Domain Name Registration Agreement Template

In plain language: Identifies the registrar and registrant as legal entities, specifies the exact domain name being registered, and sets the duration of the registration period (typically 1–10 years).

Common mistake: Listing only the brand name or trade name instead of the full registered legal entity as registrant. If the domain owner dissolves or rebrands, proving ownership continuity becomes difficult in UDRP or court proceedings.

In plain language: Establishes who the legal owner of the domain is, obligates the registrant to keep WHOIS contact details current, and states that providing false WHOIS data is grounds for cancellation.

Common mistake: An agency or freelancer listing their own contact details as registrant instead of the client's. This is the single most common cause of domain ownership disputes between businesses and their web vendors.

In plain language: Sets out what the domain may and may not be used for — prohibiting spam, phishing, malware distribution, illegal content, and intellectual property infringement.

Common mistake: Omitting acceptable-use terms entirely when a reseller registers domains for clients. Without them, the reseller bears full liability for client misuse under the registrar's upstream terms.

In plain language: States the renewal process, notice obligations, auto-renewal settings, grace period rights, and what happens to the domain if renewal payment fails.

Common mistake: Relying solely on auto-renewal without confirming the payment method is current. Expired credit cards cause more unintended domain lapses than deliberate non-renewal, and recovery after the redemption period is not guaranteed.

In plain language: Governs when and how the domain may be transferred to another registrar or registrant, including the 60-day ICANN lock period, the EPP auth code process, and conditions under which the registrar may refuse a transfer.

Common mistake: Not documenting the EPP auth code delivery process. If a vendor holds a domain and goes out of business, an undocumented process can leave the client locked out for weeks during a critical business period.

In plain language: Explains how registrant contact data is handled, what WHOIS privacy masking services are offered, and how data is processed under applicable privacy law.

Common mistake: Not distinguishing between WHOIS privacy masking and actual legal ownership. Privacy masking hides contact details from public lookup but does not change who the registrant of record is — a point that confuses clients who assume a masked domain is anonymous from a legal standpoint.

In plain language: Incorporates ICANN's policies by reference, obligates the registrant to submit to UDRP arbitration for trademark disputes, and states which approved dispute resolution providers apply.

Common mistake: Failing to incorporate ICANN policies by reference. Without this clause, the agreement is technically non-compliant with ICANN's Registrar Accreditation Agreement requirements, which can expose an accredited registrar to accreditation penalties.

In plain language: The registrant warrants they have the right to register the domain, it does not infringe any third-party trademark, and they indemnify the registrar against any claims arising from their use of the domain.

Common mistake: Omitting the indemnification clause or limiting it to direct damages only. Without indemnification, a registrar facing a UDRP complaint or third-party trademark claim has no contractual right to recover defense costs from the registrant who caused the dispute.

In plain language: Caps the registrar's liability for service outages, DNS resolution failures, or domain loss at a defined amount — typically the registration fees paid — and excludes consequential damages.

Common mistake: No liability cap at all, or a cap that applies symmetrically to both parties. For high-traffic domains where a 1-hour outage can cost thousands in lost revenue, registrants should negotiate an uptime SLA addendum rather than relying on the default liability clause alone.

In plain language: Specifies which jurisdiction's law governs the agreement, where disputes are litigated, and confirms this document supersedes all prior understandings between the parties.

Common mistake: Choosing a governing law jurisdiction with no connection to either party's location or operation. Courts in several jurisdictions will apply local law regardless of the chosen forum, particularly where consumer protection statutes apply to the registrant.

A domain name registration agreement is a legally binding contract between a registrar and a registrant that governs the registration, use, renewal, transfer, and termination of a specific domain name. It establishes who legally owns the domain, what the domain may be used for, what happens when it expires, and how disputes are resolved. ICANN requires all accredited registrars to enter into a registration agreement with every registrant as a condition of accreditation.

The registrant of record in the WHOIS database is the legal owner of a domain name. Ownership is not determined by who paid for the domain or who manages the hosting account — it is determined by whose legal entity name and contact details are listed as registrant. This is why agencies and developers should always register domains in the client's name, not their own, even if they manage the account operationally.

After expiration, most domains enter a grace period of up to 45 days during which renewal is possible at the standard renewal fee. If not renewed, the domain enters a 30-day redemption period where recovery requires a higher redemption fee — typically $80–$200 depending on the registrar and TLD. After the redemption period, the domain enters pending deletion and is released to the public for re-registration by anyone. There is no guarantee of recovery once a domain reaches the deletion stage.

Unauthorized transfers are prohibited under ICANN's transfer policy. All outbound registrar transfers require the registrant's explicit approval via an EPP authorization code sent to the verified email address of record. ICANN also imposes a mandatory 60-day transfer lock after new registrations or registrant data changes during which outbound transfers are blocked. Despite these protections, social-engineering attacks targeting registrar accounts remain the most common cause of unauthorized domain transfers.

The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is ICANN's mandatory arbitration process for resolving trademark disputes involving domain names. By agreeing to a domain name registration agreement, the registrant automatically consents to UDRP jurisdiction. A third party who believes a domain was registered in bad faith or infringes their trademark can file a UDRP complaint with an approved provider such as WIPO, and an arbitration panel can order transfer or cancellation of the domain — typically within 60 days and at much lower cost than litigation.

If the registrant is an individual located in the EU or EEA, GDPR applies to the processing of their personal data in WHOIS records and registration databases. Registrars must provide a lawful basis for processing, limit public WHOIS exposure of personal data, and honor data subject rights including access and erasure requests. ICANN's Temporary Specification for gTLD Registration Data — adopted in 2018 in response to GDPR — limits public WHOIS disclosure and requires registrars to implement tiered access for legitimate third-party requests.

A domain registration agreement governs the initial registration of a domain name between a registrar and a registrant for a defined term. A domain transfer agreement governs the movement of an already-registered domain from one registrar to another, or the change of registrant from one party to another — sometimes called a change of ownership. Both documents establish rights and obligations, but a transfer agreement specifically addresses EPP auth codes, transfer timelines, payment for premium domains, and warranties about the domain's clean title.

For a standard registrar-to-registrant agreement with no premium domain transaction or complex IP considerations, a well-structured template is typically sufficient. Engage a lawyer when the domain is a premium or brandable asset with significant monetary value, when the registration involves a disputed trademark, when a UDRP complaint has been filed or threatened, or when cross-border privacy law compliance (GDPR, PIPEDA) requires a tailored data processing addendum. A 1–2 hour attorney review typically costs $300–$600 and is worthwhile for any domain central to a brand's commercial identity.

Request an immediate WHOIS search to confirm the current registrant of record. If the domain is listed under a vendor, agency, or contractor's name rather than your legal entity name, request a change of registrant (also called a registrant transfer or push) in writing as soon as possible. Document the request with a timestamped email or a signed transfer agreement, and confirm the WHOIS update is reflected within 5 business days. If the vendor refuses, ICANN's registrar complaint process and UDRP are available remedies, provided you can demonstrate prior rights or an agreement that the domain was intended to be held on your behalf.