Recent months brought about an increase in the legislative and regulatory requirements, which are concerning also the area of internet domain registrations and therefore they impact both the top-level domain registry as well as domain registrars.
As we have already informed you, as of April 1st, 2018 the new Law no. 69/2018 about Cybersecurity entered into force (http://www.zakonypreludi.sk/zz/2018-69 – in Slovak); it is implementing relevant EU directive (so-called “NIS”). Among others it regulates the position and obligations of the operator of the basic service. Since it is relatively recent legal norm, due to GDPR, it might have been overlooked, that the relevant definition and thus also new obligations might be also concerning registrars.
According to the Appendix no. 1, part 3, the obligations of the provider of the basic service are explicitly concerning also providers of the Domain Name System services on internet.
Since the National Security Office recently initiated process of intra-departmental comments for the executive decrees (https://www.slov-lex.sk/legislativne-procesy/-/SK/dokumenty/LP-2018-213 – in Slovak), which in their proposed wording among other specify, that basic service is such, which falls under e.g. the condition of “Providing on its DNS severs authoritative answers altogether for at least 1000 various domains,” it is highly likely, that the new law is concerning directly also some of registrars.
Apart from the above decree, the public comments process has been initiated also for another ordinance regarding the process of reporting of security incidents (https://www.slov-lex.sk/legislativne-procesy/-/SK/dokumenty/LP-2018-195 – in Slovak), therefore we definitely recommend to read through both of these and we advise to seriously consider taking part in this legislative process.