At the most recent meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) in October, displayed on the screens of every session was the question of what to do about ‘DNS abuse mitigation.’ In just one meeting, there were nearly a dozen sessions dedicated to the topic, which was designated as a priority agenda item in nearly all joint and individual constituency meetings.

For the ICANN community, the issue of DNS abuse mitigation is not a new one. However, it was clear that the proliferation of sessions devoted to it reflected a turning point. As impatience with the pace of the ICANN policymaking process has grown, more stakeholders are calling for the community to ‘do something’ about the issue.

The risk for ICANN is that, without clear action, governments might step in and impose their own rules, potentially disrupting how the global internet is governed.

But first, how did we get here?

What is DNS abuse? A longstanding question

Having a narrow definition for DNS abuse is one way of preventing overreach in mitigation that could infringe upon lawful speech and content online. However, until recently, there was no definitive definition for the term ‘DNS abuse.’

Following years of consensus building, the noncommercial stakeholder group (NCSG) along with cross-constituency support successfully advocated for the establishment of a clear and concise definition. ICANN now defines DNS abuse as encompassing five categories: phishing, malware distribution, botnets, spam (as a means of abuse), and pharming. On the basis of this definition, contractual amendments to Registry and Registrar Accreditation Agreements (RAAs) have come into force, requiring that domain operators contracted with ICANN “promptly take the appropriate mitigation action(s) reasonably necessary” to disrupt abuse. In other words, registries and registrars must act swiftly when abuse is reported.

Yet, even with ICANN’s definition, the line between DNS abuse and other online issues is dangerously thin and risks overblocking legitimate speech.

Why DNS abuse matters to freedom of expression

The entities responsible for managing domain name registration—registries and registrars—operate largely invisibly. Whereas social media companies are top-of-mind when it comes to content moderation, registries and registrars also operate as gatekeepers for content, whether through their own internal decision-making processes or in compliance with requests from governments and other actors.

Policymakers and other stakeholder groups increasingly pressure registries and registrars to suspend or block domain names, for a variety of reasons. Requests range from content that is clearly illegal regardless of jurisdiction (such as the dissemination of child sexual abuse material), to more ambiguous issues (for instance, the sale of goods that are illicit in some jurisdictions, but not in others), to issues that are beyond their purview to resolve, such as copyright or trademark infringement.

The problem is that the only action registries and registrars can take to block content is inherently broad: when trying to target content on a particular webpage, registries and registrars must block all webpages using the same domain. In practice, this might mean suspending the entire NYTimes domain because of one disputed article—blocking access to everything else on the site, from recipes to election coverage.

We are therefore left with the question: what else can ICANN do to address the DNS abuse without overreaching and running the risk of censorship?

Regulatory landscape: ICANN and beyond

Currently, there are minimal regulatory obligations for registries and registrars. This, however, is likely to change. In the European Union, the Markets in Crypto-Assets Regulations mandating the use of domain takedowns or deletions as an enforcement measure for financial institutions came into force in December 2024. Since then, all subsequent EU financial policies have integrated domain takedowns or deletions as an enforcement measure, with the potential for legislation in other areas to follow.

With more regulators taking notice of the DNS, now is the time for ICANN to act. Developing a policy on DNS abuse mitigation presents an opportunity for the forum to showcase not only the importance of the multistakeholder model of internet governance, but also to ensure that concrete human rights safeguards are integrated into DNS abuse mitigation policy.

What next at ICANN?

Since the previous meeting in June, ICANN has approved two issue areas of priority for immediate policy development. With ICANN finalising the charters for the policy development processes (PDP), now is the time for ICANN to showcase its ability to fulfill its mandate of ensuring a secure and stable DNS.

Firstly, to guarantee a successful outcome, the PDP charter must be narrowly targeted. This is to ensure that each issue area is examined with care and that human rights safeguards are considered at every stage of the process, with a particular focus on protections for the right to privacy and freedom of expression.

Secondly, any ICANN policy on DNS abuse mitigation must include clear due process elements to ensure those whose domains have been suspended (or otherwise blocked) have clear and accessible processes for seeking remedy or challenging decisions. A PDP dedicated to establishing standard dispute and recourse mechanisms for registrants would go far in protecting the rights of internet users and domain holders.

As DNS abuse is an evolving topic, the two priority issues identified will not address the full range of associated issues. However, calls to ‘revisit’ ICANN’s definition of DNS abuse in light of technological advancements (such as the use of AI to aid in phishing attacks) must be considered with extreme caution. Currently, such advancements amplify the scale of attacks, but are not fundamentally different from the categories of abuse already defined by ICANN.

Regardless of this evolving landscape, there is a clear need to distinguish between technical abuse and ‘content’ abuse—the definition of which varies across operators and jurisdiction.

Finding solutions that balance the safety and security of the DNS with safeguarding registrants’ rights to freedom of expression and privacy online is paramount. The good news is that these goals are not as contradictory as they may appear. This is an opportunity for the ICANN community to demonstrate the strength of its consensus-building process and show that it can develop comprehensive DNS abuse mitigation policy with strong human rights safeguards.