Somewhere in Los Angeles, in an office building that looks nothing like the seat of internet power, a nonprofit organization makes decisions that affect every domain name on the planet. That organization is ICANN — the Internet Corporation for Assigned Names and Numbers — and understanding it is essential to understanding how the domain industry works.
What ICANN Is (and Isn’t)
ICANN coordinates the internet’s naming and numbering systems. Specifically, it oversees:
- The Domain Name System (DNS) — policies for gTLDs and the root zone
- IP address allocation — coordinating with Regional Internet Registries (RIRs)
- Protocol parameter assignment — maintaining registries of protocol identifiers
- Root server system management — overseeing (but not operating) the root
What ICANN is not: a regulator, a government agency, or the “ruler of the internet.” ICANN doesn’t control content, can’t take down websites, doesn’t set prices for most domains, and has no authority over how people use their domain names. Its power is narrow but deep — it controls the namespace itself.
ICANN was incorporated on September 30, 1998, as a California nonprofit public benefit corporation. Its creation was the result of a deliberate US government decision to privatize internet governance, moving control away from the Department of Commerce and Jon Postel’s IANA function at USC. We covered the political drama of that transition in Part 1 — here we’ll focus on how the resulting organization actually works.
Board Structure and Elections
ICANN is governed by a Board of Directors consisting of up to 20 members:
- 16 voting members: Selected through various community mechanisms
- The President/CEO: An ex officio voting member
- 3 liaison (non-voting) members: From the GAC, RSSAC, and TLG
Board members serve staggered terms, typically three years. The selection process is deliberately complex — designed to prevent any single constituency from dominating. The Nominating Committee (NomCom) selects some directors. Supporting Organizations select others. The At-Large community selects one.
This structure reflects ICANN’s foundational philosophy: multistakeholder governance. Rather than governments or a single body making all decisions, ICANN attempts to give voice to every affected constituency — governments, businesses, civil society, technical experts, and end users. Whether it succeeds is a matter of fierce debate.
Supporting Organizations: Where Policy Gets Made
Three Supporting Organizations (SOs) are responsible for developing policy recommendations in their respective areas:
GNSO — Generic Names Supporting Organization
The GNSO is where gTLD policy happens. If you care about .com, .net, .org, or any of the new gTLDs, the GNSO is where the rules get written. It’s composed of two houses:
- Contracted Parties House: Registries and registrars — the companies that operate TLDs and sell domain names
- Non-Contracted Parties House: Commercial and non-commercial stakeholders — businesses, intellectual property interests, ISPs, civil liberties groups
The tension between these houses is the engine of ICANN policy. Registries want flexibility to run their TLDs. Registrars want competitive access. Trademark holders want protections. Civil liberties groups want free expression. The GNSO is where they fight it out.
ccNSO — Country Code Names Supporting Organization
The ccNSO deals with country code TLD policy. But there’s a critical nuance: ccTLD operators are largely independent. Many existed before ICANN and don’t consider themselves bound by ICANN policies. The ccNSO develops policies that ccTLD managers can choose to adopt. It’s more of a coordination body than a regulatory one.
ASO — Address Supporting Organization
The ASO handles policy related to IP address allocation. In practice, this work is done by the five Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC, AfriNIC), and the ASO provides the interface between them and ICANN.
Advisory Committees: Expertise Without Authority
Four Advisory Committees provide expert guidance to the Board but don’t make policy directly:
GAC — Governmental Advisory Committee: Representatives from national governments provide advice on public policy issues. The GAC can’t make binding decisions, but its advice carries significant weight — the Board must explain itself if it acts contrary to GAC consensus advice. The GAC has been particularly influential in new gTLD policy, blocking applications it considered contrary to public interest.
ALAC — At-Large Advisory Committee: Represents individual internet users — the billions of people who use domain names daily. ALAC is organized through Regional At-Large Organizations (RALOs) on five continents. It’s ICANN’s attempt to give end users a voice, though critics argue that few actual end users participate.
SSAC — Security and Stability Advisory Committee: Provides technical security advice. SSAC has produced influential reports on DNS abuse, DNSSEC deployment, and namespace collisions. Its members include some of the most respected DNS engineers in the world.
RSSAC — Root Server System Advisory Committee: Advises on the operation and security of the DNS root server system. RSSAC members are the organizations that actually operate root servers.
The Policy Development Process
ICANN’s policy development process (PDP) is thorough, transparent, and agonizingly slow. A typical PDP looks like this:
- Issue identification: A problem or policy need is identified
- Issue report: Staff prepares a report analyzing the issue
- Working group formation: Volunteers from across the community join a working group
- Deliberation: The working group meets (often weekly, for years) to develop recommendations
- Public comment: Draft recommendations are published for community feedback
- Final report: The working group produces a final report with recommendations
- Council/Board approval: The relevant SO council and then the ICANN Board vote
- Implementation: Staff implements the approved policy
The entire process often takes 3–5 years. The EPDP (Expedited Policy Development Process) on gTLD Registration Data — ICANN’s response to GDPR — started in 2018 and key aspects remained under development through 2024. Critics argue this pace is incompatible with the speed of internet evolution. Defenders counter that rushing policy for a global resource is worse than taking time.
The IANA Transition: The Day the US Let Go
For most of ICANN’s existence, it operated the IANA functions under a contract with the US Department of Commerce’s National Telecommunications and Information Administration (NTIA). This meant the US government had ultimate oversight of the root zone — the technical heart of the DNS.
On October 1, 2016, that contract expired and was not renewed. The IANA stewardship transition transferred oversight to the global multistakeholder community. It was one of the most consequential moments in internet governance history.
The transition didn’t happen overnight. It took years of planning, intense debate, and a community-developed proposal that created new accountability mechanisms:
- Post-Transition IANA (PTI): The IANA functions were moved to a subsidiary of ICANN
- Empowered Community: A new mechanism allowing the community to hold the ICANN Board accountable — including the power to reject budgets, remove Board members, and even trigger a separation of the IANA functions from ICANN
- Independent Review Process: Enhanced mechanisms for challenging ICANN decisions
The transition was controversial in the US Congress, where some legislators argued it was “giving away the internet” to authoritarian regimes. Supporters — including the technical community overwhelmingly — argued that US government control was an anachronism that undermined internet legitimacy globally. In the end, the transition proceeded.
Criticisms and Controversies
ICANN has never lacked for critics:
Capture by contracted parties: Critics argue that registries and registrars — the companies that profit from domain registrations — have disproportionate influence. When ICANN approved price increases for .com renewals in 2020, many saw it as evidence that Verisign’s lobbying had prevailed over public interest.
Accountability gaps: Despite the post-transition accountability mechanisms, ICANN’s Independent Review Process has been criticized as expensive, slow, and structurally biased toward ICANN’s positions.
Geographic and cultural dominance: ICANN meetings rotate globally, but the organization is headquartered in the US, incorporated under US law, and English dominates its proceedings. Participation requires significant time and often travel — barriers that exclude many stakeholders from developing nations.
DNS abuse: ICANN has been criticized for not doing enough to address DNS abuse — phishing, malware distribution, and spam — particularly in new gTLDs with low registration costs and minimal vetting.
The .org controversy: In 2019, ICANN approved the sale of the Public Interest Registry (which operates .org) to a private equity firm, Ethos Capital. The deal would have placed 10 million nonprofit domain names under for-profit control. After massive community backlash, ICANN’s Board ultimately rejected the sale — but the episode raised fundamental questions about ICANN’s role in protecting the public interest.
Why This Matters
You might never attend an ICANN meeting. You might never file a public comment or join a working group. But ICANN’s decisions directly affect you:
- The price of your domain registration
- Whether your preferred name is available in a new TLD
- Whether your WHOIS data is public or private
- The dispute resolution options available if someone cybersquats your brand
- The rules governing who can operate a TLD and how
Understanding ICANN is understanding who holds the keys to the namespace. Love it or hate it, there’s nothing else quite like it in global governance — a private nonprofit, accountable to a global community, managing a critical resource that every internet user depends on.
Next, we’ll look at ICANN’s most ambitious (and controversial) project: opening the door to hundreds of new generic top-level domains.