EUROPEAN COMMISSION

Brussels, 27.4.2018

SWD(2018) 120 final

COMMISSION STAFF WORKING DOCUMENT

IMPACT ASSESSMENT

Accompanying the document

Proposal for a Regulation of the European Parliament and of the Council

on the implementation and functioning of the .eu Top Level Domain name and repealing Regulation (EC) No 733/2002 and Commission Regulation (EC) No 874/2004

{COM(2018) 231 final}
{SEC(2018) 205 final}
{SWD(2018) 121 final}
{SWD(2018) 122 final}

Table of contents

1.    Introduction: Political and legal context    

2.    Problem definition    

2.1.    What is/are the problems?    

2.2.    What are the problem drivers?    

2.2.1.    Outdated and rigid legislation    

2.2.2.    Deficiencies in governance and accountability    

2.2.3.    Rapid evolution of the market    

2.3.    How will the problem evolve?    

3.    Why should the EU act?    

3.1.    Legal basis    

3.2.    Subsidiarity: Necessity of EU action    

3.3.    Subsidiarity: Added value of EU action    

4.    Objectives: WHAT is to be achieved?    

4.1.    General objectives    

4.2.    Specific objectives    

5.    What are the available policy options?    

5.1.    What is the baseline from which options are assessed?    

STATUS QUO (BASE LINE SCENARIO)    

5.2.    Description of the policy options    

OPTION 1: COMMERCIALISATION    

5.3.    Options discarded at an early stage    

OPTION 1: COMMERCIALISATION    

OPTION 4(a): INTERNALISATION    

OPTION 4(b)(ii): EU AGENCY/ENISA    

5.4.    Options relating to Vertical Integration and Eligibility Criteria    

6.    What are the impacts of the policy options?    

6.1.    Baseline    

6.2.    Option 2. Modernisation of the legal framework    

6.3.    Option 3. Separate governance    

6.4.    Option 4(b)(i). Existing EU Agency: full integration in EUIPO    

6.5.    Horizontal issues: Vertical integration/eligibility criteria    

7.    How do the options compare?    

8.    Preferred option    

8.1.    REFIT (simplification and improved efficiency)    

9.    How will actual impacts be monitored and evaluated?    

1.Introduction: Political and legal context

The .eu top-level domain (TLD) was established by Regulation (EC) No 733/2002 of the European Parliament and of the Council of 22 April 2002 on the implementation of the .eu Top Level Domain, following discussions for the creation of a single top-level domain for European Union that were initiated by the European Council in 1999. The .eu TLD is governed by the implementing rules of Commission Regulation (EC) No 874/2004 of 28 April 2004 laying down public policy rules (PPR) concerning the implementation and functions of the .eu TLD and the principles governing registration. Both Regulations are referred to in this document as the ".eu Regulations".

The .eu TLD was delegated 1 by the Internet Corporation for Assigned Names and Numbers (ICANN) on 22 March 2005 and uploaded in the Internet root zone on 2 May 2005. It was formally launched in April 2006.

The domain name is operated and managed by EURid 2 , a non-profit organisation appointed by the European Commission under a service concession contract to act as its registry in 2003. On 12th April 2014 the service concession contract was renewed and it was awarded again to EURid.

Today the .eu TLD is the eighth largest country code TLD (ccTLD) in the world 3 with over 3,7 million registrations (end of Q3 2017) 4 . The .eu TLD is also used by all EU Institutions, Agencies and Bodies, as well as for a number of their projects and initiatives.

The vision behind the creation of the .eu TLD was broad and ambitious, ranging from the acceleration of electronic commerce, the promotion of the use of - and access to - Internet networks and the virtual market place, as well as the promotion of the European Union image on global information networks and the improvement of the interoperability of trans-European networks.

The .eu TLD is used today by companies and individuals to: 1. Indicate that the website owner is European, and is open for business across the 28 EU Member States and European Economic Area (EEA) countries 5 ; 2. Signal quality and trustworthiness: a .eu website indicates that it belongs to a legal entity in the EU and is therefore subject to EU law and trading standards.

As the Internet has spread throughout the world and grown in commercial importance, there have been significant evolutions in the domain name market, in the global Internet governance, as well as in the European Union digital priorities.

A key priority of the Juncker Commission (2014-2019) is the creation of a Digital Single Market (DSM) 6 . It aims at removing existing barriers in the delivery of goods and services within the EU, thus boosting the EU economy and facilitating e-commerce across Member States, with a number of initiatives to reinforce security and trust in the online environment, promote European entrepreneurship and start-ups and uphold citizens' rights, including privacy, in the digital age.

In this context, the .eu TLD, as a trusted symbol of European digital identity, is still a strategic tool which can positively complement the initiatives for the completion of the DSM.

The objective of this impact assessment is to analyse, in line with the Better Regulation guidelines, how to address the problems identified in the retrospective evaluation, and where elements of the .eu Regulations are unfit for addressing new challenges, to identity and assess options which will allow the .eu TLD to continue to fulfil its mission in the future.

2.Problem definition

2.1.What is/are the problems?

The original .eu Regulations were pivotal in enabling the creation of a dedicated namespace for the European Union. The .eu TLD, first launched in 2006 in accordance with the .eu Regulations, is a success. Despite being a late-comer 7 to the European TLD market, the .eu Registry has managed to establish a healthy market share throughout the EU and EEA. Its rate of renewal and growth are in line with industry trends in the EU.

According to the findings of the retrospective evaluation:

The .eu Regulations have been efficient in making .eu domains widely available throughout the EU, at a low cost for the consumers 8 , providing an identifiable link between the TLD and the European Union. However, their rigid requirements are causing inefficiencies which place the .eu TLD at a competitive disadvantage in the market, reducing the possible benefits in terms of supporting ecommerce or the single market.

While the .eu Regulations have been effective in supporting ecommerce and the internal market with the .eu TLD being particular appealing for business use, there are starting to be early signs of relative decline in the .eu TLD’s performance 9 .

Over the years, it has become apparent that the .eu Regulations reflect the domain name market as it was in 2002-2004, and are no longer effective, efficient, or coherent in today’s fast-changing technological market environment. With detailed provisions, which are time-consuming and costly to change, the .eu TLD is unable to implement operational or technical changes as swiftly as the market demands and as its competitors are able to.

The objectives of the .eu Regulations continue to be relevant to EU citizens. However, the .eu Regulations are now no longer in step with international best practices. The rules for registration (‘eligibility criteria’) restrict the availability of .eu domains to registrants located in the EU and EEA.

The regulatory framework for the .eu TLD is no longer coherent with its objectives. Most ccTLDs within the EU are not subject to the same regulatory burdens as the .eu TLD, which risks placing the .eu Registry at a competitive disadvantage amid toughening market conditions. Neither the .eu Regulations nor the operation of the .eu Registry are coherent with international best practices in relation to internet governance, which favours a multi-stakeholder approach rather than governmental regulation.

While Regulation 874/2004 has been amended on four occasions to introduce technical updates 10 and Regulation 733/2002 has been amended once in 2008 merely to adapt it to the regulatory procedure with scrutiny 11 , the .eu Regulations have never been fully reviewed to ensure that they are modernised and freed of cumbersome administrative or implementation costs and thus they still deliver effectively their intended benefits of supporting online cross-border activities and promoting EU identity.

The .eu is a well-established TLD and the evaluation has shown that it continues to function well. The problem that this initiative is trying to tackle is that the two Regulations governing the .eu are outdated and rigid, in the sense of (i) obsolete or rigid provisions that cannot easily be updated, and in the sense of (ii) not providing for an optimum governance structure in terms of oversight and accountability in line with the Commission’s stated approach to internet governance, so that (iii) increasing difficulties can be foreseen for the .eu TLD in a time of a rapidly evolving market.

The problem currently is not dramatic: it is observed in the functioning and management of the .eu TLD and therefore at the moment it affects primarily the actors that are involved in these functions, i.e. the registry and the Commission and to a lesser extent the registrars. Nevertheless, if precautionary action is not taken, the problem is likely to become large enough to affect end users, in terms of the sustainability of the .eu extension and the attractiveness of the .eu compared to other competitive domain names.

In a nutshell, the initiative is about making sure that a TLD that has worked relatively well continues to do so in the future, so that it still effectively delivers its expected benefits. The issues addressed by this REFIT initiative are of a predominantly technical nature pertaining to the domain name system (DNS) and/or of administrative nature pertaining to the day-to-day management of the .eu TLD; as such this review is of limited scope. Also, as explained above, the problem is not felt directly but by the registry operator, the Commission and to a lesser extent the registrars; hence it is of limited impact. These factors explain the relative lack of stakeholder interest in the initiative.

To mitigate that the Commission launched in parallel to the online public consultation, targeted consultation activities to reach out to stakeholders. Apart from the online public consultation, the consultation strategy included a formal brainstorming workshop with the current registry on the REFIT review, as well as other informal exchanges. To engage the registrars, two consultation sessions were held during the ICANN meeting 12 in Copenhagen and the ICANN meeting in Johannesburg. Another consultation session was held with the Registrar Advisory Board of EURid 13 . On top of this, the Commission launched a survey (through a specialised survey company) among the .eu registrars.

Another group of stakeholders are the .eu peers (other TLDs registries), including the European ccTLDs association which is CENTR, and ICANN. These stakeholders are well placed to evaluate the .eu framework and future options against current practises in the DNS ecosystem, but have low interest in the initiative and in participating in the consultation. Or they even refrain from expressing a view, given that the .eu TLD is a peer/competitor in the industry (in the case of other registries) or a member (in the case of CENTR and ICANN). As we expected, these stakeholders did not respond to the online public consultation. To gather input from them, the Commission launched a survey with targeted questions within the CENTR members, held a consultation session with .eu peers at the CENTR General Assembly and a consultation bilateral meeting with ICANN.

Finally, end users, because of the technical nature of the initiative and the limited/ only indirect impact on them, did not actively participate to the consultation, as shown by the low number of contributions collected during the online public consultation. To mitigate that, we sent targeted emails to European consumer and business associations to engage them. This generated some written contributions (although still limited).

The Commission also regularly informed Member States on the various stages of the REFIT, via the High Level Group on Internet Governance. Member States did not provide any particular feedback as their ccTLDs are not be affected by this initiative.

Figure 1. Problem tree

2.2.What are the problem drivers?

Three main drivers have been identified (see figure 1): outdated and rigid legislation (2.2.1.); deficiencies in governance and accountability (2.2.2.); and a rapid evolution of the market (2.2.3.).

2.2.1.Outdated and rigid legislation

The .eu TLD has been one of the most successful implementations of a new Top Level Domain. Coming after the first wave of ccTLDs and gTLDs (such as .de, .fr, .uk and .com), the .eu TLD had to make space for itself among the so-called legacy TLDs.

While the .eu Regulations have been effective in creating the new TLD and supporting its successful implementation, the relative stagnation in the number of registrations is due in part to an outdated and ineffective legislative framework 14 .

The .eu Regulations contain some detailed provisions that have not been used since 2006 and are no longer needed as they relate to the set up phase of the .eu TLD, such as chapter IV of the Commission Regulation No 874/2004. These entail a phased registration, which aimed to protect the interest of intellectual property rights holders against speculation and so-called ‘cybersquatting’ 15 , by giving the possibility for eligible parties to apply for a .eu TLD before the general registration started. Such a provision is of less relevance today and merely prolongs the process.

Other provisions relating to operations to set up the .eu TLD had only been envisaged as once-off actions, whereas they proved to be required on an ongoing basis to manage the .eu TLD. For instance, the process for reserving .eu TLD names for the European Union institutions and/or Member States and/or Candidate countries, as described in article 9 of Commission Regulation No 874/2004, could be done no later than a week before the beginning of the phased registration period. The Regulation does not include any provision for updating the list of such reserved domain names for the European Institutions on a regular basis. Consequently, the procedure for reserving new .eu TLD names for the European Union institutions and/or Member States and/or Candidate countries is not only a cumbersome and inefficient process, but it might be questioned from a legal perspective.

For example:

·Internationalised Domain Names (IDNs) are an enhancement to the Domain Name System (DNS) which allows the introduction of names in scripts and alphabets other than in ASCII characters 16 . This is considered a way to encourage Internet usage amongst the local population. The .eu supports all 24 official languages of the EU, including Bulgarian and Greek, which require domain names in Cyrillic and Greek scripts. To implement updates in the technical standards relating to IDNs Commission Regulation 874/2004 had to be amended. The process took the Commission 19 months (solely due to the obligation to amend the Regulation), whereas for example the German ccTLD registry was able to implement the updates 17 within one month of publication.

·Chapter VI of Commission Regulation 874/2004 sets out rules for the resolution of domain name disputes, the .eu Alternative Dispute Resolution (ADR). Having such detailed provisions at the level of Regulation prevents flexibility or changes to practices in response to market conditions.  Despite provisions in Regulation 733/2002 that the dispute resolution should reflect international best practices, the .eu ADR is inconsistent with international best practices. For example the .eu ADR contains a prohibition on speculative domains, considers non-use as a criterion for deletion, and displays inconsistencies as to remedy (Article 21 refers to ‘revocation’ of domains, whereas Article 22(b)(11) refers to ‘transfer’) in the wording of the procedure.

·Article 17 of Commission Regulation 874/2004 provides 5 names that the registry can reserve for itself. In fact, today the registry uses different names than the ones listed in this article. Flexibility to permit the registry to reserve the necessary domain names for its operational functions (without having to amend the Regulation to that end) is needed.

·To implement a security feature for Greek and Cyrillic domain names 18 , it was necessary article 3 of Commission Regulation 874/2004. The change enabled the flexibility technical checks to take place prior to the registration of a .eu domain name, rather than only after a domain name was registered. The work took 37 months.

The .eu Regulations are also outdated in the sense that they do not adequately take into account and support the role that the .eu Registry can play in contributing to a trustworthy, reliable, resilient and safe online environment 19 and in promoting EU values like multilingualism on the Internet.

The retrospective evaluation identified an additional issue relating to the legal framework, which is the need to assess whether the eligibility criteria for registration should be amended. This issue deserves a special attention because of its direct link with the EU identity.

According to article 4(2)(b) of Regulation (EC) No 733/2002, the .eu TLD is available for registration by organisations and companies in, and residents of, EU member states, plus Iceland, Norway or Lichtenstein (EEA). Part of the findings that emerged from the evaluation is that the "residency principle" for registrants, as established in the current .eu Regulations, is not fair to EU and EEA citizens: if an EU/EEA citizen lives abroad but still has an EU/EEA nationality and passport (and as such is even allowed to vote in national elections), he/she is not allowed to register a .eu TLD name. On the other hand, it is possible to circumvent restrictions on eligibility for registering a domain name through the use of proxies, i.e. a person or organisation who does not comply with the relevant restrictions arranges for registration of a domain name through a third party proxy. This can limit the effect in achieving the intended objective of restricting registrations to registrants residing in the EU.

The issue is becoming further complicated with respect to the UK leaving the EU. At the end of Q3 2017, there were more than 300 000 .eu TLD names registered by UK-based registrants 20 , showing that the UK is ranked fourth in terms of the highest number of registrations (following Germany, France and the Netherlands). From a registrar and registrant perspective, the UK represents one of the largest markets for the .eu TLD. According to the current eligibility criteria, UK registrants will not be eligible for a .eu TLD if the country leaves the EU. A reduction in registrations is a concern for the sustainability of the .eu TLD given increased competition in the market.

2.2.2.Deficiencies in governance and accountability

The .eu Regulations contain little or no guidance on the standards of technical competence and corporate governance expected from the .eu Registry operator. The retrospective evaluation showcased some concerns in this regard, whereas it is unclear whether/which regulatory tools exist for the Commission to ensure that the Registry is operated according to the public policy interest and under the strictest rules of transparency, fairness and accountability.

An example with respect to technical competence is the recent routine software update by the .eu Registry on 11 October 2017, which resulted in a two days outage of the registry website eurid.eu (and registration services]. The technical resolution of existing .eu TLDs was not affected, but the outage resulted in the lack of availability of basic registration services, lack of ability for law enforcement authorities and others to find out the details of those responsible for individual .eu TLDs (or websites) through the WHOIS database. This outage should have been prevented by the business continuity and resilience plans of the .eu Registry. The impact of such technical outages on the EU and EEA registrants is a loss of key services in relation to .eu, and if such outages became a common occurrence, they would lead to a loss of trust and confidence in the .eu TLD.

As regards corporate governance, for example there is no guidance on how long individual board members are permitted to serve. The Articles of Association require the board to establish internal policies and procedures regarding conflicts of interest, corporate governance and accountability, and the service concession contract contains detailed obligations on conflicts of interest. There could be more information made available on the website of the .eu Registry on key governance issues such as the number of directors, how such directors are appointed, the role of the board of the .eu Registry, processes for removing directors, evaluating performance, ensuring accountability or performing reviews, information that are necessary for transparency and accountability purposes. The CEO and three of the five Board directors 21 have all been in place since the foundation of the company in 2004. Another individual has been serving on the board since April 2009.

An audit report on the governance of the .eu Registry, conducted by the Commission in 2013, highlighted potential commercial conflicts of interest.

2.2.3.    Rapid evolution of the market

Since the establishment of the .eu TLD over 10 years ago, the Internet eco-system has incurred major transformations. In general, the Internet-driven revolution has brought significant changes in the way businesses operate online and citizens access (new) content and services through the Internet. TLD operators have become important players in the Internet-ecosystem, as they manage a critical element of the Internet core technical infrastructure.

Today's domain name market is very different from 15 years ago, due to the following changes:

-In March 2002, the ICANN Board passed a resolution “stating the organisation's strong position for the implementation of "strict separation" of registries and registrars for new gTLDs”. The ICANN Board also stated that co-ownership was prohibited. In November 2010, the ICANN Board changed their position and therefore, allowed the so-called “vertical integration” which empowers registries to be also registrars and vice versa.

-Internationalised Domain Names (IDNs) were first launched in 2004 thanks to the IDNA protocol, and are now based on IETF standard RFC5890 published in 2010, which use the Punycode encoding algorithm to represent non-ASCII characters found in Latin scripts with diacritics and accents, Arabic, Chinese, Cyrillic, Hindi and other languages, into ASCII (plain text characters and numbers) domain names that the DNS system can resolve. This allows Internet users to type a domain name in their local script using their native language, instead of an ASCII transliteration. IDNs at the second level started being offered in 2007-2009.

-In late 2009, the Internationalised Domain Names – domain names containing non-ASCII characters – were enabled at the top level via the so-called IDN ccTLD Fast Track.

-In 2011, the ICANN Board approved a massive expansion of the domain name system via the launch of a new generic Top-Level Domain (new gTLD) round. The first new gTLD started being delegated in 2013 and at present, ICANN has delegated more than 1 300 new gTLDs which enjoy liberal rules in terms of marketing and vertical integration. Discussions for an additional expansion of gTLDs have started and a new wave of new gTLDs is expected to occur in the next five years.

-Most of the ccTLD registries have completely deregulated their markets, removing barriers to registration which were associated with the residency/citizenship of the registrant, and/or lifting the requirement of assigning only a limited number of domain names to individuals and/or companies (e.g., these changes occurred for .fr, .es, .it, .pt, .pl for instance);

-Security elements around domain names have become more and more relevant in the past decade. DNSSEC, short for Domain Name System Security Extensions, is an enhancement to the DNS protocol that ensures a greater level of trust when resolving domain names. Most of the registries enabled DNSSEC for the extension 22 they manage at the top level and for any second level registered domain name.

At the end of Q3 2017, there were 330.7 million domain names across all top-level domains (TLDs) globally 23 .

The latest CENTR Domain Wire 24 clearly shows that the TLDs market is still adjusting and will continue to adjust to the multiple changes that have occurred in recent years.

“Over the past 2 years, quarterly growth rates have been decreasing since peaks in early 2016. The slowdown is the result of deletes after a period of increased investment from Chinese registrants. Other explanations to the slowdown are specific TLDs, such as .xyz and .top, which have contracted significantly. Without these outliers, global TLD growth would be at 1.0% for Q3 2017 and 2.5% YOY” 25 .

“There are around 71 million domains across 56 ccTLDs in the European region. Overall growth over the region was 1.8% with a median rate of 2.9%” 26 .

“Market share of ccTLDs in European countries ranges from 16% to 79%, with an average of 54%. These figures include gTLDs as well as other European ccTLDs registered from within the country” 27 .

Most of the European registry operators managed well to cope with these changes by speeding up deregulation processes (e.g. .fr, .pt, .es) and introducing new services, or by expanding their range of activities in the domain name environment. Over twelve European ccTLD registries are involved in additional activities such as: being the registry manager of other extensions; providing back-end services to other extensions; offering Internet of Things related services; setting their own registrar (e.g. .se); being appointed as ICANN-accredited Third Party Provider for Registrar Data Escrow (e.g. .de), and; offering Anycast services 28 to other registries (e.g. .de).

Overall, the TLDs market is becoming more competitive and more aggressive – in terms of registration policies and marketing strategies – and more diversified, in terms of the activities which a registry operator might get involved in.

Considering the rigidity and lack of flexibility of the current .eu regulatory framework, the .eu TLD (and its registry operator) is at a disadvantage against the fast-changing domain name environment. Considering further that market conditions and fluctuations, as well as the overall rules applicable to gTLDs, are not within EU control, it will be crucial for the long-term sustainability and market competitiveness of the .eu TLD that its regulatory framework provides ready flexibility and adaptation potential to enable the .eu TLD to cope with future unforeseeable market developments.

2.3.How will the problem evolve?

Keeping the .eu Regulations/legal framework unchanged will potentially have detrimental consequences for the .eu TLD, and hamper its potential to contribute effectively to the DSM long-term strategy and to the online EU identity.

The following (not exhaustive) consequences for the future of the .eu top-level domain can be expected:

·Possible overall stagnation of the .eu registration. As extensively demonstrated by the last decade’s facts in the domain name industry, the market for new domain name registrations has already experienced market shocks and fluctuations following the launch of the new gTLDs. The rapid changes to the DNS environment may lead to the introduction of new features and stakeholders, including from a further round of new gTLDs, which is expected to occur in the next five years. The .eu TLD should be enabled to cope with such future challenges. Outdated and/or overly rigid rules will restrict the .eu Registry’s ability to enhance the .eu TLD environment.

·Negative perception of the .eu TLD as too bureaucratic and/or as an institutional extension. The .eu TLD is deeply linked to the European Union profile and events (see the recent drop of registrations and renewals of.eu domain names in the UK following that Member State’s decision to exit the European Union). The bureaucratic image is strengthened by delays such as the Commission taking more than 30 months to enable the .eu Registry operator to offer the new characters supported by the IDNA2008 protocol, and this is a poor outcome for the image of the .eu TLD. The expansion of the gTLD market, and the consequential regulatory changes, which occurred between 2012 and 2014 could happen again. When technical standards are dramatically modified, it can pose an existential risk to the .eu TLD, because of the over-long lead times for amending its basic rules to support new standards. This would significantly affect registrants and registrar users' satisfaction.

·Decreased trust in .eu at multiple levels. Trust is one of the most important elements in the DNS environment. Respect for a TLD extension necessarily stems from trust in its policies and procedures. And to be trusted, these policies and procedures must be modern and regularly updated. At the same time, trust is and will always be connected to the reputation of the registry operator. Recent events which occurred in some registries, such as .dk, .pl and .au 29 , showed how a decline in the reputation of the TLD registry operator may adversely impact the trust in the products that registries are offering. A failure to introduce enhanced governance measures at the level of the .eu Registry operator could increase the risk of reputational damages and will not bring the overall .eu Registry administrative structure up to speed with the most recent developments in the overall Internet governance organisations. As an important element of the digital identity of Europe, .eu must reflect a similar high reputation as that enjoyed by the European Union.

·Possible financial unsustainability. Should the volumes in new registrations and renewals drop, the financial stability of the .eu TLD will be negatively affected. Although a drastic drop is admittedly not likely for the .eu TLD, it should not be completely excluded. The negative impact will be further aggravated by the inability of the .eu Registry operator to differentiate its products and use its expertise to provide other services, unlike its industry peers which are getting involved in diversified activities to cope with the rapid changes in the DNS environment. At the moment the .eu is self-financed. In case financial problems arise, either the price of .eu domain names will have to increase or the EU may have to contribute to ensure the continued availability of the .eu TLD.

3.Why should the EU act?

3.1.Legal basis

According to Regulation (EC) No 733/2002, the legal basis for the EU action is provided by Article 156 of the Treaty establishing the European Community. Following the entry into force of the Lisbon Treaty, the legal basis is Article 172 of the Treaty on the Functioning of the European Union (TFEU).

As it has been doing since its creation and establishment in the EU, the .eu TLD should continue to improve the interoperability of trans-European networks, in accordance with Articles 170 and 171 of the Treaty, by providing a complementary registration domain to existing country code Top Level Domains (ccTLDs) in EU Member States and global registration in the generic Top Level Domains (gTLDs), and should in consequence increase choice and competition in the Union domain names market.

The .eu TLD supports online cross-border activities for those users, both commercial and non-commercial, who wish to clearly signal their link with the EU, the associated legal framework, and the European market place.

3.2.Subsidiarity: Necessity of EU action

The .eu TLD has by definition a cross-border dimension: it is the TLD of the European Union and is a symbol of the European online identity. The existence of a specific domain name for the European Union under a very clear and identifiable common label is an important and valuable building block for the European online identity.

Regulatory action in respect of the .eu TLD cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and effects of the action, be better achieved at EU level.

The .eu TLD was established as a country code TLD (ccTLD) such as .de, .be or .uk, rather than as a generic TLD (.com, .berlin). This has important consequences in that ccTLD policies (regarding for instance rules for registration, accreditation of registrars, security related policies and data protection policies) are managed in accordance with the relevant jurisdiction, oversight and governance mechanisms within the country/public administration, with no role for ICANN. The ultimate public policy authority for a national ccTLD Registry rests with the relevant government or public authority. Accordingly, public policy responsibility for the .eu TLD rests with the European Union.

Regulation of the .eu TLD is therefore within EU competence and cannot be delegated to the Member States. This does not affect how each Member State manages its own ccTLD.

3.3.Subsidiarity: Added value of EU action

The .eu is regulated at EU level because of its very nature. The existence of the .eu TLD is highly symbolic and reflects the existence of a European online community (of citizens, institutions and businesses) who wishes to be clearly identified as such. The .eu TLD gives users wishing to operate across the Single Market a specific European connotation which is recognised globally 30 .

A regulatory framework at EU level for the .eu is useful in order to continue providing for and expanding a domain name space on the Internet under the .eu TLD, in which relevant EU law, data and consumer protection rules are applicable.

Regulatory action taken at Member States level would not be able to deliver on the fundamental objectives standing behind the creation and management of a trusted and innovative namespace for the EU, to promote the European Union's image on the Internet and to deliver added value in terms of increased choice for users, in addition to the national ccTLDs.

Moreover, the .eu TLD gives the EU a "seat at the table" in international and multistakeholder discussions around the domain name system and rules regarding ccTLDs on the global Internet 31 .

4.Objectives: What is to be achieved?

4.1.General objectives

The general objective of the initiative is to ensure the stability and sustainability of the .eu TLD, so as to better enable it to achieve its intended mission to:

üEncourage online cross-border activities in Europe and support the Digital Single Market

üEnable/build an online European identity

4.2.Specific objectives

Four specific objectives (SO) have been identified and are linked to the problem and drivers discussed in section 2.

Table 1. Specific objectives and drivers

SO 1: Remove outdated legal/administrative requirements

This specific objective aims at addressing the problem driver relating to the outdated .eu Regulations, which contain obsolete or irrelevant provisions, and are no longer fit for purpose (driver 2.2.1.). Provisions related to the function of the domain name registry are obsolete, and other provisions are inadequate to support the sustainability of the .eu domain given the evolution of the DNS landscape. Lifting administrative constraints will enable the .eu TLD to function more effectively.

SO 2: Ensure that the rules are future-proof and allow the .eu to adapt to the rapid evolution of the TLD market and the dynamic digital landscape, while at the same time incorporating and promoting EU priorities in the on line world

This specific objective aims at addressing the drivers that the market has not only undergone major changes since the entry into force of the .eu Regulations, but also continues to dynamically evolve (drivers 2.2.1 and 2.2.3.). These drivers affect both global Internet governance, and the entire digital landscape.

The .eu regulatory framework should enable the adaptation of the .eu TLD to rapidly evolving market conditions, technical innovations and the EU's current objectives and strategies in the area of digital policy and governance. To do so, the rules should be future-proof. They should allow the necessary flexibility to adapt while at the same time provide legal certainty to stakeholders.

TLDs are an integral part of the Internet infrastructure. They are an essential element of the global interoperability of the World Wide Web. As such a TLD operator is a (technical) stakeholder in global discussions affecting the governance of the technical resources and functions of the Internet. In fact, ccTLD and gTLDs registries have been particularly active in Internet governance, either by participating as stakeholders in international fora or by running activities for the benefit of the Internet community in their respective countries or constituencies.

The EU prides itself for upholding a strong set of values such as multilingualism, respect of users' privacy and security, consumer protection, and human rights. The .eu TLD should promote European values and reflect EU priorities in the domain-name system (DNS) environment, particularly in light of ongoing changes in global arrangements affecting digital policies and Internet governance as discussed in section 2. Not using the .eu TLD as a means to promote EU priorities is a missed opportunity.

SO 3: Ensure a governance structure that both reflects technical and governance best practises and serves EU public interest

The .eu TLD was established as the TLD for the European Union, with the aim to make the link with the European Union evident in the online world. The .eu TLD is a tool that serves both citizens and enterprises in the EU and the EEA. At the same time, this tool has to operate in the free market and compete with other TLDs.

An appropriate governance structure for the .eu TLD would be one that ensures both that the .eu TLD can successfully compete in a fast evolving market and that the EU/public interest is served/upheld. This specific objective is linked to the problem driver described with respect to governance (driver 2.2.2.).

SO 4: Promote the attractiveness of .eu TLD

The main goals behind the creation of the .eu TLD were to improve the visibility of the EU’s internal market on the Internet, provide a clear link with the EU and promote its image. To better enable the .eu TLD to fulfil its role, its use as an online European identity should be enhanced. In line with the .eu TLD’s mission (referred to under Section 4.1), this specific objective seeks to ensure that options explored under this initiative will promote the attractiveness of the .eu TLD by means of reinforcing it as a trusted extension, supporting its competitiveness in the TLDs market, and attracting competition with respect to future would-be .eu Registry operators.

5.What are the available policy options?

The EU does not exert any oversight or control on how the domain name market evolves at international level. The evolution of the global TLD market is expected to continue, driven by constant technological developments. Therefore, the options that will be examined below are mainly, but not exclusively, extrapolated from the drivers relating to "the outdated and rigid legislation" and the "governance mechanisms". At the same time, issues emerging from the "rapid evolution of the market" are taken into account horizontally.

New rules introducing the possibility for the .eu Registry to sell directly to registrants, also known as vertical integration, and potential changes in the eligibility criteria for obtaining a .eu TLD can be implemented whatever decision is made on what option to pursue, and would lead to similar impacts. For this reason, the description and impact of the rules relating to vertical integration and eligibility criteria are provided and assessed separately in section 5.4 and 6.5.1.

The policy options, including the baseline scenario, are described below, with analysis of the practical impact of each option, and a high level assessment of the advantages and issues in relation to the objectives (sections 5.1 and 5.2).

5.1.What is the baseline from which options are assessed?

STATUS QUO (BASE LINE SCENARIO)

The service concession contract grants the Commission powers to intervene in the management and operations of the .eu Registry, particularly on matters of corporate governance, conflicts of interest and financial accountability. Effective enforcement of such provisions is crucial to avoid any potential mismanagement of the .eu TLDs which would, in turn, lead to a decrease in trust of the .eu TLD name.

Following the decision from the United Kingdom to withdraw from the European Union, and subject to any relevant provision in the agreement on the future relationship between the European Union and the United Kingdom, undertakings and organisations that are established in the United Kingdom but not in the EU and natural persons who reside in the United Kingdom would not be allowed to register .eu domain names, and the rights of UK-based registrants regarding .eu domain names would be subject to revocation from the .eu Registry 32 .

5.2.Description of the policy options

OPTION 1: COMMERCIALISATION

This option would entail the substantial simplification of Regulation (EC) 733/2002 and the repeal of Regulation 874/2004 that contains most of the outdated provisions described in section 2. The operation and management of the Registry would be outsourced to an external for-profit service provider without direct oversight from the Commission. The legal simplification would aim at extensively streamlining the content of Regulation (EC) 733/2002 to grant the Commission the right to outsource the operation and management of the .eu TLD name. The core provision of the simplified Regulation would specify that the EU is the entity responsible for the .eu TLD 33 and that the Commission is in charge of designating the Registry on the basis of an open, transparent and non-discriminatory selection procedure. No detailed provisions on the operation of the Registry would be retained.

This option would provide a high level of flexibility, allowing the .eu Registry to adapt quickly to changing market conditions. On the other hand, it would significantly limit oversight by the Commission. The .eu Registry might still have to operate within an established framework and abide by certain conditions, which should be specified in a contract. The .eu Registry would however act in a purely commercial environment, on a for-profit basis.

5.3.Options discarded at an early stage

A preliminary analysis of each of the identified options against the Specific Objectives (described in section 4.2.) shows that a number of options are not relevant, as they are unlikely to achieve the objectives previously identified. In particular, the early discarded options are: Commercialisation, Internalisation and the sub-option of a transfer to ENISA.

OPTION 1: COMMERCIALISATION

This option would have the main advantage of ensuring that the registry operator provides good service and that the Commission gets competitive bids from a wider range of registry operators. However this option was discarded at early stage, because it does not fulfil the policy objective of ensuring a European online identity, as well as the specific objectives S03 and S04 as described above. Therefore the option of commercialisation has not been further analysed in chapter 6.

More specifically, the option is likely to create a fully commercial .eu TLD in which there would be little guarantee that EU values or objectives would be prioritised and adequately pursued. Moreover, weakening the involvement of the EU in an area which is becoming highly sensitive (such as the policy-making in the DNS space) and in a political context where increased political attention is given to issues related to the security and trust on the Internet, would not be in line with the current political context.

OPTION 4(a): INTERNALISATION

OPTION 4(b)(ii): EU AGENCY/ENISA

This analysis is synthesised in the table below and is further detailed in Annex 5 on early discarded options.

5.4.Options relating to Vertical Integration and Eligibility Criteria 

There are three registration models currently observed in the DNS market: Vertical Integration (close model), Vertical Separation (also known as Registry-Registrar-Registrant model (‘3 Rs’ model), and Mixed. Please refer to Annex 7 for further details on each model's specifications, as well as an overview of their implementation in the European market. Currently, the .eu Registry implements the '3 Rs' model. Today's .eu legal framework 35 expressly forbids the Registry to act as Registrar, in line with a strict separation between the role of Registries and Registrars as mandated for gTLDs by ICANN at that time (as described in section 2.2 "rapid evolution of the market"). Such restriction at the level of primary legislation appears to be inconsistent with the market practices in the ICANN environment, where a prohibition on vertical integration for gTLDs was lifted in 2010.

The new .eu legal framework will have to provide legal specifications in order to either:

a) Require the appointed Registry operator to implement Vertical Separation (as per today);

b) Allow the appointed Registry to implement Vertical Integration or a mixed model.

c) Lift the strict requirement for Vertical Separation with a view to allow the appointed Registry operator to provide direct registrations only through its website, while for additional services (such as email, webpage, etc.) the end user will still be directed to a registrar. In other words the Registry will not be allowed to become a full registrar but will only be able to give the end user the opportunity to register a domain name directly through its website.

Out of these possible policy choices, the second one is discarded. Although allowing the Registry to also act as a registrar would be feasible, this would nevertheless require that sufficient safeguards are put in place to prevent anti-competitive behaviours by the integrated .eu Registry & Registrar operator. This would mean that non-discriminatory clauses would be needed to ensure that the vertically integrated .eu Registry & Registrar will not treat more favourably its own Registrar services/activities (including in terms of wholesale pricing for the .eu domain names or related services) compared to the treatment that third-party Registrars would obtain and that the .eu Registry & Registrar would not impose unfair terms on competing Registrars. Monitoring that such non-discriminatory clauses are respected would imply setting up an adequate system at the Commission end.

Aside that, there are strong market and policy reasons for caution with regard to the introduction of the vertical integration model, given that registries are dependent on strong relationships with the registrar channel in order to achieve market success. Most registrars market several TLDs, and make their margins through value-add services such as hosting, websites and email services. Therefore, there is significant commercial risk for a registry entering into direct competition with its own marketing channel – particularly if this raises suspicions among registrars 36 that the registry will seek to give itself preferential business terms increasing and distorting competition. Such concerns are reduced in the context of the current .eu Registry operator which has obligations to deal with all registrars on equal terms. Yet, well established relations between the .eu Registry and its network of registrars would be shaken. Besides, .eu registrars were negative to the introduction of vertical integration during consultations.

Eligibility Criteria

Eligibility criteria aim at creating restrictions on those eligible to register in a TLD. The .eu Regulations contain limitations, which determine that .eu registrants have to be based in the European Union.

The options available are to:

     a) Maintain the residency eligibility criteria as per current regulation 37 ; or

b) Introduce a citizenship criteria regardless of whether the natural person is or not resident in the EU, while maintaining the residency criteria for both natural and legal persons; or

c) Introduce a full deregulation, where no citizenship/ residency criteria apply. This entails the adoption of a fully open, first-come, first-served registration system.

6.What are the impacts of the policy options?

This initiative concerns the functioning and management of a top-level domain name (ccTLD). This is a predominantly technical, sector-specific issue pertaining to the domain name system (DNS) industry. Moreover the initiative is aimed at better enabling an already well-established domain to function within a changed and continuously evolving environment. Therefore the impact of the intervention is going to be limited and to affect mostly the following stakeholders: first and foremost the Registry, that will have to implement the new framework; secondly, the network of accredited registrars that might need to adapt some of their day-to-day operations; and thirdly the European Commission, to the extent that the different options change its role in terms of oversight of the registry and with respect to the overall policies for the TLD's implementation.

Registries of other TLDs and other stakeholders in the domain name ecosystem, whereas they are well placed to evaluate the .eu framework and future options against current practices in the DNS ecosystem, will not be affected by the intervention.

As mentioned, the initiative is aimed at facilitating an operational domain to function better. It will therefore not bear significant direct impacts on end users, i.e. registrants or potential registrants. Indirect impacts on citizens and SMEs are expected to the extent the various options will ensure they will continue to enjoy the benefit that the .eu TLD brings to end users (deriving from the link to the online EU identity and the single market).

The options are compared to the baseline (efficiency) and assessed with respect to the level they contribute to achieving the Specific Objectives set for the initiative (effectiveness), described in section 4.2.

This initiative does not have any environmental impacts.

6.1.Baseline

The .eu TLD's key objective was to promote the use of, and access to, the Internet and online marketplace, by providing a complementary registration domain to existing ccTLDs and gTLDs, and in consequence increase choice and competition. Domain names are part of a suite of factors that enable Internet access alongside essential physical infrastructure, low prices for Internet services (dependent on vibrant competition amongst providers), and high speed broadband. Once basic access is possible, domain name registration enables both e-commerce and non-commercial activities in the online environment, through websites and email.

According to the evaluation findings, the .eu TLD is used today by companies to "show" that they are European and open for business across the 28 EU Member States and EEA countries. The .eu TLD is viewed as a sign of quality and trustworthiness (according to the same findings): a .eu website indicates that it belongs to a legal entity in the EU and is therefore subject to EU law and trading standards. It is also used by individuals as a trusted, online tool to convey their ‘European-ness’ in the online world. This is the qualitative benefit (B) the .eu TLD brings to end users and it is one that cannot easily be quantified as it comes in terms of access to broader markets and inspiring more trust.

Two main groups of impacts can be identified, looking into the baseline: impacts with respect to the functioning of the .eu market and impacts with respect to regulatory costs.

I)Functioning of the .eu market

General introduction

According to the current Regulations, the .eu Registry is prohibited from acting as Registrar. 38 The .eu Registry works with a network of accredited registrars to provide .eu registrations to end users. There were 715 accredited registrars at the end of Q3 2017 39 .

Since January 2013, in order to remain in line with its contractual obligation to work at cost, the .eu Registry changed the renewal and term extension fee of a domain name from €4 to €3.75. At the same time, to be more competitive in the dynamic TLD market, EURid launched the Customised Reduction Schemes (CRS) for its registrars, which enable reduced new registration fees according to the registrar’s sales volumes. As of January 2017, the basic fee for a new domain name for those registrars subscribing to the CRS is €1.75. In Q1 2017 98% of registrations were made by the 331 registrars who joined the CRS in 2017. The price referred to above is the price the .eu Registry sells to Registrars. The price the end users get depends then on the Registrars and any additional services they provide with the domain name. Retail prices for .eu TLDs can vary from as low as €0.99 (special registrar promotions) up to €100 or €200 if the domain is bought with value-added services such as content management, security features, or many email addresses.

Competition and size of the .eu market

The .eu TLD is one of the largest ccTLDs in the EU, and has 3.7 m registrations as of 2016. Average annual growth for .eu has been +4.6% over the past ten years 40 . Over the past five years, however, growth has remained relatively static and 2015 saw negative growth for the first time in .eu’s history.

Figure 3. Yearly growth of .eu domain names (2009-2016)

Considering the new round of gTLDs and the subsequent plethora of available TLDs which may be substituted for .eu TLDs, as well as the stagnation in the ccTLD market, the volumes in new registrations and renewals for the .eu TLD are likely to continue to drop. Although a dramatic drop is not foreseen for the .eu TLD, such an eventuality should not be altogether excluded.

In the event of a significant drop in .eu registrations, the financial sustainability of the .eu TLD would be negatively affected. Sustainability is guaranteed mainly by renewals. The following renewal scenario is calculated in the Operating Plan and Budget 2018 by the current .eu Registry:

Table 3. Renewal scenario (2018)

The current .eu Registry’s 2018 budget takes into account an average renewal rate of 80.1% (projection). Should the renewal rate fall, the surplus will become negative from the moment these drop below 72.2%.

As discussed in section 5.1, following the decision from the United Kingdom to withdraw from the European Union, and subject to any relevant provision in the agreement on the future relationship between the European Union and the United Kingdom, undertakings and organisations that are established in the United Kingdom but not in the EU and natural persons who reside in the United Kingdom would not be allowed to register .eu domain names, and the rights of UK-based registrants regarding .eu domain names would be subject to revocation from the .eu Registry.

Access to the .eu

There is relevance between the current rigid legal framework and access to the .eu TLD, with the latter being negatively impacted by rigidity.

As a recent example, the .ею extension (.eu in Cyrillic) was launched on 1st June 2016. Within the first month of its launch 780 new domain names were registered under the new Cyrillic extension, .ею. Today there are 1.968 registrations in .ею. This means that there was a loss of 780 times the .eu benefit (B) for the time end users had to wait for the .ею extension to be implemented 42 .

According to the Regulations, .eu is provided through the network of accredited registrars as mentioned before. Currently there are some countries, like Bulgaria or Malta, where the accredited registrars are both few in number and they do not actively promote the .eu TLD as well. There is low interest from the registrars' side and a preference for other TLDs, mostly the new gTLDs. With the Registry not being able to reach out directly to end users, the outcome is that in these underserved markets, end users have less choice.

The current .eu Regulations establish a "residency principle" for registrants. That means that an EU/EEA citizen who is living abroad but still has an EU/EEA nationality and passport is not allowed to register a .eu TLD name, despite being eligible to vote in national elections 43 . These EU/EEA citizens suffer the loss of the .eu benefit (B) that would otherwise be at their disposal should they choose to use it.

Oversight

It is of the utmost importance that the .eu Registry is operated under the strictest rules of transparency, fairness and accountability, and to the highest technical standards; potential mismanagement, corporate or technical, will lead to a risk of mistrust in the .eu TLD as a reliable online extension which in turn will diminish the benefit of the tool for the end users. Problems with proper oversight could lead to not reaching the .eu benefit (B).

Flexibility

Amending the .eu Regulations can take several months. When new technical improvements to the DNS are introduced, other ccTLDs and gTLDs can offer them to their end users at once. End users of the .eu TLD consequently suffer a loss through not being able to enjoy the benefits of the new technical improvements for the time it takes to amend the .eu Regulations.

II)Regulatory costs

Compliance costs

The .eu legal framework foresees the allocation of a registry to organise, administer and manage the .eu TLD. EURid was established as a joint venture between the ccTLD operators of Belgium, Sweden, Italy and Czech Republic, with the sole intention of running the newly established TLD. Therefore all of EURid's costs are linked with the implementation of the .eu legal framework. The total costs of fiscal year 2016 were € 11.365.237 44 .

Figure 4. Evolution of costs

In accordance with the .eu legal framework, the Commission assumes the role of supervising the .eu Registry by means of a contract 45 . The Commission exercises its supervising role by scrutinising the .eu Registry's reports, organising formal biannual meetings and ad hoc meetings, and through requests for information at any time. The additional calculations below take into account:

·Periods when amendments to the Regulations have to be introduced to allow technical updates; and

·Periods when the service concession contract has to be negotiated (through a new call for expression of interest) or renegotiated (through extension of the existing contract).

There need to be two Commission officials devoting 50% of their time to the required action relating to .eu TLD, and a head of unit devoting 5%. Considering the average total cost of a Commission official is 143.000 € 46 , the compliance cost for the Commission equals to 150.150 € 47 .

For end users the cost they incur is equal to the retail cost of a .eu TLD name.

Registrars' costs are equal to the price paid by a registrar to the registry for a .eu plus the cost of the administrative procedure to check an applicant is eligible for a .eu TLD.

Administrative Burden

Under current .eu Regulations the actor incurring external administrative burden is the .eu Registry. An examination of the mandatory information obligations (IO) EURid currently has with regard to the European Commission through the 'Standard Cost Model' (SCM) reveals that the .eu Registry is incurring a cost from administrative burden that equals to €115.688. Ten IOs need to be carried out by EURid. Please see table with detailed calculations of these ten IOs in Annex 8.

Some internal administrative burden is felt at Commission level. In particular eight IOs are part of Commission's workload when it comes to implementing the current .eu framework. According to SCM calculations in Annex 10 the Commission is incurring a cost from administrative burden that equals to €40.322.

Delay costs

As mentioned above, amending the .eu Regulations can take several months. When new technical improvements to the DNS are introduced, other ccTLDs and gTLDs can offer them to their end users at once. The .eu end users suffer a loss of not being able to enjoy the benefits of the new technical improvements for the time it takes to amend the .eu Regulations.

Monitoring / enforcement costs

The current .eu Registry is obliged by the contract to run an annual external audit on its financial accounts. The amount paid annually to the external auditors equals to 29.000 €.

The cost of non-enforcement of the .eu legal framework could potentially equal to the loss of the benefit the end users enjoy from the .eu TLD.

The baseline scenario is not relevant as an option, as it would not allow reaching the objectives of this initiative. It is analysed as a threshold to compare impacts from other options.

6.2.Option 2. Modernisation of the legal framework

6.3. Option 3. Separate governance 

6.4.Option 4(b)(i). Existing EU Agency: full integration in EUIPO

6.5.Horizontal issues: Vertical integration/eligibility criteria

Vertical integration

Keeping the status quo, i.e. the requirement for the Registry not to act itself as a registrar, means that the Registry has to reach out to the markets it caters through advertisement campaigns to strengthen the registrar network. The.eu market and its registry should not be compared to any worldwide ccTLD registry as 90% of the ccTLDs serve primarily their local market while the .eu Registry has to cater for 31 countries that are extremely different because of their historical, economic, political and cultural backgrounds. In some of these countries, such as Bulgaria, Romania, Lithuania, Latvia, Finland, and Malta, the registrar network is very weak as registrars in these countries do not actively promote the .eu TLD. In turn the end user is deprived of the choice of a .eu TLD name. The current prohibition for the .eu Registry prevents it from stepping in to provide access to .eu TLD in such underserved markets.

The current Registry is making efforts to mitigate that through various campaigns, which are not delivering the desired outcome.

A very prominent example is the Bulgarian market, were registrars are not actively promoting the .eu TLD and its equivalent in Cyrillic even less. When the .eu in Cyrillic was launched in June 2016, the Registry launched a campaign that cost over €60.000 among Google online campaign, local awareness initiatives (including the .eu in Cyrillic event launch), participation in the Webit conference to promote the .eu and more. Only 200 registrations were made in return. The situation is not much different that June 2016, today equally due to the fact that the Registry cannot reach end users registration in the .eu in Cyrillic are only 1.952.

Promoting multilingualism on line is a priority for the EU. Making sure that .eu in other scripts is available (by effectively going through lengthy delegation processes at ICANN level) but yet it not being offered to end users annuls every effort and commitment to enabling EU citizens to use their own languages online.

Allowing the appointed Registry operator to provide direct registrations through its website (but not becoming a full registrar) would help the registry to promote the .eu in other scripts - Cyrillic and eventually, Greek - as registrars do not have any interest in IDNs due to the scarce demand from the end-users in comparison to other extensions in Latin characters. Moreover, it may stimulate a more competitive environment for registrars in certain EU countries so that local registrars are forced to do more promotional actions and the end users would thus be offered more choices.

On top of that, end users that would register a domain name from the .eu Registry website would be then directed to the full list of the .eu accredited registrars to get more services if they so wish. Meaning the registrars would not only be placed at a disadvantageous position with respect to the Registry (as it would not be allowed to act as a full registrar) but they would receive more clients from the registry.

Eligibility Criteria

The market changed considerably since the launch of .eu TLD in the early 2000s. In 2006, the OECD noted a trend towards ‘liberalisation’ of the ccTLD namespace. In this context, liberalisation means the elimination of rules seeking to restrict those eligible to register in a particular TLD 51 .

The purpose of eligibility criteria is to reduce speculation, cybersquatting, or domain name disputes between intellectual property holders and domain name users. However, in practice, the consequence is the reduction in overall registrations, leading to a loss of market share. Such restrictions are also easy to circumvent through the use of proxies, i.e. a person or organisation who does not comply with the relevant restrictions arranges for registration of a domain name through a third party proxy.

As domain name dispute resolution processes such as ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP) 52 and the .eu Alternative Dispute Resolution (ADR) 53 came into being, much of the market adopted fully open, first-come, first-served registration policies confident that disputes could be managed after the fact, rather than in advance. Registries that have eliminated eligibility criteria experienced rapid growth in domain name registrations afterwards, for example Afnic (France) and Red.es (Spain).

We identified three possible alternatives for the new .eu legal framework: a) maintaining the residency eligibility; b) introducing citizenship criteria for natural persons, while maintaining the residency criteria for both natural and legal persons; or c) introducing a full deregulation, where no citizenship/ residency criteria apply.

If retaining the residency eligibility criteria (a) helps maintaining a strong link with EU values while supporting the reputation of the .eu TLD in terms of quality and security, it does not address the concerns expressed by several registrars that strict eligibility criteria represent a barrier to any TLD growth. Furthermore, EU citizens residing in / moving to third countries are denied the possibility to make use of a .eu TLD.

On the other hand, maintaining such approach would not require any technical changes in the Registry and/or Registrars' normal operations.

The introduction of a citizenship criterion for natural persons mixed with residency requirement for both natural and legal persons (b), represents a viable option which preserves the strong link with the EU. While removing the inconsistency of having EU citizens living in third countries being denied the right to register or keep their .eu TLD name, the renewed eligibility criteria (b) will also allow third country citizens residing in the EU/EEA registering a .eu domain.

However, such change would lead to more complex and costly compliance checks by the appointed registry operator. The operational implementation to adjust the technical and operational systems by both the appointed Registry and registrars has been estimated to take between 9 and 12 months.

Introducing a full deregulation (c), where no citizenship/ residency criteria apply, would reflect present trends among ccTLDs tending to remove or simplify eligibility criteria in order to promote uptake. Such removal may increase registration numbers but not necessarily the quality of such turn out, potentially producing higher levels of abusive behaviours. Indeed, a recent report 54 on DNS Abuse in new gTLDs indicates that abuse counts in domain names primarily correlate with stricter registration policies. At the same time, it may decrease the accuracy of WHOIS data while raising speculative registrations.

A full deregulation would certainly reduce compliance cost for registry and registrars, but would boost the costs to deal with a foreseeable higher number of disputes or legal challenges relating to .eu TLD names.

7.How do the options compare?

This section presents a comparison of the options in the light of the impacts identified. The options are assessed against the core criteria of effectiveness, efficiency and coherence. It is reminded that all retained and further analysed options are technically feasible options.

Efficiency

To facilitate the comparison of the regulatory costs, the table below recaps the regulatory costs described for each option in the previous chapter and highlights the differences between the options: for instance it shows that option 3 offers slightly greater savings in comparison to option 2 as the costs for the creation of a separate governance body (estimated at €50.000) is still lower than the current governance costs borne by the registry (estimated at €170.000), as well as because option 3 has slightly reduced administrative costs. Option 4(b)(i) offers even greater savings in terms of regulatory costs (but only once the transition costs will be absorbed after an 18-month period).

Regulatory costs

All three options would have a positive impact compared to the baseline scenario. While the EUIPO option would bring about significant reduction of regulatory costs, amplified by the internalisation of the administrative cost currently incurred by external stakeholders (the .eu Registry), it would not bring about nor a positive neither a negative impact with respect to the .eu market. In contrast, the modernisation and the separate governance options would bring about positive impacts with both the regulatory costs and the .eu market, with the separate governance option scoring slightly better when it comes to the .eu market.

 Effectiveness

While all three options would induce an aggregate positive impact compared to the baseline scenario, it seems that only the separate governance option strikes a positive impact in all four specific objectives. Indeed, option 2 scores "0" for SO3 (governance) because it does not introduce any major changes in the current governance structure; and option 4(b)(i) scores "0" on SO3, considering the overall result of balancing on the one hand the enhanced accountability and sustainability that an EU Agency would ensure and on the other hand the negative impacts in terms of risks of disrupting the Registrar channel. Option 4(b)(i) also scores "-" for SO4 because even if there could be some advantages in terms of increasing the attractiveness of the .eu (for instance by building synergies with other services and activities performed by the Agency), it would nevertheless be perceived in a negative way by the market, therefore making the .eu less attractive to registrars and ultimately to end users.

Coherence

The modernisation and the separate governance options are coherent with other policies, whereas the EUIPO option is not, given that it presents higher disruption risks with respect to the other two options and that it might decrease the dynamism of the .eu in a fast changing market

The following table summarises the merits of each option against the baseline scenario, based upon the impact analysis performed in Section 6:

Table 4. Comparison of the impact of the different options 55 .

The main reason why option 3 scores better than option 2 is that while the set-up and implementation of the separate governance structure (option 3) requires some additional efforts in comparison to option 2 (which would be only partially offset by a small decrease in EC governance work), it is expected to improve transparency and accountability, therefore better fulfilling the SO3 of ensuring a governance structure in line with technical and governance best practices in the field. Indeed option 3 combines the advantages of a modernised, light-weight and principles-based framework as foreseen in option 2 (modernisation) with the additional mechanism to ensure a separate governance.

8.Preferred option

The above analysis has shown that option 3 "Separate Governance" constitutes the best option. The modernisation option is slightly lagging behind it, because it does not effectively meet specific objective 3 on governance. A sensitivity analysis (detailed in Annex 4) demonstrates the robustness of the options' ranking irrespective of the ranking method used (aggregative method - without or with weights - versus outranking method).

In summary, the main arguments in favour of the separate governance option are:

·The introduction of a multistakeholder separate body would effectively strengthen and widen the input into the good governance of the .eu Registry and increase the transparency of its corporate governance.

·At the same time a significant simplification would be achieved by the amendment of Regulation 733/2001 and the removal of technical and administrative constraints included in current Commission Regulation 874/2004, boosting the .eu TLD readiness to adapt to the market and its attractiveness – therefore the benefit it can bring – to end users.

In addition, the EU would show consistency with its declared support for the multistakeholder model with respect to Internet governance. Caution would be exercised to ensure that mechanisms exist to harness the best of the model. Such mechanisms can be (but are not limited to) robust appointment criteria, renewal clauses and oversight of such a multistakeholder separate body.

With respect to vertical integration, the option of keeping a strict requirement (prohibition) in primary legislation is highly unusual; it adds to rigidity and does not help achieve the objectives of the initiative. Lifting strict prohibition of vertical integration from primary legislation is the option that would better serve the objective of creating a future-proof legal framework; the appointed Registry will be allow to offer direct registrations to end users only through its website. The Registry operator will not become a full registrar: the end users will be able to reserve a domain name with the Registry and they will be redirected to accredited registrars to get additional services (such as webhosting, webpage, email). This system will be implemented through the contract, which will provides the restriction to the Registry to only offer direct registration from the website and the obligation to set the price in consultation with the Commission, on the basis of non-discrimination on registrars and affordability for end users. The price of the registration will not be stipulated in the contract, leaving space for different approaches. Furthermore, the price for the end users to reserve a .eu domain name will be the same, whether they will refer to the Registry or registrars for registration. The registrars will continue offering different additional services at different prices. Not differentiating the price is technically and administratively easier to be implemented by the Registry rather than introducing a complete separate set-up for end users registering directly; it also facilitate the Commission monitoring that the Registry does not abuse its market power over the registries.

With respect to the eligibility criteria the preferred option is to introduce citizenship as a criterion for registration for natural persons while keeping residency as the criterion for both natural and legal persons. Third country citizens residing in the EU/EEA will continue to be eligible to register a .eu domain, furthermore, EU/EEA citizens, regardless of their place of residence, will also be able to register a .eu domain.

It is reminded that neither the pursued option for the vertical integration, neither the pursued option for the eligibility criteria is going to affect or alter the impacts expected from implementing separate governance.

As mentioned in the first sections of this impact assessment, the .eu Registry is appointed through a call for expression of interest and is awarded a contract following the selection process. The duration of the contract is currently for five years, whereas there is the option to renew it. The new rules will apply to the selection of the next .eu Registry operator and the planning of the legislative review will be aligned with the selection procedure of the next operator.

8.1.REFIT (simplification and improved efficiency)

This initiative includes simplification and improved efficiency objectives clearly articulated in specific objective 1 "remove outdated legal/administrative requirements" and in specific objective 2 "create futureproof rules for the .eu TLD". The preferred option would entail a lightweight, principles-based framework. Primary legislation would only contain the principles which the functioning of the .eu TLD must abide by, while all unnecessary and detailed administrative and technical requirements would either be suppressed if they are outdated, or moved to a separate easily adaptable framework 56 , thus enabling the .eu to adapt to the rapid evolution of the TLD market and dynamic digital landscape, and the Registry and the Commission to focus their resources on strategic issues rather than on administrative processes.

As analysed in section 6, the preferred option would reduce regulatory costs with respect to the baseline:

Table 5. Regulatory costs reductions for the preferred option.

Additional compliance cost related to the preferred option

As discussed in section 6, the multi-stakeholder body would need to be adequately resourced by the European Commission, with a cost estimated at around €50.000 per year.

9.How will actual impacts be monitored and evaluated?

Under the preferred option, the new legal framework would allow the required flexibility to cope with market changes without the need for legislative reviews. It would thus create a future-proof legal framework. At the same time the introduction of a multistakeholder body will enhance oversight over the Registry and better governance.

To evaluate the actual impacts of the preferred option, the following set of operational objectives and corresponding core indicators are proposed.

Table X. Specific objectives, operational objectives and core indicators

Please refer to Annex 13 for a thorough explanation of the indicators and the benchmark for each indicator.

Under the current legal framework, the Commission has to submit regularly a report to the European Parliament and the Council on the implementation, effectiveness, and functioning of the .eu TLD. In the new framework, this reporting will also serve as assessment tool to test the success of the preferred option, by means of examining and reporting on all the aforementioned indicators.

(1)

 For an explanation of all technical terms used in this document, see the Glossary. In the Domain Name System (DNS), the ‘delegation’ of a domain name occurs when the relevant Top Level Domain (in this case, .eu) is published in the root IANA database by ICANN. Publication in the root IANA database enables a code (e.g. .eu) to operate as a top level domain as part of the Domain Name System.

(2)

EURid stands for European Registry of Internet Domain Names.

(3)

Verisign Domain Name Industry Brief, https://www.verisign.com/assets/domain-name-report-Q32017.pdf

(4)

EURid Quarterly Report, Q3 2017 https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf

(5)

Countries that are candidates to join the Union have the possibility to add their list of reserved names to the Annex containing the list of names reserved by Member Stares in Commission Regulation (EC) No 874/2004.

(6)

The DSM strategy was established following Commission Communication COM/2015/0192.

(7)

The .eu entered the market in 2006, much later than the years of the rapid growth in European domain name registrations of the early 2000s. Coming after the first wave of ccTLDs and gTLDs (such as .de, .fr, .uk and .com), the .eu TLD had to make space for itself in markets that had already become established.

(8)

Please refer to section 6.1 for information about the price

(9)

See section 5 of the evaluation report

(10)

See consolidated version of EC 874/2004 showing various amendments introduced http://data.europa.eu/eli/reg/2004/874/oj  

(11)

See consolidated version of EC 733/2002 http://data.europa.eu/eli/reg/2002/733/oj  

(12)

ICANN meetings bring together the DNS industry: registries, registrars, as well as representatives from users' community and countries.

(13)

The Registrar Advisory Board has been set up by the current registry to gather advice and input from the .eu registrars on practical modalities and policies with respect to the way the .eu TLD is operated, marketed, etc. Accredited .eu registrars are sitting in this Board, members are rotating every two years.

(14)

Please refer to the evaluation

(15)

The practice of registering names, especially well-known company or brand names, as Internet domains, in the hope of reselling them at a profit.

(16)

American Standard Code for Information Interchange.

(17)

The technical standards for internationalised domain names were updated (IDNA 2008) to support a small number of characters within the domain name system. Of the four characters implemented by the standard, only two are relevant to European languages, namely the German sharp ‘s’ (ß), and the Greek terminating sigma (ς). For guidance on the IDNA 2008 standard, see http://unicode.org/reports/tr46/#IDNA2008-Section

(18)

 To implement homoglyph bundling to avoid homograph attacks. For an in-depth explanation of homoglyph bundling and an example of a homograph attack see https://eurid.eu/en/other-infomation/faq/technical-and-privacy-enquiries/what-is-homoglyph-bundling-does-eurid-offer-it/ and https://www.theregister.co.uk/2017/04/18/homograph_attack_again/

(19)

 TLD name registries are considered operators of essential services for digital infrastructure. (Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union).

(20)

EURid Quarterly Report, Q3 2017, page 6, https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf  

(21)

See appointed dates for directors from company search http://kbopub.economie.fgov.be/kbopub/toonondernemingps.html?ondernemingsnummer=864240405 three of five were appointed on 29 February 2004, and one other individual was appointed 2009.

(22)

Extension is another term for a domain name

(23)

Verisign Domain Name Industry Brief Q3 2017 https://www.verisign.com/assets/domain-name-report-Q32017.pdf  

(24)

CENTR's statistical quarterly report on ccTLD.

(25)

CENTR Domain Wire Q3 2017.

(26)

CENTR Domain Wire Q3 2017.

(27)

CENTR Domain Wire Q3 2017.

(28)

Anycast is an addressing and routing methodology wherein multiple physical endpoints are logically denoted by a single IP address.

(29)

https://www.theregister.co.uk/2017/07/29/chair_australias_internet_registry_out/?page=2

(30)

There are over 200 testimonial videos published on EURid YouTube channel highlighting the transnational added value for users opting for a .eu TLD: https://www.youtube.com/user/Europeanregistry  

(31)

The European Commission is a full Member of the Governmental Advisory Committee (GAC) of ICANN, along with all EU Member States. The GAC provides public policy advice to ICANN, in charge of policy-making in the DNS space. As a GAC Member, the European Commission has the objective to avoid inconsistencies with the EU acquis, as well as to ensure the security, stability, resilience and reliability of networks and information systems.

(32)

  https://ec.europa.eu/digital-single-market/en/news/notice-stakeholders-withdrawal-united-kingdom-and-eu-rules-eu-domain-names  

(33)

As per today, see Article 7 of Regulation 733/2002 holds that all ownership rights relating to the .eu TLD belong to the European Union which is represented to that end by the European Commission.

(34)

Communication on " Internet Policy and Governance - Europe's role in shaping the future of Internet Governance ,

(35)

Art 3(4) of Regulation 733/2002.

(36)

As signalled in targeted consultation activities with the .eu registrars.

(37)

Article 4, Regulation (EC) 733/2002, […] The Registry shall: […] (b) register domain names in the.eu TLD through any accredited.eu Registrar requested by any: (i) undertaking having its registered office, central administration or principal place of business within the Community, or (ii) organisation established within the Community without prejudice to the application of national law, or (iii) natural person resident within the Community.

(38)

See Article 3(4) of Regulation (EC) No 733/2002, and recitals 2, 3, 4 and Article 4 of Regulation (EC) 874/2004.

(39)

EURid Q3 2017 Quarterly Report: https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf  

(40)

Source, EURid annual report 2016 https://eurid.eu/media/filer_public/61/6a/616a9b08-13ca-4379-8e11-0a3580201bb5/annual_report_2016.pdf  

(41)

EURid Quarterly report, Q3 2017

(42)

New domain extensions are delegated by ICANN. Both the .ею extension (.eu in Cyrillic) and the .ευ extension (.eu in Greek) entered a lengthy evaluation process at ICANN level. The .ευ in Greek has yet to be resolved. Nevertheless for these IDN extensions to be launched, the ‘homoglyph bundling’ rule had to be enabled to protect end-users from possible confusing similarity issues. To introduce ‘homoglyph bundling’, Commission Regulation Commission Regulation 874/2004 had to be amended. The process took the Commission 19 months.

(43)

It is important to bear in mind that the right to vote in national elections is not only dependent of nationality and/or passport rights.

(44)

EURid Financial Report H2 2016.

(45)

Internal compliance cost.

(46)

Average total cost in legislative financial files.

(47)

2 x (50% x 143.000) + 1 x (5% x 143.000) = 143.000 + 7.150 = 150.150 € . This calculation considers the cost of two officials (at an average cost of 143.000€) devoting 50% of their time, plus one official with oversight functions devoting 5% of his/her time.

(48)

The compliance costs for the Commission would be as follows: 1 x (50% x 143.000) + 1 x (10% x 143.000) + 1 x (5% x 143.000) = 71.500 + 14.300 + 7.150 = €92.950.This calculation considers the cost of an official (at an average cost of 143.000€) working at 50%, another official working at 10% and a third one at 5%.

The difference with respect to the base line scenario is calculated as follows: €150.150 - €92.950 = €57.200 (compliance costs for the base line scenario are explained in footnote 48).

(49)

See annex 8.

(50)

€150.150 - €92.950 = €57.200 and 1 x (50% x 143.000) + 1 x (10% x 143.000) + 1 x (5% x 143.000) = 71.500 + 14.300 + 7.150 = €92.950. (See footnote 49 for explanation of this calculation).

(51)

Evolution in the management of country code Top-level domain names, OECD, 2006 https://www.oecd.org/sti/ieconomy/37730629.pdf  

(52)

  https://www.icann.org/resources/pages/help/dndr/udrp-en  

(53)

  https://eurid.eu/en/register-a-eu-domain/domain-name-disputes/  

(54)

"… next to TLD size, abuse primarily correlates with domain pricing (free versus paid registrations), efforts of intermediaries (measured through the proxy of their DNSSEC deployment rate), and strict registration policies (…) Miscreants prefer to register, for example, standard new gTLD domain names, which are generally open for public registration, rather than community new gTLDs for which registries may impose restrictions on who or which entities can register their domains" https://newgtlds.icann.org/en/reviews/cct/dns-abuse  

(55)

 The symbol "✓" indicates the technical feasibility of the option. The comparison is performed on the core criteria, efficiency, effectiveness and coherence, on a scale of "++" indicating a very positive impact'; "+" indicating a positive impact; "0" indicating no impact; "-" indicating a negative impact and "- -" indicating a very negative impact.

(56)

More detailed implementing provisions laying down Public Policy and Procedures (PPPs) would be contained in a separate document directly incorporated into the contract between the European Commission and the appointed Registry operator.

EUROPEAN COMMISSION

Brussels, 27.4.2018

SWD(2018) 120 final

COMMISSION STAFF WORKING DOCUMENT

IMPACT ASSESSMENT

Annexes 1 to 13

Accompanying the document

Proposal for a Regulation of the European Parliament and of the Council

on the implementation and functioning of the .eu Top Level Domain name and repealing Regulation (EC) No 733/2002 and Commission Regulation (EC) No 874/2004

{COM(2018) 231 final}
{SEC(2018) 205 final}
{SWD(2018) 121 final}
{SWD(2018) 122 final}

Table of contents

Annex 1: Procedural information

Annex 2: Stakeholder consultation

Annex 3: Who is affected and how? 

Annex 4: Analytical methods

Annex 5: Early discarded options

Annex 6: ccTLD registry best practices

Annex 7: Vertical Integration

Annex 8: Total costs estimation in the 2018 budget of EURid

Annex 9: Administrative Burden for the .eu Registry

1.Standard Cost Model – Administrative Burden for the current .eu Registry under the BASELINE (Table 11) 

2.Standard Cost Model – Administrative Burden for the .eu Registry under the Modernisation Option (Table 12) 

3.Standard Cost Model – Administrative Burden for the .eu Registry under the Separate Governance Option (Table 13) 

4.Standard Cost Model – Administrative Burden for the .eu Registry under the EUIPO Option (Table 14) 

Annex 10: Administrative Burden for the European Commission

1.Standard Cost Model – Administrative Burden for the European Commission under the Baseline (Table 15) 

2.Standard Cost Model – Administrative Burden for the European Commission under the Modernisation Option (TABLE 16) 

3.Standard Cost Model – Administrative Burden for the European Commission under the Separate Governance Option (table 17) 

4.Standard Cost Model – Administrative Burden for the European Commission under the EUIPO Option (table 18) 

Annex 11: Cost estimation for the operation of the multi-stakeholder separate body

Annex 12: Cost for transferring the .eu Registry to the EUIPO and cost for running the .eu Registry by EUIPO

Annex 13: Indicators to monitor actual impacts

Annex 1: Procedural information

Lead DG, CWP references

This Impact Assessment was prepared by Directorate E "Future Networks" of Directorate General "Communications Networks, Content and Technology".

The Commission Work Programme reference of the initiative "Evaluation of Regulation EC 733/2002 establishing the ‘.eu’ top-level domain (TLD) and Regulation EC 784/2004 laying down public policy rules concerning the implementation and functions of the .eu TLD" is COM(2016) 710 final, particularly Annex 2 1 .

Organisation and timing

Several other services of the commission with a policy interest in the assessment of the initiative have been associated in the development of this analysis.

The Directorates General participating in the Inter-service Group chaired by the Secretariat General included:

·The Secretariat General

·The Legal Service

·The Publications Office

·DG Migration and Home Affairs

·DG Eurostat

·DG Trade

·DG Joint Research Centre

·DG Informatics

·DG Communication

Meetings of the Inter-service Steering Group were held on:

·28th March 2017. The draft inception impact assessment and the draft terms of reference for the evaluation and impact assessment were discussed.

·15th December 2017. The draft evaluation and IA were discussed.

Consultation of the Regulatory Scrutiny Board

The Regulatory Scrutiny Board (RSB) hearing was scheduled for 14 February 2018. The initiative was treated in written procedure instead. The RSB recommendations led to the following changes:

The findings of the evaluations were explicitly included in the problem definition section. The magnitude of the problem was clarified. The relative lack of stakeholder interest was highlighted, it was explained that this is due to the fact that the problem is more of a technical and administrative nature than a broader policy problem.

The text was amended to treat the baseline as an option, instead of discarding it as inappropriate (its impacts had either way been assessed and used as reference when assessing the other options). The possible effect of BREXIT on the level of .eu registrations was added in the baseline.

The description of the options was streamlined to refrain from entering into analysis of the impacts or early conclusions. The separate governance option was further elaborated to explain what kind of legal requirements will be introduced regarding the establishment and functioning of the separate body and the tasks and powers of the Commission. The text on early discarded options was redrafted (including moving some parts of annex 5 into the report) to provide stronger argumentation for discarding the options.

The numbering of options was corrected to remain consistent throughout the report.

In the impacts section, the comparison of the options was further elaborated and the scoring system in the comparison table was adjusted to better reflect the analysis of the impacts of the different options. A tabular overview of the regulatory costs for the various options was introduced to facilitate the comparison. The scoring was also updated in the sensitivity analysis provided in annex 4.

The preferred option section was amended to address further clarifications on the vertical integration and the eligibility criteria. Regarding vertical integration, it was clarified that the price of the registration of a .eu domain name will not be stipulated in the contract between the Commission and the Registry. Furthermore, a more clear explanation on how the strict requirements (prohibition) of vertical integration will affect the .eu Registry was provided. Concerning the eligibility criteria, it was specified that that the intention is to introduce citizenship as a criterion for registration for natural persons while keeping residency as the criterion for both natural and legal persons. The entire Impact Assessment reflects this amendments and clarifications.

In the monitoring section, the indicators proposed were linked to operational objectives which in turn were linked to the four specific objectives of the initiative. A table was included to clarify the links. It was also clarified that these criteria for success of the preferred option will be regularly evaluated through the report the Commission has to submit regularly (every two years under the current framework) to the European Parliament and the Council on the implementation, effectiveness, and functioning of the .eu TLD.

Evidence, sources and quality

The Commission gathered qualitative and quantitative evidence from various sources:

Public consultation:

‘Public consultation on the evaluation and revision of the .eu top-level domain regulation’

Surveys:

EURid registrar survey (October 2017)

·Eligibility, regulatory framework, vertical integration

·Role in Internet Governance.

CENTR survey (ccTLD registries) (July - Sept 2017)

·.eu regulatory framework

·Fact finding ccTLD practices (eligibility, framework, registry’s involvement in Internet Governance)

·Surplus

Stakeholder meetings: 

Brainstorming session with EURid (11.07.2017)  

·.eu regulatory framework

Meeting with EURid Registrar Advisory Board (17.05.2017)

·Eligibility, vertical integration

Session at joint HLIG/CENTR meeting (4.10.2017)

·Role of ccTLDs in Internet Governance

European ccTLD registry .at  (5.10.2017)

·Fact finding - regulatory framework nic.at/Internet Foundation Austria

Meeting with ICANN (27.09.2017)

·Fact finding

·Regulatory framework

·Internet Governance

European Commission's internal meetings:

EC Cybersecurity Unit (H.1, CNECT) (12.11.2017)

·impact NIS Directive on DNS  (MS to assess whether ccTLD is ‘operator of essential services')

EC Legal Service SJ (29.06.2017 and 21.11.2017)

·Update regulatory framework

·GDPR implications

EC Legal Affairs Unit (R.4, CNECT)  (21.11.2017)

·Legal simplification options

EC Competition Digital Taskforce (EC Digital TF, DG COMP) (27.11.2017)

·Vertical Integration

·Budget and non-profit/profit operator structure

Written stakeholder contributions:

Open-Xchange (2.8.2017)

·DNS security, DNSSEC

MARQUES, the European Association of Trade Mark Owners (25.08.2017)

·Regulatory framework

·Role in Internet Governance

ECTA, European Communities Trade Mark Association (13.06.2017)

EURid (18.06.2017)

·Regulatory framework

EUIPO, European Union Intellectual Property Office (26.9.2017)

·Regulatory framework and operational perspectives

EXTERNAL REFERENCES:

·EURid, EURid's Quarterly update, Q3 2017 Progress Report

·EURid, EURid's Quarterly update, Q2 2017 Progress Report

·EURid, Annual report, 2016

·EURid, Environmental Statement, 2015-2017, ‘Going green’, https://eurid.eu/en/going-green/  

·EURid, 'Another reforestation project undertaken by EURid' https://eurid.eu/en/news/another-reforestation-project-undertaken-by-eurid/  

·EURid, ‘Website usage trends among top-level domains' 2014, https://eurid.eu/media/filer_public/03/2c/032cbaa0-b61f-4bc9-87a4-188a256d6a35/websiteusagetrends2014_eurid.pdf and 2011 , https://eurid.eu/media/filer_public/7b/93/7b93d320-99c7-45e3-ae77-d7418fb73691/insights_cat_nov2011.pdf  

·EURid, .eu awareness study, 2015, https://eurid.eu/media/filer_public/0a/19/0a1926a8-63d1-49c1-8543-21aaf06d9358/eurid_awareness_survey_2015.pdf  

·EURid, Registrar Advisory Board established, Domainpulse, October 2008, http://www.domainpulse.com/2008/10/07/eurid-registrar-advisory-board-established/

·The Verisign Domain Name Industry Brief, Volume 14 – Issue 3 – September 2017 , https://www.verisign.com/assets/domain-name-report-Q22017.pdf  

·UNESCO, VeriSign, EURid, World Report on Internationalised Domain Names, http://idnworldreport.eu/  

·ICANN, Governance Guidelines, May 2012, https://www.icann.org/resources/pages/guidelines-2012-05-15-en

·CENTR, Domain Wire, 2017/2, ‘Median growth’ chart, https://www.centr.org/statistics-centr/quarterly-reports.html#

·CENTR, Open stats tool, gTLD stats, market overview, https://stats.centr.org/gtlds  

·OECD, Council Recommendation on Principles for Internet Policy Making, 2011, https://www.oecd.org/Internet/ieconomy/49258588.pdf

·Domain Incite, 'Four in ten new gTLDs are shrinking', 18 September 2017 http://domainincite.com/22111-four-in-10-new-gtlds-are-shrinking

·Digital Economy Act 2010, ‘Powers in relation to Internet domain registries’, https://www.legislation.gov.uk/ukpga/2010/24/crossheading/powers-in-relation-to-Internet-domain-registries

·Internet World Stats, Internet Users in The European Union 2017, http://www.Internetworldstats.com/stats9.htm

·Registry Backend Overview, Statistics, https://ntldstats.com/backend  

·AFNIC, Evolution of the .fr and .re registration rules and procedures on March 30th, 2009, https://www.afnic.fr/en/about-afnic/news/general-news/2724/show/evolution-of-the-fr-and-re-registration-rules-and-procedures-on-march-30th-2009.html  

·'Earn money on YouTube' The Guardian, 2012 https://www.theguardian.com/money/2012/jan/13/earn-money-youtube-viral-video

·Net Mundial Multistakeholder Statement, 2014, 2014 http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf  

·The Registrar, 'That apple.com link you clicked on? Yeah, it's actually Russian', https://www.theregister.co.uk/2017/04/18/homograph_attack_again/

· https://onlinedomain.com/

·Trends on Facebook, https://trends.google.co.uk/trends/explore?q=EURid,Facebook

Annex 2: Stakeholder consultation

Stakeholders’ consultation Strategy

Summary of stakeholders’ views on the main issues related to the .eu regulatory framework

.eu REFIT Stakeholder Consultation

Analysis of online public consultation inputs

The .eu top-level domain (TLD) was established by Regulation EC 733/2002 of 22 April 2002 and is governed by the implementing rules of Regulation EC 874/2004 of 28 April 2004. On 12 May 2017 the European Commission launched a public consultation 4 to collect community input on whether the .eu legal framework still serves its purpose. The online consultation ran for 12 weeks and closed on 8 August 2017.

The consultation is a part of the REFIT review of the .eu TLD regulations and covers:

The Commission sought stakeholders’ views through an online questionnaire. Forty-four contributions had been received on the closing date: 43 responses on the online questionnaire and 1 written contribution.

Twenty-five (25) responses came from citizens/private individuals residing in 12 EU Members States. Most of them were between 25 and 65 years old (19 out of 25). Fifteen (15) responses came from business representatives, one from an association, and one from the public sector. The companies/organisations that participated are active in 9 Member States. Overall, contributions came from respondents in 17 Member States 5 and from one citizen residing outside the EU (indicated as ‘other’).

Figure 6: Geographic distribution of survey respondents

The fifteen (15) business representatives mainly work for companies providing IT-services (10 out of 15). There was one submission from the energy sector and one respondent indicated to work for a research, scientific or education institution. Three (3) responded ‘other’ but specified that they were with a company that provides advice or consultancy services.

Eight (8) respondents work for a company that provides domain name registration services: two (2) as a registry, four (4) as a registrar, and two (2) combine both registry and registrar functions.

A majority of the respondents holds one or more domain names. 26 out of 43 have a .eu TLD name; 28 have a domain name, other than a .eu TLD name 6 . It is possible to have .eu and other domain names at the same time.  In general, those that have a .eu TLD name are actively using it (21 out of 26), while four (4) said ‘it is just registered’ and one (1) ‘cancelled the domain name’.

The main aim of the .eu top-level domain is to contribute effectively to the Digital Single Market by encouraging and increasing secure and reliable e-commerce and build a strong digital identity for people and organisations in the European Union. 38 respondents (88%) find the current objectives of the .eu regulatory framework still relevant to address the needs of EU citizens and businesses.

14 respondents (33%) indicated that the objectives of the .eu TLD should be complemented. Their suggestions can be clustered in three groups:

30 respondents (70%) indicated that a .eu extension significantly or moderately affects their trust in a website. 26 (60%) answered that, as a consumer, they would rather buy from a .eu website than from a website with a generic extension. 23 (54%) said to prefer a .eu website over websites with another country code.

Respondents explained that trust in a .eu website is based on the expectation that ‘EU privacy and consumer protection laws will be applicable’. Others answered that a .eu extension makes a company ‘more international’ while ‘using a local country code (…) gives the image that the company aims only to customers of its own country’. For some respondents the preference for .eu ‘has more to do with the perceived trust on specific ccTLDs than the assumption that a .eu site is more trustworthy’. They have ‘in general more trust in .eu than in non-European country codes’ while ‘slightly more trust in .eu than in eastern European country codes’. Only one respondent said that a .eu extension decreases the level of trust.

Eleven (11) business representatives use a .eu name. 6 of them (55%) said that .eu significantly or moderately helped to expand their online business cross border, while 3 (27%) said that there was little or no effect. The opinions are less clear for the effect of a .eu on turnover or on the ability to attract customers from other countries.

For a majority of the respondents the .eu has significantly or moderately promoted ‘a clearly identifiable digital identity for citizens and business in the EU’ (81%), ‘cross-border access to the online market place’ (65%), and a ‘secure and reliable e-commerce in the EU’ (58%).

In general, neither private individuals nor business representatives consider the cost for holding a .eu TLD name significant. The domain holders were fairly positive about the cost-benefit ratio: 19 of the 34 (56%) holders of a .eu name gave a clear positive assessment while only two (2) respondents said that costs exceed the benefits.

Seven (7) respondents suggested simplifying the .eu regulatory framework. Most respondents, however, answered that there were ‘no’ (18 responses) or that they were ‘not aware’ (18 responses) of areas that could be simplified. Similarly, ten (10) respondents answered that some areas of the framework could be ‘changed or eliminated, to reduce regulatory burdens’ while the majority saw ‘no’ (16 responses) or was ‘not aware’ (17 responses) of areas that could be simplified.

There were several requests to relax the eligibility criteria. Other suggestions included: safeguards to fight (DNS) abuse, a clarification of the non-profit objective and use of revenue, amendments to the Alternative Dispute Resolution Rules (ADR), (deletion of) sunrise details, inclusion of direct registrations in underserved markets.

The regulatory framework is coherent with the EU priority for the completion of a European Digital Single Market say 28 or 65% of the respondents (significantly or moderately agree). Only one (1) respondent saw a discrepancy between the framework and the EDSM objectives. Eleven (11) ‘do not know’. Some commented that the .eu helps to create a conscience of one market and to build ’a strong and reliable digital identity for people and organisations in the European Union’. Others said that the .eu has a very limited impact and that other important aspects of the EDSM still need to be filled in.

The .eu regulatory framework is coherent with global domain name industry best practices say 24 respondents (56%) (significantly or moderately agree). Most business representatives agree while a large group of private individuals ticked the ‘do not know’ option. One respondent noted that there might be legitimate deviations from what some define as industry best practices because of the .eu objectives and the European understanding of privacy and trade. Others suggested the framework ‘to mandate adoption by the .eu Registry, registrars and registrants of modern DNS security technologies’ or asked to lift restrictions that might prevent registrars from ‘mitigating some forms of abuse more easily’. The Commission also received a written contribution asking for regulatory action to speed up the adoption and deployment of DNSSEC.

22 respondents (51%) consider the .eu framework more or less coherent with domain name policies set for other European country code Top Level Domains, while a large group of 17 (40%) did not know the answer on this question. While one respondent reiterated that .eu has its own status and origin, several others indicated that .eu could serve as ‘a benchmark for other ccTLDs’ in Europe.

70% of the respondents (30 out of 43) agreed that the EU action – with the establishment of legislation on the .eu – provided an added value in terms of encouraging cross-border secure and reliable e-commerce. Private individuals and business representatives equally agree with the statement. According to the respondents the .eu regulatory framework encouraged cross-border secure and reliable e-commerce because it increased trust, security and reliability; created a feeling of proximity and belonging to an EU community; helped businesses and organisations to create awareness about the European rather than country-wide scope of their services and activities; and encouraged the development of a competitive registrar market. Others see no direct link between a TLD extension (a label or identifier) and the encouragement of commercial activities. Some suggested that contractual policies would be more adequate than a regulatory framework as ‘they are more agile and responsive’ and that ‘achievements (…) could have been realised more quickly and more flexibly by a much lighter decision-making process, including more effective multi-stakeholder participation’.

A large majority of 34 respondents (79%) agreed that the action resulting from the .eu framework provided an added value in terms of building a stronger digital identity for people and organisations in the EU. .eu helps companies and organisations to be recognized as being European ‘which in some sectors has added value’ and ‘adds trusts especially regarding privacy’. Within Europe ‘it signals a cross-border, translational mindset’ or scope of one’s business, and fosters a cross-border identity and feeling to belong to the EU. Two respondents argued that having no legislation or having simple ‘contractual policies’ would be more efficient. Two respondents didn’t attribute any significant added value to the framework.

Under the current eligibility criteria for registration, the .eu TLD is available for residents of and organisations/companies established in EU members states plus Iceland, Norway or Lichtenstein (EEA). The respondents were asked to express preference on the following three options:

(A)        A .eu TLD should be available for registration by any European citizen, regardless of whether or not they are resident in the EU.

(B)    A .eu TLD name should be available for registration by any company/organisation regardless of whether or not they are established in the EU.

(C)    A .eu TLD name should be available for registration by anyone regardless of their residency or nationality criteria.

There is clear support for option (A) and an outspoken disagreement with option (B) and (C). However a considerable minority supports (B) or (C) and disagrees with (A).

Figure 9: .eu eligibility criteria – EU citizens regardless of country of residence (A); EU company/organisation regardless of country of establishment (B); available for anyone, regardless of residency or nationality criteria.

Several respondents link the .eu eligibility criteria with trust. They state amongst other that ‘a big part of the value (trust) comes from the fact that there is this direct link with the EU’ and the expectation ‘to find a company established in Europe that follows European regulations’. They warn that relaxing the eligibility criteria could make ‘the use of the .eu TLD misleading’. Other respondents are more relaxed on whether EU citizens residing outside the EU – temporarily or definite – could register or keep their registered .eu TLD name. A few alternative and additional eligibility criteria were suggested, e.g. allow registrations for companies based in the EU and their worldwide subsidiaries, prohibit registration by for persons or companies that had legal problems with the use of domain names, and create a transition phase for when eligibility conditions change (for example .eu registrants in the case of Brexit).

A large majority of 35 respondents (81%) showed a mild to strong preference 7 for a .eu regulatory framework that sets policy and procedures to be followed by the registry operator.

The respondents are divided over the question whether the .eu Registry operator should be free to offer .eu TLD names directly to end users, with a light tendency to support direct registrations. Private individuals are most outspoken in favour while opinions amongst business representatives are mixed and almost half of them strongly oppose direct registrations.

Similarly, respondents are divided on whether the .eu Registry operator should be free to offer .eu TLD names directly to end users in underserved markets where end-users have difficulties in finding a local domain name provider. The overall support for direct registrations in underserved markets hides that there is strong opposition within the business representatives.

Overall, respondents think that allowing the .eu Registry operator to offer domain names directly to end users is likely to benefit end users. A majority of the business representatives, however, disagrees with this statement.

A small majority of the respondents does not expect unintended positive side effects from direct registrations. Surprisingly, a similar small majority also doesn’t expect unintended negative side effects. Private individuals are divided on the potential positive effects but tend to disagree that there might be negative side effects. The majority of business representatives expects negative side effects and disagrees that there might be unintended positive side effects.

A high price for direct registrations could minimise unintended side effects suggest two respondents. Others look at the supervisory board and increased transparency to handle or avoid side effects. One respondent concluded that ‘unless the registry can offer a service or product that is not so interesting for registrars (…) it makes no sense (…) to compete directly with a mature multi-million EUR industry’. Another respondent added that the ‘potential anti-competitive effects of unfair competition by vertically integrated gTLD registrars, need to be thoroughly analysed and reported a matter of general concern for the ccTLD community in Europe and elsewhere’.

There is almost unanimous and strong support for the requirement that the .eu TLD operator should continue to be operated by a non-for profit organisation/association. 40 respondents (93%) support this statement, with a large majority (70%) strongly agreeing. All business representatives agreed that the .eu Registry operator should be not for profit. Two respondents did not agree, they suggested a private company and the public sector as alternative operator.

The respondents were requested to choose the most suitable governance framework to determine detailed policies and procedures for .eu. Below are the different options, ordered by preference – most preferred first.

Option (A) stands out as most preferred governance framework to determine the detailed policies and procedures for the .eu Registry operator. A large majority of 32 respondents (74%) has a clear preference 8 and no respondent marked option (A) as ‘least preferable’. (A) is preferred within the subgroups private individuals (20 out of 25, 80%) and business representatives (10 out of 15, 66%).

Only option (E) is clearly disapproved of. It is the only governance framework that is less or least preferred 9 by a majority of the respondents (29 out of 43, 68%), and a majority of the private individuals and the business representatives.

Some respondents commented on their preferred choice. They underlined amongst other the importance of transparency, a good collaboration with the registrars, they saw a coordinating role for the European Commission or an authoritative role for the Parliament, or want to link .eu rules and procedures to the ICANN multistakeholder process.

A majority of the respondents (30 out of 43, 70%) agrees that any surplus generated by the fee associated to the .eu TLD name that is not spent by the .eu Registry operator should be allocated for supporting EU priorities in Internet governance and EU Internet governance related projects. There’s equal support amongst the private individuals and business representatives.

Several respondents suggested activities and projects that could be supported from the surplus.

Most prominent are suggestions to use the surplus to support Internet governance and multistakeholderism and promote EU participation; to invest in improving security and developing the Internet infrastructure; and to enhance Internet access and inclusiveness (including Internet literacy among the elderly, unemployed, poor, children, etc.).

These are followed by suggestions to promote the use of .eu, establish a stronger EU (online) identity, educate businesses and users to maximise their online presence and support Internet startups. Two respondents also mentioned initiatives to support Net Neutrality.

Finally, there were suggestions mentioned by only one respondent, such as supporting the participation of EU citizens in the work of the EU institutions, reduce the cost of a .eu TLD name, software development and other projects that benefit the Internet at large.

Views are mixed on the question whether the .eu Registry has a role, within the wider Internet governance ecosystem, beyond the smooth and secure operation of the .eu TLD name. 13 respondents (30%) said ‘yes’, 13 said ‘no’, while 17 respondents (40%) answered ‘I do not know’. Also within the subgroups of private individuals and business representatives, there’s no clear preference in favour or against a role for the .eu Registry operator beyond operating the .eu TLD name.

Some suggested that the .eu Registry operator could be involved in education, capacity building and awareness rising on domain names and Internet/Internet governance – one suggested in particular educating and informing MEPs and legislators; help fighting cyber-crime; act as a facilitator for Internet governance activities; or help to harmonise and standardise ccTLD practices in Europe.

Annex 3: Who is affected and how?

Practical implications of the initiative

This initiative concerns the functioning and management of a top-level domain name (ccTLD). This is a predominantly technical, sector-specific issue pertaining to the domain name system (DNS) industry. Moreover the initiative is aimed at better enabling an already well-established domain to function within a changed and continuously evolving environment.

The impact of the intervention is going to be limited and to affect the following stakeholders: first and foremost the Registry that will have to implement the new framework and secondly the European Commission.

The network of accredited registrars will hardly feel any impact. Registries of other TLDs and other stakeholders in the domain name ecosystem will not be affected by the intervention. Neither will Member States' administrations.

End users, i.e. registrants or potential registrants (citizens and SMEs), will only be indirectly impacted to the extent the preferred option will ensure they will continue to enjoy the benefit that the .eu TLD brings to them (deriving from the link to the online EU identity and the single market) provided they choose to use a .eu TLD.

Summary of costs and benefits

Tables 8, 9. Overview of benefits and costs

Annex 4: Analytical methods

This annex provides a description of the methodological approach to the impact assessment by summarising the main methodological elements.

The analysis was conducted through the standard cost model for estimating administrative costs and complemented by a multi-criteria analysis to analyse the policy options.

Impact assessment framework

The evaluation attached to this impact assessment considered how successful the current EU legal framework has been in achieving or progressing towards the objectives of setting up the '.eu' Top Level Domain, to be  ‘a key building block for electronic commerce in Europe’, and support the objectives of Art 114 of the Treaty [functioning of internal market].

Both positive and negative aspects in relation to the above mentioned objectives were assessed. These were also evaluated in the light of the described market developments.

Data collection and analytical exercises

The impact assessment relied on a number of different data sources, including a public consultation on the evaluation and revision of the .eu top-level domain regulation; the results of external surveys respectively commissioned by EURid and CENTR; written contributions provided by Open-Xchange, the European Association of Trade Mark Owners (MARQUES), the European Communities Trade Mark Association (ECTA), and the European Union Intellectual Property office (EUIPO); and external references from relevant stakeholders including EURid, Verisign, ICANN, CENTR, AFNIC and OECD. See Annex I for further details.

Challenges and limitations

One of the major limitations of this exercise was the low level of awareness of detail of the .eu Regulations amongst the interested stakeholders. This was clearly showed by the high levels of ‘don’t know’ responses in our public consultation. One possible reason for this is that neither end-users nor ccTLD registries are directly involved or impacted by the .eu Regulations – although the EU citizen does indirectly experience an impact on the market performance of .eu TLD from the .eu Regulations.

Furthermore, it needs to be considered that input provided by the various ccTLD registries might have been subject to partisan reasoning. Recognising the limitations of this qualitative data, statistical and quantitative evidence was given the due importance. 

Multicriteria analysis of options ranking

To draw conclusions from the options comparison table, a sensitivity analysis helped to check that options' ranking was not sensitive to the method used:

·aggregative methods (simple aggregation versus weighted sum which neutralises the number of sub-criteria, giving equal weight to overall effectiveness, overall efficiency and coherence)

·Condorcet outranking matrix (partially compensatory) based on individual sub-criteria (without weights).

Further sensitivity analysis was done on the options’ scores, comparing the above ranking results with those of an initial set of scores (shown below), on which further analysis had identified inconsistencies. This set differed from the revised scores above on 4 elements of the matrix (highlighted above in yellow: option 2: reg. costs ++ changed to +; option 3: S04 + changed to ++ and reg. costs ++ changed to +; option 5(b)(i): S03 changed 0 to +).    
The differences with the results above (copied below on the right) show that the revision increased slightly the distance between best and second best options.

Condorcet results (only partially compensatory) show the revision increased further the distance between the worst (status quo) and third best options.

Annex 5: Early discarded options

OPTION 1: COMMERCIALISATION

This option would provide a high level of flexibility, allowing the registry to adapt quickly to changing circumstances. On the other hand, it would significantly limit oversight by the European Commission. The Registry might still have to operate within an established framework and abiding certain conditions, however, it could act in a purely commercial environment, seeking profit.

The option is likely to create a fully commercial .eu TLD in which there would be little guarantee that EU values or objectives would be prioritised and adequately pursued.

The option is weak both from a political and legal point of view. Politically, it would be hard to convince the Council and the European Parliament to give away a substantial part of their indirect oversight over the .eu TLD. Moreover, weakening the involvement of the EU in an area which is becoming highly sensitive (such as the policy-making in the DNS space) and in a political context where increased political attention is given to issues related to the security and trust on the Internet, would not be in line with the current political context.

Such an option does not have support from stakeholders: in the online public consultation, 70% of respondents strongly agreed that the .eu TLD should continue to be operated by a non-for-profit organisation.

Moreover, having a "for profit" operator might have consequences in terms of EU competition law if the European Commission would like to have a say on where and how to allocate the profits generated by the sale of the .eu TLD name.

Despite guaranteeing a strong level of flexibility, this option encounters several weaknesses in terms of feasibility, both from a political and legal point of view. Moreover, the .eu TLD has a strong association with European identity – a full externalisation of its management might undermine that unique aspect. Therefore this option is not appropriate to achieve the objectives specified in section 4.

OPTION 4: INSTITUTIONALISATION

a: INTERNALISATION

b: EU AGENCY (ENISA)

The transition of the management of the .eu TLD to an EU agency is a delicate process which requires careful planning and preparation. It could even be interpreted by the market as a lack of confidence by the EU Commission in existing arrangements. Therefore appropriate measures should be taken to mitigate these risks.

One of the main, negative perceptions of the .eu TLD at present is that it is seen as too "institutional" compared with other more innovative TLDs. Having an EU agency manage the .eu TLD would reinforce and strengthen that perception.

On the other hand, this option would certainly provide the EU institutions with a strong oversight, as well as increased stability and business continuity, over the management of the .eu TLD.

The option of moving the .eu Registry to ENISA is also early discarded despite some potentially interesting synergies which could be developed in the area of cybersecurity. Considering that the extension of the mandate of ENISA, as part of the cybersecurity package currently being examined by co-legislators, already foresees a number of new tasks for this agency, incorporation of the .eu is not a realistic option. Moreover, this agency does not currently have the technical capacity for the operation and management of the .eu. Acquiring it would be costly and inefficient.

Annex 6: ccTLD registry best practices

Over the past twenty years, the country code Top-Level Domain (ccTLDs) community experienced major changes. Most of the ccTLDs were born in the eighties in a pure academic environment as Internet was brought to the various countries via the university networks. Therefore, at the very beginning ccTLDs were a local “service” with very limited knowledge of what was going on among their peers.

The domain name environment knew a sort of golden age at the end of the 90’ when many ccTLDs saw that the demand for domain name was becoming higher and therefore, it was time for them to update their policies and procedures and be closer to the market. It was the time many ccTLDs decided to get deregulated by softening their registration rules, by opening to other countries, by learning from other industry peers’ best practices. It was the time when the regional ccTLDs organisations were established with the objective to help the dialogue among ccTLDs, to assert their rights in the rising ICANN landscape and to facilitate the best practice sharing, keeping in mind that each ccTLD is almost unique because of the specific context where it has grown.

In May 2001, the Council of European Top Level Domain Registries (CENTR) 11 , the ccTLD organisation mainly for the European region, published the very first document about best practice guidelines for ccTLD managers 12 . The document represented a landmark for ccTLD for several years and contributed to strengthening the need for ccTLDs operators to have a look at what others are doing before making changes in their policies. The guidelines contain a clear reference to Internet best practice principles that are:

·self-regulation;

·bottom-up authority (the Internet consists of cooperative networks);

·consensus (requirement for self-regulation);

·transparency (requirement for self-regulation);

·cooperation based on trust and fairness.

Those principles still are still valid nowadays and are followed by the Internet operators.

The net is quite rich of presentations about ccTLD best practices mainly given by ccTLD regional organisations’ and/or ICANN representatives 13 . Over the years both ICANN and ISOC have developed numerous joint ccTLD tutorials for various regions of the world, with the ultimate intent to improve the literacy of those ccTLD operators who did not have the capacity to attend international forums 14 .

One of the very first and still most interesting ccTLD best practices’ presentations on domain name policy models 15 is the one by Hilde Thunem, CEO of NORID, the .no registry manager, who made an excellent analysis of the correlation between requirement for a domain name applicant and the number of domain names allowed per applicant. The assessment showed that in most of the cases the more relaxed are the eligibility criteria, the higher are the chances to have more registrations even if at some risk.

So far, ccTLD best practices have been investigated at various levels, not only in high-level areas such as the registry governance model, interaction between the registry and its sale channel, the pricing schemes, business continuity but also in more detailed aspects such as domain name transfer, bona vacantia, launch of Internationalised Domain Names at the second or top level, use of DNSSEC and authentication methods for registrars.

The World Intellectual Property Organisation published a best practice document for ccTLDs for the Prevention and Resolution of Intellectual Property Disputes 16 . In late 2006 the Organisation for Economic Cooperation and development delivered a study on the evolution in the management of the ccTLDs 17 that contains some useful comparisons among ccTLD policies despite of also containing numerous factual mistakes and wrong assumptions.

The dynamics between ccTLDs and the local dimension of Internet governance have also been extensively investigated. One of the most complete studies in this respect remains the one produced by Carolina Aguerre, former Latin America country code TLD Organisation manager (LACTLD). Her working paper “incorporates institutionalism as a framework for mapping the main players which are determining the particular organizational field of national Internet Governance and the role played by ccTLDs. The analysis shows that the Internet organizational field is highly politically dependent from a domestic/local perspective and that the institutions which are involved in Internet Governance, including ccTLDs are pursuing active policies in trying to configure a field that is not yet institutionalized 18 .“

At present, CENTR remains the most proactive and valuable source of ccTLD registry best practices. Since 2002, every 2 or 3 years the CENTR A-level survey has given an insight on the organisation and main policy rules of the registries in the CENTR community with an average participation of 50 registries. There is no CENTR registry member that has implemented changes in its policies and procedures without having had a look and a careful read of the latest CENTR A-Level survey that recently was replaced by the online CENTR registry dashboard. Over the past years, the most active discussions and information exchange at CENTR level have been about the registry deregulations, domain name pricing schemes and technical aspects like the Extensible Provisioning Protocol.

To sum up, there is plenty of literature, including presentations, on ccTLD best practices that have been developed over the past twenty years. However, it is worth to highlight that each ccTLD continues to be strongly linked to its historical, cultural and economic background. Many ccTLDs have implemented policies and procedures that recall the most common ones in the industry. Others are still well catering for their local community even if their governance and policies are far from being in line with the market, and many are in the process of shaping and/or redesigning their policies thanks to the lessons learnt by other players 19 .

Annex 7: Vertical Integration

Vertical Integration models:

There are three registration models currently observed in the domain name environment:

•Vertical Integration (closed model: this means that consumers can only register a domain name under a specific extension directly with the registry, without going through an intermediary (registrar). The advantage of this model is that all the registration steps are fully controlled. This is the model that the .com top-level domain had at the very beginning before the US Government decided to enhance the market competition by separating the registry and registrar functions 20 .

•Vertical Separation (also known as Registry-Registrar-Registrant model - ‘3 Rs’ model): this is currently the most common model. The most direct benefit is that it offloads interaction and support for end-users from the registry, and does not impact the registry´s professional and unbiased reputation. Often this model is anchored in registries´ laws or articles of association. At the same time, good relations between the registry and the registrars are of paramount importance, as the accredited registrar network is the only sales channel for the TLD.

• Mixed model: the registry offers both the direct registration model and the Registry-Registrar-Registrant model. Often the direct registrations are reserved for special holders (public institutions) or specific cases (so-called ‘last resort’ registries). This is the model that more than ten European ccTLD registries still have, including the .se registry that has used its own registrar for specific campaigns over the past years. With the introduction of new gTLDs, ICANN lifted the previous ban on vertical integration within the gTLD space. This provides the market with a benefit that new gTLDs which have niche or specialist market offerings (that may not be attractive for registrars to support) can reach end-users directly.

European market overview:

Out of a sample of twenty-nine ccTLD registries, eighteen 21 use the ‘3 Rs’ registration model, ten 22 use the Mixed registration model and only one 23 uses the Vertical Integration model. 24 The current predominant model in the region is the Registry-Registrar-Registrant model, with several registries having shifted their registration models from Direct or Mixed to the ‘3 Rs’ model as the market has evolved. However, it is worth highlighting that most of the European registries cater exclusively or primarily for their local market and can count, therefore on a solid network of local registrars. The .eu Registry currently offers the .eu – and its equivalent in Cyrillic – to 31 different countries where there are significant imbalances in the presence or involvement of registrars.

According to the results of a CENTR survey conducted in Q1 2017, no European registries are considering (re)introducing direct registrations in the future. Indeed, several registries 25 have recently changed their registration model to phase out direct registrations, and offer only the Registry-Registrar-Registrant model. The main reason of the full switch to the 3Rs model only is their acknowledgement of having reached a mature, accredited registrar base that could well support their TLD.

Annex 8: Total costs estimation in the 2018 budget of EURid

Annex 9: Administrative Burden for the .eu Registry

1.Standard Cost Model – Administrative Burden for the current .eu Registry under the BASELINE (Table 11)

2. Standard Cost Model – Administrative Burden for the .eu Registry under the Modernisation Option (Table 12) 

3. Standard Cost Model – Administrative Burden for the .eu Registry under the Separate Governance Option (Table 13)

4. Standard Cost Model – Administrative Burden for the .eu Registry under the EUIPO Option (Table 14)

Annex 10: Administrative Burden for the European Commission

1. Standard Cost Model – Administrative Burden for the European Commission under the Baseline (Table 15)

2.Standard Cost Model – Administrative Burden for the European Commission under the Modernisation Option (TABLE 16)

3.Standard Cost Model – Administrative Burden for the European Commission under the Separate Governance Option (table 17)

Annex 11: Cost estimation for the operation of the multi-stakeholder separate body

Considering the multi-stakeholder separate body will consist of 7 members, observers from all EU Member States (MS) and the European Parliament (EP) and that it will physically meet two times a year, the following cost estimation is made:

Table 19. Cost estimation for the multistakeholder separate body

Annex 12: Cost of transferring the .eu Registry to the EUIPO and cost of running the .eu Registry by EUIPO

According to EUIPO's calculations the cost to implement the transition amounts to €1.688.400 for an 18-month transition period. The annual cost for running the .eu Registry after the 18-mont transition period would be €10.465.724 27 .

Table 20

More in detail, EUIPO is estimating transfer cost 28 as follows:

Human resources

Project Team

For the transition phase of EUIPO as .eu Registry, a project team 29 of around 6 FTEs is envisaged. This will cover a Project manager (50%), Project lead (100%), Process improvement manager (100%), IT expert (70%), HR expert (50%), Finance expert (50%), Marketing/ Communication expert (50%), Legal expert (30%) and Project support (100%). Considering preparatory work and closure of the project, a timeframe of 18 months is envisaged.

Table 21. .eu Registry - cost estimate - project team

Governance Board

At present, the .eu Registry is overseen by a Strategic Committee and Board of Directors. It is envisaged by the EC that these structures in their current form will cease to exist, replaced by a new Governance Board made up of the EC, the EUIPO and additional stakeholders identified with the EC.

As the final structure is not yet defined, it will be assumed that the current expenditures foreseen (detailed numbers are not available to the EUIPO) for the governing bodies will be maintained.

The work needed to implement this change of the governing board will be covered by the project team.

Advisory Costs

To assure success as .eu Registry, it will be important for the EUIPO to receive high level guidance from the beginning of the transition period. With this in mind, it is considered appropriate for the EUIPO to have at its disposal independent advisory support from domain name registry experts. This could be covered by the statutory solution of special advisors.

It is expected that the costs attributed to contracting such advisors be partly recovered by the reduction of management needs, since it is already expected that during the transition period a number of managers will no longer continue.

Table 22. .eu Registry - cost overview advisory costs

.eu Registry Workforce

In the case of the EUIPO as .eu Registry, a gradual move of staff to the EUIPO is foreseen, acquiring people from EURid and externally. Though many synergies can be created by moving the service to the EUIPO, it is considered pragmatic to consider that not all efficiency gains will be materialised during the transition phase. This will be further improved once the initial structure at the EUIPO is set-up and the permanent workforce planning finalised. Once these elements are clear and posts made available in the establishment plan (or in the case of Contract Agents an increase in budget is approved), the necessary selection procedures can be launched.

To accommodate this interim solution the EUIPO has several framework contracts covering a variety of profiles. If a profile cannot be covered by an existing framework contract, a call for tender will be launched. Alternatively, immediate solutions such as making available Contract Agent positions for the transition period could be explored with the EC.

Given that the EUIPO does not have any specific information as to the individual salaries or contractual termination periods of the people working at EURid, it is considered that, in principle the expenditure for salaries can be maintained during the transition period.

It could be even expected that short term efficiency gains will be achieved during the transition period. By way of example, the current .eu Registry headcount in the customer services is 21 FTEs. With the existing EUIPO customer and technical service in place covering all EU languages, a reduction of the team, after knowledge transfer, can be expected.

Table 23. .eu Registry - cost estimate - .eu Registry workforce

Possible Relocation Costs/ Acquisition Costs

With the potential for the EUIPO to take on a number of current .eu staff or external staff, relocation packages should be considered should the EUIPO become .eu Registry.

Table 24. .eu Registry - cost estimate - relocation/ acquisition costs

Travel costs (additional costs related to the transfer excluding .eu business travels)

The transfer of the .eu Registry will require frequent visits to the EC as well as to the EURid headquarters and its subsidiaries. This will be particularly necessary at the beginning of the transition period in order to map precisely the activities performed, evaluate the state of the legal, financial and technical situation and define a detailed roadmap.

These visits will also serve to identify key personnel, key activities and involvements in initiatives, working groups and other business obligations.

Taking the above into consideration, it is envisaged that initially the project team embark on 2 one week visits to Brussels in order to evaluate and effectively plan for the move. These visits should be built upon with regular follow-up meetings until the end of the transition period of 1-2 trips per month.

With the move to Alicante, a new need to for regular trips to Brussels to meet with the EC needs to be introduced. To this end, four coordination visits are foreseen after the transition period.

As the subsidiaries will also be maintained during the transition phase, three trips per subsidiary are foreseen during the transition phase to map activities, get an overview of the legal, financial and technical situation and to foster strong communication.

Additionally, during the transition phase some additional business travel by the EUIPO is foreseen to accompany EURid staff on important business trips for knowledge transfer and to gain an overview of activities. At this stage the schedule is not available, therefore around 20 business trips (12 International and 8 European) will be considered.

Table 25. .eu Registry - cost estimate - travel expenses 30

Infrastructure

No burdensome cost would be expected for the EUIPO in terms of the provision of physical space needed to accommodate additional staff due to the expansion of activities. With a new building recently inaugurated at the EUIPO premises in Alicante to support growth of operations, including dedicated project areas for use in internal or external projects based on priorities, the acquisition of new staff could be absorbed. Should it be needed, the outsourcing of some external services to nearby buildings could also be considered to provide additional space, as is current EUIPO practice.   

In terms of space to house the two data centres, no additional cost would be supposed for the EUIPO with room in both its onsite and offsite back- up data centre to cover needs.

Subsidiaries

The .eu Registry maintains three subsidiary offices in Sweden, Italy and the Czech Republic that are envisaged to remain. No additional costs are foreseen to be associated with the subsidiary offices during the transition period.

Table 26. .eu Registry - cost estimate - subsidiaries

Marketing and Communication

In terms of marketing and communication, an extensive awareness campaign will be launched during the transition period to inform users, staff and other stakeholders of the transfer of responsibilities. This will be done both through EUIPO’s own (IP and general public) channels and the well-established channels of the .eu Registry including social networks. During this campaign the values of the EUIPO and the .eu domain name in terms of quality and European identity will be particularly promoted, with a special emphasis on accessibility and security. This would see the .eu strengthened and more competitive with its visibility improved to the general public and in particular SMEs.

Following the transition period, synergies will lead to the social media channels of the EUIPO absorbing those of the .eu Registry.

Marketing strategies such as co-funded marketing whereby part of the revenue generated by each .eu Registrar is reinvested for marketing campaigns focussed solely on the .eu domain will be continued until further decision.

Table 27. .eu Registry - cost estimate - marketing and communication

IT costs

The EUIPO has recently built up a highly available and reliable data centre meeting the highest standards including those of the Uptime Institute © for TIER IV configuration. Its design is such as to face up to any problem without affecting system availability. Used also as a disaster recovery for other agencies such as EFCA, the EUIPO has obtained good understanding of the effort needed to set-up and maintain them.

That being said, as the EUIPO has no detailed information on the number of applications run by the .eu or if the .eu Registry owns the servers, the dimensions of the requirements are unknown. To provide a reasonable estimate in the case of the EUIPO becoming .eu Registry, it has been assumed that the EUIPO reuse all of its corporate servers (email, network equipment, communication lines) and provision only for the servers, hosting applications or databases that are not currently supported by its existing infrastructure. Based on this assumption ten physical servers would provide three to four environments for each data centre. The servers themselves constitute a significant cost driver. These expenses however would not be incurred in the instance that the servers currently used by the .eu are owned by them and that their transfer to the EUIPO is made possible.

Besides the data centre, a number of additional cost areas, listed below, would need to be considered for the transition phase. It should be noted that overall the EUIPO would be in the position to generate savings from the beginning of the initial set-up.

Table 28. .eu Registry - cost estimate - IT costs

Website

Understanding the .eu website to be an asset owned by the EC, as .eu Registry the EUIPO would foresee maintaining the existing website carrying out a rebranding to reflect new ownership. The costs attributed to this rebranding are reflected in the transition period.

Table 29. .eu Registry - cost estimate - website

Fee management

The .eu domain is currently sold by registrars who make initial prepayment of €2 500 serving as a credit from which registration fees are deducted. The balance of this prepayment is topped up via monthly invoices corresponding to activity once they start registering domain names. A post-payment scenario is also available to .eu Registrars after two years who have a European bank account and are subject to the Single Euro Payment Area (SEPA).

During the transition period, it is foreseen to keep the existing fee management system run by EURid in place. The system will be fed into EUIPOs SAP accounting system via semi-automatic data extraction where .eu revenues will be separately accounted for.

Expenses on the other hand will be managed separately, using Activity Based Budgeting and Management (ABB/ABM). In a second step, further integration with the EUIPO Back Office will be envisaged.

Table 30. .eu Registry - cost estimate - fee management

Annex 13: Indicators to monitor actual impacts

The following set of indicators, which are relevant to the TLD market, will be used to evaluate the actual impacts of the preferred option:

·Registration volumes and renewal rates

For any TLD that entered the domain name market after the big domain expansion of the late nineties - early years of the third millennium, having reached a stable volume of over 3.7 million domain name is an indicator of the TLD’ health (e.g. other TLDs introduced in the 2004 gTLD round, such as .tel, .asia and .mobi never reached even half million registrations despite of massive and more aggressive marketing campaigns at their sale channel’ level).

Furthermore, renewal rates above 75% are also considered an indicator of a TLD health and stability (see the latest ICANN gTLD marketplace index at https://www.icann.org/en/system/files/files/gtld-marketplace-health-index-beta-14dec17-en.pdf ).

·Number of DNSSEC signed domain names

DNSSEC (Domain Name System Security Extensions) is an Internet security protocol that helps to reduce the risk that visitors to your website are led to fake websites if they type your website address, protected with DNSSEC technology, into their browser.

Having 10% of correctly DNSSEC signed domain names out of the overall portfolio can be considered also an indicator of the registry’ good work to promote the security and stability of the entire TLD infrastructure.

·Registrar network expansion rates and geographical gap filling performances

Number of new registrars accredited each year, number of registrars by geographical distribution.

In the current EC Regulation, the .eu Registry operator must ensure to have accredited registrars in as many EU countries as possible. The current registrar network expansion is about 10 new registrars each quarter. That is also a good indicator of whether a TLD is still appealing.

·.eu perception among end-users

See https://eurid.eu/media/filer_public/0a/19/0a1926a8-63d1-49c1-8543-21aaf06d9358/eurid_awareness_survey_2015.pdf

67% of the interviewed consumers in 2015 knew about the availability and existence of the .eu TLD. As the survey states, this is a significant increase against 56% in 2010. The survey also links the highest awareness rates to the highest registration numbers in certain countries. Again, this is an indicator of the good performance of the .eu TLD and its registry operator.

·Click-through rates (CTR) and impressions of awareness campaigns

The .eu Registry operator regularly benchmarks its online awareness campaigns against the market.

If we consider the “standard” CTR metric, i.e. the number of clicks that an ad receives divided by the number of times the ad is shown (clicks ÷ impressions = CTR), EURid’s latest campaigns reached the following results:

Figure 5. Click-through rates (CTR) of EURid's latest campaign

Considering that the average display CTR in April 2017 was 0.22% (source: http://www.richmediagallery.com/tools/benchmarks ), this can be considered an above average CTR.

·Social media positive followers and engagement rates

The .eu Registry operator has managed to optimise its social media presence.

In November 2017, its Influence score rose to 100% and its engagement score recorded a score of 41%. The Twitter engagement and influence benchmark table against industry peers is a valuable indicator of the ability of the registry to reach out to various stakeholders and to be seen as an industry leader.

Chart 1. Engagement and influence rates of different registries

·Robustness and resilience of the technical infrastructure

Storage and rackspace capacities, redundancy of the network for back-up in case of failures, time of back-up in case of failures, datacentre distribution, anycast networks configuration and resilience.

Registered .eu and .ею domain names are stored on 4 unicast name servers, located in Europe, and 2 anycast meshes located throughout the world (see the table below). EURid's name servers are updated dynamically.

The number of anycast networks and the infrastructure distribution are also a good indicator of the robustness, resilience and stability of the .eu technical infrastructure.

·Annual vulnerability and penetration tests rates

Percentage of the system vulnerability against external attacks, number and outcome of penetration tests.

This is part of the business continuity exercise. A registry that regularly runs vulnerability and penetration test shows that it cares for its infrastructure’ robustness and resilience. One test a year is a good indicator.

·Long-term financial sustainability indicators including percentage of bad-debtors

Percentage of bad-debtors among registrars; level and distribution of reserves to ensure long term financial sustainability in case of attacks.

Considering the special framework in which EURid operates and the fact that any surplus is returned to the EU budget, the .eu Registry operator has built a reserve system to allow the registry to continue to operate and/or wind-up. Having an operational, financial sustainability of 6-8 months in case of a dramatic drop in new registrations and/or renewals is a good indicator of a healthy financial system.

·Standards and service levels for customer support (end users) including responsiveness rates

Number of tools to communicate with end-users, response rates to end-users requests via the different tools

Indicators of a good customer service to end users are the number of tools the end user can use to interact with the registry. Also, the annual number of complaints against the service received is a good indicator of the service level.

·Standards and service levels for customer support (registrars) including responsiveness rates

Number of tools to communicate with registrars, response rates to registrars (with the current registry the time to respond to a registrar request must be within 4 hours)

Indicators of a good customer service to registrars are the number of tools the end user can use to interact with the registry. For example in the case of the current .eu Registry operator, we have: 24 EU language support during office hours via email and phone, 24/7 phone service during non-office hours (EN only), chat tool, webinars, registry.eu, postal service to four EURid offices. Also, the number of registrar complaints against the service received is a good indicator of the service level.

·Registrar satisfaction survey ratings

See https://eurid.eu/en/news/registrar-satisfaction-survey-2015-findings/

A constantly growing registrar satisfaction rate is an indicator of the how registrars appreciate the registry service.

Other ratings in standard registrar satisfaction surveys are indicators of the registrar satisfaction against the various registry services and/or performances.

·Number of assessed risks, number of business continuity plan exercises over a year, non-conformities out of BCP exercises

A yearly BCP exercise is considered the standard practice of having a good business continuity planning in the TLD industry.

Furthermore, a full risk assessment – covering not only technical, but also administrative, financial, legal and external risks – is an indicator of a registry’ readiness to cope with contingencies.

Audited BCP exercises ending with few if no non-conformities are a good indicator of a registry having a robust preparation to deal with unforeseen situations.

·Disaster recovery timeframes

Time to recover the business in case of major contingencies

This depends much on the kind of disaster. On average, any registry should be able to resume its core function – registration of domain names, availability and reachability of the registered domain names, other operations for registered domain names – in few hours after the disaster takes place.

The technical infrastructure distribution at geographical and provider level helps to ensure immediate recovery times.

·Number of Court cases per year and possible financial costs

There are no indicators on the average number of Court cases that could be considered as acceptable for a registry. Most of the times, such number is linked to the overall number of registered domains. Therefore, 1 or 2 cases per million registered domain names can be considered as acceptable.

·Number of abuses on .eu TLD names

Even for this element there are no-industry standard indicators. However, a registry listed as having high number of domain names used for abuses in one of the industry report about abuses (e.g. The Global Phishing Report table of TLD contains indicators on what the reported levels of domain names registered for phishing abuses can be “tolerable” under a TLD. See https://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf ) may run into reputational risks.

·Number of international engagement MoU and/or agreements

An indicator of a registry with a strong international engagement is the number of official partnerships established with industry peers, including participation in international working groups, chairmanship of industry organisations, public acknowledgements of the registry expertise in certain areas.

·Number of publications

The number of publications of a registry is also a good indicator of the registry expertise in certain areas. If those publications are also made in cooperation with other parties, that should be also seen as a good indicator of the registry being seen as an expert in that area.

·Number and importance of findings of external audits on the .eu Registry

One or two minor findings that only need to be addressed by a recommendation to the Registry are acceptable. A finding such as conflict of interest or mismanagement is considered completely unacceptable.

(1)

Commission Work Programme 2017, Delivering a Europe that protects, empowers and defends, https://ec.europa.eu/info/sites/info/files/cwp_2017_en.pdf ; Annex 2, https://ec.europa.eu/info/sites/info/files/cwp_2017_annex_ii_en.pdf  

(2)

See https://ec.europa.eu/digital-single-market/en/news/public-consultation-evaluation-and-revision-eu-top-level-domain-regulations

(3)

See https://ec.europa.eu/digital-single-market/en/news/summary-report-public-consultation-evaluation-and-revision-eu-top-level-domain-regulations  

(4)

  https://ec.europa.eu/digital-single-market/en/news/commission-launches-public-consultation-review-rules-eu-top-level-domain

(5)

‘Country of residence’ (private individuals), ‘place of operation’ (business), ‘legal seat’ (association or public sector).

(6)

.be, .biz, .co.uk, .com, .cz, .de, .fr, .gr, .info, .it, .net, .nl, .org, .party, .vlaanderen; and two respondents indicated to have ‘several hundreds’ and ‘several others’.

(7)

Mild to strong preference = answers 3, 4 or 5 on a scale between ‘0 – Strongly disagree’ and ‘5 – Strongly agree’.

(8)

Clear preference = answered 1, 2 or 3 on a scale between ‘1 – More preferable’ and ‘6 – Least preferable’.

(9)

Less to least preferable = answers 4, 5 or 6 on a scale between ‘1 – More preferable’ and ‘6 – Least preferable’.

(10)

This cost is included when calculating the overall compliance cost compared to the baseline for the preferred option. The reduction of € 57.200 mentioned above for Commission compliance cost takes into account the extra cost for the additional activity to exercise oversight over the multi-stakeholder separate body.

(11)

  www.centr.org  

(12)

  https://archive.icann.org/en/cctlds/centr-2nd-best-practices-20may01.htm  

(13)

  https://www.iana.org/about/presentations/davies-sofia-bestpractice-061025.pdf , https://www.pacnog.org/pacnog4/presentations/save-cctld-best-prac.pdf  

(14)

  www.isoc.org/educpillar/cctld/sofia.shtml  

(15)

  http://slideplayer.com/slide/8979918/  

(16)

  http://www.wipo.int/export/sites/www/amc/en/docs/bestpractices.pdf  

(17)

  https://www.oecd.org/sti/ieconomy/37730629.pdf  

(18)

  http://udesa.edu.ar/sites/default/files/imported-36b0a836a5c89c440f181dc242cbb5598716f1bf-8-ccTLDs_aguerre.pdf  

(19)

See Nominet presentation at ICANN57 meeting on new TLD services ( https://ccnso.icann.org/en/meetings/hyderabad57/presentations.htm ), the one by IIS, the .se registry, on legal challenges at ICANN54 ( https://ccnso.icann.org/en/meetings/dublin54/presentations.htm ), and the one by .co on their involvement in cybersecurity matters ( https://ccnso.icann.org/sites/default/files/file/field-file-attach/2016-12/presentation-how-co-handles-cs-matters-29jun16-en.pdf ).

(20)

See US Government White Paper, 1998, section 6 https://www.icann.org/resources/unthemed-pages/white-paper-2012-02-25-en  

(21)

.be, .ca, .ch/.li, .cz, .fr, .hu, .it, .lt, .me, .nl, .pl, .ru, .se, .si, .ua, .dk, .il.

(22)

.at, .de, .es, .hr, .ie, .lu, .pt, .rs, .uk, .lv.

(23)

.is.

(24)

The information comes from registry websites, statistics available on CENTR’s (Council of European National Top-Level Domain Registries) website ( https://www.centr.org/ ) and the website of each registry operator.

(25)

E.g. .fi, .pl, .ch, .il (partially).

(26)

This amount is estimated taking into account the Commission Decision on Rules on the reimbursement of expenses incurred by people from outside the Commission invited to attend meetings in an expert capacity, of 5 December 2007.

(27)

The figures used for the current .eu Registry.eu Registry.eu Registry are from 2016 EURid budget.

(28)

Excluded in the transition cost calculation are any costs related to redundancy payments of current .eu Registry staff that will not be maintained. The same applies to contractual obligations where financial damages may be incurred for example in the case of termination.

(29)

Made up of both internal and external resources based on the cost of projects run by the EUIPO.

(30)

EUIPO calculates on an average €4 400 per international trip/person and €1 200 for a European trip/ person.

EUROPEAN COMMISSION

Brussels, 27.4.2018

SWD(2018) 120 final

COMMISSION STAFF WORKING DOCUMENT

IMPACT ASSESSMENT

Annex 14:
EVALUATION of the REFIT Review of Regulation EC 733/2002 establishing the “.eu” top-level domain (TLD) and Regulation EC 874/2004 laying down public policy rules concerning the implementation and functions of the .eu TLD

Accompanying the document

Proposal of a Regulation of the European Parliament and of the Council

on the implementation and functioning of the .eu Top Level Domain name and repealing Regulation (EC) No 733/2002 and Commission Regulation (EC) No 874/2004

{COM(2018) 231 final}
{SEC(2018) 205 final}
{SWD(2018) 121 final}
{SWD(2018) 122 final}

1.    Introduction

In 2006, the .eu Top Level Domain (TLD) was established to enable European businesses and citizens to participate in ecommerce and to enhance participation in the online single market. This was done at the initiative of the European Commission, through two legislative instruments:

·Regulation (EC) No 733/2002 of the European Parliament and of the Council of 22 April 2002 on the implementation of the .eu Top Level Domain;

·Commission Regulation (EC) No 874/2004 of 28th April 2004 laying down public policy rules (PPR), concerning the implementation and functions of the .eu TLD, and the principles governing registration, 1  

together referred to as the ".eu Regulations" in this document.

Much has changed in the online environment, since the .eu Regulations were fist adopted. In 2002, less than 10% of the world’s population was online; by 2017, almost half the world is connected to the Internet. 2 Social media platforms did not exist in the early part of the century -Facebook, which now counts 2 billion monthly users, was not established until 2004, with Twitter following in 2006. Apple’s iPhone - which revolutionised both telephony and Internet usage patterns, and brought ‘apps’ to the market - was not launched until 2007. In 2013, a massive expansion of the domain name market began with the introduction of more than 1300 new generic Top Level Domains (gTLDs) – providing EU consumers with extended choice and new business models into the domain name industry.

Since the adoption of the first of the .eu Regulations, 15 years ago, the EU political and legislative context, with regard to the Internet, has also changed significantly. From a political and regulatory backwater in the early 2000s, the impact of Internet technologies is now driving major legislative programmes and strategies such as the Digital Single Market, and the security risks associated with the online environment are recognised as posing critical threats to economic and social well-being 3 .

As you will see in the analysis of the answers to the evaluation in section 5, this legal framework drafted in the early 2000's is outdated and generates cumbersome administrative constraints which are negatively impacting both the Commission and the registry operator when it comes to the day-to-day management of the .eu domain. Meanwhile, the .eu TLD's competitiveness and ability to respond to market changes is undermined.

Purpose and scope

The 2017 Commission Work Programme 4 included the revision and modernisation of the .eu Regulations under the Regulatory Fitness and Performance Programme (REFIT). This is to ensure that the .eu legal framework still serves its intended purpose in the context of the above mentioned new market and regulatory environment.

This report is an Evaluation of Regulation EC 733/2002 establishing the .eu top-level domain (TLD) and Commission Regulation EC 784/2004 laying down public policy rules concerning the implementation and functions of the .eu TLD. It considers the extent to which the .eu Regulations have fulfilled their original objectives, and whether they remain fit for purpose, given the significant developments in the marketplace, technology and regulatory environments since their first adoption.

In compliance with the Better Regulation Guidelines, this evaluation will assess the effectiveness, efficiency, relevance, coherence and EU added value of the .eu domain name legal framework. It also covers its implementation across the European Union since the adoption of the first Regulation in 2002.

This evaluation report of the current .eu regulatory framework was conducted thoroughly by using both quantitative and qualitative approaches. While the .eu TLD is available in EEA countries, and thus the quantitative registration figures include EEA countries, this evaluation report focuses on the EU alone.

This evaluation report should be read with the accompanying Impact Assessment which has been developed in a back-to-back process.

2.    Background to the intervention

2.1    Description of the intervention and its objectives

In 1999, following the input received from European industry representatives 5 , the Commission initiated the process which led to the establishment of the .eu TLD in 2006 6 .

The Commission Communication of 2000 described the problem as it was perceived at the time, and the added value intended to be created through the .eu TLD:

The Commission considers that the creation of the .EU Domain would be a decisive element for accelerating e-economy and e-commerce in Europe at a time when the single currency will soon be a reality. The existing generic TLD, .COM, is already congested. Thus, .EU would expand the Domain Name Space and at the same time would enhance the interconnection and interoperability of European companies, organisations and individuals. It would give users who wish to operate across the Internal Market a specific European identification which will be recognised globally. It will also avoid the necessity of registration in different Member States. Indirectly, it would also increase consumer confidence in the use of the Internet among European users, since European law, data and consumer protection rules would apply 7 .

Through the .eu TLD, end-users operating across the Internal Market were to be provided with a specific European identification. This was also intended to promote the European Union image within the global online arena. The .eu TLD aimed to facilitate a clearly identified link between undertakings, organisations and natural persons with the Union. European citizens were to be equipped with a safer place in cyberspace in which their rights as consumers and individuals would be protected by European rules, standards, and courts 8 .

The .eu TLD's key objective was to promote the use of, and access to, the Internet and online marketplace, in accordance with Article 170 of the TFEU on Trans-European Networks, by providing a complementary registration domain to existing ccTLDs and gTLDs 9 , and in consequence increase choice and competition. Domain names are part of a series of factors that enable internet access alongside essential physical infrastructure, low prices for internet services (dependent on vibrant competition amongst providers), and high speed broadband. Once basic access is possible, domain name registration enables access and use of the Internet and online marketplace, through the development of websites and email necessary to conduct e-commerce. This was particularly true in the early 2000s before the advent of substitutes such as apps and social media, but it remains the case that domain names (websites, email) remain key component of access to and use of the Internet.

To meet the above-mentioned objectives, today's regulatory framework sets out the conditions for the .eu TLD implementation and establishes the general policy framework within which the .eu Registry, appointed by the Commission in accordance with .eu Regulations EC 733/2002 and EC 784/2004 , performs its functions.

The diagram below summaries how the .eu Regulations intended to address the identified core needs such as accelerating e-commerce and promoting a European digital identity.

2.2 Baseline and points of comparison

Prior to the establishment of the “.eu” Top Level Domain, individual EU residents or companies established in the EU were not provided with the option of having a pan-European internet identity for their online presence – generally websites and e-mail addresses. The EU institutions, for the running of their operations, were using the generic TLD ".int" reserved for use by international organisations.

Ahead of the publication of the original legislative proposal 10 , no impact assessment as per Better Regulation provisions 11  was conducted. The absence of such input prevents the delivery of an exhaustive description of the situation before the initial legislative act was delivered. 

However, a public consultation and several meetings with stakeholders were carried out. The summary report 12  of such survey suggests that the gTLDs Domain Name space of the early 2000 was viewed by stakeholders as congested, due to a dominant position held by the gTLD .com. Thus, in the words of the Commission Communication in 2000, the creation of a .eu TLD was aimed at expanding the DNS market offering of the time, while enhancing the interconnection and interoperability of European companies, organisations and individuals. An expansion of the DNS market through the addition of the TLD would have contributed to the interconnection of Europeans by providing an additional online namespace which would enable Europeans to connect and communicate with one another.

3.    Implementation / state of Play

Description of the current situation

Launch of the .eu Top Level Domain

The .eu Regulations were implemented first through the delegation of the .eu TLD in the DNS root zone managed by the Internet Assigned Numbers Authority (IANA) 13 under the Internet Corporation for Assigned Names and Numbers (ICANN) 14 at the request of the Commission, secondly through the appointment of a registry operator responsible for the management of the .eu TLD, EURid, following a call for expressions of interest, and thirdly through the launch of the .eu TLD to the market in 2006.

The top level domain (TLD) .eu opened for registration in April 2006. Its foundation aimed to promote the European Union’s image on the global information networks and bring an added value to the internet naming system in addition to the national ccTLDs. 15  

The .eu registry and its relationship with the Commission

The .eu registry is the entity responsible for the organisation, administration and management of the .eu TLD. The original registry operator, EURid, continues to operate the .eu TLD. EURid is a Europe-wide non-profit organisation with its head office in Diegem (Belgium) and regional offices in Stockholm, Prague, and Pisa. The .eu Registry was appointed by the Commission 16 , following a call for expression of interest 17 . As foreseen in the .eu Regulations, the Commission signed a first service concession contract with the .eu Registry on 12 October 2004, extended by 5 years in October 2009 18 . EURid was awarded a second service concession contract on 12th April 2014, following a call for expressions of interest and the European Commission Implementing Decision of 11th April 2014. 19  

The .eu TLD implementation was pursued by the European Commission due to it is EU-wide nature. The appointed registry operator comes directly from the private-sector (not-for-profit) and its operations are monitored by the EU Commission 20 . This model is widely used within the European Economic Area since the 1990s, for example in Germany, the UK, Austria, Belgium, Sweden, Netherlands, Switzerland and Norway 21 .

Market performance of the .eu Registry

The .eu Registry has a network of more than 700 accredited registrars throughout the world. 22 It is respected in the domain name industry and is recognised by the downstream registrars (retailers) as outstanding in comparison to its peers. For example, in 2017 EURid was awarded CENTR’s 23 registry of the year, voted by more than 100 registrars 24 to honour ccTLD registry projects, teams and people having a positive impact in the Domain Name industry. In 2013, EURid was presented the CENTR award for the best marketing programme for registrars 25 .

Despite entering the market in 2006 – much later than the years of the rapid growth in European domain name registrations - the .eu TLD has established itself as a valuable option for any European resident choosing a domain name for their Internet presence.

Today, the total number of .eu registrations is above 3.7 million with more than 200,000 new registrations in Q3 2017 26 making the European Union's domain name the 4th largest ccTLD in the EU 27 , and 8th largest ccTLD in the world 28 . The table below shows the distribution of .eu registrations by country of registrant.

The .eu TLD market performance needs to be analysed in the context of an online domain name environment impacted by extensive technological changes. For example the popularity of online social media platforms, the growth of mobile the launch of ICANN’s new gTLD programme, which resulted in more than 1300 new TLDs being available for EU consumers, has dramatically changed the domain name offer - some of the new gTLDs compete the .eu ccTLD by appealing to alternative geographic, European identities (e.g. .berlin, .paris, .amsterdam, .bayern, .hamburg). Others compete indirectly with the .eu TLD by diverting particular interest groups away from the .eu domain (.casa, .solutions, .shop, .cloud, etc).

Technical and operational systems

Today's .eu Registry Operator operates its own technical registry services and infrastructure, including the public WHOIS lookup service for .eu. EURid supports resolution of domain names through both IPv4 and IPv6 protocols 29 , and is actively promoting adoption of a security protocol (called DNSSEC) which enhances the security of the Domain Name System. Nearly 350,000 .eu domains are signed with DNSSEC 30 .

To cope with the volume of DNS and WHOIS queries, while guaranteeing uninterrupted resolution of .eu domains, EURid has also contracted anycast nameservers' operators 31 . EURid’s technical team has developed its own open source nameserver implementation (called YADIFA), a high performance, portable and standards compliant nameserver implementation software 32 .

EURid was one of the first European registries that developed a full Business Continuity Plan (BCP) in 2007, based on an in-depth risk assessment and a disaster recovery plan 33 . Since then, EURid has been running one BCP exercise on a yearly basis . The registry has also voluntarily adopted and adheres to international standards for information assurance, including ISO 27001 34 .

Support for linguistic diversity

The .eu Registry provides customer support and translation of key documents in all 24 official languages of the European Union (even Maltese and Gaelic which are no longer routinely supported by the EU institutions), pursuant to the obligation set out at Recitals (2), (7) and Article 6 of .eu Regulation 784/2004.

Further to the obligations set out in Article 6 of .eu Regulation 874/2004, the .eu Registry has supported linguistic diversity in the online environment through its active promotion of Internationalised Domain Names (IDNs), distinguished by accents or diacritics, and in scripts other than Latin. IDNs play a crucial role in supporting the varied linguistic landscape of the European Union.

The .eu Registry first launched IDNs at the second level (see diagram) in 2009, to support domain names in Latin, Latin extended, Greek, Greek extended, Cyrillic and Cyrillic extended scripts 35 . At the close of the third quarter of 2017, there were over 42,000 IDN registrations under .eu and .ею. 36

In 2009 ICANN launched a process 37 to enable ccTLD registry operators to provide Top Level Domains in non-ASCII scripts (such as Cyrillic and Greek for example). At the Commission’s request, the .eu Registry applied through the ICANN process for .eu in Cyrillic and in Greek scripts. The objective, in line with the EU’s support for linguistic diversity, is to enable Bulgarian and Greek internet users to benefit from being able to register .eu domain names in their own language. The delegation 38 and launch 39 of the .ею TLD (Cyrillic script, to support the Bulgarian language) took place in 2016. The .eu registry has persisted with the .ευ (.eu in Greek) application despite numerous setbacks, and has been active in working groups relating to improving the IDN ccTLD Fast Track evaluation process 40 .

The .eu Registry partners with UNESCO, and others to produce the annual World Report on Internationalised Domain Names 41 , a project which has been running since 2011. The World Report tracks the implementation of IDNs throughout the world, and at the European level. It has become a respected and well-referenced resource for industry and researchers, and supports the EU goal of enhancing linguistic diversity in the online environment. The first Memorandum of Understanding with UNESCO was signed in 2013 and was renewed in 2017. The MoU foresees cooperation of the two parties to promote online linguistic diversity. The .eu Registry has presented the annual World Report on IDNs with the support and participation of representatives from the Commission, at successive UN Internet Governance Fora 42 , at the European Parliament, and will launch the 2017 issue in collaboration with the European Internet Forum 43 .

Monitoring of the .eu TLD by the Commission

Monitoring arrangements are conducted according to the provisions of the .eu regulations and the Service Concession Contract, and include the following:

-The Commission is to provide a report to the European Parliament and the Council on the implementation, effectiveness and functioning of the .eu TLD, one year after adoption of the first .eu Regulation and thereafter every two years 44 .

-At the end of the start-up phase 45 of the .eu TLD, the .eu Registry was required to provide an independent audit and report its findings to the Commission 46 .

-The .eu Registry is required to provide administrative and financial bi-yearly (formerly quarterly) and annual reports to the Commission on key metrics, progress against the annual Operating Plan objectives and possible changes in strategy, which are also published on the registry’s website 47 .

-The Service Concession Contract contains detailed financial and governance requirements aimed at monitoring the performance and good practices of the .eu Registry, for example with obligations to seek Commission approval before the appointment of any managers, to seek three competitive quotes for any expenditure over and above [€5,000], and to undertake written cost-benefit analysis prior to such high expenditure.

-Bi-yearly official meetings take place between Commission staff and informal meetings are held with EURid’s External Relations Manager to ensure that the Commission is kept fully informed and up-to-date of all developments.

4.    Method

Short description of methodology

In order to gather input for this evaluation, the European Commission collected the views from stakeholders through an (online) open public consultation on the potential revision of the .eu top-level domain (TLD) Regulations.

The Commission took active steps to bring the consultation to the attention of relevant stakeholders. The consultation was announced with a news article on the Digital Single Market section of the Commission website 48 , on the Commission’s consultation pages 49 , on Digibytes 50 and on Twitter 51 . The announcement of the consultation was picked up in some online news and Member States' websites 52 . The consultation was available for online submissions 53 and ran from 12 May to 4 August 2017 - a summary report, along with the questions asked, is available at Annex 2.

Alongside the public consultation, the Commission conducted targeted consultations with relevant stakeholders including operators of European ccTLDs, registrars, the .eu Registry, ICANN, current and former regulators at the Member State and EU levels. The Commission received a small number of written contributions from stakeholders outside of the online consultation, for example from MARQUES, Open-Xchange, EUIPO and ECTA. A full list of the consultations conducted is at Annex 2.

The input from stakeholders was complemented with a wide range of existing, respected secondary sources, for example on the market penetration and renewal rates of .eu and competitor TLDs. Appropriate references are given in the text of this report to such third party sources.

Limitations and robustness of findings

Overall, the participation in the public consultation was low. A total of 43 responses was received, which exhibit varying levels of understanding on the subject matter. The response rate was in line with expectations given that the consultation was conducted during the summer months, and there is generally a low level of end-user interest and participation in the operation and regulation of technical infrastructure.

The response rate from a CENTR survey of ccTLD operators produced a low number of responses (11), but these represented relatively more expert stakeholders from large, medium and small ccTLD registries throughout the region, who manage a total of more than 38 million domains.

One of the major limitations of both questionnaires is the low level of awareness of the detail of the .eu Regulations, even among industry peers. This resulted in high levels of ‘don’t know’ responses in answer to questions about the detail of the .eu Regulations. One possible reason for this is that neither end-users nor different ccTLD registries are directly involved or impacted by the .eu Regulations – although the EU citizen does indirectly experience the impact of the .eu Regulations through the availability, pricing and policies of the .eu TLD.

These limitations were mitigated by complementing surveys with targeted consultations and workshops. Both the Commission and the .eu Registry have provided detailed input through workshops in line with Better Regulations guidelines (in the case of the Commission), and targeted 1:1 consultations (in the case of the .eu Registry).

5.    Analysis and answers to the evaluation questions

5.1.    Effectiveness    

This section will consider how successful the EU intervention has been in achieving or progressing towards its objectives of creating the'.eu' Top Level Domain, to be ‘a key building block for electronic commerce in Europe’, and support the objectives of Art 114 of the Treaty [functioning of internal market] 54 .

The regulations enabled the .eu TLD to be included in the root database for the domain name system by ICANN (2005), and subsequently launched to the market in 2006.

Adoption rates and growth

The .eu TLD is one of the largest ccTLDs in the EU, and has grown to 3.7 m registrations since its launch in 2006.

Average annual growth for .eu has been +4.6% over the past ten years 55 . Over the past five years, however, growth has remained relatively static and 2016 saw negative growth for the first time in .eu’s history.

Growth rates in the wider market have been declining for some years. According to the Council for European National Top-Level Domain Registries, CENTR, median growth across European national ccTLDs has declined from 0.6% in 2013 to below 0.2% in 2017 56 . During the year to December 2016, three of the largest TLDs in the world experienced negative growth: .net (-4.5%), .uk (-0.5%) and .org (-4.2%) 57 . Meanwhile, the new gTLD environment exhibits high volatility – for example .loan had higher than 700% growth in 2016 58 , and .xyz dropped more than 50% of its domains in a single month (August 2017) 59 .

Decreasing growth rates across the ‘legacy’ domain names in developed markets such as North America and the European Union can be linked to several factors – including a change from under-supply to over-supply and consequent increased competitiveness, fewer marketing promotions by those registrars that became involved in new gTLD registries, and in some cases stagnant economy.

When a domain name is created, a contract is entered into between the end user and the retailer (a registrar) for a specific period of time – between 1 month and 10 years in duration. When the domain name expires at the end of the term, two things can happen: either the domain name is cancelled and ceases to exist, or it is renewed for successive periods of one year and remains in use. The renewal rate of a particular Top Level Domain (TLD) is the percentage of domains that are renewed. Renewal rates 60 are more difficult to affect through price promotions (and/or other marketing initiatives) which aim at the acquisition of new customers. For this reason, renewal rates are viewed in the domain name industry as a sign of quality – domains that are in use are more likely to renew than those that are not in use. Renewals of .eu domains consistently average around 80%. That is a 13% higher renewal rate than for .com and .net 61 , but 4% below the average for ccTLD CENTR members 62 . Renewal rates amongst new generic Top Level Domains (gTLDs) are still highly variable, consistent with new market offerings: some are experiencing renewal rates as low as 10-15% 63 .

Overall, declining annual growth and the lowest penetration per 1,000 of population in its target market indicate room for improvement in terms of market penetration 64 .

Supporting ecommerce and the internal market

To be effective in supporting ecommerce and the internal market, there should be evidence of uptake of the .eu TLD by businesses. Determining the use of domain names requires analysis of the way that they are used. The .eu Registry has undertaken two studies which evaluate the way that .eu domain names are being used, and makes comparisons with other popular Top Level Domains (TLDs) such as .com. According to the .eu Registry’s website analysis studies in 2011 and 2014, the .eu performs higher than comparator TLDs in relation to business use 65 .

The figure above (fig.4), taken from a study on web site usage across several TLDs in 2014 conducted by the .eu Registry, measures the percentage of each TLD used for ‘business’ and ‘community’ purposes (the x and y axis of fig. 4). The analysis indicates that .eu has the highest rate of business use (38%) amongst the sample TLDs, compared with 33% for .com, the next most popular for business. Business use is the most likely to have ecommerce applications. According to this analysis, .org is the most popular for ‘community’ use.

The figure above (fig. 3) also taken from the 2014 .eu Registry web analysis study makes a comparison of the percentage usage rates for different types of web content amongst the five TLDs included in the study (.eu, .com, .org, .net and .info). The study indicates that the rate of ‘business’ use in .eu is 37%, the highest among all the TLDs in the study. The .eu TLD is also popular for ‘institutional’ use (alongside .org). Another feature of .eu is that it has lower rates of ‘junk’ type usage than comparison TLDs, for example holding page 66 , pay per click 67 and adult, suggesting that the .eu TLD is more likely to be associated with quality content than the comparator TLDs. The only exception is a relatively high rate of ‘error’, 25% for .eu, meaning that a web page cannot be reached. This is consistent with lower rates of holding pages and pay per click, which are customarily used in other TLDs (such as .com, and .info) for domains with no unique or active content, and which are used instead to generate advertising revenue from web or search traffic to the domain name in question.

Research conducted by the .eu registry shows links between the .eu TLD and "European values". A customer awareness study in 2015 68 received 4,900 responses from 27 countries. It not only showed that 67% of respondents were aware the existence of the .eu TLD (up from 56% in 2010), but it also revealed that the term ‘European’ was the strongest association for the .eu domain, along with "professional" and "commercial activities".

As well as this quantitative evidence from research conducted by the .eu Registry, there is qualitative evidence in relation to the .eu TLD and the digital single market. In the stakeholder questionnaire conducted for the REFIT process, eleven respondents were businesses that use a .eu domain, and more than half (55%) indicated that the .eu extension significantly or moderately helped to expand their online business cross border, while 27% said there was little or no effect.

For a majority of the respondents to the stakeholder questionnaire the .eu has significantly or moderately promoted ‘a clearly identifiable digital identity for citizens and business in the EU’ (81%), ‘cross-border access to the online market place’ (65%), and a ‘secure and reliable e-commerce in the EU’ (58%). Similar sentiments are expressed in customer testimonials published by the .eu Registry, for example “We’ve chosen .eu because we are a European company that does business within Germany and all over Europe and .eu fit.”. (Leguano.eu), “Having a .eu domain name has really helped our business grow as our website is better accepted within Europe.” (Angel-baby.eu) 69 .

Effectiveness in the management and corporate of the .eu Registry    

Despite detailed provisions relating to the start-up of the .eu TLD, many of which are now outdated or obsolete (see ‘Relevance’ below), the .eu Regulations contain no provisions regarding the corporate governance of the registry operator. For example, there is no guidance on how long individual board members are permitted to serve, nor on how conflicts of interest should be managed. The CEO, and three of the five board directors 70 have all been in place since the foundation of the company in 2004.

An audit report into the governance of the .eu Registry, conducted on behalf of the Commission in 2013, highlighted a number of concerns including potential commercial conflicts of interest. The second service concession contract between the Commission and the .eu Registry contains extensive provisions relating to management of potential conflicts of interest, and gives extensive powers for the Commission to intervene. However, no action has been taken by the Commission in relation to concerns that have existed for some time, indicating low effectiveness in the current regulatory relationship.

Effectiveness of market

According to the .eu Regulations, the .eu Registry itself cannot act as registrar. Therefore, the .eu Registry currently relies on 712 accredited registrars. The number of accredited registrars has dropped slightly in the last two years – there were 751 at the end of Q1 2015.

Reorganisation and acquisitions among registrars are partly responsible for the drop in the number of accredited registrars. The top 10 registrars account for 36% of .eu registrations, and the top 100 more than 85% of .eu registrations. The large number .eu registrars indicates strong competition in the market at the level of registrar (retailers for .eu domain names), despite a slight drop in the number of registrars overall.

Over the past five years, there has been a vast increase in choice of TLD available to EU citizens with the launch of ICANN’s new gTLD programme. An increase in number of available TLDs to the market has reversed the previous power balances between some registries and registrars.

Competition amongst registries has intensified to ensure that their TLD is prominent in the registrar shelf-space – to be more visible to end-user customers. Some registrars are more proactive than others in marketing the .eu TLD to end-users. For example, at the current time, the .eu accredited registrars in Bulgaria, Romania, Lithuania, Latvia, Finland and Malta offer several other TLDs for sale, and are not proactively marketing .eu to their customers. As a result, in some EU Member States, access to .eu domains is limited, and therefore opportunities to participate in ecommerce within the single market. Comments from the stakeholder questionnaire included a suggestion that the .eu Registry should be able to offer direct registrations in underserved markets.

5.2.    Efficiency

This section analyses the progress made towards achieving the objectives of the intervention. It assesses the progress made to date, the role of the EU action in delivering the observed changes, and evaluates the relationship between the resources used by the intervention and the changes generated by it.

Financial position and contribution to Commission budget and goals

No tax-payer funds have been used in the establishment or operation of the .eu TLD, apart from those needed by the Commission to perform its monitoring function. EURid operates on a not-for-profit basis and pays over any financial surplus to the EU budget after the end of each financial year. In its most recent financial year (2016), its turnover was €14.4m, and its financial surplus was €2.7m. Revenue increased by 4.41% and costs decreased by 7.44% during the 2016 financial year. Since 2010, EURid has contributed a total of €6 m to the European Union budget (see figure below).

In addition to transferring the annual surplus to the European Union budget , the .eu Registry has supported and financed numerous projects to further EU objectives which might otherwise have had to be paid for by the EU taxpayer, for example:

·EURid agreed to host, sponsor and organise the annual meeting of the European Dialogue on Internet Governance, EuroDIG, in 2016, in partnership with the Commission 71 . The cost of 350 000 EUR was borne by EURid.

·EURid agreed to host an ICANN meeting in Brussels in 2010 72 , following a request by the Commission. The cost of 450 000 EUR was borne by EURid

·EURid is the first and currently the only European TLD registry to have achieved EU Eco-Management and Audit Scheme (EMAS) registration. Since its adoption of EMAS in 2012 73 , EURid has increased its use of renewable energy, reduced its carbon footprint and offsets CO2 emissions 74 and supports environmental projects such as ‘+BEARS –CO2’ 75 .

·In 2014, EURid launched the ‘.eu Web Awards’ which recognises the best of .eu websites from across the EU 76 and incorporates EU strategic priorities such as "combatting climate change" and "EU identity" in its award categories.

·EURid proactively participates in international internet governance processes, such as ICANN and the UN Internet Governance Forum. For example, EURid’s External Relations Manager has been chairing the ICANN ccNSO Strategic and Operating Plan Working Group since 2013 77 and has been participating in working groups relating to IDN projects since 2009. 78

·Since 2013, EURid has organised and delivered seminars on internet governance, law and cybersecurity at College of Europe in Bruges 79 , the Scuola Superiore Sant’Anna in Pisa 80 , and University of Southern Bohemia in Ceské Budèjovice 81 .

·In 2016, EURid signed a memorandum of understanding with EUROPOL engage in joint efforts related to fighting cybercrime, to exchange statistical data and trends pertaining to cybercrime, and to commit to cooperate on projects designed to combat cybercrime 82 . Through the MoU, EURid voluntarily cooperated in the high profile operation Avalanche case, coordinated by EUROPOL with the cooperation of the US Federal Bureau of Investigation (FBI) and numerous domain name registries 83 .

·In 2017, EURid signed a memorandum of understanding with ‘Together against Cybercrime International’ with the goal of promoting Internet Governance and increasing awareness of the domain name system. 84

·In 2012, EURid signed a MoU with UNESCO to further promote online multilingualism and participate in common projects to support linguistic diversity. 85

Cost of .eu domains

In general, neither private individuals nor business representatives consider the cost 86 for holding a .eu domain name significant. The domain holders were fairly positive about the cost-benefit ratio: 19 of the 34 (56%) holders of a .eu name gave a clear positive assessment while only two (2) respondents said that costs exceed the benefits.

Since January 2013, in order to remain in line with its contractual obligation to work at cost, the .eu Registry changed the renewal and term extension fee of a domain name from €4 to €3.75. At the same time, to be more competitive in the dynamic TLD market, EURid launched the Customised Reduction Schemes (CRS) for its registrars, which enable reduced new registration fees according to the registrar’s sales volumes. As of January 2017, the basic fee for a new domain name for those registrars subscribing to the CRS is €1.75. In Q1 2017 98% of registrations were made by the 331 registrars who joined the CRS in 2017.

The price referred to above is the price the .eu Registry sells to Registrars. The price the end users get depends then on the Registrars and any additional services they provide with the domain name. Retail prices for .eu TLDs can vary from as low as €0.99 (special registrar promotions) up to €100 or €200 if the domain is bought with value-added services such as content management, security features, or many email addresses.

Costs and benefits of regulation

The .eu legal framework foresees the allocation of a registry to organise, administer and manage the .eu TLD. EURid was established as a joint venture between the ccTLD operators of Belgium, Sweden, Italy and Czech Republic, with the sole intention of running the newly established TLD. Therefore all of EURid's costs are linked with the implementation of the .eu legal framework (compliance cost). The total costs of fiscal year 2016 were € 11.365.237 87 .

The .eu Regulations create a regulatory role for the European Commission in relation to the .eu registry, EURid. The regulatory relationship is further elaborated in the current Service Concession contract,. The Commission incurs the cost of managing the relationship. The calculations below further take into account:

·Periods when amendments to the Regulations have to be introduced to allow technical updates; and

·Periods when the service concession contract has to be negotiated (through a new call for expression of interest) or renegotiated (through extension of the existing contract).

There need to be two Commission officials devoting 50 % of their time to the required action relating to .eu TLD, and a head of unit devoting 5%. Considering the average total cost of a Commission official is 143.000 € 88 , the compliance cost for the Commission equals to 150.150 € 89 .

Under current .eu Regulations the actor incurring external administrative burden is the .eu Registry. An examination of the mandatory information obligations (IO) EURid currently has with regard to the European Commission through the 'Standard Cost Model' (SCM) reveals that the .eu Registry is incurring a cost from administrative burden that equals to €115.688. Ten IOs need to be carried out by EURid. Please see the tables with detailed calculations of these ten IOs in Annex 9.

Some internal administrative burden is felt at Commission level. In particular eight IOs are part of Commission's workload when it comes to implementing the current .eu framework. According to SCM calculations in Annex 10 the Commission is incurring a cost from administrative burden that equals to €40.322.

The .eu Regulations, particularly the Public Policy Rules, contain a level of detail which is now out of step with market best practices and creates delay costs. For the .eu registry and the Commission to be able to implement changes in its market offering in order to keep up with technical changes and support linguistic diversity has proven time consuming:

·Amendments to the Regulations were necessary to implement updates in technical standards relating to internationalised domain names (.eu supports all 24 official languages of the EU, including Bulgarian and Greek, which require domain names in Cyrillic and Greek scripts). Whereas DENIC, the private sector German ccTLD, and NIC.AT, the Austrian ccTLD, were able to implement changes to the technical standards 90 within one month of their publication, it took the .eu Registry and the Commission 19 months’ work to update the Commission Regulation 874/2004 for implementing a minor technical changes and updating the list of reserved domain names. Changes within the competent European Commission staff also contributed to such delay.

·To clarify that technical checks would take place prior to and not only after a domain name was registered, necessary to implement a security feature for Greek and Cyrillic domain names (homoglyph bundling, to avoid homograph attacks 91 ) took 37 months, due to delays in consultations with Member States conducted by the Commission.

These lead times for updating the regulations are the norm in terms of the time taken to update or conceive EU legislation, with all the associated obligations for analysis, consultation, publication and approval. The key issue in the context of the .eu TLD is that other TLD operators do not have to seek updates of primary legislation in order to implement technical standards – which change frequently. Therefore the inflexibility of the .eu Regulations place the .eu registry operator at a disadvantage compared to its competitors, and EU citizens who wish to register a .eu domain do not receive the benefits of the latest technical standards.

There are also enforcement costs stemming from the current .eu legal framework. The .eu Registry is obliged to run an annual external audit on its financial accounts. The amount paid annually to the external auditors equals to 29.000 €. In addition the Commission is entitled to run an independent external audit on the .eu Registry if it so wishes. The cost for running such an audit with an external auditing company is estimated around €100.000.

The following table summarises the compliance costs, administrative burden, delay costs and enforcement costs:

The regulatory costs are shared by the Commission and the .eu Registry, nevertheless they have an impact on the EU citizen: Commission costs are directly borne by the EU taxpayer, and the registry costs have an indirect impact as they reduce the level of surplus which is returned each year by the registry to the European Union.

Considering the .eu Regulations are detailed and to some extent outdated there is potential for simplification and burden reduction. Options to achieve cost savings with respect to regulatory costs are proposed and actual cost reduction they would bring is analysed in the Impact Assessment.

Inflexible administrative provisions

Significant resources at both Commission and registry level are consumed in administering and implementing the list of reserved domain name by the EU institutions. 93 This is partly due to the level of inflexibility provided by the Commission Regulation 874/2004:

·Art 9, para 2 of Commission Regulation 874/2004 foresees the procedure for the Commission to notify reserved names for the Institutions. The Regulation foresees this as a one-off event, and contains no procedure to reserve new names at the future or remove names from the lists once created. This creates problems and friction between the Commission and the .eu Registry. It has often been the case that because of bureaucratic, inflexible rules, the Commission has not been able to obtain the reservation of a chosen domain name. While the cost to the EU tax payer of such transactions is low, the impact on the EU institutions is more onerous: either going through time-consuming processes dictated by the .eu Regulations (involving the Commission) or paying for domain names in the open market in order to obtain a domain name more quickly. Meanwhile, the intended uniform use of .eu for the online presence of European institutions has become eroded, for example through the use of .org and other TLDs.

·Art 17 provides 5 names that the Registry operator can reserve for itself. This is too detailed to be set out at the level of Regulation.  A general permission for the registry to reserve a reasonable number of domain names for its operational functions would be more appropriate.

·Chapter VI of Commission Regulation 874/2004 sets out rules for the resolution of domain name disputes (the .eu Alternative Dispute Resolution (ADR) tool). Having such detailed provisions at the level of Regulation prevents flexibility or changes to practices in response to market conditions. Despite provisions in regulation 733/2002 that the dispute resolution should reflect international best practices, the .eu ADR, in compliance with rules laid down by Regulation 874/2004, is inconsistent with international best practices subject to constant changes.

Respondents to the registry questionnaire mentioned the need for ‘more flexible policy making in response to market’, the need to ‘continuously adjust the operational aspects resulting from the natural evolution of the internet’. Several registries reported that they had not taken any element from the .eu Regulatory framework or incorporated them into their policies or procedures. These answers, combined with the administrative experiences highlighted above, indicate a potential lack of efficiency in the current .eu Regulations, in that they have not been used as a model by others.

Seven respondents to the stakeholder questionnaire suggested simplifying the .eu regulatory framework. Most respondents, however, answered that there were ‘no’ (18 responses) or that they were ‘not aware’ (18 responses) of areas that could be simplified. Similarly, ten (10) respondents answered that some areas of the framework could be ‘changed or eliminated, to reduce regulatory burdens’ while the majority saw ‘no’ (16 responses) or was ‘not aware of’ (17 responses) areas that could be simplified. These answers indicate both a low level of awareness among stakeholders external to the domain name industry of the detail of .eu Regulations. They also support the view that the current .eu Regulations may be over detailed and inflexible.

Other suggestions from the stakeholder and registry questionnaires included: clarification of the use of revenue, amendments to the Alternative Dispute Resolution Rules (ADR), deletion of detailed ‘sunrise’ provisions, meaning the original start-up mechanisms for .eu which aimed to protect the interest of intellectual property rightsholders against speculation, as known as ‘cybersquatting’. These provisions have not been in operation since 2006.

5.3.    Relevance

The following section considers the relationship between the needs and problems in society and the objective of the intervention, and how these last ones correspond to the wider EU policy goals and priorities.

88% of those who responded to the stakeholder consultation, and 70% of responses to the registry questionnaire agreed that the objectives of the regulatory framework are still relevant in order to address today’s needs of EU citizens and businesses.

The .eu Regulations are highly detailed and in some cases restrictive. Reflecting practices in the domain name market at the time when the .eu Regulations were drafted (2002-2004), the details of the .eu Regulations are no longer in step with international best practices. For example:

-Art 3(2) of Regulation 733/2002 states that the Registry shall be a non-profit organisation. While many of the EU ccTLDs continue to be organised as non-profit organisations 94 , in recent years different business models have evolved, for example in the context of new gTLD registries, and the development of technical backend providers 95 .

At the same time:

-Neither of the .eu Regulations refers to ‘multi-stakeholderism', which has become the widely accepted form of good practice for internet governance 96

-Neither of the .eu Regulations mention cybersecurity or security, which has emerged as a major concern in recent years, reflected in the NIS Directive.

The absence of these matters in the .eu Regulations does not, of course, mean that the .eu TLD cannot support such objectives. However, a revision of the Regulations will give an opportunity to review coherence with current EU objectives and international best practices.

The .eu Regulations also contain detailed provisions covering matters that have long ceased to be relevant – for example:

·Start up provisions including sunrise period, selection of validation agents and sunrise dispute resolution are no longer relevant as they lay out rules for events which ended more than a decade ago. Examples include Art 6(1), Art 7, the entirety of Chapter IV (Arts 10-14) of 874/2004.

·Provisions relating to the death or winding up of a domain name holder (Art 19, 874/2004) are no longer relevant, as such situations are adequately dealt with by international and domestic law.

Eligibility criteria – creating restrictions on those eligible to register in a TLD – were reasonably commonplace in the early years of the commercial domain name market within the .eu. However, the market changed considerably since then. In the year that the .eu TLD was launched, the OECD noted 97 a trend towards ‘liberalisation’ of the ccTLD namespace. In this context, liberalisation means the elimination of rules seeking to restrict those eligible to register in a particular TLD.

The purpose of eligibility criteria is to reduce speculation, cybersquatting, or domain name disputes between intellectual property holders and domain name users. However, in practice, the real reduction was in overall registrations, leading to a loss of market share. Such restrictions are also easy to circumvent through the use of proxies, ie. a person or organisation who does not comply with the relevant restrictions arranges for registration of a domain name through a third party proxy.

Some of the larger ccTLDs, such as Nominet, have for at least 20 years been fully open to any customer on a first-come, first-served basis. As domain name dispute resolution processes such as ICANN’s UDRP 98 and the .eu ADR 99 came into being, much of the market adopted fully open, first-come, first-served registration policies confident that disputes could be managed after the fact, rather than in advance. Registries that have eliminated eligibility criteria experienced rapid growth in domain name registrations afterwards, for example Afnic (France) 100 and Red.es (Spain) 101 . The .eu Regulations contain so-called ‘eligibility criteria’, which determine who has the right to register domain names in .eu. The .eu Regulations require all .eu registrants to be based in the EU. The inclusion of eligibility criteria of .eu is out of step with market practices within the EU ccTLDs, and this is a particular concern given increased competition in the market.

Feedback from the 43 responses in the stakeholder questionnaire was mixed: offering both strong support for retaining eligibility criteria and several responses suggesting relaxing the eligibility criteria. The preferred option from the stakeholder survey was to open up registrations to EU citizens regardless of whether or not they are resident in the EU or in EEA. In contrast, 80% of respondents in the registry questionnaire favoured no restriction (anyone in the world can register).

5.4.    Coherence

This section considers both ‘internal’ coherence, meaning an assessment of how different components of the interventions operate together to achieve given objectives, and ‘external’ coherence with other interventions at EU, Member State or international level.

Coherence with EU values and objectives

The original objectives behind the .eu Regulations included the enhancement of e-commerce and the internal market.

Since the .eu Regulations were enacted, there have been significant developments in EU objectives and legislation relating to the digital environment, including the recognition of the risks posed by cybercrime and poor standards of cybersecurity in eroding trust (eg the NIS Directive 2016 102 ), and development of a Digital Single Market 103 strategy, including a focus on start-ups 104 .

Nevertheless, there is some evidence that the .eu TLD is associated with the values of the European Union. For example, in the stakeholder questionnaire, 70% of respondents indicated that a .eu extension significantly or moderately affects their trust in a website, and 60% replied that they would rather buy from a .eu website compared with websites with other country codes. Comments to the questionnaire suggest that respondents associate the .eu extension with an expectation that ‘EU privacy and consumer protection laws’ will apply, or that the website operator has a ‘more international’ outlook. Market research conducted by the .eu Registry in 2015 amongst 4,900 respondents across 27 countries indicated strong associations with the terms ‘European’, ‘Official website of the EU institutions’, ‘International’, ‘Trustful’ and ‘Innovative’ 105 . Qualitative evidence from customer testimonials indicate that the intervention remains coherent with EU values and goals such as the Digital Single Market, ‘.eu is a way for us to show that we are part of a larger whole, a larger collaboration’ (Foodtours.eu) 106 , ‘Our goal is to not only promote tourism in Croatia, but also to encourage young people to travel across Europe.’ (HelloCroatia.eu).

There is a link between the .eu TLD and the goal of enhancing EU identity, although this is not mentioned in the .eu Regulations. One of EURid’s marketing strapline includes ‘your European identity’.

Coherence with obligations on linguistic diversity

Article 6(2) of 874/2004 imposes an obligation on the registry to translate certain communications in all official EU languages. The Commission itself no longer produces translations in Maltese and Gaelic for many documents. This obligation is therefore no longer coherent with Commission practice, and presents a cost 107 and operational burden for the .eu registry which other competitors do not have.

Coherence with regulatory frameworks for ccTLDs in other EU countries

The regulatory framework for the .eu TLD, deriving its authority from primary legislation and establishing a close regulatory relationship between the registry and regulator, is not the norm across the EU. Most EU member states have not adopted regulatory frameworks in relation to their ccTLD, which find their formal operational basis in ICANN-related soft legal tools 108 . For example, from the registry survey undertaken in line with the Better Regulation guidelines, of 10 registries who responded to the question ‘does your registry have a similar regulatory framework to the .eu TLD?’ 70% answered ‘no’.

While the .eu’s regulatory position represents a particular case compared to its ccTLD counterparts in the EU, such an arrangement is not out of step. Over the past decade, some Member State governments have passed domestic legislation covering aspects of their ccTLD’s governance (eg UK) 109 , or undertaken a re-bid of their ccTLD (France) 110 . Others are operated from within the public sector (eg Spain). Respondents to the registry survey were evenly split as to whether they considered any benefit in having a legal / regulatory framework behind a ccTLD.

Coherence with international obligations – internet governance

Since the .eu Regulations were introduced, international thinking in relation to internet governance has advanced and converged into support for multi-stakeholder processes. For example the European Commission 111 , OECD 112 , Net Mundial 113 and the ICANN IANA transition 114 all support multi-stakeholderism 115 as the most effective form of internet governance. Recital (9) of Regulation 877/2002 refers to principles of ‘non-interference, self-management and self-regulation,’ but neither regulation refers to multi-stakeholder governance. This alone would not justify a revision of the .eu Regulations, but there is an opportunity to review whether a mention would be appropriate should the .eu Regulations be amended.

While the current registry operator, EURid, is active in the field of internet governance, there is no obligation for it do so in the .eu Regulations [although there are obligations in the private service concession contract.] In the registry questionnaire, 70% of respondents said that a registry should be involved in Internet governance activities significantly (60%) or moderately (10%). While one commentator noted that there was not much 'added value in continuing [internet governance] talks, others highlighted clear benefits such as the commitment 'to an open, secure and single internet’, or guaranteeing ‘participation and effective contribution of all stakeholders’.

With regard to the .eu TLD’s own policies, these are set out in the .eu Regulation 874/2004 (the Public Policy Rules). The .eu Registry will usually consult with its Registrar Advisory Board 116 on operational and contractual changes with the supply chain, but this falls short of the multi-stakeholder ideal which incorporates government, private sector, and civil society on an equal footing. Responses to the stakeholder questionnaire were most in favour of published policies and procedures developed by the .eu registry operator through a multi-stakeholder process and approved by the European Commission 117 . This suggests that some individuals expect multi-stakeholder processes to be established at the level of the .eu TLD, not just at international levels. The current .eu Regulations are not coherent with such an aim.

Registry structure – coherence with market norms

Article 3(2) of Regulation 733/2002 states that the Registry shall be a non-profit organisation, formed in accordance with the law of a Member State and having its registered office, central administration and principal place of business within the Community. This is no longer coherent with changes in the international market and could restrict the choice available to the Commission on future rebids of the .eu registry.

Since the launch of the ICANN new gTLD programme in 2012, the registry market has seen an evolution through the availability of ‘packaged’ technical-backend registry functions – often (but not always) run on a for-profit basis by organisations having their principal place of business outside the Community. Analysis of the market-share of technical back-end providers in the new gTLD space indicates that more than 90% of the market is controlled by seven organisations (Neustar, CentralNIC, ZDNS, Rightside, Nominet, and Afilias, see figure below)

118

Prohibition on registry operating as a registrar – coherence with market practices

Art 3(4) of Regulation 733/2002 states that the .eu TLD Registry shall not act itself as Registrar. This is no longer coherent with market practice in the ICANN environment, where a prohibition on so-called vertical integration was lifted in 2010. There continue to be strong market and policy reasons for caution with regard to a registry acting also as registrar, given that registries are dependent on strong relationships with the registrar channel in order to achieve market success. Most registrars market several TLDs, and make their margins through value-add services such as hosting, websites and email services. Registries like EURid typically do not offer such value-add services, nor do they offer more than one TLD typically. Some of the registrars are large international corporations, with significant market power (eg GoDaddy, which manages more than 73 million domain names from many TLDs 119 ), and there is significant commercial risk for a registry entering into direct competition with its own marketing channel – particularly if this raises suspicions among registrars that the registry will seek to give itself preferential business terms. Such concerns are reduced in the context of a non-profit like EURid which has obligations to deal with all registrars on the equal terms. The current prohibition also prevents the .eu registry from stepping in to provide access to .eu TLD in underserved markets such as Bulgaria, Romania, Lithuania, Latvia, Finland, and Malta. It also subjects the .eu registry to a restriction which places it at a potential disadvantage in comparison with its competitors. In any event, having such a provision at the level of primary legislation might be unduly restrictive and out of step with current industry practices, placing the .eu TLD at a disadvantage in the market.

5.5.     EU Added value

Necessity of EU action

The .eu domain has by definition a cross-border dimension: it is the TLD of the European Union and is a symbol of the European online identity. The existence of a specific domain name for the European Union under a very clear and identifiable common label is an important and valuable building block for the European online identity.

The action of the .eu TLD cannot be sufficiently achieved by the Member States and can therefore, by reason of the scale and effects of the action, be better achieved at EU level.

The .eu TLD was established as a country code TLD (ccTLD) such as .de, .be or .uk, rather than as a generic TLD (.com, .berlin). This has important consequences in that ccTLD policies (regarding for instance rules for registration, accreditation of registrars, security related policies and data protection policies) are managed according to the relevant jurisdiction, oversight and governance mechanisms within the country/public administration, with no role for ICANN 120 . The ultimate public policy authority for a national ccTLD Registry rests with the relevant government or public authority. Accordingly, regarding the .eu domain name, public policy responsibility rests with the European Union.

Its regulation is therefore within EU competence and cannot be delegated to the Member States. This does not affect how each Member State manages its own ccTLD.

Added value of EU action

·The .eu is regulated at EU level because of its very nature. The existence of the .eu domain is highly symbolic and reflects the existence of a European online community (of citizens, institutions and businesses) who wishes to be clearly identified as such. The .eu TLD gives users wishing to operate across the Single Market a specific European connotation which is recognised globally 121 .

·A regulatory framework at EU level for the .eu is useful in order to continue providing for and expanding a domain name space on the internet under the .eu TLD, in which relevant EU law, data and consumer protection rules are applicable.

·Regulatory action taken at Member States level would not be able to deliver on the general objective standing behind the creation and management of a trusted and innovative namespace for the EU, to promote the European Union's image on the internet and bringing an added value in terms of increased choice for users, in addition to the national ccTLDs.

·Moreover, the .eu TLD gives the EU a "seat at the table" in international and multistakeholder discussions around the domain name system and rules regarding ccTLDs on the global internet 122 .

·

6.    Conclusions

The original .eu Regulations were pivotal in enabling the creation of a dedicated namespace for the European Union. The .eu TLD, first launched in 2006 in accordance with the .eu Regulations, is a success. Despite being a late-comer 123 to the European TLD market, the .eu Registry has managed to establish a healthy market share throughout the EU and EEA, building excellent relationships with its channel to market of 700 registrars. Its rate of renewal and growth are in line with industry trends in the EU.

The .eu Registry operates its own technical and operational systems, following industry best practices for resilience and cybersecurity, for instance by adopting the DNSSEC protocol enhancing the security of the Domain Name System. It supports all 24 official languages of the EU and has been a tireless advocate for online linguistic diversity through internationalised domain names 124 , distinguished by accents or diacritics, and in scripts other than Latin. The Commission monitors adherence to the .eu Regulations, by means of a service concession contract with the .eu Registry. Regular reports are delivered to the European Parliament and Council.

The operation of the .eu TLD is self-funded, and results in the .eu Registry’s surplus being paid over to the EU budget each year. In addition to the €6 m direct contribution to the European Union budget, the .eu Registry undertakes numerous public benefit activities which might otherwise have to be funded by the EU taxpayer. For example, the sponsoring of the European dialogue on Internet Governance (EuroDIG) 125 , or the launch of the .eu Web awards 126 .

In conducting this evaluation of the .eu regulatory intervention, the Commission consulted with relevant stakeholders. Efforts were made to bring the survey to the attention of stakeholders, including through news releases and Twitter. The number of responses to the stakeholder survey was low, reflecting the technical subject-matter, a low level of public awareness of the detail of the .eu Regulations. The stakeholder survey was supplemented with a survey of European ccTLD registries, written contributions from a number of stakeholders, and proactive 1:1 consultations by the Commission with key stakeholders including the current .eu Registry.

The .eu Regulations have been efficient in making .eu domains widely available throughout the EU, at a low cost for the consumers 127 , providing an identifiable link between the TLD and the European Union. However, their rigid requirements are causing inefficiencies which place the .eu TLD at a competitive disadvantage in the market, reducing the possible benefits in terms of supporting ecommerce or the single market.

While the .eu Regulations have been effective in supporting ecommerce and the internal market with the .eu TLD being particular appealing for business use 128 , there are starting to be early signs of relative decline in the .eu TLD’s performance. Growth of the .eu TLD has slowed down since 2012, and there have been two consecutive years of negative growth since 2015.

Over the years, it has become apparent that the .eu Regulations reflect the domain name market as it was in 2002-2004, and are no longer effective, efficient, or coherent in today’s fast-changing technological market environment. With detailed provisions, which are time-consuming and costly to change, the .eu TLD is unable to implement operational or technical changes as swiftly as the market demands and as its competitors are able to. Cumbersome administrative provisions have an adverse impact on the online presence of EU institutions especially in terms of reputation 129 .

The objectives of the .eu Regulations continue to be relevant to EU citizens, as indicated in the registry and stakeholder survey responses, and the a high level of uptake, active usage, and renewal of .eu domains by business and institutions throughout the EU. However, the .eu Regulations are now no longer in step with international best practices. The rules for registration (‘eligibility criteria’) restrict the availability of .eu domains to registrants located in the EU and EEA. The majority of registrars in the survey were in favour of elimination of all restrictions; feedback from the stakeholder survey was mixed.

The regulatory framework for the .eu TLD is no longer coherent with its objectives. Most ccTLDs within the EU are not subject to the same regulatory burdens as the .eu TLD, which risks placing the .eu Registry at a competitive disadvantage amid toughening market conditions.

There is evidence that the .eu TLD creates associations in the minds of consumers with the values of the European Union. However, the .eu Regulations predate and therefore do not reference subsequent EU strategies and legislation which could not have been foreseen when the .eu Regulations were first developed, such as the Digital Single Market, and in particular its focus on start-ups and the NIS Directive. While these issues are not sufficient to merit revision of the .eu Regulations in and of themselves, there may be an opportunity to bring the .eu Regulations more into line with current strategies should the decision be made to amend them.

Neither the .eu Regulations nor the operation of the .eu Registry are coherent with international best practices in relation to internet governance, which favours a multi-stakeholder approach rather than governmental regulation. Other inconsistencies include the .eu Regulations stipulation on a certain type of structure for the .eu Registry operator, which would exclude from future bids some of the leading players in the market, and a prohibition on so-called ‘vertical integration’ (i.e. registry acting as registrar) which does not affect the .eu TLD’s competitors.

As a namespace for the European Union, the .eu TLD is a particular example of EU added value. The principle of subsidiarity is respected, as the .eu TLD belongs to the European Union 130 and hence has to be organised at the level of the Union rather than any Member State(s). Representing an online identity for EU citizens, the .eu TLD is therefore within EU competence and cannot be delegated to Member States. Fulfilment of EU goals and objectives, such as smooth implementation of the Digital Single Market, necessitate the maintenance of a trusted .eu namespace. Coordinated action at the EU level can ensure a higher level of security and adherence to EU values than would be the case at Member State level.

In conclusion, the overall objectives behind the original intervention remain relevant – the .eu domain has become established as a contributor to e-commerce and the single market. Meanwhile, the external environment has changed: any technological industry is fast moving and to survive, market players need to be flexible and responsive. The market is still feeling the impact of a market shock from the introduction of new gTLDs, combined with slowing rates of growth across the domain market in the EU. These factors are causing an evolution in the business models of registries and practices. To fulfil its potential as a trusted, innovative namespace for the European Union, the .eu TLD should be enabled to compete on an equal footing in the market, while supporting governance and operations that adhere to the highest standards, EU rules and values and international best practices.

Annex I: Evaluation Questions

List of evaluation questions used to assess the relevance, effectiveness, efficiency, coherence, and added value of current regulatory framework for the .eu.

RELEVANCE:

·Are the current objectives of the regulatory framework for the .eu still relevant to address today's needs of EU citizens and businesses? Do such objectives meet with the EU wider EU policy goals and priorities?

EFFECTIVENESS:

·How successful has the EU intervention been in achieving or progressing in establishing the .eu TLD?

·How effective were the .eu regulations in supporting the objectives laid down by art. 114 of TFEU [functioning of the internal market]?

·How successful has were the .eu regulations in making .eu TLD a 'key building block for e-commerce in Europe?

EFFICIENCY:

·To what extent the .eu TLD promoted cross-border access to the online market place, a secure and reliable e-commerce in the EU, and a clearly identifiable digital identity for citizens and businesses in the EU?

COHERENCE:

·To what extent is the .eu regulatory framework coherent with global domain name industry best practices and public polices set for other European country code Top Level Domains (such as .be, .es, etc.)?

·To what extent is the .eu regulatory framework coherent with today's EU policy goals and priorities?

EU ADDED VALUE

·Did the .eu regulations provide an added value in building a stronger digital identity for people and organisations in the EU?

Glossary

(1)

Commission Regulation (EC) No 1654/2005 of 10th October 2005 (OJ L 266, 11.10.2005, p. 35), Commission Regulation (EC) No 1255/2007 of 25th October 2007 (OJ L 282 26.10.2007, p. 16), Commission Regulation (EC) No 560/2009 of 26th June (OJ L 166, 27.6.2009, p. 3), Commission Regulation (EU) No 516/2015 of 26th March 2015 (OJ L 82, 27.03.2015, p.14).

(2)

ITU stats, https://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2017.pdf

(3)

For example, see recital 2 to the Directive (EU) 2016/1148 on security of network and information systems, “The magnitude, frequency and impact of security incidents are increasing, and represent a major threat to the functioning of network and information systems. Those systems may also become a target for deliberate harmful actions intended to damage or interrupt the operation of the systems. Such incidents can impede the pursuit of economic activities, generate substantial financial losses, undermine user confidence and cause major damage to the economy of the Union.”

(4)

  https://ec.europa.eu/commission/work-programme-2017_en  

(5)

 Communication from the Commission to the European Parliament and the Council - Internet domain name system - creating the .EU top level domain - /* COM/2000/0421 final *.

(6)

See Introduction section above for further details.

(7)

 Ibid.

(8)

  http://europa.eu/rapid/press-release_MEMO-05-457_en.htm?locale=en

(9)

For a brief explanation and examples of the terms ccTLD and gTLD, see glossary.

(10)

Regulation (EC) No 733/2002.

(11)

  https://ec.europa.eu/info/better-regulation-guidelines-and-toolbox_en  

(12)

 Communication from the Commission to the European Parliament and the Council - Internet domain name system - creating the .EU top level domain - /* COM/2000/0421 final *.

(13)

The Internet Assigned Numbers Authority (IANA) is the entity responsible, under ICANN, of the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. Today, the mentioned tasks are transferred to ICANN's entity Public Technical Identifiers (PTI) https://pti.icann.org/ . For further details on delegation of the .eu TLD in the DNS root zone, see IANA report https://www.iana.org/reports/2005/eu-report-05aug2005.pdf

(14)

The Internet Corporation for Assigned Names and Numbers (ICANN) is a nonprofit organisation responsible for coordinating the maintenance and procedures of several databases related to the namespaces of the Internet, ensuring the network's stable and secure operation. https://www.icann.org  

(15)

Recital 10, Regulation (EC) No 733/2002.

(16)

Commission Decision on the designation of the “.eu” TLD Registry, OJ L 128 of 24.5.2003, p. 29

(17)

Call for expressions of interest for the selection of the .eu TLD Registry (2002/C 208/08), OJ C 208 of 3.9.2002, p. 6.

(18)

See paragraph 3.1, Communication from the Commission to the European Parliament and the Council - Report on the implementation, functioning and effectiveness of the “.eu” TLD, 2007, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52007DC0385

(19)

European Commission Implementing Decision of 11th April 2014 on the designation of the .eu Top Level Domain Registry, published in the Official Journal (L109/41) on 12th April 2014.

(20)

See below section "Monitoring of the .eu TLD by the Commission"

(21)

For further information, see list of CENTR members https://www.centr.org/about/members.html  

(22)

 Source, EURid Quarterly Reports, Q3 2017, https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf  

(23)

CENTR is the association of European country code top-level domain name registries.

(24)

Registries exceptional initiatives shine at 2017 CENTR awards https://centr.org/news/news/registries-exceptional-initiatives-shine-at-2017-centr-awards.html  

(25)

  https://www.centr.org/events/centr-awards.html  

(26)

EURid Quarterly Report, Q3 2017, https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf  

(27)

Narrative excludes non-EU ccTLDs .cn and .ru. https://eurid.eu/media/filer_public/51/43/51430f6b-1bb7-45ed-b995-c6cd462b1056/quarterly_report_q2_2017.pdf  

(28)

Verisign Domain Name Industry Brief, https://www.verisign.com/assets/domain-name-report-Q22017.pdf  

(29)

For more detail on EURid’s infrastructure and services, see https://eurid.eu/en/about-us/eu-infrastructure-and-services/  

(30)

EURid annual report, 2016 https://eurid.eu/media/filer_public/61/6a/616a9b08-13ca-4379-8e11-0a3580201bb5/annual_report_2016.pdf  

(31)

See ‘Nameservers’ at https://eurid.eu/en/about-us/eu-infrastructure-and-services/  

(32)

 For more details see http://www.yadifa.eu/  

(33)

 See for example ‘.eu passes disaster tests’, 2011 https://news.cision.com/eu-and-eurid/r/eu-passes-disaster-tests,c9143517 , and 2015 https://eurid.eu/en/news/bcp-test-successfully-completed/  

(34)

The ISO/IEC 27000 family of standards helps organizations keep information assets secure.

(35)

 See IDNs State of Play, 2011, section 4.4 “.eu and IDNs” https://eurid.eu/media/filer_public/f8/14/f814332f-b03d-4fa0-9c09-86f426de4550/insights_idns.pdf

(36)

See https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf  

(37)

For more information about the IDN ccTLD Fast Track process, see https://www.icann.org/resources/pages/fast-track-2012-02-25-en  

(38)

See ICANN ‘IDN ccTLD request from the European Commission successfully passes string similarity evaluation’, 2 December 2015, https://www.icann.org/news/announcement-2015-12-02-en  

(39)

 See България вече има своя домейн на кирилица .ею at https://eurid.eu/en/news/blgariia-veche-ima-svoia-domein-na-kirilitsa-eiu/  

(40)

 For example, EURid’s Giovanni Seppia was a member of the ICANN IDN ccPDP Working Group, from 2012-2013; see final report https://ccnso.icann.org/sites/default/files/filefield_37897/idn-ccpdp-final-29mar13-en.pdf ,

(41)

  http://idnworldreport.eu/ , and see archives at http://idnworldreport.eu/previous-years/  

(42)

 See WS19: Enhancing linguistic and cultural diversity in cyberspace (IGF 2016) https://igf2016.intgovforum.org/ ; WS11 Languages on the move: deploying multilingualism in the net (IGF 2014) http://www.intgovforum.org/cms/wks2014/index.php/proposal/view_public/11 ; WS88 Building bridges to online multilingualism (IGF 2013) http://www.intgovforum.org/cms/categoryblog/121-preparatory-process-42721/1428--ws-88-building-bridges-to-online-multilingualism ; sessions at the 2012 and 2011 IGF.

(43)

 Language access to the internet, 10 January 2018 https://www.eifonline.org/events/840-language-access-to-the-internet.html  

(44)

Article 8, .eu Regulation 733/2002. The 2015 Commission report can be found at https://ec.europa.eu/transparency/regdoc/rep/1/2015/EN/1-2015-680-EN-F1-1.PDF  

(45)

This relates to phased registration mechanisms designed for the initiation of .eu operations in 2006. Such mechanisms aimed to protect the interest of intellectual property rightsholders against speculation, as known as ‘cybersquatting’. These provisions have not been in operation since 2006.

(46)

Article 12(5) .eu Regulation 874/2004.

(47)

  https://eurid.eu/en/about-us/publications/quarterly-report-archive/  

(48)

  https://ec.europa.eu/digital-single-market/en/news/public-consultation-evaluation-and-revision-eu-top-level-domain-regulations  

(49)

  https://ec.europa.eu/info/consultations/public-consultation-fintech-more-competitive-and-innovative-european-financial-sector_en?field_consultation_status_value=All&field_core_policy_areas_target_id_selective=All&page=6  

(50)

  https://ec.europa.eu/digital-single-market/en/news/commission-launches-public-consultation-review-rules-eu-top-level-domain  

(51)

  https://twitter.com/eu_commission/status/862982286433812480 received 55 retweets and 43 likes.

(52)

See for example https://dig.watch/events/european-commission-public-consultation-evaluation-and-revision-eu-top-level-domain , https://www.mtitc.government.bg/en/category/1/european-commission-has-opened-public-consultation-evaluation-and-revision-eu-top-level-domain-tld-regulations  

(53)

  https://ec.europa.eu/info/consultations/public-consultation-evaluation-and-revision-eu-top-level-domain-regulations_en  

(54)

Official Journal 096 E, 27/03/2001 P. 0333 – 0335.

(55)

Source, EURid annual report 2016 https://eurid.eu/media/filer_public/61/6a/616a9b08-13ca-4379-8e11-0a3580201bb5/annual_report_2016.pdf  

(56)

Source: CENTR Domain Wire, 2017/2, ‘Median growth’ chart, page 5 https://www.centr.org/statistics-centr/quarterly-reports.html#  

(57)

 ibid, p2 (Top 10 Largest TLDs).

(58)

See CENTR’s open stats tool, gTLD stats, market overview https://stats.centr.org/gtlds  

(59)

 See ntldstats.com for .xyz (August 2017) https://ntldstats.com/tld/xyz  

(60)

Note that few registries publish their renewal rates, and variations exist to the methodologies used to calculate renewal rates owing to different operational practices. Comparisons in this section are offered for information, but do not have a high degree of confidence.

(61)

Source OnlineDomain.com, 29 April 2017, Versign ends 1st Quarter of 2017 with 143.6 million .com and .net domain names. https://onlinedomain.com/2017/04/29/domain-name-news/verisign-ends-1st-quarter-2017-143-6-million-com-net-domain-names/  

(62)

Figures obtained direct from CENTR.

(63)

Domain Incite, Four in 10 new gTLDs are shrinking 18 September 2017 http://domainincite.com/22111-four-in-10-new-gtlds-are-shrinking  

(64)

See ‘baseline’ above.

(65)

See ‘Website usage grends among top-level domains 2014 https://eurid.eu/media/filer_public/03/2c/032cbaa0-b61f-4bc9-87a4 188a256d6a35/websiteusagetrends2014_eurid.pdf , and 2011 https://eurid.eu/media/filer_public/7b/93/7b93d320-99c7-45e3-ae77-d7418fb73691/insights_cat_nov2011.pdf  

(66)

A holding page is the term used in the internet industry for a ‘coming soon’, ‘under construction’ websites. The domain name resolves to a single page website which contains a message saying that the full website will be coming soon, or is under construction.

(67)

‘pay per click’ is an internet advertising model, used to direct internet traffic to websites on which an advertiser pays the website owner a fee each time an advertisement is clicked by an internet user.

(68)

EURid 2015 .eu awareness study https://eurid.eu/media/filer_public/0a/19/0a1926a8-63d1-49c1-8543-21aaf06d9358/eurid_awareness_survey_2015.pdf

(69)

See ‘Share your story’ http://ambitionhasanaddress.eurid.eu/en/  

(70)

See appointed dates for directors from company search http://kbopub.economie.fgov.be/kbopub/toonondernemingps.html?ondernemingsnummer=864240405 three of five were appointed on 29 February 2004, and one other individual was appointed 2009.

(71)

 See https://www.eurodig.org/index.php?id=663  

(72)

See http://archive.icann.org/en/meetings/brussels2010/  

(73)

 See ‘Going green’, EURid https://eurid.eu/en/going-green/  

(74)

See ‘EURid’s Environmental Statement, 2015-2017, https://eurid.eu/media/filer_public/d6/f9/d6f96d27-bcf4-4d8e-8a7e-911a883a75d9/env-decl-en-validated-2017.pdf  

(75)

 See ‘Another reforestation project undertaken by EURid’ https://eurid.eu/en/news/another-reforestation-project-undertaken-by-eurid/  

(76)

See http://webawards.eurid.eu/  

(77)

 See https://ccnso.icann.org/en/workinggroups/sopiwg.htm  

(78)

  http://www.eurojust.europa.eu/press/Documents/Operation%20Avalanche%20infographic.pdf  

(79)

See https://eurid.eu/mt/bar/eurid-holds-internet-governance-seminar-at-the-college-of-europe/  

(80)

 See https://eurid.eu/fr/actualites/eurid-holds-internet-law-and-governance-course-in-pisa/  

(81)

 See https://eurid.eu/pt/noticias/internet-governance-course/  

(82)

 See https://www.europol.europa.eu/newsroom/news/europol-enhances-cybercrime-and-internet-security-cooperation-signing-mou-eurid  

(83)

 See EUROPOL (1 December 2016): ‘Avalanche’ network dismantled in international cyber operation https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation  

(84)

See EURid quarterly report, Q3, 2017, https://eurid.eu/media/filer_public/62/aa/62aa8f63-e0ff-42c9-9fdf-b50e2c45601f/quarterly_report_q3_2017.pdf  

(85)

See, https://eurid.eu/fr/actualites/eurid-signs-mou-with-unesco/  

(86)

Since January 2013, in order to remain in line with its contractual obligation to work at cost, the .eu Registry changed the renewal and term extension fee of a domain name from €4 to €3.75. At the same time, to be more competitive in the dynamic TLD market, EURid launched the Customised Reduction Schemes for its registrars, which allow reduced new registration fees according to the registrar’s sales volumes. As of January 2017, the basic fee for a new domain name for those registrars subscribing to the CRS is €1.75. The aforementioned price is the price the .eu registry sells to registrars. The price the end users get depends then on the registrars and the additional services they provide the domain name with. It could vary from 0.99 EUR (special registrar promotions) up to 100 or 200 EUR if the domain is bought with content management, security features, many email addresses.

(87)

EURid Financial Report H2 2016.

(88)

Average total cost in legislative financial files.

(89)

2 x (50% x 143.000) + 1 x (5% x 143.000) = 143.000 + 7.150 = 150.150 €.

(90)

The technical standards for internationalised domain names were updated (IDNA 2008) to support a small number of characters within the domain name system. Of the four characters implemented by the standard, only two are relevant to European languages, namely the German sharp ‘s’ (ß), and the Greek terminating sigma (ς). For guidance on the IDNA 2008 standard, see http://unicode.org/reports/tr46/#IDNA2008-Section  

(91)

For a more in-depth explanation of homoglyph bundling and an example of a homograph attack see https://eurid.eu/en/other-infomation/faq/technical-and-privacy-enquiries/what-is-homoglyph-bundling-does-eurid-offer-it/ and https://www.theregister.co.uk/2017/04/18/homograph_attack_again/  

(92)

Recurrence at the Commission's discretion.

(93)

This list of reserved names by the EU Institutions is kept, managed and implemented both by the Registry Operator and the EU Commission's DG COMP.

(94)

Some a non-profit private sector organisations (DENIC, Nominet), some are non-profit Foundations (SIDN, DNSBE), others are operated from government (REDES, FICORA, NASK).

(95)

See nTLDStats, https://ntldstats.com/backend which indicates that more than 90% of the new gTLD registrations are provided by just seven backend providers: Neustar, CentralNic, ZDNS, Rightside, Nominet, Afilias and ARI.

(96)

See references under ‘Coherence’ below.

(97)

Evolution in the management of country code Top-level domain names, OECD, 2016 https://www.oecd.org/sti/ieconomy/37730629.pdf  

(98)

  https://www.icann.org/resources/pages/policy-2012-02-25-en  

(99)

  https://eu.adr.eu/  

(100)

  https://www.afnic.fr/en/about-afnic/news/general-news/2724/show/evolution-of-the-fr-and-re-registration-rules-and-procedures-on-march-30th-2009.html  

(101)

Spain liberalised its ccTLD .es at the end of 2004 and saw growth of 250% in 2005 (OECD, 2016).

(102)

  https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive  

(103)

  https://ec.europa.eu/digital-single-market/en/policies/shaping-digital-single-market  

(104)

  https://ec.europa.eu/digital-single-market/en/policies/startup-europe  

(105)

 See https://eurid.eu/media/filer_public/0a/19/0a1926a8-63d1-49c1-8543-21aaf06d9358/eurid_awareness_survey_2015.pdf  

(106)

See “Success stories” at https://eurid.eu/en/register-a-eu-domain/#nav_register_domain  

(107)

Total Marketing & Communications costs, including translations, in 2016 amounted to EUR2.742.089, Eurid Financial Report H2 2016.

(108)

Contracts, MOUs, and accountability frameworks. For more detailed information, https://archive.icann.org/meetings/losangeles2014/en/schedule/wed-ccnso-members/presentation-cctlds-national-legislation-15oct14-en.pdf .

(109)

 Digital Economy Act 2010, sections 19-21 ‘Powers in relation to internet domain registries’ https://www.legislation.gov.uk/ukpga/2010/24/crossheading/powers-in-relation-to-internet-domain-registries , passed following corporate governance concerns relating to the UK registry during 2008-2010.

(110)

AFNIC awarded .fr management after competitive tender, A ministerial order from Ministry of Industrial Affairs, February 2010 https://www.afnic.fr/en/about-afnic/news/general-news/2782/show/afnic-awarded-fr-management-after-competitive-tender.html  

(111)

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS Internet Policy and Governance Europe's role in shaping the future of Internet Governance (2014)   http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52014DC0072

(112)

OECD Council Recommendation on Principles for Internet Policy Making, 2011 https://www.oecd.org/internet/ieconomy/49258588.pdf

(113)

Net Mundial Multistakeholder Statement, 2014 http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf

(114)

See https://www.icann.org/news/announcement-2016-10-01-en

(115)

For further details, see https://www.diplomacy.edu/IGFLanguage/multistakeholderism  

(116)

See EURid Registrar Advisory Board established, Domainpulse, October 2008, http://www.domainpulse.com/2008/10/07/eurid-registrar-advisory-board-established/

(117)

Source: stakeholder questionnaire, 2017, see Annex 2.

(118)

Source nTLD Stats https://ntldstats.com/backend .

(119)

 See https://uk.godaddy.com/ “We’re the world’s leading domain registrar, with 17 million happy customers and 73 million domains under management; we know how to set you up for success online.”

(120)

  https://www.icann.org/resources/pages/cctld-2012-02-25-en  

(121)

There are over 200 testimonial videos published on EURid YouTube channel highlighting the transnational added value for users opting for a .eu TLD: https://www.youtube.com/user/Europeanregistry  

(122)

The European Commission is a full Member of the Governmental Advisory Committee (GAC) of ICANN, along with all EU Member States. The GAC provides public policy advice to ICANN, in charge of policy-making in the DNS space. As a GAC Member, the European Commission has the objective to avoid inconsistencies with the EU acquis, as well as to ensure the security, stability, resilience and reliability of networks and information systems.

(123)

The .eu entered the market in 2006, much later than the years of the rapid growth in European domain name registrations of the early 2000s. Coming after the first wave of ccTLDs and gTLDs (such as .de, .fr, .uk and .com), the .eu TLD had to make space for itself in markets that had already become established.

(124)

The .eu Registry first launched IDNs at the second level (see diagram) in 2009, to support domain names in Latin, Latin extended, Greek, Greek extended, Cyrillic and Cyrillic extended scripts.

(125)

 See https://www.eurodig.org/index.php?id=663  

(126)

See http://webawards.eurid.eu/  

(127)

Since January 2013, the renewal and term extension fee of a domain is available at €3.75. While, the basic fee for a new domain name for those registrars subscribing to the CRS is €1.75. The aforementioned price is the price the .eu registry sells to registrars. The price the end users get depends then on the registrars and the additional services they provide the domain name with.

(128)

See above, Section 5.1.

(129)

See above, Section 5.2, Inflexible administrative provisions.

(130)

As per Article 7, Regulation 733/2002.