ICANN83: Ten months to go until the application phase for the next round of new generic extensions

ICANN83

ICANN83, which has just taken place in the Czech capital, provided an opportunity to measure the progress made in setting up the next series of new generic top level domains, confirmed to start in April 2026. It was also an opportunity to continue the consultations begun at ICANN82 on developments to be considered to optimize the ICANN summits, and to focus attention on policy issues partly linked to the NIS2 cyber-security directive.

After registering online or on site, participants in the summits of ICANN, the Internet’s regulatory body, can view the agenda for the sessions scheduled during the summit. Prague hosted the 83rd ICANN Summit. For mid-year summits with no public forum and no opening ceremony, it’s always interesting to look at both ends of the agenda to identify the important topics of the moment.

The essential next round of new generic top level domains

It’s no surprise that participants of the first day of the summit were immersed in the Subpro process which concerns the introduction of a new round of new generic extensions promised for April 2026.

Indeed, ICANN83 was held just 10 months ahead of the next application window for all entities wishing to create their Internet extension. And this is a vital issue for the organization, firstly in financial terms, as ICANN has made major investments to strengthen and upgrade its infrastructures, and also to increase its workforce to manage the surge in activity as the window approaches. The stakes are also technical and legal, and in terms of reputation, as this process is highly engaging and impactful for all entities that will be taking the step of creating their own Internet extension in 2026.

On the implementation process and timeline, the good news is that the implementation schedule is on track. A first draft of the application guide book is open for public comments until July 23. The application submission window has been confirmed to last 12 to 15 weeks from April 2026.

If we look at the changes introduced in the next round compared to the one that took place in 2012, there is in particular the possibility of positioning oneself on a second choice of string. Once the requested strings have been revealed to the public – what ICANN refers to as the “Reveal Day” – applicants will have 14 calendar days to decide whether or not to position themselves on their second choice. This may make it possible to avoid an auction against entities that have positioned themselves on the same string. Private resolutions of disputes between candidates for the same string, authorized in 2012, will not be allowed in 2026.  This approach has been favored in order to divert the interest of entities interested in the next series for essentially speculative reasons.

The Applicant support program to help entities with funding or other resource issues is also more complete than it was in 2012, even if, as presented in Prague, there are only 22 applications in the draft stage at this stage.

ICANN also pointed out that the evaluation of technical operators has been partly automated and that, in terms of inclusiveness, more scripts will be taken into account in 2026: 33 in all. Indeed it will be possible to apply for internationalized Internet extensions, i.e. those written with diacritical characters, as required by many European languages, or characters from non-Latin scripts.

At the other end of the agenda was the future of ICANN meetings

Faced with engaging topics, the community of Internet users needs to exchange ideas and points of view and in this respect ICANN meetings are essential. Although since the covid pandemic in 2020, ICANN has opted for so-called “hybrid” formats, i.e. allowing participants to follow the sessions either face-to-face or remotely, ICANN has also had to cope with a significant increase in the costs of organizing these annual events. There are four in all, if we add a more operational summit to the three dedicated to domain name policy issues.

In Seattle, ICANN initiated a reflection on the future of these events in a community process called “How we meet”. In the equation for organizing these indispensable exchanges with the community, ICANN also indicated that it had to take into account the high demands of security, accessibility and inclusiveness.

At ICANN83, Sally Costerton, who is in charge of this topic, presented the results of a survey conducted among participants and stakeholder representatives, based on proposals for future meetings. Strongly supported proposals included prioritizing the location of meetings to venues offering economical travel deals, and establishing a policy to automatically transfer an ICANN meeting to an online format in the event of unforeseen circumstances requiring a meeting to be moved from a scheduled venue.

Still 72% in favor, the reduction by one day of the two Community Forums, which correspond to the first and third ICANN annual meetings, and the reorganization of the session agenda by moving the public forum and the forum on geopolitical aspects from the last to the first day of the Community Forum. The underlying idea here is to reduce the rental period for a plenary room to a single day instead of taking it for the whole meeting. There are no small savings.

On the other hand, the principle of converting one of the annual meetings into a purely remote format was widely rejected. The working group that has taken up this subject has recorded these elements in a report, and is now continuing its discussions with a view to reaching a decision.

The NIS2 cybersecurity directive is not far off

At the time of the ICANN83 Summit, 14 European Union countries had transposed the NIS2 cybersecurity directive into their national laws. These transpositions are of interest to ICANN, as several subjects are linked to the domain name component of the directive, as set out in Article 28.

Related topics include the accuracy of registration data, and access to domain name registration data for legitimate purposes through a Standardized System of Access to Registration Data (SSAD) outlined in 2020 with the ePDP Phase 2 policy development process. While the review of policy measures concerning the accuracy of registration data has been paused, the implementation of SSAD is still uncertain. A prototype called Registration Data Request Service (RDRS) has been tested for almost two years now, and ICANN is in the feedback stage.

The Governmental Advisory Committee, which represents governments, once again reiterated at the summit that requests for access to registration data, if urgent and linked to legal issues, must be processed within 24 hours. The new Registration Data Policy, which will come into full effect at the end of August 2025, has left this notion of timeframe somewhat vague. Behind this notion of urgent requests, it was recalled that these are requests that involve an imminent risk of threat to life, serious injury, damage to critical infrastructure or exploitation of children, in cases where disclosure of the data is necessary to combat or remedy this threat. The notion of critical infrastructure refers to physical and cyber systems considered essential by governments for the functioning of society and the economy, and deserving special protection for national security.

One of the central topics at ICANN83 was how to manage the authentication of entities that would benefit from prioritization.

Also related to NIS2 was the presentation of a study by the DNS Research Federation on the territorial impact of the NIS2 directive. The study, carried out on over 8 million domain names, shows that European registries have almost 70% of their name holders outside the EU, a proportion which drops to 29% for registrars. It also shows that for all EU-based entities, there is a large offshore customer base. This is particularly important for registries, but also for registrars and resellers. This difference is due in particular to increased market concentration.

Nameshield is historically a sovereign European corporate registrar, ISO27001 certified since 2017 and with its own CERT. Our expertise guarantees NIS2 compliance for your intangible assets.

Regarding the next series of new generic extensions arriving next year, Nameshield also reminds you that now is the time to ask yourself if you should position yourself on a .brand extension creation project. Indeed, as ICANN83 has shown with regard to the financial support scheme for applicants seeking financial support from ICANN, many entities simply don’t know whether they should participate, and if so, how they should go about it. While some will also delay in order not to reveal their intentions too early, the risk for these entities is to let the deadlines slip. Both the Applicant support program and the application window have start and end dates. The Applicant support program closes in November 2025, while the next application window should close between July and August 2026.

Let’s meet to discuss these issues together, because opportunities to create your own exclusive Internet extension based on your brand are few and far between.

ICANN82: Stability, security and unity in opposition to current upheavals

The 2025 season of ICANN meetings on Internet governance kicked off in March in the Emerald City of Seattle in the United States of America. 2025, a year of ‘exceptional times’, as Tripti Sinha, the Chair of the Board of Directors, described it. At a time when the world is being turned upside down by geopolitical and technological developments such as AI and quantum computing, ICANN wants above all to look at ‘what can be controlled’ and at opportunities, with the preparation of the next series of new generic extensions and the fresh look of its President Kurt Erik ‘Kurtis’ Lindqvist, who took up his position 91 days before ICANN82.

The right time for an examination of conscience

On the occasion of his first summit as current ICANN President, Kurt Erik Lindqvist said he had been well received by the community. He hopes that the identification of problems will be anticipated in order to make ICANN’s processes more fluid and the organisation’s approach to become more agile. For the next series of new generic extensions, which is a crucial issue for the organisation, he stated that everything necessary is being done ‘to keep to the timetable’.

On the subject of financial sustainability, another central issue, Tripti Sinha recalled that ICANN was completing its 2026-2030 strategic plan to anticipate future needs. A plan that should promote a multi-stakeholder and inclusive approach, continue the culture of continuous improvement, focus attention with stakeholders on emerging technologies and strengthen the security and stability of the Internet. On a more serious note, she pointed out that we are in a world that has become ‘unpredictable’. She said that in ‘extraordinary times’, ‘the human spirit seeks stability, security and unity that are embodied in ICANN’s mission statements’ and that ‘ICANN must remain a reliable and stable institution.’

Kurt Erik Lindqvist now acting as CEO of ICANN

The opening ceremony was followed by a session led by Sally Costerton, who is now the President’s advisor on community engagement. She led a session on community feedback on the operation of the annual meetings organised by ICANN. While 1,828 people were registered for ICANN82 when it was launched, participants learned that the costs of the summits have increased by 31% between 2018 and 2024, currently representing a budget of USD 2.3 million per meeting. Various options were discussed, such as charging for attendance at summits or, more likely, reducing the number of face-to-face meetings or their duration.

The next series of new generic extensions is becoming clearer and clearer

While up until now we have heard talk of April 2026 as the opening date for submitting applications for new top level domains, the date of 25 April is now considered to be D Day. The cost of the next round is also known, with the application fee set at USD 227,000, as announced in former articles. This amount is based on a projection of 1,000 applications, which would enable a financial break-even point to be reached. The applicant support programme, which aims to support less favoured geographical areas, is also on track and is already accepting applications. At ICANN82 we learned that 13 applications had been initiated in the programme. On the other hand, the implementation of all the recommendations of the Subpro policy development process is still in progress. The current focus of work in progress includes the formulation of the new Registry agreement to be signed by future registry operators and the long awaited Applicant Guidebook.

Thirteen years after the previous series of new generic extensions, a session was also devoted to the ICANN Grant programme. The aim of this programme is to redistribute, through financial support, part of the reserve fund resulting from the auctions linked to multiple applications at the previous round. The auctions generated a reserve fund of 240 million dollars. For the 2024 cycle, an endowment of $10 million was earmarked for projects that had to meet a number of criteria. The programme was a victim of its own success, with 247 applications received from 64 countries for a total funding that would have amounted to 83 million US dollars.

ICANN policies under the shadow of cyber security legislations and new technologies

While the EU Member States are in the process of transposing the NIS2 cyber security directive into their national legislation, and in the United States the final arbitrations are underway for the latest version of the CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act), a number of related issues continue to be discussed at ICANN. One of these is access to domain name registration data for legitimate purposes. At the instigation of the GAC (Governmental Advisory Committee), which represents governments, ways of authenticating law enforcement requestors are being considered to enable them to be specifically identified so that they can be prioritised when requests for access to data are made. This future mechanism is intended above all to respond to specific cases of imminent threats linked to the exploitation of children, attacks on the integrity of individuals or critical infrastructures.

On the subject of malicious use of the DNS, almost a year after the implementation of binding measures for registry operators and registrars, ICANN’s compliance department has stated that 46 investigations are currently underway into abuse of the DNS, with mitigation measures affecting more than 5,400 domain names.

Another trend observed: the median time taken to fully remediate an abuse report is 7.5 days in the case of phishing and malware. This has fallen since the ICANN measures were introduced. Another shadow hanging over ICANN82 was the change of administration in the United States. Although it has had no impact on ICANN so far, the unpredictability of the new administration has raised a lot of questions among participants.

AI was also discussed in a specific session. As it was exposed AI technology, like Doctor Jekyll and Mr Hyde, can bring benefits when used as a resource, for example to mitigate abuse, but can also be used for malicious purposes by perpetrating increasingly sophisticated abuses. The subject of a governance framework was raised. This is a subject on which the Internet Governance Forum and the WSIS+20 global forum organised by the International Telecommunication Union and the United Nations should be working.

In conclusion, ICANN82 was marked by the curiosity aroused by the arrival on the scene of its new CEO, whose public forum at the end of the summit showed that everything he said was scrutinised and analysed. ICANN82 was a summit that did not shy away from the highly unstable technological, legislative and geopolitical context in which we find ourselves. In the face of this instability, we can offer solutions that provide security, reliability and stability. Just as we tend to say that real estate is a solid investment, the acquisition of a brand extension, a dot brand, with a view to the next round next year is also a solid investment. It allows you to become the owner of a piece of the Internet, a naming space protected from attacks, where addresses can be created that are deemed reliable, so that your targets can find you and that you can address them in complete confidence over the long term. These are times that also call for consideration of the notions of sovereignty and proximity. In this respect, Nameshield has been an independent European player for over 30 years, and the management of .brand projects is one of our areas of expertise.

ICANN81: A summit at a crossroads between challenges and difficulties 

ICANN81: A summit at a crossroads between challenges and difficulties 

Thursday 14 November saw the close of the 81st ICANN Summit, the Internet’s governing body. The summit took place on the banks of the Bosphorus between Asia and Europe, in Istanbul, Turkey. This summit is the last meeting of the global Internet community for the year 2024 before turning to 2025.

Tripti Sinha, who has just been reappointed Chair of the ICANN Board of Directors, opened her remarks at the Opening Ceremony of the 81st ICANN Summit with the observation: ‘The past year (editor’s note: 2024) has been a complicated for ICANN’.

ICANN, an organisation challenged on several fronts

Tensions between Russia, China and the West have never been so high. A geopolitical context that is putting the multipartite model of a globalised Internet under pressure, as ICANN is an organisation governed by American law, even if it claims to be apolitical. The conflict in the Middle East is never far away either. In particular, it has resurfaced at previous ICANN summits this year. Challenged about its role and legitimacy, ICANN is also faced with the change of presidency in the White House with a second term for Donald Trump, which gave rise to some unusual questions at the public forum that closed the summit. One participant referred to the unpredictability of the future President of the United States, which ‘increases the risk of conflict’, going so far as to wonder whether ‘ICANN can take control of American military systems’. While the answer to this question is, of course, no, Tripti Sinha has also raised the issue of ICANN’s liability, with legal action being taken against ICANN, and financial challenges, speaking of ‘financial difficulties’. ICANN’s operating costs have risen significantly in recent years, partly as a result of inflation. Inflation has led to significant increases in domain name prices, which in turn have led to a downturn in the market. ICANN, which derives part of its resources from domain names in return for a tax on each generic domain name, has also been affected.

A transition of presidency at the head of the organisation

Erik Lindqvist, the new President of ICANN, will officially take office on 9 December 2024.
Erik Lindqvist, the new President of ICANN, will officially take office on 9 December 2024.

At the opening of the summit, Erik Lindqvist, the future President of ICANN, gave a short speech to introduce himself and talk about his career. He will officially take up his new post on 9 December, taking over from Sally Costerton, who was applauded for her successful interim role.

Among the tasks expected of the new President, who will be based in Geneva, Switzerland, is a review of the organisation’s financial situation. Avenues for savings and new sources of funding were discussed, and a number of clear-cut opinions emerged. For example, should attendance at summits be made fee-paying, or should the venues chosen for these international meetings be rationalised to generate savings? The interaction of the new President with the various bodies is also expected and acclaimed. Defending the multi-stakeholder governance model in the current difficult context and ICANN’s ethical policies are two other important issues raised by the contracting parties.

New series of new generic extensions confirmed for 2026

Among the difficulties, ICANN must also succeed with the new series of new generic extensions. First of all, this means meeting the April 2026 deadline for the application window, a date that has been hammered home for several summits. Reassuringly, the recommendations of the Subsequent Procedures (Subpro) policy development process are being implemented at a good pace. The future application guide is on schedule, with a final version due to be delivered within a year. The future registry contract for new registry operators is also being considered. Unlike the candidates for the 2012 round, this new contract should be a single document covering all types of TLDs: open, community, brand and internationalised (editor’s note: in native language). It will include fourteen specifications, compared with the current thirteen, with the fourteenth covering TLD variants for multilingual TLDs.

Other issues on which ICANN reached a decision, there should be no private auctions to decide between candidates for the same TLD in 2026. Like a symbol or perhaps a marker, at the very end of the summit, the ICANN Board adopted the applicant support program for future applicants, a program that will involve a communications campaign in disadvantaged geographical areas at the beginning of 2025.

Capitalising on experience feedback

A number of issues recently initiated by ICANN are currently being evaluated. These include abuse of the domain name system. In April 2024, specific obligations came into force to compel registries and registrars to take action in the event of clear abuse. ICANN81 provided an opportunity to take stock of these measures after an initial six-month implementation phase. ICANN Compliance reports that it has initiated 363 complaints, often involving several domain names. Unsurprisingly, the most common abuses involved phishing campaigns.

Another element being tested is the Registration Data Request Service (RDRS). This is a prototype designed to gauge interest in a standardised platform for submitting and processing requests for access to domain name registration data for legitimate purposes. Over the course of a year, the RDRS collected requests for 13,000 names, a volume that remains low compared to the 170 million generic names. A related issue is the depreciation of the Whois protocol for domain name registration databases. This protocol, which has been in use since the 1980s, is due to give way to the RDAP protocol for generic domain names at the end of January 2025. ICANN Org has pointed out, however, that this new protocol is very rarely correctly deployed at this stage.

The tense international context was largely reflected at this summit on an organisation that will be starting 2025 with a new president at its head and a change of administration in the White House. ICANN has made no secret of the fact that it is facing a number of difficulties. The success of the next series of new gTLDs, a series that will have taken fourteen years to complete between 2012 and 2026, will be decisive in helping the organisation to emerge from this turbulent period. The stakes are high, firstly because ICANN is committed to holding this series in April 2026. A postponement of the date would further damage its credibility.

This series is also important given the investment required to prepare and hold it. The significantly higher application fees than in 2012, with a base amount of USD 227,000, may act as a brake. Investors, for their part, may not appreciate the abolition of private auctions to decide between applicants for the same TLD, with ICANN seeking, on the contrary, to curb speculation.  Nameshield, for its part, is convinced of the merits of this new round and, in particular, of dot brand extensions, the benefits of which will more than offset the investment required if applicants are properly accompanied. Nameshield is ready to help future project owners by providing them with a complete solution for their entire project cycle. If you have an Internet extension project, contact our experts who will be delighted to support you.

SSL/TLS certificate duration reduced to 45 days by 2027:Apple takes the first step

On October 9, Apple revealed to the CA/Browser Forum that it had posted a draft ballot for comment on GitHub regarding two important SSL/TLS certificate lifetime events:

  • Gradually reduce the maximum duration of public SSL/TLS certificates to 45 days by 2027;
     
  • Gradually reduce the reuse period for DCV challenges to 10 days by 2027.

In March 2023, in its “Moving Forward, Together” roadmap, Google announced its intention to offer the CA/B Forum a reduction on the maximum possible validity period for public TLS certificates going  from 398 days to 90 days. Since this announcement, the market has been feverishly awaiting for Google’s confirmation but most of all, for the implementation’s timetable… without success. For its part, Mozilla announced, a few weeks ago, its intention to follow Google’s lead on its Firefox browser, without adding any further detail.

Apple ultimately took the first step last week, announcing on October 9th its intention to both reduce the lifetime of certificates to 45 days (when the entire market was expecting 90 days) and to limit the duration of the DCV challenge to 10 days, according to the schedule below. A true bombshell:

Sep-15-2025 => certificates and DCV validation times reduced to 200 days

Sep-15-2026 => certificates and DCV validation times reduced to 100 days

Apr-15-2027 => certificates and DCV validation times reduced to 45 days

Sep-15-2027 => DCV Validation time: 10 days

Information on the background and analysis of this announcement, the expected outcomes and how to prepare for them will undoubtedly be useful:

Context and Analysis:

At this stage, the publication is likely to be commented by market players prior to the formal drafting of the ballot within the CA/B Forum, which itself will be voted on by its members: the Internet browser publishers on the one hand (Google, Mozilla, Apple and Microsoft…) and the Certification Authorities on the other. Amendments are bound to be made, but the general idea remains and the machine is up and running.

Indeed, software publishers are all aligned on the need to reduce the lifetime of certificates, and among Certification Authorities, Sectigo, one of the major players in the certificate industry, is already supporting the initiative. It is likely that things will move rapidly from now on, with few comments and a ballot drafted in the coming weeks or months. We will then know more about the confirmation of the durations and timetable, and will of course make sure to keep you informed.

Expected Outcomes:

  • Certificate lifetime: whether 90 days, 45 days or even less, this reduction is no longer a surprise, and will have a major impact on public certificate portfolio. The certificates can no longer be managed manually. The market has begun its transition to automation, notably through CLMs (Certificate Lifecycle Managers). The issue at stake for companies and organizations will be to rely on partners who can offer as many interconnections as possible between Organizations, Certification Authorities and CLMs.
     
  • DCV challenge duration: Reducing the duration of the DCV challenge to 10 days, if validated, would have a considerable impact, perhaps even more so than reducing the lifetime of certificates. Up until now, the industry has pre-validated domain names for 398 days, using the DCV challenge only once. Apple’s announcement would thus force the use of a DCV challenge for virtually all orders, which would be a major paradigm shift and would involve interconnections with an additional brick in the ecosystem: the DNS. The DCV (Domain Control Validation) challenge involves intervening in the zone of the domain name(s) listed in the certificate, ideally instantaneously, to validate it.
     
  • Organization authentication duration: Apple has not announced anything on the subject of the validity period of organization authentication for OV certificates, which is currently 825 days. However, rumors are circulating that this may be reduced to 398 days or even 365 days.

How to be ready:

The key to successful certificates management lies in automation. A 45 days certificate lifetime represents 9 interventions per year per certificate. Manual management thus becomes utopian. We therefore need to rely on:

  1. Certificate Provider/Certification Authority (CA): a trusted partner who will support through your organizational and domain authentication issues. Service level is key to good management. A multi-CA partner is thus recommended to limit dependence on a single CA, as in the case of Entrust’s recent setbacks. 
     
  2. Registrar / Primary DNS: mastering the primary DNS of domain names listed in certificates will become the key to delivery. Each time a certificate is issued, a TXT or CNAME will be installed on the zone(s) in question. An interconnection between the CA and the DNS is vital.
     
  3. CLM editor: the CLM’s role is to inventory the certificate portfolio, to define certificate portfolio management rules and automate the entire process of orders, from the generation of CSRs to the deployment of certificates on servers. To function properly, the CLM relies on connectors with CAs or certificate suppliers.

Getting ready thus means identifying the most suitable solution, based on these three dimensions, and undertaking this analysis to understand the impacts in terms of process, technology, and budget – in an ideal world – before the end of the first half of 2025.

Nameshield’s approach:

Nameshield holds a unique position in the market as a registrar and supplier of multi-AC certificates. For over 10 years, we have been managing the day-to-day issues associated with authenticating organizations and domains using certificates. On the one hand, we have a privileged relationship with the biggest CAs on the market (Digicert, Sectigo, GlobalSign), and on the other, we master the DNS brick for DCV validation. As a result, we can issue public certificates almost instantaneously. Last but not least, Nameshield has connectors with the major players in the CLM market, allowing you to ensure a comprehensive connection between the various components involved in certificate management. This way, we can support you in anticipating all the issues mentioned above.

SSL/TLS certificate duration reduced to 45 days by 2027:Apple takes the first step

For more information, please contact our Sales team or our Certificates team.

Nameshield will be at the 38th Annual Marques Conference – From September 24 to 27, 2024 in Stockholm

Nameshield will be at the 38th Marques Annual Conference

Join the Nameshield team at the 2024 Annual Marques Conference, taking place from September 24 to 27, 2024 at the Radisson Blu Waterfront Hotel in Stockholm.

Nameshield is an ISO27001-certified software publisher and sovereign registrar, with 30 years of experience, that protects and defends its customers’ strategic domain names against cyber threats.

We consider that protecting online brands is more crucial than ever in the face of an increasing number of infringements, including:

  • Cybersquatting, which can damage brands’ reputations and mislead customers,
  • Fraud and scams, where similar domain names are used to create fraudulent websites, counterfeiting or fake shops,
  • Customer diversion, which redirects customers to competitors or malicious sites and trigger the loss of customers’ confidence in the brand, and in turn, the loss of revenue.

Nameshield has consequently developed a Brand Safety Chain (BSC) solution in order to shield brands’ safety, integrity, reputation and revenue in the digital ecosystem, with:

  • Continuous domain name monitoring and detection of fraudulent domain names,
  • Remediation services and support on the best action plan and procedures to implement.
  • Anti fake shop solutions, including detection, analysis reports and takedowns.

Come and meet us at stand 7.

Our team of trademark and intellectual property experts will be there to answer all of your questions.

For more information, please visit the event website : 2024 Marques Annual Conference.

ICANN80: Rwanda joins the small circle of sub-Saharan states to have hosted ICANN

ICANN80: Rwanda joins the small circle of sub-Saharan states to have hosted ICANN

Following on from Paris, which hosted the ICANN Contracted Parties Summit last May, the Rwandan capital has just hosted its first ICANN Summit devoted to Internet governance policy issues. Here’s a look back at what we learned from the event.

ICANN has found its new face

ICANN80 kicked off with the official appointment of Kurt Erik “Kurtis” Lindqvist as the future President and CEO of the organization. The 49-year-old Finn will officially succeed his predecessor Goran Marby, of Swedish origin, who resigned at the end of 2022. Sally Costerton’s interim appointment will therefore end on December 4, 2024, with Mr. Lindqvist officially taking office on December 5, 2024. Mr. Lindqvist has been CEO of the London Internet Exchange (LINX) since 2019. His appointment is the culmination of a long process that began with the creation of a search committee for a CEO. Initially, some 100 candidates representing over 20 countries in North and South America, Africa, Europe, Asia and Australasia were identified. After further evaluation, the list was whittled down to seven people (three women and four men) who were interviewed by the CEO’s selection committee. The selection process ended with the ICANN Board unanimously approving the choice of Mr. Lindqvist at a session held just before ICANN80. A first, the new CEO will be based in Geneva in Switzerland.

Spotlight on the Internet in Africa

You have to go back to June 2017 to find a city in sub-Saharan Africa hosting ICANN. Johannesburg, South Africa’s most populous city, hosted ICANN59. In June 2024, ICANN finally returned to Africa, with Rwanda as host country. A very good thing, given that Africa is still largely under-resourced when it comes to Internet access. The International Telecommunication Union estimated that by the end of 2021, 14.3% of African households had access to the Internet, compared with 57.4% worldwide. Fixed Internet connection is also more expensive than in other regions of the world in proportion to income. It represents 18.6% of gross national income (GNI) per capita, compared with a global average of 2.8%. The GAC, the body representing governments at ICANN, took advantage of the event in Kigali to organize a “High Level” governmental meeting. This brought together 50 countries with four sessions on the multi-stakeholder model, cooperation and governance, digital inclusion and support for connectivity. These issues are also at the heart of the United Nations’ Global Digital Compact, which calls for a more inclusive and equitable Internet. The African At-Large Regional Organization (AFRALO), one of the five At-Large regional organizations within ICANN (At-Large represents end-users), kicked off ICANN80 week with a round-table discussion on improving Internet infrastructure in Africa. For its part, ICANN Org recalled during the week’s Summit that in 2022 and 2023 two root servers have been made operational in Nairobi, Kenya and Cairo, Egypt. Most DNS root queries based on Africa therefore are now resolved in Africa. For example, the root server in Nairobi, Kenya, handles 40% of all DNS root requests for the continent. Prior to its installation, 35% to 40% of DNS query traffic traveled outside Africa for resolution. The two installations also increase the resilience of the global root server system for Internet users on the continent, and help to cope with the exponential increase in traffic expected on the continent over the next few years.

The promise of the next round of new generic extensions : an estimate of application fees finally made public

No fewer than eight sessions held on the first day of the summit addressed the future series of new generic extensions. ICANN Org pointed out that this program is designed to make the Internet more inclusive, relying in particular on the success of Internet extensions in users’ own languages – the so called internationalized extensions or IDNs. To date, there are 91 internationalized extensions among the 1172 generic extensions, a relatively low proportion. In country-code Top Level Domains (ccTLDs), the proportion of internationalized extensions is almost three times bigger, representing nearly 20% of the total. ICANN Org promotes this new series by pointing out the opportunity to create new generic extensions in native languages. For its part, the GAC is pushing for greater support for less-favored geographical areas. The intention is to make the new program more accessible to these areas with financial and operational support. ICANN Org has considered an amount of 2 million USD for this item, whereas the GAC estimates that the needs are more in the region of 10-16 million USD. The GAC has indicated that it hopes to be able to support at least 45 applications. 

These considerations obviously have to be set against the costs of a future application for a new gTLD project. On this much-anticipated point, ICANN Org has presented projections based on the number of applications received. While in 2012 there were 1,930 applications leading to some 1,240 delegated extensions, some of which have since been abandoned, we don’t know how successful the next round, which opens in April 2026, will be.

To recover its costs, ICANN Org estimates that the application fee should be 293,000 USD for 500 applications, 242,000 USD for 1,000 applications and 208,000 USD for 2,000 applications. In 2012, the application fee was 185,000 USD. It should also be noted that the median value of application fees submitted is around 259,000 USD.

A partial reimbursement of costs is considered if the costs retained prove to have been overestimated in view of a higher-than-estimated volume of applications. The question has been raised of how to reduce these fees, which means cutting budgets. ICANN Org has indicated that 13 million USD will be allocated to this program over 2025, for example, in staffing costs. As ICANN already has an operating budget that covers its payroll costs, question has been raised if these expenses are not covered twice (by the operational budget and the new gTLD program budget).

DNS abuse: first lessons from the contract amendments

ICANN80 was also an opportunity to take stock of the implementation of contractual amendments by registries and registrars to include remediation obligations for obvious DNS abuses such as phishing, malware or pharming practices. These measures came into force on April 5. ICANN’s Compliance Department reported that it had received 1,558 abuse-related complaints. 1,382 were invalid, either because they were not sufficiently substantiated or documented, or because they fell outside the organization’s scope of action. Some of them concerned ccTLDs (country code Top Level Domains) where ICANN has no jurisdiction. ICANN also reiterated that obvious abuses must first be reported to the registry operators and registrars who manage the concerned domain names.

ICANN80 remained above all a working summit with few announcements even if the new face of the organization was made official, information that nevertheless had been leaked a few days earlier. The appointment of « Kurtis » Lindqvist should not overshadow the fact that Sally Costerton has been acting as interim president of the organization for almost a year and a half now, and that during this time her determination has undoubtedly ensured that some topics move significantly forward, in particular the next series of new generic extensions which is now well underway. Work on implementing the policies and the future bidding applicant guide is progressing, and the bidding window envisaged for April – June 2026 now seems attainable. The range of application fees announced remains imprecise, ranging from 208,000 to 293,000 USD, depending on the volume of applications expected. While internationalized extensions were in the spotlight, it is above all geographical extensions and trademark extensions, the so called dot brands that are the most relevant. They will be an ally in the service of the security, performance and reputation of their owners. A genuine asset in an increasingly complex regulatory and legislative environment where cyber attacks are becoming increasingly sophisticated.  To make a success of your future extension project and benefit from optimized solutions for your online assets, the key is to be well accompanied.

From May 7 to 9, Paris hosted the ICANN Contracting Parties Summit

From May 7 to 9, Paris hosted the ICANN Contracting Parties Summit.

The last time Paris hosted ICANN was in 2008 for ICANN32. Sixteen years later, ICANN returns to the French capital for the Contracted Parties Summit. The latter is a special event in the organization’s agenda, as it is not a policy-oriented event like the three annual summits flanked by the edition number (Editor’s note: ICANN79, for example). Before the covid pandemic, ICANN met its stakeholders once a year at a dedicated event. These summits, highly focused on operational aspects, only resumed in 2022 and now only take place every two years.

Over the course of three days, the contracting parties – registry operators and registrars – have the opportunity, during working sessions, to communicate their needs to the organization by directly questioning the ICANN Board of Directors, and to exchange views on common issues. In particular, these meetings provide an opportunity to compare approaches to policy changes and contractual modifications to be implemented, while also taking into account changes in the regulatory and legislative framework. One of the three days was entirely devoted to workshops on the abuses to which the contracts of the contracting parties have evolved in 2024.

Although only 150 to 250 people in total took part in the event, with the public holiday no doubt having a negative impact on attendance, it has to be said that there was plenty to do on the subjects that directly impact the contracting parties.

As a consequence of the GDPR in force since 2018, a perennial policy, the Registration Data Policy has just been promulgated to replace the Temporary Specification. This must be implemented by August 2025. Stakeholders also had to implement two amendments to their contracts with ICANN. The first was a protocol transition from Whois to RDAP (Registration Data Access Protocol). The second concerns abuse, with new obligations that make contractors more accountable in the event of proven abuse. The summit provided an opportunity to hear initial feedback on this major issue, to which some service providers are more exposed than others. To this the legislative framework can be added, in particular the European NIS2 cyber security directive, which will also have a major impact on registries, DNS resolution service providers and registrars.  It will come into force in October of this year. The most advanced countries in terms of transposition into national law, notably Croatia and Belgium, have shown that they are fully in line with the initial text voted by the European Parliament at the end of 2022. And the next round of new generic extensions must be prepared for the next application window announced for April 2026.  

From now on, ICANN will be meeting the Internet community in Kigali, Rwanda, from June 10 to 13, to discuss developments in Internet naming policies. This will be ICANN80.

.TR: Extended priority period for the .TR extension in category 3

.TR Extended priority period

On February 14, we announced the opening of .TR registrations in category 3. This period was initially open until May 14, 2024.

TRABİS recently announced that this priority period for the “.TR” (category3) application for domains holders will be extended until August 7, 2024.

You still have until August 2024 to apply for a .TR equivalent to your existing .COM.TR / .ORG.TR / .NET.TR domain names.

The .TR opening to all is therefore also postponed, and will be announced at a later date.

Do not hesitate to contact your consultants and account managers if you have not yet reviewed your domain names portfolio in Turkey.

User trust at the heart of the latest CSA Summit in Cologne

From 22 to 24 April, Cologne hosted the Certified Senders Alliance Summit on the theme of “Trust fuels the future”. The event marked the 20th anniversary of the initiative.

Corporate communications have changed dramatically over the last 20 years with the rise of social networks. For example, Instagram now has more than 2 billion monthly users, YouTube more than 2.5 billion and Facebook more than 3 billion. These platforms were all launched between 2004 and 2010. While they have become an integral part of companies’ communications plans for addressing their users, the use of email is still very high, as there are still so many uses for email: sending email campaigns, newsletters, invoices or for example order confirmations. According to Statista, the overall volume of emails increased by 4.3% in 2023 compared with the previous year, with almost 347.3 billion emails sent worldwide every day. Another fact: on average, a person receives around 121 emails a day. These figures underline that email is not about to disappear.

Gartner nevertheless points out that concerns about email security are growing, with few companies escaping security incidents, with increasingly sophisticated phishing attacks using malicious links or attachments, for example, and data losses often linked to careless behaviour or human error. With this in mind, every year CSA brings together experts from the email ecosystem to discuss best practices and solutions for improving email quality and trust. The event is organised around a series of workshops, sessions, conferences and masterclasses.

Nameshield, which sponsored the event, pointed out that there can be no email security without secure domain names, which are critical business assets, and without a robust, high-performance DNS infrastructure. Email security therefore depends on the choice of your domain name provider and the cyber-security solutions it is able to offer its customers. These include the DMARC protocol, which protects users against fraudulent messages. Customised brand extensions also known as dot brands are another way of building brand confidence in the run-up to the next round of new generic extensions scheduled for April 2026.

Contact your Nameshield consultant for more information on all our solutions.

ICANN79: A summit that builds on decisions taken in 2023

ICANN79

After ICANN29 in 2007 and ICANN61 in 2018, Puerto Rico hosted its third Internet Governance Summit, ICANN79, at the beginning of March. Six days of meetings, exchanges and encounters in a studious atmosphere, with ongoing issues moving forward. The star topic: the next round of new generic extensions. Other major subjects, such as the NIS2 European cybersecurity directive and the appointment of a new President for the organisation, were discussed on the sidelines.

Three women at the centre of ICANN: Tripti Sinha on the left, Manal Ismail in the centre and Sally Costerton on the right

The next round of new generic extensions, a priority topic

On Saturday 2 March, the launch day of ICANN79, a session was held on the implementation of the recommendations from the Subpro policy development process (PDP), which aims to enable the launch of the next series of new generic Top level domains. This constituted an initial focus on this central issue, which is now bound to come to a conclusion as the next application window has been set for April 2026.

At this first session, attention was focused on the recommendations that the ICANN Board had not adopted as part of a resolution on the PDP passed in March 2023. At the previous summit (ICANN78), 14 recommendations remained outstanding, 6 were rejected. The body responsible for generic policies, the GNSO (Generic Naming Supporting Organization), which has got into the habit of creating small teams to work on blocking issues, has invited a small team to address these recommendations. At the same time, an implementation team is working on other recommendations approved by the ICANN Board and on the new version of the Applicant guide book. This central document for future applications is currently being written. Its finalised version should be available by the end of next year at the latest. At the end of ICANN79’s week of debates, it was clear that the work carried out during the many sessions on the next round had been fruitful. The Small Team found a compromise on the recommendations not approved by the ICANN Board and was even able to avoid a meeting scheduled in the summit agenda.

At least twelve ongoing topics

A GNSO session on Sunday provided an inventory of the policy development processes underway and those still being studied, such as the accuracy of registration data. The list includes at least twelve topics, some of which are blocked and where, due to the length of the process, the history is sometimes difficult to find for current GNSO members. This is the case for the protection of the names of inter- and non-inter-governmental organizations. Examples include the International Olympic Committee (IOC) and the Red Cross. In 2012, a PDP was launched to study the question of specific protection for the names of these bodies, bearing in mind that the contracts of the registry operators of the new generic extensions resulting from the 2012 round require them to be blocked from registration. At the beginning of 2019, the ICANN Board adopted the final recommendations of an extended PDP, which should enable them to be implemented. However, the body representing governments, the GAC, considered that not all the issues had been addressed, in particular that of specific protection for the acronyms of these organizations. This issue is still open today, and the recommendations have not yet been implemented.

Three women honoured at the Opening Ceremony

Monday marked the official launch of the summit, with the much-anticipated opening ceremony, which always takes place on a Monday morning. Tripti Sinha, Chair of the ICANN Board of Directors, recalled that the previous ICANN summit in San Juan took place “just after the devastating hurricane Maria”. She also referred to 2023, a year in which Sally Costerton took on the role of interim President of ICANN and in which ICANN celebrated its 25th anniversary in Hamburg. On the appointment of a new President for ICANN, participants were informed that the process is underway after listening to stakeholders in 2023. A group of candidates has emerged and will now lead to the selection of the future ICANN President and CEO. For her part, Sally Costerton repeatedly used the expression “superpower” to refer to ICANN’s mission to maintain a single global Internet. A difficult mission in a shifting geopolitical and technological context. But perhaps the most striking moment of the summit was the image of a third woman, Manal Ismail, who joined Tripti Sinha and Sally Costerton at the opening ceremony. Manal Ismail, who played an important role in the IANA transition and as chair of the GAC for more than five years, was honoured with the ICANN Community Excellence Award 2024.

Decisive milestones reached in 2023 which will materialize over the next three years

To the credit of ICANN’s current president, it must be said that many issues have moved forward under her leadership in 2023. If 2024 marks the entry into force of new obligations for registries and registrars on malicious uses, this is indeed the fruit of the work carried out last year. This central issue for Internet users had given rise to years of fruitless debates. The next round of new generic TLDs has made significant progress, with the adoption of recommendations and a roadmap towards a new application window now set for April 2026. We can add the Registration Data Policy, which will replace the Temporary Specification resulting from the GDPR (General Data Protection Regulation) by 2025. A related issue is the future Standardized System for Access to registration Data, which has entered an experimental phase in an attempt to reconcile protection with the need to respond to real needs for access to registration data. The inclusive Internet is entitled to a dedicated international day following the launch of the first UA Day (Universal Acceptance Day) in 2023. Finally, “ICANN grant”, a programme aimed at financially supporting projects to unify and make the Internet more inclusive, has also been launched. It is based on the substantial amounts raised by the 2012 auctions of new generic extensions. An envelope of USD 10 million will be allocated at the end of March.

We’re not winning on all fronts

While progress has been made on a number of fronts, there has been little progress on others. This is the case with a new holistic review of ICANN and the review of the organisation’s Accountability and Transparency. These reviews are necessary to bring about improvements in security and consumer choice, in the services associated with domain name registration databases, and in the security, stability and resilience of the DNS. This important subject is impacted by the many projects currently underway, and ICANN has also embarked on a continuous improvement project that could replace these processes.

As far as the European directive on NIS2 cybersecurity is concerned, the main point to note is that the contracting parties and the ICANN Board of Directors have emphasised that this legislation does not conflict with the ICANN policies in place. For the Board, which has indicated that it is working with the European Commission on this subject, there are, however, issues such as data accuracy that need to be considered.

While ICANN79 was not the subject of any noteworthy announcements, the main thing to remember is the studious atmosphere after a pivotal year in which many subjects passed decisive milestones towards their implementation. This is the case for the next series of new generic extensions, the previous one having been introduced twelve years ago. If a form of agility seems to have won over ICANN under the leadership of Sally Costerton and Tripti Sinha, this approach is also that of Nameshield, which adapts to your needs to provide you with tailor-made answers on the new TLD projects and many others.