Go to Content

We are the flag of Portugal on the internet

.pt WHOIS Policy

Data Processing

WHOIS is a widely used consultation/response TCP - Transmission Control Protocol that provides information of registration data of domain names on the internet. ccTLD .pt has offered the WHOIS service since 2000, in strict compliance with the applicable legal provisions. Generally speaking, it is a free public directory that makes it possible to identify the data associated with the registration and technical maintenance of a domain name.

The legislative harmonisation between Member States in respect of the protection of personal data in the European Union, reflected, inter alia, in the adoption of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) applicable from 25 May 2018, will enhance the level of protection of data subjects' rights, posing major challenges to organisations in terms of its materialisation and implementation.

Achieving the right balance between safeguarding the core foundations of WHOIS, such as, by way of illustration, the principles of proportionality, transparency, quality and minimisation in the context of processing of personal data and the defence of the fundamental rights and freedoms of natural persons in respect of the processing of personal data, is, therefore, a major concern of States and organisations in general, but also, in particular, of those responsible for managing top-level domains such as .PT.

At the same time, the transposition of Directive (EU) 2022/2555 (NIS 2) into the national legal framework, through Decree-Law No. 125/2025 of 4 December, which establishes the new Cybersecurity Legal Framework (RJC), has likewise impacted the regulatory framework applicable to the provision of data through the WHOIS service.

In this regard, an interpretation of the said regime establishes, on one hand, the obligation to ensure the existence of a public directory enabling the consultation of information associated with the registration of domain names, and, on the other hand, the requirement to ensure that the disclosure of such information complies with the applicable data protection rules, including the prohibition on publishing personal data (Article 36(5) of the RJC).

Therefore, the operation of the WHOIS service must comply with the security and resilience requirements for digital infrastructures set out in the RJC, as well as the requirements established under the GDPR and other applicable legislation.

For the purposes of framing the processing of personal data in the WHOIS service, .PT acts as the data controller with respect to personal data processed for the purposes of managing, administering, and making available the domain name registration directory. Accredited entities (registrars) may participate in the collection and transmission of registration data, acting as processors on behalf of .PT in relation to operations carried out on its behalf, without prejudice to situations where they process data for their own purposes, in which case they act as independent data controllers.

This Policy arises from the need to ensure the compliance of WHOIS with the new legal framework, while simultaneously ensuring the best practices in terms of the management of TLDs – Top-Level Domains – that, supported on the principles of transparency and publicity, foster confidence in the internet among all stakeholders.

In this context, and taking into account the provisions of GDPR,  the Cybersecurity Legal Framework, and other applicable legislation, as well as the recommendations issued by organisations such as CENTR – Council of European National Top-Level Domain Registries, ICANN – Internet Corporation for Assigned Names and Numbers and RIPE – Network Coordination Center, as well as the models adopted by various reference peers, the disclosure of data within the.PT WHOIS service shall be governed by the following terms and conditions:


I. Following registration of a .pt domain name, the following data shall be disclosed in WHOIS:

Fig. 1. 

II. With regard to data collected from natural persons, their personal data shall not be disclosed, including the names of natural persons, telephone contact details, and email addresses;
III. Likewise, with regard to the data collected from legal persons, telephone contact details and email addresses shall not be disclosed; 
IV. Accredited entities authorised to provide domain name registration services (registrars) shall, in accordance with the applicable legal and contractual obligations, ensure the collection, accuracy, updating, verification, and validation of registration data, as well as its transmission to the central registration system managed by .PT;
V. An anonymised contact option shall be made available at www.pt.pt  intended for general contact or for reporting breaches or abuses. .PT shall be limited to ensuring the availability of the technical forwarding mechanism and shall not have access to the content of communications made through this system; 
VI. Only data of validly registered domain names shall be presented;
VII. Court authorities, ARBITRARE, entities to whom the law grants access to specific data relating to the registration of domain names, which submit a duly substantiated request and meet the applicable legal requirements, may request access to personal data not accessible to the public through WHOIS.


In order to ensure a holistic, systematic and clear view of the processing of personal data carried out by .PT, this policy should be interpreted in conjunction with the Privacy and Personal Data Processing Policy, as well as with the Information Quality and Security Policy and other applicable instruments.  

Search funcionality of WHOIS

Introduction
International rules applicable to the management of TLDs, as well as the principles of transparency and publicity applicable to the operation of .PT, require the latter to offer a search functionality in WHOIS that enables its user, upon writing a .pt domain name, to obtain technical and administrative information, which must be reliable and current, thereon. When a domain name is registered, the information related to such registration shall be included in a WHOIS database.

Purpose
To make available the contacts associated with the registration of a domain under .pt. The WHOIS directory makes it possible to identify data associated with the registration and technical maintenance of a .pt domain, thus contributing to the security, stability and resilience of the internet and, in parallel, supporting criminal investigations as well as the prevention and investigation of unlawful or abusive activities.

Prevention of improper use of the WHOIS service
Data supplied by the WHOIS service may be accessed through WHOIS' customer tools, command line or a web environment-based functionality. 
In order to prevent improper use of the WHOIS service, PT shall ensure the following steps:

a)searches shall be limited to a single criterion, the domain; accordingly, searches, for example, by the registrant/management body name, email or by address, shall not be possible;
b)no abusive use of the WHOIS service, based on the volume of consultations by origin (IP address) that shall be permitted;
c).PT shall maintain records of queries made to the WHOIS service for the purposes of detecting, preventing, and responding to abusive use, as well as ensuring the security and integrity of the service;
d) in the event of abusive use, access to the WHOIS service may be temporarily suspended for the originating IP address;
e)the duration of the suspension may be adjusted depending on the severity and recurrence of the abusive behavior identified;
f)consultations of domains outside the scope of .PT's powers (for instance, .com) shall be automatically excluded. In these cases, the WHOIS will reply by stating "invalid search", without making any additional search.

.pt WHOIS Policy update

This Policy may be reviewed at any time in the light of the applicable legislation, as well as of recommendations of any competent national or international entity, notably with regard to the possible creation of an accreditation system for natural persons or legal entities who/which should have privileged access to data not accessible to the public through WHOIS. Codes of conduct whose provisions may impact on the aforementioned principles may also be created and, accordingly, such principles may be subject to new adjustments. 

Last update: July 1, 2026