After Delegation Testing ADT Updated Requirements

As the 2026 round of the ICANN New gTLD Program introduces a new generation of top-level domains into the global Domain Name System, one of the most critical pre-launch milestones remains After Delegation Testing, or ADT. This series of mandatory evaluations, conducted after a registry is delegated in the root zone but before it is allowed to accept live registrations, ensures that the registry is technically stable, secure, and compliant with ICANN’s operational standards. The 2026 program includes updated ADT requirements that reflect both the lessons learned from the 2012 round and the evolving complexity of DNS infrastructure and registry business models.

After Delegation Testing serves as a verification layer between the delegation of the TLD by IANA (Internet Assigned Numbers Authority) and the full commencement of registry operations. It is ICANN’s way of confirming that the registry operator can meet the baseline expectations defined in the Registry Agreement, particularly around DNS availability, WHOIS/RDAP services, EPP protocol responsiveness, DNSSEC signing, data escrow processes, and abuse monitoring capabilities. While many of these components are tested during the application evaluation phase, ADT provides assurance that they are operational and production-ready within the actual live environment.

The ADT process in 2026 has been updated to include enhanced automation, standardized reporting tools, and broader coverage of service-level resilience. ICANN now requires applicants to complete a self-certification phase using a portal-based interface that collects configuration data, technical architecture documentation, and pre-test logs. This data is used to pre-qualify applicants for certain testing exemptions based on historical performance, previously approved backend providers, or demonstrated operational excellence. However, exemptions are carefully controlled and do not apply to core registry functions such as DNS resolution and EPP interaction, which remain mandatory for all registries.

One of the most notable changes in the 2026 ADT process is the expanded focus on DNSSEC validation and real-time responsiveness. ICANN now requires that registry operators demonstrate not just correct DNSSEC signing of the zone file, but also the ability to execute automated key rollovers, maintain a chain of trust through the parent delegation, and publish DS records with appropriate timing and accuracy. The ADT test suite checks for DNSSEC compliance using both automated tools and manual reviews of key management practices. Registries must submit detailed DNSSEC policy and practice statements (DPS), and in some cases, provide live key signing ceremony logs and auditor attestations.

Another significant enhancement is the deeper testing of Registration Data Directory Services, particularly RDAP, which has now replaced WHOIS as the preferred method for registration data access. The ADT framework now validates RDAP endpoints for uptime, data structure compliance with RFC 9082 and 9083, access control logic, and response time under load. ICANN’s testing tools verify whether registrant data is correctly displayed, whether search capabilities are implemented securely, and whether rate limiting and redaction policies are applied in accordance with the registry’s declared data protection model. This is especially critical in a post-GDPR regulatory environment where improper data exposure can lead to legal and reputational risks.

In terms of EPP, registries are required to demonstrate support for all mandatory commands, including domain creation, renewal, transfer, and deletion, and to confirm the implementation of server-side response codes and transaction logging. In 2026, ICANN has added additional validations for custom EPP extensions, requiring that any deviation from the standard protocol be thoroughly documented, interoperable with registrars, and approved through ICANN’s Registry Services Evaluation Policy (RSEP) if applicable. Testing scripts now simulate registrar behavior under multiple scenarios, including malformed requests, expired credentials, and simultaneous transactions, to verify system robustness and security.

The new ADT requirements also place a greater emphasis on DNS infrastructure resiliency. In previous rounds, DNS availability was tested through basic queries to registry name servers over IPv4 and IPv6. The 2026 process now includes continuous monitoring simulations that emulate diverse resolver behavior from multiple geographic locations, including Anycast and load-balancing scenarios. Registries must demonstrate not only correct DNS response behavior but also adherence to TTL settings, negative caching logic, and root server propagation timing. ICANN has also implemented tools to test for cache poisoning resistance, TCP fallback behavior, and response consistency across time and protocol types.

Another critical area of updated testing is data escrow. ICANN requires that registry operators establish compliant escrow arrangements with approved third-party providers to ensure the recoverability of registration data in the event of registry failure. The ADT process verifies the format, frequency, and encryption of escrow file transmissions, including the use of EPP-compliant XML schemas and PGP encryption standards. In 2026, additional checks confirm the ability of the registry to generate full and differential escrow files on schedule, maintain logs of escrow deposits, and provide retrieval instructions in case of emergency access by ICANN or an Emergency Back-End Registry Operator (EBERO).

ICANN has also added a layer of abuse reporting and mitigation validation in the updated ADT process. Registries must demonstrate the availability of abuse contact information, the responsiveness of abuse channels, and the implementation of automated monitoring for malicious domain activity. The test environment now includes simulation of abuse reports, validation of abuse ticket tracking systems, and a review of mitigation procedures for domain takedowns. This reflects a broader push within ICANN to hold registry operators accountable for proactive DNS abuse prevention and timely enforcement of their anti-abuse policies.

Operational documentation and support readiness have also been formalized in the 2026 ADT checklist. Registries must submit operational handbooks, incident response plans, contact escalation matrices, and registrar support procedures. These materials are reviewed to ensure that the registry has a sustainable support structure, competent personnel, and workflows for addressing technical issues, security incidents, and compliance requirements. In some cases, ICANN may request simulation of a support incident response to assess the registry’s real-time communication protocols and resolution speed.

The testing process itself has been redesigned to be more transparent and collaborative. ICANN now assigns a technical testing liaison to each registry undergoing ADT, offering regular checkpoints, access to pre-test sandbox environments, and guidance on interpreting test results. Registries receive detailed feedback reports with pass/fail criteria, remediation instructions, and verification timelines. Failed components can be re-tested on a rolling basis rather than requiring the entire process to restart, significantly improving efficiency and encouraging proactive remediation.

For applicants in the 2026 round, preparation for After Delegation Testing begins well before the delegation itself. Those planning to use backend registry service providers must ensure that their chosen partner has a proven track record with ADT and can demonstrate readiness for the updated test suite. Applicants deploying proprietary registry infrastructure must invest in dedicated testing environments, SLA validation systems, and technical staff familiar with ICANN’s requirements. In all cases, detailed documentation, early-stage sandbox testing, and continuous performance monitoring will be essential to ensuring a smooth transition from delegation to live operations.

After Delegation Testing remains a critical safeguard in ICANN’s multistakeholder governance model, protecting DNS integrity, user trust, and operational consistency across the growing global namespace. With the 2026 updates, ICANN has refined the process to reflect new threats, modern infrastructure standards, and evolving policy obligations. Registry operators that approach ADT as more than a compliance hurdle—viewing it instead as a strategic opportunity to validate quality and readiness—will emerge with stronger platforms, higher registrar confidence, and a foundation for long-term success in a dynamic domain environment.

You said:

As the 2026 round of the ICANN New gTLD Program introduces a new generation of top-level domains into the global Domain Name System, one of the most critical pre-launch milestones remains After Delegation Testing, or ADT. This series of mandatory evaluations, conducted after a registry is delegated in the root zone but before it is…