Dear Registrars,
we are thanking you once again for reviewing the new Agreement and for sending us the comments which were already answered directly to you via e-mail.
Based on the comments and questions we received, we have prepared a summary of some of the answers and explanations. Please find them published below.
Validity of the agreement and the accompanying documents
Regarding your questions about which binding documents are being changed, we would like to clarify that at this stage, only the text of the Domain Name Registration Agreement is being changed. The accompanying documents form an integral part of the Agreement and are listed in Article 2.1. (i.e. General terms and conditions for domain registration under the .si top-level domain, Rules of procedure for alternative resolution of domain disputes, Rules for using the WHOIS search service, ARNES Rules on the protection of personal data and the Price list of services of the Registry .si in connection with transactions with domains) remain the same. As always, any future changes to these documents will be published on the Registry .si website in a timely manner.
We would also like to point out that the obligation to sign the new Agreement applies to all Registrars. In case the Registrar does not sign the new Agreement, Registry .si can withdraw from the Agreement currently in force since not signing a new Agreement represents a valid reason for such withdrawal under the Agreement. After signing, the new Agreement completely replaces the old one, which is also defined in Article 17.2. of the new Agreement.
Affiliation fee and initial deposit
The Affiliation fee and the Initial deposit must be paid by every new Registrar entering into an Agreement with the Registry .si for the first time. The obligation does not apply to existing Registrars which, at the time of signing of the new Agreement, already have a valid Agreement with Registry .si in force and the new Agreement will replace the current one. For the avoidance of doubt, a new provision has been added to Chapter 17 of the new Agreement (»Transitional and Final Provisions«) which will specifically provide for an exemption from the Affiliation fee and the Initial deposit for the existing Registrars.
Domain holder verification
Based on the General conditions for registering domains under the .si top-level domain, both the holder and the Registrar must ensure the accuracy and authenticity of the domain holder’s data. Related to this duty, provision 5.4 was also revised in the new Agreement, namely based on the Directive (EU) 2022/2555 (the so-called “NIS2 Directive”). Article 28 of the NIS2 Directive stipulates that both TLD name registries and entities that provide domain name registration services are now obliged to collect and maintain accurate and complete domain name registration data, including data on holders. At the national level, the legislation transposing the NIS2 Directive is still being prepared, so we cannot yet talk about the details. Nevertheless, this obligation will certainly require cooperation between the Registry .si and the Registrars, since, based on the upcoming legislation, the Registrar (as an entity in direct contact with the domain holder) will also assume direct responsibility for the accuracy of the data. The Agreement does not provide for a specific sanction for the breach of this provision, but in principle, both Registry .si and the Registrar have a general right to withdraw from the Agreement in the event of breaches that do not cease upon request (Clause 12.3.). In case of repeated breaches on the side of the Registrar, Registry .si may also withdraw from the Agreement without warning and notice period. Since we believe that Registry .si and the Registrars will be able to approach the fulfilment of these new commitments in the spirit of cooperation, we trust that such situations will not occur. We are also aware that it is impossible to expect all data to be accurate and complete all the time from registration to domain deletion, especially given that domain registration is an automated process in which several actors participate (potential future domain holder, Registrar and Registry .si), and which allows the domain registration data to be changed at any time (even after the domain registration). However, we emphasize that the Registrars will have to demonstrate a proactive approach when collecting and verifying the holders’ data and maintaining a complete database since they will be directly liable for this under the relevant legislation transposing the NIS2 Directive, which will also prescribe sanctions for violations, as this is required by Article 36 of the NIS2 Directive.
Cyber security requirements
Related to the additional security requirements and obligations that address cyber security and also come with the NIS2 Directive and given some comments we received, we would like to clarify that a competent authority will be appointed to check the compliance of the (new) entities liable under the relevant national legislation transposing the NIS2 Directive. Checking compliance will therefore not be under the jurisdiction of Registry .si.
Contractual obligations or security requirements for the Registrar, which Registry .si reserves the right to check, are described in provisions 6.1.3. – 6.1.6. (»Basic requirements for the Registrar«) of the new Agreement, as well as in the provisions in point 11 (»Technical requirements«).
Protection of personal data / Transfer requests
The new provision in 15.3. regarding the exception, according to which personal data can be transmitted based on the requests of the authorities with a final decision or a justified request, was also added to the Agreement, especially in light of the new NIS2 Directive. In principle, however, the Registrars could receive such requests from various authorities already before the NIS2 Directive. The provision of paragraph 5 of Article 28 of the NIS2 Directive stipulates that Registrars (the same as Registry .si) will have to provide access to the domain name registration data to certain eligible authorities or third persons. The deadline for answering such requests is only 72 hours. We are aware that many Registrars do not have the necessary knowledge, experience and human resources available to handle such claims. However, we emphasize that this will be a legislative and not a contractual requirement. With this new provision, Registry .si only establishes an exception when the transmission to the eligible third parties is permitted and thus Registry .si does not impose anything additional obligation on the Registrars in this regard.
Changes to the new agreement
Based on the comments received, we are also publishing the text of the new Agreement with the corrections in track changes: