Implementation

Rec #

Status

Description

Implementation Update as of 17 February 2022

R1.1

Completed

To ensure that RDS (WHOIS) is treated as a strategic priority, the ICANN Board should put into place a forward-looking mechanism to monitor possible impacts on the RDS (WHOIS) from legislative and policy developments around the world.

The corresponding activities are already part of ICANN's plans.

R1.2

Completed

To support this mechanism, the ICANN Board should instruct the ICANN org to assign responsibility for monitoring legislative and policy developments around the world and to provide regular updates to the ICANN Board.

ICANN org has already assigned responsibility for monitoring legislative and policy developments around the world and for providing regular updates to the ICANN Board.

R1.3

In Progress

The ICANN Board, in drafting the charter of a Board working group on RDS, should ensure the necessary transparency of the group’s work, such as providing records of meetings and meeting minutes, to enable future review of its activities.

The work of the previously chartered Board Working Group on Registration Directory Services has been integrated into the work of the Board Caucus on General Data Protection Regulation (GDPR) / Expedited Policy Development Process (ePDP). Work is underway to determine which measures are needed to ensure that appropriate information on Caucus group activities is provided to the community.

R3.1

Partially Completed

The ICANN Board should direct ICANN org to update all of the information related to RDS (WHOIS) and by implication other information related to the registration of second-level gTLDs. The content should be revised to make the information readily accessible and understandable, and it should provide details of when and how to interact with ICANN org or contracted parties. [...]

ICANN has updated the content and navigation of the registration data look up tool (i.e., the WHOIS Portal referred to in the RDS-WHOIS2 Review Team Final Report). The information formerly contained on that page has been reorganized and now appears on the Domain Name Registration Data Policies and Related Requirements page, which contains information regarding existing policies and requirements and ongoing policy development work. ICANN Contractual Compliance has included the links to this information on their Complaint Submission page found here https://www.icann.org/compliance/complaint.

R3.2

In Progress

With community input, the ICANN Board should instruct ICANN org to identify groups outside of those that routinely engage with ICANN org, and these should be targeted through RDS (WHOIS) outreach. An RDS (WHOIS) outreach plan should then be developed, executed, and documented. [...]

As the GNSO’s Expedited Policy Development Process on Temporary Specification for gTLD Registration Data (EPDP) and the Registration Data Access Protocol (RDAP) phased implementation could impact the information or the messaging to be delivered by ICANN to new target groups, work will begin as soon as the dependency on outcomes of the EPDP has been resolved.

R10.2

On Hold

Reviewing the effectiveness of the implementation of WHOIS1 Recommendation 10 should be deferred. The ICANN Board should recommend that review be carried out by the next RDS (WHOIS) Review Team after the Privacy and Proxy Services Accreditation Issues (PPSAI) policy is implemented.

The Board approved the ATRT3 recommendation to suspend any further RDS Reviews pending the outcome of the next ATRT, subject to prioritization and community agreement to the related Bylaw changes.

R11.2

Partially Completed

The ICANN Board should direct ICANN org to ensure that the common interface displays all applicable output for each gTLD domain name registration as available from contracted parties, including multiple versions when the outputs from registry and registrar differ. The common interface should be updated to address any policy or contractual changes to maintain full functionality.

Registration Data Access Protocol (RDAP) was designed with the ability to be updated to address any future policy or contractual changes. Regarding the common interface displays, ICANN org continues to review to determine resources required to make the recommended updates, including whether resources are required to program and/or build any necessary software.

R12.1

On Hold

Reviewing the effectiveness of the implementation of Recs #12-14 should be deferred. The ICANN Board should recommend that review to be carried out by the next RDS Review Team after RDAP is implemented, and the translation and transliteration of the registration data launches.

The Board approved the ATRT3 recommendation to suspend any further RDS Reviews pending the outcome of the next ATRT, subject to prioritization and community agreement to the related Bylaw changes.

R15.1

Partially Completed

The ICANN Board should ensure that implementation of RDS-WHOIS2 Review Team recommendations is based on best practice project management methodology, ensuring that plans and implementation reports clearly address progress, and applicable metrics and tracking tools are used for effectiveness and impact evaluation.

ICANN org’s newly created Implementation Operations function is deploying a foundational structure that allows for the work of implementation to be carried out thoroughly, effectively, and in a sustainable manner. In addition to the use of an improved project management system, ICANN org’s Implementation Operations function has also designed enhanced tools for its implementation planning related work and is working on developing a more frequent and detailed reporting mechanism.

LE.1

In Progress

The ICANN Board should resolve that ICANN org conduct regular data gathering through surveys and studies to inform a future assessment of the effectiveness of RDS (WHOIS) in meeting the needs of law enforcement. This will also aid future policy development (including the current Temporary Specification for gTLD Registration Data Expedited Policy Development Process and related efforts).

Implementation of this recommendation could not be completed in time to aid EPDP Phase 2, for which a final report was issued in August 2020. However, ICANN org, in consultation with the GNSO, will identify an appropriate timeline for any surveys and studies to inform future assessments of the effectiveness of RDS in meeting needs of law enforcement.

LE.2

In Progress

The ICANN Board should consider conducting comparable surveys and/or studies (as described in LE.1) with other RDS (WHOIS) users working with law enforcement on a regular basis.

Implementation of this recommendation could not be completed in time to aid EPDP Phase 2, for which a final report was issued in August 2020. However, ICANN org, in consultation with the GNSO, will identify an appropriate timeline for any surveys and studies of users working with law enforcement on a regular basis. Additionally, ICANN org continues to review whether this recommendation could be paired with the use of other survey and feedback mechanisms across ICANN org to ensure there is a coordinated process for surveying the community and stakeholders.

SG.1

In Progress

The ICANN Board should require that the ICANN org, in consultation with data security and privacy expert(s), ensure that all contracts with contracted parties (to include Privacy/Proxy services when such contracts exist) include uniform and strong requirements for the protection of registrant data and for ICANN to be notified in the event of any data breach. The data security expert(s) should also consider and advise on what level or magnitude of breach warrants such notification. [...]

This will be included in the next round of contractual negotiations with the contracted parties, insofar as it relates to ICANN receiving notification of data breaches in circumstances that threaten to undermine the stability, security, and resiliency of the Internet’s DNS.

CC.1

In Progress

The ICANN Board should initiate action intended to ensure that gTLD domain names suspended due to RDS (WHOIS) contact data which the registrar knows to be incorrect, and that remains incorrect until the registration is due for deletion, should be treated as follows: (1) The RDS (WHOIS) record should include a notation that the domain name is suspended due to incorrect data; and (2) Domain names with this notation should not be unsuspended without correcting the data.

This recommendation was approved in part and is to be included in the next round of contractual negotiations with the contracted parties. The Board passed through this recommendation to the Generic Names Supporting Organization (GNSO) Council to consider as a future policy development process. In its 3 July 2020 response, GNSO Council indicated that: “it will ensure Recommendation CC.1 is included for consideration in due course, if this item has not been addressed in the next round of contractual negotiations between ICANN org and the Contracted Parties (as directed by the Board)”.

CC.2

In Progress

The ICANN Board should initiate action intended to ensure that all gTLD domain name registration directory entries contain at least one full set of either registrant or admin contact details comparable to those required for new registrations under the 2013 Registrar Accreditation Agreement (RAA) (or any subsequent version thereof) or applicable policies.

This recommendation is part of EPDP Phase 1 implementation.

CC.3

Completed

The ICANN Board should take steps to ensure that ICANN Contractual Compliance is adequately resourced factoring in any increase in work due to additional work required due to compliance with GDPR or other legislation/regulation.

This recommendation is already included in the existing budgeting and planning process. Compliance will continue to request required resources as part of the existing planning process.