DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality.
What is DNS?
The Domain Name System (DNS) “translates” human-readable domain names into IP addresses and back, and is essential for accessing websites.
Most users use DNS resolver services provided by their internet service provider (because they are automatically configured) or a public DNS provider like Google or Cloudflare.
DNS4EU is meant to be a resilient, fast, reliable, secure, privacy-friendly and EU-based alternative for those.
The goal of DNS4EU
DNS4EU is an initiative co-funded by the European Union and supported by the European Union Agency for Cybersecurity (ENISA), though the service is expected to be commercialised, “since it has to be sustainable without operational costs from the EU after 2025.”
It is developed and managed by a consortium of private cybersecurity companies, CERTs, and academic institutions from 10 European Union countries, with Czech cybersecurity company Whalebone as its leader.
“The DNS4EU initiative aligns with the EU’s strategic goal of enhancing its digital autonomy by providing an alternative to the existing public DNS services provided by non-european entities,” says the group.
The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems.
As of Tuesday, the full-fledged version of the website is up and running.
"The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and the risks associated with it," ENISA Executive Director Juhan Lepassaar said in a statement announcing the EUVD.
"The database ensures transparency to all users of the affected ICT products and services and will stand as an efficient source of information to find mitigation measures," Lepassaar continued.
The European Union Agency for Cybersecurity (ENISA) first announced the project in June 2024 under a mandate from the EU's Network and Information Security 2 Directive, and quietly rolled out a limited-access beta version last month during a period of uncertainty surrounding the United States' Common Vulnerabilities and Exposures (CVE) program.
Register readers — especially those tasked with vulnerability management — will recall that the US government's funding for the CVE program was set to expire in April until the US Cybersecurity and Infrastructure Security Agency, aka CISA, swooped in at the 11th hour and renewed the contract with MITRE to operate the initiative.
EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published the first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors.
ENISA and CERT-EU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices
PDF Document