On August 21, 2025, the new ICANN Registration Data Policy (RDP) came into effect. The goal of this policy is to make sure domain registration data follows data protection laws worldwide, such as the GDPR.
These are the key changes introduced with the ICANN RDP update:
- Domain ownership in connection with organizational contacts
- Minimum Data Set
- Disclosure process
What is the ICANN Registration Data Policy?
The Internet Corporation for Assigned Names and Numbers (ICANN) is the global organization responsible for coordinating the allocation and management of domain names. As part of the Registrar Accreditation Agreement (RAA) with ICANN, all accredited registrars, such as INWX, are required to implement the RDP. The same applies to registry operators under the Registry Agreement.
The RDP update modernizes existing requirements to reflect evolving data protection and data processing regulations. The policy defines how registration contact data may be processed, stored, and shared. It applies only to generic top-level domains (gTLDs) such as .COM, .ORG, or .SHOP.
Country-code top-level domains (ccTLDs) such as .DE or .EU are not affected.
You can read the full Registration Data Policy here: ICANN RDP
Key Changes under the ICANN Registration Data Policy Update
Domain Ownership and Organizational Contacts
From now on, the “Organization” field determines the legal domain owner:
- If the “Organization” field is filled in during registration, the organization is considered the domain holder. The person listed is only recorded as a contact person within that organization.
- If the “Organization” field is left blank, the individual registrant is considered the legal owner of the domain.
As a result, any change to the “Organization” field, whether it is updated or removed, will be treated as a change of ownership.
In our Whois/RDAP, the registrant organization will be redacted by default. Upon request, companies and individuals may have these details displayed again through the INWX support process for Whois publication.
Minimum Data Set
Previously, many registries required four sets of domain contact details when registering a gTLD domain:
- Registrant
- Admin
- Tech
- Billing
With the introduction of the Minimum Data Set, only the Registrant is now mandatory. By default, registries no longer require the Admin, Tech and Billing contacts. However, individual registries may still require additional data. For about 2.5% of gTLDs, four contacts remain mandatory.
The contact information collected during registration is stored by us but not necessarily forwarded to the registry. For around 80% of gTLDs, registrant data is only known to us (and escrow providers), but not to the registry itself.
Currently, almost all domains still show four contact types in our systems, but these will soon be removed. In addition, we will delete administrative, technical, and billing contact data. Furthermore, we will remove the registrant fax numbers unless explicitly required by the registry.
Note: The Minimum Data Set represents the default information we collect. In some cases, we are contractually obligated by the registry to store additional data. For example, .cat domains require additional data, whereby registrants must prove their connection to Catalan culture, language, or community.
Disclosure Process
A new disclosure process has also been introduced, regulating the transfer of registration data to third parties. You can find the exact procedure here: INWX Disclosure Process.
The disclosure process allows third parties with a legitimate interest to request access to domain contact details that are not visible in the public WHOIS.
As an ICANN-accredited registrar, we are required to review and respond to such requests. The legal basis for this is the Registration Data Policy for gTLDs.