Bringing eID to the domain industry

In 2020, six organisations came together to begin work on RegeID, a project that aims to support the integration of the eID Digital Service Infrastructure (DSI) and open up registrant services provided by the administrators of four national top level domains (domain registries or ccTLDs) including .cz, .dk, .ee and .nl to the eIDAS-infrastructure and thus to the citizens of all European countries.

This project will thus enable the cross-border use of eIDs issued according to the eIDAS regulation for services such as the administration of domain names and the validation of registrant data. In practice, this means that a Czech national could manage a domain registered in Estonia using their Czech eID and vice versa.

This project is particularly relevant in today’s age, as people increasingly turn to the digital sphere for their work, shopping, social life, entertainment and day-to-day administration due to the Covid-19 pandemic. This has resulted in an increased use of eIDs in general, and so RegeID aims to help boost this digital transformation.

With the project partners representing 8.5 million domain names in total, this project will allow registrants to secure their information through their national eIDs and enhance trust, assurance and security in the entire internet environment. Furthermore, the use of eIDs is an easy way of preventing fake domain registrations which significantly helps fight cybercrime and protect intellectual property rights, and it is being adopted by an increasing number of domain registries.

Whilst domain name registries cannot remove content from websites, as content does not pass through their technical infrastructure, they can assist in verifying the identity of registrants. Typically, registrants who intend to use their domain for fraudulent purposes will not enter correct registration data. Therefore, registries can perform checks on their database of registrants, looking out for suspicious data, which in turn can help them identify and fight against fake webshops or illegal online content.

There is increasing pressure on registries to verify registrants and to combat illegal content online as the European Union tries to regulate the digital space. One of the top priorities on Europe’s digital agenda for the 2019-2024 legislative term is the Digital Services Act (DSA), a regulation that aims to revise the liability and safety rules for information society services in the EU, including digital platforms, services and products. According to the European Commission, “the sale of illicit, dangerous or counterfeit goods and dissemination of illegal content must be tackled as effectively as possible”.

The European Commission published a proposal for the regulation in December, which includes several points that are relevant to internet infrastructure actors, such as ccTLDs and registrars. Namely, domain name registries and registrars are considered to fall under the notion of “provider of intermediary services” for the purposes of the proposed regulation. It is clear, therefore, that registries will increasingly be called upon to ensure that their zone remains as safe and crime-free as possible.

This project, as well as helping fight crime online, is also of particular importance for cross-border cooperation as demonstrated by the figures below, which show the number of foreign domain holders in each country:

  • .CZ: 1.3 million domain names (75.000 registered to other EU citizens/entities)
  • .DK: 1.3 million domain names (36.000 registered to other EU citizens/entities)
  • .EE: 121.000 domain names (12.000 registered to other EU citizens/entities)
  • .NL: 5.8 million domain names (250.000+ registered to other EU citizens/entities)

By providing more ease of use to registrants from other nationalities, not only will this project demonstrate the value of eIDAS for purposes beyond mere authentication, but it will also build assurance and trust in the services, as EU citizens will be able to validate their identities without additional burden. They will be able to use the eID they already know and trust at national level to access registry services across borders.

The project partners aim to go further than just implementing the eIDAS infrastructure in their own portals. They hope to carry out extensive research in order to identify any barriers, especially for registrars, to its implementation. In this way, they will be able to use their insights to pave the way for future eID DSI uptake in the wider domain name industry.