Terms for .gov.uk domains

These terms take precedence over any other terms in this agreement if there are any conflict.

The latest version of these terms can be found here https://www.gov.uk/guidance/additional-terms-for-govuk-agreements.

Total Web Solutions will update this agreement annually to reflect the latest version of the terms made available by the Critical Domain Holder (as defined below) from time to time.

We reserve the right to modify and amend these terms at any time without notice. It is your responsibility to remain informed of current policies. If you have any questions or concerns regarding our terms of service, please contact us via the given options available before purchase and we’ll be happy to help.

For the purposes of this agreement, the following terms shall have the meanings set out below:

• Registrar: Total Web Solutions Limited (hereinafter referred to as “Total Web Solutions “), which is responsible for managing the registration of domain names and providing related services to the Registrant.

• Registrant: The customer to whom Total Web Solutions provides domain registration services and who serves as the point of contact for all discussions, invoicing, and other matters related to the domain and services provided by Total Web Solutions.

• Registrar Operator: Nominet, which operates as the delegated registrar for .gov.uk domain registrations.

.gov.uk Domains

1. Eligibility and Application

1.1 Only UK public sector organizations are eligible to register a .gov.uk domain.
1.2 The organization must obtain approval from the Cabinet Office to apply.
1.3 Applications must be submitted to the CDDO. Upon approval, the CDDO issues a membership token, which must be provided to us, the registrar, for domain registration.

2. Responsibilities of the Registrant

2.1 Registrants must adhere to the policies and guidelines set by the Cabinet Office, CDDO, and Nominet.
2.2 The registrant is responsible for maintaining accurate and up-to-date contact information.
2.3 The domain must be used in a manner that complies with UK government standards and public sector regulations.

3. Security and Management

3.1 The registrant must ensure the security of the domain name, implementing appropriate measures to prevent unauthorized access and misuse.
3.2 Any security breaches or misuse of the domain must be promptly reported to the Cabinet Office and Nominet.
3.3 Regular renewal of the domain is required, following the procedures outlined by Nominet.

4. Transition and Compliance

4.1 As the registration authority transitions from JISC to Nominet and CDDO, all registrants must comply with the new processes and requirements.
4.2 Registrants must acknowledge and accept any updates to the terms of service as mandated by Nominet and CDDO.
4.3 Non-compliance with the updated terms of service or failure to adhere to guidelines may result in suspension or cancellation of the domain registration.

5. Fees and Payments

5.1 Registrants are responsible for paying all applicable fees associated with the registration, renewal, and management of the .gov.uk domain, as set by our pricing structure.
5.2 Fees are determined by our company and are not based on CDDO’s pricing.

6. Termination and Dispute Resolution

6.1 We reserve the right to suspend or terminate the domain registration in cases of non-compliance, misuse, or security breaches.
6.2 Any disputes arising from the registration or use of the .gov.uk domain will be handled in accordance with our dispute resolution policies and Nominet’s procedures.

7. Additional terms

Role and responsibilities of CDDO as the Critical Domain Holder

The parties agree to and accept the role of the Critical Domain Holder as set out below in respect of the protection of .gov.uk domains and subdomains.

1. The Central Digital and Data Office (CDDO), acting on behalf of the Minister for the Cabinet Office and as part of the Crown, has rights over the ‘.gov.uk’ domain and subdomains. CDDO is the .gov.uk domain Critical Domain Holder.

2. The Critical Domain Holder does not need to be party to this agreement.

3. The Critical Domain Holder has appointed the .gov.uk Registry Operator.

4. The Critical Domain Holder permits the .gov.uk Registry Operator to enter into Registry Registrar Agreements.

5. The Critical Domain Holder is the only authority that may verify the identity of the Registrant.

6. The Critical Domain Holder approves a .gov.uk domain name for use by the Registrant.

7. The Critical Domain Holder is responsible for setting and maintaining the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK.

8. The Critical Domain Holder acts as an escalation point and ultimate decision maker in the event of a dispute regarding the management or control of a .gov.uk domain name.

9. The Critical Domain Holder may, at its sole discretion, direct the Registry Operator, Registrar, Registrant or sub-Registrant to take action, including urgent action, to protect a .gov.uk domain name, at any time. Such action may include to suspend, withdraw or transfer a .gov.uk domain name:

    9.1. if the Registrant or sub-Registrant persistently or seriously violates the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK,

    9.2. if the Registrant or sub-Registrant persistently fails to respond to communications from the Registrar, Registry Operator or Critical Domain Holder,

    9.3. to resolve disputes which concern the Registrant or sub-Registrant’s registered .gov.uk domain name,

    9.4. if the continued Registration of the Registrant’s .gov.uk domain name poses an immediate critical security threat to the Registrant’s services or other public sector services,

    9.5. if the Registrar persistently fails to meet the Criteria to be a .gov.uk Approved Registrar,

    9.6. if the Registrar is no longer a .gov.uk Approved Registrar as defined by the criteria,

    9.7. if there is any event that might lead to your organisation ceasing trading, such as a voluntary winding up, a bankruptcy, or an insolvency event as defined in section 123 of the Insolvency Act 1986,

    9.8. if required by the law.

10. The Critical Domain Holder is an independent data controller in its own right for personal contact data contained within the Registry Data. The Registry Data means any data, including but not limited to DNS resource records, public-key material for DNSSEC and personal contact data, in each case held by the Registry Operator:

    10.1. for use in its Registry Services,

    10.2. or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant,

    10.3. or for use by the Registrar in performance of its roles and obligations to the Critical Domain Holder, Registry Operator and/or Registrant.

11. The Critical Domain Holder and its suppliers are authorised to undertake monitoring of all .gov.uk domains and subdomains as described on the Domain Management team page. The purpose of monitoring is to test for the secure configuration of domains and associated digital services and alert the relevant service owners when problems are found.

The monitoring undertaken by the Critical Domain Holder, and/or its suppliers, may, on some rare occasions, temporarily impair the function of the domain and associated digital services. In those circumstances, the Critical Domain Holder will work with the Registrar, Registrant, and/or Sub-Registrant to overcome the temporary impairment as soon as is reasonably practicable. The Critical Domain Holder and its suppliers are authorised to undertake monitoring of all .gov.uk domains, and subdomains, regardless as to this risk of impairment.

In undertaking monitoring, the Critical Domain Holder, and/or its suppliers, may process personal data. The processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Critical Domain Holder, and/or its suppliers as a data controller. Details associated with a domain will be retained for as long as the domain is registered and in use. If details change to another person the Critical Domain Holder, and/or its suppliers, will remove the old contact within 6 months.

Role and responsibilities of the Registry Operator

The parties agree to and accept the role of the Registry Operator as set out below in respect of the protection of .gov.uk domains and subdomains.

12. The Registry Operator means the administrative and technical operator of the policies, processes and systems required to manage and operate the .gov.uk domains and subdomains. The Registry Operator is the only operator for gov.uk domains and subdomains, as appointed by the Critical Domain Holder.

13. The Registry Operator must only accept .gov.uk domain registrations from .gov.uk Approved Registrars. The Registrar Operator must not accept .gov.uk domain registrations from any reseller or any other entity.

14. The Registry Operator must use reasonable endeavours to verify that organisations that wish to be .gov.uk Registrars meet the Criteria to be a .gov.uk Approved Registrar.

15. The Registry Operator has a Registry Registrar Agreement with all .gov.uk Approved Registrars.

16. The Registry Operator must ensure that all Registrars have Registrant Agreements in place that reference this GOV.UK page and include these terms as updated from time to time and published on the aforementioned page.

17. All normal communications that the Registry Operator has with a Registrant must be through a Registrar. The exceptions to this are:

    17.1. if a Registrar is not supporting their Registrant in accordance with the Criteria to be a .gov.uk Approved Registrar or

    17.2. if the Registrant itself is not accepting such support.

In these exceptional cases the Registry Operator may contact a Registrant directly to help the Registrant meet the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance. The  Registry Operator must always copy the relevant Registrar in on communications with a Registrant in these cases.

18. The Registry Operator must maintain a published list of .gov.uk Approved Registrars.

19. The Registry Operator operates a fair marketplace for .gov.uk Approved Registrars. If the Registry Operator itself chooses to be a .gov.uk Approved Registrar, it must not grant itself more favourable terms or treatment than other .gov.uk Approved Registrars. The Registry Operator must not favour any .gov.uk Approved Registrar over any other.

20. The Registry Operator must not unreasonably refuse to sign a Registry Registrar Agreement with a .gov.uk Approved Registrar.

21. The Registry Operator must use reasonable endeavours to help .gov.uk Approved Registrars continue to meet the Criteria to be a .gov.uk Approved Registrar.

22. The Registry Operator must notify the Critical Domain Holder before removing the status of .gov.uk Approved Registrar or terminating a Registry Registrar Agreement with a .gov.uk Approved Registrar.

23. The Registry Operator is an independent data controller in its own right for personal contact data contained within the Registry Data. As a data controller, the Registry Operator will be responsible for ensuring agreements to cover the sharing and processing of personal data with other parties, such as the Registrars, are in place. The Registry Data means any data, including but not limited to DNS resource records, public-key material for DNSSEC and personal contact data, in each case held by the Registry Operator:

    23.1. for use in its Registry Services, 

    23.2. or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant, 

    23.3. or for use by the Registrar in performance of its roles and obligations to the Critical Domain Holder, Registry Operator and/or Registrant.

Role and responsibilities of the Registrar

The parties agree to and accept the role of the Registrar as set out below in respect of the protection of .gov.uk domains and subdomains.

24. The Registrar must meet the Criteria to be a .gov.uk Approved Registrar at all times.

25. The Registrar must only provide .gov.uk domains directly to the Registrants that they have Registrant Agreements with. The Registrar must not provide .gov.uk domains via any reseller.

26. The Registrar must maintain a list of all Registrants that have delegated lower-level subdomains out to sub-Registrants.

27. The Registrar must ensure that if a Registrant transfers a domain name:

    27.1. the new Registrant is eligible to have the domain, 

    27.2. any new Registrar is a .gov.uk Approved Registrar,

    27.3. all parties follow the Transfer your domain name guidance.

28. The Registrar agrees that any persistent failures, as defined and/or determined by the Registry Operator, and confirmed at the sole discretion of the Critical Domain Holder, to meet the Criteria to be a .gov.uk Approved Registrar, will result in:

    28.1. the Registrar no longer being a .gov.uk Approved Registrar,

    28.2. the Registrar, in consultation with the Registrant, to transfer the management of its .gov.uk domain names to an alternative .gov.uk Approved Registrar,

The Registrar must at its own cost and expense, provide all such support, assistance and cooperation and execute or procure the execution of all such documents as the Critical Domain Holder or the Registry Operator may from time to time require for the purpose of giving full effect to this provision.

29. The Registrar is an independent data controller in its own right for personal contact data contained within the Registry Data. The Registry Data means any data, including but not limited to DNS resource records, public-key material for DNSSEC and personal contact data, in each case held by the Registry Operator:

    29.1. for use in its Registry Services, 

    29.2. or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant, 

    29.3. or for use by the Registrar in performance of its roles and obligations to the Critical Domain Holder, Registry Operator and/or Registrant.

Role and responsibilities of the Registrant

The parties agree to and accept the role of the Registrant as set out below in respect of the protection of .gov.uk domains and subdomains.

30. The Registrant is an entity which has registered a .gov.uk domain name in the .gov.uk Registry.

31. The Registrant must remain in legal control of their .gov.uk domain name at all times. This includes not reselling or passing control of their .gov.uk domain name to a non-public sector organisation.

32. The Registrant must get approval from The Critical Domain Holder prior to transferring their .gov.uk domain to any other organisation.

33. The Registrant must protect its .gov.uk domain name by following the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK that apply to them, found here:

• Get permission to apply for a .gov.uk domain name

• Identify a registrant for your .gov.uk domain name

• Choose your .gov.uk domain name

• Get started with your .gov.uk domain name

• Creating and managing .gov.uk subdomains.

• Keeping your domain name secure

• Renew your domain name

• Make changes to your .gov.uk domain name

• How to stop using your domain name

• What to do if your domain is compromised

34. The Registrant has the right to move its .gov.uk domain name from the Registrar to any other Registrar at any time and for any reason. The Registrant is not entitled to a refund for any remaining term of the registration.

35. The Registrant accepts that if their Registrar is no longer a .gov.uk Approved Registrar, then the Registrant must move its .gov.uk domains to a .gov.uk Approved Registrar.

36. If the Registrant has delegated lower-level subdomains out to a sub-Registrant, the Registrant:

    36.1. must tell its Registrar,

    36.2. must help the sub-Registrant meet the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK that apply to them,

    36.3. is a data controller of the personal data that the sub-Registrant has shared with it.

37. The Registrant is an independent data controller in its own right for personal contact data contained within the Registry Data. The Registry Data means any data, including but not limited to DNS resource records, public-key material for DNSSEC and personal contact data, in each case held by the Registry Operator:

    37.1. for use in its Registry Services,

    37.2. or for use by the Registry Operator in performance of its roles and obligations to the Critical Domain Holder, Registrar and/or Registrant,

    37.3. or for use by the Registrar in performance of its roles and obligations to the Critical Domain Holder, Registry Operator and/or Registrant.

38. The Registrant agrees that the Critical Domain Holder and its suppliers are authorised to undertake monitoring of all .gov.uk domains and subdomains as described on the Domain Management team page. The purpose of monitoring is to test for the secure configuration of domains and associated digital services and alert the relevant service owners when problems are found.

The Registrant consents to the Critical Domain Holder and/or its suppliers processing personal data, specifically collecting DNS records and WHOIS records where they are available, to:

• provide support; protect the domain names in the public sector
• reduce the risk of attack to associated services such as email, web, and digital services
• ensure the governance and accessibility of web services

The Registrant consents to the retention of personal data by the Critical Domain Holder and/or its suppliers.

Role and responsibilities of the sub-Registrant

The parties agree to and accept the role of the sub-Registrant as set out below in respect of the protection of .gov.uk domains and subdomains.

39. The sub-Registrant is an entity which has been given a lower-level domain from a .gov.uk Registrant. The sub-Registrant is not the same organisation as the Registrant.

40. The sub-Registrant must protect its .gov.uk domain name by following the domain registration and management rules, which are defined in the Apply for your .gov.uk domain name guidance on GOV.UK that apply to them, found here: 

• How you are accountable for protecting your .gov.uk domain

• Creating and managing .gov.uk subdomains

• Keeping your domain name secure

• How to stop using your domain name

• What to do if your domain is compromised

41. The sub-Registrant is a data controller of the personal data it shares with the Registrant.

42. The sub-Registrant agrees that the Critical Domain Holder and its suppliers are is authorised to undertake monitoring of all .gov.uk domains and subdomains as described on the Domain Management team page. The purpose of monitoring is to test for the secure configuration of domains and associated digital services and alert the relevant service owners when problems are found.

The Sub-registrant consents to the Critical Domain Holder and/or its suppliers processing personal data, specifically collecting DNS records and WHOIS records where they are available to:

• provide support; protect the domain names in the
• public sector; and to reduce the risk of attack to associated services such as email, web, and digital services
• ensure the governance and accessibility of web services

The Sub-registrant consents to the retention of personal data by the Critical Domain Holder and/or its suppliers.

8. Amendments to Terms of Service

8.1 These terms of service may be amended periodically to reflect changes in regulations, policies, or operational procedures.
8.2 Registrants will be notified of any significant changes to the terms of service and are expected to review and accept the updated terms.

For more information, please refer to the following resources:
– Nominet .gov.uk Registry
– Registry-Registrar Agreement
– CDDO Registration Information
– Nominet Policies

Last Updated: 30/08/2024