Skip to main content
Resources

Frequently Asked Questions (FAQ): Submission of Annual Certifications and Internal Reviews

Please note that the English language version of all translated content and documents are the official versions and that translations in other languages are for informational purposes only.

Q1: Who must submit an annual certification to the ICANN organization (ICANN org)?

A1: Registry operators that meet the conditions outlined in the contractual requirements below during at least part of the calendar year being reviewed are required to submit an annual certification to ICANN org:

  1. Annual Certification of Compliance with Registry Operator Code of Conduct (Section 3 of Specification 9 of the New gTLD Base Registry Agreement): If Registry Operator or a Registry Related Party (as defined by Section 1 of Specification 9) also operates as a provider of registrar or registrar-reseller services, Registry Operator will conduct internal reviews at least once per calendar year to ensure compliance with the Code of Conduct (Specification 9). Within twenty (20) calendar days following the end of each calendar year, Registry Operator will provide the results of its internal reviews, along with a certification executed by an executive officer of Registry Operator certifying as to Registry Operator's compliance with the Code of Conduct, via email or to an address to be provided by ICANN.
  2. Annual Certification of Compliance with Code of Conduct Notice of Exemption: Registry Operator agrees to conduct internal reviews at least once per calendar year to ensure continued compliance with the representations made in its Exemption Request and the exemption criteria set forth in ICANN's Code of Conduct Exemption Process. Within twenty (20) calendar days following the end of each calendar year, Registry Operator will provide ICANN with a certification executed by one of its executive officers certifying continued compliance with the representations made in the Registry Operator's Exemption Request and the exemption criteria set forth in ICANN's Code of Conduct Exemption Process.
  3. Annual Certification of Compliance with Specification 13 (Section 7 of the Specification 13 of the New gTLD Base Registry Agreement): Registry Operator agrees to conduct internal reviews at least once per calendar year to ensure that the relevant top-level domain (TLD) meets the requirements of the definition of a .Brand top-level domain. Within twenty (20) calendar days following the end of each calendar year, Registry Operator will provide ICANN with the results of its internal review(s), along with a certification executed by one of its executive officers certifying that the relevant top-level domain meets the requirements of the definition of a .Brand top-level domain.

Q2: Are registry operators that meet the conditions outlined in the contractual requirements above required to submit all three types of annual certifications to ICANN org?

A2: No. The annual certification(s) submitted for any given year should align with the applicable contractual requirement(s). For example, if a registry operator had an active Specification 13 in effect for the entire year being reviewed, it would be required to submit only the Annual Certification of Compliance with Specification 13. If the same registry operator had an active Specification 13 in effect for only part of the year being reviewed – but was otherwise subject to the requirements of the Code of Conduct due to also operating as a provider of registrar-reseller services – then two annual certifications would be required for the year being reviewed.

The Annual Certification of Compliance with Registry Operator Code of Conduct is required for any registry operator that also operates – or has a Registry Related Party that also operates – as a provider of registrar or registrar‐reseller services, that has not been granted an exemption to the Code of Conduct whether directly or by way of Specification 13.

Q3: If a registry operator has been granted both a Code of Conduct Notice of Exemption and Specification 13, are two annual certifications required to be submitted to ICANN org?

A3: If the registry operator had an active Specification 13 in effect for the entire year being reviewed, then it is required to submit an Annual Certification of Compliance with Specification 13. An Annual Certification of Compliance with Code of Conduct Notice of Exemption is not required for the same year.

If the registry operator had an active Specification 13 in effect for only part of the year being reviewed and had an active Code of Conduct Notice of Exemption in effect for the remainder of the year, then both the Annual Certification of Compliance with Specification 13 and Code of Conduct Notice of Exemption are required for the applicable portion of the year being reviewed for each certification.

Q4: Where can a registry operator look to determine if its TLD had an active Code of Conduct Notice of Exemption or Specification 13 in effect for the year being reviewed?

A4: You can find out whether a particular TLD had a Code of Conduct Notice of Exemption or Specification 13 in effect for the year being reviewed by looking at its registry agreement webpage. A list of all registry agreement webpages can be found here: https://www.icann.org/resources/pages/registries/registries-agreements-en.

Q5: When is the submission deadline for annual certifications?

A5: Registry operators that are required to submit an annual certification must do so by 20 January each year for the previous calendar year.

Q6: What is the "covered period" for the annual certifications?

A6: The "covered period" is the period of the prior calendar year for which the certification and its accompanying review results applies. It should correspond to the period of the prior calendar year for which the applicable contractual provision (i.e., Code of Conduct, Code of Conduct Exemption or Specification 13) was effective.

The certification and its accompanying review results should cover the entire prior calendar year (1 January - 31 December), if the relevant contractual provision was applicable during the entire prior calendar year.

The "covered period" should not include future dates.

Q7: Who is required to sign an annual certification?

A7: Annual certifications must be signed by an executive officer of the registry operator. Executive officers are typically high-level management officials of the registry operator and may include a chief executive officer (CEO), vice president (VP), secretary, chief financial officer (CFO) or equivalent position having overall legal or executive responsibility for the registry operator.

If a registry operator does not have an executive officer, the certifications must be signed by a senior management official having authority over the business. If the certifications are signed by a consultant who is managing the TLD, please provide ICANN org an explanation regarding why someone other than an executive officer has signed the certification and confirm the consultant has authority to certify the information on behalf of the registry operator. ICANN org may request additional information about the signatory.

Q8: What is the best method for a registry operator to submit an annual certification to ICANN org?

A8: The registry operator primary contact should submit the annual certification(s) by opening any of the applicable annual certification service request cases (namely "Annual Certification of Compliance with Code of Conduct", "Annual Certification of Compliance with Code of Conduct Exemption" and "Annual Certification of Compliance with Specification 13") in the Naming Services portal. If the registry operator is unable to log in to the Naming Services portal, they can email globalsupport@icann.org for assistance.

Q9: Are there any existing forms that registry operators can use to submit these annual certifications and results of internal reviews?

A9: Yes. To assist registry operators with submitting certifications, ICANN org has embedded certification forms in the "Annual Certification of Compliance with Code of Conduct", "Annual Certification of Compliance with Code of Conduct Exemption" and "Annual Certification of Compliance with Specification 13" service request cases in the Naming Services portal for each of the three certifications outlined in the contractual requirements. These forms are provided for registry operators' information and added efficiency.

Although the preferred method is to use the forms embedded into the Naming Services portal, registry operators may instead provide certifications utilizing their own forms or forms created by ICANN org and providing them to ICANN via a "General Inquiry" case in the Naming Services portal or by emailing globalsupport@icann.org. Downloadable ICANN org forms are available in the Document Library section of the Naming Services portal.

For expedited processing, when submitting annual certifications utilizing customized forms, registry operators are kindly asked to use the file naming convention below:

  1. [.TLD]-Annual Certification of Compliance with Registry Operator Code of Conduct
  2. [.TLD]-Annual Certification of Compliance with Code of Conduct Notice of Exemption
  3. [.TLD]-Annual Certification of Compliance with Specification 13

Q10: What do the terms "Registry Related Party" and "Affiliate" refer to under the scope of Registry Operator Code of Conduct?

A10: A "Registry Related Party" is defined in Section 1, Specification 9 of the New gTLD Base Registry Agreement as a registry operator's parent, subsidiary, Affiliate, subcontractor (e.g., service provider) or other related entity to the extent such party is engaged in the provision of registry services with respect to the TLD.

An "Affiliate" is defined in Section 2.9(c) of the Registry Agreement as a person or entity that, directly or indirectly, through one or more intermediaries, or in combination with one or more other persons or entities, controls, is controlled by, or is under common control with, the person or entity specified. Registry operators are required to provide ICANN org with notification of its Affiliate relationships as required pursuant to Section 2.9(b). To notify ICANN of such relationship(s), registry operators can use the "Cross-Ownership Information" case type in the Naming Services portal.

Q11: If a registry operator has not notified ICANN org of its Affiliate relationships as required pursuant to Section 2.9(b) of Registry Agreement, is the registry operator required to submit an Annual Certification of Compliance with Registry Operator Code of Conduct?

A11: Yes. A registry operator that has not previously provided ICANN org with notification of its Affiliate relationship(s) must do so immediately. The registry operator must also submit an Annual Certification of Compliance with Registry Operator Code of Conduct if the registry operator or its Affiliate (or any other Registry Related Party) also operates as a provider of registrar or registrar-reseller services. Information regarding how to provide ICANN org with notification of its Affiliate relationships can be found within the "Cross-Ownership Information" service request case in the Naming Services portal.

If a registry operator has a Registry Related Party other than an Affiliate that operates as a provider of registrar or registrar‐reseller services, the registry operator must submit an Annual Certification of Compliance with Registry Operator Code of Conduct, regardless of whether the registry operator has previously notified ICANN org of that relationship.

Q12: How must a registry operator conduct its internal review(s)?

A12: It is up to each registry operator to determine how best to conduct its internal reviews and the format used to provide its results. Compliance with the requirement to document the results of internal reviews is determined on a case-by-case basis. ICANN org may request additional information to the extent necessary to determine compliance.

Q13: For purposes of the Annual Certification of Compliance with Registry Operator Code of Conduct, is the internal review of the Registry Related Party sufficient?

A13: No. The internal review and the results provided to ICANN org should cover both the registry operator itself and also Registry Related Party and/or registry operator's registrar or registrar-reseller.

Q14: With respect to reporting, are registry operators that meet one or more of the contractual requirements described in Answer 1 (A1) above required to submit an annual certification for a TLD that is not yet delegated or a delegated TLD that has not yet launched?

A14: Yes. The contractual requirements outlined in A1 above with respect to reporting take effect upon execution of the registry agreement or the applicable exemption to Code of Conduct, whether directly or by way of Specification 13, and are not dependent on delegation or operation of the TLD.

Q15: May a registry operator provide one annual certification for multiple TLDs?

A15: One annual certification may be provided for multiple TLDs only if:

  1. All TLDs meet the conditions of the same contractual requirement outlined in A1 above.
  2. The signatory executing the annual certification on behalf of each TLD meets the signatory requirements and has authority to provide these representations.
  3. The certificate clearly lists the covered TLDs and the specific results for the internal review of each. If applicable, it may be specified that the review results for each TLD are identical.

Q16: When will a registry operator know if its submission of annual certifications along with the results of the internal review is deemed to be compliant by ICANN Contractual Compliance?

A16: Once a registry operator submits the annual certifications and its results of the internal reviews, the registry operator will receive a confirmation of receipt from ICANN org's Global Support Center. ICANN Contractual Compliance will review the submitted document(s) and contact the registry operator with any requests for additional information.

Q17: May ICANN org publicly post a registry operator's internal review results?

A17: Yes. ICANN org is permitted to publicly post registry operator's internal review results.

Q18: Under what circumstance will ICANN org publicly post a registry operator's internal review results?

A18: While it may do so at any time, ICANN org does not expect to publish internal review results except in extraordinary circumstances. Such circumstances may include whether the results raise public interest or community concerns.

ICANN org remains bound by the provisions of Section 7.15 of the Registry Agreement with respect to the disclosure of confidential information (to the extent any such confidential information is included in any results or certification).

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."