Regulation (EU) 2019/517 of the European Parliament and of the Council of 19 March 2019 on the implementation and functioning of the .eu top-level domain name and amending and repealing Regulation (EC) No 733/2002 and repealing Commission Regulation (EC) No 874/2004 (Text with EEA relevance.)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 172 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee (1),

After consulting the Committee of the Regions,

Acting in accordance with the ordinary legislative procedure (2),

Whereas:

(1) The .eu top-level domain (TLD) was established by Regulation (EC) No 733/2002 of the European Parliament and of the Council (3) and by Commission Regulation (EC) No 874/2004 (4). Since the adoption of those regulations, the political and legislative context in the Union, the online environment and the market have changed considerably.

(2) The rapid evolution of the TLD market and the dynamic digital landscape requires a future-proof and flexible regulatory environment. The .eu TLD is one of the largest country code TLDs (ccTLDs). The .eu TLD is used by the Union institutions, agencies and bodies, including for European projects and initiatives. The purpose of the .eu TLD is, through good management, to help enhance the Union identity and promote Union values online, such as multilingualism, respect for users' privacy and security and respect for human rights, as well as specific online priorities.

(3) TLDs are an essential component of the hierarchical structure of the domain name system (DNS) which ensure an interoperable system of unique identifiers, available throughout the world, on any application and any network.

(4) The .eu TLD should promote the use of, and access to, internet networks in accordance with Articles 170 and 171 TFEU by providing registration complementary to existing ccTLDs and to the global registration of generic TLDs.

(5) The .eu TLD, which is a clear and easily recognisable label, should provide a clearly identifiable link with the Union and the European market place. It should enable undertakings, organisations and natural persons within the Union to register a domain name under the .eu TLD. The existence of such a domain name is important to strengthen the Union's identity online. Regulation (EC) No 733/2002 should therefore be amended in order to allow Union citizens to register a .eu TLD name, regardless of their place of residence, from 19 October 2019.

(6) Domain names in the .eu TLD should be allocated to eligible parties, subject to availability.

(7) The Commission should promote cooperation between the Registry, the European Union Intellectual Property Office (EUIPO) and other Union agencies, with a view to combating the speculative and abusive registrations of domain names, including cybersquatting, and providing simple administrative procedures, in particular for small and medium-sized enterprises (SMEs).

(8) To ensure the better protection of the right of the parties to contract with, respectively, the Registry and Registrars, disputes with regard to the registration of domain names in the .eu TLD should be solved by bodies located in the Union applying the relevant national law, without prejudice to rights and obligations recognised by the Member States or by the Union arising from international instruments.

(9) The Commission should, on the basis of an open, transparent and non-discriminatory selection procedure, having regard to cost-efficiency and administrative simplicity, designate a Registry for the .eu TLD. In order to support the digital single market, to build an online European identity and to encourage cross-border online activities, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of the eligibility and selection criteria and the procedure for the designation of the Registry. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (5). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(10) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt the lists of reserved and blocked domain names by Member States, to establish the principles that are to be included in the contract between the Commission and the Registry and to designate the Registry on duly justified imperative grounds of urgency, in particular to ensure the continuity of the service. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (6). Such lists should be compiled subject to the domain names' availability taking into account domain names at second level already reserved or registered by the Member States.

(11) The Commission should enter into a contract with the designated Registry, which should include the detailed principles and procedures that apply to the Registry for the organisation, administration and management of the .eu TLD. The contract should be of a fixed duration and should be renewable once without the need for a new selection procedure.

(12) The principles and procedures relating to the functioning of the .eu TLD should be annexed to the contract between the Commission and the designated Registry.

(13) This Regulation is without prejudice to the application of the rules on competition provided for in Articles 101 and 102 TFEU.

(14) The Registry should comply with the principles of non-discrimination and transparency, and should implement measures to safeguard fair competition that are to be authorised in advance by the Commission, in particular when the Registry provides services to undertakings with whom it competes on downstream markets.

(15) The Internet Corporation for Assigned Names and Numbers (ICANN) is at present responsible for coordinating the delegation of codes representing ccTLD to Registries. The Registry should enter into an appropriate contract with ICANN that provides for the delegation of the .eu ccTLD code, taking account of the relevant principles adopted by the Governmental Advisory Committee (GAC).

(16) The Registry should enter into an appropriate escrow agreement to ensure continuity of service, and in particular to ensure that it is possible to continue to provide services to the local internet community with minimum disruption in the event of re-delegation or other unforeseen circumstances. The Registry should submit an electronic copy of the current content of the .eu TLD database to the escrow agent on a daily basis.

(17) The alternative dispute resolution (ADR) procedures to be adopted should comply with Directive 2013/11/EU of the European Parliament and of the Council (7) and take into account the international best practices in this area and in particular the relevant recommendations of the World Intellectual Property Organization, to ensure that speculative and abusive registrations are avoided as far as possible. Those ADR procedures should respect uniform procedural rules that are in line with those set out in ICANN's Uniform Domain Name Dispute-Resolution Policy.

(18) The policy on the abusive registration of .eu domain names should provide for verification by the Registry of the data that it receives, specifically data concerning the identity of registrants, as well as revocation and blocking from future registration of domain names considered by a final decision of a Member State court to be defamatory, racist or otherwise contrary to the law of the Member State. The Registry should take the utmost care to ensure the correctness of the data that it receives and holds. The revocation procedure should allow the domain name holder a reasonable opportunity to rectify any breach of the eligibility criteria, registration requirements or outstanding debts before the revocation is to take effect.

(19) A domain name that is identical or confusingly similar to a name in respect of which a right is established by Union or national law and which has been registered without rights or legitimate interest in the name, should, in principle, be revoked and, where necessary, transferred to the legitimate holder. Where such a domain name has been found to have been used in bad faith, it should always be revoked.

(20) The Registry should adopt clear policies aiming to ensure the timely identification of abusive registrations of domain names and, where necessary, should cooperate with competent authorities and other public bodies relevant to cybersecurity and information security which are specifically involved in the fight against such registrations, such as national computer emergency response teams (CERTs).

(21) The Registry should support law enforcement agencies in the fight against crime, by implementing technical and organisational measures aimed at enabling competent authorities to have access to the data in the Registry for purposes of the prevention, detection, investigation and prosecution of crimes, as provided for by Union or national law.

(22) This Regulation should be implemented in compliance with the principles relating to privacy and the protection of personal data. The Registry should comply with the relevant Union data protection rules, principles and guidelines, in particular with the relevant security requirements, with the principles of necessity, proportionality, purpose limitation and proportionate data retention period. Also, personal data protection by design and data protection by default should be embedded in all data-processing systems and databases developed and maintained.

(23) In order to ensure effective periodic supervision, the Registry should be audited at its own expense at least every two years by an independent body with the purpose of confirming, by means of a conformity assessment report, that the Registry complies with the requirements laid down in this Regulation. The Registry should submit that report to the Commission in accordance with its contract with the Commission.

(24) The contract between the Commission and the Registry should provide for procedures to improve the organisation, administration and management of the .eu TLD by the Registry in accordance with the instructions of the Commission resulting from the Commission's supervisory activities as provided for in this Regulation.

(25) In its conclusions of 27 November 2014, entitled ‘Internet Governance’, the Council reaffirmed the Union's commitment to promote multistakeholder governance structures that are based on a coherent set of global internet governance principles. Inclusive internet governance refers to the development and applications of shared principles, norms, rules, decision-making procedures and programmes that shape the evolution and use of the internet by governments, the private sector, civil society, international organisations and the technical community, all acting in their respective roles.

(26) A .eu Multistakeholder Advisory Group should be set up with the role of advising the Commission in order to strengthen and widen input into the good governance of the Registry. The Group should reflect the internet governance multistakeholder model, and its members, apart from those drawn from Member State authorities and international organisations, should be appointed by the Commission on the basis of an open, non-discriminatory and transparent procedure. The representatives drawn from the Member State authorities should be appointed on the basis of a rotation system ensuring sufficient continuity of participation in the Group.

(27) The Commission should carry out an evaluation of the effectiveness and functioning of the .eu TLD. That evaluation should have regard to the designated Registry working practices and the relevance of the Registry's tasks. The Commission should also submit regular reports on the functioning of the .eu TLD name to the European Parliament and to the Council.

(28) This Regulation respects the fundamental rights and observes the principles recognised in the Charter of Fundamental Rights of the European Union (the ‘Charter’), as enshrined in the Treaties, in particular the protection of personal data, the freedom of expression and information, and the protection of consumers. Appropriate Union procedures should be observed when ensuring that provisions in national law that affect this Regulation comply with Union law and, in particular, the Charter. The Registry should seek guidance from the Commission in cases of doubt with regard to compliance with Union law.

(29) Since the objective of this Regulation, namely the implementation of a pan-European TLD in addition to the national ccTLDs, cannot be sufficiently achieved by the Member States, but can rather, by reason of its scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

(30) In order to limit any risk of disruption to the services of the .eu TLD during the implementation of the new regulatory framework, transitional provisions are laid down in this Regulation.

(31) Regulation (EC) No 733/2002 should therefore be amended and repealed, and Regulation (EC) No 874/2004 should be repealed,

HAVE ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Subject matter and objectives

Article 2

Definitions

For the purposes of this Regulation:

(1) ‘Registry’ means the entity entrusted with the organisation, administration and management of the .eu TLD, including the maintenance of the corresponding databases and the associated public query services, the registration of domain names, the operation of the Registry of domain names, the operation of the Registry's TLD name servers, and the distribution of TLD zone files across name servers;

(2) ‘Registrar’ means a natural or legal person that, on the basis of a contract with the Registry, provides domain name registration services to registrants;

(3) ‘Internationalised Domain Name protocols’ means standards and protocols that support the use of domain names in characters that are not American Standard Code for Information Interchange (ASCII) characters;

(4) ‘WHOIS database’ means the collection of data containing information on the technical and administrative aspects of the .eu TLD registrations;

(5) ‘principles and procedures on the functioning of the .eu TLD’ means detailed rules concerning the functioning and management of the .eu TLD;

(6) ‘registration’ means the series of acts and procedural steps, from initiation to completion, taken by Registrars and the Registry upon the request of a natural or legal person for the purpose of implementing the registration of a domain name for a specified duration.

CHAPTER II

IMPLEMENTATION OF THE .eu TLD

SECTION 1

General principles

Article 3

Eligibility criteria

Registration of one or more domain names under the .eu TLD can be requested by any of the following:

(a) a Union citizen, independently of their place of residence;

(b) a natural person who is not a Union citizen and who is a resident of a Member State;

(c) an undertaking that is established in the Union; and

(d) an organisation that is established in the Union without prejudice to the application of national law.

Article 4

Registration and revocation of domain names

(a) there are outstanding unpaid debts owed to the Registry;

(b) the non-fulfilment by the domain name holder of the eligibility criteria pursuant to Article 3;

(c) the breach by the domain name holder of the requirements for registration requests laid down on the basis of points (b) and (c) of Article 11.

(a) has been registered by its holder without rights or legitimate interest in the name; or

(b) has been registered or is being used in bad faith.