Frequently Asked Questions (FAQ): Submission of Annual Certifications and Internal Reviews

Q1: Who must submit an annual certification to the ICANN organization (ICANN org)?

A1: Registry operators that meet the conditions outlined in the contractual requirements below during at least part of the calendar year being reviewed are required to submit an annual certification to ICANN org. Not all registry operators are required to submit an Annual Certification of Compliance. Use the below quick reference table to evaluate if the registry operator is required to submit an Annual Certification of Compliance for a TLD and which case in the Naming Services portal (NSp) to submit.

	TLD Has Specification 13	TLD Has Code of Conduct Exemption (not through Specification 13)	RO or Registry Related Party Operates as Registrar or Reseller
Registry Operator Certification Required?	YES Submit the NSp case: Annual Certification of Compliance with Specification 13	YES Submit the NSp case: Annual Certification of Compliance with Code of Conduct Exemption	YES Submit the NSp case: Annual Certification of Compliance with Registry Operator Code of Conduct

Please also see Question 9 and 11 for additional guidance.

1. Annual Certification of Compliance with Registry Operator Code of Conduct (Section 3 of Specification 9 of the New gTLD Base Registry Agreement): If Registry Operator or a Registry Related Party (as defined by Section 1 of Specification 9) also operates as a provider of registrar or registrar-reseller services, Registry Operator will conduct internal reviews at least once per calendar year to ensure compliance with the Code of Conduct (Specification 9). Within twenty (20) calendar days following the end of each calendar year, Registry Operator will provide the results of its internal reviews, along with a certification executed by an executive officer of Registry Operator certifying as to Registry Operator's compliance with the Code of Conduct, via email to an address to be provided by ICANN. (ICANN may specify in the future the form and contents of such reports or that the reports be delivered by other reasonable means.)
2. Annual Certification of Compliance with Code of Conduct Notice of Exemption: Registry Operator agrees to conduct internal reviews at least once per calendar year to ensure continued compliance with the representations made in its Exemption Request and the exemption criteria set forth in ICANN's Code of Conduct Exemption Process. Within twenty (20) calendar days following the end of each calendar year, Registry Operator will provide ICANN org with a certification executed by one of its executive officers certifying continued compliance with the representations made in the Registry Operator's Exemption Request and the exemption criteria set forth in ICANN's Code of Conduct Exemption Process.
3. Annual Certification of Compliance with Specification 13 (Section 7 of the Specification 13 of the New gTLD Base Registry Agreement): Registry Operator agrees to conduct internal reviews at least once per calendar year to ensure that the relevant top-level domain (TLD) meets the requirements of the definition of a .Brand top-level domain. Within twenty (20) calendar days following the end of each calendar year, Registry Operator will provide ICANN org with the results of its internal review(s), along with a certification executed by one of its executive officers certifying that the relevant top-level domain meets the requirements of the definition of a .Brand top-level domain.

Q2: Are registry operators that meet the conditions outlined in the contractual requirements above required to submit all three types of annual certifications to ICANN org?

A2: No. The annual certification(s) submitted for any given year should align with the applicable contractual requirement(s). For example, if a registry operator had an active Specification 13 in effect for the entire year being reviewed, it would be required to submit only the Annual Certification of Compliance with Specification 13 (as Code of Conduct Exemption is automatically granted by way of Specification 13). If the same registry operator had an active Specification 13 in effect for only part of the year being reviewed – but was otherwise subject to the requirements of the Code of Conduct due to also operating as a provider of registrar-reseller services – then two annual certifications would be required for the year being reviewed.

The Annual Certification of Compliance with Registry Operator Code of Conduct is required for any registry operator that also operates – or has a Registry Related Party that also operates – as a provider of registrar or registrar‐reseller services, that has not been granted an exemption to the Code of Conduct whether directly or by way of Specification 13.

Q3: If a registry operator has been granted a Code of Conduct Notice of Exemption and Specification 13 separately, are two annual certifications required to be submitted to ICANN org?

A3: If the registry operator had an active Specification 13 (which includes Code of Conduct Exemption pursuant to Section 3 of Specification 13) in effect for the entire year being reviewed, then it is only required to submit an NSp case "Annual Certification of Compliance with Specification 13".

If a registry operator had an active Code of Conduct Notice of Exemption for the entire year being reviewed but not through having Specification 13, then it is only required to submit an NSp case "Annual Certification of Compliance with Code of Conduct Exemption".

If the registry operator had an active Specification 13 in effect for only part of the year but separately had an active Code of Conduct Notice of Exemption (i.e., not through Specification 13) in effect for the remainder of the year, then both the Annual Certification of Compliance with Specification 13 and Code of Conduct Notice of Exemption are required for the applicable portion of the year being reviewed for each certification.

Q4: Where can a registry operator look to determine if its TLD had an active Code of Conduct Notice of Exemption or Specification 13 in effect for the year being reviewed?

A4: You can find out whether a particular TLD had a Code of Conduct Notice of Exemption or Specification 13 in effect for the year being reviewed by looking at its registry agreement webpage. A list of all registry agreement webpages can be found on the gTLD Registry Agreements page.

Q5: When is the submission deadline for annual certifications?

A5: Registry operators that are required to submit an annual certification must do so by 20 January each year for the previous calendar year. Registry operators may start submitting the required certifications as of 1 January each year as the covered period should apply for the previous calendar year.

Q6: What is the "covered period" for the annual certifications?

A6: The "covered period" is the period of the prior calendar year for which the certification and its accompanying review results apply. It should correspond to the period of the prior calendar year for which the applicable contractual provision (i.e., Code of Conduct, Code of Conduct Exemption or Specification 13) was effective.

The certification and its accompanying review results should cover the entire prior calendar year (1 January - 31 December), if the relevant contractual provision was applicable during the entire prior calendar year.

The "covered period" should not include future dates.

Q7: Who is authorized to submit annual certifications?

A7: Any user credentialed on the registry operator's account in the Naming Services portal can submit the applicable annual compliance certification case type(s) in the Naming Services portal.

Q8: What is the method for a registry operator to submit an annual certification to ICANN org?

A8: Users credentialed in the Naming Services portal should submit the annual certification(s) by opening the applicable annual certification service request cases in the Naming Services portal:

• Annual Certification of Compliance with Code of Conduct
• Annual Certification of Compliance with Code of Conduct Exemption
• Annual Certification of Compliance with Specification 13

If the registry operator is unable to log in to the Naming Services portal, they can email globalsupport@icann.org for assistance.

Q9: What do the terms "Registry Related Party" and "Affiliate" refer to under the scope of Registry Operator Code of Conduct?

A9: A "Registry Related Party" is defined in Section 1, Specification 9 of the New gTLD Base Registry Agreement as a registry operator's parent, subsidiary, Affiliate, subcontractor (e.g., service provider) or other related entity to the extent such party is engaged in the provision of registry services with respect to the TLD.

An "Affiliate" is defined in Section 2.9(c) of the Registry Agreement as a person or entity that, directly or indirectly, through one or more intermediaries, or in combination with one or more other persons or entities, controls, is controlled by, or is under common control with, the person or entity specified. Registry operators are required to provide ICANN org with notification of its Affiliate relationships as required pursuant to Section 2.9(b). To notify ICANN org of such relationship(s), registry operators can use the "Cross-Ownership Notification" case type in the Naming Services portal.

Note: Please also see Question 11 for further guidance.

Q10: If a registry operator has not notified ICANN org of its Affiliate relationships as required pursuant to Section 2.9(b) of Registry Agreement, is the registry operator required to submit an Annual Certification of Compliance with Registry Operator Code of Conduct?

A10: Yes. A registry operator that has not previously provided ICANN org with notification of its Affiliate relationship(s) must do so immediately. The registry operator must also submit an Annual Certification of Compliance with Registry Operator Code of Conduct if the registry operator or its Affiliate (or any other Registry Related Party) also operates as a provider of registrar or registrar-reseller services. Information regarding how to provide ICANN org with notification of its Affiliate relationships can be found within the "Cross-Ownership Information" service request case in the Naming Services portal.

If a registry operator has a Registry Related Party other than an Affiliate that operates as a provider of registrar or registrar‐reseller services, the registry operator must submit an Annual Certification of Compliance with Registry Operator Code of Conduct, regardless of whether the registry operator has previously notified ICANN org of that relationship.

Q11: If there are no other reasons for a registry operator to submit an Annual Certification of Compliance, would that registry operator be required to submit if it subcontracts with a registry service provider (RSP) that is affiliated with a registrar/registrar-reseller?

A11: If a registry operator subcontracts services to an RSP who is unaffiliated with such registry operator, but the RSP is affiliated with a separate ICANN-accredited registrar/registrar-reseller, then that registry operator does not need to submit Annual Certification of Compliance with Registry Operator Code of Conduct.

However, if a registry operator has a Registry Related Party that operates as a provider of registrar or registrar‐reseller services, the registry operator must submit an applicable Annual Certification of Compliance.

Q12: How must a registry operator conduct its internal review(s)?

A12: It is up to each registry operator to determine how best to conduct its internal reviews and the format used to provide its results. Compliance with the requirement to document the results of internal reviews is determined on a case-by-case basis. ICANN org may request additional information to the extent necessary to determine compliance.

Q13: For purposes of the Annual Certification of Compliance with Registry Operator Code of Conduct, is the internal review of the Registry Related Party sufficient?

A13: No. The internal review and the results provided to ICANN org should cover both the registry operator itself, any Registry Related Party and/or the registry operator's registrar(s) or registrar-reseller(s).

Q14: With respect to reporting, are registry operators that meet one or more of the contractual requirements described in Answer 1 (A1) above required to submit an annual certification for a TLD that is not yet delegated or a delegated TLD that has not yet launched?

A14: Yes. The contractual requirements outlined in A1 above with respect to reporting take effect upon execution of the registry agreement or the applicable exemption to Code of Conduct, whether directly or by way of Specification 13, and are not dependent on delegation or operation of the TLD.

Q15: May a registry operator provide one annual certification for multiple TLDs?

A15: One annual certification may be provided for multiple TLDs only if all TLDs meet the conditions of the same contractual requirement outlined in A1 above.

Q16: When will a registry operator know if its submission of annual certifications along with the results of the internal review is deemed to be compliant by ICANN org?

A16: Once a registry operator submits the annual certification(s) and its results of the internal review(s) in the Naming Services portal, ICANN org will review the submitted information and contact the registry operator in case there are any requests for additional information.

Q17: May ICANN org publicly post a registry operator's internal review results?

A17: Yes. ICANN org is permitted to publicly post registry operator's internal review results.

Q18: Under what circumstance will ICANN org publicly post a registry operator's internal review results?

A18: While it may do so at any time, ICANN org does not expect to publish internal review results except in extraordinary circumstances. Such circumstances may include whether the results raise public interest or community concerns.

ICANN org remains bound by the provisions of Section 7.15 of the Registry Agreement with respect to the disclosure of confidential information (to the extent any such confidential information is included in any results or certification).