ICANN launched the Registration Data Request Service (RDRS) in November 2023. The service provides a standardized format to submit requests to ICANN-accredited registrars for the disclosure of nonpublic registration data related to generic top-level domains (gTLDs). While it is voluntary for registrars to participate in RDRS, registrars must comply with applicable disclosure requirements for requests submitted through the service. This blog explains how current disclosure requirements apply to such requests and clarifies how ICANN Contractual Compliance approaches enforcement of the related contractual obligations.
As of 21 August 2024, registrars and registry operators (contracted parties) are permitted to begin implementing the Registration Data Policy. Until 21 August 2025, contracted parties may instead continue implementing the Interim Registration Policy for gTLDs (Interim Policy), which requires the implementation of measures consistent with the Temporary Specification for gTLD Registration Data (Temporary Specification). Both policies specify how registrars must review and respond to disclosure requests submitted via RDRS.
Interim Policy Requirements
The Interim Policy (via Appendix A, Section 4.1 of the Temporary Specification) states that "Registrar and Registry Operator MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interest pursued by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject pursuant to Article 6(1)(f) GDPR."
Under this standard, registrars must provide "reasonable access" to nonpublic registration data. Registrars are required to reasonably consider and respond to requests, whether submitted directly to the registrar or via RDRS. Any failure to respond to a request within a reasonable time would be deemed noncompliant.
Registration Data Policy Requirements
Section 10 of the Registration Data Policy provides that registrars "MUST consider each properly-formed Disclosure Request on its merits, considering the specific rationale and basis for each request" and "respond to Disclosure Requests which meet their respective required formats."
Under the Registration Data Policy, disclosure requirements apply to any request that meets a registrar's required format. These requirements include how a registrar must review and respond to requests for disclosure. Any registrar opting into RDRS agrees to its use, including accepting requests in its required format. Accordingly, failure to adhere to the response requirements, including response times, would be deemed noncompliant.
While not mandatory, a registrar's decision to opt into RDRS or a requestor's decision to utilize the service do not impact otherwise existing disclosure obligations. Regardless of which policy registrars currently implement (Interim Policy or Registration Data Policy), requests submitted via RDRS must be processed in compliance with the applicable policy, including any response-related requirements.
If you believe an ICANN-accredited registrar has failed to comply with its disclosure requirements under either the Interim Policy or Registration Data Policy, you may file a complaint with ICANN Contractual Compliance using this complaint form. Additional information on submitting complaints concerning disclosure requests can be found in this document.
