SAC122 was published on 12 Dec 2023. All SSAC publications can be found at

Recommendation DescriptionCurrent Phase
Recommendation 1

The policy must provide additional structure so that Urgent Requests will be handled in an appropriately expedited fashion.

Specifically, the SSAC recommends that the required structure must include at least the following elements:

  • a. Registrar's and Registry Operator's published mechanism and process must state that Reasonable Requests for Lawful Disclosure and Urgent Requests for Lawful Disclosure are different, and must allow Urgent Requests to be identified as such by a requestor.
  • b. When a requestor submits an Urgent Request, Registrar and Registry Operator must provide an acknowledgment of receipt within 30 minutes. This acknowledgment is separate from the "response" to the disclosure request described in paragraph 10.7.
  • c. Paragraph 10.7.2 must specify that Responses to all Disclosure Requests must be in writing by email to the requestor. A written response is necessary for the information of the Requestor, and for compliance purposes. The requirement for written responses is not intended to prohibit other communication from occurring (e.g., if ongoing telephonic communication is conducted in parallel to the writing of the email response), so long as the written response is also provided.

Phase 2 | Understand

Recommendation 2

The policy must ensure that response times for handling Urgent Requests be fit for purpose.

Specifically, the SSAC recommends that the required response time must have at least the following characteristics:

  • a. Urgent Requests are a matter of imminent danger. The language of the policy should reflect that responses are to be fulfilled as soon as possible, with urgency befitting the situation.
  • b. Paragraphs 10.6.1 and 10.6.2 provide time extensions that are not fit for purpose, and these paragraphs should be deleted. No legitimate Urgent Request should be responded to in more than 24 hours.
  • c. In paragraph 10.6, the word "generally" is imprecise and confusing and should be deleted.

Phase 2 | Understand

Recommendation 3

ICANN org should acquire and document data regarding Urgent Requests and make high-level information available to the community for future consideration.

Specifically, the SSAC recommends the data made available to the community must include at least the following metrics:

  • a. Number of Urgent Requests received at registrars and registry operators;
  • b. Expediency with which Urgent Requests were reviewed, evaluated, and handled;
  • c. Percentage of Urgent Requests classified as spam, not urgent, or otherwise invalid; d. Counts of requests handled and not handled within the contractual requirements (i.e., compliance statistics). The data collected must be comprehensive enough for ICANN org to examine a registrar or registry operator’s handling of Urgent Requests for compliance purposes.

Phase 2 | Understand