The European Union is currently working on a new cybersecurity directive that could seriously impact both domain registrars and Whois.
As part of the new “Directive of the European Parliament and of the Council on measures to ensure a high common level of cybersecurity across the Union“, companies that work with domain name servers (DNS) would be required to keep data on the owners of domain names and ensure the accuracy of this data.
To make matters worse, they would even need to provide data on domain name owners to relevant authorities and other interests if requested to do so.
The new directive also states that the way this data is kept should comply with the GDPR when it comes to personal data. However, since the GDPR resulted in the removal of personal data from Whois, the directive would not ban anonymous websites outright.
Directive vs regulation
When GDPR first came into effect in 2018, it caused a lot of disruption among businesses trying to comply with the new regulations.
If the latest EU directive ends up being implemented, it could be even worse. Indeed, unlike a regulation which acts as a law that prevails over the national laws of the EU member states, the directives set targets for all EU countries which must be translated into their own national laws. As a result, this new directive would be transformed into different laws in 27 countries, further complicating things for organizations doing business in the EU.
We will likely learn more about this EU directive and how it will affect the domains industry as we get closer to its implementation.
Going through Domain name feed