|
On June 3, 2020, EURid, the registry for .EU domains, published its timeline and action plan to withdraw and delete .EU domains registered to entities and individuals located in the U.K.
Following the .EU regulations that were published on March 29, 2019, registrations of .EU domain names may be held by EU citizens, citizens of Iceland, Liechtenstein, and Norway, independent of their place of residence—as well as organizations that are established in the EU.
Due to these regulations and subsequently Brexit Day, the day the U.K. formally left the EU, organizations that registered their .EU domains with their U.K. establishments will become non-compliant after the end of the transition period, which is from now until December 31, 2020.
Check that your .EU domain names are registered with entities established in the EU. If any of them are not, modify the registration information in these .EU domain names to those of a legally established entity from one of the eligible EU member states, or be sure to register .UK domain names as alternatives. You must complete any changes by December 31, 2020 because you will not be able to modify any aspect of your .EU domain registrations after January 1, 2021.
Unless you’re not planning on renewing certain .EU domain names after January 1, 2021, there are three immediate risks that you must take note of with regards to this notification:
If any of the .EU domain names in your portfolio are being used for your organization, the domain names should be updated to full compliance so they continue to work and outlast Brexit’s transition period.
Use includes:
Non-compliant .EU domains will cease to work after January 1, 2021 and you will lose control of these domains. At that point, you won’t be able to modify the domain registration information to make them work. The registry will round them up and make them available for general registration after January 1, 2022, and you’ll only be able to make attempts at registering them if you fulfill the .EU registration criteria.
We reiterate the core message in our article that an abandoned domain name could hurt you. An abandoned corporate domain name often carries a footprint of activity that can be leveraged as an attack vector by cyber criminals. If any of your .EU domain names were receiving email before, they could continue receiving email correspondence from unsuspecting entities that don’t know you abandoned the domains.
A re-registered domain name gives the new registrant access not only to emails—but also the ability to reset passwords to accounts, like management or financial portals, databases, and social media—giving criminals the opportunity to compromise your business through phishing attacks, data leaks, social engineering, and more.
In addition, if any of your .EU domain names get a certain level of web traffic, you should continue renewing them. KrebsOnSecurity further wrote that such domain names, if not renewed, could pose as a huge security risk to the organization. Reason being, the domain names could then be scooped up by crooks who could use them to set up fake eCommerce sites that steal credit card details from unwary shoppers. These sites capitalize on the visitor traffic that goes towards these sites even after the domain names expire.
Reducing these risks is the rationale behind why EURid will only purge non-compliant .EU domain names after withdrawing them from the active zone for a full year. Although one year may be a long enough period for significant levels of visitor traffic to die down, the other risks are not completely diminished.
Resourceful bad actors could still potentially register and restore expired domain names, and leverage them in the aforementioned ways.
Review your .EU domain portfolio for non-compliance issues that will arise after the end of the Brexit transition period and modify their registration information where possible, and use tools that can help narrow down your vital domains.
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byCSC
Sponsored byIPv4.Global