ICANN CEO Paul Twomey said the update was sparked by the "Registerfly situation," an RAA breach made by domain registrar Registerfly earlier this year, after it failed to provide pertinent customer data to ICANN, who requested access to the records after it received a slew of customer complaints.
More than 75,000 domain names had expired and customers were unable to get access to renew them.
Twomey said he is pleased to have moved the RAA update into the active consultation phase.
"The need for this review is clear," Twomey said. "The current RAA is more than six years old. We've seen the number of accredited registrars grow to more than 900. And we've seen the incredible difficulties that can be unleashed with the collapse of a registrar."
Proposed RAA changes include including additional contract enforcement tools, replacing its current single option of terminating accreditation; requiring registrars to hand over contact information for customers with registration under Whois privacy and proxy services; and requiring operators to undergo training and testing before being accredited by ICANN.
ICANN also is considering instating a graduated enforcement tool, creating a series of sanctions based on the gravity of alleged RAA breaches that would eventually lead to the most extreme measure of pulling a registrar's accreditation. Pulling accreditation currently is ICANN's only sanction.
"A graduated sanctions scheme based on the nature and seriousness of alleged breaches will give ICANN more tools to effectively enforce the agreements," ICANN wrote in a statement.
The organization also is considering changes that would allow it direct access to customer data rather than relying on registrars to provide it when requested, though possible privacy concerns likely would be an issue.
"We are going to keep this discussion going, get input from the wider community, and then we will make the changes needed to protect registrants and domain names," Twomey said.
