ICANN’s new domain registration data policy takes effect

ICANN’s new Registration Data Policy has officially taken effect, replacing interim rules and creating a consistent framework for handling domain registration data.
ICANN’s new domain registration data policy takes effect

21 August 2025 — The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that its new Registration Data Policy is now in force for all domain registry operators and ICANN-accredited registrars. This marks the end of a one-year transition period that began in August 2024, giving contracted parties time to update their systems and processes.

What the policy does

The Registration Data Policy replaces the interim rules that were introduced after the European Union’s General Data Protection Regulation (GDPR) made the old WHOIS system—where anyone could look up personal details of domain owners—legally problematic. The new policy sets a clear, global framework for how registration data must be collected, stored, disclosed, and protected.

It incorporates 34 policy recommendations and updates more than 20 related procedures, including the technical rules for the Registration Data Access Protocol. Among the changes:

  • Domain owners no longer need to provide separate administrative or billing contacts.
  • Technical contacts can be generic (e.g. support@domain.com) rather than personal details.
  • If the ‘Organisation’ field is filled, that entity is recognised as the legal owner of the domain; if not, ownership is assigned to the individual registrant.

These updates reduce unnecessary collection of personal information while clarifying ownership and responsibility.

Why it matters

For individuals and businesses, the policy offers stronger privacy by limiting the exposure of personal details online. At the same time, it ensures domain ownership is clearly recorded, which is critical for accountability in disputes or legal matters.

For civil society, the changes are especially significant. Nonprofits, journalists, and consumer rights advocates have often relied on WHOIS data to investigate fraud, misinformation, or abusive online activity. With this new policy, such access is no longer automatic. Instead, legitimate requests must go through structured systems like the Registration Data Request Service (RDRS). This aims to balance privacy protection with transparency and oversight—but its effectiveness depends on how consistently and fairly it is implemented.

Privacy advocates welcome the stronger safeguards, but watchdog groups warn that reduced visibility could make it harder to trace harmful actors online. Ensuring civil society can continue to access data when needed is therefore central to maintaining accountability in the digital space.

How it was developed

The policy was the outcome of years of negotiation within ICANN’s multistakeholder community, particularly through the Generic Names Supporting Organization (GNSO) and an Implementation Review Team. Together, they worked to design rules that reflect both global privacy standards and the operational needs of the domain name system.

Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.

Civil Society Alliances for Digital Empowerment (CADE) 2024. All rights reserved.

This website is co-funded by the European Union. Its contents are the sole responsibility of CADE and do not necessarily reflect the views of the European Union.

Web accessibility | Privacy policy

Go to Top