We are pleased to inform you about the final version of the executive order to NIS2 taking effect from January 1, 2026.
Please be aware: While the executive order will not come into force until January 1, 2026, the Danish NIS2 law is still effective from July 1, 2025.
The executive order was changed after a public consultation in many positive ways compared to the initial draft.
Here are the key changes
Verification during registration:
Requirement for verification only in connection with registration.
Requirement for validation and verification of either the contact email address or the phone number.
Amended so that validation/verification of a registrant with multiple domain names (TLD´s) under the same entity only needs to be performed once by that entity.
Activation exception:
An exception has been introduced to the requirement not to activate a domain name before validation has occurred.
A domain name can now be activated for 72 hours if it is not technically possible to validate/verify it beforehand. During this 72-hour period, validation/verification must take place. If it does not, the domain name will be suspended or deleted without undue delay.
Definition of legitimate access seekers:
The definition of legitimate access seekers will be adjusted so that legitimate access seekers from other EU countries are not automatically considered legitimate access seekers in Denmark.
Expedited requests will be discontinued.
You can see the executive order here (only in Danish)
And the consultation paper can be found here (only in Danish)
On a final, yet significant note, a big thank you to all registrars who submitted their responses!
Your valuable input has been essential in helping all of us work towards a better version of the NIS2 directive.
