NIS2 Guideline
At the end of 2022, the European Union adopted the Network and Information Security Directive 2, or NIS2 for short. This directive must be transposed into national law by mid-October 2024. The core of the directive is that a large number of organizations are classified as important or essential and must therefore meet stricter network security requirements.
The NIS2 Directive also applies to the registration of domain names. All organizations operating in this area are covered by the directive and the registration data of European domain name holders must be validated. While this seems to be a small part of the overall directive, it is very important for organizations with a large domain name portfolio. This is because inaccurate or outdated data can have unpleasant consequences.
At the heart of the NIS2 directive is the obligation for member states to enact laws that impose security requirements on companies and institutions that are critical. This includes sectors such as energy, logistics and finance. The definition of what is considered critical has been greatly expanded. The NIS2 introduces the terms "important" and "essential" entities, significantly broadening the scope of the directive.
The NIS2 not only covers the security of critical infrastructure, but also sets out requirements for the registration of domain names. For example, Article 28 of the Directive requires TLD name registries and entities providing domain name registration services to collect and maintain accurate and complete registration data. This data must be validated through a process very similar to that currently used for gTLDs.
For companies and organizations, this means that it is essential that the data used to register their domain names is accurate and that they have procedures in place to keep this data up to date. Failure to do so could result in a domain name being taken offline along with its associated applications or websites. This is a particular risk for large organizations where departments, employees and legal entities are constantly changing. Centralized management of the domain name portfolio is therefore more important than ever.
What does this mean for you as a customer with a domain name?
What it certainly means for you as a customer of MijnHostingPartner.nl is that you will receive additional checks from both us and the parent parties (SIDN, ICANN, EURID, DNSbelgium) on your name, telephone number and e-mail address that you provide during registration. This may even go beyond this information, but we cannot confirm this at this time. In fact, we are not yet aware of this information. These checks are also carried out for domain names that have already been registered. Just like domain name renewals. So it is not just about new domain name registrations and is also carried out retrospectively.
As you can understand, this means a lot of work and it is more than important to pay attention to what data you enter when registering domain names. And that you always keep an eye on this when you receive requests. Also make sure that you appoint a central person to take care of this and that these details are correct. Always check the authenticity and the organizations behind it, and if in doubt, always ask us first before clicking on a link in an email. In the near future, we will of course be writing detailed knowledge base articles on this topic, pointing out the legitimate emails and what actions are expected of you when registering a domain name.
As soon as we learn more about this, we will share it in a new blog post and add it to our knowledge base. So that you know where you stand when registering a domain name.
Source:
https://www.sidn.nl/nieuws-en-blogs/overzicht-domeinnaamportfolio-wordt-belangrijk-in-2024