ICANN

What ICANN Does

ICANN — the Internet Corporation for Assigned Names and Numbers — is a nonprofit organization founded on September 18, 1998, and headquartered in Los Angeles, California. It operates under a contract with the United States Department of Commerce (through the IANA functions contract, which transitioned to community oversight in 2016).

ICANN's core responsibilities:

• Coordinates the Domain Name System (DNS). ICANN ensures that domain names resolve to the correct IP addresses worldwide. It manages the root zone file — the authoritative list of all top-level domains — and coordinates updates to it.
• Allocates IP address space. ICANN oversees the global allocation of IP address blocks to the five Regional Internet Registries (RIRs): ARIN, RIPE NCC, APNIC, LACNIC, and AfriNIC.
• Accredits domain registrars. Any company that wants to sell domain names in gTLDs must be accredited by ICANN and comply with the Registrar Accreditation Agreement (RAA). As of 2024, approximately 2,800 registrars hold ICANN accreditation.
• Contracts with TLD registries. Each generic top-level domain (gTLD) registry operator — the organization that maintains the authoritative database for a TLD — enters into a Registry Agreement with ICANN specifying operational and policy requirements.
• Develops policy through a multistakeholder model. ICANN's policy development process involves governments, businesses, civil society, technical experts, and individual users. Policy recommendations flow from supporting organizations and advisory committees up to the ICANN Board of Directors.

What ICANN does not do:

• It does not regulate website content or online speech.
• It does not enforce trademarks directly — it creates the policy frameworks that enable trademark enforcement.
• It does not operate the DNS itself — that function is distributed across root server operators, registries, and registrars worldwide.

ICANN's Role in Brand Protection

ICANN has developed several mechanisms that are directly relevant to trademark owners and brand protection professionals.

UDRP (Uniform Domain-Name Dispute-Resolution Policy)

The UDRP was adopted by ICANN in 1999 and remains the primary administrative mechanism for resolving domain name disputes involving trademarks. It applies to all gTLDs and many ccTLDs.

To succeed in a UDRP proceeding, a trademark owner must prove three elements: (1) the domain is identical or confusingly similar to their mark, (2) the registrant has no rights or legitimate interests in the domain, and (3) the domain was registered and is being used in bad faith.

WIPO, the largest of six ICANN-approved dispute resolution providers, has resolved over 81,000 cases since 1999. The process typically takes about 60 days and costs from $1,500 for a single-panel decision.

URS (Uniform Rapid Suspension)

The URS was introduced alongside the New gTLD Program in 2013 as a faster, lower-cost complement to the UDRP. Key characteristics:

• Speed: decisions are typically issued within 17 days of filing.
• Cost: approximately $500 per filing — significantly less than UDRP.
• Higher burden of proof: complainants must meet a "clear and convincing evidence" standard, compared to the "preponderance of the evidence" standard in UDRP.
• Limited remedy: the URS can only suspend a domain name (redirecting it to an informational page for the remainder of its registration period). It cannot transfer the domain to the complainant.
• Scope: applies only to new gTLDs launched under the 2012 program. It does not cover legacy TLDs such as .com, .net, or .org.

The URS is best suited for clear-cut cases of infringement in new gTLD domains where the trademark owner wants quick suspension rather than domain acquisition.

TMCH (Trademark Clearinghouse)

The Trademark Clearinghouse is a centralized database of verified trademark records, created as part of the New gTLD Program to protect trademark owners during the launch of new top-level domains. It provides two key services:

• Sunrise Services. When a new gTLD launches, trademark owners with records in the TMCH receive priority registration during a "sunrise period" (minimum 30 days before general availability). This allows brand owners to defensively register their marks before the general public can.
• Trademark Claims Services. For at least 90 days after a new gTLD opens for general registration, anyone attempting to register a domain that matches a TMCH-recorded trademark receives a notification (a "Trademark Claims Notice") informing them of the existing trademark. If they proceed with registration, the trademark owner is notified.

The TMCH is operated by Deloitte (as the validation provider) and is administered under contract with ICANN. Trademark owners pay an annual fee per trademark record — approximately $150 per mark per year for a single-year registration, with discounts for multi-year terms.

RDAP: The New Domain Lookup System

For over two decades, WHOIS was the protocol used to look up domain name registration data — registrant name, contact information, registration and expiration dates, and nameservers. ICANN fully sunsetted the WHOIS protocol on January 28, 2025, replacing it with RDAP (Registration Data Access Protocol).

RDAP improves on WHOIS in several important ways:

• Machine-readable output. RDAP returns data in structured JSON format, making it far easier to parse programmatically than the freeform text output of WHOIS.
• Internationalization. RDAP supports internationalized domain names and contact data natively, using Unicode rather than ASCII-only encoding.
• Differentiated access. RDAP supports authentication and authorization, allowing registrars and registries to provide different levels of data access to different requestors. Public users see redacted data (consistent with GDPR requirements), while verified parties — such as law enforcement, IP professionals, and cybersecurity researchers — can request access to nonpublic registration data through formal processes.
• Standardized error handling and referrals. RDAP uses HTTP status codes and can redirect queries to the appropriate authoritative server.

Domain registration data can be looked up through ICANN's official tool at lookup.icann.org.

RDRS (Registration Data Request Service)

For cases where public RDAP data is insufficient — which is common since GDPR-driven redaction became standard in 2018 — ICANN launched the Registration Data Request Service (RDRS) in November 2023. RDRS provides a centralized portal for submitting requests to registrars for nonpublic registration data. Eligible requestors include law enforcement agencies, IP rights holders, cybersecurity professionals, and other parties with a legitimate interest.

RDRS does not guarantee data disclosure — that decision remains with the individual registrar. However, it standardizes the request process and creates an auditable record, replacing the inconsistent, ad hoc methods that existed previously.

The New gTLD Program

ICANN's New gTLD Program dramatically expanded the domain name landscape and, with it, the attack surface for brand abuse.

First Round (2012)

ICANN opened applications for new gTLDs in January 2012. The program received approximately 1,930 applications. Over 1,200 new gTLDs have been delegated into the root zone as a result, including extensions like .shop, .online, .brand, .law, and hundreds of others.

As of early 2026, the IANA root database contains approximately 1,593 TLDs — a number that reflects both new delegations and some revocations or withdrawals.

Next Round (2026)

ICANN's next application round for new gTLDs is scheduled to open on April 30, 2026. This will be the first opportunity to apply for new TLDs since 2012 and is expected to generate significant interest. Brand protection teams should be aware that each new TLD creates additional domains to monitor and defend.

Impact on Brand Protection

The expansion of the gTLD space has had a direct and measurable impact on brand protection workloads:

• Expanded attack surface. More TLDs means more possible domains that can be registered using a brand's name. A trademark owner who previously needed to monitor .com, .net, and a handful of ccTLDs now faces over 1,500 possible extensions.
• Increased monitoring costs. Defensive registration across all relevant TLDs is financially impractical for most organizations. Monitoring and enforcement have become the primary strategies.
• .Brand TLDs. The New gTLD Program introduced the concept of ".brand" TLDs — top-level domains operated exclusively by the brand owner. Examples include .apple, .google, and .bmw. Only the brand can create domains under these TLDs, providing a trusted namespace. However, .brand TLDs require significant investment (application fees started at $185,000) and ongoing registry operation costs, making them viable primarily for large enterprises.

Registrar Abuse Reporting

The 2013 Registrar Accreditation Agreement (RAA) established specific obligations for how registrars must handle reports of domain abuse:

• Published abuse contact. Every ICANN-accredited registrar must maintain and publish a dedicated abuse contact email address. This information is available in RDAP lookup results and on the registrar's website.
• 24-hour review requirement. Registrars are required to review abuse reports within 24 hours of receipt. This does not mean the registrar must act within 24 hours — only that they must acknowledge and begin reviewing the report.
• ICANN Compliance. If a registrar fails to respond to abuse reports or does not comply with its RAA obligations, brand owners can file a complaint with ICANN's Contractual Compliance department. ICANN Compliance can investigate, issue breach notices, and ultimately terminate a registrar's accreditation for persistent non-compliance.
• DAAR (Domain Abuse Activity Reporting). ICANN operates the DAAR project, which uses data from reputation providers to measure and report on domain abuse activity — including phishing, malware, spam, and botnet command-and-control — across all gTLDs. DAAR reports help identify TLDs and registrars with disproportionately high rates of abuse, providing useful intelligence for brand protection teams prioritizing their monitoring efforts.

Key Takeaways for Brand Protection Professionals

1. ICANN sets the rules, not the enforcement. ICANN creates the policy frameworks — UDRP, URS, TMCH, registrar abuse obligations — but enforcement actions are carried out by dispute resolution providers, registrars, and registries. Understanding ICANN's structure helps you know which entity to engage for each type of enforcement action.

2. RDAP is now the standard for domain intelligence. Any brand protection workflow that still relies on legacy WHOIS tools needs to be updated. RDAP provides better data structure and, through RDRS, a formal channel for requesting nonpublic registration data.

3. The gTLD expansion requires scalable monitoring. Manual monitoring across 1,500+ TLDs is not viable. Automated domain monitoring — scanning for registrations that match or approximate a trademark — is now a baseline requirement for effective brand protection.

4. Registrar abuse reporting is a first-line enforcement tool. For domains engaged in active brand abuse (phishing, counterfeiting, impersonation), filing an abuse report with the registrar's published abuse contact is often the fastest path to takedown — faster than UDRP and at no cost. The 24-hour review requirement under the 2013 RAA gives this approach teeth.