ICANN78 Day Zero Workshop:
NIS2 Directive – Impact on the DNS Industry
20 October 2023
Hall Y 5-8: ALAC (Level 2)
ICANN78 Day Zero Workshop: NIS2 Directive – Impact on the DNS Industry
eco – Association of the Internet Industry
invites you on Friday, 20 October for a Day Zero Workshop at ICANN78 in Hamburg to discuss the legislation that impacts the domain name industry in the European Union followed by an informal reception.
Please note, space is limited and registration is required.
A separate registration for the ICANN78 meeting is required to attend.
We look forward to welcoming you!
The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to increase the overall level of cybersecurity in the EU.
The EU cybersecurity legislation, which was introduced in 2016, was updated by the NIS2 Directive, which came into force in 2023. It modernized the existing legal framework to keep pace with increasing digitization and the evolving cybersecurity threat landscape. Extending the scope of cybersecurity rules to new sectors and entities will further improve the resilience and responsiveness of public and private entities, competent authorities and the EU as a whole.
In addition to its impact on the cybersecurity sector, the NIS2 Directive has implications for domain name registrations in the European Union. Article 28 of NIS2 contains requirements for domain name registrations, in particular registration data.
What makes NIS2 a challenge for the domain industry is its directive nature. A directive is a piece of legislation that sets a goal that all EU countries must achieve. However, it is up to the individual countries to develop their own laws on how to achieve these goals. This could potentially result in 27 different procedures for validating domain name registration data. Given that the domain name industry is a global ecosystem of domain name registries, registrars, resellers, etc. interacting with each other, validation procedures should follow proven industry best practices. The implementation of NIS2 by individual member states of the European Union should avoid the definition of 27 different processes.
The clock is ticking. The updated NIS2 Directive entered into force on January 16, 2023. Member States now have until October 17, 2024 to adopt new legislation to comply with NIS2. Businesses need to consider how the extended new regime will affect them, as it will take time to put compliant structures in place, and they will need to consider NIS2 jurisdictional rules in their compliance plans, contracts and relationships with third parties they rely on to protect their assets.
AGENDA
- 9:00am CET
- Registration & Coffee
- 10:00am CET
-
Welcome to Part I, Introduction & Methodology
Thomas Rickert
Director Names & Numbers, eco – Association of the Internet Industry
- 10:10am CET
-
Introduction to NIS2 and Art. 28 – Requirements & Expectations
National legislative bodies are already working on draft legislation to implement the NIS2 Directive in their respective countries. What are the objectives and intentions of Art. 28 and how much guidance can the European Commission provide to national legislators? This session will provide an overview of the requirements of the NIS2 Directive with a focus on Art. 28 and its expectations.
Gemma Carolillo
Deputy Head of Unit, Next Generation Internet, European Commission, DG CNECTJuuso Järviniemi
Policy Officer, Cybersecurity & Digital Privacy Policy, European Commission, DG CNECT
- 10:40am CET
-
Report from the NIS Cooperation Group
As NIS2 is a Directive, it is up to individual countries to enact their own legislation to achieve its objectives, including Art. 28. This could potentially result in 27 different procedures for validating domain name registration data. The NIS Cooperation Group is discussing the various national approaches and proposals. This session will provide an update on the status of the group's work, including the two task forces working on validation and legitimate access.
Finn Petersen
Director of International ICT Relations, Division for Digital Regulation and Supervision
- 11:00am CET
-
National level deliberations on Art. 28
NIS2 must now be transposed into national law by national legislators by 17 October 2024 and will apply from 18 October 2024. As a result, proposals for national legislation are already in the pipeline. This session will analyse and discuss selected draft proposals from different EU Member States in order to understand the national legislative processes and implementing legislation.
Dirk Jumpertz
Security Officer, EURidSophie Kreizer
Ministry of Economic Affairs and Climate Policy, NetherlandsJaromír Talíř
Technical Fellow, CZ.NICPeter Vergote
Legal & Corp. Affairs Manager, DNS Belgium
-
Morning summary
Thomas Rickert
Director Names & Numbers, eco – Association of the Internet Industry
- 12:00pm CET
- Lunch break
- 13:00pm CET
-
Welcome to Part II
Thomas Rickert
Director Names & Numbers, eco – Association of the Internet Industry
- 13:10pm CET
-
Multistakeholder Organizations
The language of NIS2 refers to multi-stakeholder organisations. In this session we will discuss the interplay between national/regional legislation and the global multistakeholder model, including ICANN, where community policies are already in place.
Elena Plexida
Vice President, Government and IGO Engagement, ICANN
- 13:30pm CET
-
The role of Registration Data in the fight against DNS Abuse
Recital 110 states that “The availability and timely accessibility of domain name registration data to legitimate access seekers is essential for the prevention and combating of DNS abuse, and for the prevention and detection of and response to incidents.” How effective is the use of domain name registration data in combating DNS abuse? What other complementary measures are there?
Brian Cimbolic
Vice President, General Counsel, Public Interest Registry (.ORG)Volker Greimann
General Counsel, Head of Legal and Policy CentralNic GroupSteinar Grøtterød
Director of Policy & Compliance, iQ Global ASChris Lewis-Evans
Director of Governmental Engagement and Internet Abuse Mitigation, CleanDNSNick Wenban-Smith
General Counsel, Nominet UK
- 14:30pm CET
-
Operational & Implementation Challenges I
TLD name registries and the entities providing domain name registration services will be required to have policies and procedures in place, including verification procedures, to ensure that databases contain accurate and complete information, to make domain name registration data that is not personal data publicly available, etc.
What are the best practices and challenges in implementing and operating the required policies and procedures and what are the implications at the national, EU and global levels? Will EU-based companies be at a commercial disadvantage in the future? These and other questions will be discussed in this session.
Beth Bacon
Senior Director, Policy and Privacy, Public Interest Registry (.ORG) / Vice Chair, RySGSamantha Demetriou
Senior Director - Policy, Verisign / Chair, RySG
- 15:00pm CET
- Coffee break
- 15:30pm CET
-
Operational & Implementation Challenges II & Discussion
Continuation of the session.
Ashley Heineman
Director, Global Policy, GoDaddy / Chair, RrSGPolina Malaja
Policy Director, CENTRNeal McPherson
Head of Product Management Domains, IONOS
- 17:00pm CET
-
Afternoon summary, Stocktaking & Workshop wrap-up
Thomas Rickert
Director Names & Numbers, eco – Association of the Internet Industry
- 17:30pm CET
- End of Workshop & Reception (Drinks & Bites)
SPEAKER
Senior Director, Policy and Privacy, Public Interest Registry (.ORG)
Deputy Head of Unit, Next Generation Internet, European Commission, DG CNECT
Vice President, General Counsel, Public Interest Registry (.ORG)
Senior Director - Policy, Verisign
Director of Governmental Engagement and Internet Abuse Mitigation, CleanDNS
General Counsel, Head of Legal and Policy, CentralNic Group
Director of Policy & Compliance, iQ Global AS
Director, Global Policy, GoDaddy
Policy Officer, Cybersecurity & Digital Privacy Policy, European Commission, DG CNECT
Security Officer, EURid
Policy Director, CENTR
Head of Product Management Domains, IONOS
Netherlands
Director of International ICT Relations, Division for Digital Regulation and Supervision
Vice President, Government and IGO Engagement, ICANN
Director Names & Numbers, eco – Association of the Internet Industry
Technical Fellow, CZ.NIC
Legal & Corp. Affairs Manager, DNS Belgium
General Counsel, Nominet UK