16 October 2025
blog
austria
From WhoIs to RDAP: what brand owners and other domain aficionados need to know
When conducting an initial check on who owns a domain name, a WhoIs query has long been the standard procedure. For decades, it has been an essential resource in investigations prior to URDP or other domain-related proceedings, as well as for simply researching who might be responsible for the website hosted under the domain. Type in a domain name and you could often see who registered it and when it was created.
When conducting an initial check on who owns a domain name, a WhoIs query has long been the standard procedure. For decades, it has been an essential resource in investigations prior to URDP or other domain-related proceedings, as well as for simply researching who might be responsible for the website hosted under the domain. Type in a domain name and you could often see who registered it and when it was created.
What is WhoIs?
Basically, WhoIs is a set of standardised rules for communication between a client (e.g. a PC) and the domain registrar responsible for the subject domain name, in order to retrieve ownership data. The specification was simple, without allowing for multiple tiers of data access and without detailed requirements for data formatting.
But suddenly, alongside WhoIs, a second – often identical – dataset has been made available by domain registrars (who maintain the respective WhoIs database for the domains registered with them): RDAP data.
RDAP replaces WhoIs
As with the GDPR, the simple design of WhoIs became more of an issue. To address this, ICANN proposed the introduction of the Registration Data Access Protocol (RDAP) by amending the Registry Agreements and Registrar Accreditation Agreements via a global amendment dated 7 August 2023.[1]
Since 3 February 2024, support for RDAP is mandatory for all registrars (and registries) of generic Top Level Domains.[2] This protocol provides certain advantages, as it allows multiple tiers of access (although this is not yet used as a standardised feature) and has a standardised output format.
Although ICANN's technical implementation guide stipulates that, in most cases, information on the registrant or owner of a domain name should be withheld,[3] this is not always the case. In practice, registrant information still appears to be available at times.
Notably, on 28 January 2025, RDAP became the definitive source for delivering registration information and the registrar's obligation to maintain WhoIs services ended.[4]
Therefore, only RDAP is now required to be supported and it provides the authoritative data that must be kept accurate. WhoIs has been deprecated and may still function, but there is no obligation to maintain it. Discrepancies between the two sources are rare but possible (e.g. due to different databases used in the background). In such cases, RDAP should be regarded as the authoritative source.
[1] https://www.icann.org/en/contracted-parties/registry-operators/global-amendments/2023-global-amendments?utm_source=chatgpt.com
[2] So-called Country Code TLDs are not within ICANN's jurisdiction to this extent and may still primarily support WhoIs or other self-specified protocols.
[3] https://www.icann.org/en/system/files/files/rdap-technical-implementation-guide-15feb19-en.pdf
author: Alexander Pabst
Alexander
Pabst
Attorney at Law
austria vienna