NIS2 的关键要求

2025年3月22日 | 分类: 域名法务

EU NIS2 指令即将生效,为注册商和转销商引入了新的义务。虽然德国实施法仍未出台,但第一批注册管理机构开始更新其数据质量要求,因此需要提前实施。

NIS2 的关键要求

该指令第 28 条适用于 提供域名注册服务的实体,包括注册商、经销商)以及辅助服务(例如隐私和本地状态服务)的提供商。在 NIS2 中,注册商和经销商共同负责确保注册数据在我们的数据库中准确和完整。这包括基本数据元素,例如注册人的姓名、联系电子邮件地址和电话号码。

此外,NIS2 要求注册商和经销商实施和发布策略以保持准确的注册数据,包括 适当的验证程序。公布法人实体的注册详细信息将成为强制性的。

作为经销商,您与客户建立了 直接关系,因此您在数据准确性方面的作用至关重要。您需要:

  • 验证您提交给我们的数据是否经过了适当的验证程序。
  • 维护记录每个注册联系人验证的日志。
  • 将这些要求告知您的转销商(如果适用)。

基本合规要求:

  • 确保在域名注册、转移和所有权更改期间正确提供所有必填联系人字段(例如电子邮件、电话号码)。
  • 使用格式检查(例如,电子邮件/电话的 RFC 标准、确保邮政编码具有正确的位数等)验证注册人数据,并在可行的情况下进行验证。
  • 实施流程来检测和阻止包含不完整或无效注册人数据的请求。
  • 使用行业标准的最佳实践方法(例如,电子邮件、电话和姓名验证)来确认注册人的联系方式。
  • 通知您的客户,在注册数据中使用 Organization 字段可能会导致将注册人识别为法人实体,从而在公共注册数据库/查询服务中发布其信息。
  • 保留日志,记录注册人数据验证发生的时间和方式。

不遵守这些要求可能会导致:

  • 拒绝注册请求。
  • 暂停注册域名。
  • 在极端情况下,暂停您的帐户。
  • 请注意,注册管理运行机构就您提供的未经验证的注册数据向我们收取的任何罚款可能会从您的帐户中扣除。

即将推出的 Registrar 增强功能:

  • 我们将扩展现有的 gTLD 域名验证和验证流程(请参阅:https://kb.centralnicreseller.com/domains/icann/contact-verification) 来涵盖我们平台上的所有域名注册和联系人数据更新。此外,作为此过程的一部分,将引入对注册人电话号码的非侵入式验证。
  • 现在将为所有域名发送年度注册数据提醒(以前称为 WDRP),无论 TLD 如何。
  • 每周向经销商发送电子邮件,提醒他们发现的错误或不完整的数据。
  • 引入了新的可选联系人扩展,以允许实体类型的自我标识:X-LEGALFORM。
  • 恢复法人实体注册数据的部分未编辑发布,通过使用“组织”字段和 X-LEGALFORM 扩展名来识别。

这些增强功能将逐步在 OTE 环境中推出。预计它们将在 OTE 发布后的三到六个月内上线。请定期查看我们的时事通讯以获取更新,因为我们将在其中公布确切日期。这些增强功能都不应该是代码破损的,但如果数据质量较低,它们可能会导致更多的事务失败。

请注意,某些欧盟成员国和这些司法管辖区的 TLD 可能有额外甚至更严格的要求。我们将通过新闻通讯通知您此类要求,包括对未能遵守这些特殊要求的特殊处罚,并在我们的 TLD 附录可用时对其进行更新。

我们鼓励您查看这些要求并相应地调整您的流程,因为您的帮助和合作对于避免潜在的数据质量问题、不正确的披露和注册管理机构的投诉至关重要。确保根据注册表的基本要求提交联系人数据字段。确保您的客户得到适当的通知并正确使用现有字段将导致数据质量的显著提高。这将满足注册管理机构的数据质量要求,并避免不必要的事务失败或域暂停/删除。

当 NIS2 要求可用时,我们将及时通知您有关进一步发展的最新信息,例如因注册机构采用 NIS2 要求而产生的新政策和技术。您可以在以下链接中找到有关我们的 NIS2 实施计划、时间表以及提高数据质量的提示的最新信息:https://www.centralnicreseller.com/preparing-for-nis2-compliance/

如果您有任何问题,请联系我们的 支持团队

请注意,本通知中的任何内容均不构成有关您在 NIS2 下可能承担的任何责任的法律建议。

The EU NIS2 Directive is coming into effect, introducing new obligations for both registrars and resellers. While the German implementation law is still outstanding, the first registries are starting to update their data quality requirements, necessitating an earlier implementation.

Key Requirements Under NIS2

Article 28 of the directive applies to entities providing domain name registration services, including registrars, resellers, and providers of ancillary services (such as privacy and local presence services). Under NIS2, both registrars and resellers share the responsibility for ensuring that registration data is accurate and complete in our database. This includes essential data elements such as the registrant’s name, contact email address, and telephone number.

Additionally, NIS2 requires registrars and resellers to implement and publish policies to maintain accurate registration data, including adequate verification procedures. The publication of registration details of legal entities will become mandatory.

As a reseller, you have a direct relationship with customers, making your role in data accuracy critical. You are expected to:

  • Verify that the data you submit to us has undergone appropriate verification procedures.
  • Maintain logs documenting verification for each registrant contact.
  • Inform your resellers (if applicable) of these requirements.

Basic Compliance Requirements:

  • Ensure all mandatory contact fields (e.g., email, phone number) are correctly provided during domain registrations, transfers, and ownership changes.
  • Validate registrant data using format checks (e.g., RFC standards for email/phone, ensuring postal codes have the right number of digits, etc) and verify it where feasible.
  • Implement processes to detect and block requests containing incomplete or invalid registrant data.
  • Use industry-standard best practice methods (e.g., email, phone, and name verification) to confirm registrant contact details.
  • Inform your clients that the use of the Organization field in the registration data may result in the identification of the registrant as legal entity and therefore the publication of their information in the public registration database/query service.
  • Keep logs documenting when and how registrant data verification has occurred.

Failure to comply with these requirements may result in:

  • Rejection of registration requests.
  • Suspension of registered domain names.
  • In extreme cases, suspension of your account.
  •  Please note that any fines applied to us by a registry operator regarding unverified registration data supplied by you may be charged to your account.

Upcoming Registrar Enhancements:

  • We will extend our existing validation and verification processes for gTLD domain names (see: https://kb.centralnicreseller.com/domains/icann/contact-verification) to cover all domain registrations and contact data updates on our platform. Additionally, a non-intrusive validation of registrant telephone numbers will be introduced as part of this process.
  • Annual registration data reminders (formerly WDRP) will now be sent for all domain names, regardless of the TLD.
  • Weekly email reminders to resellers about identified incorrect or incomplete data.
  • Introduction of a new optional contact extension to allow self-identification of entity type: X-LEGALFORM.
  • Resume partially unredacted publication of registration data of legal entities, as identified by the use of the “Organization” field and the X-LEGALFORM extension.

These enhancements will gradually become available in the OTE environment, rolling out step by step. They are expected to go live within three to six months after the OTE launch. Please check our newsletter regularly for updates, as we will announce the exact date there. None of these enhancements should be code-breaking, but they may lead to a higher number of failed transactions if the data quality is low.

Please note that certain EU member states and the TLDs in those jurisdictions may have additional or even stricter requirements. We will inform you about such requirements, including special penalties for failure to comply with those special requirements by newsletter and updates to our TLD appendices when they become available.

We encourage you to review these requirements and adjust your processes accordingly as your help and cooperation are essential to avoid potential data quality issues, incorrect disclosures and complaints from the registries. Make sure that the contact data fields are submitted according to the base requirements of the registries. Ensuring your customers are properly informed and the correct use of the existing fields will result in a significant improvement in the data quality. This will result in fulfilling the data quality requirements of the registries and avoiding unnecessary transaction failures or domain suspensions/deletions.

We will keep you updated on further developments such as new policy and technical resulting from registry adoption of NIS2 requirements when they become available. You can find the most up-to-date information about our NIS2 implementation plans, timelines as well as tips for better data quality under this link: https://www.centralnicreseller.com/preparing-for-nis2-compliance/

If you have any questions, please reach out to our support team.

Please note that nothing in this notification constitutes legal advice regarding any responsibilities you may have under NIS2.