ICANN 82: Insights from the Meeting in Seattle, Washington

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo and other engagement features. To set up a live demo, please complete the form above on our website. If you currently are not on our website and are watching this on our YouTube channel, there's a link to the website in the description of this video. Thank you.

Christy: Hello, everyone, and welcome to today's webinar, "ICANN 82: Insights from the Meeting in Seattle, Washington." My name is Christy DeMaio Ziegler, and I will be your moderator.

Joining us today is Gretchen Olive. Gretchen is the Vice President of Policy for CSC. For over two decades, Gretchen has helped Global 2000 companies devise global domain name, trademark, and online brand protection strategies and is a leading authority on ICANN. And with that, let's welcome Gretchen.

Gretchen: Hi. Thank you, Christy, and welcome everybody. As usual, ICANN meeting was super busy. Just to make sure that everybody on the session kind of has an equal kind of footing, I do see some new attendees here today, so we're going to make sure that everybody is kind of understanding the structure.

So first of all, ICANN has three public meetings a year. They have one in the March time frame, one in the June time frame, and then one, which is their annual meeting, at the end of the year. So we're here talking about the March meeting, which is often known as the Community Forum. It's about a 7-day format, and it really is a full-scale meeting, talking about everything from high interest topics to also kind of working group meetings.

Next slide, please. So ICANN, much like a corporation, it has an organizational structure. There's a Board of Directors, and there's a staff. So you kind of see the Board of Directors bar across the top. You see ICANN kind of staff on the left-hand side and some other supporting organizations. But what we really focus on in this webinar series is the GNSO and in the gray boxes, on the right-hand side, the Governmental Advisory Committee. This is really kind of where a lot of the things that affect internet users, particularly businesses and IP interests, this is where a lot of the policy comes from.

So ICANN is a bottom-up, consensus-driven policy organization. So kind of things start at the grassroots level and then kind of bubble up through these supporting organizations and on to the Board of Directors for approval.

So let's go to the next slide, and we're going to start talking this session about ICANN's New gTLD Program. So let's just give a little bit of background here. So in 2012, ICANN ran its first round, it's called, of the New gTLD Program. They received over 1,900 applications. That was about 1,400 plus unique strings. And 33% of them were dot brand, and you can kind of see a breakout of that in the graph on the slide.

Believe it or not, there are still some applications that have kind of encountered some challenges, and so they're going through kind of disputes and litigation and things like that. A large portion of them, though, have launched. And really the last 10 plus years has been spent kind of going through different analysis and retrospectives and studies on what happened in Round 1 because ICANN made a promise to that Governmental Advisory Committee, which you saw in the gray boxes there on that org chart slide, that kind of when they got through Round 1, they would review what went well, what didn't go so well, and then take corrective action.

So it has taken much longer I think than anybody ever anticipated to get to this point. But after about 10 plus years of that type of work, we are now approaching the next round.

Next slide. So what are the key objectives for ICANN in this second round? And you can talk to many people across brand owners, business owners, internet users and there's varying levels of understanding and awareness certainly of ICANN and this kind of New gTLD Program. But you often hear, "Why do we need more TLDs?" Certainly the first round, there were only 22 generic top-level domains, gTLDs. And certainly, the second round brought us over a thousand more. So there's always a question like, "Why do we need more?"

And ICANN has kind of set out these two key objectives. It's really about kind of focusing on kind of diversity and inclusivity in the Domain Name System. Believe it or not, more than half of the world does not speak English as their primary language. And so really getting non-English-speaking communities and areas of the world and populations on the internet is a key objective to kind of provide that forum for everyone, and then also to kind of reduce the barriers for applicants. The first round, there was a lot of criticism that it was expensive. It was complicated. You needed to be an insider to put forth an application. ICANN didn't have adequate support, things like that.

And so these are two things they want to kind of continue to push for. Lots of different non-English-speaking populations to join the internet community, as well as provide an open path or kind of a less barrier filled path to being able to be a gTLD registry operator.

So next slide. So the one thing that I would say is a great improvement this round, I was around for the first round, and ICANN was blazing a new trail. It seemed like there were twists and turns every day. And there wasn't a lot of kind of visibility and predictability in Round 1 in terms of like how things were going and what was the next step and what were the kind of milestones and the key things that needed to be accomplished to be able to get to opening of the round and to get through evaluations, etc.

This time, I think ICANN has done a much better job in terms of providing better visibility and predictability. They have a very robust, I would say, Program Management structure. So they give reports that tell you sort of like what's going on and how this is all structured and how this all breaks out and how it all needs to come together. So it really is providing that kind of greater transparency and accountability and that predictability that was really missing from the first round.

Next slide please. They're also doing I think a nice job of providing kind of project-level or program-level detail about what needs to happen and how it's happening concurrently, etc., etc. So again, here's another kind of representation of that and how they're kind of providing that visibility and that transparency.

And I think it gives people a level of confidence that I know during the first round, on any given day, there was not a lot of confidence of where we were going and how fast or slow we were going to get there. But I think this time there is a lot more of that. And I can tell you, from sitting in sessions in Seattle, you could hear it in people's voices. Sitting in a GAC meeting and hearing GAC members say the application window will open in April 2026 was huge. I don't ever remember kind of that level of confidence kind of being asserted in Round 1.

So ICANN has also confirmed some key details. So the application fee will be $227,000, and there will likely be additional costs, particularly for dot brands. So those additional costs are not yet articulated. We're waiting for kind of what you call the Guidebook, the Applicant Guidebook to be released in full. That's expected in May of this year. Kind of think of that as the runbook for the New gTLD Program. It will tell readers everything from who's eligible to apply to what it costs and how to apply, all the different kind of requirements of being a registry operator. So it is a meaty document. We'll talk about this in a few seconds. They've been kind of releasing chunks of it for public comment. And in May, we should see the whole Guidebook in total for public comment, which I know I'm kind of excited to finally see that in full so that you can kind of read all the different sections and how they interact and have a real, true, full understanding of how this is all going to go.

The application window, like I mentioned a few minutes ago, is expected to open in April 2026. That window will be open for about 12 to 15 weeks. We'll get the exact dates when we get closer. But it's not an unlimited window. I think that's one of the key things to remember. It's not open forever. It is a time-limited window. And in fact, during the first round, it was supposed to be open from January through the end of March, and it actually wound up getting extended because there were some challenges with the application system. So again, we'll continue to monitor this and make sure that people are aware of what the time frames are.

There have been definitely some key decisions made that were not made in the first round prior to the program's launch. So things like no private auctions or closed generics, and then sort of not allowing both plural and singular versions of a string being treated separately.

So ICANN has also launched a website here in the last couple of months that kind of is where they put all their information around the New gTLD Program. So we provide you with that link here as well.

Next slide, please. All righty. So in terms of where things stand, like I said, people are speaking pretty confidently about April 2026. This is a little status report that ICANN puts out basically on a quarterly basis. This was the one as of the end of January. For the most part, things look good. You do see some red dots and some little yellow triangles. There are a few delays that are being experienced. But in my conversations and sitting through some of the sessions, it really sounds like some of the timelines that were initially set out for some of these things did have some extra room or some padding for some of the delays they're experiencing. So they're not uber concerned right now. But I think that that is something that we'll continue to watch.

So right now, everything does seem to be on track. I think the overall good news is in the Predictability category. Again, in the first round, there were lots of promises as to when the program would open, and then it would be delayed six months. It would be delayed another six months. I don't really think that's going to happen here. If there are delays, I could see them being like a month or two, maybe three. But I don't see this as like six-month delay blocks. So again, we'll continue to monitor this and report out on it.

All right, so next slide. In terms of the Guidebook, just a little bit more about that. This is a very key deliverable for the program. As I said, this is sort of the runbook for everything you need to know about how to apply and how to operate a new gTLD under this program. So you can see, as I mentioned, they've kind of been sharing blocks of sections from this book. It's going to be about a 300 or so page document. So they've been releasing pieces and putting it out for public comment. There's a public comment about to wrap up on April 2nd. But we do expect that final public comment the end of May to get the full book. And then no later than the end of this year, the ICANN Board should be approving the Applicant Guidebook. So again, so far so good, but we'll continue to monitor that.

All right, next slide. Just to give you a sense of what is in sort of this fourth and final kind of segmented release, these are the topics that are being covered in that release. So a lot of really detailed information and some really important topics. Like I said, we're watching this carefully, and we'll be talking much more about this as we move forward. Certainly after the Applicant Guidebook is released, we'll have a lot of insight to provide to our clients.

All right, next slide. So with the New gTLD Program looking like it's moving down the tracks at a pretty kind of predictable pace, one of the other things going on around this is there are some significant things going on around WHOIS. And I can tell you that my very first ICANN meeting was back in I think it was 2001. I was trying to think. It was late 2000 or 2001. I think it was 2001. But needless to say, one of the hottest topics then was WHOIS, and that has continued to be the case. In my over 25 years of working in this space, and it is kind of something that is so central to the Domain Name System and it really is something that we've been wrestling for so long.

So I wanted to kind of like bundle some of these updates together because I thought it would make sense. Registration Data Request Service or the RDRS, I'll give you the update on that, as well as things around urgent requests for disclosure of registration data, how the publication of WHOIS is changing, and then also the Registration Data Policy that is coming up or that's actually in the process of being implemented. So we've got a lot to kind of cover here.

Next slide. So let's first start with the Registration Data Request Service. So this was put into place in late 2023, in November of 2023, and it was really in response to when the GDPR, the General Data Protection Regulation became enforceable in May of 2018. It was really the first time that ICANN recognized that the rules that they had around WHOIS and the requirement to publish essentially ownership or contact information behind a domain name, ICANN has contracts with registries and registrars that require public collection and publication of that data. And for years and years and years, many countries were telling ICANN and the registries and registrars that operated in their jurisdictions that there are data privacy regulations that prohibit some of this publication.

And I really think, in my opinion, it wasn't until May of 2018, when the GDPR became enforceable, where there was like definitely a full recognition by ICANN that they couldn't operate in sort of a bubble, that they needed to acknowledge and comply and understand that there needed to be a way for registrars and registries to comply with all the different kind of data privacy laws out there. And so, at that time, ICANN put something what was called the temporary specification in place that allowed registrars and registries to limit the publication of personal data in those WHOIS records. And what we saw in a lot of cases, we saw widespread redaction being used. And so, oftentimes, I hear people refer to May 2018 as the time the WHOIS is went dark.

And so, since then, there's always been a struggle of like there are some very legitimate purposes for which people need who is behind a domain name, that information. And so ICANN has struggled since 2018 to really come up with how can that happen and what mechanism can be used. And so there was a lot of policy work and policy development processes, expedited policy development processes that were used to try to do that. And long story short, the first kind of system that was come up with, that was kind of proposed was going to be multi-year, multi-million-dollar implementation. And so it was ultimately decided to take a sort of shorter, quick and dirty, if you will, approach to see what the volume of requests would be, what types of requests would come in.

And so they created almost what is a ticketing system, called the Registration Data Request Service or the RDRS. And it was really hoping to kind of like streamline and standardize the process for both submitting and receiving WHOIS information requests. There have been a lot of challenges. One of the big challenges is that it's not mandatory for gTLD registrars to participate in this. And I think that's been a major challenge.

Let's go to the next slide. So one of the major challenges is that they've been through a full year of performance of this process or this ticketing system, and when you look at the data, it certainly provided data, but there's a fair number of requests that have come in where the registrar doesn't participate. So that's a problem. There's a fair number of requests that come in for TLDS, including ccTLDs. Those are not governed by ICANN. They're not part of the system. So it's not able to kind of go through this process.

But they've basically found out we've had a lot of requests come in where ultimately the request is denied. And so there's this kind of angst of like, all right, we have this ticketing system, and we have this process, but we still have these denials that are happening. And so how do we kind of improve this, and is it worth kind of continuing with this, because this initial RDRS system was something that was put in place and the goal was to run it for two years, collect data as to how this would work, and then determine if this should continue and what the improvements could be, or maybe we need to go back to what was initially proposed? And so there's been a lot of kind of I think disappointment that this isn't taking off the way it was expected. But I do think that there is a feeling that this hasn't been a waste of time.

So next slide, please. There's been a lot of discussion about this over the last couple of months by the ICANN Board. And while the RDRS has not kind of delivered the results that everybody wanted, where there would be this really easy way of getting to WHOIS is information, the ICANN Board does feel like it is a useful tool. And I think there are people in the community who think that. I do think there's a lot of disappointment. But again, I think there are some key things that if they were fixed, if there were these changes, that there could be a much better experience. And one of those things the ICANN Board has definitely listed is mandatory participation by all registrars. And so that would need to be done through contracts.

There are also privacy and proxy services, and that's not really included in the system. So how do we get that included into the system? And then there's also a challenge with there's law enforcement folks who come in and request information, but there's really no way to kind of authenticate them as that.

So I think there are some logistics and some administrative changes that could happen here that could make this work a lot better. And that's exactly what the ICANN Board is saying. And also, maybe it makes sense to allow voluntary participation by the ccTLDs. Even though ICANN doesn't govern them, maybe having them participate, or people being able to put requests through the system is not a bad idea. So that's also something that's being contemplated.

So I think kind of the end story on that is it has not gone as well as expected. But I do think that there's this feeling that maybe just waiting around for another year is not the best course of action, that they have the data that they need, and actually what they need now are some changes. So that's kind of the next step for the RDRS. So we'll continue to follow that.

All right, next slide. So the other piece around WHOIS is around these urgent requests for disclosure of registration data. And this was one of the policy recommendations, when the different PDPs, they call them policy development processes around the WHOIS and registration data. There was this Recommendation 18 that was made as part of that first phase of the EPDP. And that was not fully adopted because I think there were still a lot of open questions and kind of concerns that the Board felt like the recommendations that were put forward didn't really address. And so I kind of list them all here.

But what they kind of come down to is like when we say "urgent requests," what does that mean? I think the initial proposals were like you need to do this within a week, or you need to do this within a few days. And I think there's very different definitions of the word "urgent" and are days or weeks really quick enough? Aren't we talking more about hours maybe? So that's something that needs to be resolved, as well as authenticating law enforcement. That's a very hard thing to do. People come into the system, say that they are law enforcement. But registrars have no means of really confirming that or validating that. So how can that be fixed? How can we provide a resource? Because there are many law enforcement agencies around the globe, and certainly registrars don't know who they all are.

So anyway, these were just some of the key kind of concerns the ICANN Board had.

Next slide. So what they've decided is that this is an issue that's very, very important. The WHOIS has always been very important to the Governmental Advisory Committee or the GAC. And basically, they've kind of broken the follow-up actions on getting this urgent requests for disclosure kind of all buttoned up into two pieces.

One is this authentication track. And the GAC Public Safety Working Group has put together what they're calling a Practitioners Group, that's kind of pulling together representatives from some key law enforcement organizations as well as the registrars, registries, different constituencies within sort of the domain name ecosystem and really getting them to work together about how we can solve this authentication problem. There was a meeting held right before ICANN. And there are some other discussions that are expected basically every two weeks since the ICANN meeting. So they're expected to kind of report out on a regular basis. So we'll be following that.

As well as there's kind of a policy piece of this, is that how do we get to what's the right amount of time? And I think these two definitely do go hand-in-hand, but they are two separate questions. So similarly, Implementation Review Team or the IRT, lots of acronyms in ICANN always, they're reconvening and working through trying to make a recommendation on that. So hopefully these two things will converge, and we'll have kind of a final path on these urgent requests.

All right, next slide. Then we have issues around the actual publication. I shouldn't even say issues and changes. I think most people are very familiar with what a WHOIS record looks like right. You have some information about the domain name itself, and then you have some contact records. You have some information around the DNS. It's a very kind of standard thing that people have gotten used to seeing.

Well, a few years ago. ICANN basically required registries and registrars to implement a secondary way of publishing WHOIS data, a kind of secondary protocol, if you will, called RDAP. And that RDAP protocol addresses some security flaws in the WHOIS protocol, as well as makes the output more machine readable. So for the last two years, registries and registrars have been kind of publishing WHOIS in two formats. One is the old legacy WHOIS protocol, and the other one is this new RDAP.

And at the end of January of this year, the requirement for registrars and registries to publish both ways changed, and basically registrars and registries are only required to publish using RDAP. And we have seen some, not all, it's been very slow. We have seen some registries and registrars start to retire the old WHOIS output. And so now we're kind of getting some inconsistencies it seems like in sort of how WHOIS looks, and it is confusing. It's a little disorienting.

So far there's been 74 gTLD registries that have already discontinued publishing via the WHOIS protocol. And I think we will continue to see that number increase in terms of the number of retirements because the RDAP is the way forward. So that's one thing in terms of like kind of how the protocol that's being used for how the WHOIS is being published.

Next slide. So just to give you kind of that visual. You can see on the left-hand side is sort of kind of like little excerpts of what a WHOIS record normally looks like. And then you can see on the right side of the slide sort of what the RDAP response looks like, and it definitely looks more computer-generated, right? The information is kind of embedded within a bunch of syntax that's used for making things more machine readable.

Next slide. So the registration, so now we have this change in the protocol that's being used to publish this information. There's also a change going on with the what the fields actually are and who's responsible for collecting and publishing that data. So a new Registration Data Policy was published last February. And basically, ICANN was, with this new policy, trying to balance kind of the need for registration data against all the different data privacy laws out there. And registries and registrars were given in February, when this was published, kind 12 months to plan their implementation and then sort of a 6-month transition period. So we are in that transition period now.

So you already have this WHOIS and RDAP change happening, and now you're having this Registration Data Policy change happening also. And so what is changing, and we'll do a little visual here in a second, is the different fields of data that are collected and transferred and published by both registries and registrars. So it is something that is a major shift. And you're not seeing it now in a lot of places, but you'll start seeing this more and more.

So let's go to the next slide and let me kind of show you what I mean. So registrars, on that left-hand of the slide, these are the absolutely mandatory fields for a registrar to collect. On the right-hand side is what's called the Registry Minimum Data Set. This is the absolute minimum data set that should be transferred to a registry from a registrar.

The stuff that's highlighted in teal, on the registrar side of the fence here, you can see maps to what is the Registry Minimum Data Set. So registries, most of them, not all and we'll talk about exceptions, are really going to move to publishing the domain name, kind of where you can go visit the registrar for that domain name, who the registrar is, what their IANA number is, abuse contact information, domain statuses, where you can find the WHOIS server, really RDAP, and the name server information, and DNSSEC information. This is what the registry will publish. They're not going to have any contact information anymore.

So in what's been kind of the situation is that most gTLDs, the registry was responsible for publishing. They were the authoritative record for all the WHOIS information, the information about the domain as well as the contact information and all this other information, and registrars needed to transfer that to them. That is shifting. There's only a minimum set of data that registrars are sending to registries, and now the registrar will be publishing contact information. And the only contact information that is mandatory for them to publish is the registrant data. So I know a lot of people are going, "Well, what happened to the admin contact?" The admin contact is no longer a required field.

And so registrars, this is a big shift, and it is something that is a big shift not only for registries and registrars, but it's also a big shift for people who look at the WHOIS information and use the WHOIS information for IP enforcement and fraud investigations and law enforcement purposes and all those types of things. So this is a big shift. And on top of this, the protocol changing, it's a very kind of disorienting time that we're all going to need to adjust to.

So let's go to the next slide. It's something that we're going to work through. But it has impacts on lots of different things, transfers being one of them. But there will be some exceptions. You'll see a little bit more of an expanded contact set in some scenarios where there are registries, like .bank, that validate, have that kind of different validation criteria. They will be publishing a bit more information.

A lot of the registries have not yet informed us as exactly what they're going to do and exactly, beyond the minim data set, if there's anything else that they want us to send them as a registrar. So this is very much still in motion and still very much something that's going on. So we'll continue to keep our clients informed. We're hoping in the next really 30 days to be able to start sending out communications to get everybody ready for this because we are required to be in compliance with the new Registration Data Policy by August 21st of 2025. So registries and registrars are all moving at different times and individually. So this will be definitely a period of transition and a period of a little bit of disorientation and will likely have some downstream effects. So that's something we are watching very closely.

So in terms of some other policy development things that I think are really important to kind of take out of the ICANN meeting, one of them is related to there's been a Transfer Policy Development Process, again that PDP acronym, that's been going on since early 2021. It's basically the GNSO Council, which is that kind of bigger blue box in that ICANN org chart that we looked at earlier. That involves registries, registrars, business interests, IP interests, ASPs. There's been a need to kind of relook at the transfer policy governing inter-registrar transfers, not only because of these WHOIS changes that are happening. The admin contact, in fact, has been critical to the transfer process for the 25 years that I've been involved. And so that is a major change.

Unfortunately, the policy here is not going to be all buttoned up by the time the Registration Data Policy is in effect. So that is definitely a challenge. But the Transfer PDP group has issued their final report. It has 47 recommendations. That just happened last month. And at this ICANN meeting, they approved the Working Group's final report, and now it's going to the ICANN Board for approval.

Next slide. Just to give folks a heads-up of some of the key proposed changes. Things like elimination of the 60-day transfer lock, I think that will be something people will cheer about. There's been a 60-day lock that prevents domain transfers. Kind of whenever you do a change of registrant, the name gets locked for 60 days, and you can't move the name anywhere. So this will provide some greater flexibility. It was really put in place as more of a security measure, but I think there are other things, and it seems like this Working Group felt the same way, that there are some other things we can do to improve security beyond making it very hard for people to work through moving names where they need them to be.

There's also trying to simplify the transfer authorization process, some enhancements to the dispute resolution process, a new contact type, TEAC contact, transfer emergency action contact to try to handle where there's like kind of urgent transfer-related issues where there's been a hijacking or a mistake made, being able to handle that in a more rapid way, and then also a further standardization of kind of forms and communication. So this hasn't yet gone to the Board. Once the Board approves it, then an Implementation Review Team, an IRT will get spun up, and then they'll work through actually drafting the policy because what these working groups have just put together are recommendations or guidelines. So we're still a ways out, probably 18 months out from really seeing this coming to fruition. But it's coming, and so I wanted to make sure to highlight this during our discussion today.

Next slide, please. And in terms of kind of some other things that are going on, so IDNs, which are Internationalized Domain Names, those are domain names that are not in Latin characters or non-English-speaking scripts, so things like Arabic and Hindi and Chinese. Those types of scripts have been challenged on the internet. They're really more graphic files than they are things that machines can easily read. So they're converted to what's called IDNs, Internationalized Domain Names, where they're kind of like put into a little bit of a code that machines can read and browsers can handle and other systems can handle better.

But there's been an EPDP that's been going on related to IDNs, to improve that experience because, again, going back to the second round of ICANN's New gTLD Program, they really want to enable non-English-speaking people across the world to have greater access and ability to kind of leverage the internet. So they need to kind of get this IDN experience working a bit better. So they have put out a final report. The GNSO has approved that. And the ICANN Board ran a public comment on that, and now they're kind of evaluating those comments. So this is kind of coming into what we call the station quickly as well. And again, after this kind of all happens, then an Implementation Review Team will have to be spun up, and there'll be policy language actually written about this.

So these are two key other policy development processes that are going on that, as we're going through this New gTLD Program process, will also be kind of layered on top of everything.

All right, next slide. I list here again kind of some of the key proposed changes, just to kind of give you a little bit of insight into what's there. But again, like I said, there needs to be an IRT, and these things will get spun up into actual policy language and is a little bit a ways out before implementation. But the key would be that this would all be worked out by the time the TLDs, the top-level domains that are applied for in Round 2 are actually ready to launch. So again, it's sort of like trains down parallel tracks.

Next slide. There are just some more of those proposed changes.

Next slide. So there was also a good discussion around DNS abuse, always a topic the last few years at the ICANN meeting, as it should be. About a year ago, there were some DNS abuse amendments baked into registry and registrar contracts, putting some additional obligations. I wouldn't say they were the most heavyweight of obligations, but definitely putting a little bit more onus and structure around dealing with DNS abuse cases on registries and registrars.

So ICANN's Contractual Compliance team kind of provided some insights into sort of what has happened in terms of enforcing those new contractual requirements. And so they shared that there were 46 ongoing investigations that were related to about 5,400 malicious domain names, and a large majority of them were related to phishing, which I don't think comes as much of a surprise. There also was a formal breach notice issued to one registry and two registrars in terms of not complying with those abuse obligations.

So we're in early days, but there is some, I don't even know if we can say yet improvement, but there is some activity going on and sort of a closer focus. Of course, registries and registrars are not the full sort of source or cause or even ones that can completely remediate the problem of DNS abuse. But it is something that ICANN has control over. So I think it's good that they're taking and have taken some action here and trying to improve the situation.

Next slide. In addition to that, the GAC, this is a very important topic to them, DNS abuse. Remember, the GAC is made up of representatives from various different countries, and it's typically like their telecom ministers that are involved in this group. And the European Commission has been very active, trying to really figure out ways through cybersecurity regulation and other ways to try to really do something meaningful about DNS abuse.

So the Governmental Advisory Committee has been co-leading kind of a DNS group made up of the European Commission and Japan and the U.S. and doing surveys of its members and their strategies for combating DNS abuse, to give some insight into how like governments are dealing with this. And so they shared some of those survey results and insights from the governments to kind of help inform the community.

And so some key things here, like the survey showed that governments felt on ICANN efforts that certainly they were commendable and appreciated, but they felt like it was just excruciatingly slow and was really hopeful that with the new CEO joining ICANN officially in December that maybe ICANN could be a bit more ambitious. I love that wording.

They talked about contracted party efforts. So you're talking about registries and registrars when you say contracted parties. They see that certainly there's been significant effort, but inconsistent across the industry and really would like to see more industry-wide programs.

And then, in terms of like the contractual documents guiding registries and registrars, they definitely felt like the Abuse Amendments were a step forward, but really too early to tell what their effectiveness would be. And they felt like there were pretty significant gaps in the Contract Amendments. It was very kind of lightweight and didn't have all the transparency that really needed to be there.

So I always find these types of insights, that the GAC collects, really interesting because you get an eye into how different governments are thinking about these issues. And look, they have responsibility within their own countries to spin up regulations and things like. So this also gives you kind of an eye into what they may be doing across the greater ecosystem in both their country and sort of how they're trying to protect their citizens from these types of problems. So again, something we continue to watch really closely. DNS abuse is not a shrinking problem. It's a growing problem and something that we work actually here at CSU really hard to not only understand but try to help protect our clients from.

Okay, next slide. So the GAC kind of laid out, I thought this was really instructive, kind of like next steps they thought and they kind of put it into buckets. And again, I won't read through all these. But they also kind of remind everybody that with these new TLDs coming, so we're going to be expanding this space yet again, which creates more landscape for problems. And so they really kind of want to make sure that this work continues in earnest and really tries to tie back some of these policy initiatives and these different discussions and challenges to DNS abuse, that these things don't just happen to happen, that they're all kind of part of the bigger problem of DNS abuse that kind of gaps in policy sometimes either create the problems or allow the problems. And so they've kind of bucketed kind of the path forward that they see in prep for the next round of New gTLDs, which I think is really instructive.

All right, next slide. So as I mentioned, here at CSC, we work really hard and think a lot about how to help our clients combat DNS abuse. So many of you have probably heard about CSC DomainSec at this point. It's really quite an innovative platform. So I provide in this slide deck a link where you can go if you'd like to learn more about this and to schedule a demo. I really encourage you to do that. I think it'll give you some insights in the domain name ecosystem and really let you see across not only domain names but sort of brand protection and fraud protection. So I encourage you to do that.

Next slide. So I always like to wrap up with the GAC because the GAC, at the end of every meeting, they used to issue it on the last day of the ICANN meeting, but it's now become sort of within a week after the ICANN meeting they issue what's called a GAC communiqué at the end of every ICANN meeting. And it kind of summarizes the things and some of the groups they met with and high-level kind of discussion points. But then they also provide kind of insight into the issues that continue to be they call them issues of importance to them.

And then also you have a section called GAC Advice, which is a very formal term in the ICANN world. GAC Advice is where they are specifically advising the ICANN Board on certain things. And there's an actual formal response process that has to happen, and sort of like whether the ICANN Board agrees with that advice and we'll take it forward, or disagrees and why, or maybe needs more information. But there's a very formal process around that.

So here at ICANN 82, the GAC is larger than 75 countries, but on-site, the post-meeting statistics indicate they had 75 countries and being representative with 6 observer organizations. So a good chunk of countries participating. Their issues of importance, certainly not small issues and usually multi-layered. So that continues to be the case. Domain name registration data continues to be a very, very hot topic. Again, WHOIS and just making sure the public knows who's behind a domain name and is able to use that information to take any kind of appropriate action in emergency situations or to enforce rights or to do security and fraud investigations. That's something that is very, very near and dear to the GAC's heart.

So domain name registration data, we talked about the urgent request for disclosure as well as RDRS. They kind of feel similarly to the ICANN Board in that like we probably have enough data. We don't need to go the full two years, but there are improvements that are needed, and we should move towards that now. They still are very concerned about accuracy of that data. The Domain Name System is a very self-service system. People register domain names and they self-enter in many cases that information as they do the registration. So there's not a lot of checks on that, and so they really want more done around accuracy. And then really trying to get all the recommendations around access to that WHOIS information really moving.

Round 2 is also very top of mind for them. They are very focused on applicant support this round. ICANN has spun up a program to help potential applicants in like emerging economies or underserved regions to try to do a better job of like educating, building awareness, and actually providing support, both financial and expertise to applicants. So they have a program where people can apply for that type of support, and that's something that the GAC continues to really push ICANN on. That applicant support program is up and running. I don't think they've seen the number of applicants kind of apply to that program that they were hoping for, so they're really kind of like poking ICANN to do more and more and more.

Application fees and refunds, very sensitive topic to the GAC as well as global outreach and kind of promotion, in multiple languages, of all that ICANN does and especially Round 2 of the ICANN program. So really pushing ICANN that if we want more non-English-speaking populations to be aware and participate and utilize the internet, well, then we need to talk to them in their language.

There's also been this issue that's been kind of bubbling for some time around needing a general ethics policy and code of conduct. When different people sign up to participate in these working groups, there's been some challenges with having a real clear understanding of like who they're representing, whose interests they are representing as part of that policy development process. It's really come up with regard to especially attorneys, who are involved in that, who exactly is behind their kind of participation. So there's been an ongoing discussion about having more formalized kind of ethics policy and a more kind of thorough process around what they call the statements of interest that everyone needs to file before they participate in a working group. DNS abuse has also been a huge topic.

So we have I think run to the end here. Just one final note, next slide. There was actually no GAC Advice in this communiqué, which this is I think the second time I've seen this. It's actually two times in a row, which is very unusual. But nonetheless, they did not have any formalized advice for the Board, so I'm sure the Board was quite happy about that.