Skip to main content

Contractual Compliance Audit Program

ICANN's Contractual Compliance Audit objective is to ensure that contracted parties, registrars and registries comply with their agreements and the consensus policies. ICANN strives to achieve this goal first, via the prevention and informal resolution approach and second, through enforcement or formal resolution. Contractual compliance audits are an integral part of the prevention approach.

Goal of the Audit Program:

  • To allow ICANN to first identify and inform the contracted parties of any contractual compliance deficiencies found.
  • Properly manage and help remediate any deficiencies found

This process will ensure all contracted parties align and comply with their contractual obligations, including all consensus policies that are incorporated by reference into each of the contracts.

List of the Audit Programs

Three-Year Audit Program

The Three-Year Audit Program [PDF, 1.03 MB] which was initiated in 2012, will run for a three-year period. The goal is to audit all ICANN-accredited registrars and the Top-Level Domains (TLDs) that were launched before 2013 (except for ccTLDs, .arpa, .edu, .gov, and .mil), identify deficiencies and ensure that as many as possible are remediated and report back to the community. Each registry and registrar agreement will be randomly selected for audit over a three-year period:

  • Year one (2012) – one third (1/3) of the Registry and Registrar agreements from a complete list will be randomly selected and audited.
  • Year two (2013) – another one third (1/3) from the remaining list will be randomly selected and audited.
  • Year three (2014) – the remaining one third of all agreements (1/3) will be audited.

The Three-Year Audit Program Scope:

  • All ICANN-accredited registrars on the 2001 and 2009 RAAs
  • gTLD registries with which ICANN has contracts that launched before the year 2013: .aero, .asia, .biz, .cat, .com, .coop, .jobs, .info, .mobi, .museum, .name, .net,.org, .post, .pro, .tel, .travel, and .xxx.
  • Note that all agreements within scope incorporate by reference the ICANN consensus policies.

The Three-Year Audit Program Plan Guide

In an effort to promote awareness and knowledge of the provisions and test steps that are being considered in the audit plan, please refer to the following documents:

This update is provided for information purposes only. Please exercise judgment in using the information contained within this update to make conclusions or business decisions.

The Three-Year Audit Pre-Audit Notifications

Year-1 Registrar Pre Audit Notification [PDF, 283 KB]
Year-1 Registry Pre Audit Notifications [PDF, 287 KB]

Year-2 Registrar Pre Audit Notification [PDF, 227 KB]
Year-2 Registry Pre Audit Notifications [PDF, 299 KB]

Year-3 Registrar Pre Audit Notification [PDF, 226 KB]
Year-3 Registry Pre Audit Notifications [PDF, 298 KB]

Please click on the Risk Mitigation Plan link for an outline of controls to address potential conflicts of interest with the Contractual Compliance Audit Partner, KPMG.

Registrar Audit Notification Template [PDF, 335 KB]

The New Registry Agreement Audit Program

The scope of the New Registry Agreement audit program includes gTLDs that signed the July 2013 base registry agreement (the "Agreement") as amended from time to time, including all its Specifications and Public Interest Commitments. Please click on the 2014 New Registry Agreement Audit Program [PDF, 714 KB] to learn more about the overall audit objectives, the audit phases and timeline, and the Registry Agreement's provision under consideration.

New Registry Agreement Audit Pre-Audit Notifications

New Registry Agreement Pre Audit Notification [PDF, 236 KB] – 2014

Registry Audit Notification Template [PDF, 332 KB]

Please refer to the Audit Program Frequently Asked Questions for additional information.

View Past Audit Reports published by Contractual Compliance by clicking here

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."