Six months following the April 11th issuance of the Beijing Communique by ICANN’s Governmental Advisory Committee (GAC), ICANN continues to wrestle with whether to accept the bulk of the GAC’s proposed safeguards for new gTLDs as set forth in Annex 1 of that document.

On October 1st ICANN Board Chairman Stephen Crocket sent a letter to GAC Chair Heather Dryden summarizing the results of the September 28th meeting of the New gTLD Program Committee (NGPC) that considered the remaining and still undecided advice received from the GAC.

In regard to Category 1 Safeguard Advice relating to consumer protection, sensitive strings and regulated markets, that letter stated: Category 1 Safeguard Advice: The NGPC is working on an implementation plan for the advice and will inform the GAC of the details upon approval by the NGPC.

In other words, the NGPC has still made no final decisions regarding the Category 1 Safeguard Advice.

One key subset of the Category 1 Advice relates to strings that are related to regulated industries and professions. In that regard, the Beijing Communique states the following:

Category 1 Consumer Protection, Sensitive Strings, and Regulated Markets

The GAC Advises the ICANN Board:

Strings that are linked to regulated or professional sectors should operate in a way that is consistent with applicable laws. These strings are likely to invoke a level of implied trust from consumers, and carry higher levels of risk associated with consumer harm. The following safeguards should apply to strings that are related to these sectors:

1. Registry operator will include in its acceptable use policy that registrants comply with all applicable laws, including those that relate to privacy, data collection, consumer protection (including in relation to misleading and deceptive conduct), fair lending, debt collection, organic farming, disclosure of data, and financial disclosures.

2. Registry operators will require registrars at the time of registration to notify registrants of this requirement.

3. Registry operators will require that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law and recognized industry standards.

4. Establish a working relationship with the relevant regulatory, or industry self-regulatory, bodies, including developing a strategy to mitigate as much as possible the risks of fraudulent, and other illegal, activities.

5. Registrants must be required by the registry operators to notify to them a single point of contact which must be kept up-to-date, for the notification of complaints or reports of registration abuse, as well as the contact details of the relevant regulatory, or industry self-regulatory, bodies in their main place of business.

The Communique then goes on to provide a non-exhaustive list of multiple domains within twelve separate categories (e.g., Children, Health and Fitness, Financial, and Professional Services) that these safeguards should apply to.

Drawing on my experience co-founding .TRAVEL, where we established a similar model, this way forward can establish a basis to end the ongoing impasse in final consideration and appropriate implementation of this subset of GAC advice. This article provides a mechanism by which the GAC safeguard advice for protecting the public interest attaching to regulated sectors can be implemented. This approach would assure that as Internet users interact with domains at new “sensitive string” gTLDs associated with regulated industries and professions, they can be assured that the registrants are bona fide entities engaged in legitimate activities.

The GAC safeguards can be fully developed and implemented through the establishment of a Policy Advisory Board (PAB) at each such string composed of a balanced and inclusive membership. The PAB can then develop appropriate registrant eligibility criteria and registry policies—these policies can then in turn be incorporated within enforceable Public Interest Commitments Specifications (PICS) for the registry.

The PAB approach recognizes that one size does not fit all—that the specific and appropriate safeguards for a string associated with gambling activities are quite different from those involving strings that relate to, for example, financial services, health care, professional services, or charities. The virtue of the PAB approach is that it would permit protection of the legitimate public interest through adoption of the general PAB structure by the NGPC without requiring it to in any way get into specific details of the proper implementation of safeguards at any particular string encompassed by this GAC advice. Registrant criteria, registry policies, and other relevant decisions relating to that implementation would be made by each string-specific PAB based upon the specific sector, relevant regulations, data collection needs, and other considerations for the specific string. Certain costs associated with PAB implementation and operation would be imposed on the applicant/registry operator in the belief that such strings carry certain public interest responsibilities and that these costs are best recouped from regulated sector applicants rather than from affected elements of the public.

The remainder of this paper outlines Guiding Principles for the PAB model, including suggested elements and considerations for PAB adoption and implementation: as well as the various categories of parties to be considered for inclusion within a PAB. The author hopes that this suggested approach will prove beneficial to the NGPC and the GAC, as well as provide a common ground for discussion between affected new gTLD applicants and the general public, including the many interest groups and constituencies with a strong interest in the proper and beneficial functioning of a particular gTLD that implicates a regulated sector.

Guiding Principles

• Limit the primary role of regulated industry gTLD operators to technical management of the gTLD and implementation of policies established by the representative and inclusive Policy Advisory Board; operator shall not have a seat or vote on the Policy Advisory Board
• Ensure that registrant eligibility policies are inclusive, transparent, pro-competitive and non-discriminatory and serve the affected community and the general public, particularly Internet users of domain registrant services
• Recognize that national laws, especially those relating to cross-border e-commerce, have not kept pace with the explosive growth of the commercial Internet over the past 15 years, and that therefore additional measures are required to ensure that standard and acceptable practices guide new gTLD policies and protect the public interest
• gTLD manager shall be responsible for authenticating registrants in conformance with Policy Advisory Board established eligibility criteria
• Registrants shall be responsible for adhering to the policies established for the particular gTLD
• Ensure adoption of a standard and accepted model capable of custom configuration for each sensitive string/regulated industry or profession gTLD via Advisory Board determinations that protect the rights and specify the responsibilities for gTLD applicants and registrants and thereby assure rights equivalency and elimination of undue advantage
• All costs associated with establishing and operating a gTLD Policy Advisory Board shall be borne by the new gTLD applicant

Function

• To ensure that the protection and promotion of the public interest is furthered via the operation of a regulated industry/profession gTLD
• To ensure that new gTLD applicants for regulated industry gTLDs do not operate the registry in a manner that is antithetical to the overriding goals of competition and innovation
• To ensure that the Policy Advisory Board is inclusive of all affected parties and reflects global diversity, participation in the Board should be open to all parties with a demonstrated connection to the industry associated with the gTLD string. Such parties include regulators, wholesale and retail industry participants as well as their representative industry trade organizations, and consumer and public interest groups

Representation

• All regulated industry/profession gTLDs shall establish an Policy Advisory Board to determine the policies of the registry, including registrant eligibility policies
• Such Policy Advisory Board shall be made up of 12 -18 representative members from the broad spectrum of affected parties, including, but not limited to, users, suppliers, distributors, regulators, and consumers of registrant services reflective of global diversity in its overall composition
• Policy Advisory Board applicants who are not accepted due to numerical limitations shall have an opportunity to rotate on to the Policy Advisory Board as others rotate off at appropriate intervals; however all interested parties must be regularly apprised of Board activities and decisions with formal avenues for providing input and feedback

Appeals process

• Should any affected party feel that they are not adequately represented on the Policy Advisory Board, or feel that they are unduly rejected or barred from becoming a part of the Policy Advisory Board, or that the Policy Advisory Board is not meeting its obligations to the affected parties’ community, they shall have the right to take their grievance to neutral third party that will act as an Ombudsman to resolve the matter
• Should any potential applicant for the new gTLD be rejected or barred from registering a new gTLD when they believe that they meet the applicable criteria, or that such criteria is unduly discriminatory, they shall have the right to take their grievance to a neutral third party that will act as an Ombudsman to resolve the matter.
• Any grievance brought before an Ombudsman shall be paid for by the new gTLD applicant and shall be free of costs for the aggrieved party.

Policy Advisory Board Representation

• Accrediting organizations: Organizations that accredit practitioners with proven track record of responsible selling of product/service online across the global span of the internet.
• Experts & Advocates: Experts and policy advocates with documented knowledge of the trustworthy delivery of product/service.
• Safety Coalitions & Organizations: Coalitions and other recognized organizations of stakeholders in favor of protecting access to safe online regulated products/services.
• Internet Freedom Experts/Organizations: Independent watchdogs of freedom of use of the Internet.
• Global Internet Commerce Experts/Organizations: Representation from individuals/groups from the relevant regulated industry/profession who can bring experience of best practices in online commerce in the global environment.
• Consumers and Benefitting Organizations: Consumers and organizations that rely on the products/services and have developed expertise in safe processes that enable them to source products/services from other parts of the world.
• Constituent groups: Those that recognize the need for the product/service to be delivered online for accessibility to affected constituents.
• Global enforcement groups: Internationally recognized authorities with global perspective of the need for the product/service and associated regulation and enforcement.
• Human Rights expert: With particular knowledge of the issues pertaining to access to the relevant products/services.
• National enforcement groups: With first-hand experience dealing with complexities/benefits of distributing product/service within and across borders; purpose would be to assist with the development of international protocols.