Skip to navigation Skip to main content Skip to footer

Data Escrow for Registries

Full compliance with data escrow requirements and verification testing is part of the Internet Corporation for Assigned Names and Numbers’ (ICANN) strategic plan. This plan is designed to ensure continuation of Domain Name System operations in the event of a physical or business failure of a registry.

As part of its Registry Agreement with ICANN, each Registry Operator must comply with provisions contained within a Registry Data Escrow Agreement. That agreement requires registries to periodically transfer registry data for their generic top-level domains (gTLD) to a reputable escrow agent to be held in escrow. As a trusted, neutral, third party, Iron Mountain works with Registry Operators to fulfill this requirement by safeguarding valuable registry data in secure, access-controlled escrow accounts.

We are the global leader in information protection, management, and storage services. In 2001, we were the first company ever selected to protect registry data via escrow agreements, and in 2007 ICANN selected Iron Mountain as its preferred provider of escrow services for registrars with its Registrar Data Escrow program.

Depositing registry data into secure escrow accounts managed by a neutral third-party such as us help safeguard registrar and registrant interests in the case of a registry’s failure.
In 2001, we were the first company ever selected to protect registry data via escrow agreements, and in 2007 ICANN selected Iron Mountain as its preferred provider of escrow services for registrars.

The Benefits of Our Escrow Services for Registry Data

Data in escrow with us may be used to help ensure continuity of service in the event of a natural disaster, a technical failure of a registry, or a security breach within the DNS system.

Registry Operators and ICANN rely on Iron Mountain to hold each deposit, and, upon certain events, release any retained deposits to ICANN. This ensures that the data associated with registered domain names is never at risk of being lost or inaccessible.

We have proven ourselves to be a safe, reliable choice for the escrow needs of registries, and we make it as simple as possible to comply with ICANN’s escrow requirements. Iron Mountain has more experience with registry and registrar data escrow than any other provider, and our customers appreciate that they are working with an experienced team that understands the domain name industry.

Registry Data Escrow Basics

ICANN established the Registry Data Escrow requirement to restore or continue operation of a registry due to either business or technical failures. Under the terms of the agreement, registries must regularly deposit registration data with an approved third-party provider of escrow services, such as Iron Mountain.

In essence, the Registry Data Escrow service works as follows. Upon receipt of registry data, Iron Mountain will validate that the data file set is complete, accurate, and delivered in the intended format. The deposit process will validate completeness and integrity of the data, and also confirm that the file format sent is the format received. Complete, properly formatted data is deposited with Iron Mountain on a weekly basis with daily differential deposits. That data is securely stored, and only accessed by ICANN if needed for business continuity reasons.

Getting started: 1 – 2 – 3

The data escrow process is uncomplicated. Data to be deposited must be formatted as specified by ICANN, and then encrypted and uploaded via secure FTP (SFTP) transmission. Iron Mountain provides detailed setup instructions to aid implementation.

Registries must make regular deposits to their escrow account that consist of data elements residing within their then-current complete registry database. One full deposit must be made per week and daily differential deposits during other days are also required. Full deposits include the contents of all domain objects, host objects, contact objects, registrar objects, and, when applicable, Domain Name System Security Extensions (DNSSEC)-related key material. All deposits must adhere to a precise set of format specifications and conventions as documented in the Registry Data Escrow Agreement.

Upon receiving a deposit, Iron Mountain validates its format and completeness. Iron Mountain then moves the file to a non-public directory and notes the size and existence of the file. Files are decrypted and authenticated to validate that the files actually came from the Registry Operator.

Once registries complete the initial setup and establish an automated process, data transmission can be completed with very little time or effort. For security purposes, digital signatures, data encryption, and SFTP technologies are used.


NCC Group Software Resilience has acquired Iron Mountain’s Intellectual Property Management (IPM) business. For more information on the acquisition, please visit our dedicated information hub, or contact Iron Mountain IPM.

Get in touch

Skip to navigation Skip to main content Skip to footer