Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Essential organisations must improve domain name portfolio management

Cyber Security Decree will translate NIS2 requirements into Dutch law

European flag with the text 'NIS-2 Directive'
  • Thursday 24 April 2025

Although we still don’t know when the Netherlands’ new Cyber Security Act will come into force, a lot of work is already being done on its practical implementation. As part of those efforts, a draft of the Cyber Security Decree was recently published for online consultation. While the draft decree – technically a ‘general administrative order’ or ‘AMbV’ in Dutch – may yet be amended following consultation, it helps us to see how the provisions of the Cyber Security Act are likely to work in practice. Cybersecurity professionals therefore now have a better understanding of what their future obligations and responsibilities will be.

Key provisions

The Cyber Security Decree is based on the Cyber Security Act, which in turn is based on the EU’s NIS2 Directive. As currently drafted, the act will create various general obligations with regard to risk management, incident reporting and monitoring. Those general obligations will then be translated into concrete requirements by the proposed decree. More specifically, the decree will provide for:

  • A duty of care regarding the supply chain, including due diligence in supplier selection

  • Mandatory cyber-resilience training for executives

  • Specific incident reporting obligations, covering promptness, report content and reporting method

  • Periodic audits and self-evaluations

Obligations regarding domain names

One notable addition is the explicit attention given to the domain name portfolios of essential and important entities. The consultation indicates that such organisations will be required to record all the domain names under their control. That may prove difficult in practice, since SIDN’s experience is that many organisations lack a complete overview of their domain name portfolios – typically because they have lost track of shadow IT arrangements or historical registrations. It’s also unclear how the new obligation will tie in with the recently established Register of Government Internet Domains (RIO).

Nevertheless, inclusion of the provisions in question underscores the strategic importance of domain name management for national digital security. It also increases the pressure on organisations that have previously been subject to relatively little scrutiny.

What next?

Many organisations now have a clear idea what they will have to do to comply with the law. While the consultation version of the decree is accompanied by sector-specific guidance, questions do arise regarding the workability of the proposals. Nevertheless, any organisation that falls under the new rules would do well to:

  • Perform a gap analysis on the basis of the new requirements

  • Involve direct suppliers and service providers in their risk management

  • Establish reporting procedures and training programmes

  • Prepare for supervision by the appointed CSIRT or regulator

The message is clear: the days of doing as one sees fit are gone. When the Cyber Security Decree takes effect, cyber-resilience will cease to be an option and become a demonstrable obligation.

More info and consultation documents: www.nctv.nl – Cyberbeveiligingsbesluit

Related articles