Delhi High Court orders strict e-KYC for domain name registrants to curb cyber fraud

The Delhi High Court has ruled that all domain name registrars offering services in India must implement mandatory e-KYC verification of registrants at the time of registration and on a periodic basis, in an effort to combat the rising incidence of cyber fraud and phishing activities. The judgement follows a batch of suits filed by Dabur India Ltd alleging that lax identity checks enabled misuse of well-known brands and facilitated large-scale online offences.

In a decision delivered on 30 December 2025, Justice Prathiba M Singh noted that allowing anonymity in domain registrations had made it difficult for brand owners, banks, and law enforcement agencies to trace offenders in time. The court observed that “privacy by default” in domain records had become a key enabler of illegal domains and associated financial frauds, including fake franchises and investment schemes.

Under the court’s directives, domain name registrars operating in India must:

• Conduct mandatory verification of registrant details at the point of registration and through periodic re-verification in accordance with applicable KYC norms.
• Ensure registrant information is not masked by default unless verification is complete, reversing prevalent “privacy by default” practices that conceal registrant details.
• Clarify the scope of data shared with the National Internet Exchange of India (NIXI) for domains it administers and provide monthly updates.
• Disclose verified registrant information, including name, address, mobile number, email, and payment details, to law enforcement or courts within 72 hours of request.
• Explore the possibility of implementing a uniform e-KYC framework for all domain registrars similar to that used by NIXI, through stakeholder consultations.

The court also issued ancillary directions to banks to implement the Beneficiary Bank Account Name Lookup facility outlined in a Reserve Bank of India circular, to support safer online payments and reduce fraud risks.

Justice Singh emphasised that failure to comply with KYC and disclosure obligations could lead to loss of protection under the Information Technology Act, 2000, and potential domain blocking under Section 69A of the IT Act. The ruling aims to protect consumers and businesses by strengthening identity verification in the domain registration ecosystem, a measure the court described as necessary to safeguard trust and prevent fraud.