Hi Chris, unfortunately, "Identification criteria" is the only guideline bullet point on that web page which is missing a hyperlink, and google throws up nothing interesting on the ENISA web site. It seems that information on this is in short supply Nick
Chris Buckridge <mailto:chrisb@ripe.net> 6 November 2018 at 13:13
Hi Nick,
From our conversation with the Dutch competent authority it wasn’t clear, but we aren’t aware of any specific Dutch requirements.
Earlier on, however, ENISA published a number of guidelines and requirements that member states can use in evaluating operators and services against the NIS Directive requirements - these are published here: https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-...
Also, there was a presentation by the Dutch National Cyber Security Centre during RIPE 74, in which they explained a bit more about the purpose and objectives of the directive and their views of what would be considered essential services. A recording and the slides are available from https://ripe74.ripe.net/archives/video/135/
Cheers Chris
Chris Buckridge <mailto:chrisb@ripe.net> 6 November 2018 at 04:45 Hi Matt, all,
Jumping into the discussion here, but I can hopefully shed some light in response to your questions:
On 5 Nov 2018, at 20:55, Mat Ford <ford@isoc.org> wrote:
Thanks Mirjam. I posted a comment on the website, but I guess it might make more sense to share my reaction here:
Is the RIPE NCC response to the Dutch regulator regarding the definition of an essential service operator public? At this point, the communication with the Dutch regulator has been of an informal nature. We plan to communicate more explicitly to the community when the official decision regarding Dutch essential services is made public. However, the key points in our communication have centred around the fact that a single root server operator, due to the distributed nature of the DNS, should not be considered an Operator of Essential Services under the NIS Directive.
Also, you say, "Data collection restrictions that could hinder the development of AI and the IoT." I think a lot of European citizens would prefer that the development of AI and IoT not be at the expense of their personal data becoming a private economic resource. Why does the RIPE NCC believe that, "the new ePrivacy text ... takes a restrictive approach to metadata and content data processing, to the point that the current provisions would have a negative impact on the development of things like AI, IoT and big data business.” To be clear, the RIPE NCC does not take a position on whether such regulations are good or bad - our goal is to raise awareness with our community and membership of measures that could affect their operations. We believe (based on our discussions with our contacts and consulting agency in Brussels) that the current proposals would have an impact on development in these spaces, but as you note, this may well be in line with the broader preferences of the community. The key point for us is that our community (members of which are involved in the development of IoT and big data applications) be aware of this potential impact.
Cheers Chris
—— Chris Buckridge External Relations Manager RIPE NCC
Regards, Mat
On 5 Nov 2018, at 22:56, Mirjam Kuehne <mir@ripe.net> wrote:
Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect...
Kind regards, Mirjam Kühne RIPE NCC
Mat Ford <mailto:ford@isoc.org> 5 November 2018 at 16:55 Thanks Mirjam. I posted a comment on the website, but I guess it might make more sense to share my reaction here:
Is the RIPE NCC response to the Dutch regulator regarding the definition of an essential service operator public?
Also, you say, "Data collection restrictions that could hinder the development of AI and the IoT." I think a lot of European citizens would prefer that the development of AI and IoT not be at the expense of their personal data becoming a private economic resource. Why does the RIPE NCC believe that, "the new ePrivacy text ... takes a restrictive approach to metadata and content data processing, to the point that the current provisions would have a negative impact on the development of things like AI, IoT and big data business.”
Regards, Mat
Mirjam Kuehne <mailto:mir@ripe.net> 5 November 2018 at 15:56 Dear colleagues,
In recent years, there’s been a trend towards increased EU regulation with the potential to impact more actors across the Internet landscape. Here, we give a brief overview of the most pertinent policies currently being proposed, debated and implemented in the European Union:
https://labs.ripe.net/Members/suzanne_taylor_muzzin/how-eu-regulation-affect...
Kind regards, Mirjam Kühne RIPE NCC
------------------------------------------------------------------------