New Delhi, Dec 26 (NationPress) The Delhi High Court has mandated comprehensive e-KYC verification for individuals registering domain names, highlighting that insufficient identity checks by domain name registrars (DNRs) have led to an increase in online fraud, phishing sites, and widespread consumer deception.

In an extensive 248-page ruling concerning a series of lawsuits initiated by Dabur India Ltd, a single-judge Bench presided by Justice Prathiba M. Singh remarked that the anonymity allowed in domain registrations has facilitated the exploitation of well-known brands, resulting in the public being defrauded and funds being misappropriated through counterfeit franchise, distributorship, and investment schemes.

The Delhi HC ordered that all DNRs providing services in India must perform essential verification of registrant information during registration and conduct periodic re-verifications, strictly adhering to the KYC stipulations set forth by the CERT-In Circular dated April 28, 2022.

Justice Singh rejected the concept of “privacy by default,” asserting that the concealment of registrant information without verified credentials has become a significant facilitator of financial fraud.

The judge emphasized that providing anonymity during registration makes it exceedingly difficult for brand owners, financial institutions, and law enforcement to promptly identify offenders.

The Delhi High Court stated, “The provision of privacy by default to registrants is among the factors contributing to the rise of illegal domain names,” adding that unless a registrant explicitly opts for privacy protection after completing verification, personal information should remain visible.

It mandated that all domain name registrars must authenticate registrant identity details upon registration and periodically per Indian KYC regulations. Following the Delhi High Court's ruling, verified registration data must be communicated to NIXI (National Internet Exchange of India) concerning the domains it manages, with updates supplied monthly.

Upon the request of courts or law enforcement, DNRs must provide verified details, including name, address, mobile number, email ID, and payment information, within a 72-hour timeframe.

The Delhi High Court warned that non-compliance with KYC and disclosure requirements could lead to registrars losing their safe harbor protections under the Information Technology Act, 2000 (IT Act) and potentially facing blocking under Section 69A.

Pointing out that of over 1,100 infringing domain names, nearly none were defended by any legitimate registrant, Justice Singh remarked: “This alone indicates that the infringing domain names are proliferating solely for unlawful and illicit reasons. Hence, there is an urgent need for directives to safeguard consumer trust and protect business interests, ensuring that no entity can commit fraud due to inadequate systemic safeguards.”

Furthermore, the Delhi High Court urged the Centre to consider a uniform e-KYC framework for all domain name registrars operating in India, akin to the system utilized by NIXI, while ensuring compliance with the Digital Personal Data Protection Act.

“The government shall conduct a stakeholder consultation with all DNRs and Registry Operators providing services in India and assess the feasibility of implementing a framework similar to that of NIXI for the purpose of domain name registration,” it directed.