NGPC Accepts GAC Category 1 and 2 Safeguard Advice
ICANN New gTLD Program Committee (NGPC) has finally given its safeguard advice response to Governmental Advisory Committee (GAC)
The result of the NPGC action is that some new gTLD’s in the same vertical will be open to anyone who wants to register a domain name, while others will fall into the highly restricted category and can only be registered by those that are licensed or meet the relevant governing authority rules. For example .Law and .Legal will be open so anyone can register a domain name in those new gTLD’s but .lawyer and .attorney fall into the regulated new gTLD category, so that only those licensed to practice law in a jurisdiction will be allowed to register a .lawyer or .attorney domain
The advice is worded such that it’s unlikely to win many fans in either camp, causing headaches for applicants while also falling short of giving the GAC everything it wanted
Below is the advice
Category 1 Safeguards
The text of the Category 1 Safeguards have been modified as appropriate to meet the spirit and intent of the advice in a manner that allows the requirements to be implemented as public interest commitments in Specification 11 of the New gTLD Registry Agreement (“PIC Spec”). The PIC Spec and a rationale explaining the modifications are attached.
The implementation plan also distinguishes the list of TLD strings listed in the Category 1 safeguard advice between strings that the NGPC considers strings associated with market sectors or industries that have highly regulated entry requirements in multiple jurisdictions, and those that do not. The Category 1 Safeguards in the PIC Spec will apply to the TLD strings based on how the TLD string is categorized. The list of re-categorized Category 1 strings is attached.
Category 2 Safeguards
ICANN contacted the 186 applicants for strings identified in the GAC’s Category 2 safeguard advice.
The applicants were asked to respond by a specified date indicating whether the applied for TLD will be operated as an exclusive access registry.
An overwhelming majority of the applicants (174) indicated that the TLD would not be operated as an exclusive access registry.
The NGPC recently adopted a resolution directing staff to move forward with the contracting process for applicants for strings identified in the Category 2
Safeguards that were prepared to enter into the Registry Agreement as approved, since moving forward with these applicants was consistent with the GAC’s advice.
Ten applicants responded that the TLD would be operated as an exclusive access registry. These 10 applicants have applied for the following strings: .BROKER, .CRUISE, .DATA, .DVR, .GROCERY, .MOBILE, .PHONE, .STORE, .THEATER, .THEATRE and .TIRES.
The NGPC directed staff to prepare an analysis and proposal to implement the Category 2 safeguard advice for these applicants.
Staff requested the applicants to provide an explanation of how the proposed exclusive registry access serves a public interest goal.
When available, the responses will be forwarded to the NGPC and the GAC for further consideration.
Category 1 Safeguards as Public Interest Commitments in Specification 11 of the New gTLD Registry Agreement
1. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring registrants to comply with all applicable laws, including those that relate to privacy, data collection, consumer protection (including in relation to misleading and deceptive conduct), fair lending, debt collection, organic farming, disclosure of data, and financial disclosures.
2. Registry operators will include a provision in their Registry-Registrar Agreements that requires registrars at the time of registration to notify registrants of the requirement to comply with all applicable laws.
3. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law.
4. Registry operators will proactively create a clear pathway for the creation of a working relationship with the relevant regulatory or industry self-regulatory bodies by publicizing a point of contact and inviting such bodies to establish a channel of communication, including for the purpose of facilitating the development of a strategy to mitigate the risks of fraudulent and other illegal activities.
5. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring Registrants to provide administrative contact information, which must be kept up-to-date, for the notification of complaints or reports of registration abuse, as well as the contact details of the relevant regulatory, or industry self-regulatory, bodies in their main place of business.
6. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring a representation that the Registrant possesses any necessary authorizations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string.
7. If a Registry Operator receives a complaint expressing doubt with regard to the authenticity of licenses or credentials, Registry Operators should consult with relevant national supervisory authorities, or their equivalents regarding the authenticity.
8. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring Registrants to report any material changes to the validity of the Registrants’ authorizations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string in order to ensure they continue to conform to appropriate regulations and licensing requirements and generally conduct their activities in the interests of the consumers they serve.
9. Registry Operator will develop and publish registration policies to minimize the risk of cyber bullying and/or harassment.
GAC Category 1 Safeguard Advice
Rationale for Changes to Safeguard Language in the PIC Spec:
The NGPC intends to adapt the language of the Category 1 safeguards to meet the spirit and intent of the GAC’s Category 1 Safeguard Advice in a manner that allows the safeguards to be implemented as public interest commitments in Specification 11 of the New gTLD Registry Agreement (the “Category 1 PIC Spec”).
Safeguards #1, #2 and #5
Because registry operators and ICANN do not have contractual relationships with registrants, additional language was added to Safeguards #1, #2 and #5 to refer to Registry-Registrar Agreements and Registration Agreements to impose the obligation on registrants required in the safeguard advice.
Safeguard #3
Safeguard #3 would require registrants to implement reasonable and appropriate security measures if the registrant collects and maintains sensitive health and financial data.
The security measures should be commensurate with the offering of those services, as defined by applicable law and recognized industry standards. The NGPC notes that implementation would not be possible because it is not clear how “recognized industry standards” would be identified and applied in the context of hundreds of different sectors.
The language in the PIC Spec to address this safeguard was adapted to require that the security measures are commensurate with the offering of those services, as defined by applicable law.
Safeguard #4
The NGPC notes that the safeguard raises contract enforcement questions (e.g., how are the relevant regulatory agencies and industry self-regulatory organizations identified; who determines which industry self-regulation organizations bodies are “relevant” to a particular string and which governmental body is the competent regulatory agency).
Additionally, some regulatory bodies or industry self-regulatory bodies may not be responsive to collaboration with registry operators.
To address these concerns, the safeguard language in the PIC Spec was drafted in a way to avoid a situation where the registry operator would be in breach of the registry agreement if regulatory body won’t agree to a relationship with the registry operator.
Safeguards #6, #7 and #8
The implementation of safeguards #6-8 would change the nature of some new gTLDs from being open to uses that are not regulated into restricted TLDs open only to registrants that can prove their status or credentials.
The NGPC also notes that implementation would potentially discriminate against users in developing nations whose governments do not have regulatory bodies or keep databases which a registry/registrar could work with to verify credentials, and would potentially discriminate against users in developed nations whose governments have developed different regulatory regimes.
The language in the Category 1 PIC Spec was modified to address these concerns. As an initial matter, the registrant would be required to make an attestation that the registrant possesses any necessary authorizations, charters, licenses and/or other related credentials for participation in the sector associated with the TLD string. The registrant is also required to report any material changes to the validity of their authorizations.
If the registry operator receives complaints about the authenticity of the licenses or credentials, the registry operator is obligated to consult with the relevant national supervisory authorities, or their equivalents regarding the authenticity.
GAC Category 1 Strings
| Regulated Sectors/Open Entry Requirements in Multiple Jurisdictions (Category 1 Safeguards 1-‐3 applicable) |
Highly-‐regulated Sectors/Closed Entry Requirements in Multiple Jurisdictions (Category 1 Safeguards 1-‐8 applicable ) |
| Children: .kid, .kids, .kinder, .game, .games, .juegos, .play, .school, .schule, .toys |
|
| Environmental: .earth, .eco, .green, .bio, .organic |
|
| Health and Fitness: .care, .diet, .fit, .fitness, .health, .heart, .hiv, .rehab, .clinic, .healthy (IDN Chinese equivalent), .dental, .physio, .healthcare, .med, .organic, .doctor |
Health and Fitness: pharmacy, .surgery, .dentist , .dds, .hospital, .medical |
| Financial: capital, . cash, .cashbackbonus, .broker, .brokers, .claims, .exchange, .finance, .financial, .forex, .fund, .investments, .lease, .loan, .loans, .market, .markets, .money, .pay, .payu, .retirement, .save, .trading, .credit, .insure, .netbank, .tax, .travelersinsurance, .financialaid, .vermogensberatung, .mortgage, .reit |
Financial: .bank, .banque, .creditunion, .creditcard, .insurance, .ira, .lifeinsurance, .mutualfunds, .mutuelle, .vermogensberater, and .vesicherung, .autoinsurance, .carinsurance |
| Gambling: .bet, .bingo, .lotto, .poker,.spreadbetting, .casino |
|
| Charity: .care, .gives, .giving |
Charity: .charity (and IDN Chinese equivalent) |
| Education: .degree, .mba |
Education: .university |
| Intellectual Property: .audio, .book (and IDN equivalent), .broadway, .film, .game, .games, .juegos, .movie, .music, .software, .song, .tunes, |
|
| Regulated Sectors/Open Entry Requirements in Multiple Jurisdictions (Category 1 Safeguards 1-3 applicable) | Highly-regulated Sectors/Closed Entry Requirements in Multiple Jurisdictions (Category 1 Safeguards 1-8 applicable ) |
| .fashion (and IDN equivalent), .video, .app, .art, .author, .band, .beats, .cloud (and IDN equivalent), .data, .design, .digital, .download, .entertainment, .fan, .fans, .free, .gratis, .discount, .sale, .hiphop, .media, .news, .online, .pictures, .radio, .rip, .show, .theater, .theatre, .tour, .tours, .tvs, .video, .zip | |
| Professional Services: .accountant, .accountants, .architect, .associates, .broker, .brokers, .engineer, .legal, .realtor, .realty, .vet, .doctor, .engineering, .law |
Professional Services: .abogado, .attorney, .cpa, .dentist, .dds, .lawyer. |
| Corporate Identifiers: .limited |
Corporate Identifiers: .corp, .gmbh, .inc, .llc, .llp, .ltda, .ltd, .sarl, .srl, .sal |
| Generic Geographic Terms: .capital .town, .city | |
| .reise, .reisen .weather |
Special Safeguards Required
Inherently Governmental Functions: .army, .navy, .airforce
Potential for Cyber Bullying/Harassment: .fail, .gripe, .sucks, .wtf
Category 1 Safeguards as Public Interest Commitments in Specification 11 of the New gTLD Registry Agreement:
1. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring registrants to comply with all applicable laws, including those that relate to privacy, data collection, consumer protection (including in relation to misleading and deceptive conduct), fair lending, debt collection, organic farming, disclosure of data, and financial disclosures.
2. Registry operators will include a provision in their Registry-Registrar Agreements that requires registrars at the time of registration to notify registrants of the requirement to comply with all applicable laws.
3. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law.
4. Registry operators will proactively create a clear pathway for the creation of a working relationship with the relevant regulatory or industry self-regulatory bodies by publicizing a point of contact and inviting such bodies to establish a channel of communication, including for the purpose of facilitating the development of a strategy to mitigate the risks of fraudulent and other illegal activities.
5. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring Registrants to provide administrative contact information, which must be kept up-to-date, for the notification of complaints or reports of registration abuse, as well as the contact details of the relevant regulatory, or industry self-regulatory, bodies in their main place of business.
6. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring a representation that the Registrant possesses any necessary authorisations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string.
7. If a Registry Operator receives a complaint expressing doubt with regard to the authenticity of licenses or credentials, Registry Operators should consult with relevant national supervisory authorities, or their equivalents regarding the authenticity. `
8. Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring Registrants to report any material changes to the validity of the Registrants’ authorizations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string in order to ensure they continue to conform to appropriate regulations and licensing requirements and generally conduct their activities in the interests of the consumers they serve.
9. Registry Operator will develop and publish registration policies to minimize the risk of cyber bullying and/or harassment.
