Phishing, fraud, malware, and brand impersonation do not scale because attackers are especially clever - they scale because the internet makes it cheap and anonymous to stand up new infrastructure. At the centre of that problem sits domain registration. If domains can be registered globally with minimal identity verification, cybercrime will continue to industrialize faster than defenders can respond. This article examines why anonymous registration has become one of the internet’s most powerful abuse enablers - and what would change if registrars worldwide treated identity verification as a security control, not a formality.

Public sector IT leaders, legal officers, and enterprise decision-makers often face a critical question: does it matter where your domain name registrar is based? In an era of strict data protection laws and rising digital sovereignty concerns, the answer is a resounding yes. Choosing a domain registrar located in the European Union (EU) versus one outside (for example, a US-based provider) can have far-reaching implications for legal compliance, data security, and public trust. This article delves into why EU public entities and enterprises should opt for an EU-based registrar - highlighting the legal risks of foreign jurisdictions and the tangible benefits of keeping your domains under EU oversight.

On 15 January 2026, Sweden's new Cyber Security Act (SFS 2025:1506) will come into force. The Act aims to achieve a high level of cyber security in society and implements the EU's NIS 2 Directive into Swedish law. This means that many organisations will face stricter requirements to improve their protection against cyber threats. The government has emphasised that municipalities and other organisations also need to ‘step up their game’ in their cybersecurity work – the new law will tighten the requirements for these actors. In this article, I summarise the purpose of the law, which public sector organisations are affected, the key obligations (particularly regarding security measures, incident reporting and training) and provide practical guidance ahead of its entry into force.