Opportunities, Potentials and Challenges: We Have the Future in Mind
Security and regulation on the one hand, sustainable developments at DENIC on the other hand — that's what the participants discussed on 20 September at Members@DENIC in Frankfurt.
The central topic was the Network and Information Security Directive, NIS2, but the agenda also featured other legal regulations with implications for the domain industry and DENIC as a critical infrastructure operator, as well as the omnipresent AI.
Assuming responsibility for the Internet of today and tomorrow, that is DENIC's motto. This includes being well prepared for new legal requirements and develop compliance concepts in good time.
Thomas Keller opened the member meeting giving a survey of the results the NIS2 Working Group established by DENIC had compiled. The group's task had been to find a good solution for DENIC and its members how to handle "domain name registration data" in a NIS-compliant way.
Apparently, the verification of the domain data as required by the NIS2 Directive was one of the hottest issues in this context. Which data exactly is verified? Who is responsible for the verification? Which procedure will be used? And why is there no uniform solution across Europe? These are only some of the questions asked by the DENIC members.
Thomas Keller allowed all the time needed to discuss the members' concerns and explained that DENIC was currently pursuing a model procedure, which however, had not yet been defined to the last detail. Especially in view of the fact that further adjustments and amendments to the legal provisions are to be expected, DENIC had chosen a scalable approach, and thus is well able to react flexibly to potential changes.
The verification will be performed in accordance with the legal requirements, and the related responsibility rests with the member, learned the audience. Principally, any verification procedure permitted by law can be applied, however the final decision remains to be discussed between DENIC and its members. A cross-European solution, which would make work considerably easier for registrars with a variety of European ccTLDs in their portfolio, presents a challenge due to the different national regulations in the European countries.
The obligations and requirements pursuant to the NIS2 Directive go hand in hand with the requirements DENIC must meet in its role as an operator of a critical infrastructure in the categories of authoritative name servers and Top Level Domain registry. DENIC's Head of Information Security Daniel Kremer described DENIC's way of coping with these duties and what the registry and its members have to expect from upcoming regulations in this context.
The new definition of KRITIS within the scope of the German NIS 2 Implementation and Cybersecurity Strengthening Act (abbreviated NIS2UmsuCG in German) considerably extends the current regulations of KRITIS and will feature a multi-class system of operators with different obligation levels.
Thomas Keller firmly pointed out that the vast majority of the DENIC members would be included in the largely extended group of affected companies. Simply closing one's eyes was no option. DENIC would be ready to help if desired.
Was there any benefit DENIC had gained from being KRITIS, the attendants wanted to know. Daniel Kremer confirmed that it had further enhanced DENIC's awareness of security risks and, in particular, had led to further optimising attack detection at the registry. However, DENIC had been well prepared from the very beginning with the processes and procedures that had already been in place.
Other Legislative Initiatives
Sabrina Heber, Public Policy Manager at DENIC, gave an overview about other upcoming laws and regulations that may have an impact on the work of the domain industry. These included the Cyber Resilience Act, which stipulates cybersecurity requirements for and of products with digital elements, or the Digital Services Act, which does not only cover protection of fundamental rights but also contains provisions for online services as intermediaries.
At the end of her presentation, she introduced the IGF-D, the national initiative of the Internet Governance Forums (IGF) of the United Nations. In this forum, all the stakeholders involved – governments, the private sector and civil society, including the technical community and academia – discuss at national level and on an equal footing about how to "govern" the Internet. This year's IGF-D was held on 13 September in the German capital of Berlin. Recently, DENIC has taken on responsibility for the IGF-D Secretariat and thus is particularly committed to the IGF-D's work.
AI – Opinions from the DENIC Membership
The afternoon program started with a panel on artificial intelligence (AI). Moderated by Stefan Jakob from DENIC's Information Security Team, Mirco Pyrtek, Data Engineer Manager CentralNic at Key-Systems, domain trader Leo Kobes, Managing Director of Byte Media GmbH, and Martin Küchenthal, Managing Director of Lemarit, discussed the benefits and risks, in particular of ChatGPT, and shared their experiences.
The outcome: With professional prompts and a good amount of critical expertise AI may clearly facilitate and accelerate specific tasks and even foster creativity: Promising examples are a tool that proposed alternative domain names or a tool monitoring the use of brand names to avoid fraud.
A risk assessment regarding the use of AI as such and also the availability to the general public of fed-in data, however, should always be part of the process. The audience listened very attentively and expressed great interest in discussing the topic in greater detail on another occasion.
Future-Proof Technical Innovations
The latest developments at DENIC are traditionally a key item at the annual member meeting. What's happening at DENIC? Where are we actively involved? Next to the RRI in the DENIC Cloud, the new features of the dashboards for our members were a focal item of the presentation provided by manager Sascha Kämpf and Robin Gontermann. A quick opinion poll by show of hands revealed how greatly interested the members are in this offering, which enables them to keep an eye on their company's performance, to make comparisons with their peer group and to identify potential for improvement. Before the event came to a close, Jan Henzel of the RZ-Neo team briefly depicted DENIC's new logging tool for recording all requests reliably and without gaps.
After the vivid exchange this year, we are looking forward to the next meeting already now and thank all who have attended for their active participation.
For members of the DENIC Cooperative the presentations are available on our Member Website.