After six months, ICANN is finally giving its Governmental Advisory Committee what it wants. Kinda.
The New gTLD Program Committee has quietly sent its plan to implement the GAC’s so-called “Category 1” advice on new gTLDs, which called for regulated gTLDs where applicants had applied for open namespaces.
But it’s rewritten the advice in such a way that it’s unlikely to win many fans in either camp, causing headaches for applicants while also falling short of giving the GAC everything it wanted.
In a letter to GAC chair Heather Dryden, ICANN chair Steve Crocker laid out the NGPC’s plan.
The Category 1 advice, which comprised eight “safeguards” applicable to at least 386 gTLD applications for 174 unique strings, has been rewritten, making it a little more palatable to the majority of applicants.
The list of strings has also been cut in two, with the 42 strings considered most often linked to highly regulated industries taking the brunt of the regulation.
These 42 may or may not find their business models killed off, but are certainly facing more friction as a result of the NGPC’s decision:
.abogado, .attorney, .autoinsurance, .bank, .banque, .bet, .bingo, .carinsurance, .casino, .charity (and Chinese IDN), .corp, .cpa, .creditcard, .creditunion, .dds, .dentist, .gmbh, .hospital, .inc, .insurance, .ira, .lawyer., .lifeinsurance, .llc, .llp, .lotto, .ltd, .ltda, .medical, .mutualfunds, .mutuelle, .pharmacy, .poker, .sal, .sarl, .spreadbetting, .srl, .surgery, .university, .vermogensberater, .versicherung
Each of these registries is going to have to sign up to eight new mandatory Public Interest Commitments, obliging them to engage with the industries associated with their strings, among other things.
And while the GAC wanted these strings to be limited to credential-holding members of those industries, ICANN seems to be giving the applicants much more implementation wiggle room.
The GAC had originally called for all 386 Category 1 registries to:
Establish a working relationship with the relevant regulatory, or industry self-regulatory, bodies, including developing a strategy to mitigate as much as possible the risks of fraudulent, and other illegal, activities.
But ICANN has reinterpreted the advice to make it a bit less onerous on applicants. It will also only affect 42 strings. The advice, now rewritten as a PIC, reads:
Registry operators will proactively create a clear pathway for the creation of a working relationship with the relevant regulatory or industry self-regulatory bodies by publicizing a point of contact and inviting such bodies to establish a channel of communication, including for the purpose of facilitating the development of a strategy to mitigate the risks of fraudulent and other illegal activities.
Does that PIC mean registries will actually be obliged to listen to or give policy-making power to the relevant industries on a formal basis? It’s ambiguous enough that the answer might easily be no.
The GAC had also called for some Category 1 gTLDs to become restricted to card-carrying members of the industry or industries the strings relate to, saying in Beijing:
At the time of registration, the registry operator must verify and validate the registrants’ authorisations, charters, licenses and/or other related credentials for participation in that sector.
ICANN has basically rejected that advice, replacing it instead with the much more agreeable (to registries) text:
Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring a representation that the Registrant possesses any necessary authorisations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string.
You’ll notice that the ICANN version does not require credentials to be provided at the point of registration. In fact, the PIC seems to require nothing more than a check-box that the registrant must click.
This is obviously tolerably good news for applicants that had proposed unrestricted policies for their gTLDs — they no longer face the kiss of death in the registrar channel that the GAC’s version would have created — but let’s not pretend it’s what the GAC had asked for.
Again, it only applies to the 42 strings ICANN has identified as particularly broadly regulated.
These registries are not getting an easy ride, however. They will have to enforce a post-registration regime of verifying credentials in response to complaints. The new ICANN PIC reads:
If a Registry Operator receives a complaint expressing doubt with regard to the authenticity of licenses or credentials, Registry Operators should consult with relevant national supervisory authorities, or their equivalents regarding the authenticity.
It’s implied, but not stated, that uncredentialed registrants should lose their domains. Again, the ICANN version of the GAC advice may be less of a nightmare to implement, but it’s still very vague indeed.
For any Category 1 applicant that is not on the sub-list of 42 sensitive strings, there will be three new PICs to adopt.
These all instruct the registry to require registrars to get registrants to agree to abide by “all applicable laws”. It’s the kind of stuff that you usually find in registration agreements anyway, and doesn’t appear at first look to present any hugely problems for registries or registrars.
Overall, ICANN seems to have done a pretty good job of making the Category 1 advice less onerous, and applicable to fewer applicants, than the GAC originally wanted.
But applicants for the 42 strings most heavily affected still face some vague contractual language and the very real possibility of industry complaints in future.