Hi
Nick,
From our conversation with the Dutch competent authority
it wasn’t clear, but we aren’t aware of any specific Dutch requirements.
Earlier
on, however, ENISA published a number of guidelines and requirements
that member states can use in evaluating operators and services against
the NIS Directive requirements - these are published here:
https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-services/cii/nis-directiveAlso,
there was a presentation by the Dutch National Cyber Security Centre
during RIPE 74, in which they explained a bit more about the purpose and
objectives of the directive and their views of what would be considered
essential services. A recording and the slides are available from
https://ripe74.ripe.net/archives/video/135/Cheers
Chris
Hi Matt, all,
Jumping into the discussion here, but I can hopefully shed some light in response to your questions:
On 5 Nov 2018, at 20:55, Mat Ford <ford@isoc.org> wrote:
Thanks Mirjam. I posted a comment on the website, but I guess it might make more sense to share my reaction here:
Is the RIPE NCC response to the Dutch regulator regarding the definition of an essential service operator public?
At this point, the communication with the Dutch regulator has been of an informal nature. We plan to communicate more explicitly to the community when the official decision regarding Dutch essential services is made public. However, the key points in our communication have centred around the fact that a single root server operator, due to the distributed nature of the DNS, should not be considered an Operator of Essential Services under the NIS Directive.
Also, you say, "Data collection restrictions that could hinder the development of AI and the IoT." I think a lot of European citizens would prefer that the development of AI and IoT not be at the expense of their personal data becoming a private economic resource. Why does the RIPE NCC believe that, "the new ePrivacy text ... takes a restrictive approach to metadata and content data processing, to the point that the current provisions would have a negative impact on the development of things like AI, IoT and big data business.”
To be clear, the RIPE NCC does not take a position on whether such regulations are good or bad - our goal is to raise awareness with our community and membership of measures that could affect their operations. We believe (based on our discussions with our contacts and consulting agency in Brussels) that the current proposals would have an impact on development in these spaces, but as you note, this may well be in line with the broader preferences of the community. The key point for us is that our community (members of which are involved in the development of IoT and big data applications) be aware of this potential impact.
Cheers
Chris
——
Chris Buckridge
External Relations Manager
RIPE NCC
Regards,
Mat
On 5 Nov 2018, at 22:56, Mirjam Kuehne <mir@ripe.net> wrote:
Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation
with the potential to impact more actors across the Internet landscape.
Here, we give a brief overview of the most pertinent policies currently
being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affects-you
Kind regards,
Mirjam Kühne
RIPE NCC
Thanks
Mirjam. I posted a comment on the website, but I guess it might make
more sense to share my reaction here:
Is the RIPE NCC response to
the Dutch regulator regarding the definition of an essential service
operator public?
Also, you say, "Data collection restrictions
that could hinder the development of AI and the IoT." I think a lot of
European citizens would prefer that the development of AI and IoT not be
at the expense of their personal data becoming a private economic
resource. Why does the RIPE NCC believe that, "the new ePrivacy text ...
takes a restrictive approach to metadata and content data processing,
to the point that the current provisions would have a negative impact on
the development of things like AI, IoT and big data business.”
Regards,
Mat