In a series of sweeping judgments on the Domain Name System, the Delhi High Court has framed anonymous and infringing domain registrations as a problem of systemic online fraud rather than routine trademark disputes. Vishno Sudheendra critically examines the Court’s wide-ranging directions, arguing that their ex ante regulatory turn is overbroad, raises serious data protection concerns, and blurs key doctrinal distinctions in domain name law. Vishno is a fourth-year B.A., LL.B (Hons) student at the National Law School of India University, Bangalore, with a keen interest in various aspects of technology, media, telecommunications and IPR law.
Regulating Domain Name System: DHC’s Ex Ante Turn
By Vishno Sudheendra
In landmark judgments on the Domain Name System running close to 250 pages, the Delhi High Court in Dabur India Ltd. v. Ashok Kumar, Colgate Palmolive Company & Anr. v. NIXI & Anr (paras from this copy are referenced in the post) and other connected matters, has attempted to tackle what it describes as a systemic pattern of online fraud and consumer deception facilitated through anonymous and infringing domain name registrations. The Court viewed these cases as more than routine trademark disputes, which involve large-scale cheating and deception of users. It issued wide-ranging directions toDomain Name Registrars (DNRs), Registry Operators, banks and the Government. These directions cover registrant identity, disclosure and verification obligations, domain suspension and blocking, intermediary liability, blocking DNRs under Section 69A of the IT Act and institutional coordination.
While many of these directions seek to curb large-scale fraud and long-standing non-compliance by DNRs, the judgment also marks a significant shift towards ex ante regulation of domain name registration and use. In this post, I seek to analyze the Court’s directions and argue that, despite their well-intentioned objective, several directions are overbroad, raise serious data protection proportionality concerns, and risk collapsing important distinctions between registration and use, similarity and infringement, and suspension and permanent blocking of domain names.
Anonymous Domains and Consumer Deception
Various trademark owners filed several suits seeking injunctions against the misuse of their trademarks via registration of domain names by unknown persons. Most of these suits were initiated against the DNRs as the identity of the registrants could not be verified from the WHOIS records. These fraudulent registrants registered multiple domain names similar to registered and well-known trademarks and defrauded unsuspecting users. DNRs either lacked, or failed to produce, accurate information regarding these fraudulent registrants. Moreover, foreign DNRs either do not comply with Indian Court orders or insist on the MLAT route. The Court noted that these are not one-off cases but there is “a clear pattern” warranting “a comprehensive and consolidated mechanism to deal with these situations”. The Court noted that this issue is not just about trademark enforcement or commercial interests, but about taking “steps against the large-scale cheating and deception of innocent consumers and users who are suffering huge losses” [Para 7]
For context, domain names are allocated through a layered system involving domain name registrars (DNRs – who sell domains to users) and registry operators (who manage top-level domains like .com, .in etc), under ICANN’s global framework. Interested readers may access the appendix overview of relevant terms at the end of the post.
The Directions
| Subject of Direction | Direction |
| DNRs and Registry Operators | End default masking of registrant details which would only be available as an unbundled value added service upon payment of additional charges. |
| Disclose registrant details within 72 hours when requested by courts, law enforcement agencies, and parties with legitimate interest. | |
| Permanent blocking (no re-registration) of domain names injuncted or found to be used for illegitimate and unlawful purposes. | |
| Strict obligations on DNRs to disable mirror, variant, or alternate domains for well-known and reputed marks when directed by Courts. | |
| DNRs are barred from promoting alternative domains for injuncted names (failing which protection under Section 79 of the IT Act may be lost). | |
| Transfer infringing domains to trademark owners upon court orders after payment. | |
| Appoint grievance officers, accept service of court orders via email to such officers. | |
| DNRs must undertake verification (KYC) and share registration data with NIXI. | |
| Search Engines and DNRs | Search engines and DNRs shall not provide any promotion or marketing or optimization services to infringing and unlawful domain names. |
| Registry Operators | Registry Operators are directed to operationalise Trademark Clearinghouse services (alerts trademark owners for conflicting domain registrations). |
| Government | Stakeholder consultations to put in place a framework similar to one used by NIXI. |
| Exploring a centralised data repository or data localisation (subject to DPDP Act). | |
| Coordinating with ICANN to enable reasonable TMCH access for Indian brand owners. | |
| Blocking non-compliant DNRs/registries under Section 69A IT Act. | |
| CGPDTM | The CGPDTM is encouraged to publish lists of well-known marks with authentic websites. |
| Banks | Banks to implement beneficiary name-lookup for online payments and comply with LEA SOPs to curb fraud. |
| Courts | Clarifies the scope of “Dynamic+” injunctions (domain names covering exact, prefixed/suffixed, and alphanumeric variations of marks) |
Mere Registration as Infringement?
DNRs are barred from promoting alternative domains for injuncted names, failing which they lose their safe harbour protection under Section 79 of the IT Act 2000 (and DNRs who repeatedly do not comply with orders/directions may be blocked under Section 69A of the IT Act 2000) . The Court’s directions functionally operate as if similarity equals infringement, without judicial adjudication, at the registrar level. Moreover, the possibility of users themselves looking for similar alternatives and seeking registration of the same still exists.
But, let’s take a step back, is mere registration of a similar domain name infringing, or does it depend on use? The Court relies on Satyam Infoway v Siffynetto hold that mere registration of a domain name bearing similarities to a trademark is infringing. The Court noted that Satyam Infoway “holds that registration of an infringing domain name would not be permissible as there is every likelihood that the same could be led to diversion of users from the genuine website to the infringing one” [Para 214]. However, this is an inaccurate reading of the case as Satyam Infoway does not prohibit the registration of similar domain names per se, the Court only held that where a domain name is used as a business identifier in a manner that creates a likelihood of confusion and diversion, principles of passing off would apply. Thus, the nature of use does depend on ascertaining passing off and registration by itself is neither impermissible nor determinative of liability.
Moreover, the Court notes that when a legitimate registrant objects against the suspension of a domain name, then “the DNR may then ask the IP owner to obtain a Court order”. While this partly takes into account existing legitimate registrants, but what about future bona fide registrants or domain names capable of distinguishing? The Court is silent on this aspect, and in that silence lies the presumption that any similar domain name is infringing per se.
This approach also has serious implications for free speech online. Domain names are not merely commercial identifiers but also function as media of expression, criticism, parody and non-commercial speech [the DHC in Tata Sons Limited v. Greenpeace International has recognised reasonable comment, ridicule, and parody of the registered trademarks]. Treating mere similarity at the registration stage as sufficient to trigger suspension or denial of registration, without any inquiry into use, effectively amounts to a prior restraint on speech. Further, by delegating this gatekeeping function to intermediaries under the threat of stripping safe harbor protection or blocking, the Court incentivizes over-compliance and private censorship. Such a presumption of infringement at the point of registration itself risks converting trademark protection into a speech-restrictive tool, while viewing domain names solely from a commercial aspect.
Suspension v Blocking of Domain Names
The aforementioned issue is exacerbated as the Court has directed permanent blocking of injuncted/unlawful domain names. Domain names are not permanently owned by registrants but are akin to licenses which are periodically renewed. The Bombay HC in HUL v. Endurance Domains has clearly held that while a registrar may suspend an existing domain registration, it cannot ensure continued suspension or effective access-blocking, as blocking is easily circumvented (e.g., via VPNs) and domain name registration is fully automated, making blacklisting or permanent prevention of re-registration technically impracticable.
Furthermore, blanket permanent suspension of all such domain names seems to be a disproportionate measure when suspending the domain name for the remainder of its registration period is still an option – where a new registrant has the opportunity to make bona fide use of the same.
Data Protection Concerns – Privacy as a Paid Option?
The Court’s direction that privacy-protect features (masking personal data of registrants) is supposed to be only a value added service to be availed upon payment raises some serious data privacy issues. As noted by the Court, Post-GDPR the DNRs engaged in masking personal data of registrants on WHOIS records (publicly available registrant information). But is making publicly available information the norm and data privacy to be availed after payment, the right way to go about it? This reverses consent and works on an opt-out model instead of a default opt-in model.
From a DPDPA standpoint DNRs would qualify as data fiduciaries while registrants would qualify as data principals, thus personal data may be processed only with the consent of the data principal or for certain legitimate uses [Section 4]. The Court relies on Section 7(e) which specifies Court orders to form part of legitimate use [Paras 199-200]. Though Section 7(e) of the DPDPA mandates disclosure based on Court orders – it must be case-specific orders and not blanket prospective orders like in the given case.
While the Court has relied on Neetu Singh to balance privacy and infringement concerns, yet again the judgment was to disclose subscriber information of those involved in infringing activity and not a blanket declaration against all current and future users.
Thus, the Court’s direction sits uneasily with the free, specific, informed, and unconditional consent requirements under Section 6 of the DPDPA, by making disclosure of personal data the norm, and opt out to be availed upon payment.
Moreover, the DHC in Snapdeal (Para 77) had upheld privacy-protect features employed by DNRs as the same were subject to private agreements between DNRs, Registry Operators and ICANN whose consequences lie within the said agreements which are not enforceable by third parties.
Conclusion
While the Court’s directions are motivated by genuine concerns of large-scale fraud and systemic non-compliance by domain name intermediaries, the remedial framework adopted by the Court is overbroad. By reversing privacy defaults, presuming infringement at the stage of registration, and endorsing permanent blocking of domain names, the judgment collapses key distinctions between similarity and liability, registration and use, and suspension and blocking. In doing so, it departs from Satyam Infoway’s use-based passing off analysis and overlooks the technical limits highlighted in HUL v. Endurance Domains. The result is an ex ante enforcement regime that risks prejudging infringement, undermining data protection principles, and prejudicing bona fide present and future registrants while raising concerns of chilling non-commercial free speech, proportionality and judicial overreach in intermediary governance.
______
Appendix of Terms
- Domain Name: human-readable address of a website on the internet, it represents the IP address, in the form of a string of letters instead of the numerical identifier. It has two major components:
- Top-Level Domain (TLD) – the suffix. Example: .com, .org, .in, .edu
- Second-Level Domain – the main name chosen by the registrant. Example: google in google[dot]com
- Registrant: person who registers a domain in their name
- Internet Corporation for Assigned Names and Numbers (ICANN): ICANN helps coordinate and support domain names across the world. It prescribes the policies that govern the domain name system.
- Registry Operator: It is the entity responsible for managing and maintaining a top-level domain (TLD) in the Domain Name System (DNS). Example: NIXI (India) for .in and Verisign for .com, .net.
- Domain Name Registrars (DNRs): entity authorised to sell and manage domain name registrations on behalf of end-users. Example: GoDaddy, Namecheap etc.
- Those interested in further reading on how the domain name system works can peruse through Paras 172-185 of the judgment which comprehensively explains the same.
(image from Para 175)
I would like to thank Praharsh Gour and Swaraj Barooah for their valuable inputs.
