Key Takeaways from ICANN 2024 Contracted Parties Summit Paris, France | May 6-9, 2024

ICANN held its Contracted Parties Summit in Paris, France from May 6-9, 2024. The conference, which featured over 550 participants, provided the contracted parties, that is, the Registrars and Registries who have contracts with ICANN, an opportunity to engage in and address issues of mutual interest and importance as well as to have face-to-face meetings outside of the three regular yearly ICANN meetings. The agenda was created in collaboration with volunteers from the Registries Stakeholder Group (RySG) and Registrar Stakeholder Group (RrSG), and nearly 50% of sessions were led by community members.

Takeaways from key sessions and themes are as follows:

I. Opening

Russ Weinstein, Vice President of the Global Domains Division (GDD) Accounts and Services team which is responsible for supporting the global network of gTLD registries and ICANN accredited registrars, welcomed the participants and invited them to bring their knowledge and expertise to share with each other and learn from each other.

Tripti Sinha, Chair of the ICANN Board, in her opening remarks implored the community to remain steadfast in their commitment to the stability, security, and resilience of the Internet's naming system in bringing choice and innovative thinking  to consumers so as to ensure a healthy Domain Name Industry.

II. DNS Abuse Amendment Implementation

ICANN and the Contracted Parties recently agreed to a set of contract amendments that will serve to mitigate DNS Abuse, requiring registrars and registry operators to take definitive action when receiving credible reports of abuse. These new requirements will be of particular interest to rights holders where wrongdoers impersonate brands to execute phishing attacks and other forms of DNS abuse.

In particular, the discussion focused on:

• the purpose of the amendments: to improve mitigation of DNS Abuse (i.e., malware, phishing, bots, and email that conveys those forms of abuse), the ICANN Registry operators and registrars have agreed to contract modifications;
• the implementation of those contract modifications; and
• a key issue: communication between registrars and registry operators. Registrars require “complainers” to furnish specific information but sometimes, complaints go to registry operators, who are obligated to forward the complaint to registrars. However, registry operators will not have the complete information registrars required. The discussion included the possible development of an Application Programming Interface API between registry operators and registrars to facilitate these communications.

III. Becoming a Sustainable DNS industry

This session represented the first time that sustainability has been broached as a topic at an ICANN conference. Sustainability is not only about planting trees, reducing emissions and being a better person but has to do with equal pay, clean water and better networking.

There was a sharing of why sustainability is important and also of best practices, i.e.,

• Create sustainability strategy
• Earn an European Foundation Quality Management (EFQM) certification
• Launch a Common Standard Reporting (CSR) system based on ISO 26000
• Establish Key Performance Indicators KPIs for footprint reduction: per employee and organization-wide

IV. Policy Implementation Updates (Provided by ICANN Staff)

• One new policy brings ICANN contracts into line with the General Data Protection Regulation (GDPR)  and other privacy regulations. The GDPR is a European Union regulation on information privacy in the European Union and the European Economic Area.
• There have been updates to the Internationalized Domain Names (IDN) tables that provide consistency for how IDNs are implemented.
• Looking at the next round of  Top level Domains (TLDs) which is due to open in April 2026 we see that:
• Single character strings will be allowed in the next round for Korean, Japanese and Chinese languages only (ideographs);
• ICANN is developing a model for preventing delegation of the same string when the only difference is that one is singular and the other plural, provided the meaning is otherwise identical; and
• ICANN will publish a version of the Applicant Guidebook for public comment in May 2025, but there are many dependencies that still have to be completed.

V. Network and Information Society Directive 2 (NIS2) and Communications

NIS2 expands its EU-wide security requirements and scope of covered organizations and sectors to improve the security of supply chains, simplify reporting obligations, and enforce more stringent measures and sanctions throughout Europe.

A discussion  took place on developing EU regulations in response to the promulgation of NIS2. In particular, there was a discussion regarding balancing privacy and encryption against the governments’ desire for information. After a detailed review of NIS2 contents, the contracted parties agreed to create a joint statement to inform those outside the ICANN community regarding the roles of registry operators and registrars with respect to:

• Data accuracy requirements followed by registrars and registry operators.
• DNS Abuse work to date and upcoming
• MSM: its effectiveness and superiority to other models
• Privacy: should be of paramount consideration
• Engagement

The session continued with a discussion of implementation of NIS2 by various countries: e.g., Germany, Belgium, and approaches registry operators and registrars can take to comply with the new regulations.

VI. Brand TLD Session

This session focused on the difficulties brands face in applying for a TLD. The session raised questions but did not suggest solutions for:

• How can applicant fees be reduced?
• How can innovation be encouraged?
• How can brands be encouraged to apply?

Since the policy development for the next round of TLDs is completed, it is unlikely that fees will be reduced in certain circumstances and there be any variation to encourage innovation. However, brands should learn more about the benefits and burdens of operating a TLD and should consult a subject matter expert prior to the opening of the application period.

Vll.       DNS Abuse

A whole day was devoted to DNS Abuse which was led by Graeme Bunton, director of the DNS Abuse Institute. A deep dive was taken into case studies from registrars and registries when they faced difficult challenges in dealing with a report of suspected abuse, and interesting conversations were had  about lessons learnt, and advice they would give themselves in hindsight.

Some of the topics touched on were transitioning from "email receiving + manual handling" to "integrated platform + tiered handling mechanism, collaborating with your registrar channel to reduce abuse, dealing with a backlog and speeding up an abuse process, handling complaints which do not contain enough information to be actionable and dealing with fake crypto complaints.

There were several working sessions which included discussions on:  

• a proposed format for abuse reports, including fields and formats, and minimum requirements;
• reducing DNS abuse in all gTLDs, regardless of language or script, which is critical to building a trusted domain name marketplace and a more digitally inclusive Internet and how to implement version 4.1 of the IDN Guidelines to help achieve this goal and enhance the usability and security of domain names; and
• creating a framework to identify what is and what is not phishing, how it differs from other similar types of harm online, and where smishing (social engineering designed to trick users through fake text messages) fits in.  

The Registries and Registrars discussed possible strategic options for future DNS abuse related work that involves the broader ICANN community. The Chairs of the Registrar Stakeholder Group and the Registries Stakeholder Group also led a discussion amongst contracted parties on community wide expectations post  the (gTLD) Registry Agreement (Base RA) and the Registrar Accreditation Agreement (RAA) DNS abuse amendments and considered possible next steps which included an open call for ideas on future events that would help the community to combat DNS Abuse.

In conclusion, the annual Contracted Parties Summit provides contracted parties an opportunity to engage and address issues of mutual interest and importance and an opportunity for the ICANN Board and org to listen and learn about this particular part of the community and the industry. Discussions, which are divided between those open only to members of the contracted parties and those open to the general ICANN community, do not center around policy but rather around gaining insight into specific operational needs and challenges that the contracted parties face. While the next Contracted Parties Summit is in the early planning stages, it is anticipated that the 2025 Summit will take place around the same time of year in the Asia Pacific region.

For further information regarding the content of this article, ICANN policy issues, or to discuss this or other intellectual property matters, please contact the following Winterfeldt IP Group team member:

Brian Winterfeldt, brian@winterfeldt.law, +1 202 903 4422‍

‍