ICANN Contracted Parties—domain registrars and registries—met for the CP Summit in Manchester, UK, at the end of April. The two-day agenda covered policy and operational topics so, before delving into our latest TACO stats, we are sharing some highlights from the various sessions and discussions.
Day one of the Summit covered operational topics, starting with a discussion about creating a new open technical standard for identifying AI Agents. This would support trust—the user can know they are working with a legitimate AI Agent. Additionally, developing the underlying technology on the open standards model that we use within ICANN and the IETF reduces the risk that a small set of major players would end up controlling it. The alternatives would be to let this technology be developed on a proprietary standard controlled by application providers and AI companies—opening the door to gatekeeping, fragmentation, and a future where a handful of companies decide which AI agents are allowed to exist—or to have no standard at all.
In another session, ICANN Contractual Compliance updated attendees on the enforcement of the disclosure request provisions in the Registration Data Policy, which took effect in August 2025. The presentation included a review of registrar obligations and observations on whether the requirements are being met, with the aim of helping registrars better understand those obligations.
There were also two highly engaging panel discussions focused on building relationships. First, the Registrar Stakeholder Group’s Governance team hosted “How to Engage with Your Local GAC Rep,” sharing tips for finding and connecting with Government Advisory Committee (GAC) representatives at ICANN. Tucows maintains strong working relationships with both our Canadian and American GAC representatives and we are hopeful that this session—along with this new info sheet published by the RrSG—will help other registrars develop meaningful relationships with their own governmental representatives.
In the second session, “How to Engage and Not Enrage the Channel,” representatives from a registrar, a registry, and a vertically-integrated hybrid registry/registrar discussed how to navigate business and technical changes with grace in a highly connected DNS ecosystem. The main takeaway here was the importance of clear communication and collegial collaboration, taking a simple and direct approach to sharing updates and considering how changes might impact other players in the channel.
The second day of the CP Summit focused primarily on DNS Abuse. Tucows’ Head of Policy and Privacy, Sarah Wyld, led attendees through a high-level Data Protection Impact Assessment for the Associated Domain Checks process. Attendees learned about the necessity of understanding and documenting data processing activities and the potential impact of that processing on domain owners’ privacy rights. This session was inspired by—and has proven quite useful during—the DNS Abuse PDP currently underway: Associated Domain Checks. The conclusion was that registrars likely have a legitimate interest to access and consider domain registration data in order to prevent DNS Abuse.
Later in the day, the ICANN Contractual Compliance team hosted a session discussing how they are enforcing the Registrar Accreditation Agreement’s new DNS Abuse mitigation requirements. Finally, the NetBeacon Institute shared a case study review of a specific pattern of registrations they have seen in DNS Abuse, hoping to support the Associated Domain Checks PDP with this real-life context.
It was a productive conference and we look forward to maintaining its collaborative energy as we head into ICANN86, taking place in Seville, Spain, early in June. While we re-pack our bags, here are some updated Tiered Access request and response statistics!
Tiered access statistics: 1 January – 31 March 2026
We received 118 requests in this period, bringing the total since we began tracking to 6758.
The disclosure rate in this period was the highest it has been since we started tracking, with 80% of all requests resulting in disclosure of the registration data. This continues to confirm that requestor education results in higher-quality requests that demonstrate a clear need for the data.
The rate of abandoned requests was significantly lower than usual—sitting at 3% in this period, well outside the 15% to 30% range from the past few years.
Data disclosure request outcomes: new period (January – March 2026)
Urgent requests
We shared data about Urgent requests earlier this year and intend to continue tracking them. We received no Urgent requests in this period but are including the past year here for reference.
Requests by requestor category
Requests by category: new period (January – March 2026)
Law enforcement requests were once again the largest requestor category in the reporting period, continuing to outnumber Commercial Litigation.
The “Other” category included only two requests: an unsolicited purchase offer (which we explained should instead be sent directly to the domain owner) and a request to move a domain to new ownership (which was redirected to the reseller for support).
Requests by category since 2018
Requests by category (total)
Abandoned requests by requestor category (January – March 2026)
We continue to receive requests that are abandoned after we follow up to ask for the additional information needed to make a disclosure decision. We note that in this period, there were very few abandoned requests—only 3 requests, 2% of the total for the period.
The breakdown across requestor groups:
LEA request locations
We continue to receive the bulk of our LEA requests from outside our local jurisdictions, both overall and in the new reporting period. We received our first request from Croatian law enforcement during this period.
The top five requesting countries, which make up 55% of our LEA requests, are (in order of request volume) India, Costa Rica, Spain, Germany, and France. Of these countries, only Germany is considered local to us.
LEA request origin (local vs. foreign) – new period
LEA request origin (local vs. foreign) – overall
Local LEA request breakdown (overall)
Total requests over time
To read our past Tiered Access blog posts, please see:
- OpenSRS’ Tiered Access Directory: a Look at the Numbers (May 2018 – mid-February 2019)
- Tiered Access Data Disclosure Update (mid-February – mid-October 2019)
- Privacy and Lawful Access to Personal Data at Tucows (mid-October 2019 – end of February 2020)
- Whois History and Updated Tiered Access Statistics (March – end of August 2020)
- Tiered Access request review process and updated statistics (September 2020 – end of August 2021)
- Tiered Access update: refreshed statistics and law enforcement processes (August – December 2021)
- Tiered Access update: registration data accuracy and updated statistics (January – April 2022)
- Tiered Access update and thoughts on due process (May – August 2022)
- TACO Platform Updates (November 2022)
- Tiered Access update: policy check-in and updated statistics (September – December 2022)
- Tiered Access update: centralized system development and updated statistics (January – April 2023)
- Tiered Access update: “urgent” disclosure requests and updated statistics (May – August 2023)
- Tiered Access update: RDRS first experiences and updated statistics (September – December 2023)
- Tiered Access update: law enforcement (foreign and local) and fresh 2024 statistics (January – April 2024)
- Tiered Access update: RDRS, security and LEA requests, and updated statistics (May – August 2024)
- Tiered Access update: RDRS participation and updated statistics (September – December 2024)
- Tiered Access update: Reviewing “urgent” requests and updated statistics (January – April 2025)
- Tiered Access update: Privacy services, proxy registrants, and updated statistics | OpenSRS (May – August 2025)
- Tiered Access update: A year-over-year review and updated statistics (September – December 2025)