Be aware of FAKE EMAILS pretending to be from us. Read more here.

Implementation of NIS2

In 2025, the EU Directive NIS2, Article 28, will be implemented into Danish legislation. Below you can read more about the preparations Punktum dk has made to be ready when the law comes into effect.

Updated on 18 December, 2024

Expected Timeline

February 2025:     The NIS2 law is presented to Parliament

March 2025:          Testing of Punktum dk’s solution

July 2025:             The law comes into effect

July 2025:             New registrar contract with an addendum for ID verification comes into effect

Working Group with Registrars

In collaboration with several registrars, we have prepared for the changes through a working group.

Participants in the working group include: CSC, Gandi, INWX, Mark Monitor, One.com, Simply, Team.blue, Tucows, Openprovider, CentralNic, and OVH Cloud.

The working group developed a collaboration model, which was submitted for consultation with all registrars before the summer of 2024. In the model, it is agreed that registrars can choose whether ID verification is carried out by the registrar or by Punktum dk. The requirements for ID verification have also been defined.

Read the documentation submitted for consultation with all .dk registrars in the summer of 2024.

The working group met roughly 10 times and was divided into two subgroups: one focused on implementation and the other on finding common solutions.

Legislation

The Danish NIS2 law has been submitted for consultation in the Danish society. The implementation of Article 28 will be defined in an executive order, which will also be submitted for consultation. The exact timeline is not yet known.

Punktum dk will notify registrars when the consultation occurs and encourages registrars to submit their responses.

It is expected that the Danish NIS2 law will be presented to Parliament in February and come into effect no later than the summer of 2025.

Registrars will only be able to conduct ID verification once the Danish law is in effect.

ID Verification by Registrars

Registrars can choose whether ID verification is carried out by themselves or by Punktum dk.

If the registrar conducts ID verification, the following data must be verified:

  • Registrant: Name, address, phone number, and email address
  • Authorized Representative: Phone number and email address

ID verification must take place at the following points:

  • When registering a domain name
  • When a user becomes an authorized representative
  • When user information is updated
  • Ad hoc checks, if data is suspicious 
  • If Punktum dk receives a well-documented report indicating incorrect data in WHOIS

Relevant Links

Working group results
Working group appendix 1 
Working group appendix 2
NIS2 Directive
The Danish NIS2 law as it was submitted for consultation
NIS2 recommendations