Understanding the Role of Trusted Notifiers in DNS Abuse Mitigation
APRALO Policy Forum + EURALO - 7 May 2026,
VIDEO | AUDIO | RECAP EN / ES / FR | ARCHIVE | PERMALINK
Speakers: Justine Chew - APRALO; Frederic Taes - EURALO; Oleksandr Honcharenko - AXGHouse / REMOVEE; Jan Janssen - PETILLION; Alban Kwan - Trusted Notifier Network (TNN); Henry Chan - Trusted Notifier Network (TNN); Steinar Grøtterød - EURALO; Amrita Choudhury - APRALO; Olabimpe Adeloro - Participant
Moderator: Steinar Grøtterød - EURALO
The webinar explored the emerging role of trusted notifiers and trusted flaggers in combating DNS abuse and broader online harms. Speakers examined the intersection of policy, legal frameworks, operational realities, commercial incentives, and end-user protection, with a strong focus on cross-industry cooperation and multistakeholder approaches.
Opening Remarks and Context
Justine Chew opened the session by explaining that the webinar was conceived as a pilot collaboration between APRALO and EURALO. She framed the discussion within ongoing At-Large conversations on DNS abuse mitigation and the search for possible partnerships with trusted notifier networks and similar entities that could help protect end users. She emphasized that while ICANN maintains a narrow contractual definition of DNS abuse, the discussion would intentionally extend beyond that limited scope to include broader forms of online abuse and harm affecting Internet users.
Frederic Taes welcomed participants and described the webinar as an effort to connect expertise from Asia-Pacific and Europe. He highlighted the diversity of perspectives represented, including legal experts, operational practitioners, and trusted notifier initiatives. He positioned the session as both educational and exploratory, aiming to understand how different trusted notification models operate across jurisdictions and sectors.
Operational Perspective from AXGHouse and REMOVEE
Oleksandr Honcharenko introduced AXGHouse as a digital enforcement company serving as a trusted reporter for Google, Microsoft, and Cloudflare, as well as an official EU Digital Services Act trusted flagger. He explained that the overwhelming majority of his organization’s work involves copyright enforcement, particularly combating unauthorized distribution of movies and television content.
He described how his company primarily works with hosting providers rather than registrars because registrars are often slower to respond to copyright complaints. However, he argued that registrars still play an essential role because malicious actors frequently rotate hosting providers while continuing to use abusive domains for long periods. According to Honcharenko, domains associated with repeated unlawful activity and large volumes of complaints should face stronger intervention.
Several practical abuse cases were discussed:
Typosquatting and brand impersonation domains targeting legitimate software companies
Fraudulent SMS-payment scams associated with pirate streaming websites
Fake websites tricking users into losing money under the guise of legitimate services
Honcharenko explained that when registrar responses fail, his company escalates complaints to hosting providers and also works to delist malicious sites from search engines such as Google and Bing.
He also introduced REMOVEE, a consumer-facing platform intended to help ordinary users report copyright infringement and impersonation accounts. The platform provides estimated takedown times and allows users to submit complaints that are then processed through trusted reporting channels. He announced plans for a second version of the platform that would introduce free monthly reporting credits and a community feature allowing users to discuss digital safety issues collaboratively.
Honcharenko stressed that better cooperation with registrars was necessary to address persistent abusive domains associated with repeated fraud, impersonation, or copyright infringement. He argued that trusted notifier relationships could help create more effective responses to chronic abuse patterns.
The EU Digital Services Act and Trusted Flaggers
Jan Janssen provided an overview of the European Union’s Digital Services Act (DSA), explaining its purpose as a harmonized EU-wide framework for addressing online abuse while balancing competing fundamental rights such as freedom of expression, trademark protection, and copyright enforcement.
He distinguished between “vertical” legal instruments, where private parties must seek relief through government authorities, and “horizontal” instruments like the DSA, where private actors can directly invoke rights and obligations against one another. He emphasized that the DSA was designed to create uniform obligations across the European Union rather than fragmented national rules.
Janssen outlined the DSA’s tiered structure:
Intermediaries
Hosting services
Online platforms
Very Large Online Platforms (VLOPs)
Very Large Online Search Engines (VLOSEs)
He explained that trusted flagger obligations apply primarily to online platforms and very large platforms, including services such as Amazon, X/Twitter, Alibaba, Wikipedia, Google, and Bing. Registrars and registries are not currently required under the DSA to implement trusted flagger mechanisms, although they may choose to do so voluntarily.
Janssen used the analogy of a shark warning flag on a beach to explain the trusted flagger concept: if a recognized trusted entity reports harmful content, platforms are expected to prioritize and act on that notice rapidly.
He then described the criteria for becoming a trusted flagger under EU law:
The entity must be established within the EU
It must demonstrate expertise in identifying illegal content
It must operate independently and objectively
It must show diligence and accuracy in reporting
Examples included organizations combating child sexual abuse material and intellectual property infringement entities such as BREIN in the Netherlands.
Janssen concluded that trusted flagger systems accelerate takedown processing by establishing a higher degree of confidence between reporting organizations and platforms.
Trusted Notifier Network (TNN) and a Global Cooperative Model
Alban Kwan and Henry Chan presented the Trusted Notifier Network (TNN), a nonprofit initiative intended to create cross-industry and cross-border trusted notifier relationships. Kwan described his and Chan’s backgrounds in the domain industry, registrar operations, takedown services, and Internet governance, noting that these experiences shaped their understanding of abuse mitigation from multiple stakeholder perspectives.
Kwan explained that TNN aims to build trust relationships between brands, service providers, Internet intermediaries, law enforcement agencies, and potentially civil society organizations. Unlike the EU DSA framework, which is geographically limited to Europe, TNN seeks a globally scalable model applicable across Asia-Pacific, Africa, and other regions.
A major theme of the presentation was the tension between competing Internet governance values:
Protecting users from phishing, scams, and fraud
Preserving freedom of expression
Preventing excessive platform censorship
Avoiding over-centralized government control
Kwan argued that online abuse is often viewed solely through the lens of “responsibility” and liability, whereas it should instead be understood as an “unfair cost transfer problem.”
He described the economic cycle of abuse mitigation:
Criminals impose costs on brands and victims
Brands outsource takedowns to service providers
Service providers automate enforcement using templates and AI
Platforms distrust low-quality reports and tighten standards
Platforms build large trust-and-safety teams at great expense
Unresolved harms shift costs back onto society
Governments respond with regulation
According to Kwan, this cycle creates escalating friction and inefficiency. TNN’s goal is to redistribute the costs and liabilities more fairly throughout the ecosystem.
Another major concept introduced was the creation of an “indemnity chain.” Kwan argued that intermediaries are reluctant to act aggressively because they face liability risks from governments, users, brands, and regulators simultaneously. TNN proposes contractual indemnification flowing from verified complainants through trusted notifiers to intermediaries, allowing faster action while reducing legal uncertainty for platforms and registrars.
The presentation also emphasized cross-industry cooperation extending beyond DNS abuse into broader harms such as illegal gambling, fraud, scams, and social media abuse. Kwan argued that effective mitigation requires involvement from hosting providers, social media companies, telecom operators, registrars, registries, and law enforcement agencies across jurisdictions.
TNN’s operational model was described as follows:
Victims or brands identify harmful content
The victim verifies the abuse
Trusted notifiers and TNN review and standardize reports
Intermediaries receive expedited “green channel” notifications
Platforms remain responsible for final decisions but can act more quickly because trust has been established
Kwan stressed that TNN does not seek to impose mandatory removals but instead seeks to streamline review and response processes.
He closed by inviting APRALO and EURALO participants to help:
Connect TNN with law enforcement agencies
Advise on whether civil society organizations should qualify as trusted notifiers
Recommend criteria for evaluating such organizations
Facilitate engagement with ccTLD operators in different regions
Discussion on End Users, Harm, and Civil Society
Steinar Grøtterød moderated the discussion session and highlighted the importance of maintaining an end-user perspective within DNS abuse conversations. Drawing on his experience as an ISP operator, registrar, registry operator, and DNS abuse specialist, he observed that much of the discussion focused heavily on brand protection and intellectual property enforcement, though ordinary Internet users are also directly harmed by online abuse.
A central question emerged around how “harm” is defined and how end users can meaningfully participate in abuse reporting systems.
In response, Alban Kwan explained that TNN distinguishes between:
Commercially linked scams impersonating brands
Scams without clear commercial anchors, such as romance scams
For the first category, brands themselves can verify whether a website is fraudulent. For the second category, TNN would rely more heavily on law enforcement agencies to establish legitimacy and harm. Kwan reiterated that intermediaries should not be expected to independently determine truth or legality without trusted verification sources.
Henry Chan added that TNN was actively seeking input from stakeholder communities precisely because current systems do not adequately address harms experienced directly by end users. He emphasized that reducing friction and duplicated effort throughout the abuse mitigation ecosystem was a core organizational objective.
Steinar then raised the practical problem of reporting abuse from the perspective of ordinary users. He noted that many abuse reporting systems require technical expertise beyond the capabilities of most Internet users, such as copying raw email headers or interpreting phishing indicators. He cited more user-friendly models, including national systems where suspicious emails can simply be forwarded for analysis.
Jan Janssen responded with examples from Belgium, including a government-supported service where users can forward suspicious emails to a centralized address for investigation. He also encouraged users to report serious incidents to law enforcement and participate in policy processes within ICANN related to DNS abuse mitigation obligations.
At-Large Perspectives and Phishing Education
Justine Chew clarified that trusted notifier systems should not be viewed as complete solutions but rather as tools and potential partnerships that the At-Large community could explore. She highlighted the possibility of APRALO and EURALO contributing to discussions around criteria for civil society participation in trusted notifier frameworks.
She also revisited the issue of ICANN’s narrow DNS abuse definition, explaining that the current definition exists partly because ICANN requires legally enforceable contractual language for registrars and registries. However, she stressed that abuse patterns continue to evolve and that At-Large communities should consider how definitions and mitigation approaches can adapt over time.
Amrita Choudhury expanded on the role civil society could play. She suggested that trusted notifier systems might adopt approaches similar to international fact-checking networks, where organizations qualify through transparent criteria and accreditation processes. She also emphasized the importance of public education and described the At-Large phishing awareness module already being piloted in multiple regions, including Africa and Latin America.
The phishing course is intended to:
Educate users about scams and phishing
Explain reporting and remediation pathways
Build regional capacity through RALO-led training initiatives
Incorporate practical case studies and operational experiences
Amrita suggested future collaboration between At-Large educational initiatives and trusted notifier organizations to improve training materials and real-world relevance.
Community Questions and REMOVEE Discussion
Participant Olabimpe Adeloro asked whether individual users could participate in the communities being developed around REMOVEE and DNS abuse mitigation.
Oleksandr Honcharenko clarified that REMOVEE’s current scope is limited mainly to copyright infringement and impersonation reporting rather than phishing and scams. However, he stated that future versions might expand into broader abuse categories. He confirmed that the upcoming REMOVEE community would be open to users globally and intended as a free discussion and collaboration space focused on copyright, intellectual property, and Internet safety issues.
Closing Reflections
Frederic Taes concluded by describing the webinar as the beginning of a longer conversation around trusted notifiers, trusted flaggers, multistakeholder governance, and the distribution of abuse mitigation costs. He highlighted recurring themes throughout the discussion:
The role of end users
The economics of abuse mitigation
Cross-regional cooperation
The need for broader multistakeholder engagement
The challenge of balancing safety and free expression
He noted that the conversation would continue within EURALO, APRALO, EuroDIG, and upcoming ICANN meetings, particularly ICANN86 in Seville. He thanked the speakers, moderators, interpreters, and ICANN staff for contributing to a highly interactive and exploratory session.
RESOURCES
APRALO Policy Forum – EURALO Joint Webinar — official event page on the APRALO wiki
Trusted Notifier Network (TNN) — nonprofit trust framework presented by Alban Kwan and Henry Chan
TNN Core Concept 1: Unfair Cost Transfer — Alban Kwan’s CircleID essay on the model discussed in the webinar
TNN Core Concept 2: Chain of Indemnity — Alban Kwan’s CircleID essay on rebuilding Section 230 protection contractually
AXGHouse — Oleksandr Honcharenko’s Estonian anti-piracy firm and EU DSA Trusted Flagger
REMOVEE — AXGHouse’s takedown platform for copyright and impersonation reports
Jan Janssen at PETILLION — Brussels dispute-resolution lawyer who presented the DSA framework
EU Digital Services Act (DSA) — European Commission overview of the regulation and Article 22 trusted flaggers
Stichting BREIN — Dutch anti-piracy foundation cited by Jan Janssen as a DSA trusted flagger
safeonweb.be — Belgian Cybersecurity Centre’s suspicious-message reporting service (suspicious@safeonweb.be)