The Regulation of Abusive Activity and Content: A Study of Registries’ Terms of Service

This paper studies the role of domain registries in relation to unlawful or unwanted use of a domain name or the underlying website content. It is an empirical and conceptual contribution to the online content regulation debate, with specific focus on European country code top-level (ccTLD) domain name registries. An analysis of the terms of service of 30 European ccTLD registries shows that one third of the registries contain some use-related provision, which corresponds to approximately 47% of registered domains. The analysis also turns towards examples of notice-and-takedown mechanisms, the emergence of proactive screening and the practice of data validation. Based on the analysis, it calls for more clarity and transparency regarding domain registries’ role in content- or use-related takedowns.

The two systems vary considerably in their institutional and governance setup (Bygrave, 2015, p. 77ff.), while "in fact there is no technical, functional or economic difference (…)" (Mueller & Badiei, 2017, p. 445). Compared to gTLDs, public interest considerations are especially dominant in the ccTLD sphere as Geist (2004, p. 9) notes. ccTLDs have as institutions existed since 1985 (Aguerre, 2010, p. 7) and become "in-country political and economic institutions" (Aguerre, 2010, p. 11;Park, 2008). Whereas the non-profit Internet Corporation for Assigned Names and Numbers (ICANN) "has the authority to make certain policy decision regarding the domain namespace" of gTLDs, which are managed internationally and also subject to the laws of their country of incorporation, ccTLDs are "mainly subject to the national sovereignty of the respective country" (Mahler, 2019, p. 3). The governance of ccTLDs has been described as a system of "non-state, private actors operating within a broader public-private network" (Christou & Simpson, 2007, p. 17) where yet " [g]overnments are deeply involved in domain name administration at the national level" (Geist, 2004, p. 2). Kleinwächter (2003Kleinwächter ( , pp. 1105Kleinwächter ( -1106 explains the "bottom-up development by private stakeholders without any interference from governmental legislation" in the early days with the rapid growth of the internet and notes "[f]ew governments considered the DNS worthy of attention". More recently, DNS providers have appeared on the lawmakers' radar and have been, for example, addressed in the NIS Directive of 2016.3 In the online environment, contractual relations, regularly defined by terms of services (ToS), constitute a primary regulatory factor (Belli & Venturini, 2016;Kuerbis, Mehta, & Mueller, 2017), despite often being disregarded by users (in the context of social networking services, see Obar & Oeldorf-Hirsch, 2018). Given their powers, private intermediaries, in some instances, are seen by some as acting akin to governments or as de facto regulators (Riordan, 2016, p. 343). For the management of country-code top-level domain names (ccTLDs) there exists a "statutory footing" in primary or secondary legislation in some instances (Bygrave, 2015, p. 78).
Often, domain registries, however, have a broad freedom to define the ToS for the granting and use of domain names under their respective top-level domain (TLD). Against the payment of a fee, and on a first come, first served basis, a registrant regularly obtains a right to use the Electronic copy available at: https://ssrn.com/abstract=3530798 The regulation of abusive activity and content: a study of registries' terms of service Internet Policy Review | http://policyreview.info domain name (interestingly, in the French <.fr> zone, a registrant "owns the domain name").
Some registries restrict registration of ccTLD domain names to residents from certain countries (e.g., <.no> and <.it>). The contractual relation between registry and registrant also provides one potential basis for out-of-court takedowns. Thus, in order to understand the regulatory landscape for content-or use-related domain name takedowns it is necessary to focus on the registries' regulation via their ToS.
The notion of "takedown" in relation to a domain name is not unproblematic: technically, administratively and partly legally, a more thorough distinction between blocking, suspension (the technical decoupling from a name server), deletion (registrant is deleted in the WHOISdatabase), deactivation, transfer, seizure, etc. of a domain name is necessary. There exists no uniform notion among registries, lawmakers and practitioners. The goal of a domain namerelated measure for content reasons is typically that the domain name can no longer be used to access a website (DeNardis, 2012, p. 728;Schwemer, 2018, p. 277), even though the content remains accessible via the IP address: this can be achieved by suspending or deleting a domain name, whereas blocking goes beyond that (presuming that there exists a societal interest in domain names being used). For the sake of this article, in any case, all these measures will be understood as takedown.
Despite the fact that it is sometimes seen as a controversial term, "abuse" is becoming an ever more frequently used term in the domain name world, which according to Mahler (2019, p. 252) is to be understood in a broader way than just covering illegal activity. Again, there exists no uniform definition. While, strictly speaking, the ccTLD world is somewhat detached from ICANN policy, ICANN's attempt to define the issue provides a valuable perspective on abuse. Mahler (2019, p. 249) notes that in ICANN's regulatory framework, too, there exists no clear definition of abuse and it can span from undesired activities like sending out spam, which is not necessarily a criminal offence, to copyright infringements, and ultimately the commission of cybercrime.4 In 2010, ICANN developed a consensual definition of abuse, according to which: "Abuse is an action that: a) causes actual and substantial harm, or is a material predicate of harm, and b) is illegal or illegitimate, or is otherwise contrary to the intention and design of a stated legitimate purpose, if such purpose is disclosed." (cited in Mahler, 2019, p. 251). More recently, in 2018, ICANN's Competition, Consumer Trust and Consumer Choice (CCT) Review team referred to "DNS Abuse" as "intentionally deceptive, conniving, or unsolicited activities that actively make use of the DNS and/or the procedures used to register domain names", whereas the term "DNS Security Abuse" refers to "more technical forms of malicious activity, such as malware, phishing, and botnets, as well as spam when used as a delivery method for these forms of abuse" (GAC, 2019, p. 2).
From a legal perspective, the abuse-notion as well as its suggested definitions are problematic, given the blurry lines between abuse and legitimate behaviour (Mahler, 2019, p. 251) vis-à-vis the much clearer distinction between lawful and unlawful behaviour or content. The European Commission, for example, defines illegal content as "any information which is not compliant with Union law or the law of a Member State concerned".5 If abuse goes beyond that, however, it is unclear based on what standards or evaluations such a definition is based on and what this entails for procedural transparency, legal certainty and the rule of law.6 For the sake of clarity, I propose to differentiate in the context of domain names and the DNS between abuse on the DNS (i.e., content abuse such as content on a website accessible via a domain name), on the one hand, and abuse of the DNS (i.e., technical abuse such as turning a domain name into a bot) on the other hand. This distinction is first and foremost necessary Electronic copy available at: https://ssrn.com/abstract=3530798 given the "proximity" of abuse to the registry's functions. Whereas technical abuse has a more direct connection to the technical administrative role of registries and the DNS, content is much farther from a registry and the DNS given that the content is hosted elsewhere and merely being made more easily accessible by translating numerical IP addresses to human-readable alphanumerical domain names (see also Internet & Jurisdiction, 2019b, p. 6, pp. 20-21).
Furthermore, the distinction also matters when looking at the efficiency of such enforcement tool: whereas technical abuse can in certain instances be brought to an end, domain namerelated measures for content related reasons are a much more blunt and at the same time ineffective tool: the domain name as well as associated services such as email are made inaccessible on a global scale, whereas the content stays online where it is hosted and is just more difficult to access.

WHAT IS THE USE OF A DOMAIN NAME?
Related to the notion of "abuse" is the notion of "use". Before I take a closer look at the specific provisions in the ToS, it is noteworthy that quite a few ToS include a use-related provision in one way or another, while "abuse" is not a common notion in the analysed ToS. The question is, however, what the use of a domain name relates to. Here, we can differentiate between two layers: Firstly, as noted in the introduction, the use of a domain name could simply refer to the use of a domain name as such. In a narrow understanding this might not even include the technical use. Secondly, the use of domain name could also refer to the use of a domain name for a certain purpose, be it on the technical (use of the DNS) or on the content level (use on the DNS): for the layman this regularly has the purpose to make a certain website accessible via a domain name or enable email capabilities. This differentiation is crucial because the former relates only to the DNS, whereas the latter also relates to the underlying website content which is accessible, or activity via a domain name (Vissers et al., 2017;Schwemer, 2018).
The ToS of the UK registry administering <.uk>, Nominet, for example, stipulate "that you will not use the domain name for any unlawful purpose" (section 6.1.5). This compares to the ToS of German registry <.de>, DENIC, which calls for termination if "the registration of the domain for the Domain Holder manifestly infringes the rights of others or is otherwise illegal, regardless of the specific use made of it" ( § 7(2) d)). The German terms, thus, need to be understood in a way that relates to the domain name as such and not its use. At first glance this somewhat contradictory provision is introduced in the section on the duties of the registrants, where it is stipulated that a registrant gives an explicit assurance "that the registration and intended use of the domain does not infringe on anybody else's rights nor break any general law" ( § 3(1); emphasis added). In both ToS, regarding <.uk> and <.de>, there exists no further definition of "purpose" or "intended use".
The Norwegian registry, NORID, administering <.no>, does not directly refer to the use of a domain name in its terms, but requires a confirmation by the registrant declaring that "[the] use of the domain name (…) does not conflict with Norwegian law (…)" (declaration form appendix G 3.0, dated 22 May 2018). In these instances, however, it seems that the context -rather than keeping open a backdoor for a (non-judicial) takedown of a domain name for breach of termsis meant to keep the registry free of liability.
Also the ToS of the <.eu> ccTLD registry, EURid, contain an ambiguous clause in the section on obligations of the registrant that could be interpreted in a way that the "use" can be understood broadly: the registrant has the obligation "not to use the Domain Name (i) in bad faith or (ii) for any unlawful purpose" (section 3 (3)). The terms further stipulate that the registry may revoke the registration inter alia if there is a "breach of the Rules by the Registrant" (section 8 (5) (iii)).
In direct email follow-up with EURid, the registry however declared that it never takes action based on content associated with a domain name.7 The ToS of the Hungarian ccTLD, <.hu>, similarly stipulate that the applicant is "to act with utmost care in selecting the domain so as the domain name (…) and the use of it shall not violate the rights of other persons or entities (…)" (section 2.2). It sets forth that a domain may be suspended if "the domain and/or the use of the domain name causes trouble in the operation of the Internet, or seriously threatens the security of the users" (section 5.2 b). In these instances, it appears from the wording that the provisions indeed enable the registry to intervene based on content or use of the domain name.
The <.be> registry's ToS also contain a "violation of law clause", where it specifies a condition that "the domain name is not used in violation of any applicable laws or regulations, such as a name that helps to discriminate on the basis of race, language, sex, religion or political view" (section 8 (a) (4); emphasis added). Looking at the list of examples, it appears that the use of a domain name is related to the name as such. At the same time, "such as" implies that the list is non-exhaustive. Thus, arguably, the use of the domain name in relation to content could be encompassed by the clause. This is supported by another broader clause in the <.be> terms that stipulates that the domain name is "not registered for any unlawful purpose" (section 8 (a) (3)).
Another peculiar provision can be found in the Croatian ordinance governing <.hr>, stipulating that "[t]he user of the domain shall use it only for the purpose for which it was registered and in a manner usual within the world Internet communities" (Article 24 (3); emphasis added). In the ordinance, there exists, however, little guidance as to what this would entail.
In conclusion, in some instances it is only in the context of the specific terms, where an adequate interpretation can be found. Not only can it be difficult to understand whether the respective, often ambiguous, clauses only refer to the name as such or encompass also technical abuse or content abuse. The ambiguity of terms in the ToS is also furthered by their difficult readability (see also Bygrave, 2015, p. 5). In order to assess the readability of terms, the Flesch-Kincaid Grade Level score, based on sentence length and word length, is a common measure applied in research related to terms (Graber, D'Alessandro, & Johnson-West, 2002;Culnan & Carlin, 2006;Fiesler, Lampe, & Bruckman, 2016). The Grade Level Score for the analysed terms averages 13,8 (lowest: 10,8 (<.nl>); highest: 16,3 (<.ee>)) with a word count average at 6.200 words (lowest: 1.935 (<.ro>); highest: 22.839 (<.gr>), second highest 11.682 words (<.sk>)), making them difficult to very difficult texts to read. It seems problematic that terms are not clearer, though they are notably not as complex as many privacy and copyright policies, which average in the 14-15 range (and this article with a score in the 13 range).

WHAT DO THE TERMS SAY?
Several ccTLD registries, in their ToS, specify takedown mechanisms for use-related reasons.
The terms regularly stipulate procedures in those instances and vary in scope. Based on the comparison of terms of the 30 examined ccTLD registries, they can roughly be grouped into three categories: (1) broadly addressing use or content, (2) containing specific use-or contentrelated provisions, and (3)  Electronic copy available at: https://ssrn.com/abstract=3530798 The regulation of abusive activity and content: a study of registries' terms of service Internet Policy Review | http://policyreview.info acts (Table 1). Unlawful or illegal use <nl.>; <.uk> ("any unlawful purpose"); <.be> ("not registered for an unlawful purpose"); <.ie>; ("used for any unlawful purpose"); <.eu> ("any unlawful purposes") Used in bad faith <.ie>; <.eu> Clear violation of law <.se>; <.dk> ("manifestly illegal acts") Secondly, several terms of ccTLD registries refer to specific cases of unlawful or unwanted use of a domain name, ranging from decency and offensive content to the distribution of viruses and malware, phishing and denial of service and botnet attacks ( Table 2). One third (11 out of 30) of the examined terms include a clause that somehow relates to use or content available under the domain name. Seven terms (7 out of 30) include at least one broad clause related to the illegal use of the domain name ("any unlawful purpose", "public order", "clear violation of law", usage in "bad faith", etc.), of which less than half (3 out of 7) also contain a specific use provision. The Swedish <.se>, the Irish <.ie>, the Belgian <.be> and the European <.eu> terms contain only a broad provision without a specific use provision, and only the Swiss <.ch> and the Hungarian <.hu> terms contain a specific use provision, but no general clause.
It is unclear whether the broad clauses (Table 1) are restricted to technical abuse or also Electronic copy available at: https://ssrn.com/abstract=3530798 The regulation of abusive activity and content: a study of registries' terms of service  1 and 3). This can be explained by the presence of larger and medium sized ccTLD spaces, notably <.uk>, <.nl>, and <.eu>.
It is outside the scope of this article to explore the reasons to include content-or use-related provisions in ToS. These might be influenced by legislation or jurisprudence (e.g., in relation to secondary liability), policymaking or independent commercial considerations by the respective registry or a result of co-regulation (Frydman, Hennebel, & Lewkowicz, 2012). In many instances, though, registries have a broad freedom to define the rules in their ToS. In Denmark, for example, the legislator has chosen a framework legislation, which gives the national registry a broad authority to define, when domain names should be suspended. In 2019, for example, the Danish registry conducted a hearing asking its stakeholders inter alia whether it should "be proactive and suspend domain names for websites that is known for phishing or malware spread" and "be able to suspend any domain name used in connection with the obvious risk of certain serious types of crime".9 Some situations are also special, in that use-related provisions directly stem from administrative decrees or secondary legislation, as in the case of the <.fi> registry, which is a government agency, in the case of the Swiss registry, Switch, administering <.ch> and <.li>, the Greek registry <.gr>, and in the case of the Spanish registry, red.es, administering <.es>. In addition to the variety of setups and legal frameworks, the absence of a clear liability exemption framework within the E-Commerce Directive10 (Truyens & van Eecke, 2016;Schwemer, 2018) might explain the differences in registries' approach to use of a domain name and content. An upcoming review of the E-Commerce Directive and the anticipated proposal of a Digital Services Act, according to leaked documents from DG Connect (European Commission, 2019), is envisioned to specifically address the liability exemption regime in relation to the DNS arguing that "clarification (…) is necessary".11 One central insight, however, is that the European landscape is heterogenous and divided into two major streams at this time: registries that address use or content in their terms to some extent, and registries that do not. There is little information available on a trend or historical evidence. Many ToS have been updated within the last two years, often due to the General Data Electronic copy available at: https://ssrn.com/abstract=3530798 Protection Regulation12 (GDPR) and its implications on WHOIS-databases (see e.g., Hoeren & Völkel, 2018). Yet, it seems plausible that content-related provisions have been more prominent in recent years, given the rise of general online content regulation discussions.

HOW ARE THE TERMS APPLIED?
As seen, some ToS potentially provide a contractual basis for the non-judicial domain name takedown for use-or content-related reasons by a registry. Another interesting question is whether and how domain registries make use of these provisions in practice. The analysis above says little regarding in which instances these provisions are or have been applied, but rather gives a picture of the contractual room of operations for ccTLD registries.
Some registries stipulate in their terms more or less directly that they do not assess the use of a domain name or content of websites made accessible via a domain name (see above). The German <.de> terms, for example, note that "[a]t no time is there any obligation whatsoever on DENIC to verify whether the registration of the domain on behalf of the Domain Holder or its use by the Domain Holder infringes the rights of others" ( § 2). The Austrian <.at> terms clarify that a revocation only takes place "in the case of a legally effective ruling by a court of law or a court of arbitration which is enforceable in Austria, and in the case of an instruction from a competent authority" (Section 3.8). In other instances, domain registries have set up trusted flaggers or trusted notifier regimes, where registries rely on notices by a public authority or private notifiers (Bridy, 2017;.
Sometimes registries provide additional information on the handling of use or content on their website. But generally, information on practice related to the enforcement of use-or contentrelated terms in their ToS is -beyond sporadic press releases by registries -sparse and often not publicly available. Given that there is relatively little written and reported on such handlings, presumably the takedown of domain names directly based on an assessment of content -whether ex officio or on the motion of third parties -is rare. Or, at least, false positives might be rare, as infringers are unlikely to challenge the takedown of a domain name for use-or content-related reasons, which in turn could mean that there are few instances where the takedown of domain names for these reasons is challenged by the registrant.13 It is also difficult to assess the relation of domain registries to content without acknowledging the fluid boundary between content-and non-content-related measures. For example, when the legality of a domain name as such is determined, e.g., in connection with Uniform Domain-Name Dispute-Resolution Policy (UDRP) proceedings, the name as such is regularly the starting point. However, its use also constitutes one determining factor, even though the decision is not based on the content accessible via a domain name. Thus, the borders between content-related and purely domain name-related issues might be blurrier than they appear.
In the absence of concrete information from practice, I refer in this article to publicly available evidence related to the structural setup of content-or use-related mechanisms put in place by registries. In the following, I provide three examples that are noteworthy.

NOTICE-AND-TAKEDOWN MECHANISMS
The first example is the Dutch ccTLD registry administering <.nl>, SIDN, which established a notice-and-takedown procedure -akin to the procedures established by online platforms in connection to Article 14 of the E-Commerce Directive -for offending content that is clearly Electronic copy available at: https://ssrn.com/abstract=3530798 The regulation of abusive activity and content: a study of registries' terms of service Internet Policy Review | http://policyreview.info unlawful or criminal (CENTR, 2019b, p. 20;SIDN, 2019a). Anyone with a "legitimate interest" can, after having contacted the uploader, website manager, registrant, and registrar, request the registry to disable a <.nl> domain name. SIDN specifies in its takedown form, that they "take action only to prevent clearly unlawful or criminal activity. If, for example, expert legal opinion is needed to decide whether an activity is unlawful or criminal, we won't do anything." According to SIDN's yearly report (SIDN, 2019b, p. 9), the registry received 35 notice-andtakedown requests in 2018, of which seven led to the disabling of a domain name by SIDN.
Given the low number of cases and the information on the setup of this mechanism it appears as a last-resort measure. Yet, it is a noteworthy mechanism which appears to be inspired by mechanisms put in place in relation to the liability exemption regime for hosting-providers from the E-Commerce Directive.
Somewhat related to these developments, is the establishment of trusted notifier regimes. A practice, that is increasingly seen and also encouraged by the European lawmaker,14 is the offering of an expedited process for notices coming from "trusted flaggers" or "trusted notifiers".
Some gTLD and some ccTLD domain registries have established such mechanisms (Bridy, 2017;. Again, public information on the setup or workings, however, is sparse.

PROACTIVE SCREENING
The second example relates to the proactive screening of domain name use or content. Certain registries scan or proactively monitor the usage of and content accessible under a domain name for abuse. Technically, this is performed by for example crawling content, fuzzy hashes, HTML structural similarity analysis (see Gowda & Matmann, 2016) or analysis of registration data. In 2017, for instance, the <.eu> registry, EURid, introduced an abuse prevention tool using machine learning algorithms ("Abuse Prevention and Early Warning System") that flags suspicious domain name registrations and aims to prevent such maliciously used domain names from being active in the first place (EURid, 2016;EURid, 2017;EURid, 2019). The Belgian registry administering <.be>, DNS Belgium, also appears to have some kind of screening process outsourced to external security firms in place, which seems to primarily relate to technical abuse by third parties "for fraudulent practices such phishing, malware, etc." (DNS Belgium, 2019a). Also the Dutch registry administering <.nl>, SIDN, has put some research efforts into domain abuse and developed a domain early warning system for TLDs, which is "capable to detect several types of domain abuse, such as malware, phishing, and allegedly fraudulent web shops" (Moura, Müller, Wullink, & Hesselman, 2016). A concern in relation to proactive screening relates to the risk of false positives and the potential lack of competence to assess the legality of the allegedly infringing content.15

DATA VALIDATION
Accurate data has historically been necessary in order to get in touch with registrants with a view to solve technical issues; nowadays, however, there is a somewhat alternative use of data accuracy emerging in relation to abuse. Some have identified a plausible correlation between domain names that are used for unlawful purposes and the quality of the registration data (DK Hostmaster, 2019; Palage, 2019). Regularly, domain registries reserve the right to terminate a registration that is based on wrong or inaccurate information in their ToS (e.g., <.be>, <.se>, <.nl>, <.dk>, <is>, <.eu>, <.it>). Securing correct registrant information has been identified as one means to mitigate the problem.
Several registries have introduced internal or external data validation processes (e.g., <.dk>, <.uk>, <.eu>). The UK ccTLD-registry, Nominet, for example, uses a data validation process, where it matches name and address against a third-party data source (Nominet, 2019).
Electronic copy available at: https://ssrn.com/abstract=3530798 Similarly, the Belgian registry performs a daily manual screening of newly registered domain names, which is "carried out first and foremost to identify any obvious cases of phishing rapidly" (DNS Belgium, 2019b). In Denmark, a problem with online shops selling counterfeit products was manifested by an increasing number of court orders that the registry received to seize <.dk> domains. In 2017, the Danish registry, DK Hostmaster, introduced the mandatory use of a common login and verification solution used by government, banks and other private actors for identity verification purposes of Danish registrants and a risk-based assessment of foreign registrants at the time of registration. The verification requirement resulted in a decrease of online shops suspected of IP infringements from 6,73% to 0,12% (DK Hostmaster, 2019). Also, the <.eu> registry, EURid, cross-checks registration data with third parties, which by 2016 had resulted in the deletion of 31,819 domains at the registry's own initiative (EURid, 2016).
This offers an intriguing, somewhat creative, practical solution to the practical problem of unlawful use and content, which comes from a very different starting point: instead of a problematic move of registries towards effectively performing content policing, a reduction in "abuse" -whether technical or content-related -is merely a by-product of ensuring correct registration data. The Danish registry, for example, is, according to § 18 (2)  Inaccuracy of registration data in this context is not evidence of malpractice but rather the reason for a domain name takedown in itself. In other words, the takedown of a domain name for technical reasons or content abuse is performed without the registry having to perform a legal evaluation of the use or the content on the underlying website. Thus, such a mechanism is -compared to trusted notifier regimes or takedown based on some kind of use or content analysis -also much less problematic from a fundamental rights perspective.

CONCLUSION
A report by the Internet & Jurisdiction policy network notes that a common challenge among all actors is "to define when is it appropriate to act at the DNS level in relation to the content or behavior of a domain address, and to identify the respective roles that courts and so-called 'notifiers' should play" (Internet & Jurisdiction, 2019a, p. 159). This analysis of 30 European ccTLD terms of services shows that there is a relatively wide spread of responses to use-and content-related domain name "abuse": some actors refrain from contractually reserving to takedown a domain name due to its use or content. Others reserve a right to take down a domain name in certain severe situations. Still others have established some kind of takedownregime, akin to notice-and-takedown regimes of other intermediaries, or even introduced some form of proactive screening. A little more than a third of the analysed ccTLD terms contain content-or use-related provisions, accounting for 47,04% of the analysed ccTLD market. This compares to findings of Kuerbis, Mehta, & Mueller (2017), which found for registrars that 59% of terms comprise morality clauses accounting for 62% of the domain name market. Thus, the discretion for registrars to take down domain names is higher than for ccTLD registries. Yet a different market response by ccTLD registries to the issue of unlawful content appears to be the "creative use" of data validation. Without directly regulating use or content, this practice constitutes a practical solution for minimising the use of domain names for unlawful purposes.
Electronic copy available at: https://ssrn.com/abstract=3530798 Domain name takedowns based on privatised enforcement and self-regulation for contentrelated reasons are worrisome from a fundamental rights perspective (Kleinwächter, 2003;Seltzer, 2011;DeNardis, 2012; and risks and drawbacks associated with useor content-related domain name takedowns have been identified elsewhere (see e.g., Schwemer, 2018;CENTR, 2019b, p. 14-15;Internet & Jurisdiction, 2019a, p. 159). It has for example been argued that "requests for domain name suspension should only be considered when one can reliably determine that a domain is used with a clear intent of significant abusive conduct; only a particularly high level of abuse and/or harm could justify resorting to such a measure" (Internet & Jurisdiction, 2019a, p. 159). In October 2019, a group of registrars and registries, notably including the registry administering the ccTLD <.uk>, released a "Framework for DNS Abuse",17 arguing that "[d]espite the fact that registrars and registries have only one blunt and disproportionate tool to address Website Content Abuse, we believe there are certain forms of Website Content Abuse that are so egregious that the contracted party should act when provided with specific and credible notice". Notably, they argue that a registry or registrar should even without a court order address "content abuse" related to "child sexual abuse materials", the "illegal distribution of opioids online", "human trafficking" and "specific and credible incitements to violence". While domain registries have historically not been designed to engage in use-or content-related enforcement, recent developments seem to suggest that lines are getting blurrier between the infrastructure and the content layer of the internet.
A silent drift by domain registries into regulating and enforcing abusive content or activity on underlying websites -i.e., use and content regulation -is problematic. As seen in this article, In this article, I have purposely focused on publicly available information only. In privatised enforcement systems, transparency is central to ensuring well-functioning and well-balanced regimes. Future research endeavours might benefit from further empirical work, for example by interviewing registries on their practices. It will also be relevant to revisit the ToS of registries in due time as the contractual basis for these measures might change. In direct follow-up with selected ccTLD registries, it appears that they are of minor practical relevance at this time.
Given the topicality of content regulation, my expectation is that this practice will become more prevalent rather than disappear. In this trajectory, in any case, domain registries should be clear and transparent regarding their role in content-or use-related domain name takedowns.

APPENDIX
Analysed terms of services of ccTLDs. All registries have been checked for information last on 24 June 2019. Numbers marked with an asterisk (*) are retrieved from <http://research.domaintools.com/statistics/tld-counts/>, in instances where registries did not provide publicly available statistical information. The Flesch-Kincaid level has been calculated using a Microsoft Word script.