Originally published at https://monstermegs.com/blog/icann-new-tld-round/
The last time ICANN opened a new top-level domain application window, smartphones were still finding their footing and the internet had roughly 2.5 billion users. That was 2012. On April 30, 2026, the ICANN new TLD round opened for only the second time in history, and the domain name space is set to change dramatically once more. Applications are being accepted until August 12, 2026 – and if the first round is any guide, hundreds of new extensions will be joining the internet within the next few years.
The ICANN New TLD Round Application Window Is Now Open
ICANN officially launched the Round 2 application window on April 30, 2026, marking the first opportunity for organisations to apply for new generic top-level domains since the original program thirteen years ago. Any company, government body, non-profit, or community group can submit an application to operate their own TLD – a .brand extension like .apple or .google, a geographic or community extension, or an entirely new generic extension covering topics not yet represented in the namespace.
The ICANN new TLD round is not a consumer-facing service. It requires substantial resources: applicants must demonstrate technical and financial capacity to operate a domain registry at internet scale, and fees are structured accordingly. This is an infrastructure play, primarily attracting large enterprises, established registry operators, and brand owners who want direct control of a slice of the global DNS hierarchy. The official technical requirements, fees, and eligibility criteria are published at ICANN's New gTLD Program portal, which is the authoritative source throughout the application window.
The scope of this ICANN new TLD round is significant. The 2012 program introduced over 1,200 new extensions – a number that seemed large at the time and transformed the domain market. Round 2 is expected to generate at least as many applications, with some estimates suggesting the final number of approved TLDs could substantially exceed 2012's output.
How the ICANN New TLD Round Has Changed Since 2012
The ICANN new TLD round in 2026 is not a replay of its predecessor. Over a decade of policy review, community input, and post-mortem analysis of Round 1 shaped the 2026 Applicant Guidebook and the updated Registry Agreements that all successful applicants must sign. Several changes are consequential enough to affect how this ICANN new TLD round plays out – both for applicants and for the wider internet community.
Contention Resolution Is No Longer an Auction Free-for-All
In 2012, when multiple applicants competed for the same string, private auctions became the default resolution tool. Some contested extensions generated bidding wars worth hundreds of millions of dollars. Critics argued this approach turned the domain namespace into a wealth competition with no public benefit, and that smaller community applicants were systematically outbid by commercial operators. In the ICANN new TLD round for 2026, private auctions are prohibited entirely. ICANN-facilitated auctions are now the only permitted contention resolution mechanism, and only as a last resort after community priority evaluation and other resolution paths have been exhausted.
Internationalized Domain Names Take Centre Stage
The 2026 round places deliberate emphasis on Internationalized Domain Names – extensions written in non-Latin scripts. Arabic, Chinese, Devanagari, Cyrillic, and more than two dozen other scripts representing over 300 languages are eligible for new TLDs under this ICANN new TLD round. Billions of internet users operate in languages that have historically had limited representation in the domain namespace. Rather than treating IDN expansion as an afterthought, the 2026 Applicant Guidebook positions it as a structural priority – one that could meaningfully shift how non-English-speaking markets experience the web.
WHOIS Is Gone – RDAP Is Now the Domain Lookup Standard
Running alongside the ICANN new TLD round launch, a quieter but equally significant policy transition has fully taken effect. WHOIS – the decades-old protocol for looking up domain registration data – has been formally retired. RDAP (Registration Data Access Protocol) is now the official standard for all gTLD domain lookups under the updated registry and registrar contracts tied to this ICANN new TLD round cycle.
RDAP delivers the same core information as WHOIS but in structured, machine-readable JSON format with tiered access controls built in. Registrars can now manage who sees what data based on use case. Law enforcement, intellectual property professionals, and verified security researchers can apply for elevated access to registrant data that is redacted in public lookups. Ordinary queries return the same privacy-protected output that WHOIS began showing after GDPR enforcement started in 2018 – but in a significantly cleaner technical format.
For most website owners, this change is invisible. Your registrar's domain management panel works exactly as before. But for developers and security teams who query domain records programmatically, RDAP is a breaking change. The API format is fundamentally different from WHOIS, and legacy tooling will return errors or incomplete results. If your organisation runs any automation around domain lookups, it is worth auditing those integrations now.
New Registry Contracts Tighten DNS Abuse Response
Every TLD registry participating in the ICANN new TLD round must sign updated Registry Agreements that go substantially further than their 2012 predecessors on the question of DNS abuse accountability. The new contracts require automated abuse detection systems, defined contractual response windows for verified abuse reports, mandatory DNSSEC support, daily zone file escrow with ICANN, and active participation in threat intelligence sharing frameworks.
Under the 2026 terms governing this ICANN new TLD round, if a TLD is found to be used disproportionately for phishing, malware distribution, or spam, the registry operator has binding obligations to act – and ICANN holds explicit enforcement authority to compel compliance. This is a direct response to a documented failure of the 2012 program: several new TLDs became notorious as cheap, abuse-heavy spaces where registrar and registry accountability was minimal. The tighter contracts are designed to prevent that pattern from repeating at the scale the new ICANN new TLD round will introduce.
Security Risks the ICANN New TLD Round Will Amplify
Security researchers are raising concerns that even with improved registry contracts, the sheer scale of the ICANN new TLD round will significantly expand the attack surface for phishing and brand abuse. The pattern from 2012 is documented and repeatable: within two years of new TLDs going live, threat actors registered lookalike domains across newly available extensions to impersonate banks, retailers, and software vendors.
According to Cloudflare's TLD Insights research, several TLDs introduced in the 2012 round have consistently ranked among the most abused extensions for phishing campaigns globally, with abuse rates far exceeding long-established extensions like .com and .net. The ICANN new TLD round's new registry contract requirements address the accountability side of this problem, but the window between TLD delegation and active abuse monitoring is a known vulnerability gap that enforcement mechanisms cannot fully close.
Cloudflare launched its TLD Insights tool specifically to help security teams monitor DNS-level risk across the expanding namespace. Businesses with recognisable brand names should treat the ICANN new TLD round as a prompt to review their domain monitoring and brand protection strategy now – before new extensions are live and squatters are actively registering.
What Brand Owners Need to Know About the New Domain Wave
If you run a business with a recognisable name, the ICANN new TLD round is relevant to your defensive domain strategy even if you have no interest in applying for your own TLD. The 2026 round will introduce new squatting and brand abuse opportunities once new extensions go live – typically 12 to 24 months after the application window closes, based on the 2012 program timeline.
ICANN's Trademark Clearinghouse (TMCH) remains the primary brand protection mechanism during the Sunrise period of each new TLD launch. Registering your trademark in the TMCH gives your brand early registration access and legal standing if a cybersquatter attempts to claim your name in a new extension ahead of general availability. The ICANN new TLD round is a concrete prompt to enrol in the TMCH now if you have not already, because Sunrise windows open on a per-TLD basis once registries go live.
Defensive Registration Is Getting More Complex
Each new TLD added to the namespace is another extension you may want to defensively register – securing yourcompany.newtld before squatters do. With potentially hundreds of new extensions emerging from this ICANN new TLD round over the next few years, this calculus becomes harder for smaller businesses without dedicated domain portfolio management. Prioritisation matters: concentrate defensive registrations in extensions most relevant to your industry, geography, or brand value, and use monitoring tools to flag abuse in the rest.
For context on how domain extension launches typically unfold from a registration timing perspective, the earlier piece on domain extension launches covers the Sunrise and General Availability phases in detail, and the new gTLD round brand protection guide walks through the TMCH process step by step.
What You Should Do in Response to This News
The ICANN new TLD round application window is open now, but new extensions will not hit the internet for at least another year. The practical window for preparation is now – before the rush of domain registrations that follows each new TLD launch.
If your organisation uses programmatic domain lookups or runs WHOIS-based tooling, audit those integrations for RDAP compatibility. The WHOIS-to-RDAP transition is complete, and legacy code will break silently or return incomplete data where it previously worked.
Enrol your brand trademark in the ICANN Trademark Clearinghouse if you have not already done so. This is the most direct protection mechanism available when new TLDs from the ICANN new TLD round begin launching, and the TMCH requires advance registration to be effective – you cannot register retroactively after a Sunrise window closes.
Review your current domain privacy settings. The RDAP transition changed how registrant data access requests work at the registry and registrar level. Confirming that your registrar's privacy protection is active and current is a straightforward step with meaningful consequences if a new wave of domain squatting activity targets your brand. MonsterMegs includes ID protection on domain registrations by default, with anonymous domain registration options available for those who want the strongest available WHOIS privacy as the namespace expands.
The Takeaway
The ICANN new TLD round is the most significant structural change to the domain name system in over a decade. For most website owners, the immediate practical impact is limited – new TLDs from this round will not be live for another 12 to 24 months. But the RDAP transition is complete and in effect today, the new registry abuse contracts are active, and the TMCH window for brand protection is open right now.
The key points: WHOIS is retired – update any tooling that relies on it. The tighter registry contracts give ICANN real enforcement authority against DNS abuse for the first time. And the wave of new extensions coming from the ICANN new TLD round will create both opportunity and measurable security risk – the businesses best positioned will be the ones that started monitoring and preparing before the first new TLD went live, not after.
If you want to lock down your domain portfolio ahead of the expansion, take a look at the domain registration and privacy options at MonsterMegs – built for website owners who want clean, private, defensively registered domain portfolios without the complexity.
Top comments (0)