European TLD ISAC releases EPP Security Best Practices Guidelines

The European TLD ISAC has published the EPP Security Best Practices Guidelines 2025, providing top-level domain (TLD) registry operators with essential best practices and security recommendations for implementing the Extensible Provisioning Protocol (EPP) securely. 

The guidelines aim to identify and mitigate vulnerabilities in EPP infrastructure, which directly impact the Domain Name System (DNS) security.

"These guidelines serve as a baseline for TLD operators to secure their EPP environments effectively", said Kristof Tuyteleers, Vice-Chair of the European TLD ISAC Working Group and CISO of DNS Belgium. "By adopting these best practices, operators can mitigate risks, safeguard critical infrastructure, and maintain trust in the domain name system."

The guidelines cover key areas such as network security, authentication, cryptography, and security monitoring. They are aligned with the NIS2 Directive ((EU) 2022/2555), which establishes technical and sector-specific cybersecurity requirements across the EU.

Classified as TLP:CLEAR, the guidelines are freely available for download on this website. They are particularly valuable for CISOs, system administrators, developers, and auditors working with TLD registries and registrars.