ICANNs Registry Voluntary Commitments compliance trends for new bids

As ICANN moves toward the launch of its long-anticipated next round of new gTLDs, one area receiving heightened scrutiny and strategic emphasis is the evolution of Registry Voluntary Commitments (RVCs), formerly known as Public Interest Commitments (PICs). These commitments, appended to the Registry Agreement during the 2012 application round, were introduced as a mechanism by which applicants could make binding contractual promises regarding the operation of their top-level domains, particularly in areas related to consumer protection, intellectual property rights, and content moderation. For the next round, ICANN’s approach to RVCs is expected to evolve significantly—both in structure and in how compliance is monitored—transforming these commitments from aspirational clauses into enforceable, strategic tools that will shape registry operations and influence application outcomes.

In 2012, many applicants included PICs as a defensive strategy. Faced with objections from governments, communities, or competitors, applicants used these commitments to mitigate concerns and facilitate the approval of contested or controversial strings. PICs became a de facto part of the negotiation process, especially for sensitive or high-value TLDs such as .bank, .pharmacy, and .sucks. However, the implementation and enforcement of PICs proved uneven. While the commitments were legally binding once accepted by ICANN, the mechanisms for monitoring and ensuring compliance were underdeveloped. ICANN Compliance historically lacked proactive auditing tools and often relied on community complaints to trigger investigations. As a result, the impact of PICs varied widely depending on registry behavior and the capacity of external actors to monitor enforcement.

In response to this experience, ICANN’s policy community and Board have signaled their intention to refine and strengthen the RVC framework in the next round. One major shift is the formalization of the commitments into a structured part of the application evaluation and scoring process. Applicants will be encouraged—or, in some cases, expected—to include RVCs that address known risks associated with their string, including DNS abuse mitigation, intellectual property safeguards, and industry-specific obligations. For example, an applicant for .fintech or .med could be expected to commit to operating in accordance with recognized sectoral standards, submitting to third-party audits, or providing abuse point-of-contact services with specific response SLAs. These commitments are not merely symbolic; they will increasingly be used as criteria for application approval, string contention resolution, or even eligibility in Community Priority Evaluations.

From a compliance standpoint, ICANN is preparing to take a more active role in oversight. Enhancements to the Registry Agreement are likely to include specific language mandating the regular reporting of RVC performance, use of structured data formats for commitments to enable automation, and integration with ICANN’s Contractual Compliance System for audit selection and enforcement. New internal tools are being considered to track RVC compliance across registry operators, with analytics designed to flag anomalies or potential breaches in real time. Additionally, RVCs may be linked to specific metrics and operational thresholds—for instance, a commitment to implement abuse mitigation tools may be tied to verifiable reductions in phishing or malware complaints associated with the TLD.

One of the most consequential trends is the normalization of third-party oversight for certain RVCs. During the 2012 round, some TLDs like .bank and .insurance implemented industry-verified onboarding processes and mandatory security protocols, managed in part by trusted third-party validators. This model is now seen as a best practice for sensitive or regulated namespaces. In the next round, ICANN may accept or even encourage third-party compliance partnerships as part of the RVC strategy, enabling registries to demonstrate real-world adherence to their commitments without relying solely on internal audits or self-certification. This is particularly relevant for gTLDs targeting verticals such as health, finance, identity, or education, where consumer risk is high and regulatory oversight is fragmented across jurisdictions.

Applicants are also being advised to future-proof their RVCs by anticipating changes in law, technology, and user expectations. Commitments that are too vague or overly rigid risk becoming obsolete or unenforceable. As a result, some applicants are designing modular RVCs that include review triggers, conditional obligations, or phased implementation plans. For example, a registry may commit to data localization standards that align with GDPR, but reserve the right to modify its implementation in response to regulatory guidance from the European Data Protection Board. Others are including RVCs that reference emerging standards such as the Framework to Address Abuse or DNS Abuse Institute best practices, allowing for dynamic alignment with industry norms.

For community and geographic TLDs, RVCs will continue to play a pivotal role in aligning the registry’s operations with the expectations of a defined stakeholder group. These commitments may include language support requirements, reserved names policies, or representation mechanisms such as advisory boards. In such cases, ICANN is expected to apply a higher standard of scrutiny, especially in situations where failure to meet RVCs could undermine the legitimacy of the TLD or harm the represented community. Compliance in these cases may be subject to regular community reporting, external evaluations, or public comment reviews.

Transparency is another cornerstone of the revised RVC model. In the next round, ICANN intends to make all accepted RVCs publicly accessible in a centralized and searchable format, enabling watchdog groups, researchers, and users to review the specific commitments made by each registry. This not only promotes accountability but empowers external stakeholders to participate in the compliance ecosystem, complementing ICANN’s internal enforcement capacity. Moreover, the public nature of these commitments may influence user trust and registrar behavior, particularly in verticals where safety, privacy, and ethics are marketing differentiators.

From a strategic standpoint, the inclusion of well-crafted, enforceable RVCs can also be a competitive advantage in the application process. Applicants who proactively address known concerns—such as DNS abuse, fake news, or identity fraud—through RVCs may face fewer objections, receive more favorable evaluation outcomes, and be better positioned in string contention scenarios. In some cases, a stronger RVC profile could tip the balance in Community Priority Evaluations or impact public comment sentiment, which remains a significant factor in ICANN Board deliberations.

In conclusion, Registry Voluntary Commitments are evolving from ad hoc, largely defensive clauses into central pillars of responsible TLD governance. For applicants in the next round, success will depend not only on proposing compelling strings but on demonstrating operational integrity, sectoral responsibility, and a proactive posture toward risk mitigation. The RVC framework—backed by stronger compliance mechanisms, transparency requirements, and stakeholder expectations—will be one of the defining elements that separates the next generation of gTLDs from the experimental legacy of 2012. Applicants who understand and embrace this shift will not only improve their chances of delegation but also help establish a more trusted, secure, and resilient internet namespace for the future.

As ICANN moves toward the launch of its long-anticipated next round of new gTLDs, one area receiving heightened scrutiny and strategic emphasis is the evolution of Registry Voluntary Commitments (RVCs), formerly known as Public Interest Commitments (PICs). These commitments, appended to the Registry Agreement during the 2012 application round, were introduced as a mechanism by…