ICANN submits evidence to EU consultation on tackling online fraud

The Internet Corporation for Assigned Names and Numbers (ICANN) has submitted evidence to the European Commission as part of its consultation on a future EU action plan on online fraud. The document outlines how the organisation addresses abuse related to the Domain Name System (DNS) while emphasising that most online fraud originates outside the DNS layer.

ICANN explains that DNS is a technical addressing system that allows users to reach websites using domain names rather than numerical IP addresses. Because it is a general infrastructure supporting nearly all online activity, ICANN argues that responses to fraud should not focus disproportionately on DNS-level interventions. Instead, effective countermeasures should target areas where fraudulent activity actually originates, such as online platforms, payment systems, or hosting services.

Within its technical mandate, ICANN focuses on combating DNS abuse, including activities such as malware distribution, botnets, phishing, pharming, and spam used to support these attacks. The organisation notes that recent contractual amendments introduced in 2024 require domain registrars and registry operators to act when there is clear evidence of such abuse.

ICANN’s submission also highlights its DNS Abuse Mitigation Program, compliance monitoring mechanisms, and research initiatives to identify patterns of malicious domain registrations. According to the document, enforcement actions and compliance investigations have already resulted in the mitigation of thousands of malicious domain names.

The organisation concludes that addressing online fraud requires cooperation across the digital ecosystem. ICANN calls for continued multistakeholder collaboration between governments, technical organisations, and industry actors to develop proportionate responses that protect users while preserving the stability and security of the internet’s core infrastructure.