On 6 Nov 2018, at 13:13, Chris Buckridge <[email protected]> wrote: > > From our conversation with the Dutch competent authority it wasn’t clear, but > we aren’t aware of any specific Dutch requirements. > > Earlier on, however, ENISA published a number of guidelines and requirements > that member states can use in evaluating operators and services against the > NIS Directive requirements - these are published here: > https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-services/cii/nis-directive
FWIW the UK government issued a consultation last year on the criteria for who would and wouldn't be covered by the NIS directive. This expressly excluded DNS root servers. But not busy TLD or recursive DNS servers: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/636207/NIS_Directive_-_Public_Consultation__1_.pdf Here's the guidance for competent authorities (Ofcom in the case of DNS and IXP providers). This also has some info on the criteria: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/701050/NIS_-_Guidance_for_Competent_Authorities.pdf As always, how an EU Directive gets implemented and enforced varies from country to country. So consult the prevailing national authorities for definitive advice.
