ACM becomes first government agency that can order SIDN to take down domain names

We welcome the change

Nothing is changing for some time yet, but from 17 January 2020 the ACM (and thus also the AFM) will have the power to order SIDN or a registrar to 'take down' a domain name. It will be the first government agency ever to have that authority. The change is a consequence of a European regulation, which comes into effect on that date. Implementing legislation is being prepared to set out how the system will work in practice, and a draft has recently been published for consultation. We have submitted our response, which you can read using the link provided here.

Regulation on Consumer Protection Cooperation

Dutch law is being changed in line with the EU's Regulation on Consumer Protection Cooperation, which requires consumer protection authorities in all member states to cooperate with requests from their counterparts to act against breaches of consumer rights. In practical terms, if an Italian consumer complains to their local consumer protection authority about a fraudulent webshop run from the Netherlands by someone Dutch and using a .nl domain name, the Italian authority can ask its Dutch counterpart to do something about the situation.

As well as laying down rules about cooperation amongst consumer protection authorities, the regulation specifies the minimum powers that such authorities should have to intervene. Those powers relate mainly to taking action in the first instance against the wrongdoer. However, such authorities must also be able to intervene with hosting service providers, registrars and registries.

We welcome the change

For the Netherlands, the new rules represent a significant change. Until now, no government agency (not even the police or the public prosecutor's office) has had the authority to issue orders concerning domain names. On the one hand, that's never really been a problem. After all, domain name-focused action is not a very effective way to tackle consumer rights issues and does not lend itself to careful targeting. It is at best a last-resort strategy for situations where all other approaches have failed. We nevertheless welcome the creation of this new power, because situations do arise where taking down a domain name is a reasonable course of action. At the moment, only we or the managing registrar can intervene on that level. However, it is often the case that neither we nor the registrar can adequately judge whether such action is justified.

Last resort only

However, it is important the ACM's new power is exercised only in the last resort. Furthermore, the intervention procedure must include adequate safeguards. In relation to the first of those points, we believe that the draft legislation leaves something to be desired. On the other hand, we do regard the proposed intervention procedure as providing appropriate safeguards: intervention will require approval by a judge, to whom the relevant registrar or SIDN will have the opportunity to present its case.

We therefore support the draft legislation in principle, but wish to see certain points revised. For details, see

our consultation response

. It is now a question of waiting to see how the legislative process unfolds.




Maarten Simon

Legal & Policy Advisor

+31 26 352 55 00

  • Thursday 14 March 2019

    .nl domain name

    SIDN analyses


    Van een startkapitaal van € 2.000,- naar een omzet van € 200 miljoen

    Read more
  • Tuesday 25 June 2019

    Internet security

    IoT, cybersecurity and product development: the Samsung case


    Show some balls!

    Read more
  • Monday 23 July 2018

    Internet security

    Beware: stand-ins and holiday temps targeted by cybercrooks


    Summer holiday period now in full swing

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.