Summary of RAA provisions and ICANN policies relating to rights and responsibilities of registrants
This document has been translated into several languages for informational purposes only. The original and authentic text of the document (in English) can be found at: http://www.icann.org/en/registrars/registrant-rights-responsibilities-en.htm
Background: One of the new provisions added in the 2009 RAA requires ICANN to develop, in consultation with registrars, a web page that sets out the rights and obligations of registrants. This publication is based on initial recommendations from a joint working group of the GNSO Council and the At-Large Advisory Committee and subsequent consultations with registrars; it provides simple and clear general statements of the rights and obligations of registrants as they are provided for under the 2009 RAA.
Introduction
This document provides a summary of the provisions relating to the rights and obligations of registrants set forth in the Registrar Accreditation Agreement (RAA) in plain language for publication on registrar websites. While some of the provisions here are not directly relevant to registrants, these provisions are also included in the document because of the potential importance of understanding the relationship between registrars and registries. This document also summarizes the rights and obligations of registrants under the ICANN Consensus Policies and Specifications, as these policies and specifications are included in the RAA.
The summary of provisions in this document does not supersede or replace the provisions set forth in the RAA or related specifications and policies.
Preamble
To register a domain name, the registered name holder (also known as a registrant) must use the services of an ICANN-accredited Registrar. To be accredited by ICANN, a registrar must enter into an agreement with ICANN called a Registrar Accreditation Agreement, or RAA. The RAA sets out various rights and responsibilities of registrants. In addition, registrants have additional rights and responsibilities set forth in the individual ICANN policies and specifications that registrars agree to follow.
RAAs and related policies are written using very specific, often legal, terminology. To help registrants better understand the rights and responsibilities of registering a domain name, these rights and responsibilities have been combined and presented in a separate document. The summary statements presented here do not override or replace the actual statements contained in the RAA or related policies and specifications.
Provisions of interest in the RAA
With respect to the RAA between ICANN and Registrar, no other party (including the Registered Name Holder) may sue ICANN or the Registrar alleging violation of the RAA.
Registrars may not claim that they are able to provide registrants with better access to any relevant TLD than other registrars.
Certain obligations of registrars are conditional on Registered Name Holders meeting certain responsibilities, including paying registration fees and providing registrars with all required data that is accurate and up to date. There are also certain situations in which registrars are required to provide notice to registered name holders. This includes notices regarding the expiration of registration and use of Registered Name Holder personal information, notices regarding the escrow of domain names registered through confidential or proxy registration services, and publication of fees for register name reinstatement. p>
Provision of data by registrars to registry operators
For all eligible TLDs, the registrar must provide certain information about each name registered in the TLD:
- Registered name (3.2.1.1);
- Primary and secondary name server IP addresses for the registered name (3.2.1.2);
- The corresponding names of these name servers (3.2.1.3);
- Registrar personal data, if not automatically generated by the registry system (3.2.1.4);
- Registration expiration date if not automatically generated by the registry system (3.2.1.5);
- Any other information that the registry operator may require (3.2.1.6).
Registered Name Holders are generally required to provide the Registrar with name server information (3.2.1.2–3), although Registered Name Holders may be required to provide additional information under Section 3.2.1.6. Upon Registered Name Holder updating any of the above information, Registrar must provide the updated information to Registry Operator within five (5) days.
DataWhois
Registrars must have an interactive web page and Whois service on port 43 to respond to public inquiries free of charge. The RAA defines certain data elements that must be provided in response to a request:
- Registered name (3.3.1.1);
- Primary and secondary name server names for the registered name (3.3.1.2);
- Registrar Personal Data (which may be submitted via the Registrar's website) (3.3.1.3);
- Original registration creation date (3.3.1.4);
- Registration expiration date (3.3.1.5);
- Name and mailing address of the registered name holder (3.3.1.6);
- Name, mailing address, email address, telephone number, and (if available) fax number of the technical contact for the registered name (3.3.1.7);
- Name, mailing address, email address, telephone number, and (if available) fax number of the administrative contact for the registered name (3.3.1.8).
These data elements are commonly referred to as Whois data. As discussed below, Registered Name Holders are required to provide the Registrar with timely updates to the Whois data for the Registered Name. Upon receipt of updates, the registrar must "promptly" update the Whois data. Registrars have the right to transfer the function of servicing public requests to a third party contractor.
The CAP allows registrars to provide bulk third party access to Whois data. When providing bulk access or access to Whois data through the public query response feature, the registrar must limit access to high-volume queries or impose other restrictions on the use of Whois data as specified in the RAA, including for marketing activities and bulk mailings. When a registrar transfers the public query service function to a third-party contractor, that registrar must require all contractors providing the service through port 43 to impose certain restrictions on access and use of Whois data.
Relationship with Registered Names
Registrars are required to maintain complete records of communications with Registered Name Holders, as well as information provided to registry operators.
Responsible storage of Registered Name Holder data
The Registrar must maintain a database to store all Whois data for all names registered under the registrar's accreditation, as well as all data that the registrar submits to the registry operator. In addition, for each registered name, the registrar must include in the database the name and (if available) mailing address, email address, telephone number, and fax number of a billing contact person.
In some cases, a registrant may decide to limit the amount of personal information that a registrar makes available through a Whois query. To do this, the name may be registered using a privacy service (which allows the registrant to hide his or her identifying information and often replaces that information with privacy service information). Customers may also choose to register names using a proxy service, where the holder of the registered name is a proxy who licenses the customer to use that domain name. In this situation, most or all of the required data elements contain information about the trustee as the registered name holder.
Registering a name using a privacy or proxy service affects the information entered into the database, and the registrar must do one of two things: the registrar must either (1) include the name and mailing address, email address, and telephone number provided by the customer in connection with each registration, even when using confidential or proxy registration, or (2) at the time the customer selects the confidential registration or proxy registration service, display a notice that the customer's data will not be deposited. If customer data is not escrowed, only the confidential or proxy registration service contact information is escrowed. If customer data is not escrowed and only privacy service or proxy information is maintained in the database, in the event of a registrar or registry termination, future notices may only be sent using the contact information stored in the database.
Business relations between the registrar and registrants
The RAA imposes many requirements on a registrar's business relationships, including its relationships with registered name holders.
Registrar may not activate a Registered Name until it receives sufficient assurance of payment of the registration fee from the Registered Name Holder.
The RAA sets forth the actions that a registrar may take at the end of a registration period if the Registered Name Holder does not consent to a renewal of the registration, including the registrar's cancellation of the registration at the end of the current registration period. If the Registered Name Holder does not consent to the renewal, the Registrar must ensure that the Registered Name is removed from the Registry database within 45 days of the registration expiration date.
The registrar's right to cancel the registration and the obligation to delete a domain name are not unconditional. Section 3.7.5.1 of the RAA sets out a list of potential “extenuating circumstances” under which a registrar may be permitted to renew a domain name registration even without the consent of the registered name holder. Such circumstances include, but are not limited to, an action against the registered name under the Uniform Domain Name Disputes Rules (UDRP), a court order, a bankruptcy proceeding, or a payment dispute. The Registrar must maintain a record of the reasons for renewal of registration without the consent of Registered Name Holders.
Registrars must provide each new registrant with notice of the registrar's policies regarding deletion and automatic renewal. If the registrar's policy regarding deletion changes during the term of the registration agreement, the registrar will be required to make efforts to inform registrants of these changes in policy. Detailed information regarding deletion and auto-renewal policies must be provided on all registrar websites for registering and renewing domain names, and the registrar must also list on those websites any fees charged for reinstating domain names during the registration reinstatement grace period. (30-day period during which a name remains in the registry in a “pending deletion” state).
If a registered name is the subject of a dispute under the UDRP at the time of deletion or expiration of the registration, then under the UDRP the applicant has the right to renew the registration of that domain name (or reinstate it if deleted). If an applicant renews or reinstates a name, the registrar must place the name in HOLD or LOCK status and update the Whois data to indicate that the name is in dispute. . Section 3.7.5.7 of the RAA also provides for the right of the original registrant of a domain name to reinstate or renew the registration of that name if the UDRP complaint is terminated without a decision or the decision is made in favor of the original registrant.
Agreement between Registrar and Registered Name Holder
Registrars must enter into registration agreements, either electronically or on paper, with all registered name holders. Under the RAA, the agreement between the registrar and the Registered Name Holder must include, at a minimum, the following clauses (as specified in RAA Sections 3.7.7.1 through 12).
- The Registered Name Holder must provide “accurate and reliable contact information” and “promptly correct and update it” during the term of the registration. The required information is listed in Section 3.7.7.1: “the full name, mailing address, email address, telephone number and, if available, fax number of the Registered Name Holder; the name of the authorized contact person if the Registered Name Holder is an organization, association or corporation, and the information listed in subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8."
- A Registered Name Holder who knowingly submits inaccurate or misleading information, willfully fails to timely update it, or fails to respond within fifteen (15) days to a registrar's request for accurate contact information will be in material breach of the agreement and may have its registration cancelled.< /li>
- Any person listed as a Registered Name Holder must provide complete contact information and is the official Registered Name Holder. Sometimes a registered name holder may register a domain name and then allow another person to use it (for example, this situation occurs when a website designer registers a domain name for his client). In this case, unless the actual user of the name (referred to in the RAA as a “third party”) has become a party to the agreement between the registrar and the registered name holder, the latter may be liable for the third party's misuse of the domain name. This will happen if the registered name holder is presented with “reasonable evidence of actionable injury” resulting from the use of the domain name by a third party. In such a situation, the Registered Name Holder "assumes liability for damages resulting from unlawful use of the Registered Name" unless the Registered Name Holder discloses the user's identity and current contact information.
- The Registrar must provide notice of how it intends to use the data submitted by the Registered Name Holder and identify the persons who will receive the data. The Registrar must also notify Registered Name Holders of how they can access and update their data. In addition, the registrar must determine what information the Registered Name Holder is required to provide to the registrar and what information may be provided on a voluntary basis. The Registered Name Holder must agree to all data processing terms.
- If the Registered Name Holder submits personal information to the Registrar on behalf of any person who has not signed the agreement between the Registrar and the Registered Name Holder (a “third party” referred to above), the Registered Name Holder must certify that it (1) has provided to such third party to the parties data processing notices identical to those provided by the registrar, and (2) has obtained similar consent from a third party regarding the terms of the registrar's data processing.
- Registrar may process Registered Name Holder Data only as specified in the processing notices described above.
- Registrar must agree to take reasonable precautions to protect Registered Name Holder data from “loss, misuse, unauthorized access or disclosure, alteration or destruction.”
- Registered Name Holders must make the following statement: "To the best of Registered Name Holder's knowledge, neither the registration of the Registered Name nor the manner in which it is used, directly or indirectly, infringes the legal rights of any third party." This means that the registered name holder must represent to the registrar that the domain name has not been registered for a use that would infringe the legal rights of others. An example of such an “infringement” would be the registration of a domain name that infringes a trademark that is owned by a person other than the holder of that registered name.
- If a dispute arises regarding the use of a registered name, the Registered Name Holder will be subject to the jurisdiction of a court in at least one of the following two places: the location of the registrar (often specified on the website or in the agreement between the registrar and the Registered Name Holder ) or "the registered name holder's place of business." “Legal address” is a concept that has a specific legal meaning, but is usually the location of the registered name holder as indicated in the required personal data submitted to the registrar. Consent to jurisdiction means that the Registered Name Holder agrees that the courts located in one of these locations have jurisdiction to decide matters of this nature.
- Registered Name Holder must agree that its registration is subject to “suspension, cancellation or transfer” for the reasons set forth in Section 3.7.7.11. These reasons include: If ICANN's adopted specification or registrar or registry policy or procedure requires "to correct registrar or registry operator errors in registering a name or to resolve disputes relating to a registered name." For example, the UDRP is a policy adopted by ICANN that states that a domain name administrative panel may order the domain name registration to be suspended, transferred, or canceled, and the Registered Name Holder must agree to that possibility.
- Registered Name Holder shall “indemnify and hold Registry Operator and its directors, officers, employees and agents harmless from and against any claims, damages, liabilities, costs and expenses, including reasonable attorneys' fees and expenses, arising out of or in connection with the registration of a domain name by the Registered Name Holder.” In its simplest form, this means that if the registry operator (or its employees, etc.) of a registered name is sued over the registration of a domain name by the registered name holder, the registry operator will pay the registry operator all costs and expenses of defending against the claim, and will also pay any fines or debts ordered by the court. “Redress” is not limited to legal claims alone.
Checking contact information
As discussed in more detail below, there are specifications and policies that may be adopted and applied to registrars. Certain specifications and policies may address the registrar's obligation to verify the contact information provided by the Registered Name Holder when the domain is initially registered and may also require periodic re-verification of this information.
Registrars must also take “reasonable steps” to verify contact information if notified by any person that the contact information for a registered name is inaccurate. The Registrar is also required to correct any inaccuracies in contact information that it becomes aware of, even if such inaccuracies have not been reported.
The Registrar is also required to keep its own contact information up to date, including a valid email address and postal address. This contact information must be published on the registrar's website.
Agreements with resellers
The RAA imposes obligations on registrars when working with third-party resellers - individuals or legal entities with whom the registrar enters into agreements to provide registration services. The RAA now requires registrars to include certain clauses in agreements between registrars and resellers, including the following: resellers are prohibited from representing that they are accredited by ICANN; Reseller registration agreements must contain all provisions that the registrar is required to include in its agreements with registered name holders; all links to all ICANN websites that the registrar is required to publish must be provided; The sponsoring registrar must be identified. If a customer uses a confidential or proxy registration reseller to register a domain name, the reseller must also do one of the following three things: (1) deposit the customer's personally identifiable information and contact information into the custody of the registrar; (2) transfer the client's identifying information and contact information for safekeeping to the depository; or (3) notify the customer that their contact information is not being escrowed.
The RAA also requires registrars to take enforcement action against resellers that violate any of its mandatory provisions.
Other policies and specifications
The Restored Name Accuracy Policy (http://www.icann.orghttp://www.icann.org/ru/registrars/rnap-ru.htm) requires that the registrar, when restoring a name (during the registration restoration grace period), removed due to false contact information or failure to respond to registrar requests, place the name in Registrar Hold until the registrant provides updated and accurate Whois information.
In addition to the RAA's requirement that the registered name holder state that, to the best of its knowledge, the registration or use of the domain name does not infringe the legal rights of third parties, the Uniform Domain Name Dispute Rules (UDRP) also requires requiring a statement that the domain name has not been registered for an unlawful purpose and will not be used in violation of any applicable law.
The UDRP Rules also require Registered Name Holders to participate in mandatory administrative proceedings to resolve disputes under the UDRP. These mandatory administrative proceedings described in the UDRP are disputes that are referred to one of ICANN's approved UDRP dispute resolution providers (a list of providers can be found at http://www.icann.orghttp://www.icann.org/ru /dndr/udrp/approved-providers-ru.htm) and are considered in accordance with the uniform UDRP Principles of Administrative Proceedings (set forth at http://www.icann.orghttp://www.icann.org/ru/dndr/udrp /uniform-rules-ru.htm). The requirement to participate in mandatory administrative proceedings does not mean that Registered Name Holders cannot be subject to litigation for the same or similar conduct. Similar to the jurisdictional requirements set forth in the RAA, the requirement to participate in a mandatory administrative proceeding means that the Registered Name Holder cannot challenge the right of a UDRP provider to litigate a dispute that has otherwise been properly submitted to the UDRP.
The Inter-Registrar Transfer Policy provides Registered Name Holders with the right to transfer domain name registrations from one registrar to another. The registrar change policy limits the time within which a registrar must respond to a transfer request. The right of transfer is not unconditional. There are ICANN and registry policies that impose restrictions on the right to transfer, including: restrictions on how long a domain name can be transferred (measured relative to the date of creation or previous transfer); Requiring the Registered Name Holder to submit the required authorization and documentation for review by the Registrar. The Registrar of Record has the right to refuse a transfer request only in the following specific cases.
- Signs of fraud.
- Actions under the Uniform Domain Name Dispute Rules (UDRP).
- Order of a court of competent jurisdiction.
- Reasonable disagreement regarding the identity of the Registered Name Holder or administrative contact.
- No payment for prior registration periods (including cancellations of prior credit card transactions) if the domain name registration expiration date has passed, or for previous or current registration periods if the domain name registration has not yet expired. However, in all such cases, the registrar of record must place the domain name in "Registrar Hold" status before denying the transfer request.
- The transfer contact's written objection to the transfer (for example, by email, fax, printed document, or other available means and process by which the transfer contact has explicitly and voluntarily expressed his or her objection) .
- The domain name is already in a locked state, provided that the registrar provides the registered name holder with a readily available and acceptable means of unblocking.
- The transfer request was received within 60 days of the creation date shown in the WHOIS record for this domain name.
- 60 days (or lesser period to be determined) have not yet elapsed since the transfer of the domain name registration (except for a transfer back to the original registrar in situations where both registrars are in agreement and/or as determined by resolution proceedings disputes).
A graphical representation of the life cycle of a typical registered gTLD name can be found at http://www.icann.org/en/registrars/gtld-lifecycle.htm. This chart may be useful as a source of more detailed information about the status of domain names after registration expiration.
There are official technical names for the states of a domain name, based on an Internet community draft request for comments. The required states are set by the registrar. If a registered name is in one of these states, the domain cannot be deleted and the registration cannot be changed. To make any changes, the registrar must change state.
There are many other possible ways of “infringing” others, and potential registered name holders are advised to seek independent advice if they are concerned that the registration or use of a domain name may infringe the rights of others.
Other jurisdictions may be specified in which disputes over the use of a registered name may be resolved, but these additional jurisdictions are not mentioned in the RAA.