The domain name system (DNS) is mostly known for associating names with IP addresses, as humans can more easily remember names than numbers.
Country code top-level domain (ccTLD) registries are responsible for managing country-specific domains such as .be for Belgium or .eu for the European Union. They are an authoritative database for all the domains in their zone.
Domain names are essential for establishing an online identity. They are also crucial when starting an online business connected to unique identifiers online, such as a brand and business identity. Before any associated service can be offered to an individual, like a website, application, or platform, businesses need to register a domain name.
When a user registers a domain in a European ccTLD zone, they are given control over their online identity and can choose what services to work with.
European ccTLDs are subject to national and European legal frameworks, such as GDPR, DSA and NIS 2, and operate with European values at the core, upholding the highest standards of data protection.
European ccTLDs are not interested in collecting any personal information beyond the sole purpose of registering a domain name. Even when EU legislation requires stringent identity verification procedures, ccTLDs work hard not to require users to submit any more information than is necessary, applying data minimisation principle.
While there are other ways for users to establish their online identity, for example by creating a page on social media, they are then tied to the terms of use of such platforms and left with doubts over their privacy. Choosing a European domain name is a safer choice for the end-user: their behavioural data will not be collected, and no vendor lock-in implemented.
Unlike with social media platforms, there is no risk of relying on a provider that can decide to drastically change or terminate the service altogether. At any moment, users can easily transfer their domains between different registrars, or sell their domain to third parties. Consequently, European domain names offer a valuable counterbalance to the prevalence of non-EU social media platforms.
However, the current EU regulatory scene makes registering a domain name increasingly more complicated, driving users and businesses to look for alternative means to establish their digital identity.
An example of this trend is the EU’s legislation on the protection of geographical indications (GIs), an intellectual property right (IPR) that is used to protect regional products with certain distinctive qualities.
The EU law assumes that IPR rightsholders have a privileged right for a corresponding domain name, not without concerns. There is a risk in equating protected IPR with domain names.
While both IPR and domain names need to be unique and distinctive, their unique qualities address different needs. The distinctiveness of a protected IPR, such as a trademark, can be described via its label, design, and attractiveness to consumers through the use of the IPR. Unlike IPR, domain names are unique technical resources. While there can be thousands of trademarks registered under one name, there is only domain name per TLD.
As a result, there are competing interests, equally valid and legitimate for the right to register a domain name. Neutrality for a limited technical resource like a domain name is solved by the ‘first-come, first-served’ principle.
Equating domain names with IPR arbitrarily intervenes with this foundational principle that serves the neutrality of a limited technical resource and complicates the access to domain names as digital identifiers.
To keep competitiveness of European domain space, EU policymakers must support the accessibility of European domains as safe and reliable choice to all end-users, without adding friction and making the process of domain name registration overly burdensome. Special attention should be given to drafting policies that do not lower data protection standards for domain name holders. In this regard, it will be crucial that EU member states address the implementation of the NIS2 Directive in full respect of the data minimisation principle, given the directive obliges ccTLD registries to verify identity of domain name holders, and as a result requires ccTLD registries to collect more personal data that is needed for the provision of a technical service.
It is proven that ccTLDs are responsible actors and consistently referred to as champions of trust and safety online: DNS abuse rates of European ccTLDs are the lowest in the world. Collaboration with authorities and mindful approach to insisting on respect for human rights is what makes ccTLDs a success story.
The role of ccTLDs is to maintain essential internet infrastructure as their primary service to society. The proliferation of legislative initiatives intervening with domain registration process has potential to undermine that essential role, as secondary targets, such as IPR protection and domain holders’ identity verification become more resource-intensive, without any evidence of an underlying problem within EU ccTLDs.
Therefore, EU policymakers should refrain from treating DNS as an intervention vector for the societal problems they are looking to address, to ensure that ccTLDs can continue to provide their essential service to users.
Polina Malaja is policy director at CENTR, the association of European country code top-level domain (ccTLD) registries, such as .de for Germany or .si for Slovenia.
Polina Malaja is policy director at CENTR, the association of European country code top-level domain (ccTLD) registries, such as .de for Germany or .si for Slovenia.