The Internet Corporation for Assigned Names and Numbers (ICANN) announced today that on 18 March 2021, the ICANN org submitted feedback to the public consultation on the proposal to revise the existing European Union Directive on Security of Network and Information Systems (NIS Directive).
The proposed Directive on measures for high common level of cybersecurity across the Union (NIS2 Directive) would apply to all Domain Name System (DNS) service providers. As currently drafted, this would include recursive resolvers and operators of authoritative servers for the root zone, top-level domains (TLDs), and all other domain names below the TLDs. Under the NIS2 proposal, DNS services are deemed essential services. Operators of DNS services offering services in Europe would have to implement cybersecurity measures and report any incidents that have a significant impact on the provision of their services. The small and micro business exemptions would not apply to TLD name registries or DNS service providers.
ICANN org responded to the online consultation, which closed 18 March 2021. The comment submitted touches on two issues:
- The applicability of NIS2 requirements for "essential" entities to DNS service providers
- The proposed requirements concerning domain name registration data in Article 23
ICANN org notes that comments to the NIS2 public consultation were also submitted by members of the ICANN community.
All contributions to the public comment are available on the consultation's website.