ICANN’s Registration Data Policy officially took effect on August 21, 2025, marking the most significant regulatory shift for domain registrars in years. After a year-long transition period, the policy replaces the Interim Registration Data Policy and brings domain registration practices into full compliance with global data protection laws, particularly the EU’s GDPR.
Core Changes for Registrars
Minimal Data Collection
The policy implements 34 recommendations and updates 20 impacted procedures. Most significantly, registrars now collect only minimal information from domain registrants. Gone are the requirements for administrative, billing, and technical contact fields.
The new minimum data set includes only:
- Registrant name
- Registrant email address
- Registrant country/region
- Organization name (optional but critical)
Any data previously stored in eliminated fields will be permanently removed from registrar systems.
Organization Field Determines Ownership
The most impactful change involves the Organization field. As of May 28, 2025, if this field contains data, the domain is legally owned by that organization—not the individual. If left blank, the individual owns the domain.
This has major implications for business domain ownership, transfers, disputes, and corporate asset management. Registrars must educate customers about this critical distinction during registration.
RDAP Replaces WHOIS
The policy requires compliance with the gTLD RDAP Profile, providing standardized data access and query responses. Traditional WHOIS protocols (port-43 and web-based) sunset on January 28, 2025. RDAP offers better privacy controls, authentication mechanisms, and compliance with data protection regulations.
Why This Policy Exists
In 2018, the EU’s GDPR made publishing personal data without consent illegal, forcing ICANN to temporarily modify WHOIS requirements. The new Registration Data Policy is the permanent solution developed through ICANN’s multistakeholder process, providing a consistent framework for handling registration data while adhering to privacy regulations across multiple jurisdictions.
Implementation Challenges
Registrars have faced significant operational hurdles:
System Updates: Modified databases, updated APIs, revised customer forms, implemented RDAP infrastructure, and trained support staff. API responses no longer include data beyond the minimum set, requiring integration updates.
TLD Variations: The policy applies to most gTLDs like .com and .net, but not all. .BIZ and .ORG remain excluded pending registry updates, creating operational complexity.
Customer Education: Registrars must proactively explain the organization field’s legal implications and help customers understand ownership determination.
Benefits for Registrars
Despite implementation challenges, the policy provides substantial benefits:
Legal Clarity: Clear, standardized requirements reduce compliance uncertainty across jurisdictions.
Reduced Liability: Collecting less personal data minimizes data breach exposure and privacy violation risks.
Operational Efficiency: Long-term benefits include streamlined registration processes, faster provisioning, reduced support burden, and lower operational costs.
What Registrars Must Do
Immediate Actions: Verify full compliance with minimum data requirements, update documentation and privacy policies, train staff on new rules, test RDAP implementation, and monitor registry-specific timelines.
Customer Communication: Proactively inform customers about the organization field’s significance, data deletion schedules, and opportunities to review registration information.
Ongoing Monitoring: Subscribe to ICANN updates, participate in registrar community discussions, and track enforcement actions.
Looking Ahead
The Registration Data Policy likely won’t be the last major change. As data protection laws evolve globally, registrars should build flexible systems adaptable to regulatory shifts. Future trends may include enhanced security requirements, stricter domain validation, and continued automation through standardized protocols.
Conclusion
The Registration Data Policy represents a milestone in domain registration regulation, balancing privacy protection with operational necessity. While implementation required significant effort, registrars now operate under clearer guidelines with reduced privacy liability. Success requires vigilant compliance monitoring, customer education, modern infrastructure investment, and active participation in ICANN policy development.
