The NIS2 Directive tightens the requirements for domain registration data across Europe (Phase I came into force on 6 December 2025 / Phase II on 14 April 2026). The aim is to increase transparency and security in the digital space. For you as a domain holder, this means one thing above all: your data must be accurate, complete and verifiable.
New obligations under NIS2
Domain registrars will in future be obliged to actively collect and validate registration data. This includes, amongst other things, clear procedures for data verification:
- Data relating to legal entities (e.g. GmbH, AG, associations) will in future be displayed publicly.
- Personal data of natural persons remains protected by the GDPR and is not publicly accessible.
When is a domain holder considered a legal entity?
A registrant is classified as a legal entity as soon as the ‘Organisation’ field in the registration record is filled in. This has specific implications:
- If the organisation field is filled in, the organisation’s details are displayed publicly in the RDDS (Registration Data Directory Services).
- If the field is left blank, the registrant is automatically classified as a natural person – personal data is then not published.
Practical tip:
It is best to use role-based contact details, such as ‘info@domain.de’. This prevents personal data from accidentally becoming publicly visible.
What happens if data is missing or invalid?
If contact and domain orders undergo a risk assessment and incomplete or incorrect registration data is found, this can have corresponding consequences – depending on the registry’s guidelines:
- Rejection of a domain registration
- Suspension of an existing domain
- In serious cases, even the deletion of the domain
VX-CASH tip: Act proactively & ensure compliance.
By checking your registration data early on and keeping it up to date, you reduce the need for follow-up enquiries, avoid risks and ensure that domains are managed in compliance with regulations at all times.
Further information
The full ICANN Registration Data Policy is available here:
👉 https://www.icann.org/en/contracted-parties/consensus-policies/registration-data-policy
Further information on this topic: 👉 https://blog.denic.de/neue-gesetzliche-vorgaben-zur-denic-domainabfrage-whois/
