Recently, the Delhi High Court has issued far-reaching directions mandating strict e-KYC compliance by domain name registrars operating in India. While dealing with a batch of trademark infringement suits filed by Dabur India Ltd, the Court examined how weak identity verification practices had allowed fraudulent websites to impersonate established brands, lure consumers, and siphon money through sham franchises and investment schemes. The Court’s directions impose clear obligations not only on domain name registrars but also on banks and government authorities, aimed at restoring consumer trust in the digital ecosystem.
The case arose from multiple suits instituted by Dabur India Ltd, complaining of the misuse of its well-known trademarks through deceptive domain names. According to Dabur, fraudsters had registered domains mimicking its brand identity to mislead members of the public into parting with money on the promise of distributorships, franchises, and investment opportunities. The Court was apprised that the ease of obtaining domain registrations without verified credentials, coupled with default masking of registrant information, made it difficult for brand owners, banks, and investigating agencies to trace perpetrators before substantial harm was caused.
The plaintiffs contended that the prevailing practice of “privacy by default” in domain registrations had effectively created a cloak of anonymity, enabling large-scale digital offences. It was urged that without enforceable KYC norms and time-bound disclosure obligations, legal remedies against online fraudsters remained illusory. The issue, according to the plaintiffs, extended beyond private trademark enforcement and implicated broader concerns of consumer protection, financial fraud, and regulatory oversight in cyberspace.
Justice Prathiba M Singh observed that anonymity at the registration stage had materially contributed to the rise of illegal and deceptive domain names. In a categorical pronouncement, the Court held that “The offering of privacy by default to registrants is one of the reasons for the proliferation of illegal domain names.” The Court made it clear that masking of registrant details cannot be permitted unless an entity specifically opts for privacy protection after completing full verification.
Noting the systemic consequences of lax verification, the Court remarked that such practices had made it “nearly impossible” for brand owners, banks, and law enforcement agencies to trace offenders in time. It further recorded that once a customer is able to verify the name of the beneficiary in a financial transaction, the likelihood of fraud is substantially reduced.
The Court also cautioned domain name registrars that non-compliance with KYC and disclosure requirements could have statutory consequences, including loss of protection under the Information Technology Act, 2000, and exposure to blocking measures under Section 69A.
The Court observed that “There is an urgent necessity for directions to be passed to ensure that the trust of the consumers, as also the interest of businesses are protected, and no party is permitted to commit fraud due to the failure of sufficient safeguards in the system.”
In light of the foregoing discussion, the Court directed that all domain name registrars offering services in India must carry out mandatory verification of registrant details at the time of registration and undertake periodic re-verification in accordance with Indian KYC norms, including those prescribed under the government circular issued in April 2022. Registrars were also directed to clarify the data to be shared with the National Internet Exchange of India (NIXI) for domains administered by it and to furnish monthly updates.
Upon a request from courts or law enforcement agencies, registrars were ordered to disclose verified particulars, such as name, address, mobile number, email ID, and payment information, within 72 hours.
The Court further directed all banks to mandatorily implement the Beneficiary Bank Account Name Lookup facility, in terms of the RBI circular issued in December 2024, for all online payments, including UPI transactions through platforms such as Google Pay and Paytm. Banks were also instructed to comply with the standard operating procedures issued by the Central Economic Intelligence Bureau and to promptly respond to requests from law enforcement agencies.
Finally, the Union Government was asked to engage in stakeholder consultations with domain name registrars and registry operators and to examine the feasibility of introducing a uniform e-KYC mechanism for domain registrations across India, akin to the system followed by NIXI.
Disclaimer: This news/ article includes information received via a syndicated news feed. The original rights remain with the respective publisher.
Picture Source :