The Network and Information Security Directive 2 (NIS2) introduces significant changes for domain registrars, registries, and registrants across the European Union. Article 28 specifically establishes requirements for domain name registration data verification.

Key Requirements

Article 28 of the NIS2 Directive requires domain name registries and registrars to:

• Collect and maintain accurate and complete domain registration data
• Implement verification procedures to confirm registrant identities
• Publish non-personal registration data
• Provide access to personal registration data for legitimate access seekers
• Process legitimate requests for data disclosure without undue delay
• Have procedures in place to address incorrect registration data

Implementation Challenges

While NIS2 establishes these requirements at the EU level, the implementation details are left to individual member states. This creates a complex landscape for domain registrars and registries operating across multiple EU countries, as:

• Verification requirements vary between member states
• The level of identity verification differs significantly
• Different countries are at various stages of implementation
• Compliance deadlines and grace periods are not uniform

Our implementation matrix provides a comprehensive overview of how each EU member state is implementing Article 28, helping registrars and registries navigate this complex regulatory landscape.