Skip to main content
Resources

Revised ICANN Procedure For Handling WHOIS Conflicts with Privacy Law

On 21 February 2024, an updated version of the procedure was published to reflect changes required to implement the Registration Data Policy. Click here to view the updated version of this procedure. You may view the changes in the redline.

Effective Date 18 April 2017

View the Redline Version of the Revised Whois Procedure.

For more information on Registration Data, please visit our Registration Data at ICANN page.

Introduction and background

0.1 In December 2003, [1] the WHOIS Task Force 2 of the GNSO recommended the development of a procedure to allow gTLD registry/registrars to demonstrate when they are prevented by local laws from fully complying with the provisions of ICANN contracts regarding personal data in WHOIS.

0.2 In November 2005 [2], the GNSO concluded a policy development process on establishing such a procedure. It follows the 'well-developed advice on a procedure' recommended by the WHOIS Task Force and approved by the GNSO Council. [3] In May 2006, the ICANN Board [4] adopted the policy and directed ICANN staff to develop and publicly document a conflicts procedure.

0.3 On 3 December 2006, ICANN staff published the Draft ICANN Procedure for Handling WHOIS Conflicts with Privacy Law [insert footnote, http://gnso.icann.org/issues/whois-privacy/whois_national_laws_procedure.htm]. ICANN sought input on the draft procedure from the Governmental Advisory Committee (GAC). Revised language has been incorporated into 1.4 below.

0.4 On 5 October 2015 the Implementation Advisory Group on WHOIS conflicts with National Law1 published its report outlining possible improvements to this procedure. Public comment was sought on the report of the advisory group from 5 October to 17 November 2015. The final report was submitted to the GNSO Council for consideration at its May 2016 Meeting.

0.5 The procedure outlined below details how ICANN will respond to a situation where a registrar/registry [5] indicates that it is legally prevented by local/national privacy laws or regulations from complying with the provisions of its ICANN contract regarding the collection, display and distribution of personal data via WHOIS. The procedure is for use by ICANN staff. While it includes possible actions for the affected gTLD registry/registrar, this procedure does not impose any new obligations on registries/registrars or third parties. It aims to inform registries/registrars and other parties of the steps that will be taken when a possible conflict between other legal obligations and the ICANN contractual requirements regarding WHOIS is reported to ICANN.

Step One:

  1. Notification of Whois Proceeding

    1.1 At the earliest appropriate juncture on receiving notification of an investigation, litigation, regulatory proceeding or other government or civil action that might affect its compliance with the provisions of the Registrar Accreditation Agreement ("RAA") or other contractual agreement with ICANN dealing with the collection, display or distribution of personally identifiable data via WHOIS ("WHOIS Proceeding"), a registrar/registry should provide ICANN staff with the following:

    • Summary description of the nature and status of the action (e.g., inquiry, investigation, litigation, threat of sanctions, etc.) and a range of possible outcomes.
    • Contact information for the responsible official of the registrar/registry for resolving the problem.
    • If appropriate, contact information for the responsible territorial government agency or other claimant and a statement from the registrar/registry authorizing ICANN to communicate with those officials or claimants on the matter. If the registrar/registry is prevented by applicable law from granting such authorization, the notification should document this.
    • The text of the applicable law or regulations upon which the local government or other claimant is basing its action or investigation, if such information has been indicated by the government or other claimant.
    • Description of efforts undertaken to meet the requirements of both local law and obligations to ICANN.

    1.2 Meeting the notification requirement permits registrars/registries to participate in investigations and respond to court orders, regulations, or enforcement authorities in a manner and course deemed best by their counsel.

    1.3 Depending on the specific circumstances of the WHOIS Proceeding, the registrar/registry may request that ICANN keep all correspondence between the parties confidential pending the outcome of the WHOIS Proceeding. ICANN will ordinarily respond favorably to such requests to the extent that they can be accommodated with other legal responsibilities and basic principles of transparency applicable to ICANN operations.

    1.4 A registrar or registry that is subject to a WHOIS proceeding should work cooperatively with the relevant national government to ensure that the registrar or registry operates in conformity with domestic laws and regulations, and international law and applicable international conventions.

  2. Alternative Trigger: Written Statement from Government Agency

    1.5 In the absence of a Whois proceeding, a registry or registrar may present to ICANN a written statement from agency:

    • (a) Specifying the facts before it, i.e.,
      • (i) the specific contracted party in question (registrar or registry)
      • (ii) the applicable terms of service/registration agreements agency has reviewed
      • (iii) the applicable provisions of the ICANN contract in question
      • (iv) the applicable law it has analyzed
    • (2) Identifying and analyzing the inconsistency agency has found between national law and contractual obligations, citing specific provisions of each; and
    • (3) Certifying that agency has the legal authority to enforce the national law which it has found to be inconsistent with contractual obligations, and that it has jurisdiction over the contracted party for the purposes of such enforcement

Step Two: Consultation

2.1 The goal of the consultation process should be to seek to resolve the problem in a manner that preserves the ability of the registrar/registry to comply with its contractual WHOIS obligations to the greatest extent possible.

2.1.1 Unless impractical under the circumstances, upon receipt and review of the notification, ICANN will consult with the registrar/registry. Where appropriate under the circumstances, ICANN will consult with the local/national enforcement authorities or other claimant together with the registrar/registry.

2.1.2 Pursuant to advice from ICANN's Governmental Advisory Committee, ICANN will request advice from the relevant national government on the authority of the request for derogation from the ICANN WHOIS requirements.

2.2 If the WHOIS Proceeding ends without requiring any changes or the required changes in registrar/registry practice do not, in the opinion of ICANN, constitute a deviation from the RAA or other contractual obligation, then ICANN and the registrar/registry need to take no further action.

2.3 If the registrar/registry is required by local law enforcement authorities or a court to make changes in its practices affecting compliance with WHOIS-related contractual obligations before any consultation process can occur, the registrar/registry should promptly notify ICANN of the changes made and the law/regulation upon which the action was based.

2.4 The registrar/registry may request that ICANN keep all correspondence between the parties confidential pending the outcome of the WHOIS Proceeding. ICANN will ordinarily respond favorably to such requests to the extent that they can be accommodated with other legal responsibilities and basic principles of transparency applicable to ICANN operations.

2.5 In cases to which the Alternative Trigger applies, the Consultation Step includes a public consultation in which all interested parties can review the written statement submitted in the Notification Step and to comment on all aspects of it. In such cases, ICANN would also consult with the GAC representative (if any) from the country in question, pursuant to section 2.1.2 of the procedure.

Step Three: General Counsel Analysis and Recommendation

3.1 If the WHOIS Proceeding requires changes (whether before, during or after the consultation process described above) that, in the opinion of the Office of ICANN's General Counsel, prevent compliance with contractual WHOIS obligations, ICANN staff may refrain, on a provisional basis, from taking enforcement action against the registrar/registry for non-compliance, while ICANN prepares a public report and recommendation and submits it to the ICANN Board for a decision. Prior to release of the report to the public, the registry/registrar may request that certain information (including, but not limited to, communications between the registry/registrar and ICANN, or other privileged/confidential information) be redacted from the report. The General Counsel may redact such advice or information from any published version of the report that relates to legal advice to ICANN or advice from ICANN's counsel that in the view of the General Counsel should be restricted due to privileges or possible liability to ICANN. Such a report may contain:

  1. A summary of the law or regulation involved in the conflict;
  2. Specification of the part of the registry or registrar's contractual WHOIS obligations with which full compliance if being prevented;
  3. Summary of the consultation process if any under step two; and
  4. Recommendation of how the issue should be resolved, which may include whether ICANN should provide an exception for those registrars/registries to which the specific conflict applies from one or more identified WHOIS contractual provisions. The report should include a detailed justification of its recommendation, including the anticipated impact on the operational stability, reliability, security, or global interoperability of the Internet's unique identifier systems if the recommendation were to be approved or denied.

3.2 The registrar/registry will be provided a reasonable opportunity to comment to the Board. The Registrar/Registry may request that ICANN keep such report confidential prior to any resolution of the Board. ICANN will ordinarily respond favorably to such requests to the extent that they can be accommodated with other legal responsibilities and basic principles of transparency applicable to ICANN operations.

3.3 In cases to which the Alternative Trigger applies, the Board will consider any public comment received on the written statement submitted in the Notification Step as well as any input received from the GAC representative (if any) from the country in question, pursuant to section 2.1.2 of the procedure.

Step Four: Resolution

4.1 Keeping in the mind the anticipated impact on the operational stability, reliability, security, or global interoperability of the Internet's unique identifier systems, the Board will consider and take appropriate action on the recommendations contained in the General Counsel's report as soon as practicable. Actions could include, but are not limited to:

  • Approving or rejecting the report's recommendations, with or without modifications;
  • Seeking additional information from the affected registrar/registry or third parties;
  • Scheduling a public comment period on the report; or
  • Referring the report to GNSO for its review and comment by a date certain.

Step Five: Public Notice

5.1 The Board's resolution of the issue, together with the General Counsel's report, will ordinarily be made public and be archived on ICANN's website (along with other related materials) for future research. Prior to release of such information to the public, the registry/registrar may request that certain information (including, but not limited to, communications between the registry/registrar and ICANN, or other privileged/confidential information) be redacted from the public notice. The General Counsel may redact such advice or information from any published version of the report that relates to legal advice to ICANN or advice from ICANN's counsel that in the view of the General Counsel should be restricted due to privileges or possible liability to ICANN. In the event that any redactions make it difficult to convey to the public the nature of the actions being taken by the registry/registrar, ICANN will work to provide appropriate notice to the public describing the actions being taken and the justification for such actions, as may be practicable under the circumstances.

5.2 Unless the Board decides otherwise, if the result of its resolution of the issue is that data elements in the registry/registrar's WHOIS output will be removed or made less accessible, ICANN will issue an appropriate notice to the public of the resolution and of the reasons for ICANN's forbearance from enforcement of full compliance with the contractual provision in question.

Step Six: Ongoing Review

6.1 With substantial input from the relevant registries or registrars, together with all constituencies, ICANN will review the effectiveness of the process annually.


[1] Whois Task Force 2, Preliminary Report, June 2004; http://gnso.icann.org/issues/whois-privacy/Whois-tf2-preliminary.html

[2] GNSO Council minutes, 28 November 2005; http://gnso.icann.org/meetings/minutes-gnso-28nov05.shtml

[3] Final Task Force Report 25 October, 2005 of the GNSO Whois Task Force; http://gnso.icann.org/issues/tf-final-rpt-25oct05.htm

[4] Board minutes, 10 May, 2006; http://www.icann.org/minutes/minutes-10may06.htm

[5] Reference to 'registries' in this document includes registry operators and sponsoring organizations.


1 https://community.icann.org/display/WNLCI/WHOIS+and+national+law+conflicts+IAG+Home

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."