Raising the bar on .UK domain safety: Nominet’s approach to new legislation

Previously, the Government launched a consultationto bring provisions in Sections 19-21 of the Digital Economy Act 2010 (DEA) into force. This outlined expectations of UK-based internet domain name registries including .UK, .cymru and .wales, which are managed by Nominet.

We published a full blog about the consultation, our perspective on the proposed legislation, and how we predicted it could impact our operations. We also published our consultation response.

Since then, the Internet Domain Registry (Prescribed Practices and Prescribed Requirements) Regulations 2024has come into force. The statutory instrument outlines specific prescribed practices related to technical abuses, such as phishing, malware, and other forms of DNS abuse, while also ensuring that the domain doesn't direct to child sexual abuse material. As the .UK registry, we're required to have measures in place to prevent or mitigate these prescribed practices. Failure to adequately address these could lead to the Government - specifically the DSIT Secretary of State - intervening in the management of the registry to rectify the issues.

We already do a lot to keep the .UK namespace safe and secure, and work hard to mitigate criminal activity. But this is no reason to be complacent. We're committed to addressing these new legal requirements and raising the bar on safety and abuse practices across the .UK domain. To achieve this, we're planning to focus on a number of areas:

1. Policy review: We're taking a fresh look at our terms and conditions to make sure they prohibit the technical abuses laid out in the new statutory instrument.
2. Dedicated abuse policy: We're working on a new policy that will bring clarity to how we handle domain abuse.
3. Fostering a culture of proactive mitigation: We're dedicated to building a proactive approach to abuse prevention, with teamwork across various departments here at Nominet.
4. Industry collaboration: We want to work with registrars, members, and other stakeholders to ensure a smooth transition to the new policies and practices, and to gather feedback.

Even though compliance with the new legislation is a legal requirement, our efforts to raise the bar on our approach to tackling domain abuse reflect our commitment to the long-term health and integrity of the .UK domain, ensuring it remains a trusted and secure online space for users.

We'll share more details about the specific policy changes and how we'll implement them as we continue to integrate these new requirements into our broader domain abuse strategy.