NewKerala.com

Delhi HC Mandates e-KYC for Domain Names to Curb Online Fraud

The Delhi High Court has mandated strict e-KYC verification for all domain name registrants in India to combat the proliferation of online fraud and phishing websites. The court rejected the practice of "privacy by default," stating that anonymity enables financial fraud and makes it difficult to trace offenders. Registrars must now verify identities at registration and periodically, with non-compliance risking loss of legal safe harbour protections. The court also directed the government to explore a uniform e-KYC framework for all domain registrars operating in the country.

Key Points: Delhi HC Orders e-KYC for Domain Registrations to Fight Fraud

  • Mandatory e-KYC at registration
  • Periodic re-verification required
  • Ends "privacy by default" anonymity
  • Non-compliance risks legal liability
3 min read

Delhi HC mandates e-KYC verification in domain registrations

Delhi High Court mandates strict e-KYC verification for domain registrants to combat phishing and fraud, ending "privacy by default" anonymity.

"Offering of privacy by default to registrants is one of the reasons for proliferation of illegal domain names. - Delhi High Court"

New Delhi, Dec 26

The Delhi High Court has issued directions mandating strict e-KYC verification of domain name registrants, noting that lax identity checks by domain name registrars have contributed to the proliferation of online fraud, phishing websites, and large-scale consumer deception.

In a detailed 248-page judgment in a batch of suits filed by Dabur India Ltd, a single-judge Bench of Justice Prathiba M. Singh observed that anonymity in domain registrations has enabled the misuse of well-known brands to cheat the public and siphon off money through fake franchise, distributorship, and investment schemes.

The Delhi HC ordered that all DNRs offering services in India must undertake mandatory verification of registrant details at the time of registration and periodic re-verification thereafter, strictly in accordance with the KYC requirements prescribed under the CERT-In Circular dated April 28, 2022.

Rejecting the practice of "privacy by default", Justice Singh held that masking of registrant details without verified credentials has become a key enabler of financial fraud.

The judge observed that offering anonymity at the registration stage makes it nearly impossible for brand owners, banks, and law enforcement agencies to trace offenders in time.

"Offering of privacy by default to registrants is one of the reasons for proliferation of illegal domain names," the Delhi High Court said, adding that unless a registrant specifically opts for privacy protection after completing verification, personal details cannot be concealed.

It ordered that all domain name registrars must verify registrant identity details at registration and on a periodic basis as per Indian KYC norms. According to the Delhi High Court decision, verified registration data is to be shared with NIXI (National Internet Exchange of India) in respect of domains administered by it, with updates provided on a monthly basis.

Upon request by courts or law enforcement agencies, DNRs must disclose verified details, including name, address, mobile number, email ID, and payment information, within 72 hours.

The Delhi High Court cautioned that failure to comply with KYC and disclosure obligations could result in registrars losing their safe harbour protection under the Information Technology Act, 2000 (IT Act) and even facing blocking under Section 69A.

Noting that out of more than 1,100 infringing domain names, almost none were defended by any bona fide registrant, Justice Singh said: "This itself shows that the infringing domain names are being proliferated only for unlawful and illegal purposes. Thus, there is an urgent necessity for directions to be passed to ensure the trust of the consumers, as also the interest of businesses is protected, and no party is permitted to commit fraud due to failure of sufficient safeguards in the system."

Further, the Delhi High Court asked the Centre to explore a uniform e-KYC framework for all domain name registrars operating in India, similar to the system followed by NIXI, while ensuring compliance with the Digital Personal Data Protection Act.

"The government shall hold a stakeholder consultation with all DNRs and Registry Operators offering services in India and explore the possibility of putting in place a framework similar to the one used by NIXI by all DNRs for the purpose of domain name registration," it directed.

- IANS

Share this article:

Reader Comments

R
Rohit P
Finally some action! The "privacy by default" was a major loophole. How can you run a business online if anyone can copy your brand and cheat customers? This judgment protects both consumers and honest businesses.
A
Aman W
Good move, but implementation is key. We have strong laws but weak enforcement. Will the registrars actually do periodic re-verification? And what about domains registered outside India? The framework needs to be watertight.
S
Sarah B
As a small business owner, I appreciate this. Protecting our brand name online is a constant battle. This should deter copycats. Hope the government consults stakeholders properly and doesn't create a cumbersome process for genuine users.
V
Vikram M
Balance is important. While I support cracking down on fraud, we must also protect privacy for legitimate users—like activists or journalists. The court says you can opt for privacy AFTER verification, which seems fair. The DPDPA compliance mention is crucial.
K
Karthik V
1100 infringing domains and no one came forward to defend them? That says it all! These were purely for fraud. The 72-hour disclosure rule for law enforcement is a powerful tool. Let's see if it actually speeds up cybercrime investigations.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50