Information for Applicants

1. All applicants must provide complete, detailed and accurate responses to the questions contained in Sections A, B and C of the application form. The responses must be typed or written and legible. If the spaces provided are not enough, applicants are advised to provide responses on separate sheet, answering each question in a numbered paragraph corresponding to the number of the question. If there is no response available for a particular question, please indicate that fact next to the number corresponding to the question.

2. Mandatory requirements;

Must have a Limited Company registered in Kenya with Physical presence.
Up-to date documents; CR12, Certificate of Incorporation, Tax Compliance and PIN certificate.

3. The applicant will be required to get a .KE ccTLD Sub-Domain Registrar Services License from Communications Authority of Kenya after the application has been approved.

4. The KENIC Registrar Agreement is non-negotiable. All applicants should obtain independent legal advice with respect to their obligations under the Registrar Agreement before executing such agreement.

5. The accreditation fee is non-refundable.

7. All questions and inquiries about the application form, the Registrar Agreement or the accreditation process in general can be sent by email to [email protected]

DATA PROTECTION ADDENDUM

This Data Protection Addendum (the "Addendum") forms part of the agreement (the "Agreement") between Kenya Network Information Centre ("Data Controller") and ("Data Processor”) concerning the provision of domain registration services

The 2019 Data Protection Act defines.

Data Controller: An entity that determines the purpose and means of processing personal data. (Registry)
Data Processor: An entity that processes personal data on behalf of a data controller. (Registrar)
Data Subject: An identified or identifiable natural person who is the subject of personal data.

NOW, THEREFORE, in consideration of the mutual agreement contained herein and Registrar’s willingness to continue to do business with the Registry, and for other good and valuable considerations, the receipt and adequacy of which are hereby acknowledged, and intending to be legally bound, the party agrees to the following obligations.

The Registrar will act as a Data Processor with respect to the Data Protection Act and other applicable privacy laws.
The Registrar must be registered with the Office of the Data Commissioner (ODPC).
The Registrar may designate or appoint a Data Protection Officer (DPO).
The Registrar shall publish the contact details of the DPO on their website and communicate the same to the Office of the Data Protection Commissioner who shall ensure that the information is available on the official website.
Every Registrar shall comply with Data Protection Principles which are.

Integrity and confidentiality: Data should be processed in accordance with the right to privacy of the data subject.
Lawfulness, fairness, and transparency: Data should be processed lawfully, fairly, and in a transparent manner in relation to any data subject.
Data Accuracy: Data should be accurate and, where necessary, kept up to date, with every reasonable step being taken to ensure that any inaccurate personal data is erased or rectified without delay.
Data minimization: Data should be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Storage limitation: Data should be kept in a form that identifies the data subject for no longer than is necessary for which it was collected.
Purpose Limitation: Data should be collected for explicit, specified, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Accountability: Data should be collected only where a valid explanation is provided whenever information relating to family or private affairs is required.

The Registrar shall collect personal data directly from the data subjects.
The Registrar shall not process data unless.

The data subject consents to the processing for one or more specified purposes.
The processing is necessary.

The Registrar shall, prior to the processing, carry out a Data Protection Impact Assessment. This is in case where a processing operation is likely to result in high risk to the rights and freedoms of a data subject
The Registrar shall bear the burden of proof for establishing a data subjects’ consent to the processing of their personal data for a specified purpose
The Registrar shall, at the request of the data subject, restrict the processing of personal data where necessary. E.g. if the accuracy of the personal data is contested by the data subject.
The Registrar shall implement mechanisms to ensure that time limits established for the rectification, erasure or restriction of processing of personal data or for periodic review of the need for storage of personal data is observed.
Every Registrar shall implement appropriate technical and organizational measures which are designed. (Data protection by design or by default)
The Registrar shall incorporate an appropriate mechanism for the processing of personal data relating to children/minor including consent of child’s parent or guardian.
Where the Data Controller is using the services of a Registrar, the following shall happen.

The Data Controller shall opt for a Registrar who provides sufficient guarantees in respect of organizational measures for the purpose of complying with section 41.
The Data Controller and Registrar shall enter into a written contract which shall provide that the Registrar shall act only on instructions received from the Data Controller and shall be bound by the obligations of the Data Controller.

The Registrar must provide individuals with information including the purpose for processing their personal data, scope of personal data being processed, retention period for that data and who it will be shared with.
The Registrar shall rectify personal data, which is untrue, inaccurate, outdated, incomplete or misleading following requests by a data subject within forty-five (45) days upon receiving a request from the data subject to do so.
The Registrar shall process requests for erasure of personal data following a request by data subject
The Registrar shall process data portability requests from the data subject.
The Registrar shall process requests by authorized persons seeking to exercise rights on behalf of data subjects.
The Registrar shall inform the Data Controller of any breaches within 48hrs to ensure speedy notification to the Data Commissioner.
The Data Controller shall notify the data commissioner within 72hrs of any breach where there is risk of harm to a data subject.
The Data Controller and Processor will duly notify data subjects within a reasonable period of the existence of personal data breach, unless the identity of the data subject cannot be established of data breach.
The Registrar will pay compensation for damage fees arising from contravention to the Act.

Penalties according to 2019 Data Protection Act

Unlawful disclosure of personal data in a manner that is incompatible with the purpose for which data has been collected is offensive.
A Registrar who knowingly supplies any false or misleading details commits an offense.
Offering to sell data where such personal data has been obtained contrary to section 58(1), 58(3) is an offense.
Failure to renew the registration certificate or continue processing data after expiry of the certificate commits an offense. Renewal is done after every two (2) years.
Failure to register as a Registrar is an offense.
A Registrar who fails to comply with the Data Protection Act commits an offense and shall on conviction be liable to a fine not exceeding Five million (5M) shillings or to an imprisonment term not exceeding two years (2) or both.

Up to 1% turnover of preceding financial year.

Where a person suffers damage due to contravention of Act, they are entitled to compensation from Data Controller or Data Processor. E.g. Financial loss.

In WITNESS WHEREOF, this Data Protection Addendum has been duly executed and delivered as of the effective date set forth below.

I agree to the data protection appendium

Enter Value in space allocated, (* is mandatory)

SECTION A: GENERAL INFORMATION

1. Enter Applicant Information

Name of applicant:

Company Name:

Company Pin Number: PIN should be between 4 and 10 characters, and can contain capital letters and numbers.

Address of Applicant:

Company Registration Number:

Telephone Number:

Email Address: Invalid email

Website URL (.KE): Invalid website URL

2. Enter Contact Person Information

Contact Person:

Contact person's Telephone Number: Telephone number should be between 7 and 15 digits and can include +, -, (), and spaces.

Email address of contact person: Invalid email

SECTION B: BUSINESS INFORMATION

The information requested in this section is required by KENIC in accordance with its responsibility to protect and promote the:

Stability and integrity of the Kenyan DNS
Efficient and effective operation of the domain name registration system; and
Rights and interests of consumers (registrants).

Please provide the most complete answers possible to the following questions, explaining all capabilities in detail, and attaching, labelling and referencing all necessary supporting documents to the Application Form.

KENIC will evaluate your answers based on accepted industry practice and experience. If you require assistance in answering the questions, please send an email to [email protected]

i. Do you have any previous experience in domain name registration? Please describe your current reseller operations including:

number of domains currently under your management (.ke and other)
average number of monthly registrations (.ke and other)
other related services that you provide (e.g. web hosting)

ii. What management, communication and information processing systems do you have to handle your projected volume of registrations per month? Include the systems link/url.

iii. What systems and procedures do you have to handle policy compliance checks for registrations? Provide detailed information

iv. What systems and procedures do you have to handle all customer enquiries and support services, including customer requests for changes in registration data? Include the system link, email address & phone numbers that customers will be reaching you through

v. What systems and procedures do you have to handle customer billing? Include system link

vi. What systems and procedures do you have to handle customer complaints? Include email(s) & phone number(s)

vii. Do you have (or propose to have) any arrangements with domain name resellers? If so, describe

viii. What is your capability for providing information systems security procedures to prevent systems hacks, break-ins, data tampering and other disruptions to your business? Provide detailed information.

SECTION C: DOMAIN ADMINISTRATION.

NS 1:

NS 2:

Admin Contact:

Admin Email: Invalid email

Billing Contact:

Billing E-mail: Invalid email

Tech Contact:

Tech Email: Invalid email

SECTION D: BUSINESS DEVELOPMENT INFORMATION

i. What is your target market?

ii. Which Third Level Domains will you be selling? List all

iii. Do you intend to sell Second Level Domains? If yes, what strategies do you intend to use?

iv. Are you currently a Registrar for other domains? If yes, kindly list the domains

v. What volume of .KE registrations do you reasonably project to do per month? KeNIC Registrars are required to register a minimum of 100 domains each calendar year. Failure to meet this target will/ may lead to termination of Accreditation status.

vi. What strategies will you use to promote the uptake of .KE domains?

viii. Where will you operate your business from? Include Location, building and address

SECTION F: DECLARATION

I, the undersigned, declare that:

Warrant that all the information contained in this application form, and all supporting documents included with this application form, are true and accurate to the best of your knowledge;
Warrant that you have read and understood KENIC’s Registrar Agreement, and Published Policies of KENIC;
Give KENIC permission to perform a background search on you or your company;
Give KENIC permission to contact third parties, investigate, request and obtain additional information and documentation, and otherwise verify the information contained in this application;
Waive liability on the part of KENIC for its actions in verifying the information provided in this application, and on the part of any third parties who provide truthful, material, relevant information about you as requested in this application form.

Full Legal Name of Applicant:

Representative Signature:

Name Title:

Contact Person:

Date Signature:

Terms and conditions

Registrar Accreditation Agreement

1. INTRODUCTION

1.1. This Agreement governs the accreditation by the Registry of the Registrar to provide registrar services, the provision of these services by the registrar to registrants, the relationship between the Registrar and the Registry, and related matters.

1.2. KeNIC is a non-profit organization, body charged with the management and administration of the .KE ccTLD.

1.3. KeNIC is committed to exercising its responsibilities to the Registrars and the Internet community in Kenya in an open and transparent manner, and to apply standards and policies in a way, which are not arbitrary, unjust or inequitable.

1.4. Through this Agreement the Registrar undertakes to act as a registrar for the following .KE domain zones;

.ke

.co.ke

.or.ke

.ne.ke

.ac.ke

.sc.ke

.go.ke

.me.ke

.mobi.ke

.info.ke

1.5 Both parties agree to be bound by this Agreement and all other policies for the administration of the .KE ccTLD.

2. DEFINITIONS

In this Agreement the words and expressions contained below will bear the meanings assigned to them;

2.1 “Accreditation” refers to a written confirmation from the Registry certifying that the Registrar has met all the set criteria applicable for the provision of Registrar Services.

2.2 “Agreement” refers to this document together with all appendices, annexures, and schedules, all as amended from time-to- time.

2.3 “ccTLD” refers to Country Code top- level Domain.

2.4 “Commencement date” refers to the date this Agreement comes to effect and as more particularly described in Clause 3 of this Agreement.

2.5 “Domain Name” refers to the identity of a person / entity in the registry and internet space.

2.6 “Licensing Fee” refers to the amount paid to the Licensee Communications Authority of Kenya.

2.7 “Membership Fee” refers to the amount paid to the Registry by the Registrar after a successful Accreditation.

2.8 “Namespace” refers to TLD.

2.9 “Registrant” refers to a person or an entity that has been listed in the Registry as the Authoritative Owner of a Registered domain name.

2.10 “Registrant data” refers to information submitted by the Registrar to the Registry.

2.11 “Registrar” refers to a person or entity that contracts with the Registry and has been accredited to register domain names.

2.12 “Registration” refers to the Registrants right to use a Domain Name for a specified period of time, as indicated in the WHOIS.

2.13 “Registration fee” refers to the fee for the initial successful registration of a domain name.

2.14 “Renewal fee” refers to the fee for successfully renewing a domain name.

2.15 “Registrar services” refers to provision of the services by Accredited Registrars as set out in this Agreement.

2.16 “Reseller” refers to a person who acts on behalf or appointed by the Registrar to promote, market or provide some or all Registrar services for its own account for the .KE Namespace.

2.17 “Registry database” refers to a database containing the Registry data.

2.18 “Registry services” refers to the services provided by the Registry in relation to a domain namespace.

2.19 “Registry website” refers to the website published at the URL https://kenic.or.ke or such other URL that the Registry may publish.

2.20 “Transfer” refers to the process of moving a domain from one registrar to another.

2.21 “Transaction fee” refers to Registration fee and Renewal fee charged to the requesting accredited registrar on success of the respective domain transaction.

2.22 “WHOIS” means the electronic look-up database operated by the Registry providing information on Domain Names.

3. TERM AND TERMINATION

Commencement: This agreement becomes valid and effective on the earliest of the dates on which the Registrar;

3.1.1 Accepted the terms of this Agreement by signing it.

3.1.2 Applied to the Registry for Accreditation of the .KE Namespace administered by the Registry.

3.1.3 Commits to provide Registrar Services in respect to the .KE Namespace administered by the Registry.

Duration: This agreement will continue until it is terminated by either party as indicated in the termination clause 7. This can be done by either;

3.2.2 the Registrar or

3.2.3 the Registry.

4. REGISTRAR ACCREDITATION

4.1 Requirements for Accreditation

4.1.1 The Registrar must be accredited in order to provide the Registrar services in respect to the .KE Namespace. The requirements are outlined in the Registrars application form on the Registry's website.

4.2 Accreditation process

4.2.1 The Registrar must apply for Accreditation as set out in the published Registrars application forms. The application must be submitted to the Registry with the attached mandatory documents and all information filled in the form.

4.2.2 The Accreditation process takes 7-14 working days.

4.3 Notice of Accreditation

4.3.1 Upon successful accreditation, the Registry will notify the Registrar via email and will later publish their name on the registry's website once they have been licensed.

4.3.2 During this period the Registrar will not have access to the Registry system until they are licensed.

4.4 Registrar Service

Upon being accredited the Registrar is entitled to provide .KE services. These services include Domain registrations, renewals and transfer.

4.5 Non- Exclusivity

The Registrar acknowledges and agrees that there is no limit upon the Registry as to the number of registrars which the Registry may accredit.

4.6 Disclosure Requirement

The Registrar must promptly notify the Registry if the Registrar becomes aware;

4.6.1 That it does not meet any of the Accreditation criteria.

4.6.2 Of any circumstances or fact that affects its ability to continue to meet the Accreditation criteria; or

4.6.3 Any changes to its personal details that will changes its Accreditation credentials.

4.7 Change of Accreditation credentials

If any change occurs to the Registrar's personal or company details which require change in the Registry System, the Registrar must notify the Registry for such changes to be made supported by the required updated documentation; Certificate of Incorporation/ Certificate of Change of Name, CR12, PIN Certificate & Tax Compliance.

4.8 Suspension of Accreditation

4.8.1 The Registry may suspend the Registrars Accreditation if, at the Registry's sole discretion, such an action is necessary to secure the integrity and stability of .KE.

4.8.2 The Registry will give an advance notice of 48 hours of the suspension to the Registrar.

4.8.3 The Registry will also notify the Registrar of the reason (s) for suspension and inform them of the process they must follow in addressing the issue (s) that led to the suspension.

4.8.4 The suspension will restrict the Registrar from having access to the Registry system and registry services until they remedy the circumstances which led to the suspension.

4.9 Termination of Accreditation

4.9.1 The Registrar's Accreditation for the .KE namespace is automatically terminated when this Agreement terminates.

4.9.2 The Registry may terminate the Registrar's Accreditation in respect to the set-out policies if the Registrar no longer meets the Accreditation criteria.

4.9.3 Before terminating the Registrar’s Accreditation, the Registry must give the Registrar 14 days’ written notice of its reason for doing so, as well as the steps to be taken by the Registrar to avoid termination.

4.9.4 If the Registrar does not submit the Registry’s requirements within the period stipulated in the notice, the Registry shall terminate the Accreditation.

4.9.5 The Registry may terminate Registrars Accreditation if the Registrar does not meet the annual domain registration target. KeNIC will give a written notice to the Registrar of its intent not to renew Registrars Accreditation at least 90days prior to Registrars membership renewal date.

4.9.6 In the event that the Registrar consistently fails to provide satisfactory customer service, as determined by the Registry, KeNIC reserves the right to terminate the Registrar's accreditation.

4.10 Terms of Termination of Accreditation.

In the event a Registrar’s Accreditation is terminated;

4.10.1 The Registrar will no longer provide Registrar Services in respect of the .KE namespace.

4.10.2 The Registrar's License will be revoked.

4.10.3 The Registry will inform the Registrar's registrants of the termination and advise them to transfer their domains to any other licensed .KE Registrar of their choice.

5. USE OF KENIC'S NAME, LOGO & WEBSITE

The Registry grants to the Registrar a non-exclusive free license during the term of this agreement to;

5.1.1 State that it is accredited by the Registry as a registrar for the .KE ccTLD.

5.1.2 Link pages and documents within the Registry's website, provided they are not framed by any other materials.

5.1.3 Use the logo specified by the Registry to indicate that the Registrar is accredited by the Registry as a registrar for the .KE ccTLD.

5.2 Other use not permitted

5.2.1 Other than in accordance with this clause 5, the Registrar is not permitted to use the Registry’s name or logo or trade mark in any manner whatsoever.

5.2.2 The above conditions are personal to the Registrar and must not be transferred, assigned or sub-licensed to any other person.

6. REGISTRAR OBLIGATIONS

The Registrar must perform the Registrars services in accordance with this Agreement.

6.1 Compliance with the Registry’s Policies

The Registrar must comply with all the Registry’s policies applicable, as if they were incorporated into, and form a part of this Agreement.

6.2 WHOIS Information

6.2.1 The Registrar must always ensure that the Registrant’s information submitted to the Registry is up to date and accurate.

6.2.2 The Registry may rectify any information in the WHOIS database upon request by the Registrant or Registrar.

6.2.3 The Registry can suspend / delete any domain that does not comply with the WHOIS Policy.

6.2.4 The Registrar must not use the information obtained from the Registry WHOIS service to solicit business from a Registrant.

6.2.5 For more information on WHOIS please download the .KE WHOIS policy on the website.

6.3 Reseller

The Registrar is not prohibited from dealing with their Registrants indirectly i.e. through resellers.

The following conditions must apply;

6.3.1 Registrar many not transfer, sub-contract or delegate any of their rights or obligations under this Agreement.

6.3.2 On request the Registrar will confirm to the Registry whether a person or organization is their reseller and furnish the Registry with full contact details from/about them.

6.3.3 The Registrar will be responsible for their registrant and the information and service they are given about .KE.

6.3.4 Registrar will be responsible for ensuring that the WHOIS information submitted by their resellers during domain registration is up to date and accurate.

6.3.5 The Registrar must oblige the reseller to comply with the published policies and code of practice applicable.

6.4 Domain Transfers between Registrars.

The Registrar must ensure that its Registrants can easily transfer registered domain names to another registrar. During the transfer the parties must acknowledge;

6.4.1 The conditions pursuant to which the Registrar does not have to transfer a domain.

6.4.2 The conditions pursuant to which the Registrar must transfer.

6.4.3 When fees are not chargeable by the Registrar.

7. PRIVACY AND PERSONAL INFORMATION

7.1 Compliance with Personal Information Laws and Policies. The Registrar must comply with;

7.1.1 Applicable data protection and privacy legislation laws.

7.1.2 The Registry's data protection and privacy policy.

7.2 Processing of Personal Information

7.2.1 The Registry will describe in the policy the purpose for which any personal information that is submitted to the Registry by the Registrar collected or used as well as the intended recipients of such information.

7.2.2 The Registrar must inform the registrant of the purposes for which personal information is collected so as to obtain consent.

7.2.3 The Registry and Registrar must both take appropriate and reasonable measures as required by the applicable laws to protect the personal information from loss, misuse and unauthorized disclosure, alteration or destruction.

7.2.4 The Registry and Registrar will not use or authorize the use of personal information in a way that is incompatible with the purpose set out or which is contrary to this Agreement or applicable law.

8. FEES

8.1 Membership

8.1.1 The Registrar shall pay the Registry an annual membership fee as published in the system.

8.1.2 Payment of the annual fee will be due anytime upon the expiry of the membership.

8.2 Licensing

8.2.1 The Registrar MUST be licensed after Accreditation. The licensing is done by Communications Authority of Kenya (CAK) at a fee.

8.2.2 The License is renewable every year at no extra cost.

8.3 Transaction Fees

8.3.1 This is fee applicable during registration and renewal of domain names.

8.3.2 Transaction fee will be deducted from the Registrars’ account on a declining–balance basis.

8.3.3 The Registrar must have a minimum registration and renewal fee in their accounts as published in the Registry or KeNIC website.

8.4 Other Fees

8.4.1 The Registry may give discounts, which shall be communicated to the Registrar prior to the start date or month.

8.4.2 The Registry can determine the domain’s recommended retail price

9. TERMINATION OF AGREEMENT

9.1 The Registrar may terminate this Agreement at any time, provided that they give the Registry a thirty (30) days’ written prior notice.

9.2 This agreement may be terminated by the Registry under the following circumstances if a Registrar;

9.2.1 Is declared insolvent.

9.2.2 Is convicted by court of law of a felony or other serious offense related to financial activities, or is judged to have committed fraud.

9.2.3 Has repeatedly or in a particularly material manner breached its obligations arising from this Agreement.

9.2.4 No longer fulfills their services to the Registrant as per the service level agreement entered between the Registrar and Registrant.

9.2.5 Has breached the principles of protecting the Registrant's personal data.

NB: The fees paid by the Registrar to the Registry is not refundable, regardless of the time of such termination.

10. OBLIGATIONS TO THE REGISTRY

The Registry, with respect to all matters that impact the rights, obligations or role of the Registrar must during the term;

10.1 Exercise its responsibilities in good faith in an open and transparent manner.

10.2 Not unreasonably restrain competition and, to the extent possible, promote and encourage robust competition.

10.3 Not apply standards, policies, procedures or practices arbitrarily, unjustifiably or inequitably.

10.4 Ensure that the Registry Service Provider is bound by and performs in accordance with the set criteria.

10.5 Not single out the Registrar for contrasting treatment unless justified by reasonable cause.

10.6 The Registry at its sole discretion may reject or restrict certain domain name applications/ registration.

10.7 The Registry will conduct annual reviews to evaluate Registrars performance and discuss strategies to maintain the account.

10.8 The Registry reserves the rights to contact Registrants with regards to domain renewal and WHOIS.

11. DISPUTE RESOLUTION

11.1 In the event any substantive dispute arises out of or in connection with this Agreement, or related thereto, whether directly or indirectly, the Parties must refer to the published Alternative Dispute Resolution Policy on the Registry website.

I agree to the terms and conditions