Key takeaways:
- RDAP replaces WHOIS as the required standard for accessing domain registration data, introducing a more reliable and modern system.
- The transition to RDAP improves how domain data is retrieved, reducing incomplete or inconsistent results that were common with WHOIS.
- RDAP strengthens privacy by supporting differentiated access, layering information visibility based on authorization.
For years, WHOIS has been the primary protocol used for accessing domain registration information. If you wanted to check who owned a domain or confirm its registration details, a WHOIS lookup was the go-to tool.
However, the Internet Engineering Task Force (IETF) developed the Registration Data Access Protocol (RDAP) to replace WHOIS. There was nothing inherently wrong with WHOIS. It served its purpose well and remained the standard for communicating domain registration data for more than 40 years.
The issue was age. WHOIS was built around plain text records that are easy for people to read but difficult for modern systems to process at scale. As the internet grew and data access needs became more complex, those limitations are becoming a liability.
In this article, we break down what RDAP is, why it’s replacing WHOIS, and what this change means for domain owners, organizations, and businesses. This article aims to give you a practical understanding of RDAP, so you know what’s changing and what to expect as this new standard becomes the norm.
Launch of the Registration Data Access Protocol (RDAP)
In January 2025, ICANN formally announced that WHOIS would be retired and replaced with the RDAP, marking a significant shift in how domain registration information is accessed globally. Effective January 28, 2025, RDAP became the definitive standard for the delivery of generic top-level domain (gTLD) registration data.
RDAP’s technical journey began years earlier. In 2015, the IETF finalized the RDAP specifications as a standardized successor to WHOIS. Contracted parties, including gTLD registries and registrars, were required to deploy RDAP services over the following years.
ICANN set a formal implementation deadline for August 2019, making RDAP compliance a requirement for contracted parties under its agreements.
This transition builds on ICANN’s earlier policy work, including the Temporary Specification for gTLD Registration Data, which, for privacy reasons, reshaped how registration data could be accessed. It soon laid the groundwork for RDAP.
The goal of the transition wasn’t to discard WHOIS entirely, but to modernize the way registration data is delivered, making it more consistent and better suited to today’s internet. RDAP provides a foundation that supports enhanced access control and standardized responses across platforms.
What is RDAP?
RDAP is the modern standard for accessing domain registration data, developed to replace the WHOIS protocol. It provides a structured, machine-readable way to retrieve information about domain names, IP addresses, registrars, and registries.
Unlike WHOIS, which relies on plain text responses, RDAP uses standardized web formats that are easier for systems to process and interpret. As a result, it is more reliable and secure for domain information lookups than its predecessor.
RDAP implementation
To support the transition from WHOIS to RDAP, ICANN established a formal framework for implementing RDAP across generic top-level domains. This framework ensures that gTLD registries and registrars follow a consistent way of deploying RDAP.
A key part of this framework is the gTLD RDAP Profile, which specifies RDAP services implementation for gTLDs. The profile includes a set of technical instructions that define the required query behavior, response structure, and mandatory data elements that registries and registrars must support.
These requirements are intended to ensure that RDAP services operate consistently across gTLDs, regardless of the registry or registrar providing them.
Because RDAP supports differentiated access to registration data, ICANN also introduced a process for requesting nonpublic gTLD registration data. Instead of making sensitive data publicly available by default, RDAP allows authorized parties to request access when there is a legitimate reason.
The Registration Data Request Service (RDRS) handles these requests, providing a centralized way to submit and track them across participating registries and registrars. RDRS does not grant automatic access, but it creates a consistent process for requesting nonpublic data as RDAP replaces WHOIS.
How does RDAP affect domain owners like you?
One of the biggest questions domain owners might have is whether replacing WHOIS with RDAP will expose more of their personal information. The short answer is no. RDAP does not make hidden personal details public. Instead, it changes how domain registration data is accessed without changing what data is stored.
According to ICANN, implementing RDAP does not require registries or registrars to change the registration data itself. The same registration details maintained for WHOIS are still available. It’s just that RDAP retrieves and delivers that information more effectively.
ICANN explained:
“RDAP implementation will not require changes to the data that is already stored and accessed via WHOIS; it is simply a new way of accessing that registration data. The registration data is the same, but the structure of the response is different.”
When it comes to privacy, RDAP itself doesn’t automatically make more personal details visible. Instead, it supports differentiated or tiered access, meaning that information can be delivered differently based on the requester’s authorization level. For example:
- Anonymous users (general public lookups) may see a limited set of publicly available data.
- Authenticated or authorized users (law enforcement) may receive more complete details when permitted by applicable policies.
This approach gives contracted parties flexibility to align with privacy laws and policies while still supporting legitimate access needs.
In other words, RDAP doesn’t override privacy protections. It provides a more modern, structured way to retrieve domain registration data without exposing personal information that isn’t already subject to existing data protection regulations.
Find the perfect domain
Ready to register a domain name? Check domain availability and get started with Network Solutions today.
The benefits of RDAP
RDAP is replacing WHOIS, not because WHOIS was bad, but because the internet has outgrown a protocol that was not built for today’s security, privacy, and automation needs. Unlike WHOIS, which is limited to a specific queried database, RDAP retrieves information from the source where domain data actually resides, consistently returning relevant data.
RDAP introduces several practical advantages over WHOIS, especially for businesses that rely on secure, predictable access to domain information:
- Structured and consistent data
- Enhanced security and controlled access
- Better support for internationalization
- Differentiated access levels
Structured and consistent data
RDAP uses modern web standards to deliver data in a uniform JSON format. This means information is presented consistently from one domain lookup to the next. This helps automated tools, dashboards, and domain management services operate more reliably.
What it means for you: Whether you’re tracking your own domains or using a third-party management tool, RDAP reduces errors and inconsistencies that used to appear with WHOIS.
Enhanced security and controlled access
Unlike WHOIS, which lacked security controls and authentication, RDAP supports secure access mechanisms. It allows registries and registrars to control who can see what data, based on authorization.
What it means for you: RDAP helps prevent unauthorized scraping of domain data, reducing the risk of spam, phishing, and other cybersecurity threats.
Better support for internationalization
RDAP was built with global internet use in mind. It supports international characters and domain name formats, making registrations involving non-Latin scripts (such as Chinese, Arabic, or Cyrillic) easier to handle.
What it means for you: If your business operates internationally or holds domains in different scripts, RDAP delivers data in a way that is more accurate and usable across languages.
Differentiated access levels
RDAP can provide tiered access based on legitimate need. Instead of the one-size-fits-all approach of WHOIS, RDAP provides different levels of visibility depending on user role. For instance, public users may see basic public information, while verified parties can receive additional data if policy allows.
What it means for you: Domain contact details and other sensitive information are still protected in accordance with the General Data Protection Regulation (GDPR). Still, lawful, vetted use cases (such as security or legal inquiries) can obtain the necessary access.
Frequently asked questions
WHOIS and RDAP provide access to domain registration information in different ways. WHOIS queries a single database at a time, often returning inconsistent or incomplete results. RDAP replaces that approach by routing queries to the authoritative source that holds the correct data, making results more reliable and consistent across registries and registrars.
An RDAP lookup is a request made using the Registration Data Access Protocol to retrieve domain registration information. Instead of returning free-form text like WHOIS, RDAP delivers structured responses that systems can process easily. Depending on who is making the request and their level of authorization, an RDAP lookup may return a limited or more detailed set of registration data.
Yes. ICANN has officially begun phasing out WHOIS in favor of RDAP. As of 2025, RDAP is the required standard for accessing gTLD registration data under ICANN agreements. While WHOIS may still appear in limited or legacy contexts for now, RDAP will be the protocol used going forward.
No. RDAP does not change what registration data is collected or stored for your domain. The same information that existed under WHOIS still exists under RDAP. What changes is how that data is accessed, not the data itself.
In most cases, no. RDAP is implemented by registries and registrars, not domain owners. If you already manage your domain through a registrar, the transition from WHOIS to RDAP happens on their side. You don’t need to update your domain settings or take any special action unless your registrar notifies you otherwise.
Yes. RDAP was designed with privacy and security in mind. Unlike WHOIS, which made broad access the default, RDAP supports controlled and differentiated access to registration data. This helps limit unnecessary exposure of sensitive information while still allowing legitimate, authorized access when needed.
Say hello to a more secure domain ownership with RDAP
The move from WHOIS to RDAP marks a clear shift in how registries and registrars handle domain information. RDAP replaces an outdated system with a modern standard that is more reliable, more structured, and better aligned with today’s privacy and security expectations.
As RDAP becomes the standard, secure domain management and privacy-first practices become part of staying competitive online. When you register your domain with us, you’re choosing infrastructure built to support modern standards and the evolving realities of domain security.
Pair that with Domain Privacy + Protection, and you reduce unnecessary exposure of your registration details while helping safeguard your website and business from all forms of information-related fraudulent abuse.
Secure your domain with tools designed for the future of domain management.
