New legal requirements apply in Germany since 6 December 2025, which will also impact DENIC’s business processes in the future. These relate to
- A telephone number allocated to the domain holder will be newly added to each holder’s data set
- The validity of the domain holder’s e-mail address will be verified
- All domain data will be validated in terms of completeness and accuracy (automated check with inbuilt risk assessment)
- In case of an adverse risk level, holder verification providing evidence of holder data accuracy will be mandatory
- The failure of holder verification, in case of an adverse risk level, will result in contract termination followed by domain deletion
All amendments related to the new registration, transfer and/or updates of holder data of .de domains at a glance:
- the data to be collected during the registration of domains and the verification of this data
- the registration data made publicly available via the whois lookup service (Domain Query Tool)
What future changes does the new legislation bring to the registration process for .de domains?
The new legal provisions will prompt changes as to which data of the domain holder must be collected as part of the registration process, in the future. To ensure that the data provided is accurate and complete, it will also undergo validation. To this end, one or more validation procedures will be used, depending on requirements. Validation results will govern if a certain domain is registered and made available on the internet (i.e. is connected) by DENIC or not.
Which holder data will be collected as part of future
.de domain registrations?
As before, registration will include recording the domain holder's name and postal address, along with an e-mail address where they can be reached. A new requirement will be the additional provision of a telephone number. Moreover, it will be imperative to specify whether the domain holder is a legal entity, such as a company, association, or similar, or a natural person, thus a private individual. Based on their classification by DENIC into one of the two categories, the domain holder's data will be disclosed via the Domain Query tool (whois) on DENIC‘s website (in the case of a legal entity) or not (in the case of a natural person). Registration rules further demand from all legal entities to provide their full statutory name, including any legal status supplement.
Which holder data will be subject to checks during future .de domain registrations or transfers?
In the future, DENIC will check, as part of the domain registration process, whether the name, postal address, and, if applicable, legal status of the person submitting the registration order are accurate and complete. This is done through syntax and plausibility checks in conjunction with a risk assessment. In addition, the validity of the recorded e-mail address is actively verified. These basic checks will also take place when there will be changes to the holder data of an existing domain, or when an existing domain is to be transferred from its current holder to a new holder.
Will holder data checks be performed for all future
.de domain registrations and transfers?
Aforementioned basic checks covering the validation of holder’s name (and, if applicable, legal status) as well as of their postal address and e-mail address will be performed on a regular basis, as an integral part of all domain transactions (including new registrations, updates of existing holder data and changes of holdership). Any further checks will be carried out in line with a risk-based approach. This means that if no anomalies are found during basic checks, the domain in question will be registered and connected promptly. If, on the other hand, anomalies are detected during basic checks, downstream verification procedures will set off. These require verification (evidence) of the person seeking to register the domain (‘applicant‘). Moreover, if a domain‘s registration data is conspicuous in several respects, such domain will not be connected until further notice and therefore cannot be used until successful verification has been completed.
What happens if anomalies are found during regular basic data checks?
If automated basic checks revealed any anomalies regarding the data provided by the applicant, further checks will be carried out in a subsequent stage. In order to finalize domain registration, the applicant will then have to furnish proof to verify the accuracy of their data. If verification is successful, the domain will be connected by DENIC right away. Should verification fail, however, or should no evidence of data accuracy be delivered on time, within the set period, DENIC will take consequential action: If despite minor data inconsistencies, the domain in question had been initially connected and could therefore be used on a provisional basis, subject to timely verification, the failure of such verification will then lead to the domain being disabled (i. e. disconnected) and put on temporary hold. If thereupon, following a reminder, verification still fails or the final deadline for rectification has passed, DENIC will delete the domain, after prior written notice of termination was given.
Who will carry out holder data checks?
Data validation, i.e. the initial check of applicant’s name (and, if applicable, legal status) as well as of their postal address, will be performed by DENIC during ongoing registration, as part of an automated risk assessment. However, the validity of the provided e-mail address will be verified in a separate process, by the upstream registrar handling domain registration on their end customer’s (i.e. the applicant’s) behalf. If, due to anomalies found during validation, the necessity arises for the applicant to prove the accuracy of their data in order to finalize domain registration, it will be their registrar who will both notify the applicant of the need for identity verification and carry out all related proceedings. In doing so, the registrar is free to choose at their own discretion a verification method defined and accepted by DENIC, to comply with minimum requirements regarding secure authentication. As far as DENICdirect customers are concerned, both data validation and any necessary downstream verification will be carried out at DENIC’s end.
The above changes will be implemented in compliance with Germany’s national legislation transposing the EU’s NIS2 Directive.
