Over the past decade, online brand impersonation has shifted from a persistent nuisance to a fully industrialised threat. What once required technical skill is now automated, scalable, and alarmingly convincing. Generative AI tools can produce phishing pages, spoofed customer portals, and fabricated login journeys in minutes. Combined with cheap lookalike domains and weaponised QR codes, attackers can now imitate brands at a depth and speed that overwhelms traditional brand‑protection methods.

The core issue is no longer the sporadic counterfeit website—it’s the erosion of trust itself. Consumers can no longer rely on visual cues, familiar templates, or even accurate‑looking URLs to verify authenticity. As long as brands continue to operate inside open, easily spoofed domain spaces, attackers will retain the structural advantage.

This is where the upcoming 2026 ICANN round represents a fundamental shift. A DotBrand—where a company controls its own top‑level domain—creates a closed, verifiable namespace that cannot be tampered with at the registry level. If it ends in .brand, only the brand owns it. This structural change eliminates impersonation within the brand’s own top-level namespace: no third party can register domains under .brand. If users are conditioned to rely on that namespace as the trust anchor, the impersonation vector at the TLD level disappears entirely. But to understand why this round matters so much, it’s worth revisiting 2012.

When ICANN last opened applications in 2012, many organisations applied for DotBrands defensively. They secured .brand domains not as strategic assets, but simply to prevent others from acquiring them. Without a clear plan or internal alignment, these domains often sat unused. Some companies, such as L’Oréal, applied for multiple TLDs but eventually relinquished them after concluding that internal adoption or cross‑departmental alignment had not materialised.

Three systemic barriers defined the 2012 cycle.

First, there was an education gap. Many organisations applied defensively, without a clear internal understanding of what a DotBrand could enable. It was treated as an optional asset rather than as core digital infrastructure, and without cross-functional ownership, it lacked strategic direction.

Second, there was no urgency. While digital fraud existed, it had not yet reached the automated, AI-driven scale seen today. The risk was visible but not systemic, and therefore insufficient to drive sustained executive attention.

Third, there were execution concerns. Large organisations were wary of the perceived complexity involved in migrating websites, email systems, and internal infrastructure to a new namespace. Without strong sponsorship and operational planning, programmes stalled. In many cases, when a single internal champion moved on, the initiative lost momentum.

As a result, many early DotBrands remained dormant, and the market misread the silence as lack of value—when in reality, it reflected lack of preparedness.

2026 is fundamentally different. The conditions surrounding the 2026 application round bear almost no resemblance to those of 2012. The threat landscape has escalated dramatically. AI‑driven impersonation isn’t just more sophisticated—it is democratised, automated, and commercially trafficked. For many global brands, sustained impersonation attempts are now routine rather than exceptional.

Meanwhile, consumer behaviour has shifted. People expect instant, unambiguous verification. In an era of deepfakes, synthetic identities, and QR‑based fraud, a recognisable trust anchor like .brand becomes far more intuitive than deciphering a long, ambiguous .com string.

Finally, the strategic upside is now clearer. A DotBrand equips companies with a secure foundation for future services—from authenticated customer portals to supply‑chain verification and controlled reseller networks. The opportunity cost of inaction is increasingly visible in the resources devoted to monitoring, takedowns, defensive registrations, and customer remediation.

The lesson from 2012 is simple: the world wasn’t ready. In 2026, it is.