In 2009, ICANN and the US Department of Commerce signed the Affirmation of Commitments (AOC), which contains the following commitment regarding WHOIS:
"9.3.1 ICANN additionally commits to enforcing its existing policy relating to WHOIS, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information."
ICANN also agreed to form a global Review Team to assess specific WHOIS issues every three years:
"… ICANN will organize a review of WHOIS policy and its implementation to assess the extent to which WHOIS policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust."
After the first review of the WHOIS policy in 2012, ICANN launched a comprehensive effort to improve the effectiveness of the WHOIS policy and its implementation, in line with the WHOIS Review Team's Final Report [PDF, 1.44 MB]. In its acceptance of this Report, the ICANN Board recognized that the policy and management of WHOIS is a strategic priority for ICANN. ICANN also committed to fully enforce existing consensus policy and contractual conditions relating to the collection, access and accuracy gTLD WHOIS data, and increase efforts to communicate, conduct outreach on, and ensure compliance with existing policy and conditions relating to WHOIS, as detailed in an Action Plan. ICANN organization is in the midst of implementing the Action Plan, and provides periodic reports to the community regarding its progress. The Implementation Status Report [PDF, 579 KB] contains the latest information on this key initiative for ICANN organization.
In May 2016, the ICANN Board adopted new Bylaws, setting forth obligations to replace those specified by the original Affirmation of Commitments that expired in October 2016. These new Bylaws require that ICANN "use commercially reasonable efforts to enforce its policies relating to registration directory services and work with Supporting Organizations and Advisory Committees to explore structural changes to improve accuracy and access to generic top-level domain registration data, as well as consider safeguards for protecting such data."
These new Bylaws also require periodic review of the WHOIS policy – now referred to as the Registration Directory Services policy, with a second review of the policy commencing in 2017.