC) No 874/2004. The acts were repealed recently by Regulation (EU) 2019/517 2 , “the .eu Regulation”, which entered into force on 18 April 2019 and will apply from 13 October 2022.
The .eu domain name is operated by the .eu Registry. Currently this is EURid, a private, independent, non-profit organisation, on the basis of a service concession contract concluded with the Commission, running until 12 October 2022. The Commission, in accordance with Article 19(2) of the .eu Regulation will select and enter into a contract with the entity that will act as the .eu Registry as from 13 October 2022.
The .eu Regulation requires the Registry to adopt policies and implement measures to avoid speculative and abusive registration of domain names. 3 ‘Speculative and abusive registration’ is defined as registering a domain name that is identical or confusingly similar to a name for which a right is recognised or established by national and/or Union law, which: (a) has been registered by its holder with no right or legitimate interest associated with it; or (b) has been registered or is being used in bad faith 4 .
Protected rights at EU level include, inter alia, registered national and community trademarks, geographical indications and designations of origin, as well as the following nationally-protected intellectual property rights (IPR):
·unregistered trademarks
·trade names
·business identifiers
·company names
·family names
·distinctive titles of protected literary and artistic works. 5
Speculative and abusive .eu registrations must be revoked, using the .eu alternative dispute resolution (ADR) process or a judicial procedure initiated by the rightsholders.
The .eu Regulation requires the Commission to promote cooperation between the .eu Registry, the European Intellectual Property Office (EUIPO) and other Union bodies, to combat speculative and abusive registrations of domain names, including cybersquatting, and provide simplified administrative procedures, in particular for small and medium-sized enterprises (SMEs). 6
The .eu Regulation also requires the Commission, by 30 June 2020, to evaluate this cooperation and assess whether and how the Registry should set up simpler administrative procedures for SMEs. 7 The Commission should subsequently report to the European Parliament and the Council about its assessment. 8 The Commission prepared this report to fulfil this legal obligation.
The Domain Name System (DNS) supports an accessible, functional and trustworthy internet, but is not immune to abuse. The .eu domain name is no exception, so the .eu Regulations require policies and measures to be implemented to prevent abusive and speculative domain name registrations.
This report:
·evaluates the cooperation between the .eu Registry (EURid) and EUIPO and other Union bodies or international organisations to tackle speculative and abusive registrations;
·assesses whether and how this cooperation could be improved to maintain a secure, transparent and trustworthy .eu online environment;
·takes into account current industry practice in the field;
·identifies possible aspects of the .eu registration procedure, or other domain name management procedures (such as alternative dispute resolution) that could usefully be simplified to facilitate domain name registrations and increase protection for rightsholders, to the benefit of SMEs.
This report is based on both the Commission’s assessment and the findings of an external study conducted between December 2019 and April 2020 evaluating practices for combating speculative and abusive domain name registrations 9 .
The authors of the study conducted an extensive review of relevant industry reports and collected and analysed data and information from multiple stakeholders involved in fighting speculative/abusive registration. In particular, they conducted a market analysis and a comparison between the .eu Registry practices and other domain name registries, using both qualitative and quantitative methods. This included assessing administrative procedures that would allow SMEs to effectively combat speculative and abusive registrations in the .eu domain name.
This report also takes into consideration the formal reporting by the .eu Registry to the Commission 10 and the information gathered by the Commission during the regular exchanges with the Registry as part of its supervisory duties.
3.Cooperation between EURid and EUIPO to combat abusive and speculative domain name registrations
The cooperation between EURid and EUIPO was first formalised on 23 June 2016 in a letter of collaboration. 11 Its objective was to combat fraudulent activities, following evidence that third parties systematically browsed EUIPO’s database seeking new EU Trade Mark (EUTM) applications and made speculative or abusive .eu domain name registrations for these terms, a practice known as cybersquatting. The two parties agreed to implement changes in the system with the aim of raising EUTM holders’ awareness and reducing cybersquatting.
During the early cooperation stages between EURid and EUIPO, the focus was on sharing information and cooperating in areas of mutual interest. EURid notably forwarded suspicious invoices to EUIPO and both organisations added links on their respective portals and tools, including a link to a trademark search tool on EURid’s website; a link to EUIPO’s website on the .eu WHOIS webpage; and a link to the .eu availability search tool in the EUTM e-filing tool.
On 20 May 2019 EURid and EUIPO extended their cooperation by signing a first collaboration agreement. 12 Two new functionalities were made available to EUTM holders:
·an availability check for the corresponding domain name when they file with EUTM;
·a notification (alert) when a domain name corresponding to an EUTM is registered.
Added to the EUTM e-filing tool, this function directly informs users – as soon as they complete their trademark filing – whether their trademark is available as a .eu domain name. This way, they can choose immediately to register the domain name before their EUTM application is published.
EUTM holders also have the option to receive an alert when a .eu domain name identical to their trademark is registered – but only if they expressly opt in. The system is based on the daily sending by EUIPO of an up-to-date list of EUTM applications to EURid through the EUIPO-download service 13 . Each new .eu domain name registration is checked by EURid against this list, and if a match occurs, EUIPO is notified and users receive an alert through their EUIPO User Area.
Under their joint work programme for 2020-22 14 , EUIPO and EURid will explore the possibility of implementing a reciprocal process when a .eu domain name is registered, allowing domain name holders to see if a trademark with a similar name is available at EUIPO.
Additionally, both organisations will work on a joint study on application behaviour, to see whether trademarks or domain names are registered first. The study will help them tackle fraudulent domain names and registrations made in bad faith.
Work will also begin on a feasibility study to create a tool to inform users of the availability of the terms they are searching for both as a trademark and a domain name. EUIPO and EURid will also explore the possibility of extending the current availability check based on “identical search” 15 to “similar search”, to find possible matches in the EURid database after an online EUTM application has been filed.
The work programme also contains a link to the EUIPO SME programme, which will include initiatives such as:
·a chatbot providing information on business issues useful to SMEs, starting with intellectual property matters;
·discovery guides providing support and guidance to SMEs wanting to register an EUTM, and flagging the importance of domain names;
·webinars aimed at SMEs and multiplier organisations.
EURid and EUIPO have achieved a fruitful cooperation in combatting speculative and abusive registrations of domain names, including cybersquatting, and future action planned by the two organisations is expected to help further reduce speculative and abusive registrations and improve support to SMEs.
In the next stage of their cooperation, the two organisations should seek to simplify the procedure for the .eu domain name and EUTM registration and foster awareness of the link between domain names and trademarks. Any tool or measure they propose should be simple, user-friendly, accessible and effective for SMEs.
Specifically, they could make the following improvements:
·More awareness-raising and knowledge-building activities, to make rightsholders and .eu domain name holders aware of the existing measures and tools and increase their use. Examples include training courses and webinars, especially targeting SMEs. It will be important to gather feedback from SMEs, to understand their needs and improve awareness-raising activities.
·Provide more information to users when they file an EUTM application. For example, along with the final receipt and official record of the application, EUIPO could supply applicants with documents containing more information on .eu domain names and ways to protect IPR.
·Improve existing tools:
oFull deployment of the availability check and alert functionalities will require further technical improvements. These functions offer a simple and effective way for rightsholders, including SMEs, to reserve the domain names matching their trademarks or act on abusive/speculative registrations.
oGeneralise the use of the alert system. The statistics provided by EURid and EUIPO show that there is an important gap between the number of matches found between EUTM and .eu domain name registrations and the number of alerts sent to EUTM holders. There is a need to raise the level of awareness of this functionality and increase its use.
oInvestigate the possibilities to extend existing tools on availability check and alert functionalities to cover geographical indications.
·Develop new tools to facilitate the simultaneous registration of EUTM and .eu domain names:
oDevelop a joint search tool that enables users to check whether terms are available both as an EUTM and a .eu domain name.
oAssess the possibility of EUIPO becoming a .eu accredited registrar and integrating the .eu domain name registration with EUTM applications. This would offer rightsholders the possibility of one-stop registration.
The Commission will follow up on these recommendations with EURid and EUIPO and closely follow how their cooperation develops and how effective the measures they take to combat speculative and abusive registrations are. In doing so, it will pay particular attention to the measures adopted for SMEs.
EURid and Europol have in place a memorandum of understanding 16 , signed in 2016. Under this agreement, they are exchanging information on suspicious .eu domain names, including domains identified by EURid’s Abuse Prevention and Early Warning System (APEWS) 17 .
Cooperation between EURid and Europol could be further strengthened, starting with formalising these arrangements. This would include:
·formalising the scope and the commitments of each party;
·identifying contact points and communication channels on both sides;
·describing the actions each party must take when a suspicious domain name is identified;
·determining follow-up and reporting mechanisms.
The two organisations could also carry out joint awareness-raising and knowledge-building activities to inform the general public and train cybersecurity experts and law enforcement officers on cybercrime threats linked to speculative and abusive domain name registrations, and available counter-measures. Specifically, they could develop intellectual property-related case studies to educate rightsholders and their representatives, with a focus on SMEs.
EURid collaborates with international and European authorities and organisations to prevent online illegal activities. These include, among others:
·Belgian Customs (against counterfeit websites);
·Belgian Prosecutors and law enforcement agencies (against cybercrime);
·Association for Safe Online Pharmacy;
·International Anti-Counterfeiting Coalition 18 ;
·eCommerce Foundation (against fake e-shops);
·Anti-Phishing Working Group;
·Belgian Computer Emergency Response Team.
National registered trademarks are protected under the .eu regulatory framework to the same extent as EUTMs. However, no structured collaboration of the .eu Registry with Member States’ trademark offices exists. This degree of collaboration could be established, possibly through the European Union Intellectual Property Network (EUIPN) set up by the EUIPO 19 . EURid collaboration with EUIPO could also be extended to Member States’ trademark offices, by offering the availability check and/or alert functionalities to their users as well.
Currently, holders of IPR other than trademarks (e.g. geographical indications and designations of origin, trade names, business identifiers and company names) only have access to curative measures in case of abusive .eu registration. To improve this situation, the .eu Registry could establish further collaboration with relevant bodies and agencies. This could include carrying out checks in their IPR databases 20 . Where the Registry would find names that are identical or similar to .eu domain names, it could then either notify the rightsholders (so they can take action) or take action directly itself (ex officio). In practice, this would mean extending the alert functionality to those IPR as well. Concerning trade names, business identifiers and company names, a study could be launched to assess the usefulness of setting up a collaboration with the EU network of business registries.
Extending the scope of collaboration with authorities and organisations in charge of other IPRs beyond EUTM could be particularly beneficial for SMEs.
All aspects analysed in this report provide for a specific angle focusing on small and medium sized enterprises.
In addition, this section focuses on aspects related to .eu registration procedures for SMEs and the remedies at their disposal – especially Alternative Dispute Resolution – to tackle abusive/speculative domain name registrations.
Overall, the .eu registration procedure is quite simple and straightforward. However, considering the importance of preventive measures to tackle speculative and abusive registrations, it could be improved for SMEs, in particular by:
·Implementing services allowing IPR holders to preventively block infringing domain name registrations, as other industry players already do 21 . Such services help rightsholders to protect their prior rights and protect their brands from typosquatting 22 ;
·Extending the use of predictive algorithms to prevent speculative and abusive registrations in addition to malicious registrations 23 , as is currently the case;
·Raising rightsholders’ awareness about existing similarity search tools, such as the .be WHOIS lookup, so they can search for similar domain names that could potentially infringe their rights;
·Making information readily accessible to users on how to report different types of misuse 24 .
Since the internet has global reach and resolving cross-border domain disputes through court proceedings is costly and time-consuming, extrajudicial (alternative) dispute resolution mechanisms to resolve such disputes are internationally recognised as effective curative measures against speculative and abusive registrations.
Alternative resolution for .eu disputes 25 is governed by specific rules 26 and has been provided by an independent provider, the Czech Arbitration Court (CAC), since 2006. The service is also provided by the World Intellectual Property Organization (WIPO), since 2017. The .eu resolution procedure lasts approximately 3 months.
Overall, alternative dispute resolution for .eu works as intended 27 – but some changes could be implemented to make it simpler, more accessible and affordable for SMEs. For example:
·Making available an online dispute management portal to enable parties to handle the entirety of the .eu disputes online (currently not all .eu resolution providers make it available);
·Shortening the procedure (where possible), in line with the Uniform Domain Name Dispute Resolution Procedure (UDRP);
·Keeping the filing fees for initiating a .eu resolution affordable for SMEs;
·Introducing a ‘loser pays’ mechanism to deter speculative/abusive registrations and enable the prevailing party to recover the cost of initiating the .eu procedure;
·Providing for expedited procedures such as the suspension of domain names by the Registry in clear typosquatting cases or procedures similar to the Uniform Rapid Suspension system (URS) 28 ;
·Making preliminary procedures available, before the dispute over the domain name is officially initiated. 29
Overall, the cooperation between the .eu Registry and EUIPO on combating abusive and speculative registrations of domain names is satisfactory. This report suggests further improvements concerning:
·The cooperation between EURid and EUIPO, in particular by improving awareness-raising and knowledge-building activities and by improving existing tools and developing new tools to facilitate the simultaneous registration of EUTM and .eu domain names;
·The collaboration with other entities: existing collaboration such as the one with Europol could be strengthened; new collaborations could be introduced, for example with national trademarks offices;
·The measures in place for SMEs, in particular by further improving the registration and alternative dispute resolution procedures.
All the recommendations for improvement presented in this report could be achieved by a mix of:
·implementing existing measures;
·implementing new cooperation measures between EURid and EUIPO and other Union bodies, authorities and organisations at national or international level;
·and updating EURid procedures.
They do not require further legislative measures, rather concrete implementation and follow-up. Some of these measures could be introduced in the service concession contract between the .eu Registry and the Commission (to be applied once Regulation (EU) 2019/517 is in application).
The Commission will follow up with the .eu Registry and EUIPO on the proposed improvements, with particular attention to the simplification measures for SMEs, and will report to the European Parliament and the Council on the progress achieved as part of the regular reporting on the functioning of the .eu domain name.
(1)
EURid’s quarterly report (Q2 2020): https://eurid.eu/media/filer_public/43/77/43778dd5-5afa-42ce-8213-0c8d661ec26f/quarterly_q22020.pdf
(2)
Regulation (EU) 2019/517 on the implementation and functioning of the .eu top-level domain name and
29.3.2019, p.25).
(3)
See Article 5 of Regulation (EC) No 874/2004 and Article 11 of Regulation (EU) 2019/517.
(4)
See Article 21 of Regulation (EC) No 874/2004 and Article 4 of Regulation (EU) 2019/517.
(5)
See Article 10(1) of Regulation (EC) No 874/2004.
(6)
See Recital 7 of Regulation (EU) 2019/517.
(7)
See Article 16(2) of Regulation (EU) 2019/517.
(8)
See Article 16(4) of Regulation (EU) 2019/517.
(9)
The study can be found here: https://dx.publications.europa.eu/10.2759/428574
(10)
The latest public report from EURid is available here: https://eurid.eu/en/news/2019-annual-report/ . The Commission also issued a report to the European Parliament on the implementation, functioning and effectiveness of the .eu Top-Level Domain from April 2017 to April 2019, accessible at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2020%3A0063%3AFIN
(11)
https://eurid.eu/en/news/eurid-and-the-euipo-sign-letter-of-collaboration/
(12)
https://euipo.europa.eu/ohimportal/en/news/-/action/view/5140548
(13)
The EUIPO-Download service consists of a database that can be downloaded from EUIPO’s server and integrated in the user’s internal systems. It contains data on all EUTMs, Resource Cataloguing and Distribution System (RCDs) and International Registrations (IRs) entered into the EUIPO internal database.
(14)
https://euipo.europa.eu/ohimportal/en/web/guest/news/-/action/view/5772664
(15)
The results returned to users are those based on an almost exact match in EURid’s database, with only slight variations (such as hyphens and numbers).
(16)
www.europol.europa.eu/newsroom/news">https://www.europol.europa.eu/newsroom/news
(17)
The Abuse Prevention and Early Warning System (APEWS) is a machine-learning tool developed by EURid in collaboration with the University of Leuven, which verifies all newly registered .eu domains to detect and prevent the delegation of malicious domains (i.e. phishing, spamming, distribution of malware, botnet command and control).
(18)
https://eurid.eu/en/news/eurid-and-iacc-team-up-to-fight-cybercrime/
(19)
https://euipo.europa.eu/ohimportal/en/european-cooperation
(20)
Such as the Commission’s EU Geographical Indications register - eAmbrosia https://ec.europa.eu/info/food-farming-fisheries/food-safety-and-quality/certification/quality-labels/geographical-indications-register/
(21)
Currently on the gTLD market there are several domain blocking services such as Donut’s Domain Protected Marks List (DPML) , Trademark Clearinghouse’s www.trademark-clearinghouse.com/content">TMCH TREx , Uniregistry’s www.unieps.help/">Uni EPS , ICM Registry’s AdultBlock , .club Registry’s .club Trademark Sentry .
(22)
Typosquatting is a form of cybersquatting that relies on mistakes such as typos made by internet users when entering a website address into a web browser. The typosquatted domain name consists of a common, obvious, or intentional misspelling of a trademark (e.g., adjacent keyboard letters, substitution of characters that look similar, inversion of letters and numbers, the addition or interspersion of other terms or numbers).
(23)
I.e. phishing, spamming, distribution of malware, Botnet command and control.
(24)
Such as in the .be, .dk domain names.
(25)
See Article 22(1)(a) of Commission Regulation (EC) No 874/2004.
(26)
https://eurid.eu/d/7770495/EN_ADR_English_rules.pdf
(27)
For more information on the .eu ADR, please consult section 10.2 of the external study: https://dx.publications.europa.eu/10.2759/428574
(28)
URS is a rights protection mechanism launched by ICANN in 2013 with the introduction of the new gTLDs. URS is a low cost, quick procedure for rightsholders experiencing clear-cut cases of trademark infringement caused by domain name registrations. It leads to the temporary take-down (suspension) of the domain name until it expires. At the end of the registration period, the domain name is cancelled by the registry operator.
(29)
For example, filing opposition to a domain name registration with the .eu Registry (post-delegation), to lock the domain name (such as in the .it domain name).