How will proposed changes to ICANN’S Transfer Policy affect domain owners?

Apr 16, 2025, 14:45 PM

---

Work has been underway to address potential improvements to the current version of ICANN’s Transfer Policy since 2019. In March 2025, at ICANN82, all 47 recommended changes to the Transfer Policy were given the green light.

This will now be sent to the ICANN Board for the final go-ahead. Once approved by the ICANN Board, the recommendations will be implemented into new or amended policies. This will bring about widespread changes to the way domain names are transferred and locked. The comprehensive 163-page document containing the recommendations may look intimidating at first, but it succinctly summarises the impacts of each proposal, and provides useful indicators (i.e. low, medium, or high impact).

Upcoming changes to domain name locking

One of the most important aspects of the Transfer Policy is when domain names cannot be transferred: in other words, domain ‘locking’.

Domain names are locked by default at certain points in their lifecycle, largely to prevent fraud and unauthorised transfers. The new Transfer Policy standardises the locks applied at the following points of time:

1. Registration of the domain name;
2. Inter-registrar transfer of the domain name;
3. Change of registrant data.

Under the first two cases, domain names will be locked for 720 hours (30 days), as opposed to a 60-day lock commonly found at the moment. There is a list of circumstances where the inter-registrar transfer lock can be removed early, but they represent a narrow set of circumstances:

• The registrant made a specific request to remove the 720-hour restriction, and;
• The specific request includes a reasonable basis for removal. Some examples of a ‘reasonable basis’ have been given, such as to complete a documented acquisition of a domain name.

In the third case, however, the recommendation is for the requirement to lock be removed entirely.

The recommended changes represent a new balance between security and the rights of domain name registrants. The new 720-hour lock for new registrations and transfers still allows for time in the identification of fraud, but is less restrictive. The new policy would also standardise locking practices across registrars and registries.

Are there other important changes?

Changes to domain name locking will have the most noticeable effect on domain name registrants and registrars. However, there are other considerations to be taken from the list of recommendations, such as:

• The creation of a ‘spin-off’ Change of Registrant Data Policy;
• Changes to wording, including the removal of reference to ‘Administrative Contacts’, due to the new Registration Data Policy;
• Removing or loosening-up of some formalities found in the outgoing Transfer Policy;
• New technical requirements for the ‘authorisation code’ used to transfer domain names.

Expanded scope for a dispute resolution policy?

ICANN currently offers a ‘Transfer Dispute Resolution Policy’ (TDRP) for challenging an inter-registrar transfer, but it is only available to registrars. An interesting, and open-ended, recommendation was the possible expansion of this policy to domain name registrants.

This would be carried out either by amending the current TDRP, or by creating a new mechanism.

The rationale for this potential expansion is that, currently, the TDRP leaves registrants who have suffered from an unauthorised transfer are left with unfavourable options if their registrar cannot or will not help. A new TDRP for registrants would help combat transfers made through compromised registrar accounts.

However, a new TDRP would have to be drafted carefully so as not to affect the registrars’ ability to informally resolve a disputed transfer, something which is noted in the recommendation. Additionally, there have been concerns raised about opening the policy to registrants, such as an increased demand overwhelming the current TDRP structure, particularly if ‘abusive’ complaints are repeatedly filed.

ICANN has, long ago, implemented an extremely successful dispute resolution policy into its contracts with registrars: the Uniform Domain Name Dispute Resolution Policy (UDRP). This would likely act as an inspiration for any new TDRP. However, aspects such as costs and evidentiary burden will have to be revisited: the main users of the UDRP are corporate rightsholders, whereas a new TDRP would be aimed at the wide spectrum of domain name registrants. These registrants should not be ‘priced out’ of a TDRP, as this would defeat its purpose.

To reiterate, this recommendation is only a suggestion for further work, and so any changes to the current dispute policy are not imminent.

Final words

These proposed changes represent a much-needed refresh of domain name transfers. The new lock timeframes, in particular, will make transfers smoother and more predictable. For the most part, domain name registrars will have to ensure the work is done to comply with a new policy once fully implemented.

The effects on the operation of the domain name system as a whole, however, should be positive, particularly if work commences on a revamped TDRP which adequately tackles fraudulent transfers.