Australian Domain Administration Policies
(as of November 4, 2020)
auDA is the policy authority for the .au domain space, responsible for the development, review and enforcement of policies dealing with the registration of .au domain names and the operation of the Australian domain industry.
Below is a list of auDA’s current Published Policies, Guidance Notes, Administrative Arrangements, Dispute Resolution policies and our Privacy Policy. All Published Policies, Guidance Notes, Administrative Arrangements and Dispute Resolution policies are considered in their entirety as ‘Published Policies’. For a comprehensive list of all auDA policies since 2002, please refer to the Index of Published Policies.
2020-01 – Major Disaster Policy (Temporary)
Policy Title: Major Disaster Policy (Temporary)
Policy No: 2020-01
Publication Date: 20 January 2019
Status: Current
1.1. OVERVIEW
1.1.1 The bushfires have had a devastating impact on Australian communities. The Australian Government has declared the bushfires a major disaster affecting several local government areas (LGAs) in Victoria, New South Wales and South Australia under section 36 of the Social Security Act 1991 (Cth) (‘the Act’). It is expected that the Australian Government will add more LGAs to the list as government agencies assess the extent of bushfire damage on communities.
1.1.2 .au Domain Administration Limited (auDA) recognises that registrants and persons nominated as the registrant contact living or operating businesses in affected LGAs may not have the capacity to renew a domain name licence or respond to complaints within the required time frame.
1.1.3 auDA is implementing interim measures to assist these registrants and persons nominated as registrant contacts living or operating businesses in these LGAs. These interim measures are:
(a) an extension of the term of the domain name licence to provide for an additional two month period in which a registrant may renew their domain name licence, where the domain name licence expiry date falls between 22 January 2020 and 1 March 2020.
(b) an additional 60 calendar days for responding to a complaint under paragraphs 4 and 5 of the Complaints (Registrant Eligibility) Policy (2004-01).
(c) an additional 60 calendar days to respond to the commencement of administrative proceedings under paragraph 5(a) of Schedule B of the .au Dispute Resolution Policy (2016-01).
1.1.4 auDA will automatically apply the interim measures to a domain name licence or complaint where a person nominated as the registrant contact resides in an affected LGA. This recognises that the registrant contact is the person that receives all communications from auDA or the Registrar relating to a domain name licence, including renewal notices.
1.1.5 A registrant who resides or operates a business in an affected LGA may also apply to auDA for the interim measures to be applied to their domain name licence, where the domain name licence expiry date falls between 22 January 2020 and 1 March 2020. This accommodates the following situations:
- the registrant but not the registrant contact resides or operates a business in an affected LGA; or
- the registrant contact information is incorrect.
1.1.6 This policy sets out the eligibility rules for the interim measures. All other auDA Published Policies will continue to apply to the domain name licence, except where indicated in this policy.
1.2 DEFINITIONS
In this policy:
Affected LGA means a Local Government Area which is the subject matter of a Ministerial Determination that the December 2019 and January 2020 bushfires are a major disaster for that area under section 36A of the Social Security Act 1991 (Cth).
auDA means the .au Domain Administration Limited ACN 079 009 340
Eligible expiry date means a domain name licence expiry date after 22 January 2020 and before or on 1 March 2020.
Eligible registrant has the same meaning as paragraph 1.3.1 of this policy.
Principal place of business means the street address from which a company or business operates.
Principal place of residence means the home and land which the person occupies for the greatest amount of time each year.
Open 2LD means com.au, net.au, asn.au, org.au and id.au second level domains.
Registrant means a person who is issued a .au domain name licence and is recorded as the ‘Registrant’ in the Registry data.
Registrant contact means the person entered as the registrant contact in the Registry data under paragraph 2.2 of the Registrant Contact Information
1.3 ELIGIBILITY
1.3.1 A registrant is an eligible registrant if:
(a) the registrant holds a domain name licence in an Open 2LD; and
(b) the registrant; or
(c) registrant contact
resides in an affected LGA.
1.3.2 A registrant resides in a bushfire affected LGA if:
(a) the registrant’s principal place of residence; or
(b) the registrant’s principal place of business;
is in an affected LGA.
1.3.3 A registrant contact resides in a bushfire affected LGA if the registrant contact information recorded in the Registry data contains a postcode in an affected LGA.
1.4 INTERIM MEASURES
Extension of Licence Term
1.4.1 auDA may, at its discretion, extend the eligible expiry date of a domain name licence by an additional two months to enable an eligible registrant to renew that domain name licence.
NOTE: The domain name licence will be extended by increasing the month value in the expiry date field by two. A domain name licence with an eligible expiry date of 26 January 2020 will have a new temporary expiry 26 March 2020.
1.4.2 Paragraph 6.1 of the Domain Renewal, Expiry and Deletion Policy (2010-07) will apply to the new expiry date of a domain name licence extended under paragraph 1.4.1.
1.4.3 An eligible registrant does not need to apply to auDA for an extension of a domain name licence with an eligible expiry date if:
(a) if the registrant contact resides in an affected LGA; and
(b) the registrant contact information is correct.
1.4.4 auDA will automatically extend the eligible expiry date of the domain name licence under paragraph 1.4.1.
1.4.5 An eligible registrant must apply to auDA for an extension of a domain name licence with an eligible expiry date under paragraph 1.4.1 if:
(a) the eligible registrant resides in an affected LGA; or
(b) the registrant contact resides in an affected LGA; and
(c) the registrant contact information is incorrect.
1.4.6 An application must be made using the auDA general enquiry form at https://www.auda.org.au/about-auda/our-services/submit-a-general-enquiry/
1.4.7 Where an eligible registrant renews their domain name licence, the expiry date of the new domain name licence is automatically set from the eligible expiry date for the previous domain name licence.
For example: A registrant of a domain name licence with an eligible expiry date of 20 February 2020 is granted an additional two months in which to renew their domain name licence. The domain name licence has a temporary expiry date of 20 April 2020. The registrant renews their domain name licence on 1 April 2020 for a two year term. The new domain name licence comes into effect on 20 February 2020 and the expiry date will be 20 February 2022.
Complaints
1.4.8 The 14 calendar day requirement will not apply to eligible registrants under paragraph 4.2 and 4.4 of the Complaints (Registrant Eligibility) Policy (2004-01).
1.4.9 An eligible registrant has 60 calendar days within which to update eligibility details under paragraphs 4.2 and 4.4 of the Complaints (Registrant Eligibility) Policy (2004-01).
1.4.10 If the eligible registrant does not update their eligibility details within the 60 calendar day period or respond to the registrar’s request, the registrar must delete the domain name licence under paragraph 4.5 of the Complaints (Registrant Eligibility) Policy (2004-01).
1.4.11 Paragraphs 1.4.8 to 1.4.10 only applies to complaints received by a Registrar or auDA before or on 1 March 2020.
1.5 POLICY AMENDMENTS
1.5.1 auDA may at its discretion amend this policy from time to time.
2015-01 – Complaints Policy
Policy No: 2015-01
Publication Date: 14/05/2015
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the handling of complaints made about registrants, auDA accredited registrars and resellers in the .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
1.2 auDA’s Complaints Management Principles are set out in Schedule A of this document.
2. TERMINOLOGY
2.1 This policy uses the following terms:
a) “complainant” means a party which has lodged a complaint with auDA regarding a .au domain name(s), or .au domain name services provided by an auDA accredited registrar or a reseller;
b) “domain complaints” means complaints about .au domain names and registrants – refer to paragraph 5.1 below for more detail;
c) “industry complaints” means complaints about .au domain name services provided by auDA accredited registrars or their resellers – refer to paragraph 6.1 below for more detail; and
d) “respondent” means a party which is the subject of a complaint lodged with auDA, and they can be auDA accredited registrars, resellers or registrants.
3. auDA’S JURISDICTION TO HANDLE COMPLAINTS
3.1 auDA’s jurisdiction to handle complaints is limited to matters relating to the .au domain space. auDA does not have the jurisdiction to handle complaints about:
a) generic Top Level Domains (eg. .com, .net, .biz, .info, etc) or other country code Top Level Domains (eg. .nz, .uk, .us, etc);
b) web hosting, website management or website design services;
c) Internet access or email services;
d) illegal or malicious use of a domain name, such as spam or phishing;
e) objectionable or offensive website content; or
f) possible breaches of the Telecommunications Act 1997, the Broadcasting Services Act 1992, the Competition and Consumer Act 2012, the Trade Marks Act 1995, the Privacy Act 1988 or any other legislation. For complaints about these matters you should contact the relevant government authority, such as the Australian Communications and Media Authority (ACMA), the Telecommunications Industry Ombudsman (TIO), the Australian Competition and Consumer Commission (ACCC), a state or territory fair trading office, or the Office of the Australian Information Commissioner.
3.2 auDA reserves the right not to acknowledge or investigate a complaint that is clearly frivolous, vexatious or abusive, or in auDA’s opinion has been brought in bad faith.
4. auDA’S COMPLAINTS MANAGEMENT PROCESS
4.1 Complaints may be submitted to auDA via the online form on auDA’s website, by fax or by post. auDA will acknowledge receipt of the complaint (subject to paragraph 3.2) and indicate the timeframe that the complainant can expect a response. auDA will endeavour to resolve the complaint as quickly as possible, but if the complaint is complex it may take several weeks to resolve. If this is the case, auDA will keep the complainant informed of the progress of the complaint.
4.2 On receipt of the complaint, where appropriate, auDA will request a response from the respondent. auDA will investigate the complaint based on the facts provided by all parties involved in the matter. auDA may seek further information from any party to assist with its investigation. auDA may at its discretion place a registry server lock on the domain name(s) in question, in order to preserve the status quo whilst the investigation is pending.
4.3 All communications between auDA and the parties to a complaint will be in writing or over the telephone. In the interest of fairness and due process, auDA staff will not meet in person with anyone who is a party to a complaint.
4.4 After conducting a full investigation, auDA will notify the complainant and the respondent in writing of the outcome of the complaint and, if relevant, of any other courses of action available to the parties.
5. DOMAIN COMPLAINTS
5.1 Domain complaints include complaints about:
a) registrant eligibility, including the “close and substantial connection” rule and domain monetisation;
b) prohibited misspellings;
c) the Reserved List;
d) registering a domain name for the sole purpose of sale;
e) correct “ownership” of a domain name;
f) transfers (change of registrant); and
g) breaches of the domain name licence terms and conditions, or any auDA Published Policy.
5.2 auDA will investigate the complaint on the basis of whether there has been a breach of auDA policy, not on the basis of whether the complainant has a better claim to the domain name, or whether the complainant’s rights have been infringed. If the complainant’s desired outcome is transfer of the domain name to themselves, then they should consider lodging a complaint under the .au Dispute Resolution Policy (auDRP) or taking legal action directly against the registrant.
5.3 If the complaint is upheld, auDA may take one or more of the following actions:
a) request the registrant to resolve the problem or rectify a breach of policy;
b) instruct the registrar of record to delete the domain name(s) in question (known as “policy deletes”);
c) instruct the registrar of record to correct the registrant details of the domain name(s) in question; or
d) in the case of an unauthorised transfer, instruct the registry to reverse the transfer.
5.4 Where a registrant is dissatisfied with auDA’s decision to uphold a complaint and delete their domain name(s), the registrant may apply for an independent review of auDA’s decision by the Registrant Review Panel, in accordance with the Registrant Review Panel Rules.
6. INDUSTRY COMPLAINTS
6.1 Industry complaints include complaints about:
a) domain name registration and domain name management services of an auDA accredited registrar or their reseller;
b) transfers (change of registrar of record); and
c) breaches of the Registrar Agreement, .au Domain Name Suppliers’ Code of Practice, or any auDA Published Policy.
6.2 Under Federal Government policy, the Australian domain name industry is self-regulatory. This means that industry participants are themselves responsible for determining appropriate responses to any problems that arise within the industry. In accordance with this self-regulatory approach, auDA is an office of last resort with regard to making a complaint about a registrar or reseller. Before auDA will investigate a complaint, the complainant must have first attempted to resolve the complaint with the registrar or reseller involved. Under the .au Domain Name Suppliers’ Code of Practice, all registrars and resellers must have adequate complaints-handling policies and procedures in place.
6.3 Before making a complaint to auDA, the complainant must allow a reasonable period of time for the registrar or reseller to respond to the complaint. auDA will not investigate the complaint unless the complainant has done so. The complainant should also collect any relevant supporting documentation, such as registration agreements, policies, emails and other correspondence with the registrar or reseller. Failure to do so may mean that auDA is unable to investigate the complaint for lack of evidence.
6.4 If the complaint is upheld, auDA may take one or more of the following actions:
a) request the registrar or reseller to resolve the problem or rectify the breach of policy;
b) request the registrar or reseller to issue the complainant with a full explanation and apology;
c) in the case of an unauthorised transfer, instruct the registry to reverse the transfer;
d) request the registrar or reseller to amend the practice or procedure that led to the complaint; or
e) refer the complaint to the relevant government authority.
Please Note: auDA is not a government agency or statutory authority, therefore it does not have legislative power to impose fines or other penalties on a registrar or reseller.
6.5 If the registrar or reseller involved does not comply with auDA’s request pursuant to paragraph 6.4, auDA may take the following action:
a) in the case of a reseller of a registrar, auDA may direct the registrar not to accept any services from that reseller, and to terminate any reseller licence in existence between the registrar and that reseller; or
b) in the case of a registrar, auDA may suspend or terminate the registrar’s accreditation.
6.6 Where a registrar is dissatisfied with auDA’s decision to suspend or terminate their accreditation, the registrar may apply for an independent review of auDA’s decision by the Registrar Review Panel, in accordance with the Registrar Review Panel Rules.
7. OTHER COMPLAINTS AND DISPUTES
7.1 The Complaints (Registrant Eligibility) Policy sets out the process for making a complaint about invalid registrant eligibility details as displayed on WHOIS, eg. where the WHOIS record shows a deregistered company, a removed business name or a cancelled ABN. Complaints must be lodged with the registrar of record for the domain name.
7.2 The .au Dispute Resolution Policy (auDRP) provides for independent arbitration of disputes between a registrant and another party with competing rights in the domain name. Proceedings must be lodged with one of the approved auDRP Providers listed on auDA’s website.
7.3 auDA will not mediate or resolve disputes between a registrant and another party over a domain name, except insofar as the dispute involves a breach or possible breach of an auDA Published Policy. auDA may at its discretion, at the request of the parties or on its own initiative, place a registry server lock on the domain name pending resolution of the dispute by the parties themselves. Resolution of the dispute must be evidenced by a Deed of Settlement or an order of a competent arbitrator, tribunal, court or legislative body.
7.4 auDA will not mediate or resolve commercial disputes between registrars and their own resellers, except insofar as the dispute involves a breach or possible breach of the Registrar Agreement, .au Domain Name Suppliers’ Code of Practice, or any auDA Published Policy.
8. COMPLAINTS REPORTING
8.1 auDA maintains a complaint register for quality assurance purposes. Quarterly reports will be produced to the Board of auDA to highlight the performance of the complaint management system and the report will include (but not be limited to):
a) number and nature of complaints received during the reporting period;
b) number of complaints resolved during the reporting period;
c) number of complaints upheld/denied during the reporting period;
d) time taken to investigate complaints; and
e) action to address systemic issues (if any).
9. REVIEW OF POLICY
9.1 From time to time, auDA may update this document for the purposes of clarification or correction.
SCHEDULE A
auDA COMPLAINTS MANAGEMENT PRINCIPLES
1. Purpose
This schedule sets out the auDA Complaints Management Principles.
2. Complainant Rights and Responsibilities
Complainants can expect the following from auDA:
- have valid complaints treated as genuine and properly investigated;
- have their complaint information remain confidential within auDA;
- be given clear and appropriate information regarding auDA’s complaints management process; and
- be informed about the progress and outcome of the complaint.
Complainants are expected to:
- make sure the complaint has reasonable grounds and possesses sufficient detail;
- provide relevant and pertinent information if requested by auDA at anytime during the investigation; and
- notify auDA of any concerns about auDA’s complaints management process as soon as possible.
3. Respondent Rights and Responsibilities
Respondents can expect the following from auDA:
- be given clear and appropriate information regarding auDA’s complaints management process;
- be given clear information regarding complaints against them;
- be given reasonable time as set out by auDA to respond to complaints against them; and
- where appropriate, be given reasonable time as set out by auDA to resolve the problem or rectify a breach of policy.
Respondents are expected to:
- respond to complaint investigation requests from auDA within the timeframe specified;
- provide relevant and pertinent information in response to complaints;
- action auDA resolution or rectification requests within the timeframes specified; and
- notify auDA of any concerns about auDA’s complaint management process as soon as possible.
4. Fairness to all parties
Subject to these principles, each investigation is conducted in confidence and independently; and all parties are entitled to clear and appropriate communication from auDA in writing or over the telephone.
2014-07 – WHOIS Policy
Policy No: 2014-07
Publication Date: 01/07/2018
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the collection, disclosure and use of WHOIS data in the open 2LDs (asn.au, com.au, id.au, net.au, org.au) and the community geographic 2LDs (act.au, qld.au, nsw.au, nt.au, sa.au, tas.au, vic,au, wa.au).
1.2 auDA’s Registry Licence Agreement and Registrar Agreement impose certain conditions on the registry operator and registrars in relation to the collection and use of WHOIS data. This policy operates to clarify some of those conditions.
2. WHOIS POLICY PRINCIPLES
2.1 The public WHOIS service is a standard feature of domain name systems around the world. The purpose of the WHOIS service is to allow users to query a domain name to find out the identity and contact details of the registrant. The WHOIS service is provided by the registry via a web-based tool and Port 43.
2.2 auDA has drafted this policy with the aim of striking an acceptable balance between:
a) the rights of registrants, under Australian law, in relation to how their personal information is handled;
b) the role of auDA to promote a competitive and efficient domain name industry; and
c) the interests of law enforcement agencies in accessing information about domain names for consumer protection and other public interest purposes.
3. COLLECTION OF WHOIS DATA
3.1 Data about each domain name registration is collected from the registrant by the registrar, and submitted to the registry in accordance with the procedural requirements of the registry. The WHOIS service displays a subset of the full registry data for each domain name (known as the “WHOIS data”).
3.2 Under the Registrar Agreement, and in accordance with Australian privacy legislation, registrars must inform registrants of the fact that some of their personal information will be disclosed on the WHOIS service. Under the domain name licence agreement, registrants grant to the registry the right to disclose information for the purposes of maintaining the WHOIS service.
3.3 Due to the policy requirements in the .au domain, the WHOIS data that is collected by registrars at the time of registration is highly accurate and reliable. However, the integrity of the WHOIS database is undermined if the data is not kept up-to-date.
3.4 In order to maintain the integrity of the WHOIS database, registrants are required to notify their registrar of any changes to WHOIS data for their domain name(s) and the registrar must update the WHOIS database on receipt of new information from the registrant.
4. DISCLOSURE OF WHOIS DATA
4.1 The table in Schedule A lists the data fields that will be disclosed on the WHOIS service (web-based and Port 43) for all domain names in the open 2LDs.
4.2 In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed.
4.3 It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted.
4.4 To address user concerns about privacy and spam, and in line with international best practice, auDA has implemented Image Verification Check (IVC) on the web-based WHOIS service. The purpose of IVC is to prevent or hinder unauthorised access to WHOIS data by automated data mining programs or scripts. For consistency, auDA has removed all email addresses from Port 43 WHOIS responses; users of Port 43 WHOIS will be referred to the web-based WHOIS service to access email addresses via IVC.
4.5 In the past, it was possible to use WHOIS to find out the creation and/or expiry date of a domain name. This enabled some members of the domain name industry to send unsolicited renewal notices to registrants with whom they did not have a prior business relationship, causing significant levels of customer confusion. As a result of these problems, auDA has determined that creation, renewal and expiry dates will not be disclosed on the WHOIS service.
4.6 Registrants who wish to check the creation or expiry date of their own domain name can do so through their registrar or reseller, or by using the centralised password recovery tool available on the registry website.
4.7 Third parties who wish to know the creation date of a particular domain name or domain names for the purpose of establishing rights in connection with a proposed claim under the .au Dispute Resolution Policy or other court proceeding, may lodge a request with auDA. The ‘request for domain name creation date’ form is available on the auDA website.
4.8 Registrants who wish to check what domain names have been registered using their details (eg. company or business name, ACN or ABN) may lodge a request with auDA. The ‘request for domain name search’ form is available on the auDA website.
5. USE OF WHOIS DATA
5.1 In the interests of protecting the privacy of registrants, the following activities are strictly prohibited:
a) use of WHOIS data to support an automated electronic query process; and
b) bulk access to WHOIS data (ie. where a user is able to access WHOIS data other than by sending individual queries to the database).
5.2 In order to prevent the abuses listed in paragraph 5.1, auDA will impose restrictions on the number of queries that a user can send to WHOIS (web-based or Port 43). The level of restriction will be clearly displayed on the WHOIS website. auDA may vary the restriction at any time.
5.3 auDA recognises that it may be necessary for law enforcement agencies to access the full record of a particular domain name or names as part of an official investigation. auDA will deal with requests from law enforcement agencies on a case-by-case basis.
SCHEDULE A
WHOIS FIELDS FOR .AU OPEN SECOND LEVEL DOMAINS
| Field Name | Field Description |
| Domain Name | Registered domain name |
| Last Modified | Date the domain name record was last modified (includes renewal, transfer and update) |
| Status | Status of the domain name (eg. “OK”, “pendingTransfer”, “pendingDelete”) |
| Registrar Name | Name of the registrar of record |
| Reseller Name | Name of the recorded reseller (if applicable) |
| Registrant | Legal name of the registrant entity (eg. company name) |
| Registrant ID | ID number associated with the registrant entity, if any (eg. ACN for company) |
| Eligibility Type | Registrant’s eligibility type (eg. “Company”) |
| Eligibility Name | Name used by the registrant to establish eligibility, if different from their own legal name (eg. registered business name or trademark) |
| Eligibility ID | ID number associated with the name used by the registrant to establish eligibility (eg. BN for registered business name, TM number for registered trademark) |
| Registrant Contact ID | Registry code used to identify the registrant |
| Registrant Contact Name | Name of a contact person for the registrant |
| Registrant Contact Email | Contact email address for the registrant |
| Tech Contact ID | Registry code used to identify the technical contact |
| Tech Contact Name | Name of a technical contact for the domain name (eg. registrar, reseller, webhost or ISP) |
| Tech Contact Email | Contact email address for the technical contact |
| Name Server | Name of computer used to resolve the domain name to Internet Protocol (IP) numbers (minimum of 2 name servers must be listed) |
| Name Server ID | IP number of the name server |
| DNSSEC | DNSSEC status (whether the domain name is signed or unsigned) |
2014-06 – Reserved List Policy
Policy No: 2014-06
Publication Date: 08/01/2019 (minor amendment)
Status: CURRENT
1. BACKGROUND
1.1 This document sets out auDA’s policy for maintaining the Reserved List of names that may not be used as domain names in the open .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
1.2 The Reserved List is held in the registry database. Each application for a domain name is checked against the Reserved List and domain names that exactly match a name on the Reserved List are blocked from registration.
2. CONTENTS OF RESERVED LIST
2.1 The Reserved List contains the following:
a) words and phrases that are restricted under Commonwealth legislation;
b) names and abbreviations of Australian states and territories and the name “Australia”; and
c) names that may pose a risk to the operational stability and utility of the .au domain.
3. WORDS AND PHRASES THAT ARE RESTRICTED UNDER COMMONWEALTH LEGISLATION
3.1 The table in Schedule A contains a non-exhaustive list of words and phrases that are restricted under Commonwealth legislation. It is the responsibility of the registrant to ensure they have obtained the requisite consent, where applicable, prior to registering a domain name that contains a word or phrase listed in Schedule A. Where auDA becomes aware that a registrant does not have the requisite consent, auDA reserves the right to revoke the domain name licence and delete the domain name.
3.2 auDA may conduct audits of the registry database at the request of a relevant government agency, to ensure that any domain names that contain words and phrases listed in Schedule A have the requisite consent.
4. NAMES AND ABBREVIATIONS OF AUSTRALIAN STATES AND TERRITORIES
4.1 The names and abbreviations of Australian states and territories and the name “Australia” are regarded as names of national significance and as such are reserved from general use.
4.2 The name or abbreviation of an Australian state or territory may be released on application provided that the proposed registrant:
a) is eligible to use the name or abbreviation under the relevant eligibility and allocation policy rules; and
b) has written authorisation to use the name or abbreviation from the relevant state or territory government.
4.3 An applicant for a name or abbreviation of an Australian state or territory must lodge their application through an auDA accredited registrar. If the application is approved, auDA will authorise the release of the name or abbreviation from the Reserved List.
5. NAMES THAT MAY POSE A RISK TO THE OPERATIONAL STABILITY AND UTILITY OF THE .AU DOMAIN
5.1 From time to time, auDA may place a name on the Reserved List that, if used as a domain name, may pose a risk to the operational stability and utility of the .au domain.
5.2 The decision to place a name on the Reserved List under paragraph 5.1 must be approved or ratified by the auDA Board.
WORDS AND PHRASES RESTRICTED UNDER COMMONWEALTH LEGISLATION
(non-exhaustive list)
| Legislation | Restricted words, letters, abbreviations and acronyms |
| Agricultural and Veterinary Chemicals Code Act 1994 | APVMA Australian Pesticides and Veterinary Medicines Authority |
| Australian Communications and Media Authority Act 2005 | ACMA Australian Communications and Media Authority |
| Australian Grand Prix Act 1994 (Vic) | Grand Prix Formula One Formula 1 Albert Park Circuit Grand Prix Rally What a Great Place for the Race What a Great Place for the Great Race What a Great Race Australian Motorcycle Grand Prix |
| Australian Hearing Services Act 1991 | NAL National Acoustic Laboratories Australian Hearing Services |
| Banking Act 1959 | Bank Banker Banking Building Society Credit union Credit society authorised deposit-taking institution ADI Credit co-operative Purchased payment facility provider PPF provider Specialist credit card institution SCCI banc banque |
| Defence Regulation 2016 | Active Reserve Air Force Air Force Reserve Army Reserve Australian Air Force Australian Air Force Reserve Australian Army Australian Army Reserve Australian Defence Force Australian Defence Force Reserves Australian Flying Corps Australian Imperial forces Australian Military Forces Australian Navy Australian Regular Army Defence Force Defence Force Reserves Defence Reserves; Her Majesty’s Australian Ship; High Readiness Reserve; HMA Ship; Naval Reserve; Permanent Air Force; Permanent Military Forces; Regular Army Royal Australian Air Force; Royal Australian Naval Reserve; Royal Australian Navy; Specialist Reserve; Standby Reserve ADF; AFC; AIF; AMF; ARA; HMAS; RAAF; RAN; RANR. |
| Family Law Regulations 1984 | Family Relationship Centre Family Relationship Advice Line Family Relationships Online familyrelationshipsadviceline.com familyrelaitonshipadviceline.com.au familyrelationshipadviceline.net familyrelationshipadviceline.net.au familyrelationshipadviceline.org familyrelationshipadviceline.org.au familyrelationshipcentre.com familyrelationshipcentre.com.au familyrelationshipcentre.net familyrelationshipcentre.net.au familyrelationshipcentre.org familyrelationshipcentre.org.au familyrelationshipcentres.com familyrelationshipcentres.com.au familyrelationshipcentres.net familyrelationshipcentres.net.au familyrelationshipcentres.org familyrelationshipcentres.org.au familyrelationshipsadviceline.com familyrelationshipsadviceline.com.au familyrelationshipsadviceline.net familyrelationshipsadviceline.net.au familyrelationshipsadviceline.org familyrelationshipsadviceline.org.au familyrelationshipscentre.com familyrelationshipscentre.com.au familyrelationshipscentre.net familyrelationshipscentre.net.au familyrelationshipscentre.org familyrelationshipscentre.org.au familyrelationshipscentres.com familyrelationshipscentres.com.au familyrelationshipscentres.net familyrelationshipscentres.net.au familyrelationshipscentres.org familyrelationshipscentres.org.au fral.com.au fral.net.au frc.org.au familyrelationshipadviceline.gov.au familyrelationshipcentre.gov.au familyrelationships.gov.au familyrelationship.com familyrelationship.com.au familyrelationship.net familyrelationship.net.au familyrelationship.org familyrelationship.net familyrelationship.net.au familyrelationship.org familyrelationship.org.au familyrelationships.com familyrelationships.com.au familyrelationships.net familyrelationships.net.au familyrelationships.org familyrelationships.org.au fralcms.gov.au fralcms.com fralcms.com.au fralcms.net fralcms.net.au fralcms.org fralcms.org.au fral.org.au fral.gov.au frc.com.au frc.net.au frc.org frc.com frc.net familyrelationshipsadviceline.gov.au familyrelationshipcentres.gov.au familyrelationshipscentre.gov.au familyrelationshipscentres.gov.au familyrelationshiponline.com familyrelationshiponline.com.au familyrelationshiponline.net familyrelationshiponline.net.au familyrelationshiponline.org familyrelationshiponline.org.au familyrelationshipsonline.com familyrelationshipsonline.com.au familyrelationshipsonline.net familyrelationshipsonline.net.au familyrelationshipsonline.org familyrelationshipsonline.org.au familyrelationshiponline.gov.au familyrelationshipsonline.gov.au |
| Geneva Convention Act 1957 (Cth) | Red Cross Geneva Cross Red Crescent Red Lion and Sun Red Crystal |
| Human Services (Centrelink) Act 1997Human Services (Centrelink) Regulations 2011 (reg 6) | Commonwealth Services Delivery Agency Centrelink CRS Australia myGov |
| Human Services (Medicare) Act 1973 | Medicare Medicare Australia |
| International Organizations (Privileges and Immunities) Act 1963 | Asia-Pacific Telecommunity; Asian-Pacific Development Centre CAB international; Commission for the Conservation of Antarctic Marine Living Resources; Commission for the Conservation of Southern BlueFin Tuna; Commonwealth of Nations; Customs Cooperation Council; Asian Development Bank; Association of Iron-ore Exporting Countries; Bank for International Settlements; Energy Charter Conference; European Bank for Reconstruction and Development; European Economic Community; INTELSAT; International Atomic Energy Agency; International Centre for Settlement of Investment Disputes; International Development Law Organisation; International Exhibitions Bureau; International Hydrographic Organization; International Lead and Zinc Study Group; International Mobile Satellite Organisation Asian Infrastructure Investment Bank Nauru Trust Fund Organisation for the Prohibition of Chemical Weapons International Organisation for Migration; International Sea-bed authority; International Sugar Organisation; International Tropical Timber Organisation; International Wheat Council; Multilateral Investment Guarantee Agency; Organisation for the Network of Aquaculture Centres in Asia and the Pacific; Organisation for Economic Co-operation and Development; PrepCom Preparatory Commission for the Organization on the Prohibition of Chemical Weapons; Meeting of the Parties to the Agreement on the Conservation of Albatrosses and Petrels SITA South Pacific Commission South Pacific Forum Fisheries Agency South Pacific Forum Secretariat South Pacific Nuclear Free Zone Consultative Committee South Pacific Regional Environmental Programme Tuvalu Trust Fund United Nations World Trade Organisation (WTO) |
| Olympic Insignia Protection Act 1987 | OlympicOlympics Olympic Games Olympiad Olympiads |
| Protection of the Word ‘ANZAC’ Regulations | ANZAC |
| Scout Association Act 1924 (Cth) | Scout Association |
| Snowy mountains Engineering Corporation (Conversion into Public Company) Act 1989 | Snowy Mountains Engineering Corporation Limited SMEC Snowy Mountains Engineering Corporation |
| Wet Tropics World Heritage Protection and Management Act 1993 (Qld) | Wet Tropics of Queensland World Heritage Wet Tropics World Heritage Area |
|
Tafe Queensland Act 2013 TAFE SA Act 2012 |
TAFE technical and further education TAFE SA |
Please Note: auDA may update this Schedule from time to time, in line with any amended or new Commonwealth legislation.
1Refer to Australian River Co Limited Act 2015 (Cth)
2013-05 – Registrar Accreditation Application Form
Policy No: 2013-05
Publication Date: 17/10/2013
Status: Current
1. BACKGROUND
1.1 This document sets out the application form and process for entities that wish to be accredited by auDA as an auDA accredited registrar, to provide registrar services in the open .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
1.2 In order to accredit you as a registrar, auDA must be satisfied that you meet the Registrar Accreditation Criteria (2013-04), in particular that you:
a) demonstrate knowledge of the Australian DNS and auDA’s Published Policies;
b) have the capability to interact with the registry using EPP and/or a web interface, in accordance with the technical specification of the registry operator;
c) comply with auDA’s Information Security Standard (ISS) for Accredited Registrars (2013-03); and
d) have the capability to provide services to registrants in accordance with the Registrar Agreement and the .au Domain Name Suppliers’ Code of Practice, and in compliance with auDA’s Published Policies.
1.3 auDA will not enter into more than one Registrar Agreement with the same entity. Where an applicant is a related entity of an auDA accredited registrar, we will consider the application on its own merits.
2. PRE-REQUISITES FOR ACCREDITATION
2.1 Please review the Registrar Accreditation Criteria, auDA’s Published Policies, the Code of Practice, the auDA ISS and the Registrar Agreement (all available on auDA’s website), prior to submitting this application. Failure to meet the requirements as set out in those documents will result in your application being rejected.
2.2 As a pre-requisite for lodging an accreditation application with auDA, you must have had at least 6 months continuous experience as an appointed reseller of an auDA accredited registrar. auDA may, at its own discretion, agree to waive this requirement if you are able to demonstrate an alternative, equivalent level of experience.
2.3 Clause 16 of the Registrar Agreement requires you to “opt-in” to the Privacy Act 1988. More information about your obligations under the Privacy Act is available on the Australian Privacy Commissioner’s website at http://www.privacy.gov.au or on the Privacy Hotline number 1300 363 992.
2.4 Note for foreign (non-Australian) companies: It is an auDA requirement that foreign companies must:
a) hold an Australian Registered Body Number (ARBN) and be registered as a foreign company with the Australian Securities and Investment Commission (ASIC). More information is available on the ASIC website at http://www.asic.gov.au/asic/asic.nsf/byheadline/Foreign+Companies?opendocument; and
b) hold an Australian Business Number (ABN) and be registered with the Australian Taxation Office (ATO) for goods and services tax (GST). More information about ABN and GST registration is available on the ATO website at http://www.taxreform.ato.gov.au.
3. INSTRUCTIONS FOR COMPLETION
3.1 The accreditation application package comprises:
a) auDA’s Registrar Accreditation Application Form (this document); and
b) auDA’s Registrar Agreement.
A PDF version of the Registrar Agreement can be downloaded from auDA’s website.
3.2 You must provide complete and accurate responses to the questions contained in Sections A, B and C of the application form. Your responses must be typed and legible. Please provide your responses on separate paper, answering each question in a numbered paragraph corresponding to the number of the question. If there is no response available for a particular question, please indicate that fact next to the number corresponding to the question.
3.3 You must send the following documents to auDA:
a) the completed application form, signed by you;
b) two copies of the Registrar Agreement, signed by you and undated; and
c) a cheque payable to auDA for AUD$2,200.00 (inc. GST), being auDA’s accreditation application fee.
3.4 The Registrar Agreement is non-negotiable. You should obtain independent legal advice with respect to your obligations under the Registrar Agreement before you sign it.
3.5 The accreditation application fee is non-refundable.
3.6 All documents and payment should be sent to auDA at the following address:
Registrar Liaison and Policy Officer
.au Domain Administration Ltd
PO Box 18315
MELBOURNE VIC 3001
AUSTRALIA
An application sent via facsimile or email will not be accepted.
3.7 If you have any questions about the application form, the Registrar Agreement or the accreditation process in general, please contact auDA’s Registrar Liaison and Policy Officer by email to accreditation@auda.org.au.
4. PROCESSING THE APPLICATION
4.1 All information provided as part of your application will be treated as highly confidential by auDA staff. The Board of auDA has no role in processing or approving your application.
4.2 Your application will not be considered to be complete if it:
a) is missing information;
b) on its face contains misleading or false information;
c) is defective in any way; or
d) is not accompanied by two signed copies of the Registrar Agreement and the application fee specified above.
4.3 If your application is not complete for any of the above reasons, we will advise you by email. You must provide any missing information, correct any deficiencies and complete your application within the timeframe specified by auDA, or your application will be deemed to have been withdrawn and will not be processed further.
4.4 By lodging your application, you give auDA the right to verify the accuracy and completeness of the information you have provided in your application. We also have the right to satisfy ourselves that you can function as a registrar in accordance with the terms and conditions of the Registrar Agreement, the Code of Practice and other Published Policies. We will contact you directly if we require clarification or additional information, or if we require you to correct any breaches of auDA Published Policies prior to processing your application.
4.5 You may withdraw your application at any time by giving notice to auDA by email. Withdrawing an application will not prejudice your ability to submit a new application to auDA. If you decide to re-apply, you will need to re-submit all documentation and fees.
4.6 After reviewing your application and conducting any necessary follow-up inquiries, we will inform you by email of our decision to grant you provisional accreditation or not.
4.7 If we decide not to grant you provisional accreditation, we will provide you with reasons as to why your application was unsuccessful. An unsuccessful application will not prejudice your ability to submit a new application to auDA.
5. PROVISIONAL ACCREDITATION
5.1 Provisional accreditation is valid for 12 months. We may, at our own discretion, agree to extend your provisional accreditation beyond 12 months if there are good reasons for doing so. If your provisional accreditation expires and auDA has not granted you an extension, you will be required to re-apply for accreditation (ie. resubmit your accreditation application and pay another accreditation application fee).
5.2 In order to proceed to full accreditation, you must complete the five stages described below. Stages 1-4 can be undertaken and completed in any order. Stage 5 can only be undertaken and completed after Stages 1-4 have been completed and all other requirements for full accreditation have been fulfilled.
5.3 Please Note: auDA may change the registrar accreditation criteria and/or process from time to time. If any changes are made to the registrar accreditation criteria or process during the period that you are provisionally accredited, we will advise you of the changes and allow you additional time to comply if necessary.
Stage 1 – Technical accreditation process
5.4 The technical accreditation process is managed by the registry operator. To demonstrate your general DNS knowledge as well as your technical proficiency at dealing with the registry system, you must pass the interface test set and assessed by the registry operator. If you fail the test, you will receive a failure notice from the registry operator giving the reasons for failure. A failed test will not prejudice your ability to re-take the test and there is no limit on the number of times that you may undertake the test within the 12 month provisional accreditation period.
Stage 2 – Policy compliance
5.5 To demonstrate compliance with auDA Published Policies, you must pass the policy test set and assessed by auDA. If you fail the test, you will receive a failure notice from auDA giving the reasons for failure. A failed test will not prejudice your ability to re-take the test and there is no limit on the number of times that you may undertake the test within the 12 month provisional accreditation period.
Stage 3 – Site visit and staff training
5.6 auDA staff will conduct a site visit of your premises (ie. where your main management and customer service operations are located) to meet with your contact person, and to conduct training in .au policies and procedures with all relevant staff.
5.7 Note for foreign (non-Australian) companies: It is an auDA requirement that foreign companies must pay the reasonable travel expenses of a site visit by one auDA staff member (in most cases, this will include a return business class airfare from Melbourne and two nights’ accommodation).
Stage 4 – Website compliance
5.8 We will conduct an audit of your website to ensure compliance with the Registrar Agreement, applicable auDA Published Policies and the Code of Practice. We will provide you with a detailed report including any required corrections or changes, and allow you a reasonable timeframe for completion.
Stage 5 (final stage) – ISS compliance
5.9 You must pass both of the assessment processes of the ISS Compliance Program, in accordance with the auDA Information Security Standard (ISS) for Accredited Registrars (2013-03).
5.10 Note for foreign (non-Australian) companies: It is an auDA requirement that foreign companies must pay the reasonable travel expenses of an on-site assessment by auDA’s nominated ISS assessor (in most cases, this will include a return business class airfare from Melbourne and two nights’ accommodation).
6. FULL ACCREDITATION
6.1 Once you have completed all the stages described in section 5, we will advise you by email that you have received full accreditation. You will also receive an invoice for the amount of AUD$3,300 (inc. GST), being auDA’s annual Registrar Licence Fee as set out in the Registrar Agreement.
6.2 Once we have received payment of the Registrar Licence Fee, we will send you a fully executed copy of the Registrar Agreement for your records.
6.3 Until you have received a fully executed copy of the Registrar Agreement, you must not:
a) act or hold yourself out as an auDA Accredited Registrar;
b) provide or offer to provide, or state or imply that you are authorised to provide, any Registrar services within the .au open 2LDs;
c) identify yourself as an “auDA Accredited Registrar” or by any term suggesting similar reference, or use directly or indirectly, in any manner whatsoever auDA’s name or any trade or other identifying mark owned or used by auDA.
6.4 We will announce that you are an auDA accredited registrar and publish your name and website details on the list of auDA accredited registrars on auDA’s website. If you would prefer to postpone the announcement of your accreditation, you must give notice to auDA by email.
6.5 auDA will provide you with an official logo to signify that you are an auDA accredited registrar. The logo should be displayed prominently on your website and on any printed materials that you provide to your customers.
6.6 Please Note: You will not be permitted to commence registrar operations until you have signed the Registry-Registrar Agreement with the registry operator.
SECTION A: GENERAL INFORMATION
A.1 Name and address of applicant.
A.2 For Australian companies: Australian Company Number (ACN) and Australian Business Number (ABN).
For foreign companies: Australian Registered Body Number (ARBN) and Australian Business Number (ABN).
A.3 Telephone and facsimile numbers and email address of applicant.
A.4 Website URL of applicant.
A.5 Name of applicant’s contact person. This is the person who auDA will deal with regarding all registrar accreditation matters. For foreign companies, this should be your local Australian agent.
A.6 Telephone and facsimile numbers and email address of contact person, if different from A.3.
A.7 Names of all directors, officers and senior management staff of applicant’s current or proposed business entity.
A.8 Name and address of applicant’s principal bank or financial institution.
A.9 Name and telephone number of contact person at applicant’s bank or financial institution.
A.10 Particulars of Service for the applicant, as required in Schedule C of the Registrar Agreement.
SECTION B: BUSINESS INFORMATION
The information requested in this section is required by auDA in accordance with its responsibility to protect and promote:
a) the stability and integrity of the Australian DNS;
b) the efficient and effective operation of the domain name registration system; and
c) the rights and interests of consumers (registrants).
Please provide the most complete answers possible to the following questions, explaining all capabilities in detail. Supporting documentation may be supplied where appropriate.
There are no “right” or “wrong” answers to the questions. The information you provide will depend on the type and size of registrar business you operate (or propose to operate), and will therefore vary between applicants. auDA will evaluate your answers based on accepted industry practice and benchmarks.
If you require assistance in answering the questions, please contact auDA’s Registrar Liaison and Policy Officer by email to accreditation@auda.org.au.
B.1 As a pre-requisite for lodging an accreditation application with auDA, you must have had at least 6 months continuous experience as an appointed reseller of an auDA Accredited Registrar. Please describe your current reseller operations including:
- name of the registrar(s) for which you are a reseller
- number of domains currently under management (all TLDs)
- average number of monthly registrations (all TLDs)
- other related services that you provide (eg. web hosting).
B.2 For which open 2LDs (asn.au, com.au, id.au, net.au, org.au) do you propose to provide registrar services?
B.3 What volume of 2LD domain name registrations do you reasonably project to handle each month?
B.4 What management, communication and information processing systems do you have to handle your projected volume of registrations per month?
B.5 What systems and procedures do you have to handle policy compliance checks for registrations?
B.6 What systems and procedures do you have to handle customer billing?
B.7 How many staff, what systems and procedures do you have to handle all customer inquiries and support services, including customer requests for changes in registration data?
B.8 How many staff, what systems and procedures do you have to handle customer complaints?
B.9 What is your capability for maintaining electronic copies of all transactions, correspondence and communications with auDA, the registry operator and customers for at least the length of the Registrar Agreement?
B.10 What is your capability for providing information systems security procedures to prevent systems hacks, break-ins, data tampering and other disruptions to your business?
B.11 Please list any of your related entities that hold auDA registrar accreditation.
B.12 Please list any of your related entities that are the registrant of .au domain names.
B.13 Please list any other TLD registrar accreditations that you or your related entities hold (eg. ICANN accreditation).
B.14 Clause 14.3 of the Registrar Agreement specifies the insurance cover that you must hold. Please attach a current and valid certificate of insurance. If you do not currently have insurance, please attach evidence of insurability (or the intent to insure) from an insurance company.
B.15 Clause 16 of the Registrar Agreement requires you to “opt-in” to the Privacy Act 1988. Please state whether you have done this. (If not, please note you will be required to do so before you achieve full accreditation.)
B.16 Have any of the directors, officers or relevant staff of your business entity been convicted of a serious offence (ie. one that carries a penalty of imprisonment for five years or more on first conviction)?
SECTION C: WARRANTY
By signing this application form, you:
a) warrant that all the information contained in this application form, and all supporting documents included with this application form, are true and accurate to the best of your knowledge;
b) warrant that you have read and understood auDA’s Registrar Agreement, Registrar Accreditation Criteria, auDA ISS, the Code of Practice and Published Policies of auDA;
c) give auDA permission to perform a credit search on you or your company;
d) give auDA permission to contact third parties, investigate, request and obtain additional information and documentation, and otherwise verify the information contained in this application; and
e) waive liability on the part of auDA for its actions in verifying the information provided in this application, and on the part of any third parties who provide truthful, material, relevant information about you as requested in this application form.
Full Legal Name of Applicant
Signature
Name
Position
Date
2013-04 – Registrar Accreditation Criteria
Policy No: 2013-04
Publication Date: 17/10/2013
Status: Current
1. BACKGROUND
1.1 This document sets out the accreditation criteria that auDA accredited registrars must meet in order to gain and maintain their accreditation from auDA, so that they can provide registrar services in the open .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
2. RELEVANT CLAUSES OF THE REGISTRAR AGREEMENT
2.1 For clarity, the clauses of the Registrar Agreement that relate to accreditation criteria are set out below:
Clause 1
Accreditation Criteria means the requirements specified by auDA from time to time in relation to the minimum criteria which must be satisfied by a person in order for that person to be auDA Accredited.
Clause 3.4
The Registrar represents and warrants to auDA:
3.4.1 on the Commencement Date, that it meets the Accreditation Criteria; and
3.4.2 as a continuing warranty during the term, that it continues to meet the Accreditation Criteria.
Clause 3.5
The Registrar must promptly notify auDA if the Registrar becomes aware:
3.5.1 that it does not meet any of the Accreditation Criteria; or
3.5.2 of any circumstance, fact or thing that affects its ability to continue to meet the Accreditation Criteria.
Clause 14.1
The Registrar must:
…
14.1.2 do all things necessary to ensure that during the Term, it continues to meet the Accreditation Criteria;
…
14.1.9 provide to auDA from time to time, upon auDA’s request, all information in relation to the Registrar and the operation of the registrar’s business as auDA may reasonably request;
3. REGISTRAR ACCREDITATION CRITERIA
3.1 auDA accredited registrars must meet the all the criteria listed in this section, at all times during the term of the Registrar Agreement. The criteria are intended to ensure that registrars operate in a way which is consistent with auDA’s responsibility to promote and protect:
a) the stability and integrity of the Australian DNS;
b) the efficient and effective operation of the domain name registration system; and
c) the rights and interests of consumers (registrants).
3.2 The corporate requirements listed in paragraphs 3.4-3.8 are matters of fact and objectively verifiable.
3.3 The exact manner in which a registrar meets the operational requirements listed in paragraphs 3.9-3.15 will depend on the type and size of the registrar’s business. auDA will evaluate the registrar’s ability to meet the operational requirements based on accepted industry practice and benchmarks.
3.4 The registrar’s compliance with the security requirement in paragraph 3.17 will be assessed in accordance with auDA’s Information Security Standard (ISS) for Accredited Registrars (2013-03).
Corporate requirements
3.5 The registrar must be registered to trade in Australia:
a) Australian companies must hold an Australian Company Number (ACN) and Australian Business Number (ABN); and
b) foreign companies must hold an Australian Registered Body Number (ARBN) and ABN.
3.6 The registrar must be registered with the Australian Taxation Office (ATO) for Goods and Services Tax (GST).
3.7 The registrar must have “opted in” under the Privacy Act 1988.
3.8 The registrar must hold the insurance coverage specified in clause 14.3 of the Registrar Agreement.
3.9 The registrar must have a valid and subsisting Registry-Registrar Agreement with the registry operator.
Operational requirements
3.10 The registrar must demonstrate knowledge of the Australian DNS and auDA’s Published Policies.
3.11 The registrar must have the capability to interact with the registry using EPP and/or a web interface, in accordance with the technical specification of the registry operator.
3.12 The registrar must have the capability to provide services to registrants in accordance with the Registrar Agreement and the .au Domain Name Suppliers’ Code of Practice, and in compliance with applicable Published Policies.
3.13 The registrar must have a sufficient number of staff, and adequate systems and procedures, to handle:
a) policy compliance checks for domain name registrations;
b) customer billing;
c) all customer inquiries and support services, including requests for changes in registration data; and
d) customer complaints.
3.14 The registrar must have adequate capability for maintaining electronic copies of all transactions, correspondence and communications with auDA, the registry operator and customers for at least the length of the Registrar Agreement.
3.15 The registrar must have adequate capability for providing information systems security procedures to prevent systems hacks, break-ins, data tampering and other disruptions to its business.
3.16 The registrar must have at least one nominated management contact person for auDA liaison.
Security requirements
3.17 The registrar must hold a current ISS Compliance Certificate, in accordance with auDA’s Information Security Standard (ISS) for Accredited Registrars (2013-03).
2013-03 – auDA Information Security Standard (ISS) for Accredited Registrars
Policy No: 2013-03
Publication Date: 17/10/2013
Status: Current
1. BACKGROUND
1.1 The auDA Information Security Standard (ISS) forms part of auDA’s Registrar Accreditation Criteria (2013-04) and compliance is mandatory for all auDA accredited registrars. The ISS was developed in consultation with registrars and other industry participants through the 2012 Industry Advisory Panel, and was approved by the auDA Board in February 2013.
2. TERMINOLOGY
2.1 This policy uses the following terms:
a) “ISS Assessment Procedures” means the assessment procedures to be followed by the ISS Assessor, available on the ISS Compliance Portal;
b) “ISS Assessor” means an assessor nominated by auDA to provide ISS assessment services;
c) “ISS Committee” means the committee of senior representatives from auDA and AusRegistry and an independent person, responsible for making the final decision on ISS compliance, on the recommendation of the ISS Assessor;
d) “ISS Compliance Certificate” means the certificate issued to the registrar by the auDA ISS Committee;
e) “ISS Compliance Mark” means the mark made available by auDA for ISS compliant registrars to display on their website if they wish; and
f) “ISS Compliance Portal” means the online portal used by registrars to manage their ISS compliance and assessment (also referred to as the TruComply portal).
3. OBJECTIVES OF THE ISS
3.1 auDA’s objectives in introducing the ISS are:
a) to encourage and assist registrars to manage and improve the security and resiliency of their own businesses; and
b) to protect .au registrants, and the overall integrity and stability of the .au DNS.
4. OVERVIEW OF THE ISS
4.1 The ISS is at Schedule A of this document. It provides a set of technical, operational and policy requirements designed to protect the confidentiality and integrity of sensitive domain-related data held by registrars.
4.2 Section 3 of the ISS defines 15 Information Security Controls, as follows:
a) Information Security Policy
b) Information Security Organisation Framework
c) Asset Management Plan
d) Human Resources
e) Physical Security Plan
f) Operations Management
g) Service Provider Security
h) Malicious Code and Vulnerability Management
i) Monitoring Controls
j) Access Controls
k) Systems Development
l) Cryptographic Controls
m) Incident Management
n) Business Continuity Management
o) Regulatory Compliance
4.3 auDA recognises that not all registrar business models operate in the same way and accordingly, not all registrars will be required to implement all of the Information Security Controls listed above. It is up to each registrar to conduct their own risk assessment in order to guide the implementation of the ISS within their own business model.
5. ISS COMPLIANCE PROGRAM
5.1 auDA has engaged Vectra Corporation to provide assessment services for the ISS Compliance Program. auDA will bear all costs of the ISS compliance program [1].
5.2 The ISS Compliance Program comprises two assessment processes:
a) registrar self-assessment through the online ISS Compliance Portal; and
b) on-site assessment by the ISS Assessor.
5.3 All registrars will be provided with an ISS Compliance Portal account to manage their ISS compliance and assessment. The ISS Assessment Procedures and related documentation and support information is available on the ISS Compliance Portal.
Initial ISS compliance
5.4 Registrars must complete the self-assessment process through the ISS Compliance Portal, and then notify auDA that they are ready for the on-site assessment. auDA will arrange for the on-site assessment to take place as soon as possible, having regard to the registrar’s location and other resource or logistical considerations.
5.5 The ISS Assessor will conduct the assessment in accordance with the ISS Assessment Procedures. If the assessment report is compliant, then it will be provided to the auDA ISS Committee for sign-off. On sign-off, the ISS Committee will issue the registrar with an ISS Compliance Certificate. Registrars may choose to display the ISS Compliance Mark on their website if they wish.
5.6 If the assessment report is non-compliant, the registrar will be given 3 months for remediation and revalidation of all open items. If the registrar does not remediate and revalidate all open items to the satisfaction of the ISS Assessor within 3 months, then the ISS Assessor will provide the auDA ISS Committee with a non-compliant report. The consequences of non-compliance are outlined in section 6 below.
Subsequent ISS compliance
5.6 Registrars must complete the full ISS Compliance Program (as described in paragraphs 5.2-5.6 above) every 3 years. Registrars may also be required to undertake one or both of the assessment processes of the ISS Compliance Program annually or at other intervals as determined by the ISS Committee, to ensure that they remain ISS compliant during the 3 years.
5.7 In addition, auDA may require a registrar to undertake one or both of the assessment processes of the ISS Compliance Program in the following circumstances:
a) Change of registrar ownership or effective control: Under the Registrar Agreement, a change of ownership or effective control of a registrar requires the prior written consent of auDA. auDA will determine on a case-by-case basis whether the proposed change requires the registrar to undertake any ISS assessment prior to auDA’s consent being granted;
b) Security breach: Under the Registrar Agreement, registrars are required to notify auDA immediately if there is a security breach affecting any part of their their systems. auDA will determine on a case-by-case basis whether the registrar is required to undertake any ISS assessment as a consequence of the security breach; and
c) Formal complaint to auDA: If auDA receives and investigates a formal complaint that a registrar is not (or may not be) ISS compliant, and auDA upholds the complaint, then auDA will require the registrar to undertake one or both of the assessment processes of the ISS Compliance Program.
6. CONSEQUENCES OF NON-COMPLIANCE WITH ISS
6.1 Pursuant to paragraphs 5.4-5.7, if a registrar:
a) fails to complete either of the assessment processes, including the 3 month remediation phase, of the ISS Compliance Program; or
b) having completed the ISS Compliance Program, including the 3 month remediation phase, is assessed as non-compliant by the ISS Assessor and the ISS Committee;
then auDA reserves the right to:
c) suspend the registrar’s accreditation until the registrar has been issued with a current ISS Compliance Certificate by the ISS Committee; and/or
d) post a notice on the auDA website, and require the registrar to post a notice on their own website, that the registrar is non-compliant, until the registrar has been issued with a current ISS Compliance Certificate by the ISS Committee.
6.2 If the registrar has not been issued with a current ISS Compliance Certificate within 3 months of being suspended, then auDA reserves the right to terminate the registrar’s accreditation for breach of this policy, auDA’s Registrar Accreditation Criteria (2013-04) and the Registrar Agreement.
7. ISS PHASE-IN PERIOD FOR EXISTING ACCREDITED REGISTRARS
7.1 Existing accredited registrars as at the Publication Date of this document must be issued with an ISS Compliance Certificate within 24 months of the Publication Date (ISS phase-in period). During the ISS phase-in period, auDA will maintain a list of ISS compliant registrars on its website and registrars may choose to display the ISS Compliance Mark on their website if they wish.
7.2 If an existing registrar has not been issued with an ISS Compliance Certificate before the end of the ISS phase-in period, then auDA reserves the right to suspend the registrar’s accreditation until they have been issued with an ISS Compliance Certificate. If the registrar has not been issued with an ISS Compliance Certificate within 3 months of being suspended, then auDA reserves the right to terminate their accreditation for breach of this policy, auDA’s Registrar Accreditation Criteria (2013-04) and the Registrar Agreement.
7.3 The ISS phase-in period does not apply to new applicants for registrar accreditation. From the Publication Date of this document, new applicants must achieve ISS compliance during their 12 month provisional accreditation or they will not be granted full accreditation.
8. REVIEW OF ISS
8.1 From time to time, auDA may update this document for the purposes of clarification or correction.
8.2 auDA will conduct a full review of the ISS following the ISS phase-in period for existing registrars (ie. 24 months from the Publication Date of this document).
NOTE [1]: Not including: 1) internal costs for registrars in meeting the ISS, and 2) travel expenses for an ISS Assessor to conduct an on-site assessment for new registrar applicants who are overseas-based.
SCHEDULE A
auDA INFORMATION SECURITY STANDARD (ISS) FOR ACCREDITED REGISTRARS
1. BACKGROUND
1.1 auDA
.au Domain Administration Ltd (auDA) is the policy authority and industry self-regulatory body for the .au domain space and was formed to provide a market driven self-regulatory regime.
auDA was formed in April 1999 and in December 2000 received formal endorsement from the Australian Federal Government.
1.2 Registrars
Registrars are organisations accredited by auDA to provide services to people who want to register a new domain name, renew their existing domain name, or make changes to their domain name record.
1.3 Information security responsibilities
The Registrar Agreement between auDA and Registrars, requires that Registrars be responsible for information security. In particular Registrars are required to:
- Take all reasonable or prudent actions to preserve the confidentiality and security of all Registrant Data.
- Have adequate capability for providing information security procedures to prevent system hacks, break-ins, data tampering and other disruptions to its business.
- Promote and protect the stability and integrity of the Australian DNS.
- Ensure the effective and efficient operation of the domain name registration system.
1.4 auDA Information Security Standard (ISS)
A practical set of controls is required to manage information security risks at Registrars.
The ISS sets a baseline for information security for Registrars. The ISS is aligned to well-established international security standards that have matured over time in line with emerging information security threats. Organisations, including Registrars, conducting business activities in a responsible manner, should already be familiar with the concepts of the ISS.
auDA recognises that not all Registrar business models operate in the same way and accordingly the ISS can be adapted to suit individual Registrar business operating models.
The ISS is intended to assist registrars to manage and improve the security in their own businesses in a way that also protects the integrity and stability of the .au domain space. auDA requires that all Registrars deploy and maintain the ISS.
auDA also requires that Registrars who use third party service providers (eg. for IT support, software development or hosting) also meet the ISS. In cases where Registrars use third party service providers, the Registrar must demonstrate how those service providers comply with the security controls in this standard.
Registrars, whose business model facilitates the sale of and administration of domain names to resellers, are required to provide facilities in a manner that meets the ISS.
1.5 Provision for in-place information security certifications
The auDA recognises that some Registrars may already have relevant information security certifications in place.[2]
auDA will, through the services of its nominated ISS assessment services provider, work with the Registrar to confirm that in-place certifications meet the requirements of the auDA ISS.
2. ISS REQUIREMENTS
2.1 Information security definition
Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimise business risk and maximise return on investments and business opportunities.
The ISS defines Information Security in terms of key concepts and key characteristics.
Key Concepts
Concept Description
Confidentiality Preventing disclosure of information to unauthorised systems or individuals
Integrity Preventing unauthorised or accidental modification of data
Availability Ensuring that information is available when required
Key Characteristics
Characteristic Description
Authenticity Ensuring that data, transactions, communications or documents (electronic or physical) are genuine and ensuring that parties involved in communication are who they claim to be
Non-Repudiation Ensuring a party conducting an action is not able deny having conducted that action
2.2 Business context
The Registrar will document the following in terms of the definition of Information Security provided above:
- Describe the importance of information security taking into account the organisation, its location, its assets, its technology and its culture.
- Describe the scope and boundaries of the information security systems. At a minimum, Registrars must protect their systems in line with the security requirements in this standard.
- Describe the approach in determining and establishing security requirements.
- Describe the methodical assessment of security risks including the risk assessment approach and methodology used (Risk Management Framework) and the criteria for accepting risks. The risk assessment process must define who signs off the risk assessment.
- Describe the selection of controls in a risk treatment plan and how they are used to treat risks.
- Describe how security is organised in the organisation, including roles and responsibilities. (Who makes what decisions? Who approves what?)
- List the documentation set that describes security in the organisation. (Security documentation register.)
- Describe document control, creation and approval.
2.3 Development process
The diagram (Figure 1) shows the typical process a Registrar will need to go through in order to produce the ISS documentation. The steps are shown on the left and the outputs are shown on the right.
Figure 1 – Typical Development Process for ISS at Registrar
3. INFORMATION SECURITY CONTROLS
As a result of the risk assessment, the risk treatment plan and the Registrar business model, the Registrar must select applicable information security controls from the list of controls below. The Registrar must provide an explanation for any controls that are excluded.
The Registrar will implement security controls as they apply to business operations. For example: if a Registrar does not develop its own software, but outsources development to a third party service provider, the Registrar will not need to implement its own security controls for software development, but must ensure that the third party service provider does. The security control in such a case would be contained in the service agreement with the third party service provider.
3.1 Information Security Policy
The Registrar will produce, publish and maintain an Information Security Policy that demonstrates management commitment supporting information security in accordance with business requirements, laws and regulations.
The information security policy must be:
- approved and authorised by senior management;
- reviewed at least annually or if significant changes occur; and
- made available to and communicated to employees and external parties where relevant.
The information security policy must address the following:
- define information security, its objectives and its importance to the business;
- management’s commitment supporting the goals of information security from a business context;
- the framework for evaluating and managing risk;
- accountability and responsibility for information security;
- security education, training and awareness requirements;
- business continuity management;
- consequences for policy breaches; and
- the requirement to comply with relevant legislative, regulatory and contractual obligations.
3.2 Information Security Organisation Framework
The Registrar will document and maintain an Information Security Organisation Framework that describes how information security is managed within the organisation and external to the organisation.
The framework must address the following:
- management’s commitment to information security through acknowledgement and assignment of information security responsibilities;
- coordination of information security activities, functions and relevant roles by representatives within the organisation;
- information security accountability, responsibility and delegation;
- identification and management of risks related to information processing services offered or tendered by external parties;
- identification of security requirements relevant to customer access and customer information; and
- contacts with authorities (eg. Federal Police).
3.3 Asset Management Plan
The Registrar will document and maintain an Asset Management Plan that describes how organisational assets are identified, categorised and afforded appropriate protection.
The plan must address the following:
- description of how assets are identified;
- up-to-date list of important assets (these are the assets that need protection within the framework of this security standard, including databases, contracts, service agreements, relationships);
- description of who owns the assets, or how ownership is determined;
- description or policy on acceptable use of assets (employees, contractors need to know what the acceptable use of these assets are); and
- information classification (How do employees and contractors identify the value of information and how are they meant to protect that information? Eg. Confidential, Public, Secret).
3.4 Human Resources
The Registrar will document and maintain an employee management process that describes how candidates for employment are assessed.
The process must include the following:
- background verification checks;
- description of security roles and responsibilities for the job role;
- information security responsibilities in Terms and Conditions of employment
- information security awareness education;
- disciplinary process in the event of committed security breaches; and
- responsibilities in the event of termination or change of employment conditions (including removal of access rights and return of assets).
3.5 Physical Security Plan
The Registrar will document and maintain a physical security plan commensurate with identified risks that describe how important information processing equipment and services are protected by defined security perimeters and controls.
The plan must include the following:
- physical security arrangements (barriers, entry/exit controls) that protect information processing facilities;
- protection against environmental threats (fire, flood, civil unrest, power failures);
- equipment maintenance;
- security of network cabling;
- security of equipment taken off site (include authorisation and tracking process); and
- secure disposal of equipment (removal of sensitive data).
3.6 Operations Management
The Registrar will document and maintain a communications and operations manual that describes how the information processing facilities and managed and maintained.
The operations manual must include the following:
- scheduling requirements (batch jobs, patching, backups etc);
- error handling procedures and support contacts;
- escalation procedures;
- system recovery and restart procedures;
- audit logs for tracking purposes;
- change management procedures;
- segregation of duties (prevention of unauthorised modifications);
- description of separation of development, test and production environments (if Registrar performs development);
- system planning and acceptance;
- media handling;
- exchange of information with external parties; and
- capacity management.
3.7 Service Provider Security
The Registrar will document and maintain a process for tracking agreements with third party services providers to ensure the security of services.
The process must include the following:
- agreed security controls;
- service definitions and delivery levels;
- monitoring requirements and expectations (eg. reports and audits); and
- managing changes to services and/or requirements.
3.8 Malicious Code and Vulnerability Management
The Registrar will document and maintain controls to protect against malicious code and vulnerability management.
The controls must include the following:
- formulation of a policy (or policy statement) against using/installing unauthorised software;
- measures in place to scan files for malicious content obtained from external sources;
- additional measures in place to protect system user’s equipment who have administrative access to critical assets;
- roles and responsibilities for vulnerability monitoring compared against asset configuration database (inventory);
- applying patches roles and responsibilities – if patches are available, assessment of the risks of patching and/or not patching;
- external (and potentially internal) vulnerability scans of Internet-facing environments and associated processes for ensuring that open vulnerabilities are addressed; and
- business continuity plans for recovering from malicious code attack or errors resulting from vulnerabilities.
3.9 Monitoring
The Registrar will document and maintain a system for recording information security events in order to detect unauthorised information processing activities.
The system must include the following:
- an audit logging system recording user activities, exceptions and information security events for an agreed time period (no less than six months unless justification is provided for a smaller period);
- audit information that can trace:
- user ID and location of user (network address)
- date and time of event
- use of privileges (admin, root, su, sudo etc)
- de-activation and activation of protection systems (e.g. Anti-virus or IDS/IPS)
- systems usage;
- mechanisms that protect audit log information;
- a mechanism whereby all critical system clocks are synchronised with an accurate time source; and
- file integrity monitoring – monitoring of files that should not change.
3.10 Access Control
The Registrar will establish and publish an access control policy and related procedures.
The access control policy must include the following:
- the requirement for access to information on a ‘business-needs-to-know’ basis;
- requirement for role based access;
- requirement for privileged access to be restricted to non-internet facing interfaces;
- formal authorisation requests for access to information;
- periodic review of access rights and access controls;
- removal of access rights when roles change, upon dismissal and/or resignation; and
- minimal access per role (ie. default deny all, access based on expressly defined rules).
The access control procedures must include the following:
- user access management procedures for user registration;
- unique IDs for users (no using redundant user IDs);
- removal of users when roles change, upon dismissal and/or resignation;
- users to sign statements indicating their understanding of conditions of use;
- privilege management – use appropriate accounts for appropriate functions (don’t use admin accounts for normal day-to-day use);
- password management
- keep passwords confidential
- no shared user accounts
- change passwords on first use
- passwords not displayed in the clear on screens
- passwords may not be stored or transmitted in the clear
- default (vendor) passwords to be changed
- admin passwords to be changed when admin staff leave
- passwords to be changed at agreed times based on risk profile
- password length and complexity and history to be based on risk profile (minimum requirement: length at least 8, history at least 4, complexity to include uppercase and lowercase and at least 1 numeric);
- process for reviewing access rights and access controls;
- protection of unattended equipment (screen saver with password and session time outs); and
- conditions and required security practices under which remote access is permitted.
3.11 Systems Development
The Registrar will establish and publish information systems acquisition, development and maintenance processes and procedures to ensure that security forms an integral part of all information systems.
The process and procedures must include the following:
- determination of security requirements based on business requirements for new systems or changes to existing systems. Systems include operating systems, infrastructure, applications, purchased off-the-shelf software and services and in-house developed applications;
- checking and validating the correct (expected) processing in applications prior to being promoted to production environments. Checks could include: code reviews and application code software checks, penetration testing, testing of use defined use cases, data validation, memory usage, internal processing, message integrity, file updates and patching;
- protection of source code and test data;
- process defining system release cycles and notifications;
- processes describing development, test and production environments;
- formal change control procedures;
- data loss prevention or information leakage procedures;
- where software development is outsourced, controls covering: licensing, ownership, intellectual property rights, quality assurance, escrow, audit rights, security functionality and testing; and
- configuration standards that address known security vulnerabilities and that are consistent with industry-accepted system hardening standards, including the minimal set of services required for system components and the removal of all non-essential services.
3.12 Cryptographic Controls
The Registrar will establish and publish cryptographic controls for protecting the confidentiality, authenticity and integrity of information.
The cryptographic control must include the following:
- a policy (or policy statement) on the use of cryptographic controls. Consider, general principles for protecting sensitive information, type and strength of algorithms v/s sensitivity of information; and
- procedures dealing with key management, roles and responsibilities, and development and maintenance of standards.
3.13 Incident Management
The Registrar will establish and publish a formal event reporting and escalation procedure to ensure that information security events are communicated in a timely manner.
The event reporting procedure must include the following:
- the formal appointment of a point-of-contract for reporting security events to, who is known throughout the organisation and who is always available and able to provide appropriate advice;
- the requirement for employees and contractors to note and report security events or security weaknesses;
- established management responsibilities for ensuring timely, orderly and effective response to incidents, including: classification of incidents, contingency plans, reporting to relevant authorities, evidence collection and recovery from failures;
- processes for learning from incidents and implementing corrective/preventive actions to prevent similar occurrences; and
- the requirement to immediately notify the relevant authorities and regulators including auDA and AusRegistry.
3.14 Business Continuity Management
The Registrar will establish and publish a business continuity management plan that includes information security requirements in order to counteract interruptions to business activities in the event of failures to information systems or disasters.
The business continuity management plan must include the following:
- identification of information and services at risk. Must include information not held in the Registry database;
- consideration of information security and associated events as part of the overall business continuity plan (a single business continuity planning framework);
- identification of potential events, including probability and impact, that can cause interruptions to business processes;
- processes for restoration of information services to required levels within defined time limits; and
- periodic testing and updating of the plan.
3.15 Regulatory Compliance
The Registrar will identify and document into a register all relevant statutory, regulatory and contractual requirements in order to avoid relevant information security breaches.
The regulatory compliance register must include the following:
- compliance relating to intellectual property rights;
- compliance relating to protection of company records (eg. accounting, database, audit logs, transaction logs, operational procedures);
- compliance relating to the retention of records; and
- compliance relating to protection and privacy of personal information.
NOTE [2]: Examples include AS/NZS 27001 and/or PCI DSS
2013-02 – Transfers (Change of Registrar of Record) Policy
Policy No: 2013-02
Publication Date: 01/07/2018
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the transfer of a registered domain name which results in a change to the registrar of record in the registry database. This includes the following scenarios:
a) where a registered domain name is transferred by the registrant from one registrar to another registrar;
b) where a registered domain name is transferred by a reseller on behalf of the registrant, from one registrar to another registrar; and
c) where the management of a registered domain name is transferred by a registrant from a reseller of one registrar to a different registrar, or to a reseller of a different registrar.
1.2 The following scenarios do not result in a change to the registrar of record in the registry database, and therefore are not addressed under this policy:
a) where a registered domain name is transferred by the registrant from a reseller to another reseller of the same registrar;
b) where a registered domain name is transferred by the registrant from a reseller of one registrar to the same registrar; and
c) where a domain name licence is transferred from one registrant to another registrant.
1.3 This document does not detail the technical steps required to change the registrar of record in the registry database. This information is made available to all auDA accredited registrars by the registry.
2. TERMINOLOGY
2.1 This policy uses the following terms:
a) “gaining registrar” means the registrar to which the registrant transfers their domain name;
b) “losing registrar” means the registrar from which the registrant transfers their domain name;
c) “domain name password” means the password that is issued to a registrant when they register a domain name, that must be used to authorise any change to the domain name record in the registry database;
d) “written request for transfer” means a request for transfer submitted to the gaining registrar by letter, facsimile, email or online form (request by telephone is not acceptable)
e) “standard transfer confirmation message” means a letter, facsimile or email containing the text approved by auDA at Schedule A;
f) “standard transfer audit message” means a letter, facsimile or email containing the text approved by auDA at Schedule B;
g) “Registrant Agreement” means the agreement between a registrar and a registrant that sets out the terms and conditions of the domain name licence;
h) “bulk transfer” means the transfer of a minimum of 1,000 domain names at a time with the prior written consent of auDA, pursuant to section 7 of this policy; and
i) “standard bulk transfer notification” means a letter, facsimile or email containing the text approved by auDA at Schedule C.
3. TRANSFER POLICY PRINCIPLES
3.1 A key element of a competitive domain name marketplace is that registrants are able to transfer their domain names from one registrar to another (ie. change the registrar of record in the registry database). In the interests of promoting a competitive domain name industry in Australia, auDA has drafted this policy in accordance with the following principles:
a) a registrant has the right to make an informed choice to transfer their domain name at any time during the domain name licence period, with no loss of remaining licence period;
b) a registrant has the right to know all the material terms and conditions of the transfer, including any related costs or charges, before they agree to proceed with the transfer;
c) a losing registrar does not have the right to delay or prevent a transfer; and
d) under no circumstances may a gaining or losing registrar impose a transfer fee on the registrant, or any fee that could reasonably be construed as a transfer fee.
3.2 Internationally, domain name transfers have given rise to problems of customer churn, customer slamming and other undesirable practices. To minimise the risk of similar problems occurring in the .au domain, this policy requires the gaining registrar to obtain a valid domain name password and to confirm the transfer request with the registrant contact, prior to initiating a transfer. The combination of these two steps ensure that the “apparent authority” conferred by the domain name password is supported by actual authorisation that the registrant wishes to proceed with the transfer. The only exceptions to this rule are outlined in sections 7 and 9 of this policy.
4. TRANSFER PROCEDURE
4.1 Prior to sending a transfer command to the registry, the gaining registrar must:
a) receive a written request for transfer (see definition in paragraph 2.1) that includes a valid domain name password for the domain name;
b) use the password to retrieve the full domain name record from the registry database;
c) send a standard transfer confirmation message (see definition in paragraph 2.1) to the person who has requested the transfer and to the registrant contact listed in the database (if different);
d) receive an affirmative response from the registrant contact by letter, facsimile or email; and
e) enter into a new Registrant Agreement for the remaining term of the domain name licence period, or for a new 1,2,3,4 or 5 year licence period where the transfer is combined with renewal.
4.2 The gaining registrar must not provide the means for a registrant, or a reseller acting on behalf of a registrant, to automatically initiate a transfer command to the registry (for example, by submitting an online form that sends a transfer command to the registry). The gaining registrar must satisfy the requirements listed in paragraph 4.1 before initiating the transfer command to the registry.
4.3 Where the gaining registrar has received a written request for transfer from a reseller and it is clear that the registrant contact email address is that of the same reseller, it is not sufficient to send a standard transfer confirmation message to that email address. In these circumstances, the gaining registrar must:
a) send a standard transfer confirmation message to the registrant contact by letter or facsimile, and receive an affirmative response from the registrant contact by letter, facsimile or email; or
b) arrange for the registrant contact email address to be updated with the registrant contact’s own email address (and not the reseller), and then send the standard transfer confirmation message to that email address.
4.4 The gaining registrar must keep full records of the transfer for inspection by auDA on demand, including copies of the written request for transfer, the standard transfer confirmation message and the affirmative response from the registrant contact.
4.5 Transfers that have been properly authorised and processed according to the requirements of this section and any procedural requirements of the registry, will proceed 2 days after initiation by the gaining registrar (unless the transfer is accepted earlier by the losing registrar).
5. RIGHTS OF THE LOSING REGISTRAR
5.1 The registry will notify the losing registrar that a transfer has been initiated. The losing registrar may send a standard transfer audit message (see definition in paragraph 2.1) to the registrant in order to confirm that the transfer is properly authorised. This action will not affect the timeframe referred to in paragraph 4.4.
5.2 If the losing registrar sends a standard transfer audit message, it must send the message once only, and within 2 days of receiving the transfer notification from the registry. The losing registrar must not attempt to delay or prevent the transfer. If the registrant does not respond to the standard transfer audit message, the losing registrar must not persist in efforts to obtain a response to the message.
5.3 If a losing registrar receives a response from the registrant that the transfer has not been authorised, the losing registrar may lodge a complaint with auDA. The act of lodging a complaint with auDA will not stop the transfer from taking effect, unless auDA is of the view that to allow the transfer to proceed would cause harm to the registrant. Causing harm to the losing registrar’s business is not sufficient reason to stop the transfer.
5.4 If auDA determines that the transfer has not been authorised by the registrant in accordance with this policy, auDA may:
a) allow the losing registrar to initiate a transfer back (using the procedure outlined in paragraph 4.1); or
b) direct the registry to reverse the transfer.
Circumstances under which either of these actions might occur include where the gaining registrar, or an appointed reseller of the gaining registrar, has breached the terms and conditions of the Registrar Agreement or the Code of Practice in order to secure the transfer.
6. TRANSFER FEES
6.1 The losing registrar must not impose a transfer fee on the registrant, or any fee that could reasonably be construed as a transfer fee.
6.2 The gaining registrar must not impose a transfer fee on the registrant, or any fee that could reasonably be construed as a transfer fee. If the gaining registrar chooses to bundle the transfer with other service offerings, then the gaining registrar must advise the registrant that the transfer is free of charge.
6.3 If the transfer takes place within the 90 day renewal period, and the registrant chooses to renew their domain name at the same time as transferring it to the gaining registrar, then the gaining registrar may charge a renewal fee. If the transfer takes place outside the 90 day renewal period, the gaining registrar must advise the registrant that the domain name cannot be renewed until 90 days before expiry.
7. BULK TRANSFERS BY REGISTRARS
7.1 Bulk transfers by registrars are only permitted:
a) for a minimum of 1,000 domain names at a time; and
b) with the prior written consent of auDA.
Circumstances in which auDA may consent to a bulk transfer include where the gaining registrar has acquired the losing registrar’s business, or where the gaining registrar and the losing registrar are related entities.
7.2 Bulk transfers do not require the gaining registrar to follow the procedure outlined in paragraph 4.1. However, the gaining registrar must ensure that each registrant is notified of the bulk transfer and given a reasonable opportunity to opt-out of the bulk transfer by transferring their domain name to another registrar of their choice. Prior to initiating a bulk transfer, the gaining registrar must send a standard bulk transfer notification message (refer to definition in paragraph 2.1) to each of the registrant contacts listed in the registry database at 30 calendar days and again at 7 calendar days before the date of the bulk transfer.
7.3 The gaining registrar must keep full records of the bulk transfer for inspection by auDA on demand, including a copy of the standard bulk transfer notification message and evidence that the message was sent to each of the registrant contacts listed in the registry database.
7.4 Bulk transfers will not apply to domain names that are in “Expired Pending Purge”, “Pending Delete” or “Pending Policy Delete” states. If the bulk transfer is due to take place within the 90 day renewal period of a domain name, a renewal may be processed in conjunction with the bulk transfer.
7.5 Bulk transfers that have been properly authorised and processed according to the requirements of this section and any procedural requirements of the registry, will proceed 2 days after initiation by the gaining registrar (unless the transfer is accepted earlier by the losing registrar).
8. BULK TRANSFERS BY RESELLERS
8.1 Bulk transfers by resellers are not permitted. Where a reseller of one registrar decides to transfer their business to another registrar, the reseller must follow the procedure outlined in paragraph 4.1 in respect of each registered domain name under their management.
9. TRANSFERS CAUSED BY TERMINATION OF REGISTRAR ACCREDITATION
9.1 Where a registrar has its accreditation terminated by auDA, its domain name records will be transferred to auDA as caretaker registrar of record (ie. auDA will be listed as the registrar of record in the registry database).
9.2 auDA will notify the affected registrants that they must transfer their domain name to another registrar by following the procedure outlined in paragraph 4.1.
10. BREACH OF POLICY
10.1 auDA reserves the right to investigate any transfer or bulk transfer under this policy. Where a registrar has breached auDA policy, or otherwise acted in bad faith with respect to a transfer or bulk transfer, auDA reserves the right to reverse that transfer or bulk transfer.
SCHEDULE A
STANDARD TRANSFER CONFIRMATION MESSAGE
Under paragraph 4.1 of the policy, the gaining registrar must send a standard transfer confirmation message to the person who has requested the transfer and to the registrant contact listed in the registry database (if different).
The purpose of the message is to safeguard both the registrant and the gaining registrar by confirming that:
a) the transfer request is properly authorised; and
b) the registrant has been informed of the material terms and conditions of the transfer.
The message must contain the text below, or equivalent text approved by auDA. DOMAIN NAME TRANSFER – REQUEST FOR CONFIRMATION
Attention: <insert registrant contact name>
Re: Transfer of <insert domain name>
The current registrar of record for this domain name is <insert name of losing registrar>
We have received a request from <insert name of person requesting transfer> for us to become the new registrar of record.
You have received this message because you are listed as the registrant contact for this domain name in the WHOIS database.
Please read the following important information about transferring your domain name:
You must agree to enter into a new Registrant Agreement with us. You can review the full terms and conditions of the Agreement at <insert URL>
Once you have entered into the Agreement, the transfer will take place within 2 calendar days.
The transfer will not change the expiry date of your domain name, which is <insert expiry date>.
If you wish to proceed with the transfer, please contact us <insert gaining registrar contact details> with the following message:
“I confirm that I have read the Domain Name Transfer – Request for Confirmation Message.
I confirm that I wish to proceed with the transfer of <insert domain name> from <insert name of losing registrar> to <insert name of gaining registrar>.”
Please note that all registrars must comply with the .au Domain Name Suppliers’ Code of Practice (http://www.auda.org.au/policies/auda-2004-04.txt) and auDA’s transfers policy (http://www.auda.org.au/policies/auda-2013-02).
SCHEDULE B
STANDARD TRANSFER AUDIT MESSAGE
Under paragraph 5.1 of the policy, the losing registrar may send a standard transfer audit message to the registrant contact.
The message must contain the text below, or equivalent text approved by auDA.
| Re: Transfer of We are the current registrar of record for this domain name. We received notification on that you have requested a transfer to . This means that will become the new registrar of record for your domain name on . If you have authorised this transfer, you are under no obligation to respond to this message. If you did not authorise this transfer, please contact us . Please note that all registrars must comply with the .au Domain Name Suppliers’ Code of Practice (http://www.auda.org.au/policies/auda-2004-04 ) and auDA’s transfers policy (http://www.auda.org.au/policies/auda-2013-02). ” v:shapes=”Text_x0020_Box_x0020_3″> |
SCHEDULE C
STANDARD BULK TRANSFER NOTIFICATION
Under paragraph 7.2 of the policy, the gaining registrar must send a standard bulk transfer notification to each registrant contact listed in the registry database at 30 calendar days and again at 7 calendar days before the date of the bulk transfer.
The purpose of the message is to safeguard both the registrant and the gaining registrar by ensuring that the registrant:
a) receives due notice of the transfer; and
b) is given a reasonable opportunity to transfer their domain name to a different registrar if they do not want their domain name to be transferred to the gaining registrar.
The message must contain the text below, or equivalent text approved by auDA:
| Re: Transfer of The current registrar of record for this domain name is You have received this message because you are listed as the registrant contact for this domain name in the WHOIS database. will be assuming the obligation to provide registrar services to you. Your domain name will be transferred to on . If you do not want your domain name to be transferred to , then you must take action to transfer your domain name to another registrar prior to . Please note that all registrars must comply with the .au Domain Name Suppliers’ Code of Practice (http://www.auda.org.au/policies/auda-2004-04) and auDA’s transfers policy (http://www.auda.org.au/policies/auda-2013-02). ” v:shapes=”Text_x0020_Box_x0020_2″> |
2012-04 – Domain Name Eligibility and Allocation Policy Rules for the Open 2LDs
Policy No: 2012-04
Publication Date: 01/07/2018
Status: Current
1. BACKGROUND
1.1 This document sets out the policy rules that govern the granting of domain name licences in the open second level domains (2LDs) in the .au domain.
1.2 The policy rules are based on the Domain Name Eligibility and Allocation Policy Rules for Open Second Level Domains (2LDs) (2008-05) and include the final recommendations of auDA’s 2010 Names Policy Panel.
1.3 The policy rules set out in this document do not have retrospective effect. Domain name licences that were granted before implementation of this policy will be ‘grandfathered’ and the registrant will be entitled to renew the licence provided that there has been no change in the registrant’s circumstances that affects their eligibility to hold the domain name licence. For example, if the registrant of a com.au domain name no longer holds the registered business name that they used as a basis for licensing the domain name in the first place.
2. DOMAIN NAME LICENCES
2.1 There are no proprietary rights in the domain name system (DNS). A registrant does not “own” a domain name. Instead, the registrant holds a licence to use a domain name, for a specified period of time and under certain terms and conditions.
2.2 The terms and conditions of a domain name licence are set out in:
a) this document;
b) the Mandatory Terms and Conditions Applying to .au Domain Name Licences;
c) the registration application and subsequent agreement between a registrant and registrar; and
d) any other of auDA’s Published Policies that are applicable.
2.3 There is no hierarchy of rights in the DNS. For example, a registered trade mark does not confer any better entitlement to a domain name than a registered company or business name. Domain name licences are allocated on a ‘first come, first served’ basis. Provided the relevant eligibility and allocation rules are satisfied, the first registrant whose application for a particular domain name is submitted to the registry will be permitted to license it.
3. STRUCTURE OF .AU DOMAIN
3.1 The .au domain is sub-divided into a number of 2LDs (for example, com.au, edu.au, id.au). All .au domain names are registered as third level domains (3LDs). It is not possible to register domain names as 2LDs directly under .au.
3.2 Each 2LD has a purpose. For example, com.au is for commercial entities, gov.au is for government bodies and org.au is for non-commercial organisations. The purpose of each 2LD dictates the eligibility and allocation rules applicable in that 2LD.
3.3 The 2LDs are divided into 2 categories:
a) “open 2LDs” – those 2LDs that are basically open to all users, subject to some eligibility criteria; and
b) “closed 2LDs” – those 2LDs with a defined community of interest that are closed to the general public.
3.4 Schedule A of this document sets out the eligibility and allocation rules that apply to all open 2LDs. Schedules B-F of this document set out the eligibility and allocation rules that apply to each open 2LD.
3.5 The eligibility and allocation rules that apply to closed 2LDs are determined by the relevant 2LD Manager and approved by auDA.
4. APPLICATION OF POLICY RULES
4.1 It is the responsibility of auDA to preserve the integrity of the .au domain by ensuring that the policy rules are applied correctly and enforced as necessary. auDA reserves the right to revoke any domain name licence that has been granted, or subsequently held, in breach of the relevant policy rules.
4.2 It is the responsibility of all auDA accredited registrars, in accordance with the Registrar Agreement, to apply the policy rules set out in this document. Each domain name application must be checked for compliance with the relevant policy rules by the registrar before it is submitted to the registry for inclusion in the registry database.
4.3 It is the responsibility of all registrants, in accordance with their registration application and subsequent agreement, to ensure that they comply with the policy rules set out in this document when submitting an application to register or renew a domain name in any of the open 2LDs. To that end, a registrant is required to warrant to the registrar that they comply with the rules.
4.4 auDA has published Guidelines on the Interpretation of Policy Rules for the Open 2LDs, to assist registrars, registrants and other interested parties in interpreting the policy rules outlined in this document. The guidelines contain more detail and examples of how the policy rules are applied and enforced.
5. BREACHES OF POLICY
5.1 Where auDA considers on reasonable grounds that a registrant has made a false warranty to the registrar regarding their compliance with the policy rules, or otherwise acted in bad faith in order to obtain the domain name licence, auDA reserves the right to revoke the domain name licence.
5.2 Where auDA becomes aware that a registrar has approved a domain name application through misinterpretation of the relevant policy rules, auDA may issue a policy clarification to assist registrars in the interpretation of the policy rules. Under the terms and conditions of the Registrar Agreement, auDA reserves the right to take action against a registrar where it has reasonable grounds to believe that the registrar has acted negligently or recklessly in approving a domain name application in breach of the relevant policy rules.
6. REVIEW OF POLICY
6.1 From time to time, auDA may update this document for the purposes of clarification or correction (for example, if governments introduce a new type of business or other official identifier).
6.2 auDA will not make any major changes to this document without conducting an Advisory Panel process, as described in auDA’s Constitution.
SCHEDULE A
ELIGIBILITY AND ALLOCATION RULES FOR ALL OPEN 2LDS
First come, first served
1. Domain name licences are allocated on a ‘first come, first served’ basis. It is not possible to pre-register or otherwise reserve a domain name.
Registrants must be Australian
2. Domain name licences may only be allocated to a registrant who is Australian, as defined under the eligibility and allocation rules for each 2LD.
Composition of domain names
3. Domain names must:
a) be at least two characters long;
b) contain only letters (a-z), numbers (0-9) and hyphens (-), or a combination of these;
c) start and end with a number or a letter, not a hyphen; and
d) not contain hyphens in the third and fourth position (eg. ab–cd.com.au).
Domain name licence period
4. The domain name licence period may be from 1 -5 years. It is not possible to license a domain name for a shorter or longer period.
5. Renewal of a domain name licence at the end of the licence period is dependent on the registrant continuing to meet the eligibility and allocation rules for the relevant 2LD.
Number of domain names
6. There is no restriction on the number of domain names that may be licensed by a registrant.
auDA’s Reserved List
7. auDA’s Reserved List contains names that may not be licensed. The list is available on auDA’s website.
Prohibition on registering domain names for sole purpose of resale
8. A registrant may not register a domain name for the sole purpose of resale or transfer to another entity.
SCHEDULE B
ELIGIBILITY AND ALLOCATION RULES FOR ASN.AU
The asn.au 2LD is for non-commercial organisations.
The following rules are to be read in conjunction with the Eligibility and Allocation Rules for All Open 2LDs, contained in Schedule A of this document.
1. To be eligible for a domain name in the asn.au 2LD, registrants must be non-commercial organisations as follows:
a) an association incorporated in any Australian State or Territory; or
b) a political party registered with the Australian Electoral Commission; or
c) a trade union or other organisation registered under the Fair Work (Registered Organisations) Act 2009; or
d) a sporting or special interest club operating in Australia; or
e) a charity operating in Australia, as defined in the registrant’s constitution or other documents of incorporation; or
f) a non-profit organisation operating in Australia, as defined in the registrant’s constitution or other documents of incorporation.
2. Domain names in the asn.au 2LD must be:
a) an exact match, abbreviation or acronym of the registrant’s name; or
b) otherwise closely and substantially connected to the registrant, in accordance with the categories of “close and substantial connection” set out in the Guidelines on the Interpretation of Policy Rules for the Open 2LDs.
SCHEDULE C
ELIGIBILITY AND ALLOCATION RULES FOR COM.AU
The com.au 2LD is for commercial purposes.
The following rules are to be read in conjunction with the Eligibility and Allocation Rules for All Open 2LDs, contained in Schedule A of this document.
1. To be eligible for a domain name in the com.au 2LD, registrants must be:
a) an Australian registered company; or
b) trading under a registered business name in any Australian State or Territory; or
c) an Australian partnership or sole trader; or
d) a foreign company licensed to trade in Australia; or
e) an owner of an Australian Registered Trade Mark; or
f) an applicant for an Australian Registered Trade Mark; or
g) an association incorporated in any Australian State or Territory; or
h) an Australian commercial statutory body.
2. Domain names in the com.au 2LD must be:
a) an exact match, abbreviation or acronym of the registrant’s name or trademark; or
b) otherwise closely and substantially connected to the registrant, in accordance with the categories of “close and substantial connection” set out in the Guidelines on the Interpretation of Policy Rules for the Open 2LDs.
3. A domain name may also be registered in the com.au 2LD under paragraph 2(b) for the purpose of domain monetisation, in accordance with the explanation of “domain monetisation” set out in the Guidelines on the Interpretation of Policy Rules for the Open 2LDs, provided that the following conditions are met:
a) the content on the website to which the domain name resolves must be related specifically and predominantly to subject matter denoted by the domain name; and
b) the domain name must not be, or incorporate, an entity name, personal name or brand name in existence at the time the domain name was registered*.
* Definitions:
- “entity name” means the name of an Australian registered company or incorporated association as listed with the Australian Securities and Investment Commission (ASIC), or the name of an Australian government body. It does not include a registered business name;
- “personal name” means the given name(s) and/or last name of a person; and
- “brand name” means the name of an identifiable and distinctive product or service, whether commercial or non-commercial.
SCHEDULE D
ELIGIBILITY AND ALLOCATION RULES FOR ID.AU
The id.au 2LD is for individuals.
The following rules are to be read in conjunction with the Eligibility and Allocation Rules for All Open 2LDs, contained in Schedule A of this document.
1. To be eligible for a domain name in the id.au 2LD, registrants must be:
a) an Australian citizen; or
b) an Australian resident.
2. Domain names in the id.au 2LD must be:
a) an exact match, abbreviation or acronym of the registrant’s personal name; or
b) otherwise closely and substantially connected to the registrant, in accordance with the categories of “close and substantial connection” set out in the Guidelines on the Interpretation of Policy Rules for the Open 2LDs.
3. A domain name may also be registered in the id.au 2LD under paragraph 2(b) if it refers to a personal interest or hobby of the registrant, but the domain name must not be, or incorporate, an entity name, personal name or brand name in existence at the time the domain name was registered*.
* Definitions:
- “entity name” means the name of an Australian registered company or incorporated association as listed with the Australian Securities and Investment Commission (ASIC), or the name of an Australian government body. It does not include a registered business name;
- “personal name” means the given name(s) and/or last name of a person; and
- “brand name” means the name of an identifiable and distinctive product or service, whether commercial or non-commercial.
SCHEDULE E
ELIGIBILITY AND ALLOCATION RULES FOR NET.AU
The net.au 2LD is for commercial purposes.
The following rules are to be read in conjunction with the Eligibility and Allocation Rules for All Open 2LDs, contained in Schedule A of this document.
1. To be eligible for a domain name in the net.au 2LD, registrants must be:
a) an Australian registered company; or
b) trading under a registered business name in any Australian State or Territory; or
c) an Australian partnership or sole trader; or
d) a foreign company licensed to trade in Australia; or
e) an owner of an Australian Registered Trade Mark; or
f) an applicant for an Australian Registered Trade Mark; or
g) an association incorporated in any Australian State or Territory; or
h) an Australian commercial statutory body.
2. Domain names in the net.au 2LD must be:
a) an exact match, abbreviation or acronym of the registrant’s name or trademark; or
b) be otherwise closely and substantially connected to the registrant, in accordance with the categories of “close and substantial connection” set out in the Guidelines on the Interpretation of Policy Rules for the Open 2LDs; or
3. A domain name may also be registered in the net.au 2LD under paragraph 2(b) for the purpose of domain monetisation, in accordance with the explanation of “domain monetisation” set out in the Guidelines on the Interpretation of Policy Rules for the Open 2LDs, provided that the following conditions are met:
a) the content on the website to which the domain name resolves must be related specifically and predominantly to subject matter denoted by the domain name; and
b) the domain name must not be, or incorporate, an entity name, personal name or brand name in existence at the time the domain name was registered.
* Definitions:
- “entity name” means the name of an Australian registered company or incorporated association as listed with the Australian Securities and Investment Commission (ASIC), or the name of an Australian government body. It does not include a registered business name;
- “personal name” means the given name(s) and/or last name of a person; and
- “brand name” means the name of an identifiable and distinctive product or service, whether commercial or non-commercial.
SCHEDULE F
ELIGIBILITY AND ALLOCATION RULES FOR ORG.AU
The org.au 2LD is for non-commercial organisations.
The following rules are to be read in conjunction with the Eligibility and Allocation Rules for All Open 2LDs, contained in Schedule A of this document.
1. To be eligible in the org.au 2LD, registrants must be non-commercial organisations as follows:
a) an association incorporated in any Australian State or Territory; or
b) a political party registered with the Australian Electoral Commission; or
c) a trade union or other organisation registered under the Fair Work (Registered Organisations) Act 2009; or
d) a sporting or special interest club operating in Australia; or
e) a charity operating in Australia, as defined in the registrant’s constitution or other documents of incorporation; or
f) a non-profit organisation operating in Australia, as defined in the registrant’s constitution or other documents of incorporation.
2. Domain names in the org.au 2LD must be:
a) an exact match, abbreviation or acronym of the registrant’s name; or
b) otherwise closely and substantially connected to the registrant, in accordance with the categories of “close and substantial connection” set out in the Guidelines on the Interpretation of Policy Rules for the Open 2LDs.
2012-01 – Registrant Review Panel Rules
List of auDA Review Panelists
Policy No: 2012-01
Publication Date: 01/07/2018
Status: Current
1. BACKGROUND
1.1 This document sets out the rules (Registrant Review Panel Rules) which govern the functions, powers and discretions of the Registrant Review Panel.
1.2 The role of the Registrant Review Panel is to provide an independent review where a domain name registrant is dissatisfied with a decision of auDA to cancel the registrant’s licence to a domain name, and delete the domain name for breach of auDA published policies (or the domain name licence terms and conditions).
2. TERMINOLOGY
2.1 This document uses the following terms:
a) “Application” means an application submitted by a Registrant in accordance with the Registrant Review Panel Rules;
b) “Domain Name” means the domain name that is the subject of an Application;
c) “Panel Chair” means the chair of the Registrant Review Panel;
d) “Panelist” means a member of the Registrant Review Panel, which may include the Panel Chair;
e) “Internal Review” means a review by auDA senior management of auDA’s initial decision to cancel a Registrant’s licence to a domain name, and delete the domain name for breach of auDA published policies (or the domain name licence terms and conditions);
f) “Registrant” means a registrant of a domain name licence who has made, or intends to make, an Application;
g) “Registrant Agreement” means the registrant agreement which a registrant enters into with an auDA accredited registrar when it registers a domain name;
h) “Registrant Review Panel” means a panel constituted under the Registrant Review Panel Rules to review a Reviewable Decision;
i) “Registrant Review Panel Rules” means the rules and procedures set out in this document; and
j) “Reviewable Decision” means a decision of auDA to cancel a Registrant’s licence to a domain name(s), and delete the domain name(s) for breach of auDA published policies (or the domain name licence terms and conditions), following an Internal Review.
3. COMMUNICATIONS
3.1 All communication to auDA in connection with an Application must be made by electronic mail using the following address:
<auda.registrantreview@auda.org.au>.
3.2 All communication to the Registrant Review Panel must be made by electronic mail using the following address: <chair.registrantreview@auda.org.au>.
3.3 Except as otherwise provided in these Registrant Review Panel Rules, or decided by the Registrant Review Panel, all communications provided for under these Registrant Review Panel Rules are taken to have been made on the date that the communication was sent, provided that the date of sending is verifiable.
3.4 Except as otherwise provided in these Registrant Review Panel Rules, all time periods calculated under these Registrant Review Panel Rules to begin when a communication is made, will begin to run on the date that the communication is taken to have been made in accordance with paragraph 3.2.
3.5 It is the responsibility of the sender to retain records of the fact and circumstances of sending, which must be available for inspection by the Registrant Review Panel and for reporting purposes.
3.6 In the event that a person sending a communication receives notification of non-delivery of the communication, the person must promptly notify the Registrant Review Panel of the circumstances of the notification. Further proceedings concerning the communication and any response must be as directed by the Registrant Review Panel.
4. APPLICATION TO REGISTRANT REVIEW PANEL
4.1 An Application for review of a Reviewable Decision:
a) may only be made after an Internal Review has been completed;
b) must not relate to more than one auDA complaint reference number;
c) must be submitted to auDA within ten (10) calendar days of the date of the Reviewable Decision.
4.2 The Application shall be submitted to auDA in electronic form and shall:
a) request the Registrant Review Panel to review the Reviewable Decision;
b) provide the name, postal and email addresses, and the telephone and fax numbers of the Registrant and of any person authorised to represent the Registrant in the administrative proceeding;
c) specify a preferred email address for communicating with the Registrant, or their authorised representative, in relation to the Application;
d) specify the auDA complaint reference number that is the subject of the Application;
e) specify the Domain Name(s) that is/are the subject of the Application;
f) identify any other legal proceedings that have been commenced or terminated in connection with the Reviewable Decision, that is the subject of the Application; and
g) conclude with the following statement followed by the signature of the Registrant or its authorised representative:
“Registrant waives all claims and remedies against the Registrant Review Panel (including any Panel Chair) arising from this application, except in the case of deliberate wrongdoing.
Registrant certifies that:
– the information contained in this application is to the best of the Registrant’s knowledge complete and accurate;
– the information contained in this application and to be provided to the Panel Chair under paragraph 6.1 of the Registrant Review Panel Rules, was provided to auDA for its consideration in making the Reviewable Decision;
– this application is not being presented for any improper purpose, such as to harass; and
– the assertions in this application are warranted under the Registrant Review Panel Rules and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.”
4.3 The fee for submitting an Application is $250.00 (ex GST) which must be paid to auDA at the time the Application is submitted.
5. NOTIFICATION OF RECEIPT
5.1 Upon receipt of an Application, auDA must review the Application for administrative compliance with the requirements set out in paragraph 4.2.
5.2 No action shall be taken by auDA until it has received from the Registrant the fee for submitting an Application under paragraph 4.3. If auDA has not received the fee within three (3) business days of receiving the Application, the Application shall be deemed withdrawn.
5.3 If the Application is compliant under paragraph 4.2, auDA must within three (3) calendar days of receipt of the fee under paragraph 4.3:
a) remove the Domain Name from pending delete status, where applicable;
b) place the Domain Name under server lock status to prevent any update, transfer or deletion of the Domain Name pending the decision of the Registrant Review Panel; and
c) acknowledge receipt of the fee and forward the Application to the Panel Chair.
5.4 Where the Application is deficient, auDA must promptly notify the Registrant of the nature of the deficiencies. The Registrant will have three (3) business days within which to correct the deficiencies, after which the Application will be dismissed and the fee refunded
5.5 Upon receipt by auDA of an Application, then:
a) both the Registrant and auDA are taken to be bound by, and must comply with, the Registrant Review Panel Rules; and
b) auDA agrees to be bound by the decision of the Registrant Review Panel.
6. REQUEST FOR MATERIALS
6.1 Upon receipt of an Application, the Panel Chair must request:
a) the Registrant, to:
(i) describe the grounds on which the Registrant contends that auDA was not entitled to make the Reviewable Decision;
(ii) specify the outcome sought by the Registrant, which outcome must be one that the Registrant Review Panel is entitled to make under paragraph 9.1;
(iii) annex any documentary or other evidence upon which the Application relies, together with a schedule indexing such evidence; and
b) auDA, to provide all relevant materials and information which were taken into consideration by auDA in making the Reviewable Decision.
6.2 The Registrant and auDA must provide the requested materials within five (5) business days of the request of the Panel Chair.
7. APPOINTMENT OF PANEL AND TIMING OF DECISION
7.1 auDA will publish on its website from time to time, a list of persons approved by the board of auDA as being qualified to become a Panelist. At any time, one of such persons will act as Panel Chair on a rotational basis. auDA will also publish on its website, the person who will act as Panel Chair from time to time.
7.2 In considering appropriate candidates for appointment to become a Panelist, the board of auD will consider whether the individual possesses an adequate level of industry knowledge, as well as skills in dispute resolution. For example, .au Dispute Resolution Policy Panelists may be considered appropriate candidates.
7.3 The following individuals are not eligible to be appointed as Panelists:
a) a director or employee of, or consultant to, auDA; and
b) a director or employee of, or consultant to, any auDA accredited registrar.
7.4 The Registrant Review Panel to review a Reviewable Decision (being the subject of an Application) will comprise a Panelist selected by the Panel Chair (which may include the Panel Chair himself or herself) from the list of qualified Panelists published by auDA.
7.5 The Panel Chair is responsible for all functions associated with the administration of the Registrant Review Panel including, but not limited to, constituting the Registrant Review Panel for determining an Application and arranging the business of the Registrant Review Panel.
7.6 The materials provided under paragraph 6.1 are to be forwarded by the Panel Chair to the Registrant Review Panel as soon as they are received.
7.7 The Registrant Review Panel must consider the Application and forward its decision to auDA and the Registrant within ten (10) business days of it receiving the materials provided under paragraph 6.1.
7.8 A Panelist must:
a) be impartial and independent; and
b) have, before accepting the appointment, disclosed to the Panel Chair any circumstances giving rise to justifiable doubt as to the Panelist’s impartiality or independence in relation to an Application.
If, at any stage during the administrative proceeding, new circumstances arise that could give rise to justifiable doubt as to the impartiality or independence of the Panelist in relation to an Application, that Panelist must promptly disclose such circumstances to the Panel Chair. In such event, the Panel Chair has the discretion to appoint a substitute Panelist, or where the Registrant Review Panel comprises the Panel Chair, must request auDA to appoint another Panel Chair in relation to that Application.
8. GENERAL PROCEDURE FOR REVIEW
8.1 The Registrant Review Panel must conduct the administrative proceeding in such manner as it considers appropriate in accordance with these Registrant Review Panel Rules.
8.2 The Registrant Review Panel must ensure that the administrative proceeding takes place with due expedition. It may, at the request of the Registrant or on its own motion, extend, in exceptional cases, a period of time fixed by these Registrant Review Panel Rules or by the Registrant Review Panel earlier.
8.3 The Registrant Review Panel is not bound by the rules of evidence and will proceed in an informal manner. The Registrant Review Panel is entitled to determine the admissibility, relevance, materiality and weight of the evidence.
8.4 The Registrant Review Panel is obliged to review the Reviewable Decision on the basis of the materials and information available to auDA at the time it made the Reviewable Decision, and by reference to the constitution of auDA, the published policies of auDA, the Registrant Agreement, and any rules or principles of law that it deems appropriate.
8.5 The Registrant Review Panel must give written reasons for its decision.
8.6 The Registrant Review Panel may dismiss what it regards as vexatious or frivolous Applications without proceeding to a determination on the merits.
9. REGISTRANT REVIEW PANEL’S POWERS AND DISCRETION
9.1 A Registrant Review Panel may:
a) affirm a Reviewable Decision; or
b) set aside a Reviewable Decision, and:
(i) make a decision in substitution for the Reviewable Decision; or
(ii) remit the matter for reconsideration by auDA according to any directions or recommendations of the Registrant Review Panel.
9.2 In the event that a Registrant Review Panel decides to set aside a Reviewable Decision, the fee for submitting an Application under paragraph 4.3 shall be refunded to the Registrant.
10. LANGUAGE
10.1 Unless otherwise agreed by the parties, the language of the administrative proceeding must be in English.
10.2 The Registrant Review Panel may order that any documents submitted in languages other than in English be accompanied by a translation in whole or in part into English.\
11. FURTHER STATEMENTS
11.1 In addition to the Application and the materials provided under paragraphs 6.1 and 6.2, the Registrant Review Panel, in its sole discretion, may request or permit further statements or documents from auDA or the Registrant.
12. IN-PERSON HEARINGS
12.1 There will be no in-person hearings (including hearings by teleconference, videoconference, or web conference) unless the Registrant Review Panel determines, in its sole discretion and as an exceptional matter, that such a hearing is necessary for conducting the review.
13. DEFAULT
13.1 In the event that a party, in the absence of exceptional circumstances, does not comply with any of the time periods established by the these Registrant Review Panel Rules or the Registrant Review Panel, the Registrant Review Panel is entitled to proceed to a decision on the Application.
13.2 If a party, in the absence of exceptional circumstances, does not comply with any provision of, or requirement under, these Registrant Review Panel Rules or any request from the Registrant Review Panel, the Registrant Review Panel is entitled to draw such inferences as it considers appropriate.
14. EFFECT OF COURT PROCEEDINGS
14.1 In the event of any legal proceedings initiated prior to or during an administrative proceeding in respect of a Domain Name, the Registrant Review Panel has the discretion to decide whether to suspend or terminate the administrative proceeding, or to proceed to a decision.
14.2 In the event that the Registrant initiates any legal proceedings during the course of an administrative proceeding in respect of a Reviewable Decision that is the subject of an Application, it must promptly notify the Registrant Review Panel.
15. CONFIDENTIALITY AND DISCLOSURE
15.1 Subject to the rules of procedural fairness, each review is conducted privately, with (as far as possible) all parties having access to all information which is before the Registrant Review Panel.
15.2 Subject to paragraph 16, the Registrant Review Panel, auDA and the Registrant must maintain the confidentiality of all information that is the subject of the review.
16. PUBLICATION
16.1 Except to the extent that a Registrant Review Panel in exceptional circumstances directs that any portion of its decision be redacted for publication, auDA must publish in full on its website each decision of a Registrant Review Panel.
17. EXCLUSION OF LIABILITY
17.1 Except in the case of deliberate wrongdoing, neither a Panel Chair nor a Panelist is liable to a Registrant or auDA for any act or omission in connection with an Application.
18. AMENDMENTS
18.1 The version of these Registrant Review Panel Rules in effect at the time of the submission of the Application will apply to the administrative proceeding.
List of Review Panelists
The following people have been appointed by the auDA Board to be Panelists under the Registrar Review Panel Rules (2010-03) and the Registrant Review Panel Rules (2012-01):
Philip Argy*
Principal and Chief Executive
ArgyStar.com
Samuel Bird
Barrister
Isaacs Chambers
John Brydon
Consulting Engineer, Arbitrator and Mediator
Alan Limbury
Negotiator, Specialist Accredited Mediator and Arbitrator
Managing Director, Strategic Resolution
Steve White
White SW Computer Law
www.computerlaw.com.au
*currently acting as Panel Chair
2011-03 – Transfers (Change of Registrant) Policy
auDA has published a help centre item about registrant transfers.
Policy No: 2011-03
Publication Date: 01/07/2018
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the transfer of a domain name licence from a registrant to a proposed new registrant, which has the effect of changing the name of the registrant as listed in the registry database.
1.2 This document does not detail the technical steps required to change the registrant in the registry database. This information is made available to all auDA accredited registrars by the registry.
2. TERMINOLOGY
2.1 This policy uses the following terms:
a) “proposed new registrant” means the entity or person to whom the registrant proposes to transfer their domain name licence; and
b) “eligible entity” means an entity or person who is eligible to hold the domain name licence under relevant auDA published policies.
3. CIRCUMSTANCES OF TRANSFER
3.1 A registrant may:
a) offer their domain name licence for transfer (or “sale”) to another eligible entity, by any means; and
b) transfer their domain name licence to another eligible entity, for any reason.
Please Note: Under the Domain Name Eligibility and Allocation Policy Rules for Open 2LDs, a registrant may not register a domain name for the sole purpose of resale or transfer to another entity. Where a registrant is found to have breached this policy rule, auDA reserves the right to cancel the domain name licence and delete the domain name.
4. TRANSFER PROCESS
4.1 To process the transfer of a domain name licence from the current registrant to a proposed new registrant, the registrar must:
a) receive a completed transfer form containing the text approved by auDA at Schedule A;
b) check that the proposed new registrant is an eligible entity; and
c) obtain confirmation of the request for transfer from the current registrant contact.
4.2 The registrar may use an automated process for handling registrant transfers, but they must be able to provide a copy of the transfer request and confirmation from the current registrant for inspection by auDA on demand.
4.3 The transfer will result in a new 1,2,3,4 or 5 year domain name licence being issued to the proposed new registrant. The current registrant is not entitled to be reimbursed by the registrar for the unused portion of their domain name licence.
5. CORRECTION TO REGISTRANT DETAILS
5.1 Under certain circumstances, a registrar may change the name of the registrant as listed in the registry database in order to correct a genuine error made at the time of registration. A correction does not involve a transfer of domain name licence and does not result in a new 1,2,3,4 or 5 year domain name licence being issued.
5.2 Circumstances under which a registrar may process a correction to registrant details include:
a) where the registrar or the registrant submitted incorrect data at the time of registration (eg. to correct a misspelling of the registrant’s name);
b) where the domain name was incorrectly registered to the wrong party (eg. the domain name was registered in the name of a company employee instead of the name of the company, or the domain name was registered to the wrong entity within a group of related entities);
c) where the domain name was incorrectly registered in the name of the reseller or other agent who arranged the registration; and
d) where otherwise authorised by auDA.
6. BREACH OF POLICY
6.1 auDA reserves the right to investigate any transfer of a domain name licence under this policy.
6.2 Where a registrant or a proposed new registrant has breached auDA policy, or otherwise acted in bad faith in order to transfer a domain name licence, auDA reserves the right to reverse the transfer or to cancel the domain name licence and delete the domain name.
SCHEDULE A
STANDARD TEXT FOR TRANSFER FORM
Under paragraph 5.1 of the policy, the registrant transfer form used by the registrar must contain the standard text below.
Declaration by Current Registrant of Domain Name (Transferor)
I/We declare and warrant to the Registrar and to .au Domain Administration Ltd that:
- I am authorised to submit this form for or on behalf of the current registrant of the domain name; and
- the current registrant of the domain name is entitled to transfer the domain name licence to the proposed new registrant; and
- all information contained in this transfer form are true, complete and correct, and not misleading.
The current registrant hereby transfers the domain name licence to the proposed new registrant, subject to the terms and conditions on which the current registrant held the domain name licence at the time of transfer.
Declaration by Proposed New Registrant of Domain Name (Transferee)
I/We declare and warrant to the Registrar and to .au Domain Administration Ltd that:
- I am authorised to submit this form for or on behalf of the proposed new registrant of the domain name; and
- the proposed new registrant is eligible to hold the domain name licence under auDA’s published policies from time to time; and
- all information contained in this transfer form are true, complete and correct, and not misleading.
The proposed new registrant hereby accepts the transfer of the domain name licence, subject to the terms and conditions on which the current registrant held the domain name licence at the time of transfer.
NOTE: All domain name licences are issued subject to .au Domain Administration Ltd’s mandatory terms and conditions and published policies applicable from time to time, available at www.auda.org.au. Non-compliance with such terms and conditions or published policies may lead to the cancellation of a domain name licence.
2010-07 – Registrant Contact Information Policy
Policy No: 2010-07
Publication Date: 20/12/2010
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the collection and maintenance of registrant contact information in the registry database (known as “contact objects”) in the open 2LDs (asn.au, com.au, id.au, net.au, org.au) and the community geographic 2LDs (act.au, qld.au, nsw.au, nt.au, sa.au, tas.au, vic.au, wa.au).
1.2 This document does not detail the technical steps required to create, update, transfer or delete a contact object in the registry database. This information is contained in the registry’s technical procedures manual, which is made available to all auDA accredited registrars.
2. COLLECTION OF REGISTRANT CONTACT INFORMATION
2.1 Registrant contact information must be collected by the registrar at the time the domain name is registered.
2.2 There are four types of contact object stored in the registry database. The table below indicates the information that registrars must enter for each contact object.
| Contact Object | Information to be entered by Registrar |
| Registrant Contact | MANDATORY Contact person or role (eg. “General Manager”) nominated by the registrant. In the case of individual registrants, must be the registrant himself or herself. In the case of corporate registrants, must be a principal, employee or member of the registrant. |
MUST NOT be the registrar of record or their reseller, unless the registrar or
reseller has received express written consent from the registrant in that regard
(refer to section 4 below). Technical Contact MANDATORY
Contact person or role (eg. “General Manager”) nominated by the registrant.
May be the registrar of record or their reseller. Administrative Contact OPTIONAL
Contact person or role (eg. “General Manager”) nominated by the registrant.
May be the registrar of record or their reseller. Billing Contact OPTIONAL
Contact person or role (eg. “General Manager”) nominated by the registrant.
May be the registrar of record or their reseller.
2.3 The sole purpose of the Registrant Contact and Technical Contact fields is to provide general contact details and technical contact details for the registrant.
2.4 Registrants must not:
a) use the Registrant Contact or Technical Contact fields for any purpose other than as set out in paragraph 2.3. In particular, the Registrant Contact and Technical Contact fields must not contact any data which can be construed as advertising, marketing, promotion or listings of any kind (eg. “This domain name is for sale”, “Renew your domain name at [name of provider])”; or
b) do anything which may have the effect of concealing the true identity of the registrant or the registrant contact (eg. by using a private or proxy registration service), unless specifically permitted otherwise by another auDA published policy.
3. MAINTENANCE OF REGISTRANT CONTACT INFORMATION
3.1 Under the Registrant Agreement, registrants are obliged to notify the registry, through the registrar, of any changes to their information. The Certificate of Registration includes a statement that failure to notify changes to contact or other information may result in revocation of the registrant’s domain name licence.
3.2 Under the Registrar Agreement, registrars must update registrant data in the registry database within 5 business days of receiving the updated information from the registrant.
4. PROHIBITION ON REGISTRARS AND RESELLERS USING THEIR OWN CONTACT DETAILS AS REGISTRANT CONTACT INFORMATION
4.1 It is a fundamental policy principle that registrant contact information must belong to the registrant, for two main reasons:
a) to ensure that the registrant receives important information in relation to their domain name, including domain name renewal notices, from their registrar of record or from auDA; and
b) to enable the registrant to retrieve their domain name password if they wish to transfer their domain name to another registrar.
4.2 Registrars and resellers are not permitted to use their own contact details as registrant contact information, unless they have received express written consent from the registrant in that regard.
4.3 Where a registrar is notified by auDA that a reseller is using their own contact details as registrant contact information, without express written consent from the registrant, the registrar must update the registrant contact information to be compliant with this policy.
2010-03 – Registrar Review Panel Rules
Policy No: 2010-03
Publication Date: 12/07/2010
Status: Current
1. BACKGROUND
1.1 This document sets out the rules (Registrar Review Panel Rules) which govern the administrative proceedings, powers and discretions of the Registrar Review Panel.
1.2 Registrar Agreements signed on or after 12 July 2010 give registrars the right to apply to the Registrar Review Panel, to review a Reviewable Decision (both capitalised terms have the meanings given in the Registrar Agreement) of auDA.
1.3 Under the Registrar Agreement, once a registrar exercises its right to make such an application to the Registrar Review Panel:
a) the administrative proceeding to review the Reviewable Decision must be carried out according to the requirements of the procedural rules set out in this document; and
b) both auDA and the registrar are taken to be bound by, and must comply with, the procedural rules set out in this document.
2. APPLICATION OF THE REGISTRAR REVIEW PANEL RULES
2.1 This document does not, by itself, give registrars the right to apply to the Registrar Review Panel to review a Reviewable Decision of auDA. The right to make such an application is contained in clause 23A of auDA’s standard form of Registrar Agreement (signed on or after 12 July 2010).
2.2 To make an application to the Registrar Review Panel to review a Reviewable Decision of auDA, the Registrar must comply with the requirements set out in clause 23A.2.2 of the Registrar Agreement, and the rules set out in this document.
3. TERMINOLOGY
3.1 This document uses the following terms:
a) “Application” means an application to the Registrar Review Panel under clause 23A.2.2 of the Registrar Agreement;
b) “Business Day” has the same meaning as in the Registrar Agreement;
c) “Event of Default” has the meaning given in the Registrar Agreement;
d) “Panel Chair” means the chair of the Registrar Review Panel;
e) “Panelist” means a member of the Registrar Review Panel, including its Panel Chair;
f) Registrar” means a registrar who has made, or intends to make, an Application;
g) “Registrar Agreement” means the registrar agreement which an accredited registrar enters into with auDA on or after 12 July 2010, which contains provisions giving an accredited registrar the right to apply to the Registrar Review Panel to review a Reviewable Decision of auDA;
h) “Registrar Review Panel” has the same meaning given in the Registrar Agreement;
i) “Registrar Review Panel Rules” means the rules and procedures set out in this document;
j) “Reviewable Decision” has the meaning given in the Registrar Agreement.
4. COMMUNICATIONS
4.1 All communication to the Registrar Review Panel must be made by electronic mail using the following address: <chair.registrarreview@auda.org.au>.
4.2 The Registrar may update its contact details by notifying the Registrar Review Panel.
4.3 Except as otherwise provided in these Registrar Review Panel Rules, or decided by the Registrar Review Panel, all communications provided for under these Registrar Review Panel Rules are taken to have been made on the date that the communication was transmitted, provided that the date of transmission is verifiable.
4.4 Except as otherwise provided in these Registrar Review Panel Rules, all time periods calculated under these Registrar Review Panel Rules to begin when a communication is made, will begin to run on the date that the communication is taken to have been made in accordance with paragraph 4.3.
4.5 It is the responsibility of the sender to retain records of the fact and circumstances of sending, which must be available for inspection by the Registrar Review Panel and for reporting purposes.
4.6 In the event that a party sending a communication receives notification of non-delivery of the communication, the party must promptly notify the Registrar Review Panel of the circumstances of the notification. Further proceedings concerning the communication and any response must be as directed by the Registrar Review Panel.
5. APPLICATION TO REGISTRAR REVIEW PANEL
5.1 The prescribed notice to be given by the Registrar under clause 23A.2.2 of the Registrar Agreement, is a notice in writing submitted to both auDA and the Panel Chair in electronic form, and which:
a) requests the Registrar Review Panel to review the Reviewable Decision, and to make a decision in accordance with the Registrar Agreement;
b) provides the name, postal and email addresses, and the telephone and fax numbers of the Registrar and of any representative authorised to act for the Registrar in the administrative proceeding;
c) specifies a preferred method for communicating with the Registrar in the administrative proceeding;
d) describes the grounds on which the Registrar contends that auDA was not entitled to make the original Reviewable Decision, including (if applicable), the grounds on which the Registrar contends that auDA was not entitled to consider that there was an Event of Default (as defined under the Registrar Agreement);
e) specifies the outcome sought by the Registrar, which outcome must be one that the Registrar Review Panel is entitled to make under the Registrar Agreement;
f) identifies any other legal proceedings that have been commenced or terminated in connection with the original Reviewable Decision, that is the subject of the Application;
g) concludes with the following statement followed by the signature of the Registrar or its authorised representative:
“Registrar waives all claims and remedies against the Registrar Review Panel (including its panel chair) arising from this application, except in the case of deliberate wrongdoing.
Registrar certifies that the information contained in this application is to the best of the Registrar’s knowledge complete and accurate, that this application is not being presented for any improper purpose, such as to harass, and that the assertions in this application are warranted under the Registrar Review Panel Rules (2010-03) and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.”;
h) annexes any documentary or other evidence upon which the Application relies, together with a schedule indexing such evidence.
6. NOTIFICATION OF RECEIPT
6.1 Upon receipt of an Application, the Panel Chair must review the Application for administrative compliance with the requirements set out in clause 23A of the Registrar Agreement, and these Registrar Review Rules.
6.2 If the Application is compliant, the Panel Chair must acknowledge the receipt of the Application and request auDA to provide all relevant material which were taken into consideration by auDA in making the Reviewable Decision. auDA must provide such material within five Business Days of the request of the Panel Chair.
6.3 Where the Application is deficient, the Panel Chair must promptly notify the Registrar of the nature of the deficiencies. The Registrar will have three Business Days within which to correct the deficiencies, after which the Application will be dismissed.
7. APPOINTMENT OF PANEL AND TIMING OF DECISION
7.1 auDA will publish on its website from time to time, a list of persons approved by the board of auDA as being qualified to become a Panelist. At any time, one of such persons will act as the Panel Chair on a rotational basis. auDA will also publish on its website, the person who will act as the Panel Chair from time to time.
7.2 In considering appropriate candidates for appointment to become a Panelist, the board of auDA will consider whether the individual possesses an adequate level of industry knowledge, as well as skills in dispute resolution. For example, .au Dispute Resolution Policy Panelists may be considered appropriate candidates.
7.3 The following individuals are not eligible to be appointed as Panelists:
a) a director or employee of, or consultant to, auDA; and
b) a director or employee of, or consultant to, the Registrar or any other accredited registrar.
7.4 The Registrar Review Panel to review a Reviewable Decision (being the subject of an Application) comprises the Panel Chair and two additional members, selected by the Panel Chair from the list of qualified Panelists published by auDA.
7.5 The Panel Chair is responsible for all functions associated with the administration of the Registrar Review Panel including, but not limited to, constituting the Registrar Review Panel for determining an Application and arranging the business of the Registrar Review Panel.
7.6 Once the information requested under paragraph 6.2 has been received, the Panel Chair will appoint a Registrar Review Panel to conduct the review.
7.7 The Registrar Review Panel will consider the Application and forward its decision to auDA and the Registrar within 10 Business Days of the later of:
a) it receiving a compliant Application; and
b) it receiving the information requested under paragraph 6.2.
7.8 A Panelist must:
a) be impartial and independent; and
b) have, before accepting the appointment, disclosed to the Panel Chair any circumstances giving rise to justifiable doubt as to the Panelist’s impartiality or independence.
If, at any stage during the administrative proceeding, new circumstances arise that could give rise to justifiable doubt as to the impartiality or independence of the Panelist, that Panelist must promptly disclose such circumstances to the Panel Chair. In such event, the Panel Chair has the discretion to appoint a substitute Panelist.
8. GENERAL PROCEDURE FOR REVIEW
8.1 The Registrar Review Panel must conduct the administrative proceeding in such manner as it considers appropriate in accordance with the Registrar Agreement and these Registrar Review Panel Rules.
8.2 The Registrar Review Panel must ensure that the administrative proceeding takes place with due expedition. It may, at the request of the Registrar or on its own motion, extend, in exceptional cases, a period of time fixed by these Registrar Review Panel Rules or by the Registrar Review Panel earlier.
8.3 The Registrar Review Panel is not bound by the rules of evidence and will proceed in an informal manner. The Registrar Review Panel is entitled to determine the admissibility, relevance, materiality and weight of the evidence.
8.4 The Registrar Review Panel is entitled to review the Reviewable Decision on the basis of the statements and documents submitted and by reference to the constitution of auDA, the published policies of auDA, the Registrar Agreement, and any rules or principles of law that it deems appropriate.
8.5 The Registrar Review Panel must give written reasons for its decision.
8.6 The Registrar Review Panel may dismiss vexatious or frivolous applications for review without proceeding to a determination on the merits.
9. REGISTRAR REVIEW PANEL’S POWERS AND DISCRETION
9.1 The Registrar Review Panel can make a decision to:
a) affirm a Reviewable Decision; or
b) set aside a Reviewable Decision, and:
(i) make a decision in substitution of the Reviewable Decision; or
(ii) remit the matter for reconsideration by auDA according to any directions or recommendations of the Registrar Review Panel.
9.2 In making a decision under paragraph 9.1, the Registrar Review Panel is only entitled to consider:
a) whether an Event of Default has occurred in respect of the Registrar, in all the circumstances; and
b) where applicable, whether auDA was entitled to consider that an Event of Default has occurred in respect of the Registrar, in all the circumstances,
and not other matters.
10. LANGUAGE
10.1 Unless otherwise agreed by the Parties, the language of the administrative proceeding must be in English.
10.2 The Registrar Review Panel may order that any documents submitted in languages other than in English be accompanied by a translation in whole or in part into English.
11. FURTHER STATEMENTS
11.1 In addition to the Application, the Registrar Review Panel, in its sole discretion, may request or permit further statements or documents from auDA or the Registrar.
12. IN-PERSON HEARINGS
12.1 There will be no in-person hearings (including hearings by teleconference, videoconference, or web conference) unless the Registrar Review Panel determines, in its sole discretion and as an exceptional matter, that such a hearing is necessary for conducting the review.
13. DEFAULT
13.1 In the event that a party, in the absence of exceptional circumstances, does not comply with any of the time periods established by the Registrar Agreement, these Registrar Review Panel Rules or the Registrar Review Panel, the Registrar Review Panel is entitled to proceed to a decision on the Application.
13.2 If a party, in the absence of exceptional circumstances, does not comply with any provision of, or requirement under, the Registrar Agreement, these Registrar Review Panel Rules or any request from the Registrar Review Panel, the Registrar Review Panel is entitled to draw such inferences as it considers appropriate.
14. EFFECT OF COURT PROCEEDINGS
14.1 In the event of any legal proceedings initiated prior to or during an administrative proceeding in respect of a Reviewable Decision that is the subject of an Application, the Registrar Review Panel has the discretion to decide whether to suspend or terminate the administrative proceeding, or to proceed to a decision.
14.2 In the event that the Registrar initiates any legal proceedings during the course of an administrative proceeding in respect of a Reviewable Decision that is the subject of an Application, it must promptly notify the Registrar Review Panel.
15. CONFIDENTIALITY AND DISCLOSURE
15.1 Subject to the rules of procedural fairness, each review is conducted privately, with (as far as possible) all parties having access to all information which is before the Registrar Review Panel.
15.2 Subject to paragraph 16, the Registrar Review Panel, auDA and the Registrar must maintain the confidentiality of all information that is the subject of the review.
16. PUBLICATION
16.1 The Registrar Review Panel is entitled to publish its decision in full over the Internet, except when the Registrar Review Panel determines in exceptional case to redact portion of its decision.
17. EXCLUSION OF LIABILITY
17.1 Except in the case of deliberate wrongdoing, neither the Panel Chair nor the members of the Registrar Review Panel is liable to a Registrar for any act or omission in connection with the review process under these Registrar Review Rules.
18. AMENDMENTS
18.1 The version of these Registrar Review Panel Rules in effect at the time of the submission of the Application will apply to the administrative proceeding.
List of Review Panelists
The following people have been appointed by the auDA Board to be Panelists under the Registrar Review Panel Rules (2010-03) and the Registrant Review Panel Rules (2012-01):
Philip Argy*
Principal and Chief Executive
ArgyStar.com
Samuel Bird
Barrister
Isaacs Chambers
John Brydon
Consulting Engineer, Arbitrator and Mediator
Alan Limbury
Negotiator, Specialist Accredited Mediator and Arbitrator
Managing Director, Strategic Resolution
Steve White
White SW Computer Law
www.computerlaw.com.au
*currently acting as Panel Chair
2010-01 – Domain Renewal, Expiry and Deletion Policy
Policy Title: DOMAIN RENEWAL, EXPIRY AND DELETION POLICY
Policy No: 2010-01
Publication Date: 14/12/2018
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the renewal, expiry and deletion of domain names in the open 2LDs (asn.au, com.au, id.au, net.au, org.au) and the community geographic 2LDs (act.au, qld.au, nsw.au, nt.au, sa.au, tas.au, vic,au, wa.au).
1.2 This document does not detail the technical steps required to renew or delete a domain name. This information is contained in the registry’s technical procedures manual, which is made available to all auDA accredited registrars.
2. TERMINOLOGY
2.1 This policy uses the following terms:
a) “Expiry Cycle” means an automated process at the registry where eligible domain names enter the “Expired Hold” or “Expired Pending Purge” state. The Expiry Cycle is every 5 minutes on every day, including weekends and public holidays;
b) Official Domain Drop List” means the authoritative list of domain names that are due to be purged from the registry, which is published on the auDA website.
c) “Purge Cycle” means an automated process at the registry where domain names are purged from the registry. There are two Purge Cycles:
a. Deleted Domain Names, which runs at 1.00pm AEST (2.00pm AEDT) on every day, including weekends and public holidays.
b. Expired Domain Names, which runs at 1.30pm AEST (2.30pm AEDT) on every day, including weekends and public holidays.
3. DOMAIN NAME GRACE PERIOD
3.1 There is a 3 calendar day grace period during which a new domain name registration can be deleted, or a renewal cancelled, with immediate effect and the registration or renewal fee will be refunded to the registrar.
4. DOMAIN NAME LICENCE PERIOD
4.1 A domain name licence period is 1,2,3,4 or 5 years..
4.2 Registrars may offer a service that allows a registrant to change the expiry date of their domain name to a date that is less than the licence term (known as “domain sync”). For example, a registrant with multiple domain names may wish to set a common expiry date for all their domain names.
5. DOMAIN NAME RENEWAL
5.1 Domain names may be renewed a maximum of 90 calendar days before the expiry date, and 30 calendar days after the expiry date. Regardless of when the domain name is renewed, the new licence period is set from the previous expiry date. For example, if the expiry date of a domain name is 1 January 2011 and the registrant renews the domain name on 1 December 2010 for a 2 year licence period, the new expiry date is 1 January 2013.
6. DOMAIN NAME EXPIRY
6.1 The following procedure applies in the case of domain names that are not renewed on or before the expiry date (refer to diagram at Schedule A):
a) at the domain name’s exact expiry date, the domain name will become eligible for expiry:
(i) at the next Expiry Cycle, the domain name will transition from “Registered” to an “Expired Hold” state. This is depicted in the WHOIS by the status being shown as:
serverHold
serverUpdateProhibited
(ii) The domain name will be removed from the DNS (ie. it will no longer work on the internet);
(iii) the domain name cannot be updated;
(iv) the domain name can be renewed or transferred to another registrar;
b) exactly 30 calendar days after it enters “Expired Hold” state, the domain name will become eligible for expired pending purge:
(i) at the next Expiry Cycle the domain name will transition from an “Expired Hold” state to an “Expired Pending Purge” state. This is depicted in the WHOIS by the status being shown as:
serverHold
serverRenewProhibited
serverUpdateProhibited
(ii) the domain name cannot be updated, renewed or transferred to another registrar;
(iii) the domain name will be published on the Official Domain Drop List*;
c) exactly one calendar day after it enters “Expired Pending Purge” state, the domain name will become eligible for purge:
(i) the domain name will be purged from the registry at the next Purge Cycle.
7. DOMAIN NAME DELETION
7.1 The following procedure applies in the case of domain names that are deleted at the request of the registrant (known as “client deletes”):
*Community geographic domain names will not be published on the Official Domain Drop List.
a) at the time of the deletion command by the registrar, the domain name will transition from “Registered” to a “Pending Delete” state. This is depicted in the WHOIS by the status being shown as:
pendingDelete
(i) the domain name will be removed from the DNS (ie. it will no longer work on the internet);
(ii) the domain name cannot be updated or transferred;
(iii) the domain name can be undeleted on the registrant’s instruction;
(iv) the domain name will be published on the Official Domain Drop List*;
b) exactly 3 calendar days after it enters this “Pending Delete” state, the domain name will become eligible for purge:
(i) the domain name can still be undeleted during this time (if the domain name is undeleted, the domain name will be removed from the Official Domain Drop List);
(ii) the domain name will be purged from the registry at the next Purge Cycle.
7.2 The following procedure applies in the case of domain names that are deleted for breach of an auDA Published Policy (known as “policy deletes”):
a) at the time of the deletion command by the registrar, the domain name state will transition from “Registered” to a “Pending Policy Delete” state. This is depicted in the WHOIS by the status being shown as:
pendingDelete the domain name will be removed from the DNS (ie. it will no longer work on the internet);
(i) the domain name cannot be updated or transferred;
(ii) the domain name can be undeleted on auDA’s instruction;
(iv) the domain name will be published on the Official Domain Drop List*;
b) exactly 14 calendar days after it enters this “Pending Policy Delete” state, the domain name will become eligible for purge:
(i) the domain name can still be undeleted during this time (if the domain name is undeleted, the domain name will be removed from the Official Domain Drop List);
(ii) the domain name will be purged from the registry at the next Purge Cycle.
SCHEDULE A
Refer to PDF Version for diagram
2008-09 – Prohibition on Misspellings Policy
List of Prohibited Misspellings
Policy No: 2008-09
Publication Date: 30/06/2008
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the registration of misspellings. It clarifies the type of domain name that auDA may regard as a prohibited misspelling, and the process that auDA will follow in dealing with prohibited misspellings.
2. TERMINOLOGY
2.1 This policy uses the following terms:
a) “entity name” means the name of an Australian registered company or incorporated association as listed with the Australian Securities and Investment Commission (ASIC), or the name of an Australian government body. It does not include a registered business name;
b) “personal name” means the given name(s) and/or last name of a person; and
c) “brand name” means the name of an identifiable and distinctive product or service, whether commercial or non-commercial.
3. POLICY PRINCIPLES
3.1 auDA’s objective in enforcing a prohibition on misspellings is to preserve the integrity of the .au domain space by discouraging “typosquatting”, whereby a person deliberately registers a misspelling of a popular domain name in order to divert trade or traffic.
3.2 auDA recognises that a domain name that appears to be a prohibited misspelling may not in fact be a prohibited misspelling given the particular circumstances of the case (eg. where two registrants have very similar entity, personal or brand names). The complaints-handling process set out in section 4 of this policy gives the registrant an opportunity to respond to the complaint and provide reasons why the domain name is not a prohibited misspelling. auDA will consider each case on its own merits.
3.3 auDA is also aware that some prohibited misspellings are repeatedly re-registered for the purpose of domain monetisation. In order to deal effectively with this category of prohibited misspellings, auDA will use the audit process set out in section 6 of this policy.
3.4 This policy may not be used to settle disputes between a registrant and a third party about competing rights to a domain name. Such disputes should be handled under the .au Dispute Resolution Policy (auDRP) or under Australian law.
4. SCOPE OF PROHIBITION
4.1 The prohibition on misspellings applies where:
a) the domain name is a misspelling of an entity, personal or brand name that does not belong to the registrant; and
b) the registrant has deliberately registered the misspelling in order to trade on the reputation of the other entity, person or brand.
4.2 For the purposes of the prohibition, a domain name will be regarded as a misspelling if it falls into one of the following categories:
a) the singular version of a plural name, or the plural version of a singular name (eg. woolworth.com.au, safeways.com.au);
b) a name with missing letters (eg. yhoo.com.au);
c) a name with additional letters (eg. quantas.com.au);
d) a name with transposed letters (eg. goolge.com.au, wetspac.com.au);
e) a name with letters replaced by numbers, or numbers replaced by letters (eg. 9msn.com.au);
f) a hyphenated version of a name (eg. e-bay.com.au, micro-soft.com.au);
g) a name prefixed by “www” (eg. wwwseek.com.au); or
h) any other name that auDA determines is a deliberate misspelling, having regard to the surrounding circumstances.
5. COMPLAINTS-HANDLING PROCESS
5.1 Where a person believes that a domain name is a prohibited misspelling as defined in section 4 of this policy, that person should lodge a complaint with auDA using the contact details on the auDA website at http://www.auda.org.au.
5.2 If auDA determines that the domain name may be a prohibited misspelling, auDA will contact the registrant and ask them to provide evidence to show that the domain name is not a prohibited misspelling. The registrant will be required to respond within 7 calendar days of auDA’s request. The registrar of record for the domain name will also be notified of the complaint.
5.3 If the registrant is able to show that the domain name is not a prohibited misspelling, auDA will take no further action on the complaint. The complainant may have further recourse against the registrant under the .au Dispute Resolution Policy (auDRP) or under Australian law (eg. trade mark infringement).
5.4 If the registrant is unable to show that the domain name is not a prohibited misspelling, or does not respond to auDA’s request for information, auDA will instruct the registrar to delete the domain name. The domain name will enter “serverUpdateProhibited” and “serverHold” status for 14 calendar days, then it will be dropped from the registry database at a random time between 10.30am and 5.00pm AEST (or 11.30am and 6.00pm AEDT) on the next business day.
5.5 The domain name will not be transferred to the complainant, or reserved for the complainant. If the complainant wants to license the domain name, they must apply for it using the normal application process.
6. AUDIT PROCESS
6.1 auDA will publish a list of prohibited misspellings that have been deleted under section 5 of this policy. auDA will conduct regular audits of the registry database to check whether domain names on the list have been registered again (by the same registrant, or another registrant).
6.2 Where a domain name on the list is found to have been registered by a person who does not appear to be associated with the relevant entity, personal or brand name, auDA will instruct the registrar of record to delete the domain name. The domain name will enter “serverUpdateProhibited” and “serverHold” status for 14 calendar days, then it will be dropped from the registry database at a random time between 10.30am and 5.00pm AEST (or 11.30am and 6.00pm AEDT) on the next business day.
6.3 auDA will notify the registrant that the domain name has been deleted as a prohibited misspelling. Whilst the domain name is in “serverUpdateProhibited” and “serverHold” status, if the registrant is able to show that the domain name is not a prohibited misspelling, auDA will instruct the registrar to reinstate the domain name.
2008-07 – Mandatory Terms and Conditions Applying to .au Domain Name Licences
Policy No: 2008-07
Publication Date: 14/012/2018
Status: Current
1. BACKGROUND
1.1 This document sets out the mandatory terms and conditions that apply to all domain name licences in the open .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
1.2 This document is incorporated by reference (as an auDA Published Policy) in the Registrant Agreement between the registrant and the registrar,and has effect as if it formed part of the Registrant Agreement.
2. MANDATORY PROVISIONS
2.1 The mandatory terms and conditions are set out in Schedule A.
2.2 In the event that these mandatory terms and conditions are inconsistent with provisions in the Registrant Agreement, then to the extent of such inconsistency, these mandatory terms and conditions prevail.
3. CHANGES TO MANDATORY TERMS AND CONDITIONS
3.1 From time to time, auDA may update this document for the purposes of clarification or correction.
SCHEDULE A
MANDATORY TERMS AND CONDITIONS
1. REGISTRANT WARRANTIES
The registrant makes, and is taken to make, the following warranties to the registrar and to auDA, when applying to register or renew the registration of a domain name:
1.1 all information provided to register or renew the registration of the domain name (including all supporting documents, if any) are true, complete and correct, and are not misleading in any way, and the application is made in good faith;
1.2 the registrant meets, and will continue to meet, the eligibility criteria prescribed in auDA Published Policies for the domain name for the duration of the domain name licence;
1.3 the registrant has not previously submitted an application for the domain name with another registrar using the same eligibility criteria, and the other registrar has rejected the application;
1.4 the registrant is aware that even if the domain name is accepted for registration, the registrant’s entitlement to register the domain name may be challenged by others who claim to have an entitlement to the domain name; and
1.5 the registrant is aware that auDA or the registrar can cancel the registration of the domain name (that is, the domain name licence) if any of the warranties set out above is found to be untrue, incomplete, incorrect or misleading.
2. CONSENT TO USE REGISTRANT INFORMATION
The registrant consents to the collection, use and disclosure of their personal information by the Registrar, Registry Operator and auDA for the following purposes:
2.1 assessing an application for and granting of a licence
2.2 maintaining a complete and accurate registry data of all licences issued to registrants
2.3 providing a WHOIS service that provides accurate and up to date information to the public about the registrant, technical and administrative contacts
2.4 to monitor a registrant’s compliance with their licence terms and conditions
2.5 to assist with and resolve complaints relating to a licence
2.6 supporting alternative dispute resolution or court proceedings
2.7 to comply with obligations under an Australian law
provided that such collection, use and disclosure is consistent with:
2.8 the Australian Privacy Principles; and
2.9 auDA Published Policies.
3. REGISTRANT DATA
3.1 Throughout the term of the domain name licence, the registrant must give notice to the registry operator, through the registrar, of any change to any information in the registrant data relating to the domain name.
3.2 The registrant accepts that its failure to comply with this requirement may lead to the cancellation of the domain name licence.
4. RENEWAL OF DOMAIN NAME LICENCE
4.1 The registrant may apply to renew the domain name licence when the licence period expires, provided that it:
4.1.1 pays the applicable renewal fees; and
4.1.2 continues to meet the eligibility criteria prescribed in the auDA Published Policies.
4.2 The registrant accepts that it has the responsibility for ensuring that the domain name licence is renewed before the expiry date.
5. auDA PUBLISHED POLICIES
The registrant must comply with all auDA Published Policies. In the event of any inconsistency between any auDA Published Policy and the Registrant Agreement (with its registrar), then the auDA Published Policy will prevail to the extent of such inconsistency.
6. REVOCATION OF LICENCE
auDA may, at its discretion, cancel the registration of a .au domain name, or revoke a licence to use a .au domain name:
6.1 if the registrant breaches any auDA Published Policy; or
6.2 in order to comply with a request of a law enforcement agency, or an order of a court, or under any applicable law, government rule or requirement, or under any dispute resolution process; or
6.3 to protect the integrity and stability of the domain name system or the .au registry.
7. LIMITATION OF LIABILITIES AND INDEMNITY
7.1 To the fullest extent permitted by law, auDA will not be liable to the registrant for any direct, indirect, consequential, special, punitive or exemplary losses or damages of any kind (including, without limitation, loss of use, loss of profit, loss or corruption of data, business interruption or indirect costs) suffered by the registrant arising from, as a result of, or otherwise in connection with, any act or omission whatsoever of auDA, its employees, agents or contractors.
7.2 The registrant agrees to indemnify, keep indemnified and hold auDA, its employees, agents and contractors harmless from all and any claims or liabilities, arising from, as a result of, or otherwise in connection with, the registrant’s registration or use of its .au domain name.
7.3 Nothing in this document is intended to exclude the operation of the Competition and Consumer Act 2010 (Cth)
2007-02 – Interim Policy on Use of Wildcard DNS Records in .au
Policy No: 2007-02
Publication Date: 30/07/2007
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s interim policy on the use of DNS wildcards in domain names that match top level domains (TLDs). The interim policy will apply pending advice to the auDA Board from the auDA Stability and Security Advisory Committee (auDA SSAC).
1.2 The interim policy has been drafted pursuant to one of auDA’s principal purposes, as defined in clause 3.1 of auDA’s Constitution, “to maintain and promote the operational stability and utility of the .au ccTLD and more generally, the Internet’s unique identifier system”.
1.3 The interim policy is based on the findings and recommendations of the ICANN Security and Stability Advisory Committee (ICANN SSAC), contained in its report “Redirection in the Com and Net Domains”, 9 July 2004.
2. DEFINITION OF “WILDCARD DNS RECORD”
2.1 A “wildcard DNS record” is a record in a DNS file that will match all requests for non-existent domain names, so that a user who types a non-existent domain name into their browser does not get the standard “Error 404” message, but is instead redirected to another webpage.
3. PROHIBITION ON USE OF WILDCARD DNS RECORDS
3.1 The ICANN SSAC has recommended that wildcard DNS records “should not be introduced into TLDs or zones that serve the public, whose contents are primarily delegations and glue, and where delegations cross organisational boundaries over which the operator may have little control or influence”.[Note 1]
3.2 The ICANN SSAC’s recommendation applies to the .au ccTLD. It also applies to the .au 2LDs (eg. com.au), which can be categorised as “zones that serve the public”. Accordingly, auDA has imposed a prohibition on the use of wildcard DNS records in .au and the .au 2LDs.
3.3 auDA is of the view that the use of wildcard DNS records in .au third level domains (3LDs) that match TLDs (eg. com.com.au) may cause the same instability as the use of wildcard DNS records in TLDs. Until the auDA SSAC has provided its recommendations on the subject, auDA has determined that the prohibition on the use of wildcard DNS records should be extended to 3LDs that match TLDs, in order to preserve the operational stability and utility of the .au domain. auDA reserves the right to delete 3LDs that match TLDs if the registrant uses wildcard DNS records within the domain name zone and any child zones.
Note:
[1] Recommendation (1), “Redirection in the Com and Net Domains”, ICANN SSAC, p.24.
2004-01 – Complaints (Registrant Eligibility) Policy
Policy No: 2004-01
Publication Date: 18/03/2004
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the handling of complaints about the eligibility of a registrant to hold their domain name licence under the policy rules for the open 2LDs. At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
2. DOMAIN NAME ELIGIBILITY CRITERIA
2.1 The eligibility criteria for each open 2LD is set out in the Domain Name Eligibility and Allocation Policy Rules for the Open 2LDs (2012-04). The eligibility criteria ensure that the registrant has the correct status to license a domain name in the requested 2LD. For example, if the registrant want to license a domain name in com.au, they must provide identification details such as Australian registered company name and Australian Company Number.
2.2 It is the responsibility of the registrant to ensure that they are eligible to hold the domain name licence, both at the time of registration and during the licence period. In order to renew their domain name licence, the registrant must confirm that their eligibility details are still current. If the registrant is no longer eligible to hold the domain name licence, then the licence cannot be renewed.
2.3 auDA recognises that many registrants invest significant time and resources in using their domain name to maintain an Internet presence. Even if registrants do not have an active web site, they may use their domain name for email purposes. Therefore, it is auDA policy that a registrant must be given a reasonable opportunity to update their eligibility details, if it is possible to do so, before the licence will be cancelled.
2.4 Nevertheless, a domain name licence is a legal contract and as such may only be held by a legal entity. If the entity that initially registered the domain name no longer exists, then the domain name licence is automatically cancelled and the domain name must be deleted. It is not possible for a non-existent registrant to update domain name eligibility details, or transfer the domain name licence to a third party.
3. COMPLAINTS-HANDLING PROCESS
3.1 Where a person believes that a registrant no longer exists or is no longer eligible to hold their domain name licence, that person should lodge a complaint with the registrar of record for the domain name (disclosed on the WHOIS service).
3.2 On receipt of a complaint about the eligibility of a registrant, the registrar must reconfirm the eligibility details of the registrant (for example, check that the registrant’s company, business name or trade mark registration is still current). If the eligibility details are current, the registrar is not required to take any further action.
3.3 If the registrant’s eligibility details are not current, or if the registrant no longer exists, the registrar is required to follow the process outlined in sections 4 and 5 below.
4. EXISTING REGISTRANTS – UPDATING ELIGIBILITY DETAILS
4.1 This section applies where the individual or entity that holds the domain name licence is still in existence, but their eligibility details are not current. Examples include:
a) where a registered company has changed its name (but the ACN has not changed);
b) where a business name registration has lapsed, but the proprietor of the business has not changed; or
c) where an application for an Australian Registered Trade Mark has been denied, or an Australian Registered Trade Mark has been removed, but the trade mark applicant/holder has not changed.
4.2 The registrar must contact the registrant to request that they update their eligibility details within 14 calendar days. The registrar must use reasonable commercial endeavours to contact the registrant (for example, if an email bounces, the registrar should attempt to contact the registrant by phone or fax).
4.3 The registrant may update their eligibility details either by resurrecting the original basis for their domain name registration, or by providing new identification details. The registrant does not have to use the same eligibility criteria that they originally used to support their domain name registration.
4.4 If the registrant updates their eligibility details within the 14 day period, the registrar must enter the new information in the registry database as a correction to registrant details.
4.5 If the registrant does not update their eligibility details within the 14 day period, or does not respond to the registrar’s request, the registrar must delete the domain name. The domain name will enter “pending delete” status for 14 calendar days. While the domain name is in pending delete, the registrant may contact the registrar to update their eligibility details. The registrar must request the registry to remove the domain name from pending delete, and then enter the new information in the registry database as a correction to registrant details.
4.6 If the registrant does not update their eligibility details while the domain name is in pending delete, then the domain name will be dropped from the registry database at a random time between 10.30am and 5.00pm AEST (or 11.30am and 6.00pm AEDT) on the next business day. It will then become available for registration by any eligible applicant on a ‘first come, first served’ basis. The domain name will not be transferred to the complainant, or reserved for the complainant. If the complainant wants to license the domain name, they must apply for it using the normal application process.
5. NON-EXISTENT REGISTRANTS – CANCELLATION OF DOMAIN NAME LICENCE
5.1 This section applies where the entity that held the domain name licence no longer exists. [NOTE 1] Examples include where a company, incorporated association or statutory body has been wound up or deregistered.
5.2 The registrar must give notice to the registrant contact listed in the registry database that the domain name licence is cancelled and the domain name will be deleted in 30 calendar days. The registrar must use reasonable commercial endeavours to give notice (for example, if an email bounces, the registrar should attempt to send notice by fax or post).
5.3 The registrar must delete the domain name at the end of the 30 day period. The domain name will enter “pending delete” status for 3 calendar days after which it will be dropped from the registry at a random time between 10.30am and 5.00pm AEST (or 11.30am and 6.00pm AEDT) on the next business day.
5.4 It is not possible for a non-existent registrant to update domain name eligibility details, or transfer the domain name licence to a third party. Therefore the domain name must be deleted even if it is currently being used by another entity or individual (for example, by a former director of the deregistered company).
5.5 The sole exception to the above rule is if:
a) there is documentary evidence that, prior to its demise, the registrant agreed to transfer the domain name licence to the entity or individual currently using the domain name; and
b) the transfer meets the requirements outlined in auDA’s Transfers (Change of Registrant) Policy (2011-03).
If the above conditions are satisfied, then the registrar must process the transfer of the domain name licence in accordance with auDA’s Transfers (Change of Registrant) Policy (2011-03).
6. OTHER COMPLAINTS
6.1 This policy deals with complaints about the eligibility of a registrant, ie. whether the registrant’s identification details are current. This policy does not deal with complaints about:
a) the underlying validity of the registrant’s eligibility (eg. whether the registrant is actually carrying on a business under their registered business name);
b) a registrar’s interpretation of the allocation criteria (ie. whether a domain name is an exact match, abbreviation, acronym or close and substantial connection); or
c) a registrant’s use of their domain name (ie. whether the domain name violates or infringes on the rights of another party, such as trade mark rights).
6.2 Complaints under paragraph 6.1a) should be taken up with the relevant government authority, such as the Australian Securities and Investment Commission (ASIC) or the state/territory registrar of business names.
6.3 Complaints under paragraph 6.1b) are handled under auDA’s Complaints Policy (2015-01). Complaints under paragraph 6.1c) may be handled under the .au Dispute Resolution Policy (auDRP) (2016-01), or alternatively the complainant should seek legal advice.
NOTE 1:
In the case where the registrant was an individual and that individual is deceased, the domain name licence passes to the deceased’s estate. The registrar is not required to take any action unless and until contacted by the executor of the estate.
2002-29 – Domain Name Password Policy
Policy No: 2002-29
Publication Date: 19/11/2002
Status: Current
1. BACKGROUND
1.1 This document sets out auDA’s policy on the allocation, use and retrieval of domain name passwords in the open .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
1.2 This document does not detail the technical steps required to allocate, use or retrieve a domain name password. This information is contained in the registry’s technical procedures manual, which is made available to all auDA accredited registrars.
2. ALLOCATION OF DOMAIN NAME PASSWORD
2.1 A domain name password must be allocated to the registrant by the registrar, at the time the domain name is registered. The registrar must provide the domain name password directly to the registrant; the registrar must not provide it via a third party, such as a reseller.
2.2 For security reasons, the domain name password must contain:
a) between 6 and 32 characters;
b) at least one letter (a-z) and one number (0-9); and
c) no dictionary words.
2.3 The registrar may generate a domain name password for the registrant, however the registrant must have the option to choose their own domain name password at the time of registration, or to change it at a later date.
2.4 When issuing the domain name password to the registrant, the registrar must notify the registrant of:
a) the importance of keeping the domain name password secure; and
b) the obligation on the registrant to keep their contact details up-to-date.
2.5 The registrar must not change the domain name password without the registrant’s consent, except where permission has been granted by auDA. Circumstances under which auDA may grant permission include:
a) where there has been a security breach (or suspected breach) of the registrar’s systems; or
b) where the registrar has terminated a reseller licence agreement because the reseller has breached auDA policy or the Code of Practice.
Please Note: The registrar is not permitted to change the domain name password merely because a reseller has become the reseller of another registrar, or has itself become an accredited registrar.
2.6 Where the registrar has changed the domain name password pursuant to paragraph 2.5, the registrar must notify the registrant of the new domain name password and the reason why the password was changed.
3. USE OF DOMAIN NAME PASSWORD
3.1 The domain name password is required for transfers. Under auDA’s Transfers Policy, the gaining registrar must obtain the domain name password from the registrant before they can send a transfer request to the registry.
3.2 The domain name password may also be used by the registrar to authenticate their communications with the registrant (for example, updating contact details or changing nameserver information).
3.3 It should be noted that the registrar of record does not need the domain name password to perform operations on the domain name. It is therefore important that registrars implement security procedures to ensure that unauthorised changes are not made to domain names under their management.
4. RETRIEVAL OF DOMAIN NAME PASSWORD
4.1 The registrar must provide the registrant with a copy of their domain name password within 2 days of a request by the registrant, provided the registrant has maintained correct contact information in the registry. If the registrant is required to provide written authorisation, as defined in paragraph 4.3, a registrar must use reasonable commercial endeavours to provide the password within 7 days.
4.2 The registrar must ensure that the domain name password is provided directly to the registrant. Where the registrant has maintained accurate contact information, the registrar must provide the domain name password to the registrant contact listed in the registry database.
4.3 Where the registrant has not maintained accurate contact information, the registrar must authenticate the request for the domain name password by obtaining written authorisation from the registrant. For the purposes of this policy, “written authorisation” means a hard copy letter, facsimile or PDF document signed by the registrant, or in the case of a corporate registrant, signed by a senior manager, company director, company secretary (or equivalent of these positions) of the registrant, on corporate letterhead.
4.4 The registrar may provide the domain name password to a third party, if the registrant has given explicit permission to do so.
4.5 Where the registrant has provided written authorisation as in paragraph 4.3, the registrar must keep full records of the domain name password retrieval by the registrant for inspection by auDA on demand, including copies of the written authorisation from the registrant.
4.6 Registrars may use an automated retrieval tool for providing domain name passwords to registrants, but they must ensure that the domain name password is provided directly to the registrant in accordance with paragraphs 4.2 and 4.3 above.
Guidance Notes
auDA’s Guidance Notes provide information regarding certain terms of the Registrar Agreement or Published policies to provide assistance to accredited Registrars and registrants in meeting their obligations.
2013-01 – Clarification of Auto-Renewal Services under the Code of Practice
Policy No: 2013-01
Publication Date: 30/03/2013
Status: Current
1. BACKGROUND
1.1 This document clarifies auDA’s position regarding auto-renewal services, as covered under paragraphs 4.2 and 4.5 of the .au Domain Name Suppliers’ Code of Practice (2004-04).
1.2 The Code of Practice applies to auDA accredited registrars and their appointed resellers. Paragraphs 4.2 and 4.5 of the Code of Practice read as follows:
4.2 Subject to paragraph 4.4, Domain Name Suppliers must only:
a) register a Domain Name at the request of a Customer; and
b) renew a Domain Name:
(i) at the request of, or with the approval of, a Registrant; and
(ii) after obtaining confirmation from the Registrant that they continue to satisfy the Domain Name Eligibility and Allocation Policy Rules for Open Second Level Domains in respect of the Domain Name.
…
4.5 Domain Name Suppliers must only renew an expired Domain Name at the request of a Registrant. The Registry will automatically delete Domain Names that have not been renewed, 30 days after the expiry date.
2. TERMINOLOGY
2.1 This policy uses the following term:
a) “auto-renewal service” means a service that enables a registrant to have their domain name automatically renewed by the registrar of record prior to the expiry date; and
b) “explicit agreement” means an agreement submitted to the registrar by the registrant by letter, facsimile, email or online form.
3. auDA’S POSITION ON AUTO-RENEWAL SERVICES
3.1 auDA has issued this document to clarify that registrars are permitted to offer an auto-renewal service under the Code of Practice, provided that they meet the conditions outlined in section 4 below. The conditions are intended to satisfy the registrar’s obligations under the Code of Practice, that they may only renew a domain name:
a) at the request, or with the approval, of the registrant; and
b) after obtaining confirmation from the registrant that they continue to meet the policy rules.
3.2 auDA’s position is that these conditions must be satisfied at the time that a registrant renews their domain name, and that a registrar is not entitled to rely solely on authorisations or warranties obtained from the registrant at the time they registered their domain name.
4. IMPLEMENTATION BY REGISTRAR OF AUTO-RENEWAL SERVICE
4.1 The registrar must gain the explicit agreement of the registrant before implementing an auto-renewal service for the registrant’s domain name(s). The registrar must not include auto-renewal in its terms and conditions without allowing the registrant to opt-out of the service, either at the time of domain name registration or at the time the auto-renewal service is introduced.
4.2 Where a registrant has opted-in to an auto-renewal service, the registrar must send an email notification to the registrant at least 30 days prior to the date that the domain name is due to be auto-renewed, which includes the following:
a) the date that the registrant’s domain name is due to be auto-renewed, and information about how to opt-out of the service prior to that date;
b) an extract of the current WHOIS information for the domain name, or a link to the WHOIS information for the domain name, with a request that the registrant check the WHOIS information for accuracy;
c) information about how the registrant can update the WHOIS information for the domain name if required; and
d) a statement that by allowing the domain name to be automatically renewed, the registrant warrants that the WHOIS information is correct and they continue to satisfy the Domain Name Eligibility and Allocation Policy Rules for Open Second Level Domains.
4.3 The registrar is not required to obtain a positive response from the registrant before proceeding to auto-renew the domain name. However, where the registrant has expressed their desire to opt-out of the service prior to the auto-renewal date, the registrar must make reasonable commercial endeavours to ensure that they do not auto-renew the domain name.
4.4 When advertising an auto-renewal service offering, and at any point where a registrant is able to opt-in to the service, the registrar must comply with the advertising principles and guidelines outlined in sections 7 and 8 of the Code of Practice.
4.5 Where a registrar becomes aware that a registrant is no longer eligible to hold their domain name for any reason, they must ensure that the registrant’s domain name is not auto-renewed even if the registrant has opted-in to the service.
2012-05 – Guidelines on the Interpretation of Policy Rules for Open 2LDs
Policy No: 2012-05
Publication Date: 17/12/2012
Status: Current
1. BACKGROUND
1.1 This document sets out guidelines on the interpretation of the Domain Name Eligibility and Allocation Policy Rules for the Open 2LDs (2012-04). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
2. PURPOSE OF GUIDELINES
2.1 The policy rules for the open 2LDs are divided into two types of criteria:
a) Eligibility – is the registrant eligible to license a domain name in the requested 2LD?; and
b) Allocation – can the requested domain name be allocated to the registrant?
2.2 The Eligibility criteria require the registrant to provide the relevant identification details for the 2LD that they want to license their domain name in. For example, if the registrant wants to license a domain name in com.au, they must provide identification details such as Australian registered company name and Australian Company Number (ACN).
2.3 The Allocation criteria require the registrant to give a reason why the requested domain name can be allocated to them. The reasons available in each 2LD are:
a) exact match, abbreviation or acronym of registrant’s name; or
b) otherwise closely and substantially connected to the registrant (known as the “close and substantial connection rule”).
2.4 The purpose of these guidelines is to provide clarification on how the Eligibility and Allocation criteria of the policy should be interpreted.
3. DOMAIN NAME APPLICATIONS
3.1 Registrars may design their own domain name application form for registrants. Forms may include check boxes to allow an applicant to self-select the appropriate eligibility and allocation criteria. As a matter of best practice, registrars are advised to make sure that they collect sufficient information to enable them to explain or justify their decision in the case of dispute, or if requested to do so by auDA under the terms and conditions of the Registrar Agreement.
3.2 Application forms must include a warranty statement that the registrant must agree to before they submit the application.
3.3 Each domain name application must be assessed on its own merits. It is not acceptable for the registrant merely to refer to previous decisions in order to support their claims. For example, the mere fact that a registrant called “Jane’s Shop Pty Ltd” was able to license “janesflowers.com.au” is not sufficient to support the claims of “John’s Shop Pty Ltd” to license “johnsflowers.com.au”.
4. RULES FOR ALL OPEN 2LDS
4.1 Before determining that a domain name application meets the specific Eligibility and Allocation criteria for the particular 2LD, registrars must check that each domain name application complies with the general rules that apply in all open 2LDs.
4.2 Domain names are allocated on a “first come, first served” basis. Provided that the registrant meets the relevant policy rules, the registrar may process the application, submit the registration to the registry and issue a domain name licence to the registrant. Registrars are not required to decide whether or not the domain name potentially infringes the rights of a third party.
4.3 Registrars must check that the requested domain name:
a) is at least two characters long;
b) contains only letters (a-z), numbers (0-9) or hyphens (-), or a combination of these;
c) starts and ends with a letter or a number, not a hyphen; and
d) does not contain hyphens in the third and fourth position (eg. ab–cd.com.au).
4.4 In addition, registrars must check that the requested domain name is not on auDA’s Reserved List.
4.5 auDA’s Reserved List does not contain objectionable words. Registrars are not required to decide whether or not a domain name is potentially objectionable. However, auDA supports the right of registrars to choose not to process a domain name registration if it breaches their own “acceptable use” policy.
5. LEGAL STATUS OF REGISTRANT
5.1 A domain name licence is a legal contract and as such may only be entered into by a legal entity. Registrars must ensure that the registrant of a domain name, as listed in the registry database, is a legal entity. If the registrant is not a legal entity then the domain name licence, and any associated terms and conditions imposed by the registrar, may not be enforceable.
5.2 The following are legal entities and may be entered in the registrant name and ID fields of the registry database:
a) a registered company (proprietary or public);
b) an individual;
c) an incorporated association; and
d) a statutory body.
5.3 The following are NOT legal entities and must NOT be entered in the registrant name and ID fields of the registry database:
a) a registered business name;
b) a trade mark;
c) a trust; and
d) a partnership.
5.4 With regard to the categories listed in paragraph 5.3, the registrant would be the owner of the registered business name or trade mark, the trustee of the trust or the individual partners of the partnership. In the case of a partnership with more than two partners, one partner must elect to be listed as the registrant on behalf of the partnership.
6. VERIFICATION OF REGISTRANT ELIGIBILITY CRITERIA
6.1 Registrants must provide sufficient identification to demonstrate that they meet the eligibility criteria for the particular 2LD . Registrars must verify the registrant’s identification details to confirm that the registrant meets the eligibility criteria. The table in Schedule A lists the registrant types for each 2LD, the identification details to be provided by the registrant, and the verification source that registrars must use to check those details.
6.2 Most verification sources are available online, however there are some cases where the registrar must obtain further documentation from the registrant, including:
a) incorporated associations that are not listed on the Australian Securities and Investments Commission (ASIC) database must provide a copy of their Certificate of Incorporation; and
b) commercial statutory bodies must provide a copy (or extract) of the relevant Act of Parliament.
6.3 When verifying registrant details on official databases, registrars should check the status entry, as follows:
a) on the ASIC database, “association strike off status (ASOS)”, “de-registered (DRGD)”, “pending (PEND)”, “removed (RMVD)” and “reserved (RSVD)” are not an acceptable basis for domain name registration ; and
b) on the Australian Trade Mark Online Search System (ATMOSS), “refused”, “rejected”, “removed” and “never registered” are not an acceptable basis for domain name registration.
6.4 In cases where there is no verification source available, registrars are entitled to rely on the registrant’s warranty that they meet the eligibility criteria, as follows:
a) sporting and special interest clubs that do not have an Australian Business Number must warrant that they are a club;
b) registrants in id.au must warrant that they are an Australian citizen or resident; and
c) non-profit organisations, in addition to providing the identification details relevant to their corporate status, must warrant that they are non-profit.
6.5 It is not necessary for a registrar to obtain a statutory declaration from the registrant. Where auDA believes on reasonable grounds that a registrant has made a false warranty, or otherwise acted in bad faith in order to obtain the domain name licence, auDA reserves the right to revoke the domain name licence.
6.6 Please note that registrars are expected to act with integrity and use their common sense in determining whether the registrant’s warranty is bona fide. Under the terms and conditions of the Registrar Agreement, auDA reserves the right to take action against a registrar where it has reasonable grounds to believe that the registrar has acted negligently or recklessly in approving a domain name application in breach of the relevant policy rules.
7. ALLOCATION CRITERIA – “EXACT MATCH”
7.1 An “exact match” is where the requested domain name matches one, some or all of the words comprising the name used by the registrant to establish their eligibility. The words must be used in the same order as they appear in the name. Refer to the examples in Schedule B.
8. ALLOCATION CRITERIA – “ABBREVIATION”
8.1 An “abbreviation” is where the requested domain name is used to represent or stand for the complete form, of the name used by the registrant to establish their eligibility. The abbreviation can contain letters or numbers that do not appear in the registrant’s name. Words do not have to be used in the same order as they appear in the name. Refer to the examples in Schedule B.
8.2 Please note that this rule is NOT the same as the pre-2002 “derivation rule” in com.au and net.au, which allowed registrants to derive a domain name that was entirely unrelated to their own name by using a consecutive sequence of letters. The abbreviation must “represent or stand for the complete form”. This means that the abbreviation must be a close approximation of, and have a related meaning to, the complete form. A “close approximation” refers to the way the words look. In general, partial words or words that contain the same letters in a similar sequence will be a close approximation. “Related meaning” refers to the accepted dictionary definition of the words. Although there might be a close approximation between the words, derivations are not acceptable if there is no related meaning. Similarly, although there might be a related meaning between the words, synonyms are not acceptable if there is no close approximation.
9. ALLOCATION CRITERIA – “ACRONYM”
9.1 An “acronym” is where the requested domain name comprises the initial letters only of each word of the name used by the registrant to establish their eligibility. If the requested domain name comprises more than the initial letters of each word, then it will most likely fall within the definition of abbreviation (for example, “auda.org.au” is an abbreviation of .au Domain Administration Ltd, not an acronym). Refer to the examples in Schedule B.
9.2 Please note the following qualifications:
- Commercial status identifiers such as “Pty Ltd” or “Co” do not need to be included.
- DNS identifiers such as “com.au” do not need to be included.
- Pronouns such as “a”, “the”, “and” or “of” do not need to be included.
10. ALLOCATION CRITERIA – “OTHERWISE CLOSELY AND SUBSTANTIALLY CONNECTED”, OR THE “CLOSE AND SUBSTANTIAL CONNECTION” RULE
10.1 The “close and substantial connection” rule is where the requested domain name is connected to the registrant in accordance with the listed categories for each 2LD.
10.2 The purpose of the close and substantial connection rule is to allow some flexibility for registrants who do not want to license a domain name that is directly related to their name (or cannot do so, because the domain name has already been licensed by another registrant with the same or similar name). It is important to note that this rule is NOT intended as a “free for all”, and the degree of flexibility is limited by the categories of close and substantial connection outlined below, as well as the specific conditions of use outlined in the policy rules.
10.3 At the point in the application form where a registrant indicates that they are eligible for a domain name under the close and substantial connection rule, registrars must provide a link to a page that sets out the criteria for the close and substantial connection rule.
10.4 In asn.au and org.au, the categories of close and substantial connection are:
a) a service that the registrant provides; or
b) a program that the registrant administers; or
c) an event that the registrant organises or sponsors; or
d) an activity that the registrant facilitates, teaches or trains; or
e) a venue that the registrant operates; or
f) a profession that the registrant’s members practise.
10.5 In com.au and net.au, the categories of close and substantial connection are:
a) a product that the registrant manufactures or sells; or
b) a service that the registrant provides; or
c) an event that the registrant organises or sponsors; or
d) an activity that the registrant facilitates, teaches or trains; or
e) a venue that the registrant operates; or
f) a profession that the registrant’s employees practise.
It is also permissible, under the close and substantial connection rule, to register a com.au or net.au domain name for the purpose of domain monetisation – refer to section 11 below.
10.6 In id.au, the categories of close and substantial connection are:
a) a name that includes, or is derived from, one or more words of the registrant’s personal name; or
b) a name by which the registrant is commonly known (ie. a nickname).
It is also permissible, under the close and substantial connection rule, to register an id.au domain name that refers to a personal interest or hobby of the registrant – refer to section 12 below.
10.7 The requested domain name does not have to be the same as the registrant’s product, service, hobby etc. The domain name must only refer to the registrant’s product, service, hobby etc. This allows the registrant to license variations or descriptions of their product, service, hobby etc (for example, “Jane the Florist Pty Ltd” could license “bestflowers.com.au”, “flowersonline.net.au”, “redroses.com.au”, “cheapflowers.net.au” and so on). Refer to the examples in Schedule B.
10.8 Schedule A of the Domain Name Eligibility and Allocation Policy Rules for all Open 2LDs contains a prohibition on registering domain names for the sole purpose of resale. Therefore, it is not acceptable for registrants to use the close and substantial connection rule to engage in domain name speculation or warehousing.
11. ALLOCATION CRITERIA – “DOMAIN MONETISATION” IN COM.AU AND NET.AU
11.1 In the com.au and net.au 2LDs, in addition to the categories of close and substantial connection listed in paragraph 10.5 above, it is also permissible to register a domain name for the purpose of domain monetisation under the close and substantial connection rule. Examples of domain monetisation include:
a) resolving the domain name to a website or landing page containing pay per click advertising links (also known as “parked pages”);
b) resolving the domain name to a website or landing page containing content such as general information, news articles, product reviews, blog posts and images, with the primary intent of generating revenue from third party affiliate or commission programs or pay per click advertising;
c) resolving the domain name to a website that contains directory listings;
d) redirecting the domain name to another domain name under a third party affiliate or commission program;
e) using the domain name to provide featured advertising services; and
f) using the domain name for traffic optimisation purposes.
11.2 Registrants who register domain names for the purpose of domain monetisation do not fall into any of the categories of close and substantial connection outlined in paragraph 10.5. For example, a registrant who registers “shoes.com.au” for domain monetisation purposes does not actually sell or manufacture shoes; their intention is to earn revenue from the domain name in one of the ways listed in paragraph 11.1. The policy rules allow people to register domain names for the purpose of domain monetisation under the close and substantial connection rule, but with two conditions of use to ensure that the intent and integrity of the close and substantial connection rule is maintained.
11.3 The first condition is that “the content on the website to which the domain name resolves must be related specifically and predominantly to subject matter denoted by the domain name”. This is intended to ensure that the close and substantial connection between the registrant and the domain name is visible and meaningful to users. If the content of the website does not relate to the domain name in any discernible way, then the close and substantial connection rule is not satisfied. auDA uses a “reasonableness test” to determine whether the content on the website satisfies the condition, ie. would a reasonable person regard the content as related specifically and predominantly to the domain name?
11.4 The second condition is that “the domain name must not be, or incorporate, an entity name, personal name or brand name in existence at the time the domain name was registered”. This condition is intended to ensure that domain monetisation is not used as a cover for cybersquatting or other misleading or fraudulent activity. In determining whether a registrant is in breach of this condition, auDA will take into account whether the domain name is a generic word or may have an alternative meaning which is not related to a specific entity, person or brand.
12. ALLOCATION CRITERIA – “PERSONAL INTEREST OR HOBBY” IN ID.AU
12.1 In the id.au 2LD, in addition to the categories of close and substantial connection listed in paragraph 10.6 above, it is also permissible to register a domain name that refers to a personal interest or hobby of the registrant, subject to the condition that “the domain name must not be, or incorporate, an entity name, personal name or brand name in existence at the time the domain name was registered”. This condition is intended to ensure that registering domain names for personal interest or hobby purposes is not used as a cover for cybersquatting or other misleading or fraudulent activity. In determining whether a registrant is in breach of this condition, auDA will take into account whether the domain name is a generic word or may have an alternative meaning which is not related to a specific entity, person or brand.
13. DOMAIN NAME RENEWALS
13.1 To process a domain name renewal, registrars must obtain confirmation from the registrant that their eligibility details are still current. If the registrant’s details have not changed, registrars are not required to perform any policy compliance checks and are entitled to rely on the registrant’s warranty that they still meet the relevant policy rules.
13.2 If the registrant’s eligibility details are no longer current, the registrar must not process the renewal unless and until the registrant provides new or updated eligibility details. The cases where this is most likely to occur are:
a) Where a business name registration has lapsed or been removed. If the registrant is able to re-register the same business name, then the registrar must simply verify that the re-registration has taken place. They do not need to perform any further policy compliance checks, because the registrant’s business name has not changed. If the registrant registers a new business name, then the registrar must perform full policy compliance checks because the registrant’s new business name may no longer have any connection with the domain name.
b) Where an application for an Australian Registered Trade Mark has not been accepted for registration. The registrant is unable to resurrect the original basis for their domain name registration, so they must provide entirely new eligibility details (eg. a company or business name). The registrar must perform full policy compliance checks, because the registrant’s new eligibility details may no longer have any connection with the domain name.
13.3 Where the legal entity that is the registrant no longer exists, the domain name licence is terminated and the domain name cannot be renewed. The case where this is most likely to occur is where a company has been deregistered. The registrar must deal with this situation in accordance with the Complaints (Registrant Eligibility) Policy.
14. POLICY COMPLIANCE
14.1 As the .au administrator, one of auDA’s primary responsibilities is to preserve the policy integrity of the .au namespace. auDA fulfils that responsibility by:
a) providing domain name policy advice and assistance to registrars, registrants and members of the public;
b) handling complaints about .au domain name registrations and registrants in accordance with its published Complaints Policy; and
c) conducting random audits of domain name registry records on a regular basis.
15. REVIEW OF GUIDELINES
15.1 From time to time, auDA may update this document for the purposes of clarification or correction, or to maintain consistency with other auDA published policies. Under the terms and conditions of the Registrar Agreement, there is a 30 day grace period for registrars to comply with any variations of procedures or practices under this document.
SCHEDULE A
VERIFICATION OF REGISTRANT ELIGIBILITY
| asn.au and org.au | ||
| Registrant Type | Registrant ID | Verification Source |
| a) Australian incorporated association |
(i) Incorporated association name; and |
|
(ii) State or Territory of registration;
and
(iii) Association Number Australian Securities and Investment
Commission (ASIC)
http://connectonline.asic.gov.au
OR Certificate of Incorporation, if
not listed on ASIC b) Australian political party (i) Party Name Australian Electoral Commission
http://www.aec.gov.au c) Australian trade union or
organisation under Fair Work
(Registered Organisations) Act 2009
(i) Union or organisation name;and
(ii) Organisation number
Fair Work Australia
http://www.fwa.gov.au d) Australian sporting or special
interest club
If no ABN provided, registrant
must warrant that they are a club
(i) Club name; and
(ii) Club address; and
(iii) Australian Business Number,
if available
Registrant warranty, or if ABN
provided Australian Business
Register (ABR)
http://www.abr.business.gov.au
e) Charity operating in Australia
An ABN is the MINIMUM
requirement for charities
(i) Charitable institution or fund
name; and
(ii) Australian Business Number f) Non-profit organisation operating
in Australia – might also be:
– Australian registered company OR
– Trading under Australian
registered business name OR
– Australian incorporated
association OR
– Foreign embassy or consulate
An ABN is the MINIMUM
requirement for non-profit
organisations, EXCEPT for foreign
embassies or consulates
Registrant must warrant that they
are a non-profit organisation
(i) Organisation name; and
(ii) Australian Business Number,
OR
(iii) Company name; and
(iv) Australian Company Number,
OR
(v) Registered business name; and
(vi) State or Territory of registration;
and
(vii) Registered Business Number
OR
(viii) Incorporated association
name; and
(ix) State or Territory of registration;
and
(x) Association Number OR Certificate
of Incorporation, if not
listed on ASIC
(xi) Foreign embassy or consulate
name; and
(xii) Foreign embassy or consulate
address
Check ABN
Registrant warranty, and ABR
http://www.abr.business.gov.au
Check ACN
Registrant warranty, and ASIC
http://connectonline.asic.gov.au
Check ARBN
Registrant warranty, and ASIC
http://connectonline.asic.gov.au
Check Incorporated Association
Registrant warranty, and ASIC
http://connectonline.asic.gov.au
Check Foreign Embassy
Registrant warranty
| com.au and net.au | ||
| Registrant Type | Registrant ID | Verification Source |
| a) Australian registered company |
(i) Company name; and (ii) Australian Company Number |
ASIC http://connectonline.asic.gov.au |
| b) Trading under an Australian registered business name |
(i) Registered business name; (ii) State or Territory of (iii) Registered Business Number |
|
| c) Australian partnership or sole trader |
||
An ABN is the MINIMUM
requirement for sole traders
and partnerships
(i) Trading name; and
(ii) Australian Business Number
ABR
http://www.abr.business.gov.au d) Foreign company licensed
to trade in Australia
Foreign companies MUST
provide an ARBN. An ABN is
NOT evidence that the
company is licensed to
trade in Australia
(i) Company name; and
(ii) Australian Registered
Body Number
ASIC
http://connectonline.asic.gov.au e) Australian Registered
Trade Mark owner
(i) Name of owner; and
(ii) Words comprising trademark;
and
(iii) Trade Mark Number
Australian Trade Mark
Online Search System (ATMOSS)
http://pericles.ipaustralia.gov.au
/atmoss/falcon.application_start f) Australian Registered
Trade Mark applicant
Foreign applicants under the
MadridProtocol MUST provide
a Trade Mark Number
(i) Name of applicant; and
(ii) Words comprising trade
mark application; and
(iii) Trade Mark Number
g) Australian incorporated
association (i) Incorporated association
name; and
(ii) State or Territory
of registration; and
(iii) Association Number OR
Certificate of Incorporation, if
not listed on ASIC ASIC
http://connectonline.asic.gov.au h) Australian commercial
statutory body trading under
statutory body name
(i) Statutory body name; and
(ii) Copy of relevant Act of
Parliament
Relevant Act of Parliament
SCHEDULE B
ALLOCATION CRITERIA EXAMPLES
Table A – Examples of exact match, abbreviation and acronym in all open 2LDs
| asn.au and org.au | ||||
|
Registrant Type
|
Example
Name |
Exact
Match |
Abbreviation
|
Acronym
|
| a) Australian incorporated association |
Internet Industry Association |
internetindustryassociation.asn.au internetindustry.asn.au internetassociation.asn.au internet.asn.au association.asn.au |
iiassoc.asn.au internetind.asn.au internetassoc.asn.a intindassoc.asn.au industryassoc.asn.au |
iia.asn.au |
| b) Australian political party |
Australian Democrats |
australiandemocrats.asn.au australian.asn.au democrats.asn.au |
austdemocrats.asn.au australiandems.asn.au austdems.asn.au dems.asn.au |
ad.asn.au |
| c) Australian trade union or organisation under Workplace Relations Act 1996 |
National Union of Workers |
nationalunionworkers.asn.au nationalworkers.asn.au workersunion.asn.au unionworkers.asn.au workers.asn.au |
natunion.asn.au natworkers.asn.au natwork.asn.au |
nuw.asn.au |
| d) Australian sporting or special interest club |
Bendigo Cricket Club |
bendigocricketclub.asn.au bendigocricket.asn.au cricketclub.asn.au |
bendigocc.asn.au bcclub.asn.au bendi.asn.au club-bendigo.asn.au |
bcc.asn.au |
| e) Charity operating in Australia |
The Salvation Army |
salvationarmy.org.au salvation.org.au army.org.au |
salvos.org.au sallyarmy.org.au |
sa.org.au |
| f) Non-profit organisation operating in Australia |
.au Domain Administration Ltd |
audomainadministration.org.au domain.org.au |
auda.org.au audomainadmin.org.au |
ada.org.au |
| com.au and net.au | ||||
|
Registrant Type
|
Example
Name |
Exact
Match |
Abbreviation
|
Acronym
|
| a) Australian registered company |
Coles Myer Pty Ltd |
colesmyer.com.au coles.net.au myer.com.au |
cmyer.com.au | cm.net.au myercoles.net.au |
| b) Trading under an Australian registered business name |
Jane’s Cake Shop |
janescakeshop.com.au cakeshop.net.au janes.com.au |
janescakes.com.au cakes.net.au |
jcs.com.au |
| c) Australian partnership or sole trader |
Turner and Turner James Turner |
turnerandturner.com.au turner.net.au jamesturner.com.au turner.net.au james.com.au |
turners.com.au tandt.net.au jamest.com.au jturner.net.au jimturner.com.au turner-james.net.au |
tt.com.au jt.net.au |
| d) Foreign company licensed to trade in Australia |
Singapore Airlines |
singaporeairlines.com.au singapore.net.au airlines.com.au |
singaporeair.com.au singair.net.au airsingapore.com.au |
sa.com.au |
| e) Australian Registered Trade Mark owner |
Coca Cola | cocacola.com.au cola.net.au |
coke.com.au | cc.net.au |
| f) Australian Registered Trade Mark applicant |
Old-Fashioned Lemonade |
oldfashionedlemonade.com.au oldfashioned.com.au lemonade.net.au |
oldlemonade.com.au oldlemons.net.au |
ofl.com.au |
| g) Australian incorporated association |
Professional Golfers Association |
professionalgolfersassociation.com.au professionalgolfers.net.au golfersassociation.net.au |
profgolfersassoc.com.au golfersassoc.net.au golfassoc.net.au assoc-golf.com.au |
pga.com.au |
| h) Australian commercial statutory body trading under statutory body name |
Australia Post | australiapost.com.au post.net.au |
auspost.com.au aussiepost.net.au apost.com.au |
ap.com.au |
| id.au | ||||
|
Registrant Type
|
Example
Name |
Exact
Match |
Abbreviation
|
Acronym
|
| a) Australian citizen or resident |
Jonathon Paul Smith |
jonathon.id.au jonathonpaulsmith.id.au jonathonsmith.id.au paul.id.au smith.id.au |
john.id.au jsmith.id.au johnpaulsmith.id.au pauljohn.id.au smith-john.id.au |
jps.id.au |
Table B – Examples of close and substantial connection in asn.au and org.au
|
Close and substantial connection category
|
Example
1 |
Example
2 |
Example
3 |
Example
4 |
| (i) Service that registrant provides |
Registrant is a Church |
Registrant is a Trade union |
Registrant is the Salvation Army |
Registrant is an RSL Army Club |
| prayer.org.au worship.org.au worshiponline.org.au |
workplacerelations.org.au | welfare.org.au helpline.org.au agedcare.org.au |
counselling.org.au | |
| (ii) Program that registrant administers |
soupkitchen.org.au | rightsatwork.org.au | employmentplus.org.au | poppies.org.au |
| (iii) Event that registrant organises or sponsors |
churchfete.org.au | mayday.org.au workersrally.org.au |
redshieldappeal.org.au | rememberanceday.org.au |
| (iv) Activity that registrant facilitates, teaches or trains |
maritalguidance.org.au | ohs.org.au | familytracing.org.au | lawnbowls.org.au bingo.org.au |
| (v) Venue that registrant operates |
church.org.au cathedral.org.au |
tradeshall.org.au | hostel.org.au youthhostel.org.au |
rslclub.org.au |
| (vi) Profession that registrant’s members practise |
ministers.org.au priests.org.au clergy.org.au |
workers.org.au | socialworkers.org.au officers.org.au |
veterans.org.au |
Table C – Examples of close and substantial connection in com.au and net.au
|
Close and substantial connection category
|
Example
1 |
Example
2 |
Example
3 |
Example
4 |
| (i) Product that registrant manufactures or sells |
Registrant is in the automotive industry |
Registrant is in the hospitality industry |
Registrant is in the IT industry |
Registrant operates a women’s clothing store |
| cars.com.au tyres.net.au sportscars.com.au 4wd.net.au carsonline.com.au |
food.com.au beverages.net.au beer.com.au fastfood.com.au tastyfood.net.au |
computers.com.au computersonline.net.au modems.com.au fastmodems.net.au |
clothing.com.au womensfashion.net.au bestdresses.com.au |
|
| (ii) Service that registrant provides |
car-repairs.com.au carservice.net.au |
catering.com.au mycatering.net.au |
webhosting.com.au cheaphosting.net.au |
tailoring.com.au |
| (iii) Event that registrant organises or sponsors |
car-rally.com.au grandprix.net.au |
weddings.com.au parties.net.au funparties.com.au |
itworld.com.au | fashionshow.net.au |
| (iv) Activity that registrant facilitates, teaches or trains |
learntodrive.com.au defensivedriving.net.au |
hospitality.com.au | htmlskills.com.au webdesign.net.au |
wardrobeconsulting.com.au |
| (v) Venue that registrant operates |
calderpark.com.au | hotel.com.au pub.com.au |
internetcafe.com.au | store.com.au onlinestore.com.au mystore.com.au |
| (vi) Profession that registrant’s employees practise |
mechanics.com.au drivers.net.au safedrivers.com.au |
waiters.com.au chefs.net.au |
engineers.com.au techies.net.au |
tailors.net.au goodtailors.com.au |
Table D – Examples of close and substantial connection in id.au
|
Close and substantial connection category
|
Example
1 |
Example
2 |
Example
3 |
Example
4 |
| (i) Includes, or is derived from, one or more words of registrant’s personal name |
Registrant’s name is: John Smith |
Registrant’s name is: Catherine Evans |
Registrant’s name is: Van Nguyen |
Registrant’s name is: Ann Poulos |
| johnny.id.au johnno.id.au smithy.id.au |
jack.id.au name
(as Jack is a
variation of John)
johnonline.id.au
smithfamily.id.au
johnsmith2002.id.au
number1john.id.au kate.id.au
(as Kate is a
variation of
Catherine)
catherine99.id.au
supercatherine.id.au
evanson.id.au vanny.id.au
vanno.id.au
nguyen888.id.au
vantheman.id.au
vansphotos.id.au
vanderburg.id.au annie.id.au
crazyann.id.au
annette.id.au (ii) A name by
which the registrant
is commonly known
or be derived from the registrant’s personal name.
2008-11 – Clarification of Permissible Own Use Registration by Registrars
Policy No: 2008-11
Publication Date: 30/06/2008
Status: Current
1. BACKGROUND
1.1 This document clarifies clause 14.2.3 of the Registrar Agreement as it applies in conjunction with clauses 4.2 and 4.4 of the .au Domain Name Suppliers’ Code of Practice (2004-04).
1.2 Clause 14.2.3 of the Registrar Agreement reads as follows: “[The Registrar must not] be involved in any activity which involves the acquisition or accumulation of Domain Names which are not connected to the provision of Registrar Services under [the Registrar Agreement], for the purposes of removing them from the availability of others, transferring them for a direct or indirect, immediate or deferred gain or profit or for any other reason which can be considered to be done in bad faith”.
1.3 Clauses 4.2 and 4.4 of the Code of Practice read as follows:
4.2 Subject to clause 4.4, Domain Name Suppliers must only:
a) register a Domain Name at the request of a Customer; and
b) renew a Domain Name:
(i) at the request of, or with the approval of, a Registrant; and
(ii) after obtaining confirmation from the Registrant that they continue to satisfy the Domain Name Eligibility and Allocation Policy Rules for Open Second Level Domains in respect of the Domain Name.
…
4.4 A Domain Name Supplier may register Domain Names on its own behalf for its own use.
2. TERMINOLOGY
2.1 This policy uses the following terms:
a) “related entities” has the same meaning as in the Corporations Act 2001 (Cth);
b) “registrar services” means the provision of services to domain name registrants, including services relating to the registration, maintenance, transfer, modification, renewal and cancellation of a domain name or domain name licence.
3. PERMISSIBLE OWN USE REGISTRATION BY REGISTRARS
3.1 Under the Registrar Agreement, registrars are allowed to register domain names on their own behalf which are connected to the provision of registrar services. For example, a registrar may register domain names that are an exact match, abbreviation or acronym of its own company or business name(s) or trademark(s), as well as domain names that refer to its registrar services.
3.2 auDA has issued this document to clarify that clause 14.2.3 of the Registrar Agreement and clauses 4.2 and 4.4 of the Code of Practice prohibit a registrar, and its related entities, from registering domain names on their own behalf for any purpose other than the provision of registrar services.
3.3 auDA may, at its own reasonable discretion, permit a registrar or its related entities to register a domain name on their own behalf in connection with the provision of services such as web hosting, website design, email and ISP services, IT hardware and software.
4. BREACH OF POLICY
4.1 Where auDA determines that a registrar has breached the Registrar Agreement or the Code of Practice as clarified by this Published Policy, auDA may delete the affected domain name(s), in addition to any other remedies available to it.
2002-16 – Registrar Agreement – Meaning of Reseller
Policy No: 2002-16
Publication Date: 27/06/2002
Status: Current
1. BACKGROUND
1.1 This document clarifies the way in which auDA interprets the meaning of “Reseller” in the Registrar Agreement.
1.2 Clause 1 of the Registrar Agreement defines a reseller to mean: “a person appointed by the Registrar to sell domain name services and provide customer services to Registrants on behalf of the Registrar.”
2. auDA INTEPRETATION OF “RESELLER”
2.1 auDA will regard a registrar to have appointed a person as a reseller under the terms of the Registrar Agreement if any of the following applies:
a) the registrar regularly accepts applications for domain names from that person, when it is apparent that that person is not itself the registrant for those domain names; or
b) that person submits more than 10 applications for domain names to the registrar on behalf of other registrants during any 30 day period, for two or more consecutive periods; or
c) it is reasonable for the registrar to conclude, in all the circumstances and having regard to the businesses conducted between the registrar and that person, that that person is a reseller of domain names services and not simply a registrant or an agent for a particular registrant, whether or not the registrar makes a formal appointment of that person as a reseller.
2.2 If a registrar appoints a reseller (known as a “First Tier Reseller”) who has appointed, or proposes to appoint, its own resellers (who may, in turn, have its own resellers) (known as “Subsequent Tier Resellers”) to sell domain name services or provide customer services to registrants, then subject to paragraph 2.4 below, for the purposes of the Registrar Agreement, auDA will regard both the First Tier Reseller and all Subsequent Tier Resellers to be resellers of the registrar within the meaning of the Registrar Agreement.
2.3 Subject to paragraph 2.4 below, registrars are required to treat those persons referred to in paragraph 2.1 and 2.2 above as resellers under the terms of the Registrar Agreement, and to comply with the registrar’s obligations in respect of those resellers as set out in the Registrar Agreement.
2.4 auDA will not require the payment of the Reseller Fee or the Reseller Notification Fee under the Registrar Agreement in respect of any Subsequent Tier Resellers of a particular First Tier Reseller, except where that First Tier Reseller is a related entity (within the meaning of the Corporations Act 2001) to the registrar, in which case the relevant fee in respect of all the Subsequent Tier Resellers of that First Tier Reseller will be payable to auDA under the Registrar Agreement.
2002-15 – Registrar Agreement – Clarification of Clause 14.1.7
Policy No: 2002-15
Publication Date: 25/06/2002
Status: Current
1. BACKGROUND
1.1 This document clarifies clause 14.1.7 of the Registrar Agreement (Approved Version 1.0: 9 November 2001).
1.2 Clause 14.1.7 of the Registrar Agreement reads as follows: “[The Registrar must] accurately represent to the Registrants, the media, any governmental entity and the general public, the Published Policies and the Registrar’s relationship with and status in the domain name infrastructure relative to the Registry Operator and auDA”.
2. MEANING OF CLAUSE 14.1.7
2.1 It has come to auDA’s attention that some registrars are producing their own explanatory material about the new regulatory regime and changes to domain name policy rules. Whilst auDA expects that registrars will provide advice and assistance to their customers, especially during the transition to the new regime, registrars must ensure that the material they produce accurately represents the new regime.
2.2 Therefore, auDA has issued this document to clarify that clause 14.1.7 requires that all registrars who provide explanatory material to their customers about the .au domain regulatory regime and policy rules, must ensure that the material:
a) clearly identifies auDA as the regulatory body and policy authority for the .au domain;
b) clearly identifies the relevant auDA Published Policy (or Policies) as the authoritative source of the registrar’s explanatory material; and
c) provides a direct link or URL reference to the relevant auDA Published Policy.
2.3 Paragraph 2.2 applies regardless of the format (eg. web page, email, hard copy) in which the registrar produces the explanatory material.
2.4 Registrars must ensure that any of their resellers who provide explanatory material to their customers about the .au domain regulatory regime and policy rules, also comply with the requirements in paragraph 2.2.
Administrative A
2015-02 – Governance Arrangements for the edu.au 2LD
Policy No: 2015-02
Publication Date: 01/07/2015
Status: Replaced by edu.au board advisory committee
1. BACKGROUND
1.1 This document sets out the governance arrangements for the edu.au second level domain (2LD) as a self-managing, closed 2LD.
1.2 On 6 March 2003, auDA entered into a 2LD Sub-Sponsorship Agreement for edu.au with the Australian Information and Communications Technology In Education Committee (AICTEC) (through the Commonwealth Department of Education), under which auDA delegated policy and management authority for the edu.au 2LD to AICTEC. AICTEC in turn sub-delegated its responsibilities to the edu.au Domain Administration Committee (eDAC).
1.3 AICTEC ceased to operate in December 2013. Pursuant to the machinery of government provisions, AICTEC’s role was reassigned to the Commonwealth Department of Education for the remaining duration of the Sub-Sponsorship Agreement through to 30 June 2014.
1.4 On 1 July 2014, auDA published Interim Governance Arrangements for the edu.au 2LD (2014-04), pending a public review of edu.au governance arrangements and eligiblity and allocation policies to be conducted by eDAC.
1.5 At its meeting in April 2015, the auDA Board approved the recommendations contained in eDAC’s final review report, and affirmed the governance arrangements set out in this document.
2. ROLE, MEMBERSHIP AND OPERATIONS OF eDAC
2.1 auDA has delegated policy and management responsibility for the edu.au 2LD to eDAC. The full role of eDAC is set out in the eDAC Terms of Reference at Schedule A.
2.2 eDAC membership is to comprise:
a) one representative from the Commonwealth Government;
b) one representative from the higher education sector;
c) four representatives from the schools sector, specifically:
i) two Government schools representatives;
ii) one Catholic school representative;
iii) one independent schools representative; and
d) two representatives from the Vocational Education and Training sector.
2.3 For each member appointed under paragraph 2.2, there shall be an alternate member appointed, with the appointment process being the same as that which applies to members under section 2. If a member is unable to attend an eDAC meeting, the alternate member may attend in their place.
2.4 eDAC will transition existing members (who do not have fixed terms) to a fixed term model with each new representative appointed for a period of four years, with half of the membership terms retiring every two years.
2.5 Any eDAC member can resign by notifying the Chair in writing. Where an eDAC member resigns, the replacement member shall serve the remainder of the term of that eDAC member. If that remaining term is nine months or less, then that residual shall be added to the normal term of a new member.
2.6 When a vacancy arises on eDAC either through the resignation of a member or the retirement of a member at expiry of their term, the relevant peak body (or its successor) from the following table will be invited by eDAC to provide a single nominee:
| Sector | Relevant Peak Body |
| Commonwealth Government | To be determined [Note 1] |
| Australian higher education sector | Universities Australia |
| Schools sector | |
| Government schools | Schools Policy Group (SPG) of the Standing Council on School Education and Early Childhood (SCSEEC) |
| Catholic schools | National Catholic Education Commission |
| Independent schools | Independent Schools Council of Australia |
| Vocational Education and Training Sector | Industry and Skills Council Advisory Committee (which reports to the COAG Industry and Skills Council (CISC)) |
2.7 A retiring eDAC member may be nominated/renominated by a relevant peak body.
2.8 If the relevant peak body fails to provide a nominee within a reasonable timeframe (or the identified peak body for that sector does not exist at that point in time or advises is not able to provide a nominee), eDAC may use its discretion to determine appropriate alternative measures to obtain a suitable nomination from the relevant sector.
2.9 When a nominee is provided to eDAC in accordance with this policy, eDAC will forward the details of the nominee to auDA for appointment as a new eDAC member.
2.10 eDAC shall elect a Chair and may elect a deputy Chair from its members, with the period of these positions being the remainder of the member’s term. Resignation of these positions must be done by notifying eDAC in writing. In the event that eDAC does not have a Chair, it shall elect a new Chair as soon as reasonably practicable.
2.11 The existence of a vacancy on eDAC does not invalidate any decisions made by eDAC whilst that vacancy exists.
2.12 eDAC is responsible for determining its own meeting procedures.
3. POLICY FRAMEWORK FOR EDU.AU
3.1 eDAC can make policies for the edu.au domain. Such policies must be ratified by auDA before they have any effect.
3.2 The edu.au domain is governed by:
a) edu.au Published Policies that are published on the edu.au registrar’s website (www.domainnameedu.au/Policyampfurtherinfo.aspx); and
b) auDA’s Published Policies that specifically apply to the edu.au domain and that are published on the auDA website (www.auda.org.au/policies/).
3.3 If auDA proposes to introduce Published Policies for the .au domain, which are expressly stated to apply to the edu.au domain, then auDA will consult with eDAC when developing those policies.
3.4 To the extent of any inconsistencies between edu.au Published Policies and auDA’s Published Policies, (where they are expressly stated to apply to the edu.au domain), then auDA’s Published Policies will prevail.
4. REGISTRY AND REGISTRAR SERVICES FOR EDU.AU
4.1 Registry services for edu.au are provided by the 2LD Registry Operator licensed by auDA, under the terms and conditions of the Registry Licence Agreement.
4.2 Registrar services for edu.au are provided by Education Services Australia Ltd, under the terms and conditions of its Registrar Agreement with auDA. These services shall comply with:
a) edu.au Published Policies; and
b) auDA’s Published Policies that specifically apply to the edu.au domain.
4.3 The registrar shall report to eDAC on the performance of its registrar functions as required by eDAC.
4.4 The registrar shall collect domain name licence fees for the edu.au domain and use these fees to:
a) pay the operating costs of the registrar;
b) arrange for contractual payments for secretariat services to eDAC;
c) maintain an appropriate financial reserve to sustain the operation of the edu.au domain; and
d) implement financial decisions as directed by eDAC;
in accordance with an annual budget to be approved by eDAC. Variations to the budget and expenditure from the financial reserve must be approved by eDAC.
5. REVIEW OF EDU.AU GOVERNANCE ARRANGEMENTS AND ELIGIBILITY AND ALLOCATION POLICIES
5.1 eDAC will undertake periodic public reviews of the governance arrangements for edu.au and the edu.au domain name eligibility and allocation policies, to ensure that they continue to reflect stakeholder interests. Upon completion of a public review, eDAC will provide the auDA Board with recommendations on any changes that need to be made to the edu.au governance arrangements and/or eligibility and allocation policies.
SCHEDULE A
EDU.AU DOMAIN ADMINISTRATION COMMITTEE (eDAC)
TERMS OF REFERENCE
Under delegation from auDA, the edu.au Domain Administration Committee (eDAC) will:
1. Through consultation with key stakeholders, establish and maintain policies and procedures to apply to the management and administration of the edu.au domain in accordance with the overarching principles and policies determined by auDA.
2. Maintain an overarching policy framework for the governance of domain names in the edu.au domain incorporating the establishment of eligibility criteria for registration in the edu.au domain.
3. Provide a point of coordination for the management of licensing and reporting arrangements between auDA, the nominated edu.au domain Registrar, and the 2LD Registry Operator, including monitoring, reporting and advising on service, cost and performance levels.
4. Ensure that policies and procedures relating to the edu.au domain are effectively communicated to education and training stakeholders including potential entrants to the domain.
5. Administer a decision review process incorporating complaint and dispute resolution policies and mechanisms allowing for appeals to be handled by eDAC without the need for recourse to the legal system or to auDA in the first instance.
6. Set the domain name licence fee in consultation with the edu.au Registrar and manage the financial performance of the edu.au domain to ensure that it operates on a financially self-sustaining basis whilst keeping fees for domain names at a minimum. The registration fee must be set at a level that will enable the Registrar to maintain an adequate financial reserve, which must be used to sustain the operation of the edu.au domain.
7. Provide advice to auDA on:
a) any matters impacting on the stability, performance or financial self-sustainability of the edu.au domain; and
b) whether the domain is continuing to operate in the public interest and for the benefit of Australian education and training as a whole.
8. Provide reports to auDA, as required, on the operational and financial performance of the edu.au domain.
9. Monitor changes being considered for the .au domain that may impact on the edu.au domain or on the edu.au domain name policy framework.
NOTE:
[1] eDAC is consulting with the Commonwealth Government to identify the appropriate agency to provide a representative.
Arrangements
Arrangements to administer a specified 2LD on behalf of auDA.
2015-02 – Governance Arrangements for the edu.au 2LD
Policy No: 2015-02
Publication Date: 01/07/2015
Status: Replaced by edu.au board advisory committee
1. BACKGROUND
1.1 This document sets out the governance arrangements for the edu.au second level domain (2LD) as a self-managing, closed 2LD.
1.2 On 6 March 2003, auDA entered into a 2LD Sub-Sponsorship Agreement for edu.au with the Australian Information and Communications Technology In Education Committee (AICTEC) (through the Commonwealth Department of Education), under which auDA delegated policy and management authority for the edu.au 2LD to AICTEC. AICTEC in turn sub-delegated its responsibilities to the edu.au Domain Administration Committee (eDAC).
1.3 AICTEC ceased to operate in December 2013. Pursuant to the machinery of government provisions, AICTEC’s role was reassigned to the Commonwealth Department of Education for the remaining duration of the Sub-Sponsorship Agreement through to 30 June 2014.
1.4 On 1 July 2014, auDA published Interim Governance Arrangements for the edu.au 2LD (2014-04), pending a public review of edu.au governance arrangements and eligiblity and allocation policies to be conducted by eDAC.
1.5 At its meeting in April 2015, the auDA Board approved the recommendations contained in eDAC’s final review report, and affirmed the governance arrangements set out in this document.
2. ROLE, MEMBERSHIP AND OPERATIONS OF eDAC
2.1 auDA has delegated policy and management responsibility for the edu.au 2LD to eDAC. The full role of eDAC is set out in the eDAC Terms of Reference at Schedule A.
2.2 eDAC membership is to comprise:
a) one representative from the Commonwealth Government;
b) one representative from the higher education sector;
c) four representatives from the schools sector, specifically:
i) two Government schools representatives;
ii) one Catholic school representative;
iii) one independent schools representative; and
d) two representatives from the Vocational Education and Training sector.
2.3 For each member appointed under paragraph 2.2, there shall be an alternate member appointed, with the appointment process being the same as that which applies to members under section 2. If a member is unable to attend an eDAC meeting, the alternate member may attend in their place.
2.4 eDAC will transition existing members (who do not have fixed terms) to a fixed term model with each new representative appointed for a period of four years, with half of the membership terms retiring every two years.
2.5 Any eDAC member can resign by notifying the Chair in writing. Where an eDAC member resigns, the replacement member shall serve the remainder of the term of that eDAC member. If that remaining term is nine months or less, then that residual shall be added to the normal term of a new member.
2.6 When a vacancy arises on eDAC either through the resignation of a member or the retirement of a member at expiry of their term, the relevant peak body (or its successor) from the following table will be invited by eDAC to provide a single nominee:
| Sector | Relevant Peak Body |
| Commonwealth Government | To be determined [Note 1] |
| Australian higher education sector | Universities Australia |
| Schools sector | |
| Government schools | Schools Policy Group (SPG) of the Standing Council on School Education and Early Childhood (SCSEEC) |
| Catholic schools | National Catholic Education Commission |
| Independent schools | Independent Schools Council of Australia |
| Vocational Education and Training Sector | Industry and Skills Council Advisory Committee (which reports to the COAG Industry and Skills Council (CISC)) |
2.7 A retiring eDAC member may be nominated/renominated by a relevant peak body.
2.8 If the relevant peak body fails to provide a nominee within a reasonable timeframe (or the identified peak body for that sector does not exist at that point in time or advises is not able to provide a nominee), eDAC may use its discretion to determine appropriate alternative measures to obtain a suitable nomination from the relevant sector.
2.9 When a nominee is provided to eDAC in accordance with this policy, eDAC will forward the details of the nominee to auDA for appointment as a new eDAC member.
2.10 eDAC shall elect a Chair and may elect a deputy Chair from its members, with the period of these positions being the remainder of the member’s term. Resignation of these positions must be done by notifying eDAC in writing. In the event that eDAC does not have a Chair, it shall elect a new Chair as soon as reasonably practicable.
2.11 The existence of a vacancy on eDAC does not invalidate any decisions made by eDAC whilst that vacancy exists.
2.12 eDAC is responsible for determining its own meeting procedures.
3. POLICY FRAMEWORK FOR EDU.AU
3.1 eDAC can make policies for the edu.au domain. Such policies must be ratified by auDA before they have any effect.
3.2 The edu.au domain is governed by:
a) edu.au Published Policies that are published on the edu.au registrar’s website (www.domainnameedu.au/Policyampfurtherinfo.aspx); and
b) auDA’s Published Policies that specifically apply to the edu.au domain and that are published on the auDA website (www.auda.org.au/policies/).
3.3 If auDA proposes to introduce Published Policies for the .au domain, which are expressly stated to apply to the edu.au domain, then auDA will consult with eDAC when developing those policies.
3.4 To the extent of any inconsistencies between edu.au Published Policies and auDA’s Published Policies, (where they are expressly stated to apply to the edu.au domain), then auDA’s Published Policies will prevail.
4. REGISTRY AND REGISTRAR SERVICES FOR EDU.AU
4.1 Registry services for edu.au are provided by the 2LD Registry Operator licensed by auDA, under the terms and conditions of the Registry Licence Agreement.
4.2 Registrar services for edu.au are provided by Education Services Australia Ltd, under the terms and conditions of its Registrar Agreement with auDA. These services shall comply with:
a) edu.au Published Policies; and
b) auDA’s Published Policies that specifically apply to the edu.au domain.
4.3 The registrar shall report to eDAC on the performance of its registrar functions as required by eDAC.
4.4 The registrar shall collect domain name licence fees for the edu.au domain and use these fees to:
a) pay the operating costs of the registrar;
b) arrange for contractual payments for secretariat services to eDAC;
c) maintain an appropriate financial reserve to sustain the operation of the edu.au domain; and
d) implement financial decisions as directed by eDAC;
in accordance with an annual budget to be approved by eDAC. Variations to the budget and expenditure from the financial reserve must be approved by eDAC.
5. REVIEW OF EDU.AU GOVERNANCE ARRANGEMENTS AND ELIGIBILITY AND ALLOCATION POLICIES
5.1 eDAC will undertake periodic public reviews of the governance arrangements for edu.au and the edu.au domain name eligibility and allocation policies, to ensure that they continue to reflect stakeholder interests. Upon completion of a public review, eDAC will provide the auDA Board with recommendations on any changes that need to be made to the edu.au governance arrangements and/or eligibility and allocation policies.
SCHEDULE A
EDU.AU DOMAIN ADMINISTRATION COMMITTEE (eDAC)
TERMS OF REFERENCE
Under delegation from auDA, the edu.au Domain Administration Committee (eDAC) will:
1. Through consultation with key stakeholders, establish and maintain policies and procedures to apply to the management and administration of the edu.au domain in accordance with the overarching principles and policies determined by auDA.
2. Maintain an overarching policy framework for the governance of domain names in the edu.au domain incorporating the establishment of eligibility criteria for registration in the edu.au domain.
3. Provide a point of coordination for the management of licensing and reporting arrangements between auDA, the nominated edu.au domain Registrar, and the 2LD Registry Operator, including monitoring, reporting and advising on service, cost and performance levels.
4. Ensure that policies and procedures relating to the edu.au domain are effectively communicated to education and training stakeholders including potential entrants to the domain.
5. Administer a decision review process incorporating complaint and dispute resolution policies and mechanisms allowing for appeals to be handled by eDAC without the need for recourse to the legal system or to auDA in the first instance.
6. Set the domain name licence fee in consultation with the edu.au Registrar and manage the financial performance of the edu.au domain to ensure that it operates on a financially self-sustaining basis whilst keeping fees for domain names at a minimum. The registration fee must be set at a level that will enable the Registrar to maintain an adequate financial reserve, which must be used to sustain the operation of the edu.au domain.
7. Provide advice to auDA on:
a) any matters impacting on the stability, performance or financial self-sustainability of the edu.au domain; and
b) whether the domain is continuing to operate in the public interest and for the benefit of Australian education and training as a whole.
8. Provide reports to auDA, as required, on the operational and financial performance of the edu.au domain.
9. Monitor changes being considered for the .au domain that may impact on the edu.au domain or on the edu.au domain name policy framework.
NOTE:
[1] eDAC is consulting with the Commonwealth Government to identify the appropriate agency to provide a representative.
2014-05 – Application of auDA Published Policies to the edu.au 2LD
Policy No: 2014-05
Publication Date: 01/07/2014
Status: Current
1. BACKGROUND
1.1 This document sets out the auDA Published Policies that apply to the edu.au 2LD.
1.2 From 1 July 2014, auDA has delegated edu.au policy authority to the edu.au Domain Administration Committee (eDAC) (refer to Interim Governance Arrangements for the edu.au 2LD (2014-04)).
1.3 Registrar services for edu.au are provided by Education Services Australia (ESA), a company owned by Commonwealth, State and Territory education and training Ministers. Policy rules for edu.au, as determined by eDAC and implemented by ESA, are available on the edu.au registration website at www.domainname.edu.au.
2. auDA PUBLISHED POLICIES APPLYING TO EDU.AU
2.1 For reasons of efficiency and convenience, auDA and eDAC have agreed that some of the auDA Published Policies for open 2LDs should also apply to edu.au. These are listed in Schedule A. Any variation to Schedule A must be agreed by both auDA and eDAC
SCHEDULE A
auDA PUBLISHED POLICIES APPLYING TO EDU.AU
| Policy No | Policy Title |
| 2003-01 | .au Dispute Resolution Policy (auDRP) – Clarification of Registrar Obligations |
| 2010-05 | .au Dispute Resolution Policy (auDRP) |
| 2010-06 | WHOIS Policy |
| 2010-07 | Registrant Contact Information Policy |
Dispute Resolution
The auDRP sets out the legal process for resolving disputes between a domain name registrant and a third party with a legal right to the name.
2016-01 .au Dispute Resolution Policy (auDRP)
Policy No: 2016-01
Publication Date: 15/04/2016
Status: Current
1. BACKGROUND
1.1 This document sets out the .au Dispute Resolution Policy (auDRP), first adopted by the auDA Board on 13 August 2001, on the recommendation of auDA’s Dispute Resolution Working Group. The auDRP and auDRP Rules are at Schedules A and B of this document.
1.2 The purpose of the auDRP is to provide a cheaper, speedier alternative to litigation for the resolution of disputes between the registrant of a .au domain name and a party with competing rights in the domain name.
1.3 The auDRP is an adaptation of the Uniform Dispute Resolution Policy (UDRP) administered by the Internet Corporation for Assigned Names and Numbers (ICANN) with respect to the global Top Level Domains (gTLDs). The auDRP differs from the UDRP in two main respects:
a) to take account of the policy rules that apply to .au domain names, that do not apply to gTLD domain names; and
b) to improve the clarity of expression and address practical constraints that have become apparent since arbitrations under the UDRP began in 1999.
1.4 Please Note: Some parts of the auDRP are substantively different from the UDRP. Prospective complainants should not assume that principles derived from UDRP decisions will be applicable to auDRP disputes. For an explanation of the differences between the auDRP and the UDRP, see the report of the Dispute Resolution Working Group at https://www.auda.org.au/policies/panels-and-committees/dispute-resolution-working-group/.
2. APPLICATION OF THE auDRP
2.1 All domain name licences issued or renewed in the open 2LDs from 1 August 2002 are subject to a mandatory administrative proceeding under the auDRP. At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.
2.2 The auDRP does not apply to all types of domain name disputes. It only applies to disputes which meet the requirements set out in Paragraph 4(a) of the auDRP at Schedule A of this document.
2.3 The auDRP is an alternative dispute resolution mechanism. Complainants are not obliged to use the auDRP but may instead choose to pursue other means of resolving their dispute, such as litigation. Commencement of an administrative proceeding under the auDRP does not prevent either party from initiating legal proceedings at any time.
3. auDA APPROVED PROVIDERS
3.1 Each auDRP proceeding is administered by an independent, auDA-approved Provider of dispute resolution services. A list of approved Providers is available on auDA’s website at http://www.auda.org.au/policy/audrp. Each Provider must publish on its website a list of its Panellists and its Supplemental Rules.
3.2 Each Provider is wholly responsible for the appointment of its Panellists according to its own accreditation procedures. Individual Panellists are not approved or accredited by auDA, and auDA does not manage or supervise their activities in any way. Any queries or complaints about a Panellist should be directed to the relevant Provider in the first instance.
4. HOW TO FILE A COMPLAINT UNDER THE auDRP – SUMMARY OF REQUIREMENTS
4.1 To help determine whether a Complaint can be lodged in respect of a particular domain name, the Complainant may apply to auDA (using the form on the auDA website at http://www.auda.org.au/policy/audrp) to find out the creation date of the domain name.
4.2 The Complainant should ensure that they have read the entire auDRP and auDRP Rules at Schedules A and B of this document before filing their Complaint. The Complaint may be filed with any of the approved Providers listed on auDA’s website at http://www.auda.org.au/policy/audrp. The Complaint must meet the requirements set out in Paragraph 3 of the auDRP Rules in Schedule B of this document, as well as any requirements detailed in the Provider’s Supplemental Rules (available from the Provider’s website).
4.3 The fee to be paid by the Complainant to the Provider under Paragraph 19 of the auDRP Rules in Schedule B of this document is:
a) In the case of a single member Panel
| Number of Disputed Domain Names | Fee (AUD) |
| 1-5 | 2,000 |
| 6-10 | 2,700 |
| More than 10 | To be decided in consultation with the Provider |
b) In the case of a three member Panel
| Number of Disputed Domain Names | Fee (AUD) |
| 1-5 | 4,500 |
| 6-10 | 5,700 |
| More than 10 | To be decided in consultation with the Provider |
5. HOW TO FILE A RESPONSE UNDER THE auDRP – SUMMARY OF REQUIREMENTS
5.1 The Respondent will receive notice of the Complaint from the Provider chosen by the Complainant. The Respondent may file a Response no later than 20 days after they are notified of the Complaint.
5.2 The Respondent should ensure that they have read the entire auDRP and Rules at Schedules A and B of this document before filing a response. The Response must meet the requirements set out in Paragraph 5 of the auDRP Rules in Schedule B of this document, as well as any requirements detailed in the Provider’s Supplemental Rules (available from the Provider’s website).
5.3 The Respondent is not obliged to file a Response. If no Response is received, unless there are exceptional circumstances, the Panel shall decide the dispute based on the information provided in the Complaint.
5.4 There are no fees payable by the Respondent unless they elect to have the dispute heard by a three member Panel, in which case they must pay half the costs.
6. REMEDIES AVAILABLE TO COMPLAINANT
6.1 A Complainant may seek to have the domain name licence:
a) cancelled, in which case the domain name will become available for registration in the normal way; or
b) transferred to themselves, but only if the registrar determines that they are eligible to hold the domain name under the relevant policy rules.
7. ENFORCEMENT OF auDRP DECISIONS
7.1 Panel decisions under the auDRP are binding on both parties. There is no appeals process.
7.2 If the unsuccessful party is not satisfied with the decision handed down by the panelist, they may decide to initiate legal proceedings against the other party. If the Panel decides that the domain name should be transferred or cancelled, the registrar is required to wait 10 business days before implementing the decision to allow for legal proceedings to be commenced.
7.3 If the unsuccessful party is not satisfied with the way in which the proceeding was administered by the Provider, they should raise their concerns directly with the Provider in the first instance. auDA may intervene in the administration of a proceeding in cases where there has been a clear and substantive procedural flaw.
8. PUBLICATION OF auDRP PROCEEDINGS AND DECISIONS
8.1 auDA will maintain a public index of all auDRP proceedings and Panel decisions on the auDA website at http://www.auda.org.au/policy/audrp.
9. REVIEW OF POLICY
9.1 From time to time, auDA may update this document for the purposes of clarification or correction.
SCHEDULE A
.au DISPUTE RESOLUTION POLICY (auDRP)
NOTES:
1. This policy has been adapted from the Uniform Dispute Resolution Policy (UDRP) of the Internet Corporation for Assigned Names and Numbers (ICANN). Some sections of this policy are substantively different from the UDRP. For an explanation of the differences, see the report of the auDA Dispute Resolution Working Group at http://www.auda.org.au/policy/audrp
2. This policy is intended to operate between the registrar and its licensee (the domain name holder or registrant). Thus, the policy uses “we” and “our” to refer to the registrar and it uses “you” and “your” to refer to the domain name holder.
1. Purpose. The .au Dispute Resolution Policy (“auDRP”) is incorporated by reference into your Registrant Agreement, and sets forth the terms and conditions that govern a dispute between you and any party other than us (the registrar) over the registration and use of an Internet domain name registered by you in one of the open .au second level domains (2LDs). Proceedings under Paragraph 4 of this Policy will be conducted according to the Rules for the auDRP (the “auDRP Rules”), which are at Schedule B of this document, and the selected administrative dispute resolution service Provider’s Supplemental Rules.
2. Your Representations. By applying to register or renew a domain name, or by any communication with us (which includes any failure to respond to a request from us for information), you represent and warrant to us that (a) the statements that you made in your domain name application are complete and accurate, including those as to your eligibility for a domain name in the open 2LD; (b) to your knowledge, the registration of the domain name will not infringe upon or otherwise violate the rights of any third party; (c) you are not registering the domain name for an unlawful purpose; and (d) you will not knowingly use the domain name in violation of any applicable laws or regulations. It is your responsibility to determine whether your domain name registration infringes or violates someone else’s rights.
3. Cancellations, Transfers, and Changes. We will cancel, transfer or otherwise make changes to domain name registrations under the following circumstances:
a. subject to the provisions of Paragraph 8, our receipt of written or appropriate electronic instructions from you or your authorised agent to take such action;
b. our receipt of an order from a court or arbitral tribunal, in each case of competent jurisdiction, requiring such action; and/or
c. our receipt of a decision of an Administrative Panel requiring such action in any administrative proceeding to which you were a party and which was conducted under this Policy or a later version of this Policy adopted by auDA, subject to Paragraph 4(i) and (k) below.
We may also cancel, transfer or otherwise make changes to a domain name registration in accordance with the terms of your Registrant Agreement or other legal requirements.
4. Mandatory Administrative Proceeding. This Paragraph sets forth the type of disputes for which you are required to submit to a mandatory administrative proceeding. These proceedings will be conducted before one of the administrative dispute resolution service providers listed on the auDA website at http://www.auda.org.au/policy/audrp (each, a “Provider”).
a. Applicable Disputes. You are required to submit to a mandatory administrative proceeding in the event that a third party (a “complainant”) asserts to the applicable Provider, in compliance with the Rules of Procedure that:
(i) your domain name is identical or confusingly similar to a name [Note 1], trademark or service mark in which the complainant has rights; and
(ii) you have no rights or legitimate interests in respect of the domain name [Note 2]; and
(iii) your domain name has been registered or subsequently used in bad faith.
In an administrative proceeding, the complainant bears the onus of proof.
b. Evidence of Registration or Use in Bad Faith. For the purposes of Paragraph 4(a)(iii), the following circumstances, in particular but without limitation, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith:
(i) circumstances indicating that you have registered or you have acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to another person for valuable consideration in excess of your documented out-of-pocket costs directly related to the domain name; or
(ii) you have registered the domain name in order to prevent the owner of a name, trademark or service mark from reflecting that name or mark in a corresponding domain name; or
(iii) you have registered the domain name primarily for the purpose of disrupting the business or activities of another person; or
(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to a website or other online location, by creating a likelihood of confusion with the complainant’s name or mark as to the source, sponsorship, affiliation, or endorsement of that website or location or of a product or service on that website or location; or
(v) if any of your representations or warranties as to eligibility or third party rights given on application or renewal are, or subsequently become, false or misleading in any manner.
c. How to Demonstrate Your Rights to and Legitimate Interests in the Domain Name in Responding to a Complaint. When you receive a complaint, you should refer to Paragraph 5 of the auDRP Rules in determining how your response should be prepared. Any of the following circumstances, in particular but without limitation, if found by the Panel to be proved based on its evaluation of all evidence presented, is to be taken to demonstrate your rights or legitimate interests to the domain name for purposes of Paragraph 4(a)(ii):
(i) before any notice to you of the subject matter of the dispute, your bona fide use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with an offering of goods or services (not being the offering of domain names that you have acquired for the purpose of selling, renting or otherwise transferring); or
(ii) you (as an individual, business, or other organisation) have been commonly known by the domain name, even if you have acquired no trademark or service mark rights; or
(iii) you are making a legitimate non-commercial or fair use of the domain name, without intent for commercial gain to misleadingly divert consumers or to tarnish the name, trademark or service mark at issue.
d. Selection of Provider. The complainant must select the Provider from among those approved by auDA by submitting the complaint to that Provider. The selected Provider will administer the proceeding, except in cases of consolidation as described in Paragraph 4(f).
e. Initiation of Proceeding and Process and Appointment of Administrative Panel. The auDRP Rules state the process for initiating and conducting a proceeding and for appointing the panel that will decide the dispute (the “Administrative Panel”).
f. Consolidation. In the event of multiple disputes between you and a complainant, either you or the complainant may petition to consolidate the disputes before a single Administrative Panel. This petition shall be made to the first Administrative Panel appointed to hear a pending dispute between the parties. This Administrative Panel may consolidate before it any or all such disputes in its sole discretion, provided that the disputes being consolidated are governed by this Policy or a later version of this Policy adopted by auDA.
g. Fees. All fees charged by a Provider in connection with any dispute before an Administrative Panel pursuant to this Policy shall be paid by the complainant, except in cases where you elect to expand the Administrative Panel from one to three panellists as provided in Paragraph 5(b)(iv) of the Rules of Procedure, in which case all fees will be borne evenly by you and the complainant.
h. Our Involvement in Administrative Proceedings. We do not, and will not, participate in the administration or conduct of any proceeding before an Administrative Panel. In addition, we will not be liable as a result of any decisions rendered by the Administrative Panel.
i. Remedies. The remedies available to a complainant pursuant to any proceeding before an Administrative Panel shall be limited to requiring the cancellation of your domain name or the transfer of your domain name registration to the complainant (provided that the complainant is otherwise eligible to hold that domain name).
j. Notification and Publication. The Provider shall notify us of any decision made by an Administrative Panel with respect to a domain name you have registered with us. All decisions under this Policy will be published in full over the Internet, except when an Administrative Panel determines in an exceptional case to redact portions of its decision.
k. Availability of Court Proceedings. The mandatory administrative proceeding requirements set forth in Paragraph 4 shall not prevent either you or the complainant from submitting the dispute to a court of competent jurisdiction for independent resolution before such mandatory administrative proceeding is commenced or after such proceeding is concluded. If an Administrative Panel decides that your domain name registration should be cancelled or transferred, we will wait ten (10) business days (as observed in the location of our principal office) after we are informed by the applicable Provider of the Administrative Panel’s decision before implementing that decision. We will then implement the decision unless we have received from you during that ten (10) business day period official documentation (such as a copy of a complaint, sealed by the registrar of the court) that you have commenced a lawsuit against the complainant. If we receive such documentation within the ten (10) business day period, we will not implement the Administrative Panel’s decision, and we will take no further action, until we receive (i) evidence satisfactory to us of a resolution between the parties; (ii) evidence satisfactory to us that your lawsuit has been dismissed, withdrawn or abandoned; or (iii) a copy of an order from such court dismissing your lawsuit or ordering that you do not have the right to continue to use your domain name.
5. All Other Disputes and Litigation. All other disputes between you and any party other than us regarding your domain name registration that are not brought pursuant to the mandatory administrative proceeding provisions of Paragraph 4 shall be resolved between you and such other party through any court, arbitration or other proceeding that may be available.
6. Our Involvement in Disputes. We will not participate in any way in any dispute between you and any party other than us regarding the registration and use of your domain name. You shall not name us as a party or otherwise include us in any such proceeding. In the event that we are named as a party in any such proceeding, we reserve the right to raise any and all defences deemed appropriate, and to take any other action necessary to defend ourselves.
7. Maintaining the Status Quo. We will not cancel, transfer, activate, deactivate, or otherwise change the status of any domain name registration under this Policy except as provided in Paragraph 3 above.
8. Transfers During a Dispute.
a. Transfers of a Domain Name to a New Holder. You may not transfer your domain name registration to another holder (i) during a pending administrative proceeding brought pursuant to Paragraph 4 or for a period of fifteen (15) business days (as observed in the location of our principal place of business) after such proceeding is concluded; or (ii) during a pending court proceeding or arbitration commenced regarding your domain name unless the party to whom the domain name registration is being transferred agrees, in writing, to be bound by the decision of the court or arbitrator. We reserve the right to cancel any transfer of a domain name registration to another holder that is made in violation of this subparagraph.
b. Changing Registrars. You may not transfer your domain name registration to another registrar during a pending administrative proceeding brought pursuant to Paragraph 4 or for a period of fifteen (15) business days (as observed in the location of our principal place of business) after such proceeding is concluded. You may transfer administration of your domain name registration to another registrar during a pending court action or arbitration, provided that the domain name you have registered with us shall continue to be subject to the proceedings commenced against you in accordance with the terms of this Policy. In the event that you transfer a domain name registration to us during the pendency of a court action or arbitration, such dispute shall remain subject to the domain name dispute policy of the registrar from which the domain name registration was transferred.
9. Policy Modifications. This Policy may only be modified by auDA. You agree to be bound by any changes made to this Policy from the time that the changed Policy is published by auDA.
SCHEDULE B
RULES FOR .au DISPUTE RESOLUTION POLICY (auDRP Rules)
NOTE:
This policy has been adapted from the Uniform Dispute Resolution Policy (UDRP) Rules of the Internet Corporation for Assigned Names and Numbers (ICANN).
Administrative proceedings for the resolution of disputes under the auDRP are governed by the auDRP Rules and also the Supplemental Rules of the Provider administering the proceedings, as posted on its web site.
1. Definitions
In these Rules:
Complainant means the party initiating a complaint concerning a domain name registration.
auDA refers to .au Domain Administration Limited.
Mutual Jurisdiction means a court jurisdiction at the location of either (a) the principal office of the Registrar (provided the domain name holder has submitted in its Registrant Agreement to that jurisdiction for court adjudication of disputes concerning or arising from the use of the domain name) or (b) the domain name holder’s address as shown for the registration of the domain name in the registry database at the time the complaint is submitted to the Provider.
Panel means an administrative panel appointed by a Provider to decide a complaint concerning a domain name registration.
Panellist means an individual appointed by a Provider to be a member of a Panel.
Party means a Complainant or a Respondent.
Policy means the .au Dispute Resolution Policy (auDRP) set out in Schedule A as modified and published by auDA from time to time.
Provider means a dispute resolution service provider approved by auDA. A list of such Providers appears on the auDA website at http://www.auda.org.au/policy/audrp
Registrar means the entity with which the Respondent has registered a domain name that is the subject of a complaint, whether directly or through any reseller.
Registrant Agreement means the agreement between a Registrar and a domain name holder.
Respondent means the registered holder of a domain name against which a complaint is initiated.
Reverse Domain Name Hijacking means using the Policy in bad faith to attempt to deprive a registered domain name holder of a domain name.
Supplemental Rules means the rules adopted by the Provider administering a proceeding to supplement these Rules. Supplemental Rules must be approved by auDA and shall cover such topics as fees, word and page limits and guidelines, file size and formal modalities, the means for communicating with the Provider and the Panel, and the form of cover sheets.
Written Notice means hardcopy notification by the Provider to the Respondent of the commencement of an administrative proceeding under the Policy which shall inform the respondent that a complaint has been filed against it, and which shall state that the Provider has electronically transmitted the complaint including annexes to the Respondent by means specified herein. Written notice does not include a hardcopy of the complaint itself or of any annexes.
2. Communications
(a) When forwarding a complaint including any annexes, electronically to the Respondent, it shall be the Provider’s responsibility to employ reasonably available means calculated to achieve actual notice to Respondent. Achieving actual notice, or employing the following measures to do so, shall discharge this responsibility:
(i) sending Written Notice of the complaint to all postal mail and facsimile addresses supplied by Registrar to the Provider for the purposes of achieving actual notice to Respondent; and
(ii) sending a copy of the complaint including any annexes in electronic form by email to:
(A) the email addresses for the Respondent as recorded in the WHOIS record, including technical, administrative, and other notified contacts;
(B) postmaster@<the contested domain name>; and
(C) if the domain name (or “www.” followed by the domain name) resolves to an active web page (other than a generic page the Provider concludes is maintained by a registrar or ISP for parking domain names registered by multiple domain name holders), any email address shown or email links on that web page; and
(iii) sending the complaint including any annexes to any email address the Respondent has notified the Provider it prefers and, to the extent practicable, to all other email addresses provided to the Provider by Complainant under Paragraph 3(b)(v).
(b) Except as provided in Paragraph 2(a), any written communication to Complainant or Respondent provided for under these Rules shall be made electronically via the Internet (a record of its transmission being available), or by any requested means stated by the Complainant or Respondent, respectively (see Paragraphs 3(b)(iii) and 5(b)(iii)).
(c) Any communication to the Provider or the Panel shall be made by the means and in the manner (including, where applicable, number of copies) stated in the Provider’s Supplemental Rules.
(d) Communications shall be made in the language prescribed in Paragraph 11.
(e) Either Party may update its contact details by notifying the Provider and the Registrar.
(f) Except as otherwise provided in these Rules, or decided by a Panel, all communications provided for under these Rules shall be deemed to have been made:
(i) if via the Internet, on the date that the communication was transmitted, provided that the date of transmission is verifiable; or, where applicable
(ii) if delivered by telecopy or facsimile transmission, on the date shown on the confirmation of transmission; or
(iii) if by postal or courier service, on the date marked on the receipt.
(g) Except as otherwise provided in these Rules, all time periods calculated under these Rules to begin when a communication is made shall begin to run on the earliest date that the communication is deemed to have been made in accordance with Paragraph 2(f).
(h) Any communication by
(i) a Panel to any Party shall be copied to the Provider and to the other Party;
(ii) the Provider to any Party shall be copied to the other Party; and
(iii) a Party shall be copied to the other Party, the Panel and the Provider, as the case may be.
(i) It shall be the responsibility of the sender to retain records of the fact and circumstances of sending, which shall be available for inspection by affected parties and for reporting purposes.
(j) In the event a Party sending a communication receives notification of non-delivery of the communication, the Party shall promptly notify the Panel (or, if no Panel is yet appointed, the Provider) of the circumstances of the notification. Further proceedings concerning the communication and any response shall be as directed by the Panel (or the Provider).
3. The Complaint
(a) Any person or entity may initiate an administrative proceeding by submitting a complaint in accordance with the Policy and these Rules to any Provider approved by auDA. (Due to capacity constraints or for other reasons, a Provider’s ability to accept complaints may be suspended at times. In that event, the Provider shall refuse the submission. The person or entity may submit the complaint to another Provider.)
(b) The complaint including any annexes shall be submitted in electronic form and shall:
(i) Request that the complaint be submitted for decision in accordance with the Policy and these Rules;
(ii) Provide the name, postal and email addresses, and the telephone and fax numbers of the Complainant and of any representative authorised to act for the Complainant in the administrative proceeding;
(iii) Specify a preferred method for communications directed to the Complainant in the administrative proceeding (including person to be contacted, medium, and address information) for each of (A) electronic-only material and (B) material including hard copy (where electronic communications via the Internet are unavailable);
(iv) Designate whether Complainant elects to have the dispute decided by a single member or a three member Panel and, in the event Complainant elects a three member Panel, provide the names and contact details of three candidates to serve as one of the Panellists (these candidates may be drawn from any auDA approved Provider’s list of Panellists);
(v) Provide the name of the Respondent (domain name holder) and all information (including any postal and email addresses and telephone and fax numbers) known to Complainant regarding how to contact Respondent or any representative of Respondent, including contact information based on pre-complaint dealings, in sufficient detail to allow the Provider to send the complaint as described in Paragraph 2(a);
(vi) Specify the domain name(s) that is/are the subject of the complaint;
(vii) Identify the Registrar(s) with whom the domain name(s) is/are registered at the time the complaint is filed;
(viii) Specify the name(s), trademark(s) or service mark(s) on which the complaint is based and, for each mark, describe the goods or services, if any, with which the mark is used (Complainant may also separately describe other goods and services with which it intends, at the time the complaint is submitted, to use the mark in the future.);
(ix) Describe, in accordance with the Policy, the grounds on which the complaint is made. (The description should discuss any aspects of the Policy that are applicable. The description shall comply with any word or page limit set forth in the Provider’s Supplemental Rules.);
(x) Specify, in accordance with the Policy, the remedies sought;
(xi) Identify any other legal proceedings that have been commenced or terminated in connection with or relating to any of the domain name(s) that are the subject of the complaint;
(xii) State whether a copy of the complaint, together with the cover sheet as prescribed by the Provider’s Supplemental Rules, has been sent or transmitted to the Respondent (domain name holder), in accordance with Paragraph 2(b);
(xiii) State that Complainant will submit, with respect to any challenges to a decision in the administrative proceeding cancelling or transferring the domain name, to the jurisdiction of the courts in at least one specified Mutual Jurisdiction;
(xiv) Conclude with the following statement followed by the signature of the Complainant or its authorised representative:
“Complainant agrees that its claims and remedies concerning the registration of the domain name, the dispute, or the dispute’s resolution shall be solely against the domain name holder and waives all such claims and remedies against (a) the dispute resolution Provider and Panellists, except in the case of deliberate wrongdoing, (b) the registrar, (c) the registry administrator, and (d) auDA, as well as their directors, officers, employees, and agents.”
“Complainant certifies that the information contained in this Complaint is to the best of Complainant’s knowledge complete and accurate, that this Complaint is not being presented for any improper purpose, such as to harass, and that the assertions in this Complaint are warranted under these Rules and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.”; and
(xv) Annex any documentary or other evidence, including a copy of the Policy applicable to the domain name(s) in dispute and any name, trademark or service mark registration upon which the complaint relies, together with a schedule indexing such evidence.
(c) The complaint may relate to more than one domain name, provided that the domain names are registered by the same domain name holder.
4. Notification of Complaint
(a) The Provider shall review the complaint for administrative compliance with the Policy and these Rules and, if in compliance, shall send Written Notice of the complaint (together with the explanatory cover sheet prescribed by the Provider’s Supplemental Rules) to the Respondent, in the manner prescribed by Paragraph 2(a), within three (3) calendar days following receipt of the fees to be paid by the Complainant in accordance with Paragraph 19.
(b) If the Provider finds the complaint to be administratively deficient, it shall promptly notify the Complainant and the Respondent of the nature of the deficiencies identified. The Complainant shall have five (5) calendar days within which to correct any such deficiencies by sending a revised Complaint to the Provider. If this is not done the administrative proceeding will be deemed withdrawn without prejudice to submission of a different complaint by Complainant.
(c) The date of commencement of the administrative proceeding shall be the date on which the Provider sends a copy of the complaint and all annexures to the Respondent in accordance with Paragraph 2(a)(ii).
(d) The Provider shall immediately notify the Complainant, the Respondent, the concerned Registrar(s), and auDA of the date of commencement of the administrative proceeding.
5. The Response
(a) No later than twenty (20) days after the date of commencement of the administrative proceeding the Respondent shall submit a response to the Provider.
(b) The response including any annexes shall be submitted in electronic form and shall:
(i) Respond specifically to the statements and allegations contained in the complaint and include any and all bases for the Respondent (domain name holder) to retain registration and use of the disputed domain name (This portion of the response shall comply with any word or page limit set forth in the Provider’s Supplemental Rules.);
(ii) Provide the name, postal and email addresses, and the telephone and fax numbers of the Respondent (domain name holder) and of any representative authorised to act for the Respondent in the administrative proceeding;
(iii) Specify a preferred method for communications directed to the Respondent in the administrative proceeding (including person to be contacted, medium, and address information) for each of (A) electronic-only material and (B) material including hard copy (where electronic communications via the Internet are unavailable);
(iv) If Complainant has elected a single member panel in the Complaint (see Paragraph 3(b)(iv)), state whether Respondent elects instead to have the dispute decided by a three member panel;
(v) If either Complainant or Respondent elects a three member Panel, provide the names and contact details of three candidates to serve as one of the Panellists (these candidates may be drawn from any auDA approved Provider’s list of Panellists);
(vi) Identify any other legal proceedings that have been commenced or terminated in connection with or relating to any of the domain name(s) that are the subject of the complaint;
(vii) State that a copy of the response has been sent or transmitted to the Complainant, in accordance with Paragraph 2(b); and
(viii) Conclude with the following statement followed by the signature of the Respondent or its authorised representative:
“Respondent agrees that its claims and remedies concerning the registration of the domain name, the dispute, or the dispute’s resolution shall be solely against the complainant and waives all such claims and remedies against (a) the dispute resolution Provider and Panellists, except in the case of deliberate wrongdoing, (b) the registrar, (c) the registry administrator, and (d) auDA, as well as their directors, officers, employees, and agents.”
“Respondent certifies that the information contained in this Response is to the best of Respondent’s knowledge complete and accurate, that this Response is not being presented for any improper purpose, such as to harass, and that the assertions in this Response are warranted under these Rules and under applicable law, as it now exists or as it may be extended by a good faith and reasonable argument.”; and
(ix) Annex any documentary or other evidence upon which the Respondent relies, together with a schedule indexing such documents.
(c) If Complainant has elected to have the dispute decided by a single member Panel and Respondent elects a three member Panel, Respondent shall be required to pay one-half of the applicable fee for a three member Panel as set forth in the Provider’s Supplemental Rules. This payment shall be made together with the submission of the response to the Provider. In the event that the required payment is not made, the dispute shall be decided by a single member Panel.
(d) At the request of the Respondent, the Provider may, in exceptional cases, extend the period of time for the filing of the response. The period may also be extended by written stipulation between the Parties, provided the stipulation is approved by the Provider.
(e) If a Respondent does not submit a response, in the absence of exceptional circumstances, the Panel shall decide the dispute based upon the complaint.
6. Appointment of the Panel and Timing of Decision
(a) Each Provider shall maintain and publish a publicly available list of Panellists and their qualifications.
(b) If neither the Complainant nor the Respondent has elected a three member Panel (Paragraphs 3(b)(iv) and 5(b)(iv)), the Provider shall appoint, within five (5) calendar days following receipt of the response by the Provider, or the lapse of the time period for the submission thereof, a single Panellist from its list of Panellists. The fees for a single member Panel shall be paid entirely by the Complainant.
(c) If either the Complainant or the Respondent elects to have the dispute decided by a three member Panel, the Provider shall appoint three Panellists in accordance with the procedures identified in Paragraph 6(e). The fees for a three member Panel shall be paid in their entirety by the Complainant, except where the election for a three member Panel was made by the Respondent, in which case the applicable fees shall be shared equally between the Parties.
(d) Unless it has already elected a three member Panel, the Complainant shall submit to the Provider, within five (5) calendar days of communication of a response in which the Respondent elects a three member Panel, the names and contact details of three candidates to serve as one of the Panellists. These candidates may be drawn from any auDA approved Provider’s list of Panellists.
(e) In the event that either the Complainant or the Respondent elects a three member Panel, the Provider shall endeavour to appoint one Panellist from the list of candidates provided by each of the Complainant and the Respondent. In the event the Provider is unable within five (5) calendar days to secure the appointment of a Panellist on its customary terms from either Party’s list of candidates, the Provider shall make that appointment from its list of Panellists. The third Panellist shall be appointed by the Provider from its list of Panellists.
(f) Once the entire Panel is appointed, the Provider shall notify the Parties of the Panellists appointed and the date by which, absent exceptional circumstances, the Panel shall forward its decision on the complaint to the Provider.
7. Impartiality and Independence
A Panellist shall be impartial and independent and shall have, before accepting appointment, disclosed to the Provider any circumstances giving rise to justifiable doubt as to the Panellist’s impartiality or independence. If, at any stage during the administrative proceeding, new circumstances arise that could give rise to justifiable doubt as to the impartiality or independence of the Panellist, that Panellist shall promptly disclose such circumstances to the Provider. In such event, the Provider shall have the discretion to appoint a substitute Panellist.
8. Communication Between Parties and the Panel
No Party or anyone acting on its behalf may have any unilateral communication with the Panel. All communications between a Party and the Panel or the Provider shall be made to a case administrator appointed by the Provider in the manner prescribed in the Provider’s Supplemental Rules.
9. Transmission of the File to the Panel
The Provider shall make the file available to the Panel as soon as the Panellist is appointed in the case of a Panel consisting of a single member, or as soon as the last Panellist is appointed in the case of a three member Panel.
10. General Powers of the Panel
(a) The Panel shall conduct the administrative proceeding in such manner as it considers appropriate in accordance with the Policy and these Rules.
(b) In all cases, the Panel shall ensure that the Parties are treated with equality and that each Party is given a fair opportunity to present its case.
(c) The Panel shall ensure that the administrative proceeding takes place with due expedition. It may, at the request of a Party or on its own motion, extend, in exceptional cases, a period of time fixed by these Rules or by the Panel.
(d) The Panel shall determine the admissibility, relevance, materiality and weight of the evidence.
(e) A Panel shall decide a request by a Party to consolidate multiple domain name disputes in accordance with the Policy and these Rules.
11. Language of Proceedings
(a) Unless otherwise agreed by the Parties, or specified otherwise in the Registrant Agreement, the language of the administrative proceeding shall be the language of the Registrant Agreement, subject to the authority of the Panel to determine otherwise, having regard to the circumstances of the administrative proceeding.
(b) The Panel may order that any documents submitted in languages other than the language of the administrative proceeding be accompanied by a translation in whole or in part into the language of the administrative proceeding.
12. Further Statements
In addition to the complaint and the response, the Panel may request or permit, in its sole discretion, further statements or documents from either of the Parties.
13. In-Person Hearings
There shall be no in-person hearings (including hearings by teleconference, videoconference, and web conference), unless the Panel determines, in its sole discretion and as an exceptional matter, that such a hearing is necessary for deciding the complaint.
14. Default
(a) In the event that a Party, in the absence of exceptional circumstances, does not comply with any of the time periods established by these Rules or the Panel, the Panel shall proceed to a decision on the complaint.
(b) If a Party, in the absence of exceptional circumstances, does not comply with any provision of, or requirement under, these Rules or any request from the Panel, the Panel shall draw such inferences therefrom as it considers appropriate.
15. Panel Decisions
(a) A Panel shall decide a complaint on the basis of the statements and documents submitted and in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable.
(b) In the absence of exceptional circumstances, the Panel shall forward its decision on the complaint to the Provider within fourteen (14) days of its appointment pursuant to Paragraph 6.
(c) In the case of a three member Panel, the Panel’s decision shall be made by a majority.
(d) The Panel’s decision shall be in writing, provide the reasons on which it is based, indicate the date on which it was rendered and identify the name(s) of the Panellist(s).
(e) Panel decisions and dissenting opinions shall normally comply with the guidelines as to length set forth in the Provider’s Supplemental Rules. Any dissenting opinion shall accompany the majority decision. If the Panel concludes that the dispute is not within the scope of Paragraph 4(a) of the Policy, it shall so state. If after considering the submissions the Panel finds that the complaint was brought in bad faith, for example in an attempt at Reverse Domain Name Hijacking or was brought primarily to harass the domain name holder, the Panel shall declare in its decision that the complaint was brought in bad faith and constitutes an abuse of the administrative proceeding.
16. Communication of Decision to Parties
(a) Within five calendar days after receiving the decision from the Panel, the Provider shall communicate the full text of the decision to each Party, the concerned Registrar(s), and auDA. The concerned Registrar(s) shall immediately communicate to each Party, the Provider, and auDA the date for the implementation of the decision in accordance with the Policy.
(b) Except if the Panel determines otherwise (see Paragraph 4(j) of the Policy), the Provider shall publish the full decision and the date of its implementation on a publicly accessible website. In any event, the portion of any decision determining a complaint to have been brought in bad faith (see Paragraph 15(e) of these Rules) shall be published.
17. Settlement or Other Grounds for Termination
(a) If, before the Panel’s decision, the Parties agree on a settlement, the Panel shall terminate the administrative proceeding.
(b) If, before the Panel’s decision is made, it becomes unnecessary or impossible to continue the administrative proceeding for any reason, the Panel shall terminate the administrative proceeding, unless a Party raises justifiable grounds for objection within a period of time to be determined by the Panel.
18. Effect of Court Proceedings
(a) In the event of any legal proceedings initiated prior to or during an administrative proceeding in respect of a domain name dispute that is the subject of the complaint, the Panel shall have the discretion to decide whether to suspend or terminate the administrative proceeding, or to proceed to a decision.
(b) In the event that a Party initiates any legal proceedings during the pendency of an administrative proceeding in respect of a domain name dispute that is the subject of the complaint, it shall promptly notify the Panel and the Provider. See Paragraph 8 above.
19. Fees
(a) The Complainant shall pay to the Provider an initial fixed fee, in accordance with the Provider’s Supplemental Rules, within the time and in the amount required. A Respondent electing under Paragraph 5(b)(iv) to have the dispute decided by a three member Panel, rather than the single member Panel elected by the Complainant, shall pay the Provider one-half the fixed fee for a three member Panel. See Paragraph 5(c). In all other cases, the Complainant shall bear all of the Provider’s fees, except as prescribed under Paragraph 19(d). Upon appointment of the Panel, the Provider shall refund the appropriate portion, if any, of the initial fee to the Complainant, as specified in the Provider’s Supplemental Rules.
(b) No action shall be taken by the Provider on a complaint until it has received from Complainant the initial fee in accordance with Paragraph 19(a).
(c) If the Provider has not received the fee within ten (10) calendar days of receiving the complaint, the complaint shall be deemed withdrawn and the administrative proceeding terminated.
(d) In exceptional circumstances, for example in the event an in-person hearing is held, the Provider shall request the Parties for the payment of additional fees, which shall be established in agreement with the Parties and the Panel.
20. Exclusion of Liability
Except in the case of deliberate wrongdoing, neither the Provider nor a Panellist shall be liable to a Party for any act or omission in connection with any administrative proceeding under these Rules.
21. Amendments
The version of these Rules in effect at the time of the submission of the complaint to the Provider shall apply to the administrative proceeding commenced thereby. These Rules may not be amended without the express written approval of auDA.
Notes:
[1] For the purposes of this policy, auDA has determined that a “name … in which the complainant has rights” refers to:
a) the complainant’s company, business or other legal or trading name, as registered with the relevant Australian government authority; or
b) the complainant’s personal name.
[2] For the purposes of this policy, auDA has determined that “rights or legitimate interests in respect of the domain name” are not established merely by a registrar’s determination that the respondent satisfied the relevant eligibility criteria for the domain name at the time of registration.
2008-02 – Approval Process for auDRP Providers
Policy No: 2008-02
Publication Date: 01/03/2008
Status: Current
1. BACKGROUND
1.1 This document sets out the process for becoming an auDA Approved Provider under the .au Dispute Resolution Policy (auDRP).
1.2 The purpose of the auDRP is to provide a cheaper, speedier alternative to litigation for the resolution of disputes between the registrant of a .au domain name and a party with competing rights in the domain name.
1.3 Each proceeding under the auDRP will be administered by an independent, auDA-approved provider of dispute resolution services.
2. APPROVAL PROCESS
2.1 Organisations wishing to become auDRP providers should take the following steps:
a) become familiar with the auDRP and auDRP Rules, and auDA’s Domain Name Eligibility and Allocation Policy Rules for All Open 2LDs (available on the auDA website at http://auda.org.au/policies/current-policies); and
b) submit an application, providing the information requested in Sections A and B of this document, to:
Chief Policy Officer
.au Domain Administration Ltd
Level 17, 1 Collins St
MELBOURNE VIC 3000
AUSTRALIA
or
email to info@auda.org.au
2.2 All information submitted to auDA will remain confidential.
3. INFORMATION FOR APPLICANTS
3.1 Organisations wishing to become auDRP providers should note the following information:
a) auDA requires that all listed panelists are Australian citizens or Australian residents, or otherwise able to demonstrate knowledge and experience of the Australian Domain Name System (DNS);
b) auDA will provide initial training and support to listed panelists with respect to the auDRP (and ongoing training and support, depending on demand);
c) the fee to be paid to the provider under paragraph 19 of the auDRP Rules is AUD$2,000 for a single member panel, and AUD$4,500 for a three member panel; and
d) auDA will publish all auDRP decisions on its website.
3.2 In general, auDA examines the applications to determine whether the applicant has demonstrated its ability to handle proceedings in an expedited, online context in an orderly and fair manner. Attributes that are especially important include:
a) applicant should have a track record in competently handling the clerical aspects of alternative dispute resolution (ADR) proceedings. In the absence of a well-established track record, a detailed plan for providing those abilities should be submitted; and
b) applicant’s supplemental rules and internal procedures should demonstrate that applicant understands the workings of the auDRP, and the policy environment for .au domain names.
SECTION A: GENERAL INFORMATION
A.1 Name and address of applicant organisation.
A.2 Telephone and facsimile numbers and email address of applicant.
A.3 Website URL of applicant.
A.4 Name of applicant’s contact person.
A.5 Telephone and facsimile numbers and email address of contact person, if different from A.2.
SECTION B: BUSINESS INFORMATION
B.1 An overview of the applicant’s capabilities and background in providing ADR services in Australia, including a description of the applicant’s track record of handling the clerical aspects of ADR proceedings.
B.2 A list of the names and qualifications of the panelists the applicant proposes to include on its published list.
B.3 A description of any training and educational measures the applicant proposes to use for listed panelists with respect to the auDRP.
B.4 A commitment by the applicant not to prevent or discourage any of its listed panelists from serving as panelists for other approved providers.
B.5 A copy of the applicant’s proposed supplemental rules for the auDRP.
B.6 Documentation of the applicant’s proposed internal operating procedures with respect to auDRP proceedings.
B.7 A statement of the applicant’s administrative capacity in terms of number of proceedings initiated on a monthly basis.
B.8 A commitment to provide auDA with copies of all decisions of panels in proceedings the applicant administers.
New policy framework
Commencement date to be advised
.au Domain Administration Rules: Licensing
Board Approval Date: 1 July 2020, amended 12 October 2020
Status: Approved (Commencement date to be confirmed)
Download PDF: .au Domain Administration Rules – Licensing
PART 1 – INTRODUCTION
1.1 OVERVIEW
|
The following is an overview of this Part:
|
1.1.1 These .au Domain Administration Rules (auDA Rules) have been made by .au Domain Administration Limited (ABN 38 079 009 340) (.au Domain Administration) in its capacity as the administrator of, and Australian self-regulatory policy body for the .au country-code Top Level Domain (ccTLD).
1.1.2 The auDA Rules form part of the terms and conditions relating to a Licence Agreement with a Registrar.
1.1.3 A Registrant and a Registrar must comply with these auDA Rules, as amended from time to time by .au Domain Administration. If there is an inconsistency between the auDA Rules and the Licence Agreement, then the .auDA Rules will prevail to the extent of that inconsistency.
1.2 COMMENCEMENT
1.2.1 The auDA Rules (with the exception of the Rules relating to the .au namespace, Internationalised Domain Names and id.au namespace), will commence on [to be advised]
1.2.2 The auDA Rules relating to the id.au namespace (paragraph 2.4.7) will commence on [to be advised]
1.2.3 The auDA Rules relating to the .au namespace (with the exception of Internationalised Domain Names) will commence on [to be advised].
1.2.4 The auDA Rules relating to Internationalised Domain Names (paragraph 2.8) will commence on [to be advised].
1.3 OBJECTS
1.3.1 The objects of the auDA Rules are to ensure that a Licensing system is established which:
- is transparent, responsive, accountable, accessible, and efficient;
- improves the utility of the .au ccTLD for all Australians;
- promotes consumer protection, fair trading and competition;
- provides those protections necessary to maintain the integrity, stability, utility and public confidence in the .au ccTLD;
- expresses licence terms and conditions in objective and not subjective terms;
- implements clear, predictable and reliable complaint processes; and
- preserves the fundamental principles of no proprietary rights in a domain name, first come, first served, and no hierarchy of rights.
1.4 DEFINITIONS
In these auDA Rules:
.au ccTLD means the .au country code Top Level Domain for Australia.
.au Domain Administration Limited (ABN 38 079 009 340) means the licensing body for .au namespaces.
.auDRP means the .auDA Dispute Resolution Policy.
ABN (Australian Business Number) has the meaning given by section 41 of the A New Tax System (Australian Business Number)Act 1999 (Cth).
Acronym means an abbreviation formed from the initial letters of a person’s name, goods, service, venue or event.
Association means an incorporated or unincorporated association formed within the limits of an Australian State or Territory, or an Australian external territory.
Australian community means natural Persons and legal entities domiciled in Australia and its external territories.
Australian law means:
- an Act of the Commonwealth or State or Territory; or
- regulations, or any other legislative instrument made under such an Act; or
- a Norfolk Island enactment; or
- a rule of common law.
Australian presence means:
- an Australian citizen or an Australian permanent resident visa holder;
- a company registered under the Corporations Act 2001(Cth);
- a Registrable Body means a registrable Australian body or a foreign company under the Corporations Act 2001 (Cth) which has an Australian Registered Body Number (ARBN);
- an Incorporated Association under State or Territory legislation;
- an entity issued with an Australian Business Number under the A New Tax System (Australian Business Number) Act 1999(Cth);
- an Indigenous Corporation registered under the Corporations (Aboriginal and Torres Strait Islander) Act 2006(Cth) on the Register of Aboriginal and Torres Strait Islander Corporations;
- a Registered Organisation that is:
(a) an association of employers;
(b) an association of employees (union); or
(c) an enterprise association;
registered under the Fair Work (Registered Organisations) Act 2009(Cth) and which appears on the Register of Organisations; - a Cooperative registered under State or Territory legislation and which appears on the State or Territory register of cooperatives;
- a Charity registered under the Australian Charities and Not-for-Profits Act 2012(Cth), and which appears on the Australian Charities and Not-for-Profits Commission’s Charities and Not-for-Profits Register;
- a Political Party registered under the Commonwealth Electoral Act 1918 (Cth) or State or Territory Electoral Act and which appears on the Register of Political Parties or as otherwise named;
- a Partnership under the relevant Australian State or Territory law where at least one of the partners are Australian citizens or permanent resident visa holders or an Australian body corporate;
- an Unincorporated Association formed in an Australian State or Territory with at least its management committee being Australian citizens or permanent resident visa holders;
- a Trust where the trustee must be an Australian citizen or the trustee is an Australian body corporate;
- an Educational Institution regulated under an Australian State, Territory or Commonwealth law;
- Government, being either the Crown or a Commonwealth, State or Territory statutory agency;
- a Commonwealth entity as defined in section 10 of the Public Governance, Performance and Accountability Act 2013(Cth);
- the applicant or owner of an Australian Trade Mark can rely upon that application or registration to establish an Australian presence, but only in respect of a domain name that is an exact match of the words which are the subject of the Australian Trade Mark application or registration.
Australian Trade Mark means:
- a pending trade mark application or a registered trade mark that appears on IP Australia’s trade mark database;
- words include words in roman or non-roman characters.
Business name means a name used or to be used, in relation to a business and is recorded on the Business Names Register established under the Business Names Registration Act 2011(Cth).
Commercial entity means:
- a company under the Corporations Act 2001(Cth);
- a Commonwealth entity as defined in section 10 of the Public Governance, Performance and Accountability Act 2013(Cth);
- a Registrable Body under the Corporations Act 2001(Cth);
- an Incorporated Association under State or Territory legislation;
- an entity or natural Person issued with an Australian Business Number under the A New Tax System (Australian Business Number) Act 1999 (Cth);
- a Statutory Body under Commonwealth, State or Territory legislation that engages in trade or commerce;
- a Trust issued with an Australian Business Number, but does not include a charitable trust or a public or private ancillary fund;
- an Incorporated limited partnership under State and Territory legislation;
- a Trading Cooperative under State and Territory legislation;
- Government, being either the Crown or a Commonwealth, State or Territory statutory agency; or
- a foreign legal entity or natural person who holds or has applied for an Australian Trade Mark.
Community group means a group of people who reside in a geographically defined area that has a geographical name within the limits of a State or Territory and who provide services to residents of that area.
NOTE: For example: A community group living in a suburb of a capital city who want to establish a website to share information and improve access and connections to services for people living there, such as carlton.vic.au.
Complaint means an expression of dissatisfaction made to a Registrar by a Person in relation to its application of these .auDA Rules, where a response or resolution is explicitly or implicitly expected by that Person.
Cooling off period means three calendar days commencing immediately after a Person enters into a Licence Agreement.
Court Order means an order, direction or other instrument made by:
- a court;
- a tribunal;
- a judge; or
- a magistrate; and
includes an order, direction or other instrument that is of an interim or interlocutory nature.
Company limited by guarantee has the same meaning as section 9 of the Corporations Act 2001(Cth).
Domain name means a unique identifier consisting of a string of alphanumerical characters registered in a designated namespace and recorded in WHOIS data.
Domain Name Monetisation means an application for a licence by a Person with the sole purpose of selling, leasing or holding the applied for Domain Name to generate revenue. Domain Name Monetisation includes warehousing and registering a licence for the sole purpose of transferring the licence to another Person.
NOTE: For example:
- Affiliate websites where a domain name is chosen and developed as a keyword for websites and advertisements;
- Pay-per-click websites where revenue is earned through the use of proprietary advertising systems;
- Domain parking where advertising is published on the parked domain name;
edu.au child zones means qld.edu.au, tas.edu.au, nsw.edu.au, eq.edu.au, act.edu.au, vic.edu.au, sa.edu.au, wa.edu.au, nt.edu.au, catholic.edu.au, schools.nsw.edu.au, and education.tas.edu.au namespaces.
edu.au Registrar means a Registrar which is authorised by .au Domain Administration under the Registrar Accreditation Agreement to provide Licensing service for the edu.au namespace and edu.au child zones.
Enforcement body has the same meaning as in section 6 of the Privacy Act 1988(Cth).
Enforcement related activities has the same meaning as in section 6 of the Privacy Act 1988(Cth).
Exact match means that the domain name being applied for is identical to the words which are the subject of an Australian Trade Mark. The domain name must include all the words in the order in which they appear in the Australian Trade Mark, excluding:
- DNS identifiers such as com.au;
- punctuation marks such as an exclamation point or an apostrophe;
- articles such as ‘a’, ‘the’, ‘and ’or ‘of’; and
- ampersands.
First come, first served means that the first Person who applies for a licence with a domain name will be entitled to use the Domain Name System with that domain name, subject to its availability and the Person satisfying eligibility criteria.
Foreign company means a company incorporated outside Australia and which is registered with the Australian Securities and Investment Commission to carry on business in Australia.
Foreign legal entity means a body corporate that is incorporated in an external Territory or outside Australia and the external Territories, and which is not a Registrable body.
Geographically defined area means a suburb, city, town or local government area.
Geographical name means a name that appears in the Gazetteer of Australia 2012.
Goods has the same meaning as under section 2 of the Australian Consumer Law.
Immediate family has the same meaning as section 9 of the Corporations Act 2001(Cth)
Intelligence agency means:
- the Office of National Intelligence;
- the Australian Security Intelligence Organisation;
- the Australian Secret Intelligence Service;
- the Australian Signals Directorate;
- the Defence Intelligence Organisation;
- the Australian Geospatial – Intelligence Organisation.
Internationalised Domain Name means domain names containing characters not included in the traditional DNS preferred form (‘LDH’).
Legal name means the name that appears on all official documents or legal papers.
NOTE: For example: A natural Person’s legal name is the name that appears on their Birth Certificate or Change of Name Certificate (Deed Poll).
Licence means a non-exclusive, non-transferable, revocable licence issued by .au Domain Administration, to a Person to use the Domain Name System (DNS) with a unique identifier of their choice. A licence does not create a proprietary interest in the Domain Name System or a domain name.
Licence Agreement means an agreement to be entered into, or renewed, between the Registrar and each Registrant which sets out the terms on which the Registrant is granted a Licence.
Licence fee means a fee paid by the Registrant which incorporates two components:
- a wholesale amount charged by the Registry Operator; and
- a retail amount charged by the Registrar.
Licence period means a period of 1, 2, 3, 4 or 5 years.
Match means that the domain name being applied for is identical to one, some or all of words or numbers used in the Person’s legal name, business name or Australian Trade Mark. The domain name must use the words or numbers in the same order as they appear in the Person’s legal name, business name or Australian Trade Mark and must not include any additional words or numbers. The following are not included:
- commercial status identifiers such as ‘Pty Ltd’;
- DNS identifiers such as com.au;
- punctuation marks such as an exclamation point or an apostrophe;
- articles such as ‘a’, ‘the’, ‘and ’or ‘of’; and
- ampersands.
NOTE: A Person with a business name ‘Forexample Publishing’ would be able to register forexample, forexamplepublishing, forexample-publishing, and publishing as domain names.
Namespaces means the following: .au, com.au, net.au, org.au, asn.au, id.au, edu.au, qld.edu.au, nsw.edu.au, eq.edu.au, act.edu.au, vic.edu.au, sa.edu.au, wa.edu.au, nt.edu.au, catholic.edu.au, schools.nsw.edu.au, education.tas.edu.au, tas.edu.au, sa.au, wa.au, nt.au, qld.au, nsw.au, vic.au, tas.au and act.au or as varied from time to time by .au Domain Administration.
Nickname means a familiar or humorous name given to a Person but does not include the name of a company, trademark, profession or service.
No hierarchy of rights means that a person has no better entitlement to a name in a namespace than any other person and that no namespace is of greater or lesser value than another namespace.
NOTE: For example, a trademark holder has no better entitlement to the same name in a namespace than any other person.
Non-eligibility event means the date from which a Registrant is no longer eligible to hold a licence under these .auDA Rules and includes the death of a natural Person licence holder.
No proprietary rights in a domain name means a Registrant has a licence to use the Domain Name System with a unique identifier (a domain name) for a specified period in a specific namespace, subject to terms and conditions. A Person may dispose of a licence by transferring it to an eligible third party, cancelling the licence or failing to renew it. A Person does not legally ‘own’ a domain name.
Not for Profit entity means:
- an Incorporated Association under State or Territory legislation;
- a Company limited by guarantee under the Corporations Act 2001(Cth)
- a Non-distributing co-operative registered under State or Territory legislation;
- an Indigenous Corporation registered under the Corporations (Aboriginal and Torres Strait Islander) Act 2006(Cth) and which appears on the Register of Aboriginal and Torres Strait Islander Corporations;
- a Registered Organisation that is:
(a) an association of employers;
(b) an association of employees (union); or
(c) an enterprise association;
registered under the Fair Work (Registered Organisations) Act 2009(Cth) and which appears on the Register of Organisations; - a Charitable trust endorsed by the Australian Taxation Office as a Deductible Gift Recipient;
- a Non-trading cooperative under State or Territory legislation;
- a Public or Private Ancillary Fund endorsed by the Australian Taxation Office as a Deductible Gift Recipient;
- an unincorporated association that appears on the Register of Charities established under the Australian Charities and Not for Profit Commission Act 2012(Cth);
- a Political Party registered under the Commonwealth Electoral Act 1918(Cth) or State or Territory Electoral Act and which appears on the Register of Political Parties or as otherwise named; or
- Government, being either the Crown or a Commonwealth, State or Territory statutory agency.
Occupation means a profession or trade subject to Commonwealth, State or Territory professional standards legislation.
Peak State or Territory body means a not for profit entity that represents:
(a) not for profit societies, associations or clubs, established for community service (but not political or lobbying) purposes;
(b) not for profit societies, associations or clubs established for the encouragement of art, literature or music;
(c) not for profit societies, associations or clubs established for the encouragement of animal racing or a game or a sport or recreational activity;
within that State or Territory.
NOTE: For example, a peak Victorian body for sport and recreation is Football Federation Victoria. A peak New South Wales body for community service organisations is Carers NSW. A peak Western Australia body for the arts is Propel Youth Arts WA.
Pending trade mark means a trade mark application that has either status of published or accepted on IP Australia’s trade mark database.
Person means:
- a Commonwealth, State or Territory Minister;
- a Commonwealth, State or Territory statutory authority;
- a Commonwealth entity as defined in section 10 of the Public Governance Performance and Accountability Act 2013 (Cth);
- a company registered under the Corporations Act 2001 (Cth).
- a Registrable Body under the Corporations Act 2001 (Cth), which has an Australian Registered Body Number (ARBN)
- an Incorporated Association under State or Territory legislation;
- an Indigenous Corporation registered under the Corporations (Aboriginal and Torres Strait Islander) Act 2006 (Cth) and which appears on Register of Aboriginal and Torres Strait Islander Corporations:
- a Registered Organisation under the Fair Work (Registered Organisations) Act 2009(Cth);
- an Incorporated limited partnership under State or Territory legislation;
- a Cooperative under State or Territory legislation, and which appears on the State or Territory register of cooperatives;
- a Natural Person who is 18 years or older; or
- Foreign legal entity
A Person does not include a privacy or proxy service.
Privacy service means a service which lists alternative, reliable contact information (such as an address or telephone number) in WHOIS, while keeping the domain name registered to its beneficial user as the Registrant.
Proprietary company means a company registered under section 45A of Corporations Act 2001(Cth).
Proxy service means a service which registers the domain name itself and licenses the use of the domain name to its customer.
Public interest means a concern common to the public at large or a significant portion of the public, which may or may not involve the personal or proprietary rights of individual people.
Published Policies means policies as approved by the .au Domain Administration Board, which are published on the .au Domain Administration website.
NOTE: For example: These auDA Rules are Published Policies.
Registrable body means a registrable Australian body or foreign company under the Corporations Act 2001(Cth).
Registrant means a Person who is issued a licence to use the DNS with a unique identifier (domain name) and is recorded as the ‘Registrant’ in the Registry Data.
Registrar means a Person that is:
- accredited by .au Domain Administration as a Registrar; or
- authorised by .au Domain Administration to process Registry Data on behalf of Registrants in regard to a particular namespace.
Registrar of Record means the Registrar recorded as the Registrar for the licence in the WHOIS data.
Registry means the primary and secondary nameservers and WHOIS servers, a database containing the Registry Data and a mechanism for accessing that data, in relation to a namespace.
Registry data means all data maintained in electronic form in the Registry, including:
- Registrant contact information;
- technical and administrative contact information;
- WHOIS data;
- all other data submitted by Registrars in electronic form; and
- any other data concerning particular registrations or nameservers maintained in electronic form in the Registry data base.
Registry Operator means a Person who has been accredited or licensed by .au Domain Administration to maintain a Registry or to provide registry services in relation to the Registry.
Related Australian Body Corporate has the same meaning as section 50 of the Corporations Act 2001(Cth).
Reserved names means names which are withheld from the DNS and are not available for registration by any Person, except in certain circumstances.
Restoration fee means the fee charged by the Registrar and Registry Operator to restore a cancelled licence.
Service includes:
- a service relating to banking, insurance, and the provision of grants, loans, credit or finance;
- a service relating to entertainment, recreation or refreshment;
- a service relating to transport or travel;
- a service relating to gas, water or electricity;
- a service of a kind provided by members of any profession or trade;
- a service of a kind provided by government, a government or public authority or a local government;
- a service of a kind provided by a not for profit for the benefit of the public or a sector of the community;
- a service providing information or a referral to another provider which relates to goods or services used by the public or a sector of the public.
State and Territory namespaces means wa.au, nt.au, sa.au, qld.au, nsw.au, act.au, vic.au and tas.au.
Sub-domain means a domain which is part of a larger domain under the DNS hierarchy.
NOTE: For example: 123.auda.org.au is a sub-domain of auda.org.au
Suspension means that the licence will be withheld from the DNS.
Synonym means a word or phrase that means exactly or nearly the same thing as another word in the English language. Whether a word or phrase is a synonym will be determined by reference to the Oxford Australian Dictionary or Oxford Australian Thesaurus.
Transfer means a novation of the transferor Person’s licence and a new licence agreement being entered into by the transferee Person.
Unique Identifier means an alphanumerical string that comprises a unique identifier, commonly referred to as a ‘domain name’.
WHOIS data means an extract of the domain namespace data which is made available to the public through a WHOIS service provided by the Registry Operator.
Writing includes the recording of words or data in any way (including electronically) or the display of such by any form of communication if at the time of recording it was reasonable to expect that the words or data would be readily accessible so as to be useable for subsequent reference.
NOTE: For example, a Registrar may use an online application form for the purpose of providing Registrar services to a Person, as the data is useable for the WHOIS Service.
Part 2 – Licences
2.1 OVERVIEW
|
The following is an overview of this Part which includes specifying:
|
2.2 APPLICATION
2.2.1 A Person must apply to a Registrar for a licence and must use the Registrar’s form.
2.2.2 An application must include:
- the legal name of the Person applying;
- contact details for the Person, including telephone, email and address for service of documents;
- details of the administrative and technical contacts including full postal, phone and email addresses;
- evidence that the Person satisfies the Australian presence requirement and any applicable eligibility and allocation criteria;
- the domain name being applied for;
- the licence period applied for;
- agreement to the licence terms and conditions; and
- the payment of the licence fee.
2.2.3 A Person must not use a proxy or privacy service to apply for a licence.
Agents
2.2.4 A Person may use an agent to make an application.
2.2.5 An agent making an application on behalf of a Person, warrants and represents to the Registrar and .au Domain Administration, that they have been granted the requisite authority by the Person to make an application and bind that Person to the terms and conditions of the Licence Agreement and the .auDA Rules.
2.2.6 An agent must ensure that the Person on whose behalf they are applying is recorded as the Registrant in the registry data.
2.2.7 A Registrar must not act as an agent for a Person making an application.
Related Body Corporate
2.2.8 A Person that is a proprietary company or a company limited by guaranteemay apply for a licence on behalf of a related body corporate, where that related body corporate has an Australian presence.
2.2.9 A Person who is applying for a licence on behalf of a related body corporate must record their corporate name as it appears on the register of companies under the Corporations Act 2001 (Cth) as the Registrant.
NOTE: For example, Company X is the holding company for Company Y and Company Z. Company X may apply for licences on behalf of Company Y and Company Z. Company X may register CompanyY.com.au.
2.2.10 The related body corporate rule only applies to licences in the .au, com.au and net.au namespaces.
2.2.11 The related body corporate exception does not apply to a Person that is a Registrar.
2.2.12 The related body corporate exception does not apply to the edu.au namespace and the edu.au child zones.
2.3 DECISION TO ISSUE A LICENCE
2.3.1 .au Domain Administration will issue a licence to a Person, where the Registrar is satisfied that:
- the identity of the Person has been validated;
- the Person is eligible to apply for the licence;
- the domain name complies with any allocation criteria for the namespace;
- the domain name is available;
- the Person has agreed to the licence terms and conditions;
- the licence period has been specified; and
- the licence fee has been paid.
2.3.2 A licence will be issued on a first come, first served basis. Where there are competing applications for a licence with the same domain name in a namespace, it will be the first complete application received by the Registry that will be accepted. The date and time of receipt by the Registry shall be the sole reference point.
2.3.3 A licence does not confer any proprietary interest in the domain name.
2.4 ELIGIBILITY AND ALLOCATION CRITERIA
2.4.1 A Person applying for a licence must:
- have an Australian presence; and
- satisfy any eligibility and allocation criteria for the namespace being applied for as specified in paragraphs 2.4.3 to 2.4.11.
2.4.2 Where a Person is applying for a licence on behalf of a related body corporate, the related body corporate must satisfy the Australian presence requirement.
.au namespace
2.4.3 There are no eligibility and domain name allocation criteria for the .au namespace other than an Australian presence.
com.au and net.au namespace
2.4.4 A Person applying for a licence in the com.au and net.au namespaces must be
- a commercial entity; and
- the domain name applied for must be:(a) a match of the Person’s company, business, statutory or Personal name; or
(b) an acronym of the Person’s company, business, statutory or Personal name; or
(c) a match of the Person’s Australian Trade Mark; or
(d) a match to or an acronym of a name of a related body corporate or
(e) a match or an acronym of a name of:
(i) a partnership of which the Person is a partner;
(ii) a trust of which the Person is a trustee; or
(f) a match or synonym of the name of:
(i) a service that the Person provides;
(ii) goods that the Person sells (whether retail or wholesale);
(iii) an event that the Person registers or sponsors;
(iv) an activity that the Person facilitates, teaches or trains;
(v) premises which the Person operates
and which that Person is providing at the time of the application.
2.4.5 Sub-paragraph 2.4.4(2) does not apply where a Person has established an Australian presence by relying on an Australian Trade Mark, the domain name must be an exact match to the words which are the subject matter of the Australian Trade Mark.
org.au namespace
2.4.6 A Person applying for a licence in the org.au namespace must be:
- a not for profit entity; and
- the domain name applied for must be:
(a) a match to or synonym of the name of:(i) a service that the Person provides;
(ii) a program that the Person administers;
(iii) an event that the Person registers or sponsors;
(iv) an activity that the Person facilitates, teaches or trains;
(v) premises which the Person operates;
(vi) an occupation that its members practise;
and which that Person is providing at the time of the application; or
(b) a match of the Person’s legal name, business or statutory name or the name of the unincorporated association; or
(c) a acronym of the Person’s legal name, business name, or statutory name; or
(d) a match of the Person’s Australian Trade Mark; or
(e) a match to the name of a trust of which the Person is a trustee.
asn.au namespace
2.4.7 A Person applying for a licence in the asn.au namespace must be:
- (1) a not for profit entity or unincorporated association; and
- (2) the domain name being applied for must be:
(a) a match to or synonym of the name of:(i) a service that the Person provides;
(ii) a program that the Person administers;
(iii) an event that the Person registers or sponsors;
(iv) an activity that the Person facilitates, teaches or trains;
(v) premises which the Person operates; or
(vi) an occupation that its members practice;
and which that Person is providing at the time of the application; or
b) a match of the Person’s legal name, business or statutory name or the name of the unincorporated association;
(c) an acronym of the Person’s legal name, business name, statutory name or the name of the unincorporated association; or
(d) a match of the Person’s Australian Trade Mark.
id.au namespace
2.4.8 A Person applying for a licence in the id.au namespace must be:
- (1) a natural Person; and
- (2) the domain name being applied for must be:
(a) a match to a Person’s legal name, first name or family name;
(b) an acronym or abbreviation of the Person’s legal name, first name or family name; or
(c) a nickname of the Person.
State and Territory namespaces
2.4.9 A Person applying for a licence in a State or Territory namespaces must be:
- a not for profit entity; and
- a peak State or Territory body formed and operating within the limits of the State or Territory to which the namespace relates; or
- act on behalf of a community group residing in a locality in the State or Territory to which the namespace relates.
- the domain name applied for must be:
(a) a match of the Person’s legal name, business name or statutory name; or
(b) an acronym of the Person’s legal name, business name or statutory name; or
(c) a match to the Person’s Australian Trade Mark; or
(d) if a community group, the geographical name of the place in which the community resides.
2.4.9 A Person who is a not for profit entity can apply for and hold a licence on behalf of a community group that is not a Peak State or Territory body.
edu.au namespace
2.4.11 A Person applying for a licence in the edu.au namespace or an edu.au child zone must satisfy the eligibility and allocation rules in Schedule A of these auDA Rules.
2.4.12 A reference to edu.au namespace in these auDA Rules should be read as including the edu.au child zones, unless otherwise specified.
Prohibition on Domain Name Monetisation
2.4.13 Domain Name Monetisation is prohibited in the org.au, asn.au, id.au, edu.au and the State and Territory namespaces.
2.4.14 A Person must not apply for a licence in the org.au, asn.au, edu.au and the State and Territory namespaces for the sole purpose of transferring that licence to another Person.
2.5 DOMAIN NAME AVAILABILITY
2.5.1 A domain name will be available where:
- it is not already registered as a domain name in the namespace applied for;
- it is not a reserved name; and
- it complies with the syntax criteria for domain names in the namespace.
2.5.2 A Person must not apply to register a name which is deceptively similar to a namespace in the .au ccTLD.
2.5.3 A domain name is deceptively similar to a namespace if it so nearly resembles that namespace that it is likely to deceive or cause confusion to users of the Internet.
2.5.4 A name is deceptively similar to a namespace, where the name omits or repeats a letter contained in the name of a second level namespace in the .au ccTLD.
NOTE: For example:comm.au is deceptively similar to the name of the com.au namespace and co.au is also deceptively similar to com.au.
2.6 RESERVED NAMES
2.6.1 The following categories of reserved domain names are not available to be registered as a domain name:
- a word, acronym or abbreviation that is restricted or prohibited under an Australian law;
- a name or abbreviation of an Australian state or territory, including the word ‘Australia’; or
- names that may pose a risk to the security, stability and integrity of the .au and global Domain Name System.
2.6.2 A Person may apply for the registration of a name whose use is prohibited under Australian law, if:
- the Person is a statutory authority for whom the name has been restricted for their use;
- the Person has Ministerial consent to use the name and a copy of that consent is provided to .au Domain Administration; or
- the Person is not captured by the relevant prohibition.
2.6.3 The registration of a reserved name may result in the suspension or cancellation of a licence depending upon the circumstances.
2.6.4 .au Domain Administration may reserve names:
- that pose a risk to the operational security, integrity and utility of the .au domain;
- where it is necessary for the proper administration of government; and
- for future use by the administrator of the .au ccTLD for operational purposes or as second level domains.
NOTE: The names specified under subparagraph 2.6.4(2) may be used to provide official services as the administrator of .au ccTLD.
2.6.5 .au Domain Administration must not approve any name for use as a future second level domain where the name is already registered in the .au namespace.
2.6.6 .au Domain Administration must publish all the names which are proposed to be reserved for future use on the .au Domain Administration website for a minimum period of 21 calendar days.
2.6.7 .au Domain Administration will publish on its website, all those reserved names which pose a risk to the integrity, stability and security of the .au DNS, once those names have been blocked at the Registry.
2.7 SYNTAX REQUIREMENTS
2.7.1 A domain name must comply with the following syntax requirements:
(1) be at least two characters long;
(2) contain only letters (a-z), numbers (0-9) and hyphens (-), or a combination of these;
(3) start and end with a number or a letter, not a hyphen; and
(4) not contain hyphens in the third and fourth position (for example, ab—cd.com.au).
2.8 INTERNATIONALISED DOMAIN NAME
2.8.1 A Person may apply to register an Internationalised Domain Name in the .au namespace using the syntax requirements set out in the applicable IDN Tables. The initial scripts supported are:
- Chinese (Simplified);
- Korean;
- Japanese;
- Arabic; and
- Vietnamese.
2.8.2 A domain name within .au must be at least two letters long
NOTE: For example, 例.au (xn—fsq.au) will not be allowed.
2.9 COLLECTION, USE AND DISCLOSURE
2.9.1 A Person consents to the collection, use and disclosure of information provided in their application by the Registrar, Registry Operator and .au Domain Administration for the following purposes:
- assessment of an application for a licence;
- maintaining complete and accurate registry data of all licences issued to Registrants;
- providing a WHOIS service that provides accurate and up to date information to the public about the Registrant and their technical and administrative contacts;
- to monitor a Registrant’s compliance with their licence terms and conditions;
- to assist with and resolve complaints relating to a licence;
- supporting alternative dispute resolution or court proceedings; or
- to comply with .au Domain Administration, the Registry Operator and the Registrar’s obligations under an Australian law, including a court order.
2.9.2 A Person consents to the collection, use and disclosure of the licence information by .au Domain Administration for the purpose of enabling data analytics to be carried out on the registry data to identify issues and solutions to inform policy development, registry management and service delivery.
2.9.3 Where a Person is unable to obtain the consent of the other party in relation to the technical and administrative contacts, the Person must instead use role-based descriptions for those contacts.
NOTE: For example, the administrative contact name for .au Domain Administration is ‘CEO’ and the email address is: auDA.domains@auda.org.au.
2.10 WARRANTIES
2.10.1 A Person makes the following warranties to .au Domain Administration and the Registrar, when applying for or renewing a licence:
- that the information provided by the Person to the Registrar is true, accurate, and complete;
- that the Person meets, and will continue to meet, the eligibility and allocation criteria specified in these .auDA Rules, for the duration of the licence;
- that the name, abbreviation or acronym used as a domain name is not a reserved name;
- that the name is not deceptively similar to the name of a namespace in the .au ccTLD;
- that the Person is not providing a proxy or privacy service;
- that the Person will not, and does not, use the licence for any purpose that is unlawful, illegal or fraudulent under Australian law;
- the Person acknowledges that the licence will be suspended or cancelled by the Registrar or .au Domain Administration if any of the warranties specified in subparagraph 2.10.1(1 to 6) are found to be untrue, inaccurate or incomplete; and
- the Person agrees that the use of the Licensing Service is solely at their own risk.
2.11 REGISTRANT OBLIGATIONS
Contractual Capacity
2.11.1 A Registrant must continue to be a Person to hold a licence.
2.11.2 A licence is deemed to be cancelled by the .au Domain Administration, 30 calendar days from the date the Person ceases to exist.
NOTE: For example, if the Registrant is a company and the company is deregistered on 2 February 2020, then the cancellation date of the licence is 2 March 2020.
2.11.3 A Person cannot transfer a licence on or after the date the licence is deemed to be cancelled by .au Domain Administration.
Australian Presence
2.11.4 A Person must continue to have an Australian presence throughout the licence period.
2.11.5 A licence will be cancelled by the Registrar or .au Domain Administration, where a Person no longer has an Australian presence.
NOTE: For example: A foreign natural person whose Australian Trade Mark registration has lapsed no longer has an Australian presence and the licence will be cancelled.
Namespace Eligibility
2.11.6 A Person must remain eligible to hold the licence for a namespace throughout the licence period. If the Person is no longer eligible, the licence may be suspended or cancelled by the Registrar or .au Domain Administration.
Accurate registry data
2.11.7 A Person must ensure that their information is complete, true and accurate throughout the licence period.
2.11.8 A Person must inform the Registrar of any changes to the information used to apply for or renew a licence and which is recorded in the registry data within 14 calendar days after becoming aware of that change.
Sub-domains
2.11.9 A Person may create sub-domains under its licence, subject to the Person ensuring that:
- any party using the sub-domain name meets the Australian presence, and any eligibility criteria applying to that licence;
- the sub-domain is not used for any illegal, unlawful or fraudulent conduct; and
- the sub-domain is not sold or leased under its licence to any Person.
2.11.10 Where a Person creates a sub-domain under their licence and that sub-domain contravenes paragraph 2.11.9, .au Domain Administration may suspend or cancel that Person’s licence.
Third Party Use
2.11.11 A Person must not rent, lease, sub-licence or permit the use of the licence by another Person, unless that Person is a related body corporate with an Australian presence.
Note: For example, auDA Pty Ltd is the holding company for auDA 2.0 Pty Ltd. auDA Pty Ltd may permit auDA 2.0 Pty Ltd to use the licence auDA.com.au.
2.11.12 A Person must not grant or purport to grant a security interest in their licence or the associated domain name.
Complaints and Disputes
2.11.13 Any Person holding a licence must:
- agree to participate in and abide by a decision made under the complaints process set out in Part 3 (Complaints) of these auDA Rules; and
- agree to participate in and be bound by a decision made under the .auDRP Policy.
2.11.14 Paragraph 2.11.13 does not limit the right of a Person to pursue a cause of action under Australian law.
Prohibited uses
2.11.15 A Person must not use the licence to facilitate any conduct which is illegal, unlawful or fraudulent under Australian law.
2.11.16 A Person must not use or inadvertently allow their domain name to be used to compromise the integrity, stability and security of the .au and global DNS.
2.11.17 The licence will be cancelled where:
- the Registrant is convicted of a criminal offence under an Australian law; and
- the licence using that domain name was instrumental in committing that offence.
2.11.18 .au Domain Administration, in its sole discretion, may suspend or cancel a licence or take any other action necessary on the request of an:
- enforcement body; or
- intelligence agency;
where .au Domain Administration considers it is in the public interest to do so.
NOTE: Further details about the ‘public interest test’ are specified in paragraph 2.17.
2.12 AUTHORISATION CODE
2.12.1 Section 2.12 specifies the process, procedures and obligations on a Registrant relating to domain name licence authorisation codes (authorisation code).
On Registration
2.12.2 At the time of registration, the Registrant may choose between two authorisation code options. Either:
- accept the Registrar generated authorisation code; or
- choose an authorisation code themselves.
2.12.3 A Registrant may change the authorisation code at any time during the licence term by informing the Registrar.
Form of Authorisation Code
- 2.12.4 An authorisation code must contain:
- between 13 and 32 characters;
- have at least one letter (a-z) and one number (0-9); and
- have no dictionary words.
Obligations on Registrant for use of an Authorisation Code
2.12.5 The Registrant must:
- take all reasonable measures to secure the authorisation code; and
- report to the Registrar any lost or stolen authorisation codes, or if the Registrant believes that another Person has knowledge of the authorisation code.
2.12.6 A Registrant must provide the authorisation code to the Registrar when:
- requesting a licence transfer; and
- authenticating any communications with the Registrar.
2.12.7 A Registrant must change their authorisation code within two calendar days if they have transferred their licence to a new Registrar.
2.12.8 If the Registrant has not changed their authorisation code as required by paragraph 2.12.7, then the new Registrar may reset the authorisation code.
2.12.9 The new authorisation code must be provided by the Registrar to the Registrant within 24 hours of being reset.
Retrieval of Authorisation Code
2.12.10 The following process is specified in circumstances where a Registrant requests a copy of their authorisation code from the Registrar:
- the Registrant must make the request to the Registrar in writing;
- the Registrar must be satisfied that the Registrant has authorised the request before providing the authorisation code to the Registrant;
- the Registrar must provide the authorisation code only to the relevant Registrant contact listed in the registry data;except in circumstances where,
- the Registrant has provided written authorisation to the Registrar that the authorisation code can be provided to a third party, and the Registrar is satisfied that that authorisation has been made by the Registrant.
2.12.11 A Registrant may also retrieve their authorisation code and check the creation or expiry data of their domain name, by using the registry authorisation code recovery tool.
2.13 LICENCE TRANSFERS
Transfers – Change of Registrant
2.13.1 A Registrant may transfer their licence through a Registrar to a Person provided that:
- the Registrant is eligible to hold the licence at the date of transfer;
- the Person meets the Australian presence requirement and any applicable eligibility and allocation criteria;
- the transfer request by the Registrant is in writing to the Registrar;
- the licence is not subject to any complaint process under these auDA Rules, dispute resolution or court proceedings; and
- the licence term has not expired.
2.13.2 The Person to whom the licence is being transferred must:
- at the date of the transfer, satisfy the Australian presence and any eligibility and allocation criteria for the namespace;
- enter into a new Licence Agreement with the Registrar;
- specify the new licence period; and
- pay the new licence fee.
2.13.3 The Registrar must:
- before transferring the licence, determine that the Registrant remains eligible to hold the licence and the Person to whom the licence is being transferred satisfies the Australian presence and any eligibility and allocation criteria;
- transfer the licence within two calendar days of the request; and
- do so in accordance with the .au Domain Administration Registrar rules.
2.13.4 A Registrant must request a transfer of the licence to a Person within 28 calendar days from the date that a contract or agreement for the transfer of the licence is entered into by the parties, unless that contract or agreement specifies otherwise.
2.13.5 On transfer, the Registrant’s licence agreement is terminated, and the Person to whom the licence is being transferred must enter into a new Licence Agreement for the licence.
2.13.6 Failure to transfer the licence in accordance with paragraphs 2.13.1 to 2.13.4 will result in the cancellation of the licence.
2.13.7 A fraudulent transfer of a licence will result in the licence transfer being cancelled by the Registrar or .au Domain Administration.
Transfers – Change of registrar of record
2.13.8 A Registrant has the right to transfer a licence between Registrars provided:
- that the Registrant is eligible to hold the licence at the date of the transfer;
- the transfer request is in writing from the Registrant;
- the Registrant provides a valid authorisation code for the licence; and
- the licence is not subject to any complaints process under these auDA Rules, dispute resolution or court proceedings.
2.13.9 A Registrant is not required to pay a fee for the transfer of a licence between Registrars.
2.13.10 A Registrant is not permitted to transfer a licence in the edu.au namespace or edu.au child zones from the edu.au Registrar to another Registrar.
Domain Synchronisation
2.13.11 If a Registrant has multiple licences with different expiry dates, then the Registrant may alter the expiry dates to one date by reducing the licence term.
NOTE: For example, if the Registrant has two licences with expiry dates of 10 January 2020 and 28 September 2020 respectively, then they may be synchronised by reducing the licence term of the latter to 10 January 2020
2.13.12 A Registrant is not entitled to a refund of the licence fee if the term of the licence is reduced under paragraph 2.13.11.
2.14 LICENCE RENEWAL
2.14.1 A Registrant may apply to the Registrar to renew the licence 90 calendar days prior to expiry date provided that the Registrant:
- continues to be a Person eligible for the licence and domain name allocation;
- agrees to the licence terms and conditions;
- nominates the new licence period; and
- pays the required licence fee.
2.14.2 .au Domain Administration will renew the licence, where the Registrar is satisfied that the Person continues to meet the eligibility and allocation criteria for a licence in the namespace.
2.14.3 The term of the new licence will commence on the expiry date of the old licence.
Expired Licences
2.14 .4 A Registrant whose licence has expired may apply to the Registrar to renew the licence within 30 calendar days from the licence expiry date provided that the Registrant:
- continues to be a Person eligible for the licence and domain name allocation;
- agrees to the licence terms and conditions;
- nominates the new licence period; and
- pays the required licence fee.
2.14.5 If a licence is not renewed before the expiry of the 30 calendar day period, the domain name will become available to the public on a first come, first served basis.
2.14.6 The term of the new licence will commence on the expiry date of the old licence.
NOTE: For example, if a licence was due to expire on 30 June 2018 and was renewed on 12 July 2018 for a five year term, the new expiry date will be 30 June 2023.
2.15 CANCELLING AND RESTORING A LICENCE
Cancelling a Licence
2.15.1 A Registrant may cancel its licence at any time during the licence period by giving written notice to the Registrar.
2.15.2 A Registrant or Registrar is not entitled to a refund of the wholesale licence fee for the remainder of the licence period when the licence is cancelled outside the cooling off period.
2.15.3 A Registrar must cancel the licence within two calendar days of receiving the written notification from the Registrant.
Cooling off period
2.15.4 A Registrant, after entering into a Licence Agreement, may cancel its licence within the cooling off period by giving the Registrar written notice.
2.15.5 A Registrar may cancel a Person’s licence during the cooling off period if the following circumstances apply:
- the Person has not paid the required fee;
- the Person is not eligible for the licence; or
- the Person has provided inaccurate, incomplete or fraudulent details.
2.15.6 The Registry Operator will refund the wholesale licence fee to the Registrar.
Restoring a licence
2.15.7 Where a Registrant cancels a licence, then the Registrant may request that a Registrar restore a cancelled licence within two calendar days from the date the licence was cancelled by the Registry Operator.
2.15.8 A licence is deemed to be cancelled when it appears on the Deleted Domain List maintained by the Registry Operator.
2.15.9 The Registrant must pay the Registrar the required restoration fee.
2.16 AUDIT AND COMPLIANCE MONITORING (.au DOMAIN ADMINISTRATION AND REGISTRARS)
2.16.1 .au Domain Administration, from time to time, may undertake compliance monitoring activities in order to ensure that Registrants comply with these auDA Rules in respect to their licences.
2.16.2 These compliance activities include:
- audits of the registry data;
- review of complaints or complaint data; and
- undertaking searches of the Registry data on request of an enforcement body or an intelligence agency.
Licence Suspension and Cancellation
2.16.3 .au Domain Administration or a Registrar, may suspend or cancel a licence where:
- any of the warranties made by the Registrant at the time of applying for or renewing a licence are found to be untrue, inaccurate or incomplete;
- the Registrant has failed to comply with these Registrant obligations;
- it is in the public interest; or
- .au Domain Administration or the Registrar must comply with a court order or an instrument made under Australian law.
Licence Suspension
2.16.4 A Registrant’s licence will be suspended in the following circumstances:
- the information provided at the time of applying for or renewing a licence is incomplete;
- where a reserved name has been registered;
- where the Registrant information has not been updated within 14 calendar days of the Registrant becoming aware of the requirement for a change;
- where a sub-domain under the licence does not comply with these .auDA Rules;
- where the Registrant has not complied with these .auDA Rules and the non-compliance is not of a severity that warrants the cancellation of a licence;
- where it is in the public interest; or
- in order to comply with a court order or Australian law.
2.16.5 A licence which has been suspended will not resolve in the DNS and the licence cannot be transferred.
2.16.6 A Registrant whose licence has been suspended has 30 calendar days to rectify the information deficit or non-compliance issue.
2.16.7 Where a Registrant fails to rectify the information deficit or non-compliance issue within 30 calendar days, the licence will be cancelled.
2.16.8 Where a licence is suspended on the grounds of public interest or to comply with a court order or an Australian law:
- .au Domain Administration or the Registrar are not required to provide notice to the Registrant; and
- there is no rectification period for the Registrant as specified in paragraph 2.16.6.
2.16.9 A Registrant will not be able to update the information in the Registry data or renew or transfer a licence that is suspended on public interest grounds.
Licence Cancellation
2.16.10 A Registrant’s licence will be cancelled in the following circumstances:
- the information provided at the time of registration or renewal of a licence is untrue;
- the Registrant is not eligible to hold the licence;
- the licence is being used to facilitate conduct which is illegal, unlawful or fraudulent under Australian law;
- the name registered is a reserved name and the Person is not entitled to use that name;
- the Registrant has permitted the use of the licence to a Person who is not a related Australian body corporate;
- where it is in the public interest;
- to comply with a decision made under a dispute resolution process;
- the licence or domain name poses a risk to the security, stability or integrity of the .au domain; or
- to comply with a court order.
2.16.11 A cancelled licence cannot be transferred or updated.
2.16.12 .au Domain Administration reserves the right to restore a licence which has been cancelled, only in the circumstances where a new licence with that domain name has not been issued to another Person. There is no fee payable where .au Domain Administration restores a cancelled licence.
2.17 PUBLIC INTEREST TEST
2.17.1 The .au Domain Administration may suspend or cancel a licence or take any necessary action, when it is in the public interest.
2.17.2 Before undertaking any action specified in paragraph 2.17.1, the .au Domain Administration must:
- have received a request from an enforcement body or intelligence agency; and
- believe on reasonable grounds that the action is in the public interest and satisfies one or more of the public interest objectives specified in paragraph 2.17.3.
2.17.3 A public interest objective is:
- the proper administration of government;
- the judicial system;
- public health and safety;
- national security;
- the prevention and detection of crime and fraud;
- consumer protection;
- the economic wellbeing of Australia;
- complying with Australia’s obligations under international law;
- the integrity, stability or security of the Domain Name System.
Making a request
2.17.4 An enforcement body or intelligence agency when making a request must provide the following information:
- the grounds for why the suspension or cancellation of the licence or the requested action is in the public interest;
- why .au Domain Administration is considered the appropriate body to determine the request;
- why the requested action cannot be undertaken by another statutory body or under an Australian law;
- the licence suspension period or the period for which any other action is required; and
- any other matter considered relevant to the request.
2.17.5 If the .au Domain Administration considers that the information is not sufficient to make a determination whether a licence should be suspended, cancelled or otherwise dealt with on public interest grounds, it may request additional information to enable the request to be dealt with.
2.17.6 The .au Domain Administration may rely upon the information provided by an enforcement body or intelligence agency, and (as appropriate) court orders, in determining whether a licence should be suspended or cancelled on public interest grounds.
Registrar Notice
2.17.7 The .au Domain Administration may suspend, cancel or otherwise deal with a matter relating to a licence in the public interest, without giving notice to the Registrant.
2.17.8 As a result of action specified in paragraph 2.17.1, the .au Domain Administration may advise the Registrar of the action and the reasons for suspending or cancelling a licence.
2.17.9 If an enforcement body or intelligence agency requests that a Registrar not be notified, then the .au Domain Administration may dispense with the notification specified in paragraph 2.17.8.
Suspension Period
2.17.10 The .au Domain Administration must specify the period of time that the licence will be suspended.
2.18 ACCESSING REGISTRY DATA
2.18.1 Schedules B to D of these auDA Rules specify relevant forms for section 2.18.
By the Registrant
Correction of Registrant Information
2.18.2 A Registrant may request that a Registrar correct information relating to the Person recorded as the Registrant in the Registry data.
2.18.3 A Registrant may only request such a correction where:
- the inaccuracy has arisen through a genuine error made in good faith by the Registrant in supplying information to the Registrar; or
- the inaccuracy has arisen through a genuine error made in good faith by the Registrar in recording the Registrant information;and only in the following circumstances:
- (3) the Registrant submitted or through error the Registrar recorded, inaccurate data at the time of registration;
- (4) the licence was incorrectly registered by the Registrar to the wrong party;
- (5) the licence was incorrectly registered by the Registrar in the name of the reseller or other agent who arranged the registration; or
- (6) where otherwise authorised by .au Domain Administration.
2.18.4 Any request must be made within 14 calendar days of the licence being recorded in the Registry data.
Updating of Registry Data
2.18.5 A Registrant may request a Registrar to update other information, which is not Registrant information, relating to their licence at any time, providing that the request is in writing and indicates the relevant field which must be updated.
2.18.6 The Registrar must update the Registry data within two calendar days of receiving the request from the Registrant.
2.18.7 A Registrant may apply to .au Domain Administration for a registry search of licences issued using the Registrant’s details.
2.18.8 The Registrant must use the ‘Request for domain name search’ form in making the request.
By other Persons
2.18.9 A Registrar and .au Domain Administration will provide registry information to another Person, but only in circumstances where access to that information is authorised or requested under Australian law.
2.18.10 .au Domain Administration may provide information on the date that a licence was issued or created:
- for the purpose of a claim under .auDRP; or
- as a result of court proceedings.
2.18.11 A request to access Registry data must be made on the form approved by .au Domain Administration as published on the website.
2.18.12 A fee is charged by .au Domain Administration for the provision of the information.
Disclosure and use of data – WHOIS Information
2.18.13 Schedule D of these auDA Rules specifies the information that is disclosed on the public WHOIS service for licences in the .au domain.
Disclosure and use of data – prohibited uses
2.18.14 The following are prohibited:
- the use of WHOIS data to support an automated electronic query process; and
- bulk access to WHOIS data, in contrast to a user sending individual queries to the data-base.
2.18.15 .au Domain Administration restricts the number of queries users can send to WHOIS, as stated on the WHOIS website: https://whois.auda.org.au/
2.19 LIMITATION OF LIABILITIES AND INDEMNITY
2.19.1 To the fullest extent permitted by law, .au Domain Administration or the Registry Operator will not be liable to the Registrant for any direct, indirect, consequential, special, punitive or exemplary losses or damages of any kind (including, without limitation, loss of use, loss of profit, loss or corruption of data, business interruption or indirect costs) suffered by the Registrant arising from, as the result of, or otherwise in connection with, any act or omission whatsoever of .au Domain Administration or Registry Operators, its employees, agents or contractors.
2.19.2 The Registrant agrees to indemnify, keep indemnified and hold .au Domain Administration and the Registry Operator, its employees, agents and contractors harmless from all and any claims or liabilities, arising from as a result of, or otherwise in connection with, the Registrant’s registration or use of its .au domain name.
2.19.3 Nothing in these auDA Rules is intended to exclude the operation of the Competition and Consumer Act 2010 (Cth).
PART 3 – COMPLAINTS
3.1 OVERVIEW
|
The following is an overview of this Part which includes specifying:
|
3.2 OBJECTS
3.2.1 The objects of the auDA Rules relating to complaints are to establish a process that:
- enhances public confidence in the .au namespace by ensuring that complaints are managed in a consistent, systematic and responsive manner;
- is transparent, accessible and effective;
- is committed to continuous improvement of the administration of the .au ccTLD through the analysis, evaluation and auditing of complaints; and
- reduces the likelihood of complaints escalating into disputes.
3.3 COMPLAINTS AND REVIEW OF DECISIONS
3.3.1 Paragraphs 3.4.1 to 3.4.6 specify the applicable process relating to complaints.
3.3.2 Paragraphs 3.5.1 to 3.7.3 specify the applicable process relating to a review of a decision.
3.3.3 Paragraphs 3.8.1 to 3.8.20 specify the applicable process relating to an external review of a decision of .au Domain Administration.
3.4 COMPLAINTS
Application Process
3.4.1 The Person must:
- make the complaint to the Registrar of Record;
- ensure that the complaint only relates to the responsibilities or obligations of a Registrant or Registrar under the auDA Rules; and
- make the complaint in the manner or form as required by the relevant Registrar.
3.4.2 A licence which is deemed to be cancelled under paragraph 2.11.2 of the auDA Rules (Contractual Capacity) cannot be the subject matter of a complaint under paragraph 3.4.1 of these .auDA Rules.
3.4.3 Any decision made by .au Domain Administration under paragraph 2.17 of these auDA Rules (the ‘Public Interest Test’) in relation to the suspension or cancellation of a licence, cannot be the subject of a complaint under paragraph 3.4.1.
Registrar Obligations
3.4.4 A Registrar has 30 calendar days to resolve the complaint unless the Registrar advises the Person that the complaint cannot be resolved in that period.
3.4.5 Where paragraph 3.4.4 applies, the Registrar must advise the Person of the new time frame for resolution.
3.4.6 A Registrar must, as soon as practicable after making a decision about the complaint, provide written notice to the Person, setting out:
- the decision;
- the reasons for that decision; and
- the Person’s right of appeal to .au Domain Administration to have the decision reviewed.
3.5 REVIEW OF REGISTRAR DECISIONS
3.5.1 A Person may apply to .au Domain Administration for the review of a decision made by, or the action or conduct of a Registrar, under these auDA Rules.
3.5.2 A Person must not apply to .au Domain Administration unless all avenues of redress with the Registrar have been exhausted.
3.5.3 An application for review must be lodged with .au Domain Administration within the following timelines:
- a decision to cancel a licence – five calendar days from the date the Registrar made the decision;
- a decision to suspend a licence – within 28 calendar days from the date the Registrar made the decision; and
- for all other matters – 28 calendar days from the date the Registrar made the decision or failed to make a decision or to rectify an act or engaged in conduct which is the subject matter of the complaint.
Extension of Lodgement Period
3.5.4 The Person may request that the .au Domain Administration extend the 28 calendar day period specified in subparagraphs 3.5.3(2)(3).
3.5.5 The .au Domain Administration has the discretion to either extend or not extend the lodgement period for an additional 28 calendar days from the expiry date of the initial lodgement period.
3.5.6 The .au Domain Administration must not extend the five calendar day application period as specified in subparagraph 3.5.3(1).
Form of Application
3.5.7 The application for review must:
- provide the name and contact details of the Person seeking the review;
- attach the original complaint as submitted to the Registrar;
- attach the written decision of the Registrar;
- set out the Person’s reasons for making the application;
- set out the avenues of redress undertaken by the Person in regard to the complaint as required by paragraph 3.5.2;
- set out the remedies which the Person is seeking; and
- be in the approved form as specified by .au Domain Administration.
Receipt of Application
3.5.8 .au Domain Administration will acknowledge receipt of an application for review of a Registrar’s decision within three business days.
3.5.9 If the application meets the requirements specified in paragraph 3.5.7, .au Domain Administration must place on hold any actions taken by a Registrar, until .au Domain Administration makes a decision in respect of that application.
NOTE: For example, a Person has made an application to .au Domain Administration for review of a Registrar’s decision to cancel a licence. The licence cancellation process has commenced and is midway through the cancellation cycle. The cancellation cycle will be temporarily placed on hold until .au Domain Administration makes a decision.
3.5.10 .au Domain Administration may at its sole discretion not accept an application for review that is frivolous, vexatious, or not made in good faith.
Outcome of review
3.5.11 .au Domain Administration must make a decision within 28 days of receiving a valid application for review, unless .au Domain Administration has notified the Person of a revised time frame for making the decision.
3.5.12 After reviewing the decision made by the Registrar, .au Domain Administration may:
- affirm the decision;
- vary the decision;
- revoke the decision; or
- remit a decision to the Registrar for reconsideration.
3.5.13 .au Domain Administration must, as soon as practicable after making a decision under paragraph 3.5.12, provide written notice to the applicant of:
- the decision;
- the reasons for the decision; and
- the Person’s right to seek an internal review of a decision made by .au Domain Administration.
3.5.14 If .au Domain Administration affirms a Registrar’s decision, .au Domain Administration must remove the hold placed on the actions of the Registrar.
NOTE: For example, a licence has a 14 day cancellation period before it is purged from the Registry data. .au Domain Administration places a hold on a cancelled licence at seven days into the cancellation period for the purpose of reviewing the Registrar’s decision. .au Domain Administration affirms the Registrar’s decision and removes the hold on the cancellation of the licence. The cancellation period will resume on day eight and the licence will be purged six days after the hold is removed.
3.6 REVIEW OF .au DOMAIN ADMINISTRATION DECISION
3.6.1 A Person affected by a decision made by .au Domain Administration may apply for an internal review of that decision by .au Domain Administration.
3.6.2 A decision made by .au Domain Administration includes a review of a decision of the Registrar made under paragraph 3.5.
3.6.3 An application relating to a decision by .au Domain Administration to cancel a licence (other than a suspension or cancellation subject to the public interest test under Section 2.17 of these .auDA Rules), must be lodged with the .au Domain Administration within 48 hours of the time the decision was made and communicated to the Person.
3.6.4 For all other cases, the application must be lodged with the .au Domain Administration within 28 calendar days of the date of the decision.
.au Domain Administration Review Officer
3.6.5 An application for the review of an .au Domain Administration decision to suspend or cancel a licence must be reviewed by a person who:
- was not involved in making the decision which is being reviewed; and
- occupies a position in .au Domain Administration which is senior to the Person who made the decision which is the subject of review.
Form of Application
3.6.6 The application for review must:
- provide the name and contact details of the Person seeking the review;
- attach the original complaint as submitted to .au Domain Administration;
- attach the written decision of .au Domain Administration;
- attach any correspondence from .au Domain Administration or the Registrar regarding the suspension or cancellation of a licence (if applicable);
- attach the written reasons for that decision as made by .au Domain Administration;
- set out the Person’s reasons for making the application;
- set out the remedies which the Person is seeking; and
- be in the approved form as specified by .au Domain Administration.
Receipt of Application
3.6.7 .au Domain Administration will acknowledge receipt of an application for an internal review of a .au Domain Administration decision within one business day.
3.6.8 If the application meets the requirements specified in paragraph 3.6.7, the .au Domain Administration Review Officer must place on hold any actions taken by .au Domain Administration, until the internal review is completed.
3.6.9 The .au Domain Administration Review Officer must advise the Person making the application, a date for when the internal review will be completed.
3.6.10 .au Domain Administration may at its sole discretion not accept an application for an internal review that is frivolous, vexatious, or not made in good faith.
3.7 OUTCOME OF RECONSIDERATION
3.7.1 After reconsidering the decision made by .au Domain Administration, the Person may:
- affirm the decision;
- vary the decision; or
- revoke the decision.
3.7.2 .au Domain Administration must, as soon as practicable after making a decision under paragraph 3.7.1, provide written notice to the applicant of:
- the decision;
- the reasons for the decision; and
- the Person’s right of appeal to the Licence Review Panel to have the decision reviewed.
3.7.3 A Person affected by and dissatisfied with the final decision of .au Domain Administration may apply for an external review of the decision by the Licence Review Panel under paragraph 3.8 of these .auDA Rules.
3.8 EXTERNAL REVIEW
3.8.1 A Person affected by a decision made by .au Domain Administration may apply for external review of that decision by the Licence Review Panel.
3.8.2 A Person must not apply for external review of a decision of .au Domain Administration unless an internal review of the decision has been completed under paragraph 3.6 of these .auDA Rules.
3.8.3 Any decision made by .au Domain Administration under paragraph 2.17 of these Licensing Rules (the ‘Public Interest Test’) cannot be the subject of an external review under paragraph 3.8.1 of these Licensing Rules.
3.8.4 A Person must make an application for external review within 10 calendar days after a decision is made by .au Domain Administration under paragraph 3.7 of these auDA Rules.
Form of Application
3.8.5 The application for external review must:
- provide the name and contact details of the Person seeking the review;
- attach the original complaint as submitted to .au Domain Administration;
- attach the written decision of .au Domain Administration;
- attach any correspondence from .au Domain Administration or the Registrar regarding the suspension or cancellation of a licence (if applicable);
- attach the written reasons for that decision as made by .au Domain Administration under paragraph 3.7.2 of these Licensing Rules;
- set out the Person’s reasons for making the application;
- set out the remedies which the Person is seeking; and
- be in the approved form as specified by .au Domain Administration.
3.8.6 A Person must pay the external review fee within three business days of .au Domain Administration acknowledging receipt of application.
3.8.7 If a Person fails to pay the external review fee in accordance with paragraph 3.8.6, the application will lapse.
3.8.8 .au Domain Administration will publish the fee for external review on the .au Domain Administration website.
Receipt of Application
3.8.9 .au Domain Administration will acknowledge receipt of the application for external review within seven calendar days.
3.8.10 If the application complies with the requirements of paragraph 3.8.5, .au Domain Administration must:
(a) place on hold any actions taken by .au Domain Administration; and
(b) prevent the licence from being updated, transferred or deleted;
until the Licence Review Panel makes a decision in respect of the application.
3.8.11 .au Domain Administration must provide the application to the Licence Review Panel within three calendar days of the receipt of the application.
Licence Review Panel
3.8.12 .au Domain Administration may appoint Persons with appropriate qualifications or experience to the Licence Review Panel, from time to time.
3.8.13 A Person appointed to the Licence Review Panel may also perform the role and functions of the Registrant Review Panel under the Registrant Review Panel Policy.
3.8.14 The following Persons are not eligible to be appointed to the Licence Review Panel:
(a) a director or employee of, or consultant to .au Domain Administration; and
(b) a director or employee of, or consultant to, a Registrar.
3.8.15 A Person is appointed to the Licence Review Panel for a period of up to three years, which may be extended by .au Domain Administration for an additional term with the agreement of the Panel member.
3.8.16 .au Domain Administration will publish a list of Licence Review Panel members on its website
3.8.17 .au Domain Administration will assign an application to a Panel member on a rotational basis.
NOTE: For example, If Panel member A is assigned a matter, then Panel member B will be assigned the next application for external review, and so on.
3.8.18 The Panel member must review the decision based on the material before them, and may not take into consideration any information, or document that was not provided to .au Domain Administration at the time of making the reviewable decision.
3.8.19 A Panel member may:
(a) affirm the decision
(b) set aside the decision and
(i) make a decision in substitution or
(ii) remit the matter for reconsideration by .au Domain Administration
3.8.20 A Panel member must make a decision and provide written reasons for that decision to the Person and .au Domain Administration within 10 calendar days of being appointed to review that decision.
3.9 RIGHTS OF APPLICANT
3.9.1 Part 3 of these auDA Rules does not prohibit a Person from pursuing a course of action under Australian law in regard to a complaint made to a Registrar or .au Domain Administration.
3.9.2 Any initiation of a legal proceeding by a Person in regard to a complaint applicable under Part 3 of these auDA Rules, will:
- bar the bringing of a complaint under Part 3;
- cease any proceedings which have been commenced by the Person under Part 3;
- bar the revival of any complaint previously brought under Part 3 but was not resolved because of the legal proceedings in respect to that complaint.
PART 4 AMENDMENTS AND TRANSITIONAL PROVISIONS
4.1 OVERVIEW
|
The following is an overview of this Part:
|
4.2 AMENDMENT TO THE auDA Rules AND LICENCE TERMS AND CONDITIONS
4.2.1 .au Domain Administration has the power to:
- amend the auDA Rules; and
- amend licence terms and conditions;
from time to time.
4.2.2 .au Domain Administration must not amend Schedule A of these auDA Rules without consultation with the appropriate education bodies and the .edu.au Registrar.
4.2.3 Any finalised amendments made under paragraph 4.2.1 will be publicly available on the .au Domain Administration website (www.auda.org.au) at least 21 calendar days before the amendments come into effect.
4.2.4 In circumstances where an amendment is required to:
- protect the integrity, stability or utility of the .au domain; or
- prevent licences being issued for abusive or speculative reasons;
then the 21 calendar day notice period as specified in paragraph 4.2.3 will not be applicable.
4.2.5 The amended auDA Rules or licence terms and conditions, will be those that apply to a licence when:
- the licence was issued; or
- the licence was renewed.
4.3 TRANSITIONAL ARRANGEMENTS
4.3.1 These auDA Rules (Licensing) will apply to a Person where that Person has:
- applied for a licence; or
- renewed a licence; or
- transferred a licence;
on or after the commencement date specified in paragraph 1.2.1.
4.3.2 A Person whose licence was issued or renewed prior to commencement date as specified by paragraph 1.2.1, will be subject to the auDA Published Policies in existence at that date.
NOTE: For example, a person whose licence was issued by .au Domain Administration on 10 April 2017 will be subject to the Domain Eligibility and Allocation Policy rules for Open 2LDs (2012-04).
SCHEDULE A
PART 1 INTRODUCTION
1.1 This Schedule specifies the eligibility and allocation criteria which a Person must satisfy when applying for a licence in the edu.au namespace and child zones.
1.2 Definitions
In this Schedule:
Association means an incorporated association formed within the limits of an Australian State or Territory, or an Australian external territory whose members comprise education and training entities, teachers and other education and training professionals, parents or students.
Body Serving Overseas Students means a Person providing education and training services to overseas students in Australia and which appears in the Commonwealth Register of Institutions and Courses for Overseas Students.
Child Zones means the following: act.edu.au, nsw.edu.au, nt.edu.au, qld.edu.au, sa.edu.au, tas.edu.au, vic.edu.au or wa.edu.au, catholic.edu.au, eq.edu.au, education.tas.edu.au and schools.nsw.edu.au.
Education and Care Services (Child Care) Provider means a Person providing an education and care service (child care) registered or accredited by the relevant State or Territory Government authority and which appears in the Australian Children’s Education & Care Quality Authority registry.
Eligible Referee means a Person that is:
- eligible for and that currently holds a licence in the edu.au namespace or one of its Child Zones; and
- not a related entity, as defined by the Corporations Act 2001, to the Person applying for a licence.
Entity Delivering Non-Accredited Training means an entity that is providing training services for which there is no appropriate government registration or accreditation authority and where no qualification or award under the Australian Qualifications Framework is being offered, including tutoring services and some industry based or industry specific training.
Entity Not Otherwise Listed means an entity that operates in the education and training sectors, but does not fall within one of the other education or training entity types listed or an entity that provides approved services on behalf of another education or training entity, including university residential colleges, or English Language Intensive Courses for Overseas Students providers operating under entry arrangements.
Generic Education and Training Terms means terms that are deemed to be in common use within the education and training sector and/or that would, if registered, provide an unreasonable advantage to the licence holder over other entities that may offer the same or similar services, including references to course names, types of education and training, education and training faculties, staff or students.
Government Body means a Commonwealth, State or Territory Government entity, a statutory body or a company that is wholly government owned.
Government School means a school that is conducted by or on behalf of the government of a State or Territory.
Higher Education Institution means an entity:
- established under a Commonwealth, State or Territory Act; or
- approved to provide higher education by the Tertiary Education Quality and Standards Agency (or other relevant Commonwealth, State or Territory Accreditation Agency).
Industry Organisation means an organisation that represents a sector of the Australian economy.
National Interests and Responsibilities means:
- having been established by, being responsible for or administering a project, program or initiative of a Commonwealth entity;
- having a primary function of contributing to the development of or conducting research relating to the Australian Curriculum;
- representing other Persons that have the same interests and objectives nationally;
- being a partnership between or consortium of entities in multiple States and Territories;
- having stakeholders or membership comprised of entities in multiple States and Territories; or
- being an Australian University.
However, international delivery of education services does not qualify as a national interest or responsibility.
Name of the Person means the legal name, business name, trading name, or registered trademark of a Person, or the name of a partnership of which the Person is a member, and as is recorded with the appropriate government education or training authority where required, or otherwise where recorded in a government registry.
Non-Government School means a school, other than a Government School, registered by the relevant State or Territory Government authority.
Peak Body means a not for profit entity that represents other Persons that have the same interests and objectives within a State or Territory or nationally.
Person means:
- a Commonwealth, State or Territory Minister;
- a Commonwealth, State or Territory statutory authority;
- a Commonwealth entity;
- an Australian company;
- a Registrable Body;
- an Association;
- an indigenous corporation;
- a Registered Organisation under the Fair Work (Registered Organisations) Act 2009 (Cth);
- an Incorporated limited partnership under State or Territory legislation;
- a cooperative under State or Territory legislation, and which appears on the State or Territory register of cooperatives; or
- a natural person who is 18 years or older.
Pre-school means a Person that is registered or accredited by the relevant State or Territory Government authority to provide a pre-school service.
Registered Training Organisation means a Person registered as a training organisation with the:
- Victorian Registration and Qualifications Authority;
- Training Accreditation Council Western Australia; or
- Australian Skills Quality Authority; and
recorded in the National Register on Vocational Education and Training.
Registrable Body means a registrable Australian body or foreign company under the Corporations Act 2001 (Cth).
Related Services means services specific to and within the education and training sector, and does not include general services such as supplies, or technology, referral, administrative or financial services that may be used by or be offered to education and training entities.
PART 2: ELIGIBILITY AND ALLOCATION CRITERIA
2.1 A Person applying for licences in the edu.au namespace or any of its Child Zones must be a recognised education or training entity operating as:
- a Government School;
- a Non-Government School;
- a Pre-school;
- a Registered Training Organisation;
- a Higher Education Institution;
- an Education and Care Services (Child Care) Provider;
- a Body Serving Overseas Students;
- a Government Body;
- an Industry Organisation / Peak Body;
- a research organisation;
- an Association;
- an Entity Delivering Non-Accredited Training; or
- an Entity Not Otherwise Listed.
2.2 The domain name applied for must be:
- an exact match to the Name of the Person;
- be substantially and closely connected to the Name of the Person;
- an acronym or abbreviation of the Name of the Person; or
- the name of or a name with a semantic relationship to the name of a project or program which the Person is the owner or principal administrator.
2.3 The domain name applied for must not:
- be comprised of only Generic Education and Training Terms;
- be a personal name, except where the personal name is that of the Person;
- contain obscene or offensive language;
- express a value judgement or political message; or
- otherwise be deemed to compromise the reputation or effective operation of edu.au namespace or any of its Child Zones.
2.4 The domain name applied for must satisfy any eligibility and allocation criteria for the namespace or Child Zones being applied for as specified in paragraphs 2.8 to 3.5 of Schedule A.
2.5 Where there is a relevant government education or training authority, the Person applying must be accredited or registered with, or otherwise endorsed by, that authority.
2.6 Where there is no relevant government education or training authority, the Person applying must submit a written warranty in a form provided by the Registrar, that they have a primary function of providing in Australia:
- education;
- training;
- education and training research; or
- Related Services.
2.7 The warranty must be supported by two Eligible Referees and where the Person applying is affiliated or has a contractual relationship with an accredited or registered entity for the delivery or education and training, one reference must be from that entity.
edu.au namespace
2.8 A Person applying for a licence in the edu.au namespace (at the third level) must:
- be delivering education or training services in more than one State or Territory;
- have National Interests and Responsibilities; or
- be applying for the name of or a name with a semantic relationship to the name of a project or program operating in more than one State or Territory or that has National Interests and Responsibilities.
2.9 Where the requirements in paragraph 2.8 of Schedule A cannot be verified by the Registrar via a government education or training authority or a government registry, the Person applying must submit a written warranty in a form provided by the Registrar and be supported by two Eligible Referees.
State and Territory (open) Child Zones
3.1 A Person applying for a licence in the act.edu.au, nsw.edu.au, nt.edu.au, qld.edu.au, sa.edu.au, tas.edu.au, vic.edu.au or wa.edu.au Child Zones (at the fourth level) must be:
- based in the corresponding State or Territory;
- delivering education or training services in the corresponding State or Territory; or
- applying for the name of or a name with a semantic relationship to the name of a project or program operating in the corresponding State or Territory.
Sector or jurisdiction specific (closed) Child Zones
3.2 A Person applying for a licence in the catholic.edu.au child zone must be:
- operating within the Australian Catholic education sector; or
- approved by the National Catholic Education Commission.
3.3 A Person applying for a licence in the eq.edu.au child zone is subject to approval by the Queensland Government Department responsible for education in that State.
3.4 A Person applying for a licence in the education.tas.edu.au child zone is subject to approval by the Tasmanian Government Department responsible for education in that State.
3.5 A Person applying for a licence in the schools.nsw.edu.au child zone is subject to approval by the New South Wales Government Department responsible for education in that State.
SCHEDULE B – FORM
Standard Transfer Confirmation Message
DOMAIN NAME TRANSFER – REQUEST FOR CONFIRMATION
Attention: <insert Registrant contact name>
Re: Transfer of <insert domain name>
The current registrar of record for this domain name is <insert name of losing registrar>
We have received a request from <insert name of Person requesting transfer> for us to become the new registrar of record.
You have received this message because you are listed as the Registrant contact for this domain name in the WHOIS database.
Please read the following important information about transferring your domain name:
- You must agree to enter into a new Licence Agreement with us. You can review the full terms and conditions of the Agreement at <insert URL>
- Once you have entered into the Agreement, the transfer will take place within two calendar days.
- The transfer will not change the expiry date of your domain name, which is <insert expiry date>.
If you wish to proceed with the transfer, please contact us <insert gaining registrar contact details> with the following message:
“I confirm that I have read the Domain Name Transfer – Request for Confirmation Message.
I confirm that I wish to proceed with the transfer of <insert domain name> from <insert name of losing registrar> to <insert name of gaining registrar>.”
SCHEDULE C – FORM
Standard Transfer Audit Message
DOMAIN NAME TRANSFER
Attention: <insert Registrant contact name>
Re: Transfer of <insert domain name>
We are the current registrar of record for this domain name.
We received notification on <insert date of notification> that you have requested a transfer to <insert name of gaining registrar>. This means that <insert name of gaining registrar> will become the new registrar of record for your domain name on <add two days to date of notification>.
If you have authorised this transfer, you are under no obligation to respond to this message.
If you did not authorise this transfer, please contact us <insert losing registrar contact details>.
SCHEDULE D – FORM
WHOIS FIELDS FOR .AU LICENCES
| Field Name | Field Description |
| Domain Name | Registered domain name |
| Last Modified | Date the domain name record was last modified (includes renewal, transfer and update) |
| Status | Status of the domain name (e.g. “OK”, “pendingTransfer”, “pendingDelete”) |
| Registrar Name | Name of the registrar of record |
| Reseller Name | Name of the recorded reseller (if applicable) |
| Registrant | Legal name of the Registrant entity (e.g. company name) |
| Registrant ID | ID number associated with the Registrant entity, if any (e.g. ACN for company) |
| Eligibility Type | Registrant’s eligibility type (e.g. “Company”) |
| Eligibility Name | Name used by the Registrant to establish eligibility, if different from their own legal name (e.g. registered business name or trademark) |
| Eligibility ID | ID number associated with the name used by the Registrant to establish eligibility (e.g. BN for registered business name, TM number for registered trademark) |
| Registrant Contact ID | Registry code used to identify the Registrant |
| Registrant Contact Name | Name of a contact Person for the Registrant |
| Registrant Contact Email | Contact email address for the Registrant |
| Tech Contact ID | Registry code used to identify the technical contact |
| Tech Contact Name | Name of a technical contact for the domain name (e.g. Registrar, reseller, webhost or ISP) |
| Tech Contact Email | Contact email address for the technical contact |
| Name Server | Name of computer used to resolve the domain name to Internet Protocol (IP) numbers (minimum of two name servers must be listed) |
| Name Server IP | IP number of the name server |
| DNSSEC | DNSSEC status (whether the domain name is signed or unsigned) |
.au Domain Administration Rules: Registrar
Board Approval Date: 1 July 2020
Status: Approved (Commencement date to be confirmed)
Download PDF: .au Domain Administration Rules: Registrar
Part 1 – Introduction
|
The following is an overview of this Part:
|
1.1.1 These .au Domain Administration Rules (auDA Rules) have been made by .au Domain Administration Limited (ABN 38 079 009 340) (.au Domain Administration) in its capacity as the administrator of, and Australian self-regulatory policy body for the .au country code Top Level Domain.
1.1.2 A registrar must comply with the auDA Rules (Registrar and Licensing), as amended from time to time by .au Domain Administration, as if they were incorporated into and form part of the:
- auDA Registrar Agreement between .au Domain Administration and the Registrar; and
- the Licence Agreement between the Registrant and Registrar.
1.1.3 If there is an inconsistency between the auDA Rules and the auDA Registrar Agreement, then the auDA Rules will prevail to the extent of that inconsistency.
1.2 COMMENCEMENT
1.2.1 These auDA Rules will commence on [to be confirmed].
1.3 OBJECTS
1.3.1 The main object of these auDA Rules when read together with the auDA Rules (Licensing) is to provide for a licensing regime which:
- ensures that the .au domain is administered in the public interest;
- is accessible and responsive to the needs of the Australian community;
- promotes the efficiency and competitiveness of Registrar services; and
- promotes consumer protection and fair trading.
1.3.2 The other objects of these auDA Rules when read together with the auDA Registrar Agreement are to:
- establish minimum standards for the provision of Registrar services;
- ensure Registrants receive accurate, timely, and consistent information about the process for renewing or transferring a licence;
- ensure accuracy and reliability of the Registry Data; and
- promote public confidence and trust in the .au domain.
1.4 DEFINITIONS
In these auDA Rules:
.au ccTLD means the .au country code Top Level Domain for Australia.
.au Domain Administration Limited (ABN 38 079 009 340) means the licensing body for .au Namespaces.
auDARegistrar Agreement means an agreement between .au Domain Administration and a Registrar accredited by .au Domain Administration to provide Registrar Services.
ABN (Australian Business Number) means an entity’s ABN as specified in the Australian Business Register.
Acronym means an abbreviation formed from the initial letters of other words and pronounced as a word.
Association means an incorporated or unincorporated association formed within the limits of an Australian State or Territory or an Australian external territory.
Australian presence means:
- an Australian citizen or an Australian permanent resident visa holder;
- a company registered under the Corporations Act 2001(Cth);
- a Registrable Body means a registrable Australian body or a foreign company under the Corporations Act 2001 (Cth) which has an Australian Registered Body Number (ARBN);
- an Incorporated Association under State or Territory legislation;
- an entity issued with an Australian Business Number under the A New Tax System (Australian Business Number) Act 1999(Cth);
- an Indigenous Corporation registered under the Corporations (Aboriginal and Torres Strait Islander) Act 2006(Cth) on the Register of Aboriginal and Torres Strait Islander Corporations;
- a Registered Organisation that is:
(a) an association of employers;
(b) an association of employees (union); or
(c) an enterprise association;registered under the Fair Work (Registered Organisations) Act 2009(Cth) and which appears on the Register of Organisations; - a Cooperative registered under State or Territory legislation and which appears on the State or Territory register of cooperatives;
- a Charity registered under the Australian Charities and Not-for-Profits Act 2012(Cth), and which appears on the Australian Charities and Not-for-Profits Commission’s Charities and Not-for-Profits Register;
- a Political Party registered under the Commonwealth Electoral Act 1918 (Cth) or State or Territory Electoral Act and which appears on the Register of Political Parties or as otherwise named;
- a Partnership under the relevant Australian State or Territory law where at least one of the partners are Australian citizens or permanent resident visa holders or an Australian body corporate;
- an Unincorporated Association formed in an Australian State or Territory with at least its management committee being Australian citizens or permanent resident visa holders;
- a Trust where the trustee must be an Australian citizen or the trustee is an Australian body corporate;
- an Educational Institution regulated under an Australian State, Territory or Commonwealth law;
- Government, being either the Crown or a Commonwealth, State or Territory statutory agency;
- a Commonwealth entity as defined in section 10 of the Public Governance, Performance and Accountability Act 2013(Cth);
- the applicant or owner of an Australian Trade Mark can rely upon that application or registration to establish an Australian presence, but only in respect of a domain that is an exact match of the words which are the subject of the Australian Trade Mark.
Business name means a name used or to be used, in relation to a business and is recorded on the Business Names Register established under the Business Names Registration Act 2011 (Cth).
Cooling off period means three calendar days commencing immediately after a Person enters into a Licence Agreement.
DNS means the Domain Name System which converts alphabetic names into numeric Internet Protocol addresses.
Exact match means that the information provided by the Person is identical to the information contained in the record of Reliable and Independent Electronic Data or valid identity document.
Domain name means a unique identifier consisting of a string of alphanumerical characters registered in a Namespace and recorded in WHOIS data.
Foreign company means a company incorporated outside Australia and which is registered with the Australian Securities and Investment Commission to carry on business in Australia.
Legal name means the name that appears on all official documents or legal papers.
NOTE: For example, a natural Person’s legal name is the name that appears on their Birth Certificate or Change of Name Certificate (Deed Poll).
Licence means a non-exclusive, non-transferable, revocable licence issued by .au Domain Administration to a Person to use the Domain Name System (DNS) with a unique identifier of their choice.
Licence Agreement means an agreement to be entered into, or renewed, between the Registrar and each Registrant which sets out the terms on which the Registrant is granted a Licence.
Licence fee means a fee paid by the Registrant which incorporates two components:
- a wholesale amount charged by the Registry Operator; and
- a retail amount charged by the Registrar.
Licence period means a period of 1, 2, 3, 4 or 5 years.
Namespaces means the following: .au, .com.au, net.au, org.au, asn.au, id.au, sa.au, wa.au, nt.au, qld.au, nsw.au, vic.au, tas.au, act.au, edu.au and edu.au child zones or as varied from time to time by .au Domain Administration.
Person means:
- a Commonwealth, State or Territory Minister;
- a Commonwealth, State or Territory statutory authority;
- a Commonwealth entity as defined in section 10 of the Public Governance, Performance and Accountability Act 2013(Cth);
- a company registered under the Corporations Act 2001(Cth);
- a Registrable Body means a registrable Australian body or a foreign company under the Corporations Act 2001 (Cth) which has an Australian Registered Body Number (ARBN);
- an Incorporated Association under State or Territory legislation;
- an Indigenous Corporation registered under the Corporations (Aboriginal and Torres Strait Islander) Act 2006(Cth) on the Register of Aboriginal and Torres Strait Islander Corporations;
- a Registered Organisation under the Fair Work (Registered Organisations) Act 2009(Cth);
- an Incorporated limited partnership under State or Territory legislation;
- a Cooperative under State or Territory legislation, and which appears on the State or Territory register of cooperatives;
- a Natural Person who is 18 years or older; or
- Foreign legal entity
A Person does not include a privacy or proxy service.
Personal information has the same meaning as in section 6 of the Privacy Act 1988 (Cth).
Published Policies means policies, rules and any other document as approved by the .au Domain Administration Board, which are published on the .au Domain Administration website.
NOTE: For example, these auDA Rules are Published Policies
Registrable body means a registrable Australian body or foreign company under the Corporations Act 2001 (Cth).
Registrant means the holder of a Licence, as recorded in the Registry Data at the relevant time.
Registrar means a Person that is:
- accredited by .au Domain Administration as a Registrar; or
- authorised by .au Domain Administration to process Registry Data on behalf of Registrants in regard to a particular Namespace.
Registrar Services means any and all services to be provided by the Registrar in respect of Registry Data, .au ccTLD and any other Designated Namespaces as prescribed, or otherwise authorised, by auDA under the terms of this Agreement, which includes the following:
(a) applying to the Registry for Licences in respect of Designated Namespaces on behalf of a person;
(b) providing all associated services to Registrants, including services related to the maintenance, delegation, creation, transfer, modification, renewal and cancellation of Licences and/or Licence Agreements and the administrative management of all related information (including Registrant details);
(c) checking and validating all Information provided for Registrants and Licence Applications to ensure such applicants and applications comply with, and satisfy, all relevant criteria prescribed in the auDA Registrar Agreement, auDA Rules (Licensing) and other Published Policies; and
(d) any other services, reasonably required, or contemplated, by the Published Policies in order to assist with, and provide for, the efficient management of the .au ccTLD in accordance with the auDA Registrar Agreement;
Registry data means all data maintained in electronic form in the Registry, including:
- Registrant contact information;
- technical and administrative contact information;
- WHOIS data;
- all other data submitted by Registrars in electronic form; and
- any other data concerning particular registrations or nameservers maintained in electronic form in the Registry data base.
Registry Operator means a Person who has been accredited or licensed by .au Domain Administration to maintain a Registry or to provide registry services in relation to the Registry.
Reserved name means a name which is withheld from the DNS and is not available for registration by any Person, except in certain circumstances.
Restoration fee means the fee charged by the Registrar and Registry Operator to restore a cancelled licence by the Registrant.
NOTE: For example, a Person cancels their licence but has a change of mind. The Person can request the Registrar to restore the licence.
Transfer means:
- between registrants – a novation of the transferor registrant’s licence and a new licence agreement being entered into by the person to whom the licence has been transferred;
- between registrars – a novation of the registrant’s licence agreement with the transferor registrar and a new licence agreement being entered into by the registrant with the transferee registrar.
Unique Identifier means an alphanumerical string that comprises a unique identifier, commonly referred to as a ‘domain name.’
Validation means that the details provided by a Person making a licence application, are an exact match to the record of Reliable and Independent Electronic Data or valid identity document.
WHOIS data means an extract of the domain Namespace data which is made available to the public through a WHOIS service provided by the Registry Operator.
Writing includes the recording of words or data in any way (including electronically) or the display of such by any form of communication if at the time of recording it was reasonable to expect that the words or data would be readily accessible so as to be useable for subsequent reference.
PART 2 LICENCES
2.1 OVERVIEW
|
The following is an overview of this Part which includes specifying the:
|
2.2 REGISTRAR SERVICES
2.2.1 A Registrar must not provide Registrar services to a Person, unless that Person or their agent has made an application for or requested the renewal of a licence.
2.3 LICENCE APPLICATIONS
2.3.1 A Registrar must not submit an application for a licence to the Registry or renew a licence, unless the Registrar is satisfied that:
- the identity of the Person has been validated;
- the Person has a legitimate Australian Presence;
- the Person satisfies all applicable eligibility and allocation rules for a licence in the relevant Namespace; and
- the domain name is available.
2.3.2 A Registrar is only required to validate the identity and Australian Presence of a Person where:
- the person makes an application for a licence; or
- renews a licence for the first time; or
- transfers a licence;
after the commencement date of the auDA Rules (Licensing).
Contractual capacity
2.3.3 The Registrar must:
- ensure that the applicant is a Person at the time of entering into a Licence Agreement, including when renewing a licence; and
- reject the application if the requirement at sub-paragraph 2.3.2(1) is not fulfilled.
NOTE: A Person must have contractual capacity to enter into a Licence Agreement. For example, A company will not have contractual capacity to enter into a Licence Agreement where the company has been deregistered.
2.4 VALIDATION REQUIREMENTS
Information Validation
2.4.1 The Registrar must collect the information directly from a Person or an agent making an application for a licence under paragraph 2.2.2 of the auDA Rules (Licensing).
2.4.2 Where a Person is using an agent to make an application for a licence, then the Registrar must collect and validate the information of that Person rather than the information of the agent.
2.4.3 A Registrar must validate the information provided by a Person in applying for a licence, to establish:
- the identity of the Person; and
- that the Person has a legitimate Australian presence.
2.4.4 A Registrar must validate the following minimum information in respect to the Person:
- legal name;
- address for service; or
- residential address if the Person is a Natural Person; and
- email address; or
- telephone number; or
- identifier issued by an Australian, State or Territory Government authority
using Reliable and Independent Electronic Data or valid identity documents.
2.4.5 A Registrar may rely on the validation of the information specified in paragraph 2.4.4, to satisfy the Australian presence requirement, where the record of Reliable and Independent Electronic Data or valid identity document is proof of Australian presence.
NOTE: If the Person is a company and the Registrar uses the Australian Securities and Investment Commission register of companies to validate the identity of the Person, then the Registrar may rely on that validation as proof of Australian presence.
Specified Reliable and Independent Electronic Data
2.4.6 Pursuant to subclause 7(1)(f) of the Registrar Agreement, the following are specified Reliable and Independent Electronic Data:
- the IP Australia’s Trade Mark database where a Person is an applicant for or owner of a registered Australian Trade Mark.
2.4.7 With the exception of paragraph 2.4.6, a Registrar must validate the identity and Australian Presence of a Person in accordance with the Registrar’s approved Validation Plan.
Specified Identity Documents
2.4.8 Pursuant to subclause 7(1)(f) of the Registrar Agreement, the following are specified identity documents:
- Australian Driver Licence issued by a State or Territory Government authority
- Australian Passport
- Australian Shooter or firearm licence
- Australian Security Licence
- Australian Birth Certificate
- Australian permanent resident visa
- Australian Citizen Certificate
- Australian Certificate of Registration by Descent
Requirement for Exact Match of identification details
2.4.9 The Registrar must:
- ensure that the details provided by the Person are an exact match to that contained in a Reliable and Independent Electronic data record or valid identity document; and
- reject the application if there is no exact match as specified in sub-paragraph 2.4.9(1).
2.4.10 A Registrar must provide a Person with a reason for rejecting the application under paragraph 2.4.9 (2).
2.5 NAMESPACE ELIGIBILITY AND ALLOCATION
2.5.1 The Registrar, before submitting a licence application to the Registry, must be satisfied that, in addition to paragraph 2.4.3:
- (1) the Person is eligible for a licence in the Namespace applied for; and
- (2) the domain name can be allocated to the Person.
2.5.2 Where a Registrar is not satisfied that the Person is eligible for a licence in a Namespace or the domain name applied for, then the Registrar must reject the application.
2.5.3 A Registrar may rely on the validation of the identity and Australian Presence of a Person under paragraph 2.4.4, where the Reliable and Independent Electronic Data record or valid identity document is proof of matters relating to eligibility and/or allocation of a domain name in a Namespace.
2.5.4 A Registrar may rely upon a Person’s warranty that a domain name can be allocated to them under paragraphs 2.6.2, 2.4.4(2) (f), 2.4.5(2)(a), 2.5.6 (2)(a), and 2.4.7(2)(c) of the auDA Rules (Licensing).
2.5.5 A Registrar must not approve an application for a licence, where the Registrar believes or suspects that the warranty provided under paragraph 2.5.4 is untrue.
2.6 VALIDATION PLAN
2.6.1 A Registrar must have an approved Validation Plan within six months of the commencement date of the auDA Registrar Agreement.
2.6.2 The Validation Plan must provide at a minimum the following:
- the Registrar’s legal name
- the contact names, telephone numbers and email addresses of senior personnel responsible for maintaining and implementing the Validation Plan
- where the Registrar is relying on Reliable and Independent Electronic Data:a) a statement as to why the Registrar has determined the Reliable and Independent Electronic Data is appropriate for the purpose of paragraph 2.4.3, having regard to the matters set out in subclause 7(1)(e) of the auDA Registrar Agreement
b) the name and address of the party providing the Reliable and Independent Electronic Data
c) the process for resolving inconsistencies between Reliable and Independent Electronic Data, such as the IP address of the Person being inconsistent with information relating to their Australian Presence
d) if and how the Reliable and Independent Electronic Data will be used for determining a Person’s eligibility for a Namespace
e) any other matter that may materially affect the decision of .au Domain Administration to approve the Validation Plan - where a Registrar relies on valid identity documents:(a) the process for collecting or recording the valid identity document
(b) the threshold at which the Registrar is satisfied that the identity and the Australian presence of a Person has been validated.
2.6.3 A Registrar must ensure that its employees, contractors and subcontractors comply with the Validation Plan when providing Registrar services.
2.7 RESERVED NAMES
Procedure for applications – using a reserved name
2.7.1 A Registrar must not accept an application for a reserved name, unless:
- the Person is a statutory authority for whom the name has been restricted for their use;
- the Person has Ministerial consent to use the name; or
- the Person is not captured by the relevant prohibition.
2.7.2 If the circumstances specified in paragraph 2.7.1 apply, then the Registrar must collect and submit to .au Domain Administration the following documentation:
- name restricted for the use of a statutory authority: evidence that the Person is that statutory authority;
- Ministerial consent: a copy of that Ministerial consent;
- Person not captured by the relevant prohibition: a statutory declaration specifying why the prohibition does not apply to that Person.
2.7.3 In respect to paragraph 2.7.2, a Registrar must:
- warrant to .au Domain Administration that the identity of the Person applying to use a reserved name has been validated; and
- not submit to .au Domain Administration any document which it suspects or believes on reasonable grounds to be untrue.
2.7.4 .au Domain Administration reserves the right to take action against the Registrar under the auDA Registrar Agreement, if the warranty made by the Registrar pursuant to subparagraph 2.7.3(1), is untrue, inaccurate or incomplete.
Procedure for applications – notification by .au Domain Administration
2.7.5 Notification to the Registrar as to whether the Person may use a reserved name, will be provided by .au Domain Administration within seven calendar days of the receipt of the written documentation supplied by the Registrar pursuant to paragraph 2.7.2.
2.7.6 If .au Domain Administration is satisfied that the Person can use a reserved name, then both the Registrar and the Registry will be notified by .au Domain Administration that the licence application by the Person can be accepted.
2.8 COLLECTION, USE AND DISCLOSURE
Personal information
2.8.1 A Registrar must inform the Person applying for a licence:
- that their personal information is being collected, used and disclosed by .au Domain Administration, the Registry and Registrar for the purposes set out in paragraph 2.9 of the auDA Rules (Licensing); and
- of the option to use role-based descriptions for the Registrant, Administration and Technical Contact Names.
NOTE: For example, the following are role-based descriptions:
Domain Name: forexample.com.au;
Registrant Contact Name: CEO;
Registrant Contact Email: ceo@forexample.com.au;
Technical Contact Name: Domain Administrator;
Technical Contact Email: Administrator@forexample.com.au.
2.9 REGISTRANT INFORMATION
2.9.1 A Registrar must only enter into the Registry data, as appropriate, the Person’s:
- legal; or
- statutory name
and this information will describe the Registrant in the Registry data.
NOTE: For example, a natural person as Trustee for a Trust
Registrant: First Name and Last Name
Registrant ID: ABN of the trustee
Eligibility Type: Trust
Eligibility ID: ABN of the trust
A company as trustee for a Trust:
Registrant: Company Name Pty Ltd
Registrant ID: ACN or ABN of the Company Name
Eligibility Type: Trust
Eligibility ID: ABN of the Trust
2.9.2 The Registrar must include the following information in the Registry data:
| Contact Object | Information to be entered by the Registrar |
| Registrant Contact |
MANDATORY Contact person or role (e.g, ‘General Manager’) nominated by the Registrant. In the case of a Natural Person, must be the Registrant himself or herself, or the authorised agent of the Registrant. In the case of corporate Registrants, must be a principal, employee or member of the Registrant. MUST NOT be the Registrar of record or their sub-contractor |
| Technical Contact |
MANDATORY Contact person or role (e.g, ‘General Manager’) nominated by the Registrant. May be the Registrar of record or their subcontractor |
| Administrative Contact |
OPTIONAL Contact person or role (e.g, ‘General Manager’) nominated by the Registrant. May be the Registrar of record. |
| Billing Contact |
OPTIONAL Contact person or role (e.g, ‘General Manager’) nominated by the Registrant. May be the Registrar of record |
2.9.3 A Registrar must not:
- enter their details into the Registry data as Registrant, unless permitted under the ‘permissible own use’ clause of the Registrar Agreement; or
- enter any details into the Registry data, where the Registrar knows, suspects or believes that a Person has disguised or concealed the identity of the Registrant or the Registrant contact; or
- enter any data into the Registrant Contact and Technical Contact fields which could be construed as advertising, marketing, promotion or a listing of any kind.
NOTE: For example, in relation to subparagraph 2.9.3(3), ‘This domain name is for sale’ or ‘Renew your domain name at [name of provider]’.
2.9.4 A Registrar must correct within five calendar days any entries in the Registry data where the identity of the Registrant or Registrant contact has been concealed.
2.10 AUTHORISATION CODE
On Registration
2.10.1 At the time of registration, a Registrar must:
- allocate an authorisation code directly to the Registrant; and
- not allocate an authorisation code to the Registrant through any third party; and
- inform the Registrant of:
(a) the option to accept the Registrar generated authorisation code; or
(b) allow the Registrant to choose an authorisation code at the time of registration, which they may change at a later date;
(c) the importance of taking all reasonable measures to secure the authorisation code;
(d) the requirement to report to the Registrar any lost or stolen authorisation codes, or whether another person has knowledge of the authorisation code; and
(e) the obligation to keep their contact details up to date.
Form of Authorisation Code
2.10.2 An authorisation code must contain:
- between 13 and 32 characters;
- have at least one letter (a-z) and one number (0-9); and
- have no dictionary words.
Changing of Authorisation Code
2.10.3 The Registrar must not change the authorisation code without the consent of the Registrant, unless authorised to do so by .au Domain Administration in circumstances that may include:
- an actual, or suspected breach, of the Registrar’s systems; or
- where the Registrar has terminated an agreement with a subcontractor;
within two calendar days of the Registrar changing the Registrant’s authorisation code.
2.10.4 If the circumstances specified in paragraph 2.10.3 apply, then the Registrar must:
- notify the Registrant of the new authorisation code; and
- the reason why the authorisation code was changed.
2.10.5 A Registrant must change their authorisation code within two calendar days if they have transferred their licence to a new Registrar.
2.10.6 If the Registrant has not changed their authorisation code as required by paragraph 2.10.5, then the new Registrar may reset the authorisation code.
2.10.7 The new authorisation code must be provided by the Registrar to the Registrant within 24 hours of being reset under paragraph 2.10.6.
Retrieval of Authorisation Code
Procedure where Registrant contact details are accurate
2.10.8 Where the Registrant requests a copy of their authorisation code from the Registrar, then the Registrar must provide to the Registrant or the Registrant contact as specified in the Registry database, the authorisation code within two calendar days.
2.10.9 The obligation of the Registrar as specified in paragraph 2.10.8 does not apply if the Registrant has not maintained accurate contact information in the Registry.
2.10.10 The Registrar may use an automated retrieval tool for the provision of an authorisation code to a Registrant where paragraph 2.10.8 applies.
2.10.11 Paragraph 2.10.10 is only applicable if the automated retrieval tool is set by default to provide the authorisation code to the Registrant Contact as recorded in the Registry.
Procedure where Registrant contact details are inaccurate
2.10.12 In circumstances where the Registrant has not maintained accurate contact information in the Registry, then the Registrar must:
- validate the identity of the Registrant and provide the authorisation code to that Person or a representative of the Registrant, who has been nominated in writing to the Registrar; and
- provide the authorisation code within two calendar days to the Person or their nominated representative.
Accurate contact information – prior to transfer to another Registrar or Registrant
2.10.13 The Registrar must:
- advise the Registrant that they must update their contact information in the Registry prior to the making of any request for a transfer of their licence to another Registrar or Registrant; and
- not transfer a licence to another Registrar or Registrant if the contact information in the Registry is incorrect or incomplete.
2.10.14 The Registrar records relevant to the Registrant’s authorisation code must be made available for inspection, on request, by .au Domain Administration.
2.11 LICENCE TRANSFERS
Transfers – Change of Registrant
2.11.1 The Registrar must not transfer a licence from a Registrant to another Person unless:
- the Registrant is eligible to hold the licence at the date of transfer;
- the Person to whom the licence is being transferred meets the Australian presence requirement and any applicable eligibility and allocation criteria;
- the transfer request by the Registrant is in writing to the Registrar;
- the licence is not subject to any dispute resolution or court proceedings;
- the licence term has not expired;
2.11.2 A Registrar must ensure that the Person to whom the licence is transferred:
- enters into a new Licence Agreement;
- specifies the licence period; and
- pays the licence fee.
Procedure for transfer
2.11.3 To process the transfer from one Registrant to another Person, the Registrar must:
- receive from the Registrant, the approved form (Standard Text for Transfer Form) as specified in Schedule A of these auDA Rules;
- be satisfied that the transferee Registrant is eligible to hold the licence at the date of transfer;
- confirm from the current Registrant contact that there is in fact a request for a transfer to another Registrant; and
- receive any applicable transfer fee from the Registrant.
2.11.4 The Registrar must:
- transfer the licence within two calendar days of the request; and
- only do so after determining that the requirements of paragraph 2.11.3 have been satisfied.
Transfers – Change of Registrar of Record
2.11.5 A Registrar must not transfer a licence to another Registrar, unless:
- the Registrant is eligible to hold the licence at the date of the transfer;
- the transfer request is in writing from the Registrant;
- the Registrant provides a valid authorisation code for the licence; and
- the licence is not subject to any dispute resolution or court proceedings.
Procedure for transfer
2.11.6 In paragraphs 2.11.7 to 2.11.26:
- Registrar one means the Registrar which is transferring the licence to Registrar two;
- Registrar two means the Registrar to which the licence is transferred.
2.11.7 To effect a transfer to the Registry, Registrar two must:
- receive a written request for transfer from the transferor specified in paragraph 2.11.6 , which includes a valid authorisation code for the domain name;
- use the authorisation code to retrieve the full domain name record from the Registry database;
- send the approved form (Standard Transfer Confirmation Message) as specified in Schedule B of these auDA Rules, to:
(a) the Person who has requested the transfer; or, if different from that Person,
(b) to the Registrant contact listed in the Registry database; - receive a written response from the Person or Registered contact agreeing to the transfer; and
- either, enter into a new Licence Agreement for the remainder of the domain name licence period; or
- commence a new licence period if the transfer is combined with the renewal of the licence.
Procedure for Transfer – Registry Action
2.11.8 On receipt of the transfer details from Registrar two, the Registry will notify Registrar one that a transfer has been initiated.
2.11.9 After being advised by the Registry of the transfer, Registrar one may send the approved form (Standard Transfer Audit Message) as specified in Schedule C of these auDA Rules, to the contact email address of the Registrant, in order to validate that the transfer is authorised.
2.11.10 If Registrar one sends an approved form as specified in paragraph 2.11.9, then Registrar one must do so only once within two days of receiving the advice from the Registry.
2.11.11 If Registrar one is advised by the Registrant that the transfer has not been authorised, then Registrar one may lodge a complaint with .au Domain Administration under Part 3 of the auDA Rules (Licensing).
au Domain Administration Enforcement Action
2.11.12 .au Domain Administration may, in its discretion, reverse the transfer of a licence where the relevant Registrar is unable to demonstrate compliance with these auDA Rules.
2.11.13 In response to the complaint received from Registrar one, .au Domain Administration may, in its discretion:
- allow Registrar one to transfer back the domain name licence under the procedure specified in paragraph 2.11.7; or
- direct the Registry to reverse the transfer.
in order to effect the transfer.
Transfer Fees
2.11.14 Registrars which are a party to a Registrar to Registrar licence transfer must not charge any transfer fee.
2.11.15 Registrar two may charge a renewal fee for a licence transferred to them during the 90 calendar days prior to the licence expiry date.
Transfers – Bulk transfers by Registrars
Types of Bulk Transfers
2.11.16 The following bulk transfers are permitted:
- those of at least 1000 domain names for each transfer; and
- those which are authorised by .au Domain Administration.
2.11.17 The following bulk transfers are not permitted:
- where a licence is pending cancellation under the auDA Rules (Licensing);
- where a licence has expired outside the 30 day grace period for renewal as specified in paragraph 2.14.5 of the auDA Rules (Licensing); and
- bulk transfers initiated by resellers.
2.11.18 In circumstances where a licence is in the period of 90 calendar days before expiry, Registrar two may process a renewal of that licence in conjunction with the bulk transfer.
Procedure for Transfer
2.11.19 Registrar two must not initiate a bulk transfer until:
- each Registrant is notified of the bulk transfer by being sent the approved form (Standard Bulk Transfer Notification) specified in Schedule D of these auDA Rules, both at 30 calendar days and 7 calendar days before the bulk transfer will take place; and
- the Registrant has been given an opportunity to opt out of the bulk transfer by transferring their licence to another Registrar.
2.11.20 Bulk transfers initiated by Registrar two will, (subject to the requirements in paragraphs 2.11.17 and 2.11.19, as applicable), take effect within two calendar days.
Record-keeping
2.11.21 Registrar one and Registrar two must keep all records relating to a transfer.
2.11.22 The records specified in paragraph 2.11.21 must be available for inspection, on
request, by .au Domain Administration.
.au Domain Administration Enforcement Action
2.11.23 .au Domain Administration may take action under the Registration Accreditation Agreement if a Registrar is in breach of these auDA Bulk Transfer Rules.
Transfers – Caretaker Registrar of Record
2.11.24 In circumstances where the accreditation of a Registrar:
- has been cancelled by .au Domain Administration; or
- the auDA Registrar Agreement for the Registrar has been terminated by .au Domain Administration; or
- the Registry- Registrar Agreement has been cancelled by the Registry Operator; then
the licences of that Registrar will be transferred to .au Domain Administration or its nominee as the caretaker of record.
NOTE: This means that .au Domain Administration will be listed as the Registrar of record in the Registry database.
2.11.25 .au Domain Administration will notify Registrants:
- that the transfer has taken place; and
- that they should transfer their licences to another Registrar within 90 calendar days of the notification.
2.11.26 In circumstances where licences are not transferred in accordance with subparagraph 2.11.25 (2), then:
- .au Domain Administration, in its sole discretion, may transfer the licences to another Registrar; and
- this transfer may be subject to any conditions which .au Domain Administration considers appropriate.
2.12 LICENCE RENEWAL
2.12.1 The Registrar:
- may renew 90 calendar days prior to expiry; or
- during the 30 calendar days after the licence expiry date;
- but must not renew a licence if a Registrant is not eligible to hold the licence in the Namespace;
- may rely upon the warranty of the Person that they are eligible to hold the licence at the time of renewal, however, prior to the expiry of the existing licence, the Registrar must be satisfied of the matters under paragraph 2.3.1 of the auDA Rules (Licensing).
2.12.2 A Registrar must notify the Registrant Contact at least 30 calendar days prior to the expiration of the licence.
2.13 RESTORING A LICENCE
2.13.1 A Registrar may restore a licence cancelled by the Registrant under paragraph 2.15.7 of the auDA Rules (Licensing).
2.13.2 The Registrar may charge the Registrant a restoration fee.
2.13.3 A Registrar must not restore a licence that has been cancelled by a Registrant under paragraph 2.15.4 (Cooling Off Period) of the auDA Rules (Licensing), after the cooling off period ends.
NOTE: For example, the Person cancels the licence two days after entering into the Licence Agreement with the Registrar, and then after the end of the cooling off period changes their mind. A Registrar must not restore the licence, as the Person will need to make another application for the licence, subject to its availability.
2.13.4 A Registrar must not restore a licence under paragraph 2.16.10 of the auDA Rules (Licensing), unless directed by .au Domain Administration.
2.13.5 A Registrar must not charge the Registrant a fee for restoring a cancelled licence under paragraph 2.13.4
2.14 LICENCE SUSPENSION AND CANCELLATION
2.14.1 A Registrar must suspend a licence within 24 hours of becoming aware that one or more of the circumstances under paragraph 2.16.4 of the auDA Rules (Licensing) applies.
2.14.2 A Registrar must cancel a licence within 24 hours under paragraph 2.16.10 of the auDA Rules (Licensing), unless otherwise directed by .au Domain Administration.
2.14.3 A Registrar must comply with a direction by .au Domain Administration to immediately suspend or cancel a licence where it is necessary to protect the security, stability and integrity of the Registry or DNS or it is in the public interest.
PART 3 – AMENDMENTS
3.1 OVERVIEW
|
The following is an overview of this Part:
|
3.2 AMENDMENT TO THE AUDA RULES
3.2.1 .au Domain Administration has the power to amend these auDA Rules after consultation with the Registrars and Registry Operator.
3.2.2 Any finalised amendments made under paragraph 3.2.1 will be publicly available on the .au Domain Administration website (www.auDA.org.au) at least 21 calendar days before the amendments come into effect.
3.2.3 In circumstances where an amendment is required to:
- protect the integrity, stability or utility of the .au domain; or
- prevent licences being issued for abusive or speculative reasons;
then the 21 calendar day notice period as specified in paragraph 3.2.2 will not be applicable.
SCHEDULE A – FORM
Standard Text for Transfer Form
Under paragraph 2.11.3 of these auDA Rules, the Registrant transfer form used by the Registrar must contain the standard text below.
Declaration by Current Registrant of Domain Name (Transferor)
I/We declare and warrant to the Registrar and to .au Domain Administration Ltd that:
- I am authorised to submit this form for or on behalf of the current Registrant of the domain name; and
- the current Registrant of the domain name is entitled to transfer the domain name licence to the proposed new Registrant; and
- all information contained in this transfer form are true, complete and correct, and not misleading.
The current Registrant hereby transfers the domain name licence to the proposed new Registrant, subject to the terms and conditions on which the current Registrant held the domain name licence at the time of transfer.
Declaration by Proposed New Registrant of Domain Name (Transferee)
I/We declare and warrant to the Registrar and to .au Domain Administration Ltd that:
- I am authorised to submit this form for or on behalf of the proposed new Registrant of the domain name; and
- the proposed new Registrant is eligible to hold the domain name licence under the auDA Rules from time to time; and
- all information contained in this transfer form are true, complete and correct, and not misleading.
The proposed new Registrant hereby accepts the transfer of the domain name licence, subject to the terms and conditions on which the current Registrant held the domain name licence at the time of transfer.
NOTE:All domain name licences are issued subject to .au Domain Administration’s mandatory terms and conditions and the auDA Rules applicable from time to time, available at www.auDA.org.au. Non-compliance with such terms and conditions or the auDA Rules may lead to the cancellation of a domain name licence.
SCHEDULE B – FORM
Standard Transfer Confirmation Message
DOMAIN NAME TRANSFER – REQUEST FOR CONFIRMATION
Attention: <insert Registrant contact name>
Re: Transfer of <insert domain name>
The current registrar of record for this domain name is <insert name of losing registrar>
We have received a request from <insert name of Person requesting transfer> for us to become the new registrar of record.
You have received this message because you are listed as the Registrant contact for this domain name in the WHOIS database.
Please read the following important information about transferring your domain name:
- You must agree to enter into a new Licence Agreement with us. You can review the full terms and conditions of the Agreement at <insert URL>
- Once you have entered into the Agreement, the transfer will take place within two calendar days.
- The transfer will not change the expiry date of your domain name, which is <insert expiry date>.
If you wish to proceed with the transfer, please contact us <insert gaining registrar contact details> with the following message:
“I confirm that I have read the Domain Name Transfer – Request for Confirmation Message.
I confirm that I wish to proceed with the transfer of <insert domain name> from <insert name of losing registrar> to <insert name of gaining registrar>.”
SCHEDULE C – FORM
Standard Transfer Audit Message
DOMAIN NAME TRANSFER
Attention: <insert Registrant contact name>
Re: Transfer of <insert domain name>
We are the current registrar of record for this domain name.
We received notification on <insert date of notification> that you have requested a transfer to <insert name of gaining registrar>. This means that <insert name of gaining registrar> will become the new registrar of record for your domain name on <add two days to date of notification>.
If you have authorised this transfer, you are under no obligation to respond to this message.
If you did not authorise this transfer, please contact us <insert losing registrar contact details>.
SCHEDULE D – FORM
Standard Bulk Transfer Notification
Under paragraph 2.11.19 of these auDA Rules, the gaining Registrar must send a standard bulk transfer notification to each Registrant contact listed in the Registry database at 30 calendar days and again at seven calendar days before the date of the bulk transfer.
The purpose of the message is to safeguard both the Registrant and the gaining Registrar by ensuring that the Registrant:
(a) receives due notice of the transfer; and
(b) is given a reasonable opportunity to transfer their domain name to a different Registrar if they do not want their domain name to be transferred to the gaining Registrar.
The message must contain the text below, or equivalent text as approved by .au Domain Administration:
Re: Transfer of <insert Registrant contact name>
The current Registrar of record for this domain name is <insert domain name>
You have received this message because you are listed as the Registrant contact for this domain name in the WHOIS database.
<insert reason for bulk transfer>
<insert name of gaining Registrar> will be assuming the obligation to provide Registrar services to you.
Your domain name will be transferred to <insert name of gaining Registrar> on <insert date of bulk transfer>.
If you do not want your domain name to be transferred to <insert name of gaining Registrar>, then you must take action to transfer your domain name to another Registrar prior to <insert date of bulk transfer>.
SCHEDULE E – FORM
WHOIS FIELDS FOR .AU OPEN SECOND LEVEL DOMAINS
| Field Name | Field Description |
| Domain Name | Registered domain name |
| Last Modified | Date the domain name record was last modified (includes renewal, transfer and update) |
| Status | Status of the domain name (e.g. “OK”, “pendingTransfer”, “pendingDelete”) |
| Registrar Name | Name of the registrar of record |
| Reseller Name | Name of the recorded reseller (if applicable) |
| Registrant | Legal name of the Registrant entity (e.g. company name) |
| Registrant ID | ID number associated with the Registrant entity, if any (e.g. ACN for company) |
| Eligibility Type | Registrant’s eligibility type (e.g. “Company”) |
| Eligibility Name | Name used by the Registrant to establish eligibility, if different from their own legal name (e.g. registered business name or trademark) |
| Eligibility ID | ID number associated with the name used by the Registrant to establish eligibility (e.g. BN for registered business name, TM number for registered trademark) |
| Registrant Contact ID | Registry code used to identify the Registrant |
| Registrant Contact Name | Name of a contact Person for the Registrant |
| Registrant Contact Email | Contact email address for the Registrant |
| Tech Contact ID | Registry code used to identify the technical contact |
| Tech Contact Name | Name of a technical contact for the domain name (e.g. Registrar, reseller, webhost or ISP) |
| Tech Contact Email | Contact email address for the technical contact |
| Name Server | Name of computer used to resolve the domain name to Internet Protocol (IP) numbers (minimum of two name servers must be listed) |
| Name Server IP | IP number of the name server |
| DNSSEC | DNSSEC status (whether the domain name is signed or unsigned) |
.au Namespace Implementation
Publication Date: 17 June 2019
Published: 17 June 2019
Status: Commencement date to be advised
1.1 OVERVIEW
|
On 18 April 2016, the Board of .au Domain Administration Limited approved second level domain name registration in the .au namespace. This will allow Australian users of the Internet to register a name directly before the dot in .au, for example, auda.au. These .auDA Rules specify the process to be followed for the implementation of the .au namespace, including details on the:
|
1.1.1 These .au Domain Administration Rules (.auDA Rules) have been made by .au Domain Administration Limited (ABN 38 079 009 340) (.au Domain Administration) in its capacity as the administrator of, and Australian self-regulatory policy body for, the .au ccTLD.
1.1.2. The .auDA namespace implementation Rules are binding on:
(1) a Person who makes an application for Priority Status to register in the .au namespace; and
(2) a Registrar under the Registrar Accreditation Agreement.
1.1.3 An application for a licence in the .au namespace is governed by the .auDA Licencing Rules.
1.2 OBJECTS
1.2.1 The objects of the .auDA .au Namespace Implementation Rules are to:
(1) establish a transparent and equitable process for priority registration of licences in the .au namespace;
(2) provide protection to existing Registrants of eligible licences as recorded in the Registry Data in order to ensure public confidence and trust in .au; and
(3) implement an efficient and effective dispute process for the registration of licences in the .au namespace.
1.3 COMMENCEMENT
1.3.1 These .auDA Rules will commence on TBA.
1.3.2 The Commencement Table below specifies the relevant timings for the .au namespace implementation:
| Application Period | Priority Registration Period | |
| Priority Status (Category 1) | TBA | Ongoing |
|
Priority Status (Category 2)
|
TBA | TBA |
| General Availability | Not applicable | Not Applicable |
1.3.3 .au Domain Administration must undertake a review of the .au Namespace Implementation Rules at 12 months, 18 months, 24 months and 30 months after the commencement date.
1.3.4 The Board of .au Domain Administration may, at its sole discretion, specify an end date for the Priority Registration of Priority Status (Category 1) domain names.
1.4 DEFINITIONS
In these .auDA Rules:
.au namespace means the registration of licences at the second level.
NOTE: For example: auDA.au
Application period means the 180 calendar day period after the commencement date, in which an eligible Person can make an application for Priority Status to the Registrar.
Australian presence means:
(1) an Australian resident who is an Australian citizen or a permanent resident visa holder;
(2) a company registered under the Corporations Act 2001 (Cth);
(3) a Registrable Body means a registrable Australian body or a foreign company under the Corporations Act 2001 (Cth) which has an Australian Registered Body Number (ARBN);
(4) an Indigenous Corporation registered under the Corporations (Aboriginal and Torres Strait Islander) Act 2006 (Cth) on the Register of Aboriginal and Torres Strait Islander Corporations;
(5) a Registered Organisation that is:
(a) an association of employers;
(b) an association of employees (union); or
(c) an enterprise association;
registered under the Fair Work (Registered Organisations) Act 2009 (Cth) and which appears on the Register of Organisations;
(6) a Cooperative registered under State or Territory legislation and which appears on the State or Territory register of cooperatives;
(7) a Charity registered under the Australian Charities and Not-for-Profits Act 2012 (Cth), and which appears on the Australian Charities and Not-for-Profits Commission’s Charities and Not-for-Profits Register;
(8) a Political Party registered under the Commonwealth Electoral Commission Act 2012 and which appears on the Register of Political Parties;
(9) a Partnership under the relevant Australian State or Territory law where at least 60% of the partners are Australian citizens or permanent resident visa holders or an Australian body corporate;
(10) an Unincorporated Association formed in an Australian State or Territory with at least its management committee being Australian citizens or permanent resident visa holders;
(11) a Trust where the trustee must be an Australian citizen or the trustee is an Australian body corporate;
(12) an Educational Institution regulated under an Australian State, Territory or Commonwealth law;
(13) Government, being either the Crown or a Commonwealth, State or Territory statutory agency;
(14) a Commonwealth entity as defined in section 10 of the Public Governance, Performance and Accountability Act 2013 (Cth);
(15) an Australian Trademark application or registration in circumstances where a Person does not meet any other Australian Presence requirements but who has applied for or registered a word mark under the Trade Marks Act 1995 (Cth), and who thereby may apply to register a domain name that is an exact match of the word mark applied for or registered.
Authorisation code has the same meaning as paragraph 2.12 of the auDA Licencing Rules.
Commencement date means the date, as determined by the Board of .au Domain Administration, when registrations in the .au namespace will commence.
Creation date means the creation date of the licence as recorded in the Registry.
Cut-off date means the date set by the Board of .au Domain Administration to determine eligibility for Priority Status.
Designated person means the Person who the multiple applicants for the same domain name, have agreed should be the sole Person to register that name in the .au namespace.
Domain name means a unique identifier consisting of a string of alphanumerical characters registered in a designated namespace and recorded in WHOIS data.
Eligible licence means a licence in the following namespaces: .com.au, net.au, org.au, asn.au, id.au, vic.au, nsw.au, qld.au, act.au, sa.au, tas.au, nt.au, wa.au, edu.au, vic.edu.au, wa.edu.au, tas.edu.au, nt.edu.au, schools.nsw.edu.au, education.tas.edu.au, nsw.edu.au, act.edu.au, eq.edu.au, qld.edu.au, sa.edu.au, catholic.edu.au, gov.au, vic.gov.au, nsw.gov.au, act.gov.au, sa.gov.au, and wa.gov.au; and recorded in the Registry. An eligible licence is assessed under the auDA Published Policies in effect immediately prior to the commencement date.
First come, first served means that the first Person who applies for a licence with a domain name will be entitled to use that domain name, subject to its availability and the Person satisfying eligibility criteria.
General Availability means the point in time after the commencement date, when applications to register a licence in the .au namespace may be received from any eligible Person on a first come, first served basis.
Licence means a non-exclusive, non-transferable, revocable licence issued by .au Domain Administration, to a Person to use the Domain Name System (DNS) with a unique identifier of their choice.
No hierarchy of rights means that a person has no better entitlement to a name in a namespace than any other person and that no namespace is of greater or lesser value than another namespace.
NOTE: For example, a trademark rights holder has no better entitlement to the same name in a namespace than any other person.
No proprietary rights in a domain name means a Registrant has a licence to use the Domain Name System (DNS) with a unique identifier (a domain name) for a specified period in a specific namespace, subject to terms and conditions. A Person may dispose of a licence by transferring it to an eligible third party, cancelling the licence or failing to renew it. A Person does not legally ‘own’ a domain name.
Person means:
(1) a Commonwealth, State or Territory Minister;
(2) a Commonwealth, State or Territory statutory authority;
(3) a Commonwealth entity;
(4) an Australian company;
(5) a Registrable Body;
(6) an Incorporated association;
(7) an Indigenous corporation;
(8) a Registered Organisation under the Fair Work (Registered Organisations) Act 2009 (Cth);
(9) an Incorporated limited partnership under State or Territory legislation;
(10) a Cooperative under State or Territory legislation, and which appears on the State or Territory register of cooperatives; or
(11) a Natural Person who is 18 years or older.
A Person does not include a privacy or proxy service.
Registrant means a Person who is issued a licence to use the DNS with a unique identifier (domain name) and is recorded as the ‘Registrant’ in the Registry Data.
Registrar means a Person that is:
(1) accredited by .au Domain Administration as a Registrar; or
(2) authorised by .au Domain Administration to process Registry Data on behalf of Registrants in regard to a particular namespace.
Registrar of Record means the Registrar recorded as the Registrar for the licence in the WHOIS data.
Registry Data means all data maintained in electronic form in the Registry, including:
(1) Registrant contact information;
(2) technical and administrative contact information;
(3) WHOIS data;
(4) all other data submitted by Registrars in electronic form; and
(5) any other data concerning particular registrations or nameservers maintained in electronic form in the Registry Data base.
Reserved name means a name which is withheld from the DNS and is not available for registration by any Person, except in certain circumstances.
WHOIS data means an extract of the domain namespace data which is made available to the public through a WHOIS service provided by the Registry Operator.
Writing includes the recording of words or data in any way (including electronically) or the display of such by any form of communication if at the time of recording it was reasonable to expect that the words or data would be readily accessible so as to be useable for subsequent reference.
1.5 IMPLEMENTATION PROCESS
1.5.1 The implementation of second level licences consists of:
(1) Priority Status (Category 1)
(2) Priority Status (Category 2)
(3) General Availability
General Availability
1.5.2 A Person may apply to register a licence in the .au namespace from commencement date, subject to the availability of the domain name and satisfying the Australian Presence requirement.
1.5.3 A domain name will be available for registration where:
(1) there is not an eligible licence with that domain name recorded in the Registry Data immediately prior to the commencement date; and
(2) the name is not a reserved name under paragraph 2.6 of the .auDA Licencing Rules.
1.5.4 An application for and a granting of a licence in the .au namespace is governed by the .auDA Licencing Rules.
Priority Status Names
1.5.5 .au Domain Administration will reserve all domain names in the Registry Data, where a licence has a creation date:
(1) before or on the cut-off date (Category 1); and
(2) after the cut-off date and immediately before commencement date (Category 2).
1.5.6 Where there is an eligible licence for the same domain name in Category 1 and Category 2, the domain name will be allocated to Category 1.
NOTE: For example, there are two eligible licences with the domain name ‘auDA’: auda.org.au and auda.com.au. The licence auda.org.au has a creation date of 12 October 2001 and the auda.com.au licence has a creation date of 10 March 2018. The domain name ‘auDA’ will be allocated exclusively to Category 1.
1.5.7 A domain name allocated to Category 1 in accordance with paragraph 1.5.6 will default to Category 2 where no applications for that domain name in Category 1 are received before the end of the Application period.
NOTE: For example: The domain name ‘auDA’ is allocated to Category 1 as the licence auda.org.au has a creation date of 12 October 2001. The Person holding the .auDA.org.au licence fails to make an application for that domain name before the end of the Application Period. The domain name ‘auDA’ will default to Category 2 as there is an eligible licence ‘auda.com.au’ with a creation date of 10 March 2018.
1.5.8 A domain name reserved under paragraph 1.5.5 will be available for registration by a Person with Priority Status for that name, subject to any requirements under these .auDA Rules and the .auDA Licencing Rules.
1.5.9 A Person will only have Priority Status for a domain name at the second level that is an exact match to the domain name of the eligible licence.
NOTE: For example, auDA Pty Ltd which holds the eligible ‘auda.com.au’ licence would have Priority Status to register ‘auda.au’ but not ‘auda2.au’ or ‘aauda.au.’
1.6 PRIORITY STATUS ELIGIBILITY
1.6.1 If a Person holds an eligible licence:
(a) which has a creation date before or on the cut-off date; and
(b) which is recorded in the Registry Data,
the Person may apply for Priority Status (Category 1) to register the exact match of that domain name at the second level.
1.6.2 If a Person holds an eligible licence which:
(a) has a creation date after the cut-off date and immediately prior to commencement date, and
(b) is recorded in the Registry Data
the Person can apply for Priority Status (Category 2) to register the exact match of that domain name at the second level.
1.6.3 A Person whose licence is not recorded in the Registry Data is unable to apply for Priority Status.
NOTE: For example, justice.nt.gov.au is not recorded in the Registry Data, as the Department of Corporate manages the nt.gov.au sub-domains on behalf of the Northern Territory Government.
1.6.4 In order to apply for Priority Status, the Person must:
(1) hold an eligible licence with a creation date
(a) before or on the cut-off date (Category 1); or
(b) after the cut-off date and immediately before commencement date (Category 2);
(2) be eligible to hold that licence at the time of making the application under:
(a) .auDA Published Policies in existence immediately prior to the commencement date of these .auDA Rules;
(b) 2016-02 edu.au Registration Policy; or
(c) gov.au Domain Name Guidelines;
(5) be eligible to register a licence in the .au namespace under the .auDA Licencing Rules;
(6) not be subject to a dispute resolution or court proceeding in respect to the eligible licence; and
(7) make the application to the Registrar by or on:
(a) TBA for Category 1; or
(b) TBA for Category 2.
1.7 APPLICATION PROCESS
1.7.1 A Person must make an application for Priority Status to the Registrar for their eligible licence using that Registrar’s form.
1.7.2 A Person must apply for each eligible licence, in each relevant namespace, where the domain name is unique.
NOTE: For example: .au Domain Administration LTD will make one application for auDA.org.au, auDA.com.au; auDA net.au, and auDA.asn.au as the same name is registered for multiple eligible licences.
1.7.3 A Person must make an application for Priority Status to the Registrar before or on TBA.
1.7.4 A Registrar must reject an application by a Person for Priority Status which is received by the Registrar after TBA.
1.7.5 An application must include:
(1) the name of the Person applying;
(2) the details of the eligible licence or licences and the relevant domain name or names;
(3) evidence that the Person satisfies the eligibility criteria for a licence in the .au namespace;
(4) agreement to the Priority Status Terms and Conditions as specified in paragraph 1.10 of these .auDA Rules; and
(5) the payment of the application fee.
1.7.6 A Person making an application for Priority Status must provide the Registrar with the authorisation code for each eligible licence.
1.7.7 A Registrar must reject an application for Priority Registration where the Person has not provided the authorisation code for each eligible licence.
1.7.8 A Person’s eligibility for Priority Status is determined by the Registrar at the date of making the application.
1.7.9 A Registrar must reject an application from the Person in the following circumstances:
(a) the Person no longer satisfies the eligibility or allocation criteria to hold the eligible licence in the relevant namespace; or
(b) the Person does not satisfy the eligibility criteria to the register a licence in the .au namespace.
1.7.10 After making an application, the Person:
(1) will not be able to update or change their Registrant information for the eligible licence in the Registry Data; and
(2) cannot transfer the eligible licence to another Person during the Application Period;
but
(3) will be able to renew (if applicable) the eligible licence during the Application Period.
1.8 PRIORITY STATUS
Decision to Grant Priority Status
1.8.1 .au Domain Administration will grant a Person Priority Status (Category 1 or 2), in circumstances where a Registrar has determined that:
(1) the Person has provided the authorisation code for each eligible licence;
(2) the Person meets the Priority Status ( Category 1 or 2) eligibility criteria
(3) the Person is eligible for a licence in the .au namespace;
(3) the Person has agreed to the Priority Status Terms and Conditions as specified in Section 1.10 of these .auDA Rules; and
(4) the Person has paid the application fee.
1.8.2 .au Domain Administration and the Registrar will:
(1) determine Priority Status (Category 1 or 2) by reference to the creation date of the licence recorded in the Registry; and
(2) use the Registry Data as the sole reference for its determination.
1.9 PRIORITY STATUS RIGHTS
Priority Status (Category 1)
No applications
1.9.1 If there are no applications for a domain name in Category 1 by the end of the Application Period, then the domain name will:
(a) default to Category 2 where there is an eligible licence with the same domain name; or
(b) where there is no eligible licence with that domain name in Category 2, the domain name will be available to the public on a first come, first served basis.
1.9.2 .au Domain Administration will publish on its website within three calendar days of the close of the Application Period for Category 1, any domain names which will be reallocated to Category 2.
Single
1.9.3 If there are no other Persons with an eligible licence of the same domain name with Priority Status (Category 1) then:
(1) that Person may apply to register the exact .au match of that domain name; and
(2) must do so no later than TBA.
1.9.4 If the Person has not registered the licence in accordance with paragraph 1.9.1, then the name will be available for registration on a first come, first served basis.
Multiple
1.9.5 If there are multiple Persons with an eligible licence of the same domain name with Priority Status (Category 1), then:
(1) those Persons may negotiate an agreement as to which, if any, will be the Designated Person to register the exact .au match of the same domain name in the .au namespace.
1.9.6 The Persons specified in paragraph 1.9.5 may contact each other by using the relevant contact details listed in WHOIS data.
If Agreement is Reached
1.9.7 If the Persons reach an agreement, then:
(1) all other Persons must withdraw their applications for the domain name, by advising the relevant Registrar; and
(2) the Designated Person may register the domain name no later than 30 days after the date the last application is withdrawn.
1.9.8 If the Designated Person has not registered the licence in accordance with subparagraph 1.9.7(2), then the domain name will become available on a first come, first served basis.
1.9.9 Once a Registrar is advised in accordance with subparagraph 1.9.7(1), then the Registrar must notify the Registry within 24 hours after receiving that advice.
If no agreement is reached
1.9.10 If the Persons fail to reach agreement under paragraph 1.9.7, then the Persons with an application for that domain name must pay an annual application renewal fee.
1.9.11 A Person’s application for a domain name will automatically lapse where:
(a) the Person fails to pay the annual application renewal fee; or
(b) the Person no longer satisfies the eligibility and allocation criteria for the eligible licence or
(c) the Person is no longer eligible for a licence in the .au namespace.
1.9.12 If there are no other Persons with eligible licences with Priority Status, then the remaining Person must apply to register the domain name within 30 calendar days of the last application being withdrawn or having lapsed.
1.9.13 .au Domain Administration will publish on its website the annual application renewal fee.
Priority Status (Category 2)
No application
1.9.14 If there are no applications for the domain name in Category 2, then the domain name will be made available to the public on a first come, first served basis.
Single
1.9.15 If there are no other Persons with an eligible licence of the same domain name with Priority Status (Category 2) then:
(1) that Person may apply to register the exact .au match of that domain name; and
(2) must do so no later than TBA.
1.9.16 If the Person has not registered the domain name in accordance with paragraph 1.9.15, then the name will be available for registration on a first come, first served basis
Multiple
1.9.17 If there are multiple Persons with an eligible licence of the same domain name with Priority Status (Category 2), then the Person with the eligible licence with the earliest creation date:
(a) may apply to register the exact .au match of that domain name; and
(b) must do so no later than TBA.
1.9.18 If the Person has not registered the domain name in accordance with paragraph 1.9.17, then the name will be available for registration on a first come, first served basis.
NOTE: For example:
On 5 February 2018, Eric registered johnsmith.net.au.
On 8 February 2018, Frank registered johnsmith.com.au.
Both make an application for Priority Status (Category 2).
At the end of the Application Period, Eric can immediately register johnsmith.au.
If Eric fails to register the domain name by 1 August 2020, then anyone (and not just Frank) can do so.
1.10 TERMS AND CONDITIONS
1.10.1 All applications made by Persons for Priority Status are subject to the following:
(1) .auDA Published Policies (where applicable) in force immediately before the commencement date of the .auDA Licencing Rules:
(2) the 2016-02 edu.au Registration Policy
(3) the gov.au Domain Name Guidelines; and
(4) the .auDA Rules:
(a) .au Namespace Implementation; and
(b) Licencing.
1.10.2 Without limiting any Licencing Agreement or applicable .auDA Published Policies the following are deemed to have been warranted by the Person in making the application:
(1) the Person has the authority to make the application;
(2) the information provided in the application is current, complete and accurate;
(3) the Registrant Contact information for the eligible licence is correct and up to date;
(4) the Person meets and will continue to meet, the eligibility and allocation criteria for the eligible licence through the Priority Status Period under the (where applicable):
(a) Domain Eligibility and Allocation Policy Rules for the Open 2LDs (2012-04); and
(b) Guidelines on the Interpretation of Policy Rules for the Open 2LDs (2012-05);
(c) Policy Rules and Guidelines for Community Geographic Domain Names (2008-04);
(d) 2016-02 edu.au Registration Policy; or
(e) gov.au Domain Name Guidelines.
(5) the eligible licence details recorded in WHOIS are current, complete and accurate;
(6) the Person is eligible for the licence in the .au namespace under the .auDA Licencing Rules;
(7) the Person agrees that the information contained in the Registry is the sole reference for determining:
(a) eligible licences;
(b) the Person’s eligibility to hold the eligible licence.
(8) the Person acknowledges that an application for Priority Status does not guarantee that the licence in the .au namespace will be allocated to them;
(9) the Person agrees that where multiple applications for Priority Status are received from different Persons with an eligible licence of the same domain name, then the resolution of competing claims is solely subject to the .auDA .au Namespace Implementation Rules;
(10) the Person agrees that the resolution of competing claims between Persons, is solely a matter between those Persons with Priority Status, and .au Domain Administration has no role, responsibility or remit to assist Persons to resolve those claims;
(11) the Person agrees to indemnify and keep .au Domain Administration and its employees indemnified from and against all suits, actions, claims, demands, losses, liabilities, damages, costs and expenses, that may be made, or bought against or suffered or incurred by .au Domain Administration, arising out of or in connection with the breach of any policy or agreement that the Person may have .au Domain Administration; and
(12) the Person acknowledges that their eligible licence or Priority Status may be cancelled by the Registrar or .au Domain Administration if any of the warranties specified in paragraph 1.10.2(1-11) of these .auDA Rules, are untrue, inaccurate or incomplete.
1.11 COLLECTION, USE AND DISCLOSURE
Consent of Person
1.11.1 By making an application for Priority Status, it is deemed that the Person has consented to the collection, use and disclosure of information provided in that application, by the Registrar, Registry and .au Domain Administration for the following purposes:
(1) assessment of an application for Priority Status;
(2) the monitoring of a Person’s compliance with the Terms and Conditions specified in section 1.8 of these .auDA Rules;
(3) to assist and resolve complaints relating to Priority Status and the registration of a licence in the .au namespace;
(4) to provide a WHOIS service for resolution of competing claims;
(5) to support alternative dispute resolution or court proceedings.
1.11.2 The Person acknowledges that the consent given under paragraph 1.11.1 of these .auDA Rules, is in addition to the consent provided by the Person at the time the Person applied to register a licence.
1.12 CANCELLATION OF LICENCES
Obligation of Person
1.12.1 A Person applying for Priority Status must be eligible, and remain eligible, for the eligible licence and a licence in the .au namespace, throughout the Priority Status period.
1.12.2 If the requirement specified in paragraph 1.10.1 is not satisfied, then .au Domain Administration or a Registrar must cancel the eligible licence.
1.12.3 If the eligible licence is cancelled under paragraph 1.10.2, then:
(1) the Person will not be granted or will no longer have Priority Status; and
(2) will be ineligible to register the licence in the .au namespace during the Priority Status period.
1.13 COMPLAINTS ABOUT ELIGIBILITY
General Availability
1.13.1 Complaints about a Person’s eligibility for a licence in the .au namespace under paragraph 1.5.2 of these .auDA Rules (General Availability) must be made under Part 3 of the .auDA Licencing Rules.
Priority Status
1.13.2 A Person may make a complaint to the Registrar of Record or .au Domain Administration about:
(a) a Person’s legal capacity to hold an eligible licence;
(b) a Person’s eligibility for an eligible licence; and
(c) a Person’s eligibility for a licence in the .au namespace.
1.13.3 A Person must make a complaint under paragraph 1.11.2 before the registration of the domain name in the .au namespace using the form provided by the Registrar or .au Domain Administration.
1.13.4 The Registrar or .au Domain Administration must resolve a complaint within 28 calendar days, unless the Person is notified otherwise.
1.13.3 A complaint under sub-paragraph 1.11.2(a) and (b) must be resolved in accordance with (where applicable):
(a) Complaints Policy (2015-01);
(b) Complaints (Registrant Eligibility) Policy (2004-01); or
(c) 2015-07 edu.au Complaints Policy; or
(d) gov.au Dispute Resolution Policy.
1.13.4 A complaint made under sub-paragraph 1.11.2(c) must be resolved in accordance with Part 3 of the .auDA Licencing Rules.
Corporate Policies
| Process for the Development and Review of auDA Published Policies |
DNSSEC Policy and Practice Statement (DPS) for the .au Domain
Privacy Policy
Published March 2020
Background
.au Domain Administration Limited (ACN 079 009 34) (auDA) recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document sets out auDA’s privacy policy, and tells you how we collect and manage your personal information in the course of performing our functions and activities as the administrator and self-regulatory policy body for the Australian country code top-level domain (.au ccTLD).
We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and other applicable laws that protect your privacy. We are committed to complying with these laws, including the Australian Privacy Principles (APPs) which are set out in the Act, and regulate how we must handle your personal information.
What is personal information?
The Act provides for the protection of “personal information” which is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is either identified or reasonably identifiable. When used in this privacy policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
What personal information do we collect and hold?
The types of personal information we may collect about you include:
- name;
- mailing or street address;
- email address;
- telephone number;
- payment details;
- age or birth date;
- profession, occupation or job title;
- IP Address;
- Any unique alphanumerical identifier issued under Australian law, which is recorded in the database being relied upon by a registrar for that Person (e.g. ABN number for a sole trader, Drivers Licence number);
- Drivers licence;
- Birth certificate of a natural person who is an Australian citizen;
- Australian passport;
- Certificate of Australian Citizenship;
- Letter of grant of a permanent visa for a permanent Australian visa holder;
- any additional information relating to you that you provide to us directly through our websites or indirectly through your registration of a domain name licence, or use of our websites or online presence, through our representatives or otherwise;
- information you provide to us through our Compliance Department or membership surveys;
- information collected through cookies or tracking technologies (including IP address);
- any other information collected to become an accredited registrar;
- any other information collected to receive a reseller ID;
- any other information collected for an auDA event;
- any other information collected as part of a submission for Policy change;
- any other information collected as part of a job application; and
- any other information collected for a new employee.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health, racial or criminal record information. auDA only collects sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented; or
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect information about whether the directors, officers or relevant staff of a registry operator appointment or registrar accreditation have been convicted of a criminal offence.
How auDA Collects Personal Information
We collect your personal information directly from you, unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in various ways including:
- when you complete your Associate Membership application;
- when you complete an application to become an accredited registrar;
- when you complete an application to receive a reseller ID;
- when you apply to attend an auDA event;
- when you participate in an auDA submission for policy change;
- through your access and use of our website;
- written communications;
- during conversations between you and our representatives;
- recordings of auDA public forums;
- auDA Foundation grant applications;
- job applications; and
- new employee onboarding.
We may also collect personal information from third parties including:
- from third party companies such as credit reporting agencies, law enforcement agencies, other government entities, and contractors or subcontractors acting on our behalf;
- your employer, where you are nominated as a contact for the entity as part of an application, submission or other communication; and
- from the central domain name registry that contains personal information you submitted as part of the registration of a domain name licence through an accredited registrar or one of their resellers.
Cookies
In some cases we may also collect your personal information through the use of cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited. We use this to research our users’ habits so that we can improve our online services. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.
We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track user movements, and gather broad demographic information.
What happens if we can’t collect your personal information?
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide you with an Associate Membership to auDA;
- we may not be able to provide you with updated information about auDA and the .au namespace;
- we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful;
- we may not provide you with accreditation as a registrar;
- we may not be able to assist you in addressing your complaint or general enquiry; and
- we may not be able to provide you with other services that you may request.
For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can provide you with services that you request, perform our business activities and functions and provide the best possible quality of customer service.
We collect, hold and use your personal information for the following purposes:
- to perform our roles and responsibilities for the administration of the .au country code top level domain and management of the Australian domain name system;
- to ensure you are held accountable for the use of domain name licences in compliance with Australian law;
- to review your eligibility to hold a domain name licence;
- to keep you informed of auDA Membership related news and events;
- to accredit and license registrars;
- to process applications for the auDA Foundation;
- to conduct policy consultation processes;
- to consider applications for employment;
- to answer enquiries and provide information or advice about existing and new products or services;
- to assess the performance of the auDA website and improve the operation of the auDA website;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint or general enquiry made by you;
- to process and respond to any complaint about your eligibility to hold a domain name licence;
- to collect feedback about our products, services, website, policies and processes, including about our complaints handling processes; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.
To whom may we disclose your information?
We may disclose your personal information to:
- our employees, contractors or service providers for the purposes of operation of our website or our business, to fulfil requests by you and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors, law enforcement agency and consultants; and
- any organisation for any authorised purpose with your express consent.
Direct marketing materials
We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us at privacy@auda.org.au
How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us at privacy@auda.org.au Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Amendment requests should be forwarded to privacy@auda.org.au
What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact our Privacy Officer at privacy@auda.org.au and provide details of the concern or incident so that we can investigate it.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. Our Privacy Officer deals with privacy complaints and any complaints should be directed to our Privacy Officer at privacy@auda.org.au. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view
Do we disclose your personal information to anyone outside Australia?
We may disclose personal information to our related third-party service providers located overseas.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
- our DNS name server data hosting facilities and other IT service providers which may be located outside of Australia; and
- to other third parties which may be located outside of Australia .
Security
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
We maintain a plan and procedures for responding to actual or suspected data security breaches involving personal information in accordance with applicable requirements under the Act.
Links
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
Contacting us
If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details set out below.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
Please contact our Privacy Officer at:
Privacy Officer, auDA
Post: Level 17, 1 Collins Street, Melbourne 3000 Victoria
Tel: 03 8341 4111
Email: privacy@auda.org.au
Changes to our privacy policy
We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website. Please review it regularly.
This privacy policy was approved by the auDA Board on 16 September 2019.