What is NIS 2?
NIS 2 (short for “Network and Information Security Directive 2”) is the European Union’s second directive on network and information security. Among other things, it includes new, stricter requirements for domain registries in the EU and aims to strengthen cybersecurity.
The NIS 2 Directive entered into force in early 2023 and is expected to be transposed into national law by most Member States in the course of 2025.
What are the requirements for domains under NIS 2?
According to Article 28 of the Directive, Member States must ensure that registries of top-level domains (TLDs) from the EU (e.g. .de, .at and .fr) maintain accurate and complete data on domain owners.
This data should enable the relevant registries to identify and contact domain owners at any time. It will therefore no longer be possible to register ccTLDs from the EU using false data.
The following data will have to be collected:
- Domain name
- Date of registration
- Name, e-mail address and telephone number of the domain owner
- E-mail address and telephone number of the point of contact if the domain is managed by a third party
Which domain names are affected by the requirements?
All domain names with top-level domains (ccTLDs) of EU Member States are affected, including .de, .at, .fr and .it. Domain extensions from countries outside the EU (e.g. Switzerland with .ch) and generic TLDs such as .com, .org and .net are not affected by the NIS 2 Directive.
Why is Hostpoint affected?
The NIS 2 Directive obliges registries to verify the accuracy of the data they hold concerning domain owners. The data is usually not collected by the registry itself, but by the registrar through whom the domain is registered. Therefore, it is the responsibility of domain registrars to verify the data at the registry's request. Additional and/or repeated checks, which may be requested by the respective registry, are possible at any time and must be carried out.
Example: You are registering a .de domain with Hostpoint. When ordering, you provide your contact details. These are verified by Hostpoint on request and forwarded to the relevant registry (in this case DENIC).
How can I verify my data?
If one or more of your domains are affected by NIS 2, we will notify you by e-mail or post. You can then verify your details directly in the Hostpoint Control Panel or using the QR code provided. You will be told exactly how to proceed in the e-mail or letter.
Please note that the verification requirements may vary depending on the registry. It is therefore possible that you will also be contacted directly by a registry to verify your e-mail address (e.g. via a confirmation link in an e-mail).
Who has access to my data?
All non-personal data can be made publicly available by the registry. This means that the domain name, the date of registration and the competent domain registrar are published. In our case, “Hostpoint” is displayed as the domain registrar for .ch/.-li domains and “Ascio” for all other ccTLDs. The data can be queried via the WHOIS database.