G

Governance-policies

Governance-policies

Governance controls the namespace. Ownership remains cryptographic and untouchable.

This distinction is not a policy position — it is an architectural fact. The governance system can define rules for the namespace (pricing, reserved lists, abuse standards). It cannot reach into the cryptographic layer where individual domain ownership lives. These are two separate systems with a hard boundary between them.

Version: GD/1.2 — Module: Governance & Policies

Governance Model#

Protocol-level governance is contribution-weighted, time-locked, and explicitly bounded in scope.

Governance Structure

Participant

Role

Protocol Maintainers

Day-to-day operations, security decisions

Gao DAO (token holders)

Major policy decisions, pricing changes

Technical Committee

Protocol upgrades

Security Committee

Emergency actions — operates independently

What Governance CAN Do

  • Add or remove domains from the Reserved / Blocked lists

  • Update pricing tiers (with 90-day public notice)

  • Approve protocol upgrades to Registry or Resolver components

  • Adjust subdomain keyword whitelist

  • Approve new verification badge categories

  • Suspend domains for confirmed abuse (Security Committee — emergency powers)

What Governance CANNOT Do

  • Reassign a private domain without invoking the owner’s defined recovery policy

  • Override the cryptographic ownership of any registered domain

  • Access or modify wallet addresses stored in the Resolver

  • Force renewal or expiry of a domain

  • Modify smart contract rules in ways that break existing ownership guarantees without a migration path

The boundary is clear: governance manages the namespace rules, not individual domain ownership. Ownership is cryptographic and inviolable.

Decision Thresholds#

Decision Type

Who Decides

Threshold

Timelock

Domain suspension (security)

Security Committee

Unanimous

None (emergency)

Add to blocked list

Protocol Maintainers

Consensus

7 days

Add to reserved list

Protocol Maintainers

Consensus

7 days

Remove from reserved list

Gao DAO vote

Simple majority

30 days

Pricing tier change

Gao DAO vote

Simple majority

90 days

Protocol upgrade (minor)

Technical Committee

2/3 majority

30 days

Protocol upgrade (major)

Gao DAO + Technical

2/3 + simple

90 days

Constitutional Invariants#

The following are not governance parameters. They are architectural facts enforced by the protocol:

  1. Domains do not expire

  2. Domains cannot be unilaterally revoked by Gao

  3. Ownership is key-based — not account-based

  4. The registry has no admin override

  5. Only the owner can change ownership

Transparency Requirements#

All governance decisions are:

  • Proposed and discussed in the public governance forum

  • Voted on with results recorded on-chain

  • Published in the Gao governance changelog

  • Announced to domain holders via official channels

Emergency Action Disclosure Rule#

Any governance or operator action that restricts, modifies, or affects a domain owner’s control outside the normal owner-signed update flow is classified as an emergency action and is subject to mandatory disclosure requirements.

Emergency Action Categories

Action Type

Example

Legal restriction

Court order or regulatory injunction affecting a domain

Protocol-level suspension

Temporary registry freeze under published abuse standards

Reserved namespace reclaim

Reclaiming a domain under published reserved-name policy

Anchor contract emergency pause

Pausing anchor publication under a critical protocol bug

Mandatory Disclosure Requirements

For each emergency action, Toii Labs MUST:

  1. Publish a governance disclosure event to the public governance log within 72 hours of action, or as soon as legally permissible if a court order prohibits earlier disclosure

  2. Include in the disclosure: action type, affected domain(s) or scope, legal or protocol basis, and timestamp

  3. If legally prohibited from disclosing specific domain names, publish a notice class stating that an emergency action occurred within a specified time window, without identifying the affected parties

  4. Emit an audit event in the domain’s audit log, except where legally prohibited

Hard Limit

Emergency actions that cannot be disclosed — even at the notice-class level — within 180 days of execution are not permitted under this protocol. If legal constraints prevent any disclosure within 180 days, Toii Labs must seek legal counsel to challenge the non-disclosure requirement before acting.

This rule exists to prevent the emergency mechanism from becoming a covert admin override. Every emergency action leaves a public trace, even if the details are temporarily sealed.

Governance Maturity Roadmap#

Stage

Timeframe

Control Model

Stage 0 — Founder

Launch

Toii Labs multisig

Stage 1 — Advisory

6–12 months

RFC process + community input

Stage 2 — DAO

12–24 months

On-chain proposals + timelock

Stage 3 — Neutral Core

24+ months

Minimal registry frozen

Domain Registration Policy#

Eligibility: Any person or entity anywhere in the world can register a .gao domain. No geographic restrictions. No approval requirements for standard registration.

Permitted uses:

  • Personal identity

  • Business identity

  • Service endpoints

  • AI agent identity

  • DePIN device identity

Prohibited uses:

  • Phishing, credential theft, payment fraud

  • Impersonation of government entities or financial institutions

  • Distribution of malware

  • Any use of blocked keywords in domain or subdomain positions

Reserved Domain Policy#

Moving a Domain from Reserved to Available

  • Requires a Gao DAO governance vote

  • Simple majority

  • 30-day timelock before activation

  • Public announcement required

Adding a Domain to the Reserved List

  • Protocol Maintainers consensus

  • 7-day notice period

  • Published in governance changelog

Adding a Domain to the Blocked List

  • Protocol Maintainers consensus

  • No notice period required (security-critical)

  • Published in governance changelog within 24 hours

Subdomain Policy#

By Verification Level

Level

Subdomains Permitted

Level 0 — Unverified

None

Level 1 — Identity Verified

3 personal subdomains: pay., bio., link.

Level 2 — Business Verified

Up to 20 from approved keyword whitelist

Level 3 — Official

Unlimited + wildcard *.domain.gao

Subdomain Restrictions (All Levels)

Blocked keywords in the subdomain position — airdrop, claim, seedphrase, recovery, privatekey, walletconnect, and similar phishing-pattern words — are blocked regardless of the parent domain’s verification level.

Trust Inheritance

Subdomains inherit the trust level of their parent domain and cannot exceed it. A Level 1 domain cannot create subdomains that display as Level 2 or Level 3.

Abuse Policy#

Grounds for suspension:

  • Active phishing or credential theft

  • Wallet draining operations

  • Distribution of malware

  • Impersonation of government entities or financial institutions

  • Violation of blocked keyword policies

  • Court order or valid legal process

Suspension process:

  1. Detection (automated or reported)

  2. Internal review (24 hours for critical, 5 days for standard)

  3. Notice to domain holder (where possible)

  4. Suspension — domain stops resolving

  5. Right to appeal within 30 days

  6. Permanent cancellation if appeal fails or is not submitted

Suspended domains do not get refunds.

Dispute Resolution#

How to file: gao.domains/disputearrow-up-right

Dispute categories: trademark claims, ownership disputes, alleged policy violations.

Process:

  1. Submission — claim + supporting documentation (trademark certificates, legal filings)

  2. Review — 10 business days; disputed domain may be temporarily suspended if immediate risk of harm is present

  3. Resolution options: claim rejected, domain suspended (pending legal process), domain transferred (valid trademark claim upheld), domain cancelled (confirmed fraud)

Important: Gao is not a trademark authority and does not adjudicate trademark ownership. Gao’s dispute process applies internal governance policies. Parties with legal trademark claims may pursue remedies through appropriate legal channels independently.

Trademark Policy#

Gao Domain is not subject to ICANN’s UDRP because .gao is not an ICANN-administered TLD. .gao is an alternative-root namespace with its own governance framework.

Gao’s governance framework is designed to respect internationally recognized trademarks and sovereign rights while maintaining open-registration principles.

For trademark holders: The most effective protection is obtaining a verified Official Badge (Level 3) on a brand-appropriate domain. This badge, not the domain name itself, is the trust signal users learn to look for.

Defensive registration: Brands can protect specific domain names through the Brand Protection Fee program ($299–$1,499/year depending on scope).

Compliance Positioning#

Gao Domain is designed as a cryptographic identity protocol.

Gao Domain is:

  • Infrastructure software

  • A non-custodial identity system

  • A policy-enforcement framework

Gao Domain is not:

  • A bank or financial institution

  • A payment processor

  • A securities issuer

  • A custodial service

  • A money services business

Gao Domain does not hold user funds, transmit funds between users, custody private keys, or control merchant treasury accounts. Settlement is peer-to-peer.

This documentation is informational only. It does not constitute investment advice, financial recommendation, legal counsel, or an offer of securities.

.gao domain ownership does not confer equity interest, profit participation, or governance rights in Toii Labs LLC. Domains are software-based identity credentials.

Participation involves technical risk, smart contract risk, regulatory uncertainty, and market liquidity variability. No guarantees are provided regarding resale value, adoption level, or ecosystem growth.

Domain holders are responsible for:

  • Compliance with applicable trademark law in their jurisdiction

  • Understanding digital asset regulations

  • Consulting qualified professional advisors

DNS Compatibility Notice: Gao Domains function as identity records within the Gao Internet ecosystem. They are not ICANN-registered DNS domains. Resolution from standard browsers requires the Gao Gateway (name.gao.global) or the Gao Browser native resolver.