52011DC0616

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

on the implementation, functioning and effectiveness of the .eu Top Level Domain

(Text with EEA relevance)

BACKGROUND

In April 2011, the .eu Top Level Domain (TLD) celebrated its fifth anniversary. During those five years the .eu TLD became the 9th largest TLD and the 5th largest country code TLD in the world. With more than 3.3 million registrations, the .eu TLD has become a valued option for Europeans when choosing a domain name for their Internet presence.

This Report to the European Parliament and the Council concerns the implementation, effectiveness and functioning of the .eu TLD over the past two years. In line with Article 8 of Regulation (EC) No 733/2002 on the implementation of the .eu Top Level Domain, the Commission is required to submit a report to the European Parliament and the Council one year after the adoption of the Regulation and then every two years.

This Report follows on from the Reports of 2007[1] and 2009[2], and covers developments of the .eu TLD from 1 April 2009 to 31 March 2011. It focuses, among other things, on the introduction of Internationalised Domain Names.

The .eu legal framework and basic principle

The .eu TLD was established by the following legal acts:

- Regulation (EC) No 733/2002 of the European Parliament and of the Council of 22 April 2002 on the implementation of the .eu Top Level Domain (as amended)[3] (the Framework Regulation );

- Commission Regulation (EC) No 874/2004 of 28 April 2004 laying down public policy rules concerning the implementation and functions of the .eu TLD and the principles governing registration (as amended)[4] (the PPR Regulation ).

In the reported period, Commission Regulation (EC) No 874/2004 was amended in order to introduce the Internationalised Domain Names (IDNs) under the .eu TLD. The amending Regulation (EC) No 560/2009 was adopted on 26 June 2009[5].

The Registry selected by the Commission[6], EURid (European Registry for Internet Domains), is responsible for the organisation, administration and management of the .eu TLD. It is an independent organisation that takes all necessary decisions autonomously, in line with the Framework Regulation[7]. The Commission supervises the Registry’s work without getting involved in its daily operations. This model of separation of duties satisfies the principles of non-interference, self-management and self-regulation, which underlie the Internet[8].

Introduction of Internationalised Domain Names (IDN S)

IDNs under the .eu Top Level Domain

The legal framework for the .eu TLD provides that the Registry must register domain names in all the alphabetic characters of the official languages of the EU (composed of Latin, Cyrillic and Greek scripts) when adequate international standards become available[9].

Initially, domain names could only contain characters from a limited character set based on the English alphabet (usually a-z, 0-9 and ‘-’). This did not allow for the registration of domain names containing special Latin characters in some EU languages or in non-Latin scripts (Bulgarian Cyrillic and Greek/Cypriot alphabets).

To address this problem, the international Internet community has been working for several years to develop International Domain Names (IDN), which allow the use of a much larger range of special characters and non-Latin script characters (for example, characters with diacritics such as ‘é’, ‘ö’, ‘ç’ or ‘č’ and most non-Latin scripts).

On 26 June 2009, the Commission adopted Regulation (EC) No 560/2009 amending Regulation (EC) No 874/2004 in view of the introduction of IDNs for the .eu TLD[10].

On 10 December 2009, EURid began the registration of IDNs. Since then domain names have been available in all 23 official languages of the European Union up to the final dot of any .eu address (i.e. in Latin, Cyrillic and Greek alphabets).

The introduction of IDNs attracted much attention from the very start. In the first hour of its launch, 38 172 IDNs were registered under the .eu TLD. At the end of March 2011, there were 56 961 domain names registered using IDNs.

IDNs at the .eu Top Level Domain

The introduction of IDNs at the top level, i.e. on the right-hand side of the last dot of a domain name, is a matter that falls within the competence of ICANN[11]. On 16 November 2009, ICANN launched the IDN country code TLD Fast Track Process[12] to facilitate the introduction of Internet Top Level Domain extensions representing country codes (e.g. .gr, .bg, .eu) using non-Latin characters (e.g. Cyrillic, Greek, Arabic and Chinese characters). The process entails three steps: (i) the registry of a country applies to operate an IDN ‘string’ (the given version of its country code (cc) TLD in another script), together with the support of the Internet community on its territory (‘community support’) and the reason for its choice (‘meaningfulness’ criterion); (ii) the requested string is then evaluated by ICANN who passes it on to an independent committee to check for possible conflict with existing TLD strings (‘confusability’ criterion); (iii) once approved, the new string is allocated to the Registry (‘delegation’).

In December 2010, ICANN received a total of 35 requests from 22 countries. To date, Russian, Chinese and Arabic scripts have been introduced at the top level of their respective country codes (. РФ for Russia, .مصر for Egypt, .لسعودية for Saudi Arabia, etc.).

EURid submitted an application to ICANN to open registration for the Cyrillic and Greek versions of the .eu TLD on 5 May 2010. Its application was based on submissions to the Commission from Cyprus, Greece and Bulgaria[13] of their preferred versions of the .eu suffix (.ευ in Greek and .ею in Cyrillic respectively).

ICANN acknowledged the fulfilment of the first two criteria (community support and meaningfulness) at the meeting in Singapore and confirmed in a letter to the Commission. The third stage of ICANN's review — review of the requested strings for ‘confusability’- is still pending.

REGISTRATION AND USE OF THE .EU DOMAIN NAMES

In the reporting period the .eu TLD continued to grow steadily, in line with the other European country code TLDs (+6 % in 2010 and +5 % in 2009). There were 3.4 million registrations, making the domain the ninth largest TLD in the world and Europe’s fourth most popular ccTLD. This demonstrates that the .eu TLD offers a valuable and tangible tool for companies, NGOs and individuals wishing to express their European identity online.

In Europe, only three ccTLDs remain in a stronger position in terms of number of registrations: .de (Germany), .uk ( UK) and .nl (the Netherlands). Globally, only four generic TLDs (.com, .net, .org and .info) and one ccTLD (.cn for China) have more registrations. The largest markets for .eu domains are Germany with 31 %, the Netherlands (13 %), the United Kingdom (10 %), France (9 %) and Poland (6 %).

After an initial period of rapid growth, the Registry has reached a plateau. The macro-objective of the Registry is to become the number 3 domain in the EU countries and to consolidate positioning in these areas where it is already number 2 or 3. Given the historical trend and the current market situation, EURid’s goal is to maintain a steady growth rate in registrations of around 5-8 % per year. The Registry established a set of marketing and communication goals to achieve these objectives (e.g. to build on a single message: .eu shows that you are European , to introduce of multiyear registrations, to further develop customer service).

FUNCTIONING OF THE REGISTRY

The Registry

EURid was appointed by the Commission as the .eu Registry in 2003[14] following a call for expressions of interest[15].

On 12 October 2004, the Commission and EURid concluded a Service Concession Contract for an initial term of five years with the possibility of renewal[16]. In 2009 the Service Concession Contract was extended until 12 October 2014[17].

EURid is a Europe-wide non-profit organisation with its head office in Diegem (Belgium) and regional offices in Stockholm, Prague and Pisa. It comprises three founding members: DNS Belgium (the .be registry), Istituto di Informatica e Telematica (the .it registry), Stiftelsen för Internetinfrastruktur (the .se registry) and four associate members: ARNES (the .si registry), CZ.NIC (the .cz registry), ISOC-ECC (the European Chapters Coordinating Council of the Internet Society) and Businesseurope (a confederation of 39 industry-related federations from 33 countries). The main servers are located in Belgium (Brussels) and in The Netherlands (Amsterdam).

Relations with registrars

By law, the .eu Registry itself does not act as Registrar[18]. A priority for EURid is to continue to provide quality service to approximately 1 000 accredited registrars. EURid evaluates .eu customer satisfaction on a regular basis. According to the latest Registrar satisfaction survey for the .eu domain carried out in Q4 2010, 34 % of those surveyed gave it the top rating for reliability. This is an increase of 4 % on 2009. 45 % of respondents considered it to be a good investment. 82 % believe that the .eu domain lends added value to small to medium-sized businesses. On average, 62 % would recommend the .eu TLD to consumers. EURid operates a round-the-clock support service for its registrar community. Registrars, especially overseas registrars, appreciate the service which, in the past year, has improved significantly in terms of responsiveness, quality of customer service and ease of contact with on-call EURid staff.

Financial situation

The financial situation of the .eu Registry remained stable in the reporting period.

The financial strength of the Registry is a key element in ensuring credibility of the .eu domain. The Commission closely scrutinises the financial situation of the Registry in line with the provisions of the legal framework and the Service Concession Contract. The Registry is an external organisation whose decisions are autonomous. Complete, on-the-spot accounting reviews are performed by an independent financial auditor. The supervisory role of the Commission is exercised by means of various tools including reviews of the auditors’ remarks, quarterly and annual financial reports, quarterly progress reports, budget proposals, and strategy and marketing plans. Financial matters are regularly discussed with the Registry at quarterly meetings and service-level meetings.

At the start of the .eu TLD operations, revenues generated by the large number of domain registrations were significantly higher than the costs of the Registry. The consequent annual surpluses were transferred to the EU budget. In order to limit the surpluses and recognise the declining costs incurred per domain name due to the increasing volume of registration, the Registry has gradually reduced the registration fees for registrars to EURid from € 10 to the current € 4 per domain name.

The key financial aspects of the Registry remained stable in 2009 and 2010. Both the revenues and costs of the Registry have been around € 12 million for both years. Consequently, the net financial result has been more balanced than in previous years with the surplus of € 1.2 million transferred to the EU budget in 2009. Preliminary figures for 2010 suggest that the surplus will be € 400 000.

Changes in the budgeted and actual costs of the Registry were closely scrutinised by the Commission, in particular costs relating to marketing (€ 2.5 million in 2009 and € 3.2 million in 2010) and human resources (€ 3.7 million in 2009 and € 4.3 million in 2010). The increase in costs was justified by the need for enhanced quality of service. Examples include deployment of DNSSEC (Domain Name System Security Extensions), expansion on mirror sites and the introduction of IDNs.

The Registry maintains four types of financial reserves: depreciation, investments, social liabilities and legal liabilities. Over the reporting period, the total level of reserves remained stable: € 6 million in 2009 and € 5.5 million in 2010. At the end of 2010 this total was divided between the reserve for depreciation (€ 1.6 million), the reserve for investments (€ 0.8 million), the reserve for social liabilities (€ 2.3 million) and the reserve for legal liabilities (€ 0.8 million).

Business continuity and resilience

Business continuity

As required by the Service Concession Contract, the Registry operates in line with a Business Continuity Plan, which covers the Registry’s core functions, related risks and countermeasures.

On 25 April 2009, EURid conducted a test of its systems as part of its business continuity plan by simulating a disaster and monitoring the recovery. The test was audited by a third party (PricewaterhouseCoopers). The results of the test, along with responses from the domain community, have shown that EURid met the high standards required in this area[19]. The second exercise to test business continuity was planned for 2010 but had to be postponed due to a delay in the mirror site[20] transfer from Prague to Amsterdam. The exercise is now scheduled for Q3 of 2011.

EURid also signed an agreement for Domain Name System anycasting of the .eu TLD with Netnod (August 2010). Anycasting is an Internet routing methodology that enables an online service to be available from many different locations around the world, using the same IP address. By signing the agreement, the robustness and resilience of the .eu name server infrastructure was improved and the domain resolution response time was shortened.

Security

In September 2010, EURid completed the implementation of the Domain Name Security Extensions (DNSSEC) protocol for the .eu TLD. The DNSSEC is a protocol to verify the authenticity of the display name server responses (websites) up to the Internet root zone in what is called a ‘chain of trust’[21]. DNSSEC is designed to protect the Internet users from forged DNS data. DNSSEC can only reach its full potential if all the zones in the hierarchical DNS tree are signed. EURid is simplifying the process of signing a .eu domain name by introducing a signing service. It organises training seminars[22] for .eu registrars to encourage them to promote DNSSEC to their customers, who in turn disseminate the protocol to the Internet players (ISPs, webmasters, etc.).

Phishing and other malicious activities

The Registry has been applying measures to counter phishing and other types of malicious online behaviour[23] on a daily basis. Domain names in particular are checked against compliance with the eligibility criteria[24] and new registrations are screened for suspicious patterns or other anomalies on a daily basis.

Also on a daily basis, the Registry is informed of suspected or proven misconduct by private security organisations or by public authorities[25].

As a result, a suspicious domain name may be withdrawn. In the reporting period the number of suspicious domain names withdrawn decreased dramatically: from 81 in January 2010 to 2 in January 2011 and 0 in March 2011[26].

The profile of a .eu user

Consumers register the .eu domain for many purposes (business, social activities, presence of institutions on the Internet, etc.). An analysis[27] prepared by EURid on the usage of websites with the .eu TLD shows that around 36.3 % are business-related. When comparing with the main generic TLD (gTLD) strings (‘.com’, ‘.net’, ‘.org’, ‘.info’, ‘.biz’, ‘.mobi’ and ‘.pro’), the .eu TLD stands out in terms of usage for business purposes (27.3 %).

However, when looking at e-commerce websites (based on the pay-per-click model[28]), the .eu TLD displays only 14.5 % of websites in contrast with the gTLDs, which range from 22 % to 29 %.

Legal proceedings and disputes concerning domain names

Cases before the General Court and the Court of Justice of the European Union

In the past two years the European courts have ruled in two cases concerning .eu usage. In both cases the rulings were in line with the pleas submitted by the Commission.

In the first case of 15 December 2009 — Inet Hellas T-107/06 — the Court reaffirmed the separation of functions between the Commission and the Registry regarding the registration of domain names under the .eu TLD. The Court stated that the Commission's letter to the applicant, explaining that the Commission could not act as an appeal body with regard to the decision of the independent .eu Registry, did not contain any decision that could be challenged in the Court, and dismissed the complaint as inadmissible.

In the second case of 3 June 2010 — Oberster Gerichtshof C-569/08 — the Court analysed the conditions enabling the revocation of a domain name registered on speculative or abusive grounds. The Court ruled that the list of ‘bad faith’ circumstances in Article 21(3) of Commission Regulation (EC) No 874/2004 is not exhaustive, and explained the circumstances to be considered when establishing ‘bad faith’.

Alternative Dispute Resolution procedure

Any disputes between the .eu domain names' holders or claims against decisions of the .eu Registry, can be submitted to the Alternative Dispute Resolution (ADR) provider[29] — the Prague-based Arbitration Court (Czech Arbitration Court or CAC)[30].

The ADR procedure applies without prejudice to any court proceeding. Complaints can be submitted online in any of the 23 official languages of the EU.

Complaints are mostly initiated against the .eu domain name holders. This is because any party may initiate ADR proceedings against the domain name holder and claim that the registration is speculative or abusive under Article 21 of Commission Regulation No 874/2004.

During the past two years, an average of 13 cases has been filed per quarter[31]. In the majority of cases published by CAC in the period Q2 2009 to Q4 2010, the panel decided to transfer the domain name to the complainant[32]. On average, CAC panels take a decision in ADR proceedings within 4 months following receipt of the complaint. If a decision is rendered in favour of the complainant, the disputed .eu domain name is usually transferred to the latter within about 30 days following the panel decision, after the expiry of the right of appeal by the losing party.

The fees for ADR proceedings are based on the cost recovery principle[33]. ADR fees, which originally started at € 1990, have been reduced several times since 2006 and currently start at € 1 300. This is comparable with the fees charged by similar arbitration bodies, despite the fact the latter do not produce translations of the complaints.

In the current system, individuals and small and medium-size enterprises in the EU do not take full advantage of the ADR mechanism given its high entry cost. An audit performed in June 2011, at the request of EURid, made a number of recommendations on ways to improve this[34]. One recommendation is to consider an accelerated process (‘domain name suspension mechanism’) for holders of prior rights who want to act swiftly against clearly abusive domain name registrations, e.g. when inappropriate content or counterfeit products are offered via the domain name registrant’s website. This would be applicable by default to any response from the respondent. Therefore, the decision to revoke or transfer abusively held domain names could be taken without needing to convene a panel. This would reduce the costs of the proceedings.

Another recommendation by the auditors is for the .eu Registry (EURid) to become financially involved in ADR proceedings by refunding the winning party the ADR fees. These recommendations are being analysed by EURid and the Commission, who will look into ways to improve accessibility to ADR, in particular for SMEs and individuals.

Court proceedings

In the reporting period EURid has been a party in two major court cases — Ovidio [35] and Zheng [36]. These proceedings concerned the legitimacy of EURid's actions to combat warehousing and cyber-squatting practices.

In the Ovidio case, the Appeal Court in Brussels accepted EURid's plea and discharged it from paying the penalties previously laid down in two payment orders. These had been issued against EURid in response to its actions to combat warehousing practices (July 2009).

In the Zheng case, the Brussels Court of First Instance agreed with EURid about the legality of its actions to combat cyber-squatting practices. This judgment helps EURid in its efforts to fight phishing and other malicious activities[37] (September 2009).

Conclusions

The .eu TLD model has been successfully implemented and is operating effectively.

Over the past two years the .eu TLD strengthened its position among the biggest and most popular Top Level Domains in Europe and in the world. It remains successful despite the continued growth of the 27 national country-code TLDs in the Member States and the availability of generic TLDs such as .com and .org.

By 2009 the .eu Registry had introduced IDNs under the .eu TLD to allow for the registration of .eu domain names at the second level in the Cyrillic and the Greek alphabets. Consequently, since 2009 the domain names registered under the .eu TLD have been available in all 23 official languages of the European Union (and their respective scripts).

However, one and a half years after EURid’s application, ICANN has not yet completed the fast track procedure, allowing for the introduction of IDNs at the top .eu level (.ευ in Greek and .ею in Bulgarian). The Commission has urged ICANN to complete its examination by the end of 2011 at the latest. It has made it clear that the future rules establishing a ‘permanent’ IDN application procedure should be designed in such a way as to avoid any undue delays. This is one of the public policy issues that the Commission will continue to raise in the Governmental Advisory Committee which provides advice to ICANN.

In 2010 the .eu Registry upgraded its technical systems, fully implementing the DNSSEC ‘chain of trust’ for the domain names registered under the .eu TLD.

The financial situation of the Registry remained stable in 2009 and 2010.

The ADR system provided by the Czech Arbitration Court allows for the protection of the rights of registrants in all 23 EU languages. The Commission monitors the actual use of the system. Following recommendations by auditors, the Commission, together with EURid, will examine solutions to ensure better accessibility of the ADR to individuals and SMEs who have reasons to believe their .eu names have been improperly registered by third parties.

In the years to come the Registry should work on strengthening and developing the perception of the .eu TLD among different target groups, in order to expand its penetration in the European domain name market and to reinforce public awareness of the TLD. The stability and security of the associated TLD services must be ensured in accordance with the best standards in the field. Given the dynamic nature of the TLD environment, the Registry should continue to maintain and expand its dialogue and exchanges with the European and international Internet community. The Commission will continue to cooperate closely with the Registry as set out in the terms of the legal framework.

ANNEXES

ANNEX 1: World's top ten TLDs at 31 December 2010

[pic]Source: EURid’s quarterly progress report, 4th quarter 2010

ANNEX 2: Overview of the decisions taken by the Czech Arbitration Court in .eu cases

Decision | #No | % |

Complaints Denied | 82 | 16,53% |

Domain Names Transferred | 360 | 72,58% |

Domain Names Revoked | 40 | 8,06% |

Settlements | 13 | 2,62% |

Court Decisions | 1 | 0,20% |

Total | 496 | 100,00% |

ANNEX 3: Total number of .eu domain names by country of registrant

[pic][pic]

Source: EURid’s quarterly progress reports.

ANNEX 4: Popularity of .eu at 31 December 2010

[pic][pic]

Source: EURid’s quarterly progress report, 4th quarter 2010.

[1] COM(2007) 385 final, Communication from the Commission to the European Parliament and the Council — Report on the implementation, functioning and effectiveness of the ".eu" TLD (6 July 2007).

[2] COM(2009) 303 final, Report from the Commission to the European Parliament and the Council on the implementation, functioning and effectiveness of the ‘.eu’ TLD (26 June 2009).

[3] Regulation (EC) No 1137/2008 of the European Parliament and of the Council of 22 October 2008 adapting a number of instruments subject to the procedure laid down in Article 251 of the Treaty to Council Decision 1999/468/EC with regard to the regulatory procedure with scrutiny — Adaptation to the regulatory procedure with scrutiny — Part One (OJ L 311, 21.11.2008, p. 1).

[4] Commission Regulation (EC) No 1654/2005 of 10 October 2005 (OJ L 266, 11.10.2005, p. 35) and Commission Regulation (EC) No 1255/2007 of 25 October 2007 (OJ L 282 26.10.2007, p. 16).

[5] Commission Regulation (EC) No 560/2009 of 26 June amending Regulation (EC) No 874/2004 (OJ L 166, 27.6.2009, p. 3).

[6] Commission Decision of 21 May 2003 on the designation of the .eu Top Level Domain Registry.

[7] See recital 12, Articles 2(a), 3(1)(c), 3(2) of Regulation (EC) No 733/2002.

[8] See recital 9 of Regulation (EC) No 733/2002.

[9] Under Arti.6 of Regulation (EC) No 874/2004 ‘the Registry shall perform the registration of domain names in all the alphabetic characters of the official languages when adequate international standards become available’.

[10] The amendment was due to inform the public of the introduction of IDNs and update the list of names in the Annex to the Regulation.

[11] ICANN (Internet Corporation for Assigned Names and Numbers) is a non-profit, private-sector corporation For more information see: http://www.icann.org/.

[12] For more information on The Fast Track Process see: http://www.icann.org/en/topics/idn/fast-track/.

[13] Cyprus and Greece - October 2008, Bulgaria - February 2009.

[14] See footnote 6.

[15] See recital 13, Article 3(1)(b) of Regulation (EC) No 733/2002.

[16] See recital 12, Article 3(1)(c) of Regulation (EC) No 733/2002. Under Article I.2 of the Service Concession Contract between EURid and the Commission ‘The contract is concluded for an initial period of five years [..] [and] may be extended for another five years by both contracting parties in the form of a supplementary contract’.

[17] On 12 December 2008, the Commission and EURid signed a supplementary contract renewing the initial contract for another five years. The supplementary contract came into force on 12 October 2009.

[18] See Article 3(4) of Regulation (EC) No 733/2002, and recitals 2, 3, 4 and Article 4 of Regulation (EC) 874/2004.

[19] The registration services were migrated from the main .eu site to a mirror site in less than three hours..All functioning .eu websites continued to be available and accessible during the entire test period.

[20] A mirror site provides a copy of the main site to allow for the multiplication of the sources of the same information.

[21] A chai[pic]HI™š³´¿J M o r |§¬ÐØìíö÷ý

hÙMíhvA4]?mHnHu[pic]hhttp://www.eurid.eu/en/about/facts-figures/reports.

[22] ‘What is in a domain-name extension’ — a study categorising websites (June 2010). EUrid set up a test lab where evaluators visually assessed a random sample of websites found under each extension. In addition, statistical methods were applied to estimate the error margin and automated scanning was used to verify some of the numbers. In total, around 5 000 domain names were assessed for each of the selected TLDs. For more information see: http://www.eurid.eu/files/eu_insights_2.pdf.

[23] Pay-per-click is a site containing mainly advertising links.

[24] See Article 4(2)(d) of Regulation (EC) No 733/2002 and recital 15, Articles 22 and 23 of Commission Regulation 874/2004.

[25] Memorandum of Understanding (2005) between EURid and the Czech Arbitration Court attached to the Economic Chamber of the Czech Republic and the Agricultural Chamber of the Czech Republic.

[26] In the reference period, the number of cases was as follows (per quarter): 11 in Q2 2009, 11 in Q3 2009, 14 in Q4 2009, 15 in Q1 2010, 14 in Q2 2010, 11 in Q3 2010, 18 in Q4 2010, 12 in Q1 2011. The number of ADR cases initiated before the CAC has declined significantly since 2006 from approximately 200 cases per quarter to the current level.

[27] For more specific information see Annex 2.

[28] See Article 4(2)(d) of Regulation (EC) 733/2002.

[29] The audit is not publicly available yet.

[30] Ovidio v EURID judgment, Brussels Appeal Court, 8 July 2009.

[31] EURID v Zheng Qingying judgment, Brussels Court of First Instance, 10 September 2009.

[32] For more information on phishing and similar activities see point 5.4.3 above.