Can India stop fake websites without exposing every genuine domain owner’s private data?
India’s crackdown on fake websites has now reached the heart of the internet’s identity system: domain names. The Delhi High Court’s rulings in Dabur India Limited v. Ashok Kumar and Colgate-Palmolive Company v. NIXI have pushed domain registrars toward stricter WHOIS disclosure, mandatory e-KYC verification and proactive blocking of deceptive domain variations. The aim is to stop fraudsters who misuse trusted brands to trap ordinary people through fake franchise, job and payment websites. But the controversy is bigger than cyber-fraud. If default domain privacy is weakened, genuine website owners, journalists, professionals and small businesses may also face exposure of personal data. This article examines the clash between consumer protection, privacy rights, trademark enforcement and the future of the global Domain Name System.
1. Access Outpacing Literacy: India’s $2.4 Billion Cyber-Fraud Crisis
Between 2015 and 2025, India’s internet penetration skyrocketed from 15% to 70% of its 1.46 billion population1. While this rapid digitalization unlocked economic opportunities and modernized public services, it also created a highly vulnerable target pool for online criminals1. In a single year, the Indian government recorded over 2.4 million cyber-fraud complaints, translating to financial losses of approximately $2.4 billion3. Home Minister Amit Shah warned that the crisis—with a new victim falling prey every 37 seconds—risks escalating into a national security threat to the country’s economic stability3.
At the heart of this fraudulent ecosystem is the brand-impersonating domain name5. Scammers systematically register domains that closely mimic the trademarks of high-profile global and domestic corporations, such as Amazon, McDonald’s, Xiaomi, and Colgate-Palmolive3. These domains host highly convincing clone websites offering fake job opportunities, non-existent franchises, and fictitious distributorships5. Unsuspecting victims are induced to deposit significant fees into transient bank accounts5. By the time the brand owner or law enforcement detects the fraud, the illicit funds have been withdrawn, the accounts emptied, and the domain abandoned5.
Historically, this scheme relied on the structural anonymity of the global Domain Name System (DNS)5. Major Domain Name Registrars (DNRs), such as GoDaddy, have long offered WHOIS privacy masking as a default, bundled feature3. This protects registrant contact data from public directories to prevent spam and harassment3. When brand owners secured injunctions against specific rogue domains, scammers quickly registered minor alphanumeric variations, leaving investigators trapped in an exhausting game of “whack-a-mole”5.
To break this cycle, the Delhi High Court delivered a series of consolidated, far-reaching judgments on December 24, 2025, led by Dabur India Limited v. Ashok Kumar & Ors. and Colgate-Palmolive Company & Anr. v. NIXI & Anr.5. These rulings shift the judicial focus from reactive, defendant-specific injunctions to proactive, ecosystem-level regulation of digital intermediaries14. By stripping away default privacy, mandating localized e-KYC, and threatening the safe harbor status of non-compliant registrars, the Indian judiciary has initiated an aggressive structural overhaul of domain governance5. This shift has drawn sharp criticism from global domain sellers, triggering a debate over privacy, local jurisdiction, and the balkanization of the open web3.
2. The Delhi High Court Directives: Ex-Ante Intermediary Obligations
The Delhi High Court’s directives fundamentally reshape the legal liabilities of DNRs and Registry Operators acting within the Indian market14. Rather than relying on traditional post-facto civil remedies, the court constructed a preventive governance framework designed to eliminate the anonymity that facilitates digital fraud14.
| Target of Directive | Specific Operational Mandate | Judicial and Regulatory Consequences of Non-Compliance |
| WHOIS Privacy Masking | Prohibit default, “opt-out” privacy masking; require registrars to offer privacy protection only as an unbundled, paid, value-added service chosen actively by the registrant5. | Public disclosure of registrant details becomes the mandatory baseline; failure to unbundle results in registrar non-compliance5. |
| Data Disclosure Timelines | Disclose complete registrant, administrative, technical, and payment contact data within 72 hours of receiving a request from any party with a “legitimate interest,” law enforcement, or courts3. | Immediate loss of intermediary safe harbor protections; potential platform-wide blocking under Section 69A of the IT Act, 20005. |
| Registrant Verification (e-KYC) | Implement mandatory identity verification at registration and periodically thereafter, utilizing NIXI-style and CERT-In-aligned standards5. | Unverified domains or those with mismatched details must be placed on “SERVERHOLD” status, rendering them entirely inactive19. |
| Domain Decommissioning | Permanently block and retire injuncted or unlawfully utilized domains; prohibit their release back into the common registration pool13. | Responsibility falls on Registry Operators to ensure uniform, ecosystem-level blocking across all contracted registrars16. |
| Dynamic+ Injunction Extensions | Automatically extend blocks to exact, prefixed, suffixed, or alphanumeric variations of well-known, arbitrary, or invented marks without fresh litigation13. | Registrars must actively block variations; failure to prevent alternative registrations results in direct trademark infringement liability5. |
| Prohibition of Brand Monetization | Restrict search engines and DNRs from providing promotional, marketing, optimization, or auction services to infringing or alternative domains16. | Active monetization of trademark-infringing variations defeats neutral intermediary status under Section 79 of the IT Act5. |
| Localized Grievance Redressal | Appoint localized, India-based Grievance Officers within one month; accept service of court orders exclusively via email to these officers13. | Insistence on alternative service modes, such as the Mutual Legal Assistance Treaty (MLAT), results in immediate non-compliance status5. |
These directives represent a major shift in legal liability5. By declaring that DNRs are not mere passive conduits but active, profit-making participants when they suggest alternative domain variations or sell premium domains containing trademarks, the court effectively pierced the safe harbor protections of Section 79 of the IT Act, 20005. Furthermore, the court empowered MeitY and the DoT to block access to non-compliant registrars under Section 69A of the IT Act, establishing a highly coercive enforcement mechanism5.
3. Comparing Regulatory Paradigms in Domain Name Data Governance
The regulatory framework established by the Delhi High Court represents a significant departure from existing international standards and regional cybersecurity legislations. To understand the operational and legal friction generated by these directives, it is necessary to contrast them with the European Union’s GDPR, the Second Network and Information Security Directive (NIS2), and ICANN’s global dispute policies.
| Regulatory Framework | Primary Objectives | Registrant Identity Verification Requirements | WHOIS Privacy Standards | Lawful Disclosure Protocols & Timelines | Intermediary Safe Harbor & Liability Standards |
| Delhi High Court Directives (Dabur/Colgate) | Eradication of online fraud; immediate protection of well-known trademarks and consumer interests13. | Mandatory, rigorous e-KYC (DigiLocker, Aadhaar, PAN) at registration and periodically; mandatory business nexus declarations for foreign buyers16. | “Privacy-by-default” is prohibited; WHOIS records must be publicly visible unless the registrant actively opts in and pays a separate fee5. | Mandatory disclosure of all contact and payment data within 72 hours of request from courts, LEAs, or any party with “legitimate interest”3. | Safe harbor under Section 79 of the IT Act is revoked if the registrar promotes, suggests, or monetizes alphanumeric variants of injuncted marks5. |
| EU NIS2 Directive (Article 28) | Enhancing European cybersecurity; ensuring DNS database integrity, resilience, and operational security26. | Mandatory verification of at least one contact method (email or phone) with due diligence26. | Public disclosure of registration data is required only for legal entities; personal data of natural persons must remain redacted by default to comply with GDPR3. | Access to redacted personal data must be provided to “legitimate access seekers” upon lawful, substantiated requests within 72 hours26. | Focuses on cybersecurity risk management and administrative penalties; does not directly strip intellectual property safe harbor but enforces operational compliance31. |
| EU GDPR | Absolute protection of individual privacy rights and personal data of EU data subjects31. | Indirectly requires data minimization and accuracy; does not mandate state-verified identification for general domain purchases29. | Mandatory “privacy-by-default” (redaction of name, address, email, phone) for all natural persons3. | Disclosure permitted only if a clear, lawful basis (e.g., legal obligation or legitimate interest balanced against data subject rights) is documented12. | Focuses on data controllers and processors; non-compliance yields severe financial sanctions rather than platform blocking or loss of IP safe harbor32. |
| ICANN UDRP / URS | Global administrative dispute resolution for generic Top-Level Domains (gTLDs)35. | Contractual obligations on registrars to maintain accurate WHOIS/RDAP data37. | Redacted public WHOIS directories post-GDPR; access restricted to non-public registration data requests via the Registration Data Access Protocol (RDAP)39. | Non-public registrant data is released under internal policies to verified claimants demonstrating legitimate interest, with no fixed statutory 72-hour limit39. | Contractual compliance regime; accredited registrars must act on UDRP/URS decisions but are generally shielded from third-party trademark liability37. |
4. Surnames, Substrings, and the End of the Domain Commons
One of the most legally contentious aspects of the Delhi High Court’s ruling is the proactive, automated blocking of domain name variations3. Under the newly formulated “Dynamic+ injunction” rules, DNRs are required to prevent the registration of any domain name that incorporates a protected, well-known trademark alongside confusing prefixes, suffixes, or alphanumeric variations13.
From an internet governance perspective, this directive collapses the foundational legal distinction between similarity and infringement13. Under traditional trademark jurisprudence, a finding of infringement requires a contextual judicial assessment13. This evaluation considers whether the use of a mark in a specific commercial sector creates a likelihood of consumer confusion, or whether it constitutes fair descriptive use, parody, or non-commercial expression12. By delegating the blocking of similar strings to automated systems at the registrar level, the court presumes that similarity equals infringement per se, without judicial adjudication13.
This automated overprotection risks granting private monopolies over common words, generic terms, and shared family names3. In its legal challenges, GoDaddy demonstrated the mathematical and lexical limitations of executing these sweeping blocks3:
- The Surnames Case: The trademark “McDonald” is a common surname of Scottish origin3. Proactively blocking every registration containing “McDonald” prevents legitimate individuals named McDonald from registering personal websites, professional portfolios, or unrelated businesses3.
- The Substring Collision Case: Protecting the three-letter trademark “HUL” (belonging to Hindustan Unilever Limited) under an automated alphanumeric blocking protocol would inadvertently conflict with at least 118 standard English words that contain that specific letter sequence, such as “hulk,” “hull,” “shun,” or “humiliated”3.
By forcing global registrars to preemptively block broad lexical strings, the ruling restricts the registration of domain names containing common language words that overlap with registered trademarks3. This restriction limits the available domain space for future bona fide registrants13. Furthermore, it shifts the responsibility of protecting intellectual property from brand owners to registrars under the threat of stripping their safe harbor immunities43. To avoid liability, DNRs have strong incentives to engage in over-compliance and proactive private censorship, denying legitimate domain applications at the slightest hint of trademark overlap43.
The practical challenges of this automated, registry-level enforcement are highlighted by a notable enforcement gap following the December 2025 order3. Despite the Delhi High Court’s sweeping injunction blocking more than 1,100 brand-impersonating websites, investigative journalists discovered a fake McDonald’s franchise recruitment domain still actively listed for sale on GoDaddy India for approximately $103. This incident illustrates the operational limits of automated filtering: while the court’s directives assume that registrars can seamlessly scan and block every alphanumeric variation of a well-known brand, the underlying technical reality is that fraudsters continuously exploit minor linguistic permutations and alternative extensions that evade automated filters3.
5. Privacy as a Paid Luxury: Forcing a Clash with GDPR and India’s DPDP Act
The Delhi High Court’s decision to reverse the “privacy-by-default” paradigm and convert WHOIS masking into a paid, opt-in value-added service introduces severe legal contradictions5. This approach directly conflicts with modern data protection frameworks, including India’s own Digital Personal Data Protection (DPDP) Act, 2023, and the European Union’s GDPR3.
Conflict with India’s DPDP Act, 2023
Section 6 of the DPDP Act mandates that any consent obtained for processing personal data must be free, specific, informed, unconditional, and unambiguous13. It must also be accompanied by a clear notice detailing the purpose of data collection45. The court’s directive, however, establishes public disclosure of a registrant’s name, physical address, email, and phone number as the baseline default5. A registrant can only secure privacy by paying an additional commercial fee5.
This pricing of privacy creates a tiered system where data protection is a function of monetary means rather than an inalienable, statutory right43. For individuals, independent journalists, and small businesses who cannot afford these additional fees, their personal data is published to a global WHOIS directory3. This exposes them to automated scraping, unsolicited marketing, identity theft, stalking, and harassment3. Consequently, this structural arrangement violates the unconditional consent requirements of the DPDP Act13.
Incompatibility with EU GDPR and International Privacy Norms
Under the GDPR, “privacy-by-design” and “privacy-by-default” (Article 25) are binding legal obligations31. Data controllers must implement technical and organizational measures ensuring that, by default, only personal data necessary for each specific purpose is processed and made accessible31. The historical publication of unredacted domain registration details in public WHOIS directories was largely abolished worldwide post-2018 specifically to comply with GDPR requirements3.
The Delhi High Court’s directive forces global registrars into a severe jurisdictional conflict3. If a US-based registrar like GoDaddy or an EU-based registrar like Hosting Concepts processes a domain registration for a customer residing in the EU, the registrar is bound by GDPR3. If they comply with the Indian court’s order to disable default privacy masking for that registration, they face severe administrative fines from European data protection authorities under GDPR12. Conversely, if they maintain default masking to comply with GDPR, they violate the Indian court order, risking the loss of safe harbor protection and the blocking of their entire digital platform in India5.
6. Technical and Operational Bottlenecks: Downstream Burdens and e-KYC
Beyond the legal conflicts, the operational realities of implementing the Delhi High Court’s directives pose severe challenges for global DNRs. The combination of strict time limits, vague criteria, and extensive verification requirements threatens to disrupt established commercial workflows.
The 72-Hour “Legitimate Interest” Disclosure Dilemma
The mandate requiring DNRs to disclose complete registrant data within 72 hours of a request based on “legitimate interest” presents a significant operational hurdle3. Under international data protection law, “legitimate interest” is not a self-evident, static classification12. Rather, it requires a complex balancing test to weigh the commercial or investigative interests of the data seeker against the fundamental privacy rights and safety of the data subject12.
DNRs are commercial technology platforms; they are not judicial bodies and lack the legal expertise, investigative tools, or statutory authority to conduct these balancing tests3. Determining whether a third-party claimant has a genuine trademark claim, a legitimate law enforcement interest, or is engaging in bad-faith harassment or “reverse domain name hijacking” is highly complex3. Requiring a registrar to make this determination thousands of times a day within an inflexible 72-hour window is operationally unfeasible3. This timeline stands in stark contrast to the EU’s NIS2 Directive, which, while also utilizing a 72-hour window, operates strictly within the protective boundaries of GDPR, limiting public disclosure to non-personal organizational data3.
Downstream Burden Shifts and Thin WHOIS Models
The compliance challenges for domain registrars are further intensified by structural shifts initiated by major global Top-Level Domain (TLD) registry operators27. Organizations such as the Public Interest Registry (which administers .org) and Identity Digital have transitioned to a “thin” WHOIS model27. Under this operational model, the registry ceases to collect, store, or maintain detailed domain name registration data at the registry level27.
While this shift has been praised by privacy advocates for minimizing data replication and aligning with GDPR’s data minimization principles, its practical effect is to shift the entire burden of data collection, verification, and regulatory disclosure downstream27. Registrars, resellers, and proxy providers must now absorb the administrative and financial costs of executing e-KYC and managing the rapid-response 72-hour data disclosure pipelines mandated by the Indian judiciary3.
NIXI Mandatory e-KYC Verification Protocols
To implement the court’s directives, the National Internet Exchange of India (NIXI) enforced strict, mandatory electronic Know Your Customer (e-KYC) regulations for all .in and .bharat domain registrations and renewals19. This verification architecture is designed to eliminate anonymous and untraceable registrants5.
| Registrant Classification | Mandatory KYC Documents | Nexus & Operational Restrictions | Time Limits & Consequences |
| Indian Resident (Individual) | Aadhaar Card (preferably via DigiLocker), PAN, Passport, Voter ID, or Driving License20. | Must match WHOIS contact details exactly; use of temporary, disposable, or highly encrypted emails (e.g., ProtonMail, Mailinator) is prohibited20. | Must complete verification within 7 days of domain registration or renewal19. |
| Indian Company / Organization | Certificate of Incorporation, Company PAN, or GST Certificate, plus government-issued ID of the authorized signatory20. | Active verification of corporate registry databases; registration via high-anonymity VPNs triggers manual review46. | Failed verification within 7 days results in the domain being placed on “SERVERHOLD” status19. |
| Foreign Resident (Individual) | Verified Passport (mandatory), plus foreign National ID, Driving License, or Indian Embassy/Mission letter20. | Must submit a signed, manual declaration outlining a valid business or personal connection to India19. | The domain remains suspended and inactive until NIXI’s compliance team manually approves the submitted documents19. |
| Foreign Company / Organization | Foreign Business Registration certificate, plus a signed declaration of Indian business connection20. | Restricts domains to entities demonstrating a valid nexus; non-compliant foreign accounts may be migrated out of the registry19. | Delays or failures in submitting connection declarations lead to immediate rejection or suspension19. |
7. India’s Broader Regulatory Landscape and Platform Geopolitics
The Delhi High Court’s aggressive stance against domain name registrars is not an isolated judicial event3. Instead, it fits within a broader, concerted campaign by New Delhi to enforce national security, combat cybercrime, and hold global technology conglomerates accountable under localized laws3.
Government Pressure on Global Platforms
New Delhi has repeatedly clashed with major global technology platforms over content moderation, data localization, and compliance with local law enforcement requests3:
- Meta and Instagram Advertising: MeitY recently issued a stern 7-day notice to Meta, demanding an explanation after paid advertisements facilitating access to Child Sexual Abuse Material (CSAM) appeared on Instagram50. This incident intensified scrutiny of Meta’s automated content moderation and ad-approval algorithms50.
- WhatsApp Username Scrutiny: The Indian government has scrutinized Meta’s proposed WhatsApp username feature50. Authorities raised concerns that allowing users to establish usernames instead of phone numbers could facilitate online impersonation, hamper law enforcement tracking, and exacerbate cyber-fraud50.
- Manufacturing Cybersecurity Vulnerabilities: Heightened domestic anxiety over cybersecurity has been amplified by high-profile cyberattacks on critical domestic manufacturing plants, including Bajaj Auto and Tata Electronics’ Hosur facility49. The latter breach reportedly exposed sensitive intellectual property related to global clients like Apple and Tesla, threatening India’s positioning under the global “China-plus-one” manufacturing strategy and highlighting the national security stakes of digital vulnerability49.
GoDaddy’s Dual-Front Legal Challenges in India
The operational friction between GoDaddy and the Indian state is further illustrated by concurrent legal battles in unrelated regulatory sectors3. For years, GoDaddy has been embroiled in complex fiscal disputes with Indian authorities9. On February 4, 2026, the Delhi High Court ruled in favor of GoDaddy, setting aside an aggressive withholding tax certificate issued under Section 197 of the Income Tax Act, 19619.
The tax authority had attempted to classify GoDaddy’s domain registration charges as taxable royalties9. The court rejected this classification, affirming that domain registration charges are payments for services and do not constitute royalties under the India-USA Double Taxation Avoidance Agreement (DTAA)9. This parallel legal battle demonstrates that global domain sellers are navigating a highly complex, multi-front regulatory environment in India, where fiscal demands and cyber-governance mandates continuously test the commercial viability of their presence in the market3. GoDaddy has hinted that rather than complying with the highly disruptive domain-level directives, domain firms could choose to “exit India,” one of their fastest-growing emerging markets3.
8. Strategic Outlook and Recommendations
As the larger bench of the Delhi High Court prepares to hear the consolidated appeals filed by GoDaddy, Namecheap, and Hosting Concepts on July 16, 2026, the global domain industry faces a critical juncture3. To prevent the operational fragmentation of the open internet while addressing the legitimate threat of cyber-fraud, several strategic solutions should be considered:
- Establish a Tiered Access Framework for WHOIS Data: Rather than reverting to public disclosure of registration details, the domain industry and regulators should implement a secure, tiered access model12. Public WHOIS records should remain redacted by default to protect individual privacy12. However, a standardized, secure credentialing system can be established to grant verified law enforcement agencies, judicial officers, and credentialed trademark investigators rapid access to registrant data12. This targeted approach provides investigators with necessary data while protecting ordinary users from public exposure12.
- Standardize Global “Legitimate Interest” Requests: ICANN, in coordination with global registrars, should accelerate the development of a unified, automated system for processing non-public registration data requests (such as the Registration Data Request Service). Establishing clear, objective, and globally accepted criteria for “legitimate interest” would relieve commercial registrars of the burden of acting as quasi-judicial arbiters, while ensuring timely compliance with legitimate law enforcement and trademark protection needs.
- Emphasize Verification Over Public Disclosure: To effectively combat online fraud, the regulatory focus should shift from public disclosure of registration data to robust identity verification at the point of sale12. Utilizing secure, privacy-preserving verification methods (such as cryptographic proofs or secure digital identity lockers) ensures that registrars maintain accurate contact details for law enforcement purposes, without exposing that personal information in public directories12.
- Refine Injunction Scopes to Prevent Lexical Overreach: Judiciary bodies should narrow the scope of automated blocking and Dynamic+ injunctions to prevent lexical overreach13. Automated, proactive blocking at the registrar level should be strictly limited to cases of clear-cut, identical brand impersonation18. Any claims involving confusingly similar terms, generic strings, or descriptive variations must undergo specific judicial review13. This protects legitimate speech, prevents trademark monopolies over common words, and avoids placing an undue gatekeeping burden on intermediaries43.
- Strengthen International Multi-Stakeholder Governance: Unilateral national mandates that alter the operational rules of global internet infrastructure risk fracturing the unified DNS3. Governments, judiciaries, and industry platforms must work collaboratively through established multi-stakeholder governance bodies, such as ICANN, to coordinate anti-fraud and cybersecurity measures18. This collaborative approach helps ensure that local security initiatives do not undermine the stability, security, and global interoperability of the open internet3.
Works cited
- GoDaddy Sounds Alarm Over How India Law Would Upend Internet Privacy Everywhere, https://gizmodo.com/godaddy-sounds-alarm-over-how-india-law-would-upend-internet-privacy-everywhere-2000781210
- https://tinyurl.com/4uxru32b
- GoDaddy warns India’s fake-site crackdown could damage the internet – TNW, https://thenextweb.com/news/godaddy-india-fake-site-crackdown-domain-privacy
- GoDaddy fears India’s crackdown on fake websites could damage internet, https://www.business-standard.com/india-news/godaddy-fears-india-s-crackdown-on-fake-websites-could-damage-internet-126070300479_1.html
- India’s domain KYC rulings: Ending anonymity in online fraud, https://www.anandandanand.com/news-insights/indias-domain-kyc-rulings-ending-anonymity-in-online-fraud/
- India’s domain KYC rulings: Ending anonymity in online fraud | Law.asia, https://law.asia/india-domain-kyc-mandate/
- Landmark Ruling On Domain Name Fraud and Systematic Reforms in Digital Commerce, https://www.anandandanand.com/news-insights/landmark-ruling-on-domain-name-fraud-and-systemic-reforms-in-digital-commerce/
- How Delhi High Court Tackled Rogue Domains and Intermediary Liability in Dabur Case, https://sunslegal.com/2026/01/07/how-delhi-high-court-tackled-rogue-domains-and-intermediary-liability-in-dabur-case/
- CS(COMM) 12/2022 – High Court of Delhi, https://delhihighcourt.nic.in/app/showFileJudgment/PMS24122025SC122022_193858.pdf
- What is Domain Privacy? | Domains – GoDaddy Help IN, https://www.godaddy.com/en-in/help/what-is-domain-privacy-41145
- Indian court moves to restrict WHOIS privacy protections to combat fake websites, major registrars protest. – GIGAZINE, https://gigazine.net/gsc_news/en/20260706-domain-india-privacy/
- GoDaddy Says India’s Fake-Site Order Risks Global Privacy Conflict – https://eutoday.net, https://eutoday.net/godaddy-india-fake-sites-gdpr-privacy/
- Regulating Domain Name System: DHC’s Ex Ante Turn – SpicyIP, https://spicyip.com/2026/01/regulating-domain-name-system-dhcs-ex-ante-turn.html
- Delhi HC’s Landmark Dabur – Colgate Judgment: Re-writing Domain Governance – azb, https://www.azbpartners.com/bank/delhi-hcs-landmark-dabur-colgate-judgment-re-writing-domain-governance/
- Strengthening The Digital Gatekeepers: Delhi High Court Mandates E-KYC Norms For Domain Name Registrations To Combat Online Fraud | LexOrbis, https://www.lexorbis.com/strengthening-the-digital-gatekeepers-delhi-high-court-mandates-e-kyc-norms-for-domain-name-registrations-to-combat-online-fraud/
- 24-12-2025 (txt) – High Court of Delhi, https://delhihighcourt.nic.in/app/showFileJudgment/PMS24122025SC2502020_110626.txt
- Systemic Overhaul to Curb Fraudulent and Infringing Domain Names – SCC Online, https://www.scconline.com/blog/post/2026/01/27/systemic-overhaul-curb-fraudulent-infringing-domain-names-delhi-high-court/
- Domain Name Fraud | Read How Delhi HC plans to regulate non-compliant Domain Registrars – SCC Online, https://www.scconline.com/blog/post/2026/04/02/del-hc-directions-to-curb-domain-name-fraud/
- e-KYC for Domain Owners – Comprompt Solutions LLP, https://comprompt.co.in/portfolio-item/kyc-for-domain-owners/
- Mandatory KYC for .IN Domains – Knowledge Base – Domain India, https://domainindia.com/support/kb/mandatory-kyc-for-in-domains
- Comprehensive Guide to KYC and e-KYC Requirements for .IN and NIXI-Managed Domain Extensions – Knowledge Base – Domain India, https://domainindia.com/support/kb/comprehensive-guide-to-kyc-and-e-kyc-requirements-for-in-and-nixi-managed-domain
- Delhi High Court Directions on Domain Name Fraud in Dabur: DNRs, Banks, Government Authorities and Dynamic+ Injunctions – Kings & Alliance LLP, https://knallp.com/delhi-high-court-directions-on-domain-name-fraud-in-dabur-dnrs-banks-government-authorities-and-dynamic-injunctions/
- Brand Protection vs Intermediary liability- Delhi High Court Draws a line in Dabur case, https://rnaip.com/brand-protection-vs-intermediary-liability-delhi-high-court-draws-a-line-in-dabur-case/
- Delhi High Court Judgment On Domain Name Fraud And Trademark Protection, https://ksandk.com/intellectual-property-rights/domain-name-fraud-tm/
- Delhi High Court decision aims to stop domain name misuse – Law.asia, https://law.asia/domain-name-misuse/
- NIS 2 Directive, Preamble 111-120, Final Text, https://www.nis-2-directive.com/NIS_2_Directive_Preamble_111_to_120.html
- Blog: NIS2 and Domain Names – an explainer – DNS Research Federation, https://dnsrf.org/blog/nis2-and-domain-names—an-explainer
- Article 28, Database of domain name registration data – The NIS 2 Directive, https://www.nis-2-directive.com/NIS_2_Directive_Article_28.html
- M3AAWG Comments on the Transposition of NIS2 Directive into EU National Law, https://www.m3aawg.org/sites/default/files/doc_files/nis2_letter_on_article_28_whois_may2024.pdf
- Article 28: Database of domain name registration data – RGPD.COM, https://rgpd.com/nis2-directive/chapter-5-jurisdiction-and-registration/article-28-database-of-domain-name-registration-data/
- NIS2 Directive: Mapping the Interplays with the GDPR – IAPP, https://iapp.org/resources/article/mapping-interplays-gdpr-nis2
- The Differences Between NIS2 and GDPR Representatives – GRC Solutions, https://grcsolutions.io/the-differences-between-nis2-and-gdpr-representatives/
- NIS2 vs GDPR: Differences and Synergies – Kopexa, https://kopexa.com/en/vergleich/nis2-vs-dsgvo
- Understanding NIS2 and Its Overlaps with GDPR: A Practical Guide – Conformance, https://www.conformance.dk/understanding-nis2-and-its-overlaps-with-gdpr-a-practical-guide/
- Have a Problem? Dispute Resolution Options – ICANN, https://www.icann.org/en/help/dispute-resolution
- Domain Name Disputes and Evaluation of The ICANN’s Uniform Domain Name Dispute Resolution Policy – Manupatra, http://docs.manupatra.in/newsline/articles/Upload/54B3830D-2595-4148-80E3-511F55C54A47.pdf
- Brand and Trademark Protections | New gTLD Program, https://newgtldprogram.icann.org/sites/default/files/documents/brand-trademark-protections-30jun25-en.pdf
- ICANN Domain Name Registration Regulations – The Registrar Company, https://www.theregistrarcompany.com/pdf/Domain-Name-Registration-Regulations-v2.95-en.pdf
- GoDaddy Complaint Mechanisms | Domains, https://www.godaddy.com/en-in/help/godaddy-complaint-mechanisms-40875
- Data Protection and Privacy – ICANN, https://www.icann.org/dataprotectionprivacy
- GoDaddy may “exit India” over cybersquatting legal battle – Domain Incite, https://domainincite.com/31790-godaddy-may-exit-india-over-cybersquatting-legal-battle
- Trademark / Copyright Infringement – GoDaddy IN, https://www.godaddy.com/en-in/legal/agreements/trademark-copyright-infringement
- Delhi High Court hoax domains: Privacy and safe harbour shifts | Law.asia, https://law.asia/deceptive-domain-names/
- Trademark and Cyber Crime: When Domain Names Become a Weapon, https://www.ipandlegalfilings.com/trademark-and-cyber-crime-when-domain-names-become-a-weapon/
- Privacy Policy – How We Protect Your Data – Domain India, https://domainindia.com/company/privacy
- New .IN Domain Registration Rules 2026: NIXI e-KYC & Verification Guide -, https://systron.net/blog/new-in-domain-registration-rules-2026-nixi-e-kyc-verification-guide/
- Guidelines:National Internet Exchange of India (NIXI) – Domgate, https://portal.domgate.com/announcements/127/GuidelinesNational-Internet-Exchange-of-India-NIXI.html?rp=%2Fannouncements%2F127%2FGuidelinesNational-Internet-Exchange-of-India-NIXI.html&language=french
- NIXI (.IN Domains) – Compliance Registrant Verification Process – Support : Enom, https://support.enom.com/support/solutions/articles/201000120141-nixi-in-domains-compliance-registrant-verification-process
- India’s factory boom comes with a growing cyber bill – The Economic Times, https://m.economictimes.com/news/company/corporate-trends/cyberattacks-on-tata-electronics-and-bajaj-auto-highlight-rising-cybersecurity-risks-for-indian-manufacturing-factories/articleshow/132180055.cms
- India issues stern notice to Meta over Instagram ads carrying child sexual abuse material, https://m.economictimes.com/news/company/corporate-trends/india-issues-stern-notice-to-meta-over-instagram-ads-carrying-child-sexual-abuse-material/articleshow/132191833.cms
- Godaddy.Com Llc vs Assistant/Deputy Commissioner Of … on 4 February, 2026, https://indiankanoon.org/doc/196605177/
