ICANN rules could hamper agentic AI domain regs
Bulk registration of domain names is likely to become more difficult under policy proposals being considered in ICANN, potentially limiting the potential of agentic AI.
The Generic Names Supporting Organization is in the very early stages of a Policy Development Process that aims to “introduce friction” into bulk registration shopping carts for untrusted registrants.
The PDP was initially conceived last year as targeting API-based registrations, which are believed to be often used by Bad Guys to bulk-register domains for abusive purposes like malware and spam.
But the first version of the draft charter that will govern the PDP is now using “technology neutral” language, recognizing that APIs may not be as relevant in future. Bots and agentic AI are not directly mentioned, but it’s clearly what the authors have in mind.
The charter states:
This PDP would seek to introduce a requirement to put safeguards in place to ensure that registrants, particularly new or untrusted accounts, cannot immediately access domain name registrations at scale until they have demonstrated basic trustworthiness.
Quite how the limits would be put in place, what “at scale” means numerically, and how “trustworthiness” would be defined and earned, are all issues that would have to be hashed out by the PDP working group.
Whatever rules are created would be binding on all ICANN-accredited registrars and their resellers.
The PDP working group has yet to be created, and it seems the absolute earliest any agreed policy could be approved by ICANN would be the end of next year, with the rules coming into effect perhaps the following year.
The PDP is set to be the second of the Domain Abuse Mitigation efforts that began last year under pressure from governments and others and studies such as ICANN’s INFERMAL, which discovered that registrars with freely available APIs were far more likely to be abused by ne’er-do-wells.
Harassment down, bitchiness up at ICANN
ICANN’s Ombuds dealt with 50% more cases in its last-reported year, with most of the growth attributable to community members who just can’t seem to get along.
In a recently published annual report (pdf), covering the period to the end of June 2025 (yes, it really is published a whole year after the fact), the Ombuds said that it opened 248 tickets in the year.
But 212 of those — basically the same as the previous year — were ruled “out of scope”, perhaps because they were requests for information or help rather that outright complaints.
The remaining 36, up from 24 in the prior year, were ruled “in-scope”. Eight of those cases were complaints.
The Ombuds splits cases into two buckets — “unfairness” and “interpersonal and relational”. Unfairness cases were flat at 16, but down as a percentage from 67% to 44% due to the interpersonal category growing from seven cases to 20.
The interpersonal bucket refers to how community members interact in their working groups and such. It covers harassment, conflict, uncivil language and behavior.
Combined, cases concerning these behaviors accounted for 56% of the total, but the Ombuds reported that only two of those were at the level of claims of harassment.
ICANN lays out new rules for navel-gazing
ICANN is set to cut back on the amount of navel-gazing it carries out, dramatically scaling back how often it reviews its own structure and performance.
The community’s unashamedly meta “Review of Reviews” has produced fruit on schedule, with a set of principles set to be opened for discussion at the ICANN 86 meeting in Seville, Spain which kicks off this weekend.
The Cross Community Group that came up with the new framework would see some reviews that are currently mandated by ICANN’s bylaws eliminated altogether and others put on a substantially longer cycle.
The CCG is recommending that only two reviews are mandatory, the Accountability & Transparency Review, which would occur every five years, and an ICANN Structural Review which would run every 15 years instead of the current five.
The Registration Directory Service Review, which according to the bylaws has to review Whois policy every five years, does not appear to feature in the new recommendations. Either does the Competition, Consumer Trust and Consumer Choice Review.
The five-yearly Security, Stability, and Resiliency Review would now be treated as an “On-Demand Review”, a new category of review that can be called for by the community if a very high voting threshold is met.
The proposals already have their detractors among the community’s constituency groups.
The Non-Commercial Stakeholders Group has concerns that they would favor highly resourced interest groups at the expense of marginalized communities, for example, while the Intellectual Property Constituency believes eliminating some of the reviews poses a risk of DNS abuse and IP infringement.
There will be a session on the proposals in Seville on Monday.
Surprising nobody, ICANN calls off Oman meeting
The bad news: ICANN has cancelled its meeting in Oman this October. The good news: you’re all going to Bali instead!
The ICANN 87 Annual General Meeting will now take place at the conference center attached to The Westin Resort Nusa Dua, Bali, Indonesia, from October 17 to 22. Those are the same dates as the scheduled meeting in Muscat.
While ICANN scrupulously avoided explicitly laying the blame at the feet of Donald Trump, from whom the Org has been cowering since his second term as US president began, the relocation of the AGM is not unexpected and certainly due to the ongoing US-Israeli war on Iran.
While the timing may be coincidental, ICANN’s announcement came less than a week after an increasingly unpredictable Trump threatened to bomb Oman, which has been acting largely as a neutral mediator to date.
But ICANN merely said:
The decision to relocate the meeting was made in consultation with the meeting hosts and local partners in Oman, with a shared focus on ensuring that the AGM can proceed on schedule and support broad global participation.
…
Accessibility, travel reliability, and the ability to participate, both in person and online, are essential to its success. In light of recent developments affecting regional airspace, ICANN has taken this step now to provide certainty for participants and ensure the meeting can move forward as planned.
Bali is of course a popular tourist destination in the Asia-Pacific region — and the beachfront Westin looks gorgeous — it is a long slog for ICANN participants from North American and Europe. But the risk of accidentally getting shot down is much reduced.
It’s the second time in less than a year ICANN has postponed a meeting in Oman due to regional instability.
ICANN director and African internet pioneer Barrett dies
Alan Barrett, a member of ICANN’s board of directors and an internet pioneer in his home of South Africa has died, according to ICANN.
The Org said that Barrett died of recently-diagnosed cancer yesterday, May 28. An online memorial is being planned, but his family have requested privacy in the meantime, ICANN said.
Barrett was involved in setting up the first internet connections to universities in South Africa and the launch of the first commercial ISP there in the 1990s, according to his biography.
He also served as CEO of AFRINIC, the Regional Internet Registry for Africa, from 2015 to 2019.
“Alan was a kind man, who listened to others,” ICANN CEO Kurt Lindqvist wrote on social media. “When Alan spoke you listened as he was always well read, balanced and would suggest a path forward on thorny issues.”
He was the Address Supporting Organization’s two-time appointment to the ICANN board and his second term was due to expire at the conclusion of the 2027 Annual General Meeting.
More cheap new gTLD applications approved
ICANN has approved 18 more requests for reduced-fee new gTLD applications under its Applicant Support Program.
As of last week, the Org said it has conditionally approved a total of 16 requests, up by 13 on a month earlier, and fully approved 27, up by five. “Fully approved” means ICANN has received payment from the applicant.
Only one request has so far been rejected, because the applying entity was found not to be eligible for the program.
There are now a total of 44 applications that have been processed, with 32 more in the pipeline.
The ASP offers up to an 80% discount on the $227,000 base new gTLD application fee, along with a range of other perks, to non-profit organizations on tight budgets.
Cops get special Whois access rights
Law enforcement agencies will be able to get access to private Whois records in under 24 hours under ICANN policy introduced yesterday, but the powers are toothless for now.
ICANN has updated its Registration Data Policy to add a section handling “urgent requests” for Whois data, normally redacted in the public RDAP databases due to privacy laws and ICANN policy.
Normally, registrars have as much as 30 days to respond to disclosure requests, but they will only have 24 hours when the request relates to “circumstances that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation in cases where disclosure of the data is necessary in combatting or addressing this threat”.
Because it’s a formal Consensus Policy, it’s already binding on all contracted parties.
But it’s currently pretty useless. The policy only requires the fast disclosure when the requestor is an “authenticated” law enforcement agency, and as of today ICANN has no mechanism to authenticate LEAs.
Figuring out how to authenticate requestors has been under discussion privately in the Governmental Advisory Committee’s Public Safety Working Group for some time, with ideas about domain-based authentication being floated.
But it seems the real work will be carried out by the GNSO Council’s forthcoming Supplementation Recommendations on the EPDP Phase 2 working group, which will be tasked with revisiting earlier, subsequently rejected, work on Whois access.
The pencilled-in deadline for that working group to reach recommendations is January 2027, a lot faster (but critics say less democratic) than a full-blown Policy Development Process, which would take years.
2026 new gTLD round has actually opened
As of today, you can now apply to own a piece of the internet’s root zone for the first time since 2012.
Almost unbelievably, given some of its relatively recent history, ICANN has hit its deadline and opened up its systems for companies and organizations to file applications for new gTLDs.
The application window opened late April 30 and will close August 12. Many applicants will have been working on their bids for some time, but may hold out until later in the window to actually commit.
ICANN CEO Kurt Lindqvist said in a press release: “Whether building a brand for a company, spotlighting a geographic region or city, strengthening a community, or launching a business to offer domain names under a new registry, a new gTLD can be an innovative tool for commerce, security, and communication.”
ICANN noted that it’s expecting to receive applications for gTLDs in non-Latin scripts — 27 are available — to broaden the linguistic diversity of the DNS. Whether the Org has done enough awareness-raising outreach in non-Anglophone regions is an open question, however.
The cost of applying begins at $227,000. That’s the base application fee, but it will likely often be bumped up by thousands for applicants that need special extra evaluation services.
There’s also going to be an auction of last resort for competing applications for the same strings, where ICANN pockets the proceeds. Unlike the 2012 round, there’s no ICANN-endorsed pathway to privately resolving contention sets for cash.
As many as 75 organizations around the world may have qualified for the Applicant Support Program, which will subsidize application fees by as much as 80%.
We won’t know who has applied for what until probably around mid-October. Applicants then get two weeks to change their strings to their back-ups if they find themselves in unwelcome contention sets. Final strings are confirmed in November.
That’s all assuming the 2026 room is more or less the same size as the 2012 round, in which there were 1,930 applications. A larger batch of applications may delay things a little.
Applications can be filed via ICANN’s new TLD Application Management System (TAMS). The Org has also made a great number of documents and archived webinars available that talk prospective applicants through the process.
Applicants, or simply the curious, can also use DI’s free Stringtel tool to investigate the risks and opportunities associated with their chosen gTLD strings.
.io safe for now as Trump puts Chagos deal on ice
The uncertainty surrounding the future of .io domains is set to continue after the UK government froze its plans to cede sovereignty of the Chagos Islands due to lack of US support.
The UK has run out of time to pass legislation approving the treaty that would give Chagos to Mauritius in the current parliamentary session, which ends about a month from now.
It is reported that there are no plans to make a successor bill part of the King’s Speech — in which the government sets out its legislative agenda for the next session — on May 13.
The delay is believed to have come because the Trump administration, which has been blowing hot and cold on the issue since it came into power last year, has so far withheld its formal written consent.
That’s necessary for the treaty to pass because the largest of the Chagos archipelago, Diego Garcia, is home to a US-UK military base strategically important for American bombing raids in the Middle East.
Chagos, officially the British Indian Ocean Territory, owns the ccTLD .io, popular among tech startups. It’s managed by a UK-based Identity Digital subsidiary that makes over $40 million a year from registrations.
The UK’s decision to cede control of BIOT, following international human rights rulings, raised the spectre of .io ultimately being replaced or retired under ICANN’s rules governing ccTLDs.
While UK ministers have denied over the weekend that the Chagos deal is fully dead, its future seems to be dependent on Donald Trump, or his successor, changing the US position on the treaty.
WIPO doubles the speed of UDRP cases
The World Intellectual Property Organization has introduced a new, more expensive tier of its UDRP service that can effectively halve the time each case takes to about 30 days.
WIPO said last month that it now offers an “expedited case processing” option, which reduces the time from filing to decision to one month, under certain circumstances, compared to the usual roughly 60 days.
The new option only applies to cases involving one to five domains registered to the same registrant, decided by a single-member UDRP panel, and relies upon third parties such as registrars sticking to their timing obligations under the policy.
The option costs complainants $4,000, compared to the usual $1,500. WIPO’s cut doubles from $500 to $1,000, with the remainder going to the panelist. Registrants are also able to request an expedited process for a cost of $2,500.
Because WIPO cannot unilaterally change the UDRP, registrants still get the standard 20 days to respond when their domains are targeted. They also still get to pay to demand a three-person panel, which effectively counteracts the expedited timeline.
The option means that UDRP could now only be a week or so slower than the Uniform Rapid Suspension service, for those trademark owners willing to pay the higher fee.
WIPO said that the expedited service will be managed by a dedicated team and a “special roster of panelists”, which may or may not turn out to be important depending on which panelists are selected for this limited pool.






Recent Comments