National Law vs. ICANN Policy: Who Wins in a Conflict?

The relationship between national laws and the global policies developed by the Internet Corporation for Assigned Names and Numbers (ICANN) has become one of the most complex and consequential aspects of internet governance. As the internet spans national boundaries, legal conflicts between sovereign regulations and ICANN’s policies are not only inevitable but are growing in frequency and importance. These tensions raise a fundamental question: when national law and ICANN policy collide, which prevails? The answer, while layered and often situational, reflects a deeper struggle over jurisdiction, authority, and the evolving architecture of global digital governance.

ICANN is a private, nonprofit organization that coordinates the global Domain Name System (DNS), including the assignment of top-level domains (TLDs), accreditation of registrars, and the enforcement of policies governing domain name registration. Its authority is rooted not in state power but in contractual relationships—registries and registrars enter into binding agreements with ICANN, obliging them to follow its consensus policies. These policies are developed through a multistakeholder process, incorporating input from governments, businesses, technical experts, and civil society. While this structure is designed to produce globally applicable rules for the DNS, it does not possess the coercive force of law and has no inherent supremacy over national legal systems.

Conflicts arise when ICANN’s contractual policies or procedures are seen to infringe upon or contradict national legislation. One of the most prominent examples is the dispute surrounding access to WHOIS data in the aftermath of the European Union’s General Data Protection Regulation (GDPR). ICANN requires registrars to collect and publish domain name registration data through the WHOIS system for transparency, intellectual property enforcement, and cybersecurity. However, GDPR imposes strict limitations on the public disclosure of personal data, effectively prohibiting the traditional, unredacted WHOIS model. When registrars based in the EU faced this conflict, they prioritized compliance with GDPR over ICANN’s contractual requirements, arguing that failing to do so could expose them to severe legal penalties.

This conflict revealed a critical reality: when national law mandates a course of action that contradicts ICANN policy, particularly where noncompliance with national law carries legal sanctions, national law generally prevails. In the GDPR-WHOIS conflict, ICANN filed a request for an injunction in a German court against EPAG, a German-based registrar, seeking to compel continued collection of certain WHOIS data. The court ruled against ICANN, reinforcing that compliance with GDPR took precedence over ICANN’s requirements. This outcome effectively forced ICANN to reevaluate its WHOIS policies, eventually leading to the development of the “Temporary Specification” for gTLD registration data, designed to align with data protection laws while preserving some utility for security and rights protection.

Similar jurisdictional challenges occur in other areas. Some national laws mandate data localization, filtering of online content, or regulation of domain names in ways that contradict ICANN’s open, globally uniform model. For example, certain governments may attempt to block specific TLDs or require domestic oversight of ccTLDs, challenging ICANN’s neutral administration of the DNS root zone. In some cases, countries have threatened to develop alternative root server systems or national DNS infrastructures, creating a risk of internet fragmentation, where users in different countries might access different versions of the internet depending on state policies.

While ICANN cannot override national law, it does attempt to harmonize global policy with domestic legal frameworks through its Governmental Advisory Committee (GAC). The GAC provides advice to the ICANN Board on public policy matters, including the intersection of ICANN policy with national laws. However, GAC advice is non-binding, and its influence depends on whether the ICANN Board accepts it or formally justifies its rejection. This mechanism can help prevent conflicts in advance, but it cannot resolve them once national courts have spoken.

For registries and registrars caught between conflicting obligations, the legal risks are real and often unresolved. They must choose between breaching a contract with ICANN or violating national law, each path carrying potential financial, operational, and reputational consequences. This dilemma becomes even more complex when businesses operate in multiple jurisdictions with differing laws, such as the United States, the European Union, China, and Russia, all of which have taken divergent regulatory approaches to data, speech, and online services.

To mitigate these risks, ICANN has increasingly turned toward flexibility and adaptation, introducing consensus policies that allow for regional compliance exceptions or adopting a principle-based approach rather than rigid rules. However, this approach can erode the uniformity that gives the DNS its coherence and reliability. Too much deference to national law may undermine ICANN’s ability to enforce global standards, while too little deference risks pushing countries to disengage from the ICANN ecosystem altogether.

Ultimately, the winner in a conflict between national law and ICANN policy is determined not by formal hierarchy but by practical consequences and power dynamics. Courts have the ability to enforce national laws with real penalties. ICANN can enforce its policies only through contractual leverage, such as terminating a registrar’s accreditation or a registry agreement. In most cases, legal mandates backed by state authority take precedence, forcing ICANN to adjust its policies post facto. Yet if ICANN’s authority is weakened too far, the very notion of a single, interoperable internet comes under threat.

The long-term solution lies in stronger alignment between ICANN’s policy development and international legal norms, greater clarity in jurisdictional boundaries, and more effective mechanisms for resolving disputes. As the internet becomes more essential to global commerce, speech, and national security, the need for predictable, fair, and harmonized governance will only grow. Stakeholders must continue to navigate this delicate balance, recognizing that neither national sovereignty nor global coordination can be pursued in isolation. The legitimacy and functionality of the internet itself depend on their coexistence.

The relationship between national laws and the global policies developed by the Internet Corporation for Assigned Names and Numbers (ICANN) has become one of the most complex and consequential aspects of internet governance. As the internet spans national boundaries, legal conflicts between sovereign regulations and ICANN’s policies are not only inevitable but are growing in…