Data Escrow and Emergency Back-End Registry Operator EBERO Updates
- by Staff
The 2026 round of the new gTLD program brings with it a heightened emphasis on operational continuity, security, and resilience, underscoring the critical role of two long-standing safety mechanisms: data escrow and the Emergency Back-End Registry Operator (EBERO) program. Both have been significantly updated in the 2026 Applicant Guidebook, reflecting lessons from the past decade and aligning with new technical, legal, and regulatory standards. These enhancements are designed not only to protect registrants and end users in the event of registry failure but also to ensure that new gTLD operators are equipped with transparent, enforceable frameworks for risk mitigation and service restoration.
Data escrow remains a foundational requirement for all gTLD operators, but in the 2026 program, it is subject to expanded scope and greater technical rigor. At its core, data escrow ensures that all critical registry data—domain registration records, WHOIS/RDAP information, DNS zone files, and associated metadata—is deposited at regular intervals with an ICANN-approved escrow agent. This ensures that, should a registry operator fail or become unable to fulfill its contractual obligations, ICANN or a designated third party can access the data to restore operations with minimal disruption.
One of the major changes in 2026 is the requirement for real-time, incremental escrow deposits in addition to the traditional daily full snapshots. This means that every change to the registry database—whether a new registration, renewal, transfer, or deletion—is logged and escrowed within minutes of the event. This incremental model drastically reduces the risk of data loss in the event of a sudden failure, enabling near-instantaneous recovery if a registry operator goes offline. ICANN’s escrow agents are now equipped with advanced validation engines that automatically check data integrity, completeness, and schema compliance, issuing alerts for discrepancies or deposit delays. Registry operators are required to maintain automated monitoring interfaces that log escrow status in real time, and these interfaces are now subject to compliance audits under the updated Registry Agreement.
Escrow data must also meet enhanced encryption and jurisdictional standards. All deposits are required to be encrypted using FIPS 140-3 certified methods, and storage must occur within jurisdictions approved by ICANN’s Data Sovereignty Policy Framework. For IDN gTLDs or those serving jurisdictions with strict data localization laws, operators may select regional escrow agents accredited through ICANN’s new Cross-Jurisdictional Escrow Framework, which includes detailed guidelines on data transfer restrictions, access protocols, and legal immunity waivers. These steps ensure that sensitive registrant data remains both secure and legally compliant across a growing diversity of international operating environments.
Parallel to data escrow enhancements, the EBERO program has undergone a structural transformation aimed at expanding its capacity and reducing activation friction. Initially created to respond in rare cases of registry operator failure, the EBERO program has evolved from a reactive safeguard into a proactive system with predefined activation triggers, increased transparency, and broader contractual flexibility. In the 2026 program, ICANN has pre-contracted with five regional EBERO providers, each capable of supporting up to fifty gTLDs concurrently, with standby failover systems in place for each geographic region. These providers are not merely backups—they are integrated into the operational ecosystem through regular simulation drills, quarterly readiness certifications, and shared tooling protocols with active registries.
EBERO activation is now guided by an updated threshold model that includes technical, financial, and compliance indicators. Triggering events can include prolonged DNS resolution failure, escrow deposit lapses, financial insolvency, or confirmed cyber incidents that impact registry integrity. In many cases, ICANN may now initiate a “soft activation” protocol, whereby the EBERO provider operates in parallel with the failing registry to facilitate a controlled handoff rather than a sudden switch. This reduces downtime and avoids the operational shock that previously accompanied emergency transitions.
To facilitate this process, the 2026 program mandates the creation of a Continuity Transfer Package (CTP) by all gTLD applicants, submitted during the contracting phase and updated annually. The CTP includes detailed configuration files, registry interface documentation, and data schemas designed to allow a seamless import into EBERO systems. These packages are reviewed during technical evaluations and are part of the registry’s compliance check-ins during the operational phase. Registries that fail to maintain updated CTPs may face contractual sanctions or be flagged for early remediation review.
A significant enhancement to the EBERO process is the addition of registrant communication protocols. In the event of a transition, registrants must now be informed via templated, multilingual communications, outlining the nature of the disruption, expected impact, and guidance for continued domain management. These communications are pre-approved and stored as part of the CTP, and EBERO providers are contractually obligated to distribute them within 24 hours of transition activation. This addresses a major gap from previous rounds, where registrants were often unaware of disruptions until services began failing.
The funding model for EBERO has also been adjusted. While previously financed solely through ICANN reserves, the 2026 model introduces a risk-adjusted fee pool based on registry size, usage, and compliance history. Registries with strong operational records pay lower EBERO insurance premiums, while those with frequent technical violations or low escrow reliability contribute more. This incentivizes high performance while ensuring that adequate financial resources are available to sustain emergency operations in worst-case scenarios.
Ultimately, the 2026 updates to data escrow and EBERO protocols signal a maturation of the entire gTLD program’s resilience architecture. These mechanisms are no longer reactive safety nets but integrated components of the lifecycle management framework that defines responsible gTLD stewardship. New gTLD operators must treat data escrow and continuity planning not as compliance checkboxes but as essential infrastructure—critical to maintaining user trust, protecting registrants, and preserving the stability of the global domain name system. With rising threats from cybercrime, geopolitical instability, and operational consolidation, the fortified models introduced in the 2026 round are not just timely—they are essential to the secure and reliable growth of the internet’s namespace.
You said:
The 2026 round of the new gTLD program brings with it a heightened emphasis on operational continuity, security, and resilience, underscoring the critical role of two long-standing safety mechanisms: data escrow and the Emergency Back-End Registry Operator (EBERO) program. Both have been significantly updated in the 2026 Applicant Guidebook, reflecting lessons from the past decade…