.IE Annual Report 2022

The Policy Advisory Committee The Policy Advisory Committee (PAC) was established by the Company in July 2014, to provide a forum to consider and provide advice to the .IE Board of Directors on policy change requests. The PAC operates under its specific Terms of Reference and follows the published 10-step Policy Development Process (PDP). The PAC considers all policy change-requests submitted for review, and where consensus is reached for a change, it also advises on the implementation of such policy change-requests. The members of the PAC are stakeholders with an interest in the .ie namespace and its policies. The membership includes representatives from eligible organisations. That list was extended in 2019, with the welcome addition of CyberSafeKids and IRISS (the Irish Reporting and Information Security Service), who joined the .ie accredited Registrars, the Department of Communications (DECC), Enterprise Ireland, the Small Firms Association (SFA), the Law Society, the Internet Service Providers Association of Ireland (ISPAI), the Department of Enterprise (DETE), the Irish Computer Society (ICS) and the Association of Patent and Trademark Attorneys (APTMA). Discussions with regulatory bodies or public consultations take place when these are considered useful by the PAC working group which is considering the topic. The Committee convened on four occasions in 2022, using a mix of Zoom and in-person attendance options. The PAC has maintained the strong levels of meeting attendance and engagement evident since its inaugural meeting in 2015. This has been vital to the progression of the various policy change discussions, as has the diverse expertise, experience and knowledge of the Committee members. The commitment of the PAC in adhering to the bottom-up, consensus-driven, multi stakeholder-led PDP has been invaluable in the progression of the policy changes. Entering its ninth year of operation, the PAC expects to continue to build on the achievements and milestones of previous years. Major developments in 2022 In May 2022, the Registry confirmed that an agreement was reached with the Garda National Cyber Crime Bureau (GNCCB) on a protocol for the GNCCB to request the suspension of .ie domains involved in criminal or illegal activity (such as financial scams, phishing websites, human trafficking, child abuse, etc.). This agreement was the direct result of discussions with stakeholders, including Registrars and hosting service providers, and analysis led by the PAC. This included considering alternative policy options, evaluating international initiatives, and engaging with An Garda Siochána on due process. The result was a Suspension Request Protocol agreement between the Registry and the GNCCB. Thankfully, these instances are very rare on .ie websites - and to date, this protocol has not been needed to be used by the GNCCB. On a broader scale, in 2022 there were significant developments impacting the regulatory environment for .IE. The most significant was undoubtedly the replacement of the Network and Information Security (NIS) Directive with NIS2. This NIS2 Directive strengthens and harmonises cybersecurity obligations across EU Member States, and was formally adopted in November 2022. It came into force in the early weeks of 2023, beginning a 21-month countdown for Member States to transpose its requirements into national law. NIS2 may introduce unprecedented regulatory burdens for small operators in the digital space. The Policy Advisory Committee has been closely following its progression, and is building awareness and advocating to insulate SMEs from adverse disruptive and costly effects of this well-intentioned legislation. Besides preparing for NIS2, the PAC also continued to lead important discussions that guide .IE’s approach to navigating legislation like the Digital Services Act, Critical Entities Resilience Directive, and Regulation on Geographical Indications for Craft and Industrial Products. “In the absence of any all-island Internet governance entity, the multi-stakeholder make-up of the Policy Advisory Committee allows it to develop bottom-up and consensus- driven policy recommendations.” Fergal O’Byrne, Chairman, .IE Policy Advisory Committee IIA Internet Hall of Fame Inductee 2015 Policy Development The Company mirrors the international multi-stakeholder philosophy and principles within its policy development structures and has adopted a bottom-up, consensus- driven, and consultative approach to all .ie namespace policy matters. Corporate Governance .IE is the trading name of IE Domain Registry CLG / Annual Report & Review 2022 14