Our governance impact in 2024 

The governing body consists of fourteen members; three women and eleven men. All members are represented by the founding and full members of DNS Belgium. Members are selected autonomously by the members themselves, with special attention for diversity and inclusion. No conflicts of interest were identified relating to the composition of the governing body. ESG criteria are currently not explicitly included in determining the directors' remuneration. They receive an allowance for expenses as laid down in the articles of association of the non-profit organisation.  

The CEO, Philip Du Bois, is responsible for the day-to-day management of the organisation. He is responsible for the efficiency of the operational activities and is accountable to the governing body.  

Corporate governance charter  

In 2023, we laid down governance guidelines in a Corporate Governance Charter which set out the ten basic principles we follow to guarantee an ethical and transparent governance. These principles comprise aspects such as integrity, responsibility and the compliance with legal requirements. Discover our Corporate Governance Charter.  

Transparency  

Transparent communication to all target groups is important to us. That is why we draw up an annual general, financial and sustainability report. All annual reports can be found here. Statistical data, such as the number of .be domain names per month, can be found under statistics  on our website.  

Ethical conduct  

Ethical conduct is key to our operations and is safeguarded and communicated to our employees, third parties and directors through our Guide for Ethical and Sustainable Behaviour and our Corporate Governance Charter. As in previous years, DNS Belgium has not been convicted or fined in 2024 for violating anti-corruption or anti-bribery laws. 

2. Maximising cybersecurity 

Maximising online security is one of our top priorities. First and foremost we make every effort to guarantee the technical performance of our own systems. At the same time we maintain and improve our ISO27001 certification to ensure our systems remain robust and operational.  

Ensuring the technical performance of our own systems  

DNS Belgium's commission is to guarantee the availability and integrity of the .be zone, regardless of cyberattacks or other incidents. One component of this is a specific setup with local nameservers at the country’s largest internet service providers (ISPs). This ensures that .be domain names are accessible at all times.The availability of our registration platform is also very important. This allows .be domains to be consulted and registered at any time, with information that is always correct. In 2024, we achieved a 100% availability for our nameservers and 99.99% for our registration platform. You can check the current status of our systems by clicking this link.  
 

Finally, we aim to ensure that at least two staff members possess the critical knowledge required to maintain this performance. We measure this by compiling an annual knowledge matrix to determine where there is (in)sufficient knowledge and to detect potential gaps or risks. These are then addressed by giving sufficient attention to internal knowledge sharing and training opportunities for staff. In 2024, the score for this KPI was 84%, an improvement of one percentage point compared to the previous year. 

ISO 27001 certification for cybersecurity  

In 2024, we strengthened our internal cybersecurity policy by migrating to the ISO/IEC 27001:2022 standard, the latest ISO certification for information security management systems. We conducted three audits and an additional transition audit of our information security policy. All audits were positive and any identified issues were resolved. By implementing the audit recommendations, we met the Key Performance Indicators (KPIs) we had set ourselves in terms of cybersecurity.  

3. Combating internet fraud and illegal content 

Combating illegal content and internet fraud in Belgium is an important social responsibility of DNS Belgium. This is why it's embedded in our sustainability policy.  

DNS Belgium is constantly investing in research and development in the field of cybersecurity. We implement strict registrant verification processes, both internally and at our registrars , and work closely with a wide range of partners to actively detect, identify and take action against malicious domain names where necessary.

a. R&D in terms of cybersecurity  

Our R&D department continues to conduct research into cybersecurity and develops new tools to keep the .be zone safe. Thanks to the 'Baekeland Mandate’, a VLAIO project, we were able to intensify our R&D efforts in 2024 by hiring a PhD researcher from KU Leuven. The PhD research will primarily focus on innovation within our registrant verification process. 

b. Registrant verification  

In the event of suspicious domain name registrations, we perform an additional verification step to make sure nothing untoward is going on. Both individuals and businesses have to go through additional verification steps in the event of suspicious registrations. This is to prevent domains being used for malicious activities such as phishing , malware and domain squatting (such as the unauthorised registration of brand names). In 2022, the online verification process for .be registrations was introduced to allow registrants to easily verify their identity. In 2023, this process was extended by enabling verification at our registrars.    

In 2024 we introduced Regcheck, in collaboration with SIDN (Foundation for Internet Domain registration in the Netherlands), to detect suspicious domain name registrations using Machine Learning. The idea behind RegCheck is twofold:  

• to identify domain names that may be used for malicious purposes.
• to predict whether registrants selected for Registrant Verification are likely to pass the authentication process.  

  In this way , we aim to block even more fraudulent registrations and prevent them from entering the .be zone and causing harm.  

c. Identifying and following up on malicious domains

In 2024, we revoked a total of 1,679 domain names that did not comply with our general terms and conditions due to incorrect registrant data or because the domains had potentially been registered with fraudulent intent. 

d. (Inter)national collaboration for cybersecurity  

Our mission is to keep the .be zone safe. To ensure internet safety, we work closely with a wide range of partners. A full list is available here.  

Below is an overview of our partnerships in 2024.  

NIS2 Sounding Board Beltug  

2024 marked a milestone when Belgium became the very first EU member state to transpose the NIS2 directive into national legislation. DNS Belgium played an active role as a member of the Beltug NIS2 sounding board. Beltug is the association that brings together chief information (security) officers and other key players in the digital technology sector. As a member of this sounding board, DNS Belgium participated in meetings, reviewed draft versions of the legislation and provided feedback. 

Cybersecurity Coalition  

The Cybersecurity Coalition is a Belgian partnership between businesses, public bodies and the academic world with the following objectives: to bolster cybersecurity through knowledge sharing and collaboration, develop innovative solutions and influence policy-making at a national level.  

The Coalition is broken down into several working groups, each with a specific focus on different cybersecurity issues. Various colleagues participated in these working groups. Our former sustainability coordinator was co-chair of the Awareness Working Group in 2024. This working group held four plenary sessions and several sub-working groups. In addition, DNS Belgium also plays an active role in the Governance, Risk and Compliance focus group. 

TLD -ISAC  

In 2023, DNS Belgium was one of the founding members of the Information Sharing and Analysis Center (EUR TLD ISAC) and in 2024 assumed two key coordinating roles.Our general manager was Vice-Chair of the steering committee and our Chief Information Security Officer (CISO) led the working group. The CISO developed a new version of the sectoral cybersecurity maturity model, which is used for the two-yearly benchmark conducted by CENTR , the umbrella organisation for European ccTLD registries. The ISAC working group also conducted a threat landscape analysis for the entire ccTLD registry sector. 

Study into phishing within ccTLDs with partner registries 

DNS Belgium and Dutch and Irish registries (SIDN and we are .IE) conducted a large-scale study of the nature of phishing attacks in the .be .nl and .ie zones. The aim was to gain an even better insight into how phishing works, how we can detect it better and how we can protect ourselves against it more efficiently. By joining forces with our Dutch and Irish colleagues, allowing us to pool expertise and data, we were able to operate on a larger scale and gain a broader perspective on how cybercriminals exploit ccTLDs. The study once again highlighted the importance of effective policies and measures of internet registries to limit phishing attacks.  

The results of the study are available here.  

4. Good relationships with stakeholders  

Strong relationships with stakeholders are essential to achieve DNS Belgium's mission. In 2024, we actively maintained contact with various stakeholders, ranging from registrars within our value chain to international organisations, to achieve our goals of sustainability, cybersecurity and digital inclusion.  

a. Relationships with registrars and registrants 

Structural consultation with registrars  

Our registrars are an important stakeholder group. They are organised through the Registrar forum and the Belgian Registrar Association (Bereas). Our goal is to meet with them twice a year, which we managed in 2024. The forum met twice, once hybrid and once live in Leuven. Minutes are drawn up and sent to all registrars. In addition, we continuously invest in our relationships with registrars throughout the year via one-on-one contact to ensure they're closely involved in our initiatives.  

Customer satisfaction – registrars and registrants  

When people contact our support service we ask them to complete a satisfaction survey. Our aim is a score of 8.35/10 (for registrars) and 8/10 (for non-registrars) or higher. In 2024, the registrars achieved scores of 9.66/10 and non-registrars 8.84/10. The overall score was 9.25/10.  

b. Structural consultation with government bodies 

Government bodies are a key stakeholder for DNS Belgium to achieve our mission. This is why we actively invest in building a sustainable relationship with them. Below is an overview of the main public services we collaborated with or were in contact with in 2024 

• As manager of the .be domain zone, our operations fall partly under the supervision of the Belgian Institute for Postal Services and Telecommunications (BIPT), the regulatory public authority for these sectors. We have an ongoing and active relationship with them.
• We're also in contact with the Flemish and Brussels governments to manage the .vlaanderen and .brussels zones.
• DNS Belgium plays a key role in Belgium’s digital infrastructure. In this regard, we work closely with government bodies such as BIPT, the Centre for Cybersecurity Belgium (CCB), and its Cyber Emergency Response Team (CERT). This close cooperation not only enables us to detect cyber threats but also to actively combat them.
• As part of our efforts to tackle internet fraud and illegal online content, we maintain strong ties with government bodies such as the FPS Economy, the Data Protection Authority (DPA), and the Federal Computer Crime Unit ( FCCU ).
• And finally, we invest in active relationships with government bodies such as the Flemish Department of Culture, Youth and Media, the Digital Flanders Agency and the Agence du Numérique of the Walloon government in the context of our initiatives around digital inclusion and raising awareness among internet users about cybersecurity risks.

c. Participation and leading role in various networks and partnerships (CENTR, ICANN, CSC, VCDO)  

To achieve our strategic goals and ambitions, DNS Belgium actively participates in various networks and partnerships. In some, we even take on a leading role. 

Within CENTR, DNS Belgium has a prominent position. In 2024, our Business Development Manager and CISO contributed to the Marketing Working Group and the Cybersecurity Working Group respectively, while our Legal Expert was active in the Legal & Regulatory Working Group.  

We also organised two working group sessions: 

• A meeting of the Legal & Regulatory Working Group in Brussels. 
• A joint session of the Marketing and Admin Working Groups to encourage interaction between the two. 

We are also members of, and actively engaged in, numerous federations and associations, including: CENTR, ICANN /ccNSO, ICANN/RySG, Geo gTLD , IVZ, VSDC, Beltug, RIPE NCC, Cyber Security Coalition, Voka, Unizo, Digital For Youth, Leuven Klimaatneutraal 2030, DigitAll, DNS-OARC, APWG and The Shift. These engagements help us fulfil our mission while also contributing to the sustainability goals of these partnerships. 

5. SDG ambassadorship  

As an SDG Ambassador DNS Belgium serves as a role model in the field of sustainability. This recognition is more than just a title: it shows our commitment to embed sustainability structurally into our operations. We aim to continue promoting this role actively in the coming years and undertake to implement at least 10 successful sustainability actions linked to the SDGs each year. 

In concrete terms, this means we aim to earn the Voka Sustainable Business Charter (VCDO) annually. In 2024, we implemented 20 successful sustainability actions, for which we were once again awarded the VCDO certificate by Voka Chamber of Commerce Flemish Brabant.