In the Netherlands, Stichting Internet Domeinregistratie Nederland (SIDN) maintains a digital registry of over 6 million “.NL” websites, including government sites such as government.nl and politie.nl. Similarly, the Dutch vaccine registration portal, comparable to the U.S. Centers for Disease Control and Prevention (CDC), is hosted in the .NL country code top-level domain (ccTLD), as its official name suggests. If consumers want to access these .NL websites for tax returns, applications for rent or childcare benefits, or vaccination plans, SIDN ensures this is possible. In its role as a technology registry, SIDN plays a modest but important role in the use of the .NL portion of the Internet. However, SIDN wants to expand its core competencies and appears to be seeking to earn more revenue at the expense of the collective security of the Dutch internet.
Recently, SIDN surprisingly decided to outsource some of its relatively mundane registry work to US cloud company Amazon Web Services (AWS). The announcement caused a storm of surprise and criticism. Academics, industry representatives from the EU cloud community, technologists from the Internet governance ecosystem, members of civil society, and politicians all spoke out about the dangers of moving some of SIDN’s functionality from servers to the AWS cloud. . SIDN, an organization that most Dutch Internet users have never heard of, even if they use its services every day, suddenly became front-page news. The case speaks to an important trend in the migration of critical government-run services to U.S. cloud giants with little regard for the potentially harmful long-term effects and broader technology This is of interest to policymakers.
Why Dutch registries are moving to AWS, and why now? SIDN’s chief technology officer claims that based on outsourced advice, European cloud companies are unable to provide the necessary services. The advisory report on which he bases his claims is not made public. If SIDN’s claims are true, it suggests that European cloud companies are unable to offer relatively simple computer systems. This is an absurd assumption, given that his SIDN counterparts in other European countries, such as France (.FR) and Germany (.DE), independently manage their Internet domains. These countries and markets are much larger than the Netherlands, a small country with only 18 million residents, 6 million registered domain names, and 3.3 million DNSSEC .nl domain names.
The choice to move these critical Internet governance services to AWS appears to be driven by commercial as well as technical reasons. SIDN, like many registries, is looking for ways to turn its technical expertise into new revenue streams and tap into the lucrative Software-as-a-Service (Saas) market. In a short sentence of SIDN’s press release that caused the initial uproar, the organization says it offers domain name registration software and sells it as a service, meaning it offers subscription-like services in the same way consumers pay for Spotify. He also stated that he intends to sell it. Or a Netflix account. This will be a new commercial direction for his SIDN and will create a regular source of income on top of its existing income. These SaaS ambitions really require a cloud platform as global as the market SIDN aims to tap. Given that these commercial plans were a major influence on his decision to switch to SIDN’s US provider, the SIDN CTO is correct in pointing out that AWS is certainly a better partner than its European competitors.
SIDN is also right to point out that the organization is following broader trends. European companies are rapidly outsourcing the management of their digital systems to US companies. SIDN only accelerates this problematic trend by loudly claiming that it is no longer possible to find a cloud provider in Europe. The well-known risks to the political independence that the public expects from organizations classified as “providers of essential services” under Dutch law appear to be ignored. The Dutch Internet, who describes himself on his website as “an expert in his business and is completely independent,” says that even the registry has chosen to outsource key services to Amazon. Then who is still independent?
Let’s be clear: we don’t think moving to AWS is a good idea. As a technology player, what business does SIDN do with the commercial software industry, or with AWS? Regardless of the wisdom of the choices made by the broader European business community, SIDN refers to itself as “. We need to set higher standards for the companies behind NL. The importance of .NL cannot be overstated. If his AWS service in .NL is disrupted, not only will the Internet in the Netherlands be disrupted, but communications from abroad will also be cut off. In this situation, SIDN cannot spearhead the AWS helpdesk due to its small size compared to the cloud giant’s global customers. We must openly question SIDN’s commercial ambitions, especially when they come at the expense of maintaining control over core functions and critical services.
Can’t the Dutch government intervene? Believe it or not, .NL (which stands for “Netherlands” after all) is not within the direct purview of the government. SIDN is a private law foundation and currently consists of four different Private Limited Companies (Bvs). However, pressure can be applied. There are “terms and conditions” by which the government allows SIDN to operate .NL services based on two conditions. First, decisions must be made in consultation with the Internet community. Second, there must be a “connection” with the Netherlands. It is unclear at this time the extent to which discussions have taken place with the government on this issue. Equally unclear is how SIDN intends to meet the “Dutch connectivity” conditions after making the decision to outsource key functions to his AWS. The lack of answers to these questions highlights the importance of ensuring that the European cloud industry is at least involved in ‘must-have’ applications such as .NL, if not the primary provider. I’m doing it. By outsourcing its domain to an organization outside the Netherlands without thorough consultation, SIDN breached the trust in the non-binding treaty.
The Dutch parliament is currently monitoring the situation, and several politicians have questioned the decision. We hope they reconsider his oversight of SIDN and realize that this kind of core infrastructure should no longer rely on the cloud in general and the American tech sector in particular, just to make money. I hope you will.