Domain name regulations you should know

Home / Everything About / Everything About Domains / Domain name regulations you should know

What would happen if anyone could register any domain name with no rules, no oversight, and no consequences? The domain name system would fall apart within weeks. Domain name regulations exist to keep registration fair, protect trademark holders, and make sure the system works for everyone. Whether you are registering your first domain or managing several, these rules affect what you can register, how you transfer ownership, and what happens if something goes wrong.

This article breaks down the regulations that govern domain names, from the global policies set by ICANN to the extension-specific rules set by registries and local governments. By the end, you will know exactly which rules apply to you and how to stay on the right side of them.

Who makes the rules for domain names?

Domain name regulations do not come from a single source. Three layers of authority work together to create the rules that every domain owner follows.

ICANN sets global policies

ICANN (the Internet Corporation for Assigned Names and Numbers) is the nonprofit organization at the top of the domain name system. It coordinates the global policies that registrars and registries must follow. ICANN decides which domain extensions exist, accredits the companies that sell domains, and creates the baseline rules for registration data, transfers, and dispute resolution. Every registrar that sells .com, .net, .org, and other generic extensions must follow ICANN's policies or risk losing accreditation.

Registries set extension-specific rules

A registry is the organization that manages a specific domain extension. The registry that operates .com has its own set of rules. The registry for .org has different ones. Country-code registries like those running .uk, .de, or .au often add local requirements on top of ICANN's global policies. Some extensions are open to anyone. Others require you to meet specific eligibility criteria before you can register.

Local governments add their own laws

In addition to ICANN and registry policies, national and regional governments pass laws that affect domain registration. The European Union's GDPR changed how registrant data is handled worldwide. Countries like Australia and Canada have their own rules for who can register under their country-code extensions. These laws sit on top of the global system, adding requirements that vary depending on where you or your brand is located.

What are ICANN's key domain name regulations?

ICANN's policies form the foundation of domain name regulations. Here are the most important ones.

Registrar accreditation

Not just any company can sell domain names. ICANN requires registrars to apply for accreditation and meet minimum standards for financial stability, customer support, and data handling. As of 2026, ICANN has more than 1,000 accredited registrars worldwide. If a registrar fails to meet its obligations, ICANN can revoke its accreditation and transfer affected domains to another provider.

WHOIS and RDAP data requirements

ICANN requires registrars to collect specific contact information from every domain registrant. This includes a full name, mailing address, email address, and phone number. That data is stored in a system called WHOIS (and its newer replacement, RDAP). The purpose is to provide a way to identify who is responsible for a domain. ICANN requires this data to be accurate and up to date at all times.

Transfer policies

ICANN standardizes how domain transfers work between registrars. Both the losing and gaining registrars must follow a defined process, including email verification from the current registrant. Transfers cannot be blocked without a valid reason (like a pending dispute or a recent registration). These rules prevent registrars from holding domains hostage and give owners the freedom to move to a different provider.

Dispute resolution through the UDRP

The Uniform Domain-Name Dispute Resolution Policy (UDRP) gives trademark holders a way to challenge domains registered in bad faith. If someone registers a domain that matches a trademarked brand name and uses it to mislead visitors or sell it for profit, the trademark holder can file a complaint. An independent panel reviews the case and can order the domain transferred or canceled. The process typically takes a few weeks and costs significantly less than going to court.

What rules do registries set for specific extensions?

Beyond ICANN's global policies, individual registries enforce their own rules for the extensions they operate.

Restricted extensions

Some domain extensions are not available to everyone. The .edu extension is reserved for accredited post-secondary educational institutions. The .gov extension is restricted to government entities. The .mil extension is limited to the United States military. These restrictions are enforced at the registry level, meaning you cannot register one of these domains without meeting the eligibility requirements.

Country-code requirements

Many country-code extensions require a local presence. To register a .au domain, you need an Australian Business Number. A .eu domain requires EU or EEA citizenship, residency, or organizational registration. A .ca domain requires Canadian citizenship, permanent residency, or incorporation in Canada. Some country-code extensions like .io and .co have been opened to global registration, but most still enforce geographic or legal eligibility rules.

Content and use restrictions

Certain registries prohibit specific types of content or use under their extensions. A registry may require that domains registered under its extension are used for purposes consistent with the extension's intent. For example, some newer extensions come with acceptable-use policies that allow the registry to suspend domains used for malware distribution, phishing, or other abusive behavior.

What are the character and length rules for domain names?

Every domain name must follow strict technical formatting rules that are built into the DNS protocol itself.

  • Each label (the part between dots) can be between 1 and 63 characters long
  • The total domain name, including dots, cannot exceed 253 characters
  • Only three character types are allowed in standard domains, which are letters (a through z), numbers (0 through 9), and hyphens
  • Hyphens cannot appear at the beginning or end of a label
  • Consecutive hyphens in positions three and four (like xn--) are blocked for standard registrations because that pattern is reserved for internationalized domain names using Punycode encoding
  • Spaces, underscores, and special characters like @, #, and $ are not allowed
  • Domain names are not case-sensitive, so Example.com and example.com point to the same place

Internationalized domain names (IDNs) allow non-Latin characters through a conversion process called Punycode. The 63-character limit applies to the encoded Punycode form, not the display version, so a short domain in another script could exceed the limit after conversion.

What is the transfer lock after registration?

When you register a new domain or transfer one to a different registrar, ICANN historically enforced a 60-day lock period during which the domain could not be transferred again. This policy existed to prevent unauthorized transfers and give the new registrant time to secure their account. During this period, the domain functions normally for your website and email, but you cannot move it to another registrar.

At the ICANN 82 meeting in early 2025, this policy was updated. The lock period has been reduced to 30 days for new registrations and transfers. This change gives domain owners more flexibility while still providing a safety window against unauthorized moves.

Why does WHOIS accuracy matter so much?

ICANN requires every domain registrant to provide accurate contact information and keep it current. This is not just a suggestion. Providing false information in your WHOIS record is a violation of ICANN policy, and the consequences are real.

If ICANN or your registrar discovers that your registration data is inaccurate, your domain can be suspended. In serious cases, it can be deleted entirely. You also lose important protections in disputes. If someone challenges your domain through the UDRP and your registration data is fake, the panel is far more likely to rule against you.

Registrars are required to verify registrant email addresses within 15 days of registration. If you do not verify, the domain gets suspended and stops resolving to your website. Registrars also run periodic checks on WHOIS data accuracy and may contact you to confirm your information is still correct.

How did privacy regulations change domain data rules?

For years, domain privacy was an optional paid service. Your full name, home address, phone number, and email were publicly visible in the WHOIS database by default. That changed when the European Union's General Data Protection Regulation (GDPR) took effect on May 25, 2018.

GDPR forced a major shift in how domain registration data is handled. Registrars serving EU customers had to start masking personal information by default. Today, most WHOIS lookups show redacted contact details instead of personal names and addresses, regardless of where the registrant is located.

ICANN's Registration Data Policy, which took full effect on August 21, 2025, formalized these changes. The policy outlines how registrars and registries must handle the collection, storage, and publication of registration data while complying with global data protection laws. Law enforcement and trademark holders can still request access to registrant data for legitimate purposes, but casual lookups no longer reveal personal information.

What happens if you break domain name regulations?

The consequences depend on which rules you violate and how serious the violation is.

  • Inaccurate WHOIS data can lead to your domain being suspended or deleted. Your registrar is required to act on verified reports of false registration information.
  • Failing to verify your email within 15 days of registration results in automatic suspension. Your domain stops resolving until you complete verification.
  • Registering a domain in bad faith (like grabbing a trademarked name to sell it) exposes you to a UDRP complaint. If the panel rules against you, the domain gets transferred to the trademark holder or canceled.
  • Violating registry-specific policies can result in the registry suspending or revoking your domain. This includes using a restricted extension without meeting eligibility requirements or violating acceptable-use policies.
  • Violating local laws related to domain registration can lead to legal action in your jurisdiction. This includes registering domains for the purpose of fraud, impersonation, or trademark infringement beyond what the UDRP covers.

In most cases, registrars will notify you and give you a chance to fix the issue before taking action. But in cases of clear abuse, suspension can happen without warning.

How does WEMASY handle domain registration for you?

WEMASY's website builder includes a custom domain with every plan. When you register through WEMASY, your domain setup, DNS configuration, and SSL are handled automatically. Your registration data stays accurate because WEMASY uses the account information you provide during signup. If you already own a domain, you can transfer it to WEMASY or point it to your site without needing to manage technical settings yourself. See what is included in each plan on the pricing page.

What should you read next?

Now that you understand the rules that govern domain names, the next question is what happens when those rules collide with real situations. What do you do if someone else already registered a domain that matches your brand? The next chapter covers your options when you find that a similar domain is already taken and how to handle it without violating any of the regulations covered here.

Frequently asked questions

Can you register a domain name with special characters like an ampersand or exclamation mark?

Do domain name regulations apply to every extension the same way?

Can your domain be taken away even if you registered it first?

Is there a limit to how many domains one person or brand can register?

What is the difference between WHOIS and RDAP?