Registrar Accreditation Agreement

The Registrar Accreditation Agreement (RAA) is the contract that governs the relationship between ICANN and its accredited registrars.

History[edit | edit source]

The RAA was originally one of several agreements between ICANN, the United States Department of Commerce (DOC), and Network Solutions, with the intent of enhancing and solidifying the competition between .com, .net, and .org TLD registrars. The Statement of Registrar Accreditation Policy for .com, .net, and .org top-level domains was adopted by the ICANN Board at the first ICANN Meeting, in Singapore.[1] The agreements that resulted from the guidelines outlined in the aforementioned policy were tentatively announced on September 28, 1999, and, after oral and written public comments, were revised and adopted by ICANN on November 4, 1999. At the time, registrars were allowed to take up the new agreement in place of their old agreement.[2]

On May 21, 2009, ICANN approved revisions to the RAA, which were intended to clarify the responsibilities of the registrars and the rights of the registrants. These revisions came about in response to market development and the significant growth in the number of accredited registrars and domain name registrations, and through a comprehensive review of the RAA and the Accreditation process called for in March 2007 by then-ICANN CEO Paul Twomey. This new RAA applies to all the new registrars, registrars that voluntarily adopt the contract prior to the renewal date, and to registrars that renew after the approval date.[3] But, following this revision, there were still those who thought the RAA did not do enough to address public concerns. Thus the RAA Drafting Team was formed, made up of members of the GNSO and the At-Large Community, to propose further revisions.

Law enforcement officials, particularly the Serious Organized Crime Agency (SOCA) in the United Kingdom and the United States Federal Bureau of Investigation (FBI), asked ICANN to implement procedures to curb the incidence of abuse in the domain name system (DNS). The two agencies proposed some measures to be incorporated in the RAA such as stronger verification of registrants' name, address, phone number, e-mail address and method of payment for domain names.[4]

In October 2011, at the ICANN 42 meeting in Dakar, Senegal, the ICANN Board approved the immediate negotiation between ICANN and Registrar Negotiation Team regarding the proposed amendments to the RAA. The amendment topics, which included law enforcement, registrant protection, and internet stability, were recommended by the Governmental Advisory Committee (GAC) and the GNSO Working Group. The result of the amendment negotiations was to be considered by ICANN during its meeting in Costa Rica in March 2012.[5]

On December 13th, ICANN announced an open comment period on the Preliminary GNSO Issue Report regarding the RAA amendments, to close one month later. Comments on the preliminary report were to be considered for the Final Issue Report, to be presented to the GNSO council following the closure of the comment period. This was done in anticipation of discussions at the ICANN 43 meeting in Costa Rica, at the request of the Board.[6]

Prior to the ICANN Meeting in Costa Rica, the RAA Negotiation Team submitted a summary of the negotiations on the RAA on March 1, 2012. The RAA Negotiation Team and ICANN indicated they had nearly reached an agreement on a majority of the topics discussed during the 13 negotiation sessions, in both principles and language. You can find the Summary of RAA Negotiations here.

Development[edit | edit source]

In September 2012, a working group related to the European Commission sent a letter to ICANN warning that its proposed additions to the RAA would infringe on European Privacy laws. The issues in question are the proposals to make registrars retain data about their customers for up to two years after registration, and by the idea that registrars should re-verify contact data every year. These proposals were discussed and supported by the GAC and the law enforcement voices within ICANN at ICANN 44 in Prague. This is potentially conflicting given that the GAC supported these measures and this pan-European body is coming down against it.[7]

In October 2012, just before the ICANN 45 Meeting in Toronto, ICANN CEO Fadi Chehadé stated that due to European privacy laws, European registrars may be exempt from the proposed new Whois verification requirements. It was emphasized that the GAC had already endorsed the measures, with relevant laws in mind. This suggestion would seemingly create 2 different RAAs, which would arguably create inequitable standards between international registrars.[8] This came after another European body, the Council of Europe, expressed its concern over the privacy requirements in the proposed RAA.[9]

In early 2013, ICANN and the Registrar Stakeholder Group hit an impasse in their negotiations. It seems that while they agree on many points, with both sides making concessions and compromises, the main sticking point was ICANN's insistence on a unilateral right to amend, which was also a contentious addition to ICANN's new Registry Agreement for new gTLD operators. The addition would give the ICANN Board the right to amend the RAA in any way it sees fit by a 2/3 majority vote. It seems that this may be part of the new CEO, Fadi Chehadé's, strategy at making the industry more accountable and better regarded, and also a way to avoid extended debate and negotiations over future contracts. ICANN published its suggested agreement for public comments in the midst of ongoing negotiations, given that the efforts had stalled.

Points of the agreement include: new Whois accuracy measures, featuring a challenge-response mechanism for first-time registrants via email or phone verification; addresses submitted will have to meet the Universal Postal Union standards, and phone numbers must conform to ITU formatting; the address will have to be verified to be an actual location, though proof of residence or ownership by the registrant will not be required; registrants providing false information that fails verification will have 15 days to correct the information before facing suspension of the domains. A further sticking point beyond the unilateral right to amend is ICANN's request that registrars verify their customer records, which tend to be more accurate than Whois records.[10]

During ICANN 46 in April of 2013, newer versions of the RAA and the Registry Agreement were both published for public comment[11]. After weeks of negotiations and drafts, the new RAA was approved by the ICANN board on June 27, 2013. The new version will be obligatory for registrars who dealing with new gTLDs, but it is not yet obligatory for .org, .info, or .biz.[12][13]

2023 Vote on Global Amendments[edit | edit source]

On 19 January 2023, contracted parties began voting on the proposed 2023 Global Amendments to the Base Generic Top-level Domain Registry Agreement (RA) and the 2013 Registrar Accreditation Agreement. The proposed global amendments specify operational requirements for providing Registration Data Directory Services (RDDS) via RDAP and detail the sunset of certain obligations for registries and registrars to provide RDDS via the WHOIS protocols. Contracted parties have 60 days to approve or reject the proposed global amendments. Voting is carried out by eBallot, a secure third-party online voting platform operated by Votenet. For approval, a majority threshold will have to be met for gTLD registries (over 50 percent) and ICANN-accredited registrars (90 percent).[14]

Contents of RAA[edit | edit source]

General Obligations of ICANN:

ICANN, under the RAA, is obliged to carry out its functions in an open manner and is to promote intensive competition between registrars. It should also not apply standards, procedures, or policies to single out registrars for disparate treatment unless it has a reasonable cause.

General Obligations of the Registrars:

Registrars are obliged to comply with all related ICANN-adopted policies. The Registrars are also obliged not to restrain competition.[15]

Members of the RAA Drafting Team[edit | edit source]

Some of the members of the RAA Drafting Team include: Nacho Amadoz, Dev Anand, David Cake, Karen Banks, Elisa Cooper, Phil Corwin, Paul Diaz, Avri Doria, William Drake, Chuck Gomez, Statton Hammock, Tatyana Khramtsova, Adrian Kinderis, Konstantino Komaitis, Phil Lodico, Rebecca Mackinnon, Steve Metallitz, Michele Neylon, Mike Rodenbaugh, Kristina Rosette, Wendy Seltzer, Marc Trachtenberg, Tim Ruiz

The complete RAA-DT membership list is available here

RAA Negotiation Topics and Developments[edit | edit source]

Topics discussed during negotiation sessions falls under four categories:[16]

The 2013 RAA Specification on Privacy and Proxy Registrations was set to expire on 31 July 2022. On July 28, 2022, ICANN Organization (specifically, GDD Accounts and Services), and the RrSG extended the expiration date of this Specification until such time as the Privacy and Proxy Service Provider Accreditation Program, which is currently on hold, has been implemented.[17][18]
  • Whois Data
  • Contract Administration

Feedback[edit | edit source]

.Nxt Criticism and Investigation on RAA Negotiations[edit | edit source]

Kieren McCarthy of .nxt alleged that ICANN conducted secret negotiations with registrars and it failed to provide adequate openness and transparency regarding the RAA negotiations. For this reason, .nxt conducted its own investigation to find out what actually transpired during the negotiations. In his article, he reported that the .nx investigation uncovered:[19]

  • Disagreements between registrars
  • ICANN was willing to "throw registrars under the bus" just to keep governments happy and show that problems are resolved
  • ICANN's negotiating team was under pressure to deliver results
  • Registrars were forced by ICANN to make public statements regarding the changes in the RAA, even though they did not have clear implementation policies
  • Some registrars refused to acknowledge the changes and were advocating walking away from the negotiations

Due to multiple breaches of the RAA, ICANN Terminates Registrar Accreditation Agreement (RAA) with Net 4 India Limited

NTIA[edit | edit source]

In October 2012, NTIA Secretary Larry Strickling wrote to ICANN in part to commend it on its recent successes and also to encourage it to continue to work on issues in need of further attention or improvement. One of the successes that Sec. Strickling notes is the "significant effort to accommodate the law enforcement recommendations, as endorsed by the ICANN's Governmental Advisory Committee (GAC), in a new Registrar Accreditation Agreement." NTIA participates in ICANN via the GAC.[20]

European Union[edit | edit source]

In January 2014, a European Union data protection body sent a letter to ICANN for the second time, saying that the 2013 RAA violated a number of EU privacy laws. The same body sent ICANN a letter in July of 2013 and ICANN responded by stating that the body did not have the legal authority to voice the opinion of the entire EU.[21]

References[edit | edit source]

External Links[edit | edit source]