Skip to main content

Legal Analyses, Proposed Compliance Models, & Community Feedback

The ICANN organization has engaged European law firm, Hamilton Advokatbyrå, to provide us with information and analysis to assist in our discussions with the community and contracted parties regarding their contractual agreements with ICANN and the GDPR, as well as topics looking beyond WHOIS to include registration data more broadly, including data required to be escrowed and retained under ICANN's contracts.

On this page you'll find:

ICANN-Proposed Compliance Models for Community Discussion

8 March 2018 – Interim Model for Compliance with ICANN Agreements and Policies in Relation to the European Union’s General Data Protection Regulation – WORKING DRAFT FOR CONTINUED DISCUSSION [PDF, 923 KB]

This document presents a unified approach for how ICANN and the industry of more than 1,000 generic top-level domain (gTLD) registries and registrars could comply with existing contractual requirements and community developed policies concerning the processing of registration data, which includes personal data, in light of the GDPR. It represents an interim solution and does not replace the multistakeholder policy development and implementation activities that are underway. ICANN is publishing this working draft for community feedback as it works to finalize a model for adoption. Please send input to

28 February 2018 – Proposed Interim Model for GDPR Compliance -- Summary Description [PDF, 728 KB]

This document providing a high-level summary of the proposed final interim model, including a proposal for an accreditation program for continued access to full Thick WHOIS data for accredited users/entities. The legal justification for collection and use of the WHOIS data included in the interim model is not included in this summary document, but will be based on legitimate interests of the controller or third parties, and will be detailed in an analysis accompanying the Final Interim Compliance Model. See also below, the updated Working Draft Non-Paper [XLSX, 21 KB], which is chart comparing ICANN- and community-proposed models based on various elements of registration data against the proposed final interim model.

Please send your feedback to, preferably prior to ICANN61, where we will continue this conversation on the direction we are taking toward interim compliance with the GDPR.

12 January 2018 – Proposed Interim Models for Compliance with ICANN Agreements and Policies in Relation to the European Union's General Data Protection Regulation [PDF, 624 KB]

These proposed models represent input from across the ICANN community, data protection authorities, legal analyses, and the proposed models we have received to date. This document represents a draft for community discussion and input. We are seeking your input on the proposals. From that input either variations or modifications to one of these models will be identified at the end of January for the path forward. To ensure we reach this goal, we need your feedback by 29 January 2018. Please send your feedback to

Community input, including proposed models for compliance, as well as the Hamilton firm's legal analyses, contributed to the development of these proposed models. Those documents are referenced below. Click here to return to ICANN's Data Protection/Privacy Issues webpage.

GDPR Legal Analysis Memoranda

Community-Proposed Models for GDPR Compliance

These proposed models were submitted in response to the 2 November statement from Contractual Compliance. For more information about these proposed models, please visit the Guidelines for Proposed Models to Address the GDPR section of our Data Protection/Privacy Issues webpage.

Model # Date Submitted Submitter Submitter Organization Documents


13 March 2018


ICANN's Intellectual Property and Business Constituencies

Model Version 1.4 dated 20 April 2018 [PDF, 180 KB]

Model Version 1.3 dated 27 March 2018 [PDF, 393 KB]

Model Version 1.2 dated 23 March 2018 [PDF, 382 KB]

Model Version 1.1 dated 13 March 2018 [PDF, 171 KB]


11 January 2018

Faisal Shah

Focus IP, Inc. dba Appdetex

Cover Page [PDF, 70 KB]

Executive Summary [PDF, 70 KB]

Details of Proposal [PDF, 70 KB]

Template Questions [PDF, 70 KB]


11 January 2018

Frederick Felman

Personal Capacity

Cover Page [PDF, 70 KB]

Executive Summary [PDF, 70 KB]

Details of Proposal [PDF, 70 KB]


11 January 2018

Thomas Rickert

Eco Internet Industry Association

Cover Page [PDF, 70 KB]

Companies / Groups Involved in the Development of the Proposal [PDF, 70 KB]

Executive Summary and Proposal [PDF, 70 KB]

Domain Industry Playbook [PDF, 70 KB]


21 December 2017

Dean Marks

Coalition for Online Accountability (COA)

Cover Page [PDF, 25 KB]

Executive Summary [PDF, 26 KB]

Details of Proposal [PDF, 102 KB]

Working Draft GDPR Compliant WHOIS Model [PDF, 70 KB]


11 November 2017

Greg Aaron

iThreat Cyber Group

Strawman Proposal for WHOIS compliance with GDPR [PDF, 89 KB]

Community Discussions

Please email if you would like to share other community discussions regarding data protection/privacy issues on this page.

Community Group Discussion Topic Links

ICANN's Intellectual Property and Business Constituencies

Accreditation & Access Model

Mailing List Archives


6 April 2018, 1400 UTC - Accreditation and Access Model for Non-Public WHOIS Data Call – To join this call, please send an email to

Comments/Questions Received on Models/Analyses

Click here for all comments/questions that have been received in response to proposed model submissions and legal analyses.

Reference Documents

The community has provided the following inputs to assist in, or to be considered as part of the legal analysis.

Date Document

20 April 2018

WHOIS High-Level Technical Brief dated 20 April 2018 [PDF, 1.85 MB]

20 April 2018

Timeline dated 20 April 2018 – Plan of Action to Implement GDPR Interim Compliance Model [PDF, 33 KB]

20 April 2018

Working Draft Non-Paper dated 20 April 2018 – Selected Interim GDPR Compliance Models and Comments [PDF, 14 KB]

13 April 2018

Data Protection/Privacy FAQs [PDF, 76 KB]

10 April 2018

Data Protection/Privacy FAQs [PDF, 22 KB]

10 March 2018

Working Draft dated 10 March 2018 -- Proposed Interim GDPR Compliance Models and Selected Community Input [PDF, 70 KB]

28 February 2018

Working Draft Non-Paper dated 28 February 2018 – Selected Interim GDPR Compliance Models & Comments [XLSX, 21 KB]

2 February 2018

Working Draft dated 2 February 2018 -- Proposed Interim GDPR Compliance Models and Selected Community Input [PDF, 729 KB]

2 February 2018

Working Draft Non-Paper dated 1 February 2018 -- Selected Interim GDPR Compliance Models & Comments [XLSX, 14 KB]

17 November 2017

Questions for GDPR Legal Analysis (Part 2) and Additional Background Resources [PDF, 1.12 MB]

14 November 2017

Questions from ICANN Business Constituency (BC) [PDF, 36 KB]

14 November 2017

Questions from ICANN Intellectual Property Constituency (IPC) [PDF, 444 KB]

14 November 2017

Questions from Internet Service Providers and Connectivity Providers (ISPCP) [PDF, 14 KB]

11 November 2017

Strawman Proposal for WHOIS Compliance with GDPR from Greg Aaron, iThreat Cyber Group [PDF, 90 KB]

1 November 2017

GAC Communiqué – Abu Dhabi, UAE (section on GDPR/WHOIS) [PDF, 595 KB]

29 October 2017

Independent analysis of the WHOIS system in connection with the GDPR commissioned by the IPC [PDF, 1.12 MB]


Guidelines for Proposed Models to Address the General Data Protection Regulation (GDPR)


gTLD Registration Dataflow Matrix and Information webpage

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."