IE Domain Registry t/a .IE Annual Report 2021

Policy Advisory Committee (PAC) During 2021, the substantive work of the Policy Advisory Committee focused on understanding the implications of the Article 23 proposals within the NIS2 Directive and also on the formulation of a policy response to handling technical abuse or criminal abuse (illegality) which uses the .ie domain name system. It is important for Ireland to have this multi-stakeholder industry advisory body. The Policy Advisory Committee follows a 10-step framework known as the .ie Policy Development Process (PDP). The PDP is designed to be bottom-up and consensus-driven. Further information is included on the .IE website www.weare.ie/policy- development-process and in the Policy Development section within this report. EU Regulatory impact intensifying Concerned by the level of cyber threats, EU regulatory response has intensified and continues to reach into the domain market, beyond data privacy into cybersecurity. Cyber threats continue to grow in frequency and amplitude. The SolarWinds hack of 2020 was a major shock as it impacted over 30,000 organisations’ systems infrastructures and is widely attributed to state intelligence services. Abuses using the domain name system (DNS) are relatively few, yet they continue to grow along with virus and ransomware. During 2020/21 Covid-19 has accelerated the adoption of digital services by citizens, government and corporates. All businesses are increasingly dependent on third party services - from major cloud providers, through the ecosystem of Software as a Service (SaaS) and managed service providers, to a new world of data and analytics service providers. Already, GDPR was introduced in 2018, which had a significant regulatory impact on the domain industry, particularly on the nature and extent of the data allowed to be disclosed by the WHOIS lookup service for domains. In 2019, Ireland transposed the EU Directive on the Security of Network and Information Systems (NIS), which led to the designation of Member State’s ccTLDs as operators of essential services (OES). In December 2020, a proposed extension to the Directive (NIS2) was published by the EC, to address perceived weaknesses in the original Directive, and DNS providers are now to be included. It is clear that .IE will need to allocate increased resources and attention to manage the disruption and cost impact of a rapidly expanding regulatory regime. Outlook for 2022 Nationally, new registration growth slowed in 2022, as society, business and public services opened-up when Covid-related restrictions were lifted overnight on 22 January 2022. The outcome for the first half of 2022 is 25,539 new .ie domains registered, down by 24.5% compared to the same period in 2021 (33,815 domains). This moderation in .ie domain growth by mid-2022 is replicated in many ccTLDs across Europe. The future growth is uncertain in this regard. The work of the .IE Policy Advisory Committee is continuing into 2022 in response to developments impacting ccTLD registries, in particular EU cybersecurity initiatives NIS2 and regulations impacting the Digital Single Market and Resilience of Critical Entities Directive (CER). As we implement our Strategy 2024, I look forward to working with our Board of Directors and thank the members and the Board sub-committees for their ongoing support and expertise. Our dedicated staff at .IE deserve huge credit and respect for their outstanding contribution to the continued growth of the .ie namespace, the development of our policies and services and of paramount importance, the protection of our mission- critical systems and the DNS. It is a pleasure to work with such a dedicated team of talented professionals. Together, we will ensure that .IE becomes the trusted standard bearer in terms of online DNS security, standards and innovation thereby evolving in our vital role in Ireland’s digital journey. David Curtin Chief Executive 29 July 2022 Chief Executive's Report IE Domain Registry CLG t/a .IE / Annual Report & Review 2021 8