Attention! Temporary provisions from February 17 to March 20, 2025! For new domain registrations, transfers, and terminations, please make sure to read the information!

Home
English
HU_logo
OFFICIAL
.hu REGISTRY

News

The .HU domain registration is being renewed

On March 20, 2025, the new Domain Registration Policy will come into effect, bringing significant changes to the domain name application processes and related administrative procedures. These changes are driven by compliance with the NIS2 regulation (the EU cybersecurity directive) and the introduction of the new Domain Registration System.

» Administrative changes
» Technical and procedural changes
» Important changes regarding already registered/delegated domain names
» The migration process

The changes may also affect the process of applications submitted to Resellers/Registrars. Although paper-based registration can still be submitted, communication with the .HU Registry and domain name administration will primarily take place electronically in the future.

First, let’s take a look at the main changes in the new Domain Registration Policy:

The right to a domain name acquired through a contract

Previously, a domain name was considered a property right, but now it is viewed as a contractual right, which has monetary value. This means that it expires upon the termination of the legal entity holding the domain user rights or the death of the individual holding the domain user rights.

The scope of applicants is expanded

In the new system, not only European applicants will be able to register .hu domain names. The exact scope of eligible applicants can be found in the Domain Registration Policy.

Change regarding the administrative contact – the preferred procedure is for the domain applicant/user to also be the contact person.

During the application process, the applicant and the administrative contact are the same. Although this can be changed later, it will require additional confirmation.

The usage rights of domain names held by deceased individual domain users will be regulated

The Policy provides the heir with the option for priority application. If the heir does not apply, the actual user can request the domain, following the same procedure as for legal entities that have ceased to exist and have been lawfully deleted without a successor.

Handling of collaborators (resellers, agents, etc.)

NIS2 defines this as: A “domain name registration service provider” refers to a registrar or an agent acting on behalf of registrars, such as encrypted or authorized registration service providers or resellers. Previously, this was mentioned in the Franchise Terms and Conditions, but now it has also been included in the Domain Registration Policy, stating that the registrar is responsible for the collaborators they engage, either directly or indirectly (e.g., agents, resellers).

The deadline for submitting a winning application decision from the Alternative Dispute Resolution Forum (ADRF) has changed – note, the deadlines have been shortened!

The previous 60-day processing deadline has been reduced to 30 days. The priority granted to the winners of the dispute resolution proceedings will also be applicable after the procedure to enforce their claims.

New terms have been introduced in the Regulations, thus affecting the domain name management process:

Confirmation

Contact details, such as notification and factor data, must be confirmed before being entered into the Registry. A contact detail is considered confirmed if the data owner has proven they own and have access to the provided contact form (e.g., responding to an email sent to the provided email address, confirming that the provided phone number truly belongs to them). The confirmation can be carried out by the Registry or the Registrar.

The confirmed data will retain its confirmed status for 365 days but can be updated at any time. Without a new confirmation, the given contact detail cannot be used for domain name registration.

Authentication

In the authentication procedures, the Registry and the Registrar verify whether the current data of the actual domain user matches the domain user’s data recorded in the domain registry. Detailed information about the authentication procedures can be found in the Procedure Rules.

Domain authorization code (auth code)

The one-time use, time-limited unique character string provided by the Registry to the domain user, required for certain modifications to a domain name in the Registry.

The .hu domain authorization code is necessary for registrar change (transfer), or it can also be used for the “open” version of the transfer (open trade).

There is only one type of auth code; there is no separate auth code for registrar change or domain user modification. Therefore, it must be handled with caution, as possessing the code allows the domain user and/or Registrar to be freely modified.

Registry Lock 

A Registry’s optional security service that provides enhanced protection for the data registered with a domain name against unauthorized modifications (e.g., unwanted registrar change or transfer). The application or removal of the registry lock can be performed by the domain user without the Registrar’s involvement, after authentication on the start.domain.hu website. For authentication, in this case, uploading a digitally signed document on the start.domain.hu website is required.

If the registry lock is active on the domain, it also prevents the request for the auth code, so this should be considered before requesting the code properly.

Factor authentication

According to Section 1.2.2.1 of the Domain Registration Policy, the domain applicant is required to provide at least one factor data point during the application process (currently, a maximum of two data points can be provided: email and phone number), which must match the contact data during new registrations. Existing domain holders in the Registry may already have factor data from previous data entries. However, during migration, domain names will only be assigned a factor-based type if the domain name was previously classified as Single-Factor or Two-Factor.

Factor data can only be recorded in the Registry as confirmed data after the Domain Registration Policy comes into effect.
Factor authentication can ONLY be performed by the .hu Registry, and the process may include declarations and confirmations related to the requested modification.

During factor authentication, the system sends an email to the provided email address, which contains a limited-time link and a confirmation code. When using the link, this code is automatically inserted into the appropriate field on the opened page for convenience.

If the contact domain holder has phone number factor data and the given domain name is marked for multi-factor authentication, then, in addition to sending the email, the system will also send an SMS to the provided phone number. The code from the SMS must be entered on the page that opens via the limited-time link. If the provided phone number cannot receive SMS messages, a voice-based code announcement can be requested on the same page. The SMS code dispatch or the voice announcement request can be repeated up to five times in total.

Processes requiring such authentication after the introduction of the Domain Registration Policy include:

  • changes to the user data of a high-priority domain (factor data, name, identifier)
  • switching the domain’s factor-based protection (single-factor data/two-factor data)
  • requesting an auth code
  • directed transfer
Declaration

During the application process, the domain applicant is required to declare that:

  1. The provided data is accurate and truthful, and
  2. They accept the provisions of the Domain Registration Policy and consider them binding for the entire duration of the domain registration and maintenance, and
  3. By maintaining the domain name, they submit to the decisions of the Alternative Dispute Resolution Forum, and
  4. That they have read and understood the Privacy Notice and accept the processing of their personal data as described therein.

The declarations can be made during the application process either at the Registrar or the Registry, based on the Registrar’s decision.

If the declaration is made at the Registry, the intent must be confirmed using a verification link sent to the notification email address provided during registration, within 30 days from the date of dispatch.

Domain Protected by Document or Factor Authentication

After the transition to the new Domain Registration system, domains registered using the Application Form from previous versions of the Policy or recorded based on official documents are referred to as domains protected by document authentication. Under the new Policy, only domains protected by factor authentication can be registered. Before making certain changes to domains protected by document authentication, this protection must be switched to factor authentication.

Single-factor and two-factor domains are considered domains protected by factor authentication. During migration, previously single-factor domains will be managed through primary factor data authentication, while two-factor domains will require both primary and secondary factor data authentication.

Transition to Factor Authentication

A domain protected by document authentication can be switched to factor authentication by the domain holder. This is mandatory before making certain modifications in the domain registry, with the most critical case being the request for an auth code, which is required for Registrar transfers or domain transfers. The domain holder can request the transition from their Registrar. The Registrar may provide two options for this transition: either through a declaration by the domain holder or by verifying the domain holder’s identity.

Starting from May 6, 2025, the transition to factor authentication can also be requested during a Registrar transfer with a new Registrar.

Two Types of Transfers Under the New Domain Registration Policy (Only Available for Domains with Factor Protection)
  • Directed Transfer: Can only be initiated at the managing Registrar and requires a resignation with factor authentication.
  • Open Transfer: Performed using a domain authorization code (auth code).

Important: After a transfer, the domain will be subject to a 30-day restriction on both transfers and Registrar changes.

Registrar Transfer
  • From March 20: Transition to factor authentication is required first.
  • Authorization code is required: By default, the current Registrar requests it from the Registry, but the domain holder receives the code and provides it to the new Registrar.
  • Emergency request: The domain holder can also request the code via start.domain.hu (temporarily, the Registry will provide an alternative procedure).
  • Using the authorization code, the domain holder initiates the Registrar transfer with the new Registrar.
  • From May 6: Registrar transfer of a document-protected domain will be possible without an auth code, as the domain will be mandatorily switched to factor authentication at the new Registrar.
  • After a user change or Registrar transfer, no further user or Registrar transfer can be initiated for 30 days.
Direct communication between the Registry and the domain holder is introduced. The Registry will contact the domain holder via email:
  • At least 30 days before the domain name expires, but at least once a year (NIS2).
  • Upon the domain holder’s request, regarding the data stored in the Registry.
  • 30 days before any changes to the Policy take effect.
  • If the domain name has been revoked or placed in pre-deletion parking.
  • To conduct the confirmation process for a domain registration request and to notify about the completed registration.

The migration to the new Policy and system is expected to take 1-2 days. However, to ensure the proper management of domain names and a secure transition, certain processes and specific points of the Domain Registration Policy will be temporarily modified starting from the 31st day before the transition.

Below are the key details and dates related to the migration period during the system migration:

  • Starting 31 days before the transition, domain names placed in pre-deletion parking and listed on the Announcement List with a date of 17 February, 2025 or later will be announced for 37 days instead of the usual 30 days. After the transition, the announcement period will revert to the duration specified in the then-current Domain Registration Policy. When reviewing the Announcement List, special attention must be paid to the dates of domain names placed in pre-deletion parking to calculate the correct deletion time.
  • For new applications submitted after 17 February, 2025, it is important to ensure that the registration is successfully completed before the transition date. If the Registrar requests additional documentation, it is recommended to provide it as soon as possible to facilitate a timely approval. If the application does not reach the conditionally registered status before the transition, it will need to be resubmitted in the new system. In this case, it must comply with the requirements of the new Domain Registration Policy. Therefore, the Registrar may request the applicant to confirm their email address and phone number, or this verification may be carried out later by the Registry.
  • On 19 March, 2025 at 22:00, the Domain Registration System will temporarily become unavailable to Registrars. However, this downtime will not affect the operation of the .hu zone.
  • The new Domain Registration System (ngDRR) is planned to be launched maximum 48 hours after the start of downtime (19 March, 2025 10:00 PM) until March 21, 2025, 22:00.

We inform you that this English text is a literal translation of the original Hungarian text or article. In the event of any substantive discrepancies between this English version and the original Hungarian version, the provisions of the original Hungarian text shall prevail. The .HU Registry assumes no liability for any direct or indirect damages resulting from potential translation errors.