News item | 17-01-2025 | 2:45 PM
The Netherlands Internet Domain Registration Foundation (SIDN) may only move a limited part of the so-called .nl domain registration system under strict conditions. The Council of Ministers has agreed to this decision on the proposal of Minister Beljaarts of Economic Affairs. SIDN has indicated that it agrees with this.
Minister Beljaarts, also on behalf of State Secretary Szabó (Digitalization and Kingdom Relations), informs the House of Representatives about this decision in a letter.
The current domain registration system, which SIDN still manages in-house, dates from 2010. According to the foundation, continuation will pose major continuity risks in the future. It is difficult to maintain and find staff to keep it running. Supervisor of the National Digital Infrastructure Inspectorate (RDI) finds this plausible based on the information it has received. In January 2024, SIDN announced its intention to move its domain registration system to the so-called public cloud of the American company Amazon Web Services (AWS).
Preventing unwanted digital dependencies
Reducing current unwanted digital dependencies and preventing new dependencies is a spearhead of both the EU and the Netherlands. That is why the government has conducted several studies, analyzes and recommendations over the past year to investigate the risks involved in moving the domain registration system.
Based on all research, SIDN can only accommodate a more limited part of this system in the AWS public cloud than they previously intended. SIDN has also committed to fully implement the proposed additional measures from a risk analysis by the AIVD. For this purpose, the existing agreement between the Ministry of Economic Affairs and SIDN has been expanded.
Analysis of European and Dutch providers
For the government’s decision on the relocation by SIDN, KPMG analyzed whether a Dutch or European cloud provider can fully meet the technical and functional criteria drawn up by SIDN. The researchers concluded that Dutch and European providers can currently only partially meet these criteria. In a so-called Data Protection Impact Assessment (DPIA) an external party also concluded that the privacy risks associated with a relocation can be reduced to an acceptable level by SIDN.
The SIDN foundation has managed these services since 1996. In 2018, the government designated SIDN as a provider of an essential service, meaning that this activity falls legally under the supervision of the RDI.
Today, the Council of Ministers also agreed to the government’s response to the initiative memorandum ‘Clouds on the horizon’ from the House of Representatives, which further discusses the European and Dutch role in cloud infrastructure.