By Corey Grant
14 April 2015
If you are like the majority of Registry Operators we have spoken to, you may now be thinking that compliance with your new gTLD Registry Agreement is much more difficult than first envisaged – especially if you are one of the lucky operators which have been chosen for ICANN’s latest round of registry audits!
You may also be surprised at the number of questions and requests that you need to respond to.
The good news is that you are not alone, and I’m pleased to share some of our lessons here, in the hope that it may assist others.
What to expect from ICANN Compliance
When the first new gTLDs were launched, ICANN indicated that compliance with the Registry Agreement would be handled in a reactive and consultative manner.
The reality is that, since the first TLD was delegated ( شبكة. which translates to .shabaka, or ‘web’ in Arabic), ICANN’s Compliance department has been significantly ramping up efforts to proactively enforce Registry Agreements. In fact, responses from Registry Operators can be sought from the time the Registry Agreement is signed, and in some cases before TLDs are even live.
Making compliance management even harder for applicants are the shifting sands on which requirements are being developed, especially given that some are still being finalised.
It had been broadly expected that the parameters for compliance were two-fold:
a. ICANN Compliance Notices to be issued to Registry Operators when clear issues were identified; and
b. Formal (random) audits, to occur as part of a three year audit plan.
Extra compliance requirements
In addition to the above, we are seeing ICANN issue Inquiries, which seemingly amount to Notices without clear explanation.
ICANN has to date issued these Inquiries under a very broad range of topics to almost all current Registry Operators, and these ostensibly informal Notices must be acted upon by the Registry Operator lest ICANN escalate the Inquiry into a Notice.
This third area of contact by ICANN has significantly broadened the ability of ICANN compliance to contact Registry Operators. As a result we are seeing some concerning real world examples of compliance issues such as:
• Receiving compliance Notices before Registry Operators had reached a point in the launch process where names could be registered; and
• Receiving Notices because marketing material didn’t exactly match TLD startup information, without consideration for the differing audiences for this information; and
• In one case that we’ve been involved with, issuing Notices based on incorrectly auto-generated error messages, causing Registry Operators to scramble to understand potential breach situations that didn’t exist.
As concerning and time consuming as managing notices, audits and inquiries can be, experience shows us that preparation and knowledge is the key to minimising their impact on daily operations.
How to manage ICANN compliance
Effective and comprehensive TLD policies + clear understanding of the requirements/industry + comprehensive processes + knowledgeable resources = COMPLIANCE
The solution isn’t a simple one, given that it requires such a broad understanding of Registry Operator practices and the new gTLD regulatory framework, but for ARI Registry Services’ clients we provide the people and resources to ensure compliance via a three step process.
1. Proactive ongoing management of daily tasks
Managing the ongoing ICANN obligations such as Add Grace Period Limit Policy implementation, Zone File Access management, ICANN monthly reports, reserved name compliance management, etc.
2. Industry Engagement
Monitoring and active lobbying in the compliance space in the best interests of Registry Operators, as well as ensuring a comprehensive understanding of the requirements and best ways of resolving known and potential issues for a wide variety of operating parameters.
3. ICANN Response
Once inquiries or notices are received, or in preparation for a known audit, ARI Registry Services’ compliance staff have the accumulated knowledge and technical record keeping behind them to adequately respond in a timely fashion, minimizing the impact on Registry Operators.
Compliance with the Registry Agreement is a time consuming and complex affair. It’s also an unforgiving exercise too; you only get once chance to get it right or otherwise you face the very real consequence of an ICANN breach notice. This is the reason why many of our clients have signed up for our Operational Services program.
ARI Registry Services is the only one-stop-shop that simplifies your technical operations, advocates for your commercial interests and removes the complexities of operating within the ICANN ecosystem.
By safeguarding their TLD asset and outsourcing the burden of compliance to ARI Registry Services, our clients can concentrate on their core business operations safe in the knowledge that they’re working with a proven and trusted partner.
Corey Grant is a Senior Industry Consultant with the ARI Registry Services consulting team.