Awareness Training - Save 60% on Yearly Plan.
Prices
Book Demo

Article 28

Database of domain name registration data

1.   For the purpose of contributing to the security, stability and resilience of the DNS, Member States shall require TLD name registries and entities providing domain name registration services to collect and maintain accurate and complete domain name registration data in a dedicated database with due diligence in accordance with Union data protection law as regards data which are personal data.

2.   For the purposes of paragraph 1, Member States shall require the database of domain name registration data to contain the necessary information to identify and contact the holders of the domain names and the points of contact administering the domain names under the TLDs. Such information shall include:

(a)

the domain name;

(b)

the date of registration;

(c)

the registrant’s name, contact email address and telephone number;

(d)

the contact email address and telephone number of the point of contact administering the domain name in the event that they are different from those of the registrant.

3.   Member States shall require the TLD name registries and the entities providing domain name registration services to have policies and procedures, including verification procedures, in place to ensure that the databases referred to in paragraph 1 include accurate and complete information. Member States shall require such policies and procedures to be made publicly available.

4.   Member States shall require the TLD name registries and the entities providing domain name registration services to make publicly available, without undue delay after the registration of a domain name, the domain name registration data which are not personal data.

5.   Member States shall require the TLD name registries and the entities providing domain name registration services to provide access to specific domain name registration data upon lawful and duly substantiated requests by legitimate access seekers, in accordance with Union data protection law. Member States shall require the TLD name registries and the entities providing domain name registration services to reply without undue delay and in any event within 72 hours of receipt of any requests for access. Member States shall require policies and procedures with regard to the disclosure of such data to be made publicly available.

6.   Compliance with the obligations laid down in paragraphs 1 to 5 shall not result in a duplication of collecting domain name registration data. To that end, Member States shall require TLD name registries and entities providing domain name registration services to cooperate with each other.

Frequently Asked Questions

Under NIS2, registries and registrars must collect information including the domain name itself, registration date, the registrant’s full name, email address and phone number, plus the contact details of whoever manages the domain if this person is different, all stored securely and according to data protection laws.
Personal information stored in domain name databases under NIS2 is protected by data privacy rules, meaning only legitimate parties with a lawful and justified reason can request this data, and they must receive a timely response within 72 hours, following clear procedures publicly outlined by the database operators.
Registries under NIS2 must verify the accuracy of collected information and openly share their policies to ensure transparency, build public trust, and confirm they follow the rules in maintaining secure, accurate, and reliable databases for domain name registration, helping to keep the internet safe and stable.
Yes, NIS2 mandates that non-personal details of domain registrations, such as the domain name itself and the registration date, must be publicly released quickly after registration occurs, ensuring transparency of basic domain name information without compromising personal data privacy standards.

NIS2 Training

Start Training

Book Demo

We will get back to you via email as soon as possible.