New on RIPE Labs: How EU Regulation Affects You
Dear colleagues, In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union: https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect... Kind regards, Mirjam Kühne RIPE NCC
Thanks Mirjam. I posted a comment on the website, but I guess it might make more sense to share my reaction here: Is the RIPE NCC response to the Dutch regulator regarding the definition of an essential service operator public? Also, you say, "Data collection restrictions that could hinder the development of AI and the IoT." I think a lot of European citizens would prefer that the development of AI and IoT not be at the expense of their personal data becoming a private economic resource. Why does the RIPE NCC believe that, "the new ePrivacy text ... takes a restrictive approach to metadata and content data processing, to the point that the current provisions would have a negative impact on the development of things like AI, IoT and big data business.” Regards, Mat
On 5 Nov 2018, at 22:56, Mirjam Kuehne <mir@ripe.net> wrote:
Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect...
Kind regards, Mirjam Kühne RIPE NCC
Hi Matt, all, Jumping into the discussion here, but I can hopefully shed some light in response to your questions:
On 5 Nov 2018, at 20:55, Mat Ford <ford@isoc.org> wrote:
Thanks Mirjam. I posted a comment on the website, but I guess it might make more sense to share my reaction here:
Is the RIPE NCC response to the Dutch regulator regarding the definition of an essential service operator public?
At this point, the communication with the Dutch regulator has been of an informal nature. We plan to communicate more explicitly to the community when the official decision regarding Dutch essential services is made public. However, the key points in our communication have centred around the fact that a single root server operator, due to the distributed nature of the DNS, should not be considered an Operator of Essential Services under the NIS Directive.
Also, you say, "Data collection restrictions that could hinder the development of AI and the IoT." I think a lot of European citizens would prefer that the development of AI and IoT not be at the expense of their personal data becoming a private economic resource. Why does the RIPE NCC believe that, "the new ePrivacy text ... takes a restrictive approach to metadata and content data processing, to the point that the current provisions would have a negative impact on the development of things like AI, IoT and big data business.”
To be clear, the RIPE NCC does not take a position on whether such regulations are good or bad - our goal is to raise awareness with our community and membership of measures that could affect their operations. We believe (based on our discussions with our contacts and consulting agency in Brussels) that the current proposals would have an impact on development in these spaces, but as you note, this may well be in line with the broader preferences of the community. The key point for us is that our community (members of which are involved in the development of IoT and big data applications) be aware of this potential impact. Cheers Chris —— Chris Buckridge External Relations Manager RIPE NCC
Regards, Mat
On 5 Nov 2018, at 22:56, Mirjam Kuehne <mir@ripe.net> wrote:
Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect...
Kind regards, Mirjam Kühne RIPE NCC
Chris Buckridge wrote on 06/11/2018 04:45:
At this point, the communication with the Dutch regulator has been of an informal nature. We plan to communicate more explicitly to the community when the official decision regarding Dutch essential services is made public. However, the key points in our communication have centred around the fact that a single root server operator, due to the distributed nature of the DNS, should not be considered an Operator of Essential Services under the NIS Directive. Hi Chris,
has the dutch regulator published their criteria for being selected as an OES? Nick
On 6 Nov 2018, at 15:12, Nick Hilliard <nick@inex.ie> wrote:
Chris Buckridge wrote on 06/11/2018 04:45:
At this point, the communication with the Dutch regulator has been of an informal nature. We plan to communicate more explicitly to the community when the official decision regarding Dutch essential services is made public. However, the key points in our communication have centred around the fact that a single root server operator, due to the distributed nature of the DNS, should not be considered an Operator of Essential Services under the NIS Directive. Hi Chris,
has the dutch regulator published their criteria for being selected as an OES?
Nick
Hi Nick, From our conversation with the Dutch competent authority it wasn’t clear, but we aren’t aware of any specific Dutch requirements. Earlier on, however, ENISA published a number of guidelines and requirements that member states can use in evaluating operators and services against the NIS Directive requirements - these are published here: https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-... Also, there was a presentation by the Dutch National Cyber Security Centre during RIPE 74, in which they explained a bit more about the purpose and objectives of the directive and their views of what would be considered essential services. A recording and the slides are available from https://ripe74.ripe.net/archives/video/135/ Cheers Chris
On 6 Nov 2018, at 13:13, Chris Buckridge <chrisb@ripe.net> wrote:
From our conversation with the Dutch competent authority it wasn’t clear, but we aren’t aware of any specific Dutch requirements.
Earlier on, however, ENISA published a number of guidelines and requirements that member states can use in evaluating operators and services against the NIS Directive requirements - these are published here: https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-...
FWIW the UK government issued a consultation last year on the criteria for who would and wouldn't be covered by the NIS directive. This expressly excluded DNS root servers. But not busy TLD or recursive DNS servers: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/a... Here's the guidance for competent authorities (Ofcom in the case of DNS and IXP providers). This also has some info on the criteria: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/a... As always, how an EU Directive gets implemented and enforced varies from country to country. So consult the prevailing national authorities for definitive advice.
Hi Chris, unfortunately, "Identification criteria" is the only guideline bullet point on that web page which is missing a hyperlink, and google throws up nothing interesting on the ENISA web site. It seems that information on this is in short supply Nick
Chris Buckridge <mailto:chrisb@ripe.net> 6 November 2018 at 13:13
Hi Nick,
From our conversation with the Dutch competent authority it wasn’t clear, but we aren’t aware of any specific Dutch requirements.
Earlier on, however, ENISA published a number of guidelines and requirements that member states can use in evaluating operators and services against the NIS Directive requirements - these are published here: https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-...
Also, there was a presentation by the Dutch National Cyber Security Centre during RIPE 74, in which they explained a bit more about the purpose and objectives of the directive and their views of what would be considered essential services. A recording and the slides are available from https://ripe74.ripe.net/archives/video/135/
Cheers Chris
Chris Buckridge <mailto:chrisb@ripe.net> 6 November 2018 at 04:45 Hi Matt, all,
Jumping into the discussion here, but I can hopefully shed some light in response to your questions:
On 5 Nov 2018, at 20:55, Mat Ford <ford@isoc.org> wrote:
Thanks Mirjam. I posted a comment on the website, but I guess it might make more sense to share my reaction here:
Is the RIPE NCC response to the Dutch regulator regarding the definition of an essential service operator public? At this point, the communication with the Dutch regulator has been of an informal nature. We plan to communicate more explicitly to the community when the official decision regarding Dutch essential services is made public. However, the key points in our communication have centred around the fact that a single root server operator, due to the distributed nature of the DNS, should not be considered an Operator of Essential Services under the NIS Directive.
Also, you say, "Data collection restrictions that could hinder the development of AI and the IoT." I think a lot of European citizens would prefer that the development of AI and IoT not be at the expense of their personal data becoming a private economic resource. Why does the RIPE NCC believe that, "the new ePrivacy text ... takes a restrictive approach to metadata and content data processing, to the point that the current provisions would have a negative impact on the development of things like AI, IoT and big data business.” To be clear, the RIPE NCC does not take a position on whether such regulations are good or bad - our goal is to raise awareness with our community and membership of measures that could affect their operations. We believe (based on our discussions with our contacts and consulting agency in Brussels) that the current proposals would have an impact on development in these spaces, but as you note, this may well be in line with the broader preferences of the community. The key point for us is that our community (members of which are involved in the development of IoT and big data applications) be aware of this potential impact.
Cheers Chris
—— Chris Buckridge External Relations Manager RIPE NCC
Regards, Mat
On 5 Nov 2018, at 22:56, Mirjam Kuehne <mir@ripe.net> wrote:
Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect...
Kind regards, Mirjam Kühne RIPE NCC
Mat Ford <mailto:ford@isoc.org> 5 November 2018 at 16:55 Thanks Mirjam. I posted a comment on the website, but I guess it might make more sense to share my reaction here:
Is the RIPE NCC response to the Dutch regulator regarding the definition of an essential service operator public?
Also, you say, "Data collection restrictions that could hinder the development of AI and the IoT." I think a lot of European citizens would prefer that the development of AI and IoT not be at the expense of their personal data becoming a private economic resource. Why does the RIPE NCC believe that, "the new ePrivacy text ... takes a restrictive approach to metadata and content data processing, to the point that the current provisions would have a negative impact on the development of things like AI, IoT and big data business.”
Regards, Mat
Mirjam Kuehne <mailto:mir@ripe.net> 5 November 2018 at 15:56 Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect...
Kind regards, Mirjam Kühne RIPE NCC
------------------------------------------------------------------------
On 7 Nov 2018, at 02:30, Nick Hilliard <nick@inex.ie> wrote:
Hi Chris,
unfortunately, "Identification criteria" is the only guideline bullet point on that web page which is missing a hyperlink, and google throws up nothing interesting on the ENISA web site. It seems that information on this is in short supply
Nick
Dear Nick, Colleagues, There is another document, CG Publication 07/2018 "Reference document on the identification of Operators of Essential Services (modalities of the consultation process in cases with cross-border impact)”. This highlights both the criteria laid out in the directive, as well as some procedures to apply when an operator provides its services in multiple member states, which would be the case for RIPE NCC. The document is available via http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=53661 Regards, Marco Hogewoning -- External Relations - RIPE NCC
Thanks everyone for the analysis and pointers to relevant documentation. Very much appreciated. Gaël On 7 Nov 2018, at 10:03, Marco Hogewoning wrote:
On 7 Nov 2018, at 02:30, Nick Hilliard <nick@inex.ie> wrote:
Hi Chris,
unfortunately, "Identification criteria" is the only guideline bullet point on that web page which is missing a hyperlink, and google throws up nothing interesting on the ENISA web site. It seems that information on this is in short supply
Nick
Dear Nick, Colleagues,
There is another document, CG Publication 07/2018 "Reference document on the identification of Operators of Essential Services (modalities of the consultation process in cases with cross-border impact)”. This highlights both the criteria laid out in the directive, as well as some procedures to apply when an operator provides its services in multiple member states, which would be the case for RIPE NCC.
The document is available via http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=53661
Regards,
Marco Hogewoning -- External Relations - RIPE NCC
People might also want to look at BEREC’s draft work programme for 2019. See here: https://berec.europa.eu The draft WP has been published for consultation. But I guess the deadline is now way too short for any consolidated response. However BEREC is proposing to work on many of our old favourites, including network neutrality, network termination points, very high-capacity networks, 5G, IoT and “OTT" services. Some of the work items will be subject to further consultation. So this can be seen as a sort of heads-up? Gordon
On 5 Nov 2018, at 16:56, Mirjam Kuehne <mir@ripe.net> wrote:
Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect...
Kind regards, Mirjam Kühne RIPE NCC
participants (8)
-
Chris Buckridge -
Gael Hernandez -
Gordon Lennox -
Jim Reid -
Marco Hogewoning -
Mat Ford -
Mirjam Kuehne -
Nick Hilliard