That's what I thought. Last week, two of my domains were frozen by the TLD owner without notice, and they'd take them offline altogether in 7 days if I didn't supply some paperwork to my registrar

I've had these domains for ten years, now all of a sudden this is super urgent and if I'm on holiday that'd be a real shame I guess

So I contact the registrar and a link to the relevant legislation was sufficient to send them a perfectly agreeably censored version of my identity document (removing just irrelevant information they can't use or verify anyway), but apparently all they do is forward it to [email protected] and not actually mark the domain holder as verified. So AFNIC, predictably, rejects it because GDPR doesn't exist in France

I saw no other choice but to send everything into AFNIC's email inbox / support system, which famously never get leaked and they assured me was "highly" secured when I asked to at least remove it after verification

With just 7 days' notice and half of that going to the distraction of a registrar, there's also no way to figure out what's even going on or have any sort of conversation. They hold all the cards and you jump when they say hop

I'm considering my options for any TLDs owned by AFNIC... evidently .io isn't better, but how to know who is