ICANN's new gTLD application rounds are one of the most misunderstood topics in the domain world. Many teams hear "you can apply for your own .brand" or "there will be thousands of new domain extensions", but very few actually know what the application process looks like, what it costs, and who it realistically makes sense for. If you're responsible for domains, digital strategy or IT infrastructure, you don't need marketing hype – you need a clear, technical and business view of what ICANN new gTLD applications really involve.
In this article, we walk through the new gTLD application landscape from the perspective of a hosting and domain provider. We will explain the program in plain language, unpack the evaluation and technical requirements, look at costs and timelines, and then map all of that back to practical domain strategy. Whether you are a global brand considering your own .brand TLD, a community or city thinking about a geographic string, or simply want to understand how new gTLDs will impact your existing domain portfolio, this guide will give you a grounded view you can actually plan around.
İçindekiler
- 1 What ICANN New gTLD Applications Actually Are
- 2 Who Should Consider a New gTLD Application (and Who Probably Shouldn't)
- 3 The ICANN New gTLD Application Process Step by Step
- 4 Technical, DNS and Security Requirements You Must Be Ready For
- 5 Costs, Timelines and Hidden Operational Work
- 6 Strategic Alternatives If a Full New gTLD Is Too Much
- 7 How dchost.com Fits into Your New gTLD and Multi-Domain Strategy
- 8 Conclusion: Turning ICANN New gTLD Applications into a Clear Decision
What ICANN New gTLD Applications Actually Are
Quick refresher: gTLD vs ccTLD vs new gTLD
Every domain name ends with a top-level domain (TLD) such as .com, .org or .net. These are called generic top-level domains (gTLDs). Country-code domains like .de, .tr or .fr are ccTLDs, managed by national or regional authorities.
For many years, the gTLD space was very limited. ICANN's new gTLD program opened the door for organizations to apply for entirely new extensions such as .shop, .app, .hotel or brand-owned .brand spaces. New gTLD application rounds are the controlled windows in which ICANN accepts and evaluates applications to delegate these new extensions into the DNS root.
Types of new gTLDs you can apply for
Not all new gTLDs are the same. When ICANN opens a round, you typically see four broad categories of strings:
- Open generic gTLDs – Extensions like .shop or .online that any eligible registrant can register names under (e.g., example.shop).
- .brand gTLDs – Closed spaces operated by a single brand owner, usually with strict eligibility rules (e.g., stores.brand, partners.brand).
- Geographic / city gTLDs – Names representing cities, regions or countries (e.g., .istanbul, .paris), often requiring government support.
- Community or sector gTLDs – Extensions restricted to a well-defined community (e.g., a profession, industry or interest group) with eligibility and policy criteria.
ICANN treats each application as a potential registry, not a single domain purchase. When you apply for .brand or any other string, you are effectively asking ICANN to approve you as the registry operator responsible for the entire namespace under that TLD.
How this fits into ICANN's policy framework
New gTLD application rounds do not emerge in a vacuum. They sit on top of a long policy process involving ICANN's Generic Names Supporting Organization (GNSO), governments, registries, registrars and many stakeholder groups. If you want a deeper policy-level view, we've already covered what's changing in ICANN new gTLD policies and what they mean for your domains. In this article, we stay closer to the application mechanics and the technical and strategic decisions you'll actually have to make.
Who Should Consider a New gTLD Application (and Who Probably Shouldn't)
When a new gTLD makes strategic sense
Because running a TLD is complex and expensive, new gTLD applications make sense only for certain types of organizations. Based on what we've seen in the market, it's worth serious consideration if you are:
- A large or global brand with heavy investment in digital channels, trademarks in multiple jurisdictions, and a long-term plan for brand-controlled namespaces (.brand).
- A city, regional authority or tourism board looking to build a digital identity and ecosystem around a geographic name (.city, .region).
- A sector or professional body representing a clearly defined community that could benefit from controlled, verified registrations under a dedicated extension.
- An experienced registry / infrastructure operator planning to launch new open or niche gTLDs as a commercial business, with the capital and operational capacity to run them for many years.
For these groups, a new gTLD can support trust, security, brand alignment and even new revenue or distribution channels.
When a new gTLD is usually overkill
On the other hand, we have many conversations with companies who are attracted to the idea of "owning their own extension" but, when we walk through the details, realize it doesn't align with their realities. You probably don't need to apply for a new gTLD if:
- You're a small or medium business that can be fully served by a solid portfolio of existing domains (.com, relevant ccTLDs and perhaps a few strategic new gTLDs).
- You don't have internal legal, compliance and technical teams ready to own registry-level obligations for a decade or more.
- Your main goal is brand protection (stopping typosquats and lookalike domains) rather than building a new namespace.
- Your marketing and IT plans change yearly; a new gTLD requires thinking in 5–10 year horizons.
In these cases, we usually recommend focusing on a strong defensive and portfolio strategy instead of running your own TLD. A well-designed approach to defensive domain registration and typosquat prevention often delivers 80–90% of the benefit at a fraction of the cost and complexity.
The ICANN New gTLD Application Process Step by Step
1. Internal strategy and string selection
Long before ICANN opens the application portal, you should treat this as a classic IT and branding architecture question:
- What is the exact string? For example, .brand vs .brandgroup vs a generic keyword. Each has legal and marketing implications.
- What is the intended use? Internal only (staff.brand), limited partners (resellers.brand), or fully public registrations?
- How long do you plan to operate it? A new gTLD is effectively a multi-year infrastructure commitment, not a campaign domain.
- How does it coexist with your current domains? Will .brand replace or complement your .com, ccTLDs and existing new gTLDs?
At this stage, you should coordinate between marketing, legal, IT/network, and security. Many issues we've seen in previous rounds stem from misalignment between these teams.
2. Pre-application risk and conflict checks
Next, you need to assess whether your desired string is:
- Legally clear – No obvious conflicts with existing trademarks or reserved names.
- Not confusingly similar to an existing or applied-for TLD in ways ICANN could reject.
- Acceptable from a public interest and geographic perspective – Some names require government support or have special restrictions.
In earlier rounds, many applications ran into string contention – multiple parties applying for the same or similar strings. That can lead to objections, negotiations or even last-resort auctions. Planning alternative strings and being realistic about contention risk is critical.
3. Preparing the actual ICANN application
ICANN applications are not simple forms. Each application usually includes detailed sections covering:
- Applicant background – Corporate structure, ownership, key personnel and any relevant history.
- String and policy description – Purpose of the TLD, eligibility rules, registration policies, rights protection mechanisms and abuse handling.
- Technical infrastructure – DNS architecture, nameserver design, DNSSEC implementation, EPP interfaces, Whois/RDAP, data escrow and continuity plans.
- Operational readiness – Staffing, support processes, SLAs, monitoring and incident response.
- Financial capability – Business model, multi-year projections and evidence you can keep the TLD running even if initial registration volumes are low.
Most serious applicants use internal task forces plus external advisors for at least some parts of this work, particularly for technical sections and policy writing.
4. ICANN evaluation, objections and public comment
Once submitted, your application goes through several layers:
- Completeness and administrative checks – Ensuring all required fields and documents are present.
- Initial evaluation – Independent panels review technical, operational, financial and policy sections.
- Public comment period – Stakeholders can comment on your application; ICANN and panels may consider those comments.
- Objection processes – There are formal channels for legal, community and string confusion objections.
Depending on the round, some strings may trigger additional geographic or governmental reviews, especially if they relate to country names, sensitive terms or public interest concerns.
5. Contention resolution and contracting
If multiple applicants target the same or very similar strings, they form a contention set. That can be resolved by:
- One or more applicants withdrawing in favor of another.
- Negotiated joint ventures or partnerships.
- As a last resort, an ICANN-facilitated auction where the highest bidder wins the right to sign a registry agreement.
Once you pass evaluation and any contention is resolved, you enter into a Registry Agreement with ICANN. Only after that can your TLD be inserted into the DNS root zone and move toward launch (sunrise, limited registration periods, general availability, etc.).
Technical, DNS and Security Requirements You Must Be Ready For
Running a TLD is not "just another server"
From a hosting and DNS perspective, operating a TLD is fundamentally different from running regular web or email services. You are no longer just a customer of DNS; you become part of the authoritative infrastructure of the global DNS hierarchy.
ICANN and the Internet community expect registry operators to meet strict technical, security and stability requirements. Even if you outsource some functions to a "back-end registry" provider, you remain ultimately responsible for compliance.
Core technical components of a new gTLD
At a minimum, a registry operator needs to ensure:
- Authoritative DNS infrastructure
- Multiple geographically distributed nameservers (often on Anycast networks).
- High availability, low latency and resistant to DDoS and other attacks.
- Full support for IPv4 and IPv6.
- DNSSEC deployment
- Signing the TLD zone with secure keys.
- Managing key rollovers without breaking validation.
- Shared Registration System (SRS)
- EPP-based interfaces for registrars to create, update and delete domain records.
- Real-time provisioning into the DNS and registry database.
- Whois / RDAP services
- Public query services that meet ICANN policy (including data protection rules).
- Rate limiting, abuse handling and logging.
- Data escrow and continuity plans
- Regular deposits of registration data with an approved escrow agent.
- Documented plans for registry failure scenarios and continuity operations.
If you are not familiar with DNS security at this depth, it's worth first understanding the basics of what DNSSEC is and when you should enable it. New gTLDs are expected to adopt such mechanisms from day one.
Security, abuse handling and compliance duties
New gTLD operators also carry serious security and abuse management responsibilities. That includes:
- Detecting and acting on phishing, malware, botnet C&C and other abuse within your TLD.
- Implementing strong controls for changes to registry data (e.g., registry locks for critical domains).
- Protecting admin interfaces, EPP access and zone signing keys against compromise.
- Maintaining audit trails, access logs and security incident processes that stand up to external review.
Many of the techniques we recommend to regular domain owners – such as using registry lock and transfer locks to protect critical domains – become even more important when your organization is responsible for an entire TLD namespace.
Infrastructure & hosting considerations
Even if you outsource registry back-end functions, you still need reliable infrastructure for:
- Your registry operator website (information, policies, documentation for registrars and registrants).
- Operational dashboards and monitoring systems to track DNS, EPP, escrow and security events.
- Support portals and ticket systems for registrars and, in some models, direct registrants.
At dchost.com, we pay particular attention to DNS and network architecture topics like Anycast, IPv6 and multi-region availability – the same principles that matter for high-traffic hosting also underpin stable TLD operations. If you're not yet familiar with how advanced DNS and failover can keep critical services online, you may find our guide on multi-region DNS and CDN failover architectures a helpful warm-up before stepping into registry-level responsibilities.
Costs, Timelines and Hidden Operational Work
Application and evaluation costs
ICANN sets a non-trivial application fee for each new gTLD string. In past rounds this has been in the six-figure USD range per application, and future rounds are expected to be similar in magnitude, though the exact number may change.
On top of the ICANN fee, realistic applicants should budget for:
- Legal and policy work – Trademark analysis, contract reviews, objection strategies and policy drafting.
- Technical consulting or registry back-end services – Architecture design, documentation and operational planning.
- Internal staff time – Strategy workshops, stakeholder meetings, review cycles and approvals across departments.
Many first-time applicants underestimate how much internal time this consumes over 6–18 months, especially in large organizations with complex governance.
Ongoing registry operation and ICANN fees
Winning the right to operate a TLD is the start of a long journey, not the end. Expect ongoing costs such as:
- ICANN fixed and transaction fees – Annual fees plus per-domain transaction fees in most models.
- Registry back-end and infrastructure – Either your own team and infrastructure or contracted back-end service providers.
- Security and compliance – Regular audits, security testing, legal reviews and policy updates.
- Marketing and adoption efforts – Even .brand TLDs need internal adoption campaigns and technical rollout plans.
If you operate an open registry, you also inherit support and abuse handling for registrars and registrants. If you run a .brand or very restricted TLD, your operational overhead will be lower, but you still must maintain technical and compliance baselines.
Realistic timelines
Another common misconception is timeline. Even in the smoothest case, the path looks more like this:
- Pre-application strategy and preparation – 6–12 months (sometimes more) before you even submit.
- Application window and submission – A few months during which ICANN accepts applications.
- Evaluation, objections and contracting – 12–24 months, depending on complexity and contention.
- Technical onboarding and pre-delegation testing – Several months.
- Launch phases – Sunrise, limited registration and general availability cycles spread over months.
From first internal discussion to seeing live domains in your new TLD, you should be thinking in multi-year horizons. That's why aligning the project with long-term brand and IT roadmaps is essential.
Strategic Alternatives If a Full New gTLD Is Too Much
Optimizing your existing domain architecture
For many organizations, it is more realistic and efficient to refine their existing domain strategy instead of taking on full registry responsibilities. That might include:
- Rationalizing which ccTLDs vs gTLDs you use for each market.
- Standardizing whether new projects live on subdomains vs subdirectories.
- Planning a coherent international SEO and domain structure rather than ad hoc additions.
We've explored these questions in depth in our guide to international SEO and whether to use .com or a country-code domain, and in our "calm domain" playbook about choosing between ccTLDs and gTLDs for global strategy. Often, tightening these fundamentals produces more tangible results than pursuing your own TLD.
Defensive registrations and brand protection
If your main worry is typos, lookalikes and phishing, there are more direct tools than running a registry:
- Registering key variants and obvious typos in major TLDs.
- Using brand protection and monitoring services to detect abuse early.
- Enforcing strong domain security controls such as 2FA, registry lock and strict role-based access.
We often help customers design a concrete plan based on our guide to defensive domain portfolios for brand protection and our domain security guide covering registry lock, transfer lock and unauthorized changes. For most organizations, this covers the highest risks at predictable, manageable cost.
Planning for the impact of new gTLD rounds without applying
Even if you never submit a new gTLD application, each ICANN round affects the domain environment you operate in:
- More spaces where others could register similar or confusing names.
- New opportunities to secure short, clean domains on relevant extensions.
- Evolving ICANN policies around rights protection, DNS security and abuse handling.
We've previously analyzed these policy shifts in our article on ICANN's updated new gTLD policies and their impact on domain strategy. Even as a registrant (not a registry), keeping an eye on these developments helps you adjust your portfolio strategy, budget, and security posture in time rather than reacting after the fact.
How dchost.com Fits into Your New gTLD and Multi-Domain Strategy
We focus on the parts you run every day
Most organizations considering a new gTLD fall into one of two camps: those who will never apply but still need a resilient, well-managed domain portfolio, and those seriously exploring .brand or other strings and need to harden their current infrastructure before going further. In both cases, our role at dchost.com is clear: we provide the hosting, DNS, server and security foundation that your domains live on every day.
That includes:
- Reliable domain registration and DNS hosting across many TLDs.
- High-performance web hosting, VPS, dedicated servers and colocation for your websites, portals and registry-related systems.
- Support for modern DNS security and SSL/TLS practices so your domains and applications stay trustworthy.
Preparing your stack for a more complex domain future
New gTLD rounds are part of a broader trend: more domains, more TLDs, more security requirements and tighter expectations from browsers, email providers and regulators. Even without a new gTLD of your own, you will likely:
- Operate larger domain portfolios across more TLDs.
- Need stronger DNS configurations (DNSSEC, CAA, SPF/DKIM/DMARC, MTA-STS, etc.).
- Run more services (web, APIs, email, CDNs) under different hostnames and subdomains.
We design our infrastructure and guidance with that world in mind. From DNSSEC-ready DNS hosting to SSL/TLS best practices and secure VPS or dedicated server setups, we aim to keep your technical foundation ready for whatever direction your domain strategy takes.
Using this round as a planning trigger
Even if you don't apply for a new gTLD, the opening of an ICANN round is a great moment to:
- Audit your current domain portfolio and security posture.
- Revisit international domain strategy and whether your current ccTLD/gTLD mix still fits your business.
- Update internal governance, access control and renewal policies for domains and DNS.
If you want to go deeper into the policy side and get a sense of how this round is being structured, we've published a focused analysis in our article on ICANN launching a new gTLD application round and what it means. You can use that as a companion to this piece: one for policy context, one for practical process and infrastructure thinking.
Conclusion: Turning ICANN New gTLD Applications into a Clear Decision
ICANN new gTLD applications are not a simple "buy your own extension" button. They are multi-year, multi-layer projects that combine branding, legal, DNS architecture, security and operational discipline. For a small number of brands, cities and registry operators, that investment makes sense and can deliver unique benefits. For many others, the smarter move is to strengthen existing domain portfolios, tighten security and prepare for a world with more TLDs rather than trying to run one.
If you are in the early stages of exploring this, your first step doesn't need to be an ICANN document – it can simply be getting your current domains, DNS and hosting into the shape you'll need either way. That's where we at dchost.com spend our days: helping you align domain choices, DNS settings, SSL/TLS, and server architecture so that whatever happens in the next ICANN round, your online presence stays stable, secure and fast.
Use this round as a trigger to review your domain strategy, security and infrastructure. Decide honestly whether a new gTLD application fits your scale, risk appetite and roadmap. And if you want a partner who understands both domains and servers in real production environments, we're here to help you build that foundation and adapt as the domain landscape continues to evolve.
