Hi Elena and all, thanks for organizing this!

Me too, came in early

Greetings from the Office of the Ombuds… always nice to join these informative sessions. Hope everyone is staying healthy and safe.

Hi All.

hello everyone! may thanks to ICANN for organizing this event

Looks like we have the band back together

I was part of ICANN band long time ago, good to be back!

HI Charles!

Hi Elaine

Charles Shaban! Greetings!!!!

Chris long time :)

Hello everyone :) !!

Good afternoon from sunny London

yes

Hi Manal, and hi to all. Great to see old friends. Or "not see" old friends as the case may be.

Manal and Lori not that long for me, glad to see you too !

do others observe the grey rectangles on the text, as well?

yes @Peter ..

Yes

yes

yes, I assume the speaker has some chat windows or notifications open

Hey Marco! Everyone...

Since ICANN doesn’t deal with content regulation and the DSA seems to be all about content regulation, I am wondering why we are hearing about DSA at all

Great to reconnect @Lori and @Charles ..

+1 to Milton, except for consideration of service providers' liability?

Service Provider legal liability is not, to my knowledge, assessed by ICANN.

And for clarity, ICANN is not a regulator

+1 to Goran

Think, we did not do too bad in securing a directive back then which has lasted over 20 years despite rapid changes to Internet.

+1 to Nigel Hickson

And this law might have an impact on the possibility for ICANN to create policy

If it walks like a duck and quacks like a duck...

ICANN is not supposed to be a regulator, but of course it does regulate entry into registry and registrar market, terms and conditions of services, and dispute resolution.

Although I agree that much of this is beyond the mandate of ICANN, I truly appreciate this discussion if for no other reason than for education purposes.

see: the third ’S’ in SSR is for ‘safety’

Milton, we disagree on that.

You can get a masters degree in digital public policy from Georgia Tech Jeff ;-)

The DSA is included in the list of initiatives that are of relevance to the DNS and that we are discussing for information today, as DNS service providers are under scope

I keep getting black bars over the slides. - can we switch to the unreacted deck?

@Marco: this is NewIP in action …

ouch

Joking of course - but slightly annoying, even when I have seen this press before

@Milton - I haven't ruled that out :) But I am not sure I am smart enough for Georgia Tech :)

:D

Hello - best greetings from Brussels!

You are a clever and experienced guy, Jeff

And FYI, New IP has a new name “polymorphic networking” and that unfortunately is not a joke

Does the proposed new text clearly include registries and registrars as intermediaries?

Should be interesting to see those comments, Volker :)

@ New IP: Where it is now discussed?

it’s dead

maybe discussed in Beijing?

DSA Recital 27 says it applies to, among others, "domain name system (DNS) services, top–level domain name registries"

Marco, would you prefer polyamorous networking?

Great, thanks EU, you can restore The Donald to his Twitter account

Recitals 27 and 83 yes

An actual LOL - thanks Anriette!

Its Friday

:-)

Anriette LOL and I guess it depends on the venue where it is developed and the principles applied

@Anri, speaking in a strictly private capacity: Oi! :D

Friday indeed… :D

Very Friday

Almost 5 o’clock in my part of the world

interesting discussion of the changing scope of liability exemptions

Agree, Milton

Same here, 1h to curfew xD

yes !

Lol indeed

Still there

you need to click on the "pin" when sharing a screen

Here 6 PM on a weekend, but today full curfew since morning here, so good to do something beneficial!

In 1999 we were focusing on news groups; news and early web services; not much social media......

DNS is (correctly) classified as an intermediary exempt from liability.

??

@milton the whois information is on the black boxes ;)

LOL

Confidentiality ;-)

redacted due to GDPR

There will be a recording of this session available

And the recording will contain the same occlusion?

yep

but if you apply with a proper legal basis you can get them removed

Can the slides be shared afterwards, please?

I don't live in Europe. I don't expect I have the indicated access.

What’s the official definition of an SME at EU level ?

Define "small"? ISC is a small company whose open source products and DNS Root services are used by many users throughout the world. Are we small or large?

https://ec.europa.eu/growth/smes/sme-definition_en

That's could create a mess for DNSes that are only authoritative for their own domain name. There doesn't seem to be any definition on the number of domain names hosted.

thanks Nigel

@JMCC - yes ping me offline about that - we’re trying to get input back to the department

thank you for the SME definitions link Nigel

Of course, every TLD or second level is only authoritative for itself.

Fewer than 250 employees & annual turnover not exceeding EUR 50 million.

Will do, Michele

So we’re safe for now Marie :)

assuming 'or equivalent in local currency' is implied on those fin threshholds

Jothan - you’re still fine

Sure, it's an EU definition, Jothan.

very - and I hope there are lower qualificications than micro - if I go by balance sheet, with all of the additional policy costs I go negative balance ;)

this is the Dutch court of Bremen?

sanctions or fines of 6% of the providers's [▒▒▒]

lol

I thought the same, Peter

that was a good presentation, all kidding aside. will the slides be shared? The zoom presentation redacted portions of the screen unintentionally

is there case-law under Directive 2000/31 and national laws on whether registries and registrars fall under that Dieective?

@jorge you should ask this in the Q&A not chat

+1 Jothan

Good question, Jorge

One of the issues of Registries being required to do "take downs" is that Registries cant just take down the harmful content but can only take down ALL the content of the entire site.

@Jorge: Interesting question. I’m struggling to see how Registries would actually become liable based on registration activity. ISPs are nervous because they “carry” content - but a registry service does not.

Mention in the NIS directive also

Though Bremen might now be Dutch, I have difficulty seeing how a court desciciosn from another jurisdiction outside Norwegian jurisdiction could be enforced directly in the Norwegian jurisdiction

done 😉

For the record: last I looked NL was still a sovereign state

Brussels Ia Regulation + Lugano Convention

gracias, Irene!

It mentions HSPs but not resellers. Is there any coverage of resellers?

The sale chain is often registry - registrars - resellers - public.

Can a registry be considered a very large platform if its meets the financial/revenue requirements?

For this legislation to happen all member states and the parliament needs to agree.

interesting; ‘takedown’ obligations are easily conflicting with critical infrastructure provisions

In Norway, the supreme court has ruled several times that a registry shall not judge wether or not content is or could be illegal or not, that is the taks of the law enforcement and the courts to do.

@ John McC: it has long b been clear to me that resellers should be under contract with iCANN or otherwise accountable to the rules of their Registrars.

Christopher - they already are

accountable

not under contract

Thank you so much; that was very informative.

Yes, thank you for the presentation!

It is a very complex problem, Christopher and the EC hasn't the expertise to properly quantify it. Legislation without clear definitions is iffy.

Thanks for the presentation .. Very informative ..

@Michele, could you explain the accountability for resellers? I am uninformed. Thx

Thank you for this presentation!

Thanks all, for your patience

@Göran: unanimity principle is true for some laws, not here, so a qualified majority of Member States have to agree, plus the EP (also majority vote)

Mark - I’ll ping you somewhere else

Section 3.12 of the RAA makes registrars responsible for their resellers

@Mark There are approx. 2.5K gtld registrars. But only about 600 retail registrars. Some of these registrars have resellers. There can be hundreds of thousands of resellers just in gTLDs alone. Some cctld registrars are resellers for gTLDs rather than accredited gTLD registrars and vice versa.

@marksv under 3.12 ot the RAA Resellers are under the same requirements of the registrar which they work through, That, PLUS whatever the registrar may add as T&C or AUP to suit regional or other policy regimes, per registry contract requirments, etc.

to be clear, we are talking about resellers in gTLDs that are under ICANN mandate, not ccTLDs nor legacy gTLDs not under ICANN purview

Thanks for making my point live…

Thanks, all for clarifying the accountability of resellers

@Jothan it gets really interesting when registrars have their own almost independent reseller operations.

Some of the large operators can have a hundred or so different brands.

There are cross-jurisdictional nuances where reseller is in different country or region covered

also, "I am not an attorney"

but I know a few really good ones

On expected timeline of adoption for DSA: the negotiations have just started, but both Commission, Council and EP share a sense of urgency - France wants to finalise negotiations under their Presidency (2022)...

But short answer is: hard to say :)

@Irene : clearly ambitious ;-)

Passports of vaccines on mobiles - who can supervise cybersecurity standards for all these mobile applications? Especially for non-EU countries?

Thank you @Irene

Iren

Good question Oksana, they probably have no idea how to answer it

I am starting to see why projects are decentralizing

Many of us feel your pain Christian!

@Milton, thanks for your confidence in the EC ;-)

Well, territorial jurisidiction and global internet don’t match, seems authorities around the world keep bumping up against this

Redacted slides again.

Big grey rectangle on. My side

needs to go into presentation mode

^^

^^

Blacked out rectangles getting bigger!

I started to sigh relief about the scale of a business / SME providing some relief to registrars to have a chance to open back up .... until bill's presentation - it sounds like the SME definitions and exceptions on scale are irellevant

ist the presenters view

at least this way the black boxes do not block the slides

A bit better but it’s the wrong presenter view

That's better.

3 dots menu - close notes for the presenter, than its real fullcreen

if negotiations are finalized in 2022 then transposition deadline will be in 2024 or 2025, depending on actual 2022 date? what are the chances that member states would transpose faster than 18 months?

zero

if the infringement proceedings regarding the EECC are any indication, Becky, not exachtly high

Ireland usually misses the deadline

and the kids are at the cat videos on YouTube again...

yikes. rectangle proliferation

He needs a better router with QOS rules

Obviously we should ditch Zoom and switch over to Microsoft Teams

agree

No, its low quality mic. :)

DNS4EU … the new monster of Loch Ness

Paid advertisement, Mark?

At your service, Milton!

the screens would be blue and not black ;)

lol

the error messages would be more cryptic

@kristoff didn’t Quad9 already solve that by moving in this direction?

I dunno. I tried to use Teams for a talk in Pakistan from California, and it was a disaster. The fix was to use zoom.

there so now its less an advert. MS = member states again

Question to Christian: Any plans for an initiative on LAWS?

laws?

Lethal Autonomous Weapon Systems

Thanks Wolfgang

yep

2 rectangles

Just to quantify that DNS issue with single domain hosters. There were 879,165 hosters (dns grouped by domain name) in .COM in Jan 2021. Of these, 525,995 were single domain name hosters.

interesting, thanks John

Thanks indeed

And how many individual authoritative servers were involved in serving those domains?

525,995

I wouldn’t mutiply by two

since I’m seeing so many running two NS off one IP

but John probably knows

Those are hosters (dns grouped by domain name of hoster). Yep. Some control panels automatically set up DNS and single IP DNS is not unusual. At least one major HSP does this.

Is there any search tool for comments and answers in Zoom?

Is there a way to change the ironic redaction settings in zoom?

Anycast nodes.

Because all this setup is automated, the registrant may not even have a clue that they have a DNS associated with their domain name.

JMCC - yes

most of them don’t know what it is or why it matters

@jmcc yes and ... enter things like handshake that completely decentralize DNS

Or care, Michele. The only thing that matters is that it works.

"Autonomous" root servers isn't necessary unless there is a desire to alter the contents of the zone. I hope that isn't the case.

The silly eu root servers idea again…

@Jothan it is hard enough to track the zones as it is. :)

there are root servers in the EU - yes

They really don’t understand

I really don’t want the EU operating them

the question is what problem is this the solution for?

+1 Peter Koch:-)

Peter- it’s a solution looking for a problem

Yep, 15 years ago I discussed this with the commission as well.

EU funding - hm - tempting. :)

Did China do this well?

Europe is immensely provisioned for resolution service, so what is the issue?

Ashley - US big tech?

beyond that I don’t know

(bogeyman I assume)

Measures of market concentration asserted are completely wrong. We (IGP, Ga Tech) would be happy to point you to some research about that

@ashkey. Yes, that has always been my argument,

Getting a .EU ccTLD vibe about this and not in a good way.

@JMCC - you saw my blog post? :)

The EC's wonderful bidding process? :)

yes

so sad there are no venues for good practices for the DNS

Strange that they missed the whole Brexit thing. :)

at least some Chinesescholar understand it is not necessary and try to keep a distance with the idea of running a separate Chinanet

I haven't heard the term "ICANN" used when talking about DNS standards. Is that for a reason?

a reason?

Jeff - wouldn’t they be coming from IETF?

Delusions of digital sovereignty from the EU

that depends on your definition of ‘standard’

(you did say standard)

How much support the technical community needs from the EU

None?

@Michele - IETF develops technical standards, but I would argue the policy standards are not within the IETF

So within the IETF they developed the standard for DNSSEC. The promotion and adoption of DNSSEC is not within the scope of IETF (in my opinion)

Agree, Jeff

Is someone going to mention WHOIS accuracy to the EU and the related problems?

Jeff - ccTLDs are not bound by ICANN

Absolutely right, Michele

@Michele - I didn't hear that any of this was limited to ccTLDs.....but perhaps I missed it

When the EU talks it’s looking at member states and ccTLDs - not ignoring gTLDs

if you count .eu as a ccTLD, I could see the EC proclaiming THAT one in scope

@Michele - I believe it also looking at gTLDs that operate within the EU

Your belief is correct Jeff

@Jeff It is a gateway TLD rather than a ccTLD. People go there before being redirected elsewhere.

anyone here been involved in these ‘studies’?

And I believe that these stats now on registries and registrars is likely with gTLDs

This is a serious question: Who determines if the information is "accurate?" The person who provided it?

And there's the Catch 22, Ashley. :)

precisely.

There are still EU Member States without at least a single copy of the root server located in the territory and network infrastructure of the country. The local government has no competence to address this issue. Yes, it is a security issue. What do you suggest as a solution?https://root-servers.org/

@Peter also a Loch Ness monster story I guess

,Who determines if information is accurate in any "know your customer" law?

If they are responding regarding something registered with them, I would expect them to give the information associated with the registration. If that information is no longer accurate, I don't see how they can assure that.

Do we have a frame of reference for what would constitute "undue delay"?

Plus as we all know, things that apply within the EU (or conversely within the US) have a funny way of making it into treaties and trade agreements.....

Mark - is that the case for this directive? I'm not sure that is the case.

@Peter I compile stats and have never heard of these people. They don't seem to be able to quantify the problems that they want to solve.

Ashley - it feels like a de facto KYC regulation.

Which is why I suggest using 3rd party identity providers

This feels a bit like we're being legislated into a scylla and Charybdis situation on untangling the redaction conseqeunces

Accuracy under GDPR is defined in relation to the purposes for which it is processed, so arguably if data is processed for a purpose of facilitating communication to a domain registrant, then the registrant’s provision of a non-functional email address would not be sufficient, etc.

Even if that was intentional by the data subject

Accuracy in the GDPR is a sole right of the data subject, which is not the scope here

Can you provide a source for that?

@Peter Koch: Agree with you

NIS2D is not GDPR. It is addition to GDPR. Accuracy requirements in NIS2D are separate from GDPR and do not conflict with GDPR.

Will the Q&A be publsihed as well, for as far as these questions were answered via correspondence?

Why can’t you do that via ICANN?

EU is represented in GAC, and Europeans are active in all stakeholder groups, SOs and ACs

@Milton The domain market is already balkanizing. The ccTLDS are outstripping sales of gTLDS in their country level markets.

That’s incorrect @John. a larger market share for ccTLDs has nothing to do with “balkanizing” DNS

@Peter: GDPR Art. 5 2: The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).And paragraph 1 says "Personal data shall be: (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);"

ccTLD reg volume as a % in country markets overtook gTLD reg volume in many countries since 2008.

The root is still uniform and the root zone the same

@Milton The domain name market rather than DNS.

I find that is a huge difference in having a (potential)obligation to _identify_ the registrant/Customer versus receive/secure “accurate” registration data about the said registrant/customer

We are not talking about DNS market share, it’s totally irrelevant to the issue of governing security and operations of the global DNS

why just DNS-RELATED WHOIS data? Isn't IP data equally important?

They seem to have completely bypassed addressing and routing.

@Milton it is ccTLD markets versus gTLD markets. The gTLDs have been overtaken in EU by ccTLD reg volume/sales. The balkanization aspect applies to how markets are splitting and moving away from gTLDs as their primary domain names.

Answer about max fines not applying to Art 23 does not answer the question about whether there are ANY fines.

Answer about max fines does not explain how one can avoid a fine if there is noncompliance in spite of best efforts and swift mitigation once noncompliance is detected.

John, again, it is nonsensical to refer to shifting market shares as “balkanization” or fragmentation. The market is globally integrated, even if the shares of different providers change

John, you and Milton are having a pedantic debate about the word "balkanization". Just replace that word and you can discuss the topic more clearly.

If the customer willingly provides false information who is responsible in terms of the accuracy requirement?

Thank you for the clear and unambiguous statement regarding the protection of personal data contained in legal person data.

hello from the Balkans ;)

@Milton When a market shifts,, the number of single registration domain name rises in a ccTLD. The registrants don't bother registering domain names in other TLDs (gTLDs) as they did historically.

:)

what you don’t seem to understand is that the only reason people can make a market choice between ccTLDs and gTLDs is that the root zone is integrated and either domain name will work globally. Do you understand that now?

In earlier times, that was easy. You registered in you local ccTLD and .com or some of the others. Now it is too many gTLDs to cover everything.

I am talking about the global governance structure for the entire DNS. I care nothing about who has what market share

I'm talking about markets and not DNS.

indeed. which is irrelevant to the issues we are discussing here

It is quite relevant because the markets dictate registration patterns and in the EU, the trend has been towards ccTLDs and away from gTLDs for some time now.

do you need a globally accepted root or not?

Yes.

Case closed. Whether 4% of users shift from gTLDs to ccTLDs is not an important issue in NIS2 or anywhere really

Some gTLDs are flatlining in EU markets. Some of the largest ccTLDs are EU ccTLDs. The .COM was the main TLD in some of these markets until the ccTLDs took over. It is very important when the EU has to deal with a multitude of registries than just ICANN. Many of those registries are within EU jurisdiction.

Is there a reliable resources on ccTLD registration trends in the last 3-5 years and in comparison to gTLDs?

Craig - JMCC would probably have that data

I also put the historical %s from the Versign/ccTLD markets in the Domnomics book in the Domain Tasting chapter. Should be in the free pages.

Interesting answer re whether registrars are essential providers. The answer focused on whether the registrar is also a DNS provider. In other words, their function as a DNS provider is primary and their function as a registrar is not considered. Conversely, in the ICANN contractual and governance framework, registrars have a primary role and DNS providers are not part of either the contractual or governance framework.

Steve, I noticed that too. Disappointing...

@Steve, the answer is problematic as the DNS aspects of a registrar are not mandatory and not offering these would be a convenient way to avoid the obligations!

Some of the larger DNS providers are actually registrars now. (Cloudflare being a good example.) The line is getting a bit blurred.

Is it possible to invite you to participate in national IGF and especially Youth IGF in non-EU countries?

I think we'll now see registrars spinning off their associated DNS offerings

Thank you all

Thx to the Commission for this session

Thank you to the speakers and presenters, and Elena's moderation. Appreciate all the information , and to the commission for this session.

Thanks to ICANN/Elena for setting up this excahnge

@Jothan More takeovers and mergers more likely.

Thanks Elena!

Thank you all — and especially to Elena/ICANN for organising this

You too Olivier and other EC folks.

Thanks all, this was very helpful and informative!

Alarming but informative...

Thanks for this informative session

Thanks Elena/ICANN/EC. It was interesting if a little unsettling.

Thank you, Elena and ICANN for organising this webinar!

Very informative and helpful. Thank you for taking time to present this to us.

Thanks to ICANN Isabel De Avila Managing Director .CO

Thanks a lot, it was really interesting!

Interesting, thanks

Thank you EU COM and ICANN/Elena for this useful briefing!

Good session. Very useful

Yes, very interesting and a lot to unpack

https://features.icann.org/event/icann-organization/nordic-region-workshop-icann-and-its-technical-mission

Very helpful Thanks

Thanks!

thanks!

thanks!

Thanks to everyone for your respectful and professional participation

thank you, very informative!