ICANN has been quietly but steadily rewriting a lot of the rules that sit behind every domain name you own. If you manage even a handful of domains for your business, clients, or side projects, these ICANN domain policy changes are not an abstract governance topic; they directly affect how you register, transfer, secure, and renew domains day to day. In 2025, we are seeing concrete shifts around WHOIS/RDAP data, transfer workflows, DNS abuse handling, and the next wave of new gTLDs. As the dchost.com team, we sit at the point where these policies turn into real control panel options, emails, verification steps, and sometimes unexpected lock messages. In this article, we will walk through what is actually changing, what you will notice in practice, and which habits you should update so your domains stay safe, compliant, and easy to manage.
İçindekiler
- 1 Why ICANN Policies Keep Changing (and Why You Should Care)
- 2 The Big Themes Behind Recent ICANN Domain Policy Changes
- 3 From WHOIS to RDAP and the New Registration Data Policy
- 4 New Transfer Rules: TAC Codes, Locks, and Notifications
- 5 DNS Abuse and Security: Tougher Expectations for Registrars
- 6 New gTLD Round and Registry Contract Updates
- 7 How We at dchost.com Are Adapting (and How You Can Stay Ahead)
- 8 Fitting Policy Changes Into Your Broader Hosting and DNS Strategy
- 9 Bringing It All Together
Why ICANN Policies Keep Changing (and Why You Should Care)
ICANN (the Internet Corporation for Assigned Names and Numbers) is the body that coordinates the global Domain Name System (DNS): top-level domains, root servers, and the contracts that bind registries and registrars. It does not sell domains itself; instead, it defines the rules that companies like us at dchost.com must follow when we offer and manage domain registrations for you.
Those rules live in two main places:
- Contracts – Registry Agreements (RAs) and Registrar Accreditation Agreements (RAAs)
- Consensus Policies – developed by the ICANN community and then made mandatory for all accredited registrars and registries
When ICANN updates these contracts or policies, we are required to update our systems, support processes, and sometimes the way you interact with your domains. That means:
- New steps to transfer domains in or out
- Different information exposed (or hidden) in public WHOIS/RDAP
- Stricter checks on contact data accuracy and DNS abuse
- New options around TLDs, security extensions, and brand protection
Ignoring these changes can lead to surprises: delayed transfers, suspended domains due to unverified contacts, or missed opportunities in new TLDs. Understanding the direction of ICANN policy lets you treat domains as strategic infrastructure, not just a line item in accounting.
The Big Themes Behind Recent ICANN Domain Policy Changes
Individually, each ICANN update can feel small and highly technical. Put together, you can see four clear themes driving the new policies.
1. Privacy and Data Protection
After GDPR and similar laws, ICANN had to rethink the traditional, fully open WHOIS model. A lot of recent work has gone into defining:
- Which data elements must be collected at registration
- Which fields can be published publicly via RDAP
- How third parties can request non-public registration data
- How long registrars must retain your data
The result is a more standardized, privacy-aware registration data model that still lets law enforcement, trademark holders, and others request access under defined conditions.
2. Security, Abuse, and Stability
Domains are a favourite tool for phishing, malware distribution, and botnets. ICANN’s contracts now put more emphasis on:
- Detecting and responding to DNS abuse reports
- Verifying contact details for registrants
- Supporting security features like DNSSEC where the TLD allows it
If you want a deeper dive into how DNS-level security hardens your presence, our article Domain Security Best Practices: Registrar Lock, DNSSEC, Whois Privacy and 2FA walks through practical setups we use with customers.
3. Simplifying and Modernising Operations
Legacy processes like faxed authorization forms and ad-hoc WHOIS formats do not scale to millions of domains and automated tooling. Recent ICANN work focuses on:
- Moving from WHOIS to RDAP, a modern, standardized protocol
- Streamlining transfers with the TAC (Transfer Authorization Code) model
- Clarifying how and when domains can be locked or unlocked
These changes matter if you manage portfolios, do frequent registrar moves, or automate domain provisioning across multiple environments.
4. Competition and New gTLDs
The next application round for new generic TLDs (gTLDs) is a major driver of ICANN’s policy work. The goal is to allow more extensions (including brand and community TLDs) while embedding stronger obligations around DNS abuse, rights protection, and public interest commitments. If you are considering your own TLD, you will want to read our deep dive on ICANN’s next gTLD application round and what it takes to get your own dot.
From WHOIS to RDAP and the New Registration Data Policy
For many years, WHOIS was the main way to look up who owned a domain. It was flexible but messy: each registry and registrar could output data in slightly different formats, often including full names, addresses, phone numbers, and emails in the clear.
Modern privacy laws forced a reset. ICANN’s response is a combination of:
- RDAP (Registration Data Access Protocol) – a structured, machine-readable way to publish domain registration data
- The new Registration Data Policy (RDP) – a consensus policy that standardizes what data is collected, stored, and displayed
What This Looks Like for Domain Owners
In practice, you will notice:
- More consistent lookup results – RDAP output is structured and similar across TLDs and providers.
- Redacted personal data – many fields for individuals are hidden or replaced with placeholders in public responses.
- Proxy or anonymized contact methods – instead of your direct email, you may see anonymized relay addresses.
- More emphasis on accuracy – invalid emails or phone numbers can trigger verification reminders and, if ignored, domain suspension.
This is why we constantly remind customers to keep their domain contacts up to date. An old inbox you no longer check can now have very real consequences: missed verification messages, complaints you never see, or tickets from us that bounce.
Data Retention and Disclosure Requests
Under the Registration Data Policy, registrars like dchost.com must:
- Retain certain registration data for specific minimum periods
- Document processes for responding to lawful data disclosure requests
- Log who accessed what, and when
For you, this mainly means two things:
- Your data is handled in a more structured, policy-driven way.
- Requests for non-public data (for example from IP attorneys) follow a formal process rather than ad-hoc decisions.
If registration data and DNS concepts feel fuzzy, our explainer DNS Records Explained Like a Friend is a good companion to this section.
New Transfer Rules: TAC Codes, Locks, and Notifications
Domain transfers used to rely heavily on EPP codes and email-based Forms of Authorization (FOAs). The system worked but had pain points: security issues with static auth codes, confusing email approvals, and different interpretations of 60-day locks.
ICANN’s new Transfer Policy (phased in from 2023 onward) introduces several important changes that you will see when moving domains between registrars.
Transfer Authorization Code (TAC) Instead of Static EPP Codes
The old approach often exposed a long-lived transfer code in your registrar panel. If that code leaked, someone could attempt an unauthorized transfer. Under the new policy:
- The code is now referred to as a TAC (Transfer Authorization Code).
- A TAC is generated on demand when you request it.
- It has a limited validity period (for example, up to 14 days).
- Registrars must store it securely, typically only in hashed form.
At dchost.com, we expose TAC generation as a clear action in your control panel and pair it with security checks such as 2FA and email notifications, so you always know when a TAC has been issued for one of your domains.
Streamlined Email Flows, Stronger Notifications
The new policy reduces reliance on multiple FOA emails bouncing between gaining and losing registrars. Instead, the emphasis shifts to:
- Clear, timely notification to the current registrant when a transfer is initiated
- Reliable logging and audit of transfer-related actions
- Required security measures to block obviously suspicious transfers
In practice, this means fewer confusing emails to click, but the messages you receive matter more. If you see a transfer notice you did not initiate, act immediately: lock the domain, change account credentials, and contact our support.
60-Day Locks and Change of Registrant
ICANN’s rules around 60-day transfer locks after certain changes (like updating registrant details) have also been refined. Depending on your registrar’s implementation and local law, you may have options to:
- Opt out of some automatic 60-day locks when you legitimately update contact data
- See clearer messaging in the control panel about when a lock will apply
From our side, we aim to make lock status and reasons very visible in your dchost.com domain dashboard. You should not have to guess why a transfer request is being rejected.
If you are planning a transfer, we strongly recommend reading our guides How to Transfer a Domain Without Downtime and Why Domain Transfers Break Email (and How to Avoid It). They show how DNS, MX, and email routing fit into the updated transfer landscape.
DNS Abuse and Security: Tougher Expectations for Registrars
DNS abuse has become a central topic in ICANN policy discussions. While definitions can be debated, ICANN generally focuses on domains used for:
- Malware distribution
- Phishing and fraudulent websites
- Botnet command-and-control
- Pharming and DNS hijacking
- Spam specifically used to deliver the above
Recent and ongoing contract amendments push registrars and registries to:
- Have clear processes to receive and evaluate abuse reports
- Take timely, proportionate action when abuse is confirmed
- Maintain abuse contact points and document how they respond
What This Means for Legitimate Domain Owners
Most customers at dchost.com never intentionally use domains for abuse, but you can still be affected indirectly. For example:
- If your site is hacked and starts hosting malware, abuse procedures may be triggered.
- If your contact data is invalid, we might not be able to reach you before action is taken.
- If you send large volumes of email from your domain without proper authentication, it may be misclassified as abusive.
To reduce this risk, we recommend:
- Keeping your site and applications patched
- Using strong hosting-side security (WAF, hardened CMS, backups)
- Configuring SPF, DKIM, and DMARC records properly for your email domains
- Enabling DNSSEC where your TLD supports it
You can explore these angles further in our articles on domain security best practices and our step-by-step guide to SPF, DKIM, DMARC and rDNS.
New gTLD Round and Registry Contract Updates
ICANN is preparing the next application round for new generic top-level domains. This involves updating the Applicant Guidebook and refining registry contracts to reflect everything learned from the last round: from .app and .blog to city and brand TLDs.
Key Directions in the Next Round
While details continue to be refined, the main directions are clear:
- More opportunities – businesses, brands, and communities will be able to apply for their own TLDs again.
- Stronger abuse and security obligations – new TLD operators must meet modern expectations around DNS abuse handling and security.
- Clearer rules on closed generics – discussion continues on when a common term can be run as a mostly closed namespace.
- Internationalized domain names (IDNs) – better support and policies for non-Latin scripts.
For most readers, the immediate impact is not “I will run a registry,” but “I will have many more TLD options in a few years.” That raises questions about brand protection, defensive registrations, and SEO strategy.
We cover those in detail in The Calm Domain Playbook: ccTLD vs gTLD, International SEO, and Brand Protection Without the Panic, where we share how we help customers decide between .com, country codes, and newer gTLDs.
How We at dchost.com Are Adapting (and How You Can Stay Ahead)
Every ICANN policy change means real engineering, process, and support work on our side. Our goal is to absorb that complexity so that, as much as possible, your experience managing domains stays predictable and transparent.
What We Are Doing on the Platform Side
- RDAP and registration data – aligning our data collection and display with the new Registration Data Policy, including consistent masking of personal details where required.
- Transfer workflows – implementing TAC-based transfers with clear UI, secure code generation, and detailed status visibility.
- Lock and security controls – making registrar lock, DNSSEC, and optional WHOIS privacy obvious and easy to manage.
- Abuse processes – strengthening our internal runbooks to detect, triage, and resolve abuse events in a way that protects the broader ecosystem while giving legitimate customers fair remediation paths.
A Practical Checklist for Domain Owners in 2025
To stay comfortably ahead of ICANN’s domain policy changes, we recommend you:
- Audit contact data for all domains: make sure the registrant and admin emails are valid and monitored.
- Enable 2FA on your dchost.com account so that TAC requests or lock changes cannot be abused if a password leaks.
- Review lock status on critical domains and use registrar lock by default.
- Plan transfers early if you intend to consolidate domains; align timing with 60-day lock rules and renewal dates.
- Turn on DNSSEC where your TLD supports it, and you control DNS properly.
- Document who owns what within your company (legal entity, brand, IT, marketing), so contact changes do not accidentally trigger unwanted locks.
If you are exploring new domains or cleaning up your portfolio, our guide The First 30 Days After Buying a Domain: DNS, SSL, Email and SEO Checklist is a useful companion checklist.
Fitting Policy Changes Into Your Broader Hosting and DNS Strategy
ICANN policies focus on domains, but the ripple effects hit your DNS, hosting, and email setup. A transfer held up by a lock can delay a migration; a verification email stuck in spam can lead to unexpected domain suspension.
Plan Around DNS, Not Just Registrar
When you move a domain, you are often also moving or reconfiguring:
- Nameservers and zone hosting
- MX records, SPF/DKIM/DMARC for email
- A, AAAA, and CNAME records for your website
Aligning this with ICANN’s transfer rules means:
- Checking lock status and TAC readiness before a migration window
- Lowering DNS TTLs in advance to minimize propagation delays
- Ensuring you have full access to the old and new DNS zones during the transition
Our articles on diagnosing DNS errors like DNS_PROBE_FINISHED_NXDOMAIN and The Friendly Guide to Private Nameservers and Glue Records can help you design a migration plan that respects both DNS mechanics and ICANN transfer requirements.
Think About the Full Domain Lifecycle
ICANN policies also define how expiry, grace, redemption, and deletion periods work. Combined with registry-specific rules, this creates a predictable but unforgiving lifecycle. Missed renewals can send valuable domains into auctions or backorders.
If you have not mapped this lifecycle for your critical domains, start with our explanation of the domain lifecycle and expired domain backorders. Understanding how ICANN’s baseline rules interact with each TLD’s specifics will make your renewal strategy much calmer.
Bringing It All Together
ICANN domain policy changes can look distant and bureaucratic when you see them as PDF documents or meeting minutes. But the impact shows up in very concrete ways: how your contact data is stored and published, how easily you can move a domain to another registrar, what happens when someone reports abuse, and how many TLD options you have for new projects or brands.
As the dchost.com team, we track these developments precisely so you do not have to live in policy documents. Our job is to turn ICANN’s evolving requirements into clear, predictable controls in your customer panel: visible locks, secure TAC handling, straightforward RDAP/WHOIS privacy, and strong domain security by default. Your job is to keep ownership information accurate, follow good security hygiene, and plan domain moves and renewals intentionally.
If you want to review how your current domains line up with the new landscape, log into your dchost.com account, check contact details, lock status, and DNSSEC settings, and open a ticket if something feels unclear. We are happy to look at your portfolio with you and suggest a practical, policy-aware roadmap so your domains stay safe, compliant, and ready for whatever ICANN’s next round of changes brings.
