ICANN Adds Urgent Requests Requirement to Registration Data Policy

The Internet Corporation for Assigned Names and Numbers (ICANN) today announced that as of 12 May 2026, the Registration Data Policy has been updated to include requirements for ICANN contracted parties to respond within 24 hours to urgent requests for the lawful disclosure of generic top-level domain nonpublic registration data from authenticated requestors. Urgent requests include situations that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation where disclosure of data is necessary in combatting or addressing the threat. The urgent request policy language will not go into effect until an authentication mechanism for law enforcement is implemented.

Discussion about development of an authentication mechanism is currently in process in the Governmental Advisory Committee's Public Safety Working Group. ICANN has participated in these conversations with law enforcement, Generic Names Supporting Organization stakeholder groups, and members of civil society to understand the available tools, technologies, and desired features for an authentication mechanism. The ICANN organization is developing a proof-of-concept test with law enforcement experienced in authentication, such as Interpol and the FBI. This testing will help ICANN and the community develop requirements for identity providers. This work will also support a long-term solution for requesting nonpublic registration data, once supplemental policy recommendations for the System for Standardized/Access Disclosure are finalized.

About ICANN