The Domain Name System (DNS) is a major functional component of the modern Internet. We rely on it for just about everything! It’s responsible for translating human-friendly domain names into numerical IP addresses that get traffic where it needs to go. At the heart of the system are the top-level domains (TLDs)—these sit atop the whole domain name hierarchy.
You might think these TLDs are largely immutable—rock solid objects that seldom change. That’s mostly true, but the problem is that these TLDs are sometimes linked to real-world concepts that are changeable. Like the political status of various countries! Then, things get altogether more complex. The .io top level domain is the latest example of that.
A Brief History
Before we get into the current drama, we should explain some background around top level domains. Basically, as the Internet started to grow out of its early nascent form, there was a need to implement a proper structured naming system for online entities. In the mid-1980s, the Internet Assigned Numbers Authority (IANA) introduced a set of original top level domains to categorize domain names. These were divided into two main types—generic top-level domains, and country code top-level domains. The generic TLDs are the ones we all know and love—.com, .org, .net, .edu, .gov, and .mil. The country codes, though, were more complex.
Initially, the country codes were based around the ISO 3166-1 alpha-2 standard—two letter codes to represent all necessary countries. These were, by and large, straightforward—the United Kingdom got .uk, Germany got .de, the United States got .us, and Japan got .jp.
Eventually, management of TLDs was passed from IANA to a new organization called ICANN—Internet Corporation for Assigned Names and Numbers. Over time, ICANN has seen fit to add more TLDs to the official list. That’s why today, you can register a domain with a .biz, .info, or .name registration. Or .horse, .Dad, .Foo, or so many others besides. 
What’s With .io?
Over the past 20 years or so, the .io domain has become particularly popular with the tech set—the initialism recalls the idea of input/output. Thus, you have websites like Github.io or Hackaday.io using a country-code TLD for vanity purposes. It’s pretty popular in the tech world.
This was never supposed to be the case, however. The domain was originally designated for the British Indian Ocean Territory, all the way back in 1997. This is a small overseas territory of the United Kingdom, which occupies a collection of islands of the Chagos Archipelago. Total landmass of the territory is just 60 square kilometers. The largest island is Diego Garcia, which plays host to a military facility belonging to the UK and the United States. Prior to their removal by British authorities in 1968, the island played host to a population of locals known as Chagossians.
The territory has been the subject of some controversy, often concerning the Chagossians and their wish to return to the land. More recently, the Mauritian government has made demands for the British government to relinquish the islands. The East African nation considers that the islands should have been handed back when Mauritius gained independence in 1968.
Recent negotiations have brought the matter to a head. On October 3, the British and Mauritius governments came to an agreement that the UK would cede sovereignty over the islands, and that they would hence become part of Mauritius. The British Indian Ocean Territory would functionally cease to exist, though the UK would maintain a 99-year lease over Diego Garcia and continue to maintain the military facility there.
The key problem? With the British Indian Ocean Territory no longer in existence, it would thus no longer be eligible for a country-code TLD. According to IANA, ccTLDs are based on the ISO 3166-1 standard. When a country ceases to exist, it is removed from the standard, and thus, the ccTLD is supposed to be retired in turn. IANA states protocol is to notify the manager of the ccTLD and remove it after five years by default. Managers can ask for an extension, limited to another five years for a total of ten years maximum. Alternatively, a ccTLD manager may allow the domain to be retired early at their own discretion.
However, as per The Register, the situation is more complex. The outlet spoke to ICANN, which is the organization actually in charge of declaring valid TLDs. A spokesperson provided the following comment:
ICANN relies on the ISO 3166-1 standard to make determinations on what is an eligible country-code top-level domain. Currently, the standard lists the British Indian Ocean Territory as ‘IO’. Assuming the standard changes to reflect this recent development, there are multiple potential outcomes depending on the nature of the change.
One such change may involve ensuring there is an operational nexus with Mauritius to meet certain policy requirements. Should ‘IO’ no longer be retained as a coding for this territory, it would trigger a 5-year retirement process described at [the IANA website], during which time registrants may need to migrate to a successor code or an alternate location.
We cannot comment on what the ISO 3166 Maintenance Agency may or may not do in response to this development. It is worth noting that the ISO 3166-1 standard is not just used for domain names, but many other applications. The need to modify or retain the ‘IO’ encoding may be informed by needs associated with those other purposes, such as for Customs, passports, and banking applications.
Basically, ICANN passed the buck, putting the problem at the feet of the International Standards Organization which maintains ISO 3166-1. If the ISO standard maintains the IO designation for some reason, it appears that ICANN would probably follow suit. If ISO drops it for some reason, it could be retired as a ccTLD.
The Register notes that the .io record in ISO 3166-1 has not changed since a minor update in 2018. Any modification by ISO would be unlikely before the treaty between the UK and Mauritius is ratified in 2025. At that point, the five year clock could start ticking.
However, history is a great educator in this regard. There’s another grand example of a country that functionally ceased to exist. In 1991, the Soviet Union was no longer a going concern. And yet, the .su designation remains “exceptionally reserved” in the ISO 3166-1 standard at the request of the Foundation for Internet Development. However, the entry notes it was “removed from ISO 3166-1 in 1992” when the USSR broke up into its constituent states. Those states were all given their own country codes, except for Ukraine and Belarus, which had already entered ISO 3166 before this point.
But can you still get a .su domain? Well, sure! Netim.com will happily register one for you. A number of websites still use the TLD, like this one, and it has reportedly become a popular TLD for cybercriminal activity. The current registry is the Russian Institute for Public Networks, and .su domains persist despite efforts by ICANN to end its use in 2007.
Given .io is so incredibly popular, it’s unlikely to disappear just because of some geopolitical changes. Even if it were to be designated for retirement, it would probably stick around for another five to ten years based on existing regulations. More likely, though, special effort will be made to officially reserve .io for continued use. Heck, even if ISO drops it, it could become a regular general TLD instead. If .pizza can be a domain, surely .io can be as well.
Long story short? There are questions around the future of .io, but nothing’s been decided yet. Expect vested interests to make sure it sticks around for the foreseeable future.
This feels like a problem only bureaucracy could create. It is a useful domain. People like having it. It harms literally no one to let it keep existing. But oh no the official guidance from some random group of people say it shouldn’t exist. If all .io domains functioned like tor it wouldn’t change the appeal, just leave it alone.
The problem is “caused” by the disconnection of the laymen use of the domain system (as a keyword connotation thingy) and its historic intention (as an organization schema).
Remember the uproar the nowadays totally normal gTLD caused. “That higher Being Whom we revere” forbid that they created “.shop” and “.info”. How dare you!
“The higher Being Whom we revere” demands they create a new domain “.FSM”.
It is stolen from “Doktor Murkes gesammeltes Schweigen” by Heinrich Böll.
Thank you. That was a fun diversion.
Tastiest deity ever!
Large governing organizations must be rules-based to work, would you prefer it was up to opinion? Of course the good ending here is that .io is given a new status as non-country TLD
I expect that wouldn’t be allowed, because it’s two letters long, and some other country might get the ISO 3166-1 alpha-2 code IO in the future, leading to conflict.
FYI I’m still salty about Christmas Island Internet Administration taking down my favorite site about goats.
.goat needs to be a thing.
https://se.goat ?
I see the .OK domain is unassigned, I want that domain! So, who lives in Oklahoma and wants to start a separatist movement?
Could the Indian Territory of Oklahoma argue that it deserves its own TLD?
I’m OK with that!
https://hitlerdidnothingwrong.ok/
I love that you use the UK as an example of this starting out simple. The ISO3166 codes for the UK are GB and GBR. They got the .uk ccTLD for backwards-compatibility because JANET’s NRS pre-dated DNS.
And if the Scots get their way, it will no longer be a united kingdom, so maybe DUK (Dis-United Kingdom :) )
The UK quacking up?
Oh no!
They could have CE Celts Endure, and would make a mint from products wanting that .CE domain name. But it would probably be worth even more if Scotland rejoined the EU :)
See also the story of the .YU after the implosion of Yugoslavia, and the spy-movie-like story related, to understand why ICANN is not willing to play that game again : https://every.to/p/the-disappearance-of-an-internet-domain
Meanwhile, microsoft or google or whoever created .zip and a bunch of other file extension domains, meaning that lots of things that shouldn’t be links just became links. This has spawned a ton of malware squatting on domains like “untitled.zip” to catch unweary users of microsoft outlook.
Standards people, show me where in the world “zip” is a country or territory.
It isn’t, any more than ‘horse’ is – as discussed in the article above, TLDs aren’t limited to country-level domains.
Well then fantastic, io can become an non-territorial domain.
Phil Katz of PKWARE created the zip format
I didn’t say anything about the zip FORMAT, I’m talking about the zip DOMAIN TLD.
All country code TLDs have 2 letters, all generic TLDs have 3 or more letters. So I don’t see this happening at all.
Never underestimate the power of vested interests, especially if they have money.
Yes, Microsoft/Github will probably throw a tantrum.
Note that the current policy setting a 5-year deadline was explicitly in response to .su’s continued availability.
Sooo… um, (ahem)….
…who owns the internet?
The Cabal that shall not be named.
That is simple, you just need to look at the very top of Big Ben: https://www.youtube.com/watch?v=iDbyYGrswtg
It’s good know what TLDs are country codes. If you register under one, at the end of the day, you are beholden unto a sovereign entity which can essentially do anything. In some cases like .AI the tiny island of Anguilla plays nice and I’m sure is happy to have the millions of $ additional revenue. OTOH there is .AF .. You can check the wiki entry for more on that https://en.wikipedia.org/wiki/.af
The problem is the weird TLD structure.
.uk is not the TLD for the United Kingdom.
.co.uk is.
We don’t really have a “2 letter country code” as a TLD. We have “.co.” followed by the two letters.
.io isn’t the TLD for the country.
.co.io is.
Is it a stupid way to do it that goes against the rules established elsewhere?
Yes.
Is it a rule that is often broken?
Also yes.
That’s nonsense. You can register directly in .UK and gave been able to for years.
The fact you can additionally register under .co.uk (or .org.uk, or .edu.uk, etc) is common around the world
Why? How are we supposed to refer to former countries in software?
It’s not that they are erased from memory, they just lose the rights to a two-letter TLD. In many cases. Sometimes, but not always. It’s complicated.