RSP Program: ICANN launches a Registry Service Provider Evaluation Program

In 2024, the Internet Corporation for Assigned Names and Numbers (ICANN), the international organisation managing the use of IP addresses and Internet domain names, decided to launch a Registry Service Provider Evaluation Program.

An RSP provides one or more of the critical technical services necessary for the operation of a generic Top-Level Domain (gTLD). It guarantees its availability, stability and security.

The ICANN evaluation will concern the next round of gTLD applications set for spring 2026 and encompasses the different existing types of RSP:

• Main RSPs: which operate the registration database for a gTLD, undertake escrow of domain registration data, and operate the Extensible Provisioning Protocol (EPP) and Registry Data Access Protocol (RDAP) services for a gTLD.
• DNS RSPs: which operate one or more Domain Name System (DNS) servers for a gTLD.
• DNSSEC RSPs: which undertake the cryptographic operations necessary for DNS Security Extensions (DNSSEC) for a gTLD.
• Proxy RSPs: which perform registration validation to comply with applicable local law in a given jurisdiction.

What is the RSP Program?

The Program is intended to reduce the cost and time involved in evaluating new gTLDs by separating the assessment of the technical aspects of operating a gTLD from the application for the gTLD label.

All new gTLD applicants are required to use evaluated RSPs for the upcoming gTLD application period set for spring 2026.

RSPs need only be evaluated once, regardless of the number of gTLDs they support.

The RSP evaluation program put in place by ICANN comprises the following stages:

• an application submission period for RSP Pre-Evaluation from 19 November 2024 to 20 May 2025;
• an evaluation period coinciding with the gTLD application submission period projected to open in April 2026;
• publication of public portions of pre-evaluated RSPs on 9 December 2025 and continuously updated after this date.

In addition to guaranteeing the registry’s availability and (cyber)security, RSPs are the main intermediary for registrars and data escrow agents, and the entity that registry and domain owners rely on to guarantee sound management.

It is consequently their skills and expertise that ICANN has chosen to evaluate in its Registry Service Provider Evaluation Program.

Its goal is to certify ‘good’ RSPs so that registry/domain owners or potential applicants for the next ICANN round in 2026 can select a trusted partner.

Afnic: a trusted partner for TLD registry management

Afnic manages twenty TLDs: .fr (a country-code TLD or ccTLD), the overseas French TLDs, and brandTLDs including .leclerc, .mma, .sncf, .total, as well as geographic TLDs (or geoTLDs) such as .bzh (which is celebrating its 10^th anniversary), .corsica, .alsace and .paris.

As the .fr registry operator for over 25 years, Afnic is participating in this evaluation program. Its bank of knowledge and expertise has earned it a place on the official list of pre-evaluated RSPs that will be published by ICANN in 2025.

Afnic has all of the technical, legal and commercial skills required to operate a Top-Level Domain registry on a daily basis.

An efficient and flexible registration system

As a reminder, this program will run for 6 months, from 19 November 2024 to 20 May 2025.

During this period, Afnic will once again, prove its strong financial position, its legal expertise, the quality of its support teams, and its back-end expertise.

Whether in terms of the design, deployment or maintenance of a computer application for the 24/7 management of a registry, or that of the production teams tasked with overseeing the Network Operation Centre and Security Operation Centre for the network’s infrastructure.

Afnic will therefore be tested on points such as security controls encompassing both physical security and logical security regarding in-house and all third-party vendors (e.g. data centres, software publishers) relevant to the registry services under application.

Characteristics that are covered by the ISO 27001 certification awarded to Afnic for over nine years.

Afnic will also provide information on the systems and software relating to the registry’s operation. This notably includes types of operating systems, application software, programming languages, virtualisation environments, network elements, appliances, and sizing requirements.

It should be noted that ICANN requires that these software and systems must be both modern and in common use.

This approach supports our strategy. In October 2022, we completed the go-live of our new registry management system for the .fr TLD, i.e. the day-to-day management of over 4 million domain names. This migration went off without a hitch thanks to the wealth of expertise built up over more than 20 years.

The evaluation will demonstrate the flexibility of our domain name management platform.

To date, we operate some twenty domains (country, brand, geo, and generic) all from the same application system

which can be configured to implement the desired management policies of each registry operator. These are what are known as registry policies.

A first-class registry service and very short response times

Using the same application system, Afnic deploys a specific version for each registry, whether in terms of the management rules applied or the application location.

In other words, Afnic hosts the application wherever the customer chooses as long as the conditions are met to provide optimal quality of service (QoS), which is overseen on a daily basis by ICANN.

ICANN has a set of specific technical rules that act as market standards and apply to all gTLDs. Afnic’s application is 100% compliant with these rules.

In addition to this, our system allows any registry operators so wishing to implement specific rules, allowing for differentiated management of .fr and .museum domain names, for example.

ICANN therefore evaluates Afnic’s ability to provide the same service quality to a registry operating a thousand domain names (.museum) and another with over 4 million domain names (.fr).

Furthermore, ICANN verifies Afnic’s ability to provide very short response times over the global Internet, meaning that Internet users must have fast access to the service requested, wherever they are. To ensure this, Afnic has developed a network of partners based on various transit data centres in France that form an Anycast network consisting of over 300 points of presence worldwide, on all continents. This guarantees minimal latency for Internet requests.

Security and resilience: Afnic recognised by the ICANN program

ICANN also ensures that Afnic is capable of countering the different types of common Internet attacks these days, such as Distributed Denial of Service (DDOS).

Afnic implements a wide range of tools to considerably mitigate, and even completely in some cases, the impact of these attacks.

This ability to mitigate risks and attacks is something that Afnic has long considered a priority, given that we comply with the European Network and Information Security Directive (NIS 1), are ISO 27001 certified, and are working on the full implementation of NIS 2.

This evaluation program will also ‘certify’ our expertise in DNS management, which, more importantly, is secured via the implementation of DNSSEC and, in an international context, via the validation of our capacity to manage domain names in non-Latin scripts (use of IDNs on the second and third levels).

This ambitious ICANN program, which Afnic will be part of, will once again underscore, on the global stage, Afnic’s skills and expertise as a partner of choice for all stakeholders harnessing or looking to harness the Internet’s potential.