Annexes to COM(2020)63 - Implementation, functioning and effectiveness of the .eu Top-Level Domain from April 2017 to April 2019 - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2020)63 - Implementation, functioning and effectiveness of the .eu Top-Level Domain from April 2017 to April 2019. |
|---|---|
| document | COM(2020)63  |
| date | February 19, 2020 |
As from the end of that transition period, Union law ceases to apply to and in the United Kingdom. Therefore, United Kingdom residents who are not citizens of an EU Member State, Iceland, Liechtenstein or Norway and undertakings and organisations that are established in the United Kingdom but not in an EU Member State, Iceland, Liechtenstein or Norway will no longer be eligible under EU law to hold a .eu domain name, in the same way as residents, undertakings and organisations of other third countries. This consequence would apply from the withdrawal date in the event that the Withdrawal Agreement did not enter into force.
With the notice on the ‘Withdrawal of the United Kingdom and EU Rules on .eu Names’ of 28 March 2018, updated on 18 July 2019 16 , the Commission warned the .eu domain name holders residing or established in the United Kingdom of the consequences of the United Kingdom’s withdrawal from the EU, subject to the provisions of the Withdrawal Agreement coming into force as regards the transition period. In addition, the Commission and EURid agreed on an action plan to mitigate the effects of the possible scenario of a Withdrawal Agreement not entering into force, and to manage the transition to the United Kingdom’s status as a third country, comprising of communication to registrars and registrants and transition measures for registered domain names belonging to United Kingdom residents 17 .
The impact of the United Kingdom’s intended withdrawal from the EU on the .eu domain began to be felt in 2018. For United Kingdom’s residents, the possibility of losing eligibility for the registration of .eu domain names triggered cancelations, non-renewals and a decrease in new registrations. In addition, some United Kingdom-based registrars ceased to offer the .eu domain. As a result, the number of .eu registrations in United Kingdom fell from around 240,000 to around 190,000 by the end of the first quarter of 2019; a decrease of 24 %.
6.Trust and security
6.1.Secure domain names
DNSSEC 18 , a security extension of the DNS has been deployed and promoted in the .eu domain since 2013. DNSSEC ensures that users communicate with the correct website, preventing ‘man in the middle’ type attacks by fake websites.
For DNSSEC to function properly, both the domain at the top level and individual domain names need to have a digital signature (‘be signed’). Following the signing of the .eu top level itself in 2010, EURid has been promoting DNSSEC signing among .eu domain names. Since 2015, EURid has offered a fee discount per correctly signed domain name. At the end of the first quarter of 2019, around 540,000 domain names (15% of the .eu domain names) were correctly signed with DNSSEC. Regular increase in the number of DNSSEC-signed domain names over the period covered demonstrated that these discount measures motivated registrars to deploy DNSSEC and to offer it to their registrants. While .eu ranks among the best ccTLD registries in terms of DNSSEC adoption, it is clear that further effort is needed to increase the enrolment of .eu domain names.
In general, EURid supports its registrar community in adopting cybersecurity standards through webinars and meetings and regular briefings about DNSSEC and other security measures.
6.2.Mitigation of abusive registrations
The prevention of abusive domain name registrations, used for copyright infringements, the selling of counterfeit goods, phishing, cyberattacks, and the distribution of malware, continues to be a key priority for the .eu domain. This is implemented by verifying the validity of registration data against .eu eligibility criteria 19 and the screening of new registrations for suspicious patterns or anomalies.
As a preventive measure, EURid performs daily checks on new registrations. If dubious data are detected, registrants are invited to update or correct their information – with the risk of suspension of their domain name if they fail to do so. In 2017 and 2018 respectively 20,126 and 58,966 domain names were suspended.
In 2017, the University of Leuven developed a system for EURid that predicts which .eu domain names might be used for abusive purpose, based on historical data and self-learning algorithms. This system, still in development, is aimed at preventing malicious domain names from becoming active in the first instance.
6.3.Cooperation in the fight against cybercrime
EURid continued to provide regular assistance to law enforcement and other relevant authorities both at the national and European level, aiding them in the fight against illegal activities associated with .eu domain names.
At the national level, EURid collaborated actively with the Belgian Federal Ministry of Economic Affairs, the Belgian Customs (Cybersquad), and the Belgian Public Prosecutor’s Office.
At the European level, EURid continued engaging in regular dialogue with the Computer Emergency Response Team for the EU (CERT-EU) and further expanded cooperation with EUROPOL by exchanging statistical data and trends, running joint projects aimed at combatting cybercrime 20 and holding joint workshops 21 . In June 2018, EURid and the International Anti-Counterfeiting Coalition signed a Memorandum of Understanding to engage in joint efforts to fight cybercrime in the .eu domain. EURid also continued its cooperation with EUIPO (European Union Intellectual Property Office) to notify trademark holders when a .eu domain name is registered that is identical to a registered EU trademark.
6.4.Alternative Dispute Resolution
In June 2017, EURid expanded the options for initiating an Alternative Dispute Resolution (ADR), by signing an agreement with the World Intellectual Property Organisation (WIPO) to become a new provider of the .eu ADR in addition to the existing provider, the Prague-based Arbitration Court (Czech Arbitration Court). A characteristic of the .eu ADR is the possibility to submit a complaint online in any of the official languages of the EU. In the period of this report, 127 complaints were filed and 130 disputes were resolved.
6.5.Stability, security and business continuity
EURid has maintained a highly resilient and robust technical infrastructure to ensure that, at all times, the .eu namespace is visible and performing well for all internet users. This has resulted uninterrupted access to .eu domain names for users connecting to these domain names during the period covered by this report (uptime of 100 %). Two domain name servers 22 in Amsterdam and Luxembourg form the core of EURid’s technical infrastructure, complemented by a mix of self-managed servers (Amsterdam, Ljubljana, London, and Prague) and external “anycast” providers such as DENIC, NetNod and Dyn/Oracle, providing name servers across the world in order to support the .eu zone file.
Establishing and maintaining a high standard for its information and network security remained an important element of EURid’s policy to continue providing secure and high-quality services to .eu-accredited registrars and the public. EURid obtained an ISO 23 22301 certification in 2017 for its business continuity management and was recertified for the information security standard ISO/IEC 27001 in 2019. In addition, EURid evaluated and adapted its Responsible Disclosure Policy in 2018 and continued its collaboration with an external company to assess and improve cyber security and reduce threats.
EURid has been a pioneer of business continuity among ccTLD registries. EURid has kept its risk assessment up to date on a yearly basis and regularly re-evaluated its continuity scenarios. In 2018, EURid conducted two Business Continuity exercises simulating major disasters, assessed and evaluated positively by an independent evaluator. In addition, seven Disaster and Recovery and Redundancy Tests were conducted, and demonstrated the robustness of EURid’s technical infrastructure.
7.International relations
During the reporting period, EURid continued to engage with the internet ecosystem, in particular through the following actions and activities:
–Participation in ICANN meetings through various committees and working groups including contributing to efforts to build capacity among smaller ccTLD registries in business continuity planning and disaster recovery;
–Cooperation with UNESCO, Verisign and the regional registry organisations for the yearly IDN World Report 24 , and supporting the UNESCO International Year of Indigenous Languages 2019;
–Continuation of the .eu Academy 25 through which representatives of other registries have received training on various registry matters;
–Support to EuroDIG (European Dialogue on Internet Governance) sessions and to the Balkan School on IG (Internet Governance);
–Participation in the 2017 Internet Governance Forum (IGF) 26 with a workshop on the environmental impact of ICT.
8.Environmental impact
In order to reduce the environmental impact of its activities, EURid became the first EMAS-certified 27 registry in Europe in 2012, completing recertification in 2018 for its headquarters in Belgium and its branches in Italy and the Czech Republic. EURid continued validating its CO2 emissions, purchasing certified CO2 credits for compensation, and supported the Uganda Borehole Project 28 . In 2019, EURid sponsored reforestation efforts in Monchique Portugal 29 , an area affected by devastating wildfires in the summer of 2018.
9.Conclusion
The .eu domain continues to function in an effective manner, facilitating access to the Digital Single Market, allowing Europeans to display their European identity online, and supporting multilingualism.
The increased focus on quality of service and security helped the .eu domain to maintain its market position during the period considered in the report. It also directly contributed to the EU objectives of increasing trust and security on the internet and in the Digital Single Market.
The .eu can become a model for other domain names in terms of building a trusted and secure domain name space. It will require sustained efforts to ensure the broad adoption of security measures such as DNSSEC, to tackle abusive registrations, and to ensure that illegal behaviours and abuse that are evident elsewhere in the DNS ecosystem do not gain a foothold in relation to .eu domain names. The solid financial situation of the .eu will allow these efforts to be sustained.
Based on its solid customer base, its strong relations with registrars and targeted actions towards under-served geographic markets and EU citizens living abroad, the .eu domain has the potential to strengthen further its position as the domain of choice of EU citizens and businesses.
(1) Domain Name System Security Extension.
(2) The actual launch of the .ευ string in Greek script took place on 14 November 2019, outside the scope of this report.
(3) Regulation (EC) No 1137/2008 of the European Parliament and of the Council of 22 October 2008.
(4) Regulations of the European Parliament and of the Council; No 1654/2005 of 10 October 2005; No 1255/2007 of 25 October 2007, No 560/2009 of 26 June 2009, and No 516/2015 of 26 March 2015.
(5) https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2017-2402460_en .
(6) https://ec.europa.eu/digital-single-market/en/news/new-rules-will-boost-eu-governance-and-extend-its-reach .
(7) CENTRstats Global TLD report Q1 2019, edition 27, https://www.centr.org/statistics-centr/quarterly-reports.html ..
(8) EURid et al, Middle East and Adjoining Countries DNS Marketplace Study, ICANN 2016 https://www.icann.org/news/announcement-2016-02-26-en .
(9) Oxford Information Labs et al, Latin American and Caribbean DNS Marketplace Study, 2017 https://www.icann.org/public-comments/lac-dns-marketplace-2016-09-22-en .
(10) https://eurid.eu/en/news/2017-registrar-satisfaction-survey-findings/ .
(11) Council of European National Top-Level Domain Registries, www.centr.org .
(12) IDNs are domain names with non-Latin characters.
(13) https://www.icann.org
(14) OJ C 384 I, 12.11.2019, p.1.
(15) The withdrawal date will be either the date of entry into force of the Withdrawal Agreement or, failing that, 1st February 2020 – unless the period provided for in Article 50(3) TEU is further extended. See European Council Decision (EU) 2019/1810 taken in agreement with the United Kingdom of 29 October 2019 extending the period under Article 50(3) TEU, OJ L 278, 30.10.2019, p.1.
(16) https://ec.europa.eu/info/sites/info/files/file_import/eu_domain_names_en_0.pdf
(17) https://eurid.eu/en/register-a-eu-domain/brexit-notice/ .
(18) Domain Name System Security Extension.
(19) According to .eu Regulation, EURid has the right to verify the validity of a registration, and the registration policy requires the registrant to keep personal data complete and accurate, and the email address functioning for communication with EURid.
(20) https://www.europol.europa.eu/newsroom/news/europol-enhances-cybercrime-and-internet-security-cooperation-signing-mou-eurid .
(21) https://www.europol.europa.eu/events/eurid-europol-cross-border-collaboration-in-fighting-cybercrime-workshop .
(22) Name servers are fundamental elements of the DNS, enabling the look-up of domains names by providing their IP addresses and location.
(23) International Organisation for Standards
(24) www.idnworldreport.eu .
(25) https://eurid.eu/en/about-us/initiatives/ .
(26) www.intgovforum.org .
(27) EU Eco-Management and Audit Scheme, registration number BE-VL-000016, https://eurid.eu/en/about-us/going-green/ .
(28) https://www.carbonfootprint.com/gs_ver_uganda_borehole.html
https://eurid.eu/en/news/eurid-supports-uganda-borehole-rehabilitation-project/
(29) https://www.youtube.com/watch?v=yh-rJQL1HYE .