Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Plenty of requirements about using security standards, but no enforcement or sanctions

New powers for Authority for Digital Infrastructure may bring about change

Red warning symbol above a laptop
  • Monday 22 July 2024

Many municipal websites don't meet the security standards they're supposed to meet. The problem isn't a lack of regulation, but a lack of compliance and enforcement. Last year, the Digital Government Act (WDO) mandated the use of HTTPS, and the upcoming Cyber Security Act is likely to add to the list of requirements. The Authority for Digital Infrastructure is also acquiring new supervision and enforcement responsibilities, which may lead to change.

In the Netherlands, we have an undesirable situation where many municipal websites don't meet the security standards that the government requires them to meet. That was the message delivered to parliament by Alexandra van Huffelen (who has since been succeeded as State Secretary for Kingdom Relations and Digitalisation by Zsolt Szabó) in response to questions from representative Barbara Kathmann. Public services should serve as examples of good practice where information security is concerned, and a secure website is part of that.

10,000 websites

Kathmann's parliamentary questions followed the publication of a survey by the Digital Insights Platform (DIP), showing that only 28 per cent of all municipal websites meet the security standards they're supposed to meet. It isn't the municipalities' main websites that are the problem: late last year, the Forum for Standardisation's Information Security Standards Survey, May 2023 found that 54 per cent of municipal websites met the requirements. The problem, according to the DIP, is all the ancillary sites that municipalities have – several hundred in some cases. These are typically sites devoted to particular issues, partnerships, projects, events, initiatives or publications. In total, the Netherlands' 342 municipalities have more than 10,000 websites, many of which are forgotten and neglected.

The lack of oversight and control has a lot to do with modern tooling making it very easy for anyone to create and publish a website, combined with the fact that individual officers and departments evidently feel free to do their own thing. According to the DIP, the issue isn't a lack of regulation, but a lack of compliance and enforcement.

Plenty of requirements

In her answer to Kathmann, the State Secretary made the point that the security standards were already 'mandatory', insofar as they were included on the 'use-or-explain' list. She also mentioned the National Information Security Baseline (BIO), which includes the 'use-or-explain' list standards, and pointed to the biannual Pan-governmental Digital Government Policy Liaison Forum (OBDO), which had agreed Joint Ambition Statements with 'hard' deadlines for the main internet security standards on the 'use-or-explain' list.

Since the Digital Government Act (WDO) came into force last year, the government has been able to make the use of modern internet standards mandatory for public and semi-public bodies. The Act was soon followed by the Decree on Secure Connections to Government Websites and Web Applications, effective from 1 July, which mandated support for the web and security standards HTTPS and HSTS [1].

Adoption has hit a ceiling

Of the web security standards, the most important is HTTPS, on setting up secure connections for encrypted web traffic. As well as being important, HTTPS is cheap to implement, certainly in comparison with some of the other mandatory security standards. The explanatory memorandum accompanying the Decree on Secure Connections says that the Forum for Standardisation has previously estimated the cost to be between €0 and €400 per website per year. Nevertheless, as reported here last month, server-side adoption of HTTPS has hit a ceiling. According to the EFF, the explanation is a combination of old and neglected servers, servers that don't use encryption for performance reasons or because of their limited content/functionality, lack of HTTPS support on some mobile devices, and some operators' reluctance to obtain certificates for privacy and security reasons.

Not long ago, the Forum for Standardisation also estimated that, if progress didn't accelerate, it would take another 10 years to reach the target levels of adoption. The government has therefore said that it intends to regularly seek advice on the need to make additional standards mandatory, with DNSSEC most likely to be considered first.

Domain portfolio management

In short, there are plenty of regulations on the use of security standards, but no enforcement and no sanctions. When answering the parliamentary questions, the State Secretary said that the intention was therefore to investigate the possibility of beefing up oversight. An important vehicle will be the planned Cyber Security Act, which will implement the EU's NIS2 Directive and will be incorporated into the Second National Information Security Baseline (BIO2). Under the Cyber Security Act, the Authority for Digital Infrastructure (RDI) will be tasked with supervision and enforcement of governmental organisations' compliance with information security requirements.

The problem of forgotten and neglected sites will hopefully soon be reduced by the new Register of Government Internet Domains (RIO) [1], which includes the domain names of all national government services. Efforts to register the domain names belonging to all other governmental bodies are ongoing.

Performance data for the various sectors of government is amongst the information available at Basisbeveiliging.nl, a project co-sponsored by SIDN Fund.

Map of the Netherlands showing, in colour, the performance of Dutch municipalities in the field of security standards adoption.