Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions
Login
Nederlands

Domain names

Overviewpage Domain names

Cybersecurity

Overviewpage Cybersecurity

Who we are

Overviewpage About SIDN

What we do

SIDN Labs

Homepage SIDN Labs

News

Domain names

Overviewpage Domain names

Who we are

Overviewpage About SIDN

What we do

SIDN Labs

Homepage SIDN Labs

News

Cybersecurity

Overviewpage Cybersecurity

Vacancies

Loading vacancies
More vacancies

News

Loading news
More news and blogs

News

Loading news
More news and blogs

Less opportunism, more engagement

How Dutch businesses can improve their response to European cybersecurity legislation

The European Union flag displayed in a wavy binary sea made up of ones and zeros.
  • Wednesday 29 October 2025

SIDN is a partner in Alert Online, the network of enterprises, government bodies and other organisations that work together on cybersecurity. Numerous activities are organised all year round, but with an emphasis on October, which is European Cyber Security Month. For this year’s flagship month, we carried out a phishing study and interviewed experts in the field of cybersecurity. We spoke to Johnny Honing of ICTRecht, the legal service provider and specialist in areas such as cyber-legislation, and to Jan Martijn Broekhof of Guardian360, the information security service provider, about the impact of new European cybersecurity legislation.

Digital Decade: more than rules

Johnny Honing
Johnny Honing, Information Security Consultant at ICTRecht

In recent years, Brussels has produced a steady flow of cybersecurity legislation, including NIS2, DORA, the AI Regulation, the Data Act and the Cyber Resilience Act. Most of the new European rules form part of the Digital Decade: an EU programme designed to build up the continent’s digital strength. “The Digital Decade is more than a collection of laws,” says Johnny. “It’s a digital compass pointing in the direction that we in the EU want to head: towards a Europe that’s more resilient, competitive and digitally skilful. The associated legislation is extensive. As well as NIS2 and DORA, there’s the AI Regulation, the Data Act and the Cyber Resilience Act. The Data Act will have a particularly big impact. It regulates access to and the portability of data, and it’ll help to prevent Big Tech imposing restrictive contracts.”

Avalanche of legislation

A great deal of cybersecurity legislation is coming out of Brussels, therefore. But is the Dutch business community ready for it? Jan Martijn believes that Dutch businesses are responding in a somewhat opportunistic way. “In the Netherlands, businesses often do the minimum required to comply with the law, and then see who’s watching,” he says. “They see the sheer volume of rules as problematic and wonder how they’re supposed to find the time to address them all. They also question how the legislation is helping SMEs.”

Johnny Honing recognises some of those observations. “For organisations that are already compliant with the existing cybersecurity standards, the impact isn’t so significant. But the new rules can feel like an avalanche to others. As a result, the rules don’t always have their intended effect. Nevertheless, it’s good that, here in Europe, we’re thinking collectively about digital resilience.”

Netherlands lags behind

Portrait of Jan Martijn Broekhof
Jan Martijn Broekhof, CEO of Guardian360

Both experts say that the Netherlands is lagging behind in terms of engagement. Johnny: “In other countries, senior managersseem to be much more actively involved with cybersecurity than in the Netherlands.” Jan Martijn echoes that view: “We stand out from the crowd, and not in a good way.”

“It’s a shame that we consistently interpret the rules in our own way,” says Johnny. “Take NIS2. In Belgium, NIS2 has already been translated into national legislation, and the Cyber Fundamentalsframeworkhas been developed to help businesses comply with it. There’s even a toolkit that businesses can use to achieve compliance.” Jan Martijn follows up by asking “Why can’t we simply adopt that?”

What should businesses do?

Johnny and Jan Martijn have the following practical advice for anyone looking to bring their business operations into line with the new rules:

  • Start with a baseline measurement of your existing environment: What’s your current security and compliance status? A clear picture of where you stand is the starting point for identifying what needs to be done.

  • Use existing tools: Whitepapers and evaluation tools are available from the NCSC, DTC and CoC websites.

  • Look into ISO certification: ISO 27001 provides a good basis.

  • Involve your accountant or legal advisor: They can help you draw up a roadmap.

  • Be realistic: Show that your senior management is accepting responsibility and taking action.

Management accountability is an important aspect of compliance. “NIS2 requires that senior managers receive training in risk management and cybersecurity,” Johnny points out. “So the management has to take ownership of this, not simply leave everything to an outside service provider.”

Conclusion

The message is clear: cybersecurity isn’t a one-off push, but a continuous process that depends on engagement. The Dutch business community therefore needs to move away from doing the minimum to comply with the law, and start actively engaging with this issue. While the Digital Decade provides a framework for action, it’s up to each individual enterprise to translate that framework into measures tailored to its own operations. As Jan Martijn says, “People just want to get on with doing business. However, we’re moving towards a world where you won’t be able to do business if you haven’t got your cybersecurity in order.”

Related articles