Introduction
Last year, we posted a pair (v1[1], v2[2]) of guides for managers of corporate domain portfolios, to anticipate changes in domain name policies in reaction to the NIS2 Directive.
With a trio of European ccTLDs having introduced tangible changes in the past couple of months, we thought it’d be a good time to end the hiatus and post a third installment in the series.
If you’re just joining us, the series attempts to help portfolio managers make sense of the announcements coming from domain registries and registrars. Information comes from all angles and it’s not always easy to parse, even for industry professionals. Here we try to explain things in the plainest possible language.
Without further ado, here is what we’ve seen in the first half of 2026,
Germany
Last we checked in on DENIC in v2 of this series, they had announced the mandatory inclusion of phone numbers in domain contacts, as well as alluding to the use of automated means to detect irregularities in domain data. The latter is now fully in practice[3], as any registration, owner change, owner data update, or change of registrant will trigger a “risk assessment,” gauging whether some values within the contact may be false or incomplete.
When the risk assessment flags a possible issue with the owner, the domain registrar (such as IP Twins) receives the information first via an EPP poll message. We will then notify the client of which value(s) was flagged and conduct verification procedures. These culminate in us marking the contact has having been validated.
If these actions are not taken after 24 days, DENIC will email the registrant directly advising that they have 5 days to validate or the domain will be deactivated. After deactivation, the registration has another 83 domains until the domain is deleted.
Portugal
In contrast to .DE, for .PT domains, the verification and validation of data come before the domain can be registered or transferred to a new owner. Additionally, there is no automated screening and rather a blanket obligation to verify and validate phone numbers and email addresses for all new contacts.
This is somewhat of a relief for current holders of .PT domains, as there’s no chance of missing something that could lead to domain names being suspended. Instead, issues will be easily detected and sorted through while we assist you in a task that you have requested.
There is an opportunity for current domain holders to be proactive, if they choose: The registry system for DNS.PT grants management access to domain owners, even if they are working with a registrar. Every domain owner can log onto a “Reserved Area” on the DNS.PT website. From this page, the domain owner can perform verification and validation of their own data to ensure that future orders involving their owner contact can be processed more quickly.
Croatia
While .HR domains can still be created and delegated prior to owner validation, it doesn’t seem like this will be the case for very long.
The Croatian registry operates two systems: One for local owners registering domains matching their own name or business name, for which there is no registry fee, and another for foreign owners, for which registration fees are collected. It is already mandatory to validate each owner before registering a domain under the free system[4]
IP Twins is now being asked to provide a signed and stamped declaration from the domain owner, testifying to accuracy of the registrant data provided. We request this declaration upon receipt of the registration request, but the domain can be delegated while we still await the final document.
Furthermore, we are currently going back and asking for this declaration from all holders of .HR domains that do not already have one on file. So far there’s no tangible consequence for failing to provide this document upon request, but signs from the registry are that such consequences are on the horizon.
Conclusion
A corporate domain name portfolio consisting of many different European ccTLDs is going to involve validating the company’s data many different times, using different verification methods. The ccTLDs that we have covered in this series are merely the first that have come forth with concrete protocol.
Fortunately, the incentive for the different registries and registrars is to provide a workable system that does not create undue burden on the domain holder. It is our opinion that the procedures outlined for .DE, .PT and .HR are generally reasonable and easily satisfied. We expect that will continue to be the case as new country-code registries come forth with similar rule changes.
Nevertheless, competent management of these domain portfolios will require a passing familiarity with the rule changes as they go into effect. Whether it be through the overviews in this series, or more specific orientation provided by an Account Manager, corporate portfolio managers can count on IP Twins to clearly outline the steps to be followed to remain in compliance.
About IP Twins
IP Twins assists companies in the strategic management and protection of their domain name portfolios worldwide. Our teams help clients navigate registry policy changes, meet verification requirements, secure critical domain names, and respond effectively to online threats affecting their brands.
Through domain name management, online brand protection, monitoring, enforcement and dispute resolution services, IP Twins provides practical support to keep corporate digital assets secure, compliant and under control.
Notes
[1] NIS2 directive for domain managers: how best to prepare? – IP Twins
[2] NIS2 for domain name managers: first update – IP Twins