On 6 Nov 2018, at 13:13, Chris Buckridge <chrisb@ripe.net> wrote:
From our conversation with the Dutch competent authority it wasn’t clear, but we aren’t aware of any specific Dutch requirements.
Earlier on, however, ENISA published a number of guidelines and requirements that member states can use in evaluating operators and services against the NIS Directive requirements - these are published here: https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-...
FWIW the UK government issued a consultation last year on the criteria for who would and wouldn't be covered by the NIS directive. This expressly excluded DNS root servers. But not busy TLD or recursive DNS servers: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/a... Here's the guidance for competent authorities (Ofcom in the case of DNS and IXP providers). This also has some info on the criteria: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/a... As always, how an EU Directive gets implemented and enforced varies from country to country. So consult the prevailing national authorities for definitive advice.