HI Marc, I am just pointing out that in the existing program, Requestors have apparently not been required to indemnify the disclosing Registrar. The 11.5 language is MUST language and I'm not sure the RDRS Standing Committee every looked at this issue? It strikes me as important in part because I know that in connection with Urgent Requests Authentication work, the ICANN Board has authorized ICANN to conduct a "proof-of-concept" relative to email addresses. This LEA Authentication issue has been assigned to this Supp Rec Team I believe and in PSWG Authentication group, the registrars indicated that if ICANN publishes email addresses to them, then ICANN should indemnify them. GNSO Council has an action item to seek clarification on this "proof-of-concept" at the meeting in Seville but as you know, Council sent an issue to this Supp Rec Team so it's interdependent to some degree I think. I raise this lack of consistency because this is bound to come up later if we don't take a look at it now. The MUST word in the Implementation Guidance likely needs to be changed if we want to defer this indemnification issue to a later IRT. Thank you, Anne Anne Aikman-Scalese GNSO Councilor NomCom Non-Voting 2022-2026 anneicanngnso@gmail.com On Wed, May 27, 2026 at 11:04 AM Anderson, Marc <mcanderson@verisign.com> wrote:
Anne,
Thank you for the feedback on the email list. I’ve mentioned a couple times that if we are to get through our work by our Feb 2027 target date, we need to get work done on the email list and in the google working documents (not just during out weekly calls), so thank you for getting the ball rolling.
For reference I’m pasting the full section 1.5 text you note in your email (also available in the working draft: https://docs.google.com/document/d/17N6Y3yYUmbfbAFO6QwR8S1u0uZY0HxKYc8HaadBQ... [docs.google.com] <https://secure-web.cisco.com/1WslCRp7gl7m_jRORg496nlKICalJxdZUCC3CRuDfPQOYvo...> )
*11.5. Terms of Use for SSAD users (SSAD Requestors and Contracted Parties) *
*The EPDP recommends, at a minimum, the terms of use MUST address: *
· *Requestor’s indemnification of the controllers (entity responsible for disclosure decision) based on the following principles:*
o *Requestors are responsible for damages or costs related to third party claims arising from (i) their misrepresentations in the accreditation or request process; or (ii) misuse of the requested data in violation of the applicable terms of use or applicable law(s).*
o *Nothing in these terms limits any parties’ liability or rights of recovery under applicable laws (i.e. Requestors are not precluded from seeking recovery from controllers where those rights are provided under law).*
o *Nothing in these terms shall be construed to create indemnification obligations for public authority Requestors who lack the legal authority to enter into such indemnification clauses. Further, nothing in this clause shall alter potentially existing government liability as a recourse for the operators of the SSAD. *
· *Data request requirements *
· *Logging and audit requirements*
· *Ability to demonstrate compliance *
· *Applicable prohibitions *
· *Abuse prevention requirements*
As you note this falls into the “Implementation Guidance” section so it sets out the minimums that the SSAD working group expected that Terms of Use for the SSAD should include. Can you clarify the point you are making. You note indemnification and its implications for 11.5 (indemnification is mentioned in the 3rd sub-bullet), but I’m not sure what your position is. Are you concerned that something is missing from the minimums of the Terms of Use or that there is an issue with including indemnification here?
As a reminder for everyone while the RDRS pilot Terms and Conditions are a useful reference, they are not in scope for the SSAD SRT. Please stay focused on the recommendation text.
Also note that due to the interconnected nature of the recommendations we expect to revisit this recommendation to make sure any changes in other recommendations don’t have impacts to this one.
Thank you,
Marc
*From:* Anne ICANN <anneicanngnso@gmail.com> *Sent:* Tuesday, May 26, 2026 8:45 PM *To:* Andrew Chen <andrew.chen@icann.org> *Cc:* Andrew Chen via Gnso-ssad <gnso-ssad@icann.org>; Anderson, Marc < mcanderson@verisign.com>; greg.dibiase@board.icann.org; wes.hardaker@board.icann.org *Subject:* [EXTERNAL] Re: [Ext] Re: [Gnso-ssad] Proposed Agenda | SSAD Supplemental Recommendations Team | 27 May 2026
*Caution:* This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Many thanks Andrew. Re the Recommendation 11 discussion, apologies for having to bring up Implementation Guidance at this stage, but Implementation Guidance 11.5 in the Strawperson Document contains a provision requiring the Requestor of the registration data (under certain circumstances) to indemnify a Registrar that responds with disclosure.
The current terms and conditions for the RDRS Pilot which you kindly provided state as follows:
6. RESPONSIBILITY AND LIABILITY FOR DISCLOSURE DECISION The registrar to whom your request is routed will be solely responsible for assessing the request and making the decision to disclose the requested Data and will assume sole liability in this regard. If the registrar needs to communicate with and seek additional information or clarifications from you to appropriately respond to your request, that communication must occur outside of the RDRS. Interactive communications between you and any registrars will not be supported within the RDRS.
The Pilot terms and conditions also state that the Requestor warrants compliance with privacy laws in Paragraph 14, which warranty presumably runs in favor of ICANN:
14. GENERAL REPRESENTATION AND WARRANTY In addition to and notwithstanding Section 15 (General Representation and Warranty) of the ICANN Terms of Service, you represent and warrant that your use of the RDRS system will not violate privacy and data protection laws, including but not limited to the rights of any individual or any other third party.
Given that it is the registrar as controller that is ultimately responsible for the decision to disclose under applicable law, I think the Supp Rec Team will need to talk about the indemnification issue and the implications of Implementation Guidance 11.5.
Apologies if I have misunderstood the Strawperson text or the current RDRS Terms and Conditions.
Thank you,
Anne
Anne Aikman-Scalese
GNSO Councilor
NomCom Non-Voting 2022-2026
anneicanngnso@gmail.com
On Tue, May 26, 2026 at 7:47 AM Andrew Chen <andrew.chen@icann.org> wrote:
Dear Anne,
Please see below for a link to the Terms of Use for Requestors currently being used for the RDRS pilot.
Terms of Use for Requestors: https://www.icann.org/en/system/files/files/rdrs-terms-service-07nov23-en.pd... <https://secure-web.cisco.com/13uGGzFxmmYQJbq7rVLy-8AsNoX4eRTq5Y8MPiQ0Yz_egCN...>
Sincerely,
Andrew
--
Andrew Chen
Policy Development Support Sr. Specialist, Policy Development Support
Internet Corporation for Assigned Names and Numbers (ICANN)
https://www.icann.org/ <https://secure-web.cisco.com/1jYtmQMk5xpfWvnxi5XojBcVtAAhbGKo019afHJ59h78yqO...>
*From: *Anne ICANN <anneicanngnso@gmail.com> *Date: *Monday, May 25, 2026 at 1:51 PM *To: *Andrew Chen <andrew.chen@icann.org> *Cc: *Andrew Chen via Gnso-ssad <gnso-ssad@icann.org> *Subject: *[Ext] Re: [Gnso-ssad] Proposed Agenda | SSAD Supplemental Recommendations Team | 27 May 2026
Thank you, Andrew. Regarding the discussion on Recommendation 11, could someone please forward a link to the Terms and Conditions for Requestors currently being used under the RDRS Pilot?
Thank you,
Anne
Anne Aikman-Scalese
GNSO Councilor
NomCom Non-Voting 2022-2026
anneicanngnso@gmail.com
On Thu, May 21, 2026 at 12:00 PM Andrew Chen via Gnso-ssad < gnso-ssad@icann.org> wrote:
Dear SSAD Supplemental Recommendations Team Members,
Please find below the proposed agenda for our next meeting on *Wednesday, 27 May 2026*.
*Proposed Agenda*
1. Welcome and Overview of Agenda 2. Recap of Recommendation 11 discussion and working methodology 3. Plan for ICANN 86 Face-to-Face
1. Introduction of David Plumb, Consensus Building Institute 2. Goal of Day 0 Meeting 3. Recommendations covered
4. Overview of Recommendations denoted by Standing Committee as HIGH level of effort to modify
1. Recommendation 1 – Accreditation 2. Recommendation 2 - Accreditation of Gov’t Entities 3. Recommendation 6 - Priority Levels 4. Recommendation 8 - Contracted Party Authorization 5. Recommendation 10 - Service Level Agreements
5. Discussion of Recommendation 17 (Reporting Requirements) 6. Recap of Action Items and Agreements 7. AOB
Sincerely,
Andrew on behalf of the GNSO Support Team
--
Andrew Chen
Policy Development Support Sr. Specialist, Policy Development Support
Internet Corporation for Assigned Names and Numbers (ICANN)
https://www.icann.org/ <https://secure-web.cisco.com/1jYtmQMk5xpfWvnxi5XojBcVtAAhbGKo019afHJ59h78yqO...>
_______________________________________________ Gnso-ssad mailing list -- gnso-ssad@icann.org To unsubscribe send an email to gnso-ssad-leave@icann.org