ICANN Announces Policy Updates for New gTLDs: What It Means for Your Domains

Why ICANN’s New gTLD Policy Updates Matter Now

ICANN’s latest policy updates for new generic top-level domains (new gTLDs) are not just a registry or lawyer problem. They directly affect how you choose domains, protect your brand, and plan your hosting and DNS architecture for the next decade. Whether you run a growing e‑commerce site, manage domains for clients, or you are starting to think about your own brand TLD, these changes will quietly reshape the domain landscape you operate in.

In practical terms, the new policies are about three things: more structure around how new gTLDs are applied for and launched, tighter rules around security and DNS abuse, and clearer expectations for brand and community TLDs. That means more choice and more complexity at the same time. In this article, we will walk through what ICANN is changing, why it matters, and how to adjust your domain and hosting strategy so you are prepared rather than surprised.

As dchost.com, we sit right at the intersection of domains, DNS and hosting. We see how policy changes turn into real-world questions: Which TLDs should I buy? How do I secure them? When does it make sense to run my own TLD? Let’s unpack the new ICANN landscape with that practical lens.

Quick Refresher: ICANN, gTLDs and the New Round

Before diving into policy details, it helps to align on a few core concepts. If you already live in this world every day, treat this as a quick checklist to be sure we are using the same vocabulary.

ICANN and the role it plays

ICANN (the Internet Corporation for Assigned Names and Numbers) coordinates the global domain name system. It does not sell domains directly. Instead, it sets the policies and contracts for:

• Registries – the operators of each TLD (for example, whoever runs .example)
• Registrars – the retail providers where you register domains
• Policy – rules for how TLDs are created, operated and governed

The new policy updates we are talking about focus on new gTLDs – future extensions beyond the familiar .com, .org, .net and the first wave like .shop, .app, .blog and hundreds of others.

What exactly is a new gTLD?

A gTLD (generic top-level domain) is any extension that is not tied to a specific country and is meant for broad use: .com, .info, .shop, .online, .cloud and so on. A new gTLD is simply a gTLD that comes out of ICANN’s recent and upcoming application rounds.

In the first major round (launched in 2012), we saw hundreds of new extensions including geographic, generic, community and brand TLDs. ICANN has been working towards another “Next Round” with updated rules based on lessons learned. The latest policy updates are the rulebook for that next wave.

Why this next round is different

The coming round is not just “2012 again with more strings.” ICANN and the community have spent years analysing what worked and what did not. The resulting policies emphasise:

• More predictable evaluation and timelines
• Stronger anti‑abuse and security obligations for registries
• Clearer treatment of closed generics, brand TLDs and community TLDs
• More structure for who can run technical operations (registry service providers)

If you are responsible for digital strategy, this means you will have more options and more rules to consider. The rest of this article is about translating those rules into concrete decisions for your domains and hosting stack.

Key ICANN Policy Changes for the Next New gTLD Round

ICANN’s policy work around the “Subsequent Procedures” (often shortened to SubPro) has produced a long list of recommendations and implementation details. From a practical standpoint, you can think about them in four main buckets.

1. A more structured application and evaluation process

One of the main criticisms of the 2012 round was unpredictability. Timelines slipped, contention sets dragged on, and applicants had trouble planning. The new policies aim to make the next round more structured and repeatable.

In plain language, expect:

• Clearer application windows – ICANN is moving towards well-defined application periods, rather than a one-off opportunity that might not repeat for a decade.
• More transparent evaluation steps – the criteria for technical, financial and policy compliance are being codified more clearly, with standardised questions and scoring.
• Better pre‑application guidance – ICANN and the community are documenting lessons from the first round to help applicants understand what is realistic before they spend money.

If you are even remotely considering a brand TLD (.yourbrand) or a community or sector TLD, this is good news. It becomes easier to model timelines, budgets and risks. We have already broken down the overall new gTLD application journey in our article So, you want your own dot? A deep dive into ICANN’s next gTLD application round, and these new policy updates are essentially the rulebook for that journey.

2. Registry Service Provider (RSP) frameworks

In the 2012 round, many applicants underestimated the complexity of actually running a TLD: DNS operations, EPP interfaces for registrars, DNSSEC, WHOIS/RDAP, reporting to ICANN and more. The updated policies give much more structure to the role of Registry Service Providers (RSPs) – third parties that run the technical side for many TLDs.

What changes in practice:

• Pre‑evaluated RSPs – ICANN is moving towards pre‑qualifying providers who can then be used by multiple applicants, reducing duplicated technical evaluation.
• Clearer separation of roles – policies distinguish more cleanly between the entity that has the rights to the TLD string (the registry operator) and the entity that runs the technical operations (the RSP).
• Standardised requirements – performance, security, reporting and DNSSEC expectations for RSPs are being clarified.

From a hosting perspective, this matters because your future domain strategy may involve tighter integration between where your zones live, how DNSSEC is handled, and how your hosting provider talks to different registries and RSPs. At dchost.com, we are already aligning our DNS and hosting stack with modern TLD and DNSSEC expectations so your domains behave consistently, regardless of which new gTLDs you adopt.

3. Fairness and contention for popular strings

When multiple applicants want the same TLD string (for example, .shop), the earlier round relied heavily on auctions and case‑by‑case handling. The new policies refine how “contention sets” are handled, with more attention to public interest, community claims and fairness.

Expect to see:

• Clearer rules for community applications – if a TLD is proposed to represent a defined community, the application must meet more robust criteria and governance commitments.
• Refined objection and appeal mechanisms – processes for challenging applications on grounds like string confusion, legal rights and public interest are being tuned.
• More predictable contention resolution – while auctions may still exist, they are less likely to be the default first answer to every conflict.

For most registrants this plays out indirectly: it affects which TLDs ultimately make it to market, and under what rules they must operate. But if you are a brand or an association thinking about a community‑oriented TLD, these policies directly shape your governance obligations and how you will need to manage registrations under your TLD.

4. Greater focus on predictability and future rounds

A key lesson from the last decade is that one giant round per decade is not healthy. The new policies aim for a program that can be run more regularly, with known rules, rather than as a rare event.

For your planning, this means:

• You can think about medium‑term timing for a brand TLD, not a once‑in‑a‑generation shot.
• You can base your domain and hosting strategy on the assumption that new TLDs will continue to emerge in a more predictable cycle.
• You should start treating TLD choice as part of ongoing architecture decisions, not a static one‑off.

We covered this mindset shift more broadly in our article ICANN domain policy changes and what they mean for your domains. The new gTLD policy updates are one of the most important pieces of that bigger puzzle.

Security, DNS Abuse and Rights Protection: The Tightened Rules

One area where ICANN and the community are clearly turning the screws is DNS abuse and security. The growth of phishing, malware distribution and spam using domain names pushed ICANN to strengthen the policies that apply to registries and, by extension, registrars and resellers.

Stronger obligations around DNS abuse

While the exact contract language evolves over time, the direction of travel is clear: registry operators for new gTLDs will face tighter expectations to detect, respond to and report DNS abuse. In practice this means:

• Dedicated abuse contacts – every registry must maintain easily reachable abuse contacts and respond within defined timeframes.
• Action thresholds – if a domain is clearly being used for malware, botnets or phishing, the registry is expected to take action, often in coordination with the registrar.
• Monitoring and reporting – more structured reporting of abuse handling, making it easier for ICANN and the community to track how effectively a TLD is managed.

For you as a domain holder, the visible impact is that some TLDs may develop reputations for being “clean” or “risky,” which can feed into spam filters, email deliverability and even browser behaviour. Choosing reputable TLDs and managing your DNS records carefully becomes even more important.

Reinforced rights protection mechanisms (RPMs)

To balance innovation with brand and trademark protection, ICANN’s new policies continue to lean on, and in some cases refine, the Rights Protection Mechanisms (RPMs) created for the 2012 round:

• Trademark Clearinghouse (TMCH) – a central database where trademark holders can record marks and receive claims notices.
• Uniform Rapid Suspension (URS) – a faster, lower‑cost process than a full UDRP to suspend clear‑cut abusive registrations.
• Post‑Delegation Dispute Resolution – tools to address ongoing patterns of abuse at the registry level.

The policy updates focus on making these mechanisms more predictable and better integrated into registry operations. If you manage a brand, this is your reminder that entirely ignoring defensive registrations is increasingly risky. We go much deeper on this in our article Defensive domain registration strategy for brand protection, which pairs well with the new ICANN policy landscape.

Implications for DNS and hosting architecture

Security policies at the registry level cascade down to choices you make on the hosting side. For example:

• DNSSEC expectations – more new gTLDs will run DNSSEC at the registry level, and many will implicitly expect DNS hosting providers to support DNSSEC properly.
• Contact data and WHOIS/RDAP – tighter compliance and privacy frameworks mean contact data must be accurate and managed securely.
• Abuse response – if a site on your infrastructure is compromised and starts serving malware or phishing, registrars and registries may now have clearer obligations to act quickly.

At dchost.com we are aligning our DNS services, hosting security hardening and monitoring with this more demanding environment. That includes features like DNSSEC‑aware DNS hosting, robust logging (vital for regulations like GDPR and KVKK, as discussed in our guide Log retention on hosting and email infrastructure for compliance) and practical security hardening on VPS and dedicated servers.

Closed Generics, Brand TLDs and Community TLDs: What Changes

Another major policy theme has been how to treat closed generics, brand TLDs and community TLDs. This matters for both companies dreaming about .brand and for everyone else who will later decide if they should register under those TLDs.

Closed generics: private control of common words

A closed generic is a generic word TLD (for example, .book or .music) that would be operated for the benefit of a single company or a very narrow set of entities, not open to general registration. These were highly controversial in the first round.

ICANN’s new policy work has been moving towards much stricter treatment of closed generics, with an emphasis on the public interest. While final frameworks and edge cases are still a matter of debate, you should assume:

• It will be harder to get approval for a purely closed generic TLD that locks up a broad, descriptive word for one entity.
• Applicants may need to demonstrate clear public benefit, openness or community structure if they want to run a generic word TLD with restrictions.
• Policy and contractual commitments about eligibility, fairness and transparency will play a bigger role in evaluation.

For regular domain buyers, the practical impact is this: more generic TLDs are likely to be open for public registration, or at least subject to transparent eligibility rules, rather than hidden behind single‑company walls.

Brand TLDs: clearer expectations and use cases

Brand TLDs (like .brandname) are here to stay, but ICANN’s policy updates clarify what counts as a brand TLD and which rules apply. In broad strokes:

• The TLD string must be closely tied to a registered trademark held by the applicant.
• Use is generally restricted to the brand and its affiliates, not the general public.
• There are clearer expectations about how the brand uses the TLD, maintains security and handles any limited third‑party registrations.

From a strategy perspective, a brand TLD can support:

• Consistent naming across countries and product lines (shop.brand, support.brand, partners.brand)
• Security and trust (users quickly recognise that anything under .brand is official)
• Clean separation of environments (internal.brand for staff, labs.brand for experiments, etc.)

But it also introduces operational overhead: DNS, certificates, hosting, redirects and SEO need to be designed carefully. Our article The calm domain playbook: ccTLD vs gTLD and international SEO is a good companion read when you start modelling how a brand TLD would coexist with existing .com, ccTLDs and subdomain structures.

Community and geographic TLDs: governance really matters

Community TLDs (for example, representing a professional group or a cultural community) and geographic TLDs (city or region names) are also covered by the updated policies.

Key themes include:

• Stronger community definitions – applicants must be clear about who the community is and how they are represented.
• Governance expectations – rules for eligibility, dispute resolution and transparent decision‑making are being strengthened.
• Local support for geographic TLDs – more emphasis on demonstrating buy‑in from relevant governments or authorities.

If you are a local business or organisation, this affects you indirectly: you may soon see more credible, well‑governed city or community TLDs to register under. Planning how these fit into your domain portfolio early will help you avoid fragmented branding later.

How ICANN’s Updates Affect Registrants, Brands and Hosting Providers

ICANN focuses on policy and contracts, but the consequences land on three very practical players: people who register domains, brands and organisations with portfolios, and the hosting providers who run the servers and DNS behind those domains.

For individual registrants and small businesses

If you manage a handful of domains for your own project or small business, here is what these updates mean in day‑to‑day terms:

• More choice of targeted TLDs – expect a new wave of extensions tailored to specific industries, communities and regions.
• Gradual improvement in trust signals – stricter DNS abuse policies should make it easier over time for email providers and browsers to distinguish clean vs risky TLDs.
• A bit more complexity – you will need to be intentional about which TLDs you adopt, to avoid confusing users and search engines.

We strongly recommend building a lightweight but clear domain plan: primary domain, defensive registrations, redirects and which TLDs you deliberately ignore. Our article Domain portfolio management: organising renewals and brand protection offers a practical framework even if you only hold a modest number of domains.

For brands and organisations with larger portfolios

If you manage dozens or hundreds of domains, ICANN’s updated policies are your signal to revisit both defensive registration and the question of a brand TLD.

Consider:

• New TLDs you may need to track – industry‑specific or geographic TLDs where it makes sense to secure your brand name early.
• Central governance – as more TLDs appear, ad‑hoc domain purchases by different departments quickly get messy. Central policies and a single source of truth reduce risk.
• Security baselines – registrar lock, 2FA, DNSSEC and change approval processes become non‑negotiable. Our guide Domain security best practices walks through a concrete checklist you can adopt today.
• Brand TLD feasibility – the structured new round makes it easier to model whether .brand is worthwhile for you over a multi‑year horizon.

From our side at dchost.com, we regularly help customers align their domain strategy with their hosting architecture: which domains terminate on which servers, how SSL and DNSSEC are managed, and how to keep staging, test and production environments clearly separated while keeping certificates and DNS under control.

For hosting and infrastructure teams

Even if you do not touch policy directly, ICANN’s new gTLD rules affect how you design your stack.

Operationally, you should assume:

• More TLD diversity – your systems, provisioning scripts and monitoring need to be TLD‑agnostic and ready for new suffixes.
• DNSSEC as a default, not an exception – you should be comfortable running DNSSEC‑enabled zones, signing them correctly and handling key rollovers.
• More sensitive email and spam filters – some new TLDs might initially be treated with caution; you will want to be on top of PTR, SPF, DKIM and DMARC for good email reputation.

If you are running your own infrastructure on VPS or dedicated servers, our existing guides on securing a VPS server and what DNSSEC is and how it secures your site are a good complement to these policy shifts. At dchost.com we design our hosting, VPS, dedicated and colocation services with this evolving DNS and TLD environment in mind, so your domains and servers stay aligned as new gTLDs come online.

Practical Roadmap: How to Prepare for ICANN’s New gTLD Era

Policy documents can feel abstract, but the impact on your daily work does not have to be. Here is a pragmatic roadmap you can follow over the next 12–24 months, whether you are a small site owner or managing a larger digital portfolio.

1. Audit your current domain portfolio and architecture

Start by listing:

• All domains you own (including old project leftovers)
• Which TLDs they use (.com, ccTLDs, existing new gTLDs, etc.)
• Where their DNS is hosted, and whether DNSSEC is enabled
• Which hosting or VPS servers they point to

Then ask:

• Which are mission‑critical and should always be renewed?
• Which should be consolidated or allowed to expire?
• Where are the weak points (no DNSSEC, no registrar lock, shared logins)?

Having this map makes it much easier to decide how new gTLD options fit in, instead of blindly adding more domains whenever a new extension launches.

2. Decide your stance on new TLDs: cautious, selective or aggressive

Not every organisation needs to chase every new TLD. Define a clear stance:

• Cautious – stick to a small set of well‑known TLDs; only register in new ones if they become truly mainstream in your sector.
• Selective – identify TLD categories that make sense (for example, industry‑specific, language‑specific or geographic) and register proactively only in those.
• Aggressive/defensive – if you are a high‑value brand or frequent target of phishing, you might pre‑emptively register your brand across many TLDs, especially in the early years of new gTLD launches.

Document this stance and communicate it internally. That way, new TLD launches become a checklist‑driven decision, not a source of endless ad‑hoc debates.

3. Strengthen domain security before adding more complexity

Before you layer in more TLDs, fix the basics:

• Enable registrar lock on all important domains.
• Use 2FA on registrar and DNS control panels.
• Adopt DNSSEC for your key domains where supported by the TLD and DNS host.
• Implement SPF, DKIM and DMARC for your primary email‑sending domains.

We see in real projects that many domain‑related incidents (hijacks, DNS tampering, mis‑issued certificates) come down to missing these fundamentals. That is why we keep pointing customers to our focused guide on domain security best practices.

4. Watch ICANN timelines and shortlists of candidate TLDs

As ICANN’s new gTLD round progresses, you will see:

• Public lists of applied‑for strings (the proposed TLD names).
• Public comments and objections.
• Eventually, lists of approved TLDs with target launch timelines.

As soon as those lists become available, build a simple internal spreadsheet or tracker for:

• TLDs likely relevant to your brand or sector.
• Risky or look‑alike strings you may want to monitor defensively.
• TLDs that offer interesting branding or campaign opportunities.

Having this prepared early means that when a TLD you care about enters sunrise or general availability, you already know whether you are buying, watching or ignoring it.

5. Evaluate whether a brand TLD belongs in your 3–5 year plan

A brand TLD is not for everyone. But with the next round’s policies becoming clearer, it is smart to at least do a high‑level feasibility pass:

• How much would a TLD like .yourbrand simplify or complicate your domain map?
• Could it materially improve user trust, especially for login, payments or partner portals?
• Do you have the internal capacity (or partners) to run DNS, SSL, redirects, SEO and governance at TLD scale?

You do not have to decide “yes” now. But you should avoid being in the position where the application window opens and closes before you have even done the basic thinking. Our deep dive on ICANN’s next gTLD application round and whether a brand TLD fits you can help you frame that internal discussion.

6. Align your hosting and DNS with a multi‑TLD future

Finally, your technical stack should not care whether a domain ends in .com, .brand, .city or anything else. Review your setup to ensure:

• Your DNS hosting can handle many TLDs and supports DNSSEC, CAA, SPF/DKIM records and modern features.
• Your web hosting, VPS or dedicated servers are certificate‑friendly (Let’s Encrypt, ACME, wildcard SSL, etc.).
• Your deployment workflows (for example, Git‑based deploys or CI/CD pipelines) work equally well across domains and subdomains.

At dchost.com we design our shared hosting, VPS, dedicated and colocation services to be TLD‑agnostic: if your DNS points at us, we focus on giving you stable, secure and well‑observed infrastructure underneath. That way, when ICANN’s new gTLDs arrive, your biggest question is strategic (which ones to use) rather than operational (will my hosting handle it).

Conclusion: Turning ICANN’s New gTLD Policies into a Strategic Advantage

ICANN’s updated policies for new gTLDs can easily feel like distant governance, but they are quietly reshaping the address space your business lives in. More TLDs are coming, with stricter rules around abuse, security and governance. Closed generics will be harder to lock up, brand TLDs will be clearer to run, and community or geographic TLDs will be more structured. The net effect is a richer but more complex domain environment for the next decade.

You do not need to become a policy expert. What you do need is a clear domain strategy, a solid security baseline, and infrastructure that is comfortable in a multi‑TLD, DNSSEC‑heavy world. Start by mapping your current domains, decide your stance towards new TLDs, tighten security, and keep an eye on ICANN’s timelines and candidate strings. From there, you can choose whether to stay focused on a handful of trusted TLDs or to lean into new options, possibly even a brand TLD of your own.

At dchost.com, we are following the ICANN process closely and adapting our domain, DNS, hosting, VPS, dedicated and colocation offerings to this new reality. If you want to review your domain and hosting architecture in light of the coming gTLD wave, reach out to us. We are happy to look at your current setup, highlight the gaps and help you build a calm, future‑proof plan that keeps your sites fast, secure and ready for whatever ICANN’s next round brings.