Hogan Lovells 2024 Election Impact and Congressional Outlook Report
This is the October edition of Anchovy News. Here you will find articles concerning ICANN, the domain name industry and the recuperation of domain names across the globe. In this issue we cover:
Domain name industry news: Adios to .IO? / NIS2 Directive Article 28 / .KW direct registrations now allowed.
Domain name recuperation news: How far would you travel for childcare? Implausible argument leads Panel to reject UDRP / Down the rabbit hole / .LV leaves court proceedings behind with new ADR Policy.
Newsletter sections:
For earlier Anchovy News publications, please visit our Domain Names practice page. Learn more about Anchovy® - Global Domain Name and Internet Governance here.
On 3 October 2024, the governments of the Republic of Mauritius and the UK released a joint statement affirming their commitment to the handover of the British Indian Ocean Territory (BIOT), (also known as the Chagos Islands), to Mauritius. The handover has raised questions in the domain name world regarding the fate of BIOT’s .IO domain, given that it is based on the International Standards Organisation’s (ISO) “IO” specification for the Territory, which will presumably cease to exist once the handover is finalised.
BIOT is made up of seven atolls of the Chagos Archipelago and over 1,000 individual islands. The Chagos Archipelago was separated from the British Colony of Mauritius by the United Kingdom in 1965 to form BIOT and the largest island, Diego Garcia, has been the site of a joint military facility of the United Kingdom and the United States since the early 1970s. Around 2,000 native Chagossians were sent to Mauritius and the Seychelles between 1968 and 1973 in order to make way for the installation of the military facility.
In recent years, the .IO country code Top Level Domain (ccTLD) has become popular with IT professionals, tech startups and crypto enthusiasts due to its association with the techie term “input / output”, although it has also been the subject of sporadic boycotts by those sympathetic to the plight of the Chagossians.
The joint statement detailed the deal struck by the two governments under which native Chagossians should be able to return to the islands, with the proviso that “for an initial period of 99 years, the United Kingdom will be authorised to exercise with respect to Diego Garcia the sovereign rights and authorities of Mauritius required to ensure the continued operation of the base well into the next century.”
Once the handover is finalised, the IO specification on the ISO 3166-1 alpha-2 list may be removed by ISO and, under the established protocol, no further .IO domain name registrations should be permitted by the Internet Assigned Numbers Authority (IANA), a body that is part of the Internet Corporation for Assigned Names and Numbers (ICANN) and which creates and delegates top-level domains. Subsequent to this, a winding down process for the .IO extension could be completed within five (extendable to ten) years before the ccTLD is removed from the root.
An alternative fate for the Islands’ ccTLD might come about if the archipelago is assigned a different ISO specification. This would see the advent of a whole new extension to which existing .IO domain names could possibly be migrated. However, any such new extension might not have the same appeal as .IO, so take up would not be guaranteed.
Further complicating matters is the fact that the .IO ccTLD is administered by the Internet Computer Bureau, a domain name Registry company based in the United Kingdom, but one that has no formal relationship with the UK government, so the handover of the Islands will not necessarily result in a change of governance for the ccTLD.
There are a number of precedents for ccTLDs that have been retired under existing ICANN procedures. For example, the ccTLD for East Timor, which changed from .TP to .TL after the country obtained its independence. The .TP extension remained active for a transitional period until it was finally deleted in February 2015.
There was also the ccTLD for the former Netherlands Antilles, .AN, which was phased out after the Netherlands Antilles were dissolved in 2010. As of November 2010 the .AN domain remained live with over 800 domain names still registered before being discontinued on 31 July 2015. However, with possibly up to a million registered domain names (there is no official count), the disappearance of the .IO ccTLD would be much more significant.
Another possibility would be for IANA to strike a deal with the concerned parties to ensure the continued existence of the .IO extension as a “stateless ccTLD”.
We may not know more about .IO’s fate until the treaty between the UK and Mauritius is drafted. However, perhaps the ccTLD can look for reassurance to the continued existence of the .SU ccTLD, which was created for the USSR in 1990 and which subsists to this day, even though the Soviet Union collapsed more than 30 years ago.
EURid, the Registry responsible for running the .EU country code Top Level Domain (ccTLD), recently published two new Policies in line with the implementation by Belgium of the Network and Information Security Directive (NIS2 Directive) aimed at “enhancing security and transparency in domain name management.”
The Registration Data Disclosure Policy establishes the conditions under which “legitimate access seekers” can request access to registration data of a domain name holder. EURid will disclose registration data within 72 hours of receiving a duly motivated request demonstrating a legitimate interest (or within 24 hours for urgent cases). The Registration Data Verification Policy “focuses on maintaining the accuracy and completeness of registration data” with ongoing verification via the EURidity platform, launched in May 2024.
What is the NIS2 Directive Article 28 and how does it impact domain names?
On 18 September 2024, the NIS Cooperation Group, consisting of EU Member States’ representatives, issued its Recommendations for the implementation of NIS2 Directive Article 28 (Database of domain name registration data). Article 28 outlines the requirements for collecting, verifying, publishing, and disclosing domain registration data. Furthermore, EU member states were required to implement the NIS2 Directive into national law by Thursday, 17 October 2024.
Article 28 focuses on domain name registration data and stipulates that European member states shall require “TLD name registries and entities providing domain name registration services to collect and maintain accurate and complete domain name registration data in a dedicated database with due diligence in accordance with Union data protection law as regards data which are personal data.” Such data must include the following:
• The domain name
• The date the domain was registered
• The registrant’s name
• The registrant’s email address
• The registrant’s phone number
• The admin contact’s email and phone number, if the admin is different from the registrant
In response to the requirements of Article 28, EURid has introduced the “Know Your Customer” principle in relation to its domain name registration process, requiring domain name registrars to know who is registering a domain name and to ensure the legitimacy of the registrant’s identity. Additionally, Article 28 stipulates that registrars must “provide access to specific domain name registration data upon lawful and duly substantiated requests by legitimate access seekers, in accordance with Union data protection law”.
With these measures, the aim is to combat the misuse of domain names for malicious purposes, such as phishing attacks (malicious domain names that mimic legitimate sites to steal personal or financial information), malware distribution (domain names that host or distribute malware, including ransomware or spyware) as well as “Command and Control” (C2) servers (domain names used to control botnets, which can conduct DDoS attacks or massive spam campaigns).
There is some debate as to which entities are responsible for fulfilling the Article 28 requirements, given that Article 28 places the responsibility on Registries and domain registration service providers, which can be interpreted to include both registrars and resellers. In addition, as NIS2 is a Directive, not a Regulation, each European Member State is able to interpret its requirements differently, which could potentially result in different requirements and procedures for validating registrant data for each domain name Registry.
Nonetheless, and despite these concerns, Article 28 of NIS2 is a step forward in ensuring accurate registrant information for domain names at the point of registration. This should increase protection for both brand owners and the general public, as fraudsters more often than not use false identification data for malicious registrations.
The Communication and Information Technology Regulatory Authority (CITRA), the Registry of Kuwait, is currently authorising domain name registrations directly at the top level under its country code Top Level Domain (ccTLD) .KW.
Until now, domain name registrations were only available at the third level under extensions such as .COM.KW, .NET.KW or .ORG.KW. A registered trade mark or business name matching the domain name is required for these, as well as a local presence, which many registrars provide as a trustee service.
The same requirements will apply for registrations directly under .KW. The full details of the launch are not available yet, however the Registry announced that it will take place in three phases:
The Registry's website is available here.
For more information on this launch, please contact David Taylor or Jane Seager.
In a recent decision under the Uniform Domain Name Dispute Resolution Policy (UDRP) before the World Intellectual Property Organization (WIPO), a Panel denied a UDRP Complaint for the disputed Domain Name seedsoflifechildcare.com. The Panel found, contrary to the Complainant's submissions, that the disputed Domain Name had in fact been used by the Respondent in connection with a bona fide offering of services and that the Respondent was commonly known by the disputed Domain Name. The Panel found that the Complainant's arguments as to registration and use in bad faith were not persuasive, noting in particular that it was not plausible that the Respondent decided to register the disputed Domain Name to lure the Complainant's customers over 4,500 kilometers away to its own childcare services.
The Complainant, Seed of Life Center for Early Learning and Preschool, Inc., was a corporation established under the laws of the State of Washington, United States and headquartered in Seattle, Washington. The Complainant offered childcare services under a trade mark with a drawing of children's faces on flowers and the words "Seed of Life Center for Early Learning and Preschool, Inc." and contended that it had done so since October 2017. According to the Complainant's website, it offered childcare services in three locations in Seattle, Washington.
The Respondent was an individual, based in New York, United States, who registered the disputed Domain Name on 15 October 2021. At the time of filing of the Complaint, the Domain Name resolved to a website titled "Seeds of Life Child Care", advertising the licensed childcare services of the Respondent at a single location in Brooklyn, New York. According to the Respondent's website, the Respondent's childcare center had two members of staff, soon to become three.
To be successful in a complaint under the UDRP, a complainant must satisfy each of the following three requirements:
i. The domain name registered by the respondent is identical or confusingly similar to a trade mark or service mark in which the complainant has rights; and
ii. The respondent has no rights or legitimate interests in respect of the domain name; and
iii. The domain name has been registered and is being used in bad faith.
The Complainant argued that it had satisfied each of the elements required under the UDRP, including that the Respondent's service offering could not be bona fide because it directly competed with the Complainant for overlapping goods and services. The Complainant inferred bad faith based on the Respondent's "constructive notice" of the Complainant's trade mark registration, which was registered on 23 April 2019, over two years before the registration of the disputed Domain Name. The Complainant also argued that the Respondent deliberately attempted to mislead Internet users by attracting them to a confusingly similar website of a directly competing entity for commercial gain.
The Respondent did not submit a formal response, but informed WIPO via email that it was operating a "group family day care in a home space in Brooklyn NY [which is] filed with the state as Seeds of Life Child Care LLC" and that it did not fully understand the issue.
The Panel found that the first limb of the UDRP was established, as the Complainant had shown rights in respect of a trade mark or service mark and it had established unregistered trade mark or service mark rights for the purposes of the UDRP. The Panel found that the disputed Domain Name was confusingly similar to the trade mark notwithstanding the plural version of "seeds" and the addition of the term "childcare".
The Panel found that the second element was not established. Based on the evidence, namely the Respondent's website, social media pages and the online database of the New York Division of Corporations, the Panel noted that the Respondent had been doing business under the name "Seeds of Life Child Care LLC" since early 2021 and had filed an amendment to its corporate charter to formally change its company name to that form in April 2022. As a result, the Panel found that before notice to the Respondent of the dispute, the Respondent had used the disputed Domain Name in connection with a bona fide offering of goods or services and had been commonly known by the disputed Domain Name or a name corresponding to it.
The Panel considered the third limb of the UDRP even though it was not strictly necessary to do so in light of its finding under the second element. In relation to the third limb, the Panel found that there was no evidence that the Complainant's trade mark was well‑known, nor had the Complainant presented additional reasons to assume that the Respondent would likely be aware of the Complainant's trade mark. As for the Complainant's argument that the Respondent had, or could be expected to have had, prior notice of the Complainant's trade mark at the time of registering the disputed Domain Name, in support of which it relied on prior UDRP decisions referencing Section 22 of the United States Trademark Act,[1] the Panel found that constructive notice was “too thin a reed” to support the claim of bad faith. In this regard the Panel underlined that there was no sweeping duty on individual domain name registrants, such as the Respondent, to conduct a comprehensive trade mark search before registering a domain name corresponding to a name under which they were doing business.
In declining to make a finding of bad faith registration and use under the Policy, the Panel also noted that although the disputed Domain Name was registered using a privacy service, the Respondent was not hiding behind it; the Respondent's website advertised its business and provided the full contact information that the Complainant used to send a cease and desist letter to the Respondent. The Panel noted that it was not surprising that the Respondent did not respond to such a letter, in which the Complainant claimed that childcare services offered by the Respondent in Brooklyn, New York, were "overlapping" and "in direct competition" with the Complainant's childcare services in Seattle, Washington, 2851 miles (4588 kilometres) away. The Panel noted that such a distance would be rather a long drive to drop off a child at childcare each day, and that it was not plausible that the Respondent registered the disputed Domain Name to "lure" childcare customers across the country.
Not only did the Panel decline to order transfer of the disputed Domain Name, but it also made a finding of Reverse Domain Name Hijacking (RDNH), meaning that the proceeding was brought in bad faith and constituted an abuse of the administrative proceeding, even in the absence of a formal Response by the Respondent.
In making a finding of RDNH, the Panel noted that the Complainant failed adequately to address the obvious issues under the second and third elements, namely that the disputed Domain Name was already in use by the Respondent for an established business under a corresponding name, and that the geographic market of such small service businesses is highly localised, meaning that the Complainant was clearly overreaching when claiming that the Respondent was its direct competitor and must have been targeting the Complainant's trade mark. The Panel also took into account the fact that the third‑party that the Complainant instructed to investigate whether the Respondent had trade mark rights or a company with a corresponding name failed to look at the company registrations database in New York State, where the Respondent's business was located, as was evident from the Respondent's website.
Comment
The case highlights the need for complainants to base their bad faith arguments on more than constructive notice of a registered trade mark alone when claiming that a respondent would likely have been aware of the complainant's trade mark when it registered a disputed domain name. This case also highlights the dangers of "overreaching" when arguing that services overlap and the need to consider, albeit only broadly, the relevant geographic market before arguing, for example, that the services of a small, localized service provider overlap and are in direct competition with the services of another such provider over 4,500 kilometers away. Under the UDRP, a Panel won’t necessarily focus on whether services overlap, but whether a respondent registered a disputed domain name to target the complainant’s business and profit from the complainant’s reputation and goodwill, and this is unlikely if the parties are geographically very far apart.
The decision is available here.
[1] "Registration of a mark on the principal register […] shall be constructive notice of the registrant's claim of ownership thereof."
In a recent decision under the Uniform Domain Name Dispute Resolution Policy (UDRP) before the World Intellectual Property Organization (WIPO), a Panel denied a Complaint for the disputed domain name rabbitvideochat.com, finding that the Complainant had failed to demonstrate that the Respondent had no rights or legitimate interests in the domain name and that the Respondent had registered and used it in bad faith.
The Complainant, 6805183 Canada, Inc., was a company operating an adult webcam website at the domain name rabbitscams.com. The Complainant held a United States trademark registration for RABBITS CAMS, registered on 27 January 2015.
The Respondent was Ghetto Teknoloji Yazilim Anonim Sirketi, based in Türkiye.
The disputed domain name rabbitvideochat.com was registered by the Respondent on 15 December 2023 and pointed to a website offering a video chat service, marketed as a platform to "engage with girls" using chatroulette technology.
In order to prevail under the UDRP, a complainant must demonstrate, on the balance of probabilities, that the requirements of paragraph 4(a) are met:
i. The disputed domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights;
ii. The respondent has no rights or legitimate interests in the disputed domain name; and
iii. The disputed domain name was registered and is being used in bad faith.
Identity or Confusing Similarity
Under the first element, the Panel found that the disputed domain name rabbitvideochat.com was confusingly similar to the Complainant's RABBITS CAMS trademark, as it incorporated its dominant element, the term "rabbit". The Panel however acknowledged that the term "rabbit" was a commonly used dictionary word.
Rights or Legitimate Interests
Under the second element, the Panel held that the Respondent's use of the disputed domain name for a video chat platform constituted a legitimate commercial venture. Further, the Panel argued that while the Respondent's website offered video chat services, it did not directly compete with the Complainant's adult content platform, as it lacked any pornographic or overtly sexual content.
Importantly, the Panel found that the Complainant had failed to provide evidence suggesting that the Respondent's website intended to target the Complainant and its business. Despite the existence of the registered trademark RABBITS CAMS, the Panel found that the term "rabbit" lacked inherent distinctiveness and underlined that there was no evidence indicating that the public associated this term exclusively with the Complainant's services. Moreover, the Panel conducted research on the WIPO trademark database and pointed out that numerous other trademarks also included the term "rabbit."
While both parties offered video chat services, Panel found that the nature of their services differed significantly; the Complainant's website focused on adult content, whereas the Respondent's platform allowed general users to meet and chat. Given the lack of evidence demonstrating that the Complainant's trademark was well-known or publicly recognised, the Panel concluded that the Complainant had not successfully demonstrated that the Respondent was targeting its trademark.
Bad Faith
Under the third element, the Complainant argued that the disputed domain name was a misspelled version of its trademark, omitting the plural "s" in RABBITS and adding the descriptive term "video chat". Additionally, the Complainant pointed out the fact that the Respondent allegedly ignored its cease and desist letter as evidence of bad faith. However, the Respondent countered by stating that it had never received the cease and desist letter (if so it would have replied denying the allegations), and asserted that the name "Rabbit" had been chosen randomly, given that the Respondent had never heard of the Complainant.
The Panel found that there was no evidence supporting the claim that the Respondent knew of the Complainant's trademark at the time that it registered the disputed domain name, and that the Complainant had failed to provide evidence of the notoriety of its trademark. The Panel underlined that the terms "rabbit" and "video" in the disputed domain name were unlikely to invoke the Complainant’s trademark RABBITS CAMS.
As a consequence, the Panel concluded that the Complainant had failed to establish that the disputed domain name was registered and used in bad faith, thus failing to establish the third element of the UDRP. The complaint was therefore denied.
Comment
This decision underscores the challenge of claiming rights over common or descriptive terms like "rabbit" in domain name disputes. In cases where a complainant's trademark contains commonly used words, it is essential to provide compelling evidence of a respondent's bad faith targeting. Additionally, legitimate commercial use of a domain name, even if in a similar field of business, may be sufficient to establish a respondent's rights or legitimate interests. UDRP Panels will not examine, or even comment upon, possible trade mark infringement or other causes of action, as they are more suited to a different forum such as a court of competent jurisdiction. Panels will only order a transfer based solely on the terms of the UDRP.
The decision is available here.
The World Intellectual Property Organization (WIPO) has launched a new dispute resolution policy for domain names registered under the Latvian country code Top-Level Domain (ccTLD).
The ".LV" ccTLD was first introduced in 1993, two years after Latvia's independence from the Soviet Union, and has since become a leading namespace for Latvian websites. NIC.LV, the Network Information Center of Latvia, oversees the administration and registration of ".LV" domains.
Historically, any disputes regarding ".LV" domain names were handled through Latvia's civil court system. If a party believed that a domain name infringed on their rights, often related to trademarks or business names, the only available recourse was to file a lawsuit. This approach mirrored the early days of domain name disputes worldwide, where courts were the primary avenue for resolving conflicts.
Domain name dispute resolution via court proceedings is often lengthy, costly, and complex. Decisions may take many months or years to be handed down, and courts often lack specific expertise in dealing with domain name issues. Latvia, like many other countries, recognized that relying solely on civil litigation was inadequate to keep up with the volume and complexity of domain name disputes.
In response, Latvia introduced a formalized alternative dispute resolution policy – the .LV Domain Name Dispute Resolution Policy (.LV Dispute Policy) – following the example set by the Uniform Domain Name Dispute Resolution Policy (UDRP). The UDRP is used globally for resolving disputes over generic Top-Level Domains (gTLDs) and has been widely adopted by many ccTLD registries.
The .LV Dispute Policy offers a streamlined, arbitration-like administrative procedure for resolving domain name disputes. Compared to proceedings in national civil courts, it aims to provide much more cost-effective and time-efficient results, with disputes typically taking less than three months to reach a resolution.
In under to prevail in a dispute under the .LV Dispute Policy, a Complainant must demonstrate that:
(i) the domain name is identical or confusingly similar to:
I. a trademark or service mark protected in Latvia in which the complainant has rights, or
II. a geographical indication protected in Latvia or by European Union law, or
III. a merchant’s name (firm name) as registered in the Commercial Register of Latvia; and
(ii) the domain name holder has no rights or legitimate interests in respect of the domain name; and
(iii) the domain name has been registered or is being used in bad faith.
Expanded protections in the .LV Dispute Policy include geographical indications and merchant's names, in contrast to the UDRP’s focus on trademarks only. The .LV Dispute Policy is more EU‑focused, referencing rights protected in Latvia or under European law. The bad faith requirement is similar, but only requires a Complainant to establish registration or use in bad faith, compared to the conjunctive bad faith requirement under the UDRP. Examples of bona fide use of a domain name, as well as examples of bad faith registration or use of a domain name closely follow the examples as provided under the UDRP.
On a procedural level, .LV Dispute Policy panels are selected from WIPO's list of Latvian panelists. Parties may agree on English being the language of proceedings, or a Complainant may file a Complaint in English only if both Parties are located outside Latvia, otherwise the default language of proceedings is Latvian.
The introduction of the .LV Dispute Policy aims to improve the stability and reliability of the ".LV" ccTLD by providing a clear and efficient way to resolve disputes. It aims to reduce abusive behaviour by allowing businesses and individuals to protect their rights without resort to lengthy and costly legal processes, and aligns Latvia’s approach to addressing cybersquatting with international standards. The development of the .LV Dispute Policy ensures a fair, accessible, and efficient dispute resolution process, benefiting all stakeholders.
For more information or to register .LV domain names, please contact David Taylor or Jane Seager.
Authored by the Anchovy News team.
Anchovy News editorial team:
Anchovy® - Global Domain Name and Internet Governance
Hogan Lovells offers a unique, comprehensive and centralised Paris-based online brand protection service called Anchovy® for global domain name strategy, portfolio management and global enforcement. We are the only law firm to be an ICANN-accredited registrar and we are accredited with a number of country-specific Registries worldwide.
We also specialise in all aspects of ICANN’s new generic Top Level Domain (gTLD) process and we are an agent for the Trademark Clearinghouse. As the global Domain Name System undergoes an unprecedented expansion, brand owners must revise their online protection strategies and we are ideally placed to guide them.
We are also frequently brought in to advise on cybersecurity, data protection and on a whole range of technology-related issues.
For more information on our services, please contact David Taylor or Jane Seager.