28 Abuse Prevention and Mitigation

Prototypical answer:

Our policies require that controls are in place (and will remain in place) that are in compliance with the RRA, including multi-factor authentication (See Security Audit Report), as well as requiring multiple points of contact for update, transfer, and deletion requests and notification of multiple, unique points of contact when a domain has been modified (updated, transferred, deleted, etc.)

Abuse Prevention Policy

Use of the Domain Name
For each domain name registered by Registrar (on behalf of itself or a registrant), Registrar shall:

A. Ensure that the domain name is not registered, used, displayed, or exploited in contravention or violation of these policies or any other policies regarding .shop, in contravention of the laws of any jurisdiction where the domain name is accessible, or for any unlawful purpose, including, but not limited to, child pornography, child entrapment or abuse, advocacy of hatred, bigotry, or violence towards persons or groups on the basis of their religion, race, ethnicity, sexual orientation, or other immutable characteristics, theft of email service, or as a source of unsolicited bulk email or as an address to use for replying to unsolicited bulk email;

B. Ensure that the registration, use, display, and exploit of any domain name is done in good faith, and in accordance with international, federal, and state laws and regulations;

C. Not publicly offer, advertise, or otherwise make available the delegation of subdomains from the domain name;

D. Recognize that the use of the domain name may be subject to applicable laws in all jurisdictions in which the domain name is used or accessible, including those concerning trademarks and other types of intellectual property.

1) Single Abuse Point of Contact
The single abuse point of contact will be the network security administrator. As the network security administrator it is his⁄her job to have intricate knowledge about the registry and the network at Commercial Connect. This includes the following:
• Knowledge of how systems interact with the Commercial Connect Registry
• Intricate knowledge of which application on the registry have access to outside the network (internet)
• Be able to provide knowledge of the firewalls in place on the registry system
• Provide reports of usage on the registry (reports and log files on traffic)
• Also have intricate knowledge of any possible security risks or threats to the network or registry and be able to provide appropriate solutions to when threats or risks are discovered.

The plan for reaching this person during a single abuse point of contact will be to call customer support who will then determine if the appropriate action is to notify the network security administrator. The network security or a network security analyst backup will be on-call 24⁄7 for emergency issues. The abuse can be replayed through telephone or website inquiry. The implementation plan will ensure that this link, along with UDRP and other key policies are located at the bottom of our website and can be distributed in our WHOIS replied. The Senior Network Security office will receive all emails and phone calls related to abuse. The Senior Network Security Office or a network security analyst backup will be on-call 24⁄7 for emergency issues.

2) Handling of Complaints of Abuse
The handling of complaints of abuse will be followed in the following fashion. The first person of contact will be customer support who will help with basic troubles like log in information and any other basic account or connectivity problems. From there it will go to a network engineer who will help if a network device or registry system seems to be the trouble. From the network engineer it will then go to the Network Security Officer if it is believed that any sensitive or private information was accidently given out or if a major registry system⁄network system is failing. If the Network Security Officer is unable to resolve the issue, he will confer with network engineers, legal staff and⁄or administration and take the steps appropriate to resolve the situation or see that it has the proper attention.

3) Policy for glued orphans
The policy for glued orphans will be to change their name servers to show as invalid. This issue most not likely will occur until such a time that it is reported as abusive. Whether casual observance or an abuse situation, the Data Integrity Supervisor will be responsible for verifying and⁄or changing that status of glued orphan records and notify, by email, the domain owner, admin, and tech about the orphaned domain.

The owner, admin, and tech will then be allowed to change to another domain name server through their sponsoring registrar.


WHOIS Accuracy

Our WHOIS accuracy is directly tied to our verification process. Applicants are required to be verified annually, and this stringent verification process is what is available in the WHOIS record. This virtually eliminates the possibility of inaccurate or false WHOIS data.

Number and description of personnel roles in Abuse Prevention and Mitigation

3 – Customer Support⁄technical staff : These employees will be specifically trained on the proper way to handle support emails and phone calls as well as being trained to the level of N+ certification.
1 – Senior Customer Support Manager: Manages and helps out support staff that may have trouble with certain support calls or emails. Also is in charge of deciding if the situation is important enough to pass on to the Senior Network Engineer.
2 – Senior Network Engineer (one is Data Integrity Supervisor ): Is responsible for day to day tasks on the network including maintenance. Accepts support emails and support calls if the Senior Customer Support Manager deems the issue in question necessary for the Senior Network Engineer. If the Senior Network Engineer sees that the issue is important enough will pass the issue up to the Network Administrator.
1 – Network Security Officer: Is responsible for the overall health and security for the entire network and registry. It is the Network Security Administrators job to know the intricate workings of the entire network and registry operations. The network security administrator is also the single point of contact for abuse.

The following is extracted from our abuse prevention policy:

1.1 Commercial Connect LLC and the .shop domain name must only be used for lawful purposes. The creation, transmission, distribution, storage of, or linking to any material in violation of applicable law or regulation is prohibited. This may include, but is not limited to, the following:

(1) Communication, publication or distribution of material (including through links or framing) that infringes upon the intellectual and⁄or industrial property rights of another person. Intellectual and⁄or industrial property rights include, but are not limited to: copyrights (including future copyright), design rights, patents, patent applications, trademarks, rights of personality, and trade secret information.

(2) Use of a .shop domain name in circumstances in which:
(a) The .shop domain name is identical or confusingly similar to a personal name, company, business or other legal or trading name as registered with the United States government or other international rights and channels, or a trade or service mark in which a third party complainant has uncontested rights, including without limitation in circumstances in which:
(i) The use deceives or confuses others in relation to goods or services for which a trademark is registered in the United States or other similar international rights and channels, or in respect of similar goods or closely related services, against the wishes of the registered proprietor of the trademark; or
(ii) The use deceives or confuses others in relation to goods or services in respect of which an unregistered trademark or service mark has become distinctive of the goods or services of a third party complainant, and in which the third party complainant has established a sufficient reputation under United States government guidelines or other similar international rights and channels, against the wishes of the third party complainant; or
(iii) The use trades on or passes-off a .shop domain name or a website or other content or services accessed through resolution of a .shop domain as being the same as or endorsed, authorized, associated or affiliated with the established business, name or reputation of another; or
(iv) The use constitutes intentionally misleading or deceptive conduct in breach of US trademark recommendations, or the laws of the United States government or related international rights; or
(b) The .shop domain name has been used in bad faith, including without limitation the following:
(i) The User has used the .shop domain name primarily for the purpose of unlawfully disrupting the business or activities of another person; or
(ii) By using the .shop domain name, the user has intentionally created a likelihood of confusion with respect to the third party complainant s intellectual or industrial property rights and the source, sponsorship, affiliation, or endorsement of website(s), email, or other online locations or services or of a product or service available on or through resolution of a .shop domain name;
(iii) For the purpose of unlawfully selling, renting or otherwise transferring the domain name to an entity or to a commercial competitor of an entity, for valuable consideration in excess of a user’s documented out-of-pocket costs directly associated with acquiring the domain name;
(iv) As a blocking registration against a name or mark in which a third party has superior intellectual or industrial property rights.

(3) A .shop domain name registration which is part of a pattern of registrations where the user has registered domain names which correspond to well-known names or trademarks in which the user has no apparent rights, and the .shop domain name is part of that pattern;

(4) The .shop domain name was registered arising out of a relationship between two parties, and it was mutually agreed, as evidenced by writing, that the registrant would be an entity other than that currently in the register.

(5) Unlawful communication, publication or distribution of registered and unregistered know-how, confidential information and trade secrets.

(6) Communication, publication or distribution, either directly or by way of embedded links, of images or materials (including, but not limited to blatantly deviant, abusive and unlawful pornographic material and images or materials as defined under the US justice system) where such communication, publication or distribution is prohibited by or constitutes an offense under the laws of the United States government, whether incorporated directly into or linked from a web site, email, posting to a news group, internet forum, instant messaging notice which makes use of domain name resolution services in the .shop TLD.
Material that is considered blatantly deviant, abusive and unlawfully pornographic, indecent, and⁄or obscene or which is otherwise prohibited includes, by way of example and without limitation, real or manipulated images depicting child pornography, bestiality, excessively violent or sexually violent material, and material containing detailed instructions regarding how to commit a crime, an act of violence, or how to prepare and⁄or use illegal drugs.

(7) Communication, publication or distribution of defamatory material or material that constitutes racial vilification.

(8) Communication, publication or distribution of material that constitutes an illegal threat or encourages conduct that may constitute a criminal offense.

(9) Communication, publication or distribution of material that is in contempt of the orders of a court or another authoritative government branch, within the United States government.

(10) Use, communication, publication or distribution of software, technical information or other data that violates export control laws.

(11) Use, communication, publication or distribution of confidential or personal information or data which violates any right of privacy including confidential or personal information about persons that is collected without their knowledge or consent.

2. ELECTRONIC MAIL

2.1 We have the option to suspend your domain name for the following
Activities:

(1) Communicating, transmitting or sending unsolicited bulk email messages or other electronic communications (“junk mail” or “Spam”) of any kind including, but not limited to, unsolicited commercial advertising, informational announcements, and political or religious tracts as outlined in the current provisions and requirements of the United States government.

(2) Communicating, transmitting or sending any material by email or otherwise that harasses, or has the effect of harassing, another person or that threatens or encourages bodily harm or destruction of property including, but not limited to, malicious email and flooding a user, site, or server with very large or numerous pieces of email or illegitimate service requests.

(3) Communicating, transmitting, sending, creating, or forwarding fraudulent offers to sell or buy products, messages about “make-money fast”, “pyramid” or “Ponzi” type schemes or similar schemes, and “chain letters” whether or not the recipient wishes to receive such messages.

(4) Adding, removing, modifying or forging network header information with the effect of misleading or deceiving another person or attempting to impersonate another person by using forged headers or other identifying information (“Spoofing”).

3. Disruption of Commercial Connect, LLC Network

3.1 No-one may use Commercial Connect, LLC or a .shop domain name for the purpose of:

(1) Restricting or inhibiting any person in their use or enjoyment of Commercial Connect, LLC or a .shop domain name or any service or product of Commercial Connect, LLC.

(2) Actually or purportedly reselling Commercial Connect, LLC services and products without the prior written consent of Commercial Connect LLC.

(3) Transmitting any communications or activity which may involve deceptive marketing practices such as the fraudulent offering of products, items, or services to any other party.

(4) Providing false or misleading information to Commercial Connect, LLC or to any other party through the Commercial Connect network.

(5) Facilitating or aiding the transmission of confidential information, private, or stolen data such as credit card information (without the owner s or cardholder’s consent).

4. CONSUMER PROTECTION, FAIR TRADING

4.1 A user using a .shop domain to sell goods or services over the Internet must provide clear links with sufficient and accurate contact details on such website so that consumers have the ability to contact the seller of such goods or services, and so that customers and prospective customers are clearly advised of any territorial limitations on the offer, sale or provision of any goods or services offered, sold or provided, and of any applicable laws, jurisdiction or US government recommendations. In the event that it is credibly alleged that a .shop domain name registrant has not followed such laws, Commercial Connect, LLC will furnish the contact details for the registrant in accordance with the Commercial Connect, LLC Privacy Policy.

5. NETWORK INTEGRITY AND SECURITY

5.1 Users are prohibited from circumventing or attempting to circumvent the security of any host, network or accounts (“cracking” or “hacking”) on, related to, or accessed through the Commercial Connect, LLC network. This includes, but is not limited to:

(1) Accessing data not intended for such user;

(2) Logging into a server or account which such user is not expressly authorized to access;

(3) Falsifying a username or password;

(4) Probing the security of other networks;

(5) Executing any form of network monitoring which will intercept data not intended for such user.

5.2 Users are prohibited from effecting any network security breach or disruption of any internet communications including, but not limited to:

(1) Accessing data of which such user is not an intended recipient; or

(2) Logging onto a server or account which such user is not expressly authorized to access.

For the purposes of this section 5.2, “disruption” includes, but is not limited to:
Port scans, ping floods, packet spoofing; forged routing information; deliberate attempts to overload a service, and attempts to “crash” host; using Commercial Connect, LLC in connection with the use of any program, script, command, or sending of messages to interfere with another user’s terminal session by any means, locally or by the Internet.

5.3 Users who compromise or disrupt the Commercial Connect network systems or security may incur criminal or civil liability. Commercial Connect will investigate any such incidents and will cooperate with law enforcement agencies if a crime is suspected to have taken place.

NON-EXCLUSIVE, NON-EXHAUSTIVE

This Abuse Prevention Policy is intended to provide guidance as to what constitutes acceptable use of Commercial Connect, LLC and of the .shop domain name. However, this policy is neither exhaustive nor exclusive.

COMPLAINTS

Persons who wish to notify Commercial Connect, LLC of abusive conduct in violation of this policy may report the same pursuant, which is instituted by submitting to Commercial Connect a completed Use Policy Violation Complaint Form.

ENFORCEMENT

Commercial Connect, LLC may, in its sole discretion, suspend or terminate a user’s service for violation of any of the requirements or provisions of the United States government on receipt of a complaint if Commercial Connect LLC believes suspension or termination is necessary to comply with the law, protect the public interest, prevent unlawful activity or protect the health, safety, or privacy of an individual.

If immediate action is not required, Commercial Connect, LLC will work with registrants and a complainant to remedy violations.

LIMITATION OF LIABILITY

In no event shall Commercial Connect, LLC be liable to any user of the network, any customer, nor any third party for any direct, indirect, special or consequential damages for actions taken pursuant to this policy, including, but not limited to, any lost profits, business interruption, loss of programs or other data, or otherwise, even if Commercial Connect, LLC was advised of the possibility of such damages. Commercial Connect’s liability for any breach of a condition or warranty implied by the registration Agreement or this policy shall be limited to the maximum extent possible to one of the following (as Commercial Connect may determine):

(I) Supplying the services again; or

(ii) Paying the cost of having the services supplied again.

REMOVAL OF CONTENT RESPONSIBILITY

At its sole discretion, Commercial Connect, LLC reserves the right to:

(i) Remove or alter content, zone file data or other material from its servers provided by any person that violates the provisions or requirements of this policy; or

(ii) Terminate access to Commercial Connect, LLC’s domain name by any person that is determined to have violated the provisions or requirements of this policy.

In any regard, Commercial Connect, LLC is not responsible for the content or message of any newsgroup posting, email message, or web site regardless of whether access to such content or message was facilitated by the Commercial Connect network. Commercial Connect, LLC does not have any duty to take any action with respect to such content or message by creating this abuse prevention user’s policy, and Users of Commercial Connect, LLC are obliged and required to ensure that their use of a .shop domain name or Commercial Connect, LLC is at all times in accordance with the requirements of this abuse prevention policy and any applicable laws and⁄or regulations.

Law Enforcement Response

Commercial Connect will respond to law enforcement requests within 24 hours in most cases, or whatever is applicable, dependent on the violation or request from the governmental agency.

This is extracted from our anticipated RRA Agreement:

Registry-Registrar Agreement

This Registry-Registrar Agreement (this ʺAgreementʺ) is between Commercial Connec,t LLC dba Commercial Connect, a Delaware corporation, with its principal place of business located in Louisville, KY, USA (ʺRegistry Operatorʺ), and [Registrarʹs name], a [jurisdiction and type of organization], with its principal place of business located at [Registrarʹs location] (ʺRegistrarʺ).

WHEREAS, Registry Operator has entered a Registry Agreement with the Internet Corporation for Assigned Names and Numbers to operate a shared registration system and related services, TLD nameservers, and other equipment for the .shop top-level domain and the .shop second-level domains (collectively the ʺ.shop TLDʺ);

WHEREAS, multiple registrars will provide Internet domain name registration services within the .shop TLD; and

WHEREAS, Registrar wishes to act as a registrar for domain names within the .shop TLD,

NOW, THEREFORE, for and in consideration of the mutual promises, benefits and covenants contained herein and for other good and valuable consideration, the receipt, adequacy and sufficiency of which are hereby acknowledged, Registry Operator and Registrar, intending to be legally bound, hereby agree as follows:
1.17. The ʺVerification Toolkitʺ may be used to verify the right of an applicant for a Registered Name to register in the .shop TLD.
1.18. “TOU” means the Terms of Use Agreement between Registrar and Registered Name Holder.
Other terms used in this Agreement as defined terms shall have the meanings ascribed to them in the context in which they are defined.

2. OBLIGATIONS OF REGISTRY OPERATOR
2.1. Access to Registry System. Throughout the Term, Registry Operator shall provide Registrar with access as a registrar to the Registry System that Registry Operator operates according to its arrangements with ICANN. Nothing in this Agreement entitles Registrar to enforce any agreement between Registry Operator and ICANN.
2.2. Maintenance of Registrations Sponsored by Registrar. Subject to the provisions of this Agreement, the Registry Agreement, ICANN requirements, and Registry Operator requirements authorized by ICANN, Registry Operator shall maintain the registrations of Registered Names sponsored by Registrar in the Registry System during the term for which Registrar has paid the fees required.
2.3. Provision of Toolkit; License.
2.3.1. After the Effective Date and at least seven days prior to the date on which Registrar will begin operations in the .shop TLD, Registry Operator shall provide to Registrar a copy of the Registrar Toolkit, which shall provide sufficient technical specifications to allow Registrar to interface with the Registry System and employ the features of the Registry System that are available to Registrars for purposes of offering Registry Services. Subject to the terms and conditions of this Agreement, Registry Operator hereby grants Registrar and Registrar accepts a non-exclusive, non-transferable, worldwide limited license to use for the Term and purposes of this Agreement all components owned by or licensed to Registry Operator in and to the RRP, APIs, any reference client software and any other intellectual property included in the Registrar Toolkit, as well as updates and redesigns thereof, to provide domain name registration services in the .shop TLD only and for no other purpose.
2.3.2. After the Effective Date, Registry Operator may offer additional Toolkits described herein. Subject to the terms and conditions of this Agreement, Registry Operator hereby grants Registrar and Registrar accepts a non-exclusive, non-transferable worldwide limited license to use for the Term and purposes of this Agreement all components owned by or licensed to Registry Operator in and to the software and any other intellectual property included in such Toolkits, as well as updates and redesigns thereof, for the following purposes only and for no other purpose.
a. Verification Toolkit: for purposes of verifying domain name registration in the .shop TLD only and for no other purpose.
b. Additional Toolkits that Registry Operator may offer from time to time, to be provided on a basis and subject to licensing provisions of this Agreement. Registry Operator shall promptly notify Registrar regarding the Toolkit as such Toolkit becomes available.
2.4. Changes to System. Registry Operator may from time to time make modifications to the RRP, APIs, or other software licensed hereunder that will modify, revise or augment the features of the Registry System. Registry Operator will provide Registrar with at least ninety days’ notice prior to the implementation of any material changes to the RRP, APIs or software licensed hereunder. This notice period shall not apply in the event Registry Operatorʹs system is subject to the imminent threat of failure or a material security threat, or there is the discovery of a major security vulnerability or a Denial of Service (DoS) attack where the Registry Operatorʹs systems are rendered inaccessible by being subject to (i) excessive levels of data traffic, (ii) unauthorized traffic, or (iii) data traffic not conforming to the protocols used by the Registry Operatorʹs system.
2.5. Engineering and Customer Service Support. Registry Operator shall provide Registrar with engineering and customer service support.
2.6. Handling of Personal Data. Registry Operator shall notify Registrar of the purposes for which Personal Data submitted to Registry Operator by Registrar is collected, the intended recipients (or categories of recipients) of such Personal Data, and the mechanism for access to and correction of such Personal Data. Registrar shall provide all such information to holders of Registered Names it sponsors in the .shop TLD promptly upon receipt from Registry Operator. Registry Operator shall take reasonable steps to protect Personal Data from loss, misuse, unauthorized disclosure, alteration or destruction. Registry Operator shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars.
2.7. Service Level Agreement. Registry Operator shall issue credits to Registrar as described in, and shall otherwise comply with its known obligations.
2.8. ICANN Requirements. Registry Operatorʹs obligations hereunder are subject to modifications from time to time as the result of ICANN-mandated requirements and consensus policies. Notwithstanding anything in this Agreement to the contrary, Registrar shall comply with any such ICANN requirements and shall require any Registered Name Holder to comply with such requirements in accordance with implementation schedules and arrangements established by ICANN or the Registry Operator.
2.9. TOU. Registry Operator shall provide to Registrar a TOU. Registry Operator shall conduct random tests on samples of registered names to ensure compliance with the terms of The TOU.

3. OBLIGATIONS OF REGISTRAR
3.1. Accredited Registrar. During the Term of this Agreement, Registrar shall maintain in full force and effect its accreditation by ICANN as a registrar for the Registry TLD.
3.2. Registrar Responsibility for Customer Support. Registrar shall at a minimum provide (i) support to accept orders for Registered Names, including registrations, cancellations, deletions, and transfers, and (ii) customer service (including domain name record support) and billing and technical support to Registered Name Holders.
3.3. Registrarʹs Registration Agreement. At all times while it is sponsoring the registration of any Registered Name within the Registry System, Registrar shall have in effect an electronic or paper registration agreement with the Registered Name Holder. Registrar may from time to time amend those forms of registration agreement or add alternative forms of registration agreement, provided a copy of the amended or alternative registration agreement is furnished to the Registry Operator fourteen (14) calendar days in advance of the use of such amended registration agreement. Registrar shall include in its registration agreement with each Registered Name Holder those terms required by this Agreement and other terms that are consistent with Registrarʹs obligations to Registry Operator under this Agreement.
3.4. Indemnification Required of Registered Name Holders. In its registration agreement with each Registered Name Holder, Registrar shall require such Registered Name Holder to indemnify, defend and hold harmless Registry Operator, its subsidiaries, affiliates, divisions, shareholders, directors, officers, employees, accountants, attorneys, insurers, agents, predecessors, successors and assigns, from any and all claims, demands, losses, costs, expenses, causes of action or other liabilities of any kind, whether known or unknown, in any way arising out of, relating to, or otherwise in connection with the Registered Name Holderʹs domain name registration. The registration agreement shall further require that this indemnification obligation survive the termination or expiration of the registration agreement.
3.5. Data Submission Requirements. As part of its registration and sponsorship of Registered Names in the Registry TLD, Registrar shall submit complete data as required by technical and policy specifications of the Registry System that are made available to Registrar from time to time. Registrar shall be responsible for verifying the accuracy of the data submitted to the Registry Operator. Registrar hereby grants Registry Operator a non-exclusive, non-transferable, limited license to such data for propagation of and the provision of authorized access to the TLD zone files and as otherwise required in Registry Operatorʹs operation of the Registry TLD. This Subsection 3.5 does not limit the Registry Operatorʹs ability to directly receive data from Registered Name Holders.
3.6. Security. Registrar shall develop and employ in its domain name registration business all necessary technology and restrictions to ensure that its connection to the Registry System is secure and that all data exchanged between Registrarʹs system and the Registry System shall be protected to avoid unintended disclosure of information. Each RRP session shall be authenticated and encrypted using two-way secure socket layer protocol. Registrar agrees to authenticate every RRP client connection with the Registry System using both an X.509 server certificate issued by a commercial Certificate Authority identified by Registry Operator and its Registrar password, which it shall disclose only to its employees and contractors with a need to know and an obligation not to disclose. Registrar agrees to notify Registry Operator within four hours of learning that its Registrar password has been compromised in any way or if its server certificate has been revoked by the issuing Certificate Authority or compromised in any way. Registrar shall employ the necessary measures to prevent its access to the Registry System granted hereunder from being used to (i) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than its own existing customers; or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, any other registry operated under an agreement with ICANN, or any ICANN-accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.
3.7. Resolution of Technical Problems. Registrar shall employ necessary employees, contractors, or agents with sufficient technical training and experience to respond to and fix all technical problems concerning the use of the RRP, the APIs and the systems of Registry Operator in conjunction with Registrarʹs systems. In the event of significant degradation of the Registry System or other emergency, Registry Operator may, in its sole discretion, temporarily suspend Registrarʹs access to the Registry System. Such temporary suspensions shall be applied in a non-arbitrary manner and shall apply fairly to any registrar similarly situated, including affiliates of Registry Operator.
3.8. Time. In the event of any dispute concerning the time of the entry of a domain name registration into the Registry database, the time shown in the Registry records shall control.
3.9. Change in Registrar Sponsoring Domain Name. Registrar may assume sponsorship of a Registered Name Holderʹs existing domain name registration from another registrar by following the policy. When transferring sponsorship of a Registered Name to or from another registrar, Registrar shall comply with the requirements.
3.10. Compliance with Terms and Conditions. Registrar shall comply with, and shall include in its registration agreement with each Registered Name Holder as appropriate, all of the following:
3.10.1. ICANN standards, policies, procedures, and practices for which Registry Operator has responsibility in accordance with the Registry Agreement or other arrangement with ICANN; and
3.10.2. operational standards, policies, procedures, and practices for the Registry TLD established from time to time by Registry Operator in a manner consistent with the Registry Agreement and its Appendices, and consistent with ICANNʹs standards, policies, procedures, and practices. Among Registry Operatorʹs operational standards, policies, procedures, and practices, Additional or revised Registry Operator operational standards, policies, procedures, and practices for the Registry TLD shall be effective upon thirty days’ notice by Registry Operator to Registrar; and
3.10.3. The TOU.
3.11. Restrictions on Registered Names. In addition to complying with ICANN and Registry Operator standards, policies, procedures, and practices limiting domain names that may be registered, Registrar agrees to comply with applicable statutes and regulations limiting the domain names that may be registered.
3.12. Service Level Agreement. Registrar shall comply with its obligations.
3.13. Compliance Monitoring and Enforcement. Registrar agrees to comply with and facilitate random tests on samples of registered names to ensure compliance with the TOU. In addition, Registrar agrees to enforce the terms of the TOU as they relate to the Registered Name Holder as directed by the Registry Operator. In the event of a dispute between the Registry Operator and the Registrar,
Registrar agrees to defer to the opinion of the Registry Operator.

4. FEES
4.1. Amount of Registry Operator Fees. Registrar agrees to pay Registry Operator the fees set for initial and renewal registrations and other Registry Services provided by Registry Operator to Registrar (collectively, ʺFeesʺ). Registry Operator reserves the right to revise the Fees prospectively upon thirty days’ notice to Registrar, provided that such adjustments are consistent with Registry Operatorʹs Registry Agreement with ICANN. In addition, Registrar agrees to pay Registry Operator the applicable variable fees assessed to Registry Operator by ICANN, as permitted by Subsection 7.2(c) of the Registry Agreement by no later ten (10) days after the date of an invoice from Registry Operator for such fees.
4.2. Payment of Registry Operator Fees. In advance of incurring Fees, Registrar shall establish a letter of credit, deposit account, or other credit terms accepted by Registry Operator, which acceptance will not be unreasonably withheld. Registry Operator will invoice Registrar monthly in arrears for the Fees incurred by Registrar in the month. All Fees are due immediately upon receipt of Registry Operatorʹs invoice pursuant to the letter of credit, deposit account, or other credit terms.
4.3. Non-Payment of Fees. Registrarʹs timely payment of Fees is a material condition of Registry Operatorʹs obligations under this Agreement. In the event that Registrar fails to pay its Fees within five days of the date when due, Registry Operator may do any or all of the following: (i) stop accepting new initial or renewal registrations from Registrar; (ii) delete the domain names associated with invoices not paid in full from the Registry database; (iii) give written notice of termination of this Agreement and (iv) pursue any other remedy under this Agreement.

5. CONFIDENTIALITY AND INTELLECTUAL PROPERTY
5.1. Use of Confidential Information. During the Term of this Agreement, each party (the ʺDisclosing Partyʺ) may disclose its Confidential Information to the other Party (the ʺReceiving Partyʺ). Each partyʹs use and disclosure of the Confidential Information of the other party shall be subject to the following terms and conditions:
5.1.1. The Receiving Party shall treat as strictly confidential, and use all reasonable efforts to preserve the secrecy and confidentiality of, all Confidential Information of the Disclosing Party, including implementing reasonable physical security measures and operating procedures.
5.1.2. The Receiving Party agrees that it will use any Confidential Information of the Disclosing Party solely for the purpose of exercising its right or performing its obligations under this Agreement and for no other purposes whatsoever.
5.1.3. The Receiving Party shall make no disclosures whatsoever of any Confidential Information of the Disclosing Party to others; provided, however, that if the Receiving Party is a corporation, partnership, or similar entity, disclosure is permitted to the Receiving Partyʹs officers, employees, contractors (including sub-contractors) and agents who have a demonstrable need to know such Confidential Information, provided the Receiving Party shall advise such personnel of the confidential nature of the Confidential Information and of the procedures required to maintain the confidentiality thereof, and shall require them to acknowledge in writing that they have read, understand, and agree to be individually bound by the confidentiality terms of this Agreement.
5.1.4. The Receiving Party shall not modify or remove any confidentiality legends and⁄or copyright notices appearing on any Confidential Information of the Disclosing Party.
5.1.5. The Receiving Party agrees not to prepare any derivative works based on the Confidential Information.
5.1.6. Notwithstanding the foregoing, this imposes no obligation upon the parties with respect to information that (i) is or was disclosed in the absence of a confidentiality agreement and such disclosure is or was with the Disclosing Partyʹs prior written approval; or (ii) is or has entered the public domain through no fault of the Receiving Party; or (iii) is known by the Receiving Party prior to the time of disclosure; or (iv) is independently developed by the Receiving Party without use of the Confidential Information; or (v) is made generally available by the Disclosing Party without restriction on disclosure; or (vi) is necessarily disclosed to verify compliance with the restrictions for registration within the .shop TLD or (vii) is required to be disclosed by order of a court of competent jurisdiction, to the extent required by the order.
5.1.7. The Receiving Partyʹs duties under this shall expire two (2) years after the information is received or earlier, upon written agreement of the Parties.
5.1.8. EXCEPT AS MAY OTHERWISE BE SET FORTH IN A SIGNED, WRITTEN AGREEMENT BETWEEN THE PARTIES, THE PARTIES MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESSED OR IMPLIED, AS TO THE ACCURACY, COMPLETENESS, CONDITION, SUITABILITY, PERFORMANCE, FITNESS FOR A PARTICULAR PURPOSE, OR MERCHANTABILITY OF ANY CONFIDENTIAL INFORMATION, AND THE PARTIES SHALL HAVE NO LIABILITY WHATSOEVER TO ONE ANOTHER RESULTING FROM RECEIPT OR USE OF THE CONFIDENTIAL INFORMATION.
5.2. Intellectual Property.
5.2.1. Each party will continue to independently own its intellectual property, including all patents, trademarks, trade names, service marks, copyrights, trade secrets, proprietary processes and all other forms of intellectual property.
5.2.2. Without limiting the generality of the foregoing, no commercial use rights or any licenses under any patent, patent application, copyright, trademark, know-how, trade secret, or any other intellectual proprietary rights are granted by the Disclosing Party to the Receiving Party by this Agreement, or by any disclosure of any Confidential Information to the Receiving Party under this Agreement.

6. INDEMNITIES AND LIMITATION OF LIABILITY
6.1. Indemnification. Registrar, at its own expense and within thirty days after presentation of a demand by Registry Operator under this Section, will indemnify, defend and hold harmless Registry Operator and its subsidiaries, affiliates, divisions, shareholders, directors, officers, employees, accountants, attorneys, insurers, agents, predecessors, successors and assigns, from any and all claims, demands, losses, costs, expenses, causes of action or other liabilities of any kind, arising out of, relating to, or otherwise in connection with any claim, suit, action, or other proceeding brought against Registry Operator or any subsidiary, affiliate, division, shareholder, director, officer, employee, accountant, attorney, insurer, agent, predecessor, successor or assignee of Registry Operator: (i) relating to any product or service of Registrar; (ii) relating to any agreement, including Registrarʹs dispute policy, with any Registered Name Holder or Registrar; (iii) relating to Registrarʹs failure to comply with its obligations, or breach of representations and warranties under this Agreement; (iv) relating to Registrarʹs access or use of the Registry System in a manner that is inconsistent with the terms of this Agreement; or (v) relating to Registrarʹs domain name registration business, including, but not limited to, Registrarʹs advertising, domain name application process, systems and other processes, fees charged, billing practices and customer service. Registry Operator shall provide Registrar with prompt notice of any such claim, and upon Registrarʹs written request, Registry Operator will provide to Registrar all available information and assistance reasonably necessary for Registrar to defend such claim, provided that Registrar reimburses Registry Operator for Registry Operatorʹs actual and reasonable costs incurred in connection with providing such information and assistance. Registrar will not enter into any settlement or compromise of any such indemnifiable claim without Registry Operatorʹs prior written consent, which consent shall not be unreasonably withheld. Registrar will pay any and all costs, damages, and expenses, including, but not limited to, reasonable attorneysʹ fees awarded against or otherwise incurred by Registry Operator in connection with or arising from any such indemnifiable claim, suit, action or proceeding.
6.2. Representation and Warranty. Registrar represents and warrants that: (i) it is a corporation, limited liability company, partnership or other form of entity, as applicable, duly incorporated, organized or formed, and validly existing and in good standing under the laws of its jurisdiction of incorporation, organization or formation, (ii) it has all requisite corporate power and authority to execute, deliver and perform its obligations under this Agreement, (iii) the execution, performance and delivery of this Agreement has been duly authorized by Registrar, and (iv) no further approval, authorization or consent of any governmental or regulatory authority is required to be obtained or made by Registrar in order for it to enter into and perform its obligations under this Agreement.
6.3. Limitation of Liability. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS) REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL A PARTYʹS MAXIMUM AGGREGATE LIABILITY EXCEED THE TOTAL AMOUNT PAID TO REGISTRY OPERATOR UNDER THE TERMS OF THIS AGREEMENT. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, IN SUCH JURISDICTIONS, THE PARTIESʹ LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES IS LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.
6.4. Disclaimer of Warranties.
6.4.1. EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT, REGISTRY OPERATOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, IN CONNECTION WITH THIS AGREEMENT OR THE REGISTRAR TOOL KIT OR OTHER TOOL KITS, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF THIRD-PARTY RIGHTS UNLESS SUCH REPRESENTATIONS AND WARRANTIES ARE NOT LEGALLY EXCLUDABLE. WITHOUT ANY LIMITATION TO THE FOREGOING, REGISTRY OPERATOR MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER THAT THE FUNCTIONS CONTAINED IN THE REGISTRAR TOOL KIT OR OTHER TOOL KITS WILL MEET REGISTRARʹS REQUIREMENTS, OR THAT THE OPERATION OF THE REGISTRAR TOOL KIT OR OTHER TOOL KITS WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT DEFECTS IN THE REGISTRAR TOOL KIT OR OTHER TOOL KITS WILL BE CORRECTED. FURTHERMORE, REGISTRY OPERATOR DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE REGISTRAR TOOL KIT OR OTHER TOOL KITS OR RELATED DOCUMENTATION IN TERMS OF THEIR CORRECTNESS, ACCURACY, RELIABILITY, OR OTHERWISE. SHOULD THE REGISTRAR TOOL KIT, OTHER TOOL KITS, OR CERTIFICATE AND VERIFICATION SERVICES PROVE DEFECTIVE, REGISTRAR ASSUMES THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION OF REGISTRARʹS OWN SYSTEMS AND SOFTWARE.
6.4.2. Notwithstanding anything contained herein to the contrary, the Registrar Tool Kit and other toolkits are provided ʺas-isʺ and without any warranty of any kind.

7. INSURANCE
Registrar shall acquire, prior to the Effective Date, at least US$2,000,000 in comprehensive general liability insurance from a reputable insurance provider with an A.M. best rating of ʺAʺ or better and shall maintain insurance meeting these requirements throughout the Term of this Agreement. If Registrar is providing verification and digital security services through means independent of the toolkits provided by the Registry Operator or a Competitive Toolkit Provider (see Appendix L), the amount of the insurance required shall increase to US$5,000,000. Registrar shall name Registry Operator as an additional insured and shall maintain insurance meeting these requirements throughout the Term of this Agreement. Registrar shall on Registry Operatorʹs written request provide a copy of the insurance policy to Registry Operator.

8. DISPUTE RESOLUTION
Disputes arising under or in connection with this Agreement, including requests for specific performance shall be resolved through binding arbitration conducted as provided in this Section pursuant to the rules of the International Court of Arbitration of the International Chamber of Commerce (ʺICCʺ). The arbitration shall be conducted in the English language and shall occur in KY, USA. There shall be three arbitrators: each party shall choose one arbitrator and, if the two arbitrators are not able to agree on a third arbitrator, the third shall be chosen by the ICC. The parties shall bear the costs of the arbitration in equal shares, subject to the right of the arbitrators to reallocate the costs in their award as provided in the ICC rules. The parties shall bear their own attorneysʹ fees in connection with the arbitration, and the arbitrators may not reallocate the attorneysʹ fees in conjunction with their award. The arbitrators shall render their decision within ninety days of the initiation of arbitration. Any litigation brought to enforce an arbitration award shall be brought in a court located in Jefferson County, KY, USA; however, the parties shall also have the right to enforce a judgment of such a court in any court of competent jurisdiction. For the purpose of aiding the arbitration and⁄or preserving the rights of a Party during the pendency of arbitration, each Party shall have the right to seek temporary or preliminary injunctive relief from the arbitration panel or a court located in Jefferson County, KY, USA, which shall not be a waiver of this arbitration agreement.

9. TERM AND TERMINATION
9.1. Term of the Agreement; Revisions. The term of this Agreement shall commence on the Effective Date and, unless earlier terminated in accordance with the provisions of this Agreement, shall expire on the last day of the calendar month which is sixty months after the Effective Date (the ʺTermʺ). In the event that revisions to Registry Operatorʹs approved form of Registry-Registrar Agreement are approved or adopted by ICANN, Registrar will either execute an amendment substituting the revised agreement in place of this Agreement or, at its option exercised within fifteen days after receiving notice of such amendment, terminate this Agreement immediately by giving written notice to Registry Operator. In the event that Registry Operator does not receive such executed amendment or notice of termination of this Agreement from Registrar within such fifteen-day period, Registrar shall be deemed to have accepted such amendment.
9.2. Termination. This Agreement may be terminated as follows:
9.2.1. Termination for Cause. In the event that either party materially breaches any of its obligations under this Agreement and such breach is not substantially cured within thirty calendar days after written notice thereof is given by the other party, then the non-breaching party may, by giving written notice thereof to the other party, terminate this Agreement as of the date specified in such notice of termination.
9.2.2. Termination at Option of Registrar. Registrar may terminate this Agreement at any time by giving Registry Operator thirty days’ notice of termination.
9.2.3. Termination upon Loss of Registrarʹs Accreditation. This Agreement shall terminate in the event Registrarʹs accreditation by ICANN is terminated or expires without renewal. Notwithstanding the foregoing, Registrar may assign this Agreement.
9.2.4. Termination in the Event of Termination of Registry Agreement. This Agreement shall terminate in the event that Registry Operatorʹs Registry Agreement with ICANN is terminated or expires without entry of a subsequent Registry Agreement with ICANN and this Agreement is not assigned.
9.2.5. Termination in the Event of Insolvency or Bankruptcy. Either Party may terminate this Agreement if the other Party is adjudged insolvent or bankrupt, or if proceedings are instituted by or against a Party seeking relief, reorganization or arrangement under the laws of such insolvent or bankrupt Partyʹs jurisdiction relating to insolvency, or seeking any assignment for the benefit of creditors, or seeking the appointment of a receiver, liquidator or trustee of a Partyʹs property or assets or the liquidation, dissolution or winding up of a Partyʹs business.
9.3. Effect of Termination. Upon the expiration or termination of this Agreement for any reason:
9.3.1. Registry Operator will complete the registration of all domain names processed by Registrar prior to the effective date of such expiration or termination, provided that Registrarʹs payments to Registry Operator for Fees are current and timely.
9.3.2. Registrar shall immediately transfer its sponsorship of all Registered Names to another Authorized Registrar in compliance with any procedures established or approved by ICANN. The Authorized Registrar receiving sponsorship of the Registered Names shall be responsible for all unpaid fees, if any.
9.3.3. All Confidential Information of the Disclosing Party in the possession of the Receiving Party shall be immediately returned to the Disclosing Party.
9.3.4. All Fees owing to Registry Operator shall become immediately due and payable.
9.4. Survival. In the event of termination of this Agreement, the following shall survive: (i) Subsections 2.6, 3.5, 5.1, 5.2, 6.1, 6.3, 6.4, 8.1, 9.4, 10.2, 10.3, 10.4, 10.6, 10.7, 10.9 and 10.10, and (ii) the Registered Name Holderʹs indemnification obligation. Neither Party shall be liable to the other for damages of any sort resulting solely from terminating this Agreement in accordance with its terms.

10. MISCELLANEOUS
10.1. Assignments.
10.1.1. Assignment to Successor Registry Operator. In the event the Registry Operatorʹs Registry Agreement is terminated or expires without entry by Registry Operator and ICANN of a subsequent registry agreement, Registry Operatorʹs rights under this Agreement may be assigned to a company with a subsequent registry agreement covering the Registry TLD upon ICANNʹs giving Registrar written notice within sixty days of the termination or expiration, provided that the subsequent registry operator assumes the duties of Registry Operator under this Agreement.
10.1.2. Assignment in Connection with Assignment of Agreement with ICANN. In the event that Registry Operatorʹs Registry Agreement with ICANN for the Registry TLD is validly assigned, Registry Operatorʹs rights under this Agreement shall be automatically assigned to the assignee of the Registry Agreement, provided that the assignee assumes the duties of Registry Operator under this Agreement. In the event that Registrarʹs accreditation agreement with ICANN for the Registry TLD is validly assigned, Registry Operatorʹs rights under this Agreement shall be automatically assigned to the assignee of the accreditation agreement, provided that the subsequent registry operator assumes the duties of Registry Operator under this Agreement.
10.1.3. Other Assignments. Except as otherwise expressly provided in this Agreement, the provisions of this Agreement shall inure to the benefit of and be binding upon, the successors and permitted assigns of the parties. Registrar shall not assign or transfer its rights or obligations under this Agreement without the prior written consent of the Registry Operator, which shall not be unreasonably withheld.
10.2. Notices. Any notice or other communication required or permitted to be delivered to any Party under this Agreement shall be in writing and shall be deemed properly delivered, given and received when delivered (by hand, by registered mail, by courier or express delivery service, by e-mail, or by telecopy during business hours) to the address or telecopy number set forth beneath the name of such Party below, unless party has given a notice of a change of address in writing:

With copy to:
If to Registry Operator:
Registry Services Corporation dba Commercial Connect LLC, a Delaware corporation
1416 S. Third St.
Louisville, KY USA 40208-2117
Attention: CEO
Telephone: + 1 502 636-3091
Facsimile: + 1 502 634-1484
With a copy to:
Registry Services Corporation dba Commercial Connect, a Delaware corporation
1416 S. Third St.
Louisville, KY USA 40208-2117
Attention: Policy Director
Telephone: + 1 502 636-3091
Facsimile: + 1 502 634-1484

10.3. Third-Party Beneficiaries. The Parties expressly agree that ICANN is an intended third-party beneficiary of this Agreement. Otherwise, this Agreement shall not be construed to create any obligation by either party to any non-party to this Agreement, including any holder of a Registered Name. Registrar expressly acknowledges that it is not a third party beneficiary of the Registry Agreement and does not by reason of this Agreement obtain any rights thereunder in any respect.
10.4. Relationship of the Parties. Nothing in this Agreement shall be construed as creating an employer-employee or agency relationship, a partnership or a joint venture between the parties.
10.5. Force Majeure. Neither party shall be liable to the other for any loss or damage resulting from any cause beyond its reasonable control (a ʺForce Majeure Eventʺ) including, but not limited to, insurrection or civil disorder, war or military operations, national or local emergency, acts or omissions of government or other competent authority, compliance with any statutory obligation or executive order, industrial disputes of any kind (whether or not involving either partyʹs employees), fire, lightning, explosion, flood subsidence, weather of exceptional severity, and acts or omissions of persons for whom neither party is responsible. Upon occurrence of a Force Majeure Event and to the extent such occurrence interferes with either partyʹs performance of this Agreement, such party shall be excused from performance of its obligations (other than payment obligations) during the first six months of such interference, provided that such party uses best efforts to avoid or remove such causes of nonperformance as soon as possible.
10.6. Amendments. Except as otherwise expressly stated in this Agreement, no amendment, supplement, or modification of this Agreement or any provision hereof shall be binding unless executed in writing by both parties.
10.7. Waivers. No failure on the part of either party to exercise any power, right, privilege or remedy under this Agreement, and no delay on the part of either party in exercising any power, right, privilege or remedy under this Agreement, shall operate as a waiver of such power, right, privilege or remedy; and no single or partial exercise or waiver of any such power, right, privilege or remedy shall preclude any other or further exercise thereof or of any other power, right, privilege or remedy. Neither party shall be deemed to have waived any claim arising out of this Agreement, or any power, right, privilege or remedy under this Agreement, unless the waiver of such claim, power, right, privilege or remedy is expressly set forth in a written instrument duly executed and delivered on behalf of such party; and any such waiver shall not be applicable or have any effect except in the specific instance in which it is given.
10.8. Further Assurances. Each party hereto shall execute and⁄or cause to be delivered to each other Party hereto such instruments and other documents, and shall take such other actions, as such other Party may reasonably request for the purpose of carrying out or evidencing any of the transactions contemplated by this Agreement.
10.9. Entire Agreement. This Agreement (including its exhibits, which form a part of it) constitutes the entire agreement between the parties concerning the subject matter of this Agreement and supersedes any prior agreements, representations, statements, negotiations, understandings, proposals or undertakings, oral or written, with respect to the subject matter expressly set forth herein.
10.10. Governing Law. This Agreement is governed by the laws of the State of Kentucky, USA.
IN WITNESS WHEREOF, the Parties hereto have executed this Agreement as of the date set forth in the first paragraph hereof.

• Registry Services Corporation dba Commercial Connect, a Deleware corporation.

Exhibit A: Registrar Toolkit

The Registrar Toolkit (RTK) is a software development kit that will support the development of a registrar software system for registering domain names within the .shop registry using the registry-registrar protocol (RRP) used in the .shop TLD registry. The RTK will consist of software and documentation as described below.
The software will consist of a working Java sample that can be used to implement the EPP protocol that is used to communicate between the registry and Registrar. The samples will illustrate how XML requests (Registration Events) can be assembled and forwarded to the registry for processing. The software will provide the Registrar with the basis for a reference implementation that conforms to the RRP.

The documentation will provide the registrar with details of the RRP protocol specification. The documentation will also include a description of the API implemented within the RTK software.
The RTK will remain under continuous development and will provide support for additional features as they become available, as well as other platform and language support. Changes to the Registry System will be made in compliance with Subsection 2.4 of this Agreement.

Registry Toolkit shall be subject to the license set forth in Subsection 2.3 of this Agreement.
ADDITIONAL TOOLKITS
Verification Toolkit: Registry Operator may offer a toolkit service to Registrar, through which Registry Operator or a sub-contractor(s) will verify all the right of an applicant for a Registered Name to register in the .shop TLD.
Additional Toolkits: If Registry Operator offers additional Toolkits from time to time, they will be provided on a similar basis and subject to similar licensing provisions as Subsection 2.3.2 of this Agreement.
Additional Policies: The Registry Operator toolkits are provided in addition to, and separate from, Registry Operatorʹs policies and specifications for manual verifications that may be conducted by Registrar or competitive toolkits that may be used by Registrar to verify the qualifications of a .shop applicant.

________________________________________
Exhibit B: Engineering and Customer Service Support
Registry Operator will provide a wide range of customer service options to Registrars, including:
• Telephone and e-mail support for incidents requiring an interactive response from RegistryPro representatives.
• Web based tools allowing Registrars to obtain information about their accounts and diagnose problems they may be having with the Registry.
• Automatically generated reports.

These customer service options are intended to provide Registrars with responses to general inquiries relating to registry operations, technical support, account management, and billing and financial issues.

Each of these customer service options is described below.
Telephone and E-mail Support: Telephone and e-mail support will be provided to Registrars to allow them to inform the Registry of service-related issues and obtain information about the registryʹs operations or their accounts. Telephone and e-mail support services can be used to submit issues Registrars may have that cannot be addressed through other customer support avenues.
Registry Operator will provide telephone and e-mail support services for no less than eight hours per day, from 10:00 A.M. until 6:00 P.M. U.S. Eastern Time Monday through Friday, excluding holidays.
Web Based Tools. Registry Operator will provide a variety of web-based tools to provide Registrars information about their accounts and diagnose problems they may be having with the Registry.
Examples of the tools that will be provided include:
• Obtain information on account balances, payments received, and other billing-related information
• Generate reports in real-time, including:
• History of transactions performed on an object within the registry
• History of transactions performed within a specific date range
• History of billing-related transactions performed within a specific date range
• Identify all domain names sponsored by the requesting Registrar associated with a specified name server or contact
Automatically Generated Reports: Registry Operator will provide certain reports to all Registrars on a periodic basis. Examples of these reports include:
• All domains registered, renewed, or deleted within a specific time period by such Registrar
• All billable transactions performed within a specific time period by such Registrar
• All objects currently registered by such Registrar
Security of Customer Support: With the exception of certain simple questions that may be handled by telephone, all customer service requests will be authenticated prior to being acted upon. Each Registrar will designate certain individuals within its organization and specify the types of customer service operations it may authorize, according to Registry Operatorʹs security policies. Requestors will be identified and authenticated through mechanisms that may include the use of passwords and call back numbers for telephone communications, the use of digital signatures for e-mail communications, or the use of digital certificates, passwords, and IP address filters for web-based communications.

Average Call Back Times:

When Registrar emails or faxes a service request to the Customer Support Center, Registry Operator will contact Registrar based on the initial incident priority.
Priority Call Back Time
1 20 minutes
2 1-business hour
3 1-business day
4 2-business days

Average Resolution Time

Registry Operatorʹs goal is to provide Registrars with a rapid response and resolution to inquiries; however the following guidelines may be useful:
Priority Average Resolution Time
1 2-business hours
2 1-business day
3 3-business days
4 5-business days

Ticket Prioritization
All incoming tickets will receive prioritization based on the reported problem. Registry Operator reserves the right to adjust the severity of an issue.

Priority 1 A priority 1 ticket is the highest priority within the Support Center system. The Center will make every reasonable effort within its control to ensure that Registrar is operational as soon as possible. Registry Operator will be in regular contact with Registrar until the problem is resolved. Typical Priority 1 issues include:
• System inoperative

Priority 2 Typically a Priority 2 ticket is for a problem that prevents the Registrar from completing non-registration business but does not cause Registrarʹs use of the registry to become completely inoperable. Registry Operator will make every reasonable effort to resolve the reported problem as soon as possible. Typical Priority 2 issues include:
• Domain-name resolution impacted
• Registration activities impaired
• Registrar access to Registry Services is limited
• Serious installation or upgrade issues (installation and upgrade issues may be considered Priority 1 issues if they seriously impact progress towards completion and⁄or production dates)

Priority 3 A Priority 3 ticket is for a problem that causes a feature or system failure that can be avoided by the Registrar applying alternative methods. Typical Priority 3 issues include the following:
• Reports will not run
• Performance problems
• Functionality issues
• Receiving error messages in the reports
• Receiving console error messages
• Exporting⁄importing data files failing
• Upgrade or installation planning

Priority 4 A Priority 4 ticket is for a minor problem having only a minimal impact on the Registrarʹs business. Typical Priority 4 issues include:
• General product questions
• Product shipment questions

Escalation

The Customer Support Center is committed to resolving all Registrar issues in a timely and efficient manner. However, in the event that Registrar is not satisfied with the support that Registry Operator is providing, there is an escalation process that Registrar may exercise.
If Registrar has not received satisfactory service from the Customer Support Center, escalate concerns through the following resources
1. Account Manager
2. Customer Support Center Director
3. Vice-President of Customer Service

________________________________________
Exhibit C: Registrarʹs Registration Agreement
[To be supplied by Registrar]

________________________________________
Exhibit D: Policy on Transfer of Sponsorship of Registrations between Registrars

A. Holder-Authorized Transfers.

Registrar Requirements:
The registration agreement between Registrar and its Registered Name Holder shall include a provision explaining that a Registered Name Holder will be prohibited from changing its Registrar during the first 60 days after initial registration of the Registered Name with the Registrar, and in no event may such transfers occur until the Registry Live Start Date (as defined in Appendix J to the Registry Agreement). Beginning on the 61st day after the initial registration with Registrar, the procedures for change in sponsoring registrar set forth in this policy shall apply. Enforcement shall be the responsibility of the registrar sponsoring the domain name registration.

A Registered Name Holder may only change its sponsoring registrar to a registrar accredited by ICANN for the .shop TLD that has entered into, and has currently in effect, the Registry-Registrar Agreement with Registry Operator (ʺAuthorized Registrarʺ). For each instance where a Registered Name Holder wants to change its registrar for an existing Registered Name, the gaining Authorized
Registrar shall:

1) Obtain express authorization from an individual who has the apparent authority to legally bind the Registered Name Holder (as reflected in the database of the losing Authorized Registrar).
a) The form of the authorization is at the discretion of each gaining Authorized Registrar.
b) The gaining Authorized Registrar shall retain a record of reliable evidence of the authorization.

2) In those instances when the Authorized Registrar of record is being changed simultaneously with a transfer of a Registered Name from one party to another, the gaining Authorized Registrar shall also obtain appropriate authorization for the transfer. Such authorization shall include, but not be limited to, one of the following:
a) A bilateral agreement between the parties.
b) The final determination of a binding dispute resolution body.
c) A court order.

Before a Registered Name is transferred from one Registered Name Holder to another, the potential new Registered Name Holder must qualify for registration of the Registered Name according to the Registry Agreement (including its Appendices).

3) Request, by the transmission of a ʺtransferʺ command as specified in the RRP, that the registry database be changed to reflect the new Authorized Registrar.
a) Transmission of a ʺtransferʺ command constitutes a representation on the part of the gaining Authorized Registrar that:
(1) The requisite authorization has been obtained from the Registered Name Holder listed in the database of the losing registrar,
(2) The losing registrar will be provided with a copy of the authorization if and when requested, and
(3) The gaining new Registered Name Holder has been has issued a digital certificate or digital security products and verified as eligible to register in such PS-SLD.
In those instances when the Registrar of record denies the requested change of Registrar, the Registrar of record shall notify the prospective gaining Registrar that the request was denied and the reason for the denial.
Instances when the requested change of sponsoring Registrar may be denied include, but are not limited to:
1) Situations described in the Domain Name Dispute Resolution Policy
2) A pending bankruptcy of the Registered Name Holder
3) Dispute over the identity of the Registered Name Holder
4) Request to transfer sponsorship occurs within the first 60 days after the initial registration with the Registrar
In all cases, the losing Registrar shall respond to the e-mail notice regarding the ʺtransferʺ request within five (5) days. Failure to respond will result in a default ʺapprovalʺ of the ʺtransfer.ʺ
Registry Requirements:
Upon receipt of the ʺtransferʺ command from the gaining Registrar, Registry Operator will transmit an e-mail notification to both registrars.
If the object does not have any of the CLIENT-NO-TRANSFER, LOCK, CLIENT-LOCK, HOLD, PENDING-VERIFICATION, or DELETE-PENDING status properties associated with it, Registry Operator shall complete the ʺtransferʺ if either:
1) The losing Registrar expressly ʺapprovesʺ the request, or
2) Registry Operator does not receive a response from the losing Registrar within five (5) days.
When the Registryʹs database has been updated to reflect the change to the gaining Registrar, Registry Operator will transmit an email notification to both Registrars.
Records of Registration:
Each Registered Name Holder shall maintain its own records appropriate to document and prove the initial domain name registration date, regardless of the number of registrars with which the Registered Name Holder enters into a contract for registration services.
Effect on Term of Registration:
The completion by Registry Operator of a holder-authorized transfer under this Part A shall result in a one-year extension of the existing registration, provided that in no event shall the total unexpired Term of a registration exceed ten (10) years.
B. ICANN-Approved Transfers.
Transfer of the sponsorship of all the registrations sponsored by one Registrar as the result of acquisition of that Registrar or its assets by another Registrar may be made according to the following procedure:
(a) The gaining Registrar must be accredited by ICANN for the Registry TLD and must have in effect the Agreement with Registry Operator for the Registry TLD.
(b) ICANN must certify in writing to Registry Operator that the transfer would promote the community interest, such as the interest in stability that may be threatened by the actual or imminent business failure of a Registrar.
Upon satisfaction of these two conditions, Registry Operator will make the necessary one-time changes in the registry database for no charge, for transfers involving 50,000 name registrations or fewer. If the transfer involves registrations of more than 50,000 names, Registry Operator will charge the gaining Registrar a one-time flat fee of US$ 50,000.

________________________________________
Exhibit E: Registry Operatorʹs Operational Standards, Policies, Procedures, and Practices
Registry Operatorʹs Operational Standards, Policies, Procedures, and Practices set forth in this Exhibit E are subject to those set forth in the relevant Appendices to the Registry Agreement.
I. Cancellation of Registered Names. Registry Operator may transfer, modify, or cancel any Registered Name (i) for violations of this Agreement and its Exhibits or (ii) to correct mistakes made by Registry Operator or any Registrar in connection with a domain name registration.
II. Registrar Compliance with .shop TLD Requirements. Registrar will comply with the restrictions, requirements, and policies in Appendices J, L, and M of the Registry Agreement.
III. Additional Requirements for Registration Agreement. In addition to requiring a registration agreement with the provisions described in Subsection 3.4 of this Agreement, before the Registry Operator will accept applications for registration from Registrar, Registrarʹs registration agreement (see Subsection 3.3 of this Agreement) with each Registered Name Holder must include, at a minimum, the following representations, warranties, agreements, and certifications by the Registered Name Holder:
a) Represent and Warrant that the data provided in the domain name registration application is true, correct, up to date, and complete; The registrant will at all times during the term of its registration keep the information provided above up to date;
b) Represent and warrant that the registration satisfies the applicable .shop restrictions at the time of registration;
c) Represent and warrant that the registration satisfies the digital security requirements stated in Appendix L of the Registry Agreement;
d) Agree to be subject to the Qualification Challenge Policy and the Uniform Domain Name Dispute Resolution Policy (the ʺUDRPʺ);
e) Agree not to make any representation to any person or entity that expressly or impliedly convey that the registration of the Registered Name in any way signifies or indicates that the Registered Name Holder possesses any general or specific professional qualifications, including, but not limited to, professional qualifications in a particular field;
f) Certify that the Registered Name Holder has the authority to enter into the registration agreement;
g) For applications during the Sunrise Period, certify that the registration qualifies for a Sunrise Registration, as set forth in Appendix J of the Registry Agreement.
h) Agree to the use, copying, distribution, publication, modification and other processing of Registered Name Holderʹs Personal Data by Registry Operator and its designees and agents in a manner consistent with the purposes specified pursuant to Subsection 2.6 of this Agreement.
i) Acknowledge that Registry Operator will have no liability of any kind for any loss or liability resulting from the proceedings and processes relating to the Sunrise Period including, without limitation: (i) the ability or inability of any registrant to obtain a Registered Name during these periods, and (ii) the results of any dispute over a Sunrise Registration.
IV. Incorporation of .shop Restrictions and Challenge Processes.
In addition, Registrar agrees to incorporate the following text (or translation of such text into relevant language) into its registration agreement:
ʺThe Registered Name Holder acknowledges having read and understood and agrees to be bound by the terms and conditions of the following documents, as they may be amended from time to time, which are hereby incorporated and made an integral part of this Agreement
(i) The Uniform Domain Name Dispute Resolution Policy, available at http:⁄⁄www.icann.org⁄dndr⁄udrp⁄ policy.htm
(ii) (For registration agreements relating to Sunrise Registrations only) The Sunrise Period Rules and Sunrise Dispute Resolution Policy.

Mechanisms will be in place for the notificaton and eventual suspension of domain regsitrants that either do not qualify to operate a .SHOP TLD or are operating it inconsistently with its intended use. Two Warning will be sent and an appeal process will be available before action is taken to suspend a .SHOP TLD.

Similar gTLD applications: (0)