kom (2018) 0231 - Ingen titel

Europaudvalget 2018
KOM (2018) 0231
Offentligt

EUROPEAN

COMMISSION

Brussels, 27.4.2018

SWD(2018) 120 final

PART 1/3

COMMISSION STAFF WORKING DOCUMENT

IMPACT ASSESSMENT

Accompanying the document

Proposal for a Regulation of the European Parliament and of the Council

on the implementation and functioning of the .eu Top Level Domain name and repealing

Regulation (EC) No 733/2002 and Commission Regulation (EC) No 874/2004

{COM(2018) 231 final} - {SEC(2018) 205 final} - {SWD(2018) 121 final} -

{SWD(2018) 122 final}

kom (2018) 0231 - Ingen titel

Table of contents

INTRODUCTION: POLITICAL AND LEGAL CONTEXT ................................................. 2

PROBLEM DEFINITION ....................................................................................................... 3

2.1. What is/are the problems? ............................................................................................ 3

2.2. What are the problem drivers? ...................................................................................... 7

2.2.1.

Outdated and rigid legislation

.............................................................................. 7

2.2.2.

2.2.3.

2.3.

3.1.

3.2.

3.3.

4.1.

4.2.

Deficiencies in governance and accountability

................................................. 10

Rapid evolution of the market

............................................................................ 11

How will the problem evolve? .................................................................................... 14

Legal basis .................................................................................................................. 15

Subsidiarity: Necessity of EU action .......................................................................... 15

Subsidiarity: Added value of EU action ..................................................................... 16

General objectives ...................................................................................................... 17

Specific objectives ...................................................................................................... 17

WHY SHOULD THE EU ACT?........................................................................................... 15

OBJECTIVES: WHAT IS TO BE ACHIEVED? ................................................................. 17

WHAT ARE THE AVAILABLE POLICY OPTIONS?....................................................... 19

5.1. What is the baseline from which options are assessed? .............................................. 21

STATUS QUO (BASE LINE SCENARIO).......................................................................... 21

5.2. Description of the policy options ................................................................................ 22

OPTION 1: COMMERCIALISATION ................................................................................ 22

5.3. Options discarded at an early stage............................................................................. 25

OPTION 1: COMMERCIALISATION ................................................................................ 26

OPTION 4(a): INTERNALISATION ................................................................................... 26

OPTION 4(b)(ii): EU AGENCY/ENISA .............................................................................. 26

5.4. Options relating to Vertical Integration and Eligibility Criteria ................................. 27

WHAT ARE THE IMPACTS OF THE POLICY OPTIONS? ............................................. 30

6.1.

6.2.

6.3.

6.4.

6.5.

Baseline....................................................................................................................... 30

Option 2. Modernisation of the legal framework........................................................ 37

Option 3. Separate governance ................................................................................... 40

Option 4(b)(i). Existing EU Agency: full integration in EUIPO ................................ 43

Horizontal issues: Vertical integration/eligibility criteria ........................................... 46

HOW DO THE OPTIONS COMPARE? .............................................................................. 49

PREFERRED OPTION ......................................................................................................... 52

8.1.

REFIT (simplification and improved efficiency) ....................................................... 53

HOW WILL ACTUAL IMPACTS BE MONITORED AND EVALUATED? .................... 54

kom (2018) 0231 - Ingen titel

NTRODUCTION

: P

OLITICAL AND LEGAL CONTEXT

The .eu top-level domain (TLD) was established by Regulation (EC) No 733/2002 of the

European Parliament and of the Council of 22 April 2002 on the implementation of the

.eu Top Level Domain, following discussions for the creation of a single top-level

domain for European Union that were initiated by the European Council in 1999. The .eu

TLD is governed by the implementing rules of Commission Regulation (EC) No

874/2004 of 28 April 2004 laying down public policy rules (PPR) concerning the

implementation and functions of the .eu TLD and the principles governing registration.

Both Regulations are referred to in this document as the ".eu Regulations".

The .eu TLD was delegated

by the Internet Corporation for Assigned Names and

Numbers (ICANN) on 22 March 2005 and uploaded in the Internet root zone on 2 May

2005. It was formally launched in April 2006.

The domain name is operated and managed by EURid

, a non-profit organisation

appointed by the European Commission under a service concession contract to act as its

registry in 2003. On 12

April 2014 the service concession contract was renewed and it

was awarded again to EURid.

Today the .eu TLD is the eighth largest country code TLD (ccTLD) in the world

with

over 3,7 million registrations (end of Q3 2017)

. The .eu TLD is also used by all EU

Institutions, Agencies and Bodies, as well as for a number of their projects and

initiatives.

The vision behind the creation of the .eu TLD was broad and ambitious, ranging from the

acceleration of electronic commerce, the promotion of the use of - and access to -

Internet networks and the virtual market place, as well as the promotion of the European

Union image on global information networks and the improvement of the interoperability

of trans-European networks.

For an explanation of all technical terms used in this document, see the Glossary. In the Domain Name

System (DNS), the ‘delegation’ of a domain name occurs when the relevant Top Level Domain (in this

case, .eu) is published in the root IANA database by ICANN. Publication in the root IANA database

enables a code (e.g. .eu) to operate as a top level domain as part of the Domain Name System.

EURid stands for European Registry of Internet Domain Names.

Verisign Domain Name Industry Brief, https://www.verisign.com/assets/domain-name-report-

Q32017.pdf

EURid Quarterly Report, Q3 2017 https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-

b50e2c45601f/quarterly_report_q3_2017.pdf

kom (2018) 0231 - Ingen titel

The .eu TLD is used today by companies and individuals to: 1. Indicate that the website

owner is European, and is open for business across the 28 EU Member States and

European Economic Area (EEA) countries

; 2. Signal quality and trustworthiness: a .eu

website indicates that it belongs to a legal entity in the EU and is therefore subject to EU

law and trading standards.

As the Internet has spread throughout the world and grown in commercial importance,

there have been significant evolutions in the domain name market, in the global Internet

governance, as well as in the European Union digital priorities.

A key priority of the Juncker Commission (2014-2019) is the creation of a Digital Single

Market (DSM)

. It aims at removing existing barriers in the delivery of goods and

services within the EU, thus boosting the EU economy and facilitating e-commerce

across Member States, with a number of initiatives to reinforce security and trust in the

online environment, promote European entrepreneurship and start-ups and uphold

citizens' rights, including privacy, in the digital age.

In this context, the .eu TLD, as a trusted symbol of European digital identity, is still a

strategic tool which can positively complement the initiatives for the completion of the

DSM.

The objective of this impact assessment is to analyse, in line with the Better Regulation

guidelines, how to address the problems identified in the retrospective evaluation, and

where elements of the .eu Regulations are unfit for addressing new challenges, to identity

and assess options which will allow the .eu TLD to continue to fulfil its mission in the

future.

ROBLEM DEFINITION

2.1.

What is/are the problems?

The original .eu Regulations were pivotal in enabling the creation of a dedicated

namespace for the European Union. The .eu TLD, first launched in 2006 in accordance

with the .eu Regulations, is a success. Despite being a late-comer

to the European TLD

Countries that are candidates to join the Union have the possibility to add their list of reserved names to

the Annex containing the list of names reserved by Member Stares in Commission Regulation (EC) No

874/2004.

The DSM strategy was established following Commission Communication COM/2015/0192.

The .eu entered the market in 2006, much later than the years of the rapid growth in European domain

name registrations of the early 2000s. Coming after the first wave of ccTLDs and gTLDs (such as .de, .fr,

.uk and .com), the .eu TLD had to make space for itself in markets that had already become established.

kom (2018) 0231 - Ingen titel

market, the .eu Registry has managed to establish a healthy market share throughout the

EU and EEA. Its rate of renewal and growth are in line with industry trends in the EU.

According to the findings of the retrospective evaluation:

The .eu Regulations have been

efficient

in making .eu domains widely available

throughout the EU, at a low cost for the consumers

, providing an identifiable

link between the TLD and the European Union. However, their rigid requirements

are causing inefficiencies which place the .eu TLD at a competitive disadvantage

in the market, reducing the possible benefits in terms of supporting ecommerce or

the single market.

While the .eu Regulations have been

effective

in supporting ecommerce and the

internal market with the .eu TLD being particular appealing for business use,

there are starting to be early signs of relative decline in the .eu TLD’s

performance

Over the years, it has become apparent that the .eu Regulations reflect the domain

name market as it was in 2002-2004, and are no longer effective, efficient, or

coherent in today’s fast-changing technological market environment. With

detailed provisions, which are time-consuming and costly to change, the .eu TLD

is unable to implement operational or technical changes as swiftly as the market

demands and as its competitors are able to.

The objectives of the .eu Regulations continue to be

relevant

to EU citizens.

However, the .eu Regulations are now no longer in step with international best

practices. The rules for registration (‘eligibility criteria’) restrict the availability of

.eu domains to registrants located in the EU and EEA.

The regulatory framework for the .eu TLD is no longer

coherent

with its

objectives. Most ccTLDs within the EU are not subject to the same regulatory

burdens as the .eu TLD, which risks placing the .eu Registry at a competitive

disadvantage amid toughening market conditions. Neither the .eu Regulations nor

the operation of the .eu Registry are coherent with international best practices in

relation to internet governance, which favours a multi-stakeholder approach

rather than governmental regulation.

Please refer to section 6.1 for information about the price

See section 5 of the evaluation report

kom (2018) 0231 - Ingen titel

While Regulation 874/2004 has been amended on four occasions to introduce technical

updates

and Regulation 733/2002 has been amended once in 2008 merely to adapt it to

the regulatory procedure with scrutiny

, the .eu Regulations have never been fully

reviewed to ensure that they are modernised and freed of cumbersome administrative or

implementation costs and thus they still deliver effectively their intended benefits of

supporting online cross-border activities and promoting EU identity.

The .eu is a well-established TLD and the evaluation has shown that it continues to

function well. The problem that this initiative is trying to tackle is that the two

Regulations governing the .eu are outdated and rigid, in the sense of (i) obsolete or rigid

provisions that cannot easily be updated, and in the sense of (ii) not providing for an

optimum governance structure in terms of oversight and accountability in line with the

Commission’s stated approach to internet governance, so that (iii) increasing difficulties

can be foreseen for the .eu TLD in a time of a rapidly evolving market.

The problem currently is not dramatic: it is observed in the functioning and management

of the .eu TLD and therefore at the moment it affects primarily the actors that are

involved in these functions, i.e. the registry and the Commission and to a lesser extent the

registrars. Nevertheless, if precautionary action is not taken, the problem is likely to

become large enough to affect end users, in terms of the sustainability of the .eu

extension and the attractiveness of the .eu compared to other competitive domain names.

In a nutshell, the initiative is about making sure that a TLD that has worked relatively

well continues to do so in the future, so that it still effectively delivers its expected

benefits. The issues addressed by this REFIT initiative are of a predominantly technical

nature pertaining to the domain name system (DNS) and/or of administrative nature

pertaining to the day-to-day management of the .eu TLD; as such this review is of limited

scope. Also, as explained above, the problem is not felt directly but by the registry

operator, the Commission and to a lesser extent the registrars; hence it is of limited

impact. These factors explain the relative lack of stakeholder interest in the initiative.

To mitigate that the Commission launched in parallel to the online public consultation,

targeted consultation activities to reach out to stakeholders. Apart from the online public

consultation, the consultation strategy included a formal brainstorming workshop with

the current registry on the REFIT review, as well as other informal exchanges. To engage

the registrars, two consultation sessions were held during the ICANN meeting

See consolidated version of EC 874/2004 showing various amendments introduced

http://data.europa.eu/eli/reg/2004/874/oj

See consolidated version of EC 733/2002 http://data.europa.eu/eli/reg/2002/733/oj

ICANN meetings bring together the DNS industry: registries, registrars, as well as representatives from

users' community and countries.

kom (2018) 0231 - Ingen titel

Copenhagen and the ICANN meeting in Johannesburg. Another consultation session was

held with the Registrar Advisory Board of EURid

. On top of this, the Commission

launched a survey (through a specialised survey company) among the .eu registrars.

Another group of stakeholders are the .eu peers (other TLDs registries), including the

European ccTLDs association which is CENTR, and ICANN. These stakeholders are

well placed to evaluate the .eu framework and future options against current practises in

the DNS ecosystem, but have low interest in the initiative and in participating in the

consultation. Or they even refrain from expressing a view, given that the .eu TLD is a

peer/competitor in the industry (in the case of other registries) or a member (in the case

of CENTR and ICANN). As we expected, these stakeholders did not respond to the

online public consultation. To gather input from them, the Commission launched a

survey with targeted questions within the CENTR members, held a consultation session

with .eu peers at the CENTR General Assembly and a consultation bilateral meeting with

ICANN.

Finally, end users, because of the technical nature of the initiative and the limited/ only

indirect impact on them, did not actively participate to the consultation, as shown by the

low number of contributions collected during the online public consultation. To mitigate

that, we sent targeted emails to European consumer and business associations to engage

them. This generated some written contributions (although still limited).

The Commission also regularly informed Member States on the various stages of the

REFIT, via the High Level Group on Internet Governance. Member States did not

provide any particular feedback as their ccTLDs are not be affected by this initiative.

Figure 1. Problem tree

The Registrar Advisory Board has been set up by the current registry to gather advice and input from the

.eu registrars on practical modalities and policies with respect to the way the .eu TLD is operated,

marketed, etc. Accredited .eu registrars are sitting in this Board, members are rotating every two years.

kom (2018) 0231 - Ingen titel

2.2.

What are the problem drivers?

Three main drivers have been identified (see figure 1): outdated and rigid legislation

(2.2.1.); deficiencies in governance and accountability (2.2.2.); and a rapid evolution of

the market (2.2.3.).

2.2.1. Outdated and rigid legislation

The .eu TLD has been one of the most successful implementations of a new Top Level

Domain. Coming after the first wave of ccTLDs and gTLDs (such as .de, .fr, .uk and

.com), the .eu TLD had to make space for itself among the so-called legacy TLDs.

While the .eu Regulations have been effective in creating the new TLD and supporting its

successful implementation, the relative stagnation in the number of registrations is due in

part to an outdated and ineffective legislative framework

The .eu Regulations contain some detailed provisions that have not been used since 2006

and are no longer needed as they relate to the set up phase of the .eu TLD, such as

chapter IV of the Commission Regulation No 874/2004. These entail a phased

registration, which aimed to protect the interest of intellectual property rights holders

Please refer to the evaluation

kom (2018) 0231 - Ingen titel

against speculation and so-called ‘cybersquatting’

, by giving the possibility for eligible

parties to apply for a .eu TLD before the general registration started. Such a provision is

of less relevance today and merely prolongs the process.

Other provisions relating to operations to set up the .eu TLD had only been envisaged as

once-off actions, whereas they proved to be required on an ongoing basis to manage the

.eu TLD. For instance, the process for reserving .eu TLD names for the European Union

institutions and/or Member States and/or Candidate countries, as described in article 9 of

Commission Regulation No 874/2004, could be done no later than a week before the

beginning of the phased registration period. The Regulation does not include any

provision for updating the list of such reserved domain names for the European

Institutions on a regular basis. Consequently, the procedure for reserving new .eu TLD

names for the European Union institutions and/or Member States and/or Candidate

countries is not only a cumbersome and inefficient process, but it might be questioned

from a legal perspective.

For example:



Internationalised Domain Names (IDNs) are an enhancement to the Domain

Name System (DNS) which allows the introduction of names in scripts and

alphabets other than in ASCII characters

. This is considered a way to encourage

Internet usage amongst the local population. The .eu supports all 24 official

languages of the EU, including Bulgarian and Greek, which require domain

names in Cyrillic and Greek scripts. To implement updates in the technical

standards relating to IDNs Commission Regulation 874/2004 had to be amended.

The process took the Commission 19 months (solely due to the obligation to

amend the Regulation), whereas for example the German ccTLD registry was

able to implement the updates

within one month of publication.

Chapter VI of Commission Regulation 874/2004 sets out rules for the resolution

of domain name disputes, the .eu Alternative Dispute Resolution (ADR). Having

such detailed provisions at the level of Regulation prevents flexibility or changes

to practices in response to market conditions. Despite provisions in Regulation

733/2002 that the dispute resolution should reflect international best practices, the



The practice of registering names, especially well-known company or brand names, as Internet domains,

in the hope of reselling them at a profit.

American Standard Code for Information Interchange.

The technical standards for internationalised domain names were updated (IDNA 2008) to support a

small number of characters within the domain name system. Of the four characters implemented by the

standard, only two are relevant to European languages, namely the German sharp ‘s’ (ß), and the Greek

terminating sigma (ς). For guidance on the IDNA 2008 standard, see

http://unicode.org/reports/tr46/#IDNA2008-Section

kom (2018) 0231 - Ingen titel



.eu ADR is inconsistent with international best practices. For example the .eu

ADR contains a prohibition on speculative domains, considers non-use as a

criterion for deletion, and displays inconsistencies as to remedy (Article 21 refers

to ‘revocation’ of domains, whereas Article 22(b)(11) refers to ‘transfer’) in the

wording of the procedure.

Article 17 of Commission Regulation 874/2004 provides 5 names that the registry

can reserve for itself. In fact, today the registry uses different names than the ones

listed in this article. Flexibility to permit the registry to reserve the necessary

domain names for its operational functions (without having to amend the

Regulation to that end) is needed.

To implement a security feature for Greek and Cyrillic domain names

, it was

necessary article 3 of Commission Regulation 874/2004. The change enabled the

flexibility technical checks to take place prior to the registration of a .eu domain

name, rather than only after a domain name was registered. The work took 37

months.

The .eu Regulations are also outdated in the sense that they do not adequately take into

account and support the role that the .eu Registry can play in contributing to a

trustworthy, reliable, resilient and safe online environment

and in promoting EU values

like multilingualism on the Internet.

The retrospective evaluation identified an additional issue relating to the legal

framework, which is the need to assess whether the eligibility criteria for registration

should be amended. This issue deserves a special attention because of its direct link with

the EU identity.

According to article 4(2)(b) of Regulation (EC) No 733/2002, the .eu TLD is available

for registration by organisations and companies in, and residents of, EU member states,

plus Iceland, Norway or Lichtenstein (EEA). Part of the findings that emerged from the

evaluation is that the "residency principle" for registrants, as established in the current .eu

Regulations, is not fair to EU and EEA citizens: if an EU/EEA citizen lives abroad but

still has an EU/EEA nationality and passport (and as such is even allowed to vote in

national elections), he/she is not allowed to register a .eu TLD name. On the other hand,

it is possible to circumvent restrictions on eligibility for registering a domain name

To implement homoglyph bundling to avoid homograph attacks. For an in-depth explanation of

homoglyph bundling and an example of a homograph attack see

https://eurid.eu/en/other-

infomation/faq/technical-and-privacy-enquiries/what-is-homoglyph-bundling-does-eurid-offer-it/

and

https://www.theregister.co.uk/2017/04/18/homograph_attack_again/

TLD name registries are considered operators of essential services for digital infrastructure. (Directive

(EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a

high common level of security of network and information systems across the Union).

kom (2018) 0231 - Ingen titel

through the use of proxies, i.e. a person or organisation who does not comply with the

relevant restrictions arranges for registration of a domain name through a third party

proxy. This can limit the effect in achieving the intended objective of restricting

registrations to registrants residing in the EU.

The issue is becoming further complicated with respect to the UK leaving the EU. At the

end of Q3 2017, there were more than 300 000 .eu TLD names registered by UK-based

registrants

, showing that the UK is ranked fourth in terms of the highest number of

registrations (following Germany, France and the Netherlands). From a registrar and

registrant perspective, the UK represents one of the largest markets for the .eu TLD.

According to the current eligibility criteria, UK registrants will not be eligible for a .eu

TLD if the country leaves the EU. A reduction in registrations is a concern for the

sustainability of the .eu TLD given increased competition in the market.

2.2.2. Deficiencies in governance and accountability

The .eu Regulations contain little or no guidance on the standards of technical

competence and corporate governance expected from the .eu Registry operator. The

retrospective evaluation showcased some concerns in this regard, whereas it is unclear

whether/which regulatory tools exist for the Commission to ensure that the Registry is

operated according to the public policy interest and under the strictest rules of

transparency, fairness and accountability.

An example with respect to technical competence is the recent routine software update by

the .eu Registry on 11 October 2017, which resulted in a two days outage of the registry

website eurid.eu (and registration services]. The technical resolution of existing .eu TLDs

was not affected, but the outage resulted in the lack of availability of basic registration

services, lack of ability for law enforcement authorities and others to find out the details

of those responsible for individual .eu TLDs (or websites) through the WHOIS database.

This outage should have been prevented by the business continuity and resilience plans

of the .eu Registry. The impact of such technical outages on the EU and EEA registrants

is a loss of key services in relation to .eu, and if such outages became a common

occurrence, they would lead to a loss of trust and confidence in the .eu TLD.

As regards corporate governance, for example there is no guidance on how long

individual board members are permitted to serve. The Articles of Association require the

board to establish internal policies and procedures regarding conflicts of interest,

corporate governance and accountability, and the service concession contract contains

detailed obligations on conflicts of interest. There could be more information made

EURid Quarterly Report, Q3 2017, page 6,

https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-

9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf

kom (2018) 0231 - Ingen titel

available on the website of the .eu Registry on key governance issues such as the number

of directors, how such directors are appointed, the role of the board of the .eu Registry,

processes for removing directors, evaluating performance, ensuring accountability or

performing reviews, information that are necessary for transparency and accountability

purposes. The CEO and three of the five Board directors

have all been in place since

the foundation of the company in 2004. Another individual has been serving on the

board since April 2009.

An audit report on the governance of the .eu Registry, conducted by the Commission in

2013, highlighted potential commercial conflicts of interest.

2.2.3.

Rapid evolution of the market

Since the establishment of the .eu TLD over 10 years ago, the Internet eco-system has

incurred major transformations. In general, the Internet-driven revolution has brought

significant changes in the way businesses operate online and citizens access (new)

content and services through the Internet. TLD operators have become important players

in the Internet-ecosystem, as they manage a critical element of the Internet core technical

infrastructure.

Today's domain name market is very different from 15 years ago, due to the following

changes:

In March 2002, the ICANN Board passed a resolution “stating the organisation's

strong position for the implementation of "strict separation" of registries and

registrars for new gTLDs”. The ICANN Board also stated that co-ownership was

prohibited. In November 2010, the ICANN Board changed their position and

therefore, allowed the so-called “vertical integration” which empowers registries

to be also registrars and vice versa.

Internationalised Domain Names (IDNs) were first launched in 2004 thanks to the

IDNA protocol, and are now based on IETF standard RFC5890 published in

2010, which use the Punycode encoding algorithm to represent non-ASCII

characters found in Latin scripts with diacritics and accents, Arabic, Chinese,

Cyrillic, Hindi and other languages, into ASCII (plain text characters and

numbers) domain names that the DNS system can resolve. This allows Internet

users to type a domain name in their local script using their native language,

See appointed dates for directors from company search

http://kbopub.economie.fgov.be/kbopub/toonondernemingps.html?ondernemingsnummer=864240405

three of five were appointed on 29 February 2004, and one other individual was appointed 2009.

kom (2018) 0231 - Ingen titel

instead of an ASCII transliteration. IDNs at the second level started being offered

in 2007-2009.

In late 2009, the Internationalised Domain Names – domain names containing

non-ASCII characters – were enabled at the top level via the so-called IDN

ccTLD Fast Track.

In 2011, the ICANN Board approved a massive expansion of the domain name

system via the launch of a new generic Top-Level Domain (new gTLD) round.

The first new gTLD started being delegated in 2013 and at present, ICANN has

delegated more than 1 300 new gTLDs which enjoy liberal rules in terms of

marketing and vertical integration. Discussions for an additional expansion of

gTLDs have started and a new wave of new gTLDs is expected to occur in the

next five years.

Most of the ccTLD registries have completely deregulated their markets,

removing barriers to registration which were associated with the

residency/citizenship of the registrant, and/or lifting the requirement of assigning

only a limited number of domain names to individuals and/or companies (e.g.,

these changes occurred for .fr, .es, .it, .pt, .pl for instance);

Security elements around domain names have become more and more relevant in

the past decade. DNSSEC, short for Domain Name System Security Extensions,

is an enhancement to the DNS protocol that ensures a greater level of trust when

resolving domain names. Most of the registries enabled DNSSEC for the

extension

they manage at the top level and for any second level registered

domain name.

At the end of Q3 2017, there were

330.7 million domain names

across all top-level

domains (TLDs) globally

The latest CENTR Domain Wire

clearly shows that the TLDs market is still adjusting

and will continue to adjust to the multiple changes that have occurred in recent years.

“Over

the past 2 years, quarterly growth rates have been decreasing since peaks

in early 2016. The slowdown is the result of deletes after a period of increased

investment from Chinese registrants. Other explanations to the slowdown are

Extension is another term for a domain name

Verisign Domain Name Industry Brief Q3 2017

https://www.verisign.com/assets/domain-name-report-

Q32017.pdf

CENTR's statistical quarterly report on ccTLD.

kom (2018) 0231 - Ingen titel

specific TLDs, such as .xyz and .top, which have contracted significantly. Without

these outliers, global TLD growth would be at 1.0% for Q3 2017 and 2.5%

YOY”

“There

are around 71 million domains across 56 ccTLDs in the European region.

Overall growth over the region was 1.8% with a median rate of 2.9%”

“Market share of ccTLDs in European countries ranges from 16% to 79%, with

an average of 54%. These figures include gTLDs as well as other European

ccTLDs registered from within the country”

Most of the European registry operators managed well to cope with these changes by

speeding up deregulation processes (e.g. .fr, .pt, .es) and introducing new services, or by

expanding their range of activities in the domain name environment. Over twelve

European ccTLD registries are involved in additional activities such as: being the registry

manager of other extensions; providing back-end services to other extensions; offering

Internet of Things related services; setting their own registrar (e.g. .se); being appointed

as ICANN-accredited Third Party Provider for Registrar Data Escrow (e.g. .de), and;

offering Anycast services

to other registries (e.g. .de).

Overall, the TLDs market is becoming more competitive and more aggressive – in terms

of registration policies and marketing strategies – and more diversified, in terms of the

activities which a registry operator might get involved in.

Considering the rigidity and lack of flexibility of the current .eu regulatory framework,

the .eu TLD (and its registry operator) is at a disadvantage against the fast-changing

domain name environment. Considering further that market conditions and fluctuations,

as well as the overall rules applicable to gTLDs, are not within EU control, it will be

crucial for the long-term sustainability and market competitiveness of the .eu TLD that

its regulatory framework provides ready flexibility and adaptation potential to enable the

.eu TLD to cope with future unforeseeable market developments.

CENTR Domain Wire Q3 2017.

Anycast is an addressing and routing methodology wherein multiple physical endpoints are logically

denoted by a single IP address.

kom (2018) 0231 - Ingen titel

2.3.

How will the problem evolve?

Keeping the .eu Regulations/legal framework unchanged will potentially have

detrimental consequences for the .eu TLD, and hamper its potential to contribute

effectively to the DSM long-term strategy and to the online EU identity.

The following (not exhaustive) consequences for the future of the .eu top-level domain

can be expected:



Possible overall stagnation of the .eu registration.

As extensively demonstrated by

the last decade’s facts in the domain name industry, the market for new domain name

registrations has already experienced market shocks and fluctuations following the

launch of the new gTLDs. The rapid changes to the DNS environment may lead to

the introduction of new features and stakeholders, including from a further round of

new gTLDs, which is expected to occur in the next five years. The .eu TLD should be

enabled to cope with such future challenges. Outdated and/or overly rigid rules will

restrict the .eu Registry’s ability to enhance the .eu TLD environment.

Negative perception of the .eu TLD as too bureaucratic and/or as an institutional

extension.

The .eu TLD is deeply linked to the European Union profile and events

(see the recent drop of registrations and renewals of.eu domain names in the UK

following that Member State’s decision to exit the European Union). The

bureaucratic image is strengthened by delays such as the Commission taking more

than 30 months to enable the .eu Registry operator to offer the new characters

supported by the IDNA2008 protocol, and this is a poor outcome for the image of the

.eu TLD. The expansion of the gTLD market, and the consequential regulatory

changes, which occurred between 2012 and 2014 could happen again. When

technical standards are dramatically modified, it can pose an existential risk to the .eu

TLD, because of the over-long lead times for amending its basic rules to support new

standards. This would significantly affect registrants and registrar users' satisfaction.

Decreased trust in .eu at multiple levels.

Trust is one of the most important elements

in the DNS environment. Respect for a TLD extension necessarily stems from trust in

its policies and procedures. And to be trusted, these policies and procedures must be

modern and regularly updated. At the same time, trust is and will always be

connected to the reputation of the registry operator. Recent events which occurred in

some registries, such as .dk, .pl and .au

, showed how a decline in the reputation of

the TLD registry operator may adversely impact the trust in the products that

registries are offering. A failure to introduce enhanced governance measures at the



https://www.theregister.co.uk/2017/07/29/chair_australias_internet_registry_out/?page=2

kom (2018) 0231 - Ingen titel

level of the .eu Registry operator could increase the risk of reputational damages and

will not bring the overall .eu Registry administrative structure up to speed with the

most recent developments in the overall Internet governance organisations. As an

important element of the digital identity of Europe, .eu must reflect a similar high

reputation as that enjoyed by the European Union.



Possible financial unsustainability.

Should the volumes in new registrations and

renewals drop, the financial stability of the .eu TLD will be negatively affected.

Although a drastic drop is admittedly not likely for the .eu TLD, it should not be

completely excluded. The negative impact will be further aggravated by the inability

of the .eu Registry operator to differentiate its products and use its expertise to

provide other services, unlike its industry peers which are getting involved in

diversified activities to cope with the rapid changes in the DNS environment. At the

moment the .eu is self-financed. In case financial problems arise, either the price of

.eu domain names will have to increase or the EU may have to contribute to ensure

the continued availability of the .eu TLD.

HY SHOULD THE

ACT

3.1.

Legal basis

According to Regulation (EC) No 733/2002, the legal basis for the EU action is provided

by Article 156 of the Treaty establishing the European Community. Following the entry

into force of the Lisbon Treaty, the legal basis is Article 172 of the Treaty on the

Functioning of the European Union (TFEU).

As it has been doing since its creation and establishment in the EU, the .eu TLD should

continue to improve the interoperability of trans-European networks, in accordance with

Articles 170 and 171 of the Treaty, by providing a complementary registration domain to

existing country code Top Level Domains (ccTLDs) in EU Member States and global

registration in the generic Top Level Domains (gTLDs), and should in consequence

increase choice and competition in the Union domain names market.

The .eu TLD supports online cross-border activities for those users, both commercial and

non-commercial, who wish to clearly signal their link with the EU, the associated legal

framework, and the European market place.

3.2.

Subsidiarity: Necessity of EU action

The .eu TLD has by definition a cross-border dimension: it is the TLD of the European

Union and is a symbol of the European online identity. The existence of a specific

kom (2018) 0231 - Ingen titel

domain name for the European Union under a very clear and identifiable common label

is an important and valuable building block for the European online identity.

Regulatory action in respect of the .eu TLD cannot be sufficiently achieved by the

Member States and can therefore, by reason of the scale and effects of the action, be

better achieved at EU level.

The .eu TLD was established as a country code TLD (ccTLD) such as .de, .be or .uk,

rather than as a generic TLD (.com, .berlin). This has important consequences in that

ccTLD policies (regarding for instance rules for registration, accreditation of registrars,

security related policies and data protection policies) are managed in accordance with the

relevant jurisdiction, oversight and governance mechanisms within the country/public

administration, with no role for ICANN. The ultimate public policy authority for a

national ccTLD Registry rests with the relevant government or public authority.

Accordingly, public policy responsibility for the .eu TLD rests with the European Union.

Regulation of the .eu TLD is therefore within EU competence and cannot be delegated to

the Member States. This does not affect how each Member State manages its own

ccTLD.

3.3.

Subsidiarity: Added value of EU action

The .eu is regulated at EU level because of its very nature. The existence of the .eu TLD

is highly symbolic and reflects the existence of a European online community (of

citizens, institutions and businesses) who wishes to be clearly identified as such. The .eu

TLD gives users wishing to operate across the Single Market a specific European

connotation which is recognised globally

A regulatory framework at EU level for the .eu is useful in order to continue providing

for and expanding a domain name space on the Internet under the .eu TLD, in which

relevant EU law, data and consumer protection rules are applicable.

Regulatory action taken at Member States level would not be able to deliver on the

fundamental objectives standing behind the creation and management of a trusted and

innovative namespace for the EU, to promote the European Union's image on the Internet

and to deliver added value in terms of increased choice for users, in addition to the

national ccTLDs.

There are over 200 testimonial videos published on EURid YouTube channel highlighting the

transnational added value for users opting for a .eu TLD:

https://www.youtube.com/user/Europeanregistry

kom (2018) 0231 - Ingen titel

Moreover, the .eu TLD gives the EU a "seat at the table" in international and

multistakeholder discussions around the domain name system and rules regarding

ccTLDs on the global Internet

BJECTIVES

: W

HAT IS TO BE ACHIEVED

4.1.

General objectives

The general objective of the initiative is to ensure the stability and sustainability of the

.eu TLD, so as to better enable it to achieve its intended mission to:



Encourage online cross-border activities in Europe and support the Digital

Single Market



Enable/build an online European identity

Specific objectives

4.2.

Four specific objectives (SO) have been identified and are linked to the problem and

drivers discussed in section 2.

Table 1. Specific objectives and drivers

Specific Objectives

SO 1

Remove outdated legal/administrative requirements

SO 2

Ensure the rules are future-proof and allow the .eu to

adapt to the rapid evolution of the TLD market and the

dynamic digital landscape, while at the same time

incorporating and promoting EU priorities in the on line

world

SO 3

Ensure a governance structure that both reflects technical

and governance best practices and serves EU public

interest

SO 4

Promote the attractiveness of .eu

Drivers

Outdated Regulations (2.2.1.)

Outdated and rigid Regulations

(2.2.1.)

Rapid evolution of the market

(2.2.3.)

Deficiencies in governance and

accountability (2.2.2.)

Rapid evolution of the market

(2.2.3.)

SO 1: Remove outdated legal/administrative requirements

The European Commission is a full Member of the Governmental Advisory Committee (GAC) of

ICANN, along with all EU Member States. The GAC provides public policy advice to ICANN, in charge

of policy-making in the DNS space. As a GAC Member, the European Commission has the objective to

avoid inconsistencies with the EU acquis, as well as to ensure the security, stability, resilience and

reliability of networks and information systems.

kom (2018) 0231 - Ingen titel

This specific objective aims at addressing the problem driver relating to the outdated .eu

Regulations, which contain obsolete or irrelevant provisions, and are no longer fit for

purpose (driver 2.2.1.). Provisions related to the function of the domain name registry are

obsolete, and other provisions are inadequate to support the sustainability of the .eu

domain given the evolution of the DNS landscape. Lifting administrative constraints will

enable the .eu TLD to function more effectively.

SO 2: Ensure that the rules are future-proof and allow the .eu to adapt to the

rapid evolution of the TLD market and the dynamic digital landscape, while at

the same time incorporating and promoting EU priorities in the on line world

This specific objective aims at addressing the drivers that the market has not only

undergone major changes since the entry into force of the .eu Regulations, but also

continues to dynamically evolve (drivers 2.2.1 and 2.2.3.). These drivers affect both

global Internet governance, and the entire digital landscape.

The .eu regulatory framework should enable the adaptation of the .eu TLD to rapidly

evolving market conditions, technical innovations and the EU's current objectives and

strategies in the area of digital policy and governance. To do so, the rules should be

future-proof. They should allow the necessary flexibility to adapt while at the same time

provide legal certainty to stakeholders.

TLDs are an integral part of the Internet infrastructure. They are an essential element of

the global interoperability of the World Wide Web. As such a TLD operator is a

(technical) stakeholder in global discussions affecting the governance of the technical

resources and functions of the Internet. In fact, ccTLD and gTLDs registries have been

particularly active in Internet governance, either by participating as stakeholders in

international fora or by running activities for the benefit of the Internet community in

their respective countries or constituencies.

The EU prides itself for upholding a strong set of values such as multilingualism, respect

of users' privacy and security, consumer protection, and human rights. The .eu TLD

should promote European values and reflect EU priorities in the domain-name system

(DNS) environment, particularly in light of ongoing changes in global arrangements

affecting digital policies and Internet governance as discussed in section 2. Not using the

.eu TLD as a means to promote EU priorities is a missed opportunity.

SO 3: Ensure a governance structure that both reflects technical and governance

best practises and serves EU public interest

The .eu TLD was established as the TLD for the European Union, with the aim to make

the link with the European Union evident in the online world. The .eu TLD is a tool that

kom (2018) 0231 - Ingen titel

serves both citizens and enterprises in the EU and the EEA. At the same time, this tool

has to operate in the free market and compete with other TLDs.

An appropriate governance structure for the .eu TLD would be one that ensures both that

the .eu TLD can successfully compete in a fast evolving market and that the EU/public

interest is served/upheld. This specific objective is linked to the problem driver described

with respect to governance (driver 2.2.2.).

SO 4: Promote the attractiveness of .eu TLD

The main goals behind the creation of the .eu TLD were to improve the visibility of the

EU’s internal market on the Internet, provide a clear link with the EU and promote its

image. To better enable the .eu TLD to fulfil its role, its use as an online European

identity should be enhanced. In line with the .eu TLD’s mission (referred to under

Section 4.1), this specific objective seeks to ensure that options explored under this

initiative will promote the attractiveness of the .eu TLD by means of reinforcing it as a

trusted extension, supporting its competitiveness in the TLDs market, and attracting

competition with respect to future would-be .eu Registry operators.

HAT ARE THE AVAILABLE POLICY OPTIONS

The EU does not exert any oversight or control on how the domain name market evolves

at international level. The evolution of the global TLD market is expected to continue,

driven by constant technological developments. Therefore, the options that will be

examined below are mainly, but not exclusively, extrapolated from the drivers relating to

"the outdated and rigid legislation" and the "governance mechanisms". At the same time,

issues emerging from the "rapid evolution of the market" are taken into account

horizontally.

A matrix of options has been mapped taking into consideration these aspects, with a view

to facilitate the description of the options and their assessment. The two axes of the

matrix correspond to the "governance" variable (spanning from hands-on to light

governance) and the "legal framework" variable (spanning from a rigid to a flexible

framework). The two variables are embodied – at different level – in each of the assessed

options.

Figure 2. Options' matrix

kom (2018) 0231 - Ingen titel

The matrix identifies the following options:



Baseline (Status Quo) scenario

Commercialisation

Modernisation of the legal framework

Separate governance

Institutionalisation (including Internalisation and EU agency)

The purpose of the REFIT exercise is to assess policy options that would provide

solutions to the problems identified in terms of governance and legal framework. In the

context of the .eu TLD, this includes the removal of unnecessary administrative burdens

to significantly ease the management of the .eu TLD both at Commission and at registry

level. Given the purpose of REFIT as applied to the .eu TLD, options that would entail a

high degree of "rigidity of the legal framework" coupled with a high degree of "light

governance" are not considered adequate and therefore are not taken into account. That is

why no policy options are identified on the lower left side of the matrix.

New rules introducing the possibility for the .eu Registry to sell directly to registrants,

also known as vertical integration, and potential changes in the eligibility criteria for

obtaining a .eu TLD can be implemented whatever decision is made on what option to

pursue, and would lead to similar impacts. For this reason, the description and impact of

kom (2018) 0231 - Ingen titel

the rules relating to vertical integration and eligibility criteria are provided and assessed

separately in section 5.4 and 6.5.1.

The policy options, including the baseline scenario, are described below, with analysis of

the practical impact of each option, and a high level assessment of the advantages and

issues in relation to the objectives (sections 5.1 and 5.2).

5.1.

What is the baseline from which options are assessed?

STATUS QUO

(BASE LINE SCENARIO)

The status quo entails maintaining the current regulatory framework for the .eu, which

includes two Regulations (Regulation (EC) No 733/2002 and Commission Regulation

(EC) No 874/2004) and the contractual arrangements with the selected .eu Registry.

The current concession contract with EURid (the existing .eu Registry operator) was

concluded following the rebid of the .eu TLD in 2013. The initial term of the contract is

5 years, starting from 13 October 2014 and expiring on 12 October 2019. The contract

allows the parties to agree to extend it on two occasions for additional periods of

maximum 5 years. Alternatively, on expiry of the initial term on 12 October 2019, a new

call for expression of interest could be launched on the basis of a new non-discriminatory

selection procedure.

The service concession contract grants the Commission powers to intervene in the

management and operations of the .eu Registry, particularly on matters of corporate

governance, conflicts of interest and financial accountability. Effective enforcement of

such provisions is crucial to avoid any potential mismanagement of the .eu TLDs which

would, in turn, lead to a decrease in trust of the .eu TLD name.

Following the decision from the United Kingdom to withdraw from the European Union,

and subject to any relevant provision in the agreement on the future relationship between

the European Union and the United Kingdom, undertakings and organisations that are

established in the United Kingdom but not in the EU and natural persons who reside in

the United Kingdom would not be allowed to register .eu domain names, and the rights

of UK-based registrants regarding .eu domain names would be subject to revocation from

the .eu Registry

https://ec.europa.eu/digital-single-market/en/news/notice-stakeholders-withdrawal-united-kingdom-and-

eu-rules-eu-domain-names

kom (2018) 0231 - Ingen titel

In the context of stagnation in domain name registrations across the EU, increased

competition from new gTLDs, and changing paradigms in Internet technological

development such as the Internet of Things, several ccTLD registries have begun to

diversify their activities. This is a trend that the .eu Registry cannot effectively keep pace

with due to the combination of the details and rigidity of the current .eu Regulations.

5.2.

Description of the policy options

OPTION 1: COMMERCIALISATION

This option would entail the substantial simplification of Regulation (EC) 733/2002 and

the repeal of Regulation 874/2004 that contains most of the outdated provisions

described in section 2. The operation and management of the Registry would be

outsourced to an external for-profit service provider without direct oversight from the

Commission. The legal simplification would aim at extensively streamlining the content

of Regulation (EC) 733/2002 to grant the Commission the right to outsource the

operation and management of the .eu TLD name. The core provision of the simplified

Regulation would specify that the EU is the entity responsible for the .eu TLD

and that

the Commission is in charge of designating the Registry on the basis of an open,

transparent and non-discriminatory selection procedure. No detailed provisions on the

operation of the Registry would be retained.

This option would provide a high level of flexibility, allowing the .eu Registry to adapt

quickly to changing market conditions. On the other hand, it would significantly limit

oversight by the Commission. The .eu Registry might still have to operate within an

established framework and abide by certain conditions, which should be specified in a

contract. The .eu Registry would however act in a purely commercial environment, on a

for-profit basis.

OPTION 2: MODERNISATION OF THE LEGAL FRAMEWORK

This option would entail replacing the current legal framework with one principle-based

legal instrument, establishing the main objectives and raison-d'être of the .eu TLD

(including its alignment to EU priorities) and guaranteeing essential transparency and

flexibility.

All outdated provisions (described in section 2) would be either deleted (if not relevant

anymore) or brought in line with current practices.

As per today, see Article 7 of Regulation 733/2002 holds that all ownership rights relating to the .eu

TLD belong to the European Union which is represented to that end by the European Commission.

kom (2018) 0231 - Ingen titel

More detailed implementing provisions laying down Public Policy and Procedures

(PPPs) would be contained in a separate document directly incorporated into the contract

between the European Commission and the appointed Registry operator.

In that context, principles pertaining to the eligibility criteria, registration and revocation

of domain names, accreditation of registrars, characteristics and obligations of the

registry, designation of the registry would be laid down in primary legislation, to be

further articulated in precise policies through the contract.

This policy option entails the continuation of an external management system, based on a

contract between the Commission and a third party, with enhanced control mechanisms.

To ensure the effective oversight of the .eu Registry, easy to implement oversight

provisions should be inserted in the contract, such as foreseeing a strengthened

participation of European Commission representatives in the Registry's Board. In this

option, the daily operational management would be guaranteed by high-standards,

provided that the contractor has the necessary technical expertise in-house. The

management of an external entity also ensures an appropriate market strategy for the .eu,

given that the external contractor puts in place all possible measures to achieve such

business objectives whether on a for-profit or on a not-for-profit basis.

OPTION 3: SEPARATE GOVERNANCE

This option combines the modernisation element of option 2 with the creation of a

separate body, which would have an advisory role. Amongst its foreseeable tasks, there

would be the advising on high-level priorities, strategy and activities of the .eu TLD. It

would additionally provide expert advice to the Commission with respect to the oversight

role of the latter over the .eu Registry (including on the surplus generated by the sale of

the .eu TLD names). Its membership would be open to experts in the EU's domain name

business, technical community, governments and international organisations, civil

society academia. In order to prepare advice the separate body would need to engage in a

structured dialogue with the Registry.

As in option 2, the management of the .eu TLD and the daily operational activities (i.e.

technical operations, marketing, etc.) would be outsourced through a contract to the

Registry operator. This contract would specify the detailed terms and conditions for the

relations between the Registry operator and the separate body. From a practical

perspective, the European Commission would retain a light-touch oversight on the .eu,

while more technical and operational aspects would be dealt with by the Registry

operator.

kom (2018) 0231 - Ingen titel

The basic practical modalities of setting up the separate body will be decided according

to the requirements laid down in the future principles-based regulation. These

requirements will not only serve as legal basis to build on the new separate governance

structure but will also clarify its key aspects. The set-up of this governance structure

could be executed by the Commission using established principles on expert groups. The

legal requirements would include:

a) Measures to guarantee that the newly formed governance body has the necessary

autonomy and independence from the Registry;

b) The guarantee that the newly formed governance body will work in line with

Commission's objectives and policies;

c) The key tasks (in principle, only advisory) entrusted to the newly formed

governance body and its relations

vis-à-vis

the Commission and the Registry;

d) The role and powers of the Commission

vis-à-vis

the Registry and the newly

formed governance body (e.g. the oversight power of the Commission over the

Registry).

The new governance structure will be designed in a way which reflects the Internet

Governance Multi-stakeholder approach. Representatives of all relevant stakeholders will

hence be able to participate in the dialogue and thus shed further light on the likely

consequences of decisions and advise on the implementation of .eu ccTLD. The members

of the new governance body will be appointed by the European Commission on the basis

of an open and transparent procedure aimed at limiting any risk of potential conflicts of

interest. For the elaboration of this option, we have looked for best practices in the

ccTLD community and we have drawn inspiration from the Austrian, the Norwegian, the

Brazilian and the New Zealand models which have structures ensuring a "separation"

between the technical and operational tasks of the operator and the oversight structures

for the definition of registry policies with the involvement of the following stakeholders:

registrars, user groups, Internet service providers, trade associations and government. It is

generally found that bottom-up, consensus driven policy making is the most effective

governance mechanism for Internet organisations, while benefitting from the expertise of

stakeholders, who are responsive to changes in the industry. A description of ccTLDs

best practices is contained in Annex 6. The promotion of multistakeholder governance

structures is a stated commitment by the European Commission as part of the basis for a

common European vision for Internet governance

OPTION 4: INSTITUTIONALISATION

Communication on "Internet

Policy and Governance - Europe's role in shaping the future of Internet

Governance,

kom (2018) 0231 - Ingen titel

Options that would entail a much stronger involvement and oversight from the EU would

bring the management and operation of the Registry within a department of the European

Commission or an EU body, like an EU Agency. This option would provide longer-term

stability and business continuity in the operation and management of the .eu TLD.

In particular, the following alternative sub-options were explored:

a) INTERNALISATION

This sub-option foresees the handover of the management of .eu TLD to the IT operating

arm of the Commission (DG DIGIT). DG DIGIT is already in charge of some tasks for

managing certain .eu TLDs and managing the .europa.eu TLD. Internalising the

management of the .eu TLD name within the Commission services (DIGIT) would

require a significant degree of outsourcing –at least in the early stages-, since the

Commission does not possess the administrative capacity to directly implement and

manage the .eu TLD.

b) EU AGENCY

This sub-option entrusts the management of the .eu TLD to an EU agency. EU agencies

are governed by European Union law, have their own legal personality, and are set up

and governed by secondary legislation. A potential candidate is the European Union

Intellectual Property Office (hereafter "EUIPO"). In the context of this REFIT exercise,

EUIPO made a proposal for the incorporation of the .eu Registry within the Agency. An

alternative would be the European Union Agency for Network and Information Security

(ENISA).

Under this sub-option, an expansion of the mandate of the EU agency would be required.

A similar extension was managed by EUIPO in 2012 when the European Observatory on

Infringements of Intellectual Property Rights (formerly the European Observatory on

Counterfeiting and Piracy) was handed over by the Commission to the Agency. This was

done via the adoption of a Regulation entrusting the Observatory to EUIPO, without the

need to amend the founding Regulation of the Agency. A similar process could be

foreseen for entrusting .eu TLD to an EU Agency.

5.3.

Options discarded at an early stage

A preliminary analysis of each of the identified options against the Specific Objectives

(described in section 4.2.) shows that a number of options are not relevant, as they are

unlikely to achieve the objectives previously identified. In particular, the early discarded

options are: Commercialisation, Internalisation and the sub-option of a transfer to

ENISA.

kom (2018) 0231 - Ingen titel

OPTION 1: COMMERCIALISATION

This option would have the main advantage of ensuring that the registry operator

provides good service and that the Commission gets competitive bids from a wider range

of registry operators. However this option was discarded at early stage, because it does

not fulfil the policy objective of ensuring a European online identity, as well as the

specific objectives S03 and S04 as described above. Therefore the option of

commercialisation has not been further analysed in chapter 6.

More specifically, the option is likely to create a fully commercial .eu TLD in which

there would be little guarantee that EU values or objectives would be prioritised and

adequately pursued. Moreover, weakening the involvement of the EU in an area which is

becoming highly sensitive (such as the policy-making in the DNS space) and in a

political context where increased political attention is given to issues related to the

security and trust on the Internet, would not be in line with the current political context.

Stakeholders' views:

Such an option does not have support from stakeholders. In the online public

consultation, 70% of respondents strongly agreed that the .eu TLD should continue to be

operated by a non-for-profit organisation.

OPTION 4(a): INTERNALISATION

Preliminary analysis shows that this option is not relevant, as it would not enable the

overarching objectives to be reached. Under the option it would still be necessary to have

a contract with an external provider to ensure the necessary daily operational activities.

The option is therefore not technically feasible and it is discarded.

OPTION 4(b)(ii): EU AGENCY/ENISA

Both agencies' fields of expertise would represent an asset for the management of the .eu

TLD. EUIPO could contribute to further strengthen the economic synergies between

trademarks and the domain name industry, and ENISA would provide solid know-how

and advice aimed at guaranteeing a secure and resilient domain name system. However,

neither of the two agencies embodies the core values of Internet governance which go

beyond the provision of an efficient infrastructural management. In addition, it is crucial

that the .eu Registry operator will be a far-reaching and credible interlocutor in the area

of domain names and Internet governance, on the full spectrum of issues including

market and policy perspectives.

Despite the aforementioned considerations, the option of moving the .eu Registry to

ENISA in particular is early discarded due to its political and technical implausibility.

kom (2018) 0231 - Ingen titel

Considering that the extension of the mandate of ENISA, as part of the cybersecurity

package currently being examined by co-legislators, already foresees a number of new

tasks for this agency, incorporation of the .eu is not a realistic option. Moreover, this

agency does not currently have the technical capacity for the operation and management

of the .eu. Acquiring it would be costly and inefficient.

This analysis is synthesised in the table below and is further detailed in Annex 5 on early

discarded options.

Table 2. Options' outlook

Effectiveness

OPTIONS

Technical

feasibility

SO1

SO2

SO3

SO4

Efficiency

Overall

balance of

Cost/Benefit

Coherence

DSM

Commercialisa

tion

Institutionalisa

tion

- a.

internalisation

- b.i Existing EU

Agency

(EUIPO)

- b.ii Existing

EU Agency

(ENISA)

Modernisation

Separate

Governance

✓

5.4.

Options relating to Vertical Integration and Eligibility Criteria

As explained in the introduction of section 5, two specific aspects of the current

legislative framework are analysed separately in the assessment of the policy options:

- introduction of the possibility for the .eu Registry to offer direct registration to

registrants in view of changed market conditions (vertical integration);

- changes in the eligibility criteria for obtaining a .eu TLD in order to enhance the

use of the .eu TLD as an online European identity.

kom (2018) 0231 - Ingen titel

Possible modifications of these rules can be introduced in each of the policy options

retained as relevant for further analysis (Modernisation of the legal framework, separate

governance option or transfer to EUIPO) and would lead to the same impacts (see

Section 6 below).

Vertical Integration

There are three registration models currently observed in the DNS market: Vertical

Integration (close model), Vertical Separation (also known as Registry-Registrar-

Registrant model (‘3 Rs’ model), and Mixed. Please refer to Annex 7 for further details

on each model's specifications, as well as an overview of their implementation in the

European market. Currently, the .eu Registry implements the '3 Rs' model. Today's .eu

legal framework

expressly forbids the Registry to act as Registrar, in line with a strict

separation between the role of Registries and Registrars as mandated for gTLDs by

ICANN at that time (as described in section 2.2 "rapid evolution of the market"). Such

restriction at the level of primary legislation appears to be inconsistent with the market

practices in the ICANN environment, where a prohibition on vertical integration for

gTLDs was lifted in 2010.

The new .eu legal framework will have to provide legal specifications in order to either:

a) Require the appointed Registry operator to implement Vertical Separation (as

per today);

b) Allow the appointed Registry to implement Vertical Integration or a mixed

model.

c) Lift the strict requirement for Vertical Separation with a view to allow the

appointed Registry operator to provide direct registrations only through its

website, while for additional services (such as email, webpage, etc.) the end user

will still be directed to a registrar. In other words the Registry will not be allowed

to become a full registrar but will only be able to give the end user the

opportunity to register a domain name directly through its website.

Out of these possible policy choices, the second one is discarded. Although allowing the

Registry to also act as a registrar would be feasible, this would nevertheless require that

sufficient safeguards are put in place to prevent anti-competitive behaviours by the

integrated .eu Registry & Registrar operator. This would mean that non-discriminatory

clauses would be needed to ensure that the vertically integrated .eu Registry & Registrar

Art 3(4) of Regulation 733/2002.

kom (2018) 0231 - Ingen titel

will not treat more favourably its own Registrar services/activities (including in terms of

wholesale pricing for the .eu domain names or related services) compared to the

treatment that third-party Registrars would obtain and that the .eu Registry & Registrar

would not impose unfair terms on competing Registrars. Monitoring that such non-

discriminatory clauses are respected would imply setting up an adequate system at the

Commission end.

Aside that, there are strong market and policy reasons for caution with regard to the

introduction of the vertical integration model, given that registries are dependent on

strong relationships with the registrar channel in order to achieve market success. Most

registrars market several TLDs, and make their margins through value-add services such

as hosting, websites and email services. Therefore, there is significant commercial risk

for a registry entering into direct competition with its own marketing channel –

particularly if this raises suspicions among registrars

that the registry will seek to give

itself preferential business terms increasing and distorting competition. Such concerns are

reduced in the context of the current .eu Registry operator which has obligations to deal

with all registrars on equal terms. Yet, well established relations between the .eu Registry

and its network of registrars would be shaken. Besides, .eu registrars were negative to the

introduction of vertical integration during consultations.

Eligibility Criteria

Eligibility criteria aim at creating restrictions on those eligible to register in a TLD. The

.eu Regulations contain limitations, which determine that .eu registrants have to be based

in the European Union.

The options available are to:

a) Maintain the residency eligibility criteria as per current regulation

; or

b) Introduce a citizenship criteria regardless of whether the natural person is or

not resident in the EU, while maintaining the residency criteria for both natural

and legal persons; or

As signalled in targeted consultation activities with the .eu registrars.

Article 4, Regulation (EC) 733/2002, […] The Registry shall: […] (b) register domain names in the.eu

TLD through any accredited.eu Registrar requested by any: (i) undertaking having its registered office,

central administration or principal place of business within the Community, or (ii) organisation established

within the Community without prejudice to the application of national law, or (iii) natural person resident

within the Community.

kom (2018) 0231 - Ingen titel

c) Introduce a full deregulation, where no citizenship/ residency criteria apply.

This entails the adoption of a fully open, first-come, first-served registration

system.

HAT ARE THE IMPACTS OF THE POLICY OPTIONS

This initiative concerns the functioning and management of a top-level domain name

(ccTLD). This is a predominantly technical, sector-specific issue pertaining to the

domain name system (DNS) industry. Moreover the initiative is aimed at better enabling

an already well-established domain to function within a changed and continuously

evolving environment. Therefore the impact of the intervention is going to be limited and

to affect mostly the following stakeholders: first and foremost the Registry, that will have

to implement the new framework; secondly, the network of accredited registrars that

might need to adapt some of their day-to-day operations; and thirdly the European

Commission, to the extent that the different options change its role in terms of oversight

of the registry and with respect to the overall policies for the TLD's implementation.

Registries of other TLDs and other stakeholders in the domain name ecosystem, whereas

they are well placed to evaluate the .eu framework and future options against current

practices in the DNS ecosystem, will not be affected by the intervention.

As mentioned, the initiative is aimed at facilitating an operational domain to function

better. It will therefore not bear significant direct impacts on end users, i.e. registrants or

potential registrants. Indirect impacts on citizens and SMEs are expected to the extent the

various options will ensure they will continue to enjoy the benefit that the .eu TLD brings

to end users (deriving from the link to the online EU identity and the single market).

The options are compared to the baseline (efficiency) and assessed with respect to the

level they contribute to achieving the Specific Objectives set for the initiative

(effectiveness), described in section 4.2.

This initiative does not have any environmental impacts.

6.1.

Baseline

The .eu TLD's key objective was to promote the use of, and access to, the Internet and

online marketplace, by providing a complementary registration domain to existing

ccTLDs and gTLDs, and in consequence increase choice and competition. Domain

names are part of a suite of factors that enable Internet access alongside essential

physical infrastructure, low prices for Internet services (dependent on vibrant competition

amongst providers), and high speed broadband. Once basic access is possible, domain

name registration enables both e-commerce and non-commercial activities in the online

environment, through websites and email.

kom (2018) 0231 - Ingen titel

According to the evaluation findings, the .eu TLD is used today by companies to "show"

that they are European and open for business across the 28 EU Member States and EEA

countries. The .eu TLD is viewed as a sign of quality and trustworthiness (according to

the same findings): a .eu website indicates that it belongs to a legal entity in the EU and

is therefore subject to EU law and trading standards. It is also used by individuals as a

trusted, online tool to convey their ‘European-ness’ in the online world. This is the

qualitative benefit (B) the .eu TLD brings to end users and it is one that cannot easily be

quantified as it comes in terms of access to broader markets and inspiring more trust.

Two main groups of impacts can be identified, looking into the baseline: impacts with

respect to the functioning of the .eu market and impacts with respect to regulatory costs.

Functioning of the .eu market

General introduction

According to the current Regulations, the .eu Registry is prohibited from acting as

Registrar.

The .eu Registry works with a network of accredited registrars to provide .eu

registrations to end users. There were 715 accredited registrars at the end of Q3 2017

Since January 2013, in order to remain in line with its contractual obligation to work at

cost, the .eu Registry changed the renewal and term extension fee of a domain name from

€4 to €3.75. At the same time, to be more competitive in the dynamic TLD market,

EURid launched the Customised Reduction Schemes (CRS) for its registrars, which

enable reduced new registration fees according to the registrar’s sales volumes. As of

January 2017, the basic fee for a new domain name for those registrars subscribing to the

CRS is €1.75. In Q1 2017 98% of registrations were made by the 331 registrars who

joined the CRS in 2017. The price referred to above is the price the .eu Registry sells to

Registrars. The price the end users get depends then on the Registrars and any additional

services they provide with the domain name. Retail prices for .eu TLDs can vary from as

low as €0.99 (special registrar promotions) up to €100 or €200 if the domain is bought

with value-added services such as content management, security features, or many email

addresses.

Competition and size of the .eu market

The .eu TLD is one of the largest ccTLDs in the EU, and has 3.7 m registrations as of

2016. Average annual growth for .eu has been +4.6% over the past ten years

. Over the

See Article 3(4) of Regulation (EC) No 733/2002, and recitals 2, 3, 4 and Article 4 of Regulation (EC)

874/2004.

EURid Q3 2017 Quarterly Report:

https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-

b50e2c45601f/quarterly_report_q3_2017.pdf

kom (2018) 0231 - Ingen titel

past five years, however, growth has remained relatively static and 2015 saw negative

growth for the first time in .eu’s history.

Figure 3. Yearly growth of .eu domain names (2009-2016)

Considering the new round of gTLDs and the subsequent plethora of available TLDs

which may be substituted for .eu TLDs, as well as the stagnation in the ccTLD market,

the volumes in new registrations and renewals for the .eu TLD are likely to continue to

drop. Although a dramatic drop is not foreseen for the .eu TLD, such an eventuality

should not be altogether excluded.

In the event of a significant drop in .eu registrations, the financial sustainability of the .eu

TLD would be negatively affected. Sustainability is guaranteed mainly by renewals. The

following renewal scenario is calculated in the Operating Plan and Budget 2018 by the

current .eu Registry:

Table 3. Renewal scenario (2018)

Renewal rate

50%

55%

60%

65%

70%

75%

Non-renewals

1,898,562

1,708,704

1,518,849

1,328,990

1,139,134

949,278

Surplus (in EUR)

-1,372,885

-1,063,624

-754,376

-445,116

-135,864

173,391

Source, EURid annual report 2016

https://eurid.eu/media/filer_public/61/6a/616a9b08-13ca-4379-8e11-

0a3580201bb5/annual_report_2016.pdf

kom (2018) 0231 - Ingen titel

80%

80.1%

85%

759,423

738,122

569,564

482,641

563,316

791,902

The current .eu Registry’s 2018 budget takes into account an average renewal rate of

80.1% (projection). Should the renewal rate fall, the surplus will become negative from

the moment these drop below 72.2%.

As discussed in section 5.1, following the decision from the United Kingdom to

withdraw from the European Union, and subject to any relevant provision in the

agreement on the future relationship between the European Union and the United

Kingdom, undertakings and organisations that are established in the United Kingdom but

not in the EU and natural persons who reside in the United Kingdom would not be

allowed to register .eu domain names, and the rights of UK-based registrants regarding

.eu domain names would be subject to revocation from the .eu Registry.

The .eu registrations in the UK amount to 8% of the total .eu registrations

. It is

impossible to foresee how many of these registrants would actually give up their domain

name or re-register it through another country (possible in case an enterprise has a branch

in another EU country or in case of a natural person if the person has a second residency

in an EU country) or even re-register it through so-called proxies.

Access to the .eu

There is relevance between the current rigid legal framework and access to the .eu TLD,

with the latter being negatively impacted by rigidity.

As a recent example, the .ею extension (.eu in Cyrillic) was launched on 1

June 2016.

Within the first month of its launch 780 new domain names were registered under the

new Cyrillic extension, .ею. Today there are 1.968 registrations in .ею. This means that

there was a loss of 780 times the .eu benefit (B) for the time end users had to wait for the

.ею extension to be implemented

EURid Quarterly report, Q3 2017

New domain extensions are delegated by ICANN. Both the .ею extension (.eu in Cyrillic) and the .ευ

extension (.eu in Greek) entered a lengthy evaluation process at ICANN level. The .ευ in Greek has yet to

be resolved. Nevertheless for these IDN extensions to be launched, the ‘homoglyph bundling’ rule had to

be enabled to protect end-users from possible confusing similarity issues. To introduce ‘homoglyph

kom (2018) 0231 - Ingen titel

According to the Regulations, .eu is provided through the network of accredited

registrars as mentioned before. Currently there are some countries, like Bulgaria or

Malta, where the accredited registrars are both few in number and they do not actively

promote the .eu TLD as well. There is low interest from the registrars' side and a

preference for other TLDs, mostly the new gTLDs. With the Registry not being able to

reach out directly to end users, the outcome is that in these underserved markets, end

users have less choice.

The current .eu Regulations establish a "residency principle" for registrants. That means

that an EU/EEA citizen who is living abroad but still has an EU/EEA nationality and

passport is not allowed to register a .eu TLD name, despite being eligible to vote in

national elections

. These EU/EEA citizens suffer the loss of the .eu benefit (B) that

would otherwise be at their disposal should they choose to use it.

Oversight

It is of the utmost importance that the .eu Registry is operated under the strictest rules of

transparency, fairness and accountability, and to the highest technical standards; potential

mismanagement, corporate or technical, will lead to a risk of mistrust in the .eu TLD as a

reliable online extension which in turn will diminish the benefit of the tool for the end

users. Problems with proper oversight could lead to not reaching the .eu benefit (B).

Flexibility

Amending the .eu Regulations can take several months. When new technical

improvements to the DNS are introduced, other ccTLDs and gTLDs can offer them to

their end users at once. End users of the .eu TLD consequently suffer a loss through not

being able to enjoy the benefits of the new technical improvements for the time it takes to

amend the .eu Regulations.

ii)

Regulatory costs

Compliance costs

The .eu legal framework foresees the allocation of a registry to organise, administer and

manage the .eu TLD. EURid was established as a joint venture between the ccTLD

operators of Belgium, Sweden, Italy and Czech Republic, with the sole intention of

running the newly established TLD. Therefore all of EURid's costs are linked with the

bundling’, Commission Regulation Commission Regulation 874/2004 had to be amended. The process

took the Commission 19 months.

It is important to bear in mind that the right to vote in national elections is not only dependent of

nationality and/or passport rights.

kom (2018) 0231 - Ingen titel

implementation of the .eu legal framework. The total costs of fiscal year 2016 were €

11.365.237

Figure 4. Evolution of costs

In accordance with the .eu legal framework, the Commission assumes the role of

supervising the .eu Registry by means of a contract

. The Commission exercises its

supervising role by scrutinising the .eu Registry's reports, organising formal biannual

meetings and ad hoc meetings, and through requests for information at any time. The

additional calculations below take into account:



Periods when amendments to the Regulations have to be introduced to allow

technical updates; and

Periods when the service concession contract has to be negotiated (through a new

call for expression of interest) or renegotiated (through extension of the existing

contract).

EURid Financial Report H2 2016.

Internal compliance cost.

kom (2018) 0231 - Ingen titel

There need to be two Commission officials devoting 50% of their time to the required

action relating to .eu TLD, and a head of unit devoting 5%. Considering the average total

cost of a Commission official is 143.000 €

, the compliance cost for the Commission

equals to 150.150 €

For end users the cost they incur is equal to the retail cost of a .eu TLD name.

Registrars' costs are equal to the price paid by a registrar to the registry for a .eu plus the

cost of the administrative procedure to check an applicant is eligible for a .eu TLD.

Administrative Burden

Under current .eu Regulations the actor incurring external administrative burden is the

.eu Registry. An examination of the mandatory information obligations (IO) EURid

currently has with regard to the European Commission through the 'Standard Cost Model'

(SCM) reveals that the .eu Registry is incurring a cost from administrative burden that

equals to €115.688. Ten IOs need to be carried out by EURid. Please see table with

detailed calculations of these ten IOs in Annex 8.

Some internal administrative burden is felt at Commission level. In particular eight IOs

are part of Commission's workload when it comes to implementing the current .eu

framework. According to SCM calculations in Annex 10 the Commission is incurring a

cost from administrative burden that equals to €40.322.

Delay costs

As mentioned above, amending the .eu Regulations can take several months. When new

technical improvements to the DNS are introduced, other ccTLDs and gTLDs can offer

them to their end users at once. The .eu end users suffer a loss of not being able to enjoy

the benefits of the new technical improvements for the time it takes to amend the .eu

Regulations.

Monitoring / enforcement costs

The current .eu Registry is obliged by the contract to run an annual external audit on its

financial accounts. The amount paid annually to the external auditors equals to 29.000 €.

Average total cost in legislative financial files.

2 x (50% x 143.000) + 1 x (5% x 143.000) = 143.000 + 7.150 = 150.150 € . This calculation considers

the cost of two officials (at an average cost of 143.000€) devoting 50% of their time, plus one official with

oversight functions devoting 5% of his/her time.

kom (2018) 0231 - Ingen titel

The cost of non-enforcement of the .eu legal framework could potentially equal to the

loss of the benefit the end users enjoy from the .eu TLD.

The baseline scenario is not relevant as an option, as it would not allow reaching the

objectives of this initiative. It is analysed as a threshold to compare impacts from other

options.

6.2.

Option 2. Modernisation of the legal framework

Efficiency

the .eu market

A lightweight, principles-based framework would mitigate the negative impacts

experienced currently under the baseline scenario. It would provide the necessary

flexibility for the .eu TLD to adapt to rapidly changing technical improvements to the

DNS. End users would thus not suffer a loss through not being able to enjoy the benefits

of the new technical improvements for the time it takes to amend the Regulations. A

better functioning .eu would be more attractive in the TLD market stirring competition

between registrars, which in turn would be expected to a) possibly push end users prices

further down, b) ensure availability of the .eu and its B to EU society, c) boost

registrations and moving away from the scenario of the reduction of the renewal rate

below the threshold that would threaten the financial sustainability of the domain name.

The governance structure and oversight are currently dealt with extensively in the

contract between the registry and the Commission. The option foresees ways to enhance

supervisory mechanisms via the contract but not a change per se in the existing

governance model. Improvements through the contract are easy to introduce, they can

bring about different level of efficiency in terms of oversight depending on their

implementation, considering the existing contract already includes provisions on

transparency and accountability yet there is a risk of potential mismanagement. Problems

with proper oversight could lead to not reaching the .eu B.

Regulatory costs

Compliance cost for the registry is not expected to change under this option. Even if the

framework is lighter, there would still equally be a need and obligation stemming from

the framework to properly organise, administer and manage the .eu TLD.

For the Commission, nevertheless, the lighter framework would reduce the time that

needs to be devoted. Benefit arise from: not having to go through lengthy review

processes to introduce e.g. technical amendments; from simplified and streamlined

administrative procedures (e.g. list of reserved names for institutions); from the ability to

focus on strategic priorities and monitoring of adherence to high-level principles, rather

than technical/operational detail or administrative processes. In particular periods when

amendments to the Regulations have to be introduced would be replaced by shorter faster

procedures, reducing rather drastically the time and effort on the Institutions side to

implement technical improvements for the .eu TLD. Considering a second Commission

kom (2018) 0231 - Ingen titel

official would only need to devote 10% of his/her time to the .eu TLD the compliance

cost for the Commission could be reduced by €57.200

The administrative burden both for the .eu Registry and the Commission would not

change under this option. Although the option entails a simplified way to introduce new

features without the need to update primary legislation, the IOs needed (that mostly stem

from the oversight role of the Commission over the Registry) would not change.

Delay costs would be significantly reduced, as there would be no lead time of numerous

months to introduce necessary technical or operational improvements to the functioning

of the .eu TLD. Monitoring costs are not expected to change.

End users and registrars are not expected to be affected (in terms of the price they pay for

a .eu). Registrars might benefit from increased ability of registry staff to focus on the

registrar channel as a result of simplifying and reducing administrative / compliance

requirements. End users might benefit from enhanced ability of the .eu TLD to be at the

forefront of technical and market innovations in the domain name sector.

Effectiveness

SO1 - Remove outdated legal/administrative requirements

A lightweight, principles-based framework would achieve the objective of removing

outdated legal/administrative requirements. Primary legislation would only contain the

principles the functioning of the .eu TLD must abide by, while all unnecessary and

detailed administrative and technical requirements that are outdated (such as those

discussed in section 2.2.1) would be deleted.

It would also entail the ability (for Commission and .eu Registry) to focus resources on

strategic issues rather than administrative processes.

SO2 - futureproof rules that allow the .eu to adapt to the rapid evolution of the TLD

market and the dynamic digital landscape, while at the same time they incorporate and

facilitate promotion of EU priorities in the on line world

A lightweight, principles-based framework would achieve the objective of ensuring the

rules are future-proof and allow the .eu to adapt to the rapid evolution of the TLD market

and the dynamic digital landscape. An adaptable, flexible framework would ensure the

continuing relevance and attractiveness of the .eu TLD, to the registrar channel, to EU

start-ups and SMEs. The competitiveness of the .eu TLD would be enhanced with the

ability to innovate, diversify, build on the strengths of the existing business and its

The compliance costs for the Commission would be as follows: 1 x (50% x 143.000) + 1 x (10% x

143.000) + 1 x (5% x 143.000) = 71.500 + 14.300 + 7.150 = €92.950.This calculation considers the cost of

an official (at an average cost of 143.000€) working at 50%, another official working at 10% and a third

one at 5%.

The difference with respect to the base line scenario is calculated as follows: €150.150 - €92.950 = €57.200

(compliance costs for the base line scenario are explained in footnote 48).

kom (2018) 0231 - Ingen titel

reputation to further develop product and service offerings and pursue excellence.

The existing service concession contract contains some obligations for the registry to

promote EU priorities in the online world, including to provide services in the official

languages of the EU (Annex 1, B1 of the contract), innovation (ibid), appropriate security

measures (Annex 1, B2), involvement in relevant Internet governance organisations

(Annex 1, B3.2); the service concession contract also annexes the .eu Registry’s bid

which contains substantial commitments in respect of EU values and priorities in the

general interest, including multilingualism, combatting climate change and cybersecurity.

Yet enshrining obligations to uphold EU values in the updated legislation, and use of the

.eu TLD as a vehicle to promote EU priorities (including trust and security in the online

world) would give greater transparency to such obligations and raise public awareness of

the .eu TLD’s strong links with EU values.

SO3 – governance

The option foresees ways to enhance supervisory mechanisms via the contract between

the Commission and the Registry. Explicitly allowing the participation of the European

Commission in the Registry's Board would be an easy to implement mechanism to allow

a more direct involvement in the strategic decisions of the Registry.

Improvements through the contract are easy to introduce, they can bring about different

level of efficiency in terms of oversight depending on their implementation, considering

the existing contract already includes provisions on transparency and accountability yet

there is a risk of potential mismanagement.

SO 4 – Promote the attractiveness of the .eu

A modernized framework would contribute to the enhancement of an attractive, relevant

.eu TLD (including for start-ups and SMEs), with the potential for new and innovative

service offerings, for example by promoting uptake of .eu TLDs in other scripts used in

official EU languages (i.e. Greek and Cyrillic script) so that EU businesses can register

.eu TLDs in their own language. In the medium to longer term, it is foreseeable that

technological changes in Internet usage (e.g. the Internet of things) would bring

innovation and change to domain name markets – the .eu TLD should be enabled to be at

the forefront of innovation in the future.

Coherence with other Policies

The initiative would be highly coherent with the existing and forthcoming policies, in

particular in the area of the internal market. By improving and making more efficient the

management of the .eu TLD, it would become an even more strategic tool to positively

complement EU policies in particular in the area of the digital single market, trust and

security on the Internet, multilingualism, Internet governance, promotion of European

entrepreneurship and start-ups.

By reflecting and complementing ongoing efforts aimed at ensuring high consumer

protection safeguards in the domain names environment and prevent DNS Abuse, this

initiative would positively contribute to enhancing security in the DNS.

By providing high level, principles-based, future-proof legislation, the option would

support the objective of designing rules which match the pace of technology and support

kom (2018) 0231 - Ingen titel

infrastructure development. This would enable innovation both at the level of the

registry and in the downstream market of registrars and SMEs.

Freeing the .eu TLD from restrictive, out of date legislation would enhance its ability to

support EU digitalization and therefore contribute to ensuring that Europe’s economy,

industry and employment take full advantage of what digitalization offers.

Stakeholders' views:

A lightweight, principles-based framework is supported by key stakeholder groups

(stakeholder survey, current .eu Registry and registrar surveys). Please refer to Annex 2,

subsection

"Error!

Reference source not found.

6.3.

Option 3. Separate governance

Efficiency

the .eu market

Similarly with the modernization option, this option entails a lightweight, principles-

based framework that would mitigate the negative impacts experienced currently under

the baseline scenario. It would provide the necessary flexibility for the .eu TLD to adapt

to rapidly changing technical improvements to the DNS. End users would thus not suffer

a loss through not being able to enjoy the benefits of the new technical improvements for

the time it takes to amend the Regulations. A better functioning .eu would be more

attractive in the TLD market stirring competition between registrars, which in turn would

be expected to a) possibly push end users prices further down, b) ensure availability of

the .eu and its B to EU society, c) boost registrations and moving away from the scenario

of the reduction of the renewal rate below the threshold that would threaten the financial

sustainability of the domain name.

This option nevertheless further entails a different governance structure that the current

one, with a separate body advising on strategic decisions with respect to the .eu

functioning and the oversight over the registry. Implementation is not as easy as

introducing enhancements to the supervisory mechanisms via the contract, but it can

guarantee improved transparency and accountability and effectively mitigate the risk of

potential mismanagement, ensuring thus there would be no loss of reaching the .eu B.

Regulatory costs

Compliance cost for the registry is expected to be reduced under this option. As

discussed for the modernisation option, even if the framework is lighter, there will still

equally be a need and obligation stemming from the framework to properly organise,

administer and manage the .eu TLD. Nevertheless some of the governance cost for the

Registry would be lifted. Currently the governance costs are budgeted under the general

costs and it is estimated at €296.000 for 2018

. The governance costs comprise the

presence fees paid to the members of the Strategic Committee (€ 170.000) and the

meeting costs related to the EURid Governance bodies such as the Strategic Committee,

the Board of Directors and the General Assembly (€108.000) as well as the Registrar

Advisory Board (€ 18.000). The Strategic Committee would be replaced by the new

See annex 8.

kom (2018) 0231 - Ingen titel

body, thus there would be at least a € 170.000 cost saving for the registry. This amount

equals to the presence fee for the Strategic Committee. The cost saving is even higher

considering EURid reimburses traveling, accommodation and meals for the members of

the Committee and contracts venues for the meetings (figures not available).

For the Commission the lighter framework would again reduce the time that needs to be

devoted as discussed in previous option. Time to be devoted would be further reduced by

the body that would facilitate some of the oversight tasks the Commission is currently

performing. The Commission would nevertheless need to provide some support to the

body depending on the way it would be organised - for example, scheduling meetings,

and providing conference call, remote meeting room facilities, or physical meeting

spaces, recording and summarising the decisions of the separate body, encouraging active

participation, providing training/onboarding for new members of the separate body. For

this analysis we consider the benefits from reduced oversight would be offset from the

additional tasks with respect to supporting the body. Therefore the compliance cost for

the Commission could be reduced similarly with the previous option by €57.200

The multi-stakeholder separate body would need to be adequately resourced by the

European Commission (in order to guarantee independence from the Registry operator).

The cost for reimbursing the members of the new body, organising the meetings, etc.

would therefore be an additional cost for the Commission. The financial support

necessary for the body is estimated around €50.000. Please refer to Annex 11 for

calculations.

The administrative burden for EURid is expected to be reduced by €4.570 due to the

omission of IO6 (attending informal meetings to discuss specific actions including

possible refinements to the Regulations). The administrative burden for the Commission

is expected to be reduced by €4.644 similarly due to the omission of IO6. Please refer to

Annexes 9 and 10 for administrative burden calculations respectively under the separate

governance option.

Delay costs would be significantly reduced. Monitoring costs are not expected to change.

End users and registrars are not expected to be affected (in terms of the price they pay for

a .eu). Registrars might benefit from increased ability of registry staff to focus on the

registrar channel as a result of simplifying and reducing administrative / compliance

requirements. End users might benefit from enhanced ability of the .eu TLD to be at the

forefront of technical and market innovations in the domain name sector.

Effectiveness

SO1 - Remove outdated legal/administrative requirements

As for the modernization option, a lightweight, principles-based framework would

€150.150 - €92.950 = €57.200 and 1 x (50% x 143.000) + 1 x (10% x 143.000) + 1 x (5% x 143.000) =

71.500 + 14.300 + 7.150 = €92.950. (See footnote 49 for explanation of this calculation).

kom (2018) 0231 - Ingen titel

achieve the objective of removing outdated legal/administrative requirements.

SO2 - futureproof rules that allow the .eu to adapt to the rapid evolution of the TLD

market and the dynamic digital landscape, while at the same time they incorporate and

facilitate promotion of EU priorities in the on line world

As for the modernization option, a lightweight, principles-based framework would

achieve the objective of ensuring the rules are future-proof and allow the .eu to adapt to

the rapid evolution of the TLD market and the dynamic digital landscape.

With a multi-stakeholder separate body advising on high-level decisions, some time and

resources to build consensus among diverse stakeholders would be necessary (but

certainly less than amending a Regulation like it is at present). The operational rules and

policies would be quickly amended, benefitting further from the input and expertise of

Internet stakeholders.

The creation of such a separate body would be fully in line with the European Union

support for multistakeholder approaches to Internet policy and governance, therefore

demonstrating that the Commission is ready to "walk the talk" when dealing with Internet

resources such as the .eu TLD.

A multi-stakeholder advisory separate body could enhance EU values, so long as there is

a balance of stakeholder views and consistent levels of participation by all members of

the body.

SO3 – governance

The introduction of a multistakeholder body could be effective in strengthening and

widening the input into the good governance of the .eu Registry and increasing the

transparency of its corporate governance. Such a governance structure offers the

advantage to substantially increase the transparency, accountability and inclusivity in the

governance of the .eu Registry, therefore addressing one of the main drivers outlined in

the problem definition. Public interest would be better ensured.

However, there are also considerable risks and down-sides associated with this structure,

such as lack of effective participation. Experience of multi-stakeholder mechanisms at

the national level within the EU (and experiments within the .eu Registry itself) have

shown that there is a small group of people willing to participate, while many are unable

to devote sufficient time to such a body. With low participation, there are also risks of

capture by those with salient commercial interests or strong advocacy positions who

more likely to become involved rather than the ‘silent majority’.

Care would be needed to ensure that appointment, renewal and oversight of such a body

were robust, and that mechanisms exist to avoid conflicts of interest, and preserve the

public interest. For instance, attention needs to be given to who screens and selects

individuals to such bodies, what duties those individuals have, whether or not they are

remunerated (and by whom), and how to remove individuals from the body.

SO 4 – Promote the attractiveness of the .eu

Similar with the modernization option.

One minor downside could be that with a multi-stakeholder body dealing with some

kom (2018) 0231 - Ingen titel

decisions, sometime and consensus among diverse stakeholders would be necessary (but

certainly significantly less than amending a Regulation like it is at present) in comparison

to those ccTLDs that can take decisions and introduce changes immediately.

Coherence with other Policies

In addition to the aspects highlighted for the previous option, it is hoped that the policies

and procedures developed through a multi-stakeholder process would be coherent with

policies to achieve better access for business and consumers to the online environments.

As far as the .eu contribution to ensuring that Europe’s economy, industry and

employment take full advantage of what digitalization offers, the assessment of this

initiative is mixed: – the potential exists for a multi-stakeholder body to enhance

participation in the digital environment; at the same time, it may become inward-looking

and process orientated – as is experienced in the ICANN multi-stakeholder policy-

making environment.

Stakeholders' views:

As mentioned in the modernisation option the lightweight, principles-based framework

that is supported by key stakeholder groups (stakeholder survey, registry and registrar

surveys). With respect to the governance model, in the results of the public consultation

the model where policies and procedures are developed by the .eu operator through a

multi-stakeholder process and approved by the Commission stood as the most preferred

option. Please refer to Annex 2, subsection

"Error!

Reference source not found.

6.4.

Option 4(b)(i). Existing EU Agency: full integration in EUIPO

Efficiency

the .eu market

This option entails a framework that would entrust EUIPO with the organisation,

administration and management the .eu TLD. Similarly with both previous options the

framework would be lightweight, principles-based with a view to mitigate the negative

impacts experienced currently under the baseline scenario. It would provide the

necessary flexibility for the .eu TLD to adapt to rapidly changing technical improvements

to the DNS. End users would thus not suffer a loss through not being able to enjoy the

benefits of the new technical improvements for the time it takes to amend the

Regulations.

The transfer of a domain name registry from the private sector to a public sector agency

is nevertheless an unprecedented action. The current .eu private registry has built up

strong, collaborative relationships with the registrar channel. The transition to a new .eu

TLD provider and in particular to a provider that has nothing to do with the DNS market

insofar is expected to create some disruptions. Those could be temporary or could be

permanent to the extent that the new registry would need to change the established

workflows with registrars. The greater the change with the introduction of a new public

registry, the greater the likelihood that some registrars would drop out of supporting .eu

TLD, leading to a reduction in the availability of .eu TLD in the downstream market.

Less competition is likely to lead to a raise of the .eu price for registrars which might in

kom (2018) 0231 - Ingen titel

turn lead to a raise of the retail .eu price.

On the other hand, transition to an EU Agency would protect continuity of service of the

.eu TLD against the notional risk that no willing bidder would come forward on a future

re-tender. In addition an EU Agency would ensure the continuity of the .eu TLD even if

renewals dropped below the threshold that would threaten the financial sustainability of

the domain name.

With respect to oversight, EUIPO being an EU Agency would ensure enhanced

transparency and accountability over the way the .eu TLD is being operated, which

would ensure there would be no loss of reaching the .eu B due to potential

mismanagement issues.

Regulatory costs

Compliance cost for the registry is expected to be reduced with respect to the annual cost

for running the .eu once it has been incorporated into EUIPO and considering EUIPO

provides the same level of service as the current registry. Savings are expected primarily

from synergies with existing technical infrastructure and technical expertise at EUIPO

level. According to EUIPO's calculations the annual cost would be €10.465.724.

There would be nevertheless a cost to implement the transition, which amounts to

€1.688.400 for an 18-month transition period again according to EUIPO. Please refer to

Annex 12 for detailed calculations.

The administrative burden for the Registry is expected to be reduced by €21,565 mainly

due to the fact that while most of the IOs would still be necessary, their frequency would

be reduced. Similarly the administrative burden for the Commission would be reduced by

€23.686. Please refer to Annexes 9 & 10 for administrative burden calculations

respectively under the EUIPO option.

Considering though that no external entity would be incurring administrative burden any

longer (it would be an EU Agency and the Commission), there would not be external but

only internal administrative burden. It might therefore be argued that administrative

burden would be eliminated.

Delay costs would be significantly reduced as well. Monitoring costs would be

eliminated.

End users are not expected to be affected (in terms of the price they pay for a .eu).

Effectiveness

SO1 - Remove outdated legal/administrative requirements

Provisions to give legal basis for the transfer of responsibility for the .eu TLD to an EU

Agency would have to be included in the legal framework, which at the same time would

be replaced by a lightweight, principles-based framework to achieve the objective of

removing outdated legal/administrative requirements, similar to previous options.

SO2 - futureproof rules that allow the .eu to adapt to the rapid evolution of the TLD

market and the dynamic digital landscape, while at the same time they incorporate and

kom (2018) 0231 - Ingen titel

facilitate promotion of EU priorities in the on line world

EUIPO has strong abilities in its field of operation, but would be likely to introduce

additional rules/restrictions arising from its operational perspective (intellectual property

protection), that might imped rather that enhance the flexibility to keep up with the

dynamic market environment. On the other hand, an EU agency would enshrine EU

values and priorities more effectively than a private entity.

SO3 – governance

The transfer of a domain name registry from the private sector to a public sector agency

would be an unprecedented action. Since the late 1990s with the US government’s

privatization of the management of the Internet’s unique identifiers (including the

domain name system), the trend has been for governments to step away from direct

management of such resources.

The proposed structure would not reflect international best practices for technical

operations. Private sector organisations tend to be more efficient and dynamic in

implementing effective technical solutions. However, these risks might be mitigated if

the integration into an EU agency is coupled with multistakeholder decision making

mechanisms, signalling an increased support to multi-stakeholder model of governance,

which the EU advocates.

In a fast-changing technological industry the pace of market developments outstrips that

of formal rules or regulation. In the ccTLD environment, operators rely on regular,

collaborative dialogue among industry peers to keep up with best practices. EU Agency

as operator (whilst having extensive expertise in its own field) is unlikely to be perceived

as a neutral and impartial operator by industry peers or the downstream registrar channel.

Care should therefore be devoted from the Agency to nurture the established network of

accredited .eu Registrars.

The transition to a new technical operator inevitably includes some disruptions with the

established registrar channel. Experience with new gTLDs indicates that where the

registrar channel anticipates significant inconveniences, increasingly some would choose

not to support a TLD, particularly if the inconveniences are also associated with rigid

rules for registration or usage of the domains.

On the positive side, an EU Agency would ensure transparency and accountability,

upholding public interest and securing the continuity of the .eu even in the event the

domain name stops producing surplus.

SO4 – Promote the attractiveness

An EU agency whose area of expertise is intellectual property protection could enhance

and promote the attractiveness of .eu by associating the .eu TLD with stronger security or

intellectual property protections. The .eu TLD would also gain increased visibility,

particularly amongst trade mark applicants. EUIPO offering .eu TLD services and

embedding them within its e-filing tools would provide valuable complementary services

to the registration of trademarks and designs, thus supporting other integral parts of

building a brand or a business name and at the same time helping to combat fraudulent

activities.

kom (2018) 0231 - Ingen titel

On the other hand, one of the negative perceptions of the .eu TLD at present is that it is

seen as too institutional compared with other more innovative or dynamic TLDs. Having

an EU agency manage the .eu TLD would reinforce and strengthen that perception.

The market is currently over-supplied with TLDs, and this change would tend to make

the .eu TLD less attractive to registrars and to EU SMEs and start-ups than the current

arrangements.

The transition of management of .eu TLD to an EU agency is likely to be interpreted by

the market as a lack of confidence by the EU Commission in existing arrangements, with

potential negative impact on the market performance, the perception of dynamism of the

.eu TLD and perhaps the dynamism of the .eu TLD itself.

Coherence with other Policies

Better access for consumers and business to online goods – a seamless and level

marketplace to buy and sell. Transition may cause disruption and/or drop out from

registrar channel, leading to lower availability or support for .eu TLD.

An EU Agency – particularly one with a specific security or intellectual property focus –

would aim at improving the security or intellectual property protections within the .eu

TLD. While these are laudable aims, the corollary is likely to be an adverse impact on the

enabling environment necessary to foster innovation both at the level of the registry and

in the downstream market of registrars and SMEs.

Startup Europe – increase networking opportunities for startups, investors and

accelerators. The proposed option might decrease the dynamism and responsiveness of

the .eu TLD to compete in a fast-changing market environment, making it less able to

support EU startups, investors and accelerators.

Stakeholders' views:

EUIPO submitted a written contribution to the.eu REFIT, proposing the integration of the

.eu Registry in the Agency. As the EUIPO option was formulated at a later stage than the

closure of the consultation activities (which in the case of this back-to-back initiative

were aimed both at gathering input on the evaluation and the impact assessment at the

same time), it has not been formally tested with other stakeholders.

6.5.

Horizontal issues: Vertical integration/eligibility criteria

Vertical integration

Keeping the status quo, i.e. the requirement for the Registry not to act itself as a registrar,

means that the Registry has to reach out to the markets it caters through advertisement

campaigns to strengthen the registrar network. The.eu market and its registry should not

be compared to any worldwide ccTLD registry as 90% of the ccTLDs serve primarily

their local market while the .eu Registry has to cater for 31 countries that are extremely

different because of their historical, economic, political and cultural backgrounds. In

kom (2018) 0231 - Ingen titel

some of these countries, such as Bulgaria, Romania, Lithuania, Latvia, Finland, and

Malta, the registrar network is very weak as registrars in these countries do not actively

promote the .eu TLD. In turn the end user is deprived of the choice of a .eu TLD name.

The current prohibition for the .eu Registry prevents it from stepping in to provide access

to .eu TLD in such underserved markets.

The current Registry is making efforts to mitigate that through various campaigns, which

are not delivering the desired outcome.

A very prominent example is the Bulgarian market, were registrars are not actively

promoting the .eu TLD and its equivalent in Cyrillic even less. When the .eu in Cyrillic

was launched in June 2016, the Registry launched a campaign that cost over €60.000

among Google online campaign, local awareness initiatives (including the .eu in Cyrillic

event launch), participation in the Webit conference to promote the .eu and more. Only

200 registrations were made in return. The situation is not much different that June 2016,

today equally due to the fact that the Registry cannot reach end users registration in the

.eu in Cyrillic are only 1.952.

Promoting multilingualism on line is a priority for the EU. Making sure that .eu in other

scripts is available (by effectively going through lengthy delegation processes at ICANN

level) but yet it not being offered to end users annuls every effort and commitment to

enabling EU citizens to use their own languages online.

Allowing the appointed Registry operator to provide direct registrations through its

website (but not becoming a full registrar) would help the registry to promote the .eu in

other scripts - Cyrillic and eventually, Greek - as registrars do not have any interest in

IDNs due to the scarce demand from the end-users in comparison to other extensions in

Latin characters. Moreover, it may stimulate a more competitive environment for

registrars in certain EU countries so that local registrars are forced to do more

promotional actions and the end users would thus be offered more choices.

On top of that, end users that would register a domain name from the .eu Registry

website would be then directed to the full list of the .eu accredited registrars to get more

services if they so wish. Meaning the registrars would not only be placed at a

disadvantageous position with respect to the Registry (as it would not be allowed to act

as a full registrar) but they would receive more clients from the registry.

Please refer to Annex 2, subsection

"Error!

Reference source not found."Error!

Reference source not found.

for stakeholders' views.

Eligibility Criteria

kom (2018) 0231 - Ingen titel

The market changed considerably since the launch of .eu TLD in the early 2000s. In

2006, the OECD noted a trend towards ‘liberalisation’ of the ccTLD namespace. In this

context, liberalisation means the elimination of rules seeking to restrict those eligible to

The purpose of eligibility criteria is to reduce speculation, cybersquatting, or domain

name disputes between intellectual property holders and domain name users. However,

in practice, the consequence is the reduction in overall registrations, leading to a loss of

market share. Such restrictions are also easy to circumvent through the use of proxies, i.e.

a person or organisation who does not comply with the relevant restrictions arranges for

registration of a domain name through a third party proxy.

As domain name dispute resolution processes such as ICANN’s Uniform Domain-Name

Dispute-Resolution Policy (UDRP)

and the .eu Alternative Dispute Resolution (ADR)

came into being, much of the market adopted fully open, first-come, first-served

registration policies confident that disputes could be managed after the fact, rather than in

advance. Registries that have eliminated eligibility criteria experienced rapid growth in

domain name registrations afterwards, for example Afnic (France) and Red.es (Spain).

We identified three possible alternatives for the new .eu legal framework: a) maintaining

the residency eligibility; b) introducing citizenship criteria for natural persons, while

maintaining the residency criteria for both natural and legal persons; or c) introducing a

full deregulation, where no citizenship/ residency criteria apply.

If retaining the residency eligibility criteria (a) helps maintaining a strong link with EU

values while supporting the reputation of the .eu TLD in terms of quality and security, it

does not address the concerns expressed by several registrars that strict eligibility criteria

represent a barrier to any TLD growth. Furthermore, EU citizens residing in / moving to

third countries are denied the possibility to make use of a .eu TLD.

On the other hand, maintaining such approach would not require any technical changes in

the Registry and/or Registrars' normal operations.

The introduction of a citizenship criterion for natural persons mixed with residency

requirement for both natural and legal persons (b), represents a viable option which

preserves the strong link with the EU. While removing the inconsistency of having EU

citizens living in third countries being denied the right to register or keep their .eu TLD

Evolution in the management of country code Top-level domain names, OECD, 2006

https://www.oecd.org/sti/ieconomy/37730629.pdf

https://www.icann.org/resources/pages/help/dndr/udrp-en

https://eurid.eu/en/register-a-eu-domain/domain-name-disputes/

kom (2018) 0231 - Ingen titel

name, the renewed eligibility criteria (b) will also allow third country citizens residing in

the EU/EEA registering a .eu domain.

However, such change would lead to more complex and costly compliance checks by the

appointed registry operator. The operational implementation to adjust the technical and

operational systems by both the appointed Registry and registrars has been estimated to

take between 9 and 12 months.

Introducing a full deregulation (c), where no citizenship/ residency criteria apply, would

reflect present trends among ccTLDs tending to remove or simplify eligibility criteria in

order to promote uptake. Such removal may increase registration numbers but not

necessarily the quality of such turn out, potentially producing higher levels of abusive

behaviours. Indeed, a recent report

on DNS Abuse in new gTLDs indicates that abuse

counts in domain names primarily correlate with stricter registration policies. At the same

time, it may decrease the accuracy of WHOIS data while raising speculative

registrations.

A full deregulation would certainly reduce compliance cost for registry and registrars, but

would boost the costs to deal with a foreseeable higher number of disputes or legal

challenges relating to .eu TLD names.

Please refer to Annex 2, subsection

"Error!

Reference source not found."Error!

Reference source not found.

for stakeholders' views.

OW DO THE OPTIONS COMPARE

This section presents a comparison of the options in the light of the impacts identified.

The options are assessed against the core criteria of effectiveness, efficiency and

coherence. It is reminded that all retained and further analysed options are technically

feasible options.

Efficiency

To facilitate the comparison of the regulatory costs, the table below recaps the regulatory

costs described for each option in the previous chapter and highlights the differences

between the options: for instance it shows that option 3 offers slightly greater savings in

comparison to option 2 as the costs for the creation of a separate governance body

"… next to TLD size, abuse primarily correlates with domain pricing (free versus paid registrations),

efforts of intermediaries (measured through the proxy of their DNSSEC deployment rate), and strict

registration policies (…) Miscreants prefer to register, for example, standard new gTLD domain names,

which are generally open for public registration, rather than community new gTLDs for which registries

may impose restrictions on who or which entities can register their domains"

https://newgtlds.icann.org/en/reviews/cct/dns-abuse

kom (2018) 0231 - Ingen titel

(estimated at €50.000) is still lower than the current governance costs borne by the

registry (estimated at €170.000), as well as because option 3 has slightly reduced

administrative costs. Option 4(b)(i) offers even greater savings in terms of regulatory

costs (but only once the transition costs will be absorbed after an 18-month period).

Regulatory costs

Option 2

Compliance costs

Baseline

Registry: €11.365.237

Commission: €150.150



registry: no change

Commission: -€57.200

Option 3

Option 4(b)(i)



Registry: -€170.000

Commission: -€57.200

Separate body: €50.000



Registry: -€899.513

however transition costs for 18-

month period: €1.688.400



Commission: -€150.150

only after 18-months transition

Administrative burden



registry: no change

Commission: no change



Registry: -€4.570

Commission:-€4.644



Registry: -€21.565

Commission: -€23.686

Delay costs

Significantly reduced

Monitoring costs

No changes

Significantly reduced

No changes

eliminated

All three options would have a positive impact compared to the baseline scenario. While

the EUIPO option would bring about significant reduction of regulatory costs, amplified

by the internalisation of the administrative cost currently incurred by external

stakeholders (the .eu Registry), it would not bring about nor a positive neither a negative

impact with respect to the .eu market. In contrast, the modernisation and the separate

governance options would bring about positive impacts with both the regulatory costs

and the .eu market, with the separate governance option scoring slightly better when it

comes to the .eu market.

Effectiveness

While all three options would induce an aggregate positive impact compared to the

baseline scenario, it seems that only the separate governance option strikes a positive

impact in all four specific objectives. Indeed, option 2 scores "0" for SO3 (governance)

because it does not introduce any major changes in the current governance structure; and

option 4(b)(i) scores "0" on SO3, considering the overall result of balancing on the one

kom (2018) 0231 - Ingen titel

hand the enhanced accountability and sustainability that an EU Agency would ensure and

on the other hand the negative impacts in terms of risks of disrupting the Registrar

channel. Option 4(b)(i) also scores "-" for SO4 because even if there could be some

advantages in terms of increasing the attractiveness of the .eu (for instance by building

synergies with other services and activities performed by the Agency), it would

nevertheless be perceived in a negative way by the market, therefore making the .eu less

attractive to registrars and ultimately to end users.

Coherence

The modernisation and the separate governance options are coherent with other policies,

whereas the EUIPO option is not, given that it presents higher disruption risks with

respect to the other two options and that it might decrease the dynamism of the .eu in a

fast changing market

The following table summarises the merits of each option against the baseline scenario,

based upon the impact analysis performed in Section 6:

Table 4. Comparison of the impact of the different options

Technical

feasibility

Options

Baseline

Option 2:

Modernisation

Option 3:

Separate

Governance

Option 4(b)(i):

EUIPO

✓

Efficiency

The.eu

market

Regulatory

costs

Effectiveness

SO1

SO2

SO3

SO4

Coherence

✓

The main reason why option 3 scores better than option 2 is that while the set-up and

implementation of the separate governance structure (option 3) requires some additional

efforts in comparison to option 2 (which would be only partially offset by a small

decrease in EC governance work), it is expected to improve transparency and

accountability, therefore better fulfilling the SO3 of ensuring a governance structure in

line with technical and governance best practices in the field. Indeed option 3 combines

The symbol "✓" indicates the technical feasibility of the option. The comparison is performed on the

core criteria, efficiency, effectiveness and coherence, on a scale of "++" indicating a very positive impact';

"+" indicating a positive impact; "0" indicating no impact; "-" indicating a negative impact and "- -"

indicating a very negative impact.

kom (2018) 0231 - Ingen titel

the advantages of a modernised, light-weight and principles-based framework as foreseen

in option 2 (modernisation) with the additional mechanism to ensure a separate

governance.

REFERRED OPTION

The above analysis has shown that option 3 "Separate Governance" constitutes the best

option. The modernisation option is slightly lagging behind it, because it does not

effectively meet specific objective 3 on governance. A sensitivity analysis (detailed in

Annex 4) demonstrates the robustness of the options' ranking irrespective of the ranking

method used (aggregative method - without or with weights - versus outranking method).

In summary, the main arguments in favour of the separate governance option are:



The introduction of a multistakeholder separate body would effectively strengthen

and widen the input into the good governance of the .eu Registry and increase the

transparency of its corporate governance.



At the same time a significant simplification would be achieved by the amendment of

Regulation 733/2001 and the removal of technical and administrative constraints

included in current Commission Regulation 874/2004, boosting the .eu TLD

readiness to adapt to the market and its attractiveness – therefore the benefit it can

bring – to end users.

In addition, the EU would show consistency with its declared support for the

multistakeholder model with respect to Internet governance. Caution would be exercised

to ensure that mechanisms exist to harness the best of the model. Such mechanisms can

be (but are not limited to) robust appointment criteria, renewal clauses and oversight of

such a multistakeholder separate body.

With respect to vertical integration, the option of keeping a strict requirement

(prohibition) in primary legislation is highly unusual; it adds to rigidity and does not help

achieve the objectives of the initiative. Lifting strict prohibition of vertical integration

from primary legislation is the option that would better serve the objective of creating a

future-proof legal framework; the appointed Registry will be allow to offer direct

registrations to end users only through its website. The Registry operator will not become

a full registrar: the end users will be able to reserve a domain name with the Registry and

they will be redirected to accredited registrars to get additional services (such as

webhosting, webpage, email). This system will be implemented through the contract,

which will provides the restriction to the Registry to only offer direct registration from

the website and the obligation to set the price in consultation with the Commission, on

the basis of non-discrimination on registrars and affordability for end users. The price of

the registration will not be stipulated in the contract, leaving space for different

kom (2018) 0231 - Ingen titel

approaches. Furthermore, the price for the end users to reserve a .eu domain name will be

the same, whether they will refer to the Registry or registrars for registration. The

registrars will continue offering different additional services at different prices. Not

differentiating the price is technically and administratively easier to be implemented by

the Registry rather than introducing a complete separate set-up for end users registering

directly; it also facilitate the Commission monitoring that the Registry does not abuse its

market power over the registries.

With respect to the eligibility criteria the preferred option is to introduce citizenship as a

criterion for registration for natural persons while keeping residency as the criterion for

both natural and legal persons. Third country citizens residing in the EU/EEA will

continue to be eligible to register a .eu domain, furthermore, EU/EEA citizens, regardless

of their place of residence, will also be able to register a .eu domain.

It is reminded that neither the pursued option for the vertical integration, neither the

pursued option for the eligibility criteria is going to affect or alter the impacts expected

from implementing separate governance.

As mentioned in the first sections of this impact assessment, the .eu Registry is appointed

through a call for expression of interest and is awarded a contract following the selection

process. The duration of the contract is currently for five years, whereas there is the

option to renew it. The new rules will apply to the selection of the next .eu Registry

operator and the planning of the legislative review will be aligned with the selection

procedure of the next operator.

8.1.

REFIT (simplification and improved efficiency)

This initiative includes simplification and improved efficiency objectives clearly

articulated in specific objective 1 "remove outdated legal/administrative requirements"

and in specific objective 2 "create futureproof rules for the .eu TLD". The preferred

option would entail a lightweight, principles-based framework. Primary legislation would

only contain the principles which the functioning of the .eu TLD must abide by, while all

unnecessary and detailed administrative and technical requirements would either be

suppressed if they are outdated, or moved to a separate easily adaptable framework

thus enabling the .eu to adapt to the rapid evolution of the TLD market and dynamic

digital landscape, and the Registry and the Commission to focus their resources on

strategic issues rather than on administrative processes.

More detailed implementing provisions laying down Public Policy and Procedures (PPPs) would be

contained in a separate document directly incorporated into the contract between the European

Commission and the appointed Registry operator.

kom (2018) 0231 - Ingen titel

As analysed in section 6, the preferred option would reduce regulatory costs with respect

to the baseline:

Table 5. Regulatory costs reductions for the preferred option.

REFIT Cost Savings – Preferred Option(s)

Description

Amount

Reduced governance cost for the .eu €170.000

Registry (as some of these tasks would be

taken over by the multistakeholder

Recurrent

separate body)

Reduced time to be devoted at €57.200

Commission level to the implementation

of the .eu Regulations (as the Regulations

Recurrent

would be simpler)

Omission of IO6 (attending informal €4.570

meetings to discuss specific actions

including possible refinements to the

Recurrent

Regulations)

Omission of IO6 (attending informal €4.644

meetings to discuss specific actions

including possible refinements to the

Recurrent

Regulations)

Reduced delay costs

Comments

Reduced compliance cost

for the .eu Registry

Reduced compliance cost

for the Commission

Reduced

administrative

burden for the .eu Registry

Reduced

administrative

burden for the Commission

By the lead time For the end users by the

necessary

to timely

availability

amend

the technical

and

market

Regulations

innovations in the domain

name sector

Recurrent

Additional compliance cost related to the preferred option

As discussed in section 6, the multi-stakeholder body would need to be adequately

resourced by the European Commission, with a cost estimated at around €50.000 per

year.

OW WILL ACTUAL IMPACTS BE MONITORED AND EVALUATED

Under the preferred option, the new legal framework would allow the required flexibility

to cope with market changes without the need for legislative reviews. It would thus create

a future-proof legal framework. At the same time the introduction of a multistakeholder

body will enhance oversight over the Registry and better governance.

kom (2018) 0231 - Ingen titel

To evaluate the actual impacts of the preferred option, the following set of operational

objectives and corresponding core indicators are proposed.

Table X. Specific objectives, operational objectives and core indicators

Specific Objectives

SO 1: Remove outdated

legal/administrative

requirements

SO 2: Ensure the rules are

future-proof and allow the .eu

to adapt to the rapid evolution

of the TLD market and the

dynamic digital landscape,

while at the same time

incorporating and promoting

EU priorities in the on line

world

Operational Objectives

Core Indicators



Lead time to introduce a

technical update or a new

policy



Number of international

engagement MoU and/or

agreements and/or activities



Number of publications

Delete obsolete provisions

Lift administrative constrains

Simplify the .eu legal

framework and move necessary

detailed arrangements

concerning the functioning of

the .eu TLD to the policy

principles and procedures

document (annexed to the

contact with the registry

operator and therefor easy to

amend)

Promote the EU priorities in the

on line world through the .eu

TLD

Set up an advisory separate

body with multistakeholder

participation

Enhance oversight over and

accountability of the Registry

SO 3: Ensure a governance

structure that both reflects

technical and governance best

practices and serves EU public

interest



Number and importance of

findings of external audits on

the .eu Registry

Robustness and resilience of the

technical infrastructure

Annual

vulnerability

and

penetration tests rates

Long-term

financial

sustainability

indicators

including percentage of bad-

debtors



Number of assessed risks,

number of business

continuity plan exercises

over a year, non-conformities

out of BCP exercises

Disaster recovery timeframes

Number of Court cases per

year and possible financial

costs

Registration volumes and

renewal rates

Number of DNSSEC signed

domain names

Registrar network expansion

rates and geographical gap

filling performances

eu perception among end-users

SO 4: Promote the

attractiveness of .eu

Reinforce consumers' choice in

the .eu TLD

Support its competitiveness in

the TLD market

Attract competition with respect

to future would-be .eu Registry

operators



kom (2018) 0231 - Ingen titel



Click-through rates (CTR)

and impressions of awareness

campaigns

Social

media

positive

followers and engagement

rates

Standards and service levels

for customer support (end

users)

including

responsiveness rates

Standards and service levels

for

customer

support

(registrars)

including

responsiveness rates

Registrar satisfaction survey

ratings

Number of abuses on .eu

TLD names

Please refer to Annex 13 for a thorough explanation of the indicators and the benchmark

for each indicator.

Under the current legal framework, the Commission has to submit regularly a report to

the European Parliament and the Council on the implementation, effectiveness, and

functioning of the .eu TLD. In the new framework, this reporting will also serve as

assessment tool to test the success of the preferred option, by means of examining and

reporting on all the aforementioned indicators.