The Trademark as the Official Source of Digital Reality: .brand TLDs and ICANN's 2026 Round

From the right to exclude to the governance of territory

Trademark protection has evolved over time. First came registration of the sign before a national office, with the ius prohibendi at its core: the power to prevent a third party from using an identical or similar sign. Then came domain names, and with them a problem classical trademark law did not anticipate, because the naming system assigns names on a first-come, first-served basis, without a prior likelihood-of-confusion examination. After that came digital surveillance: the permanent work of tracking fraudulent registrations, filing UDRP disputes, and requesting website takedowns. All that architecture, despite its differences, shares one trait: it operates after harm has occurred or is about to occur.

The .brand introduces a different logic. Specification 13 requires the string to be identical to the protectable textual elements of a valid registered trademark recorded with the Trademark Clearinghouse, requires that it not be a generic string, and limits registrants to the owner, its affiliates, and its licensees. In exchange, ICANN exempts the operator from the Specification 9 Code of Conduct and the Sunrise period, while preserving the Claims service. In practice, inside a .brand, impersonation through third-party registration becomes structurally impossible because the architecture, by design, does not admit it.

This is the point that matters for industrial property. Trademark law, in its classical form, acts on third-party use; the .brand moves the owner from the position of the one who prohibits to the one who governs the domain territory, a form of architectural sovereignty the traditional regime did not contemplate because there was no territory to administer. The International Trademark Association, reviewing the experience of more than 190 .brand TLDs activated after the 2012 round, concluded in its September 2025 resolution that, to its knowledge, there have been no reports of fraud or cybersquatting within those spaces. That statement must be read with its own caution, as an institutional "to our knowledge" rather than a census, but it points in the direction the structure promised.

Authenticity for patients and consumers

The value of that closed territory becomes clearer where uncertainty about origin can have grave consequences, and pharmaceuticals are the case I know most closely from my time in the industry. Pfizer ultimately operated sales of its most counterfeited medicine through Viagra.com, with CVS/pharmacy behind it, because the open environment had become uninhabitable. Its own 2011 analysis of sites appearing in product searches found that close to eighty percent of the pills examined were counterfeit. The National Association of Boards of Pharmacy, after reviewing thousands of sites selling medicines online, concluded that around 96% operated outside compliance with U.S. pharmacy laws, and its answer was to create in 2014 the verified .pharmacy program, which assigns a differentiating extension as a signal of authenticity. The industry, in other words, invented the top-level domain as a trust signal before the .brand discourse became fashionable, with one difference worth preserving: .pharmacy is a sectoral scheme administered by a third party, while a .brand is a proprietary scheme centered on a single issuer.

Some pharmaceutical companies have already crossed that threshold. The .abbott, .abbvie, .teva, and .sanofi extensions are delegated in the root zone administered by IANA, and AbbVie explains at nic.abbvie that it will be the sole registrant of domains under its extension, so anyone who sees an address ending in .abbvie can be certain the site is affiliated with the company. Read as a lawyer, that sentence contains the promise the traditional trademark system could never formulate, because no defensive portfolio of .com registrations allows an equivalent statement about the entirety of a namespace.

In 2025, Eli Lilly brought disputes before the WIPO Arbitration and Mediation Center against domains such as zepboundonline.shop and brazilianzepbound.com, which incorporated its MOUNJARO and ZEPBOUND marks together with online pharmacy terms to offer products of doubtful origin; one site even ended in the sale of a weight-loss product called SLIMJARO. That same year, WIPO administered more than 6,200 UDRP and related proceedings, the highest figure in the system's twenty-five years, with Lilly, Sanofi, and Carrefour among the ten largest complainants in the prior period. The statistic is usually presented as proof that the UDRP works, and it does; but it also admits the opposite reading, because it documents that the cost of defending a trademark in the open space keeps growing year after year with no sign of reaching a ceiling.

In Mexico, the problem has proper names. The Federal Commission for the Protection against Sanitary Risks (COFEPRIS), Mexico's drug and health regulatory authority, issued a health alert on October 31, 2025 for the illegal commercialization of twelve counterfeit or unregistered medicines, mostly oncology, antiviral, and biologic products, offered through e-commerce platforms, websites, and mobile applications. COFEPRIS itself recognized that in 2024 it had disabled more than forty websites and fifteen social-media profiles, while admitting that sellers migrate quickly to new platforms. That admission confirms what those of us working in this field have seen in practice for years: reactive enforcement does not scale. There is also a category of products whose risk is not measured in pesos: products in which the false appearance of an official source can cost the health, or the life, of a patient who believed they were buying from the laboratory.

Retail suffers the mass-market version of the same phenomenon. During Hot Sale 2025, 728 fake pages were detected cloning brands such as Liverpool, Bodega Aurrera, Coppel, and Suburbia, all pointing to the same IP address linked to servers in China. In a separate episode, in early 2026 PROFECO itself was impersonated through the fraudulent site profecogob.com.mx, to which its recommendation was to ask consumers to verify the .gob.mx suffix. All that safety pedagogy, checking the lock icon, typing the address, distrusting a low price, exists only because the namespace is open and transfers to the user the verification work that the traditional architecture does not guarantee. Banking faces the same issue. CONDUSEF reported that cyber fraud in 2023 reached a claimed amount of 20,018 million pesos and moved from 59% of total fraud in 2018 to 71% in 2023, with bank phishing as a recurring mechanism. On the other side of the counter, some brands already operate under the opposite logic: Barclays has hosted sensitive services under .barclays since 2015, Saxo Bank moved its site to home.saxo, .bradesco is delegated and active in Brazil, and Nike chose its own extension to host its digital collectibles community at swoosh.nike, expressly justifying the move as a measure to guarantee a safe and trusted space. That a global brand reserves its own TLD precisely for its service most exposed to scams says a great deal about where it believes trust now lives. The other side is absence: no Mexican retail chain operates its own extension, and of the 24 Latin American applications in 2012, none came from Mexico. The 2026 round therefore does not merely distribute opportunities; it may consolidate an asymmetry between brands that govern their namespace and brands that will keep defending themselves, domain by domain, in the open space.

I should be clear: a .brand does not solve typosquatting in other TLDs, because liverpool-ofertas.shop would remain registrable, nor does it solve attacks that happen outside the domain name system, such as fraud through social networks or messaging apps. It can, however, reduce the risk surface inside its own territory and, over time, build a habit of recognition among the public. That is already significant, even if it is not everything.

The authenticity machines read

There is a third layer, the most speculative one, and I will be careful precisely because it is speculative. For twenty years, companies optimized for search engines; in the coming years, they will optimize for inference systems, the generative engines that answer questions by citing a handful of sources per response. The academic work that founded this field, the paper "GEO: Generative Engine Optimization" by Aggarwal, Murahari, and others, presented at KDD 2024 by teams from Princeton, IIT Delhi, and Georgia Tech, showed that certain content tactics can increase visibility in generative responses by up to forty percent. Later literature converges around the dominant criterion of entity authority: how consistently the system understands the brand as an authorized source from identical signals across its properties.

Seen this way, a full documentary environment under product.brand, support.brand, legal.brand, and press.brand is the highest form of entity consistency currently available, because the provenance of each document is no longer inferred from scattered signals across brand.com, brand.mx, and brand-support.net, but guaranteed at the level of the namespace itself. I will pause here and draw a line between legal analysis and agency argument, because there is no evidence that current language models weigh the TLD as a citation factor. What the .brand offers is a structural possibility, a verifiable-origin guarantee that no conventional domain portfolio can match, and a structural possibility is not the same thing as a proven ranking factor.

The cost of governing the territory

The .brand turns a distinctive-sign right into control over a piece of Internet infrastructure, with permanent technical and contractual obligations: hiring an evaluated Registry Service Provider and periodically confirming continued compliance with the definition. That is a transformation in legal nature that not every legal department has fully measured. Each closed space increases trust inward, but the sum of many closed spaces, governed by private contract with ICANN, pushes the domain name system toward a model of private territorial holdings. Open Internet governance, for all its defects, was precisely the opposite.

There remains the aspect that weighs most heavily for the Mexican market: the USD 227,000 fee, plus infrastructure and annual operation, stratifies trademark law by capital. In the 2012 round, of the 1,930 applications filed, only 24, or 1.2%, came from Latin America and the Caribbean, compared with 911 from North America and 675 from Europe, and there is little reason to expect a different distribution now. A mid-sized national brand will not be able to apply, and its registration before the Mexican Institute of Industrial Property (IMPI), Mexico's patent and trademark authority, will operate only as a passport into a transnational contractual regime that neither IMPI nor the Mexican legislature controls. Mexico's Ley Federal de Protección a la Propiedad Industrial (Federal Law for the Protection of Industrial Property, LFPPI) reform, published in the Federal Official Gazette on April 3, 2026 and aligned with Chapter 20 of the United States-Mexico-Canada Agreement (USMCA), modernizes the national system with some seriousness: maximum decision periods, new infringements for misuse of artificial intelligence, and ambush marketing ahead of the 2026 FIFA World Cup. But no local reform changes the fact that the top layer of the namespace is decided in a private forum entered by paying in dollars.

For a global brand with serious regulatory obligations, such as pharmaceuticals, banking, or health, applying for a .brand in this window makes defensive sense and also strategic sense, because the opportunity will not return soon. For the immense majority of Mexican brands, by contrast, this conversation will feel remote, and intellectual honesty requires saying so instead of manufacturing urgency where it does not belong. What those of us practicing in this field should warn is this: digital trust is migrating toward an asset that is purchased.

FAQ