DNS services under the scope of European Commission cybersecurity proposals

Recent cybersecurity-related proposals from the European Commission contain provisions related to the Domain Name System (DNS). In the Cybersecurity Strategy for the EU, the Commission has envisioned the development of a ‘contingency plan for dealing with extreme scenarios affecting the integrity and availability of the global DNS root system’. It also plans to assess the role of DNS root server operators in guaranteeing that the Internet remains globally accessible in all circumstances, as well as to support the development of a public European DNS resolver service (to offer an alternative, European service for accessing the global Internet). Also mentioned in the strategy is a plan to accelerate the uptake of key Internet standards such as Internet Protocol version 6 (IPv6) and Internet security standards and good practices for DNS, routing and email security. The Commission has also proposed a new cybersecurity directive (to replace the network and information security directive (NIS directive), which will be applicable to ‘all providers of DNS services along the DNS resolution chain, including operators of root name servers, top-level-domain (TLD) name servers, authoritative name servers for domain names and recursive resolvers’. In addition, the proposed directive contains provisions on databases of domain names and registration data: member states are required to ensure that TLD registries and registrars collect and maintain accurate and complete domain name registration data, while respecting data protection law, and that they provide access to specific domain name registration data upon lawful and duly justified requests of legitimate access seekers.