The Data Escrow Agent of the Domain Industry: ICANN Builds on Quality Made in Germany and on DENIC

The Data Escrow Agent of the Domain Industry: ICANN Builds on Quality Made in Germany and on DENIC

A few questions to Stefan Pattberg, Managing Director of DENIC Services GmbH & Co. KG, on the appointment as sole designated Data Escrow Agent worldwide

In mid-July, ICANN (Internet Corporation for Assigned Names and Numbers) appointed DENIC Services GmbH & Co. KG as the only Designated Escrow Agent for Registrar Data Escrow worldwide. We take this as an opportunity to talk with Stefan Pattberg, Managing Director of our subsidiary, about the exclusive position as Designated Data Escrow Agent (DEA) in the domain industry. Approximately 2,500 registrars with a volume of about 219 million domains are expected to use the KG's offer from November 2024.

1. Can you briefly summarise what is meant by data escrow in the domain industry and what makes this service so significant?

It is important for the stability of the global Internet that assigned domain names are always available, regardless of the financial, operational or legal situation of the registrar or registry managing a domain at any given time.

With our Escrow Service, we ensure that the registration data of a domain, which map the customer relationship and ownership structure, are secure and available even if the registrar or registry responsible for managing a domain is not available. In such a case, it is our task as Data Escrow Agent to forward the registration data to another service provider who takes over the role of the party that dropped out.

Our service thus ensures that in the event of a registrar failure, business can continue with the securely deposited data and domain holders do not lose their domains.As long as there is no need to release deposited data, it is our responsibility to secure the registration data in compliance with all relevant policies and regulations in a manner that rules out any risk for the depositor of the data to be leaked to a competitor or any other person not authorised to access them.

2. Who benefits from your service as a Data Escrow Agent?

On the one hand, domain holders, for whom data escrow is a very significant security feature that ensures that their domain is always available and that their property is always safe. On the other hand, certainly registrars and registries, and not only those that are subject to the data protection requirements of the European Union, but also registrars that have to comply with other laws and data protection regulations. For this group, we have established a second data escrow infrastructure in North Virginia, USA. This means that registrars and registries now can choose where to store their data. Both infrastructures provide the same security and operate under the same ICANN Service Level Agreements.

3. You mentioned policies and regulations that an escrow agent has to take into account. Can you explain that to us?

There are policy requirements and even legal provisions such as the General Data Protection Regulation (GDPR) that need to be considered when handling escrow data. The GDPR, which was introduced in 2018 to strengthen data protection in favour of domain holders, raised questions on issues such as the location of data storage or the transfer of deposited data to and from the European Union. In 2017, ICANN decided to look for another Designated Data Escrow Agent for Registrars, one who provided a GDPR-compliant solution. This is how we came into play in 2018.  Until then, there was only one Designated Data Escrow Agent, who was located in the US and operated according to US laws and regulations, even for European registrars..

4. Could you go into a little more detail about how and according to what principles DENIC Services provides its Escrow Service?

As a German company, we have been committed to the principle of privacy-by-design from the very beginning, i.e. to taking into consideration and implementing data protection rights from the conception and development stage. The two data centers we use for the GDPR-compliant 24/7/365 service are located within the European Union, one in Frankfurt and one in Amsterdam. Right from the start, it has been essential for us at DENIC Services to demonstrate trustworthiness to our customers, especially in the areas of IT security, business continuity and data protection. We are certified according to ISO27001 and ISO22301. The data centers are operated by DENIC eG, which has been running critical infrastructures securely and reliably for over 25 years.

We did not only re-design data escrow from scratch, but we have also kept innovating. From the very day, we wanted to be the market leader in technology, service quality and customer satisfaction, and we have achieved this goal.

5. After only five years in the Escrow business, DENIC Services has gained the position of sole DEA with ICAAN accreditation. What do you think was the decisive factor that drove the decision?

The decision was made in an international tender process, and we are proud that DENIC Services has been assigned this exclusive position. The excellent reputation we enjoy in the market today, our track record of annual innovations and the fact that we give registrars a choice where to store their data obviously convinced ICANN, so that we are now the only Designated Escrow Agent for all ICANN-accredited registries worldwide.

6. What are the consequences for the registrars of this role you have been assigned by ICANN?

The decision was preceded by a very demanding selection process in which the technical, financial and operational capabilities of potential agents were reviewed.

For registrars using our Escrow Service, the service is free of charge as we are paid for it directly by ICANN.

Of course, a registrar can also work with a non-designated escrow agent. In that case, the non-designated escrow agent has to bear the registrar's costs and has to carry out all the checks regarding the stability and quality of the service that ICANN carried out during the selection process.

7. Being sole DEA is a big responsibility. How do you deal with it?

We have to prove over the next five years that one single DEA instead of the previously two yields a better service and better results for the community. Our ongoing innovations and consistent focus on the domain industry have enabled us to make registry management particularly efficient. We accept the challenge, but with a certain humility, because we are well aware of the central role that comes along with it regarding the stability and future security of the Internet. We know how big this task is and that, despite all our preparations, we will experience things that are unplanned and unforeseen. But I am sure that we in our team have the right attitude, motivation, the necessary expertise and also the joy of serving our customers to accomplish this task.

8. Can you briefly describe your process of secure escrow depositing?

Registrars and registries that use our Data Escrow deliver the registration data daily or weekly as so-called deposits. A deposit is a compilation of all relevant registration data in a special form, highly encrypted and even electronically signed by the sender. The Escrow Agent validates the deposit. This means that the agent checks whether the deposit received comes from the correct sender, whether its integrity is intact and whether the data format complies with international standards. The result of the validation is then communicated to all parties involved, the depositors and the beneficiaries. This creates transparency and transparency creates trust.

9. From November 2024, ICANN entrusts you with a potential domain volume of 219 million. So, are you well prepared for this impressive amount?

We are planning a transition period of about 12 months, which will be closely accompanied and monitored by ICANN. During this time, more than 2,500 registrars will switch to our company. The number of our customers and the number of domain names we manage will multiply. The good news: we are well prepared for this increase.

As soon as a customer has notified ICANN of their wish to migrate and ICANN has approved it after review, we send the customer the access data to our Data Escrow Control Center. This portal does not only provide all kinds of information on day-to-day operations on a 24/7/365 basis, but it also includes a new onboarding function that gives the registrar control over the onboarding process and offers a semi-automated process until the first deposit is successfully transferred to us. For registrar groups or families, we offer a special server-to-server communication via Restful API, so that the technical service provider has an overview of what is happening at all times and can monitor all steps from their systems. These two innovations alone have diminished the time needed for onboarding from weeks to days by systematically reducing the number of potential error sources.

10. Beyond these technical features, how do you support registrars on their way to DENIC Services KG?

Registrars who are looking for information about our service can visit our website Here, they will find answers to frequently asked questions, a lot of information for downloading, and they can register for the webinars we offer especially for the onboarding.

For ICANN it is essential that all new registrars receive the same high level of service that our existing customers already appreciate. We will be doubling our Data Escrow Customer Service team to meet this requirement, which is a huge investment on top of all the IT developments we have made previously. From October, we will have a second team trained and specialised in connecting new registrars, in addition to our customer service team for all registrars already connected.

11. You mentioned various innovations. Do you already have plans for the future?

In the coming months, our main focus will be on assisting interested registrars to ensure a smooth onboarding. Thanks to our fully automated solution, we will be able to integrate all 2,500 registrars who were not our customers before within the next 15 months.

But we also have a lot of ideas how to further improve the data escrow process and get more value out of it. In direct communication with all ICANN-accredited registrars, we can review these ideas and make them available to the community where appropriate. The domain industry is a centerpiece of the digital world, and we are highly motivated to continue shaping the future of the secure Internet.

Thank you very much for the interview, Mr Pattberg.