Dear colleagues, We'd like to inform you that some changes have been proposed to NIS 2 that would accommodate some of the concerns raised by the RIPE NCC and the RIPE community.
As a quick recap: the European Commission proposed an update to the Network and Information Security Directive, commonly referred to as NIS 2, which would bring the DNS root servers into scope of the directive, resulting in regulatory oversight of the DNS root server operators. Following our response on the NIS 2 proposal in the public feedback process, we reached out to a number of parties involved in the legislative process, including some members of the European Parliament, drawing attention to our concerns. The ITRE committee, which is leading this dossier in the European Parliament, yesterday published its initial report listing a number of proposed amendments. We are happy to see that it has taken on board the concerns we and other community members have raised. In particular, the committee proposes amending the scope of the directive to include: "authoritative domain name resolution services as a service procurable by third-party entities”. We realise this leaves a substantial part of the DNS in scope; however, this change would address the concerns we raised in our response by removing from scope: - DNS root operations - Small and non-commercial operators, such as people running their own DNS servers We are pleased to see these amendments and appreciate the rapporteur, MEP Groothuis, addressing our concerns. The full report is available at: https://www.europarl.europa.eu/doceo/document/ITRE-PR-692602_EN.pdf (The relevant changes are on pages 6, 27 and 57.) As a next step, the ITRE committee is provisionally scheduled to discuss this report on 27 May. We will continue to track the legislative process and keep you informed about the progress. Regards, Marco Hogewoning Manager, Public Policy and Internet Governance RIPE NCC
