On 4 April, the annual meeting of the Registro .it was held, which this year recorded a particularly high number of participants, both in presence and remotely: the central theme of the day was the adoption in Italy of NIS2 (Network and Information Security, second version) and its impact on the ecosystem of .it domain name management, both from a technical and managerial, legal and operational point of view. A topic of great interest for the Registrar community, testified not only by the attendance, but also by the interactivity of the participants during the day.
As every year, the meeting was a key appointment to take stock of the activities carried out in 2024 and the forecasts for 2025. Registro Manager and Director of CNR-IIT, Andrea Passarella opened the proceedings by introducing the day.
Dr. Polina Malaja, Policy Director of CENTR (Council of European National Top-Level Domain Registries), presented NIS2 in the perspective of adoption within the EU. The directive imposes specific cybersecurity measures for “critical entities” such as Top Level Domain Registries and DNS providers, and aims to strengthen the security and resilience of the Internet Network and information systems: a reliable, resilient and secure DNS is essential for the integrity of the Network. Another key point is the accuracy of data, starting with a certain identification of registrants. At the moment, adoption in EU countries is very late, and only nine countries (including Italy) have adopted the directive within the timeframe set by the Commission.
Present to illustrate the roadmap for the adoption of the directive in Italy and its implications were Prefect Milena Rizzi, Head of Regulatory Services, and Engineer Claudio Ciccotelli, Head of Division of the PSNC (National Cybersecurity Perimeter) for ACN (National Cybersecurity Agency). He presented the stages and deadlines for the adoption of the NIS2 Directive, contextualising it in particular to the .it domain name registration sector. He emphasised the necessary collaborative spirit between the various actors involved in the process (ACN, MIMIT - Ministry of Enterprises and Made in Italy, Registro .it, Registrars) each in their own roles. Eng. Ciccotelli then illustrated the more technical and operational aspects of the directives that ACN will adopt in the coming weeks, to regulate in detail the adoption by the actors involved, according to their level of criticality.
Eng. Alessandro Paci, from the MIMIT Institute of Information Technology, emphasised the key role of the Ministry in protecting the Italian production fabric and simultaneously implementing the cybersecurity directive for companies, in collaboration with ACN. To this end, MIMIT will organise sector tables to receive critical elements from below in the various business areas and bring them to the attention of ACN.
The Head of the Registro .it and the Heads of its Units went on to give a brief account of the activities of each unit. The Head of the Registro highlighted the substantial stability of the overall picture of registrations, given that we are over 3.5 million domains, with a renewal rate of over 80%. In general, the emphasis for 2025 will be on actions related to the adoption of NIS2. This will cover both the more purely technological aspects, as well as operational, management, and compliance control aspects. Training will also be renewed, both internally and towards Registrars. With regard to the External Relations, Media, Communication and Marketing Unit, which is now under interim responsibility, the main features will be: i) revisiting the content and communication strategy, focusing much more on social platforms; ii) continuing joint participation with the Registrars in events to promote and enhance the .it among small and medium-sized enterprises and as a symbol of Made in Italy; iii) including the ‘Ludoteca’ training project in the chain of training initiatives of the Cybersecurity Lab of Cini (National Interuniversity Consortium for Informatics). Finally, the Registro .it continues to cooperate in relevant international contexts, in particular ICANN and CENTR.
Valentina Amenta, Head of the Legal Aspects and Litigation Unit, pointed out how the projects undertaken in recent years by the Registro .it on data accuracy have drastically increased the direct correction of data entered in the DBNA (the Database of Assigned Names), and drastically reduced opposition procedures, contributing to making the .it increasingly a certified “safe space”, and reducing the economic and operational burdens on stakeholders. He then contextualised the current regulatory framework, illustrating how NIS2 is part of a body of regulations aimed at raising the quality and robustness of the international domain name registration system. With the entry into force of NIS2, the continuation of data accuracy control actions and legal-operational compliance measures imposed by the regulation will be the main objectives for 2025.
Maurizio Martinelli, Head of the Systems and Technological Development Unit, presented the technical innovations introduced in 2024, the main ones of which concern:
- the system for checking data accuracy (Reads and Darwin platforms);
- centralised authentication and 2FA for Registrars;
- the new RAIN portal;
- intense activity in standardisation committees;
- the new billing system.
In 2025, activities will again focus on the technological evolution of the Registro .it in light of the NIS2 Directive. In particular, the following activities are planned:
- the construction of the new Data Centre of Registro;
- the continuation of Vulnerability Assessment, Penetration Test and Secure Coding activities;
- the design and development of new REST services for Registrars;
- the training courses for Registrars on cybersecurity in collaboration with the Cybersecurity Lab at Cini.
The meeting closed with the speech by Dr. Donato Molino, president of CIR (the Steering Committee of the Registro) and the sector association AssoTLD, who illustrated the members of the Steering Committee and the role it plays, in close collaboration with the Registro .it, with its consultative function and expressing non-binding opinions. Finally, Dr. Molino listed the Board's activities in 2024, such as the adoption of NIS2, the new Registrar contract and the upgrade of the ‘Darwin’ system (Data Accuracy Registrar Web Interface), and also anticipated the priorities for 2025, in particular the implementation of the Directive and the implementation of related compliance measures.
With the 4 April meeting, the Registro .it reaffirmed its commitment to ensuring an increasingly secure system that complies with the new European regulations, in support of the entire Registrar community.