EnglishEnglish
OpenProvider
Image not found
Back

[June 2025] Latest NIS2 Directive & NIXI (.in) compliance update for Openprovider resellers

Author:Valeria van der Poel
0 MIN READ TIME
6/24/2025
Domain Reseller News
[June 2025] Latest NIS2 Directive & NIXI (.in) compliance update for Openprovider resellers

The NIS2 Directive was scheduled to be transposed into national law by EU member states by October 17, 2024. As of today, only ten countries have completed this process: Belgium, Croatia, Finland, Greece, Hungary, Italy, Latvia, Romania, Slovakia, and Lithuania. 

This leaves 17 EU member states still in the process of implementing the directive – meaning that their national ccTLD registries have also postponed related changes until further notice.

In this article, we provide an update on the current status of various EU ccTLD registries and the .in registry (NIXI), focusing on local legislation related to data accuracy. We also outline the latest developments within Openprovider and our systems.

Contents

  1. Overview
  2. Global and registry-specific validations starting July 1st
  3. Upcoming implementation: new Identity Verification (KYC) white-labeled service
  4. NIXI (.in) policy changes
  5. se / .nu domain owner verifications
  6. DENIC Identity verification of domain owners
  7. EURid (.eu)
  8. SIDN (.nl and .amsterdam)
  9. DNS Belgium (.be)
  10. Punktum DK (.dk)

Overview

RegistryAction needed from resellers:
All NIS2 affected ccTLD registriesLegal entities (contact type: “Organization”) will no longer be able to hide their company details (name, phone, email, address) in the public WHOIS.
This will take effect as each EU country transposes NIS2 into local law. 
We suggest you communicate this to your customers so they are aware and potentially make changes to avoid showing personal data by accident.
NIXINIXI will require Identity verification for every registration. We are working closely with the registry to meet this requirement and will inform you in advance of any change in the process. In the meantime, the registry will put domains on serverHold and request KYC for domains with inaccurate data. 
EURid (.eu)No actions – the registry sends direct verification requests to domain holders. We recommend informing your support teams so they are aware.
SIDN (.nl)No actions are expected before Q3 of 2025. We are seeing the EU sending warnings to the countries that haven’t transposed NIS2 into law yet, and we will inform you if something changes.
DNS Belgium (.be)Specific field validations are being introduced during registrations to prevent new inaccurate data from entering both our systems and those of the registries.
DENIC (.de)New risk assessment and registrant identity verification are postponed until further notice. 
On July 1st, strict field validations are taking effect to prevent new inaccurate data from entering our systems and those of the registries.
NIC.AT (.at)No actions at the moment. However, some confirmed changes that the registry will implement were already communicated to us: 
– Phone number will be mandatory (already a requirement for registrants)
– Removal of Fax Number field
– Introduction of “clientHold” EPP status
– All contact handles will need to show a  type: person or organization.
NASK (.pl)The registry has a robust monthly abuse monitoring system in place. Our policy related to this has already been communicated to our resellers.
NASK has specified that the registrant data for the domains in BLOCKED state will be visible on the Public WHOIS.
The NIS2 law has not yet been transposed in the country.
Punktum DK (.dk)The Danish NIS2 law takes effect on July 1st, with the final executive order coming into force on January 1st, 2026.
WHOIS for legal entities will publicly display the contact email, company name, address, and phone number (unless marked private).
ID checks will be required only at registration, with one-time validation per registrant.
Internet Infrastructure Foundation (.se, .nu)A company registration number is required, and starting July 1st, we will have strict validations to ensure completeness.
The registry has started flagging domains with inaccurate data for identity verification and corrections.
Affected resellers will receive emails from our support department requesting documentation.
IIT-CNR (.it)The registry has introduced a system called DARWIN to address anomalous registrants and improve data accuracy. You will receive a notification from us to correct registrant data when a domain / contact handle is flagged to us by this system.
REDES (.es)The NIS2 law is not yet transposed in the country.No technical changes are announced as of now, but accurate registrant data is the first priority. If inaccurate data is detected, the registry will initiate a Special Cancellation Procedure and inform the registrant, who has 30 days to correct the data to prevent deletion of the domain name.

1: Global and registry-specific validations starting July 1st

New global validations

New validations across TLDs will take place starting July 1st, based on registry syntax requirements, and to avoid having blatant fake data entering our system. For global validations, we expect minimum impact as these validations cover extreme cases of fake data. Expect operations to fail if conditions are not met.

  • First name, last name, city, street:
    • No numbers only (e.g. 123456)
    • No special characters only (e.g.. %%%%%%)
    • No multiple use of only one specific letter (e.g.. DDDDDDDDDD, DDDD)
    • No instances of five or more identical characters in a row (e.g. DDDDDABC)
  • Full name (first name and last name):
    • Minimum length = 3, Maximum length = 255
  • City:
    • Minimum length = 1, Maximum length = 128
  • Street:
    • Minimum length = 1, Maximum length = 255
  • Postal code:
    • Minimum length = 1, Maximum length = 16
    • Allowed: Letters, numbers, space, hyphen
    • No commas, no symbols, no accents

Registry-specific validations:

For DENIC (.de):

  • Full name:
    • No 3 letters with special symbol in the middle (e.g. 1Ԓ2)
  • City:
    • Maximum length = 80

For DNSBE (.be)

  • Name, organization, street, and city must have at least one alphanumerical character.
  • Street and city must not be the same.
  • Postal code must have the correct syntax for the country code of the registrant. For a country without postal codes, we allow ‘0000’ or ‘00000’.
  • The length of the phone number must be correct for the phone prefix.

You can find more details in our section about DNS Belgium (.be) further down this article.

For .se / .nu

  • There will be strict validation for the completeness of the company registration number when the organization field is filled.
  • A missing company registration number in a contact used to create or update a domain will result in a failed operation.

2: Upcoming implementation: new Identity Verification (KYC) white-labeled service

In line with the NIS2 Directive for European ccTLDs (e.g. .nl, .de, .be, .fr) and other local registry policies (e.g. .in), Openprovider is responsible for verifying and maintaining accurate domain owner information, including the full name, company name, and address. 

To support our resellers and reduce their operational burden, we are working on implementing an automated and secure identity verification process. 

What happens now:

When the registry requires identity verification but does not contact the registrant directly, our standard process is to email you with the request. You are then responsible for collecting the required documents from your end customer and providing them to us for verification.

Next steps:

Our goal is to replicate the success of the automated email verification process by sending a white-labeled email directly to the domain owner when a registry requests verification. This email will display only your brand – not Openprovider’s – and include a secure link for the registrant to upload identity or company documents. Once submitted, the results will automatically update in our system, the registries, and in your reseller panel, either under “Customers” or a new dedicated section designed to help you monitor progress easily.

This feature is still in development. As we get closer to a working prototype, we will provide further details. You will receive sufficient advance notice before this functionality is activated for any registry or reseller.

Once fully implemented, this email verification will be triggered in the following situations:

  • Our team detects incorrect, fake, or suspicious domain owner data.
  • A registry requests verification of domain owner details from us as registrar, without contacting the registrant directly.
  • Repeated abuse is linked to a domain or account, and we need to confirm a legitimate owner.
  • A non-verified contact handle is used for a registration that requires verification at the time of registration.

In the meantime, if you have any questions or feedback about this upcoming service, please open a support ticket and your request will be forwarded to our product team.

3: .NIXI (.in) policy changes

NIXI’s current focus is fully directed toward e-KYC compliance and combating cybercrime. The registry has worked extensively with registrars to support a smooth transition. A new registrar-registry agreement reflecting these requirements has been in effect since May 15.

We appreciate the introduction of the Indian government-approved KYC tools, DigiLocker and Entity Locker, as well as the detailed guidance and support provided to help registrars adapt to the new processes.

We were pleased to take part in the Introduction to DigiLocker and Entity Locker Services session held in May and continue to work closely with the registry to ensure a smooth implementation.

4: .se / .nu domain owner verification

Starting July 1, we will enforce a completeness check for .nu domains and the company registration number field, after identifying multiple cases in our system where this information was missing. This requirement is not new – all requirements for .se and .nu are available in our Knowledge Base.

The registry for .se and .nu domains has informed us that it will begin random checks and flag domains with suspicious registrant data, both for new registrations and for previously registered domains.

  • New domain registrations that are flagged may be immediately suspended until the domain owner’s identity is verified.
  • Older domains will remain active during the verification process but cannot be renewed or transferred.
    The registry will define a deadline for updating registrant data. We will inform you of these deadlines by email.
  • The verification process follows the same steps as outlined earlier: you collect the required documentation from your end customer, submit it to us via ticket, and once verified, update the domain using a new contact handle with the validated data.
  • If corrections are not made within the given timeframe, the domain will be suspended.
  • Providing false information or updating contact handles without proper verification will be handled strictly and may lead to account suspension. We ask for your full cooperation to prevent domain or account suspensions.

5: DENIC Identity verification of domain owners

DENIC, the registry for .de domains, had announced that identity verifications have been postponed due to the current political developments in the country. They have committed to providing at least three months’ advance notice before starting the verification process. Once we receive this information, we will share it with you along with clear instructions.

Once the law is transposed in Germany, the following information will be displayed in the public WHOIS for legal entities (organizations). Specifically for DENIC, this includes:

  • Name
  • Address
  • E-mail address
  • Phone number
  • Domain registration date
  • Administering DENIC member (This is us)

6: EURid (.eu)

EURid has already established verification procedures as of May 2024. As domain name owners receive direct verification instructions from the registry, there are no changes from our side a

7: SIDN (.nl and .amsterdam)

There is no news since our last update. Draft legislation was published for the Netherlands, but changes are only expected around Q3 of 2025, once the law is transposed in the country.

What you need to know

Previous actions initiated by Openprovider to ensure compliance with the NIS2 Directive remain on pause. We will follow the registry’s lead and wait for official changes before making any adjustments.

8. DNS Belgium (.be)

DNS Belgium has started stricter validation during the creation and updates of domain owner handle information. Validations are merely ensuring that no fraud or fake data can be added during registration. Starting July 1st, these validations will be enforced in our system:

  • Name, organization, street and city must have at least one alphanumerical character.
  • Street and city must not be the same.
  • Postal code must have the correct syntax for the country code of the registrant. For a country without postal codes, we allow ‘0000’ or ‘00000’
  • The length of the phone number must be correct for the phone prefix.

The validation is also done on an update contact pperation, but only for the fields you are updating. You can find more details on the regular expressions the .be registry uses here.

Error messages:

  • ‘Owner name must have at least one alphanumeric character’
  • ‘Owner street must have at least one alphanumeric character’
  • ‘Owner city must have at least one alphanumeric character’
  • ‘Owner company name must have at least one alphanumeric character’
  • ‘Street and city must not have the same value’
  • ‘Invalid phone number in the domain owner details’
  • ‘Invalid postal code in the domain owner details’
  • ‘Invalid country code in the domain owner details’

You will receive a combined error message in case of multiple errors.

9: Punktum DK (.dk)

The final executive order for Denmark’s NIS2 implementation will take effect on January 1, 2026, but the law itself is effective from July 1, 2025.

Key improvements from the public consultation:

  • Verification is only needed during registration (not ongoing).
  • The email address or phone number must be validated – just one is enough.
  • One-time verification applies if multiple domains belong to the same registrant.
  • 72-hour exception: Domains may be activated before validation for up to 72 hours, after which they must be verified or get suspended.

For companies, the fe following fields will be publicly visible in the WHOIS changes as of July 1st, 2025:

  • Company name & address
  • Phone number (unless marked private)
  • New: Email address (must not contain personal data)

Got questions?

Our support team is happy to assist. Contact them here.

0 Views
0 Likes

Share this:

Follow us on

Image not found

Not a Member yet?

Become a Member today and get access to exclusive deals.

Sign up