A letter sent earlier this month by the ICANN Board to the Governmental Advisory Committee (GAC) should cause every new gTLD applicant’s ears to prick up.

Having been through every one of the applications for 1,396 different Internet extensions, the world’s governments not only issued formal warnings for 199 of them, but also asked what mechanisms were in place to make sure that people did what they said they would in their applications.

The GAC told the Board in its official communiqué from the most recent meeting in Toronto that it expects applicants’ statements of commitment and objectives to be turned into “binding contractual commitments” that will be overseen by the organization’s compliance team. The same request appeared in many of the early warnings sent to specific applications.

If the Board’s response to that communiqué is anything to go by, the next generation of registry operators need to start giving serious consideration to how they can demonstrate public and binding commitment to the statements made in their application.

There is nothing currently in place that provides an obligation for applicants to live up to their statements—something that has already been raised as a matter of concern by the intellectual property lobby as well as Steve DelBianco of ICANN’s business constituency. With governments joining the call, the Board has asked staff to look into the issue and produce a report about what could be done. The paper will be discussed at a special Board retreat this week in Los Angeles.

In the absence of certainty, governments will always go for the safest, and often most restrictive option. Many of their concerns sit at the edge of ICANN’s mission, and some move over the line into content issues, which the ICANN community has consistently pointed out should not form part of any policy deliberations.

The reality is however that in the new world of thousands of generic top-level domains, registry operators are going to be expected to deal with issues surrounding the registration and use of second-level domains. It is time for applicants to start finding answers to their own particular policy issues, especially the who, what, when and how of registrations at the second-level.

Of the 199 GAC early warnings, most were concerned over what rules will be in place for deciding who can register under specific TLDs, as well as how those rules will be checked and enforced. On top of those, there are 84 community applications that will need to define who can register at the second-level; and more than 500 applications for product or company names that will need to protect their online persona while simultaneously making the most of the brand opportunities that domain names provide.

Even those applicants not under an explicit or implicit obligation to produce rules will find that as they focus in on target markets, those markets will start to demand more of the registry than ever before in the domain industry. If communal expectations are not met they will take their business—and renewal rates—elsewhere.

It is in everyone’s interests to start working on policy questions that apply to their particular application(s) now.

• Who is allowed to apply for second-level domains under your string, and how do you identify them?
• How do you stop people that aren’t supposed to have the domain from getting hold of it—whether based on age, profession or location?
• What policies and mechanisms can you cost-effectively put in place to satisfy compliance concerns?
• What best practices can you implement to make sure you are responsibly deterring criminal activity and illegal content on your TLD?
• Most importantly, how can you show that self-regulation is the best, and not the worst, option?

IFFOR has been answering questions like this in the ICANN context for some time, as the independent policy body for dot-xxx domains.

As a professional, independent and experienced policy maker, whose policies have been highly regarded, IFFOR represents an ideal opportunity for companies to outsource their policy needs to an expert body, whether that is: limiting registration to specific groups or individuals; registrant verification; content labeling; or privacy and security protections.

We predict there will also be a need for industry-specific considerations, freedom of speech protections, sensitive content restrictions, ombudsman services, and enhanced compliance systems, procedures and auditing.

We will be providing our skills and expertise to gTLD applicants through our Policy Engine service and welcome suggestions from the community over what such services should look like so they address specific TLD issues. Let’s start a dialogue now so we can frame the issues of most concern before the cry for “binding contractual commitments” sends this vibrant industry down a rabbit hole.