Annexes to COM(2020)775 - Assessment of cooperation of the .eu Registry operator with EUIPO with a view of combating abusive and speculative domain name registrations, pursuant Art. 16 of Reg. 2019/517

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2020)775 - Assessment of cooperation of the .eu Registry operator with EUIPO with a view of combating abusive and speculative domain ...
document COM(2020)775 EN
date December  2, 2020
agreement. 12 Two new functionalities were made available to EUTM holders:

·an availability check for the corresponding domain name when they file with EUTM;

·a notification (alert) when a domain name corresponding to an EUTM is registered.

Availability check

Added to the EUTM e-filing tool, this function directly informs users – as soon as they complete their trademark filing – whether their trademark is available as a .eu domain name. This way, they can choose immediately to register the domain name before their EUTM application is published.

Alerts

EUTM holders also have the option to receive an alert when a .eu domain name identical to their trademark is registered – but only if they expressly opt in. The system is based on the daily sending by EUIPO of an up-to-date list of EUTM applications to EURid through the EUIPO-download service 13 . Each new .eu domain name registration is checked by EURid against this list, and if a match occurs, EUIPO is notified and users receive an alert through their EUIPO User Area.

3.3 Planned activities 2020-22

Under their joint work programme for 2020-22 14 , EUIPO and EURid will explore the possibility of implementing a reciprocal process when a .eu domain name is registered, allowing domain name holders to see if a trademark with a similar name is available at EUIPO.

Additionally, both organisations will work on a joint study on application behaviour, to see whether trademarks or domain names are registered first. The study will help them tackle fraudulent domain names and registrations made in bad faith.

Work will also begin on a feasibility study to create a tool to inform users of the availability of the terms they are searching for both as a trademark and a domain name. EUIPO and EURid will also explore the possibility of extending the current availability check based on “identical search” 15 to “similar search”, to find possible matches in the EURid database after an online EUTM application has been filed.

The work programme also contains a link to the EUIPO SME programme, which will include initiatives such as:

·a chatbot providing information on business issues useful to SMEs, starting with intellectual property matters;

·discovery guides providing support and guidance to SMEs wanting to register an EUTM, and flagging the importance of domain names;

·webinars aimed at SMEs and multiplier organisations.

3.4 Assessment of the EURid-EUIPO cooperation, and recommendations for improvements

EURid and EUIPO have achieved a fruitful cooperation in combatting speculative and abusive registrations of domain names, including cybersquatting, and future action planned by the two organisations is expected to help further reduce speculative and abusive registrations and improve support to SMEs.

In the next stage of their cooperation, the two organisations should seek to simplify the procedure for the .eu domain name and EUTM registration and foster awareness of the link between domain names and trademarks. Any tool or measure they propose should be simple, user-friendly, accessible and effective for SMEs.

Specifically, they could make the following improvements:

·More awareness-raising and knowledge-building activities, to make rightsholders and .eu domain name holders aware of the existing measures and tools and increase their use. Examples include training courses and webinars, especially targeting SMEs. It will be important to gather feedback from SMEs, to understand their needs and improve awareness-raising activities.

·Provide more information to users when they file an EUTM application. For example, along with the final receipt and official record of the application, EUIPO could supply applicants with documents containing more information on .eu domain names and ways to protect IPR.

·Improve existing tools:

oFull deployment of the availability check and alert functionalities will require further technical improvements. These functions offer a simple and effective way for rightsholders, including SMEs, to reserve the domain names matching their trademarks or act on abusive/speculative registrations.

oGeneralise the use of the alert system. The statistics provided by EURid and EUIPO show that there is an important gap between the number of matches found between EUTM and .eu domain name registrations and the number of alerts sent to EUTM holders. There is a need to raise the level of awareness of this functionality and increase its use.

oInvestigate the possibilities to extend existing tools on availability check and alert functionalities to cover geographical indications.


·Develop new tools to facilitate the simultaneous registration of EUTM and .eu domain names:

oDevelop a joint search tool that enables users to check whether terms are available both as an EUTM and a .eu domain name.

oAssess the possibility of EUIPO becoming a .eu accredited registrar and integrating the .eu domain name registration with EUTM applications. This would offer rightsholders the possibility of one-stop registration.


The Commission will follow up on these recommendations with EURid and EUIPO and closely follow how their cooperation develops and how effective the measures they take to combat speculative and abusive registrations are. In doing so, it will pay particular attention to the measures adopted for SMEs.

4.Cooperation with other Union bodies and national or international organisations 

4.1 Cooperation with Europol

EURid and Europol have in place a memorandum of understanding 16 , signed in 2016. Under this agreement, they are exchanging information on suspicious .eu domain names, including domains identified by EURid’s Abuse Prevention and Early Warning System (APEWS) 17 .

Cooperation between EURid and Europol could be further strengthened, starting with formalising these arrangements. This would include:

·formalising the scope and the commitments of each party;

·identifying contact points and communication channels on both sides;

·describing the actions each party must take when a suspicious domain name is identified;

·determining follow-up and reporting mechanisms.

The two organisations could also carry out joint awareness-raising and knowledge-building activities to inform the general public and train cybersecurity experts and law enforcement officers on cybercrime threats linked to speculative and abusive domain name registrations, and available counter-measures. Specifically, they could develop intellectual property-related case studies to educate rightsholders and their representatives, with a focus on SMEs.

4.2 Collaboration with other bodies

EURid collaborates with international and European authorities and organisations to prevent online illegal activities. These include, among others:

·Belgian Customs (against counterfeit websites);

·Belgian Prosecutors and law enforcement agencies (against cybercrime);

·Association for Safe Online Pharmacy;

·International Anti-Counterfeiting Coalition 18 ;

·eCommerce Foundation (against fake e-shops);

·Anti-Phishing Working Group;

·Belgian Computer Emergency Response Team.

National registered trademarks are protected under the .eu regulatory framework to the same extent as EUTMs. However, no structured collaboration of the .eu Registry with Member States’ trademark offices exists. This degree of collaboration could be established, possibly through the European Union Intellectual Property Network (EUIPN) set up by the EUIPO 19 . EURid collaboration with EUIPO could also be extended to Member States’ trademark offices, by offering the availability check and/or alert functionalities to their users as well.

Currently, holders of IPR other than trademarks (e.g. geographical indications and designations of origin, trade names, business identifiers and company names) only have access to curative measures in case of abusive .eu registration. To improve this situation, the .eu Registry could establish further collaboration with relevant bodies and agencies. This could include carrying out checks in their IPR databases 20 . Where the Registry would find names that are identical or similar to .eu domain names, it could then either notify the rightsholders (so they can take action) or take action directly itself (ex officio). In practice, this would mean extending the alert functionality to those IPR as well. Concerning trade names, business identifiers and company names, a study could be launched to assess the usefulness of setting up a collaboration with the EU network of business registries.

Extending the scope of collaboration with authorities and organisations in charge of other IPRs beyond EUTM could be particularly beneficial for SMEs.

5.Small and medium-sized enterprises

All aspects analysed in this report provide for a specific angle focusing on small and medium sized enterprises.

In addition, this section focuses on aspects related to .eu registration procedures for SMEs and the remedies at their disposal – especially Alternative Dispute Resolution – to tackle abusive/speculative domain name registrations.

5.1 Registration procedure

Overall, the .eu registration procedure is quite simple and straightforward. However, considering the importance of preventive measures to tackle speculative and abusive registrations, it could be improved for SMEs, in particular by:

·Implementing services allowing IPR holders to preventively block infringing domain name registrations, as other industry players already do 21 . Such services help rightsholders to protect their prior rights and protect their brands from typosquatting 22 ;


·Extending the use of predictive algorithms to prevent speculative and abusive registrations in addition to malicious registrations 23 , as is currently the case;


·Raising rightsholders’ awareness about existing similarity search tools, such as the .be WHOIS lookup, so they can search for similar domain names that could potentially infringe their rights;


·Making information readily accessible to users on how to report different types of misuse 24 .


5.2 Alternative dispute resolution

Since the internet has global reach and resolving cross-border domain disputes through court proceedings is costly and time-consuming, extrajudicial (alternative) dispute resolution mechanisms to resolve such disputes are internationally recognised as effective curative measures against speculative and abusive registrations.

Alternative resolution for .eu disputes 25 is governed by specific rules 26 and has been provided by an independent provider, the Czech Arbitration Court (CAC), since 2006. The service is also provided by the World Intellectual Property Organization (WIPO), since 2017. The .eu resolution procedure lasts approximately 3 months.

Overall, alternative dispute resolution for .eu works as intended 27 – but some changes could be implemented to make it simpler, more accessible and affordable for SMEs. For example:

·Making available an online dispute management portal to enable parties to handle the entirety of the .eu disputes online (currently not all .eu resolution providers make it available);


·Shortening the procedure (where possible), in line with the Uniform Domain Name Dispute Resolution Procedure (UDRP);


·Keeping the filing fees for initiating a .eu resolution affordable for SMEs;


·Introducing a ‘loser pays’ mechanism to deter speculative/abusive registrations and enable the prevailing party to recover the cost of initiating the .eu procedure;


·Providing for expedited procedures such as the suspension of domain names by the Registry in clear typosquatting cases or procedures similar to the Uniform Rapid Suspension system (URS) 28 ;


·Making preliminary procedures available, before the dispute over the domain name is officially initiated. 29  

6.Conclusions

Overall, the cooperation between the .eu Registry and EUIPO on combating abusive and speculative registrations of domain names is satisfactory. This report suggests further improvements concerning:

·The cooperation between EURid and EUIPO, in particular by improving awareness-raising and knowledge-building activities and by improving existing tools and developing new tools to facilitate the simultaneous registration of EUTM and .eu domain names;


·The collaboration with other entities: existing collaboration such as the one with Europol could be strengthened; new collaborations could be introduced, for example with national trademarks offices;


·The measures in place for SMEs, in particular by further improving the registration and alternative dispute resolution procedures.


All the recommendations for improvement presented in this report could be achieved by a mix of:

·implementing existing measures;

·implementing new cooperation measures between EURid and EUIPO and other Union bodies, authorities and organisations at national or international level;

·and updating EURid procedures.

They do not require further legislative measures, rather concrete implementation and follow-up. Some of these measures could be introduced in the service concession contract between the .eu Registry and the Commission (to be applied once Regulation (EU) 2019/517 is in application).

The Commission will follow up with the .eu Registry and EUIPO on the proposed improvements, with particular attention to the simplification measures for SMEs, and will report to the European Parliament and the Council on the progress achieved as part of the regular reporting on the functioning of the .eu domain name.


(1)

   EURid’s quarterly report (Q2 2020): https://eurid.eu/media/filer_public/43/77/43778dd5-5afa-42ce-8213-0c8d661ec26f/quarterly_q22020.pdf

(2)

  Regulation (EU) 2019/517 on the implementation and functioning of the .eu top-level domain name and
repealing Regulation (EC) No 733/2002 and repealing Commission Regulation (EC) No 874/2004 (OJ L 91,
29.3.2019, p.25).

(3)

     See Article 5 of Regulation (EC) No 874/2004 and Article 11 of Regulation (EU) 2019/517.

(4)

     See Article 21 of Regulation (EC) No 874/2004 and Article 4 of Regulation (EU) 2019/517.

(5)

   See Article 10(1) of Regulation (EC) No 874/2004.

(6)

   See Recital 7 of Regulation (EU) 2019/517.

(7)

   See Article 16(2) of Regulation (EU) 2019/517.

(8)

   See Article 16(4) of Regulation (EU) 2019/517.

(9)

   The study can be found here: https://dx.publications.europa.eu/10.2759/428574

(10)

   The latest public report from EURid is available here: https://eurid.eu/en/news/2019-annual-report/ . The Commission also issued a report to the European Parliament on the implementation, functioning and effectiveness of the .eu Top-Level Domain from April 2017 to April 2019, accessible at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM%3A2020%3A0063%3AFIN  

(11)

    https://eurid.eu/en/news/eurid-and-the-euipo-sign-letter-of-collaboration/  

(12)

      https://euipo.europa.eu/ohimportal/en/news/-/action/view/5140548

(13)

     The EUIPO-Download service consists of a database that can be downloaded from EUIPO’s server and integrated in the user’s internal systems. It contains data on all EUTMs, Resource Cataloguing and Distribution System (RCDs) and International Registrations (IRs) entered into the EUIPO internal database.

(14)

      https://euipo.europa.eu/ohimportal/en/web/guest/news/-/action/view/5772664

(15)

The results returned to users are those based on an almost exact match in EURid’s database, with only slight variations (such as hyphens and numbers).

(16)

      https://www.europol.europa.eu/newsroom/news/europol-enhances-cybercrime-and-internet-security-cooperation-signing-mou-eurid  

(17)

     The Abuse Prevention and Early Warning System (APEWS) is a machine-learning tool developed by EURid in collaboration with the University of Leuven, which verifies all newly registered .eu domains to detect and prevent the delegation of malicious domains (i.e. phishing, spamming, distribution of malware, botnet command and control).

(18)

      https://eurid.eu/en/news/eurid-and-iacc-team-up-to-fight-cybercrime/

(19)

    https://euipo.europa.eu/ohimportal/en/european-cooperation

(20)

     Such as the Commission’s EU Geographical Indications register - eAmbrosia  https://ec.europa.eu/info/food-farming-fisheries/food-safety-and-quality/certification/quality-labels/geographical-indications-register/

(21)

     Currently on the gTLD market there are several domain blocking services such as Donut’s Domain Protected Marks List (DPML) , Trademark Clearinghouse’s TMCH TREx , Uniregistry’s Uni EPS , ICM Registry’s AdultBlock , .club Registry’s .club Trademark Sentry .

(22)

Typosquatting is a form of cybersquatting that relies on mistakes such as typos made by internet users when entering a website address into a web browser. The typosquatted domain name consists of a common, obvious, or intentional misspelling of a trademark (e.g., adjacent keyboard letters, substitution of characters that look similar, inversion of letters and numbers, the addition or interspersion of other terms or numbers).

(23)

     I.e. phishing, spamming, distribution of malware, Botnet command and control.

(24)

     Such as in the .be, .dk domain names.

(25)

     See Article 22(1)(a) of Commission Regulation (EC) No 874/2004.

(26)

      https://eurid.eu/d/7770495/EN_ADR_English_rules.pdf

(27)

For more information on the .eu ADR, please consult section 10.2 of the external study: https://dx.publications.europa.eu/10.2759/428574  

(28)

      URS is a rights protection mechanism launched by ICANN in 2013 with the introduction of the new gTLDs. URS is a low cost, quick procedure for rightsholders experiencing clear-cut cases of trademark infringement caused by domain name registrations. It leads to the temporary take-down (suspension) of the domain name until it expires. At the end of the registration period, the domain name is cancelled by the registry operator.

(29)

     For example, filing opposition to a domain name registration with the .eu Registry (post-delegation), to lock the domain name (such as in the .it domain name).