I've had these domains for ten years, now all of a sudden this is super urgent and if I'm on holiday that'd be a real shame I guess
So I contact the registrar and a link to the relevant legislation was sufficient to send them a perfectly agreeably censored version of my identity document (removing just irrelevant information they can't use or verify anyway), but apparently all they do is forward it to support@afnic.fr and not actually mark the domain holder as verified. So AFNIC, predictably, rejects it because GDPR doesn't exist in France
I saw no other choice but to send everything into AFNIC's email inbox / support system, which famously never get leaked and they assured me was "highly" secured when I asked to at least remove it after verification
With just 7 days' notice and half of that going to the distraction of a registrar, there's also no way to figure out what's even going on or have any sort of conversation. They hold all the cards and you jump when they say hop
I'm considering my options for any TLDs owned by AFNIC... evidently .io isn't better, but how to know who is
Maybe your domains are affected buy a new or old policy?
But that's not the case for the domains AFNIC did grant. They registered successfully and I can still use them, also after this verification sham, AFNIC just insisted that I confirm immediately that I e.g. live where I said I live over ten years ago
I'm well aware that GDPR exists in France btw, but AFNIC is not — or at least has a different interpretation of what "not processing data unnecessarily" and "treating racial, biometric, and gender data as extra sensitive" means (they insisted I send all of these categories over plain email to a helpdesk system; I tried giving them an https link to a .jpg on the domain in question instead, but that was rejected with a "please attach to the email")