gTLD	Full Legal Name	E-mail suffix	Detail
.PHARMACY	National Association of Boards of Pharmacy	fairwindspartners.com	View

NABP is proposing a number of policies that will be interwoven into the operation of the .PHARMACY gTLD. These policies include, but are not limited to, Registrant Eligibility (who can register domain names within the .PHARMACY gTLD); Name Selection Criteria (what domain names can be registered); Authorized Usage Policy (how the domain names can be used); and Escalated Compliance and Takedown Procedures. These polices are referenced in the responses to Questions 28, 29, and 30 of this application.

1. Registrant Eligibility
All registrants within this gTLD will be vetted prior to registration to ensure that they meet all applicable regulatory standards, including pharmacy licensure, drug authenticity, and valid prescription requirements. Eligible registrants will demonstrate compliance with the laws of the jurisdiction in which they are based, as well as in all jurisdictions in which they conduct business. In addition, the registry will incorporate both active and passive safeguards into its operation to ensure that these registrants continue to abide by the terms and conditions set forth in their registration agreements. Registrants found to be out of compliance with these terms and conditions will be denied a .PHARMACY domain name, or will have their existing .PHARMACY domain name revoked. In the event that a domain name is denied or revoked, registrants will have access to an appeal process. Details of this appeal process have yet to be finalized but will be modeled on the appeals process used by NABP for its many accreditation programs.

2. Name Selection Criteria
NABP will implement policies related to Name Selection Criteria that will apply to all registrants within the .PHARMACY gTLD. The initial Name Selection Criteria will require that domain name registrations correspond to a trademark, service mark, or business name of the registrant. This criteria will limit registrants from registering domain names that could lead to confusion regarding the products and⁄or services provided through that website.

NABP will consult with the community on how to best potentially allocate generic and⁄or geographic terms that are relevant to the community. Notwithstanding this reservation, NABP in its capacity as the Registry Operator could elect to register and use domain names to develop information portals to provide a community service and help raise awareness of the .PHARMACY gTLD initiative.

3. Authorized Usage Policy
NABP will have an Authorized Usage Policy that will govern how a registrant may use its registered domain name(s). A draft framework of this policy is as follows:

All .PHARMACY domain names must be used to serve the needs of the .PHARMACY gTLD community. By registering a name in this gTLD, the registrant agrees to be bound by the terms of this Acceptable Use Policy (AUP). Registrant may not:

1. Use domain names for any purposes that are prohibited by the laws of the jurisdiction(s) in which registrant does business, or any other applicable law.

2. Use domain names for any purposes or in any manner that violates a statute, rule, or law governing use of the Internet and⁄or electronic commerce (specifically including “phishing,” ʺpharming,ʺ distributing Internet viruses and other destructive activities).

3. Use domain names for the following types of activity:

i. Violation of the privacy or publicity rights of another member of the pharmacy community or any other person or entity, or breach of any duty of confidentiality that registrant owes to another member of the .PHARMACY gTLD community, or any other person or entity;
ii. Promotion of or engagement in hate speech; hate crime; terrorism; violence against people, animals, or property; or intolerance of or against any protected class;
iii. Promotion of or engagement in defamatory, harassing, abusive, or otherwise objectionable behavior;
iv. Promotion of or engagement in child pornography or the exploitation of children;
v. Promotion of or engagement in any spam or other unsolicited bulk email, or computer or network hacking or cracking;
vi. Infringement on the intellectual property rights of another member of the .PHARMACY gTLD community, or any other person or entity;
vii. Engagement in activities designed to impersonate any third party or create a likelihood of confusion in sponsorship;
viii. Interference with the operation of the .PHARMACY gTLD or services offered by NABP;
ix. Installation of any viruses, worms, bugs, Trojan horses, or other code, files, or programs designed to, or capable of, disrupting, damaging, or limiting the functionality of any software or hardware; or distributing false or deceptive language, or unsubstantiated or comparative claims, regarding NABP;
x. Registration of .PHARMACY domain names for the purpose of reselling or transferring those domain names.

4. Escalated Compliance and Takedown Procedures
NABP has identified a number of policies that are core principles upon which the .PHARMACY registry will be operated. Compliance and enforcement of these principles are paramount to the long-term viability and success of the gTLD. NABP’s approach toward tackling abusive or noncompliant activity within the namespace is part of a much broader commitment, which is founded on the following principles: timely verification, timely investigation, timely remediation, and timely follow-up.

Timely Verification: NABP is committed to bringing all of its available resources to timely investigate and resolve any abusive activity and⁄or non-compliance within the .PHARMACY namespace. The first prerequisite is the need to verify the authenticity of the request. Therefore, NABP will undertake a preliminary analysis to verify if a complaint has been received from a trusted⁄verified source. In making this initial determination, NABP will rely upon internal and external staffing. While NABP does not anticipate a high volume of complaints, NABP will prioritize the complaints that it receives based on the source of the complaint, as well as the subject matter of the concern.

Timely Investigation: NABP will prioritize all investigations in a similar manner as identified in the preceding section. While NABP staffing levels are suitable to handle expected volumes of complaints and the associated verification⁄investigation⁄remediation⁄follow-up tasks, NABP has access to external consultants to supplement its needs.

NABP commits to providing a preliminary investigation status update within one business day following verification in connection with complaints from legitimate law enforcement agencies. In connection with third-party complaints involving security, stability, or criminal activity, NABP will use commercially reasonable efforts to provide a preliminary investigation status update within three business days of verification, and will follow a similar three business day time frame to provide any subsequent follow-up regarding the investigation. In connection with third-party complaints that do not involve security, stability, or criminal activity, NABP will use commercially reasonable efforts to provide a preliminary investigation status update within five business days of verification, and will follow a similar five business day time frame to provide any subsequent follow-up regarding the investigation.

Timely Remediation: NABP is fully committed to tackling abusive and⁄or non-compliant activity within the .PHARMACY namespace, including, but not limited to, domain name suspension and or cancelation. NABP has developed the following remediation plan:

In connection with credible threats that significantly impact or threaten the security and⁄or stability of the Internet or of the namespace, or which cause direct and material harm to others, NABP’s default option will be to suspend the domain name within 12 hours of completing a preliminary investigation. The only exception would occur in a case where NABP, after consulting with its team of legal, technical, and policy advisors (both internal and external), decided that there was a compelling reason not to suspend the domain name. In such cases, NABP will communicate this decision and an explanation will be provided to either law enforcement or the third party.

In all other complaints, NABP will seek to resolve the matter through an escalated notification process: email, telephone, certified mail. While NABP is committed to ensuring registrant compliance, NABP wants to avoid prematurely suspending and⁄or cancelling a domain name that may have a larger impact on a much larger community of users. Similar to the procedure outlined above, NABP will consult with its team of legal, technical, and policy advisors before deciding to suspend⁄cancel a domain name. During this time, NABP will remain in dialogue with the original third-party complainant.

Timely Follow-Up: NABP does not view its commitment to the community as ending after a threat has been neutralized. Instead, NABP will follow up in connection with each complaint to either re-activate a domain name after the abusive⁄non-compliant activity has been resolved, or help educate the registrant as to how to avoid future remediation.

gTLD	Full Legal Name	E-mail suffix	Detail
.insurance	fTLD Registry Services LLC	fsround.org	View

• Eligibility: who is eligible to register a second-level name in the gTLD, and how will eligibility be determined?

Registrations within the community may initially be made by the following business, individuals or organizations:
- Licensed insurance companies regulated by a government entity
- Licensed insurance agents and brokers regulated by a government entity
- Associations whose members include licensed insurance companies, agents or brokers (if approved by the FRS Board)
- Organizations that are majority controlled by insurance companies (if approved by the FRS Board)
- Entities whose operations are principally dedicated to serving insurance companies (if approved by the FRS Board)
- Specialized organizations (e.g., research or risk coordination) (if approved by the FRS Board)

As the potential operator of .insurance, FRS considers its commitment to both the insurance industry and the
consumers it serves of paramount importance. The nature of the activity that will be conducted in .insurance
requires that registrations only be permitted by verified members of the insurance community. In addition to
validating the eligibility of the registrant, the domain name must comply with name selection and use policies.

To ensure strict compliance with these policies, FRS will develop and implement a Registrant Eligibility Criteria
Process. This process will require .insurance accredited registrars to gather materials from proposed registrants
that will be used by the registry or its designated third party services provider, to authenticate the registrants’
eligibility to register in .insurance.

The registration process for a .insurance name includes that potential registrants must provide the registrar with
the following information:
- Full legal name
- Business address
- Professional title of representative of the administrative contact of the potential applicant
- Business name
- Point of contact within the business who can verify their representation of the business
- Phone
- Email
- Another proof of identity necessary to establish that the registrant is an eligible member of the .insurance gTLD
community
- For insurance companies, the state regulatory authority issuing its charter
- For agents and brokers, the state licensing agency issuing its permission to act as an agent or broker
- For organizations that are majority controlled by insurance companies (if approved by the FRS Board), list of and
proof of its owner(s)
- For entities whose operations are principally dedicated to serving insurance companies (if approved by the FRS
Board), corporate operating agreement or like document(s) as determined necessary to validate alignment with the
goals of the community
- For specialized organizations (e.g., research or risk coordination) (if approved by the FRS Board), a copy of its
corporate operating agreement if for-profit or its mission statement if non-profit (or like document(s) as determined necessary to validate alignment with the goals of the community)

Applicants who meet the eligibility requirements and have been authenticated will then be permitted to register
domains in .insurance.

Domain names that pass the vetting process will enter a 5-day Add Grace Period (AGP), or Pending Create, before
becoming valid. Applicants whose domain name fails the vetting process will be notified with reasons for denial and
procedures for appeal. Any applicant who is rejected for any reason can appeal the decision to FRS.

FRS will audit all approved registrants and their domains to ensure compliance with all applicable eligibility and
use requirements.

• Name selection: what types of second-level names may be registered in the gTLD.

Domains initially registered in .insurance must correspond to a trademark, trade name or other service mark owned by the registrant. Initially, all other registrations (e.g., geographic, generic, etc.) will not be allowed. FRS will
reserve a set of generic domain names prior to launch. These domain names will either be used by FRS in its capacity as Registry Operator for the management, operation, and purpose of the gTLD or they will be equitably allocated to community members at a date and time to be determined by FRS’ Board. The subset of domain names reserved for FRS’ use is necessary to create a trusted, hierarchical, and intuitive framework for the .insurance gTLD.

Although these reserved words will be commonly used words and phrases and or geographic terms, FRS will provide an enhanced Rights Protection Mechanism that will offer trademark owners with an avenue to challenge the reservation and potential use of these domain names. This challenge process will be modeled after the highly successful dotAsia Pioneering Program.

• Content⁄Use: what restrictions, if any, the registry operator will impose on how a registrant may use its
registered name?

FRS will have an Acceptable Use Policy (AUP) that will govern how a registrant may use its registered name. A DRAFT
version of the policy (which may be amended from time to time) follows:

All .insurance domains must be used to serve the needs of the insurance community. By registering a name in a gTLD operated by FRS, you agree to be bound by the terms of this Acceptable Use Policy (AUP). In using your domain, you may not:

1. Use your domain for any purposes prohibited by the laws of the jurisdiction(s) in which you do business or any
other applicable law. For insurance companies, agents and brokers specifically, use your domain name for any
purposes prohibited by the insurance regulations of the regulator or government agency that issued your charter or
license is strictly prohibited.

2. Use your domain for any purposes or in any manner that violates a statute, rule or law governing use of the
Internet and⁄or electronic commerce (specifically including “phishing,” ʺpharming,ʺ and⁄or distributing Internet
viruses and other destructive activities).

3. Use your domain for the following types of activity:
- Violating the privacy or publicity rights of another member of the insurance community or any other person or
entity, or breaching any duty of confidentiality that you owe to another member of the .insurance gTLD community or
any other person or entity;
- Promoting or engaging in hate speech, hate crime, terrorism, violence against people, animals, or property, or
intolerance of or against any protected class;
- Promoting or engaging in defamatory, harassing, abusive or otherwise objectionable behavior;
- Promoting or engaging in pornography;
- Promoting or engaging in any spam or other unsolicited bulk email, or computer or network hacking or cracking;
- Promoting or engaging in any money laundering or terrorist financing activity;
- Infringing on the intellectual property rights of another member of the .insurance gTLD community or any other
person or entity;
- Engaging in activities designed to impersonate any third party or create a likelihood of confusion in sponsorship;
- Interfering with the operation of .insurance gTLD or services offered by FRS;
- Distributing or installing any viruses, worms, bugs, Trojan horses or other code, files or programs designed to,
or capable of, disrupting, damaging or limiting the functionality of any software or hardware;
- Disseminating content that contains false or deceptive language, or unsubstantiated or comparative claims,
regarding FRS;
- Licensing your domain to any third party during the period of your registration; or
- Engaging in behavior that is anti-competitive, boycotts or otherwise violates anti-trust laws.

You are responsible for the usage of your domain at all times during the period of your registration.

Proxy registrations are prohibited for all gTLDs operated by FRS.

By “use,” “usage” or “using” your domain name we mean any use involving the Internet, including but not limited to
website(s) and⁄or any pages thereof resolving at your domain, either directly or indirectly (including redirection,
framing, pop-up windows⁄browsers, linking, etc.) and email distribution and⁄or reception.

As part of the AUP, FRS will have complete enforcement rights over registrants’ use of domain names.

• Enforcement: what investigation practices and mechanisms exist to enforce the policies above, what resources are
allocated for enforcement, and what appeal mechanisms are available to registrants?

FRS proposes the use of both active and passive enforcement mechanisms to enforce the policies outlined above. As part of the AUP, FRS will have complete enforcement rights over registrant’s use of .insurance domain names.

If Registrant violates this AUP, Registrant will be subject to a rapid domain name compliance action, be in material
breach of the Agreement, and along with all other rights and remedies under this Agreement with respect to such a
breach, FRS reserves the right to revoke, suspend, terminate, cancel or otherwise modify Registrant’s rights to the
domain name.

On a regular basis, FRS will audit domain names registered in the .insurance gTLD to ensure compliance with all
eligibility and use criteria. If a violation is discovered, an investigation will immediately begin to rectify the violation.

If a registrant chooses to appeal, FRS will review the appeal to determine if there are any material changes to the
action or activity. FRS will retain the right to assign the dispute to an ombudsman if necessary. This appeal or referral process will operate on a cost-recovery basis.