DIDP Request #14: Keeping track of ICANN’s contracted parties: Registrars
In September 2016, we filed two separate DIDP requests regarding ICANN’s Contractual Compliance Goals.
The first one which we have written about here,[1] was regarding ICANN contracts with registries while the second one about registrars is briefed below. In our second request, we specifically asked for the following information:
- Copies of the registrar contractual compliance audit reports for all the audits carried out as well as external audit reports from the last year (2014-2015).
- A generic template of the notice served by ICANN before conducting such an audit.
- A list of the registrars to whom such notices were served in the last year.
- An account of the expenditure incurred by ICANN in carrying out the audit process.
- A list of the registrars that did not respond to the notice within a reasonable period of time.
- Reports of the site visits conducted by ICANN to ascertain compliance.
- Documents which identify the registrars who had committed material discrepancies in the terms of the contract.
- Documents pertaining to the actions taken in the event that there was found to be some form of contractual non-compliance.
- A copy of the registrar self-assessment form which is to be submitted to ICANN.
The DIDP request filed by Padmini Baruah can be viewed here.
What ICANN said
Information pertinent to item 1 and 3 can be found in the 2014 Contractual Compliance Annual Report here:https://www.icann.org/en/system/files/files/annual-2014-13feb15-en.pdf. While this report contains detailed information regarding the audit, individual audit reports are subject to the DIDP Defined Conditions for Nondisclosure.
ICANN provided a link to all the communication templates used during the audit process, including the notice served by ICANN prior to conducting audits. (Item 2) It can be found here: https://www.icann.org/en/system/files/files/audit-communication-template-04dec15-en.pdf. As mentioned in an earlier blog post, ICANN set aside USD 0.6 million for the Three Year Audit plan.[2] (item 4)
According to the Audit FAQ on ICANN website,[3] “If a contracted party reaches the enforcement phase per process, ICANN will issue a notice of breach in which the outstanding issues are noted. The response links us to the ICANN webpage where these breach notices are listed: https://www.icann.org/compliance/notices#notices-2014. (Item 5) According to the link, 61 registrars received breach notices in 2014; a full explanation has been provided for each notice. (Item 7 and 8) Since no site visits were conducted, ICANN does not possess any document regarding this.
According to the ICANN website, “The 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to complete an annual self-assessment and provide ICANN with a compliance certification by 20 January.”[4] The form for the same can be found here: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#compliance
ICANN’s response to our request can be found here.
[1] To be linked to the first post
[2] See FY15 budget (pg72): https://www.icann.org/en/system/files/files/adopted-opplan-budget-fy15-01dec14-en.pdf
[3] See Audit FAQ: https://www.icann.org/resources/pages/faqs-2012-10-31-en
[4] See CEO certification: https://www.icann.org/resources/pages/ceo-certification-2014-01-29-en