ICANN 84: Insights from the Meeting in Dublin, Ireland

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo and other engagement features. To set up a live demo, please complete the form above on our website. If you currently are not on our website and are watching this on our YouTube channel, there's a link to the website in the description of this video. Thank you.

Christy: Hello, everyone, and welcome to today's webinar, "ICANN 84: Insights from the Meeting in Dublin, Ireland." My name is Christy DeMaio Ziegler, and I will be your moderator.

Joining us today is Gretchen Olive. Gretchen is the Vice President of Policy for CSC. For over two decades, Gretchen has helped Global 2000 companies devise global domain name and online brand protection strategies and is a leading authority on ICANN and .brands. She holds a JD from Widener University Delaware Law School and authored 100 .brand applications in Round 1. And with that, let's welcome Gretchen.

Gretchen: Thank you, Christy, and thank you, everyone, for joining us today. Appreciate it. It's a very busy time of year, and I really appreciate the time that people take to attend this webinar series.

We have a lot to cover as always. I don't think I have ever said, "Oh, it's going to be a quick one." Each ICANN meeting is chock-full of updates. So this one has been no exception.

So let's just talk briefly. I always see a few new names on the registration list, which makes me very excited. But I just want to make sure that everybody has some basics about ICANN and ICANN meetings so that we all kind of start from the same point.

ICANN meets three times a year publicly. This meeting, which is the one at the end of the year, the kind of late October, early November time frame, is their annual general meeting. This is a full kind of week meeting. It's really an opportunity for them to showcase what they've been working on, have some good cross-community dialogue on issues of interest, lots of working sessions, and to kind of wrap up the year.

Here's an organizational chart kind of ICANN. A lot of times, I'll talk about the ICANN community or ICANN. This is kind of the group I'm talking about when I say that. Like every corporation, they have a Board of Directors. They have staff, a CEO and president. But unique to ICANN is also these different stakeholder groups and advisory committees that are all volunteers that represent different segments of the community to kind of be part of the bottom-up, consensus-driven policy process.

We focus a lot of our discussions around kind of the bigger blue box in the center, the GNSO, which is the Generic Names Supporting Organization, which is made up of registrars and registries and business interests and IP interests and ISPs. That kind of is where we really spend our time focusing.

As well as there's a dark gray box, all the way to the right on the bottom there, called the Governmental Advisory Committee, often referred to as the GAC. And this is made up of different representatives from the different governments around the world. There are right now, I think, about 184 member countries that belong to the GAC. And they really advise ICANN, particularly the Board of Directors, on from looking at what's going on in ICANN, these policies that are bubbling up from the bottom, up through a consensus process. They're there to kind of give that public policy standpoint to make sure that the policies that do get to the Board for review and approval, those considerations have also been kind of layered on top of that.

So that's who the ICANN community is. So let's get started. The biggest topic of this meeting certainly was the upcoming next round of the New gTLD Program. But before we talk about Round 2, let's just do a quick recap of what happened in Round 1.

Round 1 happened in 2012. That's 13 years ago. And right now, if you look back at that round, you'll see that there were over 1,900 applications. That kind of amounted to 1,400 unique strings. There were certainly multiple applicants for some of the same strings. And of that applicant pool, about 33% of that were .brand applications, and those are applications by companies to run a TLD for their exclusive use, so not to be on the open market where people could get domain name registrations in it.

So what's been happening since 2012? In 2012, there was a window of opportunity during that year to put forward an application. And since then, there was a little bit of definitely start stop in terms of the evaluation of the applications. There were a lot of issues that did kind of crop up that were unexpected that there wasn't kind of policy for.

So after we got kind of through two or three years of that, really for the last 10 years plus, there have been studies and assessments and additional policy work being done for Round 2. And that was because ICANN promised when Round 1 happened, that they would assess how Round 1 happened, what went right, what went wrong, what were the gaps, and committed to kind of corrective action that would be taken, policy, gaps would be filled before Round 2 would happen.

So that's what's been going on. You'll see a little pie chart there on the screen also just to give you a sense of like how those .brand applications broke out. It kind of gives you a sense of the industries that participated and at what level.

So now if we look kind of a little bit deeper at the sort of what's going on today with a lot of those Round 1 .brands, there are about 453 of them out there right now. There are almost 30,000 registrations, domain name registrations in those TLDs. And I know people go, "Well, that doesn't seem like a lot." But you have to think about .brand, there's no need to have defensive registrations in any of those TLDs. The company owns that TLD and has exclusive access to register names in that TLD. So they don't have to fight anybody to protect names in that name space.

And so you can kind of see on this slide kind of those domain name registrations that do exist, what they represent. About 76% of them are live sites. Twenty-six percent of those are redirects. There are mail records. Over 57% have mail records on them, so that's email. And then 46% have DMARC records as well. Twenty-five percent have SSL records, and 4% have DNSSEC records.

So it's interesting because I have a lot of conversations with people in the community, with customers kind of saying like, "What's really going on with those .brands?" And I thought it'd be really good to give everybody a perspective that they are being utilized. And that 317 is representative of companies that are using that, that have .brand. So I think that's some interesting statistics there.

So some would ask, "Why do we need a Round 2? We have all these additional TLDs, both the .brands and other open and community and geo TLDs. Why does ICANN think we need a Round 2? Don't we have enough?" And really, from ICANN's perspective, is they want to really broaden the participation and diversify the participation online. They really want to focus on that diversity and kind of inclusivity of the domain name system.

So last time, there were applicants for what are called IDNs. That's internationalized domain names. So think of those as domain names not in Latin script, not in ASCII characters, but in other language scripts, like Japanese and Chinese and Hindi. Those are scripts that have had some challenges operating online on the internet. But when you step back and think about it, the majority of the world does not speak English. And so how do we get more of those non-English-speaking communities online? And that's really a key directive, a key objective of ICANN's Round 2.

In the first round, when you look at the participation, North America definitely led the way in terms of the number of applicants. This is across all types of new gTLDs. But North America certainly led the way in terms of who applied for a new gTLD. EMEA was second, and then it kind of falls off dramatically. You have APAC. You have a handful in sort of Africa, the Middle East, a very tiny small handful in Latin America, and a tiny small handful in the African continent.

So it is really something that ICANN feels that there were some barriers to entry for some of those regions that did not participate heavily. Some of it's a language barrier. Sometimes it's a resource barrier. Sometimes it's a know-how barrier. So they really wanted to have an applicant support program to be able to provide greater support to that community. So a second objective of Round 2 is to really try to increase participation from other places around the world. So those are their two objectives.

So the flowchart here, very tiny, I know, but I wouldn't get too hung up on the boxes. It's more just to represent the New gTLD Program. Round 2, it's complex. There are a lot of parts and pieces and moving parts and pieces in this process.

But to just kind of get a general understanding of it, in terms of who can apply for a TLD, really legal entities. It's not like individuals. It's only for legal entities to come forward. They can be corporations. They can be governmental or non-governmental organizations. They could be nonprofits. But a legal entity is who can apply.

When? Right now, ICANN is expecting to open up the second application window here, so the Round 2 in April of 2026. We don't yet have an exact date in April of 2026. But we do know that's where they've kind of put the pin. And based on my observations of the sessions and the discussion during the Dublin meeting just a few weeks ago, I will tell you they are very much on target. There are little warning signs here and there in some aspects of the program, but it is full steam ahead towards April 2026. And they expect to have the application window open for 12 to 15 weeks. Those exact dates, opening and closing haven't yet been published, like I said.

And then how much? So for the folks who attend this webinar, the question really is about .brand. So in order to apply for a .brand, all applicants, regardless of the type of TLD, there's a $227,000 application fee to ICANN per TLD. So if you want 3 TLDs, it's $227,000 times 3. And then there's also conditional fees based on the type of applicant you are. So for .brands, there's an additional $500 fee per application for the kind of specialized .brand application evaluation process. So for a .brand, the total application fee to ICANN will be $227,500.

There is some chance for some additional fees during the evaluation process if you get kind of stuck into some extended evaluations. But I think that's going to be, for .brands at least, kind of the more rare circumstance as opposed to the common situation.

But you can see here the process. It has everything from when you apply to going through the reveal day and going through different types of evaluation of not just the string, but then the applicant, their operational capabilities, their financial capabilities, etc. So a lot of kind of process that goes around each application.

So in terms of status, like I said, it does very much look like everything is on target for April of 2026. This was a slide that was used at the ICANN meeting by ICANN staff to kind of say like what's going on here. But you can kind of see they've completed a lot. If you look at those, what, first four rows, you see complete, complete, or pretty much due very soon. Some due in December, or some due in March.

The key thing that happened at the ICANN meeting was during the ICANN actual Board Meeting that kind of rounds out the week, they did approve the Applicant Guidebook. There are a couple of small pieces that they're still working to do the final publication on. But they did approve the Applicant Guidebook, and that was a very, very important hurdle or milestone for them to achieve.

It does not have the Base Registry Agreement. So basically, for everyone who gets awarded a TLD through this process, they will have to sign the Base Registry Agreement with ICANN. There's no ability to negotiate that. That is just the standard agreement that must be signed to basically become a registry operator of your TLD. That is expected in March. So they were hoping to have that completed, but there are still some pieces outstanding there. So they'll expect to publish that in March.

They're still working on a couple of pieces related to like dispute resolution, service providers, kind of the roles and fees. They're expecting to publish that any day now, so like really within the next few weeks.

And then before the end of the year, once they have those dispute resolution pieces, they will publish the final Guidebook minus the Registry Agreement, but publish the final Guidebook for kind of all to see. So right now there's still a little bit of a provisional copy out there. But they've basically said that copy is approved, and we're just waiting for these extra pieces to have a complete guidebook, but we are on target.

So over the next few months, you see in that last row kind of all the things that kind of need to now come together. And again, they're feeling like they're going to be able to meet those dates. So we're on track.

So what does this mean? So I think it's really important for brand owners to kind of decide is this something that needs to be discussed within your organization applying for a .brand. Like how do you get ready for the next round? You're either going to spend a lot of time just saying like, "I'm not going to apply, but I need to obviously plan for TLDs that might be coming online as part of this round and protect my brand there." Or you may be deciding, "I also need to plan for applying for a .brand TLD or TLDs myself."

And so we try to give you some tips here in terms of what you need to kind of plan for, especially around budget. I know everybody is finishing up the budget cycle right now. There's a lot of work that goes into that, and I can completely appreciate that. But if .brand is something that you're contemplating for your next budget year because, again this, application period will probably run from April to early August, we're talking about that 12 to 15-week period, and if your budget cycle kind of lands in that time frame, you need to make sure that if you want to apply, that you have the funds for it. So now is the time to kind of identify and build justification for that budget and get it approved.

You'll also want to think about Trademark Clearinghouse is something a lot of us haven't really talked about since back in 2013, 2014, 2015. But a lot of companies have new brands. There have been changes to brands, things like that. So it's time to kind of think about, okay, let's review our Trademark Clearinghouse. What do we need to add and things like that so we're ready for those new TLDs that will probably start coming online sometime in the 2027 time period and forward. But like renewing current ones, and making sure that any new ones get registered, and then also looking at you know blocks.

So that's kind of considerations. I think the Trademark Clearinghouse and the block stuff is definitely something that's going to be very late 2026 and probably spill into 2027. But if you want to do the application of a .brand, you definitely need to think about that now. And if you are considering a brand, these are some of the things that we recommend that you do.

We're here to help, certainly help you understand this. We're here to also support. We operate about 160 .brands from Round 1. We have a lot of experience through the application process, as well as all that it takes to do a TLD. So certainly take advantage of some of these materials if that's something you're considering.

So let's move on here. So in terms of understanding the requirements if you decide that you do want to do this, we can help you do that. We will be happy to get on a meeting with you and answer your questions and walk you through the process and help you understand that. There's no charge for that. And then also the guidebook that I was talking about, actually now, after the all the additions and some additional things we're expecting, it's going to be almost 450 pages.

We recently offered a webinar. My colleague, Anne-Mette Roed and one of our clients, Ian from Saxo Bank, they did a great webinar that basically went through frequently asked questions, both from like what it took to decide to apply to what it took to set it up, and then kind of what are the things it's being used for, what have been the benefits. Ian does a really nice job of kind of like talking about everything from pulling together the cross-functional team, budgeting, how ownership was decided for that, kind of the role that he's played, as well as sort of what the impact has been in terms of SEO, some AI considerations. I think a really great webinar that kind of really nails some of the questions that I know are in a lot of people's minds. So I think it's about 45 minutes, 50 minutes. Really a good use of time, I think, if you're interested in this area.

So .brand definitely took up quite a bit of time and quite a bit of the energy at the ICANN Dublin meeting, but there were other things that did happen as well. So we're going to make sure to cover that. But I kind of grouped these into like a WHOIS update section because they're all a little bit connected to WHOIS and they all work together. So let's kind of try to tackle these together.

So first, let's talk about the Registration Data Request Service or RDRS. This was a system that was launched in November of 2023. I think next week or the week after will be the two-year anniversary of this system. And so this system was really born out of a challenge. For several years, ICANN worked through policies related to trying to create a policy of how to provide access to WHOIS information that kind of typically would be seen as conflicting with the GDPR.

So as many people know, the information in the WHOIS has gotten less and less and less, and, in fact, you often see the WHOIS is redacted. And that has been a really big challenge for intellectual property, people trying to enforce their IP rights, for fraud and security investigators, as well as people who are academics and researchers in this space. Like not having access to that data that before used to be pretty widely available has become a big challenge. And as many will remember, in 2018, with the enactment of the General Data Protection Regulation or GDPR in Europe, ICANN finally had to come to terms with the fact that the things that they used to require in the WHOIS were in conflict with the GDPR.

And so there was a kind of a temporary policy put into place that allowed registrars and registries to redact certain information. That was in place for the first year, so through 2029. And then they put a "long-term policy" in place that pretty much just continued the temporary policy, understanding that there needed to be more work. And that more work unfortunately turned into something called the SSAD system, that when looked at in terms of feasibility, it was going to take many years to implement and a lot of money to implement. And the question was, "Are we really sure that that's going to give the right benefit, like that it's actually going to work?" And there were concerns.

And so ICANN and the community kind of stepped back and decided to kind of take something ICANN already had, modify it a little bit as a ticketing system for WHOIS data requests. And that's how we got the Registration Data Request Service or RDRS. And it really is just a ticketing system, where people ask for access to data on a specific domain name.

So this has been running, like I said, for just about two years. And this is a quick snapshot. This was, again, data that was shared at the ICANN meeting and a quick snapshot of sort of like what we've seen over the almost two-year lifespan of the RDRS. And I think when people step back from this, they're disappointed. They're disappointed that there aren't more requests. They're disappointed that there aren't more approved requests. They're disappointed that there are not more registrars participating because participation is not mandatory. And that is one of the things, that we'll talk about in a few minutes, that is seen as a challenge here. But here is we stand.

The challenge is while I think the results thus far are disappointing, I think many in the ICANN community, the ICANN Board, the GNSO, the GAC, all feel like it's not a total loss, and that maybe the good news is we've learned something. And I think what we've learned is that probably SSAD maybe wasn't going to be the right solution, and there needs to be some work there. But they've also said, well, maybe if this system had some changes, some different things about it or who participates in it changed, that maybe this could work better.

So the ICANN Board kind of outlined a few that they felt. And the GNSO, which is that Generic Names Supporting Organization, there was a standing committee in there working on the RDRS. They were asked to put together a preliminary report on the RDRS and kind of what worked and what didn't.

So in terms of their recommendations from that report, there were six. They basically said we think this should continue past the initial two-year pilot that was initially contemplated. So they basically think that this could be the foundation of a long-term solution, and it just shouldn't be discarded because two years is up. So they recommended to continue it.

They also recommended that there are some requests that come from law enforcement particularly where they're urgent, they're deemed as urgent requests. And the challenge for registrars is they have no way currently of validating kind of those people coming forward and kind of purporting to be law enforcement, to validate they are who they are, and to kind of pick their requests out of the pile as urgent and handle those differently. So they're looking to basically or proposing that there be something that would authenticate certain interested requestor groups, but law enforcement being number one. But they're not saying that all user groups need to go through an authentication process. So just trying to like give some enhanced, if you will, status to some that would make these types of urgent requests.

They also think that there needs to be some system enhancements. Just the way the system works needs to be improved, that that's kind of clunky. It's not user friendly in all respects, and that things can be improved in terms of a process and sort of system perspective.

There's also a recommendation to kind of consider further policy work. So privacy and proxy providers, it's really hard when a domain name is under privacy protection. This system doesn't involve privacy and proxy providers. So how can that potentially happen? And then shouldn't we be maybe including links in the output from what's called now the Registration Data Access Protocol, where the WHOIS basically gets published? Kind of the protocol that's used to publish the WHOIS, shouldn't there be links to this RDRS system in those WHOIS records?

So that's four of the recommendations. The remaining two, one is they really believe that there needs to be a little bit of a step back. There were 18 recommendations with regard to the prior system, that SSAD system that was initially proposed. They think that the Board needs to sort of like go back, look at that as a package, and basically say, "You know what? We're not going to adopt those. We're sending these back to the GNSO." And then kind of use the lessons learned to kind of put together some supplemental recommendations, kind of rework those recommendations, and then come back with those.

And then also the RDRS Standing Committee is suggesting that they continue on for a while in a more kind of narrowed role to kind of help with advising ICANN on the continued operation and maintenance and kind of potential enhancements to RDRS since they've been so close to it. They are the ones who have been running this pilot for the last two years basically. And kind of any enhancements that need to be made, that they continue to be a resource for that.

So at the ICANN meeting here in Dublin, the Board did vote to extend the RDRS Pilot for two years while they do undergo kind of some additional policy work. And also the Board had asked, at the last ICANN meeting, for ICANN staff to put together kind of a Policy Alignment Analysis Report. There's no shortage of acronyms or really long names and reports in the ICANN world as everybody knows.

But basically what they looked for them to do is like go back and look at a bunch of other policy things that are going on. So I mentioned like privacy and proxy services. There's been some ongoing work that has kind of like start, stopped, and now has restarted related to accreditation of privacy and proxy service providers to kind of pull them in closer to ICANN and have ICANN have some compliance enforcement powers over them. There's also kind of the Registration Data Policy. There are also things regarding, like I said, the prior system and the policy around and the recommendations around SSAD.

So there's just a bunch of things that are going on that really need to be aligned. And so that's what this report really tried to do is kind of do that and say, "All right, given all this plus RDRS, what is it we think needs to happen? And kind of like how do we go about like making sure these all converge?"

So that report has been published. It'll be open for public comment until December 9th. It's on the ICANN website. And then the Public Comment Summary Report is due in early January. So that's something to be watching for here. Important kind of work to be done.

I am personally glad that we're kind of trying to find a path of convergence here because there's always a lot going on in the ICANN world, and since my very first ICANN meeting 25 years ago, kind of the issues around WHOIS have been persistent. It's always been kind of the key thing that weaves its way through everything. And so I think it's good that we're trying to converge some policy work here to make sure that this all comes together and kind of lands together.

So the other part of this is related to urgent requests. I mentioned earlier about kind of the desire or the recommendation to have kind of like an authorized or authenticate users, certain kind of requestor groups, let me use that, that's the right term requestor groups to the RDRS and to start with law enforcement, which makes a lot of sense. And in addition to sort of like making sure we know the people who are saying they have these urgent requests and are saying they're from law enforcement, having a mechanism to kind of validate that, there's also an issue around what are the timelines of an urgent request and what's the language that needs to be added to the policy, that sort of like brings this all together.

So they've been really looking at this urgent request issue for a while now. It was part of the new Registration Data Policy. It didn't get completed in time to be released. So this has been going on for a few years to figure out like what exactly and how exactly we handle urgent requests.

And so the authentication track, there's a long-term and a short-term kind of proposed solution. The short term is like let's have like kind of an authoritative list that registrars can have access to so that they at least know the names and contact information for all these law enforcement agencies around the world. And then maybe a more long-term solution is baking that into the ICANN portals, kind of connecting them into the law enforcement portals. That's a big lift. So that's definitely a much more long-term solution. But maybe we need to get to the short-term solution ASAP. And that's something that they're really trying.

The GAC put together a working group on this, and they have worked with other stakeholder groups within ICANN to really try to put together a list. And they're really working to try to get at least that list posted into the ICANN what's called NSP Portal, that registrars work within, to at least have that authoritative list.

But the policy track is something that is still ongoing. So ICANN, there's some proposed language that's been put out there about urgent requests. That is out also for public comment. Another thing true about ICANN is that probably at any given time there's three or more things out there open for public comment. So here's yet another about the urgent requests. That public comment is open through December 15th.

Just to give you a sense of sort of what the discourse has been around that in terms of there's been a lot of discussion around the timing. So the internet doesn't stop. It's 24/7/365. So registrars, many of them do have 24-hour operations, do have teams and technical support lines that they're manning 24 hours a day. But this RDRS system is not kind of baked into that. And so there's a lot of concern by registrars, like having a 24-hour turnaround time to deal with urgent requests is challenging. Registrar customers are around the globe. Even though they may be based in London, they could have a customer in Australia. They also have staff all over the world. So the 24-hour timeline is a very tight timeline for a registrar, and they're trying to figure out how they can to handle that.

The GAC is continuing to lead the work on authenticated requestors. And then the proposed language is out there. So there's a lot going on. We're not to the end of the road here yet. But I think what's great is that the discussion is now coming out from these individual groups to having this out now in sort of public comment and other forums.

So let's move on to privacy and proxy accreditation. Like I mentioned, this has been something that's been a start, stop, start again process. I think it's widely understood that privacy and proxy services are things that are really needed. There are reasons why they are used and needed in domain registration. But the challenge has been is that ICANN has no contractual relationship with these folks. And so that's really been what's been kind of being worked on is how do we create an accreditation process that privacy and proxy providers have to go through with ICANN, and therefore compliance obligations that they will have to meet to basically stay accredited. And that way we can have a closer relationship and be able to do things like registration data requests and things like that.

This was paused for a while. They had kind of gotten to a proposed accreditation policy. But that got paused because of GDPR. And so, finally, it was reconvened in 2024. The world has changed a lot since 2019 and the policy work that happened prior to 2019. So what really has had to happen is kind of a little bit of a restart and kind of re-outlining their purpose and things like that.

So again, as I mentioned in prior slides, the GAC and ICANN Board have also called for RDRS improvements to facilitate privacy and proxy requests as an example of sort of how the world has changed. So this is something that is still ongoing. But the good news is I think we are going to get to privacy and proxy accreditation, which I think is very, very important for brand owners. So I am very much looking forward to when that happens.

And then last but not least, in the WHOIS category here, WHOIS accuracy. Again, I remember talking about this at my very first ICANN meeting more than 25 years ago. There's always been a consistent concern of the GAC about the accuracy of WHOIS data. And there have been tons of studies and workgroups and lots of discussion and attempts at trying to figure out how we can make the WHOIS more accurate. The GNSO has been very, very much involved in those issues. They've been kind of back at it. And earlier this year, they kind of put together kind of some new threshold questions on accuracy, and they got some responses back from GAC and other community members on that.

So right now, the GNSO and other supporting organizations have been trying to kind of create these small teams to kind of really narrowly focus on specific issues. So they have a GNSO Small Team for WHOIS accuracy. They've reviewed those threshold questions. The Small Team recommendations around that were adopted by the GNSO Council in August of 2025 and kind of outline what the main recommendations were. Shortening the current 15-day limit for registrars to conduct a registration data validation.

So when a WHOIS complaint is put forward to ICANN, they go out to the registrar. ICANN tells the registrar they have 15 days to kind of look into it and get back to them. So they want to look at shortening that, looking at additional registrant education. Look at like, "Are domains actually being suspended due to data accuracy violations? Is that actually happening?"

Those were some of their recommendations. But they also think that we probably also are at a point where we can start closing down the Accuracy Scoping team. So ICANN Compliance did meet with the GAC, just prior to the Dublin meeting, to kind of brief them on these things and to really help them understand, because these representatives, typically it's like a telecom ministry and a government that sends a representative to ICANN to be on the GAC. And they're not steeped deeply into the inner workings of the domain universe.

So they kind of took them through what are the kind of mechanics or the compliance obligations of how ICANN makes sure that within their contracts they're enforcing different provisions around WHOIS accuracy. And so they took them through the those different things to help them better understand the things that were being done today on WHOIS accuracy.

So that's all the fun WHOIS topics. So within the ICANN policy development process, there's some work being done on transfer policy. That wasn't discussed at this meeting, but we did talk about IDN EPDP. And again, IDNs are those internationalized domain names. Something that's very important to the next round is getting as much of the policy work done as possible for the launch of Round 2 because, again, we went through those objectives of ICANN for the second round of the New gTLD Program of sort of diversifying participation and including more non-English-speaking participants online.

And so the GNSO has been working on this for a while. But working quickly, this is an expedited PDP policy development process. Like most things in the ICANN policy world, they're divided into phases. It just happens because the issues are pretty big. Phase 1 and Phase 2 are kind of outlined there on this on the slide, so looking at kind of definitions of things and variant management. While Phase 2 is really about second level, meaning the stuff before the dot.

So the GNSO did approve the Phase 2 report in December of last year. It had 14 policy recommendations. ICANN ran a public comment on the report. It's closed. And the staff was asked to kind of conduct a feasibility or impact analysis on those recommendations. Again, a lot like what happened with SSAD. Like is everything that's being recommended, there's one thing to say like this would be good to have. It's another thing to be able to say like this is feasible and it will have the right impact to help the Board kind of have more information to make an informed decision on those Phase 2 recommendations. So at the ICANN Board meeting in Dublin, ultimately with all that information in hand, they did ultimately adopt the IDN EPDP Phase 2 recommendations at the ICANN Dublin meeting.

So another big topic, which we talk about consistently in this webinar series, is DNS abuse. I think everybody recognizes that it's not just ICANN who's responsible for DNS abuse. It takes all of us. And it takes registrars, registries, internet service providers, companies that offer services online, everyone and anyone. All of us out there have a role to play in DNS abuse. ICANN has kind of grappled for a number of years about how and to what level they need to kind of participate and provide policy.

About a year ago, a little bit over a year ago, they did add some what I would call modest DNS abuse amendments to registrar and registry contracts. So that's like we're now at the one-year mark of that. I think the general consensus is good start. Still needs more to be done. And that was sort of like the GAC's kind of assessment a couple of ICANN meetings ago. And they kind of broke things out about like how they plan to tackle this going forward.

At the end of every ICANN meeting, the GAC puts together what's called the communiqué. And we talk about that during these webinars. And the communiqué last time really had very formal GAC Advice on the topic of this DNS abuse topic. And so they really are pushing ICANN and the GNSO specifically within ICANN to undertake all necessary preparations before ICANN84, towards like really targeting and narrowly scoping different PDPs around DNS abuse. Like more needs to be done around bulk registrations of malicious domains and about the responsibility of registrars to investigate domain associated with registrant accounts that are the subject of actionable reports of abuse, things like that.

So a lot of pressure put on ICANN by the GAC at the end of the last meeting. And so since ICANN83, so you get a sense that that meeting happened in June, so over the last several months, a lot has been done here in terms of the GNSO Council has requested an issues report. They kind of gave three priority topics that they wanted them to focus on.

The DNS Abuse Small Team recommended sort of a narrowly scoped PDP on those three issues. And they've kind of even narrowed it further down to like two that really, really need the priority attention, which is one is related to access to kind of API. APIs are kind of like this automated connection to systems, so that system-to-system communication. And the bad guys are using these API connections to really do ungated, unbatched kind of rapid, large-scale malicious registrations. And there needs to be policy around that. That can't happen. Some registrars do kind of gate them and throttle them. But there's no policy out there about that, and we need to make sure that that's happening everywhere.

There's also kind of this sense that when there's a malicious domain name that's found and outreach is made to registrars and registries about these malicious domains, that there should be an associated domain check done, meaning usually bad guys don't register just one domain. There's like a batch of domains that all relate to kind of this very malicious behavior. So having an obligation to do that sort of expanded check.

So public comment is now open on that through November 17th. The Preliminary Issue Report on the PDP, that's the report that's been put out there for public comment is that Preliminary Issue Report. And then feedback received will help inform the final report that will go to the GNSO Council. So again continuing to push on DNS abuse.

As I've mentioned before, CSC has a great tool called CSC DomainSEC, that really is a one-of-a-kind, just amazing platform. It uses a lot of proprietary technology, combines machine learning, artificial intelligence, and sort of clustering technology to really help provide smart kind of security insights that could be leading indicators of potential compromise. So to schedule a demo, we provide a URL right there. Really recommend if that's something that is a concern at your organization, get a demo, see what we can do to help you on that.

And then last but not least, the GAC. I always like to just round things out with their communiqué. So as I mentioned earlier, the GAC at the end of each ICANN meeting, they usually a couple of days after issue what's called the GAC Communiqué. And they work on it throughout the meeting, but it actually gets published usually a few days afterwards.

The GAC is currently made up of 184 member states and territories. They have 40 observer organizations. And there's always not all, but a lot of them that attend in person. And so that is important. Their participation is important. But that GAC Communiqué, it usually will outline all the different meetings they participated in. They'll thank different members of the community for inputs and kind of collaboration and things like that. So part of the communiqué is about that.

But a big part of communiqué and what everybody really like looks to read after that gets issued is there are two sections. One is called the Issues of Importance to the GAC, and then the other one is GAC Advice. GAC Advice is a very kind of formal notice to the ICANN Board that this is something the GAC is recommending, and the Board, based on the ICANN bylaws, has a very formalized process on how they have to respond to that. They can't just ignore it. They have to either accept the advice, reject the advice, or ask more questions. And there's a lot of process that goes along with that.

But before something gets to GAC advice, typically it's listed here on their Issues of Importance, and you'll see many of the issues that we've talked about here during this webinar. So these are the things that are really important to the GAC. And I always say that if you want to really know of all the information that we share and all that goes on at an ICANN meeting, what the really most important things to know are, all you need to do is look at GAC Advice and Issues of Importance to the GAC.

So you'll see here Round 2, very concerned about making sure everything gets tied up for that to happen. Things like DNS abuse, again really important. Domain registration data, that's that WHOIS stuff. And then there are kind of things around like process, community statements of interest of like people who participate in different working groups, making sure they're clearly articulating who they're representing. Or ICANN review of reviews. ICANN has review processes, where they review themselves, and making sure that that's done properly. And they're kind of reworking and they're reviewing how they do their reviews. And then governance of the regional internet registries, which are kind of the local regional registries that kind of help make the internet work.

So these are things that are super important to the GAC, and you've heard many of these topics. They're very important to the audience that participates in this webinar as well.