Additional Terms for .gov.uk domains
Please note .gov.uk domain names are subject to additional terms and conditions as laid out by the Government. These are given below and are also available on https://www.gov.uk/guidance/additional-terms-for-govuk-agreements
Role and responsibilities of CDDO as the Critical Domain Holder
The parties agree to and accept the role of the Critical Domain Holder as set out below in respect of the protection of .gov.uk domains and subdomains.
-
The Central Digital and Data Office (CDDO), acting on behalf of the Minister
for the Cabinet Office and as part of the Crown, has rights over the ‘.gov.uk’
domain and subdomains. CDDO is the .gov.uk domain Critical Domain Holder.
- The Critical Domain Holder does not need to be party to this agreement.
- The Critical Domain Holder has appointed the .gov.uk Registry Operator.
- The Critical Domain Holder permits the .gov.uk Registry Operator to enter
into Registry Registrar Agreements.
- The Critical Domain Holder is the only authority that may verify the identity
of the Registrant.
- The Critical Domain Holder approves a .gov.uk domain name for use by the
Registrant.
- The Critical Domain Holder is responsible for setting and maintaining the
domain registration and management rules, which are defined in the Apply
for your .gov.uk domain name guidance on GOV.UK.
- The Critical Domain Holder acts as an escalation point and ultimate decision
maker in the event of a dispute regarding the management or control of a .gov.uk
domain name.
- The Critical Domain Holder may, at its sole discretion, direct the Registry Operator, Registrar, Registrant or sub-Registrant to take action, including urgent action, to protect a .gov.uk domain name, at any time. Such action may include to suspend, withdraw or transfer a .gov.uk domain name:
- if the Registrant or sub-Registrant persistently or seriously violates the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK,
- if the Registrant or sub-Registrant persistently fails to respond to communications from the Registrar, Registry Operator or Critical Domain Holder,
- to resolve disputes which concern the Registrant or sub-Registrant’s registered .gov.uk domain name,
- if the continued Registration of the Registrant’s .gov.uk domain name poses an immediate critical security threat to the Registrant’s services or other public sector services,
- if the Registrar persistently fails to meet the Criteria to be a .gov.uk Approved Registrar,
- if the Registrar is no longer a .gov.uk Approved Registrar as defined by the criteria,
- if there is any event that might lead to your organisation ceasing trading, such as a voluntary winding up, a bankruptcy, or an insolvency event as defined in section 123 of the Insolvency Act 1986,
- if required by the law.
- The Critical Domain Holder is an independent data controller in its own
right for personal contact data contained within the Registry Data. The Registry
Data means any data, including but not limited to DNS resource records,
public-key material for DNSSEC and personal contact data, in each case held by
the Registry Operator:
- for use in its Registry Services,
- or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant,
- or for use by the Registrar in performance of its roles and obligations to the Critical Domain Holder, Registry Operator and/or Registrant.
- The Critical Domain Holder and its suppliers are authorised to undertake
monitoring of all .gov.uk domains and subdomains as described on the Domain
Management team page. The purpose of monitoring is to test for the secure
configuration of domains and associated digital services and alert the relevant
service owners when problems are found.
The monitoring undertaken by the Critical Domain Holder, and/or its suppliers, may, on some rare occasions, temporarily impair the function of the domain and associated digital services. In those circumstances, the Critical Domain Holder will work with the Registrar, Registrant, and/or Sub-Registrant to overcome the temporary impairment as soon as is reasonably practicable. The Critical Domain Holder and its suppliers are authorised to undertake monitoring of all .gov.uk domains, and subdomains, regardless as to this risk of impairment.
In undertaking monitoring, the Critical Domain Holder, and/or its suppliers, may process personal data. The processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Critical Domain Holder, and/or its suppliers as a data controller. Details associated with a domain will be retained for as long as the domain is registered and in use. If details change to another person the Critical Domain Holder, and/or its suppliers, will remove the old contact within 6 months.
Role and responsibilities of the Registry Operator
The parties agree to and accept the role of the Registry Operator as set out below in respect of the protection of .gov.uk domains and subdomains.
- The Registry Operator means the administrative and technical operator of the
policies, processes and systems required to manage and operate the .gov.uk
domains and subdomains. The Registry Operator is the only operator for gov.uk
domains and subdomains, as appointed by the Critical Domain Holder.
- The Registry Operator must only accept .gov.uk domain registrations from .gov.uk
Approved Registrars. The Registrar Operator must not accept .gov.uk domain
registrations from any reseller or any other entity.
- The Registry Operator must use reasonable endeavours to verify that
organisations that wish to be .gov.uk Registrars meet the Criteria
to be a .gov.uk Approved Registrar.
- The Registry Operator has a Registry Registrar Agreement with all .gov.uk
Approved Registrars.
- The Registry Operator must ensure that all Registrars have Registrant
Agreements in place that reference this GOV.UK page and include these terms as
updated from time to time and published on the aforementioned page.
- All normal communications that the Registry Operator has with a Registrant must be through a Registrar. The exceptions to this are:
- if a Registrar is not supporting their Registrant in accordance with the Criteria to be a .gov.uk Approved Registrar or
- if the Registrant itself is not accepting such support.
- The Registry Operator must maintain a published list of .gov.uk Approved
Registrars.
- The Registry Operator operates a fair marketplace for .gov.uk Approved
Registrars. If the Registry Operator itself chooses to be a .gov.uk Approved
Registrar, it must not grant itself more favourable terms or treatment than
other .gov.uk Approved Registrars. The Registry Operator must not favour any .gov.uk
Approved Registrar over any other.
- The Registry Operator must not unreasonably refuse to sign a Registry
Registrar Agreement with a .gov.uk Approved Registrar.
- The Registry Operator must use reasonable endeavours to help .gov.uk
Approved Registrars continue to meet the Criteria
to be a .gov.uk Approved Registrar.
- The Registry Operator must notify the Critical Domain Holder before removing
the status of .gov.uk Approved Registrar or terminating a Registry Registrar
Agreement with a .gov.uk Approved Registrar.
- The Registry Operator is an independent data controller in its own right for personal contact data contained within the Registry Data. As a data controller, the Registry Operator will be responsible for ensuring agreements to cover the sharing and processing of personal data with other parties, such as the Registrars, are in place. The Registry Data means any data, including but not limited to DNS resource records, public-key material for DNSSEC and personal contact data, in each case held by the Registry Operator:
- for use in its Registry Services,
- or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant,
- or for use by the Registrar in performance of its roles and obligations to the Critical Domain Holder, Registry Operator and/or Registrant.
In these exceptional cases the Registry Operator may contact a Registrant
directly to help the Registrant meet the domain registration and management
rules, which are defined in the Apply
for your .gov.uk domain name guidance. The Registry Operator must always
copy the relevant Registrar in on communications with a Registrant in these
cases.
Role and responsibilities of the Registrar
The parties agree to and accept the role of the Registrar as set out below in respect of the protection of .gov.uk domains and subdomains.
- The Registrar must meet the Criteria
to be a .gov.uk Approved Registrar at all times.
- The Registrar must only provide .gov.uk domains directly to the Registrants
that they have Registrant Agreements with. The Registrar must not provide
.gov.uk domains via any reseller.
- The Registrar must maintain a list of all Registrants that have delegated
lower-level subdomains out to sub-Registrants.
- The Registrar must ensure that if a Registrant transfers a domain name:
- the new Registrant is eligible to have the domain,
- any new Registrar is a .gov.uk Approved Registrar,
- all parties follow the Transfer your domain name guidance.
- The Registrar agrees that any persistent failures, as defined and/or determined by the Registry Operator, and confirmed at the sole discretion of the Critical Domain Holder, to meet the Criteria to be a .gov.uk Approved Registrar, will result in:
- the Registrar no longer being a .gov.uk Approved Registrar,
- the Registrar, in consultation with the Registrant, to transfer the management of its .gov.uk domain names to an alternative .gov.uk Approved Registrar,
- The Registrar is an independent data controller in its own right for personal contact data contained within the Registry Data. The Registry Data means any data, including but not limited to DNS resource records, public-key material for DNSSEC and personal contact data, in each case held by the Registry Operator:
- for use in its Registry Services,
- or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant,
- or for use by the Registrar in performance of its roles and obligations to the Critical Domain Holder, Registry Operator and/or Registrant.
The Registrar must at its own cost and expense, provide all such support,
assistance and cooperation and execute or procure the execution of all such
documents as the Critical Domain Holder or the Registry Operator may from time
to time require for the purpose of giving full effect to this provision.
Role and responsibilities of the Registrant
The parties agree to and accept the role of the Registrant as set out below in respect of the protection of .gov.uk domains and subdomains.
- The Registrant is an entity which has registered a .gov.uk domain name in
the .gov.uk Registry.
- The Registrant must remain in legal control of their .gov.uk domain name at
all times. This includes not reselling or passing control of their .gov.uk
domain name to a non-public sector organisation.
- The Registrant must get approval from The Critical Domain Holder prior to
transferring their .gov.uk domain to any other organisation.
- The Registrant must protect its .gov.uk domain name by following the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK that apply to them, found here:
- Get permission to apply for a .gov.uk domain name
- Identify a registrant for your .gov.uk domain name
- Choose your .gov.uk domain name
- Get started with your .gov.uk domain name
- Creating and managing .gov.uk subdomains.
- Keeping your domain name secure
- Renew your domain name
- Make changes to your .gov.uk domain name
- How to stop using your domain name
- What to do if your domain is compromised
- The Registrant has the right to move its .gov.uk domain name from the
Registrar to any other Registrar at any time and for any reason. The Registrant
is not entitled to a refund for any remaining term of the registration.
- The Registrant accepts that if their Registrar is no longer a .gov.uk
Approved Registrar, then the Registrant must move its .gov.uk domains to a .gov.uk
Approved Registrar.
- If the Registrant has delegated lower-level subdomains out to a sub-Registrant, the Registrant:
- must tell its Registrar,
- must help the sub-Registrant meet the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK that apply to them,
- is a data controller of the personal data that the sub-Registrant has
shared with it.
- The Registrant is an independent data controller in its own right for personal contact data contained within the Registry Data. The Registry Data means any data, including but not limited to DNS resource records, public-key material for DNSSEC and personal contact data, in each case held by the Registry Operator:
- for use in its Registry Services,
- or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant,
- or for use by the Registrar in performance of its roles and
obligations to the Critical Domain Holder, Registry Operator and/or Registrant.
- The Registrant agrees that the Critical Domain Holder and its suppliers are
authorised to undertake monitoring of all .gov.uk domains and subdomains as
described on the Domain
Management team page. The purpose of monitoring is to test for the secure
configuration of domains and associated digital services and alert the relevant
service owners when problems are found.
The Registrant consents to the Critical Domain Holder and/or its suppliers processing personal data, specifically collecting DNS records and WHOIS records where they are available, to:
- provide support; protect the domain names in the public sector
- reduce the risk of attack to associated services such as email, web, and digital services
- ensure the governance and accessibility of web services
The Registrant consents to the retention of personal data by the Critical Domain Holder and/or its suppliers.
Role and responsibilities of the sub-Registrant
The parties agree to and accept the role of the sub-Registrant as set out below in respect of the protection of .gov.uk domains and subdomains.
- The sub-Registrant is an entity which has been given a lower-level domain
from a .gov.uk Registrant. The sub-Registrant is not the same organisation as
the Registrant.
- The sub-Registrant must protect its .gov.uk domain name by following the
domain registration and management rules, which are defined in the Apply for
your .gov.uk domain name guidance on GOV.UK that apply to them, found here:
- The sub-Registrant is a data controller of the personal data it shares with
the Registrant.
- The sub-Registrant agrees that the Critical Domain Holder and its suppliers
are is authorised to undertake monitoring of all .gov.uk domains and subdomains
as described on the Domain Management team page. The purpose of monitoring is to
test for the secure configuration of domains and associated digital services and
alert the relevant service owners when problems are found.
The Sub-registrant consents to the Critical Domain Holder and/or its suppliers processing personal data, specifically collecting DNS records and WHOIS records where they are available to:
- provide support; protect the domain names in the
- public sector; and to reduce the risk of attack to associated services such as email, web, and digital services
- ensure the governance and accessibility of web services
The Sub-registrant consents to the retention of personal data by the Critical Domain Holder and/or its suppliers.