Do you have a link to the icann.org page that states this policy?
I have never heard of it, not even for the abuse and postmaster addresses.
Any chance this is some sort of scheme for the buyer to get the currently listed or new email address so they can steal the domain?
I'd be concerned mostly about making sure all of their accounts are as secure as possible, have 2 factor authentication where available, and that every email and social account uses a different password.
Here is a
related article from earlier this year that I'm reminded of by this situation.
to Email Questions!