Policy & Regulation

Policy & Regulation / Featured Blogs

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers.

Rethinking Digital Sovereignty: The Pitfalls of an Infrastructured Approach

In an era where our lives are increasingly intertwined with digital technologies, a recent development in the realm of digital sovereignty has sparked a pressing concern for nations and individuals alike. The concept of digital self-determination, once hailed as a great equalizer, has become a battleground for power, privacy, and control, with governments and tech giants vying for dominance in the digital realm.

Net Neutrality: What Is Old Is New Again

On July 22, the FCC's open Internet order - which transforms Internet access service from a lightly regulated information service into a heavily regulated telecommunications service - will take effect. This article describes the policies and legal theories underlying the Order and the Order's effect on consumers of Internet services and providers of the service, including a number of entities that had previously escaped FCC regulation.

Will We Ever End Legacy Telephone Networks?

Anybody not involved in the telephone business will probably be surprised to find that the old TDM telephone networks are still very much alive and in place. The old technologies were supposed to be phased out and replaced by digital technologies. The FCC started talking about this before 2010. In 2013, Tom Wheeler, the FCC Chairman at the time, announced an effort to force the needed changes, which was dubbed the IP Transition.

Alternative Insights on Article 28 of the NIS2 Directive

On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states.

Demystifying Art. 28 NIS2

On December 14, 2022, the European Parliament adopted the Directive on measures for a high common level of cybersecurity across the Union (Directive (EU) 2022/2555) hereinafter referred to as "NIS2"), which was published in the official journal on December 27, 2022. Being a directive, NIS2 requires transposition into national law. According to Art. 41 of NIS2, the transposition into national law must take place by October 17, 2024 and the measures must be applied as of October 18, 2024.

The UN’s AI Leadership

In the same way monarchs are proclaimed - by powerful stakeholders attending a coronation and not objecting - the UN's International Telecommunication Union (ITU) took a mandate last week to coordinate AI Safety worldwide, with most industry leaders and relevant UN agencies were present when it did so.

NIS 2.0 and Its Impact on the Domain Name Ecosystem

I recently appeared on the 419 Consulting podcast to discuss the European Union's NIS 2.0 Directive and its impact on the domain name ecosystem. I encourage all TLD registries, domain name registration service providers, and DNS operators to listen to the recording of that session which Andrew Campling has made available.

13th Registration Operations Workshop: Join Us Online on June 4th, 2024

As a member of the ROW Planning Committee, I am writing this post on behalf of the Committee and welcome all community members to join us on June 4th. We are celebrating ROW's 10th anniversary! A decade of collaboration and inspiration! Thank you to the incredible community that has fueled this journey!

What Defines a Stakeholder in Internet Governance? (Netmundial+10 Special)

What defines a stakeholder in Internet governance? Is it a professional occupation, an ideology, or a specific methodology? One of the key themes emerging in the Netmundial+10 event has been that of stakeholder involvement, participation and representation in different IG mechanisms. The numeric increase in contributors to these processes since the original Netmundial is palpable. However, questions remain about the definition of a stakeholder and the premises under which these actors should engage in policy work together.