DENIC is updating .DE domain registration rules to comply with the EU NIS2 Directive. These changes affect registrant data requirements, WHOIS publication, and identity verification - and apply to both new and existing .DE domains.
⚠ Important Domains that fail to meet these requirements may be suspended or permanently deleted. |
Key Dates at a Glance
Date | What Changes |
Already in effect |
|
14 April 2026 |
|
April 2027 |
|
What Registrant Data Is Now Required
For all new registrations, ownership transfers, and contact updates, the following information must be accurate and complete:
- Full name (real first and last name)
- Organisation name (required for legal entities)
- Valid email address (must be verified)
- Valid phone number (no placeholders or dummy numbers)
- Full postal address - street, house number, postcode, city, and country
What is Published in WHOIS
The following information is publicly visible for all .DE domains:
All Domains
- Domain registration date
- Managing DENIC member name, address, email, and phone number
Legal Entities (Companies & Organisations)
- Name, address, email address, and phone number
Private Individuals
- Registration date
- Administering DENIC member (personal details are not published)
Organization (Org) Field Must Be Left Blank for Private Individuals
When submitting or updating registrant contact data for .DE domains:
- The Organization (Org) field is now optional.
- If the registrant is a private individual, the Org field must be left empty.
- The Org field should only be completed where the registrant is a legal entity (e.g., company or organization).
Please ensure your registration and update processes reflect this requirement.
Email Verification
Here is how it works:
- When a new or updated registrant email address is submitted (and has not been previously verified), a verification email is sent to the registrant.
- The registrant must click the verification link to confirm their email address.
- If the verification is not completed, DENIC will be notified. Failed verification results are submitted to DENIC on day 31 after the initial registrant verification email was sent. A 7-day risk assessment process will then be triggered.
- Please refer to the email verification process outlined in here for further details.
Annual WHOIS data reminders
- Domain holders will receive annual reminders to review their registration data.
- Any missing or inaccurate information must be corrected.
Transition period for existing domains
- Existing .DE domains that do not include a telephone number must be updated within one year, by April 2027.
- Resellers are expected to review their portfolios and coordinate with registrants to ensure that any missing data is completed within the required timeframe.
- Failure to update the missing information may trigger a risk assessment and could result in the domain being suspended or permanently deleted.
Risk Assessments & Verification Procedures
DENIC applies a risk-based approach to assess registrant data quality. A risk assessment may be triggered in the following situations:
- Registrant data appears invalid, incomplete, or suspicious
- Registrant email verification fails
- A registrant violates DENIC policy
- A new registration, ownership change, or contact update
Important: All domain names associated with a registrant handle that has been flagged for risk assessment may be suspended if the verification is not completed. This applies not only to a single domain name, but to all domains linked to that registrant handle.
DENIC does not proactively verify registrant data but may initiate a risk assessment where potential irregularities are identified.
30-Day Risk Assessment
Applies when registrant data is flagged as potentially invalid.
Please note: OpenSRS processes these cases manually. As a result, it may take up to 48 hours to issue the initial notification to the reseller for further action.
Timeline | What Happens |
Day 0 - 2 | DENIC’s verification request will be sent to the reseller via email from OpenSRS.
No documentation should be submitted directly to OpenSRS. |
Day 3 - 30 | Registrant data verification must be completed within 23 calendar days from the date of the initial notice. The registrant submits an identity document via a secure link. |
Day 31–120 | 90-Day Quarantine Period A 90-day quarantine period will commence. DENIC will place all domains linked to the affected registrant handle on serverHold status. As a result, DNS will be deactivated and the domains will stop resolving. Registrant verification remains possible during this period. |
Day 114 | Reminder sent: 7 days until deletion - DENIC will notify the registrant directly via email. |
Day 121 | The domain(s) will be permanently deleted. The registrant will be notified of the termination by email. The termination notice will be sent directly by DENIC. If the email notification cannot be delivered, the registrant will be contacted by postal mail. |
7-Day Risk Assessment
Triggered when email verification fails or a DENIC policy violation occurs. The same quarantine and deletion process applies as above (please refer to the above table), but the reseller or/and registrant only have 7 days to respond before the domain enters quarantine.
⚠ Warning Deletion after quarantine is final. Domains placed in quarantine will be deleted without a redemption period. |
Verification Handling During Holder Changes
When a domain is flagged for verification, verification must always be completed for the current (active) holder at the time of processing — regardless of who originally triggered the request.
Inaccurate data can be corrected by processing:
- Owner change
- Contact update
Example Scenario
- Domain: domainname.de is registered under Handle 1 – "John Smith"
- A verification request is triggered
- Before verification is completed, the holder changes to Handle 2 – "Mark Schmidt"
- Result: Mark Schmidt must be verified
Key Rules
- Verification follows the current holder. If the holder changes while verification is pending, the new holder is the party that must be verified.
- Deadlines do not reset. Changing the domain holder does not restart or extend the verification deadline — the original clock continues to run.
Compliance
- To prevent suspension, the current holder must be successfully verified before the original deadline. There is no alternative way to clear a pending verification.
- Important: Domain(s) linked to the affected registrant handle will be placed on serverHold during the 90-days quarantine period. Suspension may apply to all domains linked to the unverified registrant handle.
Acceptable verification documents
Depending on the registrant type, DENIC may request supporting documentation:
Natural persons
- Passport or national ID
- Utility bill
- Bank statement
- Payment verification
- Video or on-site identity verification
Legal entities
- Commercial register extract
- Founding documents
- Federal Gazette entry
- VIES request
- Comparable official documentation.
List of Proofs
- The table below lists the proofs accepted by DENIC.
Here is the list extracted from the image:
Proof | Description |
ID Card | Verification by an official and valid ID card, including emergency ID cards, ID cards for refugees, asylum seekers, and apatrids. |
Passport | Verification by an official and valid passport. |
Population Register | Verification through an official excerpt from the population register (“Meldebescheinigung”) (where applicable). |
Residence Permit | Verification through an official and valid residence permit issued by an official authority. |
Proof of Arrival | Verification through an official and valid proof of arrival issued by an official authority. |
Driver’s License | Verification through an official and valid driver’s license issued by an official authority. |
Company Register | Verification through an excerpt from the commercial or cooperative register, or a comparable official register or directory. |
Founding Documents | Verification through founding documents or equivalent evidentiary documents. |
Federal Gazette | Verification through an excerpt from the Federal Gazette (“Bundesanzeiger”). |
Record of Payment (Direct Debit, Transfer, Credit Card, or Online Payment) | Successful execution of a payment in which the data to be verified is securely transmitted by the payment service provider. |
Utility Bill | Verification via a utility bill. |
Bank Statement | Verification via an official statement from a recognized banking institution. |
Tax Statement | Official certificate from the tax authorities of a country. |
Written Confirmation by an Already Verified Natural Person | A written/printed statement or letter from a recognized person or authority confirming the identity of the user. |
Digital Confirmation by an Already Verified Natural Person | A digital statement or letter from a recognized person or authority confirming the identity of the user. |
Postal Transaction Log | A digital transaction log of a postal verification action, such as confirmation of receipt, entering a code, or clicking a link. |
E-mail Transaction Log | A digital transaction log of an email verification action, such as entering a code or clicking a link. |
Address Database | Information from a reliable address database. |
Reseller Action Checklist
Use this checklist to ensure compliance:
- Communicate NIS2 requirements to your customers.
- Ensure all existing .DE registrant records include a valid phone number (deadline: April 2027).
- Ensure that all registrant email addresses are verified at all times.
- Monitor verification request emails - resellers will be copied on all requests.
Note This process is subject to change. Any updates will be communicated by DENIC and passed on accordingly. |
Was this article helpful? If not please submit a request here
How helpful was this article?
Thanks for your feedback!