Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

NIS2 and domain names: much remains unclear

Impact of the Network and Information Security Directive 2 on the domain name industry

The European Union flag displayed in a wavy binary sea made up of ones and zeros.

On 27 December last year, the EU published the definitive wording of its NIS2 Directive -- the Directive on measures for a high common level of cybersecurity across the Union. Like all EU directives, it has no direct legal effect, but member states are required to incorporate its provisions into their own laws. Where NIS2 is concerned, that has to be done by 14 October 2024.

Successor to NIS1

NIS2 supersedes NIS1: the first EU directive on this subject. NIS1 was incorporated into Dutch law in 2018 by the Network and Information Systems Security Act (Wbni). One consequence of the Act was that SIDN, as operator of the .nl domain, was designated an operator of essential services. SIDN's cybersecurity policy and provisions are consequently subject to supervision by the Dutch Authority for Digital Infrastructure (RDI). We're also required to report any significant security incidents to both the RDI and the National Cyber Security Centre (NCSC).

Major implications for the domain name industry

NIS2 is expected to have much greater implications for the domain name industry than NIS1. Which is exactly what the EU's lawmakers intended. The EU is determined that cybersecurity levels in the bloc will improve.

Security implications

One reason why the impact will be so significant is that all DNS service providers, large and small, will be deemed 'essential', in the same way that SIDN already is. As such, they too will have to meet very strict security requirements. They'll also be subject to RDI supervision, and will have a duty to report incidents. The new features of the NIS2 will apply to them as well, such as the need to ensure that the suppliers and service providers they use satisfy appropriate cybersecurity requirements. Indeed, like SIDN, DNS service providers face the prospect of GDPR-style penalties if they fail in their security responsibilities, with the possibility of their executives being held personally liable.

Nevertheless, it remains unclear for the moment exactly how the new responsibilities will impact DNS service providers. It will be important for them to keep a weather eye on NIS2's implementation in Dutch law, and on the RDI's translation of the new legal provisions into supervisory practice.

Registration data implications

Another reason why NIS2 is so significant for the domain name industry is that it includes various requirements regarding domain name registration data. The directive's Article 28 states that registration data must be accurate, that data must be published using a Whois service, and that unpublished personal data must be made available to any 'legitimate access seeker' within 72 hours.

More work, but how much more?

Clearly, complying with the new requirements will mean more work for the domain name industry. Quite how much more is hard to say, however. Part of the reason for the uncertainty is that, in the course of its development, NIS2 was the focus of considerable debate. That led to the provisions of Article 28 being formulated so broadly and imprecisely that there is considerable scope for interpretation. As a result, there is a real risk of the directive being applied in different ways in different countries.

A wide variety of requirements

For our industry, the most significant uncertainty is just how far registries and registrars will be required to go in terms of validating registration data. Possible interpretations of the directive range from simple e-mail verification by registrars being sufficient, to the identities of all current and new registrants needing to be verified after 14 October 2024 by checking electronic or paper IDs. It's also unclear whether registrants' e-mail addresses and phone numbers will require validation as well. And what happens if one EU state interprets the directive leniently, while a neighbouring country takes a stricter line? Read my earlier blog for more on this topic.

Implications for the industry are potentially dramatic

For an industry accustomed to operating internationally, the complicating potential of the issues outlined above are clear. For example, although most .nl registrants are based in the Netherlands, a significant minority are in other European countries or further afield. What's more, .nl domain names are made available by registrars and resellers all over the world. The implications are perhaps more far-reaching for registrars than for registries. A Dutch registrar may, for instance, register a .fr domain name for a Belgian customer. If the Dutch, Belgian and French verification rules differ, which rules should the registrar follow? And how is a Belgian registrar to compete with its French counterparts if the verification rules are much more lenient (and the associated costs therefore much lower) in France than in Belgium?

Harmonisation and development

Fortunately, the EU and its member states are aware of the issues. A workflow involving all EU countries has been established, with the aim of harmonising the directive's implementation. While that's clearly important, it's equally vital that the harmonised approach ultimately adopted is sensible and workable for the domain name industry. My personal view is that the best solution would be a readily implementable system of e-mail verification, like the one already used by gTLDs. That could be complemented by a pathway for the staged development of more secure eID-based checks if abuse data indicates that e-mail verification is an insufficient deterrent to malpractice.

Following developments closely

At SIDN, we'll be watching developments closely and maintaining dialogue with the government and with numerous other stakeholders in the implementation of NIS2. Our ultimate goal is to help ensure that NIS2 has the desired effect of improving cybersecurity, without placing intolerable burdens on the domain name industry.

Article by:

Maarten Simon

Maarten Simon

Legal & Policy Advisor