Skip to main content
Resources

Minutes | Regular Meeting of the ICANN Board

A Regular Meeting of the ICANN Board of Directors was held telephonically on 10 March 2022 at 20:30 UTC.

Maarten Botterman, Chair, promptly called the meeting to order.

In addition to the Chair, the following Directors participated in all or part of the meeting: Alan Barrett, Becky Burr, Edmon Chung, Sarah Deutsch, Avri Doria, Danko Jevtović, Akinori Maemura, Göran Marby (President and CEO), Mandla Msimang, Ihab Osman, Patricio Poblete, León Sánchez (Vice Chair), Katrina Sataki, Matthew Shears, and Tripti Sinha.

The following Board Liaisons participated in all or part of the meeting: Harald Alvestrand (IETF Liaison), Manal Ismail (GAC Liaison), James Galvin (SSAC Liaison), and Kaveh Ranjbar (RSSAC Liaison).

Secretary: John Jeffrey (General Counsel and Secretary).

  1. Consent Agenda:
    1. Appointment of Independent Audit Firm for FY22
  2. Main Agenda:
    1. Deferral of the Third Review of Security, Stability and Resiliency of the Domain Name System
    2. GNSO Council Policy Recommendations on EPDP Phase 2A
    3. Consideration of the Afilias Domains No. 3 Ltd. v. ICANN (.WEB) Independent Review Process Final Declaration
    4. AOB

 

  1. Consent Agenda:

    1. Appointment of Independent Audit Firm for FY22

      The Chair opened the meeting and introduced the consent agenda. Sarah Deutsch moved and Ihab Osman seconded. The Chair called for a vote and the Board took the following actions:

      Whereas, Article 22, Section 22.2 of the ICANN Bylaws requires that at the end of the fiscal year, the books of ICANN must be audited by certified public accountants." Section 22.2 further states that the appointment of the fiscal auditors shall be the responsibility of the Board.

      Whereas, ICANN organization has carried out a request for proposal for independent audit services, which has resulted in identifying [Redacted – Confidential Negotiation Information] as the most suitable for ICANN at this time.

      Whereas, the Board Audit Committee has discussed the recommendation from ICANN org and has recommended that the Board authorize the President and CEO, or his designee(s), to take all steps necessary to engage [Redacted – Confidential Negotiation Information] to carry out the independent audit for the fiscal year ending 30 June 2022.

      Resolved (2022.03.10.01), the Board authorizes the President and CEO, or his designee(s), to take all steps necessary to engage [Redacted – Confidential Negotiation Information] as the audit firm(s) for the financial statements for the fiscal year ending 30 June 2022.

      Resolved (2022.03.10.02), specific items within this resolution shall remain confidential for negotiation purposes pursuant to Article 3, section 3.5(b) of the ICANN Bylaws until the President and CEO determines that the confidential information may be released.

      All Board Directors present voted in favor of Resolutions 2022.03.10.01 and 2022.03.10.02. The Resolutions passed.

      Rationale for Resolutions 2022.03.10.01 - 2022.03.10.02

      ICANN has engaged the same independent audit firm since the audit of fiscal year 2014.

      In 2021, the Board Audit Committee (BAC) recommended that ICANN organization perform a Request for Proposal (RFP) for the selection of the audit firm for FY22. ICANN org issued the direct RFP to numerous audit firms and received five expressions of interest. After evaluating a completed 75-part questionnaire received from each of the five firms, ICANN org invited all five firms to make an oral presentation.

      ICANN org evaluated the interested firms on several attributes such as the overall capabilities of the firm, the professional team assigned, understanding the assignment, financial value/pricing, and proposed methodology/audit approach.

      ICANN org evaluated [Redacted – Confidential Negotiation Information] as the most suitable for ICANN based on the firm's strong partner tenure, team experience in the Not-for-Profit and Technology sectors, and value for completing much of the transaction testing before the year-end audit begins. [Redacted – Confidential Negotiation Information]

      Taking this decision is both consistent with ICANN's Mission and in the public interest as the engagement of an independent audit firm is in fulfillment of ICANN org's obligations to undertake an audit of ICANN org's financial statements and helps serve ICANN's stakeholders in a more accountable manner.

      This decision will have a fiscal impact on ICANN, which is accounted for in the FY22 ICANN Operating Plan and Budget. This decision should not have any direct impact on the security, stability and resiliency of the domain name system.

      This is an Organizational Administrative Function not requiring public comment.

  2. Main Agenda:

    1. Deferral of the Third Review of Security, Stability and Resiliency of the Domain Name System

      Avri Doria, Chair of the Organizational Effectiveness Committee, introduced the agenda item and read the proposed resolution into the record. Avri moved and Danko Jevtović seconded.  The Chair called for a vote and the Board took the following actions:

      Whereas, Section 4.6 (c) of the ICANN Bylaws stipulates that the Board shall cause a periodic review of ICANN's execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet's system of unique identifiers that ICANN coordinates. The Stability, Security and Resiliency Review (SSR) shall be conducted no less frequently than every five years, measured from the date the previous SSR Review Team was convened; the Second Review of the Stability, Security and Resiliency of the Domain Name System (SSR2) was convened in March 2017.

      Whereas, on 30 November 2020, the Board approved recommendations from the Third Accountability and Transparency Review (ATRT3) pertaining to reviews, subject to prioritization and community agreement on the Bylaws change. Recommendation 3.3 states that Security, Stability and Resiliency Reviews shall be suspended until the next Accountability and Transparency Review Team shall decide if these reviews should be terminated, amended or kept as is.

      Whereas, the SSR2 completed its work and delivered its Final Report to the Board on 25 January 2021, with the Board taking action on the 63 recommendations on 22 July 2021. The implementation preparations are underway for recommendations approved by the Board, and work is progressing to inform Board action on the 34 recommendations placed into "pending" status.

      Whereas, the ICANN Board's Organizational Effectiveness Committee (OEC) recommends the Board to defer the Third Review of the Security, Stability and Resiliency of the Domain Name System (SSR3), determining that it would be neither prudent nor feasible to begin this review now, given the ATRT3 recommendation to suspend and before the implementation of SSR2 recommendations has been completed.

      Resolved (2022.03.10.03), the ICANN Board defers the SSR3 to allow the ICANN community and organization sufficient time to plan for, and implement pertinent ATRT3 recommendations once prioritized for implementation. The Board acknowledges that the Bylaws state that the SSR Review should be conducted every five years. The Board also acknowledges the ATRT3 recommendation, to suspend the SSR3 Review until the next ATRT makes a further recommendation on timing. The Board will oversee the implementation of ATRT3 recommendations and determine whether the timing of SSR3 should be re-examined based on the changing environment, including various dependencies.

      All Board Directors present voted in favor of Resolution 2022.03.10.03. The Resolution passed.

      Rationale for Resolution 2022.03.10.03

      The Board action today is an essential step in its oversight responsibility over Specific Reviews, including the review of the Security, Stability and Resiliency of the Domain Name System (SSR). The Board recognizes that the current timing specified in the Bylaws to commence SSR3 in March 2022 is not prudent in light of recently issued and approved community recommendations, nor feasible given insufficient time to implement SSR2 recommendations nor determine their effectiveness, prior to starting the next review. By deferring the start of SSR3, the Board is acting in line with the ATRT3 recommendations as also supported by the ICANN community. The Board expects that once ATRT3 recommendations are prioritized, the implementation work will result in a package of proposed amendments to the ICANN Bylaws, some of which would address the timing of future reviews, including SSR3.

      The ATRT3 Recommendation 3.3 states that: "Given SSR2 will not be finalized prior to ATRT3 completing its work, ATRT3 recommends that SSR Reviews shall be suspended until the next ATRT Review (or any type of review that include current ATRT duties) which shall decide if these should be terminated, amended or kept as is. This review could be re-activated at any time by the ICANN Board should there be a need for this." The Board approved this recommendation in November 2020, subject to community agreement on a Bylaws change, stating that "When deemed appropriate through the prioritization process, the Board directs ICANN org to begin the process to make the appropriate Bylaw amendments, but if the Empowered Community rejects the Bylaws changes, further ICANN community discussion would be required before implementation."

      Today's action supports the Board's continued commitment to proactively implement community-issued recommendations and to evolve Specific Reviews in collaboration with the ICANN community, to produce impactful outcomes that serve the public interest. Continuously improving delivery of Specific Reviews is a cornerstone of ICANN's commitment to accountability and transparency. It is in the public interest in that it will continue to support and improve the reviews of ICANN's responsibility for the security, stability and resiliency of the DNS toward improved outcomes.

      Public comment proceeding is not considered necessary, since the ATRT3 recommendation to suspend SSR3 until the next ATRT was the subject of two public comment proceedings – on the Draft and Final SSR2 Reports.

    2. This action is expected to result in positive impact to the security, stability or resiliency of the Internet's DNS, by allowing sufficient time to implement SSR2 recommendations and assess their impact as well as by enabling a community-based evaluation of the future of this review. This action is anticipated to result in positive budgetary or financial implications in the near term, in that the expenditure for the next review of the SSR will be deferred. It is also anticipated to have a positive impact on community and ICANN org resources.

    3. GNSO Council Policy Recommendations on EPDP Phase 2A

      Matthew Shears, Chair of the Board Strategic Planning Committee, introduced the agenda item and summarized the GNSO Council Policy recommendations of EPDP Phase 2A.  He read the resolved clauses into the record. Matthew moved and Becky Burr seconded. The Chair called for a vote and the Board took the following actions:

      Whereas, on 17 May 2018, the ICANN Board adopted the Temporary Specification for gTLD Registration Data (Temporary Specification) pursuant to the procedures in the Registry Agreement (RA) and Registrar Accreditation Agreement (RAA) concerning the establishment of temporary policies.

      Whereas, following the adoption of the Temporary Specification, and per the procedure for Temporary Policies as outlined in the RA and RAA, a Consensus Policy development process as set forth in ICANN's Bylaws must be initiated immediately and completed within a one-year time period from the implementation effective date (25 May 2018) of the Temporary Specification.

      Whereas, the GNSO Council approved the EPDP Initiation Request (https://gnso.icann.org/sites/default/files/file/field-file-attach/temp-spec-gtld-rd-epdp-initiation-request-19jul18-en.pdf) and the EPDP Team Charter (https://gnso.icann.org/sites/default/files/file/field-file-attach/temp-spec-gtld-rd-epdp-19jul18-en.pdf) on 19 July 2018.

      Whereas, the EPDP Team divided the work into two phases. Phase 1 completed with the adoption of the EPDP Phase 1 Final Report on 4 March 2019, at which point the GNSO Council indicated its non-objection, as required per the EPDP Team Charter, for the EPDP Team to commence work on a System for Standardized Access/Disclosure to Non-Public Registration Data (SSAD) as well as other topics identified in Phase 2 of the Charter and/or carried over from Phase 1 (priority 2 items).

      Whereas, the Phase 2 Final Report noted that "As a result of external dependencies and time constraints, this Final Report does not address all priority 2 items". It furthermore noted that the EPDP Team would "consult with the GNSO Council on how to address the remaining priority 2 items".

      Whereas, following these consultations, the GNSO Council adopted on 21 October 2020 instructions for the EPDP Phase 2A to address the remaining priority 2 items, namely 1) differentiation between legal and natural person registration data, and 2) feasibility of unique contacts to have a uniform anonymized email address.

      Whereas, the EPDP Team commenced its deliberations on Phase 2A on 17 December 2020.

      Whereas, the EPDP has followed the prescribed EPDP steps as stated in the Bylaws, including the publication of an Initial Report for public comment on 3 June 2021, resulting in a Final Report delivered on 3 September 2021 with an updated version containing all minority statements submitted on 13 September 2021.

      Whereas, all recommendations received the consensus support of the EPDP Phase 2A Team but the Chair's statement indicated that "it's important to note that some groups felt that the work did not go as far as needed, or did not include sufficient detail, while other groups felt that certain recommendations were not appropriate or necessary".

      Whereas, the GNSO Council reviewed and discussed the recommendations of the EPDP Team and approved all Phase 2A on 27 October 2021 by a GNSO Supermajority vote.

      Whereas, after the GNSO Council vote, a public comment period was held on the approved Recommendations, and the comments received (see summary report) are similar to comments provided by the EPDP Phase 2A Team members during its deliberations, the comments received in response to the EPDP Phase 2A Team's Initial Report, and the positions demonstrated in the minority statements to the Final Report, represent a clear divergence of views as also reflected in the Chair's statement referenced above.

      Whereas, the Governmental Advisory Committee (GAC) was requested to raise any public policy concerns that might occur if the proposed policy is adopted by the Board (https://www.icann.org/en/system/files/correspondence/botterman-to-ismail-09dec21-en.pdf).

      Whereas, the GAC responded to the Board's notice, and provided its response on 9 February 2022 requesting that the ICANN Board consider "the GAC Minority Statement in its entirety, as well as available options to address the outstanding public policy concerns expressed therein".

      Whereas, ICANN org reviewed the Recommendations as well as the Minority Statements, and, based on current information and subject to further inputs from Data Protection Authorities and legal analysis, believes the EPDP Phase 2A recommendations do not appear to be in conflict with (a) the GDPR, (b) existing requirements for gTLD registry operators and registrars, or (c) ICANN's mandate to ensure the stability, security, and resiliency of the Internet's DNS.

      Resolved (2022.03.10.04) the Board adopts the GNSO Council EPDP Phase 2A Policy Recommendations as set forth in section 3 of the Final Report.

      Resolved (2022.03.10.05), the Board directs the President and CEO, or his designee(s), to develop and execute an implementation plan for the adopted Recommendations that is consistent with the guidance provided by the GNSO Council and to continue communication with the community on such work.

      All Board Directors present voted in favor of Resolutions 2022.03.10.04 and 2022.03.10.05. The Resolutions passed.

      Rationale for Resolutions 2022.03.10.04 – 2022.03.10.05

      Why is the Board addressing this issue now?

      The GNSO Council approved all of the final recommendations from the EPDP Working Group's Final Report dated 13 September 2021 at its meeting on 27 October 2021, and a Recommendations Report from the Council to the Board on the topic on 16 December 2021. In accordance with the ICANN Bylaws, a public comment forum was opened to facilitate public input on the adoption of the Phase 2A Recommendations. The public comment period closed on 13 January 2022. As outlined in Annex A of the ICANN Bylaws, the EPDP recommendations are now being forwarded to the Board for its review and action.

      What are the proposals being considered?

      The four Phase 2A recommendations relate to the topics of 1) the differentiation of legal vs. natural persons' registration data and 2) the feasibility of unique contacts to have a uniform anonymized email address. In short, the four recommendations recommend that:

      1. A field or fields MUST be created to facilitate differentiation between legal and natural person registration data and/or if that registration data1 contains personal or non-personal data. This field or fields MAY be used by those Contracted Parties that differentiate.
      2. Contracted Parties who choose to differentiate based on person type SHOULD follow the guidance included in the Final Report.
      3. If a GDPR Code of Conduct is developed within ICANN by the relevant controllers and processors, the guidance to facilitate differentiation between legal and natural person data SHOULD be considered within ICANN by the relevant controllers and processors.
      4. Contracted Parties who choose to publish a registrant-based or registration-based email address in the publicly accessible RDDS SHOULD evaluate the legal guidance obtained by the EPDP Team on this topic.

      The full list and scope of the final recommendations can be found in Annex B of the GNSO Council's Recommendations Report to the Board (see https://gnso.icann.org/sites/default/files/file/field-file-attach/draft-epdp-phase-2a-report-06dec21-en.pdf).

      What significant materials did the Board review?

      In taking this action, the Board considered:

      What factors did the Board find to be significant?

      The EPDP Team's Phase 2A recommendations were developed following the GNSO Expedited Policy Development Process as set out in Annex A of the ICANN Bylaws and have received the support of the GNSO Council. As outlined in the ICANN Bylaws, the Council's Supermajority support obligates the Board to adopt the recommendations unless, by a vote of more than two-thirds, the Board determines that the recommended policy is not in the best interests of the ICANN community or ICANN. The Bylaws also allow input from the GAC in relation to public policy concerns that might be raised if a proposed policy is adopted by the Board. The GAC responded by requesting the ICANN Board to consider the GAC Minority Statement in its entirety, as well as available options to address the outstanding public policy concerns expressed therein. The Board has taken note of the comments received during the public comment period which seem to echo the sentiments of the minority statements, in which some are of the view that some of the recommendations do not go far enough while others question whether these are even necessary. The Board observes that these positions were also known to the EPDP Phase 2A Working Group as well as the GNSO Council who adopted the recommendations with the required GNSO Supermajority support.

      Are there positive or negative community impacts?

      Although the recommendations do not create new obligations for Contracted Parties, the recommendations are intended to facilitate differentiation between legal and natural person registration data as well as personal and non-personal data for those Contracted Parties that choose to differentiate, in line with the EPDP Phase 1 recommendations. In addition, Contracted Parties who choose to publish a registrant-based or registration-based email address may benefit from the guidance provided. Promotion of this guidance may furthermore help standardize the way in which Contracted Parties who choose to differentiate implement this in practice.

      Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?

      There may be fiscal impacts on ICANN associated with the implementation of policy recommendations. These would be related to the use of ICANN org resources to implement the recommendations.

      Implementation Considerations considered

      The creation of a field or fields would require coordination and work through the Internet Engineering Task Force (IETF). ICANN org participates voluntarily and org staff act in their individual capacity in the IETF. Therefore, ICANN org staff can coordinate with the technical community/RDAP WG to put forward relevant proposals in IETF Working Groups to develop the necessary standards; however, it is ultimately up to the IETF to make the changes.

      ICANN org estimates that implementing Recommendation 1 would require coordination through the IETF for (1) EPP extension and (2) support in RDAP (i.e., jCard and JSContact). ICANN org estimates that the EPP extension could take between 12-24 months, depending on the milestones and priorities of the IETF Registration Protocols Extensions (REGEXT) Working Group. The IETF REGEXT WG is the home of the coordination effort for standards track extensions. In the case of RDAP, (i) adding support in jCard may require adding properties or values (e.g., KIND). ICANN org estimates that this should take between 6 – 12 months. (ii) Adding support in JSContact could take between 12 – 24 months depending on whether the change could make it into the current internet draft of JSContact or require an extension. The three lines of work: (a) EPP, (b) jCard, and (c) JSContact; could be done in parallel.

      In relation to recommendation #2, ICANN org has reiterated its previous feedback2 to the EPDP Phase 2A WG with regards to guidance for Contracted Parties. ICANN Contractual Compliance enforces requirements placed on contracted parties via the RA, RAA, and ICANN Consensus Policies, in furtherance of ICANN's mission, as recognized in the ICANN Bylaws. Guidance and best practices would exist outside these agreements and are not contractual requirements; thus, ICANN Contractual Compliance would not have contractual authority to take enforcement action against a contracted party related to its implementation of best practices or guidance, even if those best practices or guidance is developed through the EPDP Process.

      Are there any Security, Stability or Resiliency issues relating to the DNS?

      There are no security, stability, or resiliency issues relating to the DNS that can be directly attributable to the implementation of the EPDP recommendations.

      Is this decision in the public interest and within ICANN's mission?

      Consideration of community-developed policy recommendations is within ICANN's mission as defined at Article 1, section 1.1(i) of the ICANN Bylaws. This action serves the public interest, as ICANN has a core role as the "guardian" of the Domain Name System.

      Is this either a defined policy process within ICANN's Supporting Organizations or ICANN's Organizational Administrative Function decision requiring public comment or not requiring public comment?

      Public comment has taken place as required by the ICANN Bylaws and GNSO Operating Procedures in relation to GNSO policy development.

    4. Consideration of the Afilias Domains No. 3 Ltd. v. ICANN (.WEB) Independent Review Process Final Declaration

      Becky Burr, Chair of the Board Accountability Mechanisms Committee (BAMC), introduced the agenda item.  She noted that at its last meeting on 16 January 2022, the Board considered the final declaration Afilias Domains No. 3 Ltd. v. ICANN Independent Review Process (IRP) regarding .WEB (.WEB IRP) and, in part, resolved that further consideration is needed regarding the IRP Panel's non-binding recommendation that the Board considered and pronounced upon the question of whether the Domain Acquisition Agreement between Verisign and Nu Dotco violated the Guidebook and Auction Rules. The Board asked the BAMC to review, consider, and evaluate the IRP Panel non-binding recommendation, and to provide the Board with the BAMC's findings to consider and act upon before the organization takes any further action toward contracting for or delegation of .WEB.  Becky stated that the following proposed resolution asks the BAMC to take a substantive look at these issues, and that the Board is not making any findings today regarding the issues that it is asking the BAMC to evaluate.

      Edmon Chung and James Galvin noted potential and direct conflicts of interest and recused themselves from consideration of the matter.

      Following discussion, León Sánchez moved and Becky seconded. The Chair called for a vote and the Board took the following actions:

      Whereas, the Final Declaration in the Afilias Domains No. 3 Ltd. (Afilias)3 v. ICANN Independent Review Process (IRP) regarding .WEB (.WEB IRP) was deemed "final" as of 21 December 2021 when the IRP Panel denied Afilias' subsequent challenge.

      Whereas, on 16 January 2022, the Board considered the Final Declaration and, in part, resolved that further consideration is needed regarding the IRP Panel's non-binding recommendation that ICANN "stay any and all action or decision that would further the delegation of the .WEB gTLD until such time as the [ICANN] Board has considered the opinion of the Panel in this Final Decision, and, in particular (a) considered and pronounced upon the question of whether the DAA complied with the New gTLD Program Rules following [Afilias'] complaints that it violated the Guidebook and Auction Rules and, as the case may be, (b) determined whether by reason of any violation of the Guidebook and Auction Rules, NDC's application for .WEB should be rejected and its bids at the auction disqualified."

      Whereas, pursuant to its 16 January 2022 resolution, the Board asked the Board Accountability Mechanisms Committee (BAMC) to review, consider, and evaluate the IRP Panel's Final Declaration and recommendation, and to provide the Board with its findings to consider and act upon before the organization takes any further action toward contracting for or delegation of .WEB.

      Whereas, the BAMC has reviewed, considered, and evaluated the IRP Panel's Final Declaration and recommendation, as well as other relevant materials. As a result, the BAMC has recommended that the Board take the following next steps relating to .WEB: (a) ask the BAMC to review, consider and evaluate the claims relating to the Domain Acquisition Agreement (DAA) between Nu Dotco LLC (NDC) and Verisign, Inc. and the claims relating to Afilias' conduct during the Auction Blackout Period; (b) ask the BAMC to provide the Board with its findings and recommendations as to whether the alleged actions of NDC and/or Afilias warrant disqualification or other consequences, if any, related to any relevant .WEB application; and (c) direct ICANN org to continue refraining from contracting for or delegation of .WEB until ICANN has made its determination regarding the .WEB application(s).

      Resolved (2022.03.10.06), the Board hereby: (a) asks the BAMC to review, consider and evaluate the allegations relating to the Domain Acquisition Agreement (DAA) between NDC and Verisign and the allegations relating to Afilias' conduct during the Auction Blackout Period; (b) asks the BAMC to provide the Board with its findings and recommendations as to whether the alleged actions of NDC and/or Afilias warrant disqualification or other consequences, if any, related to any relevant .WEB application; and (c) directs ICANN org to continue refraining from contracting for or delegation of the .WEB gTLD until ICANN has made its determination regarding the .WEB application(s).

      Fifteen Board Directors present voted in favor of Resolutions 2022.03.10.04 and 2022.03.10.05. Edmon Chung abstained from voting.  The Resolution passed.

      Rationale for Resolution 2022.03.10.06

      Seven applicants submitted applications for the right to operate .WEB, including Afilias Domains No. 3 Ltd. (Afilias)4 and Nu Dotco LLC (NDC), and, as the members of the .WEB contention set did not privately resolve contention, the applicants went to an ICANN auction of last resort. An auction was held on 27-28 July 2016, which concluded with NDC prevailing with a bid of US$135 million. Shortly thereafter, Verisign Inc. (Verisign) publicly disclosed that, pursuant to an agreement it had entered with NDC, Verisign provided the funds for NDC's bid in exchange for, among other things, NDC's future assignment of the .WEB registry agreement to Verisign, subject to ICANN's consent.

      Afilias initiated an Independent Review Process regarding .WEB (.WEB IRP) in November 2018, alleging that NDC had violated the Guidebook and/or Auction Rules as a result of its arrangement with Verisign and that ICANN had violated the Bylaws by failing to disqualify NDC. NDC and Verisign asked to participate as amici curiae in the IRP, which the Panel granted. The merits hearing took place on 3-11 August 2020, and the IRP Panel issued its Final Declaration on 20 May 2021, which the Panel later corrected for certain typographical errors, effective 15 July 2021.

      In the Final Declaration, the IRP Panel, among other things, specifically denied Afilias' requests for: (a) a binding declaration that ICANN must disqualify NDC's bid for .WEB for violating the Guidebook and Auction Rules; and (b) an order directing ICANN to proceed with contracting for .WEB with Afilias. The Panel noted that: "it is for [ICANN], that has the requisite knowledge, expertise, and experience, to pronounce in the first instance on the propriety of the [Domain Acquisition Agreement (DAA)] under the New gTLD Program Rules, and on the question of whether NDC's application should be rejected and its bids at the auction disqualified by reason of its alleged violations of the Guidebook and Auction Rules."

      The Panel further declared, among other things, that ICANN had violated its Articles of Incorporation (Articles) and Bylaws by not applying documented policies objectively and fairly in that: (a) ICANN staff did not decide whether the DAA between NDC and Verisign relating to .WEB violated the Guidebook and Auction Rules, and moved forward toward contracting with NDC in June 2018 without first having made that decision; and (b) the ICANN Board did not prevent staff from moving toward contracting in June 2018 or decide whether the DAA violated the Guidebook and Auction Rules once accountability mechanisms had been resolved.

      In addition, the Panel issued a non-binding recommendation that ICANN "stay any and all action or decision that would further the delegation of the .WEB gTLD until such time as the [ICANN] Board has considered the opinion of the Panel in this Final Decision, and, in particular (a) considered and pronounced upon the question of whether the DAA complied with the New gTLD Program Rules following [Afilias'] complaints that it violated the Guidebook and Auction Rules and, as the case may be, (b) determined whether by reason of any violation of the Guidebook and Auction Rules, NDC's application for .WEB should be rejected and its bids at the auction disqualified."

      Once the Final Declaration became "final," after resolution of Afilias' request for "interpretation and correction" (which the Panel determined was a "frivolous" request) on 21 December 2021, the Board considered the Final Declaration at its 16 January 2022 meeting and adopted the following resolutions:

      • "[T]he Board acknowledges that the Panel declared the following: (i) Afilias is the prevailing party in the Afilias Domains No. 3 Ltd. v. ICANN Independent Review Process; (ii) ICANN violated its Articles of Incorporation and Bylaws in the manner set forth in the Final Declaration; and (iii) ICANN shall reimburse Afilias the sum of US$450,000 for its legal costs relating to the Emergency Interim Relief proceedings; and (iv) ICANN shall reimburse Afilias the sum of US$479,458.27 for its share of the IRP costs."
      • "[T]he Board directs the President and CEO, or his designee(s), to take all steps necessary to reimburse Afilias in the amount of US$450,000 in legal fees and US$479,458.27 for its share of the IRP costs in furtherance of the Panel's Final Declaration."
      • "[F]urther consideration is needed regarding the IRP Panel's non-binding recommendation that ICANN 'stay any and all action or decision that would further the delegation of the .WEB gTLD until such time as the [ICANN] Board has considered the opinion of the Panel in this Final Decision, and, in particular (a) considered and pronounced upon the question of whether the DAA complied with the New gTLD Program Rules following [Afilias'] complaints that it violated the Guidebook and Auction Rules and, as the case may be, (b) determined whether by reason of any violation of the Guidebook and Auction Rules, NDC's application for .WEB should be rejected and its bids at the auction disqualified.'"
      • "[T]he Board asks the Board Accountability Mechanisms Committee (BAMC) to review, consider, and evaluate the IRP Panel's Final Declaration and recommendation, and to provide the Board with its findings to consider and act upon before the organization takes any further action toward the processing of the .WEB application(s)."

      In accordance with the Board's 16 January 2022 resolutions, the BAMC reviewed and considered the IRP Panel's Final Declaration and recommendation, as well as correspondence to the ICANN Board from NDC and Verisign and from Altanovo Domains Limited (formerly Afilias) submitted since the Final Declaration was issued and other relevant materials. The Board also reviewed and considered these same materials, as well as additional correspondence from Altanovo and from NDC and Verisign, as identified in the accompanying Reference Materials.

      In the course of the .WEB IRP and through additional correspondence, Afilias has made numerous allegations regarding the DAA between NDC and Verisign, and requested that ICANN disqualify NDC's .WEB application, reject its winning bid, and then recognize Afilias as the winning bidder (which had the second highest bid in the auction). In addition, NDC and Verisign have made numerous allegations through the .WEB IRP and additional correspondence that Afilias violated the Auction Blackout Period, and requested that ICANN therefore disqualify Afilias' .WEB application.

      After reviewing the various allegations, IRP materials, and correspondence, the BAMC recommended that the Board take the following next steps relating to the .WEB applications: (a) ask the BAMC to review, consider and evaluate the claims relating to the DAA between NDC and Verisign and the claims relating to Afilias' conduct during the Auction Blackout Period; (b) ask the BAMC to provide the Board with its findings and recommendations as to whether the alleged actions of NDC and/or Afilias warrant disqualification or other consequences, if any, related to any relevant .WEB application; and (c) direct ICANN to continue refraining from contracting for or delegation of .WEB until ICANN has made its determination regarding the .WEB application(s).

      The Board agrees with the BAMC's recommendation and notes that, in light of certain of the IRP Panel's determination, it is appropriate and prudent for ICANN to undertake an analysis of the allegations regarding the DAA as well as the allegations regarding the Auction Blackout Period in order to determine if any consequences are warranted with respect to any of the .WEB applications before moving forward with processing NDC's .WEB application, as the prevailing bidder at the auction.

      The Board recognizes the importance of this decision and wants to make clear that it takes the results of all ICANN accountability mechanisms very seriously, which is why the BAMC and the Board are carefully considering and formulating the various next steps with regard to the .WEB applications. It is important that ICANN take sufficient time to consider all factors before taking any further action regarding .WEB.

      This action is within ICANN's Mission and is in the public interest as it is important to ensure that, in carrying out its Mission, ICANN is accountable to the community for operating within the Articles of Incorporation, Bylaws, and other established procedures. This accountability includes having a process in place by which a person or entity materially and adversely affected by a Board or organization action or inaction may challenge that action or inaction.

      Taking this decision is not expected to have a direct financial impact on ICANN. Further review and analysis of the allegations regarding NDC's and Afilias' actions will not have any direct impact on the security, stability or resiliency of the domain name system.

    5. This is an Organizational Administrative function that does not require public comment.

    6. AOB

      There were not any other busines items and thus no resolutions were taken.

Published on 13 May 2022


1 Registration data includes both domain data and contact data. The EPDP Team did not directly specify whether the new field(s) would be considered a domain object or a contact object. The Team's discussions, however, seem to imply that this field would be contact-related data. ICANN org will work with the dedicated Implementation Review Team to further clarify the technical details regarding the implementation of this recommendation.

2 Please note that the ICANN org liaisons provided the EPDP Team with the following feedback on how this guidance would be implemented once adopted: https://mm.icann.org/pipermail/gnso-epdp-team/2021-May/003904.html

3 Afilias Domains No. 3 Ltd. is now known as Altanovo Domains Limited. For consistency and ease of reference, we will continue to use "Afilias" to refer to the Claimant in this IRP.

4 Afilias Domains No. 3 Ltd. is now known as Altanovo Domains Limited. For consistency and ease of reference, we will continue to use "Afilias" to refer to the Claimant in this IRP.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."