Super Investors Be Like
← Home
VRSN

Verisign — Key Risks

AI Overview
Activity & BusinessResultsFinancialsRisks

Nearly All Revenue Depends on Two Contracts That Could Be Lost or Restricted

Verisign earns virtually all of its revenue from operating just two domain extensions — .com and .net — under agreements with ICANN that expire in 2030 and 2029, respectively. While these agreements carry "presumptive" renewal rights, ICANN can terminate them for uncured material breaches, and renewal terms could be forced to match conditions applied to other large registries, which may be less favorable. Losing or significantly altering either contract would be existential for the business.

Price Increases on .com Are Tightly Capped and Subject to Challenge

Under the .com Registry Agreement, Verisign can only raise annual registration fees by up to 7% in each of the final four years of a six-year period — and only under specific conditions. Any attempt to raise prices or remove these restrictions requires Department of Commerce (DOC) approval, which is not guaranteed. Past pricing arrangements have already attracted legal challenges and political scrutiny from registrars and trade groups, and future challenges could further constrain pricing flexibility.

Demand for Domain Names Could Shrink as the Internet Evolves

The entire business rests on people and businesses continuing to want traditional domain names. Social media profiles, mobile apps, AI-powered search, blockchain-based alternative namespaces, and third-level domains (like subdomains on platforms) all offer ways to establish an online identity without registering a .com or .net. If these substitutes gain enough traction, the long-term demand for Verisign's core product could structurally decline.

China Regulatory Changes Are Already Hurting Revenue

The Chinese government has imposed regulations requiring registries and registrars to obtain government licenses for each domain extension operating in China, and has enforced rules making it harder for users to register domain names. The filing explicitly notes that demand for domain name registrations in China substantially declined in 2023 and 2024 as a direct result. Further regulatory tightening or U.S.-China trade tensions could deepen this damage.

As Critical Internet Infrastructure, the Company Is a Prime Cyberattack Target

Verisign operates some of the most important infrastructure on the internet, making it an unusually high-value target for sophisticated attacks — including DDoS attacks (floods of traffic designed to knock systems offline), ransomware, and AI-enhanced social engineering. A successful attack could cause DNS resolution failures affecting millions of websites globally. The company carries no specific insurance reserves for cyberattacks or DDoS incidents, meaning a major breach could result in uninsured losses and significant legal liability.

Internet Routing Vulnerabilities Are Outside the Company's Control

The global system that directs internet traffic relies on BGP (Border Gateway Protocol), a trust-based system vulnerable to "route hijacks" and "route leaks" that can misdirect traffic. A newer security layer called RPKI is being adopted to fix this, but if any part of that system is compromised — including by third-party regional registries Verisign cannot control — it could knock Verisign's own services offline, with potential cascading effects across the internet.