RECORDED WEBINAR:
ICANN 81: Insights from the Meeting in Istanbul, Turkey
Watch CSC’s webinar recapping the recent ICANN 81 meeting with expert Gretchen Olive, CSC vice president of Policy. This session will share highlights of important industry policy developments that will affect your online domain name, brand protection, and cybersecurity strategies.
WEBINAR TRANSCRIPT
Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo and other engagement features. To set up a live demo, please complete the form above on our website. If you currently are not on our website and are watching this on our YouTube channel, there's a link to the website in the description of this video. Thank you.
Annie: Hello, everyone, and welcome to today's webinar, "ICANN 81: Insights from the Meeting in Istanbul, Turkey." My name is Annie Triboletti. I will be your moderator for today.
So joining me today is Gretchen Olive. Gretchen is CSC's Vice President of Policy and Strategic Account Management. For over two decades, Gretchen has helped Global 2000 companies devise global domain name, trademarks, and online brand protection strategies, and she is a leading authority on ICANN. So with that, I would like to welcome Gretchen.
Gretchen: Thanks, Annie, and thanks, everybody, for taking the time to join us today. I know schedules are tight, so we appreciate your time being with us here today. We have a lot to cover as always, so I'm going to get right to it.
Just a quick overview of our agenda. We will probably spend most of our time talking about the upcoming Round 2 of the new gTLD program, but there are certainly some other topics to cover. Among them is the Registration Data Request Service or RDRS, some other policy development matters around transfers, IDNs, registration data accuracy. We'll talk about DNS abuse. It's still there, and it's not going away. And then, obviously, we always talk a little bit about the GAC.
So before we get into the details of this particular meeting, let's just remind everybody of a few things to make sure we're all kind of starting from the same foundation. So ICANN has three public meetings a year. This is obviously the meeting that occurs in the October/November time frame. And it's set up as an annual meeting. So this is a seven-day kind of format. This is where ICANN really puts on a big show, shows what they've accomplished over the course of the year. There's a lot of work that goes on through the course of the year. So it's a lot of status updates and work group meetings and kind of like hot topics of interest. So the meeting here in Istanbul is the annual meeting.
ICANN also, just in terms of like what ICANN looks like when I mention I'll use the phrase a lot in this webinar series of the ICANN community. So what is the ICANN community? So this org chart does a good job of sort of spelling it out.
ICANN is a corporation. It's a nonprofit corporation. It has a board of directors. It has a president and CEO and staff. So that's kind of reflected here. But also, there's a number of, like, groups, supporting organizations, advisory councils, things like that that make up the ICANN community. These are people who are volunteers in the eyes of ICANN. Often, they are working for companies, law firms, etc. So they're paid as employees of those companies, but not paid as ICANN employees or kind of participants.
The group that we focus the most on in this webinar series is the GNSO, which is that larger blue box there in the middle. That's made up of sort of registrars, registries, ISPs, intellectual property interests, business interests. So it makes up a really broad kind of group of interests and is kind of very diverse as well.
The other group that we talk a fair amount about in this webinar series is you'll see it on the right-hand side, the bottom, darkest gray box. It's the Governmental Advisory Committee or the GAC. And they are basically representatives from a number of governments, typically from, like, the telecom ministry type part of the government. And they come and advise the ICANN Board, from a sort of public policy standpoint, about policies that are being developed through the ICANN process.
So that's kind of what I mean by the ICANN community when I talk about that. All right. So let's get into it.
First order of business is ICANN is going through a little bit of a staffing change, if you will, a transition. The prior CEO, Göran Marby, he resigned back in I guess it was 2023 at this point. And they had an Executive Search Committee, and they've made a selection. And the new CEO, he hasn't quite started yet, but he did chair this meeting. He won't start until December 9th, but his name is . . . everybody calls him "Kurtis" Lindqvist. He has a lot of experience in the space. He definitely comes from more like the ISP side of things. But he will be based out of Geneva and will travel a lot to ICANN's North American headquarters in Los Angeles, California. But it was a pretty extensive executive search.
He's coming at a very interesting time. And we'll talk about the new gTLD program, Round 2 of it is really starting to gear up. So it'll be interesting to see him kind of step into this role as this process really gets kind of more publicly underway. So just be aware, we have a new face at the helm of ICANN.
All righty. So let's jump into the new gTLD program. So just as a way of background, because I do see a number of names on our participant list here today that I haven't seen before, so I just want to make sure everybody has kind of a solid foundation. So ICANN, which is the Internet Corporation for Assigned Names and Numbers, they ran a Round 1, if you will, of the new gTLD program, where there was an introduction of a lot of new TLDs. And so the application process, though, was a time-limited window that happened in 2012.
There was a lot of policy work done before that. But the application process itself opened up in January of 2012 and ran through May 2012. It got extended due to some technical issues. It wasn't supposed to run through May, but it did. During that application round, ICANN received many more applications for new TLDs on the internet than they had expected. They actually received over 1,900 applications. And about a third of them were what's called dot brands, where companies were applying for their own dot company name on the internet to operate for their sort of exclusive use.
Believe it or not, 12 years later, we're still working through some of those TLD applications, working through launches. Some of them are in litigation. It's been a long road. And one of the things that ICANN promised during the first round, there was a lot of angst and concern by a lot of groups, particularly the Governmental Advisory Committee, or the GAC, like I mentioned earlier, about kind of really extending the internet from a technical perspective as well as sort of, like, how would that really work? What would be the impact from regular internet users to companies on this huge expansion of the TLD space? Because at the time when this window opened for application, there were only 22 existing gTLDs.
There's always been ccTLDs. Each country has their own and various territories have their own ccTLD, or country code top-level domain. But gTLDs, that's what ICANN governs, went from 22 to then receiving 1,930 applications for 1,409 unique strings. So huge expansion. And they promised the Governmental Advisory Committee that, after that first round, that they would do assessments and kind of determine what went right, what went wrong, and take corrective action before the next round opened. And so that's what we've been doing for the last 12 years, is kind of going through that process of understanding what went right, what went wrong, and what should be corrected and fixed for the next round.
So when we look at this round, there's two kinds of primary objectives for opening up the second round, and it will again be a time-limited window. So it's not like ICANN is opening up the ability to submit an application and that window is open forever and ever. They do hope to get to that at some point. But right now, it's still time-limited.
But really the focus here is to focus on diversity and inclusion basically in the Domain Name System. Believe it or not, most of the world doesn't speak English. And so there's a lot of areas of the world where the internet is barely being used and barely kind of accessed. And so there's a real goal to try to get more non-English-speaking people in society kind of engaged and using the internet and leveraging the internet for both economic reasons, social reasons, etc.
There also was a feeling during the first round that it was very much an insider's club with money, who were the applicants. And so ICANN has been working towards reducing barriers, and the GAC, again, has been very, very vocal about this, about not making money or sort of knowledge of the system barriers to kind of coming forth with an application.
And so these are two key objectives of this program. And you'll kind of see these themes kind of constantly kind of popping their heads up, if you will, as different stages of this happen. And we'll talk more about that.
All right. So I recognize this is probably pretty small on the screen, but as Annie mentioned, you can download the slide deck. But I was around for the first round of new gTLDs, and like I mentioned, it opened in January 2012. There was 10 years before that that we were doing policy work, 10 years plus, quite honestly. And it was a little helter-skelter. It was talking about blazing a new trail, talking about kind of running by the seat of your pants. That was certainly kind of Round 1. There was a lot of work and effort and very commendable work done to try to anticipate issues and challenges, but things just kept on cropping up.
And so this round, I will give ICANN kudos here. They've done, I think, a much better job of sort of managing this program, it's a program, and really making sure that there's proper kind of tracking, reporting, and governance. So I give them high regard for that.
So you can see on this chart where they've kind of broken out what this program looks like. So it gives you a real sense of sort of the resources needed, the work tracks that need to happen, kind of how all this needs to come together. And really, hopefully, the goal here is to provide some greater transparency and sort of avoid some of those late program surprises that really plagued the first round.
Here, they also publish a program plan and regular updates to that program plan, and we'll look shortly on a status report. But the program plan really tries to give you kind of a very high-level overview of everything that has to happen. Much of it has to happen sort of in parallel to each other to really get to the point of opening the application round.
So some of you may say, "Well, when's that going to happen? When is the application round going to happen?" Well, right now, ICANN has planted the flag in April of 2026. So not in 2025 next year, but the following year after that, April 2026. And I know, again, you're probably thinking that's a really long time away, but believe it or not, that time will fly. And you can see here everything that needs to get done and needs to happen.
So it's important to understand a few basic facts here that are sort of key milestones. One is the application, to apply, is going to be $227,000. Last time, it was $180,000. So it's gone up a little bit. Inflation has even affected ICANN, but that's only for the application. And the last time the fee included all kinds of objection processes and other additional kinds of validations and kind of assessments and contentions and things like that, that included all of that, that fee included all of that in the first round. This time there's going to be some additional fees for those other things.
So I think ICANN learned that for an application that gets submitted and sort of goes through the happy path, if you will, it doesn't run into any of the bumps along the road, okay. But when you have a lot of applications that hit bumps in the road and need to go through contention processes or need some further assessments, then that's where there's going to be some additional costs.
So all this will be eventually spelled out in what's called the Applicant Guidebook or the AGB. That will be a new acronym to your vocabulary that you'll get very familiar with from now until this program launches and beyond. The Applicant Guidebook, think of it as sort of the bible of the program. It will do everything to spell out like who's eligible to apply, how to apply, what happens through the application evaluation process, what are all the different things, additional validations or assessments that would need to be done, as well as what's needed to basically get delegated, what contract needs to be signed, timelines, all that stuff. So it's quite a hefty document that has all those rules of the road, if you will, in it. The goal here is to get that done by May of 2025 so that applicants have a good year with that, like, finalized, and then can work towards the application. So you can quite quickly see what looks to be, oh, we've got a while, you can see how May 2025 is right around the corner. And that's where a lot of stuff needs to be finalized by.
The application window is expected to be about 12 to 15 weeks. So it'll start in April 2026. We don't have the exact date yet. And it will go for about 12 to 15 weeks. So, again, it's not something that opens and is open forever. It will be time-limited.
There have been some very interesting decisions recently, and they were kind of discussed during this meeting as well, things that went wrong the last round kind of finally got some closure on some of these things that have been studied and discussed and debated over the last 12 years. And one of them was auctions.
So when all those applications were filed, and I mentioned 1,930 applications, but 1,409 unique strings, so that means that there were some overlaps in applications where multiple parties applied for the same string. And so those went into what was called contention sets. And in the first round, there was a lot of gaming that was going on, where people were paying other people to leave the contention set. They were doing private auctions, things like that. So the ICANN Board has recently decided, no, that can't happen, that if you're in a contention set, the way it will be settled is through an ICANN auction process.
They've also, even prior to this meeting, basically have put the kibosh on what's called closed generics. So there were some brands who applied for generic words or sort of like category words as TLDs as an application and wanted to run that category words. Just think of the word like "books," wanting to run "books" as just for the benefit of a single corporation. So that has been banned.
As well as the last round, we had folks who applied for the singular and plural of a word, and they were not put into contention sets. They were treated as two separate, unique applications. And so we had situations where we had singular and plural of the same word being delegated and launched. And that can cause confusion on the internet. And so, again, a problem that won't happen in this round.
They've also, in addition on that plural and singular kind of issue is if there is a TLD out there today that's plural or singular, then there's a prohibition against applying for the opposite. If there's a plural out there, you can't apply for the singular and vice versa. That's kind of already a done deal. It's already delegated on the internet.
So, yeah, so a lot going on with the program. I provide here the link to a new website that ICANN put up on the new gTLD program to kind of give people updates and status and things. That will certainly be sharing those updates as well. But just in case you want to go check that out, that's available.
So now let's talk about where they are, the status. You see all the things that have to get done. What's happening on status? So they put out these status reports. This is actually the status report that they put out prior to the meeting. It was kind of developed in October, but it really talked about the status of everything through the end of September. And when you look at this, and if you were to compare it to the prior status report, you'd go, "Oh, starting to see some yellow triangles and red dots instead of just all green dots. Things seem to be going off track."
Well, when this first got published, there was. There were some things that just were still a little bit lagging, were not where they needed to be. I can tell you, though, since that time, particularly in the Registry System Testing and some other things, they've caught up, essentially caught up. So this chart is going to look very different the next time it comes out. And in a year, it's going to look very different to this.
And so right now ICANN feels very much that they're on track. There's always risk. There's a lot of things to coordinate, as you saw in that prior slide. And each of those kind of bars on that prior slide are different like groups of people working on stuff, some ICANN staff, some ICANN community, some both, etc., etc. And so it is a lot to coordinate and to keep on track and to keep track of. But they do feel at this time that they are on track to hit the opening of the round in April 2026.
So for those of you who are frequent flyers of this webinar series, you've heard me over the last years saying, "Let's not get too excited about April 2026 yet. Let's see how this goes." I would say I think they might hit it. And so let's move forward thinking that that's going to happen. And so next year will be very much as the year goes on, need to kind of plan and then budget for 2026, if you plan to participate.
So let's talk about some just specific things. I won't talk about all the different subprojects and sub-workstreams, but I do want to talk about a few of the key ones, the first one being the Applicant Guidebook, which I said is the very like most important document to this program. It will give a lot of information and a lot of instruction on how to apply and move forward through the program. So they are working, as I mentioned, to get this done, get the Board to approve it by no later than 2025. But the final public comment, they need to have happen in May 2025. So it'll come out for a final public comment, and then by no later than December, and quite honestly, I think before that they'll get Board approval and be officially published.
So a lot has happened already. There's been kind of like sections of it that they've been putting out for public comment. So they initially planned three big public comment periods. There may be a fourth. There's one going on now, like I said, different sections. After they've kind of evaluated comments in each of the sections, they'll put out the whole thing for public comment in the late April, early May time frame of next year.
So it really is a culmination of so much work that's happened and, again, very dependent on a lot of work being done by various implementation review teams. One you'll hear a lot about is often kind of shorthanded as SubPro, but it was the Subsequent Procedures Working Group that kind of has a lot of the meat, if you will, of the criteria and contention processes and evaluation processes, etc., that really examined those things and made some suggestions. And the implementation review team is working through that and putting that into language. They have recommendations from the team. Now they have to kind of put it into actual AGB language.
So the public comment, like I said, the third public comment here, these are the topics that are expected really if you look through, the first three boxes in this chart. The last box, these are things that will probably slide into January and kind of cause the need for a fourth sort of public comment. So just be aware of that. This is just getting the initial language out, getting those public comments. And like I said, in May of next year, there'll be the final public comment on the whole document. So you can kind of see how it all works together.
We mentioned earlier the key kind of objectives for Round 2, and one of them being to remove barriers and greater diversity in sort of the applicant pool. The first round, most of the applications came from North America, followed by EMEA, and then a sharp drop-off, and then in the distance, there was APAC and a couple from the Middle East, a couple from Latin America. So largely believe that there wasn't adequate diversity in that applicant pool. And so the GAC really identified cost as well as sort of know-how of how the system works and how the application process works as key barriers or top barriers to participating and obviously also communicating what's going on and doing that more broadly and more earlier and in multiple languages, etc., etc.
So part of this Round 2 is what's called an Applicant Support Program or the ASP. And it's trying to build that diversity, making sure the barriers are broken, really foster competition and really enable and enhance the utility of the Domain Name System. So they all sound like very lofty goals. I agree. But the ASP really is something that is intended. There will be some subsidy to applicants who qualify so that they won't be paying the full $227,000 plus other fees. They will be paying a smaller amount. They're also working on getting industry providers of the different services around applying for new gTLDs to like offer their services at a discount or to provide pro bono effectively kind of advice and support and guidance on everything around how this all works to what you need to know, to the Applicant Guidebook, all that.
So the ASP is a very key focus for the GAC. This has been something they have really repeatedly and consistently been beating the drum about. And actually this and what the next program we're going to talk about have actually just been officially launched by ICANN. So it's getting real, and it's happening.
So let's just talk a little bit more specifically about some of the status of the ASP program. So they've published the handbook. It is dependent on the AGB as well. So there's sort of more to come. But completed development for the system that will handle those types of the applications for applicant support. They've launched an outreach and communications plan. They've put together some adoption, some resolutions for the Board, I should say, of some supplemental recommendations and also some guidance. And there's public comment on the draft ASP terms and conditions.
So this program is moving along. And like I said, parts of it have been recently launched publicly by ICANN. So while this program probably isn't something most on this webinar will apply for, it's important that you know that that's happening around you. And if you hear about like discounted fees and things like that, that's what this all is.
There's also a second part, and this will apply to many, which is something to know for many who are on this webinar series and may be contemplating an application in Round 2. So there's kind of three key topics that an application gets evaluated on. One is, is the applicant financially able to support a registry? Are they operationally able to support a registry? And are they technically able to support a registry? And so that technical piece really has to do with the registry infrastructure that's behind the TLD that actually operates the TLD on the internet.
And so last time, when you applied for, put forth an application, every application, regardless if the registry service provider who was supporting that infrastructure, so many applicants, they weren't getting into like building up registry infrastructure. They outsourced that. They've hired a company that does that currently on the internet for other TLDs. And what happened is there's only a limited number of companies that do that. But for every application that was evaluated by ICANN, that technical provider had to go through a sort of separate verification and validation program of their technical capability.
And so there may be like 15 or so companies that did this at the time. And the same 15 were being evaluated and kind of put through the paces over and over and over again, even though it was the same infrastructure, just a different instance being evaluated. So it was really viewed as a huge waste of resources and time and money that that was the case. But that's what the Applicant Guidebook required, and so that's what had to happen.
So this round, there's going to be a way for these kind of registry backend providers, the technology piece of this, to get pre-validated or pre-certified as meeting the requirements. And so that's what this Registry Service Provider Evaluation Program is, is that there are critical functions that this technology supports. It's a lot of EPP protocol, that's the communication that happens between machines basically to register, renew, transfer, modify domain names, things like DNSSEC, things like RDAP, which is the new kind of like WHOIS output protocol, and things like that.
All these things have to work for a TLD. And so this program will streamline the details of the application process, really separating kind of this assessment of the technical capabilities of a provider from the sort of application, if you will, the applicant's financial and operational capabilities. So it's a pre-evaluation step that can happen. And applicants for Round 2 will be required to use a pre-validated or certified RSP, so that's a registry service provider. So important to know there.
In terms of where they are in this program, like I said, they're publicly putting things out there now. So they've published updates to the handbook, the terms and conditions. They've completed development for the portal for that kind of pre-certification process, and then they've also launched a communication and outreach program. So more to come on that one, but that is happening.
So let's move on. Like I said, we're going to spend the bulk of our time talking about Round 2, but now let's move on to a few other things that are important for everybody to be aware of. And so another item we've been talking a lot about is the Registration Data Request Service. So just to kind of remind everybody, one of the issues that's always been very difficult with domain names is getting behind who owns the domain name. And so there's always been something called the WHOIS, which is that sort of record of who the registrant, admin, technical, and billing contact is on the domain name. And I think people recognize that most of the Domain Name System is self-serve, where people go into a portal, they have a credit card, they register a domain name, and they kind of input that WHOIS information. And there's, through the years, really been a lot of question about the accuracy of that information.
But accuracy and having access to the information are two separate issues. So we're going to focus on to like how do you get the information that is kind of listed for the WHOIS because since the GDPR, the Data Privacy Regulation that went into place in EMEA in May of 2028, the General Data Protection Regulation, much of the WHOIS has gone dark because ICANN, even though in its contracts with registrars and registries required publication of that information, the GDPR kind of caused a big problem with that because there could be reasons why sensitive personal information, name, address, phone number, things like that, email should not be published publicly.
And so the ICANN community has struggled with, like, okay, understand that privacy is very important, but there are some situations when it should be disclosed, it's necessary to have disclosure of who's behind a domain name. It could be for law enforcement reasons. It could be for IP enforcement reasons. It could be for fraud reasons, security investigations, things like that. There are some very legitimate reasons why WHOIS should be disclosed.
And so, over these last years since the GDPR went into effect in May of 2018, there's been a lot of like thought and debate about how this happens. And the first kind of system that came out of a working group was very complex. It would take years and years to implement and millions of dollars to implement. And the question was, will this solve the problem? And so ICANN decided just about a year ago, a little more than a year ago, I should say, to try something a little bit more, what I call, quick and dirty. Just kind of get something up and see if people use it and see if it helps. And let's understand the problem a little better through data.
So that's how this Registration Data Request Service, or the RDRS, came into existence. And basically, this will connect requestors who are seeking disclosure of non-public registration data with kind of ICANN registrars who are participating in the service. And that's really key. It's not mandatory that registrars participate in the service. This isn't something that's contractually required right now. And so that's been part of the challenge because really I think if we look at data from October of this year, only about 60% of all gTLD domain registrations are covered by the registrars who are participating. So there's 40% of the registrations where the registrar, who is the registrar of record for that name, is not participating in this program. So that's a bit of a gap. But it's really trying to kind of streamline the process.
But you have to really look at this RDRS. It's really a ticketing system. And at the end of the day, that's what it is. It enables you to put in a request. The request gets pushed to the registrar. The registrar responds offline and emails back and forth with the requestor, and then the registrar goes back into the system and kind of puts in what the final disposition of the ticket is. So it will not guarantee access to all registration data.
And like I said, a lot of the communication between the registrar and the requestor happens outside the system. So it's not something that kind of ICANN will have visibility of. But nonetheless, they publish data and stats around the usage of the system. You can see that currently you can go onto the ICANN website, and you can create an account to put forward these requests. There's a little over 6,700 accounts. There's been over 2,100 requests submitted. The system went up at the end of November of last year, so we've just crossed the line of one year. A lot of this data is obviously from the ICANN meeting that's just prior, but almost a year's worth of data. About 2,100 requests submitted.
Like I said, a small percentage of registrars participating, 91. The number of registrars participating hasn't grown terribly much since it launched. We've launched with about 56 registrars. There's 91 now. So it's been a mixed bag. I was just looking at some data that just got published for October, and October was the all-time low in terms of requests. So that's a little bit disappointing.
And you see here, and these are some more statistics that they provide. IP holders are certainly the largest group of requestors. But when you think about this is the globe, people around the globe can ask for data, the fact that we're not only looking in the hundreds of requests total over the last year and not in the, I guess, total 2,000, but for IP holders in the hundreds, it's pretty low, right?
The plan for this RDRS is to run this program for two years, kind of then look at the data and understand, like, is the system that was proposed through all that kind of work that was done after GDPR, is that the right system? Is it the right investment? Will it solve the problem? I mean, at least we have some data, but I don't think we're going to have a whole lot. So it's a little concerning.
We can also see here in terms of like denials, the largest reason for denials by far is incompleteness. When you go in and put in a ticket, there's a form that you need to fill out. So many of the requests are getting denied or closed because of incompleteness. So that's something I think there needs to be some more sort of education around. There also is not a ton of guidance for registrars here on this stuff. So I think that's also certainly an area for improvement.
So a mixed bag here on the results of this. You can see some milestones that have happened. They are making improvements, I think. There's been some modest improvements, certainly. But one of the things I hear the most from customers, and we continue to kind of beat the drum that we need to get is sort of bulk entry, right? You have to do each name one by one by one by one. So, I mean, if you could at least bulk it by registrar, that would be super helpful. So we'll continue to advocate for that.
All right. Let's talk about some other quick policy things that are going on. So there is a transfer policy development process, or PDP, that's been ongoing since early 2021. So I've been involved with ICANN for over 20 years, and throughout time, we've looked at the transfer process because there are always loopholes that are discovered or challenges with the inter-registrar transfer process. And so this is yet kind of another look at that to make sure that we're doing everything we can to minimize fraud and hijacking and making sure the process is predictable. So the working group did publish its initial report in August. They did run public comments, and now they're looking through those public comments. So making some progress here. I think you can expect some smaller changes around the edges, but always good to look at that process because there is the potential for really bad things to happen when it comes to transfers if everything is not kind of working properly.
The other policy development process, so PDPs are a very kind of formal process within the ICANN world. And so there's a PDP, which is a normal PDP, and then there's something called EPDP, that's an expedited policy development process, and it kind of puts the clock of a year on things to kind of get kind of the initial report out.
So anyway, the IDN EPDP, that was something that's broken down into two phases. It has been a dependency for the new gTLD program. Phase 1 focused on topics related to sort of the top-level gTLD definition and sort of variant management. So IDNs, just in case you don't know what that is, IDNs are internationalized domain names. So think of domain names in scripts other than Latin, English basically. So Chinese, Hindi, think of some of the special characters and languages like in French, the tilde, in Germany, the umlaut. Those are kind of examples of IDN characters.
And so there's a lot of work that's been done to get kind of browsers on the internet as a whole to work better with IDNs. The conversion of an IDN to something that the browsers and internet can consume has been a long journey. And along with the kind of goal of Round 2, enabling greater diversity and inclusion on the internet, getting sort of more rules and more sort of clarity around IDN handling on the internet is really important. So this has been one of those kind of really important topics to get right and get in place before the program.
So they're definitely on track with that. They've put their final report out on Phase 1, and now they're completing their final outputs for Phase 2. And the final, final report will go to the GNSO Council, which was that big blue box in our org chart at the beginning of the webinar, for consideration basically. If they're good with the recommendations, that will go up to the ICANN Board for final approval. So definitely making good progress there, and that's on track with the program.
And then we talked about with RDRS that there's accuracy and there's access, right? So RDRS is trying to deal with access, but there's still a problem with accuracy, right? And this is another topic that GAC, if you look through the last 20 years of sort of their communications and publications, data accuracy of registration data is a very, very important topic, not only to them, but like to the internet community at large. We want to know and we need to know that the data that goes behind these domain names is accurate.
And so there was a scoping team that was put together in July of 2021 to kind of look through sort of current enforcement and reporting of registration data accuracy. Many of you know that ICANN has the ability to report inaccurate data. Once they receive that report, they forward it to the registrar of record for the name, and they have 15 days to respond to that. But a lot of times it is something where it feels like nothing really happens, right? Just to be honest, I think it feels like, yeah, the registrar got that to the registrant. The registrant said it's accurate. They go back to ICANN, and ICANN closes the case. But is it? And so, it again just starts a vicious cycle of are we really, really certain? Like who's really the judge of accuracy here, and how is it being judged?
So the scoping team, like I said, got formed in July of 2021 and is trying to figure out not only like how to enforce and report on accuracy, but also how to measure it, right? It's just gone round and round and round in circles. Some of this has been tied up in ICANN has issued a new registration data policy. So the WHOIS output is going to be changing. All registrars need to have the new kind of registration data policy. Registrars and registries need to have the new registration data policy sort of operationalized by August of next year. And so there are some fields that are going to be gone. Many people are very used to the admin email. That's no longer going to be a field in the new registration kind of data output.
And so there's a lot of change going on. So they put a pause on this right now. And then there's going to be kind of a reconsideration of whether this needs to get spun back up, whether it should get spun back up, in what form it needs to get spun back up. So this is sort of an initiative, a policy area that's sort of in flux and sort of treading water right now. So we'll continue to watch this because, obviously, data accuracy is something that is important as the brand holder. So that's something we're watching.
All right. So another key topic over the last, I would say, two years in earnest at ICANN meetings has been DNS abuse. I know that there's no one on this webinar that doesn't wake up in the morning and sometime, during the course of their day, doesn't read something about some kind of DNS abuse happening out there. It is in the news. It is real. It is not a shrinking problem. It's only growing.
DNS abuse is not a bunch of kids sitting in a garage kind of like pranking people on the internet. No, we're talking about everything from identity theft and fraud to hijacking of names, many, many, many forms of phishing. Lots of abuse going on out there, business email compromise. You can go through a huge list of things. There's a lot of great things about the internet, a lot of things that the internet enables, but there are some big DNS abuse issues that governments, companies, individuals are all struggling with. And it's really no one person or group's responsibility or government's responsibility. It's sort of all of our responsibility.
But governments are increasingly tuning in on this. And so you've seen, in the recent couple of years here, regulatory activity on the government front. So many of you have heard about NIST 2 coming out of EMEA. Just a month or so ago here in the United States, you had Senator Mark Warner sending letters to compromised registrars, six compromised registrars, talking about needing to have greater controls on their systems.
When you really sit back and think about it, the DNS, the Domain Name System was not built on security. Like at its onset, it was not built for security. It was not built on security. It was really about speed and convenience and getting things going quickly, websites up, and emails going. It really has a very sort of entrepreneurial flair to it.
In recent years, we've had things like DNSSEC and other things that are trying to bolt on security to the current system to make it better. But there's still a lot that can be done at all levels. Like I said, we all have a responsibility, everybody from government to companies to individuals to various groups out there, including ICANN.
So there's always topics and meetings around DNS abuse at every ICANN meeting. And this was no exception. They did spend a fair amount of time. They've kind of partnered with a company called Metrica. ICANN put out something called the INFERMAL report, which kind of details different like DNS abuse statistics. Very interesting.
CSC has also, in the last month, put out its 2024 CSC Domain Security Report. This is our fifth year of looking at the Global 2000 and looking at domain security specifically and how that plays into DNS abuse. So as Annie mentioned at the top of our program, in the Resource Center of this webinar, you can download a copy of the report, and you can also sign up to get a recorded link to the webinar that we did that dives deep into the report results. I think you will find that very interesting.
Here's a summary of some key findings. I think one of the things, like the big headline, if you will, is 107 of the Global 2000 companies have a domain name security score of zero. That is crazy. That is crazy. So there's obviously many variations from there. Again, I really encourage you to check out the report, to check out the webinar. It's really a must-read. It really gives you a sense of things that are out there.
CSC, if you're getting webinar invitations, you're probably also getting some of our other announcements. And we've launched something called CSC DomainSec here in the last year, and we're now doing a phased rollout of the new user interface for that system, that platform. The platform really brings together data from domains, brand protection, fraud, puts it all together. Like we have all these data lakes of all this data that we are managing, and it really helps you have a single pane of glass view, really deep insights into your data that you have with CSC.
Just quickly, the GAC, as I mentioned there, the Governmental Advisory Committee, just so you get a sense, there's about 183 country and territory members, about 39 observers, and over 500 delegates who usually go to an ICANN meeting. So very strong representation from governments.
Every meeting they issue what's called a communiqué a couple of days after the meeting. It used to be at the last day of the meeting, but now it's kind of extended out. And I always say if you want to know what's really going on at ICANN, what the timeline is for things, what's a potential obstacle or hurdle, watch the GAC. So GAC is a really good barometer of what's going on.
And so they always have two parts to their report. One is the issue of importance. After they kind of detail all the things they did during the meeting, they do go through issues of importance. And then they also will provide advice, which is a very formal kind of like ask of ICANN, saying like we think you should do this, or you should look at this this way. And ICANN is required, under its bylaws, to respond.
So let's quickly talk about issues of importance. Obviously, Round 2 of the new gTLD program, the Applicant Support Program, auctions, and sort of Latin script diacritics. They've also been very, very consistent on general ethics policy and code of conduct on statements of interest. So as people participate in the ICANN community, on working groups, etc., they have to file a statement of interest that sort of says like who they represent. And there's been some concerns, particularly with some attorneys, particularly, that there hasn't been sort of full disclosure of their full representation. So there's some concern around that. DNS abuse, as we've talked about, also domain name registration data into sort of those topics.
And then, believe it or not, I think in my entire time of following ICANN and the GAC communiqué, I am really hard-pressed to think of a time where they didn't give new advice. There's plenty of advice ICANN still needs to act on and to fully respond to. But during this meeting, the GAC did not have any new advice for ICANN.
WE'RE READY TO TALK
Our specialists are ready to answer your questions.