Skip to main content
European Health and Digital Executive Agency (HaDEA)
Appel à propositionsEn cours

Equipping backbone networks with high-performance and secure DNS resolution infrastructures - Works

Description

The proposal for this topic shall meet the following requirements at the level of users and services:

1. Customer base: Support the deployment of a recursive European DNS resolver service infrastructure serving EU-based internet users in need of privacy-respecting and secure DNS resolution to access resources on the internet. These users encompass socio-economic drivers, actors operating data and cloud infrastructures across the EU, public and private corporate users, and residential internet end-users in the EU. The proposal shall aim at a high adoption rate by addressing multiple customer bases (e.g. residential, education, governments, and vertical sectors).

2. Availability and service level: Provide wide geographic coverage in the EU, and ensure high reliability and uptime, as well as low latency of DNS resolution through among others a large distributed footprint (Points of Presence) and redundancy.

3. Accessibility: Ensure broad accessibility from user equipment, such as home routers and user devices, as well as from user software, such as major operating systems and browsers. DNS4EU shall be easy to configure by non-experts thanks to clear user guides and other support material available, including in audio-visual format, via a dedicated website under a clearly branded URL. The website shall contain all the relevant technical, legal and transparency-related information (e.g. protection of privacy, technical use of data) of the service.

4. Discoverability: The service shall be widely discoverable by major browsers, operating systems or user equipment. To this end it will be important to engage with industry groups (e.g. web browsers, ISPs), with the DNS standardisation community (e.g. DNS over HTTPS (DoH)) and other stakeholders.

5. Premium and wholesale services: Provide opt-in paid premium services for enhanced security (e.g. ad hoc filtering, monitoring, 24x7 support), tailored to specific sectorial needs (e.g. cloud, finance, health, transport), as well as wholesale resolution services for other digital service providers, including ISPs and cloud service providers.

6. Residential services: Offer to residential internet end-users strictly opt-in and fully transparent parental control filtering services. Other possible URL filtering services could also be offered in a strictly opt-in and fully transparent way. Such optional filtering shall be fully in line with national and EU rules (see below).

The proposal for the service infrastructure shall comply with the following security and privacy requirements and standards:

7. Security: State-of-the-art protection against cybersecurity threats by blocking malware, phishing and other threats based on reliable and up to date global threat feeds and own threat feeds developed on the basis of own threat detection and analysis as well as information exchange with trusted partners (e.g. CERTs), addressing in particular local threats (e.g. based on EU-languages). The corresponding threat detection and analysis infrastructure should be an integral part of the DNS4EU service infrastructure and provide a very high level of protection in the EU.

8. Data processing: Data processing shall be established through transparent and published policy and rules, in full compliance with EU rules (see below). DNS resolution data and meta-data shall be processed in the EU. There shall be no monetisation of personal data. Potential use of aggregated data (e.g. for cybersecurity analysis) shall be specified and made transparent.

9. Internet Standards: The service infrastructure shall conform to the latest security and privacy-enhancing standards (e.g. HTTPS, DNSSEC), including DNS encryption (e.g. DNS over TLS (DoT) and DoH) and be fully IPv6 compliant.

10. Best practices: Notwithstanding other requirements of this call or applicable law, the service infrastructure should be designed in line with industry best practices and guidelines for the provision of secure and privacy-preserving DNS resolution

The proposal for the service infrastructure shall comply with EU regulation and applicable national regulations of its Member States, in particular:

11. Data protection and privacy: Compliant with GDPR and national rules, where applicable.

12. Lawful filtering: Filtering of URLs leading to illegal content based on legal requirements applicable in the EU or in national jurisdictions (e.g. based on court orders), in full compliance with EU rules.

The proposal for the service infrastructure shall ensure a forward looking approach regarding technological innovation:

13. Technology/Innovation: The selected consortium will be expected to test and deploy innovative technologies, including the latest DNS security and privacy-enhancing technologies and technologies for the development and improvement of cybersecurity threat feeds, in collaboration with third-party innovators.

Priority will be given to proposals addressing the following aspects:

14. Governance/Federated structure: A federated and expandable service infrastructure with a diverse membership is preferred in order to maximise the footprint and customer base of DNS4EU across the EU, reduce costs through shared resources and ensure the long-term sustainability of DNS4EU.

The applicants may apply for grants for works, including studies. The grants are for:

  • project costs (e.g. studies, works and equipment) related to the development, construction and deployment of cross-border and national DNS resolution infrastructure at physical and functional levels for the foreseen system lifetime;
  • other equipment, goods, works and services necessary to support the infrastructure services.

Costs for operating the infrastructure during its lifetime will be excluded under the call.

Proposals funded under this topic may include synergetic (ancillary) elements relating to another sector of the CEF programme, i.e. energy and transport, if these synergetic elements allow to significantly improve the socio-economic, climate or environmental benefits of the action. CEF co-funding may be provided as long as the cost of these synergetic elements does not exceed 20% of the total eligible costs of the action.

Please consult the Call document for more information on the scope, including digital security requirements.