A Protective Shield for IT Infrastructure: Your Own Top-Level Domain

Cyberattacks on IT systems are on the rise – and so is dependence on third-party providers. Governments, for example, are intervening more heavily in digital infrastructures, whether through regulation or deregulation, as is currently the case in the US. In a landscape like this, secure and independent communication is more important than ever. Operating a dedicated top-level domain (TLD) – whether for companies, cities, organizations or communities – can strengthen digital security and restore control. This article outlines the advantages of such a TLD, and how to obtain one.

Growing Dependence on Governments and Service Providers

Digital communication operates within a framework shaped by third-party services and government regulation. Governments are exerting growing influence on digital infrastructures, for example, through the Digital Services Act, the NIS 2 Directive, and the AI Act. Yet, these efforts have limited success in holding large platforms like X accountable. Within the EU, the GDPR enforces clear data protection rules. Outside the EU, however, the situation has shifted: the US shut down the Privacy and Civil Liberties Oversight Board, raising concerns in Europe about the adequacy of US data protection.

At the same time, major US platforms are voluntarily deregulating themselves, which undermines democratic control mechanisms. Global multi-stakeholder models are losing importance, while authoritarian tendencies in Internet governance are growing stronger. These developments highlight the need for organizations to enhance the autonomy and resilience of their digital infrastructure.

What is more, dependency on technical providers has grown as well, especially in areas like hosting, DNS, or domain registration. Organizations are often bound by the conditions of these providers when implementing key security standards such as DNSSEC, DMARC, or SPF. Meanwhile, platforms like X or Meta offer little planning security: algorithms are constantly changing, security vulnerabilities must be addressed in real time, and terms and conditions can change without notice.

Strengthening IT Infrastructure from Within

In light of growing dependencies, the key question is how organizations can secure their digital infrastructure independently. Rather than waiting for external providers or regulatory action, proprietary digital assets offer a direct path to greater autonomy and protection. Operating an organization-owned TLD is a key component in this strategy: it offers full control over communication structures and enables the tailored  implementation of security measures:

• Full control over domain and DNS

With their own TLD, organizations manage all domain and DNS settings themselves. They define their domain structure, implement security protocols like SSL, and organize subdomains according to their needs – without relying on external providers.

• Freedom to choose infrastructure location

A TLD under direct control allows organizations to determine where their domain infrastructure is hosted – for example, within the EU, in their own country, or elsewhere. This allows them to retain control over sensitive data and avoid potential risks associated with using US-based servers.

• Secure email with DMARC

With full access to DNS configuration, organizations can implement DMARC effectively to protect domains from misuse, improve email deliverability, and reduce phishing threats – all of which are critical factors for trusted senders, especially TLD operators.

• Secure connections with HSTS at TLD level

HSTS is enforced at the TLD level, simplifying the configuration for all domains under that TLD. All subdomains automatically benefit from the HSTS policy, ensuring consistent HTTPS enforcement and reducing the risk of man-in-the-middle attacks. In addition, HSTS preload may offer SEO advantages, as some search engines consider it a positive ranking factor.

Real-World TLD Strategies for IT Security

Many companies and institutions are already using their own TLD to secure and control their digital communication. This is especially important for sectors handling sensitive data like banking, healthcare, insurance, and e-commerce. For example, the French bank BNP Paribas uses mabanque.bnpparibas for secure online banking, banqueentreprise.bnpparibas for business communications, and group.bnpparibas for corporate information.

DVAG, one of Germany’s leading financial advisory firms, secures system access via auth.dvag and finanzanalyse.dvag/login, while its IT status is publicly shared at system.status.dvag. Stada leverages its .stada for targeted pharmaceutical communication: professionals log in at igan.stada, while customers find resources at domains such as canna.stada. Other companies like the Ikano Group rely on group.ikano for secure email communication.

Local governments benefit as well: The city of Hamburg, for example, uses polizei.hamburg to provide public access to police-related services, sicher-arbeiten.hamburg/login for workplace safety training, and karriere.hamburg for job applications. Brussels offers citizen services at servicepublic.brussels, safety information at safe.brussels, and parking updates at parking.brussels. Saarland supports secure digital education at online-schule.saarland, public Wi-Fi info at freifunk.saarland, and patient safety details at patientensicherheit.saarland.

These examples highlight how owning a TLD not only improves security but also builds trust with employees, customers, and citizens alike. In addition, a well-managed Internet infrastructure can also have an impressive effect on digital reputation: if a company actively manages email accounts, domains and websites, spam, phishing attempts and botnets have fewer opportunities to succeed, which leads to significantly better rankings in reputation services like Spamhaus and others.

New TLDs: Next application window opens in April 2026

Beginning in April 2026, ICANN will once again open the application window for new TLDs. The last opportunity was more than a decade ago: the 2012 round resulted in around 1,100 new domain extensions – among them well-known examples such as .berlin, .audi and .gmbh.

Organizations interested in operating their own TLD must submit their application between April and August 2026 through ICANN’s digital system. Each application requires a $ 227,000 fee, as well as comprehensive documentation – for example, on the operating organization, technical infrastructure, security features, and planned registration policies.

Depending on the type of TLD (geographic, brand-based or community-oriented) various operation models are available. Once the submission phase ends, ICANN will publish all proposals on Reveal Day. In case of competing applications for the same extension, a change of the string or an ICANN auction are possible. The review process may take up to 15 months, meaning the first newly approved TLDs could go live in late 2027.

Katrin Ohlmer is an expert in Internet Governance, Internet Infrastructure and Digital Brands. She is the Founder and Managing Director of DOTZON, a consultancy specializing in developing Digital Brands and Identities. She regularly speaks at international conferences and supports the Internet Governance Organization ICANN in developing policies, which deal with the enhancement of the namespace on the Internet.