Nordic Domain Days 2025 – Day 3: Security, Standards, and Forward Thinking

The final day of Nordic Domain Days 2025 at Clarion Stockholm maintained the high energy and insight-driven focus of the entire conference, with a deep dive into policy, security, and technical innovation. Attendees were welcomed with coffee and conversations, ready to tackle a packed program centered on DNS abuse, NIS2, and future-focused tech.

Policy & Online Harms

The morning kicked off with Lars Steffen from ECO introducing the fourth major content segment, honing in on the pressing policy issues affecting the domain name system today.

Michael Duffy of Excedo Networks opened the stage with a comprehensive session on navigating the complexities of domain abuse and compliance in the face of fast-evolving regulations like NIS2 and DORA. He emphasized the importance of cross-industry collaboration to build a safer and more resilient DNS.

Next, Dennis Dayman from M3AAWG provided a rare inside look into how the group is actively engaging with registrars, hosting providers, and infrastructure stakeholders to develop anti-abuse best practices. He highlighted shifts in approach since the pandemic, with a new urgency around real-time response and shared responsibility.

Keith Drazek of Verisign followed, offering an update on enhanced collaboration efforts within the industry. Building on discussions from NDD 2024, he outlined progress in cross-operator initiatives aimed at tackling online harms more effectively.

DNS Abuse and NIS2 in Practice

Following the morning fika break – another moment to connect and reset – the program resumed with focused, expert-driven sessions on NIS2.

Prudence Malinki (MarkMonitor) gave a practical update on the state of play of NIS2 across Europe, spotlighting variations in national implementation and how that affects domain management on the ground.

Thomas Rickert (ECO, topDNS) then explored how registries and registrars can standardize agreements under NIS2, aiming for consistent and efficient compliance. His presentation included a look at shared protocols, reporting expectations, and scalable security measures.

Filippa Murath (Internetstiftelsen) offered a ccTLD-centric perspective on implementing NIS2 with a focus on data verification and Article 28. She discussed the Swedish approach and provided useful insights for other TLD operators.

Rounding out the policy block, Hilde Thunem (Norid) added a Norwegian ccTLD lens to the same topic, emphasizing how registries can protect privacy while still complying with access and verification mandates.

Lunch & TECH

After a lunch sponsored by EURid and .EU, the event transitioned into its final segment – TECH, a tradition at Nordic Domain Days.

Pim Pastoors (SIDN) kicked things off by walking through the complexities of migrating a massive TLD like .nl, with over 6 million domains and 1000+ registrars. His case study underscored the importance of stakeholder communication, careful testing, and scalable infrastructure.

Ivan Hadzhiev (DMARC Advisor) introduced DMARC 2.0, explaining major changes in domain-based message authentication and how new specifications will alter DNS lookups and reporting logic.

Ralf Weber (Akamai) took a broader view, presenting the DELEG initiative-a bold attempt by the IETF to modernize DNS delegation and resolution for a faster, more secure, and more flexible internet infrastructure.

Final Fika & Technical Deep Dive

The afternoon fika, once again sponsored by Realtime Register, gave everyone a moment to reflect and discuss – and was followed by a strong technical close to the day:

• Gavin Brown (ICANN) unveiled the Restful Provisioning Protocol (RPP), a modern successor to EPP, poised to bring domain provisioning into the API-first era.
• Jonathan Magnusson (Karlstad University) presented findings from the SweDNS project, evaluating privacy and security practices of DNS resolvers in Sweden.
• Finally, Ulrika Vincent and Leon Fernandez from Agical introduced DNS TAPIR, an open-source analytics framework enabling large-scale, privacy-conscious DNS threat analysis.

DNS Abuse Workshop

Running in parallel with the main sessions was the DNS Abuse Workshop, hosted by ECO, topDNS, and iQ. This hands-on track expanded discussions from NDD 2024, focusing on actionable frameworks to combat DNS misuse through cooperative policy, legal, and technical initiatives. With strong attendance and engaged participation, the workshop demonstrated the community’s commitment to driving real change in this critical area.

After Work and Farewell Dinner

As the sessions concluded, attendees gathered once more at the Living Room Bar for one final After Work networking session, this time sponsored by Open-Xchange. Conversations flowed freely as old connections were rekindled and new ones formed – a testament to the collaborative spirit of the event.

To cap off the experience, Internetstiftelsen hosted a farewell dinner for those staying overnight. The dinner offered a warm and reflective close to three exceptional days of insight, innovation, and industry camaraderie.

Until Next Time

With a powerful mix of policy, technology, and community, Lars Steffen (LG) and the dedicated team behind Nordic Domain Days have once again demonstrated why it stands as a flagship event in the domain industry. From in-depth discussions on NIS2 and DNS abuse to forward-looking protocols and memorable networking opportunities, this year’s edition leaves the community more informed, better connected, and energized for what’s ahead.

As I sit at the airport waiting for my flight home, I can’t help but reflect on the last few days. Nordic Domain Days has become one of those conferences I genuinely look forward to each year. The unique mix of deep-dive learning, brilliant people, openness, and strong community spirit reminds me of the early days of APS Connect or WHD.local—where the industry felt tight-knit, driven, and full of energy.

This year was no different. I’m heading home with new connections, insightful conversations, and a renewed sense of how much our industry continues to evolve. It’s clear we’re far from being a “dinosaur business”—we’re adapting, growing, and shaping the future of the internet together.

And yes—I’m also heading home with a fresh tattoo from the booth yesterday, a lasting reminder of what an unforgettable experience this has been. A huge thank you to everyone involved for making it such a standout event. I’ll be catching up on some well-deserved rest now… but already looking forward to the 2026 edition.