The European NIS2 Cybersecurity Directive, which aims to strengthen the overall level of cybersecurity within the European Union by imposing new obligations on entities deemed critical to the operation of digital infrastructure, has now been transposed into the national laws of 19 Member States. Unlike the first NIS Directive, the text explicitly includes DNS operators and domain names.
The NIS2 transposition Directive into German law, which took effect on December 6th, 2025, has led DENIC, the registry for the .DE domain extension, to adapt its domain name management procedures and policies. This development is of particular importance given the significance of the .DE, which represents nearly 18 million active domain names and is now the world’s largest country code top-level domain (ccTLD) after China’s .CN.
Like other registry operators – particularly those representing intra-EU country-code top-level domains – DENIC has implemented several concrete measures to enhance the reliability of registration data and limit misuse. Accredited .DE registrars must implement controls to verify that the registered holder of a domain name is indeed the person or entity they claim to be. These verifications rely on the collection of identification documents or proof of address. In the event of an audit or targeted checks, the registrant has a period of seven to thirty days, depending on the circumstances, to submit the requested identification documents. Failure to do so may result in the domain name being deactivated and subsequently deleted. DENIC also reserves the right to suspend or refuse to activate certain domain names identified as potentially abusive or fraudulent.
While these changes are part of the process of complying with the European directive, they also reflect the registry’s commitment to strengthening the position of .DE as a trusted domain extension and reducing malicious uses related to phishing, spam, and fraudulent campaigns.
This issue is also the subject of new policies regarding generic top-level domains (gTLDs) initiated by ICANN. For DENIC, at least, these policies mark a major shift, as the registry has historically been known for its relatively open and flexible approach to registrant verification. This shift aligns with several academic studies and specialized reports on DNS abuse, which demonstrate a direct correlation between the quality of registration data, identity verification policies, and the level of abuse observed on a domain extension. Studies conducted in particular as part of ICANN’s European DAAR (Domain Abuse Activity Reporting) project also indicate that TLDs applying stricter controls on registrants and registrations generally have significantly lower rates of domains involved in malicious activities than extensions with more permissive registration policies.
Nameshield, a leading European provider of strategic domain name protection, DNS, and related services, ensures NIS2 compliance by adhering to the highest standards of security and quality. Nameshield has been accredited by DENIC for nearly 30 years. In this context, Nameshield has also strengthened identification measures for holders of .DE domains and an increasing number of extensions whose registries have requested additional measures directly related to the NIS2 Directive. Your account managers are available to provide any further information, and our sales teams are ready to offer solutions to help you build the best strategy for securing your digital assets.
