Domain registrar may deny a transfer request if the domain name is within 60 days of initial registration or change of registrant. However, it completely up to the domain registrar as ICANN does not force transfer locks. This lock is so called "Registrar lock" or "Client Transfer Prohibited".
All domain registrars can offer an opt-out of the lock if they choose to do so. So it is completely up to the domain registrar if they want to hold domains hostage for 60 days or not. I repeat: transfer locks have nothing to do with ICANN and ICANN is just a stupid excuse.

NameCheap, NameSilo, GoDaddy and Dreamhost

For example NameSilo and NameCheap have no opt-out options and they keep lying to their customers that the lock is forced by ICANN and they have no other option but to follow ICANN rules. GoDaddy, on the other hand, has an opt-out but they are still holding domains hostage for some 2 weeks hoping to complicate and mess-up outbound domain transfers, and as we all know their support is clueless unless you are fluent in Hindi and know absolutely nothing about anything. Dreamhost claims to have opt-out option, but it is impossible for me to verify because their systems do not work with Firefox and I do not want to compromise my security by using Poople Chrome.

Here is more on the subject (2011): GoDaddy still violates ICANN policy.

Is your domain registrar hijacking your domains for 60 days?

Dreamhost claims to have opt-out option, but it is impossible for me to verify because their systems do not work with Firefox

Dreamhost actually works with Firefox. I pinpointed the issue to their panel authentication javascript. My timezone was wrong and that caused their authentication token fail:
I will test later if they honor their domain lock opt-out.