Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Draft legislation to implement NIS2 in the Netherlands published

Internet consultation on the draft now in progress

European flag with the text 'NIS-2 Directive'

On 27 December 2022, the definitive text of the Network Information Security Directive 2 (NIS2) was published. NIS2 is an EU directive that lays down the digital security requirements that certain companies and sectors have to meet. In principle, member states are required to incorporate NIS2's provisions into their own laws by 17 October 2024. Against that background, the Dutch government recently published draft legislation for online consultation. The draft provides valuable insight into the Dutch authorities' interpretation of NIS2, but leaves many questions unanswered.

Article 28 applies to domain name registration service providers

NIS2 pays specific attention to the domain name industry: it's mentioned explicitly, and some parts of the directive apply to domain name registration service providers 'regardless of size'. Article 28 is of particular significance. It says:

[..] Member States shall require TLD name registries and entities providing domain name registration services to collect and maintain accurate and complete domain name registration data [..]

The registration data in question is to include at least the registrant's name, e-mail address and phone number. In practice, that implies that domain name registration must involve some form of data verification. In the Netherlands, about 1.2 million new domain names are registered every year, of which about 800,000 are .nl domain names. What NIS2 doesn't say is exactly what must be done to verify that registration data is accurate and complete. The industry in the Netherlands has therefore been waiting eagerly to discover how the verification requirement would be interpreted in national law.

Cyber Security Act to be aligned with existing norms

In the Netherlands, NIS2 will be implemented by the Cyber Security Act, the draft text of which was published online at the beginning of June. A total of 29 public responses have so far been submitted. The part of the Act that corresponds to NIS2 Article 28 is Section 50. And the good news for the domain name industry is that the text of that section is aligned with established practice. For example, the relevant passage of the Explanatory Memorandum reads:

"As far as possible, the policy and procedures must take account of internationally agreed guidelines and norms."

That aspect of the legislation is welcome, because internationally agreed verification procedures are already in place for generic domain name extensions (gTLDs), for example. Therefore, if verification practices in the Netherlands can be aligned with those procedures, the new legislation's verification requirements will involve relatively little change for service providers already working to the international norms.

Verification of a single contact channel

Many service providers will also be relieved to note that the draft legislation does not require all contact details to be verified. As the following passage of the Explanatory Memorandum states, it'll be sufficient to verify one contact channel:

"Registries for top-level domain names and entities that provide domain name registration services must, amongst other things, verify at least one means of contacting a domain name's registrant."

In that respect too, the legislation's wording does not imply significant extra work for service providers. It'll be enough to verify, say, the registrant's e-mail address, without additionally verifying other information such as their phone number, as in some other EU member states (e.g. Belgium).

Additional regulations possible

Nevertheless, the draft legislation leaves many things unclear. One example is the rules on personal data. The draft requires the prompt publication of all domain name data that does not contain personal data. In practice, however, it's not easy to distinguish between personal data and other data. If, for instance, a business registers a domain name, it's impossible to tell whether the e-mail address provided by the registrant can be traced to a person unless a manual check is performed

Sections 50 and 51 of the draft Act allow the Minister of Economic Affairs to define subordinate regulations. Consequently, the Act's full impact on business processes can't be assessed until any such regulations are also published. For example, regulations could be introduced to minimise any mismatch between the way NIS2 works in the Netherlands, and the way it works in other EU countries. However, it's hard to judge whether the Minister will actually use that power.

Timeline and follow-up

It looks very unlikely that the Act can be passed before the EU's deadline of 17 October. A more realistic scenario is that the new regime will come into effect in summer 2025. We're monitoring developments closely and will update .nl registrars as soon as we learn anything more. With regard to any aspects of the legislation that have implications for the .nl domain, we'll be looking to align with other European registries wherever possible, so as to minimise the associated workload for stakeholders.

Want to know more?

The full text of the NIS2 directive is available on the website of the European Union.

The draft text of the Dutch Cyber Security Act can be found at internetconsultatie.nl.

Article by:

Michiel Henneke

Michiel Henneke

Marketing Manager