In the first article in this series, I described how the current notice-and-takedown system operates as a chain of unfair cost transfer — from abuser to victim, to Commercial Notifier, to Internet intermediary, and ultimately to society. Cost, however, is only half of the problem. The other half is legal risk, and in many ways it is the half that paralyses the system most.

Why Internet Governance Has Failed to Protect Intermediaries

For most of my career in online brand protection, I had no interaction with the policy discussions in Internet governance. I was a practitioner — my world was detection, enforcement, and advising brands. I am very glad that my dear friend, Edmon Chung, CEO of DotAsia, introduced me to the world of Internet governance, where I stumbled upon what is called “the 26 words that created the Internet” — Section 230 of the Communications Decency Act.

As a seasoned practitioner, I was fascinated by Section 230 — by both how much it had failed in practice, and how elegant the underlying idea was. The principle is simple: provide Internet intermediaries legal immunity when moderating online content, in order to encourage proactive removal of abuse on the basis of Good Samaritan behaviour. If you protect intermediaries from legal consequences for acting in good faith, they will be more willing to act — not less. The instinct is right. The execution, however, has fallen short in two fundamental ways.

Problem 1: It’s a US law, and the Internet is global. INTA’s Internet Committee published a comprehensive report — “Intermediary Liability and Takedown Policies in Asia” — surveying practitioners across sixteen Asia-Pacific jurisdictions. If you look at how varied the legal frameworks are across countries like India, Japan, Indonesia, China, Australia, and Korea, you would understand immediately why a single US statute cannot provide a workable global framework. Every jurisdiction has its own definition of intermediary liability, its own threshold for “knowledge” of abuse, its own takedown obligations, and its own safe harbour conditions. Although Section 230’s principle has been adopted by many other countries in varying forms, there is no global consistency — and that inconsistency leaves intermediaries without meaningful protection the moment they operate across borders.

Problem 2: Most intermediaries don’t know the deal. In my experience, many intermediaries — like myself for most of my career — were totally unaware that the legal immunity under Section 230 is predicated on proactive, Good Samaritan behaviour. A lot of intermediaries would rather be reactive, doing only the minimum required by law, and so the industry stopped being Good Samaritan and instead engaged in the endless debate on the definitional fine lines of social responsibility that I described in the first article. The result: a lot of abuse simply goes unaddressed.

Despite these failures, there is something profoundly right about the Section 230 model that is worth preserving. It does not rely upon a legalistic, top-down definition of what constitutes abuse — the kind that needs to be regulated by a governmental authority. Online abuse is fast-paced and operates mostly in the grey area, and effective DNS abuse mitigation requires a solution that is equally fast-paced and does not need top-down authoritative endorsement before it can act. TNN wants to rebuild the spirit of Section 230 — not as a law, but as an operational framework that achieves the same outcome through contractual and commercial mechanisms that work globally.

But before explaining how TNN does this, it is worth being direct about who this framework is designed to serve. The largest global registrars, major cloud hosting providers, and dominant Internet platforms already have legal teams, established policies, and enough institutional weight to manage their own risk exposure. For them, TNN’s indemnity model is a useful reinforcement — but not necessarily a decisive factor. The intermediaries for whom this matters most are the thousands of smaller registrars, regional hosting providers, and Internet services operating outside the traditional ICANN circle — providers handling significant volumes of registrations and hosting across Asia, Latin America, the Middle East, and Eastern Europe, who are highly motivated to act on abuse but carry no institutional legal safety net. Without a framework like TNN’s, a single aggressive complainant is enough to make a smaller provider conclude that acting on a notice is simply not worth the risk. That is the paralysis TNN is built to break.

Reestablishing Protection: A Chain of Legal Indemnity

The concept of contractual indemnity is not novel in our industry — it is already the foundation of how domain registration works. Under the ICANN Registrar Accreditation Agreement (RAA), every domain name registrant must indemnify the registry operator against any claims arising from their registration. This is universal, standard, and unquestioned, because the principle behind it is simply correct: the entities providing infrastructure should not bear the full legal risk of how that infrastructure is used. The person who uses it should stand behind their use.

Now consider the notice-and-takedown process. When a service provider submits a notice asking an intermediary to suspend a domain, remove content, or disable a service, the intermediary is being asked to make an enforcement decision that could affect someone’s livelihood, free expression, or business — something far more consequential than processing a registration. And yet there is NO indemnification. The notice submitter bears no legal accountability for the accuracy of their report or the consequences of the action they request. If we accept that domain registration requires indemnification as a basic principle, how can we possibly argue that notice-and-takedown — a process with far greater legal consequence — should operate without it?

TNN closes this gap through an unbroken chain of contractual indemnity running from the victim all the way through to the Internet intermediary — achieving through commercial contract what Section 230 attempted through statute. The chain has three links:

Link 1: The victim indemnifies the Trusted Notifier. The brand or rights-holder that wants the abuse resolved provides legal indemnification to the Trusted Notifier acting on their behalf, making it a mandatory documented requirement. The victim must stand behind their claim.

Link 2: The Trusted Notifier indemnifies TNN. By joining the network, the Trusted Notifier enters a binding agreement under which they assume full accountability for the accuracy of their notices and expressly indemnify TNN against any claims arising from their submissions.

Link 3: TNN indemnifies the Internet Intermediary. This is the critical link that does not exist anywhere else in the industry today. Under TNN’s MOU with participating intermediaries, TNN provides contractual indemnification to the intermediary and its officers for any claims arising from good-faith reliance on a notice transmitted through TNN’s trusted channel.

This chain is designed on the same principle that makes industry-developed frameworks like UDRP durable in practice — when an intermediary acts within a collectively governed system built on consistent rules and distributed accountability, the legal risk is mitigated not by a statute, but by the legitimacy and breadth of the system itself. TNN aims to create exactly that systemic protection for the notice-and-takedown process, one that grows stronger as more intermediaries join and participate in shaping its policies.

Reestablishing Protection: The Good Faith Action Fund

I want to be transparent about a concern I have heard directly from a senior executive at a major global registrar: “The legal indemnity protection from TNN relies upon the financial position of TNN. As TNN is a not-for-profit with limited assets, the protection may not be sufficient for Internet intermediaries.” This is a valid concern, and one I will not dismiss. TNN is a not-for-profit Company Limited by Guarantee — we are not a multinational corporation with balance sheets to match, and I acknowledge openly that contractual indemnity alone, without financial substance behind it, is an incomplete answer.

In a conversation with a senior compliance executive at a major APAC Internet platform, they told me something that has stayed with me: “We love the idea of formal contractual indemnity through TNN. But in practice, even if we have this in place, we are very unlikely to exercise it. Pursuing an indemnity claim requires legal action — and the cost of that legal action often exceeds the cost of the original problem.”

This observation cuts to the heart of the problem. If indemnity can only be exercised through litigation, it remains a theoretical instrument — and theoretical protection does not change operational behaviour. What intermediaries need is not just the right to claim, but a fast and practical path to resolution that does not require them to initiate legal proceedings to access the protection they were promised.

TNN addresses this directly through the Good Faith Action Fund — a contractual mechanism within TNN’s membership framework, funded from a defined portion of membership revenues, that provides a fast and practical path to resolution for intermediaries who act in good-faith reliance on a TNN notice and suffer a loss as a result. The Fund is deliberately named and structured to reflect its purpose: it is not an insurance product, and it does not operate as one. It is a membership benefit that exists to make the contractual indemnity chain operationally real — ensuring that eligible disputes can be resolved quickly and commercially through TNN’s multistakeholder process, without requiring the intermediary to initiate litigation to access the protection they were promised. The chain of contracts establishes who is accountable; the Good Faith Action Fund converts that accountability into a practical commercial process rather than a legal one.

From Statute to Structure

Section 230 tried to solve the intermediary liability problem through 26 words in a US statute, and it was the right instinct. Protecting intermediaries from legal risk when they act in good faith is the single most important thing we can do to encourage proactive abuse mitigation. But we cannot wait for every jurisdiction in the world to pass its own version of Section 230, and the experience of the past two decades suggests that legislative convergence on this question is not coming anytime soon. The Internet is global, the abuse is global, and the intermediaries — particularly the smaller, regionally-focused providers across Asia, Latin America, and the Middle East who are most exposed and least protected — operate across borders that no single statute can bridge.

What we need is a structural solution that achieves the same outcome through contractual mechanisms, commercial incentives, and a multistakeholder trust framework that does not depend on any single government’s legislative agenda. That is what TNN’s chain of indemnity and Good Faith Action Fund are built to deliver — not perfect protection, but real, operational, cross-border protection that exists today, accessible to every participating intermediary regardless of their size, jurisdiction, or relationship with ICANN.

In the next article in this series, I’ll explore TNN’s third core concept — cross-industry cooperation: how TNN bridges the domain, hosting, and platform industries into a unified framework for abuse resolution.