What is NIS2 and Article 28?
The NIS2 Directive is a European Union cybersecurity regulation that aims to increase the security of digital services and infrastructure and improve the trustworthiness of data across the EU.
Article 28 of NIS2 focuses on the obligation of domain registries and resellers to ensure that domain owner data is accurate, up-to-date and verifiable – this helps to reduce fraud, misrepresentation and cybersecurity risks.
In connection with the European Union’s NIS2 Directive and the clarification of the requirements of the Danish Domain Registry (.DK), new rules regarding the contact details of domain owners are coming into force. These changes affect all registrations and management of .DK domains.
Below we outline the main requirements and what this means for .DK domain owners.
Accurate contact information (including phone number)
All new registrations, transfers, changes to contact information and changes of ownership must include complete and correct contact information for the owner (registrant), including a valid phone number.
For legal entities (contact type: Organization), a company registration number or VAT/CVR number is also mandatory.
The use of “sample data” or fictional information is not allowed.
Existing .DK domains must have a phone number added by April 2027 at the latest.
Risk-based data verification
If the domain registry suspects that the owner’s data is inaccurate, the registrar (Zone Media) will contact the owner directly via email to confirm their identity and mailing address.
Please note: If the data is not verified, the domain may be temporarily suspended or, in extreme cases, deleted.
Email address validity check
The .DK registry checks the email addresses of active domain owners using the so-called “bounce check” method (whether the letter is delivered). If the email address does not work, the registrar (Zone Media) is notified. The .DK registry then makes an attempt to correct the data in cooperation with Zone Media.
It is in the domain owner’s interest to always keep the email address working and up-to-date.
WHOIS data disclosure
The email address of legal entities is publicly visible in the WHOIS data of Punktum.dk.
- Therefore, companies must use role-based email addresses, e.g.:
info@company.dk, admin@company.dk - The use of a personal email address is not recommended to avoid the disclosure of personal information (person’s name).