At Eregos, our objective is to assess trust on the web in a responsible and methodical way. Our TrustScore system is designed to evaluate technical risk indicators - not to question the legitimacy or authority of sovereign institutions. As a result, official government and military resources are handled differently from commercial or private websites.
For these domains, Eregos deliberately applies a restrained, non-intrusive approach rooted in a single guiding principle: institutional trust.
You may notice that Eregos does not actively scan or score government & military domains. These domains are instead classified as “Safe by Default.”
Why don’t we check them?
-
Built-in Integrity: In the United States and many other jurisdictions, government and military domains are tightly regulated. Registration and control are restricted exclusively to verified public institutions.
-
Mandated Security Standards: Many government websites are legally required to implement baseline security measures such as HTTPS encryption and standardized security headers, independent of third-party evaluations.
-
Direct-Source Principle: For highly sensitive information, such as taxation, social services, identity records, or military communications, we believe users should rely on the authoritative source itself, rather than a third-party trust index or intermediary assessment.
International Coverage
Because government domains vary by language and region, our exclusion engine recognizes several international indicators. We automatically bypass domains containing these official labels:
| Label | Meaning | Regions |
|---|---|---|
.gov / .govt |
Government | USA, UK, Australia, New Zealand |
.gob / .gub |
Gobierno | Spain, Mexico, Argentina, Uruguay |
.gouv |
Gouvernement | France, Quebec, Francophone Africa |
.lgov |
Local Government | Local government variants |
.go / .gc |
Gov / Gov of Canada | Japan, South Korea, Thailand, Canada |
.gv / .admin |
Administration | Austria, Switzerland |
.state |
State Entities | USA |
The "Direct Domain" Exception
In some countries, particularly in Northern Europe and Scandinavia, governments do not use a dedicated second-level domain for official business. Instead of a structure like government.gov.dk, they host services directly on country code extensions such as .dk (Denmark), .de (Germany), or .se (Sweden).
Because these extensions are shared by private citizens, local bakeries, and global corporations alike, Eregos cannot programmatically distinguish an official state portal from a private business based on the URL structure alone. In these specific cases, our automated system may still assign a TrustScore based on standard technical metrics.
Our Safety Guarantee
Regardless of the automated TrustScore displayed or any technical flags raised by our scanners, Eregos follows a fundamental principle:
Any website verified as being owned and operated by a sovereign government should always be considered "Safe by Default."
Even if a specific government portal uses legacy systems, outdated security headers, or configurations that might technically lower a traditional score, the provenance of the site being the state itself, overrides automated metrics. We recognize that official state communication is, by its very nature, the authoritative and intended source for the information it provides.
Government-Initiated Restriction Requests
Eregos acknowledges that some government-operated digital services may not use standardized or widely recognized government domain conventions (e.g., .gov, .gouv, or equivalent country-specific indicators). In such cases, a government authority may request that its domain be excluded from Eregos checks, automated analysis, or public TrustScore display.
Eligibility for Requests:
- Requests must be submitted by, or verifiably authorized by, the relevant government entity (federal, regional, or municipal).
- Verification may include confirmation from an official government email domain, formal written notice on institutional letterhead, or other documentation demonstrating government ownership or operational control of the domain.
Submission Process:
- Requests should be sent to: contact@eregos.com
- Eregos will review the submission and may request additional verification as necessary to confirm authenticity.
Effect of Verified Requests:
- Domains verified under this process will be treated as “Safe by Default”, consistent with recognized government and military domains.
- Automated scoring, technical trust evaluations, and public-facing risk indicators for the domain will be suppressed to prevent misclassification and to respect sovereign control over official communications.
Jurisdictional and Legal Considerations:
- Compliance with local and international laws is required for all submissions.
- Eregos reserves the right to evaluate requests in accordance with applicable data protection, privacy, and cybersecurity regulations.
- Approval of a request does not waive any legal obligations or liabilities of the domain owner under local or international law.
This process ensures that official state communications and services are not inadvertently misrepresented or flagged by third-party trust assessments, preserving both public trust and institutional authority.