Tag: NIS2

NIS2: The DENIC Registry Aims to Build Trust in the .DE Domain

NIS2: The DENIC Registry Aims to Build Trust in the .DE Domain
Image source : Samuel Hagger via Unsplash

The European NIS2 Cybersecurity Directive, which aims to strengthen the overall level of cybersecurity within the European Union by imposing new obligations on entities deemed critical to the operation of digital infrastructure, has now been transposed into the national laws of 19 Member States. Unlike the first NIS Directive, the text explicitly includes DNS operators and domain names.

The NIS2 transposition Directive into German law, which took effect on December 6th, 2025, has led DENIC, the registry for the .DE domain extension, to adapt its domain name management procedures and policies. This development is of particular importance given the significance of the .DE, which represents nearly 18 million active domain names and is now the world’s largest country code top-level domain (ccTLD) after China’s .CN.

Like other registry operators – particularly those representing intra-EU country-code top-level domains – DENIC has implemented several concrete measures to enhance the reliability of registration data and limit misuse. Accredited .DE registrars must implement controls to verify that the registered holder of a domain name is indeed the person or entity they claim to be. These verifications rely on the collection of identification documents or proof of address. In the event of an audit or targeted checks, the registrant has a period of seven to thirty days, depending on the circumstances, to submit the requested identification documents. Failure to do so may result in the domain name being deactivated and subsequently deleted. DENIC also reserves the right to suspend or refuse to activate certain domain names identified as potentially abusive or fraudulent.

While these changes are part of the process of complying with the European directive, they also reflect the registry’s commitment to strengthening the position of .DE as a trusted domain extension and reducing malicious uses related to phishing, spam, and fraudulent campaigns.

This issue is also the subject of new policies regarding generic top-level domains (gTLDs) initiated by ICANN. For DENIC, at least, these policies mark a major shift, as the registry has historically been known for its relatively open and flexible approach to registrant verification. This shift aligns with several academic studies and specialized reports on DNS abuse, which demonstrate a direct correlation between the quality of registration data, identity verification policies, and the level of abuse observed on a domain extension. Studies conducted in particular as part of ICANN’s European DAAR (Domain Abuse Activity Reporting) project also indicate that TLDs applying stricter controls on registrants and registrations generally have significantly lower rates of domains involved in malicious activities than extensions with more permissive registration policies.

Nameshield, a leading European provider of strategic domain name protection, DNS, and related services, ensures NIS2 compliance by adhering to the highest standards of security and quality. Nameshield has been accredited by DENIC for nearly 30 years. In this context, Nameshield has also strengthened identification measures for holders of .DE domains and an increasing number of extensions whose registries have requested additional measures directly related to the NIS2 Directive. Your account managers are available to provide any further information, and our sales teams are ready to offer solutions to help you build the best strategy for securing your digital assets.

Artificial intelligence, NIS2 Directive, our society model: some of the topics debatted at Domain Pulse 2024

On 22 and 23 February, Domain Pulse was held in Vienna, Austria. This symposium brings together all the stakeholders in the domain name industry once a year around the registries of Austria (nic.at), Germany (DENIC eG) and Switzerland (SWITCH). The event was a resounding success, with a mix of conferences and networking opportunities.

Domain Pulse 2024
Neil Harbisson, the “cyborg artist” as he describes himself attracted a great deal of attention

For those who thought that cyborgs – human beings who have been grafted with mechanical or electronic parts – only existed in science-fiction literature or cinema, such as Fritz Lang’s masterpiece ‘Metropolis’, released almost 100 years ago, Domain Pulse 2024 was a wake-up call. The event’s star guest, Neil Harbisson, a self-styled cyborg artist, caused quite a stir at the opening of the event. The British artist was the first human to have an antenna implanted in his skull, back in 2004. This additional “organ” enables him to perceive colour frequencies differently. With the help of a software layer, he can even translate these perceptions into sound. He likes to explain that he can “eat songs” by transforming the perception of a dish into sounds, or “make sound portraits” of people. He shared that “King Charles III was able to listen to his sound portrait”. He also explained that for him, skin colours are simply variations on the colour orange. Another facet of his transformation is the “obstacle course” he went through to obtain the possibility of renewing his passport. Grafting technological tools raises ethical issues and is not normally allowed on passports. In the end, however, he obtained the right to have a passport with his antenna on his photo. To hear him tell it, augmented reality is already a thing of the past, since we are now talking about revealed reality.

He did not, however, overlook the fact that, like all technologies, these have their share of promises and dangers. In the case of the former, more impactful uses are possible, such as the fact that such “organs” could one day enable humans to “see at night”, thus saving energy, or to “regulate their body temperature instead of air-conditioning”. On the downside, there are risks of infection or clinical rejection, tools that are still dependent on conventional energy sources, problems of acceptability to society and, of course, the risk that these tools will be hacked, with impacts that are difficult to identify and assess.

The NIS2 directive also featured prominently in the discussions at Domain Pulse. This cybersecurity legislation must be transposed into the national laws of the Member States of the European Union by 17 October 2024 at the latest. At Domain Pulse, DNS service providers were warned that they will have to upgrade their cyber capabilities, risk management and reporting capacities, as well as cooperation and information exchange – the three pillars of the directive. On Article 28 of the text, which specifically targets domain name registration databases, a panel of specialists questioned the consistency of the approach: “The European Commission is going back on the accuracy of registration data and legitimate interests. This cyber approach runs counter to the need to publish less data”, said Thomas Rickert.

Other notable presentations included a reflection on our model of society around the question “Is the future in the virtual communities that will replace states? A projection by the Einstein Center allowed us to project ourselves into such a model.

The second day of the event focused on Artificial Intelligence. Implemented in a wide range of fields, AI has already shown that it is capable of surpassing human capacities. Its ability to adapt was also discussed, using the example of captcha input. Captcha are tests based on human image or sound analysis capabilities that differentiate automated requests from human requests. ChatGPT did not manage to enter a captcha, but went to a website where it is possible to request human assistance for specific needs. In the help forum, the support team asked ChatGPT if it was a robot. As a human would probably have done to achieve the desired end, ChatGPT lied and replied that it was not a robot. As if to echo the technological bodies mentioned the day before, AI offers interesting prospects for making faster progress in sectors such as research, for example. But the other side of the coin is that AI can be used for malicious purposes. Just as there is the Dark Web, there is also Dark AI. AI is capable of creating phishing emails and scams (internet fraud). It will become increasingly difficult to tell the difference between what is real and what is fake, for example with deepfakes (editor’s note: multimedia synthesis techniques based on AI that can generate fake audio or video sequences).

Another challenge and issue of the moment is the war on Europe’s doorstep. The Ukrainian conflict was discussed in the form of feedback from the Ukrainian registry operator in the context of the war and the lessons learned from an operational point of view. These included the preferred use of hosting companies offering a resilient infrastructure and “SMEs which are more responsive than large structures”, “choosing the right people to work with” and the fact that in a crisis situation “people are more reliable than machines”.

Domain Pulse 2024 skilfully reconciled issues specific to the domain name industry, such as cybersecurity and the regulatory aspect of the NIS2 directive, as well as technological issues. Feedback from the Ukrainian registry echoed Nameshield’s values and customer approach and solutions. This Domain Pulse also provided an opportunity for participants to reflect on the model of society we want for ourselves and our children, as humanity seems to be at a turning point in this area.