NordVPN Promotion

Home / Blogs

How the EU’s NIS 2.0 Can Help Solve the Challenge of Domain Name Registration Data Accuracy and Access

Over the past twenty years of my engagement in the ICANN multistakeholder process, one topic that has always been near and dear to me has been improving the accuracy and access to domain name registration data in a way that respects the legal rights of both registrants and requestors of registration data. Sadly, the glacial pace at which ICANN develops and implements policy has prevented a holistic solution to the problem. I believe, however, that the European Union’s NIS 2.0 directive provides a framework for this holistic solution to become a reality.

My paper title, Suggestions for NIS 2.0 Implementation Guidance to Achieve the Goals of the European Union Regarding TLD Name Registries and Entities Providing Domain Name Registration Services under Articles 21 and 28 was inspired by the thought leadership that European ccTLDs have undertaken to enhance the accuracy and access to registrant registration data. Below are a series of recommendations that hopefully inform the work of Member States and the Cooperation Group.

  • All domain names registered by a TLD name registry and entities providing domain name registration services shall publicly identify the registrant as either a natural or legal person.
  • If the TLD name registry or entity providing domain name registration services permits privacy/proxy registration services, it shall identify the beneficial user/customer as the contact administering the domain name and their status as either a natural or legal person.
  • TLD name registries and entities providing domain name registration services shall establish and abide by administrative processes to permit third parties to contest various aspects of domain names registered within that TLD, e.g. accuracy of all registrant data fields outlined in Article 28, access to non-public domain name registration data in the case of illegal/abusive activities, the registration and use of the domain name by an alleged natural person, etc. These administrative processes need to be publicly posted on the website of each TLD name registry and entity providing domain name registration services.
  • TLD name registries and entities providing domain name registration services must provide differentiated[1] public access to the required data fields listed in Article 28 corresponding to the registrant type (e.g., natural/legal person).
  • TLD name registries shall maintain a complete set of registration data (as required by NIS 2) in a dedicated database for that TLD.
  • TLD name registries and entities providing domain name registration services shall take affirmative steps to identify any suspect registrations (e.g. inaccurate registration data or potential abuse) to flag for subsequent investigation/verification. Any registration flagged by a TLD Name Registry or entity providing domain name registration services shall undergo enhanced verification, e.g. eIDAS level “substantial.”

The full text of the white paper, available here, provides a detailed analysis of the basis for these and other recommendations.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Michael D. Palage, Intellectual Property Attorney and IT Consultant

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

NordVPN Promotion