Delhi HC mandates e-KYC verification in domain registrations

New Delhi, Dec 26 The Delhi High Court has issued directions mandating strict e-KYC verification of domain name registrants, noting that lax identity checks by domain name registrars (DNRs) have contributed to the proliferation of online fraud, phishing websites, and large-scale consumer deception.

In a detailed 248-page judgment in a batch of suits filed by Dabur India Ltd, a single-judge Bench of Justice Prathiba M. Singh observed that anonymity in domain registrations has enabled the misuse of well-known brands to cheat the public and siphon off money through fake franchise, distributorship, and investment schemes.

The Delhi HC ordered that all DNRs offering services in India must undertake mandatory verification of registrant details at the time of registration and periodic re-verification thereafter, strictly in accordance with the KYC requirements prescribed under the CERT-In Circular dated April 28, 2022.

Rejecting the practice of "privacy by default", Justice Singh held that masking of registrant details without verified credentials has become a key enabler of financial fraud.

The judge observed that offering anonymity at the registration stage makes it nearly impossible for brand owners, banks, and law enforcement agencies to trace offenders in time.

"Offering of privacy by default to registrants is one of the reasons for proliferation of illegal domain names," the Delhi High Court said, adding that unless a registrant specifically opts for privacy protection after completing verification, personal details cannot be concealed.

It ordered that all domain name registrars must verify registrant identity details at registration and on a periodic basis as per Indian KYC norms. According to the Delhi High Court decision, verified registration data is to be shared with NIXI (National Internet Exchange of India) in respect of domains administered by it, with updates provided on a monthly basis.

Upon request by courts or law enforcement agencies, DNRs must disclose verified details, including name, address, mobile number, email ID, and payment information, within 72 hours.

The Delhi High Court cautioned that failure to comply with KYC and disclosure obligations could result in registrars losing their safe harbour protection under the Information Technology Act, 2000 (IT Act) and even facing blocking under Section 69A.

Noting that out of more than 1,100 infringing domain names, almost none were defended by any bona fide registrant, Justice Singh said: "This itself shows that the infringing domain names are being proliferated only for unlawful and illegal purposes. Thus, there is an urgent necessity for directions to be passed to ensure the trust of the consumers, as also the interest of businesses is protected, and no party is permitted to commit fraud due to failure of sufficient safeguards in the system."

Further, the Delhi High Court asked the Centre to explore a uniform e-KYC framework for all domain name registrars operating in India, similar to the system followed by NIXI, while ensuring compliance with the Digital Personal Data Protection Act.

"The government shall hold a stakeholder consultation with all DNRs and Registry Operators offering services in India and explore the possibility of putting in place a framework similar to the one used by NIXI by all DNRs for the purpose of domain name registration," it directed.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor