The recently adopted NIS2 directive by the EU has established the significance of an accurate and complete WHOIS system in contributing to cybersecurity across the Union.



Article 28 of NIS2 mandates that all registrars and registries maintain thick sets of WHOIS data with accuracy and diligence in compliance with GDPR regulations for personal data, and permit legitimate access by third parties to WHOIS data. This requirement is in line with the consensus Thick WHOIS policy developed by the ICANN community and adopted by the ICANN Board of Directors in 2014.

 However, the delays and deferrals of enforcement of thick WHOIS on .COM, .NET and .JOBS domains by the ICANN Board of Directors prompted EU policy makers to step in and require thick WHOIS via government regulation. As such, ICANN should recognize the importance of thick WHOIS policy and immediately move towards its implementation for all gTLD domain name registries.

NIS2, which is a European Union directive aimed at enhancing internet security, requires thick WHOIS to ensure accurate and complete domain name registration data. Article 28 of NIS2 mandates that TLD name registries and entities providing domain name registration services collect and maintain correct and complete domain name registration data in a dedicated database, with due diligence in compliance with Union data protection law for personal data.

Furthermore, certain recitals preceding Article 28 clarify the requirements for registries and registrars such as ensuring accuracy, making WHOIS data publicly available (except personal data), promptly responding to WHOIS data requests, and providing free access to legitimate WHOIS data seekers. TLD name registries and entities providing domain name registration services should establish policies and procedures to prevent inaccurate registration data in compliance with Union data protection law.