HI Marc,
I am just pointing out that in the existing program, Requestors have apparently not been required to indemnify the disclosing Registrar.  The 11.5 language is MUST language and I'm not sure the RDRS Standing Committee every looked at this issue?

It strikes me as important in part because I know that in connection with Urgent Requests Authentication work, the ICANN Board has authorized ICANN to conduct a "proof-of-concept" relative to email addresses.  This LEA Authentication issue has been assigned to this Supp Rec Team I believe and in PSWG Authentication group, the registrars indicated that if ICANN publishes email addresses to them, then ICANN should indemnify them.  GNSO Council has an action item to seek clarification on this "proof-of-concept" at the meeting in Seville but as you know, Council sent an issue to this Supp Rec Team so it's interdependent to some degree I think.

I raise this lack of consistency because this is bound to come up later if we don't take a look at it now.  The MUST word in the Implementation Guidance likely needs to be changed if we want to defer this indemnification issue to a later IRT.

Thank you,
Anne

Anne Aikman-Scalese
GNSO Councilor
NomCom Non-Voting 2022-2026
anneicanngnso@gmail.com


On Wed, May 27, 2026 at 11:04 AM Anderson, Marc <mcanderson@verisign.com> wrote:

Anne,

 

Thank you for the feedback on the email list.  I’ve mentioned a couple times that if we are to get through our work by our Feb 2027 target date, we need to get work done on the email list and in the google working documents (not just during out weekly calls), so thank you for getting the ball rolling.

 

For reference I’m pasting the full section 1.5 text you note in your email (also available in the working draft: https://docs.google.com/document/d/17N6Y3yYUmbfbAFO6QwR8S1u0uZY0HxKYc8HaadBQtMQ/ [docs.google.com])

 

11.5. Terms of Use for SSAD users (SSAD Requestors and Contracted Parties) 

The EPDP recommends, at a minimum, the terms of use MUST address:

·       Requestor’s indemnification of the controllers (entity responsible for disclosure decision) based on the following principles:

o   Requestors are responsible for damages or costs related to third party claims arising from (i) their misrepresentations in the accreditation or request process; or (ii) misuse of the requested data in violation of the applicable terms of use or applicable law(s).

o   Nothing in these terms limits any parties’ liability or rights of recovery under applicable laws (i.e. Requestors are not precluded from seeking recovery from controllers where those rights are provided under law).

o   Nothing in these terms shall be construed to create indemnification obligations for public authority Requestors who lack the legal authority to enter into such indemnification clauses. Further, nothing in this clause shall alter potentially existing government liability as a recourse for the operators of the SSAD. 

·       Data request requirements

·       Logging and audit requirements

·       Ability to demonstrate compliance

·       Applicable prohibitions

·       Abuse prevention requirements 

As you note this falls into the “Implementation Guidance” section so it sets out the minimums that the SSAD working group expected that Terms of Use for the SSAD should include.  Can you clarify the point you are making.  You note indemnification and its implications for 11.5 (indemnification is mentioned in the 3rd sub-bullet), but I’m not sure what your position is.  Are you concerned that something is missing from the minimums of the Terms of Use or that there is an issue with including indemnification here?

 

As a reminder for everyone while the RDRS pilot Terms and Conditions are a useful reference, they are not in scope for the SSAD SRT.  Please stay focused on the recommendation text.

 

Also note that due to the interconnected nature of the recommendations we expect to revisit this recommendation to make sure any changes in other recommendations don’t have impacts to this one.

 

Thank you,

Marc

 

 

From: Anne ICANN <anneicanngnso@gmail.com>
Sent: Tuesday, May 26, 2026 8:45 PM
To: Andrew Chen <andrew.chen@icann.org>
Cc: Andrew Chen via Gnso-ssad <gnso-ssad@icann.org>; Anderson, Marc <mcanderson@verisign.com>; greg.dibiase@board.icann.org; wes.hardaker@board.icann.org
Subject: [EXTERNAL] Re: [Ext] Re: [Gnso-ssad] Proposed Agenda | SSAD Supplemental Recommendations Team | 27 May 2026

 

Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. 

Many thanks Andrew.  Re the Recommendation 11 discussion, apologies for having to bring up Implementation Guidance at this stage, but Implementation Guidance 11.5 in the Strawperson Document contains a provision requiring the Requestor of the registration data (under certain circumstances) to indemnify a Registrar that responds with disclosure. 

 

The current terms and conditions for the RDRS Pilot which you kindly provided state as follows:

 

6. RESPONSIBILITY AND LIABILITY FOR DISCLOSURE DECISION
The registrar to whom your request is routed will be solely responsible for assessing the request
and making the decision to disclose the requested Data and will assume sole liability in this
regard. If the registrar needs to communicate with and seek additional information or
clarifications from you to appropriately respond to your request, that communication must
occur outside of the RDRS. Interactive communications between you and any registrars will
not be supported within the RDRS.

 

The Pilot terms and conditions also state that the Requestor warrants compliance with privacy laws in Paragraph 14, which warranty presumably runs in favor of ICANN:

 

14. GENERAL REPRESENTATION AND WARRANTY
In addition to and notwithstanding Section 15 (General Representation and Warranty) of the
ICANN Terms of Service, you represent and warrant that your use of the RDRS system will
not violate privacy and data protection laws, including but not limited to the rights of any
individual or any other third party.

 

Given that it is the registrar as controller that is ultimately responsible for the decision to disclose under applicable law, I think the Supp Rec Team will need to talk about the indemnification issue and the implications of Implementation Guidance 11.5. 

 

Apologies if I have misunderstood the Strawperson text or the current RDRS Terms and Conditions.  

 

Thank you,

Anne

 

Anne Aikman-Scalese

GNSO Councilor

NomCom Non-Voting 2022-2026

 

 

On Tue, May 26, 2026 at 7:47AM Andrew Chen <andrew.chen@icann.org> wrote:

Dear Anne,

 

Please see below for a link to the Terms of Use for Requestors currently being used for the RDRS pilot.

 

Terms of Use for Requestors: https://www.icann.org/en/system/files/files/rdrs-terms-service-07nov23-en.pdf

 

Sincerely, 

Andrew

 

-- 

Andrew Chen

Policy Development Support Sr. Specialist, Policy Development Support

Internet Corporation for Assigned Names and Numbers (ICANN)

https://www.icann.org/

 

 

 

From: Anne ICANN <anneicanngnso@gmail.com>
Date: Monday, May 25, 2026 at 1:51 PM
To: Andrew Chen <andrew.chen@icann.org>
Cc: Andrew Chen via Gnso-ssad <gnso-ssad@icann.org>
Subject: [Ext] Re: [Gnso-ssad] Proposed Agenda | SSAD Supplemental Recommendations Team | 27 May 2026

 

Thank you, Andrew.  Regarding the discussion on Recommendation 11, could someone please forward a link to the Terms and Conditions for Requestors currently being used under the RDRS Pilot?

Thank you,

Anne

 

Anne Aikman-Scalese

GNSO Councilor

NomCom Non-Voting 2022-2026

 

 

On Thu, May 21, 2026 at 12:00PM Andrew Chen via Gnso-ssad <gnso-ssad@icann.org> wrote:

Dear SSAD Supplemental Recommendations Team Members,

 

Please find below the proposed agenda for our next meeting on Wednesday, 27 May 2026.

 

Proposed Agenda

  1. Welcome and Overview of Agenda
  2. Recap of Recommendation 11 discussion and working methodology
  3. Plan for ICANN 86 Face-to-Face
    1. Introduction of David Plumb, Consensus Building Institute
    2. Goal of Day 0 Meeting
    3. Recommendations covered
  1. Overview of Recommendations denoted by Standing Committee as HIGH level of effort to modify
    1. Recommendation 1 – Accreditation
    2. Recommendation 2 - Accreditation of Gov’t Entities
    3. Recommendation 6 - Priority Levels
    4. Recommendation 8 - Contracted Party Authorization
    5. Recommendation 10 - Service Level Agreements
  1. Discussion of Recommendation 17 (Reporting Requirements)
  2. Recap of Action Items and Agreements
  3. AOB

Sincerely, 

 

Andrew on behalf of the GNSO Support Team

 

-- 

Andrew Chen

Policy Development Support Sr. Specialist, Policy Development Support

Internet Corporation for Assigned Names and Numbers (ICANN)

https://www.icann.org/

 

 

_______________________________________________
Gnso-ssad mailing list -- gnso-ssad@icann.org
To unsubscribe send an email to gnso-ssad-leave@icann.org