Offering domain registration services in India is about to become significantly more complex.

In a landmark judgment delivered on 24 December 2025, the Delhi High Court issued sweeping directions that fundamentally change how domain names are registered, managed, and enforced in India. The ruling, arising from a batch of trademark and fraud-related cases, places new legal and operational obligations on domain registrars and, in some cases, registries.

The Court made it clear that the existing domain ecosystem has failed to prevent large-scale fraud, impersonation, and trademark abuse — and that intermediaries can no longer claim neutrality.

Why the Court Intervened

The case arose from dozens of disputes where fraudsters registered domains using well-known Indian brands to run fake websites, collect money, and disappear before enforcement could take place.

The Court observed that:

• Whois data was often masked or fictitious

• Privacy and proxy services enabled anonymous abuse

• Registrars lacked effective verification mechanisms

• Enforcement of Indian court orders was weak, especially against foreign registrars

In the Court’s words, registrars and related entities were “woefully falling short” of their responsibility to protect both trademark owners and the public India-court-order.

Key Mandatory Changes Introduced by the Judgment

1. Whois Privacy Cannot Be Enabled by Default

Registrars and registries are prohibited from offering Whois privacy or proxy services by default.

• Privacy must be explicitly opted into

• It must be separately paid for

• Anonymous registrations should no longer be the norm

This directly challenges the common global practice of bundling privacy protection with domain registrations.

2. Mandatory KYC for Domain Registrations

Registrars offering services in India must now conduct Know Your Customer (KYC) checks, similar to those already required for .in domains under NIXI.

This includes:

• Verification of government-issued IDs (Aadhaar, PAN, passport, etc.)

• Corporate documents for businesses

• Maintaining verifiable identity records

The Court also urged the government to consider:

• Storing this data with NIXI, or

• Requiring registrars to store registrant data locally in India India-court-order.

3. Safe Harbor Is No Longer Automatic

Registrars and registries may lose intermediary safe-harbor protection under Indian law if they fail to act against infringement.

Key points:

• Registrars can be restrained from suggesting certain names in domain search results

• Courts can order blocking of domain suggestions (e.g., “governmentofindia”)

• The government can create blocklists of terms that cannot be registered

The Court specifically criticized domain search tools that facilitate abuse through automated suggestions.

4. Appointment of a Grievance Officer in India

All registrars operating in India must appoint a Grievance Officer located in India, who:

• Can receive legal notices

• Is responsible for compliance with court and law enforcement requests

• Acts as a single point of accountability

This mirrors obligations already imposed on other digital intermediaries under Indian IT law.

5. 72-Hour Data Disclosure Requirement

Registrars must provide registrant data within 72 hours when requested by:

• Courts

• Law enforcement agencies

• Any individual or entity with a “legitimate interest” (such as trademark owners)

Failure to comply can expose registrars to legal consequences and loss of protections India-court-order.

Why This Is a Turning Point

This judgment effectively reclassifies domain registrars in India from passive technical service providers to active gatekeepers with legal duties.

It signals that:

• “We just sell domains” is no longer an acceptable defense

• Privacy cannot override fraud prevention

• Global registrars must align with India-specific compliance, even if headquartered abroad

Industry Impact: What Comes Next

For Registrars

• Increased compliance costs

• Need for India-specific workflows

• Possible restructuring of privacy, search, and onboarding systems

For Registries

• Pressure to support enforcement and blocklisting

• Potential conflicts with global ICANN norms

For Businesses & Trademark Owners

• Faster access to registrant data

• Stronger tools to stop impersonation and fraud

• Reduced reliance on UDRP alone

Final Thoughts

The Delhi High Court has sent a clear message:
The domain name system can no longer operate in isolation from real-world harm.

India is now moving toward one of the strictest domain registration compliance regimes globally, and this ruling may influence courts and policymakers in other jurisdictions facing similar abuse.

Registrars that adapt early will survive. Those that resist may find themselves shut out of one of the world’s fastest-growing internet markets.