dot-EU-is-going

don't get caught out…

Download the PDF

What's this about?

British-owned Internet domain names in the .EU hierarchy (anything ending in ".eu") may disappear from the internet on "Brexit day", 31st March 2019.

This is because they are owned by UK nationals or UK companies.

That's the problem, in a nutshell. There's more detail below, and links to sources if you want to read up on it.

But this site is intended as a helpful guide to avoiding consequential problems, rather than just a record of the saga!

It's just possible this change might never actually take place (you might want to read that bit!). If it does, though, and you are affected (and you haven't planned), you will almost certainly experience business disruption, which could be expensive.

Why is this happening?

The .EU top-level domain on the internet is one of very few that has a direct "political" connection.

It's controlled by the European Union, governed by EU regulation and an agreement between the EU and ICANN, which is the American-based organisation that manages internet domains for the Western world.

Unlike the .COM domain, for example, which has just come to mean "commercial" across the globe, the .EU domain is intended to signify that domain ownership is within the EU (that's the political bit). When the UK leaves the EU, on "Brexit day", British businesses and individuals will lose the automatic right to register and use .EU domains (this is reserved for EU citizens and entities).

All that is simply longstanding EU law. The new and potentially nasty bit is that (at the time of writing) the EU Commission has suggested there will be no transition period, and that on 31st March 2019, it may immediately "turn off" any .EU domains that don't satisfy its ownership rules.

We are not lawyers, but our reading of the relevant documents suggests it has the lawful power to do this (and it sort-of makes sense: see below).

This site is about the problems arising from suddenly removing British .EU domain names, and, if you own a .EU domain, what you can do to avoid issues (as much as possible). We originally wrote this as a document to help our existing clients, but we think it probably has wider value, which is why you are reading this now…

Implications

(As we find more, we'll add to this list).

Issues for web sites and servers.

If the EU does this, it is most likely that affected domains will "vanish" from the internet over a roughly 48-hour period. Internet name servers (the DNS system across the global internet) simply won't be able to find a valid route to them any more, so typing my-british-domain.eu into a browser will just generate a failure message, even if the server is working normally. It will look as if your server (or your business) just isn't there any more!

The caching of domain lookups and web pages may delay this effect for users . It is hard to predict how quickly or how badly individual sites will be affected.

The effect on Google search rankings

This is an implication of what the EU is proposing to do, rather than a confirmed issue: All the search engines index web sites by domain. Even if you have a replacement domain name ready, if you are forced to change your domain in a hurried, unplanned way, you risk dropping down search results pages, probably by many positions (depending on context), and disappearing for practical purposes.

We don't yet know if there will be any help from Google et al to mitigate this problem. Assuming there isn't any, you can minimise the effects by changing over early and carefully, but even then there will almost certainly be problems.

Also affected, obviously, will be any advertising collateral you have, either internet-based or more traditional—anything which mentions your .EU domain. Bear in mind print lead-times and the possible need for redesign.

Email

The world's email system also relies on DNS to route messages correctly. This will also be affected, as messages addressed to joe@my-british-domain.eu probably won't arrive (or at least the service will be highly erratic). Messages sent from that address will probably be delivered (or could be), but may be caught in spam traps or treated as malign, as their origin will become suspect.

Connecting to web-based services (using email as ID)

The most common method of initial identification when users connect to a web service is to use an email address they supply as their ID. Google does this, so does Dropbox, as do many other services in common business use. Obviously if that email address becomes invalid for any reason, it will cause big problems. The longer you allow for any switchover, the fewer "show-stopping" issues you will have.

Issues with security certificates

These are part of the behind-the-scenes technology for many parts of the internet's commercial activities. They make web browsing and online shopping very difficult to snoop on ("impractically difficult").

Since the second half of 2017, major web browsers will show warnings to users if any site they visit doesn't have a correctly installed and configured security certificate. But certificates are tied to domain names, so if you need to use a different domain name, your security certificates must change to match it, too.

Issues with Cloud-based office productivity applications

Many of the leading products use similar security technology to web browsers (most actually run inside a browser window). These will be affected, as will their related email systems. Again, you may need to migrate your users to a different domain, to prevent loss of access to their data, and potentially to the applications themselves. Note that nobody should actually lose data (and anyway, you do make backups, we presume!), but access to that data may not be possible if domain-name-based credentials can't be used for authentication.

What do I do about my .EU domain?

This is our suggested four-step plan:

1. Pick a suitable new domain name

The actual choice is a marketing thing, probably. You may even need to use a focus group to identify the best choice(s), as domain names mean a lot more than just an internet "address".

If the "EU" part of your existing URL is very meaningful, for example, if you are a haulier with routes across the EU, there's no reason you can't imply that in a .UK domain name.

It's very much your choice: https://hauliers-eu.uk, might be good.

2. Ask your IT team to find affected systems

We don't know every system that could be affected, but broadly anything that uses your existing domain name to route things will probably have issues. If necessary, contact any software companies or cloud service providers involved to get their opinions.

In our opinion, a long checklist (with unnecessary things on it) is better than a too-short one.

3. Identify affected sales collateral and advertising

Work with your marketers and PR/advertising teams to find the issues. Your domain name is used in many areas: online, print and radio ad campaigns, social media, business stationery, vehicles and signs, and sometimes on products and packaging.

If you have a customer portal of some sort, you will probably need a communications plan, too, so that you can be certain they expect the change and are prepared for it.

4. Make a plan—act on it as soon as possible

Changes on the internet always take time to be effective. Sudden alterations are almost always problematic (unless you spend a lot of money!), so the earlier you can make your changes, the lower the risk of interruptions to your business on 1st April 2019.

Remember you can (and probably should) use your old and new domain names simultaneously. This overlap will help customers and suppliers and staff get used to the change, and there are few downsides.

Over the next few months you can redirect traffic to your new domain (that's Web users, and the business systems we mention above), in a controlled way. With luck, many of your customers and business partners will notice no issues at all.

But start as soon as possible: if you delay, it will become increasingly hard to make a smooth transition, and there will almost certainly be damage to your business.

No .EU domain so no worries, right?

Perhaps surprisingly, we do think you should be worried, at least slightly:

If any British entity in your supply chain has a .EU domain, or, similarly, if you have a British entity as a client or customer (and they have a .EU domain), they will be affected. If you do business with them electronically, you might be affected too. Read the implications (above) for some email and other internet-based productivity tools.

It's not like dealing with a ransomware attack: for you, this will probably be merely a nuisance rather than anything worse, but it's a relatively simple matter to check for .EU domains in your supplier and client records. If you do find any, it's probably then sensible to ask those firms if they are at risk and what they're planning to do.

Will this really happen?

We can't say right now: this may just be another way for the EU to apply pressure to the UK during the Brexit negotiations.

At one level it makes sense to distinguish between EU and non-EU domain ownership, however there are many top-level domains that don't have a geopolitical basis: .COM and .TV being two examples (.TV is the country domain for Tuvalu in the Pacific, but mostly used for TV series web sites, etc.). There are plenty of precedents.

The .EU domain could be used in the same way, and that's the most common reason why people use it—that their business strongly connects to the EU—but using it this way amounts to a political decision for the EU itself.

The relevant EU documents, however, do have geopolitical overtones: the domain was clearly intended to be only used for entities owned or based in the EU. At the time of writing, this seems to be the rule the EU wants to keep to, be it useful or otherwise.

We've included links to source documents (below), and we'd encourage you to read them and make up your own mind.

How we can help you

Things we can do

We can help you investigate your .EU domain and develop a strategy to mitigate the effect this EU change will have on your business.

We also help with and consult about GDPR compliance issues too. Even though the law is now in force, you can still comply without penalty. Talk to us if you need advice or help on the technical and IT security aspects of this.

Contacting us

If you need further help, please call us ASAP on 0117 3 700 777 or email andy.poulton@bristolitcompany.com.

Remember: your organisation, your customers, and any other entities you work with, may all need time to adjust to necessary changes. The sooner you start work on this, the smaller the impact it will have on your business!

Who are we, anyway?

We are Bristol IT Company, and we do exactly what our name suggests, provide IT support and development services to a range of clients, in Bristol and the rest of the United Kingdom.

We make a point of ensuring technology gives our clients strategic advantage, and of explaining the complex stuff so the value of it (or the issue in this case!) is understandable.

We blog about IT issues too, but in this case we thought it would be helpful to have one place where relevant information could be quickly found by someone searching—that's why you're here, probably.