ICANN Registry Agreement: What .BRANDs Need to Know About Spec 11

The ICANN Registry Agreement is a constant hot topic among new generic top-level domain (gTLD) applicants and operators. Recently, there has been particular interest in Specification 11 of the Agreement.

What is Specification 11?

Specification 11 (“Spec 11”) is the portion of the ICANN Registry Agreement that deals directly with how a new gTLD is used. This Specification applies to all new gTLDs, from totally open new gTLDs to restricted gTLDs to closed .BRAND gTLDs.

One part of Spec 11 was a major topic of discussion at ICANN’s first public meeting of 2015 in Singapore: Section 3 Parts A and B. Section 3 Parts A and B were introduced in reaction to the Governmental Advisory Committee’s (GAC) request for additional safeguards against malicious activities such as malware and botnets.

Section 3 Part A clearly lays out a requirement for the Registry-Registrar Agreement that is meant to limit negative activity within new gTLDs. It is straightforward and is meant to keep the new gTLD space clean and user-friendly.

Section 3 Part B was the real attention grabber, though.

Is There a Problem?

In Part B, there is a list of enforcement expectations related to Part A. Under Section 3 Part B, ICANN requires the Registry Operator to review its gTLD for malicious activity and keep reports on the number of threats.

This concept certainly has good intentions, but there is no framework or guidelines for how this monitoring should be executed. The difficulty is that while everyone wants a safe Internet, the execution and maintenance of reporting at this level is unchartered waters.

What’s Being Done to Work Things Out?

ICANN staff is currently working on developing a framework that is both effective and enforceable for Registry Operators to use. The framework will not be a contractual obligation, it is meant to assist the Registry Operator in keeping its gTLD safe.

Some Registry Operators, especially those with a less technical background, may hear requirements like “security threats…maintain statistical reporting…periodic security checks…” and be completely overwhelmed. Registry Operators need not lose their heads yet though. ICANN staff has been working diligently with the community of new gTLD operators and applicants to create a usable framework.

Until that framework is released, however, there is no clear, uniform path forward – Registry Operators will still be responsible for complying with Section 3 Part B, but how they do so will likely look different based on their new gTLD model. For example, .BRANDs that have only one or maybe a handful of domains under management need a less robust monitoring process than a large open gTLD that has thousands of domains registered to thousands of registrants.

What Should .BRANDs Do in the Meantime?

For now, until ICANN releases a clearer framework, owners of .BRAND gTLDs should adopt a wait-and-see approach and monitor ICANN’s developments. It is also important for brands to continue to respond to ICANN’s compliance questions accurately and thoroughly as requirements become clear.