Beta

Source: OJ L 333, 27.12.2022, p. 80–152

EN

Article 28 Database of domain name registration data

    1. For the purpose of contributing to the security, stability and resilience of the DNS, Member States shall require TLD name registries and entities providing domain name registration services means a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller; to collect and maintain accurate and complete domain name registration data in a dedicated database with due diligence in accordance with Union data protection law as regards data which are personal data.

    1. For the purposes of paragraph 1, Member States shall require the database of domain name registration data to contain the necessary information to identify and contact the holders of the domain names and the points of contact administering the domain names under the TLDs. Such information shall include:

      1. the domain name;

      2. the date of registration;

      3. the registrant’s name, contact email address and telephone number;

      4. the contact email address and telephone number of the point of contact administering the domain name in the event that they are different from those of the registrant.

    1. Member States shall require the TLD name registries and the entities providing domain name registration services means a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller; to have policies and procedures, including verification procedures, in place to ensure that the databases referred to in paragraph 1 include accurate and complete information. Member States shall require such policies and procedures to be made publicly available.

    1. Member States shall require the TLD name registries and the entities providing domain name registration services means a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller; to make publicly available, without undue delay after the registration of a domain name, the domain name registration data which are not personal data.

    1. Member States shall require the TLD name registries and the entities providing domain name registration services means a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller; to provide access to specific domain name registration data upon lawful and duly substantiated requests by legitimate access seekers, in accordance with Union data protection law. Member States shall require the TLD name registries and the entities providing domain name registration services means a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller; to reply without undue delay and in any event within 72 hours of receipt of any requests for access. Member States shall require policies and procedures with regard to the disclosure of such data to be made publicly available.

    1. Compliance with the obligations laid down in paragraphs 1 to 5 shall not result in a duplication of collecting domain name registration data. To that end, Member States shall require TLD name registries and entities providing domain name registration services means a registrar or an agent acting on behalf of registrars, such as a privacy or proxy registration service provider or reseller; to cooperate with each other.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod