Home / Blogs

3 Steps for Managing ICANN Registry Compliance

If you are like the majority of Registry Operators we have spoken to, you may now be thinking that compliance with your new gTLD Registry Agreement is much more difficult than first envisaged—especially if you are one of the lucky operators which have been chosen for ICANN’s latest round of registry audits!

You may also be surprised at the number of questions and requests that you need to respond to.

The good news is that you are not alone, and I’m pleased to share some of our lessons here, in the hope that it may assist others.

What to expect from ICANN Compliance

When the first new gTLDs were launched, ICANN indicated that compliance with the Registry Agreement would be handled in a reactive and consultative manner.

The reality is that, since the first TLD was delegated ( ????. which translates to .shabaka, or ‘web’ in Arabic), ICANN’s Compliance department has been significantly ramping up efforts to proactively enforce Registry Agreements. In fact, responses from Registry Operators can be sought from the time the Registry Agreement is signed, and in some cases before TLDs are even live.

Making compliance management even harder for applicants are the shifting sands on which requirements are being developed, especially given that some are still being finalised.

It had been broadly expected that the parameters for compliance were two-fold:

  1. ICANN Compliance Notices to be issued to Registry Operators when clear issues were identified; and
  2. Formal (random) audits, to occur as part of a three year audit plan.

Extra compliance requirements

In addition to the above, we are seeing ICANN issue Inquiries, which seemingly amount to Notices without clear explanation.

ICANN has to date issued these Inquiries under a very broad range of topics to almost all current Registry Operators, and these ostensibly informal Notices must be acted upon by the Registry Operator lest ICANN escalate the Inquiry into a Notice.

This third area of contact by ICANN has significantly broadened the ability of ICANN compliance to contact Registry Operators. As a result we are seeing some concerning real world examples of compliance issues such as:

  • Receiving compliance Notices before Registry Operators had reached a point in the launch process where names could be registered; and
  • Receiving Notices because marketing material didn’t exactly match TLD startup information, without consideration for the differing audiences for this information; and
  • In one case that we’ve been involved with, issuing Notices based on incorrectly auto-generated error messages, causing Registry Operators to scramble to understand potential breach situations that didn’t exist.

As concerning and time consuming as managing notices, audits and inquiries can be, experience shows us that preparation and knowledge is the key to minimising their impact on daily operations.

How to manage ICANN compliance

Effective and comprehensive TLD policies + clear understanding of the requirements/industry + comprehensive processes + knowledgeable resources = COMPLIANCE

The solution isn’t a simple one, given that it requires such a broad understanding of Registry Operator practices and the new gTLD regulatory framework, but for ARI Registry Services’ clients we provide the people and resources to ensure compliance via a three step process.

  1. Proactive ongoing management of daily tasks –?Managing the ongoing ICANN obligations such as Add Grace Period Limit Policy implementation, Zone File Access management, ICANN monthly reports, reserved name compliance management, etc. ?
  2. Industry Engagement –?Monitoring and active lobbying in the compliance space in the best interests of Registry Operators, as well as ensuring a comprehensive understanding of the requirements and best ways of resolving known and potential issues for a wide variety of operating parameters.
  3. ICANN Response –?Once inquiries or notices are received, or in preparation for a known audit, ARI Registry Services’ compliance staff have the accumulated knowledge and technical record keeping behind them to adequately respond in a timely fashion, minimizing the impact on Registry Operators.

Compliance with the Registry Agreement is a time consuming and complex affair. It’s also an unforgiving exercise too; you only get once chance to get it right or otherwise you face the very real consequence of an ICANN breach notice. This is the reason why many of our clients have signed up for our Operational Services program.

ARI Registry Services is the only one-stop-shop that simplifies your technical operations, advocates for your commercial interests and removes the complexities of operating within the ICANN ecosystem.

By safeguarding their TLD asset and outsourcing the burden of compliance to ARI Registry Services, our clients can concentrate on their core business operations safe in the knowledge that they’re working with a proven and trusted partner.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Corey Grant

Corey is part of the Registry Services team at Neustar, based in Australia. Neustar is the largest registry services provider by number of TLDs and are leaders within the ICANN community in policy and governance.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com