IE-Annual-Report-&-Review-2024

Description of risk / Risk area What we are doing to manage the risk Risk Pillar 2 - Strategic Third Party Risks (TPRM) Risks from critical supplier failure or supply chain vulnerabilities and disruptions, including by state actors. Dependencies on cloud services and suppliers of licensed software. Impact of AI and Quantum computing are unknowns. There are risks from reliance on a highly concentrated Registrar channel. ▶ Our ISO 27001 certification incorporates management of third party risks. ▶ Resilience, redundancy and continuity measures are built into critical services. ▶ Critical supplier management:- reviews and service level monitoring. Includes critical supplier due diligence, de-listing if necessary. ▶ We have a Registrar Accreditation Framework in place. ▶ Incentives are in place to encourage new and existing registrar customers to allocate resources to growing the .ie namespace. Intensity of competition Risks in relation to digital disruption and innovations from global Internet giants, which offer platforms, new apps and free services, financed by advertising revenues. The company faces risks associated with its development of new services which may not become commercially sustainable. ▶ We are taking strategic measures to reduce dependence on a single source of revenue. ▶ Pricing Policy and guardrails incorporate the imperative of our cost recovery registry model. ▶ Board oversight of new service development is undertaken by a dedicated sub-committee of the Board. ▶ Budgetary cycles provide guardrails and controls to prevent cost overruns. Reputation and Brand Risks to reputation and brand. ▶ Risks to reputation and brand are dealt with as derived risks under each Risk Area. Economic High dependence on GNP growth to generate Domain growth. The ongoing geopolitical uncertainty, war in Ukraine, trade and tariff disputes leading to inflationary pressures and low growth in EU economies. ▶ We invest in exploiting headroom for domain growth in the Irish market, where GNP currently exceeds EU averages. ▶ We are developing our products to remain competitive ▶ We emphasise operational cost control and efficiencies ▶ We are actively developing a pipeline of new channel opportunities Risk Pillar 3 - Governance, Legal & Regulatory Increased costs of compliance with a significant number of EU regulations represents a risk to medium-term registry profitability, and potentially an existential risk to some Registrars viability. Any breach of legislative or compliance requirements, or serious failures, could lead to a loss of confidence from significantly interested parties. ▶ Through active stakeholder engagement in our PAC, we continue to seek input and feedback from across our stakeholder groups ▶ Maintaining strong relationships with key government stakeholders, and National Competent Authorities (NCAs) ▶ Demonstrate our commitment to the multi-stakeholder and self- regulation models for Internet Governance ▶ The effectiveness of the IE Domain Registry’s governance structure provides operational and organisational stability which generates confidence from stakeholders. ▶ Alignment of Internet Governance with the wider technology industry remains a priority for Ireland’s government. ▶ The .IEs DPO programme of work demonstrates GDPR compliance Risk Pillar 4 - Financial Exposure to stock markets and financial market volatility exposes financial investments to ongoing risks. IE Domain Registry is a company limited by guarantee, so its financial reserves (Members’ Funds) are its only source of capital. ▶ A combination of appropriate investment principles, advice from independent investment advisors and oversight by a board subcommittee manages these risks. ▶ Financial investments, in a moderate risk portfolio, are managed by a discretionary investment fund manager. ▶ Active cost control process and periodic RFPs for procurement. ▶ New strategic initiatives remain within the parameters and guardrails of Designated Funds within the corporate Reserves Management Policy Governance IE Domain Registry CLG t/a .IE / Annual Report & Review 2024 13