What is a Registry Service Provider (RSP)?
A Registry Service Provider (RSP) is an organization that operates the technical backend infrastructure required to run a Top-Level Domain. When a company, government, or community is granted the right to operate a TLD by ICANN, they have two options: build the entire technical stack themselves or contract an RSP. Nearly all TLD operators choose an RSP — and ICANN requires that any RSP used for a new gTLD has passed their technical evaluation.
What services does an RSP provide?
An RSP provides the five core technical services that ICANN's Registry Agreement requires:
1. Authoritative DNS (Anycast)
The RSP operates the nameservers that answer DNS queries for the TLD. These must be globally distributed via Anycast and meet strict SLA requirements (99.999% for most TLDs). Every time someone visits a website or sends an email to a domain in your TLD, the RSP's DNS infrastructure answers the query.
2. Shared Registration System (SRS) / EPP
The SRS is the database that stores all domain registrations for the TLD. Registrars (companies that sell domains to end users) connect to the SRS via the EPP (Extensible Provisioning Protocol) to register, renew, transfer, and manage domains. The RSP builds, hosts, and maintains this system.
3. WHOIS / RDAP
Public domain lookup services. WHOIS is the legacy protocol; RDAP (Registration Data Access Protocol) is the modern replacement required by ICANN since 2019. Both return registration data for a queried domain name.
4. DNSSEC
Cryptographic signing of DNS records using Hardware Security Modules (HSMs). The RSP manages zone signing key generation, key ceremonies, signature refresh, and key rollover — all per ICANN's requirements.
5. Data Escrow
Regular deposits of all registry data to an independent, IANA-recognized escrow agent — daily differential and weekly full deposits — to enable TLD continuity if the registry operator fails.
ICANN's RSP evaluation program
ICANN introduced the RSP evaluation program specifically for the 2012 New gTLD Program to ensure technical quality across new TLD backends. An organization must apply to and pass ICANN's evaluation to become a recognized RSP.
The evaluation covers:
As of 2025, only 28 organizations worldwide have passed this evaluation. PT AIDI Digital Global (ADG) is one of them — headquartered in Indonesia and serving TLD operators globally.
For the 2026 New gTLD Round, using an ICANN-evaluated RSP is mandatory. Applicants who name a non-evaluated RSP in their application risk rejection or required remediation.
RSP vs registry operator: what's the difference?
These two roles are distinct but closely related:
| Registry Operator | Registry Service Provider (RSP) | |
|---|---|---|
| **ICANN relationship** | Holds the Registry Agreement | No direct ICANN contract |
| **Accountability** | Accountable to ICANN for TLD | Accountable to registry operator |
| **Policy role** | Sets domain policy for TLD | Implements policy, not sets it |
| **Technical role** | Owns the TLD rights | Runs the technical systems |
| **Business role** | Commercial/branding strategy | Infrastructure operations |
A registry operator can be technical (building their own systems) or non-technical (relying entirely on an RSP). Most new gTLD operators use an RSP because the technical requirements are significant — building ICANN-compliant DNS, EPP, WHOIS/RDAP, DNSSEC, and data escrow from scratch takes years and millions of dollars in infrastructure investment.
How to choose the right RSP
Not all RSPs are the same. Key evaluation criteria:
1. ICANN evaluation status: Non-negotiable — confirm the RSP is on ICANN's current evaluated list.
2. DNS infrastructure quality: Node count, geographic distribution, SLA guarantees, DDoS protection capacity.
3. References: Which active TLDs does the RSP operate? Talk to existing customers.
4. Contract terms: What happens if you want to migrate to another RSP? Is there a data portability guarantee?
5. Local support: If your TLD serves a regional market, is the RSP accessible in your time zone with staff who understand local regulations?
6. Pricing model: Per-domain fees vs. flat-rate fees — which model fits your TLD's projected zone size?
ADG offers a free discovery call to help TLD applicants evaluate their options before committing to an RSP agreement.
Frequently Asked Questions
Can I change my RSP after delegation?
Yes, but it's operationally complex. RSP migration involves transferring zone data, SRS data, registrar EPP connections, and DNSSEC keys — all while maintaining 100% uptime. ICANN requires a migration plan that ensures no registrant impact. Most registry operators stay with their initial RSP for stability.
What is a shared RSP vs a dedicated RSP?
A shared RSP operates infrastructure used by multiple TLD operators simultaneously (multi-tenancy). A dedicated RSP provisions exclusive infrastructure for a single TLD. Most RSPs offer shared infrastructure for cost efficiency; dedicated infrastructure is available for high-volume TLDs or those with special security/compliance requirements.
How long does RSP onboarding take?
After a Registry Agreement is signed with ICANN, the technical setup with an RSP typically takes 60–90 days. This includes EPP configuration, DNS delegation, DNSSEC setup, registrar onboarding, and ICANN pre-delegation testing (PDT). ADG's onboarding process is designed to meet ICANN's PDT requirements on first submission.