Today is an important day for the internet infrastructure: The internet administration ICANN published the long-awaited final Applicant Guidebook on 16 December 2025. This officially sets out the framework conditions for the upcoming round of applications for dedicated top-level domains.
For companies and institutions, this opens up a window of opportunity that only presents itself every ten to fifteen years: From April to August 2026, they can apply to ICANN for their own top-level domain (TLD) – and thus rely on their own brand (e.g. .firma) instead of endings such as .com or .de.
While the last application round in 2014 often focussed on marketing aspects, the 2026 round is about more: it is about IT security and digital independence.
Why an own TLD is a security asset today
In our consulting practice, we see that having your own TLD is no longer just a branding tool. It is a powerful tool for CISOs and legal departments to regain control over digital communication. Based on current analyses, there are massive opportunities for corporate security:
-
Hardening the email infrastructure (phishing protection):
Whoever operates their own TLD sets the rules. Security standards such as SPF, DKIM and DMARC can be enforced centrally for all domains under the extension. This effectively prevents email spoofing. Emails that claim to come from your TLD but are not authenticated are not even delivered.
-
Encryption by default (HSTS):
Your own TLD can be placed on the so-called HSTS preload list. This means that browsers automatically and exclusively establish encrypted connections to every website under your extension. Attack vectors such as “man-in-the-middle” thus come to nothing.
-
Data protection & independence:
Especially in light of the geopolitical developments of this year – think of the de facto shutdown of the Privacy and Civil Liberties Oversight Board (PCLOB) in the USA in January 2025 – data sovereignty is essential. With their own TLD, companies reduce their dependence on US-based registry operators and can consistently align their infrastructure with European data protection standards.
-
Controlled environment:
You determine who is authorised to register domains. Third parties are kept out. This makes typosquatting (fraud under similar-sounding domains) under your ending technically impossible.
We accompany your project
Acquiring a TLD is not a simple domain purchase, but a complex administrative procedure with high technical, financial and legal requirements. With today’s publication of the handbook, the hot phase of preparation begins.
The Applicant Guidebook defines the technical, organisational and legal requirements for applicants in detail and forms the binding basis for the entire application process.
As a law firm with a long-standing focus on IT and IP law, we will guide you safely through this process. We know: A project like this is teamwork. That’s why we not only support you with the legal structuring and the necessary registry policies, but also work closely with experienced partners from the domain industry during the application process. They take care of the technical conception and project management, while we ensure that your project is on solid legal ground.
Use the coming months until the start of the application window in April to future-proof your digital infrastructure.
If you would like to take a closer look at the formal requirements, you can find the complete applicant handbook as a PDF here.
Do you have any questions about the applicant handbook or the process? Get in touch with us.