2013 - BIS consultation on EU NIS Directive
Download as PDFThis is the response of JISC Collections and Janet Ltd (trading as Janet), the operator of the UK’s National Research and Education Network, to the Department for Business, Innovation and Skills’ call for views and evidence on the EU Directive on Network and Information Security.
Research and Education services are not included in Annex A of the draft Directive, nor are they considered part of the UK’s Critical National Infrastructure. We therefore do not expect Janet to be covered by the Directive.
However it appears that the proposed definition of “market operators” may inadvertently include experimental platforms used in the establishment of national and international digital research infrastructures, even though these are not used by consumers and the social impact of any break in availability is negligible. Making these research platforms subject to inappropriate regulatory duties would severely limit their capacity to innovate and discover both new science and new ways to provide future services in both the academic and commercial sectors.
Definition of a “Market Operator”
Article 3(8)(a) of the draft Directive defines a “market operator” as a “provider of information society services which enable the provision of other information society services”. Directive 98/48/EC defines an “information society service” as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”. This definition appears to cover almost any Internet service, no matter whether it is intended for commercial or experimental use, by the general public or by a limited community of scientific researchers. The UK Government’s guidance states that “remuneration” does not require direct payment by the user; it appears that indirect remuneration of the service operator, for example via research funding, may be sufficient. It therefore appears that any web platform that allows others to construct web applications may fall within the definition of a “market operator”.
Digital Research Platforms
An active area of research in e-Science is the development of platforms (sometimes known as Virtual Research Environments) that allow scientists to construct analytic tools from a library of algorithms, data and visualisations, and then to share these tools with others working in the same field. Examples in the UK include MyExperiment and myGrid. Similar approaches are used across Europe and beyond. Under the current definition there appears to be a risk that such platforms might be classed as “market operators”.
Such classification could impose on experimental research platforms obligations and standards designed for those providing mass-market consumer services. In particular, under Article 14(1), they might be required to follow prescribed approaches to designing security and resilience measures. Since one of the aims of the research is to discover new ways to achieve security and resilience, such a requirement would contradict this purpose and seriously limit what could be achieved.
Nothing in the draft Directive or its accompanying papers suggests research platforms were intended to be included; this appears to be an accidental consequence of earlier definitions. We suggest that this could be remedied by limiting the definition of market operator to platforms that support the provision of information society services to consumers, closer to the natural meaning of the term.
