Nominet is proposing a framework for the use of proxy services for .UK domains, designed to ensure that registrars wishing to offer these services meet agreed criteria in terms of data access, resilience and compliance. The comment period, which opens today, follows earlier feedback from stakeholders regarding changes to .UK policy arising from the General Data Protection Regulation (GDPR).
Proposed Proxy Service Framework : key features
- Only Accredited Channel Partners are eligible.
- Proxy service providers will be obligated to respond to LEA data requests within 24 hours.
- A suitable Proxy Service Incident Plan, or third party data escrow scheme must be in place.
- For DRS claims, the proxy service provider has 48 hours to supply details of the underlying registrant.
- Participating registrars would be subject to an annual compliance audit to ensure underlying data is accurate.
Commenting on the proposed changes, Nominet COO Eleanor Bradley said: “In a post-GDPR world, with personal data redacted from the .UK WHOIS, there may be a diminishing demand for services offering privacy. However, we prefer to have the small number of registrars offering proxy services doing so within a recognised framework. We accept the proposed framework means that for a limited number of domains, we will not hold the underlying data. However, with the right safeguards in place, we will be able to access relevant data at short notice and maintain the high standards that keep the .UK namespace safe and secure.”
The comment period will launch on the morning of Monday 10th September 2018. It will run for a period of 30 days, and close at midnight on the 9th October 2018.
Stakeholders can give us their feedback via the online form available at: https://surveys.nominet.org.uk/s/comment-period/
Here is a redline version of the RRA containing a new schedule setting out the terms and conditions registrars will have to comply with when providing proxy services.