The European Health and Digital Executive Agency (HaDEA) has put forth a proposition to create an EU-wide, secure DNS solution that adheres to the GDPR. According to their objective, they are seeking to deploy a “European DNS resolver service infrastructure” that serves “public, corporate and residential internet end-users in the EU”.
Interestingly, this does not seem to be laid out entirely as a public service. According to article five of the proposal, HaDEA hopes to offer “opt-in paid premium services for enhanced security (e.g. ad hoc filtering, monitoring, 24x7 support), tailored to specific sectorial needs (e.g. cloud, finance, health, transport), as well as wholesale resolution services for other digital service providers, including ISPs and cloud service providers.” From this description, it would seem that HaDEA wishes to compete with the likes of CloudFlare.
On a more positive note, article six mentions residential services, such as “strictly opt-in and fully transparent parental control filtering services”. This is similar to premium services offered by OpenDNS"s Family Shield. It is unclear if residential services are intended to be state-sponsored or subscription-based.
Also of note, HaDEA proposes “Filtering of URLs leading to illegal content based on legal requirements applicable in the EU”, which could potentially give the EU the right to censor or strike content from the web. Unsurprisingly, it pledges to adhere to the many guidelines of the GDPR.
HaDEA’s objective in their bid for funding from the European Commission is as follows:
This topic will support the deployment of a recursive European DNS resolver service infrastructure (hereafter DNS4EU) serving socio-economic drivers, public, corporate and residential internet end-users in the EU, and offering very high reliability and protection against global cybersecurity threats and those specific to the EU (e.g. phishing in EU languages). This is a key policy action announced in the 2020 “Joint Communication: The EU’s Cybersecurity Strategy for the Digital Decade”. Such a critical service infrastructure is currently not available at European level with the level of performance, resilience, security and privacy envisaged, and the market will not invest in it alone given the lack of a business case (DNS resolution is normally provided for free). As stated the EU’s Cybersecurity Strategy, citizens and organisations in the EU increasingly rely on a few public DNS resolvers operated by non-EU entities. The deployment of DNS4EU aims to address such consolidation of DNS resolution in the hands of few companies, which renders the resolution process itself vulnerable in case of significant events affecting one major provider. Moreover the lack of significant EU investment in the field hampers the development of infrastructures that favour the detection and filtering of local cyber-threats that nonetheless could have significant socio-economic impacts. In addition, the processing of DNS data can have an impact on privacy and data protection rights.
Their bid for funding from the European Commission, according to the source, has a deadline of March 22, 2022.
Source: European Commission