Transparency Report 2025: keeping .nl secure and trustworthy
Details of the work we do to maintain the quality of the .nl domain
The .nl domain is one of the most secure top-level domains in the world. And, together with registrants, registrars, hosting service providers, authorities and others, we work hard to keep it that way. That means taking the lead on tackling internet crime that involves .nl domain names. In order to prevent criminal activity, we sometimes need to intervene – by making a domain name unreachable, for example. Details are provided in periodic Transparency Reports, the latest of which is now available. A few of the key points from the 2025 report are outlined below.
Notice-and-take-down requests
Our Transparency Report includes data on the notice-and-take-down requests we received. An NTD request is a request for us to remove a domain name from the .nl zone, on the grounds that it’s being used for illegal or unlawful content. In 2025, we received 87 NTD requests. After investigating, we responded to 22 of those requests by making the domain names unreachable. Usually, that was because the name was being used for identity fraud involving a website mocked up to look as if it belonged to another organisation. Websites like that are often used for phishing or other fraudulent purposes.
View the Notice-and-Take-Down report
Dispute Resolution System
If a dispute arises over a domain name – because, for example, the name resembles someone else’s brand name or trading name – the parties can seek a solution under the Dispute Resolution Regulations for .nl Domain Names. The disputes are then referred to the WIPO Arbitration and Mediation Center for consideration. Our Transparency Report details the number of resolution cases started, settled by mediation and decided by WIPO. In 2025, 42 cases were started. Of those, our mediators were able to resolve 7 without WIPO having to rule on them.
View the report on the dispute resolution system
Cancellations and other procedures
Another focus of the report is cases where we unilaterally cancelled a domain name’s registration because the registrant failed to fulfil their obligations to us. Unilateral cancellation is allowed by Article 16 of the General Terms and Conditions for .nl Registrants. We did that 2,041 times in 2025. We also made 1,634 domain names unreachable in line with Article 18 of the General Terms and Conditions, after the registrants failed to verify their registration data in time. We typically do that because, for example, the domain name in question is being used for a fake webshop.
View the subscription termination report
Phishing and malware
If we suspect that a domain name is being used for phishing, malware or other malicious activity, we contact the name’s registrant, hoster and registrar, asking them to investigate and to take action if abuse is confirmed. Last year, we sent alerts about 3,724 domain names. Usually when we do that, the registrant, registrar or hosting service provider responds by dealing with the issue. If they fail to take prompt action, we remove the domain name from the .nl zone, making it unreachable. We did that 413 times in 2025. The average time required to get phishing, malware and other malicious activity taken down after receiving a report was 20 hours last year.
View the report on phishing and malware
Open and transparent
Compared with the total number of .nl domains -- more than 6 million -- the number of times we intervene is very small. Nevertheless, we think it's important to be open and transparent about our interventions, because they can have major implications for those involved. Our Transparency Report therefore details how often we have felt obliged to take action and how often we provided non-public registrant data, of our own accord, in response to legal proceedings or at the request of a law enforcement agency. The Transparency Report is updated quarterly.
