As part of our ongoing commitment to providing secure and reliable services, we are preparing to implement changes in line with the European Union’s NIS2 Directive. This directive aims to strengthen cybersecurity across all member states, ensuring a high common level of security for network and information systems.

What is the NIS2 Directive?

The NIS2 Directive is an updated version of the original NIS Directive, designed to address the evolving landscape of cyber threats. It introduces more stringent requirements and expands its scope to cover additional sectors and services, including those within the domain name industry.

For the Domain Name Industry, Article 28 is the most relevant, which we are focusing our actions on. This article includes the following requirements.

1.  Accurate and Complete Data: Member States must ensure that top-level domain (TLD) name registries and entities providing domain name registration services collect and maintain accurate and complete domain name registration data. This data must be kept in a dedicated database.

2.  Due Diligence: The collection and maintenance of this data must be carried out with due diligence, ensuring compliance with Union data protection laws, especially concerning personal data.

3.  Security and Stability: The aim is to contribute to the overall security, stability, and resilience of the DNS by ensuring that the data is reliable and can be used to mitigate cybersecurity threats.

4.  Stakeholder Impact: This requirement impacts various stakeholders in the domain name ecosystem, including domain name registration service providers, TLD name registries, their resellers, privacy and proxy service providers, and DNS service providers

How does NIS2 effect CentralNic Reseller?

The CentralNic Reseller systems will be adjusted in order to be compliant with the above-mentioned criteria. We are currently working on several technical enhancements to comply with the NIS2 requirements and also to improve the data quality across our platform to be prepared for future compliance initiatives. These changes will be announced in detail soon. Please expect changes at least to the following features:

• Contact Handling
  This will include updates to how we validate and verifiy contact data information. There will be additional requirements e.g. email and phone will become mandatory and have to be provided in a valid format.

• Contact Extensions
  We will be introducing contact extensions to submit and store verification information to a specific contact data. Additionally we will introduce a possibility to specify if a contact object should be considered as a person or organization role.

• New Events for Contacts and Domains Names
  Due to NIS2 we will be introducing new contact and domain events that relate to a request to provide specific contact verification information to prohibit a domain name from resolving due to NIS2 violations.

• Increase of WDRP emails
  We are planning to apply the WDRP email process to all contact objects associated with a product. This is currently limited to contact objects associated with gTLD’s.

• Adaption of TLD specific solutions to our generic contact solution
  In the past we have introduced TLD specific domain extension that will be streamlined with our general NIS2 related adaption of CNReseller for a standardized behaviour across all our products.

These changes will be applied over all our APIs. We will publish detailed information shortly.

Stay Informed

We are committed to keeping you informed about these changes and how they will benefit you. Please stay tuned for further updates and detailed announcements regarding our technical enhancements.
For more details on the directive itself, please visit the official NIS2 Directive page.

Thank you for your continued trust and support.