Contractual Compliance

Revision as of 19:55, 7 December 2021 by JP (talk | contribs)

The Office of Contractual Compliance is an ICANN department charged with gathering information from and enforcing the contractual compliance of registries and registrars through complaint-driven informal and formal resolution processes, ICANN-initiated monitoring, and random auditing.


The history of ICANN's compliance enforcement runs parallel to the history of the organization's agreements with contracted parties: specifically, registry agreements and registrar accreditation agreements with registries and registrars, respectively. Contractual Compliance's role changed over time as those agreements were amended to include additional expectations, obligations, and mandates of contracted parties.


Complaints commonly handled by this office include unauthorized domain name transfers or unsuccessful transfer requests; registry violations, such as providing more favorable treatment to some registrars; renewal reminders, fees, or redemption issues; and incorrect WHOIS data or access issues.[1]



The Audit Program is a continuous, ongoing activity that follows a recurring cycle. Each audit round consists of six phases:[2]

  1. Planning Phase: ICANN plans the audit scope and timeline.
  2. Request for Information Phase: ICANN issues a notice of audit to the selected contracted parties, who must compile information and respond to the audit request.
  3. Audit Phase: ICANN reviews, tests, and validates the responses to ensure compliance with the contractual obligations.
  4. Initial Report Phase: ICANN issues a confidential initial audit report to each auditee containing the initial findings and allowing the contracted party to address the findings or provide clarity.
  5. Remediation Phase: ICANN collaborates with the auditees to remediate issues.
  6. Final Report Phase: ICANN issues a confidential final audit report to each auditee. ICANN also summarizes the audit round in an overall audit report

DNS Abuse

On 6 November 2018, ICANN Contractual Compliance (Compliance) launched a Registry Operator Audit for Addressing DNS Security Threats[3]

Roles at ICANN

  • Senior Manager, Contractual Compliance Risk and Audit
  • SVP, Contractual Compliance & U.S. Government Engagement
  • Contractual Compliance Risk and Audit Senior Specialist
  • Contractual Compliance Lead
  • Sr. Manager, Contractual Compliance
  • Contractual Compliance Analyst
  • Contractual Compliance Specialist
  • Contractual Compliance Senior Specialist
