Hello Steinar,
I respectfully disagree. How many internet end users know and appreciate the difference between the TLDs: .AI, .IO, .COM, and .ORG.
Does an end user who obtained counterfeit pharmaceuticals from a website, or the victim of CSAM material on a website care about that TLD being a gTLD or ccTLD. In my humble opinion no it does not, in most
cases they (or law enforcement) just want to hold accountable the party behind that domain. This is where I think the European Union got it right in not distinguishing between gTLD or ccTLD and including an extraterritorial provision in NIS 2.0 for TLD and
domain name registration authorities providing services in Europe.
Best regards,
Michael
From: Steinar Grøtterød via CPWG <cpwg@icann.org>
Sent: Thursday, October 17, 2024 12:02 PM
To: CPWG <cpwg@icann.org>
Subject: [CPWG] Re: End User Perspectives on Data Accuracy
Dear Michael and Alan,
Thanks for being the penholders to this.
I have some input to your proposed responses the questions asked.
Q: Disparity – there are clearly diverging best practices regarding registration data accuracy for entities providing domain name services in gTLDs and ccTLDs.
In my view, “mixing” ccTLDs and gTLDs here is not a good idea. The NIS2 will (very soon) color the Registrar business (for most registrars), but RrSG will easily reply that the ccTLD cannot be compared with
the gTLDs. In my view- a better question to ask RrSG is “How can you improve the required registrant verification for a gTLD registration?
The word “Improve” is of importance since the Registrars are obliged to verify the registration data in the RAA and RRA(s).
Sidenote: I will assume European based registrars will use the same verification techniques for a gTLD registration with a European registrant as required in NIS2 (whenever this is set).
Best
Steinar Grøtterød