In recent years, several large domain registries have been shifting toward what’s known as a “thin registry” model. But what does that actually mean – and why does it matter?
When you register a domain name, the process is more or less the same worldwide, whether you’re dealing with a ccTLD, a legacy gTLD, or a new gTLD. You provide your contact details; fill in administrative, technical, and billing contacts; configure DNS; pay your registrar; and ideally, the domain becomes active immediately. Most users assume their information is securely passed from the registrar to the registry, and that the process is straightforward.
But have you ever wondered what really happens to your data? Does it even make its way to the registry anymore?
From Thick to Thin: What Changed
Traditionally, registries stored all registration data: contacts, DNS, creation dates, and more. They held the authoritative record. Today, that’s no longer universal.
Thin registries hold only a small portion of that information – often just DNS and minimal technical data. They do not store registrant or contact information. In these cases, only the registrar knows who actually owns the domain.
As a result, the registry’s WHOIS (or RDAP) becomes essentially blind. No contact data. No visibility. Just DNS.
Why has this happened?
Regulation Made the Registry Role Harder
You’ve likely heard acronyms like GDPR, NIS, NIS2, DSA, DMA. These regulations have dramatically increased the operational and legal burdens on registries.
According to ISO, registry management involves identifying, classifying, storing, securing, and eventually preserving or disposing of records. While contact details aren’t explicitly mentioned, TLD registries operated under this model for decades – until 2016.
Then GDPR arrived, and registries began masking personal contact information.
When NIS2 later demanded accurate and validated registrant data, many registries chose a different strategy: step back.
Rather than expanding staff to handle data validation, abuse response, and compliance, large registries began offloading responsibility onto registrars. They rebranded this retreat as a “thin registry model.”
In reality, it was a way to avoid the increasing regulatory burden.
The Consequences: Registrars Under Siege
This shift raises serious questions:
1. How are domain transfers handled if only registrars hold the data?
Registrars are left to figure it out themselves.
2. What happens to WHOIS/RDAP accuracy?
Logically, registrars must now provide RDAP services – whether they can or not.
3. Who handles abuse reports?
Registries now forward abuse complaints to registrars, who must hire scarce and expensive abuse specialists.
4. Why do we even need thin registries?
To “control” registrars? To run promos? Or simply to avoid responsibility?
The truth is stark:
Thin registries aren’t functioning as registries.
They’re essentially privileged entities with ICANN accreditation that “hold the water” while registrars absorb the real impact.
Since thin registries emerged, the volume of abuse-related requests sent to registrars has tripled. Registrars now need teams of compliance officers and lawyers to handle demands driven by NIS2, GDPR, and other legislation. Law enforcement visits have become so frequent that some registrars joke that police and intelligence officers are practically part of the staff now.
From Business to Burden
What does all this look like in practice?
Registries are shedding the difficult parts of the domain business while registrars – already operating on thin margins – are crushed under regulatory obligations and staffing pressures.
Meanwhile, many ccTLDs insist on remaining thick registries but struggle to adapt to new legal requirements. Their solution? Raise prices across the board to finance new abuse and compliance teams.
To be clear, these observations mostly apply to EU and US–based TLD registries and registrars, but the ripple effects are global.
What’s Coming Next
The trend is unmistakable: as more registries shift to the thin model, registrars will continue to face heavier operational, financial, and legal pressures. The balance of the domain ecosystem is changing – and not necessarily for the better.
So prepare yourself.
The era of thin registries is just beginning, and the consequences are only starting to surf.
Dušan Stojičević
