Gov.scot domains

Criteria for .gov.scot domain name approval for new applications and terms and conditions of use of .gov.scot domain names.


All gov.scot domain applications should be made by an approved registrar using the gov.scot domain registration form on the Jisc website along with the guidance on domain registration.

Introduction

1. Approval of individual gov.scot domains rests on two broad principles:

  • the relationship of the domain name to the respective public organisation or service is readily understood by members of the public and service users
  • introduction of the domain, and any dependent subdomains, will contribute to a simplification of the Scottish public sector domain estate

Note: For the purposes of this document the terms 'name', 'domain', 'domain name' and 'third-level domain' can be considered equivalent. The term 'domain' and its equivalents are understood to apply equally to both web and email services.

Domain structure and management

2. The global system of internet domain names makes internet services more accessible for ordinary users. A 'dotScot' top-level domain (TLD) has been created for organisations and individuals wishing to publish material endowed with a Scottish identity.

Within this TLD a second-level domain (SLD), gov.scot, has been reserved for use by the public sector. This SLD is managed by The Scottish Government gov.scot Namings Committee.

Roles and responsibilities

Namings Committee

3. Public sector organisations in Scotland are entitled to request registration of third-level domains on gov.scot. The gov.scot Namings Committee (NC) assesses domain name requests against the criteria set out in this document and is responsible for:

  • approving or rejecting name requests
  • approving or rejecting requests for change of ownership of domain names
  • appeals against the above decisions
  • governance of the gov.scot SLD as set out in the conditions below

Jisc Services Ltd

Jisc Services Ltd (JSL) - formerly JANET, the Joint Academic Network - administers the gov.scot SLD on behalf of the Scottish Government, providing third-level domain name request, modification, approval, appeal, registration and deletion systems.

Scottish Ministers acting through the Scottish Government and The Government Digital Service, Department for Science, Innovation and Technology, His Majesty’s Government of the United Kingdom of Great Britain

The Scottish Ministers acting through the Scottish Government and the Government Digital Service, Department for Science, Innovation and Technology, His Majesty’s Government of the United Kingdom of Great Britain (the “Protecting Public Sector Domains Team” or “DSIT”) on behalf of the Critical Domain Holder monitor all .gov.scot domains for vulnerabilities by utilising established government monitoring services in a safe and responsible manner making sure any risk of disrupting the normal operation of systems is minimised. The purpose of monitoring is to identify issues and look for vulnerabilities in the configuration of domains and associated digital services and to alert the relevant service owners when problems are found. The monitoring undertaken by the Critical Domain Holder, and/or its suppliers, may, on some rare occasions, temporarily impair the function of the domain and associated digital services. In those circumstances the Critical Domain Holder will work with the Registrar, Registrant, and/or Sub-Registrant to overcome the temporary impairment as soon as is reasonably practicable. If you are duly authorised by a Registrant and, acting on behalf of a Registrant, would like to know more about this domain monitoring please email domains@gov.scot.

When carrying out monitoring of all .gov.scot domains for vulnerabilities, the Scottish Ministers acting through the Scottish Government and/or DSIT may process personal data in which case it and DSIT will each be a separate Data Controller of all such personal data and Jisc and any other supplier of registry and/or monitoring services will be Data Processors. The processing of personal data is necessary for the performance of a task carried out in the public interest and is processing  the exercise of official authority vested in the Critical Domain Holder, and/or DSIT as data controllers and their respective suppliers. The legal basis for processing this data is the legitimate interests of the controller and the performance of a task carried out in the public interest, that is, the support and protection of domain names in the public sector and to reduce the risk of attack to associated services such as email, web, and digital services, and to ensure the correct configuration of the Domain and the accessibility of web services. Any such personal data processing is out of scope of the UK General Data Protection Regulation (“UK  GDPR”) under Article 2 (d) of the UK GDPR as the processing is for the purposes of safeguarding against and the prevention of threats to public security. The personal data protection policies of the Scottish Government published online at: https://www.gov.scot/privacy will apply to all such processing that is not out of scope under Article 2 (d) of the UK GDPR. Details associated with a domain will be retained for as long as the domain is registered and in use and for a period of [six] months thereafter. If details change to another person the Critical Domain Holder, and/or its suppliers, will remove the old contact within six months.

Role and responsibilities of the Registrant

The Registrant, by applying for a .gov.scot domain, agrees that the Critical Domain Holder and its suppliers are authorised to undertake monitoring of all .gov.scot domains and subdomains. The purpose of monitoring is to identify issues and vulnerabilities in the secure configuration of domains and associated digital services and to alert the relevant service owners when problems are found. The Registrant acknowledges and agrees to the Critical Domain Holder, DSIT and/or their respective suppliers processing personal data, specifically collecting DNS records and WHOIS records where they are available, in order to: provide support; protect the domain names in the public sector; reduce the risk of attack to associated services (such as email, web, and digital services), and to ensure the governance and accessibility of web services. The Registrant acknowledges and consents to the retention of personal data by the Critical Domain Holder and/or its suppliers.

Role and responsibilities of the sub-Registrant

The sub-Registrant by applying for a .gov.scot domain, agrees that the Critical Domain Holder, DSIT  and their respective suppliers are authorised to undertake monitoring of all .gov.scot domains and subdomains. The purpose of monitoring is to identify issues and vulnerabilities in the secure configuration of domains and associated digital secure configuration of domains and associated digital services and to alert the relevant service owners when problems are found. The Sub-registrant acknowledges and agrees  to the Critical Domain Holder, DSIT and/or their respective suppliers processing personal data, specifically collecting DNS records and WHOIS records where they are available, in order to: provide support; protect the domain names in the public sector; reduce the risk of attack to associated services (such as email, web, and digital services), and to ensure the governance and accessibility of web services. The Sub-registrant acknowledges and consents to the retention of personal data by the Critical Domain Holder and/or its suppliers.

Eligibility for a domain

4. Registration/ownership is limited to:

  • Scottish Government agencies and non-ministerial departments
  • executive agencies
  • non-departmental public bodies (NDPBs) and national bodies
  • Scottish local authorities
  • Scottish Government commissions, enquiries and tribunals
  • Current holders of a gov.uk domain, providing that the domain meets gov.scot naming principles and conventions

Those not eligible for a gov.scot domain include:

  • individuals (including elected representatives)
  • sole proprietors/traders and partnerships
  • community interest companies and social enterprises
  • companies and organisations registered by Companies House. i.e. private companies (limited by shares or guarantee), private unlimited companies and public limited companies
  • standalone 'arm's length organisations' where staff are not public servants (e.g. employees of a private or public company)
  • charitable, voluntary and privately owned organisations that are not also Scottish Government agencies, NDPBs or Scottish local authorities
  • public, privately owned or charitable organisations undertaking work or programmes within, or targeting, the public sector that are not also Scottish Government agencies, NDPBs or Scottish local authorities
  • associations representing public sector staff
  • public sector pension funds
  • internet management and network related companies, including Internet Service Providers (ISPs) and hosting companies
  • international organisations

Conditions of use for a third-level domain

5. Web and email services using a gov.scot domain name must comply with current Scottish and UK legislation and support channels that provide accessibility for disabled people, members of ethnic minorities and those at risk of social/digital exclusion. Legislation includes Copyright, Data Protection Act, Disability Discrimination Act.

gov.scot web domains can be acquired to support both organisational and core service web presences. The primary web domain is that which leads directly to the homepage of an organisation. In exceptional cases secondary web domains may be approved to support core, yet distinct, services.

Continuing approval of a domain name is conditional on it being used specifically and exclusively for the organisation on whose behalf it is registered. Additionally, the domain must not resolve or redirect to the homepage of a hosting service, any other agent or any page on a non-public sector domain. Abuse of these requirements may result in withdrawal of name approval.

Acquisition of corresponding non-government domains (.co.uk, .org.uk, .org etc.) must only be for defensive purposes. If used, they must be permanently redirected to the gov.scot web domain.

Approval of a domain is subject to the status of an organisation. If the status changes, the organisation must inform JSL in case of impact on eligibility. In the event an organisation becomes ineligible they will be required to agree a timescale for deletion of the domain.

An organisation (the 'registrant') does not own an approved domain name outright; periodical renewals must be undertaken to retain the right of use. The right of use, however, is exclusive.

A registration fee is payable every two years for each domain name, paid to JSL by an organisation's domain registrar. The scale of the fee is published on the JSL website.

By applying for a .gov.scot domain You commit to authorising the CDDO Domain Management Team or the Registry Operator to monitor the .gov.scot domain names you manage and the .gov.scot domains namespace generally. You accept that this monitoring may temporarily impair the operational function of the domain.

Replacing a domain

6. Where a gov.uk domain is superseded by moving to a .gov.scot the old gov.uk name may remain but all associated services including web and email must be set up to automatically redirect to the new domain. All automatic redirections should be completed within 36 months.

JSL will maintain the Domain Name System (DNS) record for the gov.uk domain should its retention be justified by persistent traffic flows or branding considerations.

Naming principles and conventions

7. Domain names must reflect the legal name, registered trading name of an organisation or primary business function and should be selected to:

  • minimise risk of confusion with other registered names, organisations, trade names or trademarks
  • ensure clarity in the geographic remit of the organisation, i.e. regional bodies must not imply a national reach
  • avoid the risk of inadvertent masquerading

Domain names should be as short, simple and 'sayable' as possible and must:

  • contain only standard ASCII alpha numeric characters A to Z and numerals 0 to 9
  • not include hyphens or underscores
  • not conflict with internet protocols such as www, ftp, dns, whois
  • not include postal codes or pseudo-abbreviations such as ltd, plc, gov
  • not contain more than 64 characters
  • not be fewer than three letters long

There is now no requirement to include 'Scotland', 'Scottish' or similar forms within the domain name as the geographic remit is explicit in the .scot TLD.

For maximum readability and clarity, domain names should comprise real words, e.g. education.gov.scot, foodstandards.gov.scot, pensions.gov.scot. The use of abbreviations or acronyms is not acceptable unless it can be shown to be commonly recognised beyond a limited group of people.

Note: Acronyms may be exceptionally approved for email domains. Consideration will be on a case by case basis.

Gaelic language

8. In accordance with the Gaelic Language (Scotland) Act 2005 public bodies, local authorities and agencies providing a service to the public in Scotland may, where there is a difference between their Gaelic and English names, consider registering both language variants.

Applications for Gaelic language domain names must include, for information purposes, the English language equivalent, e.g. gàidhealtachd.gov.scot and highland.gov.scot.

Note: The .scot TLD supports the character sets of the six native languages of Scotland: English, Scots, Gaelic, Orcadian, Shetlandic and Doric.

No use prior to approval

9. A gov.scot third-level domain may not be used in any context, online or offline, prior to formal approval by the NC. JSL and the NC are not responsible for any costs incurred by an organisation (including marketing and communication costs) as the result of a failure to follow the name request process.

Applying for a domain name

10. i. Choosing an approved domain registrar

JSL maintain support contracts with a wide variety of domain registrars, supporting a variety of TLDs. Only such supported registrars may make third-level gov.scot domain requests of JSL. If an organisation's current registrar is not supported, JSL will readily enter into a support arrangement to enable such requests. A domain registrar must contact JSL directly to initiate this.

ii. Supporting information

To be considered for a gov.scot third-level domain, an organisation must clearly describe its status (as domain owner) and the intended purpose of the domain. The online application form provided by JSL requires this information:

  • status, e.g. executive agency, health body
  • role and objective
  • staffing, e.g. civil servants
  • funding, e.g. central taxation
  • accountability, e.g. Government Minister, Courts Service
  • purpose of the domain name and proposed content, e.g. public service information, commercial transaction, marketing campaign
  • primary audience, e.g. young people, professional/specialist

Application process

11. To obtain a third-level domain on gov.scot all organisations must follow this process:

  1. An organisation makes the internal case for entitlement to a domain name
  2. The organisation's domain registrar submits a name request to JSL via their standardised online form - for decision within 10 working days
  3. JSL passes the name request to the NC
  4. The NC may ask questions or comment on relevant issues, e.g. user need, cost and alternative hosting strategies
  5. The NC assesses the name request and responds to JSL
  6. JSL notifies the organisation's domain registrar of the decision
  7. If approved, and subject to payment, JSL registers the domain on behalf of the organisation

This process applies equally to name requests, modifications and deletions.

Appealing against rejection of an application

12. If the NC rejects an application they will explain the reasons. An organisation has the right to appeal the NC rejection. This must be carried out within 10 working days of receiving the rejection notification.

To appeal the decision the organisation's domain registrar must provide JSL with new information to rebut the reasons given for rejection.

The NC will assess the appeal in light of the new information provided and within five working days give a final decision on the application - either approval or rejection with accompanying reasons.

If the applicant remains dissatisfied, the issue will be passed to Scottish Government Director of Communications and Ministerial Support as final arbiter of all approval and rejection decisions of the NC.

Notes:

  • Failure to obtain domain name approval prior to, for example, printing stationery or publicity material, is not grounds for appeal
  • An application rejected because of insufficient information requires resubmission, not an appeal

Subdomains and subfolders

13. The use of fourth and fifth-level domains (subdomains) is strongly discouraged and may not be used merely to host alternative content or to subdivide a site by content area.

Subdomains are only to be used:

  • for corporate intranet sites carrying only internal traffic
  • for corporate extranet sites under access control aimed at specific stakeholder audiences, typically used for an exchange of private data
  • for development or test systems that are not publicly addressable
  • where a web service or component requires pointing to a third party solution that cannot be locally integrated e.g. commercial agency/cloud hosted, software as a service (SAAS), or a media server or database solution

When used to point to a third party solution a subdomain must not be used for promotional or editorial purposes. A sub-folder of the primary domain must be used to redirect to the sub-domain.

e.g. example.gov.scot/database points to database.example.gov.scot

Use of third-level domains for campaigns (short-term use)

14. The use of third-level domains for marketing campaigns and short-term non-core service offerings is discouraged. The NC will however consider individual requests and will approval/refuse on a case-by-case basis.

Defensive registration

15. Public organisations should consider acquiring commercial top-level and second-level domains e.g. .com, .info, .org.uk - comparable to their primary third-level gov.scot domain. This is to minimise the risk of online confusion from:

  • Typo squatting (deliberate misspellings of a domain name)
  • Cybersquatting (bad faith registration of comparable domain names)
  • Cyber smearing (creation of web site creation to convey deceptive, false or disparaging information)

Defensive registration is not necessary for gov.scot domains. Only public organisations may acquire them and their use is wholly controlled by the NC.

Make changes to or cancel a domain

16. Communication with the NC and on all other aspects of domain name management is via the relevant forms on the JSL website.

A public organisation can only communicate with JSL via its domain registrar. JSL has contracts with the majority of UK domain registrars. If an organisation's registrar does not currently contract with JSL, JSL will facilitate the necessary contract.

Not conforming to best practice

17. Once approved and made live domains and sub-domains on gov.scot must conform to the foregoing requirements. In particular, they must resolve correctly and present valid public sector content.

In the event of departure from these requirements the NC will work with the domain owner to agree a remedy. Persistent failure to enact the remedy will be considered a breach, for which two penalties are open to the NC:

  • Suspension If a breach is not remedied for 90 days, the DNS for the domain may be switched off. Only once the breach is remedied will the domain be reinstated.
  • Withdrawal For a severe or persistent breach the approval for domain renewal may be refused; the DNS for the domain will be removed. For the DNS to be restored the registrant will be required to make a new full application to JSL and the NC in line with the current criteria.

Becoming ineligible

18. If an organisation or service undergoes a change of status that renders it ineligible for a government domain name, it must contact the NC immediately. Prior to removal of the domain a grace period of 90 days will normally be allowed for transition to a new non-government domain.

Email security following transition

19. Email security should be unaffected when an organisation transitions from an existing gsi.gov.uk email address to a new gov.scot email address. This will be dependent on each organisation's email infrastructure and protocols remaining the same.

Email for public sector organisations is, in basic terms, either 'secure' or 'non-secure'. This condition should persist after transition. The new form of the email address is not relevant as the required degree of security is achieved through the persistent combination of infrastructure and protocols.

Note: The established designators of security in email addresses (e.g. @scotland.gsi.gov.uk or @eastlothian.gcsx.gov.uk) are no longer significant.

Domain name security extensions or DNSSEC

20. DNSSEC is a set of extensions to the DNS to protect against website spoofing, i.e. to ensure users are served genuine content. DNSSEC validates - but does not secure – DNS data by means of digital signatures ('certificates') that guarantee DNS lookup validity for servers and clients.

DNSSEC has been enabled for the TLD and SLD 'zones', i.e. for every data transfer on gov.scot JSL and the TLD registrar exchange certificates to authenticate the traffic.

It is therefore available to organisations registering third-level domains on gov.scot to extend this 'chain of trust' by requiring of their registrar that they create and upload their own counterpart certificate for exchange with JSL.

Naming committee and contacts

21. Domain enquiries – domains@gov.scot Domain Name Service (Jisc) contact details

Name Organisation Job Title
James Coltham (Chair) Scottish Government Head of Digital & Content
Lesley Allen Scottish Government Service Owner
Rowan Smith Scottish Government Programme Director
Emma Pollock Education Scotland Head of Delivery and Service Management
Elizabeth Fong Scottish Government Marketing team Leader - Net Zero
Grace Moore Jisc Trust and Identity Services
Back to top