CSO HUB Topics Policy updates Resources Actors Policy calendar

ICANN83 GAC Communiqué: GAC raises concerns over data access, equity, and oversight

The Communiqué touches on key issues such as privacy, data access, digital security, and internet governance, all areas of deep relevance to civil society.
ICANN83 GAC Communiqué: GAC raises concerns over data access, equity, and oversight

On 16 June 2025, the Governmental Advisory Committee (GAC) released its official Communiqué following the ICANN83 Policy Forum in Prague (held from 9–12 June 2025). This document outlines the views, concerns, and formal advice of governments and intergovernmental organisations about how the internet’s global infrastructure is managed. The Communiqué touches on key issues such as privacy, data access, digital security, and internet governance, all areas of deep relevance to civil society.

Access to domain registration data: still a difficult balance

One of the major areas of concern raised by the GAC was domain name registration data, also known as WHOIS data. This includes information such as who owns a website domain and how to contact them. This data is vital for:

  • Investigating cybercrime and fraud
  • Responding to digital rights violations (e.g., abusive websites)
  • Promoting transparency and accountability online

However, access to this information has become increasingly restricted due to privacy laws like the EU’s General Data Protection Regulation (GDPR). To address this, ICANN introduced a tool called the Registration Data Request Service (RDRS), which allows people (e.g. journalists, human rights groups, or law enforcement) to request access to hidden domain data.

The GAC raised concerns about:

  • The voluntary nature of the RDRS (not all registrars participate)
  • A decline in its usage as some companies pulled out
  • The need for better usability and clearer guidance, especially for small civil society actors unfamiliar with the system

The GAC urged ICANN to make the RDRS mandatory for all registrars, improve user support, and ensure the system continues beyond its pilot phase.

Fast responses are needed for urgent data access

When harmful content is hosted online, such as child exploitation material, scams, or targeted disinformation, law enforcement often needs urgent access to domain ownership data. The GAC stressed that:

  • A 24-hour response window is a reasonable standard
  • Delays in setting up rules for handling urgent requests are unacceptable
  • ICANN must prioritise solutions for authenticating law enforcement requests to avoid abuse while ensuring speed

This matter affects public safety and, by extension, digital rights defenders who rely on law enforcement cooperation to shut down harmful domains.

Data accuracy is an overlooked risk

The GAC also expressed concern about the accuracy of domain registration data. Even when data is accessible, it may be fake or incomplete. Cybercriminals often exploit lax verification processes to register hundreds of malicious websites under false names. The GAC pointed out that:

  • Current rules give registrars up to 15 days to verify data, which is too slow
  • By the time verification is complete, the harmful content may already have done damage
  • Civil society actors, including watchdogs and investigative journalists, are often the first to detect misuse but are hampered by this time lag

The GAC welcomed ideas from the ICANN community to shorten verification timelines and encouraged more transparency from companies on how they ensure data accuracy.

DNS abuse: A growing and urgent problem

The Communiqué highlights Domain Name System (DNS) abuse as a serious and growing concern. DNS abuse includes:

  • Phishing (stealing sensitive data via fake websites)
  • Malware (spreading harmful software)
  • Botnets (hijacking devices for coordinated attacks)
  • Spam and fraudulent registrations

The GAC acknowledged that while some contractual obligations have been added to curb abuse, enforcement is still weak. The rise of AI tools has made it even easier for malicious actors to create and exploit domains at scale.

Civil society should note that the GAC called for new, narrowly focused policy processes that could quickly address issues like:

  • Bulk registration of domains used for abuse
  • Registrar accountability for repeated misuse by known bad actors
  • Better public reporting of DNS abuse statistics

This matters for digital rights organisations working on misinformation, cybersecurity, and online harassment.

Expanding the domain name system: Are underserved regions being left out?

ICANN is preparing to launch a new round of applications for generic top-level domains (gTLDs), the endings of website addresses like .com, .ngo, or .health.

To ensure inclusion, ICANN created the Applicant Support Program (ASP), designed to help entities from underserved regions apply by offering financial and technical support. But the GAC warned that:

  • Only a few completed applications have been submitted, five months into a 12-month window
  • The process may not be reaching those most in need
  • There is no clear plan to course-correct before the deadline

The GAC called for an immediate review of the program’s outreach and effectiveness, rather than waiting until more applications arrive. This is a key issue for community-led digital initiatives and non-profits in the Global South.

Holding ICANN accountable

Finally, the GAC raised concerns about the deferral of the fourth Accountability and Transparency Review (ATRT4). These reviews are required by ICANN’s own bylaws and help ensure that ICANN operates transparently and in the public interest.

Civil society has historically relied on these reviews to call for improvements in openness, fairness, and stakeholder inclusion. The GAC reminded the ICANN Board that deferring this process undermines accountability and urged renewed consultations with the wider community.

Formal advice to the ICANN Board

The GAC issued consensus advice urging the ICANN Board to:

  • Start narrowly scoped policy processes to address DNS abuse now
  • Prioritise issues like bulk registrations and registrar responsibilities
  • Ensure these efforts are completed before new domain names are added to the system

Why this matters for civil society

The issues raised in the Prague Communiqué are not (only) technical details; they directly affect the openness, safety, and fairness of the internet. Civil society has a vital role in:

  • Monitoring whether domain systems support transparency and human rights
  • Ensuring marginalised communities are not excluded from internet governance
  • Advocating for stronger safeguards against DNS abuse that fuels scams, disinformation, and censorship

The next opportunity for public engagement will be the ICANN84 Annual General Meeting, set to take place in Muscat, Oman, from 25–30 October 2025.

Civil Society Alliances for Digital Empowerment (CADE) is a project co-funded by the European Union.

Civil Society Alliances for Digital Empowerment (CADE) 2024. All rights reserved.

This website is co-funded by the European Union. Its contents are the sole responsibility of CADE and do not necessarily reflect the views of the European Union.

Web accessibility | Privacy policy

Go to Top