Archive for World Wide Web

Visa Adopts Blockchain For Cross-Border, Bank To Bank B2B Payments

Visa is integrating blockchain technology with its core systems to enable participant businesses to make direct, cross-border, bank to bank payments to other corporate participants.

B2B Connect

The news system called Visa B2B Connect is being built using the Hyperledger Fabric framework from the Linux Foundation, and will mean that, rather than paying another corporate by cheque, automated clearing house or wire transfer, all of which require intermediary banks and exchanges, payments can be made directly and instantly from bank to bank of corporate customers.

This will mean cost and time savings, and the ability to pay and get paid 24-hours a day, regardless of location, local time differences, and other problematic traditional banking anomalies such as data truncation, payment delays and compliance issues.

Suite of APIs

The Visa B2B Connect system essentially provides a suite of Application Programming Interfaces (APIs) which allow participating banks to automate B2B, cross-border and cross-currency payments, by developing an end-to-end B2B payments solution to onboard customers, set up their suppliers, check Visa B2B Connect foreign exchange rates and submit payments. Alternatively, banks can choose to integrate just a subset of the APIs to address more specific needs e.g. checking on the status of certain payments through the Visa B2B Connect site.

Expansion Plans

Although the new system will only work for those corporates signed-up as participants to Visa’s pilot scheme, there are already plans to expand it so that it will cover more than 30 global trade corridors and 90 markets by the end of this year.

Benefits

The benefits that the blockchain-based B2B Connect system offers include cryptographically secured B2B transactions, transaction transparency and predictability, and the peace of mind and security of operating within a trusted network where all parties are known participants on a permissioned blockchain operated by Visa.

Blockchain Lacking Functionality

Recent research by Gartner showed that Only 11% of CIOs have deployed or are in short-term planning with blockchain, partly because of the fact that, at the moment, blockchain is a technology and not a complete, ready to use application, and therefore, lacks business-friendly features like a user interface, business logic, data persistence and interoperability mechanisms.

What Does This Mean For Your Business?

For corporates, Visa’s B2B Connect system appears to unlock some of the long-promised benefits of blockchain in terms of fast and easy cross-border payments, security, transparency, and the reassurance of a trusted name in the payments world.  Also, the fact that a suite of APIs are available to participants means that the system can be set up relatively easily, thereby tackling the issue (as highlighted by the Gartner research) of confusion among corporate tech heads about how best to incorporate blockchain and worries about there being few ready to use, complete applications available.

For smaller businesses the hope of being able to use blockchain to add value, reduce costs and gain competitive advantages is being boosted by a growing Blockchain as a Service (BaaS) market which offers the chance to deploy distributed ledgers without the cost or risk of deploying it in-house, and without needing to find in-house developers.  The cloud-based CRM platform ‘Salesforce’ for example, is adding a low code, blockchain-powered service that will allow enterprise users to share data with third parties in a secure, transparent, and auditable way.

Suspected Russian Disinformation Campaign Rumbled

An investigation by the Atlantic Council’s Digital Forensic Research Lab (DFRLab) claims to have unearthed a widespread disinformation campaign aimed at influencing online conversations about several topics, that appears to originate in Russia.

Facebook Accounts

Sixteen suspected Russian fake accounts that were closed by in early May 2019 led researchers to an apparent campaign which stretched across 30 social networks and blogging platforms and used nine languages. The campaign appeared to be focused away from the main platforms such as Facebook and Twitter and was played out instead on blogging sites, subreddits, and online forums.

Even though the scale of the apparent disinformation operation appears to be beyond the abilities of  a small or ad hoc group (the scale has been described as “remarkable”), and that the operation appears to have been working out of Russia,  the DFRLab has pointed out that there is not enough real evidence to suggest that the Russian state / Kremlin is behind it and that the investigation is still ongoing.

What Kind Of Disinformation?

It has been reported that the broad topic areas of the disinformation appear to reflect Moscow’s foreign policy goals e.g. Ukraine, Armenia, opposition to NATO, although conversations have been started and steered around subjects relating to Brexit, Northern Ireland, the recent EU elections, immigration, UK and US relations, the recent turmoil in Venezuela and other issues. Some of the disinformation is reported to have included:

Fake accounts in 2018 of an alleged plot, apparently discovered by Spanish intelligence, to assassinate Boris Johnson.

Shared screenshots of a false exchange between Democratic Unionist Party leader, Arlene Foster, and chief EU Brexit negotiator, Michel Barnier, which appeared to show a secret negotiation behind Theresa May’s back. Also, false information was spread about the Real IRA.

The publishing of a fraudulent letter in French, German, and broken English, featuring a screenshot of a letter allegedly written by Italian-Swedish MEP Anna Maria Corazza was published on various platforms as an attempt to influence the European Parliament elections in May 2019.

Failed and Discovered

The main reasons why the disinformation essentially failed and was discovered were that:

  • Communications were generally not sent via the main, most popular social media platforms.
  • The campaign relied on many forged documents and falsehoods which were relatively easy to spot.
  • So much trouble was taken to hide the source of the campaign e.g. each post was made on a single-use account created the same day and not used again, that the messages themselves hardly saw the light of day and appeared to lack credibility.

What Does This Mean For Your Business?

The fact that someone / some power is going to the trouble to spread disinformation on such a scale with regard to influencing the politics and government of another country is worrying in itself, and the knowledge that it is happening may make people more sceptical about the messages they read online, which can help to muddy the waters on international relations even more.

If messages from a foreign power are used to influence votes in a particular way, this could have a serious knock-on effect on the economy and government policy decisions which is likely to affect the business environment and therefore the trading conditions domestically and globally for UK businesses.  Some have described the current time as being a ‘post-truth’ age where shared objective standards for truth are being replaced by repeated assertions of emotion that are disconnected from real details.  This kind of disinformation campaign can only feed into that and make things more complicated for businesses that need to be able to have reality, truth, clear rules, and more predictable environments to help them reduce risk in business decisions.

Tech Tip – A Free Online HTML Editor

If you’d like to be able to quickly write or edit a piece of content so that it can be easily used online without having to download or purchase HTML editors, try using a free, online HTML editor.

For example, go to https://html5-editor.net/

Type or paste your text into the right-hand side window.  The HTML appears in the left-hand window.  Both are editable.

You can, for example, select all the text in the right-hand window (click in the window, CTRL + A), select ‘Format’ (top bar), and select ‘Clear Formatting’.  This will clean up the code so that you can add your own formatting, links, bold, etc.

If you’d like to save your work as an HTML page, click in the left hand window and use CTRL + A (to copy the HTML code), open Notepad by typing Notepad the Windows search bottom left, CTRL +V to paste into the notepad file, and save the notepad page as a HTML page.

ICO’s Own Website Fails GDPR Compliance Test

Irony and embarrassment are the order of the day as the Information Commissioner’s Office, which is responsible for ensuring GDPR compliance in the websites of businesses and organisations has been forced to admit that its own website is not GDPR compliant.

Cookie Consent Notice

The problem, as pointed out to the ICO by Adam Rose, a lawyer at Mishcon de Reya, is that the ICO’s website currently uses implied consent to place cookies on mobile devices, which is prohibited under the Electronic Communications Regulations (PECR) 2003.  These Regulations operate alongside GDPR, and as highlighted on the ICO’s own website, consent needs to be clearly given for cookies (e.g. by a tick box) and where they are set, the website needs to give users, mobile or otherwise, a clear explanation of what the cookies do and why.

Article 6

It has been reported that Mr Rose argued that the ICO’s own website’s cookie consent tools were at odds with Article 6 of PECR.

ICO’s Own Guide

For example, in the ICO’s own online guide, in terms of getting marketing consent, it states that “some form of very clear positive action” is needed, “for example, ticking a box, clicking an icon, or sending an email – and the person must fully understand that they are giving you consent”.

Cookies Admission

Under “Cookies” in the guide, and in admission of not being fully compliant itself at the moment, the ICO now states that “We use a cookies tool on our website which relies on implied consent of users.  In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.  This means that we are in the process of updating the tool (Civic Cookie Tool) which, by default, requires explicit opt-in action by users of our website.”

This means that the ICO has yet to upgrade to the version of the Civic Cookie Tool which includes explicit opt-in, and therefore, the ICO isn’t currently compliant with the laws that it is supposed to help implement and uphold.

Why?

Even though the ICO announced back in May last year that it would be upgrading to the new version of the Civic Cookie Tool, this has not yet happened. This appears to indicate a possible failure on the ICO’s part in the planning and implementation aspects of this particular tool on its website.

Also, as some tech and security commentators have pointed out, there is still a lack of clear legal rules on cookie compliance, and this has even led to confusion on some points among data protection experts.

It could also be argued that a lack of regulatory enforcement against cookie compliance breaches may mean that most website operators can still put consent rules to the bottom of the list of business priorities with no fear of consequence.  It’s also unclear if the regulator would or would not be able to carry out some kind of enforcement of the law against itself.

What Does This Mean For Your Business?

Many businesses may be thinking that, aside from the obvious irony of the regulator not being totally compliant, what hope do the rest of us have of getting it right if the ICO can’t?

This story could also act as a reminder to businesses that consent is a complicated area in data protection, and that it may be worth revisiting what cookie consent tools are in place on their websites and whether they are up to date and compliant.  For example, as the ICO has discovered, if you’re responsible for implementing the updated version of tools relating to your GDPR compliance, the planning and implementation needs to be managed in order to avoid unwittingly leaving the organisation open to possible infringements of current regulations.

Criminal Secrets Of The Dark Net Revealed

Recent Surrey University research, ‘Web Of Profit’ commissioned by virtualisation-based security firm Bromium has shown that cyber-criminals are moving to their own invisible Internet on the so-called ‘dark net’ to allow them to communicate and trade beyond the view of the authorities.

What Is The Dark Net?

The dark net describes parts of the Internet which are closed to public view or hidden networks and are associated with the encrypted part of the Internet called the ‘Tor’ network where illicit trading takes place.  The dark net is not accessible to search engines and requires special software installed or network configurations made to access it e.g. Tor, which can be accessed via a customised browser from Vidalia.

Deeper

Infiltration and closing down of some of the dark net marketplaces by the authorities are now believed to have led to cyber-criminals moving to a more secure, invisible part of the dark net in order to continue communicating and trading.

How?

Much of the communication about possible targets and tactics between cyber-criminals now takes place on secure apps, forums and chatrooms.  For example, cyber-criminals communicate using the encrypted app ‘Telegram’ because it offers security, anonymity, and encrypted channels for the sale of prohibited goods.

Diverse Dark Net Marketplace

Posing as customers and getting first-hand information from hackers about the costs a range of cyber-attacks, the researchers were able to obtain shocking details such as:

  • Access to corporate networks is being sold openly, with 60% of the sellers offering access to more than 10 business networks at a time. Prices for remote logins for corporate networks ranged from only £1.50-£24, and targeted attacks on companies were offered at a price of £3,500.
  • Phishing kits are available for as little as $40, as are fake Amazon receipts and invoices for $52.
  • Targeted attacks on individuals can be purchased for $2,000, and even Espionage and insider trading are up for sale from $1,000 to $15,000.

Corporations Targeted

One thing that was very clear from the research is that cyber-criminals are very much focusing on corporations as targets with listings for attacks on enterprises having grown by 20% since 2016. The kinds of things being sold include credentials for accessing business email accounts.

Specific Industries

The research also showed that cyber-criminals are moving away from commodity malware and now prefer to tailor tools such as bespoke versions of malware as a way of targeting specific industries or organisations.  For example, the researchers found that 40% of their attempts to request dark net hacking services targeting companies in the Fortune 500 or FTSE 100 received positive responses from sellers, and that the services on offer even come with service plans for conducting the hack, and price tags ranging from $150 to $10,000, depending on the company to be targeted.

The industries that are most frequently targeted using malware tools that are being traded on the dark net include banking (34%), e-commerce (20%), healthcare (15%) and even education (12%).

Researchers also uncovered evidence that vendors are now acting on behalf of clients to hack organisations, obtain IP and trade secrets and disrupt operations.

What Does This Mean For Your Business?

The dark net is not new, but some commentators believe that the heavy-handed nature of some of the police work to catch criminals on the dark net is responsible for pushing criminal communication and trading activity further underground into their own invisible areas.  End-to-end encrypted communications tools such as Telegram mean that cyber-criminals can carry on communicating beyond the reach of the authorities.

The research should show businesses that there is now real cause for concern about the sensitive, informed and finely tuned approach that cyber-criminals are taking in their targeting of organisations, right from the biggest companies down to SME’s.  This should be a reminder that cyber-security should be given priority, especially when it comes to defending against phishing campaigns, which are one of the most successful ways that criminals gain access to company networks.

Law enforcement agencies also need to do more now to infiltrate, gather intelligence, and try to deter and stop the use of different forums, channels and other areas of the dark net in order to at least prevent some of the more open trading of hacking services and tools.

US Visa Applicants Now Asked For Social Media Details and More

New rules from the US State Department will mean that US visa applicants will have to submit social media names and five years’ worth of email addresses and phone numbers.

Extended To All

Under the new rules, first proposed by the Trump administration back in February 2017, whereas previously the only visa applicants who had needed such vetting were those from parts of the world known to be controlled by terrorist groups, all applicants travelling to the US to work or to study will now be required to give those details to the immigration authorities. The only exemptions will be for some diplomatic and official visa applicants.

Delivering on Election Immigration Message

The new stringent rules follow on from the proposed crackdown on immigration that was an important part of now US President Donald Trump’s message during the 2016 election campaign.

Back in July 2016, the Federal Register of the U.S. government published a proposed change to travel and entry forms which indicated that the studying of social media accounts of those travelling to the U.S. would be added to the vetting process for entry to the country. It was suggested that the proposed change would apply to the I-94 travel form, and to the Electronic System for Travel Authorisation (ESTA) visa. The reason(s) given at the time was that the “social identifiers” would be: “used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional toolset which analysts and investigators may use to better analyse and investigate the case.”

There had already been reports that some U.S. border officials had actually been asking travellers to voluntarily surrender social media information since December 2016.

2017

In February 2017, the Trump administration indicated that it was about to introduce an immigration policy that would require foreign travellers to the U.S. to divulge their social media profiles, contacts and browsing history and that visitors could be denied entry if they refused to comply. At that time, the administration had already barred citizens of seven Muslim-majority countries from entering the US.

Criticism

Critics of the idea that social media details should be obtained from entrants to the US include civil rights group the American Civil Liberties Union which pointed out that there is no evidence it would be effective and that it could lead to self-censorship online.  Also, back in 2017, Jim Killock, executive director of the Open Rights Group was quoted online media as describing the proposed as “excessive and insulting”.

What Does This Mean For Your Business?

Although they may sound a little extreme, these rules have now become a reality and need to be considered by those needing a US visa.  Given the opposition to President Trump and his some of his thoughts and policies and the resulting large volume of Trump-related content that is shared and reacted to by many people, these new rules could be a real source of concern for those needing to work or to study in the US.  It is really unknown what content, and what social media activity could cause problems at immigration for travellers, and what the full consequences could be.

People may also be very uncomfortable being asked to give such personal and private details as social media names and a massive five years’ worth of email addresses and phone numbers, and about how those personal details will be stored and safeguarded (and how long for), and by whom they will be scrutinised and even shared.  The measure may, along with other reported policies and announcements from the Trump administration even discourage some people from travelling to, let alone working or studying in the US at this time. This could have a knock-on negative effect on the economy of the US, and for those companies wanting to get into the US marketplace with products or services.

Amazon Pop-Up Stores

Amazon is launching a pilot scheme which will enable 100 small online businesses to get the opportunity to sell their goods in 10 Amazon pop-up stores in UK high streets.

Clicks And Mortar

The pop-up stores will be branded as ‘Clicks and Mortar’ and will enable small online businesses selling homeware, health and beauty, food and drink and electronics to get their first taste of selling from a physical store in a UK high street. The stores may also offer customers the chance to discover new brands on their local high streets.

Amazon had already tested the pop-up store idea in the UK, albeit briefly and on a small scale, when last October it opened a fashion store in Baker Street in London to gauge customer opinions. The online shopping giant has also opened a “Home of Black Friday” store as part of the annual retail event in London over the last two years.

Following eBay

Last month, as part of its own month-long retail experiment, eBay opened a “concept” store in Wolverhampton’s i10 building, in which 40 businesses have been able to offer interactive experiences to buyers, such as workshops and tutorials. eBay reportedly launched the store as part of a partnership between itself and Wolverhampton Council after its own research showed that showed a quarter of small UK retailers did not have an online presence. The store was designed to show how stores of the future could combine technology with a human connection.

Tough Times On The High Street

The UK high street and many of its famous brand occupants have been going tough times, much of which has been blamed on a move to online shopping and competition from online brands and stores, high business rates, and a further reduction in footfall as more high street stores become empty and less attractive to shoppers.

For example, the latest BRC research shows that one in 10 shops in UK town centres is lying empty and that the vacancy rate has risen over the last four quarters and is now the highest reading since April 2015.

Many big chains have announced widescale branch closures e.g. Debenham’s having to close 22 stores, the Topshop group of stores facing problems, Boots possibly closing 200 branches, and Marks & Spencer now planning to close 72 big high street stores in addition to the 48 already closed.

Criticism

Amazon has faced criticism from some business and retail commentators for the working conditions in its warehouses, and over the relatively small amount of tax that pays in the UK.

What Does This Mean For Your Business?

For a limited number of small online retailers, the pop-up stores offer a great opportunity to have a low-risk, well-supported bricks and mortar retail experience and a chance to gain visibility for their brands.  For the high street, Amazon pop-ups may offer a brief boost in variety, footfall, and interest. For Amazon, one of the big online retailers that some would say have contributed (with other online retailers and high business rates) to the decline of the high street, the pilot offers them a chance to boost their brand and good publicity at a time when the many vacant stores gives them the opportunity to choose some great high street locations in major UK towns and cities. It will also offer Amazon, as it did with eBay, a legitimate opportunity to see how retailing could look in the future and a way to assess opportunities, perhaps, for its own brand and services in high streets.

Plans To Remove .org Domain Price Cap Prompts Complaints

Many charities and other non-profit organisations that use .org, .biz or .info domains have complained that proposals to lift the price cap on those domains could lead to the price rocketing.

What Price Cap?

The price cap on .org domains was originally put in place by the US Department of Justice at a time when only a few top-level domains were available and offered a level of price protection to the mainly non-profit groups and organisations that used those domains.

The Internet Corporation for Assigned Names and Numbers (Icann) oversees the web’s domain name system and is the organisation that has made the proposal to lift the price cap after having discussions with the Public Interest Registry, a Pennsylvania non-profit corporation, and  Registry Operator for the .org top-level domain (TLD).

Consultation

Icann launched a consultation “Proposed Renewal of .org Registry Agreement” on a forum on its website throughout March in order to obtain community input and to encourage debate among those involved with domains.  The consultation ended on the  29th April, and the resulting report is due on the 30th May.

Many Complaints

Many organisations and interested parties have complained about the proposed .org renewal agreement.  For example, registrar Namecheap has said that the move would put prices up, and that with switching domains being hard, organisations will be left little option but to pay the higher prices.

It appears that most holders of .org domains, companies selling domain names, ISPs and net marketing firms have objected to the proposal.

Critics of Icann’s proposal to remove the price cap have said that Icann appears to be doing so for administrative convenience rather than for the public interest.

Icann

Icann has justified the proposal to drop the price cap by saying that when the cap was introduced there were only a few top-level options available for organisations wanting to register a domain name, whereas there are now around 1200 different options. This could mean, therefore, that price protection for a few choice domains may longer be necessary.

Icann has also pointed out that even if there are price increases, domain registrants will be given a minimum six-month notice of any price increase, and that they can effectively protect themselves against price increases by renewing their registrations for as many as 10 years prior to the change taking effect.

Another Way?

One other possible option that has been raised online is ICANN’s Non-Commercial Stakeholders Group reportedly suggesting that price caps should remain but could be raised by a reasonable level from their current level of 10% per year.

What Does This Mean For Your Business?

The thought of increased costs and domain price instability for non-profit organisations that need to use their money for their causes is proving to be a very unpopular idea.  Also, for those organisations (particularly larger ones) that have already established a presence online with a .org (.biz or .info), switching to another type of domain is likely to be difficult, costly in many ways, and is likely to be making many organisations feel angry at feeling forced into a position where they’ll have no option but to accept the new higher prices as a result of remaining with their .org (if the proposal goes ahead).

As Icann has pointed out, however, there would be some consolation with organisations being able to renew their registrations for as many as 10 years prior to the change taking effect.

The report from the consultation is due on the 30th May, so it’s a case of waiting until beyond that date to get a clearer indication of what Icann will do.

DNS infrastructure Under Attack

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a warning that the DNS infrastructure is facing an “ongoing and significant risk” and has urged domain owners to deploy DNSSEC technology.

ICANN

ICANN is one of the many organisations involved in the decentralised management of the Internet but is specifically responsible for coordinating the top-most level of the DNS in order to ensure that it can operate in a secure and stable way and maintain universal resolvability.

Attacks

According to ICANN’s statement, public reports indicate that the DNS infrastructure is facing “multifaceted attacks utilizing different methodologies”.  Examples of such attacks include replacing the addresses of intended servers with addresses of machines controlled by attackers.  The prevalence of so-called “man in the middle” attacks, where a user is unknowingly re-directed to a potentially malicious site is of particular concern.

Cisco’s Talos Intelligence blog has highlighted how this type of attack has been carried out on a grand scale by some international players.  For example, the blog reports how Lebanon and the United Arab Emirates (UAE) have been targeting .gov domains, as well as a private Lebanese airline company.  The attackers used two fake, malicious websites containing job postings via malicious Microsoft Office documents which had embedded macros. The malware, dubbed “DNSionage” supported HTTP and DNS communication with the attackers.

The Cybersecurity Infrastructure Security Agency in the US has also been forced to order federal agencies to act against DNS tampering.

DNSSEC

One of the main ways that ICANN and Internet companies like Cloudflare and Google are suggesting that DNS-focused attacks can be countered is through the deployment of DNSSEC technology by domain owners.   Domain Name System Security Extensions (DNSSEC) has been described as a suite of Internet Engineering Task Force (IETF) specifications.  DNSSEC was designed to protect Internet resolvers/clients from forged DNS data, and it complements other technologies e.g. Transport Layer Security (usually used in HTTPS) that protect the end user/domain communication.  In essence, it cryptographically signs data to make it much more difficult to forge.

Low Adoption Rate

One of the reasons why DNS-focused attacks are so prevalent may be that the adoption rate of DNSSEC is so low – around 20%.  In fact, according to Cloudflare, only 3% of the Fortune 1,000 are using DNSSEC.

What Does This Mean For Your Business?

It is good that ICANN has identified this threat as this will now facilitate greater discussion and action and may motivate more domain owners to look into and adopt DNSSEC, hopefully across all unsecured domain names.  Although full deployment of DNSSEC is not the ultimate answer, it may go a long way towards drastically reducing the current threat.

ICANN has produced a helpful checklist of recommended security precautions that members of the domain name industry e.g. registries, registrars, resellers, and others, can proactively take to protect their systems, their customers’ systems and any that could be reached via DNS.  You can find the checklist here: https://www.icann.org/news/announcement-2019-02-15-en

UK Government Warns ‘No Deal’ Brexit May Mean A .COM Replacement For Your .EU

The UK Government’s Department for Digital, Culture, Media and Sport has issued advice to holders of .eu domains that, in the event of a ‘no deal’ Brexit, they may need to switch to another top-level domain such as .com and may also need to seek legal advice.

What? Why??

The government guidance, published online on 21st December, says that the European Commission’s notice states that where a holder of a domain name no longer fulfils the general eligibility criteria, the registry for .eu will be entitled to revoke the domain name. This is because the rules for .eu domains are decided by the European Commission and the operator, which won a contract to run .eu, is obliged to follow these rules.

This could mean that even though you were the owner of the .eu domain up until 29 March 2019, after that date, and with a ‘no deal’ Brexit, you may no longer be able to access your .eu website or email. This may also essentially mean that .eu domains cannot be bought or renewed after Brexit by people or organisations located outside the European Union.

Is This A Real Threat?

Yes. In March last year, the European Commission announced it planned to simply cancel all 300,000 domains under the .eu top-level domain that have a UK registrant, after the UK’s departure from the European Union. EURid, the company that runs the .eu domain registry was not even consulted about the EC’s decision.

Also, last September the EU added the .eu registry to the official State of the Union document, stating that the implementation and functioning of the .eu top-level domain name would be included alongside copyright, cybersecurity, and privacy reforms.  This means that, if the EU is serious (which it appears to be) and proposed amendments are made to the State of the Union document for post-Brexit, anyone who wants to purchase a .eu domain may need to provide proof of EU citizenship, and registry operators will need to verify that proof.

Lost Revenue

As well as damaging the profits of Eurid, the UK citizens who hold a .eu domain make 10% of the registry, and by taking such a hard line, the European Union would be reducing its own revenues by a significant amount if it simply excluded UK citizens from owning a .eu domain.

What Does This Mean For Your Business?

The government may have just lost a ‘no deal’ Brexit vote, but it looks as though the EU had already set itself on a course to stop UK citizens from owning .eu domains with Brexit anyway, even though they will lose the revenue from nearly 300,00 domains.  There had been plans to set up a Commission on the implementation of the rules, but this is unlikely to happen or to be able to change the EU’s decisions in such a short time.  This means that UK businesses holding .eu domains, having websites with those domains and using email linked to them are now faced with the cost and trouble of having to switch to another top-level domain. One key challenge here, is that they may not be able to find their .com or .uk equivalents, thereby causing even more problems.  The EU’s decision looks like being a bad deal for both UK businesses and the EU, and seeking advice both from the registry and / or other independent legal advice may be advisable at this point.