Fashnear Technologies Private Limited vs. Meesho Online Shopping Pvt. Ltd & Anr.

$~J6
* IN THE HIGH COURT OF DELHI AT NEW DELHI
st
Reserved on: 31 May, 2025
th
Pronounced on: 24 December, 2025
th
Uploaded on: 12 January, 2026
+ CS (COMM) 475/2022 & I.As. 10851/2022, 10852/2022 &
12173/2022
FASHNEAR TECHNOLOGIES PRIVATE LIMITED ..... Plaintiff
Through: Mr. Sidharth Chopra, Mr. Nitin
Sharma, Mr. Yatin Garg, Mr. Ranjeet
Singh, Mr. Vivek Ayyagari, Mr.
Angad Makkar & Mr. Manas
Raghuvanshi, Advocates.
versus
MEESHO ONLINE SHOPPING PVT. LTD. & ANR. ..... Defendants
Through: Mr. Vihan Dang, Mr. Ujjawal
Bhargava, Mr. Aditya Mathur, Ms.
Anuparna Chatterjee, Advs. for D-6.
Mr. Alipak Banerjee Ms. Shweta
Sahu, Mr. Parva Khare & Mr. Brijesh
Ujjainwal Advocates. for D-7.
Mr. Abhigyan Siddhant and Mr.
Danish Faraz Khan, Advs for D-19 &
20. (M:9999999045)
Mr. Akshay Goel, Mr. Shivam Narang
& Mr. Lalit Kashyap, Advocates
Mr. K.R. Sasiprabhu and Mr. Tushar
Bhardwaj, Advs for Reliance Jio.
CORAM:
JUSTICE PRATHIBA M. SINGH
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 1 of 243

JUDGMENT
Prathiba M. Singh J.,

Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 2 of 243

Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 3 of 243

This hearing has been done through hybrid mode.
I. BACKGROUND
1. What is a domain name? A domain name is the address of a
business/individual/entity on the internet. The website built on the domain
name is like a shop being built at the physical address of a business. In the
internet age, domain names/websites form the ‘Online Soul’ of a business. In
order to maintain the distinctive nature of the business, domain names are
usually registered using the brand name, house name or trade mark with which
the business is associated. Any misuse of the same by registration of
fraudulent domain names and creation of fake websites results in erosion of
the integrity and goodwill of the business house and name, as also leads to
consumer deception.
2. This batch of several commercial suits have been filed by various
trademark owners seeking injunctions against misuse of their trademarks
through registration of domain names by unknown persons. These domain
names consist of either the full trademark or a distinctive part of the trademark
or the brand name and are being used for illegitimate means in order to derive
monetary benefits. The domain names that are registered are being misused
in various forms such as:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 4 of 243

i.Registration of the domain names posing themselves as the Plaintiffs
and collecting money under the garb of offering jobs, dealerships,
franchisees, etc. The infringing domain name is used to create a website
that hosts almost identical or similar content as that of the Plaintiffs’
website. In some infringing websites similar logos or marks as that of
the Plaintiffs’ are used along with misleading or deceptive information
thereby enticing the general public into making payments through
digital transactions into bank accounts which are not connected to the
Plaintiffs.
ii.Further, the infringing domain names are being registered for the
purpose of hosting websites where counterfeit and pass-off products are
being offered for sale or have been sold.
iii.Fraudulent domain names are being used to host websites for providing
services posing as the Plaintiffs.
3. The suits were instituted in respect of certain infringing domain names,
with the concerned Domain Name Registrars (DNRs) impleaded as parties, as
the identity of the Registrant could not be verified from the WHOIS records.
The WHOIS details disclosed largely fictitious or incomplete particulars, with
the sole contact point being an email address that does not disclose the identity
of the Registrant. The DNRs possess only this limited information, and the
remaining data provided at the time of registration such as addresses and
mobile numbers is typically inaccurate. In the absence of any robust
verification mechanism, even the email IDs used for registration are often
created through temporary mobile numbers or public places such as cyber
cafés, and BSI data frequently indicates that such Registrants are based on
foreign shore. Consequently, obtaining the email address alone is insufficient,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 5 of 243

and it becomes exceedingly difficult to identify or trace the actual individual
or entity responsible for registering the impugned domain name.
4. In cases where the bank account details are provided for the purposes
of collecting money, a separate enquiry is required to be launched against the
person who has opened this bank account. On most occasions they are opened
using mobile numbers which are again untraceable, or by way of the PAN
card or Aadhar card which may be fake. The next level of enquiry then moves
to the mobile number and the telecom service provider who usually collects
some documents. However, the address etc., are again not traceable.
5. In effect, therefore, by registering domain names using a well-known
mark or a registered trademark, a whole network is built only to deceive
innocent and gullible consumers and members of the public. The bank
account is operated for a temporary period and after the money is collected
the same is withdrawn and even before the trademark owner is able to take
action, the bank account is almost empty. Thereafter, even after the Court
grants an interim injunction against the infringing domain names, there are
further domain names/ websites registered and opened which follow the same
pattern as described above. The whole gamut of fraudulent transactions and
cyber fraud is being committed by those unknown persons and entities merely
by registering infringing domain names and hosting websites that are
misleading and containing deceiving content.
6. Thus, various issues arise for adjudication in these matters which are
not limited to the present suit but are systemic issues which need to be
addressed with significant changes and measures to be implemented by
different stakeholders in the system. At the interim stage, for any effective
injunction order to be passed, directions would be required to be issued to –
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 6 of 243

a. Domain Name Registrants – Person registering the domain
name;
b. Domain Name Registrars (DNRs) – Entity enabling the
registration of the domain name;
c. Domain Name Registry – The Registry under which the DNR
operates;
d. ICANN – Internet Corporation on Assigned Names and
Numbers – the overall regulator of the Internet;
e. Banks – where the bank accounts are opened by the infringers;
f. Reserve Bank of India – Banking regulator which had to take
steps to curb fraudulent activities through banking channels;
g. Telecom service providers – companies which provide SIM
cards and associated telecom services
h. MeiTY and DoT – Ministries which oversee the access to the
internet in India and also regulate the internet/telecom service providers
i. Law Enforcement Agencies – Police and other investigating
agencies
7. In this batch of suits, the protection of the brand names, trade marks
etc., is not only for the purpose of protecting the Intellectual Property and
goodwill of businesses but to also to take effective steps against the large-
scale cheating and deception of innocent consumers and users who are
suffering huge losses due to misuse of trade marks and brand names on
fraudulent domain names/websites.
II. I.A. 10851/2022 (under Order XXXIX Rule 1&2 of CPC)
8. The present suit has been filed by the Plaintiff –Fashnear Technologies
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 7 of 243

Private Limited., seeking, inter alia, permanent and mandatory injunction,
dilution, rendition of accounts and damages in respect of infringement of its
trademark “ MEESHO” and the logos i.e.,
and .
9. The present suit is part of a batch of matters relating to domain names
being registered by unknown third parties infringing trademark rights of
various brand owners and implementation of Court orders by different
concerned entities including the Domain Name Registrars (hereinafter “ the
DNRs ”).
10. The Plaintiffs had initially preferred I.A. 10851/2022 under Order
XXXIX Rule 1 & 2 read with Section 151 of the Code of Civil Procedure
seeking, inter alia, ad-interim ex-parte injunction restraining various
websites/entities engaged in infringement of Plaintiff’s trademarks etc. The
reliefs sought in the said application are as under:
“a) Pass an order of interim / temporary
injunction restraining restraining the Defendant
No. 1 (and such other individuals / entities
which are discovered during the course of the
proceedings to have been engaging in infringing
the Plaintiff’s intellectual property rights), their
owners, partners, proprietors, officers,
servants, employees, and all others in capacity
of principal or agent acting for and on their
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 8 of 243

behalf, or anyone claiming through, by or under
it, from using the mark “MEESHO”,
“meesho.com” etc. and/or any deceptive
variants thereof which is identical and/or
similar to the Plaintiff’s MEESHO trademark, in
any manner thereby amounting to infringement
of Plaintiff’s trademark;
b) Pass an order of interim / temporary
injunction restraining the Defendant No. 1 (and
such other individuals / entities which are
discovered during the course of the proceedings
to have been engaging in infringing the
Plaintiff’s trademark rights), their owners,
partners, proprietors, officers, servants,
employees, and all others in capacity of
principal or agent acting for and on their behalf,
or anyone claiming through, by or under it, from
using the mark “MEESHO”, Meesho Logos
(which is used by the Plaintiff exclusively within
the Indian territory) and/or any deceptive
variant thereof which is identical and/or similar
to the Plaintiff’s MEESHO trademark in respect
of domain name or any other manner thereby
amounting to passing off the Plaintiff’s
goods/services;
c) Pass an order of interim / temporary
injunction restraining the Defendant No. 1 (and
such other individuals / entities which are
discovered during the course of the proceedings
to have been engaging in infringing the
Plaintiff’s intellectual property rights), their
owners, partners, proprietors, officers,
servants, employees, and all others in capacity
of principal or agent acting for and on their
behalf, or anyone claiming through, by or under
it, which uses identical and/or similar logos as
that of the Plaintiff’s copyright protected
artwork for the Plaintiff’s Meesho Logos,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 9 of 243

thereby infringing the Plaintiff’s copyright in its
artistic works;
d) Pass an order of interim / temporary
injunction restraining Defendant No. 1 (and
such other entities which are discovered during
the course of the proceedings to have been
engaging in infringing the Plaintiff’s intellectual
property rights), its owners, partners,
proprietors, officers, servants, employees, and
all others in capacity of principal or agent
acting for and on their behalf, or anyone
claiming through, by or under it, from, in any
manner using directly or indirectly the
Plaintiff’s trademark ‘Meesho’ or any other
mark identical / deceptively similar to the
Plaintiff’s trademark, amounting to unfair
competition, misappropriation, dilution and
tarnishment, of the Plaintiff’s trademark;
e) Pass an order of interim / temporary
injunction, directing Defendant Nos. 2 to 4, their
owners, partners, proprietors, officers,
servants, employees, and all others in capacity
of principal or agent acting for and on their
behalf, or anyone claiming through, by or under
them to freeze the bank account with Account
Nos. 40670038919 (registered with Defendant
No. 3), Account No. 464902010083337
(registered with Defendant No. 2), UPI ID.
giftmeesho1@okicici (registered with
Defendant No. 4) and direct the said Defendant
Nos. 2 to 4 to provide the statement of accounts
pertaining to the identified account numbers
and furnish on affidavit, the identity of the bank
account holder and KYC details, on affidavit;
f) Pass an order of interim / temporary
injunction, directing Defendant Nos. 8 and 9, its
owners, partners, proprietors, officers,
managers, servants, employees, and all others
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 10 of 243

in capacity of principal or agent acting for and
on their behalf, or anyone claiming through, by
or under them, to furnish on Affidavit, the KYC
details of the beneficiary of the PayTM account
holder (i.e., 8521509199@paytm as well as the
transactions using the said PayTM account),
and GPay account holder (in respect of
transaction bearing ID NO. CICAgOCvmZ29JA
conducted using the said GPay account);
g) Pass an order of interim / temporary
injunction, directing the Defendant Nos. 7 to 9,
their directors, partners, proprietors, officers,
affiliates, servants, employees, and all others in
capacity of principal or agent acting for and, on
their behalf, or anyone claiming through, by or
under it, to disclose details of the Registrant of
the Defendant No.1’s websites meeshogift.in and
meeshogift.com and
www.meeshoonlineluckydraw.in and block
access to the said websites;
h) Pass an order of interim / temporary
injunction, directing the Defendant Nos. 10, 11
and 18, their directors, partners, proprietors,
officers, affiliates, servants, employees, and all
others in capacity of principal or agent acting
for and, on their behalf, or anyone claiming
through, by or under it, to disclose details of
Defendant No. 1 basis the phone numbers
provided herewith and suspend such rogue
phone numbers (identified at paragraph 69 of
the Plaint);
i) Pass an order of interim / temporary
injunction, directing Defendant Nos. 10 to 18,
their directors, partners, proprietors, officers,
affiliates, servants, employees, and all others in
capacity of principal or agent acting for and, on
their behalf, or anyone claiming through, by or
under it, to block access to the websites of
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 11 of 243

Defendant No. 1 mentioned in instant suit (i.e.,
www.meeshoonlineluckydraw.in;
www.meeshogift.in; and www.meeshogift.com)
and/or such other websites that may
subsequently be notified by the Plaintiff (on
Affidavits) to be infringing of its exclusive
rights;
j) Pass an order of interim / temporary
injunction, directing the Defendant Nos. 19
(DoT) and 20 (MEITY) to issue a notification
calling upon the various internet and telecom
service providers registered under it to block
access to the various websites / Rogue Websites
identified by the Plaintiff in the instant suit
(www.meeshoonlineluckydraw.in;
www.meeshogift.in; and www.meeshogift.com)
and/or such other websites that may
subsequently be notified by the Plaintiff to be
infringing of its exclusive rights;
k) Pass an ex-parte ad-interim order in terms of
the prayer clauses (a) to (j) hereinabove; and
l) Any other Order(s) as this Hon’ble Court may
deem fit and proper in the facts and
circumstances of the case may also be passed in
favour of the Plaintiff.”
11. This Court vide order dated 20th July, 2022, had passed an order of
interim injunction restraining the concerned Defendants, who are Registrants
of the infringing domain names from infringing the Plaintiff’s marks. In
respect of the same, appropriate directions were passed against the concerned
DNRs who had registered the infringing domain names.
12. By way of the present judgement the Court shall dispose off the said
applications.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 12 of 243

III. PROCEEDINGS IN THE SUIT
13. The grievance in the present plaint is that there are various domain
names and websites, registered/hosted by unknown individuals who have
started using the mark “ MEESHO ” and the logos. In the present case, till date,
there are 26 infringing domain names which have been identified, which are
as under:

Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 13 of 243

th
14. The present suit was heard on 18 July, 2022 and this Court after
noticing the urgency in the matter had observed as under:
“10. The present case relates to a fake online
marketplace created by certain unknown parties who
are collecting lakhs of rupees from gullible and
vulnerable users and consumers. The Court has sought
the assistance of the Cyber Crime Cell and the Union
of India. Mr. Anurag Ahluwalia, Id. CGSC and Mr.
Hetu Arora Sethi, Id. ASC, GNCTD, Cyber Crime Unit,
Delhi Police are present in court as also Mr. Raman
Lamba, Assistant Commissioner of Police, Cyber
Crime Unit, who is present virtually.
11. After hearing them, it is deemed appropriate to list
th
this matter on 20 July, 2022 at 2:30 p.m. in order to
enable the Cyber Crime Unit to take all steps required
for;
i. Securing all the amounts lying in the Defendants'
bank accounts as also in the connected bank accounts.
ii. To obtain complete bank statements of the amounts
collected
till date.
iii. PAN details, identity details, contact details, etc of
the persons who have opened these accounts.
iv. Any other information which Delhi Police may
acquire.
12. Ld. counsel for the Plaintiff to mail the soft copy of
the suit papers to both the counsel for the Cyber Cell
and the Union of India.”
15. Thereafter on 20th July, 2022, the status report which was received
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 14 of 243

from the Delhi Police was considered wherein the Delhi Police had informed
the Court that the Special Investigation Team was constituted and an FIR had
been registered. The three fake online market places with infringing the
domain names ‘ meeshogift.in’ , ‘ meeshogift.com ’
‘ meeshoonlineluckydraw.in ’ were suspended. The said domain names were
injuncted in the following manner:
“2. Pursuant to the previous order dated 18th July,
2022, a status report has been submitted by Ms. Hetu
Arora Sethi, ld. ASC, GNCTD appearing for the Delhi
Police along with Mr. Raman Lamba, ACP, Cyber
Crime Unit, Delhi Police, who is present in Court. A
perusal of the said status report shows that a detailed
investigation is already underway and there are
similar matters as well, where fake accounts have been
created in the names of wellknown business houses. As
per the said status report, a Special Investigation Team
(‘SIT’) has been constituted collectively in respect of
four similar suits, by the Cyber Crime Unit, Delhi
Police, which is referred to as Intelligence Fusion and
Strategic Operations (“IFSO”).
3. In the present suit, a FIR being FIR No.206/2022,
P.S. Special Cell, Delhi dated 20th July, 2022 has also
been registered under Sections 419/420 IPC and
Sections 66C, 66D of the Information Technology Act,
2000. The status report reveals that there are bank
accounts which are connected to each other, in a
cascading manner, and orders are being issued for
freezing of the said bank accounts. Let the
investigation in this matter continue.
4. In the meantime, all the three fake online
marketplaces with the infringing domain names being
‘www.meeshogift.in’, ‘www.meeshogift.com’ and
‘www.meeshoonlineluckydraw.in’ are restrained from
operating and shall remain suspended or deactivated
by the Domain Name Registrar (“DNR”). The
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 15 of 243

Defendant No.19 - Department of Telecommunications
(DoT) and Defendant No.20 – Ministry of Electronics
and Information Technology (MEITY) shall issue
blocking orders for the said three domain names, till
further orders of this Court. All the Internet Service
Providers (ISPs) shall also give effect to these
directions, within 24 hours. 5. The contact details of
the persons, who have registered domain names shall
be handed over to ld. Counsel for the Plaintiff by the
DNR - GoDaddy and other Registrars. Upon the
details of the registrants of these domain names being
made available to ld. Counsel for the Plaintiff, the
same shall be supplied to Ms. Sethi and Mr. Lamba, so
that they can carry out further investigation into the
matter. All the concerned banks shall further ensure
that the bank accounts connected to the said three
domain names are frozen and blocked. 6. The DNRs
will also inform the Plaintiff, if the said domain names
have availed of any other services of the DNR such as
cloud server, website development and hosting
services. If so, the details used for making any
payments such as credit card details, bank accounts
details and any IP address of such persons who have
registered the said domain names for availing the said
services, shall also be provided to ld. Counsel for the
Plaintiff. After collecting said details, the ld. Counsel
for the Plaintiff shall forward the same to Ms. Sethi and
Mr. Lamba.
7. The DNRs shall further ensure that no other fake
websites/domain names containing the mark/name
‘MEESHO’ is registered by them. If the Plaintiff gives
notice of any other infringing websites, the DNRs shall
deactivate the said website/domain name, within 48
hours.
8. Ld. Counsel for the Plaintiff shall file an affidavit
giving the details of such websites after submitting the
same to the DNR. If any domain names, which are
brought to the notice of the DNR, are not deactivated,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 16 of 243

an explanation shall be provided by the DNR to the
Plaintiff as to why the said domain names were not
deactivated, and the Plaintiff shall be at liberty to move
an application before the Court in this regard.”
16. According to the above, transactions of more than Rs.53 lakhs were
found by the Cyber Crime Unit, however, only Rs.79/- was found to be the
remaining balance in the relevant bank account. It was also observed that the
DNRs have become a tool to enable illegal and fraudulent collection of
money. Further, the details of the concerned DNRs were also directed to be
supplied to the ld. Counsel for the Delhi Police as also the Investigating
Officer for conducting further investigation.
17. Thereafter, the present suit was heard along with the batch of suits
raising similar issues wherein the lead matter is CS(Comm.) 135/2022 titled
Dabur India Limited vs. Ashok Kumar . All parties were heard by the Court
st
on several dates and finally on 31 May, 2025 the judgement was reserved in
the present applications. However, before the Court considers the submissions
of the parties in the present suit, it would be necessary to discuss the directions
passed by this Court in respect of certain common issues which arise in the
present batch of matters.
IV. COMMON ISSUES ARISING IN THE BATCH MATTERS
th
18. In the present suit vide order dated 20 July, 2022 it was noted that
these cases of fraudulent and infringing domain names/websites being
operated for collecting large sums of money from unsuspecting customers are
not one-off instances. Considering the suits already filed by various trademark
owners, the Court was of the view that these matters should be heard together
th
for a consolidated investigation. The relevant portion of the order dated 20
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 17 of 243

July, 2022 reads as under:
“ 11. It has also been brought to the notice of this
Court that there are a number of cases before the
Court where fraudulent domain names are being
registered under the marks of well-known and
established business houses and their brands. The
said domain names are being used for hosting
fraudulent websites with details of bank accounts
under the garb of offering jobs, dealerships,
franchisees, lucky draws, and various other illegal
activities. The cases already before this Court,
include the following:
[… ]
12. In addition, ld. Counsels appearing before this
Court today have informed the Court that there are
other similar matters, pending before different
benches of the IPD. The details of the said matters
are as under:
[… ]
13. Subject to the orders of Hon’ble the Judge-in-
Charge (Original Side), all the above matters be
listed before the same Bench , as the investigation
needs to be consolidated and comprehensive
directions may be required to be issued to the police
authorities, cyber cells, the various banks, National
Payment Corporation of India, RBI, MHA etc.
14. The Cyber Crime Unit, Special Cell, Delhi shall
continue the investigation in these matters. Let a
further status report be submitted in respect of the
said investigation, on the next date of hearing.
15. It is also made clear that in order to coordinate
in obtaining data relating to various bank accounts
and other details of the persons, who opened the
fraudulent bank accounts for collecting the money
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 18 of 243

from the customers, the Cyber Crime Unit is free to
approach National Payments Corporation of India,
as also, the concerned banks.”
19. Accordingly, the present suit along with the batch of suits raising
rd
similar issues were heard by the Court on 3 August, 2022. The Court after
hearing the parties, formulated the various issues for consideration in the
rd
present batch of matters. The relevant portion of the said order dated 3
August, 2022 reads as under:
“ 2. The primary issue that arises in these cases is
that the proliferation of these domain names has
resulted in enormous damage to innocent and
gullible members of the public, who have been led to
believe that the websites hosted on some ‘impostor’
domain names, in fact belong to the actual brand
owners. The facts which have emerged from these
cases show clearly that innocent persons have been
duped of crores of rupees due to registration of
domain names consisting of well-known brands and
trademarks.
3. The second issue that has arisen in all these cases
is that the persons registering these domain names,
on most occasions, have masked their identities. This
could be voluntarily done by the registrants
themselves or due to features that are enabled by the
domain name registrars (hereinafter “DNRs”), that
provide bundled services when registering a domain
name, such as privacy protect features and proxy
domain services.
4. Third, even if such information is unmasked, the
information being collected by the DNRs at the stage
of registration of the domain name appears to be
quite unsatisfactory inasmuch as even when Courts
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 19 of 243

have directed the data relating to the registrants to
be supplied to the Plaintiff, on most occasions, the
details are fictitious and are not traceable. It has
required several orders of Courts being passed, and
investigations by police authorities as also Cyber
Cells, to even trace the natural persons behind the
said domain name registrations, through the
telephone numbers and bank accounts through which
payments may have been made for registering the
domain names.
5. In this background, the Plaintiffs in these cases
insist on blanket injunctions to be passed against the
DNRs, injuncting them from registering any domain
names consisting of the Plaintiff’s marks and brands.
On the other hand, the DNRs resist this prayer on the
ground that the alphabets contained in these marks
and names are such that there could be genuine
[…]
31. After hearing the submissions made today by
various parties, this Court is of the prima facie
opinion that the manner in which the present system
is working is completely unsatisfactory. Whenever
any domain name is registered which consists of a
well-known mark or a registered brand name which
the owner intends to protect, the remedies that can
be availed of are either to seek remedies under
UDRP or approach the Court. The sheer quantum
and magnitude of domain names which are capable
of being registered, especially by persons who
intend to indulge in fraudulent activities would
make it almost impossible for IP owners to avail of
their remedies qua each and every domain name .
Especially in the case of marks which are well
known, there ought to be a more efficient framework
which needs to exist. Considering the large sums of
money that are being fraudulently obtained from
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 20 of 243

various unsuspecting customers, all due to the lack
of an active mechanism identification of such
fraudulent parties, it is clear to the Court that the
following aspects need to be addressed in these
matters:
(i) The manner in which the details of the domain
name registrants, can be verified by the DNRs,
at the time of registration of domain names;
(ii) The manner in which the privacy protect
feature and proxy servers are made available:
whether it is only upon a specific registrant
choosing the said option, rather than as a
standard feature as part of a ‘bundle’;
(iii)If the owner of a well-known brand or a
trademark contacts any DNR, the manner in
which the data related to the registrant can be
provided, without the intervention of a Court,
or any governmental agency;
(iv) Whether the identity of the owner of a domain
name, which consists of a registered trademark
or a known brand can be verified at the time of
registration itself;
(v) If a specific link could be provided by the
CGPTDM, covering a list of well-known
marks, maintained by the Registrar of the
Trademarks, or declared by any Court of law,
which can then be used for expedited blocking
of domain names consisting of such marks;
(vi) If there can be any agency that can be
identified in India, such as NIXI, who can be
made a repository of the data concerning the
registrant, or an agency through which the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 21 of 243

data could be transmitted by the DNR, upon
verification by NIXI, in case a trademark
owner has a grievance against a specific
domain name;
(vii) If any directions are issued to the DNRs, and
the same are not implemented, the manner in
which the implementation of the said orders
can be ensured;
(viii) Since almost all domain names are
registered only after payments are made
through credit card, or other online payment
methods or apps, is it possible, upon request by
any identified agency, to provide the
information relating to the person who has
made the payment, to the trademark owners.
This should be discussed in the aforementioned
th
meeting to be held on 30 August, 2022.
32. The recommendations in respect of the above
aspects, shall be given by DoT and/or MeitY. All
these aspects shall also be dealt with by the specific
affidavits, which shall be filed by the DNRs, who are
offering their services in India.
33. If the DNRs are offering any other additional
services by themselves, or through their affiliate /
associate companies, such as web hosting, cloud
services, etc., the said affidavits shall contain any
additional data, or information, that the DNRs obtain
in such cases, and if so, in what manner is this data
stored with them.”
(A) Investigation of financial frauds and role of banks
rd
20. On 3 August, 2022, the Court was informed that the Cyber Crime Unit,
Delhi Police has constituted a Special Investigation Team called the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 22 of 243

Intellectual Fusion and Strategic Operations (hereinafter “ IFSO ”), to look into
the misuse of well-known marks in misleading domain names, website and
URLs. Further, vide status report dated 3rd August, 2022 filed in Fashnear
Technologies (supra), it was stated that out of the 28 suits pending in the
batch, in 17 matters First Information Reports have been registered and
pursuant to the orders passed by the Court similar investigations have been
consolidated with the IFSO. Considering the scale of collection of monies and
the necessity of cooperation from the banks, Telecom Service Providers
(hereinafter “ TSP ”) and Internet Service Providers (hereinafter “ ISP ”) for
gathering of information and better coordination, the Court had directed a joint
meeting amongst the IFSO, the Delhi Police, the National Payments
Corporation of India (hereinafter “ NPCI ”), the Indian Computer Emergency
Response Team (hereinafter “ CERT-IN ”), DoT and MeitY.
th
21. On 14 September, 2022 the Court was informed about the status of the
investigation being conducted by the IFSO in the batch matters. The status
reports had been filed in 25 suits and Ms. Hetu Arora Sethi, ld. ASC had taken
the Court through some of the said reports. It was observed by the Court that
as per the status reports monies have been collected illegally by using the
brand names, marks and business names of the Plaintiffs under the garb of
offering distributorships, franchisees, employment etc. The said amounts are
deposited in bank accounts opened in individual names but represented as
belonging to the Plaintiffs and are withdrawn almost instantaneously.
However, the magnitude of the fraud being committed was still to be
unearthed. Accordingly, it was directed that the investigation shall continue
st
and further status report be filed by 1 December, 2022.
st
22. Further to the above directions, the Court was informed on 1
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 23 of 243

December, 2022 that in 6 out of 25 cases, chargesheets have been filed and in
few cases arrests have also been made. However, in some cases since the
victims were not found in Delhi, the investigation did not proceed further. The
Court clarified that where the brand owners of the registered marks are located
in Delhi or if any transaction has taken place in Delhi, the Cyber Cell, Delhi
Police, may register the FIR and conduct investigation. The IFSO was also
directed to file a consolidated status report within four weeks.
th
23. On 27 September, 2023, Ms. Sethi, ld. ASC had placed on record a
rd
consolidated status report dated 23 September, 2023 and submitted that
chargesheets have been filed in 10 cases. In addition to the same, in
th
compliance with the directions passed on 16 August, 2023, a written note of
arguments was placed on record detailing the challenges faced by the Cyber
Cell, Delhi Police, in investigation of cases involving similar issues as present
batch of matters. The challenges mentioned therein, in brief, are as under:
i. Delay by banks in replying to emails and information sought by
the Cyber Cell.
ii. DNRs and intermediaries who are hosting the website not
providing proper details of the Registrants in respect of cloud services
and other services availed by them.
iii. Use of Voice Over Internet Protocol (hereinafter “ VOIP ”),
Virtual Private Network (hereinafter “ VPN ”), etc. by fraudsters to avoid
detection.
iv. Non-providing of information by Google even though fake
websites have booked AdWords through Google Ads programme.
24. The Court had perused the written note of arguments and heard Ms.
Sethi, ld. ASC before issuing notice to all the nominated counsels of all the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 24 of 243

banks, who have been nominated by the Delhi High Court, so as to evolve a
method for ensuring that queries by the police authorities are replied to in a
diligent and efficient manner, as it involves innocent customers being duped
of substantial sums of money. Insofar as Google LLC was concerned, the
Court directed it to nominate one official for communication with the Cyber
Cell, Delhi Police and rendering necessary assistance.
(B) Assistance from Banks to Law Enforcement Agencies
25. The ld. Counsels for various banks, including the RBI, had entered
th
appearance on 24 November, 2023. The Court directed RBI to file an
affidavit addressing any guidelines which may have been issued to the banks
in respect of providing assistance to police authorities and complying with the
directions of the Court. In addition, the banks present before the Court were
directed to also file an affidavit as to the procedure followed by them to reply
to queries of the police.
26. Ms. Sethi, ld. ASC had also pointed out to the Court that in a number
of cases the ultimate accused is located in other States, making it difficult for
the Delhi Police to conduct investigation and prosecute the said accused
person. Accordingly, observing that there is a need for co-ordination between
the various Cyber Crime Cells in the country, notice was issued to the Ministry
of Home Affairs (hereinafter “ the MHA ”). Further, the Joint Secretary, MHA
th
was directed to hold a meeting on 20 December, 2023 between the Cyber
Crime Cells of different States to deal with cases involving financial fraud
done on the internet.
27. Pursuant to the above directions, a meeting was held with the banks by
the RBI and the MHA, including the Director General of Police of some
States. It was expressed by the Law Enforcement Agencies (hereinafter
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 25 of 243

“ LEAs ”) in the said meeting that the banks ought to expedite the process of
st
providing of information. On 1 February, 2024 it was submitted by the ld.
Counsels for the banks, that this issue has been taken cognizance of by the
Indian Banks Association (hereinafter “ IBA ”). On behalf of RBI, a detailed
Standard Operating Procedure (hereinafter “ SOP ”) was placed on record
th
along with affidavit dated 16 January, 2024, as per which strict deadlines
have been fixed for banks to provide information to the LEAs, and the same
are mandatory. The Court, after hearing the parties, and considering the SOP,
directed the IBA to hold meetings of its sub-groups and sub-committees to
ensure that all banks implement the SOP. Accordingly, notice was issued to
IBA and it was directed to place on record its stand in respect of
implementation of the SOP.
th
28. Thereafter, on 15 April, 2024, in terms of the above directions, an
affidavit was filed on behalf of IBA. As per the same, there was an existing
th
SOP dated 11 April, 2022 which was in operation as approved by the Central
Intelligence Economic Bureau (hereinafter “ CIEB ”). However, pursuant to the
directions of this Court and the meetings held by RBI with the concerned
stakeholders, another sub-group was created by IBA for updating the existing
SOP. The updated SOP were also placed on record and the same were perused
by the Court. The updated SOP directed appointment of nodal officers as
Single Point of Contact, creation of a dedicated email account and publishing
the details of the compliance officers on the websites. It also laid down
timelines for providing information to the LEAs. It was submitted by the ld.
Counsel for RBI that the said SOP would be shared with all the banks after
the same are approved by CIEB and RBI. Accordingly, considering that the
finalising of the SOP shall take further time, the Court had directed the banks
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 26 of 243

to adhere to the timelines mentioned in the updated SOP placed on record.
th
The process of finalising the said SOP was directed to be concluded by 30
May, 2024 and thereafter, the same were to be communicated to all the banks.
29. In addition to the above, the Court was also informed by the ld. CGSC,
of a new agency established by the MHA i.e., the Indian Cyber Crime
Coordination Centre (hereinafter “ I4C ”) with the following mandate:
“8. The Ministry of Home Affairs has rolled out the
Indian Cyber Crime Coordination Centre (I4C)
which has the mandate to develop effective
coordination and cooperation amongst the LEAs of
States/UTs and other stakeholders of cybercrime.
9. The I4C provides two modes of reporting online
cybercrime complaints. First mode is through
"National Cybercrime Reporting Portal" (NCRP)
website [www.cybercrime.gov.in] and the second
mode is through National Cybercrime Toll-free
Helpline No. 1930. The NCRP portal is designed for
reporting all types of cybercrime including online
financial crimes. The NCRP portal is composed of
two components - one for citizen complaint reporting
and another for the Police to monitor and act up on
those complaints and access other resources. The
portal allows victims of cybercrime to easily lodge
their complaints without having to visit any police
stations. The portal helps the States/UTs to monitor
various types of cybercrimes originating both
nationally and internationally and take necessary
steps to curb them.
10. The Citizen Financial Cyber Fraud Reporting
and Management System (CFCFRMS) has been
developed by I4C to integrate Law Enforcement
Agencies (LEAs), banks, and financial
intermediaries to take immediate action against
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 27 of 243

financial cyber frauds. The system empowers both
banks and the police by allowing them to share online
fraud-related information in real-time, enabling
them to take swift action. The system traces the flow
of crime proceeds through the financial channels and
aims to prevent the outflow by timely interventions.
Without timely intervention, the outflow of the crime
proceeds is not possible to stop in the financial
system. All States/Union Territories (UTs) and 293
Banks and Financial Institutions have been
onboarded to CFCFRMS so far for effective visibility
and to take swift action on the movements of
fraudulently reported amounts and mark lien or
freeze the same within the financial channels by the
Law Enforcement agencies. The Law Enforcement
Agencies of all States/UTs take necessary actions on
the complaints received online on the portal as per
law. l4C, Ministry of Home Affairs has no
intervention in the process.
12. The l4C has constituted seven Joint Cyber
Coordination Teams (JCCTs) [as tabulated below]
in consultation with the States/UTs on the basis of
cybercrime hotspots/areas for effective coordination
of Law Enforcement Agencies. JCCT is mandated to
achieve effective coordination among States/UTs for
inter-state investigation assistance, intelligence-led
operation, criminal profiling, data. Sharing,
identification of suspects, real-time exchange of
information, and cooperating on all other aspects of
cybercrime and cyber threats. The JCCT is a
regional grouping of States/UTs that can work
together and also collaborate with the I4C, New'
Delhi, broadly in the areas of being a knowledge and
resources sharing platform to holistically tackle
cybercrime.”
nd
30. The Court was apprised on 2 July, 2024 by the ld. Counsel for RBI
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 28 of 243

that the updated SOP qua the process for providing information by the banks
to the LEAs, has been finalised by IBA in consultation with the CIEB, and the
rd
same has been circulated to all banks vide email dated 3 June, 2024.
31. On 21st December, 2024, the Court had considered the updated
standard operating procedures issued by CEIB in respect of a request for
information made by a LEA to be followed by the Banks. After hearing the
parties the Court had passed certain directions. The relevant portion of the
order dated 21st December, 2024 reads as under:
“5. The above discussion would show that insofar as the
said SoP for sharing information with LEAs is
concerned, the IBA has to ensure the implementation of
the same by the banks, which has not yet been done.
6. The banks contend today that the SoP is still not a
binding document. Mr. Gupta, at this stage, submits that
he would then have to seek instructions in the matter and
apprise the Court as to whether the said SoP has
actually been followed or not.
7. Accordingly, issue court notice to Mr. Rajesh Kumar
Gautam, ld. Counsel for Indian Bank Association (IBA)
(M: 9811252434, email rajeshgautam@klmehta.net) in
this matter for seeking instructions. Let an affidavit be
filed on behalf of the IBA as to whether it has advised
all the banks to ensure that the SoP is fully and strictly
adhered to and also whether the same was circulated to
all the banks or not.
8. In addition, Mr. Gupta ld. Counsel shall also to take
instructions from the banks he is representing about the
implementation of the SoP.
9. Both ld. Counsel for IBA and Mr. Gupta shall also
seek instructions and file an affidavit on how much
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 29 of 243

period is taken for freezing bank accounts after a Law
Enforcement agency request and/or order of the Court
is furnished to the banks.”
th
32. On 7 February, 2025 Mr. Sanjay Gupta, ld. Counsel had appeared and
submitted that he would obtain instructions and file a report by the next date
of hearing in respect of the implementation of the circular dated 30th
December, 2024 by the banks represented by him. Further, insofar as the IBA
is concerned, Mr. Rajesh Kumar Gautam, ld. Counsel had appeared through
Video Conferencing and submitted that an affidavit has also been placed on
record on behalf of the IBA in terms of the order dated 21st December, 2024.
rd
33. Mr. Gautam, ld. Counsel had also handed across an email dated 3
June, 2024 from the IBA which was sent to all banks, including public sector,
private sector, foreign, co-operative and regional rural banks, enclosing the
updated SOP for providing information to the LEAs. Thus, all banks have
been advised to follow the updated SOP for providing the information to
LEAs within the time period and as per the manner prescribed therein.
(C) Mismatch of payment details – Beneficiary Bank Account Name
Look-Up Facility
34. At this stage it is relevant to note that another significant issue was came
th
to the attention of the Court on 14 September, 2022 i.e., the mismatch of
payment details whenever payments are made for purchase of domain names.
As per the Plaintiffs, there is a mismatch between the actual name of the
account holder as registered with the concerned bank and the name provided
for billing to the DNR. It was submitted that there is currently no verification
method to check if the name of the account holder is the same as the name
entered at the time of purchase. The Plaintiffs prayed for directions to remedy
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 30 of 243

this position and prevent innocent public from being duped by fraudulent
domain name Registrants. The Court had directed the MeitY to consider the
said issue in its meetings with the stakeholders as also directed NPCI to
provide its views on the same.
st
35. On 1 December, 2022, the Court was of the view that this issue also
ought to be considered by the Reserve Bank of India (hereinafter “ RBI ”).
Accordingly, notice was issued to the ld. Standing Counsel/Nominated
Counsel for RBI – Mr. Ramesh Babu M.R. The RBI was also directed to place
its stand on record on this issue along with recommendations to remedy the
same.
th
36. An affidavit dated 9 February, 2023 was handed over on behalf of RBI
in compliance of the above directions. The stand of the RBI was that it has
issued from time to time various guidelines in respect of payment through
Real Time Gross Settlement (hereinafter “ RTGS ”) and National Electronic
Fund Transfer (hereinafter “ NEFT ”) modes, as also, in respect of mandatory
compliances that are to be affected by the banks at the time of opening of
accounts. However, it was stated that RBI has not issued any specific
instructions advising banks to ensure that the name of bank account holder
and the names in the billing details correspond to each other. Further in respect
of the actions which can be taken by NPCI it was stated as under:
“10. It is submitted that Immediate Payment Service
(IMPS), one of the modes of electronic fund transfer
is operated by National Payments Corporation of
India (NPCI). NPCI has enabled the banks to offer
beneficiary account validation functionality to
confirm the beneficiary account name (as per
bank CBS) and account status before making the
transaction . Banks need to ensure that they are
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 31 of 243

equipped for providing this functionality and also
necessary changes in their Bank application (net
banking/mobile banking) User Interface (UI)/User
Experience (UX) to enable this functionality to their
customers in the transaction process flow. Unified
Payments Interface (UPI), which is also operated
by NPCI offers the functionality wherein the
customer can verify the beneficiary UPI
ID/Virtual Payment Address (VPA) from the app
thus providing a layer of protection to the
remitter.”
37. It was further submitted by Mr. Ramesh Babu, ld. Standing Counsel for
RBI, that it is mandatory to conduct KYC before opening of a bank account.
However, the verification of the beneficiary account name is a functionality,
introduced by the NPCI, is available with the banks and it is upon them to
enable it. The Court, after considering the submissions of the parties as also
the affidavit of RBI, directed RBI to seek instructions whether RBI can issue
guidelines making it mandatory for banks to match the beneficiary’s name/
name in the billing details with the account holder’s name and not merely the
account number , whenever banks accepts online or offline payments.
th
38. The Court was informed on 27 March, 2023 via an affidavit sworn by
the Assistant General Manager, Department of Supervision (Banking), RBI of
the position of RBI qua making it mandatory to match beneficiary’s name in
the billing details with the account details before passing credit. The same is
extracted hereunder:
“6. It is further submitted that Digital Payment
products provides beneficiary name verification
services which the originator can use to verify the
name of the account to which funds are being
transferred prior to initiating transfer. At present, the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 32 of 243

facility of beneficiary name lookup at the time of
origination of transaction is available for UPI. RBI
is exploring the feasibility for introduction of the
aforesaid facility in other payment products such as
RTGS, NEFT, IMPS etc both in online and off-line
i.e. at the bank branch modes, and steps would be
taken by RBI after taking into account technology,
data privacy and other related issues.
7. It is submitted that issuing guidelines making it
mandatory for banks to match the beneficiary's name
in the billing details with the account holder's name
before passing on credit will make digital payments
inefficient and result in a large number of returns. In
view of the submissions made herein above, RBI is
not in favour of issuing any guidelines making it
mandatory for banks to match name before passing
on credit.”
39. In view of the above position, RBI was directed to seek instructions as
to the timelines, if any, for introduction and implementation of the beneficiary
name lookup facility at the time of origination of transactions in cases of
RTGS, NEFT and Immediate Payment Service (hereinafter “ IMPS ”), both in
online and offline mode.
th
40. Accordingly, on 26 May, 2023, the Court was apprised, in terms of the
previous order, that the ‘beneficiary name lookup facility’ would be made
nd nd
operational by June, 2024. Thereafter, on 2 July, 2024, an affidavit dated 2
July, 2024 was handed across by the ld. Counsel for RBI, as per which, the
‘beneficiary name lookup facility’ had been implemented in respect of IMPS.
Further, it was stated that the banks would be advised by December, 2024 to
extend the said facility to customers using RTGS and NEFT payment systems.
st
41. Further to the above, on 21 December, 2024 the ld. Counsel for RBI
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 33 of 243

th
had handed across a press release dated 9 October, 2024, as per which, the
‘beneficiary name lookup facility’ has been implemented insofar as UPI and
IMPS mode of payment in concerned. However, it was submitted by the ld.
Counsel that a similar facility in respect of RTGS and NEFT was under testing
and would be made available to the banks soon along with relevant guidelines
for the same. Accordingly, the Court after considering the above submissions
directed the RBI to expeditiously activate the said facility. The relevant
st
portion of order dated 21 December, 2024 reads as under:
“13. Steps being taken by the RBI to for
implementation of the said Beneficiary’s Name
Lookup Facility for RTGS and NEFT transactions
are extremely crucial to prevent cyber fraud like the
kind of fraudulent activity that are being dealt in this
case. The RBI shall , without any delay, create the
said facility referred to as, Beneficiary’s Name
Lookup Facility in terms of its affidavit and the press
release dated 9th October, 2024 as also in terms of
various previous orders of this Court. Delay in the
implementation is likely to impact thousands of
innocent consumers, who make payments without
realising who is the beneficiary.
14. Let the RBI expeditiously activate the said system
of Beneficiary’s Name Lookup Facility and inform
the IBA and its member banks of the said facility,
which could be implemented by the Banks.”
th
42. On 7 February, 2025, ld. Counsel for RBI had placed on record a
circular dated 30th December, 2024, titled “ Introduction of beneficiary bank
account name look-up facility for Real Time Gross Settlement (RTGS) and
National Electronic Funds Transfer (NEFT) Systems ”. It was submitted on
behalf of RBI that in view of the said service remitters using RTGS and NEFT
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 34 of 243

mode of payments would be able to verify the name of the bank account to
which the money is transferred before initiating the said transfer in order to
prevent frauds. The RBI had also issued certain instructions to the banks in
respect of the extension of the lookup facility to RTGS and NEFT. The Court
st
was also informed that the said services would be fully implemented by 1
April, 2025.
43. In addition to the above, Mr. Susmit Pushkar, ld. Counsel appearing for
th
NPCI was directed to file an affidavit in respect of the circular dated 30
December, 2024 addressing the measures to be taken by NPCI for achieving
the deadline mentioned in the said circular. It was also directed that NPCI
shall also address the process of verification of the name of the account holder
before initiating the transaction and the manner in which the same would be
implemented.
th
44. On 7 February, 2025, Mr. Khan, ld. Counsel had brought to the
th
attention of the Court a communication by NPCI dated 26 June, 2020
wherein certain steps have been taken to mitigate risks by misleading
VPAs/UPI ids. One of the reference list of keywords includes brand names
which are registered with the trademarks authority. Accordingly, the Court
had directed NPCI and IBA to file affidavits in this regard.
45. Pursuant to the said directions, the concerned officials of NPCI being
Mr. Ajay Shyam Pal, In-Charge Products and Mr. Nitesh S.K., Lead Product
Development, were present in Court on 15th February, 2025. An affidavit
dated 14th February, 2025 was also filed by NPCI in terms of the directions
passed on 7th February, 2025. The Court perused the same and after
considering the submission of Mr. Pushkar, ld. Counsel for NPCI, following
directions were passed:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 35 of 243

“22. It is noted that one of the important features of
this affidavit is Annexure 1 which contains the
indicative reference list of key words not to be
allowed to individuals. The said list also contains
names/marks of well known brands or companies
which cannot be permitted to be registered as IDs of
account holders without the permission of the said
entity/brand holder. Further, the said list also
includes various websites and well-known marks,
organizational names, Government bodies,
corporate designations which are not to be
registered.
23. It is submitted by ld. Counsel for NPCI that the
said list is only an indicative list prepared by NPCI
for the information of the banks and the same is not
a definitive list. It is also submitted that the directions
to the respective bank would have to be issued by the
Court for refraining from registering a particular
string of words. The NPCI does not have the power
to implement the same.
24. Considering the said submissions, let the ld.
Counsel for the NPCI take instructions as to whether
upon a Court being satisfied that a brand or a mark
has acquired a status which is well known and there
ought to be an order directing that no individuals
should be allowed to register bank accounts or UPI
Ids or VPAs with the said brand names, an advisory
can be issued by the NPCI to all banks in this regard,
which would thereafter have to be implemented by
the banks themselves.”
th
46. Further to the above directions, on 5 April, 2025, Mr. Pushkar, ld.
Counsel submitted that it would not be possible for the NPCI to issue an
advisory to the banks in terms of an order of the Court directing that no
individuals should be allowed to register bank accounts or UPI IDs or VPAs
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 36 of 243

with certain brand names. It is further submitted that the creation of UPI IDs
or the VPAs is the responsibility of the respective banks and not of NPCI,
accordingly, it is up to the banks, who permit registration of the IDs, to ensure
that there is no violation or use of key words which are impermissible. In view
of this submission, the Court directed IBA to file an affidavit addressing the
above, including the issue as to what measures can be taken by the IBA to
ensure compliance by all banks of any order which may be passed by the Court
directing that no individuals should be allowed to register bank accounts or
UPI IDs or VPAs with the certain brand names.
nd
47. The IBA had filed an affidavit dated 22 May, 2025 pursuant to the
above directions, in which the stand of the IBA and its members has been
th
recorded. The same was considered by the Court on 27 May, 2025. Mr.
Gautam, ld. Counsel for IBA, had clarified that the IBA is only a voluntary
society of banks. Further, Mr. Srinivas Rao, Advisor to IBA was also present
online through video conferencing and submitted that an advisory has been
issued to all member banks of the IBA to strictly comply with the circulars
and instructions issued by the Reserve Bank of India, including the ones
considered by the Court, in the present proceedings.
(D) Enforcement of Orders - Appointment of Grievance Officers by DNRs
nd
48. Further to order dated 2 June, 2022, wherein the Court had directed
DoT and MeitY to file an affidavit disclosing their stand in respect of the
st
privacy protect features provided by the DNRs, an affidavit dated 1 August,
rd
2022 had been filed by MeitY. On 3 August, 2022, the Court had considered
the said affidavit as also the submissions made by Mr. Anil Kumar Pipal,
Senior Scientist-F, MeitY. The relevant portion of the said order reads as
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 37 of 243

under:
“18. Pursuant to the same, an affidavit dated 1st August,
2022 has been filed in CS(COMM) 135/2022. Some
relevant submissions made by MeitY in the said affidavit
are summarized as under:
• NIXI cannot block domains in a blanket manner,
as the same is against NIXI’s policy framework,
however it can block websites as per Court
orders;
• NIXI has market operations with DNRs located
both within and outside India through Registrar
Accreditation Agreements (RAA), whereby all
DNR is mandated to share information of the
domains with NIXI;
• All domain name registries other than NIXI, if
located in Indian territory, are bound to share
WHOIS details of domains upon Court orders;
• In case of domain name registries outside India,
the RAA does not obligate the registries to follow
Indian law.
[…]
21. On behalf of MeitY, Mr. Anil Kumar Pipal, Senior
Scientist-F, has appeared and submits that though there
are no regulations at present as to the manner in which
it can be ensured that DNRs, especially those not in
India, follow the orders of the Court or any Executive
instructions. The same could be discussed internally and
he would be willing to place a recommendation or a
proposal before the Court on behalf of the
Government.”
49. In addition to the above, the Court was informed by Mr. Anil Kumar
Jain, CEO, NIXI that it has agreements with 171 registrars in respect of
registrations of ‘.in’ and ‘.bharat’ domain names. As per Clause 4.4.3. of the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 38 of 243

Registrar Accreditation Agreement of NIXI anonymous proxy registrations
are barred and no privacy or proxy service can be provided . It was also
submitted by Mr. Jain, that NIXI has implemented the General Data
Protection Regulation, Regulation (EU) 2016/679 (hereinafter “GDPR” ), and
thus, NIXI has itself masked the details of the registrants . However, the said
details would be provided in response to a Court order or request from a Law
Enforcement Agency.
th
50. On 13 September, 2022, it was brought to the attention of the Court
that the Plaintiffs are facing certain common issues in implementation of
orders passed by the Court against the DNRs. The Plaintiffs face difficulties
in serving those DNRs who do not have their offices in India, as also in
obtaining details of the Registrants of infringing domain names. In this regard,
it was submitted by the Plaintiffs that the Information Technology
(Intermediary Guidelines and Digital Media Ethics Code) Rule, 2021
(hereinafter “ Intermediary Rules, 2021 ”) requires appointment of Grievance
Officer, as part of the Grievance Redressal Mechanism, for handling
complaints and implementation of orders passed by competent Courts.
Considering the same, the Court had directed the DNRs to seek instructions
and inform the Court –
i. whether they have appointed the Grievance Officers in terms of the
Intermediary Rules, 2021?
ii. If yes, then provide the details of the same.
th
51. Accordingly, the matters were taken up on 14 September, 2022. The
Court had heard submissions on behalf of various DNRs. It was submitted by
Mr. Dayan Krishnan, ld. Sr. Counsel on behalf of the Newfold Group,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 39 of 243

consisting of six DNRs before the Court, that each of the said DNRs have
appointed Grievance Officer. Further, the submission made qua the grievance
redressal mechanism would be relevant and the same are extracted hereunder:
“23. In so far as the grievance redressal mechanism
is concerned, Mr. Krishnan submits that the Newfold
Group is in compliance with Rule 3(2)(a) of the
Information Technology (Intermediary Guidelines
and Digital Media Ethics Code) Rules, 2021
(hereinafter “IT Rules 2021”), as whenever any
complaint is made by any user or victim, the
acknowledgment is issued to said user/victim, within
24 hours and the complaint is disposed of within 15
days from the date of its receipt. He further submits
that if any order is issued by any Court of competent
jurisdiction or any order, notice or direction is issued
by a governmental or competent authority, the same
would be complied with in terms of the IT Rules 2021.
Similarly, if any order granting injunction or
directions with respect to infringing domain names
or other orders with respect to infringing domain
names are passed by this Court or any Court of law,
the Grievance Officer would facilitate giving effect to
such orders and ensure that the same are complied
with, upon receiving a communication at the email
addresses set out above. Mr. Krishnan however,
submits that considering the time differences and the
fact that some coordination may be required for such
compliance across different offices of the DNRs,
reasonable time of 48 to 72 hours maybe afforded for
the purposes of the said compliance.
24. These submissions on behalf of the Newfold
Group are recorded and the Newfold Group shall be
bound by the same, in all matters where infringing
domain names are involved. If the said Grievance
Officer is changed in the future, such change shall
also be notified by prominently publishing it the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 40 of 243

websites of each of the entities of the Newfold
Group.”
52. Insofar as GoDaddy is concerned, it was submitted by Mr. Darpan
Wadhwa, ld. Sr. Counsel, that they were unable to obtain instructions as to the
status of appointment of a Grievance Officer under the Intermediary Rules,
2021. Further time was sought to verify the same. The Court, as last and final
th
opportunity, permitted GoDaddy time till 20 September, 2022 for
appointment of, or informing the Court about, the Grievance Officer as per
the Intermediary Rules, 2021. Further, one week time was provided to all the
DNRs providing services in India for appointment of Grievance Officer, if not
already done so, in compliance of the Intermediary Rules, 2021. In the event
of failure to appoint the Grievance Officer by any DNR within the said period,
the Court directed MeitY to take appropriate actions in accordance with law
th
against the same. The relevant portion of the order dated 14 September, 2022
is extracted hereunder:
“36. If the said DNRs have not appointed Grievance
Officers, one week’s time shall be given to them for
making the appointments in accordance with the IT
Rules, 2021. If the said compliance is not made by
DNRs, MeitY is free to proceed in accordance with
law against such DNRs who are offering their
domain name registration, hosting and related
services in India, without complying with the local
laws. A status report be put up by MeitY by the next
date, on this aspect including the steps taken by
MeitY pursuant to the directions contained above.”
th
53. Further, on 14 September, 2022, a status report was filed by MeitY
informing the Court of the steps taken pursuant to the directions passed by this
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 41 of 243

rd
Court vide order dated 3 August, 2022. The Court was informed that MeitY
has prepared a questionnaire which has been shared with all the stakeholders
and meetings have also been held with the same including ICANN, the
th
Ministries, DNRs, Delhi Police etc. The DNRs were provided time till 30
September, 2022 to furnish their response to the said questionnaire. It was also
directed that the meetings and deliberations shall continue and MeitY shall
file its recommendations in respect of the issues highlighted by the Court vide
rd
order dated 3 August, 2022.
th
54. Further to the above directions, the Court was informed on 11 October,
2022 on behalf of GoDaddy, and M/s. Hosting Concepts B.V. (hereinafter
“ Hosting Concepts ”) that both the said DNRs have appointed their Grievance
Officers in terms of the Intermediary Rules, 2021. In view of the submissions
made on behalf of the said DNRs, it was clarified that the paragraphs 23 and
th
24 of the order dated 14 September, 2022, extracted hereinabove, would
apply mutatis mutandis to both GoDaddy and Hosting Concepts.
th
55. In respect of the directions passed on 14 September, 2022, qua
appointment of Grievance Officers by the DNRs, a status report was filed by
MeitY, wherein it was recorded as under:
“As of today, MeitY does not have powers to take
action against non-compliant domain name
registrars. On the order of the Hon’ble Court, action
on blocking of website and email IDs would be taken.
The power of such blocking is vested with DoT
through ISPs.”
th
56. The said status report was considered by the Court on 10 February,
2023, and it was directed as under:
“6. It is noticed that there are two sets of DNRs which
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 42 of 243

are operating in India.
• The first sets of DNRs are those who offer various
Global Top Level Domains (GTLDs) such as
(.com), (.net) and (.org). Some such DNRs have
agreed to appoint grievance officers and
implement orders passed by Indian
Courts/Authorities. However, a number of DNRs
have either not responded to MEITY or have
belatedly refused to comply with the orders
passed by this Court.
• The second set of DNRs which operate in India
are (.in) DNRs. In so far as (.in) DNRs are
concerned, they are stated to have appointed
Grievance Officers, as reflected in MEITY’s
report.
7. In addition, ld. Counsel for the Plaintiffs in some of
the matters have also informed the court that a number
of DNRs have completely refused to comply with the
blocking orders and other directions issued by this
Court, in respect of infringing domain names.
8. In view of the aforementioned facts which have come
to light through MEITY’s status report, the submissions
made before this Court from time to time and the e-mails
which have been placed on record today, such as e-
mails by Namecheap Inc, it is clear that stringent steps
would be required to be taken, in order to curb the
menace of illegal domain name registrations having
well known marks and names of business houses. It is
accordingly directed that MEITY/DoT/the appropriate
authority shall take steps action in accordance with the
Information Technology (Intermediary Guidelines and
Digital Media Ethics Code) Rules, 2021 against DNRs
who do not agree to comply with the said Rules or do
not appoint grievance officers or implement orders of
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 43 of 243

Indian Courts/Authorities.
[…]
10. It is directed that the concerned MEITY/DOT
officials shall peruse the various orders which are
passed in these proceedings prior to taking any action
under the Information Technology (Intermediary
Guidelines and Digital Media Ethics Code) Rules, 2021.
Steps in respect thereof, in terms of Rules be taken
within four weeks. The action so taken shall be placed
on record by MEITY by means of a status report by the
next date of hearing.”
th
57. A status report dated 25 March, 2023, had been filed by MeitY
th
pursuant to the above directions, which was considered on 27 March, 2023,
addressing various issues including the following:
a. Action that can be taken by ICANN against DNRs which do
not give effect to orders of the Court of competent jurisdiction: It
was informed by ICANN that under the Clause 5.5.2.1.4 of the
Registrar Accreditation Agreement, ICANN may terminate the said
agreement with the DNR in the event a competent Court determines that
the DNR has failed to comply with an order in respect of domain names
sponsored by the said DNR. It was clarified that termination of the
agreement is only one of the many options available with ICANN under
the agreement.
b. Implementation of Court orders: MeitY has relied upon
Section 69A of the Information Technology Act, 2000 (hereinafter “ the
IT Act ”) and Rules 3, 4, 6 and 10 of the Information Technology
(Procedure and Safeguard for Blocking for Access of Information by
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 44 of 243

Public) Rules, 2009 (hereinafter “ the Blocking Rules, 2009 ”). It is stated
that if there is repeated non-compliance of Court orders by any DNR,
then the same can be construed as a violation of public order under
Section 69A of the IT Act for blocking of the non-compliant DNR.
However, a concern was also expressed to the effect that various
Registrants could be inconvenienced if the website/URL of the non-
compliant DNR is blocked.
th
58. In addition to the above, the Court was also informed on 27 March,
2023 of the orders passed by the ld. Single Judges in two suits i.e., CS(Comm)
604/2022 titled Star India Pvt. Ltd. vs. 7MOVIERULZ.TC & Ors ., and
CS(Comm) 567/2022 titled Star India Pvt. Ltd. & Anr. vs. MHDTV.WORLD
& Ors., directing the DoT and MeitY to take action against five DNRs namely,
NameCheap Inc., Dynadot LLC, Tucows Inc., Gransy s.r.o, and Sarek Oy, for
th
non-compliance of Court orders. Further, on 26 May, 2023, the Court was
apprised that insofar as NameCheap Inc., Dynadot LLC and Tucows Inc., are
concerned, the same have moved appropriate applications stating that they are
willing to comply with the orders of the Court and also appoint the Nodal
Officers.
59. On 21st December, 2024, Mr. Pravin Anand, ld. Counsel, had placed a
compilation before the Court and had highlighted services such as
“ GlobalBlock ” and “ GlobalBlock+ ”, which as per the ld. Counsel are being
provided by GoDaddy to provide protection to brands against unauthorised
registration including for those which provide deceptively similar brands,
homoglyph, variations and domain names with typographical errors of brands.
The ld. Counsel had also placed reliance on the stand of Verisign Inc.
(hereinafter “ Verisign ”) in CS(Comm) 197/2024 wherein Verisign, as a
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 45 of 243

Registry Operator, has taken the position that the issues relating to blocking
of domain names are purely in the domain of the DNR itself and not the
Registry.
60. In view of the above submissions, the Court had directed GoDaddy to
file an affidavit in respect of the services mentioned by Mr. Anand and on the
difference between DNR and Domain Registry.
61. Pursuant to the said directions, an affidavit sworn by one Mr. John
Massey had been filed by GoDaddy. The said affidavit was perused by the
th
Court on 7 February, 2025 and Mr. Wadhwa, ld. Sr. Counsel had made his
submissions in respect of the same. It was the submission of Mr. Wadhwa, ld.
Sr. Counsel that the services “ GlobalBlock ” and “ GlobalBlock +” are being
provided by Brand Safety Alliance LLC, a subsidiary of the parent company
of GoDaddy i.e., Registry Services LLC (hereinafter “ Registry Services ”).
The said entity - Brand Safety Alliance LLC, is stated to have agreements with
various Registries in order to execute the said services. It is also submitted by
Mr. Wadhwa, ld. Sr. Counsel that the blocking of domain names containing a
particular word-string would be implementable only by a Registry and not by
a DNR. Considering the above submissions, notice was issued to Registry
Services and Verisign.
62. Further, the Court had also directed the DNRs to file their respective
notes qua the directions which are being sought for injunction on specific
word strings as also specific domain names including on the following
aspects:
(i) What DNRs can do to implement orders being passed by Courts?
(ii) What are the steps DNRs cannot take which is in the scope of the
Registry concerned?
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 46 of 243

63. Mr. Chander Lall, ld. Sr. Counsel had appeared on behalf of Verisign
th
on 15 February, 2025 and requested time to file an affidavit in terms of the
previous order. The Court after hearing the parties had directed as under:
“13. Pursuant to the order dated 7th February, 2025,
notice was issued to the two Registries i.e., Registry
Services LLC and Verisign, Inc., both the said parties
have entered appearance before the Court. Mr. Chander
Lall, ld. Sr. counsel appearing for m , Inc. submits that
he would like to file an affidavit explaining the role of
Verisign, Inc. and also the steps that can be undertaken
by Verisign, Inc. if directions are given by the Court.
14. Specifically, both these parties i.e., Registry Services
LLC and Verisign, Inc., shall file their affidavits in
respect of the following aspects:
i. The domain name extensions that the said
Registries manage and supervise;
ii. Whether in respect of the said domain name
extensions, orders for suspension, locking,
blocking and transfer of the domain names can
be implemented by them in respect of existing
infringing domain names;
iii. Whether the said Registries can also implement
orders injuncting registration of infringing
domain names in the future which contain the
brands/trademarks as may be directed by the
Court in the form of a TLD/word string.
15. In addition, National Internet Exchange of India
(hereinafter “NIXI”) shall also file an affidavit in
respect of the above directions.
16. At the moment, the said two registries are not being
impleaded in any suit of the present batch matters. Upon
consideration of the affidavits which they file, the Court
shall pass further orders in this regard.”
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 47 of 243

th
64. Further to the above directions, on 5 April, 2025 ld. Sr. Counsels and
ld. Counsels appearing for various DNRs and Registry Operators had placed
on record their respective affidavits or notes and made submissions. Ms.
Kruttika Vijay, ld. Counsel for Hosting Concepts BV had drawn attention of
the Court to the note dated 5th April, 2025, wherein examples of certain
services which Hosting Concepts B.V. has signed onto as an accredited DNR,
including the Trademark Clearinghouse (hereinafter “ TMCH ”) have been
mentioned. It is stated that TMCH is a global repository of validated and
registered trademarks established by Internet Corporation for Assigned
Names and Numbers (hereinafter “ICANN”) to verify trademark data from
multiple global regions and maintain a database with verified trademark
records. The relevant paragraph of the said note is extracted hereunder:
“12. Some Registries provide services to brand owners
through accredited DNRs to help protect the rights of
brand owners on the Internet. Examples of services
which Hosting Concepts has signed onto as an
accredited DNR include:
a. Trademark Clearinghouse (TCMH): TCMH is a
global repository of validated and registered
trademarks established by ICANN to (i) verify
trademark data from multiple global regions; and (ii)
maintain a database with the verified trademark
records. Currently, ICANN has only authorized Deloitte
to provide trademark verification services for TCMH.
The advantage of TCMH include:
i. Brand owners whose trademark rights are
verified by TCMH are provided with a Signed
Mark Data (SMD) file, which is recognized by
several registries as proof of minimum
eligibility requirements.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 48 of 243

ii. New gTLD registries utilizing TCMH are
required to offer a sunrise period for
registration of domain names to brand owners
at least 30 days prior to public access.
iii. On new gTLD registries utilizing TCMH, for a
90-day period after launch, registrants
attempting to register a second-level domain
name will receive a warning if the name
matches an entry in the TCMH. If the registrant
registers the name anyway, the rights owner
will receive a notification from the Trademark
Claims system.
iv. Rights holders with trademarks registered in
the TCMH can opt in to receive additional
notifications of exact matches to names they
have registered in the TCMH.”
(E) Privacy Protect Feature
65. In one of the suits, which was part of the batch matters, i.e., CS(Comm)
176/2021 titled Snapdeal Private Limited vs. GoDaddycom LLC & Ors., the
th
Court vide order dated 13 July, 2022 had observed as under:
“ 7. Ms. Shweta Sahu, ld. Counsel appearing for the
Defendant Nos.1 to 4 submits that the Defendant No.1 -
GoDaddy has an abuse policy, for example, which it has
implemented which enables the trademark owners to fill
up a form to seek suspension/locking of the domain
name complained of. She submits that the same would
then abide by the orders passed by the Court.
8. This abuse policy may not be sufficient as the same
still requires the IP owner to approach a court of law.
The question that arises is as to whether the intervention
of the Court would be required in every case involving
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 49 of 243

registration of infringing domain names, particularly
considering that they are registered in respect of lakhs
and lakhs of domain names, especially for well-known
trademarks. In fact DNRs offer alternate domain names
on their own, without anyone seeking the same.
9. In the opinion of this Court, time has come for DNRs
to create a mechanism by which any trademark owner
who has an objection to the registration granted to any
domain name, can approach the said DNR and seek
cancellation/transfer of the said domain name. The
same ought to be fairly considered through the
mechanism which ought to be independent and
impartial, for eg., through an Ombudsman. If the
cancellation/suspension/transfer as sought is not agreed
to through the said mechanism, then the IP owner can
avail of its remedies in accordance with law.
10. Thus, there ought to be a mechanism where the
abuse policy is not merely dealing with
suspension/locking but should also be able to
cancel/transfer the infringing domain names. Such an
abuse policy should also be implemented by the DNRs
through a specified set of officials based in India, to
ensure that if in a case, the transfer/cancellation is not
permitted under the abuse policy, the trademark owner
would be able to avail of their remedies before the
Courts in India, against such a decision of the DNR.
11. Ms. Sahu, ld. Counsel for Defendant Nos.1 to 4
submits that she would seek instructions in this regard.
Accordingly, let an affidavit be filed as to whether an
independent and impartial mechanism could be put in
place by the Defendant Nos.1 to 4 to prevent the abuse
of trade marks through registration of domain names,
as also, to disable the privacy protect features and make
available the details of the registering person in respect
of domain names on the ‘Whois’ database. Let the said
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 50 of 243

affidavit be filed by 31st July, 2022.”
rd
66. Pursuant to the above, on 3 August, 2022 the Court had heard the
submissions on behalf of the Internet Corporation for Assigned Names and
Numbers (hereinafter “ ICANN ”), and on behalf of certain DNRs. It was
submitted by Mr. Darpan Wadhwa, ld. Senior Counsel on behalf of the DNRs
that the DNRs provide the privacy protect features in compliance of their
agreements with the Registry Operators and ICANN. The same is also
necessary to meet the obligations under the GDPR. In response to the Court’s
query as to whether the said feature is mandatory or optional, the ld. Sr.
Counsel submitted that the same is a bundled feature with no additional
charges to the Registrant. It was also submitted that it is not the DNRs but the
Registry Operators and ICANN which can decide how to proceed with
privacy protect features. The Court had also perused the relevant agreements
between ICANN and Registry Operators, as also between the Registry
Operators and the DNRs. It was observed by the Court that the said
agreements do not obligate DNRs to provide the privacy protect feature
despite blatant infringement and fraudulent activities. Moreover, all Registry
Operators and DNRs, under their respective agreements, prima facie , have to
abide by and give effect to orders passed by competent courts, governmental
authorities etc. However, the parties were directed to seek instructions to make
more comprehensive submissions.
st
67. On 1 February, 2024, Mr. Darpan Wadhwa, ld. Senior Counsel
appearing for GoDaddy made further submissions on the steps which may be
taken in respect of non-compliant DNRs. He categorically, relied on the order
dated 4th December, 2023 of this Court in (CS (Comm) 303/2022) titled
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 51 of 243

Burger King Corporation v. Swapnil Patil & Ors. to state that a similar order
can be passed at the final stage and the examination in respect of all the
identified domain names and the examination of additional domain names can
be done by the Joint Registrar.
th
68. On 5 April, 2025 it was submitted in respect of the privacy issues by
Ms. Kruttika Vijay, ld. Counsel for Hosting Concepts BV, that all accredited
DNRs with ICANN are mandated to comply with the provisions of the
General Data Protection Regulation passed by the European Parliament and
the Council of the European Union. Further, Mr. Raj Shekhar Rao, ld. Senior
Counsel appearing on behalf of ICANN submitted that insofar as the TMCH
and privacy issues in the context of GDPR are concerned, ICANN has already
addressed the same in its responses to the questionnaires provided by the
Ministry of Electronics and Information Technology and the same are
annexed with the written submissions filed by ICANN in CS(Comm)
228/2021 titled Bajaj Finance Limited vs. Registrant of www.bajaj-
finserve.org and others.
V. STAND OF THE PARTIES
69. In the opinion of the Court, it would be apposite to first capture the
position and stand adopted by various parties involved, to better appreciate
the issues involved in the present batch of matters.
(A) ICANN – Internet Corporation on Assigned names and numbers
70. At the outset, Mr. Rajshekhar Rao, ld. Senior Counsel appearing on
behalf of ICANN has submitted that ICANN does not submit to the
jurisdiction of this Court. The submissions made by him are without prejudice
to the said stand and solely for the purpose of assisting this Court.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 52 of 243

71. It is submitted by Mr. Rao, ld. Senior Counsel that the relationship of
ICANN with the Registry Operators, and DNRs is governed by the respective
agreements which exist between the said parties. He submits that ICANN
merely receives data from the Registry Operators and DNRs. The ultimate
control mostly exists with the DNRs and some powers are also vested with
the Registry Operators. ICANN itself does not have any privity of contract
with the Registrants and all policies of ICANN are implemented through the
Registry Operators and DNRs.
72. He further submits that the manner in which ICANN functions is that
it undertakes a complex process of evolving consensus amongst the members
and various stakeholders including governments of several countries. Since,
the entire functioning of ICANN is itself consensual in nature, it is submitted
by the ld. Senior Counsel that ICANN cannot unilaterally submit any
recommendations to the Court on a policy level. It is submitted that ICANN
is not in a position to take any punitive or regulatory action against the
Registry Operators and DNRs. However, ld. Senior Counsel submits that
ICANN’s position is clear that all DNRs have to comply with local laws and
as the laws in each country continue to evolve, DNRs cannot escape the
rigours of the law. Thus, any order passed by the Courts of competent
jurisdiction would have to be implemented by the DNRs.
73. On a specific query from the Court as to whether privacy protect feature
can be directed to be removed, ld. Senior Counsel highlights the quandary
between the revealing of information on one hand and obligations under the
Digital Personal Data Protection Act, 2023 (hereinafter “ DPDP Act ”) on the
other hand. He submits that the owner of the data who registers the domain
name should under the DPDP Act specifically permit revealing of the details,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 53 of 243

failing which, under the said Act, the DNR would not be able reveal without
an order of a Court of competent jurisdiction.
74. On another query from the Court, as to whether DNRs hold domain
names by proxies, it is submitted that some DNRs may be doing so but the
question as to whether the same DNR or some group entity or associated
entity is holding said registration would have to be tested on the facts of each
case.
(B) GoDaddy
75. GoDaddy is a DNR having its headquarters in Tempe, Arizona, United
States of America and incorporated in Delaware, United States of America.
It provides domain name registration services for multiple generic Top-Level
Domains (hereinafter “ gTLDs ”) and several Country Code Top-Level
Domains (hereinafter “ ccTLDs ”). GoDaddy complies with all the court orders
that are passed. GoDaddy’s stand is also that it is mandated due to the
applicability of GDPR that all the details of the registrants have to be
protected. GoDaddy claims that DNRs are mere intermediaries and are only
required to act upon receiving actual knowledge by way of a order of the Court
or a notification from the government. It complies with the necessary due
diligence required under the IT Act and the Intermediary Rules, 2021.
GoDaddy is not a significant social media intermediary. The mere fact that
certain value added services are provided cannot deprive GoDaddy of the safe
harbour protection.
76. The global block affidavit and global block services relied upon by the
Plaintiffs are not provided by the GoDaddy but by its group company Brand
Safety Alliance LLC. These services are provided at the Registry Operators’
level and not at the DNR level. As per GoDaddy, it is only a registry which
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 54 of 243

can block a particular words string as also particular words from being
registered as domain names. This is beyond the capabilities of DNRs as per
GoDaddy.
77. It was submitted by Mr. Darpan Wadhwa, ld. Senior Counsel on behalf
of the DNRs that the DNRs provide the privacy protect features in compliance
of their agreements with the Registry Operators and ICANN. The same is also
necessary to meet the obligations under the GDPR. In response to the Court’s
query as to whether the said feature is mandatory or optional, the ld. Sr.
Counsel submitted that the same is a bundled feature with no additional
charges to the Registrant. It was also submitted that it is not the DNRs but the
Registry Operators and ICANN which can decide how to proceed with
privacy protect features.
78. It is submitted by ld. Senior Counsel that in the Snapdeal (supra)
th 1
decision dated 18 April, 2022, the injunction against a string used in a
domain name has already been dealt with and the Court has held that the
injunctions in such cases would have to be on specific domain name and not
on a string. He further submits that there are more than 2500 DNRs that are
operating and unless and until an order for dynamic injunction, similar to the
order in UTV Software Communication Ltd. v. 1337X.To, 2019 SCC OnLine
Del 8002 is passed, a DNR cannot be made to monitor the registration of
domain names for infringement of trademarks. It is argued that offering of
domain names cannot be held to be infringement of a trademark. He
categorically, relied on the order dated 4th December, 2023 of this Court in
(CS (Comm) 303/2022) titled Burger King Corporation v. Swapnil Patil &
1
Judgement passed in I.A. 5407/2021 in CS(Comm) 176/2021.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 55 of 243

Ors. to state that a similar order can be passed at the final stage and the
examination in respect of all the identified domain names and the examination
of additional domain names can be done by the Joint Registrar. He also places
importance on the decision of the Supreme Court of the United Kingdom in
He also places importance on Cartier International AG and Others v. British
Telecommunications Plc and Another, (2018) UKSC 28 to argue that the
cost of locking and suspending domain name, and continuing to retain control
of the same, cannot be borne by the DNR but by the Intellectual Property
owner who seeks such reliefs.
79. Ld. Senior Counsel also submits that the ISPs or DNRs cannot be
expected to presumptively maintain a check in respect of well-known marks.
By way of illustration, there could be a domain name ‘Apple Stores’ which
could be offering counterfeit products and another ‘Apple Store’ could be
offering the actual apple fruit online. It requires an adjudication or an
examination to determine which domain name would be required to be
blocked. It is submitted that the exercise under the Trademark Act, 1999 ought
to be done by the Court and not by the DNR or the Plaintiff themselves.
Moreover, trademark rights are territorial in nature and it has been seen in
similar matters that there could be different registered proprietors in different
jurisdictions for the same mark. Example of the decision of the US Court of
2
Appeals in Toyota Motor Sales, U.S.A., Inc. v. Tabari , . is cited in order to
highlight the fact that even use of a brand like ‘ Lexus ’ which is an invented
mark is permissible under the nominative fair use doctrine.
80. According to Mr. Wadhwa, ld. Senior Counsel the only effective order
2
Toyota Motor Sales, U.S.A., Inc. v. Tabari, 610 F.3d 1171 (9th Cir. 2010).
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 56 of 243

that can be passed is against the Registry Operators and not against the DNRs,
as was done against NIXI in the case of Burger King (supra) . He further
submits that under Section 79 of the Information Technology Act, 2000
(hereinafter “ IT Act ”) the due diligence that is to be exercised by an
Intermediary is only in respect of infringement of trademark which requires a
Court order as held in Shreya Singhal v. Union of India, (2015) 5 SCC 1 .
81. It is highlighted by ld. Senior Counsel that GoDaddy operates within
the scheme of the Registrar Accreditation Agreement, 2013 or other versions
thereof, as required by ICANN, and under the said agreement:
i. A format has to be followed for registration of domain names;
ii. A verification system through either an email or a phone number
is done;
iii. Privacy issues are also to be given utmost importance, especially
after the enactment of the GDPR which is the standard followed
by ICANN;
iv. The facilities of opt in or opt out is provided to the consumer;
v. The movement has been towards protecting private data in order
to prevent misuse and therefore by default, the privacy protect
feature ought to be permitted. It is submitted by the ld. Senior
Counsel that disclosure of information ought to be the exception
rather than the default rule.
82. On behalf of Goddady, it is also highlighted that there are similar cases
which are dealt with by international jurisdictions. An example is Hermes
International v. John Doe, 12-CV-1623(DLC) (SDNY April 30, 2012), is
cited to show how the permanent injunctions are only against identified
infringing domain names and additional infringing domain names have to be
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 57 of 243

brought to the notice of the Court for the said injunction to be extended.
83. Mr. Wadhwa, ld. Senior Counsel has referred to Section 69A of the IT
Act as also Rule 4 of the Intermediary Rules, 2021 to argue that both these
provisions would not permit blocking of services of the Intermediary itself.
These provisions at best permit blocking of the content which is violative of
law. It is argued that even if the definition of the term ‘ public order ’ under
Section 69A of the IT Act is considered, the violation of a trademark or other
IP rights cannot constitute a breach of public order. He thus submits that
Section 69A of the IT Act itself would not be applicable in the present case
and any blanket remedy in the form of blocking of the DNR to ensure
compliance of Court orders would not be tenable. The blocking of services by
a particular DNR being provided in India would in effect result in closure of
the business of the said DNR, which would also have an impact on Registrants
of various domain names to whom the said DNR may have provided services.
Reliance is placed on the report of MeitY which mention that the blocking of
Namecheap Inc, Diana LLC and Tucos Inc. adversely affected 2.5 lakh users
in India.
84. Mr. Darpan Wadhwa, ld. Senior counsel has relied upon the written
submissions filed by GoDaddy to argue that there are two types of DNRs, (1)
who does not appear before the Indian Courts and are refusing to comply with
the orders, (2) where there are DNRs who regularly appear before the Courts
and there is merely delay in compliance. In the later case, the blocking of the
business of the DNR ought not to be resorted to as the intention of the DNR
is not to violate the orders of the Court but the delay could also be explainable.
In the former case, he submits that the DNR itself ought not to be blocked as
the same would be contrary to Section 69A of the IT Act, inasmuch as Section
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 58 of 243

69A of the IT Act merely contemplates removal or blocking of the
information for access to the public but it does not contemplate the blocking
of the intermediary as a whole.
85. In respect of the privacy and proxy services provided by the DNRs, ld.
Senior Counsel has firstly relied upon the ICANN Registrar Accreditation
Agreement, which is currently in force. Specifically, he refers to clause 3.14
and the certification of privacy and proxy registrations. The said clause 3.14
is extracted hereinbelow:
“ 3.14 Obligations Related to Proxy and Privacy Services.
Registrar agrees to comply with any ICANN-adopted
Specification or Policy that establishes a Proxy Accreditation
Program. Registrar also agrees to reasonably cooperate with
ICANN in the development of such program. Until such time
as the Proxy Accreditation Program is established, Registrar
agrees to comply with the Specification on Privacy and Proxy
Registrations attached hereto .”
86. It is his submission that providing services through proxy servers and
also providing privacy protect features is permissible under the ICANN
Accreditation Agreement. In fact, it is his submission that after the enactment
of the GDPR, the default position has to be protection of personal data.
Reliance is placed upon Article 1, Article 4(5) and Article 25 of the GDPR
and the same are extracted hereunder:
“Article 1: Subject-matter and objectives :
1. This Regulation lays down rules relating to the
protection of natural persons with regard to the
processing of personal data and rules relating to the
free movement of personal data.
2. This Regulation protects fundamental rights and
freedoms of natural persons and in particular their right
to the protection of personal data.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 59 of 243

3. The free movement of personal data within the Union
shall be neither restricted nor prohibited for reasons
connected with the protection of natural persons with
regard to the processing of personal data.
Article 4: Definitions :
4(5). ‘pseudonymisation’ means the processing of
personal data in such a manner that the personal data
can no longer be attributed to a specific data subject
without the use of additional information, provided that
such additional information is kept separately and is
subject to technical and organisational measures to
ensure that the personal data are not attributed to an
identified or identifiable natural person.
Article 25: Data protection by design and by default :
1. Taking into account the state of the art, the cost of
implementation and the nature, scope, context and
purposes of processing as well as the risks of varying
likelihood and severity for rights and freedoms of
natural persons posed by the processing, the
controller shall, both at the time of the determination
of the means for processing and at the time of the
processing itself, implement appropriate technical
and organisational measures, such as
pseudonymisation, which are designed to implement
data-protection principles, such as data
minimisation, in an effective manner and to integrate
the necessary safeguards into the processing in order
to meet the requirements of this Regulation and
protect the rights of data subjects.
2. The controller shall implement appropriate
technical and organisational measures for ensuring
that, by default, only personal data which are
necessary for each specific purpose of the processing
are processed. That obligation applies to the amount
of personal data collected, the extent of their
processing, the period of their storage and their
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 60 of 243

accessibility. In particular, such measures shall
ensure that by default personal data are not made
accessible without the individual’s intervention to an
indefinite number of natural persons.
3. An approved certification mechanism pursuant to
Article 42 may be used as an element to demonstrate
compliance with the requirements set out in
paragraphs 1 and 2 of this Article.”
87. According to Mr. Wadhwa, ld. Senior Counsel the requirement for
privacy protection is not merely an option, but in fact a mandate for all DNRs.
He then relies upon the Temporary Specifications published by ICANN for
gTLD Registration Data, which has in fact, implemented the GDPR and
mandates that most data relating to the Registrants has to be redacted. Even
in response to WHOIS query, only proxy/substitute email can be provided and
nothing more. GoDaddy, in fact, follows a policy called “ Request for
Disclosure of Non-Public Registrant Information ” where anyone, who needs
such information, can file either an IP complaint form, an abuse complaint
form, or a domain name holder request form and the same would be duly
processed as per the policy of GoDaddy.
88. It is also submitted, while placing reliance on Article 6 of GDPR, that
the provisions of GDPR have to be strictly followed and that only in cases of
‘legitimate interest’ that override the interest of privacy would disclosure of
information of a Registrant be permitted. On the basis of said provision, the
ld. Senior Counsel submits that GoDaddy has adopted a mechanism wherein
a specific IP complaint form and NPRD request form has been provided for
raising complaints. It is submitted that as per the NPRD request form, one of
the factors which would constitute ‘legitimate interest’ would be the
ownership of any individual or entity over the intellectual property. If a party
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 61 of 243

is able to show ownership over the intellectual property, upon a request being
made via the NPRD form, GoDaddy would be required to investigate and
respond to the said request withing a period of 30 days. It is argued that the
such methods adopted by GoDaddy show that it is exercising its powers in a
completely non-discriminatory and transparent manner.
89. Finally, reliance is placed upon the DPDP Act which also has laid down
various obligations of entities processing personal data of individuals, such as
GoDaddy. Further reference is also made to various definitions laid down in
the DPDP Act including Sections 2(h), 2(j), 2(n), 2(t), 2(u) & 2(x). It is argued
that in terms of the said provisions information of Registrants would be clearly
covered and thus would have to be protected from disclosure. The said
sections are extracted hereinunder for ease of reference:
“2. In this Act, unless the context otherwise requires,—
(h) “data” means a representation of information, facts,
concepts, opinions or instructions in a manner suitable
for communication, interpretation or processing by
human beings or by automated means;
(i) “Data Fiduciary” means any person who alone or in
conjunction with other persons determines the purpose
and means of processing of personal data;
(j) “Data Principal” means the individual to whom the
personal data relates and where such individual is—
(i) a child, includes the parents or lawful guardian of
such a child;
(ii) a person with disability, includes her lawful
guardian, acting on her behalf;
(k) “Data Processor” means any person who processes
personal data on behalf of a Data Fiduciary;
(l) “Data Protection Officer” means an individual
appointed by the Significant Data Fiduciary under
clause (a) of sub-section (2) of section 10;
(m) “digital office” means an office that adopts an
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 62 of 243

online mechanism wherein the proceedings, from
receipt of intimation or complaint or reference or
directions or appeal, as the case may be, to the disposal
thereof, are conducted in online or digital mode;
(n) “digital personal data” means personal data in
digital form;
xxx xxx xxx
(t) “personal data” means any data about an individual
who is identifiable by or in relation to such data;
(u) “personal data breach” means any unauthorised
processing of personal data or accidental disclosure,
acquisition, sharing, use, alteration, destruction or loss
of access to personal data, that compromises the
confidentiality, integrity or availability of personal
data;
(v) “prescribed” means prescribed by rules made under
this Act;
(w) “proceeding” means any action taken by the Board
under the provisions of this Act;
(x) “processing” in relation to personal data, means a
wholly or partly automated operation or set of
operations performed on digital personal data, and
includes operations such as collection, recording,
organisation, structuring, storage, adaptation,
retrieval, use, alignment or combination, indexing,
sharing, disclosure by transmission,
dissemination or otherwise making available,
restriction, erasure or destruction;
90. It is submitted by the ld. Senior Counsel that under Section 4 of the
DPDP Act, data can be processed by a ‘Data Principal’ for a lawful purpose
only if consent is given or for certain legitimate use. What constitutes the
‘legitimate use’, it is argued, can be seen from Section 7 of the DPDP Act.
Specific reference is made to Sections 7(c), 7(d) & 7(e) of the DPDP Act. The
same are extracted hereunder:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 63 of 243

“ Section 4
4. (1) A person may process the personal data of a Data
Principal only in accordance with the provisions of this
Act and for a lawful purpose,—
(a) for which the Data Principal has given her
consent; or
(b) for certain legitimate uses.
(2) For the purposes of this section, the expression
“lawful purpose” means any purpose which is not
expressly forbidden by law.
Section 7
7. A Data Fiduciary may process personal data of a
Data Principal for any of following uses, namely:— […]
(c) for the performance by the State or any of its
instrumentalities of any function under any law for the
time being in force in India or in the interest of
sovereignty and integrity of India or security of the
State;
(d) for fulfilling any obligation under any law for the
time being in force in India on any person to disclose
any information to the State or any of its
instrumentalities, subject to such processing being in
accordance with the provisions regarding disclosure of
such information in any other law for the time being in
force;
(e) for compliance with any judgment or decree or order
issued under any law for the time being in force in India,
or any judgment or order relating to claims of a
contractual or civil nature under any law for the time
being in force outside India;”
91. It is his submission that the consent from a data principal for disclosure
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 64 of 243

under Section 6 of the DPDP Act has to be so clear and unequivocal that
unless and until consent is obtained, the legitimate intent is to protect privacy
at the highest.
(C) Hosting Concepts
92. Ms. Kruthika Vijay, ld. Counsel appearing for Hosting Concepts has
submitted that the compliance with GDPR is mandatory for almost all DNRs,
especially, her client which is situated in Netherland. At the outset it is
clarified by her that GDPR would only apply wherever the Registrant is a
natural person and not a corporate or other business entity. Thus, in case
of corporate or other non-natural business entity, the disclosure of data
relating to the Registrant of the infringing domain name would not be covered
by the GDPR.
93. She makes reference to Article 4 of GDPR to explain the process of
‘pseudonymisation’ . Further, attention of the Court is also drawn to Article
5(1)(c) read with Article 25 of the GDPR as per which only minimum data
which is required to be collected ought to be collected. This is also known as
the concept of ‘ data minimisation ’. The DNRs, therefore, in compliance with
the said provisions collect only the minimum required data which is necessary
for processing the same.
94. She submits that the GDPR being an instrument which is applied by
about 32 countries, various Courts and forums in different countries have
interpreted it differently and thus, the implementation of the GDPR can prove
to be challenging at times. Ms. Vijay, ld. Counsel describes GDPR as an
amorphous legislation whereby the framework is changing continuously
depending upon the interpretation which is adopted by the Courts. It is also
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 65 of 243

submitted that the DNRs themselves need to be protected, failing which there
would be huge implications for DNRs.
95. Reliance is also placed upon the Temporary Specifications for gTLD
(hereinafter “Temporary Specifications”) prescribed by ICANN and she
submits that if there is any conflict between the Temporary Specification and
the Registrar Accreditation Agreement, the former prevails. Thus, it is her
submission that the DNRs continuously struggle between ensuring
compliance with the Registrar Accreditation Agreement and the Temporary
Specification. It is further pointed out that in terms of the Temporary
Specification, details of the Registrant have to be redacted and privacy is the
default position. She further submits that the ‘ Registration Data Access
Protocol Response Profile ’ (hereinafter “ RDAP Response Profile ”) published
by ICANN, in fact, imposes further obligations upon the DNRs, such as, the
manner in which the redaction has to be done. Specific reliance is placed upon
Clauses 2.7 of the RDAP Response Profile, which deals with contacts and the
redaction clause. It is argued by the ld. Counsel that in terms of the RDAP
Response Profile protection of privacy is mandatory and there can be no
compromise on the same.
96. Ms. Vijay, ld. Counsel has referred to a decision of the Court of Justice
3
of the European Union (hereinafter “ CJEU ”) which concerned a request for
preliminary ruling from the Supreme Court of Latvia in respect of
4
interpretation of Article 7(f) of the EU Directive 95/46/EC (similar to Article
6(f) of the GDPR).
3 th
Case C-13/16 passed by the CJEU on 4 May, 2017
4
Directive on the protection of individuals with regard to the processing of personal data and on the free
movement of such data. Article 7(f) reads as: “Member States shall provide that personal data may be
processed only if: […] (f) processing is necessary for the purposes of the legitimate interests pursued by the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 66 of 243

97. Considering the above, ld. Counsel submits that insofar as Hosting
Concepts is concerned, a model framework could be laid down for disclosure
of the data of Registrants which may involve the following steps:-
(a) That the framework should require a request to be made in writing to the
DNR, either through the Grievance Officer or through a web portal.
(b) The request should be credible and verifiable (such as a notarized
affidavit with some basic conditions that are being satisfied therein).
(c) The same should be properly verified so that there is no fabrication or
forgery.
(d) The Person requiring the information ought to indemnify the DNR for
steps taken against an alleged infringing Registrant.
(e) The information should be capable of disclosure by the DNR in a Court
or before any authority, if sought.
(f) In addition, she submits that other safeguards and exclusions ought to be
that only verifiable rights can be considered by DNRs and not common
law rights relating to pending applications.
(g) The standard of misuse or infringement alleged should be something
which constitutes fraudulent or illegitimate use having a larger
implication.
(h) If a particular website is being used for supporting for illegitimate
purposes, upon the above facts having been satisfied, the privacy
requirements can be suspended and disclosure of registrant details can
be permitted. However, the same would also not result in either transfer
controller or by the third party or parties to whom the data are disclosed , except where such interests are
overridden by the interests for fundamental rights and freedoms of the data subject which require protection
under Article 1(1).”
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 67 of 243

or suspension of the domain name for which an appropriate Court would
have to be approached. It is, therefore, her submissions that under
national law proper frameworks can be evolved to deal with illegitimate
and fraudulent websites.
98. Further, Hosting Concepts claims to be an intermediary and argues that
it would not be liable for any third party content hosted on the website. As per
the affidavit dated it is stated that Hosting Concept shall comply with orders
of the competent Court directing locking, suspension, cancellation or transfer
of identified infringing domain names. It is also willing to disclose details of
Registrants pursuant to directions being issued by the competent Courts.
99. According to Hosting Concept, the mechanism developed by the ld.
Single Judge of this Court in UTV Software Communication (supra) ought
to apply even to rogue websites in the present batch of matters. Insofar as
preventive or automatic blocking of registrations of domain names is
concerned, Hosting Concepts claims that the same is within the realm of the
Registry Operators and not the DNRs. Finally, the position of Hosting
Concepts on the blocking of future domain names is as under:
“5. Therefore, Hosting Concepts can comply (and has
complied) with the orders of competent courts directing
the locking, suspension, cancellation or transfer (at
respective Plaintiff's costs) of the specifically identified
domain names found to be identified as being illegally
used by persons other than legitimate right holders, and
will further comply with specific directions requesting
disclosure of details of registrants of such domain
names, where these details are redacted.”
100. It is also stated that Registry Operators are able to provide certain
services/features such as Trademark Clearing House, Domain Protected
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 68 of 243

Marks List and Adult Block, which would show the various tools/methods at
the disposal of the Registry Operators to address the issues arising in the
present matters. The nature of services that are provided under these features
are as under:
“a. Trademark Clearinghouse (TCMH): TCMH is a
global repository of validated and registered
trademarks established by ICANN to (i) verify
trademark data from multiple global regions; and (ii)
maintain a database with the verified trademark
records. Currently, ICANN has only authorized Deloitte
to provide trademark verification services for TCMH.
The advantages of TCMH include:
i. Brand owners whose trademark rights are
verified by TCMH are provided with a Signed
Mark Data (SMD) file, which is recognized by
several registries as proof of minimum eligibility
requirements.
ii. New gTLD registries utilizing TCMH are
required to offer a sunrise period for registration
of domain names to brand owners at least 30 days
prior to public access.
iii. On new gTLD registries utilizing TCMH, for a
90-day period after launch, registrants attempting
to register a second-level domain name will
receive a warning if the name matches an entry in
the TCMH. If the registrant registers the name
anyway, the rights owner will receive a notification
from the Trademark Claims system.
iv. Rights holders with trademarks registered in the
TCMH can opt in to receive additional
notifications of exact matches to names they have
registered in the TCMH.
b. Domain Protected Marks List (DPML): This is a
service which is provided by the registry, Identity
Digital for TLDs registered with it (e.g. army, info,
legal). Broadly explained:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 69 of 243

i. DPML defensively blocks registrations of
trademarked brands across the Identity Digital
portfolio of domains. At time of purchase, all
Identity Digital domain names matching the
trademarked brand are reserved, allowing only the
trademark holder to register them going forward.
ii. To be eligible to access DPML, rights holders
must hold an SMD file validated by TCMH.
iii. The DPML service is available only with
respect to the trademarked brand with various
gTLDs. For example, if the trademarked brand is
"dabur", the DPML service can be used to
defensively block registrations of dabur.army,
dabur.info, dabur.legal etc.
c. AdultBlock: This is a service which is provided by
ICM Registry, which manages four different extensions:
.xxx, adult, .porn and .sex.
i. AdultBlock is available for any right holders (i)
holding a TCMH SMD file, (ii) with a registered
trademark in any jurisdiction, (iii) with an
unregistered trademark (also called "common law
trademark"), (iv) with a company or organization
name, including "trading as", and (v) a celebrity
wishing to protect their name.
ii. Domains that are already registered with ICM
Registry at the moment the block is ordered are not
included, but as soon as such domain is cancelled,
it is added top the block.”
101. In addition to the above, it is stated that ICANN also has a schedule of
reserved name in terms of specification 5 of the RAA which is signed by all
registries.
(D) Newfold Digital Inc.
102. One of the DNRs in the present suit with which certain infringing
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 70 of 243

domain names have been registered is the Defendant No. 4 – Public Domain
Registry Limited (hereinafter “ PDR ”), which is registered in the Republic of
Seychelles and stated to be a subsidiary of the Newfold Digital Inc.
5
(hereinafter “ Newfold Group ”). At the outset, the stand of NewFold Group is
similar to that of Godaddy i.e., that whenever orders are being passed by this
Court they have been duly complied with by the Newfold Group. It is also
stated that they are intermediaries under the IT Act.
103. On behalf of Newfold Group, Mr. Dayan Krishnan, ld. Senior Counsel
had appeared and has firstly addressed the issue as to what orders the Court
can pass in case a DNR does not comply with or adhere to the orders passed
by the competent Courts in India in respect of either suspending, blocking or
locking the infringing domain name. It is his submission that the business of
the said DNR or the access to the DNR services cannot be blocked under
Section 69A of the IT Act. The said provision is to be used only in case of
exceptional circumstances as contained in the said section itself, viz. (i)
sovereignty and integrity of India, (ii) defence of India, (iii) security of the
State, (iv) friendly relations with foreigner States, (v) public order, and (iv)
for preventing enticement to the commission of any cognizable offence
relating to the said six circumstances. It is submitted by the ld. Senior Counsel
that Section 69A of the IT Act cannot be used to enforce inter se rights of the
trademark owners, which are commercial disputes in nature and thus, would
be outside the purview of the said section.
104. It is argued that the only term, which may need some consideration by
5
The submissions have been made on behalf of PDR and all other affiliates of Newfold Digital Inc., such as
Endurance Digital Domain Technology LLP, BigRock Solutions Limited and Hostgator.com LLC, which
have been impleaded as Defendants in other suits forming part of the present batch matters.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 71 of 243

this Court is ‘ Public Order .’ The said term, according to Mr. Krishnan, ld.
Senior Counsel has already been decided by the Supreme Court in various
judgments as public tranquility and safety. It is submitted that mere
contravention of law would not affect public order, unless if affects the
community or the public at large. In this regard, reliance is placed on the
decision of the Supreme Court in Ram Manohar Lohia v. State of Bihar, AIR
1966 SC 740 . The submission is that mere non-compliance of Court orders
by the DNRs does not amount to breach of public order, and a higher standard
has to be adopted while invoking the provisions of Section 69A of the IT Act.
105. He further relies upon the following judgments: (1) Shreya Singhal v.
Union of India, (2015) 5 SCC 1 ; and (2) Google India Pvt. Ltd. v. Visaka
Industries, (2020) 4 SCC 162.
106. Mr. Krishnan, ld. Senior Counsel has also directed the attention of the
Court to the Blocking Rules, 2009, specifically Rules 6, 7 & 8 to argue that
the blocking of access to any information has to be in the manner as specified
in the said Rules and, would thus require consideration from a Committee
consisting of members not below the rank of Joint Secretary, as prescribed
under Rule 7 of the Blocking Rules, 2009. Such a blocking of information is
to be resorted to in extreme circumstances and not on a regular basis. He
finally submits that certain situations may require legislative intervention and
may be beyond the powers of the Court to block the business of the DNR.
However, if the Committee under Rule 7 of the Blocking Rules, 2009 comes
to a conclusion that non-compliance by the DNR could affect or infringe upon
the sovereignty and integrity of India, then it is up to the Government to take
action. It is submitted that Rule 10 of the Blocking Rules, 2009 is not
applicable to the present cases where there is violation of intellectual property
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 72 of 243

rights and no blanket order for compliance ought to be passed.
107. He also relies upon the judgment in People’s Union for Civi Liberties
(PUCL) vs. Union of India, (1997) 1 SCC 301 , wherein the Supreme Court
was dealing with Section 5(2) of the Telegraph Act which permits the
Government to intercept messages, to argue that the said judgment also makes
it considerably clear that such provisions must be construed narrowly and the
same cannot be done unless the conditions mentioned under the said provision
are satisfied. It is also submitted by the ld. Senior Counsel that orders may be
granted giving liberty to the Plaintiffs for filing applications for impleadment
of infringing defendants along with evidence.
th
108. Furthermore, as per the note dated 15 February, 2025 filed by the
Newfold Group, in compliance of the Court’s directions, the reliefs which can
and cannot be implemented by the said DNR is as under:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 73 of 243

109. Moreover, it is also stated that one of the terms of the registration of the
domain name is that the Registrant ought not to use the services of the DNR
in a way that infringes a patent, trademark, copyright or other IP rights.
Further, it is also stated that ICANN and NIXI, both require compliance with
local laws as also compliance with orders issued by the Court of competent
jurisdiction. Lastly, it is stated that payment details of the Registrant with the
DNR can be provided in order to trace the person who has registered the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 74 of 243

domain name.
(E) Verisign
110. Verisign is a Registry Operator incorporated in Reston, Virginia,
United States of America. At the outset, it is stated that Verisign does not have
any offices or employees in India and does not carry on any business in India,
hence, it is stated that Verisign does not submit to the jurisdiction of this
Court. Verisign is stated to be the delegated Registry Operator for various
TLDs namely ‘. cc ’, ‘. com ’, ‘ .name ’ and ‘ .net ’. It is also the Registry Operator
for certain internationalized domain names in various scripts:
111. The said TLDs are managed by Verisign in terms of the Registry
Agreement with ICANN and the functions performed by Verisign are briefly
set out below:
“6. Verisign is a Registry operator for certain Top-Level
Domains (“TLDs") (as detailed below). As a Registry
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 75 of 243

operator, it maintains the authoritative master directory
of all second level domain name ("SLDs") in the TLD.
The said master directory includes the following
technical details relating to the registrations: (i) the
SLDs (such as " verisign.com ") for the TLD; (ii) the
Internet Protocol ("IP") addresses (such as
192.42.177.30) of the name servers associated with the
SLDs; (iii) the name of the Registrars of the SLDs; and
(iv) the registration expiration dates of the SLDs.”
112. As is evident from the above, Verisign is one of the most important
Registry Operator in the world as it controls the ‘. com ’ and ‘. net ’ domain
name extensions, which are the most popular domain name extensions. More
than 90% of the infringing domain names in the present commercial suits are
‘. com ’ registrations. Hence the stand of Verisign is crucial in deciding the
issues that have arisen in these cases.
nd
113. It is stated in the affidavit dated 2 April, 2025 deposed by one Mr.
Kirk Salzmann, authorised representative of Verisign, that Verisign does not
provide any direct domain name registrations to end users. A Registrant who
wishes to register a domain name with the TLDs operated by Verisign, has to
get the same done through the DNR which has a Registry-Registrar
Agreement with Verisign in respect of the said TLD. It is stated that most of
the data relating to the Registrant lies with the DNR and not with Verisign. It
also does not provide web hosting services. The nature of capabilities
Verisign possesses are claimed to be limited. According to Verisign, the terms
“locking”, “blocking”, “suspension” and “transfer” in respect of a domain
name does not have a standard meaning or definition across the relevant
industry. Considering the same, it is stated that Verisign is capable of
implementing status codes known as “ Extensible Provisioning Protocol ”
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 76 of 243

(hereinafter “ EPP status codes ”) to implement court orders of competent
jurisdiction. The same are as under:
“a) serverDeleteProhibited - prevents a domain name
registration from being deleted from the Registry.
Deleting a domain name ends its registration and makes
it available for others to register.
b) serverTransferProhibited – prevents a domain name
from being transferred from one Registrar to another.
This does not prevent a domain from being transferred
from one Registrant to another.
c) serverUpdateProhibited – prevents certain aspects of
the domain name (such as the name servers) from being
updated.
d) serverRenewProhibited - prevents a domain name
registration from being explicitly renewed by the
Registrar. However, it can still be auto-renewed.
e) serverHold – prevents a domain name from resolving
to a website. This means that the domain name is no
longer active in the DNS and the corresponding website
can no longer be accessed by typing the domain name
in an internet browser. The website can, however, still
be accessed via the IP address.”
114. In addition, it is submitted that if an order is received by Verisign for
‘suspending’ or ‘blocking’ of domain name, one of the steps that Verisign can
take is to apply the ‘ serverHold ’ status code in respect of the said domain
name, in effect, therefore, even if the domain name is registered, the website
would not accessible through the said domain name. Further, if the Court
orders ‘locking’ of the domain name then it is stated that a combination of
three status codes could be implemented i.e., ‘serverDeleteProhibited,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 77 of 243

‘serverTransferProhibited’ and ‘serverUpdateProhibited’. However, it is
stated that any order of the transfer of the domain name from one Registrant
to another cannot be implemented by Verisign, as the same can only be done
by the DNR. It is also necessary to note the fact that as per Verisign all the
EPP status codes which are implementable by Verisign can also be
implemented by the concerned DNRs.
115. On the question as to whether registration of infringing domain names
in future can be prohibited, it is stated that Verisign does not have the
technology to block particular word-strings. However, subject to approval of
ICANN, certain character strings can be added to the “Reserved Names” list
as per Clause 2.6 of the Registry Agreement, and any string added therein
would not be registered by any Registrant. A perusal of the kind of word
strings that can be blocked by Verisign is as under:
“26. The Registry Agreements entered into between
Verisign and ICANN in respect of the .com, .net, and
.name TLDs do not grant Verisign the authority to
prevent the registration of any unregistered word
strings. While the .com, .net., and .name Registry
Agreements each include a list of character strings that
Verisign is required to reserve and not make available
for registration, no change to the lists can be made
without explicit approval by ICANN (and amendments
to the agreements). Furthermore, Verisign's registry
systems for .com, and .net cannot “block" word strings
from being registered as domain names. Such
functionality is not part of Verisign's systems and could
not be therefore implemented without changing the
computer code and systems that operate those TLDs.
The .com Registry Agreement dated 1 December 2024
entered into between Verisign and ICANN is attached
herewith as Document 1. the .net Registry Agreement
and the name Registry Agreement entered into between
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 78 of 243

Verisign and ICANN are on similar lines as the .com
Registry Agreement. The current standard form of the
'Base Registry Agreement' (as publicly available
at https://www.icann.org/en/registry-agreements/base-
agreement ) ("Base RA") that is entered into between
ICANN and some Registries, does entitle (under Clause
2.6) a 'Registry Operator' to reserve (i.e. withhold from
registration) or block character strings within the
concerned TLD. The IDNs operated by Verisign, listed
above, are subject to the Base RA. A current standard
form of the Base RA is attached herewith as Document
2.
27. Verisign has no ability to limit its actions on a
geographic basis. Any action Verisign takes would
apply globally. An order from a court of competent
jurisdiction that prevents the registration of word
strings (i.e. trademarks) as SLDs would effectively
amount to a global injunction, restraining even genuine
and bona fide users (including possibly prior users) and
rights holders in other jurisdictions from using the
concerned name strings as SLDs.”
116. It is, however, clarified by Verisign that the action cannot be taken on
a geographical basis and would have to be applied globally, which may
negatively affect the rights of genuine and bona fide users in other
jurisdictions.
(F) Registry Services
117. Registry Services is a Registry Operator having its registered office in
Wilmington, Delaware, United States of America. Registry Services operates
and maintains administrative date of certain TLDs. As noted above, vide order
th
dated 15 February, 2025 the Court had called upon Registry Services to
disclose its stand on the following issues:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 79 of 243

“i. The domain name extensions that the said Registries
manage and supervise;
ii. Whether in respect of the said domain name
extensions, orders for suspension, locking, blocking and
transfer of the domain names can be implemented by
them in respect of existing infringing domain names;
iii. Whether the said Registries can also implement
orders injuncting registration of infringing domain
names in the future which contain the
brands/trademarks as may be directed by the Court in
the form of a TLD/word string.”
th
118. Pursuant to the above directions, an affidavit dated 12 March, 2025
deposed by one Ms. Crystal Peterson, authorised representative of Registry
Services, was filed in the batch matters. The said affidavit states that it
provides services in respect of various TLDs, a large number of which are
generic and ccTLDs. Registry Services has taken the position that it cannot
implement any Court order for blocking, suspending or transfer of the domain
names as it does not perform those functions as a Registry Operator.
However, it can lock, hold, transfer, delete or reserve specific character stings.
It does not provide any web-hosting services. It cannot implement the Court
order related to management of domain names. It also cannot implement any
Court order injuncting registering of infringing domain name in future.
(G) MeitY
119. During the course of these hearings it was found that several DNRs are
not complying with the orders passed by the Court. This was resulting in
continuous misuse of the infringing domain names, as also violation of the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 80 of 243

orders of the Court. After giving adequate opportunities to the DNRs, in some
cases, the Court took a strict stand and directed that those DNRs who are not
implementing the Court orders ought not to be permitted to provide their
services in India. Some such orders which have been passed by this Court are
extracted below:
th 6
Order dated 9 November, 2022 :
“10. Mr. Kurup, ld. CGSC appearing for MeitY and
DoT, submits that as and when the Plaintiffs have
notified the departments about various infringing
websites, which are involved in illegal streaming of the
Plaintiffs’ contents, proper blocking orders have been
issued. If the Court has passed suspension and
disclosure orders, the DNRs ought to have taken action
in accordance with law. He however submits that
through VPN networks, these DNRs may still be
accessible, thus allowing streaming/hosting/etc. of
infringing content to continue.
11. In the backdrop of the above discussion, insofar as
the above listed DNRs, which are not giving effect to the
orders of this Court, i.e., NameCheap Inc./Defendant
No.13, Dynadot, LLC/Defendant No.14, Tucows
Inc./Defendant No.16, Gransy s.r.o./Defendant No.17,
and Sarek Oy/Defendant No.18, since DoT and MeitY
are present before this Court, they are directed to
immediately take action within one week against these
DNRs for non-compliance of the orders passed by this
Court. The authorities shall also look into the question
as to whether these DNRs ought to be permitted to
continue to offer their goods and services in India, if
they are not giving effect to orders of Indian Courts
and not complying with the applicable laws under the
Information Technology Act, 2000, and the 2021
Rules. ”
6
Star India Pvt. Ltd. & Anr. v. MHDTV World & Ors., CS(COMM) 567/2022.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 81 of 243

st 7
Order dated 21 March, 2023:
“4. The relevant directions passed by the Court in
CS(COMM) 567/2022 on 9th November, 2022, are set
out below:
“11. In the backdrop of the above discussion,
insofar as the above listed DNRs, which are not
giving effect to the orders of this Court, i.e.,
NameCheap Inc./Defendant No.13, Dynadot,
LLC/Defendant No.14, Tucows Inc./Defendant
No.16, Gransy s.r.o./Defendant No.17, and Sarek
Oy/Defendant No.18, since DoT and MeitY are
present before this Court, they are directed to
immediately take action within one week against
these DNRs for non-compliance of the orders
passed by this Court. The authorities shall also
look into the question as to whether these DNRs
ought to be permitted to continue to offer their
goods and services in India, if they are not giving
effect to orders of Indian Courts and not complying
with the applicable laws under the Information
Technology Act, 2000, and the 2021 Rules.”
5. In view of the above, the defendants no.38 and 39
are directed to take appropriate action against the
defendant no.23, Gandi SAS and defendant no.25,
NameSilo, LLC, for non-compliance of the order dated
2nd September, 2022 and file status report within four
weeks from today.
th 8
Order dated 10 February, 2023:
“7. In addition, ld. Counsel for the Plaintiffs in some of
the matters have also informed the court that a number
7
Star India Private Limited v. 7movierulz.tc & Ors., CS(COMM) 604/2022.
8
Dabur India Limited vs. Ashok Kumar & Ors., CS(COMM) 135/2022
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 82 of 243

of DNRs have completely refused to comply with the
blocking orders and other directions issued by this
Court, in respect of infringing domain names.
8. In view of the aforementioned facts which have come
to light through MEITY’s status report, the submissions
made before this Court from time to time and the e-mails
which have been placed on record today, such as e-
mails by Namecheap Inc, it is clear that stringent steps
would be required to be taken, in order to curb the
menace of illegal domain name registrations having
well known marks and names of business houses. It is
accordingly directed that MEITY/DoT/the appropriate
authority shall take steps action in accordance with the
Information Technology (Intermediary Guidelines
and Digital Media Ethics Code) Rules, 2021 against
DNRs who do not agree to comply with the said Rules
or do not appoint grievance officers or implement
orders of Indian Courts/Authorities.
9. Ld. Counsel for the Plaintiffs are free to communicate
with the official from MEITY Mr. Pradip Verma, who
shall act as the nodal officer for this purpose to
coordinate with DoT and any other authorities, at the e-
mail address pradip.verma@meity.in and submit their
respective lists of DNRs who are stated to be not
complying with the orders passed by this Court and not
appointing the grievance officers.
10. It is directed that the concerned MEITY/DOT
officials shall peruse the various orders which are
passed in these proceedings prior to taking any action
under the Information Technology (Intermediary
Guidelines and Digital Media Ethics Code) Rules, 2021.
Steps in respect thereof, in terms of Rules be taken
within four weeks. The action so taken shall be placed
on record by MEITY by means of a status report by the
next date of hearing.”
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 83 of 243

120. These orders were to be implemented through MeitY/DoT. Upon their
services being blocked from being offered in India, some of the non-
compliant DNRs moved appropriate applications before the Court and
undertook to implement the relevant Court orders, which then led to lifting of
the directions to block the said DNRs.
th
121. Further, in the written submission dated 26 May, 2023 filed on behalf
of MeitY reliance is placed on the decision of this Court in Snapdeal Pvt. Ltd.
v. Godaddy.com LLC, 2022 SCC OnLine Del 1092 , wherein the Court has
dealt with various issues qua DNRs and domain names vis-à-vis trademark
infringement. It is argued on behalf of MeitY that in terms of the said
judgement DNRs are intermediaries under the IT Act and the DNRs would be
liable to forego the ‘safe harbour’ protection under Section 79 of the IT Act,
where the domain names sold by the DNRs infringes the registered trademark
of a third party.
122. In respect of enforcement of orders against non-compliant DNRs is
concerned, the stand of MeitY is that the course of action taken by this Court
in Star India Pvt. Ltd. & Anr. v. MHDTV World & Ors., CS(COMM)
th
567/2022 vide order dated 9 November, 2022 when enforced in conjunction
with Rule 10 of the Blocking Rules, 2009, is the only effective mechanism
for ensuring that non-compliant DNRs duly comply with the Court orders.
th
Moreover, it is stated in the status report dated 25 March, 2023 that where a
DNR repeatedly does not comply with the directions of the Court, the same
would be construed as a violation of public order under Section 69A of the IT
Act.
123. In addition, Mr. Harish Vaidyanathan Shankar, ld. CGSC relies upon
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 84 of 243

his written submissions to canvass the position that the judgment in Shreya
Singhal (supra) makes it clear that in case there is contempt of Court or any
other factors as contemplated in the Article 19(2) of the Constitution of India,
the power of blocking would exist. He submits that the Article 19(1) of the
Constitution of India is meant to protect legitimate businesses and not those
businesses who are complicit in fraudulent activities being carried out. Thus,
Shreya Singhal (supra) is a decision where the Court can rely upon to block
a DNR from offering services in India.
124. Considering the above position as also the implications and
significance of the issues involved in these batch matters, the Court was of
the opinion that the Government i.e., MeitY should also take a stand in this
matter as to how to curb the proliferation of infringing domain names which
were having a large scale impact on consumers and the general public.
Further, pursuant to the directions passed by this Court in the batch matters,
125. MEITY undertook a stakeholders consultation with different entities
including the DoT, ICANN, Delhi Police etc. It is stated that MeitY had also
issued a questionnaire to various entities including ICANN, DoT, NPCI,
NIXI, various DNRs, CERT-IN, Cyber Law & e-Security Division of MeitY,
and Delhi Police. A meeting was also held by MEITY with all these
stakeholders. Some of the feedbacks received are as under:
(i) Response received from ICANN
126. ICANN’s position in respect of implementation of Court orders is
captured below:
“ 4. That Internet Governance Division of MeitY
followed up with the Internet Corporation for Assigned
Names and Numbers (hereinafter referred to as
'ICANN') on the issues involving domain name
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 85 of 243

infringement and non-compliance of DNRs in a related
matter. !CANN, in its response placed at Annexure I,
has· submitted as follows. That Section 5.5.2.1.4 of the
RAA (Registrar Accredited Agreement ) states that
!CANN may terminate a registrar's RAA where a court
of competent jurisdiction determines that the registrar
has failed to comply with the terms of an order issued by
a court of competent jurisdiction relating to the use of
domain names sponsored by the registrar. If evidence is
received, ICANN Contractual Compliance would follow
its established process and take enforcement action as
permitted by the RAA. The RAA provides various means
of redress for consideration; termination of the RAA is
not the only option provided.”
127. In respect of the privacy protect feature and proxy services provided by
the DNRs, it was stated by ICANN that providing privacy services to
Registrants is optional and at the discretion of the DNRs. The relevant portion
of its response reads as under:
“ Additional Comments
While the MeitY specifically requested (i.e., requested
th
orally during the meeting on 27 December 2022)
ICANN’s input on court-identified issues 1 and 7,
ICANN also provides the below comments concerning
certain of the other draft recommendations set forth by
the MeitY.
With respect to court-identified issue no. 2 (concerning
privacy and proxy registration services), ICANN does
not obligate registrars to offer privacy or proxy services
to registrants. Providing such services is optional, at the
discretion of the registrars. However, registrars that do
choose to offer privacy or proxy services (themselves or
via a registrar's affiliated entities) must comply with the
RAA's Specification on Privacy and Proxy
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 86 of 243

Registrations. This Specification requires privacy and
proxy service providers to publish their processes to
report abuse of a domain name and infringement of
trademarks or other rights of third parties, and to
include privacy and proxy customer contact information
in the registrar's data escrow deposits. The ICANN
community has also, via the multistakeholder Policy
Development Process, developed recommendations for
the creation of a privacy and proxy service provider
accreditation program. ICANN's implementation of this
program is currently paused pending further
implementation efforts on related Consensus Policy
recommendations concerning gTLD registration data.”
128. ICANN has implemented the Uniform Domain Name Dispute
Resolution Policy (hereinafter “ ICANN UDRP ”) and Uniform Rights
Suspension System (hereinafter “ ICANN URS ”) which can be availed of by
the trademark owners in the event of infringing domain names. It would be
in compliance with GDPR to request access to registrant’s data through the
DNRs or ROs. The access to the Registrant’s details is merely restricted but
not barred. One of the legitimate interest which is an exception and permits
disclosure of data is for the purposes of consumer protection, investigation of
cyber crime, DNR abuse and intellectual property protection.
th
129. MEITY’s status report dated 25 March, 2023, also states that the
Government of India’s representative to the Government Advisory
Committee of ICANN had highlighted the issue of domain name abuse in the
th th
meeting held between 11 to 16 March, 2023. Considering the growing
abuse of DNRs, the importance of ‘WHOIS Accuracy’ was highlighted as a
method for curtailing the said abuse. The Government continues to have its
deliberations with ICANN in this regard. The said status report also highlights
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 87 of 243

that India is a member of WIPO based UDRP procedure, which also provides
online despite resolution mechanism.
(ii) Response received from HIOX LLC
130. HIOX Softwares Pvt. Ltd. (hereinafter “ HIOX ”) is a DNR situated in
India having its registered office in Coimbatore, Tamil Nadu. In its response
to the questionnaire circulated by MeitY it was stated that HIOX has adopted
mobile OTP verification and Aadhar verification process for providing
domain name registrations. It was also stated that foreign and Indian DNRs
ought to be mandated to follow the KYC process. Further, it is stated that
privacy policy ought to be made a paid service and the WHOIS details can be
shared with the authorised party upon an email being received from a person
having a ‘legitimate interest’ or through a Court order. Even if privacy
services are availed of parties who have a ‘legitimate interest’ cannot be
deprived of data. All DNRs or Registry Operators which operate in India have
to mandatorily follow the Indian law. The details of payments received such
as credit card details, etc., can be made available only to authorised LEAs,
however, the payment gateways do not seek consent of the party for providing
details to LEAs.
(iii) Response received from CERT-IN
131. The main issue raised by CERT-IN is that the identity of persons
registering domain names is masked and most of the details are fictitious and
not traceable. Thus, it is stated that a process needs to be put in place for
obtaining the WHOIS details of the domain name.
(iv) Response received from Cyber Law and e-Security Division, MeitY
132. It is stated that blocking of domain names cannot be done under Section
69A of the IT Act unless it involves national security or public order issues.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 88 of 243

(v) Response received from NIXI
133. NIXI has introduced e-KYC policies for ensuring accuracy of WHOIS
details of the Registrant as per the government records. It has issued general
instructions to DNR to avoid registration of the domain names which
resemble well-known trademark. It is stated that on receiving a complaint
from a well-known trademark owner regarding infringement, arbitration
process under “ .IN Dispute Resolution Policy ” has to be initiated. NIXI upon
receiving a Court order or an order from an authorised agencies blocks a
disputed domain on a permanent basis. It is stated that NIXI’s equipped to
become a data repository provided due acceptance is received from the
competent authority.
(vi) Response received from NPCI
134. In respect of the question whether NPCI can share the details of the
accused with the LEAs and/or aggrieved persons in the event of an unlawful
activity, it is stated that NPCI only shares transactional information with the
LEAs under the CrPC. NPCI would not be in a position to assist LEAs with
the identity of a cyber-criminal, however, the relevant banks would be
available able to do so.
(H) Stand of MHA
th
135. Pursuant to the orders passed by this Court on 24 November, 2023 and
st st
1 February, 2024, the MHA had convened a meeting on 1 April, 2024
headed by the Chief Executive Officer, I4C with the different LEAs to
understand the issues faced by them in respect co-ordination and receiving
th
information from intermediaries. Another meeting was also convened on 10
April, 2024 headed by the Joint Secretary, Cyber & Information Security,
MHA. In the said meetings various problems were highlighted and it was
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 89 of 243

agreed that there is a need for a common online portal to integrate LEAs,
banks and financial intermediaries to take action against financial cyber
frauds. It would be relevant to mention few of the issues highlighted in the
said meetings:
(i) Need for centralised system to obtain information from foreign
domain name registrars and registries.
(ii) IT Intermediaries should collect necessary KYC and payment details
to help identify persons violating the law online.
(iii) Privacy protection features used in WHOIS databases are being
abused by criminals and information necessary for investigation, upon
request, should be made available to LEAs.
(iv) Details from domain registrars, hosting agencies and mail service
providers should be readily available for investigation.
(v) Actual IP address should be accessible where domain proxy services
are used. Additionally, details of other domains owned by the same
person should be provided.
(vi) WHOIS database entries should include administrative details,
payment information, IP addresses, SSL certificate provider agency
details, and KYC details.
136. As per MHA various steps have been taken to implement the directions
of this Court qua improving the co-ordination between various agencies to
prevent cybercrime, specially relating to financial fraud. A portal i.e.,
‘ National Cybercrime Reporting Portal’ for reporting online cybercrime and
lodging complaints has also been made operational by I4C. Further, more than
38.87 lakhs complaints were reported on the said portal which is now the
centralised portal where complaints for reporting of cybercrimes. In addition,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 90 of 243

I4C has also constituted seven Joint Cyber Coordinate Teams have been
constituted for dealing with cybercrime cases. Lakhs of SIM cards and
thousands of mobile devices have been blocked to prevent cybercrime.
(I) Stand of the Delhi Police
137. The Delhi Police has created the IFSO to look into the misuse of well-
known marks in misleading domain names, websites and URLs. Pursuant to
the various orders passed by this Court investigation was conducted in the
respective suits against the alleged accused persons using the infringing
domain names for committing financial frauds. In the course of the said
investigations, several issues and challenges have arisen for the Cyber Cell of
Delhi Police as also the IFSO. The same have been highlighted by the Cyber
th
Cell, Delhi Police in its written submissions dated 26 September, 2023.
138. It is stated that whenever any domain name or website is used in the
commission of crime, the details are collected from the DNR as also the web
hosting company. The mode in which the payment is made to the DNR or the
web hosting services is also collected. The details are obtained from the bank
accounts and the mobile numbers which are available. It is also stated that
‘Voice over Internet Protocol’ applications are presently not being traced.
139. The challenges faced by Delhi Police are that most intermediaries from
abroad do not furnish details of the Registrants of the infringing domain
names in view of privacy policy and insist on warrants or assistance through
the Mutual Legal Assistance Treaty (hereinafter “ MLAT ”) which delays the
obtaining of information considerably. In contrast, domestic intermediaries
provide better assistance however, foreign intermediaries having server in
foreign countries tend to deny information arbitrarily.
140. One of the biggest road blocks in safeguarding the money in cases of
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 91 of 243

online financial fraud is that the responses from banks is not satisfactory.
There are no anti-fraud measures put in place by banks and e-wallets. The
banks and financial institutions are not open post working hours and on
weekends, though, they provide services to their own customers even during
the said break. Banks ought to have a single window system for redressing
cyber frauds and providing information to LEAs.
141. As per Delhi Police, bank accounts are being opened by bank officials
without proper verification of the account holder in online bank accounts there
is no physical verification. Intermediaries do not disclose how the payment
is received for registration of the domain name and the sub-domain.
142. Details of intermediaries providing cloud services, web hosting
services and mode of payment is also not furnished. IP address captured while
creating the domain or sub domain is not furnished. The mobile numbers
which are given by domain name registrants are either wrong or do not exist,
thus, the OTP verification at the time of registration of the domain name ought
to be necessitated upon.
143. In addition to banks and financial institutions, the Cyber Cell has also
highlighted the issues with social media intermediaries such as Google. It is
stated that agencies such as Google ought to be directed not to provide
promotional services such as adword, bookings, search engine optimisation
to infringing domains and websites. Further, it is stated that Google does not
respond to data disclosure requests and the standard automatic reply received
is as under:
“All requests for the disclosure of data must be
accompanies by appropriate legal process… all
communications be sent from an official government
issued email address.”
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 92 of 243

(J) Submissions on behalf of the Plaintiffs in the batch matters
144. Since, the present suit has been heard along with a batch of matters
raising common issues, where similar grounds have been raised by the
Plaintiffs, for the sake of brevity it would be apposite to consider together all
the submissions raised by the Plaintiffs in the batch of matters.
145. Mr. Anirudh Bhakru, ld. Counsel had appeared for the Plaintiff in the
lead matter i.e., Dabur India (supra) and made submissions. He has firstly
nd rd
highlighted two orders passed by this Court dated 2 June, 2022 and 3
August, 2022 wherein the issues were crystalized and the Court has clearly
observed that the present system of registering domain name is unsatisfactory.
It is submitted that though the status of the DNRs is that of intermediaries, the
intermediaries are also benefiting by offering a full range of domain names
consisting of the Plaintiff’s mark. If such a range of domain names is
permitted to be offered, as held in the same would constitute trademark use
and, therefore, the DNRs are not merely intermediaries but they do owe
responsibility as well.
146. He has relied upon the decision of the ld. Single Judge of this Court in
- Snapdeal Pvt. Ltd. v. Godaddy.com LLC, 2022 SCC OnLine Del 1092 ,
which dealt with the trademark infringement and registration of domain
names consisting of the mark ‘ Snapdeal ’. In the context of this case, the ld.
Single Judge observed that use of the domain names by DNRs for the purpose
of registration and offering of the same especially for profit, would constitute
‘use’ under Section 2(2)(b) of the Trade Marks Act, 1999 (hereinafter “ the
TM Act ”). The said decision it is also held that the allegation of infringement
by use in the course of trade of the alleged infringing domain name can also
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 93 of 243

be raised against the DNRs. It is further submitted that insofar as the said
decision is concerned, the Court held DNRs responsible if the DNR is using
the domain name registration as a model for generating profits by providing
alternative domain names. If that is so, the judgment holds clearly that the
DNR would lose the status of intermediary. Insofar quia timet actions are
concerned, the Court merely held that an order in futuro restraining any
domain name cannot be passed and the Court would have to examine the
matter qua the concerned domain name.
147. It is submitted that Section 79(2)(c) of the IT Act read with Rule
3(1)(b)(iv) of the Intermediary Rules, 2021 mandates that an intermediary is
required to undertake due diligence in order to ensure that Intellectual
Property rights are not infringed. Thus, failure of the DNRs to undertake due
diligence as mandated would make them liable to forego the safe harbour
protection.
148. It is the submission of ld. Counsel that the Court has to first look at the
nature of the mark, determine if it is an inventive mark and grant the highest
level of the protection i.e. permanent injunction against use and registration
of the said mark as a prefix. In the case of generic marks, the Court could
modify the injunctions or could direct the trade mark owner to approach the
Court and obtain an order. The order of injunction, that can be granted, ought
to be granted depending upon the nature of the trade mark, for which
protection has been sought.
149. Ld. Counsel also relies upon the decision in Google LLC v. DRS
Logistics (P) Ltd., (2023) 4 HCC (Del) 515 to argue that in the case of ad-
words, where trademarks have been monetized to be used as an ad-word, the
Division Bench of this Court has already held that the intermediary would be
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 94 of 243

liable even for contributory infringement. The intermediary, therefore, has to
make adequate effort to stop violation and infringement by them, failing
which DNRs could be made responsible even for substantial amounts of
damages.
150. The last aspect, which has been highlighted is in respect of de facto
privacy being provided to all Registrants. The said feature, which has been
provided by most DNRs, especially GoDaddy, is resulting in masking the
actual culprits and the domain names, which are worth more, are blocked.
The lack of KYC while registering domain names is the root cause of all these
fraudulent activities. In fact, DNRs, who are earning substantial sums of
money are not found forwarding any solution. It is his submission that they
also exhibit an abhorrence to comply with the orders passed by the Court and
technicalities are cited to justify non-compliance. He also submits that even
when the information is provided by the DNR, the same is so unsatisfactory
that no effective action can be taken against the registrant of the domain name.
Ld. Counsel submits that KYC ought to be introduced in order to safeguard
the interest of third stakeholder in these matters i.e., the consumer/victim, who
may loose money and as has been seen in all these suits, the said
victims/consumers hardly ever get back their money. The lacuna is at different
levels, banking levels as also at the DNR levels, since they are unregulated.
There is hardly any diligence being exercised by the DNRs.
151. Ld. Counsel finally submits that even one week of fraudulent websites
being permitted to operate could cause enormous damage to the public. Thus,
it is not only the Plaintiff’s interest that is to be kept in mind but also the public
interest.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 95 of 243

(K) Stand of various Plaintiffs in the batch matters
152. Since, the present suit has been heard along with a batch of matters
raising common issues it would be apposite to also consider the submissions
raised by the Plaintiffs in other suits in respect of the same.
153. Mr. Sidharth Chopra, ld. Counsel appearing for several Plaintiffs
including HT Media Ltd., Bajaj Finance Ltd., Hindustan Unilever Ltd., and
Fashnear Technologies Pvt. Ltd., has made the following submissions:
(a) at the outset submitted that the orders by which services of DNRs were
blocked through ISP in India pursuant to order of this Court in Star India
Pvt. Ltd. & Anr. v. MHDTV World & Ors., CS(COMM) 567/2022 , was
a measure which was required to be taken in the context of complete
non-compliance by DNRs of the orders passed by the Court. He submits
that when the Court orders were communicated to DNRs, such as
Namecheap Inc., Hostinger, GoDaddy.com etc., the stand taken by them
was that unless and until an order from a Court in United States of
America is received, they would not be bound by the same. The ld.
Counsel has taken the Court through various emails from Namecheap
nd nd
Inc. including emails dated 22 August, 2022, 6th October, 2022, 22
th
February, 2023 and 13 March, 2023.
(b) It is submitted that after Namecheap Inc. took the position of non-
compliance of this Court’s orders, the respective Plaintiff approached the
Court and thereafter the orders for blocking of the services of the DNRs,
including Namecheap Inc. was passed. Pursuant to the same, vide email
th
dated 13 March, 2023 the concerned Plaintiff was informed that
millions of customers of Namecheap Inc. have been affected due to the
blocking order and that Namecheap Inc. was willing to provide the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 96 of 243

information sought. Ld. Counsel submits that the said email reveals the
manner in which unless and until coercive measures were directed by the
Court, there was no compliance by the DNRs. Some DNRs, including
Namecheap Inc. even took the position that this Court’s order is not a
government order and no affidavit would be filed before the Court by
Namecheap Inc., since Namecheap Inc. is not required to comply with a
foreign Court’s order. It was also stated that it is only a voluntary supply
of information relating to the registrant’s details of illegal domain name.
th th
Reference is made to email dated 30 January 2023, 15 February, 2023,
nd
and 22 February, 2023 to argue that in fact, Namecheap Inc went to the
extent that it ought to be deleted from the array of parties as it cannot be
compelled to comply with the orders passed by the Court.
(c) A similar situation arose in case of Hostinger, which also moved an
application before the Court that the Grievance Officer is being
appointed only for ‘.in’ domain names and that thousands of customers
were facing access issues to their websites and domain names due to the
blocking orders. Similar position was also taken in an application filed
by Dynadot LLC as well, which claims that millions of customers are
affected by the blocking order.
(d) It is his submission, therefore, that the DNRs, who do not comply with
the orders passed by the Court, a strict action ought to be taken against
them. Reliance is also placed upon the decision of the ld. Division Bench
in Department Of Electronics and Information Technology v. Star
India Pvt. Ltd., 2016 SCC OnLine Del 4160 wherein the Court has
clearly directed that the strict action ought to be taken to curb violations
and the government and its instrumentalities have a duty to assist in the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 97 of 243

enforcement of orders passed by the Court.
(e) Mr. Chopra, ld. Counsel also submitted that in none of these matters, the
DNRs challenged the rights of the Plaintiff in the marks or brands. The
only question is as to how the orders are to be enforced. It is his
submission that stringent measures ought to be permitted as without such
measures the rule of law itself is under threat.
(f) He relies upon the Section 69 and Section 69A of the IT Act to argue
that if the emails such as those written by Namecheap Inc. are ignored,
it poses threat to the sovereignty of this country, which need not only be
territorial sovereignty, compliance of orders of Court is an integral part
of the sovereignty.
(g) Further, it is his submission that the cascading effect of non-compliance
is also necessary to be borne in mind as there is no deterrence against
such non-compliance. The DNRs though having no competing interest
also benefit from making available domain names, which violate
trademark rights. In such cases, the interest of the public, which has been
duped, is of paramount nature. In fact, Civil Courts ought to have the
powers, bearing in mind judgement in Department Of Electronics and
Information Technology v. Star India Pvt. Ltd., 2016 SCC OnLine Del
4160 that a preliminary enquiry ought to be directed by the police
authority so that the details of the persons, who have registered the
domain names and for freezing orders to be passed against the bank
accounts, where the amounts are kept. Such orders would be required to
be implemented through police as, failing which, the fraud is continued
to be perpetuated.
(h) Targeted remedies as done in case of dynamics and dynamic plus
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 98 of 243

injunctions with sufficient safeguards would protect the interest of IP
owners as also strike at the violations. It is his submission that finally a
judicial oversight would be required for directing enquiry by the police
under Section 161 of the Code of Criminal Procedure, 1973. After which
upon obtaining information, the IP owner can go to the Court seeking
appropriate remedy.
154. Mr. Abhishek Singh, ld. Counsel appearing in three suits of Amul,
Bajaj Finance Ltd. and ITC Ltd. has made the following submissions:
(a) submits that there is no identifiable data whenever such domain name
registrations are being permitted by masking of the details. In fact, he
relies upon the provisions of the DPDP Act and submits that under
Section 2(t) of the said Act, the personal data of any individual ought to
be an identifiable data and Section 3 of the same also makes it adequately
clear that so long the services are being provided in India, the Act would
apply to the data, which is outside the territory of India.
(b) Ld. Counsel further submits that in a case like AMUL, 90 Defendants
have already been impleaded and there are more which need to be
impleaded. He emphasises that only generation of an email is sufficient
and the said email itself becomes the identity of the Registrant, without
any further details, which is leading to the proliferation of such
infringing domain names. Finally, Rule 3 of Intermediary Rules, 2021 is
also relied upon to argue that reasonable efforts have to be made by the
intermediary to ensure that there is no infringement of IP rights such as
trademarks under Rules 3(b)(iv). He emphasises that reasonable efforts
are not even been made by the DNRs to avoid infringement as the finding
of infringement has already been rendered against them in the decisions,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 99 of 243

which are being relied upon.
155. In addition to the above, written submissions have been filed by the
Plaintiffs in each of the suits in the batch matters, wherein the following broad
submissions have been made:
(a) The DNRs, which generate a substantive portion of their revenues from
India, ought to be directed to comply with the orders passed by the
Courts. Under the IT Act, there are several obligations upon the DNRs,
which they need to comply with and non-compliance of the orders
passed by the Court ought to be vested DNRs with consequences such
as foregoing the safe harbour protection. Any non-compliance of Court
orders ought to be construed as violation of public order and sovereignty
under Section 67A of the IT Act. The internal sovereignty could be
effected in case of non-compliance by the DNRs. Under the IT Act,
designated officer can punish with imprisonment if there is non-
compliance. Non-compliant DNRs also pose threat to compliant DNRs
as they would get monetary benefits if domain names are transferred
from one DNR to the other by the Registrant. Internet governance would
be substantially effected if the DNRs are permitted to violate orders by
the Court. Hence stringent measures are required.
(b) Notice ought to be also issued to the ISPs, banks to disclose details of
whatever data is available with them in respect of bank accounts, mobile
numbers, payment gateway information etc. Matching of the beneficiary
name should be mandatory and not merely matching of the account
number. During investigation, the bank accounts have been debited and,
therefore, there should be immediate bank account freezing upon
commencement of investigation.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 100 of 243

(c) Dedicated email ought to be provided for accessing data. DNRs ought to
be directed to transfer the infringing domain names. Privacy protected
features should not be permitted to be abused. Expedited blocking for
well-known marks should be sought for domain names registration. Any
non-compliant DNRs not to be permitted to undertake any future
transactions from India.
(d) When the criminal complaints are initiated, arrests are made and victims
of these frauds were found in several countries of the world like USA,
UK, Canada, South Africa, and Netherland. Sometime infringing domain
names also perform services of domain name servers operating from
foreign countries. Multiple suffixes i.e., domain name extensions, which
are made available, made the process of tracing domain name fraud
impossible and till some major illegality is detected by then it is too late.
9
The process under MLAT or the Hague Convention is quite time
consuming.
(e) DNRs are not entitled to safe harbour protection as they are not merely
acting as intermediary but are also consciously promoting registration of
infringing domain names by providing multiple services including
alternate domain name registration wherein the trade mark is also used
as alternate extensions etc. The DNRs have created algorithm to
facilitate their own businesses and are not ignorant of the alternate
domain names, which are being presented for registration. They also fail
to undertake due diligence as required under law.
(f) The DNRs are not merely intermediaries as they offer various services
9
Convention on the Service Abroad of Judicial and Extrajudicial Documents in Civil or Commercial Matters.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 101 of 243

such as ‘Global Block’, ‘Global Block Plus’, which are paid services.
They also have technology blocking specific words, words strings etc.
The role of the Registry Operator is limited. It is the DNR, who can block
the domain name.
VI. ANALYSIS AND FINDINGS
156. Heard ld. Counsels for the parties who have entered appearance in the
present batch of matters.
157. It is pertinent to note that none of the contesting Defendants against
whom allegations of use of infringing domain names have been raised, have
appeared before this Court or participated in the proceedings which have been
continuing since 2022.
Prevention of Financial Frauds
158. The commercial suits involving fraudulent domain names, initially
seemed to be one-off cases. However, after the constitution of the IP Division
of the Delhi High Court, a clear pattern started emerging wherein there were
a large number of such suits were being filed by brand owners which then
warranted a comprehensive and consolidated mechanism to deal with these
situations. It was realised that in some of these commercial suits the financial
fraud which had taken place was running into crores of rupees. Cyber cells of
various police agencies were intimated, complaints were registered. In fact
arrests of a few persons was also made in some cases. FIRs were also
registered in a large number of cases and the proceedings in those cases are
going on. However, in order to consider as to whether there can be some
coordinated and structured solution to this problem of financial frauds using
reputed trade marks and brand names, notice was issued to the RBI and to
various other banks where the accounts were opened by these unscrupulous
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 102 of 243

and infringing entities/ individuals.
159. The individual banks came forward with their KYC data revealing the
identities of the persons who had opened the bank accounts. Such persons had
given their mobile numbers and through the said mobile number some
individuals were traced. However, in most cases, the Registrants and the
ultimate beneficiaries are still unknown or untraceable.
160. One of the major causes of amounts being transferred in favour of such
infringers was also because the innocent persons who were making payments
did not realise that they were not making payments to the actual brand owners
or business owners such as Colgate or to Dabur but in fact to some
unconnected individuals. In order to plug this clear loophole that existed in
NEFT and RTGS transactions, notice was also issued to the NPCI. After
several orders been passed from time to time, the RBI introduced the
‘Beneficiary Bank Account Name Lookup’ facility for RTGS and NEFT
th
system, on 30 December, 2024. In terms of the said facility, all banks were
directed to adhere to the following instructions:
“(CO.DPSS.RPPD.No.S987/04.03.001/2024-25 dated
December 30, 2024)
Introduction of beneficiary bank account name look-
up facility for Real Time Gross Settlement (RTGS) and
National Electronic Funds Transfer (NEFT) Systems
1. To ensure that remitters using RTGS and NEFT
systems can verify the name of the bank account to
which money is being transferred before initiating the
transfer and thereby avoid mistakes and prevent frauds,
a solution for fetching the beneficiary's name is being
implemented. Based on the account number and IFSC of
the beneficiary entered by the remitter, the facility will
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 103 of 243

fetch the beneficiary's account name from the bank's
Core Banking Solution (CBS).
2. This facility shall be made available to remitters
through Internet banking and Mobile banking. The
facility shall also be available to remitters visiting
branches for making transactions.
3. To ensure uniform experience for customers, the
banks shall adhere to the instructions given below:
i. Provision to verify beneficiary bank account
name shall be provided in Internet banking and
Mobile banking facilities at the time of registering
a beneficiary and at the time of one-time fund
transfer where the beneficiary may not be
registered.
ii. Provision to re-verify a registered beneficiary at
any time shall also be provided.
iii. Beneficiary account name provided by the
beneficiary bank shall be displayed to the remitter.
iv. In case the beneficiary name cannot be
displayed for any reason, the remitter can proceed
with the fund transfer, at her discretion.
v. Specific alert messages as provided in the
technical document, issued earlier by NPCI, shall
be displayed to the remitter.
4. Both remitting and beneficiary banks shall preserve
detailed logs of all queries made, responses received
and all other activities as part of beneficiary bank
account name lookup facility.
5. NPCI shall not store any data relating to this facility.
In case of a dispute, the remitting bank and the
beneficiary bank shall resolve the dispute based on the
unique lookup reference number and the corresponding
logs.
6. While providing the facility, banks shall ensure to
comply with legal provisions related to data privacy, if
any.
7. Beneficiary account name lookup facility shall be
made available to customers without any charge.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 104 of 243

8. All banks who are direct members or sub members of
RTGS and NEFT are advised to offer this facility no
later than April 1, 2025.”
161. Banks were also directed through the IBA and the Central Economic
Intelligence Bureau (hereinafter “ CEIB ”) to share information with LEAs. A
th
direction was given on 15 April, 2024 for finalisation of a Standard of
Procedure (hereinafter “ the SOP ”) for sharing of information by banks with
st
LEAs. The said SOP was finalised and was issued on 31 May, 2024.
162. With the issuance of the RBI circular and the SOP issued by the
Department of Revenue CEIB to all banks, the issue relating to the name of
the recipient becoming visible to the payer has been resolved. Even the
sharing of information from banks to LEAs has also been resolved. The IBA
nd
in its affidavit dated 22 May, 2025, has clearly stated as under:
“2.5. That subsequently, RBI vide its mail dated
10/0112024 informed that a High-Level Meeting on
prevention of cybercrimes was held by RBI with a team
of Senior Officials from Ministry of Home Affairs
(MHA) including I4C and DGPs of some States. The
LEAs were of the view that there was a need for Banks
to expedite:-
(i) Response to the complaints lodged on National
Cybercrime Reporting Portal (NCRP);
(ii) Response to the complaints lodged over weekend/
long holidays as the crime rate spikes during such time
period;
(iii) Timely sharing of information sought by LEAs etc.
Copy of Email dated 10.01.2024 received from RBI is
annexed herewith and marked as Annexure A-2.
2.6. That to examine the issues referred by RBI, IBA had
constituted a Sub Group of 11 Banks to discuss on the
above points and to place the deliberations before the
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 105 of 243

Standing Committee and Managing Committee of IBA.
The Sub Group deliberated on the subject and made
suggestions for further streamlining the process and a
draft SOP was designed and shared with CEIB on
15/05/2024. The same is annexed herewith and marked
as Annexure A-3 .
2.7. That in compliance of the Order dated 15.04.2024
passed by this Hon'ble Court, the Central Economic
Intelligence Bureau (CEIB) prepared the revised and
updated SOP dated 31.05.2024 and forwarded the
same to all concerned Authorities as mentioned in the
said OM dated 31.05.2024 while forwarding a copy of
the same to Indian Banks' Association also .
2.8. That the Indian Banks' Association has forwarded
the aforementioned revised SOP dated 31.05.2024
prepared and circulated by the Central Economic
Intelligence Bureau to all the Member Banks vide mail
dated 03.06.2024 for doing the needful . Copy of the
mail dated 03.06.2024 addressed by Indian Banks'
Association to all the Member Banks along with OM
dated 31.05.2024 issued by the CEIB is annexed
herewith and marked as Annexure A-4
2.9. That with regard to the Circular dated 26.06.2020
issued by NPCI to all PSP's and Third-Party
Application Provides - UPI, IBA has nothing more to
add. Copy of the Circular dated 26.06.2020 issued by
NPCI is annexed herewith and marked as Annexure A-
5.
2.10. That as regard the Circular dated 30.12.2024
issued by the RBI to all Banks participating in RTGS
and NEFT Systems, it is submitted that the said
instructions dated 30.12.2024 issued by the RBI are
binding on all the Participating Banks in view of
Section 10 (2) read with Section 18 of Payment
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 106 of 243

Settlement Systems Act, 2007 and IBA has nothing
more to add . Copy of the Circular dated 30.12.2024
issued by the RBI to all Banks participating in RTGS and
NEFT Systems is annexed herewith and marked as
Annexure A-6.”
163. In terms of the affidavit of the IBA extracted above, all banks are
required to adhere to the SOP and to the RBI’s circular on beneficiary name
lookup facility. Insofar as digital payments through UPI and other payment
apps are concerned, the recipient’s name becomes visible when such a
payment is made. However, the infringing websites were taking advantage of
the non-visibility of the recipient’s name while making payments through
RTGS and NEFT, which now is a loophole that has been fully plugged with
th
the introduction of the RBI’s circular dated 30 December, 2024.
164. However, at this stage, the Court is required to adjudicate the various
issues arising in relation to the use of infringing domain names and in
effective protection of the trademarks of the Plaintiffs. In view of the detailed
hearings conducted and the submissions of the parties, the following issues
have been identified to be addressed in the present proceedings:
(i) What are the obligations and liabilities of a DNR in respect of an
alleged infringing domain name registered with the said DNR?
Whether the said obligations are sufficient for protecting the
intellectual property rights of third parties?
(ii) What measures may be directed by the Court to be implemented by the
DNRs to safeguard the trademarks of the Plaintiff?
(iii) What measures may be directed by the Court against DNRs who refuse
to comply with the Court orders?
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 107 of 243

(iv) Directions
(v) Relief to be granted in the Applications seeking interim relief.
I SSUE I: W HAT ARE THE OBLIGATIONS AND LIABILITIES OF A DNR
IN RESPECT OF AN ALLEGED INFRINGING DOMAIN NAME
REGISTERED WITH THE SAID DNR? AND WHETHER THE SAME ARE
SUFFICIENT FOR PROTECTING THE INTELLECTUAL PROPERTY
RIGHTS OF THIRD PARTIES
?
Domain Name System
165. At the outset it is expedient to understand the manner in which the
domain name registration system works and the various players or entities that
are involved in this system.
166. It is common knowledge that to communicate between different
computers/devices across the internet, each computer/device is assigned a
unique numerical identifier which is referred to as the Internet Protocol
address or IP address. A domain name represents the IP address or other
resource, in the form of a string of letters instead of the numerical identifier.
This makes it easier for the user of internet to access websites etc., by
searching for the familiar string of letters such as “www.google.com”, instead
of using the corresponding numerical address ( i.e., 172.217.0.78).
167. The domain name system, thus, acts as an address book for the internet.
This address book is coordinated across the world by ICANN which is a not-
for-profit organisation that, inter alia , prescribes the policies that govern the
domain name system. ICANN prescribes the technology that has to be used,
the standards that are to be maintained and how the various protocols would
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 108 of 243

function. In ICANN’s own words its role is described as under:
“ What Does ICANN Do?
To reach another person on the Internet you have to type
an address into your computer -- a name or a number.
That address must be unique so computers know where
to find each other. ICANN coordinates these unique
identifiers across the world. Without that coordination,
we wouldn't have one global Internet.
In more technical terms, the Internet Corporation for
Assigned Names and Numbers (ICANN) helps
coordinate the Internet Assigned Numbers Authority
(IANA) functions, which are key technical services
critical to the continued operations of the Internet's
underlying address book, the Domain Name System
(DNS). The IANA functions include: (1) the
coordination of the assignment of technical protocol
parameters including the management of the address
and routing parameter area (ARPA) top-level domain;
(2) the administration of certain responsibilities
associated with Internet DNS root zone management
such as generic (gTLD) and country code (ccTLD) Top-
Level Domains; (3) the allocation of Internet numbering
resources; and (4) other services.”
168. There are several stakeholders involved in the functioning of the
domain name system and registration of domain names - each entity having a
fixed role within the system. The said system is illustrated hereunder:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 109 of 243

ICANN
Registry Operator
[Verisign, NIXI etc.]
DNR (Accredited Registrar)
[GoDaddy, Hosting Concepts etc.]
Registrant
169. Thus, a Registrant who wishes to register a domain name would avail
the services of a DNR, which is accredited with ICANN to offer domain name
registration services in respect of specific globalP Top-level domains viz.,
gTLDs such as ‘.com,’ ‘.org,’ ‘.net,’ ‘.info’ etc. The relationship between the
Registrar and ICANN is governed by the ‘ Registrar Accreditation
Agreement ’. The said DNR would also have to enter into an agreement with
the respective Registry Operator known as the ‘ Registry-Registrar
Agreement’ to get access to a particular TLD. Moreover, the Registry
Operator would also have to enter into an agreement known as the ‘ Registry
Agreement ’ with ICANN to obtain the rights to maintain particular TLDs. At
the stage of registration, the registrant enters into an agreement known as the
“ Domain Name Registration Agreement ” with the DNR. In effect there are
four agreements which bear significance on the issues under consideration:
(a) Registry Agreement entered between ICANN and Registry Operator;
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 110 of 243

(b) Registrar Accreditation Agreement between ICANN and DNR;
(c) Registry-Registrar Agreement between Registry Operator and DNR;
and
(d) Domain Name Registration Agreement between DNR and Registrant.
170. Thus, in order to identify the obligations and liabilities of the parties in
respect of an infringing domain name, it would be necessary to consider each
of the above said agreements.
Role of Registry Operators: ICANN - Registry Agreement
171. As mentioned above, each Registry Operator such as NIXI, Verisign,
Registry Services, etc., would have to enter into a Registry Agreement with
ICANN. In terms of the said agreement, a Registry Operator shall be capable
of giving accreditation to DNRs. The Registry Operator has to comply with
the policies of ICANN including its bye-laws. It has to show that it has
secured the funds for operating the registry. The Registry Operator has to
operate through ICANN accredited DNRs except in some cases where the
registry itself is offering domain name registration services. All domain name
registrations for a particular TLD have to be registered through the accredited
DNR which in turn has to have an agreement with the Registry Operator. The
code of conduct of such registries are prescribed by ICANN. Registries are
expected to provide monthly reports as per the agreement with ICANN. It also
stipulates as to how the Registry Operators have to operate WHOIS services.
The format of the same is provided in Specification No. 4 of the Registry
Agreement. Specification No. 5 to the Registry Agreement also provides the
schedule of reserved names that are known as ASCII labels. Such labels
include expression such as ‘www’, ‘WHOIS’, ‘DNS’ etc., and names
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 111 of 243

belonging to countries and territories, names of internationally reputed
organisations such as International Olympic Committee, International Red
Cross, the Red Crescent Movement, Intergovernmental Organisations etc.
172. Clause 2.8 of the Registry Agreement lays down one of the
covenants of the Registry Operator in respect of ‘protection of legal rights
of third parties’ . As per the said clause, the Registry Operator shall take
reasonable steps to investigate and respond to any reports from law
enforcement, governmental and quasi-governmental agencies of illegal
conduct in connection with the use of the TLD. In addition, the Registry
Operator is also required to comply with the provisions of Specification No.
7 to the Registry Agreement which mandates adherence and implementation
of all the Rights Protection Mechanism in respect of Trademark
Clearinghouse. The ICANN maintains a Trademark Clearing House
Database (hereinafter “ TMCH Database ”) which is a central database
providing information to Registry Operators and DNRs, as also to the DNS to
support protection of trademark rights. This TMCH Database stores
information relating to trademarks which are registered on the database.
Whenever any Registrant seeks to register a domain name matching with a
trademark record existing on the database, a notice is given to the said
registrant in respect of the possible infringement of an existing trademark. In
addition, parallelly, a notification is also given to the trademark holder that
such a domain name which is matching to the trademark has been registered.
This database acts as a caution to Registrants of any attempt to register a
conflicting domain name, which could conflict with its trademark rights in
order to enable the trademark owner to decide to take action, if so required.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 112 of 243

Role of DNRs: Registrar-Accreditation Agreement
173. The role of DNRs is governed not only by the Registrar Accreditation
Agreement entered into between ICANN and DNRs, but also as per the
obligations under the Registry-Registrar Agreement and the Domain Name
Registration Agreement executed with a Registry Operator and a Registrant,
respectively. The said agreements with the Registry Operator and the
Registrant, respectively, would differ for different parties. However, the same
would have to comply with the provisions of the Registrar Accreditation
Agreement. Thus, in order to completely appreciate the DNR’s role in respect
of protecting the rights of third parties from trademark violation as also in
complying with Court orders, the Court has considered and examined the
Registrar Accreditation Agreement.
174. The various obligations of the DNRs under the Registrar Accreditation
Agreement are set out hereunder:
(a) Submitting the ‘Registered Name Holder Data’ to the Registry
Operator, including the domain name, IP addresses of the
nameservers, identity of the Registrar, and expiration date of the
domain name, as also any other data mandated by the Registry
Operator.
(b) Providing free public query-based access to data on registered names,
including the following:
(i) domain name;
(ii) creation and expiration of the registration;
(iii) name and postal address of the Registrant;
(iv) name, postal address, e-mail address, voice telephone
number of the technical contact for the domain name;
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 113 of 243

(v) The name, postal address, e-mail address, voice telephone
number of the administrative contact for the domain name.
(c) However, subsequent to enactment of GDPR, the disclosure of
Personal Data by the DNR would be subject to the Consensus Policy
adopted by ICANN as also the Registration Data Directory Services
(hereinafter “ RDDS ”) Specifications.
(d) The data in respect of the Registrant and the registered domain name
is to be made available to ICANN for inspection and copying.
(e) DNRs shall abide by applicable laws and governmental regulations.
(f) DNRs shall not register or renew any domain name which is included
in a list of names reserved from registration as maintained by the
concerned Registry Operator for the gTLD.
(g) DNRs shall conduct reasonable and commercially practicable
verification, at the time of registration, of contact information
provided by the Registrant, as also conduct re-verification of such
information.
(h) Upon being notified by any person as to the inaccuracy of any contact
information in respect of a registered domain name, the DNR shall
take reasonable steps to investigate and rectify the same.
(i) DNRs shall receive complaints of abuse of registered domain names
including DNS abuse and illegal activity. Upon receiving actionable
evidence of the said abuse, the DNR shall promptly take appropriate
mitigation actions that are reasonably necessary to stop or disrupt the
said abuse.
(j) ICANN may terminate the Registrar Accreditation Agreement where
a Court of competent jurisdiction has held:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 114 of 243

10
(i) the DNR to have permitted an ‘Illegal Activity’ , with
actual knowledge or through gross negligence in the
Registrant providing inaccurate registration data to the
DNR;
(ii) the DNR has failed to comply with an order of the Court;
(k) ICANN may also terminate the Registrar Accreditation Agreement if
it finds based on its review of the findings of arbitral tribunals, to have
been engaged in use of domain names identical or confusingly similar
to a trademark or service mark of a third party in which the Registrant
has no rights or legitimate interest, which trademarks have been
registered and are being used in bad faith.
175. In addition to the above obligations, the DNRs are also required to
comply with various specifications issued by ICANN, including the WHOIS
Accuracy Specification. The said specification requires validating and
verification of the information provided by the Registrant in respect of the
registered domain name. The DNR is required to validate within 15 days of
the registration the following information:
(a) Presence of data for all fields in a proper format of the respective
country;
(b) All email addresses, telephone numbers and postal addresses are
in proper format;
(c) Postal address fields are consistent across fields i.e., street exists
10
The term ‘Illegal Activity’ has been defined under Clause 1.13 of the Registrar Accreditation Agreement
(2013) as: “Illegal Activity” means conduct involving use of a Registered Name sponsored by Registrar that
is prohibited by applicable law and/or exploitation of Registrar’s domain name resolution or registration
services in furtherance of conduct involving the use of a Registered Name sponsored by Registrar that is
prohibited by applicable law.
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 115 of 243

in city, city exists in state/province, city matches postal code.
176. The DNR is also required to verify the contact information of the
Registrant, including the email and the telephone number through a tool-based
authentication method providing a unique code, in the following terms:
“i. the email address of the Registered Name Holder
(and, if different, the Account Holder) by sending an
email requiring an affirmative response through a tool-
based authentication method such as providing a
unique code that must be returned in a manner
designated by Registrar , or
ii. the telephone number of the Registered Name Holder
(and, if different, the Account Holder) by either (A)
calling or sending an SMS to the Registered Name
Holder’s telephone number providing a unique code
that must be returned in a manner designated by
Registrar, or (B ) calling the Registered Name Holder’s
telephone number and requiring the Registered Name
Holder to provide a unique code that was sent to the
Registered Name Holder via web, email or postal mail .
In either case, if Registrar does not receive an
affirmative response from the Registered Name
Holder, Registrar shall either verify the applicable
contact information manually or suspend the
registration, until such time as Registrar has verified
the applicable contact information. If Registrar does
not receive an affirmative response from the Account
Holder, Registrar shall verify the applicable contact
information manually, but is not required to suspend
any registration.”
177. Where the Registrant has wilfully provided inaccurate or unreliable
contact details, and the Registrant wilfully fails to respond within 15 days of
the inquiries by the DNR as to the accuracy of information, the DNR shall
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 116 of 243

either terminate or suspend the domain name, or place the registration on
‘ clientHold ’ and ‘ clientTransferProhibited ’, until the DNR has validated the
information.
NIXI - Registrar Accreditation Agreement
178. At this stage it would also be necessary to note that NIXI has its own
Registrar Accreditation Agreement in respect of ‘.in’ ccTLDs. All major
DNRs have agreements with NIXI for registration of the domain names with
‘.in’ extensions (hereinafter “ the NIXI Agreement ”). Certain obligations of the
DNRs registering ‘.in’ domain names differ from the obligations under the
corresponding agreement with ICANN. The same are captured in brief
hereunder:
(a) DNRs shall refrain from directly or indirectly cooperating with any
Registrant who violates or instigates violation of rules, regulations and
laws prevailing in India. The DNR shall be responsible for informing
NIXI in case of any violation by the Registrant;
(b) DNRs shall submit data of the Registrant to NIXI, including the
domain name, IP address of the nameservers, and other data
mentioned in clause 4.3 of the (hereinafter “ the NIXI Agreement ”).
(c) DNRs shall provide public access to data on registered domain names
in the following terms:
“4.3. Public Access to Data on Registered Names.
During the Term of this Accreditation Agreement:
4.3.1. At its own expense, Registrar shall provide an
interface or link to the ccTLD WHOIS. The information
to be made available shall include:
4.3.1.1. The registered name;
4.3.1.2. The names of the primary name server and
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 117 of 243

secondary Name server(s) for the Registered Name;
4.3.1.3. The identity of the Registrar (which may be
provided through Registrar's Website);
4.3.1.4. The creation date of the registration;
4.3.1.5. The expiration date of the registration;
4.3.1.6. The name, postal address, e-mail address,
telephone number, and( wherever available) fax number
of the registrant for the Registered Name;
4.3.1.7. The name, postal address, Aadhaar Card, PAN
Number, e-mail address, telephone number, and
(wherever available) fax number of the technical
contact for the Registered Name;
4.3.1.8. The name, postal address, e-mail address, voice
telephone number, and (where available) fax number of
the administrative contact for the Registered Name.
4.3.1.9. The name, postal address, e-mail address, voice
telephone number, and (where available) fax number of
the billing contact for the Registered Name;
4.3.2. Upon receiving any updates to the data elements
listed in this Section 4.3 from the Registrant, Registrar
shall promptly, and not later than three (3)
business/working days, update its database and provide
such updates to .IN Registry immediately.
4.3.3. Registrar agrees and undertakes that it shall
maintain an updated ccTLD WHOIS of all its
Registrants. Any non-maintenance of .IN WHOIS
database shall be considered as a material breach of
this agreement and .IN Registry may at its sole
discretion terminate the accreditation of the Registrar
and NIXI shall impose a penalty equal to five times the
monthly billing amount.
4.3.5. The Registrar undertakes that it shall abide by .IN
Registry directives/orders of the NIXI, if a prohibited
status on any domain name is in place and the Registrar
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 118 of 243

[…]”
(d) DNRs are bound to comply with the laws, rules, regulations, and
administrative notifications/orders etc., issued by NIXI and Indian
Governmental agencies concerning the internet and NIXI.
(e) In terms of clause 4.4.3 of the (hereinafter “ the NIXI
Agreement ”) anonymous or proxy registrations is disallowed. The
information about the Registrant or the Administrative Contact has to be
reflected and no privacy or proxy services would be provided by any DNR
of ‘.in’ or ‘.bharat’ domain name. Any violation of the said provision will
constitute a material breach of the (hereinafter “ the NIXI Agreement ”).
The said clause reads as under:
“4.4.3. Registrars shall not accept anonymous or
"proxy" registrations nor shall they include information
in the domain name registration for the "Registrant" or
"Administrative Contact" fields that do not reflect the
true registered domain name holder or administrative
contact. No privacy or proxy service will be provided by
any Registrar of .IN Registry to .IN/.Bharat domain
name registrants. It is to be noted that violation of these
provisions will constitute a material breach of the
agreement and the Registrar/Registrant can invite
termination of RAA by the NIXI along with the
imposition of appropriate penalty.”
(f) DNRs shall accept written complaints from third parties
regarding false or inaccurate WHOIS data of Registrants.
(g) Use of temporary email addresses during the process of creating
of a domain name and throughout its lifecycle by a Registrant is
prohibited. The DNRs are required to implement appropriate measures
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 119 of 243

to validate the authenticity of the email provided. The relevant Clause
4.4.9 of the NIXI Agreement as also the list of prohibited temporary and
encrypted email providers is extracted hereunder:
“The Registry explicitly prohibits the use of temporary
email addresses, as per the list available at the .IN
Registry website, during the process of creating a
domain name request and thereafter throughout the
lifecycle. Registrants are required to provide a valid and
permanent email address for communication and
verification purposes. The Registrar shall implement
appropriate measures to validate the authenticity of the
provided email address. In the event that a temporary
email address is being used, the Registry reserves the
right to reject or suspend the domain name. The
registrar will conduct annual verification process of
email addresses and maintain a log, which will be
provided to NIXI on regular basis.”

(h) In terms of Clause 4.4.11. of the NIXI Agreement the DNR shall
maintain record of IP logs associated with the registration and
management of domain names. The same shall include the IP addresses,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 120 of 243

timestamps, and relevant activity logs of all interactions between the
DNR’s systems and Registrant’s system. The said information shall be
stored securely for a period of 90 days.
(i) The NIXI Agreement also requires all Registrants, including
foreign nationals, to undergo mandatory ‘electronic Know Your
Customer’ (e-KYC) procedures. All Registrants are required to provide
accurate, authentic and verifiable identification information along with
supporting documents. The DNRs are required to maintain the said
information and provide the same to NIXI, if requested, within a period
of 3 working days. Further, NIXI may conduct random checks on the
e-KYC documents and WHOIS details provided by the Registrants.
(j) The DNR shall implement dual authentication procedure for the
Registrants, whereby verification/ authentication of Registrant shall be
done through verification of email address and designated contact
number.
(k) The DNR shall implement and maintain technical measures to
prevent the registration of domain names through virtual private
networks.
(l) DNRs shall not transmit the personal data of the Registrants from
WHOIS database to third parties unless directed by NIXI, LEAs or any
competent authorities of the Government of India as per the applicable
laws.
Privacy Considerations vis-à-vis Disclosure Obligations
179. The thrust of the submissions made by the DNRs, in respect of
disclosure of a Registrant’s information to the Plaintiffs, was on the privacy
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 121 of 243

obligations mandated under the respective agreements with ICANN and
Registry Operators, as also in terms of GDPR and DPDP Act.
180. It is noted by the Court that the standard Registrar Accreditation
Agreement was agreed upon and adopted by ICANN in the year 2013. The
said agreement and the Registry Agreement do not in any manner obligate
Registry Operator or DNRs to mask the data relating to any Registrants of
domain name. In fact the WHOIS Specification which is contained in the
annexure to the Registry Agreement, being Specification No. 4 titled
‘Registration Data Publication Services’, provides for collection of complete
details of the concerned DNR and the Registrant, as also the admin for the
domain name, the Registrar (administrative) and Registrar (technical). This
clause of the Registry Agreement is relevant and is extracted below:-
“1.4. WHOIS Data Directory Services.
1.4.1 Until the WHOIS Services Sunset Date, Registry
Operator will operate a WHOIS service available via
port 43 in accordance with RFC 3912, and a web-based
WHOIS Service at <whois.nic.TLD> providing free
public query-based access to at least the following
elements in the following format.
1.4.2 The format of responses shall follow a semi-free
text format outlined below, followed by a blank line and
a legal disclaimer specifying the rights of Registry
Operator, and of the user querying the database.
1.4.3 Each data object shall be represented as a set of
key/value pairs, with lines beginning with keys, followed
by a colon and a space as delimiters, followed by the
value.
1.4.4 For fields where more than one value exists,
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 122 of 243

multiple key/value pairs with the same key shall be
allowed (for example to list multiple name servers). The
first key/value pair after a blank line should be
considered the start of a new record, and should be
considered as identifying that record, and is used to
group data, such as hostnames and IP addresses, or a
domain name and registrant information, together.
1.4.5 The fields specified below set forth the minimum
output requirements.
1.4.6 Domain Name Data
(1) Query format: whois EXAMPLE.TLD
(2)Response format:
Domain Name: EXAMPLE.TLD
Registry Domain ID: D1234567-TLD
Registrar WHOIS Server: whois.example.tld
Registrar URL: http://www.example.tld
Updated Date: 2009-05-29T20:13:00Z
Creation Date: 2000-10-08T00:45:00Z
Registry Expiry Date: 2010-10-08T00:44:592
Registrar Registration Expiration Date: 2010-10-
08T00:44:59Z
Registrar: EXAMPLE REGISTRAR LLC
Registrar IANA ID: 5555555
Registrar Abuse Contact Email: email@registrar.tld
Registrar Abuse Contact Phone: +1.123551234
Reseller: EXAMPLE RESELLER1
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Domain Status: serverUpdateProhibited
Registry Registrant ID: 5372808-ERL
Registrant Name: EXAMPLE REGISTRANT
Registrant Organization: EXAMPLE ORGANIZATION
Registrant Street: 123 EXAMPLE STREET
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 123 of 243

Registrant City: ANYTOWN
Registrant State/Province: AP
Registrant Postal Code: A1A1A1
Registrant Country: EX
Registrant Phone: +1.5555551212
Registrant Phone Ext: 1234
Registrant Fax: +1.5555551213
Registrant Fax Ext: 4321
Registrant Email: EMAIL@EXAMPLE.TLD
Registry Admin ID: 5372809-ERL
Admin Name: EXAMPLE REGISTRANT
ADMINISTRATIVE
Admin Organization: EXAMPLE REGISTRANT
ORGANIZATION
Admin Street: 123 EXAMPLE STREET
Admin City: ANYTOWN
Admin State/Province: AP
Admin Postal Code: A1A1A1
Admin Country: ЕХ
Admin Phone: +1.5555551212
Admin Phone Ext: 1234
Admin Fax: +1.5555551213
Admin Fax Ext:
Admin Email: EMAIL@EXAMPLE.TLD
Registry Tech ID: 5372811-ERL
Tech Name: EXAMPLE REGISTRAR TECHNICAL
Tech Organization: EXAMPLE REGISTRAR LLC
Tech Street: 123 EXAMPLE STREET
Tech City: ANYTOWN
Tech State/Province: AP
Tech Postal Code: A1A1A1
Tech Country: EX
Tech Phone: +1.1235551234
Tech Phone Ext: 1234
Tech Fax: +1.5555551213
Tech Fax Ext: 93
Tech Email: EMAIL@EXAMPLE.TLD
Name Server: NS01.EXAMPLEREGISTRAR.TLD
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 124 of 243

Name Server: NS02.EXAMPLEREGISTRAR.TLD
DNSSEC: signed Delegation
DNSSEC: unsigned
URL of the ICANN WHOIS Inaccuracy Complaint
Form:
https://www.icann.org/wicf/ ”
181. This position, however, had to be modified in view of the GDPR
coming into effect. Thus, after the introduction of the GDPR, ‘Temporary
Specification for gTLD Registration Data’ (hereinafter “ Temporary
th
Specifications ”) has been adopted on 17 May, 2018 for publication of GTLD
data. The said specification mandates redaction of the Registrant’s details
including the name, street, city, postal code, phone number, fax etc., as also
the details of the administrative and technical contact. Only the email
addresses are permitted to be published without the consent of the Registrants.
This in effect has been converted into the default mechanism by all DNRs
wherein the data relating to the Registrants are completely redacted . This is
done even without consciously obtaining consent from the concerned
Registrant. Thus, as on date, for all domain name registration the details of
the Registrants of the administrative contact and of the technical contact
remain redacted and the onus is upon the registrant to consciously opt for
giving consent for publication of this data. This has resulted in a situation
where unscrupulous persons have taken shelter under the garb of privacy to
shield themselves from action against infringing conduct. Further, the
consequences of this practice have resulted in severe constraints on ICANN’s
ability to ensure accuracy of data provided by the Registrants, and has
enhanced the difficulty for complainants to access details of the infirming
domain name. This has also been acknowledged by ICANN, on its website,
the relevant portion of which reads as under:
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 125 of 243

“Data accuracy obligations and ICANN org's
enforcement of these obligations have not changed post-
GDPR. However, the volume of complaints has
diminished significantly concurrent with personal
registration data becoming unavailable following
adoption of the GDPR. ICANN org and potential
complainants now lack direct access to registration
data as a result of the GDPR, making it much more
difficult to identify instances of registration data
11
inaccuracy or to take action to correct them . [...]”
182. It is relevant to note that although the said Temporary Specification
require the DNRs and Registry Operators to redact information of the
Registrant, it also mandates that the DNRs and Registry Operators must
provide reasonable access to the personal data in the registration data to third
parties on the basis of legitimate interest pursued by the said third party. The
relevant portion of the same reads as under:
“4. Access to Non-Public Registration Data
4.1. Registrar and Registry Operator MUST provide
reasonable access to Personal Data in Registration
Data to third parties on the basis of a legitimate
interests pursued by the third party , except where such
interests are overridden by the interests or fundamental
rights and freedoms of the Registered Name Holder or
data subject pursuant to Article 6(1)(f) GDPR.
4.2. Notwithstanding Section 4.1 of this Appendix,
Registrar and Registry Operator MUST provide
reasonable access to Personal Data in Registration
Data to a third party where the Article 29 Working
Party/European Data Protection Board, court order of
a relevant court of competent jurisdiction concerning
the GDPR, applicable legislation or regulation has
provided guidance that the provision of specified non-
11
Accessed at: https://www.icann.org/resources/pages/registration-data-accuracy-obligations-gdpr-2021-
06-14-en
Signature Not Verified
Digitally Signed
By:DHIRENDER KUMAR
Signing Date:12.01.2026
11:03:15
CS (COMM) 475/2022 Page 126 of 243

public elements of Registration Data to a specified class
of third party for a specified purpose is lawful. Registrar
and Registry Operator MUST provide such reasonable
access within 90 days of the date ICANN publishes any
such guidance, unless legal requirements otherwise
demand an earlier implementation.”