Court mandates stringent measures for Domain Name Registrars, Registry Operators, Banks, and Government agencies to prevent cyber frauds and safeguard intellectual property, granting dynamic injunctions including for future infringements.
In a comprehensive and landmark judgment dated December 24, 2025, the Delhi High Court, presided by Justice Prathiba M. Singh, addressed the burgeoning issue of fraudulent domain name registrations infringing on the trademarks of reputed businesses, including Dabur India Limited and others. The judgment arises from a batch of commercial suits filed by various trademark owners seeking protection against the misuse of their registered marks and brands on the internet, particularly through domain names registered by unknown or fictitious entities for fraudulent activities.
The Court detailed the modus operandi of fraudulent domain name registrants who use well-known trademarks and brand names to create fake websites offering counterfeit products, fake franchisees, and jobs, luring innocent consumers into making payments to bank accounts unconnected to the legitimate brand owners. The identity of such registrants is often masked by privacy protection features provided by Domain Name Registrars (DNRs), proxy services, and the use of fake or unverifiable contact information, including temporary email addresses and mobile numbers.
Highlighting the systemic failures in the domain name registration ecosystem, the Court underscored the responsibilities of various stakeholders including Registrants, DNRs, Registry Operators, ICANN (Internet Corporation for Assigned Names and Numbers), Banks, the Reserve Bank of India (RBI), Telecom Service Providers (TSPs), Ministries of Electronics and Information Technology (MeitY), Department of Telecommunications (DoT), and Law Enforcement Agencies (LEAs).
Significant directions were issued in the judgment:
1. Domain Name Registrars and Registry Operators:
- Privacy protection features shall not be offered as default ‘opt-out’ services but only as paid, value-added services upon explicit consent by Registrants.
- Disclosure of registrant details - including name, administrative and technical contacts, addresses, emails, phone numbers, and payment-related information - must be provided within 72 hours to entities with legitimate interest, LEAs, or courts.
- Infringing domain names found unlawful must be permanently blocked and cannot be re-registered by any Registrar.
- Alternative or mirror domain names containing well-known or invented marks shall not be offered to prospective registrants.
- Appointment of Grievance Officers located in India is mandatory for all Registrars to ensure compliance and coordination.
- Verification of registrant details through electronic Know Your Customer (e-KYC) processes, including periodic re-verification, is mandated.
2. Government and Regulatory Authorities:
- MeitY, DoT, and other relevant bodies shall coordinate to establish a centralized repository of domain registrant data, possibly through NIXI, for easy access and enforcement.
- Non-compliant Registrars and Registry Operators can be blocked from offering services in India under Section 69A of the Information Technology Act, 2000.
- Facilitate access to Trademark Clearing House (TMCH) services for Indian brand owners to receive early notifications of potentially infringing domain name registrations.
- The Controller General of Patents, Designs and Trademarks (CGPDTM) is encouraged to maintain and publish a list of well-known marks and their official websites.
3. Banks and Financial Institutions:
- Mandatory implementation of the ‘Beneficiary Bank Account Name Lookup’ facility, ensuring payers verify the name of the payee before electronic fund transfers to prevent fraud.
- Compliance with updated Standard Operating Procedures (SOPs) for timely and efficient response to LEA requests for information related to cyber fraud investigations.
4. Dynamic + Injunctions:
- The Court granted a dynamic + interim injunction restraining the registrants and associated entities from using identified infringing domain names and any future mirror, redirect, or alphanumeric variations thereof that infringe on the trademark ‘DABUR’ and its variants.
- The injunction covers copying, reproducing, hosting, or facilitating the plaintiff's copyrighted website content.
- Registrars and social media platforms hosting such websites are ordered to disclose registrant details and suspend access.
- Internet Service Providers (ISPs) are directed to block access to infringing websites on notification.
- The injunction allows plaintiffs to implead new infringing domain names during the suit’s pendency, with the Joint Registrar empowered to extend injunctions accordingly.
The Court emphasized the grave impact of such fraudulent activities not only on trademark owners but also on innocent consumers, underscoring the erosion of trust and integrity in the online commercial ecosystem. It recognized the necessity to balance privacy rights with legitimate interests, referencing Indian and international laws including the Digital Personal Data Protection Act, 2023, GDPR, and decisions of the Court of Justice of the European Union.
Further, it was clarified that the safe harbour protection under Section 79 of the IT Act is not absolute and is forfeited where intermediaries actively facilitate infringement or fail to comply with Court orders. The judgment holds that DNRs profiting from offering infringing domain names bear responsibility and may be liable for damages.
The Court also provided a detailed exposition of the domain name system’s architecture, the roles and obligations of ICANN, Registry Operators, and DNRs under various agreements, and the challenges posed by privacy features and non-cooperation by foreign entities.
This ruling sets a precedent in India’s legal framework to combat cyber fraud and trademark infringement in the digital domain space, calling for coordinated action by stakeholders to uphold the rule of law and protect consumers and businesses alike.
Bottom Line:
Infringing domain names registered using well-known trademarks cause large-scale fraud and consumer deception; Domain Name Registrars (DNRs) and Registry Operators have significant obligations under ICANN agreements, GDPR, and Indian laws including DPDP Act to verify registrant details, disclose information on legitimate requests, and comply with Court orders; failure to comply can lead to loss of safe harbour protection and blocking of services under IT Act.
Statutory provision(s): Code of Civil Procedure 1908 (Section 20, Order XXXIX Rules 1, 2, 4), Trade Marks Act, 1999 (Section 2(2)(b), Sections 28, 29), Information Technology Act, 2000 (Sections 69A, 79, 81), Digital Personal Data Protection Act, 2023, Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, Information Technology (Procedure and Safeguard for Blocking for Access of Information by Public) Rules, 2009
Dabur India Limited v. Ashok Kumar, (Delhi) : Law Finder Doc Id # 2827169
