At our last meeting, Chris shared a concern ofthe Board Causus Group that the RT may wish to defer work on some items that may be appreciably affected by changes in response to the EU GDPR.

I have added a paragraph at the end of the section detailing our scope. The draft version (page 4-5) reads:

In recognition that the WHOIS landscape will be changing, perhaps radically, over the coming months as ICANN addresses how it will respond to the EU General Data Protection Regulation (GDPR), the RT may choose to defer some or all of its work in relation to the scope items on Law Enforcement Needs, Consumer Trust and Safeguarding Registrant Data until it is more clear what path ICANN will be following. Should any work be deferred, individual timelines may slip. However, it is the intent of the RT that the overall schedule calling for the final report to be delivered by the end of December 2018 not change appreciably.

I would like to highlight three points that are included in that statement:

1. I believe that the three area are the only ones that may significantly affected by the GDPR compliance model selected and the associated redaction of certain WHOIS fields. None of the post WHOIS1-RT analysis is affected. Anything New will largely address a number of things that have already or are in the process of changing, and although what Compliance does may be affected, our analysis of how they do it and how transparently they do it should not be.

2. Deferring work may imply that our interim report is less complete, but I do not sense that there is a desire to stretch out this entire review, thus my hope that we will still make our final deliver date (or perhaps slip by a month or so).

3. I have hedged on whether we will indeed slip on all of these. I am optimistic that by the time we meet in April, ICANN's path forward on GDPR will be known, and I also consider that the three scope area are not among our most complex items, so we may well be able to make up for lost time quickly. Moreover, I suspect that we can actually start thinking about these issue, even though we do not fully understand where GDPR is leading us.

This will be further discussed on Friday, and hopefully we can come to closure quickly to allow us to send the final ToR to the Board.

I have also attached what I think was the latest assignment matrix, updated to reflect the merger of two Compliance groups, with a double line separating the items which may be deferred. It shows that even if they are all fully deferred, no one is left without any work (although a few people may have it a bit easier if we do not make some changes).

Alan