1. Purpose
This Verification Policy outlines the procedures and responsibilities for ensuring accurate and complete registration data for all .one domain registrations. The policy aligns with the Danish transposition of Article 28 of the EU NIS2 Directive and supports One Registry’s risk-based assessment framework.
2. Scope
This policy applies to all .one domain registrations. It covers the handling of verification requests issued by One Registry when a registration is identified as high risk. Domain registration data may be evaluated at any point, and always upon new registrations.
3. Risk-Based Assessment Overview
One Registry conducts an automated risk-based assessment on registered .one domains. The assessment may flag a registration as medium or high risk based on certain indicators, including, but not limited to:
When a registration is classified as medium or high risk, the registrar will be required to verify the registrant information.
4. Verification Workflow
4.1 Notification
The registrar will receive an email alert from One Registry indicating that a new verification request is available.
The email will contain a secure link to view and process the request.
4.2 Processing the Verification Request
The Registrar must use the magic link to access the request and take one of the following actions. Via the link, the Registrar must indicate within 48 hours whether the verification is successful or failed.
By confirming the verification, the registrar confirms they received documentation that shows the registration data provided by the registrant is accurate and correct. An example is requesting a copy ID of the registrant to verify the name.
a. Successful Verification
b. Failed Verification
c. No Response (48-Hour Deadline)
4.3 Post Deadline Verification
If the Registrar completes the verification after the 48-hour window has expired, One Registry will remove the serverHold status upon receiving confirmation of successful verification.