We want to start with something that almost nobody in the Australian digital industry says plainly, even though it’s written into the rules that govern every single .com.au in existence.

A person does not legally “own” a domain name.

That sentence doesn’t come from us. It comes directly from the .au Domain Administration Rules published by auDA — the body that administers the entire .au namespace. It’s not buried in footnotes. It’s a definitional statement in the governing document. And yet almost every person who has ever paid for a .com.au has done so believing they were, in some meaningful sense, acquiring something. Buying something. Making it theirs.

They weren’t.

We’re not making an argument here. We’re not trying to alarm anyone. We’re simply looking at what is actually true about the way the traditional domain model works — and sitting with what that means for every Australian business that has built its identity around an address it does not own.

The word they use is “licence”

When you register a .com.au, the legal instrument you receive is a licence. When people talk about “owning” a domain, they’re usually referring to being the registrant — the person or company listed as holding the licence to use that domain for a set period, typically one or more years. That’s the precise legal nature of the thing. Not a purchase. Not a title. Not property. A licence — for a set period — granted to you by a registrar, under rules set by a policy body, subject to conditions you may not have read in full and which can change.

There is no proprietary ownership of a domain name, only licensing arrangements which allow use for a specified term. Relevant auDA rules form part of the terms and conditions of every licence.

The language matters. Licences are fundamentally different from property. When you own something, the conditions of that ownership don’t change unless you agree to change them. When you hold a licence, the grantor of that licence can revise the terms, introduce new conditions, and you remain bound by whatever is current at the time. A registrant and a registrar must comply with the auDA Rules, as amended from time to time by .au Domain Administration. If there is an inconsistency between the auDA Rules and the Licence Agreement, then the auDA Rules will prevail.

Read that last part carefully. If there’s ever a conflict between what your registrar agreed with you and what auDA decides the rules should be — auDA wins. The policy body’s current version of the rules overrides whatever contract you signed with whoever you registered through.

And what does your registrant agreement say about your rights in the domain name itself? One standard agreement published by an accredited Australian registrar puts it this way: “You accept that neither you, nor we, have any proprietary right arising from the registered Domain Name, or the entry of a Domain Name in the domain names registry.”

That’s the deal. That’s what you agree to when you pay for a .com.au.

You’re renting from the middle of a chain

It’s worth understanding the actual structure here, because it’s more layered than most people realise.

At the top sits auDA — the administrator of, and Australian self-regulatory policy body for, the .au country-code Top Level Domain. Below auDA sits the registry operator — the technical body that actually maintains the database of all .au domains. Below the registry operator sit the registrars — companies accredited by auDA to sell licences to end users. And below those registrars sit the people actually running websites, sending emails, and building businesses on the addresses they believe they own.

Traditional DNS domains are rented. You pay a registrar annually (or multi-year) for the right to use the domain, but ultimately you rely on centralized entities — registrars and the registry — to maintain your ownership.

You’re not at the top of this chain. You’re at the bottom. Every layer above you has the ability, under various conditions, to affect your access to the address you’ve built your business around. The registrar can act. The registry operator can act. auDA can act. And in each case, the rules about when and how they can do so are rules that they wrote, and that you agreed to by signing up.

This isn’t a conspiracy. It’s just a system designed with priorities that aren’t necessarily aligned with yours. The .au namespace is administered in what auDA describes as the public interest. Your interest as an individual business owner is one consideration among many.

The renewal cycle is the engine of dependency

The most visible consequence of the licence model is the renewal cycle. The domain name licence period may be from one to five years. It is not possible to licence a domain name for a shorter or longer period. This means that no matter how long you’ve been operating, no matter how central your address is to your brand and your customers, you are perpetually approaching another renewal — and every renewal is a moment of contingency.

You don’t own the domain forever — you hold it while your licence is valid and you keep meeting eligibility rules and paying renewals on time.

The industry has built elaborate systems to help you avoid accidentally losing your domain — automated payments, renewal reminders, grace periods. The fact that such systems need to exist is itself telling. The problem they’re solving is a structural one: your address is tied to a recurring payment and a continuing set of eligibility conditions, and if either lapses, your address can disappear.

During the expiration cycle, the domain will typically be taken offline — your website will not be reachable and email services will fail. Failure to track the renewal date is one cause — the owner did not remember the expiration date or lost track of time so the deadline passed unnoticed. Outdated contact information — the email address on file for the domain registration was old or not monitored — means renewal reminder notices from the registrar may go unseen.

Auto-renewal can fail if the payment method is expired or invalid. If the payment fails and the owner isn’t aware, the domain can expire despite the auto-renew setting.

These aren’t edge cases. These are common, documented failure modes for businesses of every size. A credit card expires. Someone changes jobs and the account loses its active manager. A company restructures and the domain registration doesn’t get moved across to the right legal entity. In each case, the effect is the same: an address that a business has spent years building its identity around suddenly stops resolving — and everything downstream of that address stops working too.

The website goes dark. The email bounces. The trust signal disappears.

Eligibility requirements are not static

Here’s a dimension of the .com.au model that catches many people off guard. The licence isn’t just contingent on payment. It’s contingent on meeting eligibility criteria — and those criteria can work against you in ways that have nothing to do with your intention to keep using the domain.

The .com.au namespace is strictly for registrants with a current Australian presence, evidenced by a valid Australian Business Number, Australian Company Number, Australian Registered Body Number, or an exact-match Australian trade mark; failure to maintain one of these entitlements will lead to licence suspension or cancellation under auDA’s rules.

So if you restructure your business — deregister a company, change your ABN status, let a trade mark lapse — you may simultaneously be doing something that triggers the loss of your domain licence, even if you had no idea that was a consequence.

If you no longer meet the rules — for example, if your ABN is cancelled — your licence can be suspended or cancelled.

Where the legal entity that is the registrant no longer exists, the domain name licence is terminated and the domain name cannot be renewed. The case where this is most likely to occur is where a company has been deregistered.

Think about what that means in practice. A small business operator winds up their company to restructure under a new entity. In the process, they lose their domain — not because they failed to pay, not because they intended to give it up, but because the eligibility mechanism that tied the licence to the old legal entity has now dissolved. They might not even know it happened until their email stops working.

Renewal of a domain name licence at the end of the licence period is dependent on the registrant continuing to meet the eligibility and allocation rules for the relevant second-level domain.

Every renewal is a fresh eligibility check, not just a payment. The address you think you’ve held for a decade can be withheld at renewal if circumstances have changed in ways you haven’t mapped back to your domain registration.

Third parties can challenge your licence

The renewal cycle and eligibility requirements are internal pressures — things that can go wrong due to your own circumstances. But the .com.au model also creates an external pressure: other people can attempt to have your domain cancelled.

auDA has introduced a complaints process. The complaints process enables an entity to seek cancellation of a domain name if they believe the registrant does not meet eligibility requirements.

There is a risk that the rules will be enforced — either by the domain name registrar or an interested third party, such as a competitor — and a business-critical domain name could be deregistered.

A competitor. The rules explicitly acknowledge that a competitor can initiate a complaint about your domain. If they believe you don’t meet eligibility requirements, they can lodge a formal complaint with your registrar. The registrar then contacts you. You have a time-limited window to respond with documentation. If you don’t respond in time, or if your response is found insufficient, your licence can be cancelled.

If a domain registrant does not respond within the required period, the registrar, unable to determine the connection between the domain name and registrant, may cancel the registration licence. If the domain owner had responded with a valid explanation of the connection, they would have been able to retain the domain licence, but because they did not respond, the registrar had no choice but to cancel the domain registration. The domain name is then placed in an “auDA POLICY DELETE” status before being released back into the public pool of available domains.

The domain you built your business on goes back into the public pool. Anyone can register it. Your competitor, who initiated the complaint, can then register it themselves — or watch you pay to get it back from whoever picks it up first.

auDA also has broader powers to cancel and suspend domain names. And beyond the complaints mechanism, upon the request of an enforcement body or intelligence agency, the public interest test enables auDA to suspend or cancel a domain name licence if it believes — on reasonable grounds — that the action is in the public interest.

None of these mechanisms make the system malicious. They exist to address real problems. But they are all part of a model in which your access to the address you depend on is conditional, reviewable, and can be removed without your consent.

The registrar is a private company

Let’s talk about where the licence actually sits. Your .com.au is not held by a government agency, a neutral public body, or a permanent institution. It’s held by a registrar — a private company that can go bankrupt at any time.

While it does not happen often, sometimes domain registrars go bankrupt or violate the terms of cooperation — they are not able to continue providing their services and leave their subscribers without support.

There are established procedures for what happens when a registrar fails. A new registrar will get the administration of those domains. Regulatory bodies can decide who will be the new registrar if no other solution is viable. In most cases, the process is managed without catastrophic loss. But “managed without catastrophic loss” is different from “seamless and risk-free.”

What happens if one day you want to visit your website and it turns out impossible due to the lack of access to the domain, and your domain registrar disappears without informing you about it? What if they do not allow you to transfer the domain service to another operator?

There are documented cases of registrars entering financial distress, becoming unresponsive, or simply ceasing operations without adequate notice to customers. During those windows — between when a registrar goes dark and when the domain portfolio is absorbed by another provider — businesses can lose access to email, websites, and services tied to their domain.

And even when the transition goes smoothly, there are questions. Does the new registrar offer the same pricing? The same interface? The same support? Do the terms of service change at the point of transfer? The answers vary, and the registrant rarely has a say.

What becomes clear when you look at this honestly is that your .com.au is not just contingent on your own actions — it’s contingent on the health, stability, and business decisions of a private intermediary that you have no formal influence over.

Price is not guaranteed

The traditional domain model requires you to pay, on terms set by the registrar, at intervals set by the registrar, at prices that the registrar can change. Many registrars rely on the fact that most people don’t read the fine print. Before you make a domain purchase, review the registrar’s terms of service for any questionable terms, obligations or fees. Make sure that you check what the renewal rates will be.

Introductory pricing for domains is a well-established industry practice. A domain is offered cheaply on first registration — sometimes very cheaply — and the ongoing renewal rate is significantly higher. The person registering has, by this point, built something around the address. Their website, their email, their business cards, their Google listing, their supplier relationships, their customer emails. The cost to move is high — not in dollars necessarily, but in disruption, in SEO impact, in the time it takes to update every reference to the old address. So they pay the renewal.

Year after year, they pay. And the price can change each year.

This is simply how the model works. You agree to pay for a period, and at renewal you agree again, under whatever terms are current. There is no mechanism in the traditional domain system that locks in a price for the life of the address. If the registrar raises prices, you have the choice to pay the new rate or migrate — with all the friction that migration involves.

Over a decade or two, the cumulative cost of a single address can become substantial. Multiply that by multiple domains — variants, defensive registrations, regional extensions — and the annual overhead becomes a meaningful line item, paid indefinitely, for access to addresses that you don’t own.

What “revocable” actually means

A licence is a non-exclusive, non-transferable, revocable licence issued by .au Domain Administration to a person to use the Domain Name System with a unique identifier of their choice.

Let’s dwell on that word: revocable. This is not a technicality. A revocable licence is one that can be taken back. Not necessarily arbitrarily, not necessarily unfairly — but under conditions that the grantor defines and the grantee must navigate. The word revocable is doing meaningful legal work here. It is the precise opposite of permanent.

Revocable. Non-transferable. Non-exclusive. These are the terms of the instrument through which Australian businesses hold their most foundational digital assets.

Non-exclusive means someone else could, in theory, hold an equivalent licence to an identical name in a different namespace. Non-transferable means you cannot use your .com.au as collateral for financing, or gift it cleanly in a transaction. You must not transfer or purport to transfer a proprietary right in any Domain Name registration, or grant or purport to grant a registered Domain Name as security, or encumber or purport to encumber a Domain Name Licence.

You cannot use a .com.au as security. You cannot encumber it. It cannot function as an asset in the way that owned property functions as an asset. It’s a conditional use right — a permission — and like all permissions, it exists only as long as the conditions are met and the grantor continues to grant it.

The digital address as critical infrastructure

We want to be clear about why any of this matters. It’s not a theoretical problem. It’s a very practical one for any business that depends on its digital address for communication, commerce, or credibility — which, in the modern economy, is essentially every business.

Think about what sits on top of a domain name. Everything.

Your website. Your email. If your email runs on your domain — and for almost every business, it does — then any disruption to your domain is a disruption to your ability to receive orders, communicate with suppliers, respond to customer enquiries, and conduct internal operations. Your Google Business listing points to your domain. Your invoices carry your email address. Your social profiles link to your website. Your email marketing platform sends from your domain. The entire operational identity of a modern business is woven through a single address.

And that address is a revocable, time-limited licence held with a private intermediary under rules that can change.

We’re not saying the system collapses regularly. For most businesses, most of the time, the domain renews without incident and none of the contingencies become real. But “works fine until it doesn’t” is not the same as structural security. And the question worth asking is: for something this important, for something this central to how a business communicates and transacts — should the underlying instrument be a renewable licence? Or should it be something more permanent?

The assumptions we absorb without examining

There’s something worth examining here about how we came to accept the domain model without much scrutiny. When the web became commercial in the nineties, the domain registration model made sense for the infrastructure of that moment. DNS was new. Registrars were new. The whole system was built under the assumption that the underlying technology would evolve, that policy would need to adapt, that centralised administration was the practical way to manage namespace at scale.

Those assumptions made sense then. They produced a functioning internet. We’re not criticising the people who built it.

But those same assumptions got embedded into commercial practice in ways that have never really been re-examined. Businesses started paying for domain renewals the way they pay for electricity — as a routine operational cost, something that just has to be done, without asking why the underlying model requires it. The renewal payment became so normalised that questioning it became strange.

We’ve watched people spend years building equity in a brand anchored to an address they don’t own. Equity in recognition, in SEO, in customer recall, in the trust that comes from a consistent presence. All of that accumulated value sits on a foundation that requires annual payment to maintain, can be disrupted by third parties, can be affected by policy changes, and can be lost entirely through a single administrative failure.

It’s worth being honest about that.

The quiet tax on digital permanence

Consider what the domain renewal model really is, over time. It’s a recurring charge for the right to remain who you are online. Pay this year. Pay next year. Pay every year after that. If you stop — for any reason, intentional or not — the address that defines your digital identity can be taken from you.

There’s no equivalent in the physical world. If you buy a building, you pay once. If you register a company name, the registration can lapse but you don’t lose the name to a competitor the moment your payment fails. If you trade under a brand for twenty years, that history belongs to you in a way that survives administrative mishap.

But a domain doesn’t work that way. The address you’ve used for two decades, that your customers type into browsers from memory, that is printed on every piece of collateral you’ve ever produced — that address reverts to the pool the moment the licence expires and isn’t renewed. Someone else can pick it up. They might park it with advertising. They might redirect it to a competitor. They might hold it and offer to sell it back to you at a price you didn’t anticipate paying.

After deletion, the domain is released back into the pool of unregistered names and becomes available for anyone to register on a first-come, first-served basis. High-value domains are often claimed instantly through backorder services that monitor and acquire them the moment they drop. When this happens, the previous registrant may be stuck paying a large sum to purchase it off the new owner or find they’ve lost the domain they built their brand on.

That last sentence is the honest end of the story for too many businesses. Years of investment in an address. One missed renewal. Gone — and possibly gone to someone who will make you pay to get it back.

What permanent actually looks like

When we describe what we’ve built at Queensland Foundation, we use the word permanent deliberately. Not as marketing language. As a structural description.

Blockchain domains are owned permanently as on-chain assets with no renewal fee, unlike traditional domains, which require annual payments to registrars.

The architecture of onchain ownership is categorically different from the licence model. Blockchain domain names are decentralised web addresses built on blockchain technology rather than traditional domain name systems. Unlike conventional domains managed by centralised authorities, blockchain domains are owned directly by users through smart contracts, providing full control.

Unlike traditional DNS records that sit on centrally controlled name servers, blockchain domains live on public ledgers, giving owners permanent, code-enforced control.

The record of ownership is not held by a registrar who could go bankrupt. It’s not governed by rules that a policy body can amend without your consent. It’s not a revocable licence issued for a fixed period. Once minted, the domain exists permanently on-chain. Ownership is controlled through a private key, giving users complete authority over their domains.

The key difference is control — with on-chain names, possession of the cryptographic token equals ownership, without needing continued approval from a registrar.

There’s no renewal date approaching. There’s no annual fee to forget to pay. There’s no eligibility test at renewal. There’s no third party that can initiate a complaint and force you to prove your connection to the address. There’s no registrar that could fail and leave your domain in administrative limbo. There’s no policy body that can amend the rules and have those amendments automatically apply to your licence.

You hold the address. The chain records that you hold it. That record is immutable. No one can change it except you.

The Queensland addresses

What we built at Queensland Foundation is a set of permanent onchain addresses rooted in place. .queensland, .qld, .brisbane, .surfersparadise, .gold-coast, .brisbane2032. Six TLDs secured on-chain, permanently, for Queenslanders.

These aren’t traditional web domains. They are addresses that people can hold for life. Pay once, own permanently. No renewals. No eligibility conditions to maintain. No registrar intermediary that could change terms or fail. No policy body that can amend the licence conditions retroactively. No annual fee.

We built this because we looked at the .com.au model — and at the broader traditional domain model — and concluded that for something as foundational as a digital address, the licence structure is simply the wrong instrument. It produces a world in which people build enormous value on addresses they don’t own, pay indefinitely for the privilege, and remain permanently exposed to a set of risks that most of them have never examined.

That’s not how we think important things should work.

An address — a real address, a permanent one — should belong to the person who registers it. Not conditionally. Not subject to renewal. Not dependent on maintaining eligibility under rules that can change. Just: theirs. Permanently recorded. Immutable. Transferable if they choose. Held as long as they choose to hold it.

An honest accounting

We want to close with what we think is the fair and honest version of this picture.

The traditional domain model — .com.au included — has served the web well. It produced a functioning, navigable internet at a time when the infrastructure was new and the rules needed central coordination. For the vast majority of businesses, most of the time, it works without incident. Registrars are mostly stable. Renewals mostly process without drama. The system mostly functions.

But the structural reality is what it is. On today’s internet, “owning” a website domain name is a misnomer. At best, you have a long-term lease of your domain, which a registrar owns and a domain name system regulates.

A domain name is a renewable licence, not property ownership.

Those two sentences capture the truth. They’re not our words — they come from the legal and registrar community itself. The people closest to how the system works are clear about what it is. The problem is that most people who depend on domains have never been told this directly.

We think they should be.

Not to frighten them. Not to push them toward any particular decision. But because decisions made with accurate information are better decisions. Because understanding what you actually hold — and what you don’t — is the starting point for thinking clearly about something this important.

You have built things on addresses you don’t own. That’s where most Australians with an online presence are right now. That’s the structural reality of the model they signed into.

Whether that’s a problem you want to address is up to you.

But now you know.