.io domain is technically the country code for the British Indian Ocean Territory — the subject of a long sovereignty dispute. A 2025 UK–Mauritius deal raised "is .io doomed?" headlines, but as of mid-2026 the treaty isn't even ratified, .io is not scheduled for retirement, and any wind-down would take years. Registering one today is fine.Why the internet fell for .io
Most great domains are chosen; .io was a happy accident. To a developer's eye, "I/O" means input/output — the most fundamental idea in computing. So a two-letter country code nobody thought about became shorthand for "this is a tech thing," and a generation of startups, side projects, and developer tools adopted it: something.io just looks like software.
It helped that the matching .com was usually taken. By the mid-2020s there were well over a million .io domains, and the registry was a genuinely profitable little corner of the internet. For a TLD that exists because of a line in a geography standard, that's a remarkable second life.
The territory behind the dot
Every country-code domain is tied to an entry in an international standard called ISO 3166-1 — the official list of countries and territories. (We cover how all TLDs are governed in Top-level domains explained.) The code IO belongs to the British Indian Ocean Territory, or BIOT: a scattering of atolls in the middle of the Indian Ocean, best known for the island of Diego Garcia and the major joint UK–US military base on it.
So every time you type a trendy .io address, you're invoking — without knowing it — one of the most strategically sensitive and politically contested places on the planet. The registry is operated by the Internet Computer Bureau, with backend services provided by Identity Digital; but the name traces straight back to that disputed territory.
The uncomfortable backstory
Here's the part the startup branding never mentions. The BIOT was carved out of Mauritius by the UK in 1965, shortly before Mauritian independence. In the late 1960s and early 1970s, the entire population of the Chagos Islands — the Chagossians — was forcibly removed to make way for the Diego Garcia base. Many were relocated to Mauritius and the Seychelles, and they and their descendants have spent decades fighting to return.
Mauritius never accepted the arrangement and has long claimed sovereignty over the archipelago, a position that gathered serious international legal backing over the years. It's a genuine human and geopolitical wound — and, improbably, it sits one ISO code away from your favourite developer domain.
The 2025 handover deal
In May 2025, the UK and Mauritius signed an agreement to transfer sovereignty of the Chagos Archipelago to Mauritius, while the UK retained the Diego Garcia base under a long lease. That single development is what set off a wave of "the .io domain is dying" articles — because if the territory changes hands, surely its country code, and the domain riding on it, are next?
It's a reasonable question. It's also where most of the coverage got ahead of the facts.
.io has formally changed. Treat any specific status (this article included) as a snapshot, and check current sources for the latest.So is .io actually doomed?
To kill .io, a whole chain of events would all have to happen, in order — and so far, none of them has:
- The treaty has to be ratified and come into force. As of mid-2026, it hasn't.
- The territory has to stop being a distinct entity in the eyes of the standards bodies.
- The ISO 3166 maintenance agency has to remove the
IOcode. It hasn't — and ISO often keeps or transitionally reserves codes even when territories merge. - Only then would ICANN begin a retirement process for the domain.
ICANN's own stance is telling: it relies on the ISO list, the list still says IO, and it has made no move to retire .io. And even the final step is slow by design. Under ICANN's ccTLD-retirement policy, a doomed country code gets a default five-year wind-down, extendable by up to five more — about ten years in total — specifically so registrants aren't left stranded. This is the opposite of an overnight shut-off.
What history tells us
We're not guessing here — country codes have been retired before, and the pattern is consistent: slow, and sometimes not at all.
- .tp → .tl (East Timor) — the clean precedent. When the country's ISO code changed on independence, ICANN ran an orderly, years-long transition to the new domain.
- .yu (Yugoslavia) — the code was removed in 2003, but the domain kept operating and wasn't finally shut down until 2010, around seven years later.
- .su (Soviet Union) — the cautionary counter-example: the USSR is long gone, yet
.suis still running and still selling registrations decades later. Retirement isn't even guaranteed.
The throughline: even in the worst case, country-code domains don't vanish. They get years of notice, managed transitions, and sometimes a stubborn afterlife.
The honest verdict
So, should you avoid .io? On the evidence as of mid-2026: no. The trigger conditions for retirement aren't met, no notice has been issued, and even a worst-case scenario would come with a multi-year runway. If you're building something with a long horizon and want zero geopolitical asterisks, a .com is the conservative pick — but that's risk-tolerance, not an emergency.
The more interesting takeaway isn't about risk at all. It's that the internet's tidy naming system is stitched onto the messy real world — borders, treaties, and histories included. A domain you picked because it sounded like "input/output" turns out to carry the story of a contested archipelago and the people removed from it. The dot at the end of a name is never just a dot.
Related reading: Top-level domains explained · What is a domain name? · A brief history of domain names · What is WHOIS?
References: IANA Root Zone Database — .io · UK Parliament — Chagos Islands agreement briefing · IANA — ccTLD retirement process