Amazon Seller Services Private Limited & Anr v. Amazonbuys.in & Ors.

PROCEEDINGS IN THE SUIT

1. amazonbuys.in GoDaddy LLC No

2. Estoreamazon. in GoDaddy LLC N/A

3. storeamazon.co.in GoDaddy LLC No

18.

19. The present suit was first listed before the Court on 26th May 2022, on which date the Court considered the plaint, the documents placed on record, and the applications filed by the Plaintiffs. Upon hearing the submissions made on behalf of the Plaintiffs and perusing the material on record, this Court was satisfied that the Plaintiffs had made out a prima facie case for grant of interim relief and that the balance of convenience lay in their favour. The Court further observed that the activities of the Rogue Defendants were likely to cause irreparable harm not only to the Plaintiffs but also to innocent members of the public, if an ex-parte ad-interim injunction was not granted. Accordingly, vide order dated 26th May 2022, this Court granted an ex-parte ad-interim injunction restraining Defendant Nos. 1 to 3 from infringing the to the concerned intermediaries and authorities for effective enforcement of the injunction. The relevant portion of the said order reads as under:

COMMON ISSUES ARISING IN THE BATCH MATTERS for ensuring that queries by the police authorities are replied to in a diligent and efficient manner, as it involves innocent customers being duped of substantial sums of money. Insofar as Google LLC was concerned, the Court directed it to nominate one official for communication with the Cyber Cell, Delhi Police and rendering assistance

54. Pursuant to the said directions, the concerned officials of NPCI being Mr. Ajay Shyam Pal, In-Charge Products and Mr. Nitesh S.K., Lead Product Development, were present in Court on 15th February, 2025. An affidavit dated 14th February, 2025 was also filed by NPCI in terms of the directions passed on 7th February, 2025. The Court perused the same and after considering the submission of Mr. Pushkar, ld. Counsel for NPCI, following directions were passed: this affidavit is Annexure 1 which contains the indicative reference list of key words not to be allowed to individuals. The said list also contains names/marks of well known brands or companies which cannot be permitted to be registered as IDs of account holders without the permission of the said entity/brand holder. Further, the said list also includes various websites and well-known marks, organizational names, Government bodies, corporate designations which are not to be registered.

23. It is submitted by ld. Counsel for NPCI that the said list is only an indicative list prepared by NPCI for the information of the banks and the same is not a definitive list. It is also submitted that the directions to the respective bank would have to be issued by the Court for refraining from registering a particular string of words. The NPCI does not have the power to implement the same.

24. Considering the said submissions, let the ld. Counsel for the NPCI take instructions as to whether upon a Court being satisfied that a brand or a mark has acquired a status which is well known and there ought to be an order directing that no individuals should be allowed to register bank accounts or UPI Ids or VPAs with the said brand names, an advisory can be issued by the NPCI to all banks in this regard, which would thereafter have to be implemented by

55. Further to the above directions, on 5th April, 2025, Mr. Pushkar, ld. Counsel submitted that it would not be possible for the NPCI to issue an advisory to the banks in terms of an order of the Court directing that no individuals should be allowed to register bank accounts or UPI IDs or VPAs with certain brand names. It is further submitted that the creation of UPI IDs or the VPAs is the responsibility of the respective banks and not of NPCI, accordingly, it is up to the banks, who permit registration of the IDs, to ensure that there is no violation or use of key words which are impermissible. In view of this submission, the Court directed IBA to file an affidavit addressing the above, including the issue as to what measures can be taken by the IBA to ensure compliance by all banks of any order which may be passed by the Court directing that no individuals should be allowed to register bank accounts or UPI IDs or VPAs with the certain brand names.

56. The IBA had filed an affidavit dated 22nd May, 2025 pursuant to the above directions, in which the stand of the IBA and its members has been recorded. The same was considered by the Court on 27th May, 2025. Mr. Gautam, ld. Counsel for IBA, had clarified that the IBA is only a voluntary society of banks. Further, Mr. Srinivas Rao, Advisor to IBA was also present online through video conferencing and submitted that an advisory has been issued to all member banks of the IBA to strictly comply with the circulars and instructions issued by the Reserve Bank of India, including the ones considered by the Court, in the present proceedings. through accredited DNRs to help protect the rights of brand owners on the Internet. Examples of services which Hosting Concepts has signed onto as an accredited DNR include: a. Trademark Clearinghouse (TCMH): TCMH is a global repository of validated and registered trademarks established by ICANN to (i) verify trademark data from multiple global regions; and (ii) maintain a database with the verified trademark records. Currently, ICANN has only authorized Deloitte to provide trademark verification services for TCMH. The advantage of TCMH include: i. Brand owners whose trademark rights are Mark Data (SMD) file, which is recognized by several registries as proof of minimum eligibility requirements. ii. New gTLD registries utilizing TCMH are required to offer a sunrise period for registration of domain names to brand owners at least 30 days prior to public access. iii. On new gTLD registries utilizing TCMH, for a 90-day period after launch, registrants attempting to register a second-level domain name will receive a warning if the name matches an entry in the TCMH. If the registrant registers the name anyway, the rights owner will receive a notification from the Trademark Claims system. iv. Rights holders with trademarks registered in the TCMH can opt in to receive additional notifications of exact matches to names they

76. categorically, relied on the order dated 4th December, 2023 of this Court in (CS (Comm) 303/2022) titled Burger King Corporation v. Swapnil Patil & Ors. to state that a similar order can be passed at the final stage and the examination in respect of all the identified domain names and the examination of additional domain names can be done by the Joint Registrar. On 5th April, 2025 it was submitted in respect of the privacy issues by Ms. Kruttika Vijay, ld. Counsel for Hosting Concepts BV, that all accredited DNRs with ICANN are mandated to comply with the provisions of the General Data Protection Regulation passed by the European Parliament and the Council of the European Union. Further, Mr. Raj Shekhar Rao, ld. Senior Counsel appearing on behalf of ICANN submitted that insofar as the TMCH and privacy issues in the context of GDPR are concerned, ICANN has already addressed the same in its responses to the questionnaires provided by the Ministry of Electronics and Information Technology and the same are annexed with the written submissions filed by ICANN in CS(Comm) 228/2021 titled Bajaj Finance Limited vs. Registrant of www.bajajfinserve.org and others.

V. STAND OF THE PARTIES

79. At the outset, Mr. Rajshekhar Rao, ld. Senior Counsel appearing on behalf of ICANN has submitted that ICANN does not submit to the jurisdiction of this Court. The submissions made by him are without prejudice to the said stand and solely for the purpose of assisting this Court.

80. It is submitted by Mr. Rao, ld. Senior Counsel that the relationship of ICANN with the Registry Operators, and DNRs is governed by the respective agreements which exist between the said parties. He submits that ICANN merely receives data from the Registry Operators and DNRs. The ultimate control mostly exists with the DNRs and some powers are also vested with the Registry Operators.

ICANN itself does not have any privity of contract with the Registrants and all policies of ICANN are implemented through the Registry Operators and DNRs.

81. He further submits that the manner in which ICANN functions is that it undertakes a complex process of evolving consensus amongst the members and various stakeholders including governments of several countries. Since, the entire functioning of ICANN is itself consensual in nature, it is submitted by the ld. Senior Counsel that ICANN cannot unilaterally submit any recommendations to the Court on a policy level. It is submitted that ICANN is not in a position to take any punitive or regulatory action against the Registry Operators and DNRs. However, ld. Senior Counsel submits that as the laws in each country continue to evolve, DNRs cannot escape the rigours of the law. Thus, any order passed by the Courts of competent jurisdiction would have to be implemented by the DNRs.

82. On a specific query from the Court as to whether privacy protect feature can be directed to be removed, ld. Senior Counsel highlights the quandary between the revealing of information on one hand and obligations under the Digital Personal Data Protection A DPDP Act other hand. He submits that the owner of the data who registers the domain name should under the DPDP Act specifically permit revealing of the details, failing which, under the said Act, the DNR would not be able reveal without an order of a Court of competent jurisdiction.

83. On another query from the Court, as to whether DNRs hold domain names by proxies, it is submitted that some DNRs may be doing so but the question as to whether the same DNR or some group entity or associated entity is holding said registration would have to be tested on the facts of each case. (B) GoDaddy

84. GoDaddy is a DNR having its headquarters in Tempe, Arizona, United States of America and incorporated in Delaware, United States of America. It provides domain name registration services for multiple generic Top-Level gTLDs -Level ccTLDs applicability of GDPR that all the details of the registrants have to be protected. GoDaddy claims that DNRs are mere intermediaries and are only required to act upon receiving actual knowledge by way of a order of the Court or a notification from the government. It complies with the necessary due diligence required under the IT Act and the Intermediary Rules, 2021. GoDaddy is not a significant social media intermediary. The mere fact that certain value added services are provided cannot deprive GoDaddy of the safe harbour protection.

85. The global block affidavit and global block services relied upon by the Plaintiffs are not provided by the GoDaddy but by its group company Brand level and not at the DNR level. As per GoDaddy, it is only a registry which can block a particular words string as also particular words from being registered as domain names. This is beyond the capabilities of DNRs as per GoDaddy.

86.

87. It is submitted by ld. Senior Counsel that in the Snapdeal (supra) decision dated 18th April, 2022,[1] the injunction against a string used in a domain name has already been dealt with and the Court has held that the injunctions in such cases would have to be on specific domain name and not on a string. He further submits that there are more than 2500 DNRs that are operating and unless and until an order for dynamic injunction, similar to the order in UTV Software Communication Ltd. v. 1337X.To, 2019 SCC OnLine Del 8002 is passed, a DNR cannot be made to monitor the registration of domain names for infringement of trademarks. It is argued that offering of domain names cannot be held to be infringement of a trademark. categorically, relied on the order dated 4th December, 2023 of this Court in (CS (Comm) 303/2022) titled Burger King Corporation v. Swapnil Patil & Ors. to state that a similar order can be passed at the final stage and the examination in respect of all the identified domain names and the examination of additional domain names can be done by the Joint Registrar. He also places importance on the decision of the Supreme Court of the United Kingdom in He also places importance on Cartier International AG and Others v. British Telecommunications Plc and Another, (2018) UKSC 28 to argue that the cost of locking and suspending domain name, and continuing to retain control of the same, cannot be borne by the DNR but by the Intellectual Property owner who seeks such reliefs. Judgement passed in I.A. 5407/2021 in CS(Comm) 176/2021.

88. Ld. Senior Counsel also submits that the ISPs or DNRs cannot be expected to presumptively maintain a check in respect of well-known marks. could be offering counterfeit products and offering the actual apple fruit online. It requires an adjudication or an examination to determine which domain name would be required to be blocked. It is submitted that the exercise under the Trademark Act, 1999 ought to be done by the Court and not by the DNR or the Plaintiff themselves. Moreover, trademark rights are territorial in nature and it has been seen in similar matters that there could be different registered proprietors in different jurisdictions for the same mark. Example of the decision of the US Court of Appeals in Toyota Motor Sales, U.S.A., Inc. v. Tabari[2],. is cited in order to Lexus mark is permissible under the nominative fair use doctrine.

89. According to Mr. Wadhwa, ld. Senior Counsel the only effective order that can be passed is against the Registry Operators and not against the DNRs, as was done against NIXI in the case of Burger King (supra). He further submits that under Section 79 of the Information Technology Act, 2000 IT Act Intermediary is only in respect of infringement of trademark which requires a Court order as held in Shreya Singhal v. Union of India, (2015) 5 SCC 1.

90. It is highlighted by ld. Senior Counsel that GoDaddy operates within the scheme of the Registrar Accreditation Agreement, 2013 or other versions thereof, as required by ICANN, and under the said agreement: Toyota Motor Sales, U.S.A., Inc. v. Tabari, 610 F.3d 1171 (9th Cir. 2010). i. A format has to be followed for registration of domain names; ii. A verification system through either an email or a phone number is done; iii. Privacy issues are also to be given utmost importance, especially after the enactment of the GDPR which is the standard followed by ICANN; iv. The facilities of opt in or opt out is provided to the consumer; v. The movement has been towards protecting private data in order to prevent misuse and therefore by default, the privacy protect feature ought to be permitted. It is submitted by the ld. Senior Counsel that disclosure of information ought to be the exception rather than the default rule.

91. On behalf of Goddady, it is also highlighted that there are similar cases which are dealt with by international jurisdictions. An example is Hermes International v. John Doe, 12-CV-1623(DLC) (SDNY April 30, 2012), is cited to show how the permanent injunctions are only against identified infringing domain names and additional infringing domain names have to be brought to the notice of the Court for the said injunction to be extended.

92. Mr. Wadhwa, ld. Senior Counsel has referred to Section 69A of the IT Act as also Rule 4 of the to argue that both these provisions would not permit blocking of services of the Intermediary itself. These provisions at best permit blocking of the content which is violative of public order Section 69A of the IT Act is considered, the violation of a trademark or other IP rights cannot constitute a breach of public order. He thus submits that Section 69A of the IT Act itself would not be applicable in the present case and any blanket remedy in the form of blocking of the DNR to ensure compliance of Court orders would not be tenable. The blocking of services by a particular DNR being provided in India would in effect result in closure of the business of the said DNR, which would also have an impact on Registrants of various domain names to whom the said DNR may have provided services. Reliance is placed on the report of MeitY which mention that the blocking of Namecheap Inc, Diana LLC and Tucos Inc. adversely affected 2.[5] lakh users in India.

93. Mr. Darpan Wadhwa, ld. Senior counsel has relied upon the written submissions filed by GoDaddy to argue that there are two types of DNRs, (1) who does not appear before the Indian Courts and are refusing to comply with the orders, (2) where there are DNRs who regularly appear before the Courts and there is merely delay in compliance. In the later case, the blocking of the business of the DNR ought not to be resorted to as the intention of the DNR is not to violate the orders of the Court but the delay could also be explainable. In the former case, he submits that the DNR itself ought not to be blocked as the same would be contrary to Section 69A of the IT Act, inasmuch as Section 69A of the IT Act merely contemplates removal or blocking of the information for access to the public but it does not contemplate the blocking of the intermediary as a whole.

94. In respect of the privacy and proxy services provided by the DNRs, ld. Senior Counsel has firstly relied upon the ICANN Registrar Accreditation Agreement, which is currently in force. Specifically, he refers to clause 3.14 and the certification of privacy and proxy registrations. The said clause 3.14 is extracted hereinbelow:

3.14 Obligations Related to Proxy and Privacy Services. Specification or Policy that establishes a Proxy Accreditation Program. Registrar also agrees to reasonably cooperate with ICANN in the development of such program. Until such time as the Proxy Accreditation Program is established, Registrar agrees to comply with the Specification on Privacy and Proxy Registrations attached hereto

95. It is his submission that providing services through proxy servers and also providing privacy protect features is permissible under the ICANN Accreditation Agreement. In fact, it is his submission that after the enactment of the GDPR, the default position has to be protection of personal data. Reliance is placed upon Article 1, Article 4(5) and Article 25 of the GDPR and the same are extracted hereunder: Article 1: Subject-matter and objectives:

1. This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

2. This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

3. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data. Article 4: Definitions: 4(5). personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Article 25: Data protection by design and by default:

1. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.

2. The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made indefinite number of natural persons.

3. An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate compliance with the requirements set out in

96. According to Mr. Wadhwa, ld. Senior Counsel the requirement for privacy protection is not merely an option, but in fact a mandate for all DNRs. He then relies upon the Temporary Specifications published by ICANN for gTLD Registration Data, which has in fact, implemented the GDPR and mandates that most data relating to the Registrants has to be redacted. Even in response to WHOIS query, only proxy/substitute email can be provided and nothing more. GoDaddy, in fact, fol Request for Disclosure of Non-Public Registrant Information such information, can file either an IP complaint form, an abuse complaint form, or a domain name holder request form and the same would be duly processed as per the policy of GoDaddy.

97. It is also submitted, while placing reliance on Article 6 of GDPR, that the provisions of GDPR have to be strictly followed and that only in cases of information of a Registrant be permitted. On the basis of said provision, the ld. Senior Counsel submits that GoDaddy has adopted a mechanism wherein a specific IP complaint form and NPRD request form has been provided for raising complaints. It is submitted that as per the NPRD request form, one of ownership of any individual or entity over the intellectual property. If a party is able to show ownership over the intellectual property, upon a request being made via the NPRD form, GoDaddy would be required to investigate and respond to the said request withing a period of 30 days. It is argued that the such methods adopted by GoDaddy show that it is exercising its powers in a completely non-discriminatory and transparent manner.

98. Finally, reliance is placed upon the DPDP Act which also has laid down various obligations of entities processing personal data of individuals, such as GoDaddy. Further reference is also made to various definitions laid down in the DPDP Act including Sections 2(h), 2(j), 2(n), 2(t), 2(u) & 2(x). It is argued that in terms of the said provisions information of Registrants would be clearly covered and thus would have to be protected from disclosure. The said sections are extracted hereinunder for ease of reference: concepts, opinions or instructions in a manner suitable for communication, interpretation or processing by human beings or by automated means; conjunction with other persons determines the purpose and means of processing of personal data; personal data relates and where such individual is

(i) a child, includes the parents or lawful guardian of such a child;

(ii) a person with disability, includes her lawful guardian, acting on her behalf; personal data on behalf of a Data Fiduciary; appointed by the Significant Data Fiduciary under clause (a) of sub-section (2) of section 10; online mechanism wherein the proceedings, from receipt of intimation or complaint or reference or directions or appeal, as the case may be, to the disposal thereof, are conducted in online or digital mode; digital form; xxx xxx xxx who is identifiable by or in relation to such data; processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data; this Act; under the provisions of this Act; wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;

99. It is submitted by the ld. Senior Counsel that under Section 4 of the lawful purpose only if consent is given or for certain legitimate use. What constitutes the Specific reference is made to Sections 7(c), 7(d) & 7(e) of the DPDP Act. The same are extracted hereunder: Section 4

4. (1) A person may process the personal data of a Data Principal only in accordance with the provisions of this Act and for a lawful purpose, (a) for which the Data Principal has given her consent; or (b) for certain legitimate uses. (2) For the purposes of this section, the expression expressly forbidden by law. Section 7

7. A Data Fiduciary may process personal data of a Data Principal for any of following uses, namely:

(c) for the performance by the State or any of its instrumentalities of any function under any law for the time being in force in India or in the interest of sovereignty and integrity of India or security of the State;

(d) for fulfilling any obligation under any law for the time being in force in India on any person to disclose any information to the State or any of its instrumentalities, subject to such processing being in accordance with the provisions regarding disclosure of such information in any other law for the time being in force; (e) for compliance with any judgment or decree or order issued under any law for the time being in force in India, or any judgment or order relating to claims of a contractual or civil nature under any law for the time

100. It is his submission that the consent from a data principal for disclosure under Section 6 of the DPDP Act has to be so clear and unequivocal that unless and until consent is obtained, the legitimate intent is to protect privacy at the highest.

(C) Hosting Concepts

101. Ms. Kruthika Vijay, ld. Counsel appearing for Hosting Concepts has submitted that the compliance with GDPR is mandatory for almost all DNRs, especially, her client which is situated in Netherland. At the outset it is clarified by her that GDPR would only apply wherever the Registrant is a natural person and not a corporate or other business entity. Thus, in case of corporate or other non-natural business entity, the disclosure of data relating to the Registrant of the infringing domain name would not be covered by the GDPR.

102. She makes reference to Article 4 of GDPR to explain the process of. Further, attention of the Court is also drawn to Article 5(1)(c) read with Article 25 of the GDPR as per which only minimum data which is required to be collected ought to be collected. This is also known as data minimisation the said provisions collect only the minimum required data which is necessary for processing the same.

103. She submits that the GDPR being an instrument which is applied by about 32 countries, various Courts and forums in different countries have interpreted it differently and thus, the implementation of the GDPR can prove to be challenging at times. Ms. Vijay, ld. Counsel describes GDPR as an amorphous legislation whereby the framework is changing continuously depending upon the interpretation which is adopted by the Courts. It is also submitted that the DNRs themselves need to be protected, failing which there would be huge implications for DNRs.

104. Reliance is also placed upon the Temporary Specifications for gTLD prescribed by ICANN and she submits that if there is any conflict between the Temporary Specification and the Registrar Accreditation Agreement, the former prevails. Thus, it is her submission that the DNRs continuously struggle between ensuring compliance with the Registrar Accreditation Agreement and the Temporary Specification. It is further pointed out that in terms of the Temporary Specification, details of the Registrant have to be redacted and privacy is the default position. She further submits tha Registration Data Access Protocol Response Profile RDAP Response Profile by ICANN, in fact, imposes further obligations upon the DNRs, such as, the manner in which the redaction has to be done. Specific reliance is placed upon Clauses 2.[7] of the RDAP Response Profile, which deals with contacts and the redaction clause. It is argued by the ld. Counsel that in terms of the RDAP Response Profile protection of privacy is mandatory and there can be no compromise on the same.

105. Ms. Vijay, ld. Counsel has referred to a decision of the Court of Justice of the European Union[3] CJEU preliminary ruling from the Supreme Court of Latvia in respect of interpretation of Article 7(f) of the EU Directive 95/46/EC[4] (similar to Article 6(f) of the GDPR).

106. Considering the above, ld. Counsel submits that insofar as Hosting Concepts is concerned, a model framework could be laid down for disclosure of the data of Registrants which may involve the following steps:- (a) That the framework should require a request to be made in writing to the DNR, either through the Grievance Officer or through a web portal. (b) The request should be credible and verifiable (such as a notarized affidavit with some basic conditions that are being satisfied therein).

(c) The same should be properly verified so that there is no fabrication or forgery. Case C-13/16 passed by the CJEU on 4th May, 2017 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection

(d) The Person requiring the information ought to indemnify the DNR for steps taken against an alleged infringing Registrant. (e) The information should be capable of disclosure by the DNR in a Court or before any authority, if sought. (f) In addition, she submits that other safeguards and exclusions ought to be that only verifiable rights can be considered by DNRs and not common law rights relating to pending applications. (g) The standard of misuse or infringement alleged should be something which constitutes fraudulent or illegitimate use having a larger implication. (h) If a particular website is being used for supporting for illegitimate purposes, upon the above facts having been satisfied, the privacy requirements can be suspended and disclosure of registrant details can be permitted. However, the same would also not result in either transfer or suspension of the domain name for which an appropriate Court would have to be approached. It is, therefore, her submissions that under national law proper frameworks can be evolved to deal with illegitimate and fraudulent websites.

107. Further, Hosting Concepts claims to be an intermediary and argues that it would not be liable for any third party content hosted on the website. As per the affidavit dated it is stated that Hosting Concept shall comply with orders of the competent Court directing locking, suspension, cancellation or transfer of identified infringing domain names. It is also willing to disclose details of Registrants pursuant to directions being issued by the competent Courts.

108. According to Hosting Concept, the mechanism developed by the ld. Single Judge of this Court in UTV Software Communication (supra) ought to apply even to rogue websites in the present batch of matters. Insofar as preventive or automatic blocking of registrations of domain names is concerned, Hosting Concepts claims that the same is within the realm of the Registry Operators and not the DNRs. Finally, the position of Hosting Concepts on the blocking of future domain names is as under: complied) with the orders of competent courts directing the locking, suspension, cancellation or transfer (at respective Plaintiff's costs) of the specifically identified domain names found to be identified as being illegally used by persons other than legitimate right holders, and will further comply with specific directions requesting disclosure of details of registrants of such domain

109. It is also stated that Registry Operators are able to provide certain services/features such as Trademark Clearing House, Domain Protected Marks List and Adult Block, which would show the various tools/methods at the disposal of the Registry Operators to address the issues arising in the present matters. The nature of services that are provided under these features are as under: Trademark Clearinghouse (TCMH): TCMH is a global repository of validated and registered trademarks established by ICANN to (i) verify trademark data from multiple global regions; and (ii) maintain a database with the verified trademark records. Currently, ICANN has only authorized Deloitte to provide trademark verification services for TCMH. The advantages of TCMH include: i. Brand owners whose trademark rights are Mark Data (SMD) file, which is recognized by several registries as proof of minimum eligibility requirements. ii. New gTLD registries utilizing TCMH are required to offer a sunrise period for registration of domain names to brand owners at least 30 days prior to public access. iii. On new gTLD registries utilizing TCMH, for a 90-day period after launch, registrants attempting to register a second-level domain name will receive a warning if the name matches an entry in the TCMH. If the registrant registers the name anyway, the rights owner will receive a notification from the Trademark Claims system. iv. Rights holders with trademarks registered in the TCMH can opt in to receive additional notifications of exact matches to names they have registered in the TCMH. b. Domain Protected Marks List (DPML): This is a service which is provided by the registry, Identity Digital for TLDs registered with it (e.g. army, info, legal). Broadly explained: i. DPML defensively blocks registrations of trademarked brands across the Identity Digital portfolio of domains. At time of purchase, all Identity Digital domain names matching the trademarked brand are reserved, allowing only the trademark holder to register them going forward. ii. To be eligible to access DPML, rights holders must hold an SMD file validated by TCMH. iii. The DPML service is available only with respect to the trademarked brand with various gTLDs. For example, if the trademarked brand is "dabur", the DPML service can be used to defensively block registrations of dabur.army, dabur.info, dabur.legal etc. c. AdultBlock: This is a service which is provided by ICM Registry, which manages four different extensions:.xxx, adult,.porn and.sex. i. AdultBlock is available for any right holders (i) holding a TCMH SMD file, (ii) with a registered trademark in any jurisdiction, (iii) with an unregistered trademark (also called "common law trademark"), (iv) with a company or organization name, including "trading as", and (v) a celebrity wishing to protect their name. ii. Domains that are already registered with ICM Registry at the moment the block is ordered are not included, but as soon as such domain is cancelled,

110. In addition to the above, it is stated that ICANN also has a schedule of reserved name in terms of specification 5 of the RAA which is signed by all registries.

(D) Newfold Digital Inc.

111. One of the DNRs in the present suit with which certain infringing domain names have been registered is the Defendant No. 4 Public Domain PDR Seychelles and stated to be a subsidiary of the Newfold Digital Inc. Newfold Group 5 At the outset, the stand of NewFold Group is similar to that of Godaddy i.e., that whenever orders are being passed by this Court they have been duly complied with by the Newfold Group. It is also stated that they are intermediaries under the IT Act.

112. On behalf of Newfold Group, Mr. Dayan Krishnan, ld. Senior Counsel had appeared and has firstly addressed the issue as to what orders the Court can pass in case a DNR does not comply with or adhere to the orders passed The submissions have been made on behalf of PDR and all other affiliates of Newfold Digital Inc., such as Endurance Digital Domain Technology LLP, BigRock Solutions Limited and Hostgator.com LLC, which have been impleaded as Defendants in other suits forming part of the present batch matters. by the competent Courts in India in respect of either suspending, blocking or locking the infringing domain name. It is his submission that the business of the said DNR or the access to the DNR services cannot be blocked under Section 69A of the IT Act. The said provision is to be used only in case of exceptional circumstances as contained in the said section itself, viz.

(i) sovereignty and integrity of India, (ii) defence of India, (iii) security of the State, (iv) friendly relations with foreigner States, (v) public order, and (iv) for preventing enticement to the commission of any cognizable offence relating to the said six circumstances. It is submitted by the ld. Senior Counsel that Section 69A of the IT Act cannot be used to enforce inter se rights of the trademark owners, which are commercial disputes in nature and thus, would be outside the purview of the said section.

113. It is argued that the only term, which may need some consideration by Public Order Senior Counsel has already been decided by the Supreme Court in various judgments as public tranquility and safety. It is submitted that mere contravention of law would not affect public order, unless if affects the community or the public at large. In this regard, reliance is placed on the decision of the Supreme Court in Ram Manohar Lohia v. State of Bihar, AIR 1966 SC 740. The submission is that mere non-compliance of Court orders by the DNRs does not amount to breach of public order, and a higher standard has to be adopted while invoking the provisions of Section 69A of the IT Act.

114. He further relies upon the following judgments: (1) Shreya Singhal v. Union of India, (2015) 5 SCC 1; and (2) Google India Pvt. Ltd. v. Visaka Industries, (2020) 4 SCC 162.

115. Mr. Krishnan, ld. Senior Counsel has also directed the attention of the Court to the Blocking Rules, 2009, specifically Rules 6, 7 & 8 to argue that the blocking of access to any information has to be in the manner as specified in the said Rules and, would thus require consideration from a Committee consisting of members not below the rank of Joint Secretary, as prescribed under Rule 7 of the Blocking Rules, 2009. Such a blocking of information is to be resorted to in extreme circumstances and not on a regular basis. He finally submits that certain situations may require legislative intervention and may be beyond the powers of the Court to block the business of the DNR. However, if the Committee under Rule 7 of the Blocking Rules, 2009 comes to a conclusion that non-compliance by the DNR could affect or infringe upon the sovereignty and integrity of India, then it is up to the Government to take action. It is submitted that Rule 10 of the Blocking Rules, 2009 is not applicable to the present cases where there is violation of intellectual property rights and no blanket order for compliance ought to be passed.

116. He also relies upon the judgment in (PUCL) vs. Union of India, (1997) 1 SCC 301, wherein the Supreme Court was dealing with Section 5(2) of the Telegraph Act which permits the Government to intercept messages, to argue that the said judgment also makes it considerably clear that such provisions must be construed narrowly and the same cannot be done unless the conditions mentioned under the said provision are satisfied. It is also submitted by the ld. Senior Counsel that orders may be granted giving liberty to the Plaintiffs for filing applications for impleadment of infringing defendants along with evidence.

117. Furthermore, as per the note dated 15th February, 2025 filed by the and cannot be implemented by the said DNR is as under:

118. Moreover, it is also stated that one of the terms of the registration of the domain name is that the Registrant ought not to use the services of the DNR in a way that infringes a patent, trademark, copyright or other IP rights. Further, it is also stated that ICANN and NIXI, both require compliance with local laws as also compliance with orders issued by the Court of competent jurisdiction. Lastly, it is stated that payment details of the Registrant with the DNR can be provided in order to trace the person who has registered the domain name. (E) Verisign

119. Verisign is a Registry Operator incorporated in Reston, Virginia, United States of America. At the outset, it is stated that Verisign does not have any offices or employees in India and does not carry on any business in India, hence, it is stated that Verisign does not submit to the jurisdiction of this Court. Verisign is stated to be the delegated Registry Operator for various cc com.name.net for certain internationalized domain names in various scripts:

120. The said TLDs are managed by Verisign in terms of the Registry Agreement with ICANN and the functions performed by Verisign are briefly set out below: -Level operator, it maintains the authoritative master directory of all second level domain name ("SLDs") in the TLD. The said master directory includes the following technical details relating to the registrations: (i) the SLDs (such as "verisign.com") for the TLD; (ii) the Internet Protocol ("IP") addresses (such as 192.42.177.30) of the name servers associated with the SLDs; (iii) the name of the Registrars of the SLDs; and

121. As is evident from the above, Verisign is one of the most important com net name extensions, which are the most popular domain name extensions. More than 90% of the infringing domain names in the present commercial suits are com issues that have arisen in these cases.

122. It is stated in the affidavit dated 2nd April, 2025 deposed by one Mr. Kirk Salzmann, authorised representative of Verisign, that Verisign does not provide any direct domain name registrations to end users. A Registrant who wishes to register a domain name with the TLDs operated by Verisign, has to get the same done through the DNR which has a Registry-Registrar Agreement with Verisign in respect of the said TLD. It is stated that most of the data relating to the Registrant lies with the DNR and not with Verisign. It also does not provide web hosting services. The nature of capabilities Verisign possesses are claimed to be limited. According to Verisign, the terms name does not have a standard meaning or definition across the relevant industry. Considering the same, it is stated that Verisign is capable of Extensible Provisioning Protocol EPP status codes jurisdiction. The same are as under: serverDeleteProhibited - prevents a domain name registration from being deleted from the Registry. Deleting a domain name ends its registration and makes it available for others to register. b) serverTransferProhibited prevents a domain name from being transferred from one Registrar to another. This does not prevent a domain from being transferred from one Registrant to another. c) serverUpdateProhibited prevents certain aspects of the domain name (such as the name servers) from being updated. d) serverRenewProhibited- prevents a domain name registration from being explicitly renewed by the e) serverHold prevents a domain name from resolving to a website. This means that the domain name is no longer active in the DNS and the corresponding website can no longer be accessed by typing the domain name in an internet browser. The website can, however, still

123. In addition, it is submitted that if an order is received by Verisign for serverHold name, in effect, therefore, even if the domain name is registered, the website would not accessible through the said domain name. Further, if the Court combination of three status codes could be implemented eteProhibited, However, it is stated that any order of the transfer of the domain name from one Registrant to another cannot be implemented by Verisign, as the same can only be done by the DNR. It is also necessary to note the fact that as per Verisign all the EPP status codes which are implementable by Verisign can also be implemented by the concerned DNRs.

124. On the question as to whether registration of infringing domain names in future can be prohibited, it is stated that Verisign does not have the technology to block particular word-strings. However, subject to approval of ICANN, certain character strings ca as per Clause 2.[6] of the Registry Agreement, and any string added therein would not be registered by any Registrant. A perusal of the kind of word strings that can be blocked by Verisign is as under: Verisign and ICANN in respect of the.com,.net, and.name TLDs do not grant Verisign the authority to prevent the registration of any unregistered word strings. While the.com,.net., and.name Registry Agreements each include a list of character strings that Verisign is required to reserve and not make available for registration, no change to the lists can be made without explicit approval by ICANN (and amendments to the agreements). Furthermore, Verisign's registry from being registered as domain names. Such functionality is not part of Verisign's systems and could not be therefore implemented without changing the computer code and systems that operate those TLDs. The.com Registry Agreement dated 1 December 2024 entered into between Verisign and ICANN is attached herewith as Document 1. the.net Registry Agreement and the name Registry Agreement entered into between Verisign and ICANN are on similar lines as the.com Registry Agreement. The current standard form of the 'Base Registry Agreement' (as publicly available at https://www.icann.org/en/registry-agreements/baseagreement) ("Base RA") that is entered into between ICANN and some Registries, does entitle (under Clause 2.6) a 'Registry Operator' to reserve (i.e. withhold from registration) or block character strings within the concerned TLD. The IDNs operated by Verisign, listed above, are subject to the Base RA. A current standard form of the Base RA is attached herewith as Document

2.

27. Verisign has no ability to limit its actions on a geographic basis. Any action Verisign takes would apply globally. An order from a court of competent jurisdiction that prevents the registration of word strings (i.e. trademarks) as SLDs would effectively amount to a global injunction, restraining even genuine and bona fide users (including possibly prior users) and rights holders in other jurisdictions from using the

125. It is, however, clarified by Verisign that the action cannot be taken on a geographical basis and would have to be applied globally, which may negatively affect the rights of genuine and bona fide users in other jurisdictions. (F) Registry Services

126. Registry Services is a Registry Operator having its registered office in Wilmington, Delaware, United States of America. Registry Services operates and maintains administrative date of certain TLDs. As noted above, vide order dated 15th February, 2025 the Court had called upon Registry Services to disclose its stand on the following issues: manage and supervise; ii. Whether in respect of the said domain name extensions, orders for suspension, locking, blocking and transfer of the domain names can be implemented by them in respect of existing infringing domain names; iii. Whether the said Registries can also implement orders injuncting registration of infringing domain names in the future which contain the brands/trademarks as may be directed by the Court in

127. Pursuant to the above directions, an affidavit dated 12th March, 2025 deposed by one Ms. Crystal Peterson, authorised representative of Registry Services, was filed in the batch matters. The said affidavit states that it provides services in respect of various TLDs, a large number of which are generic and ccTLDs. Registry Services has taken the position that it cannot implement any Court order for blocking, suspending or transfer of the domain names as it does not perform those functions as a Registry Operator. However, it can lock, hold, transfer, delete or reserve specific character stings. It does not provide any web-hosting services. It cannot implement the Court order related to management of domain names. It also cannot implement any Court order injuncting registering of infringing domain name in future. (G) MeitY

128. During the course of these hearings it was found that several DNRs are not complying with the orders passed by the Court. This was resulting in continuous misuse of the infringing domain names, as also violation of the orders of the Court. After giving adequate opportunities to the DNRs, in some cases, the Court took a strict stand and directed that those DNRs who are not implementing the Court orders ought not to be permitted to provide their services in India. Some such orders which have been passed by this Court are extracted below: Order dated 9th November, 2022:6 and DoT, submits that as and when the Plaintiffs have notified the departments about various infringing websites, which are involved in illegal streaming of the issued. If the Court has passed suspension and disclosure orders, the DNRs ought to have taken action in accordance with law. He however submits that through VPN networks, these DNRs may still be accessible, thus allowing streaming/hosting/etc. of infringing content to continue.

11. In the backdrop of the above discussion, insofar as the above listed DNRs, which are not giving effect to the orders of this Court, i.e., NameCheap Inc./Defendant No.13, Dynadot, LLC/Defendant No.14, Tucows Inc./Defendant No.16, Gransy s.r.o./Defendant No.17, and Sarek Oy/Defendant No.18, since DoT and MeitY are present before this Court, they are directed to immediately take action within one week against these DNRs for non-compliance of the orders passed by this Court. The authorities shall also look into the question as to whether these DNRs ought to be permitted to continue to offer their goods and services in India, if they are not giving effect to orders of Indian Courts and not complying with the applicable laws under the Information Technology Act, 2000, and the 2021 Rules. Star India Pvt. Ltd. & Anr. v. MHDTV World & Ors., CS(COMM) 567/2022. Order dated 21st March, 2023:7 CS(COMM) 567/2022 on 9th November, 2022, are set out below: insofar as the above listed DNRs, which are not giving effect to the orders of this Court, i.e., NameCheap Inc./Defendant No.13, Dynadot, LLC/Defendant No.14, Tucows Inc./Defendant No.16, Gransy s.r.o./Defendant No.17, and Sarek Oy/Defendant No.18, since DoT and MeitY are present before this Court, they are directed to immediately take action within one week against these DNRs for non-compliance of the orders passed by this Court. The authorities shall also look into the question as to whether these DNRs ought to be permitted to continue to offer their goods and services in India, if they are not giving effect to orders of Indian Courts and not complying with the applicable laws under the Information Technology A

5. In view of the above, the defendants no.38 and 39 are directed to take appropriate action against the defendant no.23, Gandi SAS and defendant no.25, NameSilo, LLC, for non-compliance of the order dated 2nd September, 2022 and file status report within four weeks from today. Order dated 10th February, 2023:8 the matters have also informed the court that a number Star India Private Limited v. 7movierulz.tc & Ors., CS(COMM) 604/2022. Dabur India Limited vs. Ashok Kumar & Ors., CS(COMM) 135/2022 of DNRs have completely refused to comply with the blocking orders and other directions issued by this Court, in respect of infringing domain names.

8. In view of the aforementioned facts which have come made before this Court from time to time and the e-mails which have been placed on record today, such as emails by Namecheap Inc, it is clear that stringent steps would be required to be taken, in order to curb the menace of illegal domain name registrations having well known marks and names of business houses. It is accordingly directed that MEITY/DoT/the appropriate authority shall take steps action in accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 against DNRs who do not agree to comply with the said Rules or do not appoint grievance officers or implement orders of Indian Courts/Authorities.

9. Ld. Counsel for the Plaintiffs are free to communicate with the official from MEITY Mr. Pradip Verma, who shall act as the nodal officer for this purpose to coordinate with DoT and any other authorities, at the email address pradip.verma@meity.in and submit their respective lists of DNRs who are stated to be not complying with the orders passed by this Court and not appointing the grievance officers.

10. It is directed that the concerned MEITY/DOT officials shall peruse the various orders which are passed in these proceedings prior to taking any action under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Steps in respect thereof, in terms of Rules be taken within four weeks. The action so taken shall be placed on record by MEITY by means of a status report by the

129. These orders were to be implemented through MeitY/DoT. Upon their services being blocked from being offered in India, some of the noncompliant DNRs moved appropriate applications before the Court and undertook to implement the relevant Court orders, which then led to lifting of the directions to block the said DNRs.

130. Further, in the written submission dated 26th May, 2023 filed on behalf of MeitY reliance is placed on the decision of this Court in Snapdeal Pvt. Ltd. v. Godaddy.com LLC, 2022 SCC OnLine Del 1092, wherein the Court has dealt with various issues qua DNRs and domain names vis-à-vis trademark infringement. It is argued on behalf of MeitY that in terms of the said judgement DNRs are intermediaries under the IT Act and the DNRs would be where the domain names sold by the DNRs infringes the registered trademark of a third party.

131. In respect of enforcement of orders against non-compliant DNRs is concerned, the stand of MeitY is that the course of action taken by this Court in Star India Pvt. Ltd. & Anr. v. MHDTV World & Ors., CS(COMM) 567/2022 vide order dated 9th November, 2022 when enforced in conjunction with Rule 10 of the Blocking Rules, 2009, is the only effective mechanism for ensuring that non-compliant DNRs duly comply with the Court orders. Moreover, it is stated in the status report dated 25th March, 2023 that where a DNR repeatedly does not comply with the directions of the Court, the same would be construed as a violation of public order under Section 69A of the IT Act.

132. In addition, Mr. Harish Vaidyanathan Shankar, ld. CGSC relies upon his written submissions to canvass the position that the judgment in Shreya Singhal (supra) makes it clear that in case there is contempt of Court or any other factors as contemplated in the Article 19(2) of the Constitution of India, the power of blocking would exist. He submits that the Article 19(1) of the Constitution of India is meant to protect legitimate businesses and not those businesses who are complicit in fraudulent activities being carried out. Thus, Shreya Singhal (supra) is a decision where the Court can rely upon to block a DNR from offering services in India.

133. Considering the above position as also the implications and significance of the issues involved in these batch matters, the Court was of the opinion that the Government i.e., MeitY should also take a stand in this matter as to how to curb the proliferation of infringing domain names which were having a large scale impact on consumers and the general public. Further, pursuant to the directions passed by this Court in the batch matters,

134.

MEITY undertook a stakeholders consultation with different entities including the DoT, ICANN, Delhi Police etc. It is stated that MeitY had also issued a questionnaire to various entities including ICANN, DoT, NPCI, NIXI, various DNRs, CERT-IN, Cyber Law & e-Security Division of MeitY, and Delhi Police. A meeting was also held by MEITY with all these stakeholders. Some of the feedbacks received are as under:

135. captured below:

4. That Internet Governance Division of MeitY followed up with the Internet Corporation for Assigned Names and Numbers (hereinafter referred to as 'ICANN') on the issues involving domain name infringement and non-compliance of DNRs in a related matter. !CANN, in its response placed at Annexure I, has· submitted as follows. That Section 5.5.2.1.[4] of the RAA (Registrar Accredited Agreement ) states that !CANN may terminate a registrar's RAA where a court of competent jurisdiction determines that the registrar has failed to comply with the terms of an order issued by a court of competent jurisdiction relating to the use of domain names sponsored by the registrar. If evidence is received, ICANN Contractual Compliance would follow its established process and take enforcement action as permitted by the RAA. The RAA provides various means of redress for consideration; termination of the RAA is

136. In respect of the privacy protect feature and proxy services provided by the DNRs, it was stated by ICANN that providing privacy services to Registrants is optional and at the discretion of the DNRs. The relevant portion of its response reads as under: Additional Comments While the MeitY specifically requested (i.e., requested orally during the meeting on 27th December 2022) -identified issues 1 and 7, ICANN also provides the below comments concerning certain of the other draft recommendations set forth by the MeitY. With respect to court-identified issue no. 2 (concerning privacy and proxy registration services), ICANN does not obligate registrars to offer privacy or proxy services to registrants. Providing such services is optional, at the discretion of the registrars. However, registrars that do choose to offer privacy or proxy services (themselves or via a registrar's affiliated entities) must comply with the RAA's Specification on Privacy and Proxy Registrations. This Specification requires privacy and proxy service providers to publish their processes to report abuse of a domain name and infringement of trademarks or other rights of third parties, and to include privacy and proxy customer contact information in the registrar's data escrow deposits. The ICANN community has also, via the multistakeholder Policy Development Process, developed recommendations for the creation of a privacy and proxy service provider accreditation program. ICANN's implementation of this program is currently paused pending further implementation efforts on related Consensus Policy

137.

ICANN has implemented the Uniform Domain Name Dispute ICANN UDRP ICANN URS the trademark owners in the event of infringing domain names. It would be t not barred. One of the legitimate interest which is an exception and permits disclosure of data is for the purposes of consumer protection, investigation of cyber crime, DNR abuse and intellectual property protection.

138. th March, 2023, also states that the Committee of ICANN had highlighted the issue of domain name abuse in the meeting held between 11th to 16th March, 2023. Considering the growing method for curtailing the said abuse. The Government continues to have its deliberations with ICANN in this regard. The said status report also highlights that India is a member of WIPO based UDRP procedure, which also provides online despite resolution mechanism.

139. HIOX India having its registered office in Coimbatore, Tamil Nadu. In its response to the questionnaire circulated by MeitY it was stated that HIOX has adopted mobile OTP verification and Aadhar verification process for providing domain name registrations. It was also stated that foreign and Indian DNRs ought to be mandated to follow the KYC process. Further, it is stated that privacy policy ought to be made a paid service and the WHOIS details can be shared with the authorised party upon an email being received from a person deprived of data. All DNRs or Registry Operators which operate in India have to mandatorily follow the Indian law. The details of payments received such as credit card details, etc., can be made available only to authorised LEAs, however, the payment gateways do not seek consent of the party for providing details to LEAs.

140. The main issue raised by CERT-IN is that the identity of persons registering domain names is masked and most of the details are fictitious and not traceable. Thus, it is stated that a process needs to be put in place for obtaining the WHOIS details of the domain name.

141. It is stated that blocking of domain names cannot be done under Section 69A of the IT Act unless it involves national security or public order issues.

142. NIXI has introduced e-KYC policies for ensuring accuracy of WHOIS details of the Registrant as per the government records. It has issued general instructions to DNR to avoid registration of the domain names which resemble well-known trademark. It is stated that on receiving a complaint from a well-known trademark owner regarding infringement, arbitration.IN Dispute Resolution Policy receiving a Court order or an order from an authorised agencies blocks a dispu become a data repository provided due acceptance is received from the competent authority.

143. In respect of the question whether NPCI can share the details of the accused with the LEAs and/or aggrieved persons in the event of an unlawful activity, it is stated that NPCI only shares transactional information with the LEAs under the CrPC. NPCI would not be in a position to assist LEAs with the identity of a cyber-criminal, however, the relevant banks would be available able to do so. (H) Stand of MHA

144. Pursuant to the orders passed by this Court on 24th November, 2023 and 1st February, 2024, the MHA had convened a meeting on 1st April, 2024 headed by the Chief Executive Officer, I4C with the different LEAs to understand the issues faced by them in respect co-ordination and receiving information from intermediaries. Another meeting was also convened on 10th April, 2024 headed by the Joint Secretary, Cyber & Information Security, MHA. In the said meetings various problems were highlighted and it was agreed that there is a need for a common online portal to integrate LEAs, banks and financial intermediaries to take action against financial cyber frauds. It would be relevant to mention few of the issues highlighted in the said meetings:

(i) Need for centralised system to obtain information from foreign domain name registrars and registries.

(ii) IT Intermediaries should collect necessary KYC and payment details to help identify persons violating the law online.

(iii) Privacy protection features used in WHOIS databases are being abused by criminals and information necessary for investigation, upon request, should be made available to LEAs.

(iv) Details from domain registrars, hosting agencies and mail service providers should be readily available for investigation.

(v) Actual IP address should be accessible where domain proxy services are used. Additionally, details of other domains owned by the same person should be provided.

(vi) WHOIS database entries should include administrative details, payment information, IP addresses, SSL certificate provider agency details, and KYC details.

145. As per MHA various steps have been taken to implement the directions of this Court qua improving the co-ordination between various agencies to prevent cybercrime, specially relating to financial fraud. A portal i.e., lodging complaints has also been made operational by I4C. Further, more than

38.87 lakhs complaints were reported on the said portal which is now the centralised portal where complaints for reporting of cybercrimes. In addition, I4C has also constituted seven Joint Cyber Coordinate Teams have been constituted for dealing with cybercrime cases. Lakhs of SIM cards and thousands of mobile devices have been blocked to prevent cybercrime.

(I) Stand of the Delhi Police

146. The Delhi Police has created the IFSO to look into the misuse of wellknown marks in misleading domain names, websites and URLs. Pursuant to the various orders passed by this Court investigation was conducted in the respective suits against the alleged accused persons using the infringing domain names for committing financial frauds. In the course of the said investigations, several issues and challenges have arisen for the Cyber Cell of Delhi Police as also the IFSO. The same have been highlighted by the Cyber Cell, Delhi Police in its written submissions dated 26th September, 2023.

147. It is stated that whenever any domain name or website is used in the commission of crime, the details are collected from the DNR as also the web hosting company. The mode in which the payment is made to the DNR or the web hosting services is also collected. The details are obtained from the bank accounts and the mobile numbers which are available. It is also stated that

148. The challenges faced by Delhi Police are that most intermediaries from abroad do not furnish details of the Registrants of the infringing domain names in view of privacy policy and insist on warrants or assistance through the Mutual Legal Assistance Treaty MLAT obtaining of information considerably. In contrast, domestic intermediaries provide better assistance however, foreign intermediaries having server in foreign countries tend to deny information arbitrarily.

149. One of the biggest road blocks in safeguarding the money in cases of online financial fraud is that the responses from banks is not satisfactory. There are no anti-fraud measures put in place by banks and e-wallets. The banks and financial institutions are not open post working hours and on weekends, though, they provide services to their own customers even during the said break. Banks ought to have a single window system for redressing cyber frauds and providing information to LEAs.

150. As per Delhi Police, bank accounts are being opened by bank officials without proper verification of the account holder in online bank accounts there is no physical verification. Intermediaries do not disclose how the payment is received for registration of the domain name and the sub-domain.

151. Details of intermediaries providing cloud services, web hosting services and mode of payment is also not furnished. IP address captured while creating the domain or sub domain is not furnished. The mobile numbers which are given by domain name registrants are either wrong or do not exist, thus, the OTP verification at the time of registration of the domain name ought to be necessitated upon.

152. In addition to banks and financial institutions, the Cyber Cell has also highlighted the issues with social media intermediaries such as Google. It is stated that agencies such as Google ought to be directed not to provide promotional services such as adword, bookings, search engine optimisation to infringing domains and websites. Further, it is stated that Google does not respond to data disclosure requests and the standard automatic reply received is as under: communications be sent from an official government (J) Submissions on behalf of the Plaintiffs in the batch matters

153. Since, the present suit has been heard along with a batch of matters raising common issues, where similar grounds have been raised by the Plaintiffs, for the sake of brevity it would be apposite to consider together all the submissions raised by the Plaintiffs in the batch of matters.

154. Mr. Anirudh Bhakru, ld. Counsel had appeared for the Plaintiff in the lead matter i.e., Dabur India (supra) and made submissions. He has firstly highlighted two orders passed by this Court dated 2nd June, 2022 and 3rd August, 2022 wherein the issues were crystalized and the Court has clearly observed that the present system of registering domain name is unsatisfactory. It is submitted that though the status of the DNRs is that of intermediaries, the intermediaries are also benefiting by offering a full range of domain names permitted to be offered, as held in the same would constitute trademark use and, therefore, the DNRs are not merely intermediaries but they do owe responsibility as well.

155. He has relied upon the decision of the ld. Single Judge of this Court in - Snapdeal Pvt. Ltd. v. Godaddy.com LLC, 2022 SCC OnLine Del 1092, which dealt with the trademark infringement and registration of domain Snapdeal Single Judge observed that use of the domain names by DNRs for the purpose of registration and offering of the same especially for profit, would constitute reinaft the TM Act by use in the course of trade of the alleged infringing domain name can also be raised against the DNRs. It is further submitted that insofar as the said decision is concerned, the Court held DNRs responsible if the DNR is using the domain name registration as a model for generating profits by providing alternative domain names. If that is so, the judgment holds clearly that the DNR would lose the status of intermediary. Insofar quia timet actions are concerned, the Court merely held that an order in futuro restraining any domain name cannot be passed and the Court would have to examine the matter qua the concerned domain name.

156. It is submitted that Section 79(2)(c) of the IT Act read with Rule 3(1)(b)(iv) of the Intermediary Rules, 2021 mandates that an intermediary is required to undertake due diligence in order to ensure that Intellectual Property rights are not infringed. Thus, failure of the DNRs to undertake due diligence as mandated would make them liable to forego the safe harbour protection.

157. It is the submission of ld. Counsel that the Court has to first look at the nature of the mark, determine if it is an inventive mark and grant the highest level of the protection i.e. permanent injunction against use and registration of the said mark as a prefix. In the case of generic marks, the Court could modify the injunctions or could direct the trade mark owner to approach the Court and obtain an order. The order of injunction, that can be granted, ought to be granted depending upon the nature of the trade mark, for which protection has been sought.

158. Ld. Counsel also relies upon the decision in Google LLC v. DRS Logistics (P) Ltd., (2023) 4 HCC (Del) 515 to argue that in the case of adwords, where trademarks have been monetized to be used as an ad-word, the Division Bench of this Court has already held that the intermediary would be liable even for contributory infringement. The intermediary, therefore, has to make adequate effort to stop violation and infringement by them, failing which DNRs could be made responsible even for substantial amounts of damages.

159. The last aspect, which has been highlighted is in respect of de facto privacy being provided to all Registrants. The said feature, which has been provided by most DNRs, especially GoDaddy, is resulting in masking the actual culprits and the domain names, which are worth more, are blocked. The lack of KYC while registering domain names is the root cause of all these fraudulent activities. In fact, DNRs, who are earning substantial sums of money are not found forwarding any solution. It is his submission that they also exhibit an abhorrence to comply with the orders passed by the Court and technicalities are cited to justify non-compliance. He also submits that even when the information is provided by the DNR, the same is so unsatisfactory that no effective action can be taken against the registrant of the domain name. Ld. Counsel submits that KYC ought to be introduced in order to safeguard the interest of third stakeholder in these matters i.e., the consumer/victim, who may loose money and as has been seen in all these suits, the said victims/consumers hardly ever get back their money. The lacuna is at different levels, banking levels as also at the DNR levels, since they are unregulated. There is hardly any diligence being exercised by the DNRs.

160. Ld. Counsel finally submits that even one week of fraudulent websites being permitted to operate could cause enormous damage to the public. Thus, interest. (K) Stand of various Plaintiffs in the batch matters

161. Since, the present suit has been heard along with a batch of matters raising common issues it would be apposite to also consider the submissions raised by the Plaintiffs in other suits in respect of the same.

162. Mr. Sidharth Chopra, ld. Counsel appearing for several Plaintiffs including HT Media Ltd., Bajaj Finance Ltd., Hindustan Unilever Ltd., and Fashnear Technologies Pvt. Ltd., has made the following submissions: (a) at the outset submitted that the orders by which services of DNRs were blocked through ISP in India pursuant to order of this Court in Star India Pvt. Ltd. & Anr. v. MHDTV World & Ors., CS(COMM) 567/2022, was a measure which was required to be taken in the context of complete non-compliance by DNRs of the orders passed by the Court. He submits that when the Court orders were communicated to DNRs, such as Namecheap Inc., Hostinger, GoDaddy.com etc., the stand taken by them was that unless and until an order from a Court in United States of America is received, they would not be bound by the same. The ld. Counsel has taken the Court through various emails from Namecheap Inc. including emails dated 22nd August, 2022, 6th October, 2022, 22nd February, 2023 and 13th March, 2023. (b) It is submitted that after Namecheap Inc. took the position of non- Court and thereafter the orders for blocking of the services of the DNRs, including Namecheap Inc. was passed. Pursuant to the same, vide email dated 13th March, 2023 the concerned Plaintiff was informed that millions of customers of Namecheap Inc. have been affected due to the blocking order and that Namecheap Inc. was willing to provide the information sought. Ld. Counsel submits that the said email reveals the manner in which unless and until coercive measures were directed by the Court, there was no compliance by the DNRs. Some DNRs, including government order and no affidavit would be filed before the Court by Namecheap Inc., since Namecheap Inc. is not required to comply with a Reference is made to email dated 30th January 2023, 15th February, 2023, and 22nd February, 2023 to argue that in fact, Namecheap Inc went to the extent that it ought to be deleted from the array of parties as it cannot be compelled to comply with the orders passed by the Court.

(c) A similar situation arose in case of Hostinger, which also moved an application before the Court that the Grievance Officer is being appointed only for domain names and that thousands of customers were facing access issues to their websites and domain names due to the blocking orders. Similar position was also taken in an application filed by Dynadot LLC as well, which claims that millions of customers are affected by the blocking order.

(d) It is his submission, therefore, that the DNRs, who do not comply with the orders passed by the Court, a strict action ought to be taken against them. Reliance is also placed upon the decision of the ld. Division Bench in Department Of Electronics and Information Technology v. Star India Pvt. Ltd., 2016 SCC OnLine Del 4160 wherein the Court has clearly directed that the strict action ought to be taken to curb violations and the government and its instrumentalities have a duty to assist in the enforcement of orders passed by the Court. (e) Mr. Chopra, ld. Counsel also submitted that in none of these matters, the DNRs challenged the rights of the Plaintiff in the marks or brands. The only question is as to how the orders are to be enforced. It is his submission that stringent measures ought to be permitted as without such measures the rule of law itself is under threat. (f) He relies upon the Section 69 and Section 69A of the IT Act to argue that if the emails such as those written by Namecheap Inc. are ignored, it poses threat to the sovereignty of this country, which need not only be territorial sovereignty, compliance of orders of Court is an integral part of the sovereignty. (g) Further, it is his submission that the cascading effect of non-compliance is also necessary to be borne in mind as there is no deterrence against such non-compliance. The DNRs though having no competing interest also benefit from making available domain names, which violate trademark rights. In such cases, the interest of the public, which has been duped, is of paramount nature. In fact, Civil Courts ought to have the powers, bearing in mind judgement in Department Of Electronics and Information Technology v. Star India Pvt. Ltd., 2016 SCC OnLine Del 4160 that a preliminary enquiry ought to be directed by the police authority so that the details of the persons, who have registered the domain names and for freezing orders to be passed against the bank accounts, where the amounts are kept. Such orders would be required to be implemented through police as, failing which, the fraud is continued to be perpetuated. (h) Targeted remedies as done in case of dynamics and dynamic plus injunctions with sufficient safeguards would protect the interest of IP owners as also strike at the violations. It is his submission that finally a judicial oversight would be required for directing enquiry by the police under Section 161 of the Code of Criminal Procedure, 1973. After which upon obtaining information, the IP owner can go to the Court seeking appropriate remedy.

163. Mr. Abhishek Singh, ld. Counsel appearing in three suits of Amul, Bajaj Finance Ltd. and ITC Ltd. has made the following submissions: (a) submits that there is no identifiable data whenever such domain name registrations are being permitted by masking of the details. In fact, he relies upon the provisions of the DPDP Act and submits that under Section 2(t) of the said Act, the personal data of any individual ought to be an identifiable data and Section 3 of the same also makes it adequately clear that so long the services are being provided in India, the Act would apply to the data, which is outside the territory of India. (b) Ld. Counsel further submits that in a case like AMUL, 90 Defendants have already been impleaded and there are more which need to be impleaded. He emphasises that only generation of an email is sufficient and the said email itself becomes the identity of the Registrant, without any further details, which is leading to the proliferation of such infringing domain names. Finally, Rule 3 of Intermediary Rules, 2021 is also relied upon to argue that reasonable efforts have to be made by the intermediary to ensure that there is no infringement of IP rights such as trademarks under Rules 3(b)(iv). He emphasises that reasonable efforts are not even been made by the DNRs to avoid infringement as the finding of infringement has already been rendered against them in the decisions, which are being relied upon.

164. In addition to the above, written submissions have been filed by the Plaintiffs in each of the suits in the batch matters, wherein the following broad submissions have been made: (a) The DNRs, which generate a substantive portion of their revenues from India, ought to be directed to comply with the orders passed by the Courts. Under the IT Act, there are several obligations upon the DNRs, which they need to comply with and non-compliance of the orders passed by the Court ought to be vested DNRs with consequences such as foregoing the safe harbour protection. Any non-compliance of Court orders ought to be construed as violation of public order and sovereignty under Section 67A of the IT Act. The internal sovereignty could be effected in case of non-compliance by the DNRs. Under the IT Act, designated officer can punish with imprisonment if there is noncompliance. Non-compliant DNRs also pose threat to compliant DNRs as they would get monetary benefits if domain names are transferred from one DNR to the other by the Registrant. Internet governance would be substantially effected if the DNRs are permitted to violate orders by the Court. Hence stringent measures are required. (b) Notice ought to be also issued to the ISPs, banks to disclose details of whatever data is available with them in respect of bank accounts, mobile numbers, payment gateway information etc. Matching of the beneficiary name should be mandatory and not merely matching of the account number. During investigation, the bank accounts have been debited and, therefore, there should be immediate bank account freezing upon commencement of investigation.

(c) Dedicated email ought to be provided for accessing data. DNRs ought to be directed to transfer the infringing domain names. Privacy protected features should not be permitted to be abused. Expedited blocking for well-known marks should be sought for domain names registration. Any non-compliant DNRs not to be permitted to undertake any future transactions from India.

(d) When the criminal complaints are initiated, arrests are made and victims of these frauds were found in several countries of the world like USA, UK, Canada, South Africa, and Netherland. Sometime infringing domain names also perform services of domain name servers operating from foreign countries. Multiple suffixes i.e., domain name extensions, which are made available, made the process of tracing domain name fraud impossible and till some major illegality is detected by then it is too late. The process under MLAT or the Hague Convention[9] is quite time consuming. (e) DNRs are not entitled to safe harbour protection as they are not merely acting as intermediary but are also consciously promoting registration of infringing domain names by providing multiple services including alternate domain name registration wherein the trade mark is also used as alternate extensions etc. The DNRs have created algorithm to facilitate their own businesses and are not ignorant of the alternate domain names, which are being presented for registration. They also fail to undertake due diligence as required under law. (f) The DNRs are not merely intermediaries as they offer various services Convention on the Service Abroad of Judicial and Extrajudicial Documents in Civil or Commercial Matters. They also have technology blocking specific words, words strings etc. The role of the Registry Operator is limited. It is the DNR, who can block the domain name.

ANALYSIS AND FINDINGS

165. Heard ld. Counsels for the parties who have entered appearance in the present batch of matters.

166. It is pertinent to note that none of the contesting Defendants against whom allegations of use of infringing domain names have been raised, have appeared before this Court or participated in the proceedings which have been continuing since 2022. Prevention of Financial Frauds

167. The commercial suits involving fraudulent domain names, initially seemed to be one-off cases. However, after the constitution of the IP Division of the Delhi High Court, a clear pattern started emerging wherein there were a large number of such suits were being filed by brand owners which then warranted a comprehensive and consolidated mechanism to deal with these situations. It was realised that in some of these commercial suits the financial fraud which had taken place was running into crores of rupees. Cyber cells of various police agencies were intimated, complaints were registered. In fact arrests of a few persons was also made in some cases. FIRs were also registered in a large number of cases and the proceedings in those cases are going on. However, in order to consider as to whether there can be some coordinated and structured solution to this problem of financial frauds using reputed trade marks and brand names, notice was issued to the RBI and to various other banks where the accounts were opened by these unscrupulous and infringing entities/ individuals.

168. The individual banks came forward with their KYC data revealing the identities of the persons who had opened the bank accounts. Such persons had given their mobile numbers and through the said mobile number some individuals were traced. However, in most cases, the Registrants and the ultimate beneficiaries are still unknown or untraceable.

169. One of the major causes of amounts being transferred in favour of such infringers was also because the innocent persons who were making payments did not realise that they were not making payments to the actual brand owners or business owners such as Colgate or to Dabur but in fact to some unconnected individuals. In order to plug this clear loophole that existed in NEFT and RTGS transactions, notice was also issued to the NPCI. After several orders been passed from time to time, the RBI introduced the facility for RTGS and NEFT system, on 30th December, 2024. In terms of the said facility, all banks were directed to adhere to the following instructions: -25 dated December 30, 2024) Introduction of beneficiary bank account name lookup facility for Real Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT) Systems

1. To ensure that remitters using RTGS and NEFT systems can verify the name of the bank account to which money is being transferred before initiating the transfer and thereby avoid mistakes and prevent frauds, a solution for fetching the beneficiary's name is being implemented. Based on the account number and IFSC of the beneficiary entered by the remitter, the facility will fetch the beneficiary's account name from the bank's Core Banking Solution (CBS).

2. This facility shall be made available to remitters through Internet banking and Mobile banking. The facility shall also be available to remitters visiting branches for making transactions.

3. To ensure uniform experience for customers, the banks shall adhere to the instructions given below: i. Provision to verify beneficiary bank account name shall be provided in Internet banking and Mobile banking facilities at the time of registering a beneficiary and at the time of one-time fund transfer where the beneficiary may not be registered. ii. Provision to re-verify a registered beneficiary at any time shall also be provided. iii. Beneficiary account name provided by the beneficiary bank shall be displayed to the remitter. iv. In case the beneficiary name cannot be displayed for any reason, the remitter can proceed with the fund transfer, at her discretion. v. Specific alert messages as provided in the technical document, issued earlier by NPCI, shall be displayed to the remitter.

4. Both remitting and beneficiary banks shall preserve detailed logs of all queries made, responses received and all other activities as part of beneficiary bank account name lookup facility.

5. NPCI shall not store any data relating to this facility. In case of a dispute, the remitting bank and the beneficiary bank shall resolve the dispute based on the unique lookup reference number and the corresponding logs.

6. While providing the facility, banks shall ensure to comply with legal provisions related to data privacy, if any.

7. Beneficiary account name lookup facility shall be made available to customers without any charge.

8. All banks who are direct members or sub members of RTGS and NEFT are advised to offer this facility no

170. Banks were also directed through the IBA and the Central Economic CEIB direction was given on 15th April, 2024 for finalisation of a Standard of the SOP LEAs. The said SOP was finalised and was issued on 31st May, 2024.

171. With the issuance of the RBI circular and the SOP issued by the Department of Revenue CEIB to all banks, the issue relating to the name of the recipient becoming visible to the payer has been resolved. Even the sharing of information from banks to LEAs has also been resolved. The IBA in its affidavit dated 22nd May, 2025, has clearly stated as under: 10/0112024 informed that a High-Level Meeting on prevention of cybercrimes was held by RBI with a team of Senior Officials from Ministry of Home Affairs (MHA) including I4C and DGPs of some States. The LEAs were of the view that there was a need for Banks to expedite:-

(i) Response to the complaints lodged on National

(ii) Response to the complaints lodged over weekend/

(iii) Timely sharing of information sought by LEAs etc.

2.6. That to examine the issues referred by RBI, IBA had constituted a Sub Group of 11 Banks to discuss on the above points and to place the deliberations before the Standing Committee and Managing Committee of IBA. The Sub Group deliberated on the subject and made suggestions for further streamlining the process and a draft SOP was designed and shared with CEIB on 15/05/2024. The same is annexed herewith and marked as Annexure A-3.

2.7. That in compliance of the Order dated 15.04.2024 passed by this Hon'ble Court, the Central Economic Intelligence Bureau (CEIB) prepared the revised and updated SOP dated 31.05.2024 and forwarded the same to all concerned Authorities as mentioned in the said OM dated 31.05.2024 while forwarding a copy of the same to Indian Banks' Association also.

2.8. That the Indian Banks' Association has forwarded the aforementioned revised SOP dated 31.05.2024 prepared and circulated by the Central Economic Intelligence Bureau to all the Member Banks vide mail dated 03.06.2024 for doing the needful. Copy of the mail dated 03.06.2024 addressed by Indian Banks' Association to all the Member Banks along with OM dated 31.05.2024 issued by the CEIB is annexed herewith and marked as Annexure A-4

2.9. That with regard to the Circular dated 26.06.2020 issued by NPCI to all PSP's and Third-Party Application Provides - UPI, IBA has nothing more to add. Copy of the Circular dated 26.06.2020 issued by NPCI is annexed herewith and marked as Annexure A- 5.

2.10. That as regard the Circular dated 30.12.2024 issued by the RBI to all Banks participating in RTGS and NEFT Systems, it is submitted that the said instructions dated 30.12.2024 issued by the RBI are binding on all the Participating Banks in view of Section 10 (2) read with Section 18 of Payment Settlement Systems Act, 2007 and IBA has nothing more to add. Copy of the Circular dated 30.12.2024 issued by the RBI to all Banks participating in RTGS and NEFT Systems is annexed herewith and marked as Annexure A-

172. In terms of the affidavit of the IBA extracted above, all banks are lookup facility. Insofar as digital payments through UPI and other payment ame becomes visible when such a payment is made. However, the infringing websites were taking advantage of the non- RTGS and NEFT, which now is a loophole that has been fully plugged with the th December, 2024.

173. However, at this stage, the Court is required to adjudicate the various issues arising in relation to the use of infringing domain names and in effective protection of the trademarks of the Plaintiffs. In view of the detailed hearings conducted and the submissions of the parties, the following issues have been identified to be addressed in the present proceedings:

(i) What are the obligations and liabilities of a DNR in respect of an alleged infringing domain name registered with the said DNR? Whether the said obligations are sufficient for protecting the intellectual property rights of third parties?

(ii) What measures may be directed by the Court to be implemented by the

(iii) What measures may be directed by the Court against DNRs who refuse to comply with the Court orders?

(iv) Directions

(v) Relief to be granted in the Applications seeking interim relief.

ISSUE I: WHAT ARE THE OBLIGATIONS AND LIABILITIES OF A DNR IN RESPECT OF AN ALLEGED INFRINGING DOMAIN NAME REGISTERED WITH THE SAID DNR?

AND WHETHER THE SAME ARE SUFFICIENT FOR PROTECTING THE INTELLECTUAL PROPERTY RIGHTS OF THIRD PARTIES?

174. At the outset it is expedient to understand the manner in which the domain name registration system works and the various players or entities that are involved in this system.

175. It is common knowledge that to communicate between different computers/devices across the internet, each computer/device is assigned a unique numerical identifier which is referred to as the Internet Protocol address or IP address. A domain name represents the IP address or other resource, in the form of a string of letters instead of the numerical identifier. This makes it easier for the user of internet to access websites etc., by ead of using the corresponding numerical address (i.e., 172.217.0.78).

176. The domain name system, thus, acts as an address book for the internet. This address book is coordinated across the world by ICANN which is a notfor-profit organisation that, inter alia, prescribes the policies that govern the domain name system.

ICANN prescribes the technology that has to be used, the standards that are to be maintained and how the various protocols would What Does ICANN Do? To reach another person on the Internet you have to type an address into your computer -- a name or a number. That address must be unique so computers know where to find each other.

ICANN coordinates these unique identifiers across the world. Without that coordination, we wouldn't have one global Internet. In more technical terms, the Internet Corporation for Assigned Names and Numbers (ICANN) helps coordinate the Internet Assigned Numbers Authority (IANA) functions, which are key technical services critical to the continued operations of the Internet's underlying address book, the Domain Name System (DNS). The IANA functions include: (1) the coordination of the assignment of technical protocol parameters including the management of the address and routing parameter area (ARPA) top-level domain; (2) the administration of certain responsibilities associated with Internet DNS root zone management such as generic (gTLD) and country code (ccTLD) Top- Level Domains; (3) the allocation of Internet numbering

177. There are several stakeholders involved in the functioning of the domain name system and registration of domain names - each entity having a fixed role within the system. The said system is illustrated hereunder:

178. Thus, a Registrant who wishes to register a domain name would avail the services of a DNR, which is accredited with ICANN to offer domain name registration services in respect of specific globalP Top-level domains viz., gTLDs Agreement Registry-Registrar Agreement to get access to a particular TLD. Moreover, the Registry Registry Agreement the stage of registration, the registrant enters into an agreement known as the Domain Name Registration Agreement four agreements which bear significance on the issues under consideration: (a) Registry Agreement entered between ICANN and Registry Operator; Registrant DNR (Accredited Registrar) [GoDaddy, Hosting Concepts etc.] Registry Operator [Verisign, NIXI etc.] (b) Registrar Accreditation Agreement between ICANN and DNR;

(c) Registry-Registrar Agreement between Registry Operator and DNR;

(d) Domain Name Registration Agreement between DNR and Registrant.

179. Thus, in order to identify the obligations and liabilities of the parties in respect of an infringing domain name, it would be necessary to consider each of the above said agreements.

180. As mentioned above, each Registry Operator such as NIXI, Verisign, Registry Services, etc., would have to enter into a Registry Agreement with ICANN. In terms of the said agreement, a Registry Operator shall be capable of giving accreditation to DNRs. The Registry Operator has to comply with the policies of ICANN including its bye-laws. It has to show that it has secured the funds for operating the registry. The Registry Operator has to operate through ICANN accredited DNRs except in some cases where the registry itself is offering domain name registration services. All domain name registrations for a particular TLD have to be registered through the accredited DNR which in turn has to have an agreement with the Registry Operator. The code of conduct of such registries are prescribed by ICANN. Registries are expected to provide monthly reports as per the agreement with ICANN. It also stipulates as to how the Registry Operators have to operate WHOIS services. The format of the same is provided in Specification No. 4 of the Registry Agreement. Specification No. 5 to the Registry Agreement also provides the schedule of reserved names that are known as ASCII labels. Such labels belonging to countries and territories, names of internationally reputed organisations such as International Olympic Committee, International Red Cross, the Red Crescent Movement, Intergovernmental Organisations etc.

181. Clause 2.[8] of the Registry Agreement lays down one of the covenants of the Registry Operator in respect of. As per the said clause, the Registry Operator shall take reasonable steps to investigate and respond to any reports from law enforcement, governmental and quasi-governmental agencies of illegal conduct in connection with the use of the TLD. In addition, the Registry Operator is also required to comply with the provisions of Specification NO. 7 to the Registry Agreement which mandates adherence and implementation of all the Rights Protection Mechanism in respect of Trademark Clearinghouse. The ICANN maintains a Trademark Clearing House Database TMCH Database providing information to Registry Operators and DNRs, as also to the DNS to support protection of trademark rights. This TMCH Database stores information relating to trademarks which are registered on the database. Whenever any Registrant seeks to register a domain name matching with a trademark record existing on the database, a notice is given to the said registrant in respect of the possible infringement of an existing trademark. In addition, parallelly, a notification is also given to the trademark holder that such a domain name which is matching to the trademark has been registered. This database acts as a caution to Registrants of any attempt to register a conflicting domain name, which could conflict with its trademark rights in order to enable the trademark owner to decide to take action, if so required.

182. The role of DNRs is governed not only by the Registrar Accreditation Agreement entered into between ICANN and DNRs, but also as per the obligations under the Registry-Registrar Agreement and the Domain Name Registration Agreement executed with a Registry Operator and a Registrant, respectively. The said agreements with the Registry Operator and the Registrant, respectively, would differ for different parties. However, the same would have to comply with the provisions of the Registrar Accreditation Agreement of protecting the rights of third parties from trademark violation as also in complying with Court orders, the Court has considered and examined the

183. The various obligations of the DNRs under the Registrar Accreditation Agreement are set out hereunder: (a) Operator, including the domain name, IP addresses of the nameservers, identity of the Registrar, and expiration date of the domain name, as also any other data mandated by the Registry Operator. (b) Providing free public query-based access to data on registered names, including the following:

(i) domain name;

(ii) creation and expiration of the registration;

(iii) name and postal address of the Registrant;

(iv) name, postal address, e-mail address, voice telephone number of the technical contact for the domain name;

(v) The name, postal address, e-mail address, voice telephone number of the administrative contact for the domain name.

(c) However, subsequent to enactment of GDPR, the disclosure of

Personal Data by the DNR would be subject to the Consensus Policy adopted by ICANN as also the Registration Data Directory Services RDDS

(d) The data in respect of the Registrant and the registered domain name is to be made available to ICANN for inspection and copying. (e) DNRs shall abide by applicable laws and governmental regulations. (f) DNRs shall not register or renew any domain name which is included in a list of names reserved from registration as maintained by the concerned Registry Operator for the gTLD. (g) DNRs shall conduct reasonable and commercially practicable verification, at the time of registration, of contact information provided by the Registrant, as also conduct re-verification of such information. (h) Upon being notified by any person as to the inaccuracy of any contact information in respect of a registered domain name, the DNR shall take reasonable steps to investigate and rectify the same.

(i) DNRs shall receive complaints of abuse of registered domain names including DNS abuse and illegal activity. Upon receiving actionable evidence of the said abuse, the DNR shall promptly take appropriate mitigation actions that are reasonably necessary to stop or disrupt the said abuse. (j) ICANN may terminate the Registrar Accreditation Agreement where a Court of competent jurisdiction has held: (i) 10, with actual knowledge or through gross negligence in the Registrant providing inaccurate registration data to the DNR;

(ii) the DNR has failed to comply with an order of the Court;

(k) ICANN may also terminate the Registrar Accreditation Agreement if it finds based on its review of the findings of arbitral tribunals, to have been engaged in use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registrant has no rights or legitimate interest, which trademarks have been registered and are being used in bad faith.

184. In addition to the above obligations, the DNRs are also required to comply with various specifications issued by ICANN, including the WHOIS Accuracy Specification. The said specification requires validating and verification of the information provided by the Registrant in respect of the registered domain name. The DNR is required to validate within 15 days of the registration the following information: (a) Presence of data for all fields in a proper format of the respective country; (b) All email addresses, telephone numbers and postal addresses are in proper format;

(c) Postal address fields are consistent across fields i.e., street exists is prohibited by applicable law and/or exploi services in furtherance of conduct involving the use of a Registered Name sponsored by Registrar that is prohibited by applicable law. in city, city exists in state/province, city matches postal code.

185. The DNR is also required to verify the contact information of the Registrant, including the email and the telephone number through a tool-based authentication method providing a unique code, in the following terms: i. the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a toolbased authentication method such as providing a unique code that must be returned in a manner designated by Registrar, or ii. the telephone number of the Registered Name Holder (and, if different, the Account Holder) by either (A) calling or sending an SMS to the Registered Name that must be returned in a manner designated by telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail. In either case, if Registrar does not receive an affirmative response from the Registered Name Holder, Registrar shall either verify the applicable contact information manually or suspend the registration, until such time as Registrar has verified the applicable contact information. If Registrar does not receive an affirmative response from the Account Holder, Registrar shall verify the applicable contact information manually, but is not required to suspend any registration.

186. Where the Registrant has wilfully provided inaccurate or unreliable contact details, and the Registrant wilfully fails to respond within 15 days of the inquiries by the DNR as to the accuracy of information, the DNR shall either terminate or suspend the domain name, or place the registration on clientHold clientTransferProhibited information.

187. At this stage it would also be necessary to note that NIXI has its own DNRs have agreements with NIXI for registration of the domain names with the NIXI Agreement corresponding agreement with ICANN. The same are captured in brief hereunder: (a) DNRs shall refrain from directly or indirectly cooperating with any Registrant who violates or instigates violation of rules, regulations and laws prevailing in India. The DNR shall be responsible for informing NIXI in case of any violation by the Registrant; (b) DNRs shall submit data of the Registrant to NIXI, including the domain name, IP address of the nameservers, and other data

(c) DNRs shall provide public access to data on registered domain names in the following terms: During the Term of this Accreditation Agreement: 4.3.1. At its own expense, Registrar shall provide an interface or link to the ccTLD WHOIS. The information to be made available shall include: 4.3.1.1. The registered name; 4.3.1.2. The names of the primary name server and secondary Name server(s) for the Registered Name; 4.3.1.3. The identity of the Registrar (which may be provided through Registrar's Website); 4.3.1.4. The creation date of the registration; 4.3.1.5. The expiration date of the registration; 4.3.1.6. The name, postal address, e-mail address, telephone number, and( wherever available) fax number of the registrant for the Registered Name; 4.3.1.7. The name, postal address, Aadhaar Card, PAN Number, e-mail address, telephone number, and (wherever available) fax number of the technical contact for the Registered Name; 4.3.1.8. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name. 4.3.1.9. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the billing contact for the Registered Name; 4.3.2. Upon receiving any updates to the data elements listed in this Section 4.[3] from the Registrant, Registrar shall promptly, and not later than three (3) business/working days, update its database and provide such updates to.IN Registry immediately. 4.3.3. Registrar agrees and undertakes that it shall maintain an updated ccTLD WHOIS of all its Registrants. Any non-maintenance of.IN WHOIS database shall be considered as a material breach of this agreement and.IN Registry may at its sole discretion terminate the accreditation of the Registrar and NIXI shall impose a penalty equal to five times the monthly billing amount. 4.3.5. The Registrar undertakes that it shall abide by.IN Registry directives/orders of the NIXI, if a prohibited status on any domain name is in place and the Registrar

(d) DNRs are bound to comply with the laws, rules, regulations, and administrative notifications/orders etc., issued by NIXI and Indian Governmental agencies concerning the internet and NIXI. (e) the NIXI Agreement information about the Registrant or the Administrative Contact has to be reflected and no privacy or proxy services would be provided by any DNR said provision will The said clause reads as under: "proxy" registrations nor shall they include information in the domain name registration for the "Registrant" or "Administrative Contact" fields that do not reflect the true registered domain name holder or administrative contact. No privacy or proxy service will be provided by any Registrar of.IN Registry to.IN/.Bharat domain name registrants. It is to be noted that violation of these provisions will constitute a material breach of the agreement and the Registrar/Registrant can invite termination of RAA by the NIXI along with the (f) DNRs shall accept written complaints from third parties regarding false or inaccurate WHOIS data of Registrants. (g) Use of temporary email addresses during the process of creating of a domain name and throughout its lifecycle by a Registrant is prohibited. The DNRs are required to implement appropriate measures to validate the authenticity of the email provided. The relevant Clause 4.4.[9] of the NIXI Agreement as also the list of prohibited temporary and encrypted email providers is extracted hereunder: email addresses, as per the list available at the.IN Registry website, during the process of creating a domain name request and thereafter throughout the lifecycle. Registrants are required to provide a valid and permanent email address for communication and verification purposes. The Registrar shall implement appropriate measures to validate the authenticity of the provided email address. In the event that a temporary email address is being used, the Registry reserves the right to reject or suspend the domain name. The registrar will conduct annual verification process of email addresses and maintain a log, which will be

1. Guerrilla Mail https://www.guerrillamail.com ProtonMail https://proton.me/mail

2. 10 Minute Mail https://10minutemail.com Tutanota https://tutanota.com

3. Temp Mail - https://tempmail.org Mailfence https://mailfence.com

4. Mailinator https://www.mailinator.com Hushmail https://www.hushmail.com

5. EmailOnDeck https://www.emailondeck.com StartMail https://www.startmail.com (h) In terms of Clause 4.4.11. of the NIXI Agreement the DNR shall maintain record of IP logs associated with the registration and management of domain names. The same shall include the IP addresses, timestamps, and relevant activity logs of all interactions between the stored securely for a period of 90 days.

(i) The NIXI Agreement also requires all Registrants, including -KYC) procedures. All Registrants are required to provide accurate, authentic and verifiable identification information along with supporting documents. The DNRs are required to maintain the said information and provide the same to NIXI, if requested, within a period of 3 working days. Further, NIXI may conduct random checks on the e-KYC documents and WHOIS details provided by the Registrants. (j) The DNR shall implement dual authentication procedure for the Registrants, whereby verification/ authentication of Registrant shall be done through verification of email address and designated contact number. (k) The DNR shall implement and maintain technical measures to prevent the registration of domain names through virtual private networks.

(l) DNRs shall not transmit the personal data of the Registrants from

WHOIS database to third parties unless directed by NIXI, LEAs or any competent authorities of the Government of India as per the applicable laws.

188. The thrust of the submissions made by the DNRs, in respect of obligations mandated under the respective agreements with ICANN and Registry Operators, as also in terms of GDPR and DPDP Act.

189. It is noted by the Court that the standard Registrar Accreditation Agreement was agreed upon and adopted by ICANN in the year 2013. The said agreement and the Registry Agreement do not in any manner obligate Registry Operator or DNRs to mask the data relating to any Registrants of domain name. In fact the WHOIS Specification which is contained in the annexure to the Registry Agreement, being Specification No. 4 titled details of the concerned DNR and the Registrant, as also the admin for the domain name, the Registrar (administrative) and Registrar (technical). This clause of the Registry Agreement is relevant and is extracted below:- 1.4.[1] Until the WHOIS Services Sunset Date, Registry Operator will operate a WHOIS service available via port 43 in accordance with RFC 3912, and a web-based WHOIS Service at <whois.nic.TLD> providing free public query-based access to at least the following elements in the following format. 1.4.[2] The format of responses shall follow a semi-free text format outlined below, followed by a blank line and a legal disclaimer specifying the rights of Registry Operator, and of the user querying the database. 1.4.[3] Each data object shall be represented as a set of key/value pairs, with lines beginning with keys, followed by a colon and a space as delimiters, followed by the value. 1.4.[4] For fields where more than one value exists, multiple key/value pairs with the same key shall be allowed (for example to list multiple name servers). The first key/value pair after a blank line should be considered the start of a new record, and should be considered as identifying that record, and is used to group data, such as hostnames and IP addresses, or a domain name and registrant information, together. 1.4.[5] The fields specified below set forth the minimum output requirements. 1.4.[6] Domain Name Data (1) Query format: whois EXAMPLE.TLD (2)Response format: Domain Name: EXAMPLE.TLD Registry Domain ID: D1234567-TLD Updated Date: 2009-05-29T20:13:00Z Creation Date: 2000-10-08T00:45:00Z Registry Expiry Date: 2010-10-08T00:44:592 08T00:44:59Z Reseller: EXAMPLE RESELLER[1] Domain Status: clientDeleteProhibited Domain Status: clientRenewProhibited Domain Status: clientTransferProhibited Domain Status: serverUpdateProhibited Registry Registrant ID: 5372808-ERL Registrant Name: EXAMPLE REGISTRANT Registrant Organization: EXAMPLE ORGANIZATION Registrant Street: 123 EXAMPLE STREET Registrant City: ANYTOWN Registrant State/Province: AP Registrant Postal Code: A1A1A[1] Registrant Country: EX Registrant Phone: +1.5555551212 Registrant Phone Ext: 1234 Registrant Fax: +1.5555551213 Registrant Fax Ext: 4321 Registrant Email: EMAIL@EXAMPLE.TLD Registry Admin ID: 5372809-ERL Admin Name: EXAMPLE REGISTRANT ADMINISTRATIVE Admin Organization: EXAMPLE REGISTRANT ORGANIZATION Admin Street: 123 EXAMPLE STREET Admin City: ANYTOWN Admin State/Province: AP Admin Postal Code: A1A1A[1] Admin Phone: +1.5555551212 Admin Phone Ext: 1234 Admin Fax: +1.5555551213 Admin Fax Ext: Admin Email: EMAIL@EXAMPLE.TLD Registry Tech ID: 5372811-ERL Tech Name: EXAMPLE REGISTRAR TECHNICAL Tech Organization: EXAMPLE REGISTRAR LLC Tech Street: 123 EXAMPLE STREET Tech City: ANYTOWN Tech State/Province: AP Tech Postal Code: A1A1A[1] Tech Country: EX Tech Phone: +1.1235551234 Tech Phone Ext: 1234 Tech Fax: +1.5555551213 Tech Fax Ext: 93 Tech Email: EMAIL@EXAMPLE.TLD Name Server: NS01.EXAMPLEREGISTRAR.TLD Name Server: NS02.EXAMPLEREGISTRAR.TLD DNSSEC: signed Delegation DNSSEC: unsigned URL of the ICANN WHOIS Inaccuracy Complaint Form: https://www.icann.org/wicf/

190. This position, however, had to be modified in view of the GDPR Temporary Specifications th May, 2018 for publication of GTLD data. The said specification mandates redaction including the name, street, city, postal code, phone number, fax etc., as also the details of the administrative and technical contact. Only the email addresses are permitted to be published without the consent of the Registrants. This in effect has been converted into the default mechanism by all DNRs wherein the data relating to the Registrants are completely redacted. This is done even without consciously obtaining consent from the concerned Registrant. Thus, as on date, for all domain name registration the details of the Registrants of the administrative contact and of the technical contact remain redacted and the onus is upon the registrant to consciously opt for giving consent for publication of this data. This has resulted in a situation where unscrupulous persons have taken shelter under the garb of privacy to shield themselves from action against infringing conduct. Further, the ability to ensure accuracy of data provided by the Registrants, and has enhanced the difficulty for complainants to access details of the infirming domain name. This has also been acknowledged by ICANN, on its website, the relevant portion of which reads as under: enforcement of these obligations have not changed post- GDPR. However, the volume of complaints has diminished significantly concurrent with personal registration data becoming unavailable following adoption of the GDPR.

ICANN org and potential complainants now lack direct access to registration data as a result of the GDPR, making it much more difficult to identify instances of registration data inaccuracy or to take action to correct them 11

191. It is relevant to note that although the said Temporary Specification require the DNRs and Registry Operators to redact information of the Registrant, it also mandates that the DNRs and Registry Operators must provide reasonable access to the personal data in the registration data to third parties on the basis of legitimate interest pursued by the said third party. The relevant portion of the same reads as under: Accessed at: https://www.icann.org/resources/pages/registration-data-accuracy-obligations-gdpr-2021- 06-14-en

192. In view of the above, it would be necessary to consider what would constitute legitimate interest that would mandate DNRs or Registry Operators to disclose personal information of the Registrants registering infringing domain names. Article 6 of the GDPR lays down the grounds on which personal data may be processed and sub-paragraph (f) of Article 6(1) permits processing of personal information on the ground of legitimate interest of third party. The Article 6(1) of the GDPR is extracted hereunder: Lawfulness of Processing

1. Processing shall be lawful only if and to the extent that at least one of the following applies: (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person; (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the

193. Ms. Kruthika Vijay, ld. Counsel appearing for Hosting Concepts has drawn the attention of the Court to the seminal decision of the Court of Justice of the European Union12 CJEU Article 7(f) of the EU Directive 95/46/EC13 (similar to Article 6(f) of the GDPR). The CJEU while considering the issue whether the details of a person, who undertook a ride in a cab could be disclosed to the trolley company with which it had an accident, has laid down the tests for determining whether the disclosure of personal information is for legitimate interest. The following issues were under consideration: the legitimate interests pursued by the... third party or of Directive 95/46/EC, be interpreted as meaning that the national police must disclose to Rights satiksme the personal data sought [by the latter] which are necessary in order for civil proceedings to be initiated? (2) Is the fact that, as the documents in the case file indicate, the taxi passenger whose data is sought by Case C-13/16 passed by the CJEU on 4th May, 2017 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection

194. As per the CJEU, a three pronged analysis would have to be undertaken to determine whether the processing of personal information would be permissible under Article 7(f) of the EU Directive. The said analysis include the following steps:

(i) Whether the information sought to be processed for a legitimate interest;

(ii) Whether the processing of personal information is necessary to achieve the said legitimate interest; and

(iii) Balancing the legitimate interest of the third party with the privacy rights of the concerned individual; and Although the said case dealt with the position prior to enactment of the GDPR the above analysis has been consistently applied by CJEU when interpreting the relevant provisions of the GDPR.14 The relevant portions of the said decision are reproduced hereunder: It is accordingly clear from the scheme of Directive 95/46 and from the wording of Article 7 thereof that Article 7(f) of Directive 95/46 does not, in itself, set out an obligation, but expresses the possibility of processing data such as the communication to a third party of data necessary for the purposes of the legitimate interests pursued by that third party

27. However, it should be pointed out that Article 7(f) of Directive 95/46 does not preclude such communication, in the event that it is made on the

(i) Meta Platforms and Others (General terms of use of a social network, C-252/21, EU:C:2023:537;

(ii) SCHUF A Holding (Discharge from remaining debts), C-26/22 and C-64/22, EU:C:2023:958;

(iii) Koninklijke Nederlandse Lawn Tennisbond v Autoriteit Persoonsgegevens, C-621/22, EU:C:2024:858 basis of national law, in accordance with the conditions laid down in that provision.

28. In that regard, Article 7(f) of Directive 95/46 lays down three cumulative conditions so that the processing of personal data is lawful, namely, first, the pursuit of a legitimate interest by the data controller or by the third party or parties to whom the data are disclosed; second, the need to process personal data for the purposes of the legitimate interests pursued; and third, that the fundamental rights and freedoms of the person concerned by the data protection do not take precedence.

29. As regards the condition relating to the pursuit of a legitimate interest, as the Advocate General stated in points 65, 79 and 80 of his Opinion, there is no doubt that the interest of a third party in obtaining the personal information of a person who damaged their property in order to sue that person for damages can be qualified as a legitimate interest (see, to that effect, judgment of 29 January 2008, Promusicae, C-275/06, EU:C:2008:54, paragraph 53). That analysis is supported by Article 8(2)(e) of Directive 95/46, which provides that the prohibition on the processing of certain types of personal data, such as those revealing racial origin or political opinions, is not to apply, in particular, where the processing is necessary for the establishment, exercise or defence of legal claims.

30. As regards the condition relating to the necessity of processing personal data, it should be borne in mind that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary (judgments of 9 November 2010, Volker und Markus Schecke and Eifert, C-92/09 and C- 93/09, EU:C:2010:662, paragraph 86; of 7 November 2013, IPI, C-473/12, EU:C:2013:715, paragraph 39; -212/13, EU:C:2014:2428, paragraph 28). In that regard, according to the information provided by the national court, communication of merely the first name and surname of the person who caused the damage does not make it possible to identify that person with sufficient precision in order to be able to bring an action against him. Accordingly, for that purpose, it is necessary to obtain also the address and/or the identification number of that person.

33. It follows from the foregoing considerations that Article 7(f) of Directive 95/46 must be interpreted as not imposing the obligation to disclose personal data to a third party in order to enable him to bring an action for damages before a civil court for harm caused by the person concerned by the protection of that data. However, Article 7(f) of that directive does not preclude such disclosure on the basis of national law

195. Thus, as per CJEU, it is the settled position that the interest of a third party in obtaining personal information of an individual for initiating legal action against the said individual in respect of damage caused to the property of the third party would constitute as legitimate interest. Further, in respect of the factual issue before the CJEU, it was held that mere providing of first and second name of the individual would not be sufficient for identification. Accordingly, the address or identification number of the individual would also be necessary.

196. A conjoint reading of the above position qua legitimate interest and an analysis of the sample agreements discussed above, it is clear that while respect has to be given to privacy, the same need not be as a default position. Moreover, any third party who has a legitimate interest can always approach the DNR or the Registry Operator and obtain the access to the personal data in the registration data. This obligation as contained in Clause 4.[1] of the Temporary Specifications in the Registry Agreement between ICANN and Registry Operators clearly shows that even where there is privacy protect, timely providing of data is a necessary obligation in pursuance of the legitimate interest.

197. At this stage it would be relevant to note that further modifications have been implemented by ICANN to the policy in respect of collection, storing, publication and disclosure of personal data of the Registrant. The said Registration Data Policy has been brought into effect by ICANN from 21st August, 2025 and is applicable to all Registry Operators and DNRs having agreements with ICANN. The said policy has been introduced to take into account not only the mandate of the GDPR but also the requirements of other privacy regulations. It would be necessary to mention the important provisions of the said policy having bearing on the issues at hand, and the same are as under:

(i) The DNRs are mandated to collect the following information:

6.1.2. Registrar Whois Server* 6.1.3. Registrar URL* 6.1.4. Registrar* 6.1.5. Registrar IANA ID* 6.1.6. Registrar Abuse Contact Email* 6.1.7. Registrar Abuse Contact Phone* 6.1.8. Domain Status(es)* 6.1.9. Registrant Name 6.1.10. Registrant Street 6.1.11. Registrant City 6.1.12. Registrant State/Province 6.1.13. Registrant Postal Code 6.1.14. Registrant Country 6.1.15. Registrant Phone 6.1.16. Registrant Email

(ii) In response to a request for information, the DNRs and Registry

Operators must publish the following data elements: 9.1.1.2. Registrar URL 9.1.1.3. Creation Date 9.1.1.4. Registry Expiry Date (exception: Registrar MAY Publish) 9.1.1.5. Registrar Registration Expiration Date (exception: Registry Operator MAY Publish) 9.1.1.6. Registrar 9.1.1.7. Registrar IANA ID 9.1.1.8. Registrar Abuse Contact Email 9.1.1.9. Registrar Abuse Contact Phone 9.1.1.10. Domain Status(es)

(iii) In addition to the above information publication of which is mandatory, the following information must also be published, subject to the redaction requirements provided under Section 9.[2] of the Policy: 9.1.6.2. Registrant Street 9.1.6.3. Registrant City 9.1.6.4. Registrant Phone

(iv) The Section 9.[2] of the Policy requires the Registry Operators and DNRs to redact the certain information provided by the Registrants where it required to comply with applicable law. Further, the redaction of information may also be done where for either a commercially reasonable purpose or where technically it is not feasible to limit application of the Section 9.[2] of the Policy. The following data elements must be redacted where the Registry Operator or DNRs are applying the requirements of Section 9.2: 9.2.2.1.2. Registry Registrant ID 9.2.2.1.3. Registrant Name 9.2.2.1.4. Registrant Street 9.2.2.1.5. Registrant Postal Code 9.2.2.1.6. Registrant Phone 9.2.2.1.7. Registrant Phone Ext 9.2.2.1.8. Registrant Fax 9.2.2.1.9. Registrant Fax Ext 9.2.2.1.10. Registry Tech ID 9.2.2.1.11. Tech Name 9.2.2.1.12. Tech Phone 9.2.2.2.1. Registrant Email

(v) Section 9.2.[4] of the Policy expressly mandates the DNRs where redacting the information mentioned above, to provide the opportunity to the Registrant to provide its consent to publish the said information. Further, the DNRs must publish the information for which consent has been provided by the Registrant.

(vi) Where an affiliated or accredited privacy or pry service has been used by the Registrant, the DNRs and Registry Operators must publish the full registration data of the said privacy or proxy service.

(vii) Section 10 of the Policy provides for the procedure for disclosure of information collected by the DNRs and Registry Operators in respect the domain names. The said section requires a proper Disclosure Request be made by the third party in the format set by DNRs and Registry Operators, which must include the following: 10.2.1.1. The contact information of the requestor, 10.2.1.2. The nature/type of business entity or individual, and 10.2.1.3. Power of Attorney statements or similar statements evidencing authorization to act on the requestor's behalf, where applicable and relevant. 10.2.2. A list of data element values requested by the requestor. 10.2.3. Information about the legal rights of the requestor and specific rationale and basis for the request. 10.2.4. An affirmation that the request is being made in good faith. 10.2.5. Agreement by the requestor to process lawfully any data

(viii) The DNRs or Registry Operator must acknowledge every request in proper format within two days, and must respond to the same after considering it on merits within 30 days from the date of acknowledgement. The response to the disclosure request must be in either of the following ways: 10.6.2. Provide rationale for why Registry Operator or or in part) that identifies the specific reason(s) for such denial, including a clear explanation of how it arrived at its decision that is sufficient for a requestor to objectively understand the reasons for the decision. This includes an analysis and explanation of how the fundamental rights and freedoms of the data subject were weighed against the legitimate interest of the requestor (if applicabl

(ix) The Registry Operator or the DNRs are not prohibited from processing of data for other purposes which are beyond the scope of the Policy, including collection or generation of additional data elements in order to create a contact. The same must be published after obtaining consent of the Registrant.

198. Thus, it is clear from the above enumerated changes in the privacy policy that the DNRs and Registry Operators cannot deny disclosure of The applicable privacy law would govern the relevant considerations in each case, and accordingly, the data collected from Registrants in India would be governed in terms of the DPDP Act and its allied Rules.

199. It would also be relevant to consider the decision of this Court in Neetu Singh & Anr. vs. Telegram FZ LLC & Ors., 2022:DHC:3333 (decided on 30th August, 2022), wherein the decision of the Supreme Court in Justice K.S. Puttaswamy & Anr. v. Union of India & Ors., (2017) 10 SCC 1, has been relied upon in respect of lawful disclosures that can be made in respect of IP infringement. Although the said case dealt with Copyright infringement the observation therein would be relevant: Telegram in its response to the prayer for disclosure. In this regard, this Court finds as under: xi) In this vein, Telegram also relied upon the judgement of the Supreme Court in Puttaswamy (supra). The relevant extract of the said decision reads as under: interests, the State must nevertheless put into place a robust regime that ensures the fulfilment of a threefold requirement. These three requirements apply to all restraints on privacy (not just informational privacy). They emanate from the procedural and content-based mandate of Article 21. The first requirement that there must be a law in existence to justify an encroachment on privacy is an express requirement of Article 21. For, no person can be deprived of his life or personal liberty except in accordance with the procedure established by law. The existence of law is an essential requirement. Second, the requirement of a need, in terms of a legitimate State aim, ensures that the nature and content of the law which imposes the restriction falls within the zone of reasonableness mandated by Article 14, which is a guarantee against arbitrary State action. The pursuit of a legitimate State aim ensures that the law does not suffer from manifest arbitrariness. Legitimacy, as a postulate, involves a value judgment. Judicial review does not reappreciate or second guess the value judgment of the legislature but is for deciding whether the aim which is sought to be pursued suffers from palpable or manifest arbitrariness. The third requirement ensures that the means which are adopted by the legislature are proportional to the object and needs sought to be fulfilled by the law. Proportionality is an essential facet of the guarantee against arbitrary State action because it ensures that the nature and quality of the encroachment on the right is not disproportionate to the purpose of the law. Hence, the threefold requirement for a valid law arises out of the mutual interdependence between the fundamental guarantees against arbitrariness on the one hand and the protection of life and personal liberty, on the other. The right to privacy, which is an intrinsic part of the right to life and liberty, and the freedoms embodied in Part III is subject to the same restraints which apply to those freedoms. XXX

328. Informational privacy is a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the State but from non-State actors as well. We commend to the Union Government the need to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the State. The legitimate aims of the State would include for instance protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits. These are matters of policy to be considered by the Union Government while designing a carefully structured regime for the protection of the data. Since the Union Government has informed the Court that it has constituted a Committee chaired by Hon'ble Shri Justice B.N. Srikrishna, former Judge of this Court, for that purpose, the matter shall be dealt with appropriately by the Union Government having As per the above extract from K.S. Puttaswamy (supra) it is clear that the Supreme Court recognises that if there is a law in existence to justify the disclosure of information and there is a need for the disclosure considering the nature of encroachment of the right then privacy cannot be a ground to justify nondisclosure, so long as the same is not disproportionate. In India, the Copyright Act is clearly a law, which The Copyright Act recognizes the right of the copyright owner to claim damages and rendition of accounts in respect of such infringement. Secondly, whenever the data is sought for a legitimate purpose, and for curbing the violation of law, including infringement of copyright, the same would be in accordance with the

200. Thus, it is the settled position that disclosure of personal information would have to satisfy the three-fold test i.e., (i) the disclosure must be made in terms of a law justifying the encroachment of privacy, (ii) the said law must be pursuant to a legitimate aim of the State; (iii) means for disclosure are proportional to the legitimate aim sought to be achieved. This is similar to the three factors considered under the EU regime discussed above.

201. Indian laws i.e., the DPDP Act along with the DPDP Rules, 2023, notified on 14th November, 2025, satisfy the first requirement of the existence of law regulating disclosure of personal information. Under Section 4 of the DPDP Act processing of personal information may only happen where either the data fiduciary has given her consent or for certain legitimate uses provided under Section 7 of the said Act. Section 7 of the DPDP Act reads as under: A Data Fiduciary may process personal data of a Data Principal for any of following uses, namely: (a) for the specified purpose for which the Data Principal has voluntarily provided her personal data to the Data Fiduciary, and in respect of which she has not indicated to the Data Fiduciary that she does not

(c) for the performance by the State or any of its instrumentalities of any function under any law for the time being in force in India or in the interest of sovereignty and integrity of India or security of the State;

(d) for fulfilling any obligation under any law for the time being in force in India on any person to disclose any information to the State or any of its instrumentalities, subject to such processing being in accordance with the provisions regarding disclosure of such information in any other law for the time being in force; (e) for compliance with any judgment or decree or order issued under any law for the time being in force in India, or any judgment or order relating to claims of a contractual or civil nature under any law for the time being in force outside India

202. Thus, as per the above a DNR will have to disclose the details of the Registrant of an infringing domain name upon a direction in this regard being issued by the Indian Courts. It is also relevant to note that ICANN in fact has contemplated the possibility of different national laws preventing the DNRs or Registry Operators from complying with the provisions of the agreements with ICANN.15

203. The Registry -laws, and the codes of conduct. They are required to operate the WHOIS services in the format prescribed in Specification 4, along with observing reserved names listed in Specification 5. They are obligated to take reasonable steps to investigate and respond to requests from law-enforcement or governmental bodies regarding illegal conduct involving their TLDs. They must additionally implement Rights Protection Mechanisms under Specification 7, including use of the Trademark Clearinghouse database, which alerts both registrants and trademark owners when a domain identical to a recorded trademark is sought to be registered, enabling early detection of potential trademark conflicts.

204. Further, DNRs under the frameworks discussed above, must submit registered-name data to the Registry Operator, provide public query-based access to essential WHOIS/RDDS information, make registrant data available ble laws and governmental regulations, avoid registering reserved names, verify and periodically reverify Registrant contact information, investigate inaccuracies, and act promptly against DNS abuse or illegal activity. They face termination of the https://www.icann.org/en/contracted-parties/accredited-registrars/resources/whois-privacy-law-conflicts accreditation agreement if a Court finds they permitted illegal activity or engaged in bad-faith trademark-conflicting registrations. Additionally, they curacy Specification, validating address, email, and phone formats, and verifying email or telephone numbers through tool-based authentication, and must suspend or terminate domain names where registrants wilfully provide inaccurate information and fail to correct it within 15 days.

205. However, in the experience of the Court in adjudicating these matters as also in view of the provisions under the NIXI Accreditation Agreement, either the Registry Operators and DNRs are not complying the abovementioned obligations or the same are not sufficient to safeguard the rights of trademark owners in India. These measures in the opinion of this Court appear to have fallen short, by significant degree, since not only do they permit unscrupulous Registrants continue to infringe the rights of various trademark owners, but also defrauding of numerous innocent persons, by taking shelter under the Privacy policies of the DNRs which mask the

206. The present batch of suits under consideration by this Court had been filed initially against some infringing domain names, after including the DNRs who had registered the concerned domain names for certain third parties. The identity of those persons or their contact details is not evident WHOIS database due to implemented by the DNRs due to which the same have been redacted. Further, in various suits the said details have not been disclosed to the plaintiffs, despite the clear legitimate interest of the said parties. It has become evident during the course of these proceedings that these domain names have been registered by unknown persons mostly with fake address, mobile numbers, email addresses and details which are either fictitious or wholly incorrect. The only available contact detail is the email address, if the same has not been redacted, from which also it is almost impossible to decipher as to who is the person or entity who has registered the infringing domain name. Examples of few such false and fictitious registration details placed on record by the Plaintiff are as follows:

207. Moreover, the giving of fake addresses by any registrants ought to be avoided by putting a proper technology in place to verify that there is some authenticity in the address.

208. As is evident from the above, in case of most domain name registrations the details are redacted by the DNRs, and where the same are available publicly, the details are either grossly incorrect and not sufficient by any means for identification to initiate legal actions against the same. As an illustration, it is interesting to see that in the lead matter i.e., Dabur India (supra), the details of the Registrant of one of the infringing domain names therein i.e., daburdistributor.com, against which an injunction order had been passed and the concerned DNR had been asked to provide the said details to the Plaintiff. A perusal of the said details would show that the address mentioned is the same address as that of the Plaintiff therein (i.e., Dabur India Limited) being 8/3, Asaf Ali Road, New Delhi -110002, and the details provided by the concerned DNR are as under: Thus, there is no doubt that the DNRs are completely failing in the obligation to verify the accuracy of the details provided by the Registrants.

209. It is also clear that this information is available only with the DNRs who collect the email address from the party registering the domain names. Most of the remaining details given to the DNRs are also fake such as addresses and mobile numbers. There are no other verification standards adopted for verifying the identity of the persons registering the domain names. Hence, even if the email address is provided, a second enquiry is required to find out as to who has created this email address. On most occasions email addresses are created by using short duration mobile numbers or accessing from cyber cafes. The BIS data would also reveal that such registrants may be located in foreign shores. Thus, merely with the email address of the Registrant of the domain name, it is almost impossible to trace the person who has registered it.

210. The necessity of obtaining accurate and reliable information from the Registrants of domain names has been recognised and acknowledged by WIPO in the following terms:

64. In the WIPO Interim Report, it was recommended that the domain name registration agreement contain a requirement that the domain name applicant provide certain specified contact details. The collection (as opposed to the availability) of contact details by registrars is the least controversial aspect of the discussion on contact details. We consider that it is essential for the legitimate protection and enforcement of intellectual property rights, as well as for many other public policies recognized in the law, that contact details be collected. Without accurate and reliable contact details, the task of assigning responsibility for activities on the Internet is vastly complicated. Other means of assigning responsibility for activities on the Internet do exist. Where it is sought to enforce a criminal law, for example, the apparatus of the State can be activated to use tracing and other measures to determine the origin of activities, although, even here, the cross-border nature of the Internet complicates the task. In respect of civil law enforcement, however, the task of activating the apparatus of the State to identify responsibility for activities is more difficult. Policy adopts the draft recommendation in the WIPO Interim Report and requires registrars to oblige domain name applicants to provide accurate and reliable contact details. 16

211. After obtaining the domain name registration and hiding the contact details, the Registrants use web developers or develop the infringing websites on their own. In most cases, the content, layout, and look-and-feel of the replicated. In the present case, unlike typical cases involving franchises, the rogue websites portray themselves as the Plaintiff or its affiliates offering fake insurance policies, loans, and other financial products. When innocent users or members of the public believe these websites to be true and genuine, they are induced to make payments

212. The payments are thereafter made to bank accounts or UPI IDs (e.g., policybazaar.car6@okhdfcbank) reflected on the said infringing website, which are held by unscrupulous individuals having no connection with the trademark/brand owner. As the name of the recipient in such transactions often appears deceptively similar or is masked, the person paying the money has no way of realizing that the amount is in fact being credited not to the well-known company but to a fraudster. Some screenshots of such infringing websites are set out below: Final Report of the First WIPO Internet Domain Name Process, April 30, 1999.

213. These domain names and websites have thus become engines for large scale deception depriving thousands of persons of their hard-earned money in effect constituting a new form of cyber fraud.

214. In view of the above, it is clear that the measures alleged by the DNRs and Registry Operators to be set in place for protecting the rights of trademark owners are not sufficient for the said purpose. Further, taking advantage of the present practices of DNRs and Registry Operators, the errant Registrants have registered infringing domain names and defrauded numerous individuals. Accordingly, in the opinion of the Court, strict actions would have to be taken to curb the same and protect trademark rights of the plaintiffs.

ISSUE II: WHAT MEASURES MAY BE DIRECTED BY THE COURT TO BE IMPLEMENTED BY DNRS AND REGISTRY OPERATORS TO SAFEGUARD THE TRADEMARK RIGHTS OF THE PLAINTIFFS?

215. It would be relevant to consider the trademark rights of the Plaintiffs in the domain names before discussing the necessary measures for protection of the same.

216. In this batch of suits, there are a large number of trademarks that are sought to be enforced and protected such as Tata Sky, Amul, Bajaj Finance, Dabur, Meesho, Croma, Colgate, Colgate Palmolive, ITC, Mont Blanc etc. These trademarks have been in use for several years, are also registered trademarks, and some of them have also been recognised as well-known marks. The use of these trademarks as part of domain names would constitute to be diluted due to fraudulent use, the rights of the general public are also being violated. The misuse of well-known marks, brands and logos as also the names of the Plaintiffs is resulting in innocent members of the public being duped and conned into believing that the activities run under these domain names, either in the form of websites or otherwise, are being offered by the actual Plaintiffs. These fake websites through deceptive and misleading advertising are promoting their illegal and nefarious activities. Thus, apart from intellectual property rights of the Plaintiffs there is a larger public interest also that is being affected.

217. One of the arguments made on behalf of Godaddy is that mere registration of a domain name would not amount to infringement of trademark, until and unless the said domain name is used for an infringing website or for any other illegal activity. It was argued that the DNRs cannot presumptively maintain a check in respect of well-known marks without any adjudication from the Court as to whether the subject domain names is infringing the said well-known mark. However, these legal propositions are unfounded as it is well settled legal position that registration of an infringing domain name itself constitutes a violation of rights, since domain names are recognised as worthy of trademark protections. This is clear from a perusal of the seminal decision of the Supreme Court in Satyam Infoway Ltd. v. Siffynet Solutions (P) Ltd., (2004) 6 SCC 145 wherein Justice Ruma Pal penning the Judgement for the Court, observed as under: Analysing and cumulatively paraphrasing the relevant parts of the aforesaid definitions, the question which is apposite is whether a domain name can be said to be a word or name which is capable of distinguishing the subject of trade or service made available to potential users of the internet.

12. The original role of a domain name was no doubt to provide an address for computers on the internet. But the internet has developed from a mere means of communication to a mode of carrying on commercial activity. With the increase of commercial activity on the internet, a domain name is also used as a business identifier. Therefore, the domain name not only serves as an address for internet communication but also identifies the specific internet site. In the commercial field, each domain-name owner provides information/services which are associated with such domain name. Thus a domain name may pertain to provision of services within the meaning of Section 2(1)(z). A domain name is easy to remember and use, and is chosen as an instrument of commercial enterprise not only because it facilitates the ability of consumers to navigate the internet to find websites they are looking for, but also at the same time, serves to identify and distinguish the business itself, or its goods or services, and to specify its corresponding online internet location [ Ryder, Rodney D.: Intellectual Property and the Internet, pp. 96-97.]. Consequently a domain name as an address must, of necessity, be peculiar and unique and where a domain name is used in connection with a business, the value of maintaining an exclusive identity becomes critical. or advertise their presence on the web, domain names have become more and more valuable and the potential for dispute is high. Whereas a large number of trade marks containing the same name can comfortably coexist because they are associated with different products, belong to business in different jurisdictions, etc., the distinctive nature of the domain name providing global exclusivity is much sought after. The fact that many consumers searching for a particular site are likely, in the first place, to try and guess its domain name has further enhanced this value [ See Rowland, Diane and Macdonald, Elizabeth: Information Technology Law, 2nd Edn., The answer to the question posed in the preceding paragraph is therefore in the affirmative.

16. The use of the same or similar domain name may lead to a diversion of users which could result from such users mistakenly accessing one domain name instead of another. This may occur in e-commerce with its rapid progress and instant (and theoretically limitless) accessibility to users and potential customers and particularly so in areas of specific overlap. Ordinary consumers/users seeking to locate the functions available under one domain name may be confused if they accidentally arrived at a different but similar website which offers no such services. Such users could well conclude that the first domain-name owner had misrepresented its goods or services through its promotional activities and the first domainowner would thereby lose its custom. It is apparent, therefore, that a domain name may have all the characteristics of a trade mark and could found an action for passing off.

17. Over the last few years the increased user of the internet has led to a proliferation of disputes resulting in litigation before different High Courts in this country. The courts have consistently applied the law relating to passingoff to domain name disputes. Some disputes were between the trade-mark holders and domainname owners. Some were between domain-name owners themselves. These decisions, namely, Rediff Communication Ltd.v. Cyberbooth [AIR 2000 Bom 27], Yahoo Inc. v. Akash Arora [(1999) 19 PTC 201 (Del)], Dr. Reddy's Laboratories Ltd. v. Manu Kosuri [2001 PTC 859 (Del)], Tata Sons Ltd. v. Manu Kosuri [2001 PTC 432 (Del)], Acqua Minerals Ltd. v. Pramod Borse [2001 PTC 619 (Del)] and Info Edge (India) (P) Ltd. v. Shailesh Gupta [(2002) 24 PTC 355 (Del)] correctly reflect the law as enunciated by us. No decision of any court in India has been shown to us which has taken a contrary view. The question formulated at the outset is therefore answered in the affirmative and the submission of the respondent is rejected.

23. These rules indicate that the disputes may be broadly categorised as: (a) disputes between trademark owners and domain-name owners, and (b) between domain-name owners inter se. What is important for the purposes of the present appeal is the protection given to intellectual property in domain names. A prior registrant can protect its domain name against subsequent registrants. Confusing similarity in domain names may be a ground for complaint and similarity is to be decided on the possibility of deception amongst potential customers. The defences available to a complaint are also substantially similar to those available to an action for passing off under trade mark law.

24. Rule 4(k) provides that the proceedings under the UDNDR Policy would not prevent either the domainname owner/registrant or the complainant from submitting the dispute to a court of competent jurisdiction for independent resolution, either before proceeding under ICANN's policy or after such proceeding is concluded.

5. As far as India is concerned, there is no legislation which explicitly refers to dispute resolution in connection with domain names. But although the operation of the Trade Marks Act, 1999 itself is not extraterritorial and may not allow for adequate protection of domain names, this does not mean that domain names are not to be legally protected to the

218. The above decision clearly holds that registration of an infringing domain name would not be permissible as there is every likelihood that the same could lead to diversion of users from the genuine website to the infringing one.

219. As is the settled position in law, actual infringement or passing off is not required to be shown in trademark infringement, and even a likelihood of confusion and damage is sufficient. In Laxmikant V. Patel v. Chetanbhai Shah, (2002) 3 SCC 65, the Supreme Court has held as under: In Oertli v. Bowman [1957 RPC 388 (CA)] (at p.

397) the gist of passing-off action was defined by stating that it was essential to the success of any claim to passing-off based on the use of given mark or get-up that the plaintiff should be able to show that the disputed mark or get-up has become by user in the country distinctive of the plaintiff's goods so that the use in relation to any goods of the kind dealt in by the plaintiff of that mark or get-up will be understood by the trade and the public in that country as meaning that the goods are the plaintiff's goods. It is in the nature of acquisition of a quasi-proprietary right to the exclusive use of the mark or get-up in relation to goods of that kind because of the plaintiff having used or made it known that the mark or get-up has relation to his goods. Such right is invaded by anyone using the same or some deceptively similar mark, get-up or name in relation to goods not of plaintiff. The three elements of passing-off action are the reputation of goods, possibility of deception and likelihood of damages to the plaintiff. In our opinion, the same principle, which applies to trade mark, is applicable to trade name.

13. In an action for passing-off it is usual, rather essential, to seek an injunction, temporary or ad interim. The principles for the grant of such injunction are the same as in the case of any other action against injury complained of. The plaintiff must prove a prima facie case, availability of balance of convenience in his favour and his suffering an irreparable injury in the absence of grant of injunction. According to Kerly (ibid, para 16.16) passing-off cases are often cases of deliberate and intentional misrepresentation, but it is well settled that fraud is not a necessary element of the right of action, and the absence of an intention to deceive is not a defence, though proof of fraudulent intention may materially assist a plaintiff in establishing probability of deception. Christopher Wadlow in Law of Passing-Off (1995 Edn., at p. 3.06) states that the plaintiff does not have to prove actual damage in order to succeed in an action for passing-off. Likelihood of damage is sufficient. The same learned author states that the defendant's state of mind is wholly irrelevant to the existence of the cause of action for passing-off (ibid, paras 4.20 and 7.15). As to how the injunction granted by the court would shape depends on the facts and circumstances of each case. Where a defendant has imitated or adopted the plaintiff's distinctive trade mark or business name, the order may be an absolute injunction that he would not use or carry on business under that name (Kerly, ibid, para 16.97).

14. In the present case the plaintiff claims to have been running his business in the name and style of Muktajivan Colour Lab and Studio since 1982. He has produced material enabling a finding being arrived at in that regard. However, the trial court has found him using Muktajivan as part of his business name at least since

1995. The plaintiff is expanding his business and exploiting the reputation and goodwill associated with Muktajivan in the business of colour lab and photo by expanding the business through his wife and brother-inlaw. On or about the date of the institution of the suit the defendant was about to commence or had just commenced an identical business by adopting the word Muktajivan as a part of his business name although till then his business was being run in the name and style of Gokul Studio. The intention of the defendant to make use of the business name of the plaintiff so as to divert his business or customers to himself is apparent. It is not the case of the defendant that he was not aware of the word Muktajivan being the property of the plaintiff or the plaintiff running his business in that name, though such a plea could only have indicated the innocence of the defendant and yet no difference would have resulted in the matter of grant of relief to the plaintiff because the likelihood of injury to the plaintiff was writ large. It is difficult to subscribe to the logic adopted by the trial court, as also the High Court, behind reasoning that the defendants' business was situated at a distance of 4 or 5 km from the plaintiff's business and therefore the plaintiff could not have sought for an injunction. In a city a difference of 4 or 5 km does not matter much. In the event of the plaintiff having acquired a goodwill as to the quality of services being rendered by him, a resident of Ahmedabad city would not mind travelling a distance of a few kilometres for the purpose of availing a better quality of services. Once a case of passing-off is made out the practice is generally to grant a prompt ex parte injunction followed by appointment of Local Commissioner, if necessary. In our opinion the trial court was fully justified in granting the ex parte injunction to the plaintiff based on the material made available by him to the court. The trial court fell in error in vacating the injunction and similar error has crept in the order of the High Court. The reasons assigned by the trial court as also by the High Court for refusing the relief of injunction to the plaintiff are wholly unsustainable.

16. There was no delay in filing the suit by the plaintiff. The plaintiff filed the suit with an averment that the defendants were about to commit an injury to the plaintiff. The defendants took a plea that they had already commenced the business with the offending trade name without specifying actually since when they had commenced such business. This has to be seen in the background that the defendants' business earlier was admittedly being carried on in the name and style of Gokul Studio. The commencement of such business by the defendants could therefore have been subsequent to the institution of the suit by the plaintiff and before the filing of the written statement by the defendants. In such a situation, on the plaintiff succeeding in making out a prima facie case, the court shall have to concentrate on the likelihood of injury which would be caused to the plaintiff in future and simply because the business under the offending name had already commenced before the filing of the written statement or even shortly before the institution of the suit would not make any difference and certainly not disentitle the plaintiff to the

220. These above legal propositions are so well entrenched and settled that they need not be revisited as they have been uniformly and consistently followed in Indian IP jurisprudence.

221. As is clear from the discussion of the previous issue, the Registry Operators and DNRs are woefully falling short of the implementing necessary safeguards to protect not only the rights of trademark owners, but also those of the common public. These entities, along with ICANN at the top, form part of the same pyramid wherein the entire domain name registration system is vested. However, despite the importance of the role played by them in the said system, the submissions made before this Court by all these entities, except NIXI, goes to show that none of these entities own up their responsibility for taking serious measures to prevent fraudulent activities involving trademarks, brand names, corporate house names etc., which have resulted in substantial losses to innocent public and to brand owners.

222. The Government, LEAs and regulatory authorities continue to wrestle with the Registry Operators and the DNRs, as also with ICANN at a policy level, to arrive at an expedient solution for very fundamental issues such as:

(i) Obtaining data relating to Registrant of an infringing domain name;

(ii) Implementing orders passed by the Indian Courts in respect of infringing domain names;

(iii) Ensuring that repeated occurrence and use of infringing domain names does not take place. On all these aspects, the stand of the Registry Operators and the DNRs has been non-cooperative to say the least. They either wish to take shelter under agreements entered with ICANN or seek safe-harbour protection under Section 69A of the IT Act.

223. The extensive submissions made and the documents placed before this Court leave no manner of doubt that the DNRs and Registry Operators earn a substantial amount of revenues by offering domain names registrations consisting of well-known marks, famous brands, and corporate house names. Various modes in which such revenues are earned are set out below:

(i) By offering domain names with varying extensions/suffixes of well-known brands, marks on premium rates.

(ii) By offering certain domain names categorised as

(iii) Some Registry Operators offer services of blocking of domain names as premium services for which payments would have to be made by the respective IP owners.

(iv) By offering marketing and Search Engine Optimization services to promote websites/domain names including even illegal and fraudulent websites/domain names consisting of third-party mark.

(v) By putting infringing domain names in the common pool so that revenues can be earned repeatedly, though said domain names have been declared to be infringing.

(vi) By adopting discriminatory practices in respect of entities and marks with whom they have special arrangements.

(vii) By offering after market services in domain name

(viii) By operating domain name auction services whereby, the

DNRs promote buying and selling of domain names as a way of investment. In effect this promotes monetising of the domain names even where the same violates the rights of third parties.

(ix) By providing brokerage services for assisting a new

(x) A number of the DNRs also provide webhosting, marketing, and other support services to infringing domain names, thereby garnering substantive revenues. However, these facts are not usually disclosed to the Court.

(xi) By not implementing technologies, which are available with them for ensuring that well known marks and registered trade marks are not misused to prevent cyber fraud, only with a view to maximise revenues.

224. In order to illustrate the above points as also to highlight the blatant disregard for the rights of trademark owners, certain screenshots taken from the websites of few DNRs are reproduced hereunder:

225. It is evident from the above screenshots that the DNRs are not only actively promoting alternative infringing domain names, with different prefix and suffix or different TLD, the DNRs are also consciously charging exorbitant prices for certain domain names that are most likely to infringe the marks of third parties.

226. However, apart from violation of private rights of the third parties, there is a greater concern which needs to be addressed and has been brought to the attention of this Court i.e., when the infringing domain names of the private entities are so readily promoted and utilised for committing fraud, then domain name of the government or its instrumentalities demand overhauling of the present system? In order to fully appreciate the same, the Court, in the course of writing the judgement has researched similar domain names being made available of the following public entities:

(i) Government of India (Actual domain name: https://india.gov.in/)

(ii) Supreme Court of India (Actual domain name:

(iii) Delhi High Court (Actual domain name:

(iv) Income Tax Department, Govt. of India (Actual domain name:

https://www.incometax.gov.in/) easy it is for scamsters and unscrupulous persons to pay and obtain these domain names and also utilise the same, to engage in cyberfraud. Recent instances of digital extortion is made possible without much effort due to illegal registration of such websites/domain names. Providing domain names such as Government of India, Supreme Court of India, Delhi High Court, Income Tax Department is not merely violative of IP rights but in effect an encouragement for indulging in unlawful activity. Such acts of DNRs would also impinge upon the sovereignty and integrity of the country.

227. It is evident from the above that there is a clear and pressing need for establishing certain safeguards in the present system of domain name registration. In the absence of the same, DNRs shall continue to generate profits from selling domain names which may result in widespread injury to the public at large. The Court need not labour upon the possibilities of the harm that may be caused if an unscrupulous individual register the domain names as shown above and creates an unsurmountable trust deficit between the public authorities and the public at large by defrauding them in the name of said authorities.

228. It is noticed by the Court that the DNRs and Registry Operators have the technology to lock, block, suspend and deactivate the infringing domain names and ensuring that the same domain names do not resolve into a website. However, as seen in the present batch matters, these services are not being implemented despite frantic requests even from LEAs and trademark owners. Most DNRs take shelter under the different laws such as GDPR to give a cloak and camouflage to the illegal usurpers of the trademark and brand names. Further, although almost all the DNRs obtain payments for these infringing domain names through electronic transactions, but the details of the persons making the payment for registering the domain names are not furnished in time by the DNRs.

229. The only genuine detail that is obtained from the DNRs and Registry Operators is the email address and nothing more, the correctness of which is also not guaranteed. No mobile number, Aadhar card, any government identity card, passport details or any such verifiable detail is obtained, which is made available to the Court or to the person with legitimate interest, to enable proper enforcement of rights of the IP owners and prevention of cyber frauds. This is despite the fact that the relevant agreements of DNRs with ICANN itself stipulate that the contact details have to be collected and verified periodically.

230. Crores of rupees are collected through bank accounts and electronic payments by these unscrupulous websites and domain names holders. However, the IP owners are unable to recover any damages, and neither are the members of the public being returned the amounts innocently deposited by them, due to the repeated road blocks and obstacles created by the DNRs. The DNRs and Registry Operators possess sufficient technological means to block, lock, or suspend the illegal and infringing domain names from being registered. However, grant of such reliefs is opposed on the ground that the same would be violative of the right to free speech and affect the rights of some legitimate owners who may wish to register the said domain names.

231. One of the most important aspects in all these commercial suits, which involve about 1132 infringing domain names as on date, is that, barring one or two domain names, no bona fide Registrant has come forward claiming any legitimate right to use the infringing domain names. None of the Registrants have participated in the present proceedings which have been ongoing since 2022, despite the fact that respect of most domain names, an order of injunction is operating. Almost all the Registrants of infringing domain names are fly-by-night operators, operating the websites with or without any physical premises, who fraudulently collected moneys by using marks and the names of the Plaintiffs. These Registrants have completely vanished into thin air once the money is collected. Even before the brand owner realizes about the collection of money by unscrupulous individuals and the entities, the collected money is transferred or withdrawn without a trace. In some of the suits, the police have also arrested some individuals but there is still no trace of the money. By way of an illustration, a table is set out below giving the details of the amounts, which have been collected in some of the commercial suits: -

232. The genesis of this kind of large scale fraudulent and illegal activity, which is taking place, is registration of the domain names, which consists of the trademarks, brands names and well known business and corporate house such as Dabur, Tata, Colgate, Amazon, Hindustan Unilever, Microsoft, Bajaj etc. Courts cannot be powerless in such a situation and this malady needs to be nipped in the bud. For the said purpose, whatever measures are required to be taken in accordance with law ought to be directed as the Court is not merely safeguarding the interest of the Plaintiffs, who are the IP owners but has a larger duty to the general public to ensure that the misuse of these domain names for offering of jobs, dealerships, franchises and collecting monies under the garb of such offers is eliminated as much as possible. Further, the sale of counterfeit products by registering the domain names with highly reputed global brands such as Montblanc also deserves to be restrained.

233. The privacy protection features adopted by DNRs, which is a trend that has been observed over the last few years, also has a major role to play in promoting camouflage registration of the domain name and making it an extremely challenging process to obtain the details of the Registrants. It is observed that when the whole system of domain name registration had started sometime in late 1990s and early 2000s, the WHOIS data base would reveal the details of the Registrants of the domain names upon a simple search. However, over the years privacy protection has been implemented as default mode by most of the DNRs. Further it is also seen that in several cases these infringing domain names may have been registered by the affiliates and group companies of the DNRs itself. The non-disclosure of details gives a head-start to the Registrant of the illegal and infringing domain names as the process of obtaining the data relating to a Registrant is time consuming and difficult. This is despite the fact that any person, who has a legitimate interest in a domain name or mark ought to be permitted to have the details simply by writing an email to the DNR. Even when such an email is written, full disclosure is not made by the concerned DNR resulting in lengthy correspondence between the trademark owners and the DNR concerned. In the course of these hearings, several such emails have been noticed by the Court where obtaining of registrant details from the DNRs has proved to be a cumbersome process.

234. The attempt of a right holder to obtain details of a Registrant is further made difficult due to the fact that the said Registrant may have utilised the services of a proxy because of which the details of the said proxy would be shown in place of the details of the Registrant. These privacy protect and proxy services, which are provided as valued added services, have been made as default services for almost all domain name registrations by the DNRs. Whereas in comparison, NIXI in its agreement for accreditation of DNRs has prohibited the use of privacy protect and proxy services. Further, the use of temporary email addresses has been specifically denied. The terms and conditions prescribed by NIXI for expressly mentions this position.

235. At this stage it would also be relevant to consider the submissions of the DNRs and Registry Operators as to what measures they are willing to take against an infringing domain name. On behalf of two DNRs - GoDaddy and Newfold Digital Inc., it was submitted that actions which they can take pursuant to a Court order is as follows:

(i) Suspend the domain name for duration of its registration.

(ii) Lock the domain name for transfer of the domain name for the duration of its registration. Cost would have to be borne by the rights holder for implementing any measure beyond the period of registration of the domain name.

(iii) Disclose the Registrant data and payment details as available with the DNR.

(iv) Transfer the domain name to the rights holder subject to payment of the applicable costs. The said DNRs have also submitted that after the order of the Court in respect of the infringing domain names is passed, the subsequent orders can be passed by the Joint Registrar upon appropriate applications with affidavits being filed by the rights holder.

236. However, the said DNRs have also argued as to what measures they cannot or are unwilling to take against the infringing domain names, which are as follows: (i)They cannot block, block access, take down, delete or remove domain names.

(ii) They cannot suspend the domain name permanently.

(iii) They cannot take any steps against the website, URLs, sub-domain or webpages. These are under the domain of web hosting service providers or the Internet Service Provider.

(iv) They cannot disclose payment details which are not on their record.

(v) They cannot block specific word strings or suspend all domain names which contain the specific domain names. It is argued that the same ought to be done by the Registry Operators for the specific TLD.

237. In Hindustan Uniliver Limited v. the ld. Single Judge of the Bombay High Court has highlighted the fact that DNRs can only suspend the domain name registration and cannot block the website. The difficulty that arises is, even if a domain name is suspended and the website may not become accessible, after the registration of the domain name expires, it falls into the public domain and thereafter be renewed by third party. Mere suspension may not be enough and certain other measures would also have to be taken in this regard.

238. Further, the stand of Hosting Concepts another DNR, in fact, shows that Registry Operators have the capability to implement Court orders that may be passed much beyond the identified infringing domain names, by implementing services/features such as Trademark Clearing House, Domain Protected Marks List and Adult Block. This should be read along with the submissions on behalf of Registry Operator Verisign, which stated that in order to comply with the directions of the Court for blocking, locking or suspending the infringing domain names the Registry Operators may implement EPP status codes such as serverHold, serverRenewProhibited, serverDeleteProhibited etc.

239. There is also the possibility of adding certain strings of words in Reserved Lists maintained by the Registry Operators, which would prevent these from being available for registration. Moreover, NIXI in its response to Nixi is fully equipped to be a data repository agency provided due acceptance is received from competent authority. NIXI is a data Centre business thereby secure storage of WHOIS details is ensured

240. Thus, there are several measures which the DNRs and Registry Operators may take for ensuring that the infringing domain name is no longer accessible to the general public or is added in the common pool for being utilised again, by transferring the same to the respective mark holder. However, despite the possible measures which may be implemented against infringing domain names, the same would be rendered toothless if the concerned DNRs and Registry Operators do not comply with the orders of the Court.

ISSUE III: WHAT MEASURES MAY BE DIRECTED BY THE COURT AGAINST DNRS WHO REFUSE TO COMPLY WITH THE COURT ORDERS?

241. One of the issues that has been raised is whether if the DNR does not comply with the order passed by a Court, what would be the method of enforcing the said order. This Court has come across several instances in the present batch of suits where the Registry Operators and DNRs have taken extremely unreasonable stance of asking the persons with legitimate interest in India to obtain a subpoena or an order from the Court of a foreign jurisdiction, such as Courts in United States of America, for enforcing orders passed by Indian Courts. It is routinely observed that the orders of Indian Courts are not being given effect to in a timely manner, especially by those DNRs and Registry Operators operating from foreign shores. Some Registry Operators and DNRs insist on service through international institutions such as Hague Convention and MLAT even when there is an immediate threat to the interest of innocent members of the public. This position led the Court to issuing orders directing the services of the non-compliant DNRs to be blocked by the concerned authority. It was only pursuant to such directions that the non-compliant DNRs took steps to comply with the orders of the Court.

242. However, on this aspect, there is a considerable divergence in opinion between the Plaintiffs and the Defendants i.e., the DNRs, as no valid Registrant of a domain name has set up any defence in these cases. The Plaintiffs pray that such DNRs, who are not implementing the orders passed by the Indian Courts, ought not to be allowed to conduct business in India and their services themselves should be blocked in terms of Section 69A of the IT Act, as the same would impinge upon the sovereignty of the Court and hence the country, create disturbance in public order and also incite commission of cognizable offences. On the other hand, the DNRs argue that such extreme steps ought not to be resorted to. The DNRs and Registry Operators claim to be intermediaries and hence invoke the protection of safe harbour under Section 79 of the IT Act. Further reliance is placed on the submission on behalf of the Government by MeitY, wherein it was stated that in some cases other innocent registrants of domain names registered by the same DNR could be put to enormous inconvenience if such DNRs services are totally blocked.

243. Considering all these competing stands, there is a need to put in place a proper system, which shall be complied with by all the DNRs, especially when domain names, which are clearly infringing, have been registered. Moreover, the Plaintiffs, who are trademark owners, cannot also be expected to perpetually be in a state of litigation and continue to obtain injunctions from the Courts of law as the same involves substantial expenses.

244. At the outset, since, the DNRs and Registry Operators claim to be protected as intermediaries under Section 79 of the IT Act, and whereas the Plaintiff and Government support blocking of the non-compliant DNRs under Section 69A of the IT Act, it would be relevant to reproduce the said sections, along with Section 81 of the IT Act which grants overriding effect to the provisions of IT Act. The said Sections read as under: Section 69A. Power to issue directions for blocking for public access of any information through any computer resource. (1) Where the Central Government or any of its officers specially authorised by it in this behalf is satisfied that it is necessary or expedient so to do, in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the Government or intermediary to block for access by the public or cause to be blocked for access by the public any information generated, transmitted, received, stored or hosted in any computer resource. (2) The procedure and safeguards subject to which such blocking for access by the public may be carried out, shall be such as may be prescribed. (3) The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine. Section 79. Exemption from liability of intermediary in certain cases. (1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him. (2) The provisions of sub-section (1) shall apply if (a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or (b) the intermediary does not (i) initiate the transmission, (ii) select the receiver of the transmission, and (iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf. (3) The provisions of sub-section (1) shall not apply if (a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act; (b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner. Explanation. For the purposes of this section, the information dealt with by an intermediary in his capacity as an intermediary. Section 81. Act to have overriding effect. The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force. Provided that nothing contained in this Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957 (14 of 1957) or the Patents Act, 1970 (39 of 1970

245. Further, the Intermediary Rules, 2021 lay down what are the requirements of due diligence to be exercised by the intermediaries. The relevant portion of the said Rules reads as under: intermediary, including a social media intermediary, a significant social media intermediary and an online gaming intermediary, shall observe the following due diligence while discharging its duties, namely: (a) the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy and user agreement in English or any language specified in the Eighth Schedule to the Constitution for access or usage of its computer resource by any person in the language of his choice and ensure compliance of the same; (b) the intermediary shall inform its rules and regulations, privacy policy and user agreement to the user in English or any language specified in the Eighth Schedule to the Constitution in the language of his choice and shall make reasonable efforts by itself, and to cause the users of its computer resource to not host, display, upload, modify, publish, transmit, store, update or share any information that,

(i) belongs to another person and to which the user does

(iv) infringes any patent, trademark, copyright or other proprietary rights

(vi) impersonates another person;

(vii) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence, or prevents investigation of any offence, or is insulting other nation;

(d) an intermediary, on whose computer resource the information is stored, hosted or published, upon receiving actual knowledge in the form of an order by a court of competent jurisdiction or on being notified by the Appropriate Government or its agency under clause (b) of sub-section (3) of section 79 of the Act, shall not host, store or publish any unlawful information, which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India; security of the State; friendly relations with foreign States; public order; decency or morality; in relation to contempt of court; defamation; incitement to an offence relating to the above, or any information which is prohibited under any law for the time being in force: Provided that any notification made by the Appropriate Government or its agency in relation to any information which is prohibited under any law for the time being in force shall be issued by an authorised agency, as may be notified by the Appropriate Government: Provided further that if any such information is hosted, stored or published, the intermediary shall remove or disable access to that information, as early as possible, but in no case later than thirty-six hours from the receipt of the court order or on being notified by the Appropriate Government or its agency, as the case may be (j) the intermediary shall, as soon as possible, but not later than seventy two hours and in case of an online gaming intermediary who enables the users to access any permissible online real money game not later than twenty-four hours of the receipt of an order, provide information under its control or possession, or assistance to the Government agency which is lawfully authorised for investigative or protective or cyber security activities, for the purposes of verification of identity, or for the prevention, detection, investigation, or prosecution, of offences under any law for the time being in force, or for cyber security incidents: Provided that any such order shall be in writing stating clearly the purpose of seeking information or assistance, as the case may be;

7. Non-observance of Rules. Where an intermediary fails to observe these rules, the provisions of subsection (1) of section 79 of the Act shall not be applicable to such intermediary and the intermediary shall be liable for punishment under any law for the time being in force including the provisions of the Act and the

246. It would also be relevant to consider the relevant provisions of the Blocking Rules, 2009 which provide the procedure for blocking access to websites etc. The relevant provisions are extracted hereunder: information. In case of an order from a competent court in India for blocking of any information or part thereof generated, transmitted, received, stored or hosted in a computer resource, the Designated Officer shall, immediately on receipt of certified copy of the court order, submit it to the Secretary, Department of Information Technology and initiate action as directed

247. The DNRs and Registry Operators have relied upon the decision in Shreya Singhal (supra) in support of their submissions that they are by way of an order of the Court of law or notification from governmental agencies. It is further argued that the DNRs and Registry Operators are complying with the due diligence requirements prescribed under the Intermediary Rules, 2021 through its Domain Name Registration Agreement for Registrants and through its grievance redressal mechanisms. It is also submitted that safe harbour protection granted to intermediaries cannot be diluted merely on the ground that value-added services are being offered by the intermediaries.

248. The issue in respect of the scope of safe harbour protection of intermediaries vis-à-vis the infringement or violation of IP rights of a party has been extensively considered by the Courts. In Christian Louboutin SAS vs. Nakul Bajaj & Ors., 2018:DHC:7106 (decided on 2nd November, 2018) this Court was considering the said issue in respect of an e-commerce platform alleged to have infringed the trademark of the Plaintiff therein. The Court having considered the jurisprudence in different jurisdictions as also Indian decisions, including Shreya Singhal (supra), in respect of safe harbour protections held as under: While the so-called safe harbour provisions for intermediaries are meant for promoting genuine businesses which are inactive intermediaries, and not to harass intermediaries in any way, the obligation to observe due diligence, coupled with the intermediary guidelines which provides specifically that such due diligence also requires that the information which is hosted does not violate IP rights, shows that ecommerce platforms which actively conspire, abet or aide, or induce commission of unlawful acts on their website cannot go scot free.

63. The elements summarised above would be key to determining whether an online marketplace or an ecommerce website is conspiring, abetting, aiding or inducing and is thereby contributing to the sale of counterfeit products on its platform. When an ecommerce website is involved in or conducts its business in such a manner, which would see the presence of a large number of elements enumerated above, it could be said to cross the line from being an intermediary to an active participant. In such a case, the platform or online marketplace could be liable for infringement in view of its active participation. Needless to add, e-commerce websites and online marketplaces ought to operate with caution if they wish to enjoy the immunity provided to intermediaries. The question, however, would have to be determined after reviewing the practices of various websites under the facts and circumstances of a particular case.

64. So long as they are mere conduits or passive transmitters of the records or of the information, they continue to be intermediaries, but merely calling themselves as intermediaries does not qualify all ecommerce platforms or online market places as one.

71. They do not and cannot substitute themselves either for the provision in the IT Act i.e., Section 79 or nullify provisions in other applicable laws. These guidelines are framed under Section 79(2) and would not negate the stipulations in Section 79(3)(a). The guidelines anyone who complies with the guidelines is automatically not conspiring, abetting, aiding or inducing commission of an unlawful act. Following the guidelines may in certain cases satisfy that the online market place is behaving as an intermediary but the same is not conclusive. What is lawful or unlawful depends on the specific statute being invoked and the Guidelines cannot be considered as being exhaustive in their manner of application to all statutes.

76. The overriding nature of the IT Act has application only if the provisions of the Trade Mark Act are inconsistent with the provisions of the IT Act. The Intermediary Guidelines 2011 themselves require compliance with the TM Act by the persons to host, display or upload the products or services. The provisions of Section 29, Section 101 and Section 102 of the TM Act, are being looked at in order to interpret as ct, in the context of trade mark rights. The provisions of the TM Act are not in any manner inconsistent with the provisions of the IT Act. Hence Section 81 of the IT Act does not grant any immunity to intermediaries who may be in violation of the provisions of the TM Act. While, use of a mark for any of the purposes elaborated above, in respect of genuine goods of the owner would not be infringement, the performance of any service as elaborated above, in respect of counterfeit goods or goods which are not genuine, could constitute infringement.

81. The trademark owner loses its huge customer base especially in the case of luxury products. If the products turn out to be counterfeit or not up to the mark, then it The seller himself does not suffer. Such immunity is beyond what is contemplated to intermediaries under Section 79 of the IT Act. While Section 79 of the IT Act is to protect genuine intermediaries, it cannot be abused by extending such protection to those persons who are not intermediaries and are active participants in the unlawful act. Moreover, if the sellers themselves are located on foreign shores and the trade mark owner cannot exercise any remedy against the said seller who is selling counterfeits on the e-commerce platform, then

249. The Court emphasised that safe-harbour under Section 79 of the IT Act is meant only for genuine, passive intermediaries, not for platforms that actively facilitate unlawful activity. Any intermediary would lose its safe harbour protection if found conspiring, abetting, aiding, or inducing the sale of counterfeit or infringing goods. However, the same would have to be determined on a case to case basis. Further, the provisions of the IT Act do not override the provisions of TM Act, unless there is a derogation between the said provisions. Accordingly, it has been held that the obligations under the TM Act would be independent and not get affected by the immunity claimed under the IT Act. Thus, it is settled law that safe harbour cannot be stretched to protect platforms that are active participants in infringement, as this would leave trademark owners without any remedy.

250. Further, in Neetu Singh (supra) the Court had considered the Rule 3 and 4 of the Intermediary Rules, 2021 qua obligations of intermediaries to protect IP rights. The Court had observed as under: Telegram in its response to the prayer for disclosure. In

(v) Telegram has also relied upon Rules 3 and 4 of the

The above IT Guidelines are specific guidelines, which by them. These guidelines do not in any manner obviate the duty of Telegram as a platform to take all effective steps required to protect IP rights, including rights of copyright owners. This was also noted by the ld. Division Bench of this court in My Space Inc. v. Super Cassettes Industries Ltd., (2017) 236 DLT 478 (DB). The Court therein held as under: measured privilege to an intermediary. However, that would not mean that the rights guaranteed under the Copyright Act are in any manner curtailed. All Section 79 does is regulates the liability in respect of intermediaries while the Copyright Act grants and controls rights of a copyright owner. Under the circumstances, it is difficult to conceive how one would pose a barrier in the applicability of the other. The true intent of Section 79 is to ensure that in terms of globally accepted standards of intermediary liabilities and to further digital trade and economy, an intermediary is granted certain protections. Section 79 is neither an enforcement provision nor does it list out any penal consequences for non-compliance. It sets up a scheme where intermediaries have to follow certain minimum standards to avoid liability; it provides for an affirmative defence and not a blanket immunity from liability

(vi) As held in Myspace (supra), the intermediary is to be granted safe harbour, so long as it complies with the requirements of law. In the present case, the infringement has to be nipped in the bud, without which Courts would have to continue to repeatedly pass injunction orders against mushrooming channels containing infringing content. The Court cannot perpetually supervise such infringements and, thus, the origin and source of the infringing material has to be traced and such devices or persons involved in the infringement ought to face consequences in accordance with law, including being held liable for damages. That would not be possible if the source of such infringing copies, i.e., the details of the infringing channels are not disclosed. Pertinently, such production of details of infringing devices or persons liability and does not derogate from safe harbour provisions. In fact, it is aligned with the view of hich claims to act as a conduit of information

251. Thereafter, in Snapdeal (supra), a ld. Single Judge of this Court has considered the issue as to whether DNRs are intermediaries and what is the consequence of the paid services provided to the Registrants. The ld. Judge has categorically come to the conclusion that DNRs are intermediaries. However, providing of paid services, in the opinion of the ld. Single Judge, would render DNRs ineligible to claim the safe harbour protection, since the DNRs act commercially for a profit. The observations of the Court are set out below: There is no dispute about the fact that the DNRs provide alternative domain names, in the event of the domain name that the aspiring registrant seeks being already taken, for a price and, in fact, charge higher Clearly, therefore, the DNRs act commercially for a profit. In doing so, they use the allegedly infringing marks in the course of trade, by offering the domain names which constitutes the marks, for sale to aspiring the allegedly infringing domain names. More specifically, in the case names up to any aspiring registrant for a price. By doing so, the DNRs are clearly using, in the course of trade, the allegedly infringing marks. The contention, of learned Counsel for the DNRs, that any allegation of infringement by use in the course of trade of the allegedly infringing domain names, would only lie at the door of the registrants is, therefore, prima facie, misconceived and has to be rejected

252. Insofar as the alternate domain names consisting of some trademarks are concerned, in Snapdeal the ld. Single Judge has held as under: Infringement of intellectual property rights is not condonable in law. A registered trademark cannot be infringed, in view of the clear proscriptions contained in Sections 28 and 29 of the Trade Marks Act. There can be no argument against this. It is not open to anyone to contend that its activities are so carried out that it cannot guarantee against infringement. Nor can it lie in the mouth of anyone that it is practically not possible for it to carry out its activities in a manner which would not infringe. The contention of DNRs that the manner in which alternative domain names are provided, on their websites to prospective registrants, in the event of the domain names sought by the registrants being not available, is automated and that, therefore, they cannot ensure that such alternative domain names would not be infringing, is simply not acceptable. Admittedly, the algorithm, on the basis of which the alternative domain names are made available, is devised by each individual DNR itself. It alternative domain names do not infringe any registered trademark. The mere fact that a declaration to the said effect is also extracted from the prospective registrant is no insurance against the liability which would fall on the DNR, were it to be providing infringing alternative domain names. If the algorithm works in such a manner that there is a possibility of infringing alternative domain names being made available to an aspiring registrant, the DNR has to discontinue the use of such algorithm. If the consequence is that the DNR would not be able to provide alternatives, so be it. The law does not permit, or condone, its infraction.

88. There is no substance, therefore, in the contention of learned Counsel for the DNRs that, as the process by which alternative domain names are sourced from the Domain Name Registry is automated, they cannot vouchsafe to the alternative domain names not being infringing in nature. If that is the position, the DNRs have to discontinue providing alternative domain names or find some way or the other to ensure that infringing domain names are not provided. That the website of Defendant 1 does not provide any domain name fact, this is possible.

91. Neither do the DNRs have any right to make available for registration, to aspiring registrants, domain names which infringe existing registered trademarks, nor does any registrant have a right to registration of such an infringing domain name. If the Court were to grant the prayer, of the plaintiff, for an anticipatory injunction, restraining the DNRs from making available, to any aspiring registrant, any string/thread, it would be on the premise that any such spring/thread would, prima facie, be infringing in nature. That being so, any such injunction would not affect, judicially, any right of the DNRs either, as no DNR can claim, as of right, an entitlement to provide, to aspiring registrants, a domain name which infringes an existing trademark, especially for profit.

98. In all such cases, however, the DNRs, by the application of the algorithm derived by whom the infringing domain names are becoming available to prospective registrants, would themselves be Trade Marks Act, and liable in that regard. In order to avoid such liability, in my opinion, the DNRs would either have to modulate their algorithms in such a way as not to make available, to prospective registrants, potentially infringing alternatives as Defendant 1 has apparently done in respect of its own domain name or avoid providing alternative domain names altogether. A situation in which the algorithms of the DNRs make available, to prospective registrants, infringing domain names, leaving the proprietors of the infringed trade marks to repeatedly knock at the doors of the Court cannot be allowed to continue in perpetuo.

253. Thus, it is settled that the non-implementation of steps to prevent trademark infringement coupled with various means and methods adopted by the DNRs to maximize their revenues would actually lead to non-grant of safe harbour protection in respect of the said DNRs. Further, as is clear from the screenshots extracted hereinabove, the DNRs continue to promote alternative infringing domain names, several of which are clearly prima facie infringing the trademarks of the Plaintiffs. In such a situation, not only shall the concerned DNRs lose the safe harbour protection, the said DNRs would be liable to be treated as infringers against whom reliefs would be liable to be claimed. Accordingly, such DNRs in an appropriate case could be held to be liable to pay monetary damages as well.

254. Having considered the issue of safe harbour protection to DNRs and Registry Operators, it would also be necessary to consider whether a noncompliant entity can itself be blocked from providing services in India. The submission on behalf of DNRs is that non-compliance of orders of the Court grounds upon which the blocking order can be issued. The DNRs and Registry Operators have relied in support of broader protections as Intermediary on the decisions of the Supreme Court in Shreya Singhal (supra) and in Visaka Industries (supra).

255. The Court has considered the said decisions. In Shreya Singhal (supra) the Supreme Court was considering a challenge to Section 66A and Section 69A of the IT Act. The Supreme Court has analysed the validity of the said sections in light of the freedom of speech and expression guaranteed under Article 19(1)(a) of the Constitution of India. In the course of the said analysis is one of the reasonable restrictions on the freedom of speech and expression mentioned in Article 19(2) of the Constitution of India. The relevant portion of the said decision is extracted hereunder:

36. In Supt., Central Prison v. Ram Manohar Lohia this Court held that public order is synonymous with public safety and tranquility; it is the absence of disorder involving breaches of local significance in contradistinction to national upheavals, such as revolution, civil strife, war, affecting the security of the State. This definition was further refined in Ram Manohar Lohia v. State of Bihar, where this Court held: the rulings of this Court (earlier cited) was said to comprehend disorders of less gravity than those comprehends disorders of less gravity than those a concentric circles. Law and order represents the largest circle within which is the next circle representing public order and the smallest circle represents security of State. It is then easy to see that an act may affect law and order but not public order just as an act may affect public order but not

37. In Arun Ghosh v. State of W.B., Ram Manohar Lohia case was referred to with approval in the following terms: Ram Manohar Lohia case this Court pointed out the difference between maintenance of law and order and its disturbance and the maintenance of public order and its disturbance. Public order was said to embrace more of the community than law and order. Public order is the even tempo of the life of the community taking the country as a whole or even a specified locality. Disturbance of public order is to be distinguished from acts directed against individuals which do not disturb the society to the extent of causing a general disturbance of public tranquillity. It is the degree of disturbance and its effect upon the life of the community in a locality which determines whether the disturbance amounts only to a breach of law and order. Take for instance, a man stabs another. People may be shocked and even disturbed, but the life of the community keeps moving at an even tempo, however much one may dislike the act. Take another case of a town where there is communal tension. A man stabs a member of the other community. This is an act of a very different sort. Its implications are deeper and it affects the even tempo of life and public order is jeopardised because the repercussions of the act embrace large sections of the community and incite them to make further breaches of the law and order and to subvert the public order. An act by itself is not determinant of its own gravity. In its quality it may not differ from another but in its potentiality it may be very different. Take the case of assault on girls. A guest at a hotel may kiss or make advances to half a dozen chamber maids. He may annoy them and also the management but he does not cause disturbance of public order. He may even have a fracas with the friends of one of the girls but even then it would be a case of breach of law and order only. Take another case of a man who molests women in lonely places. As a result of his activities girls going to colleges and schools are in constant danger and fear. Women going for their ordinary business are afraid of being waylaid and assaulted. The activity of this man in its essential quality is not different from the act of the other man but in its potentiality and in its effect upon the public tranquillity there is a vast difference. The act of the man who molests the girls in lonely places causes a disturbance in the even tempo of living which is the first requirement of public order. He disturbs the society and the community. His act makes all the women apprehensive of their honour and he can be said to be causing disturbance of public order and not merely committing individual actions which may be taken note of by the criminal prosecution agencies. It means therefore that the question whether a man has only committed a breach of law and order or has acted in a manner likely to cause a disturbance of the public order is a question of degree and the extent of the reach of the act upon the society. The French distinguish law and order and public order by designating the latter as order publique. The latter expression has been recognised as meaning something more than ordinary maintenance of law and order. Justice Ramaswami in Pushkar Mukherjee v. State of W.B. [(1969) 1 SCC 10] drew a line of demarcation between the serious and aggravated forms of breaches of public order which affect the community or endanger the public interest at large from minor breaches of peace which do not affect the public at large. He drew an analogy between public and private crimes. The analogy is useful but not to be pushed too far. A large number of acts directed against persons or individuals may total up into a breach of public order. In Ram Manohar Lohia case [Ram Manohar Lohia v. State of Bihar, (1966) 1 SCR 709: AIR 1966 SC 740: 1966 Cri LJ 608] examples were given by Sarkar, and Hidayatullah, JJ. They show how similar acts in different contexts affect differently law and order on the one hand and public order on the other. It is always a question of degree of the harm and its effect upon the community. The question to ask is: Does it lead to disturbance of the current of life of the community so as to amount to a disturbance of the public order or does it affect merely an individual leaving the tranquillity of the society undisturbed? This question has to be faced in every case on facts. There is no formula by which one case can be distinguished from another

38. This decision lays down the test that has to be formulated in all these cases. We have to ask ourselves the question: does a particular act lead to disturbance of the current life of the community or does it merely affect an individual leaving the tranquility of society undisturbed

256. an act would be to consider the gravity and effect of the said act on the society at large and whether the same would disturb the tranquillity of the society. Applying this test to individual cases of mere IP infringement may not satisfy the high threshold of public order and instead would be an issue of law and order, since, the same may not have disturbed the society at large. However, where there is consistent violation of IP rights along with attempts to defraud innocent public of their hard earned monies and also assist in commission of offences, the same would have a significant impact upon the society at large. ew methods of frauds to be reported. It is also often seen that by the time the LEAs catch up with the fraudsters and are able to comprehend the methods used, the fraudsters move on and start defrauding the public through some newer method. Given that such frauds are increasing in number day by day, it is now more than ever necessary to build and maintain trust in the manner in which consumers interact and connect with brands and companies. If the consumer cannot trust the authenticity of the website or domain name she/he has accessed, which would be a logical consequence of the large scale frauds brought to the attention of the Court in the present batch of suits, then it would definitely disturb the economic interests of the businesses and also create disturbance to members of the general public and society. Therefore, in the opinion of the Court, in light of the large scale frauds which are being committed, directions of the Court cannot be rendered ineffective by noncompliant DNRs and Registry Operators, for which the Court may direct the competent authorities to block the services of the non-compliant DNRs itself in order to ensure compliance.

257. Insofar as those entities who are operating from foreign jurisdictions and have refused to comply with the orders of Indian Courts are concerned, this Court in Neetu Singh (supra), the Court has already considered a similar situation. In the said case, Telegram - a social media intermediary having its servers in Singapore and operating from foreign shores had refused to comply with the order of this Court directing it to provide information of concerned infringers. The Court considered the following factors before holding it to be a competent Court to direct Telegram to disclose information:

(i) Telegram is one of the most popular messaging applications in India with subscriber base running into millions of users;

(ii) Infringement of copyright was unabashedly continued within India;

(iii) Accounts sharing the infringing material were created in India;

(iv) High possibility of the persons controlling the infringing accounts would be in India along with the devices involved in the dissemination of the material;

(v) Cloud computing permits access to information beyond jurisdictions, including in India, irrespective of where the data centres are located. Thus, conventional concepts of territoriality no longer exist.

(vi) Telegram is actively making its services accessible in India along with offering paid services to earn revenue.

(vii) Reliance on the decisions of the Supreme Court in Indian Bank v.

Satyam Fibres (India) (P) Ltd., (1996) 5 SCC 550 and Krishan Yadav v. State of Bihar, AIR 1994 SC 2166, which held that High Courts are vested with inherent powers to enable themselves to maintain their dignity, and secure obedience to their process and rules and give effective reliefs. In the opinion of the Court, each of the above factors would squarely apply in respect of DNRs and Registry Operators, who not only provide services in India but are involved in generating significant revenues from numerous customers in India. Thus, applying the same factors, it is clear that even in respect of the ICANN Agreements, Indian Courts would be courts of competent jurisdiction to issue directions to DNRs and Registry Operators for grant of appropriate relief.

258. In UTV Software Communication (supra) this Court has already recognized the grant of dynamic injunctions as being necessary in such cases. The observations read as under: in the fight against digital piracy, but it should at least be one of the lead bullets, alongside other measures such as partnering with Internet ad companies, domain seizures, and other efforts to prosecute owners of pirate sites.

HOW SHOULD THE COURT DEAL WITH THE BEING BLOCKED, ACTUALLY MULTIPLY AND RESURFACE AS REDIRECT OR MIRROR OR ALPHANUMERIC WEBSITES?

94. Now, the question that arises for consideration is who on being blocked, actually multiply and resurface as alphanumeric or mirror websites. In the present batch of matters though this Court had injuncted the main website by way of the initial injunction order, yet the mirror/alphanumeric/redirect websites had been created subsequently to circumvent the injunction orders.

95. It is pertinent to mention that in Greek mythology the Hydra also called Lernaean Hydra is a serpent-like monster. The Hydra is a nine-headed serpent like snake. It was said that if you cut off one hydra head, two more would grow back.

96. Critics claim that website blocking is an exercise in futility as website operators shift sites-the so-called -a-

97. Internationally, there has been some recent development to deal with the aforesaid menace in the mirror websites.

98. The High Court of Singapore in the case of Disney Enterprise v. Ml Ltd., (2018) SGHC 206 has after discussing the cases of 20th Century Fox v. British Telecommunications PLC, (2012) 1 All ER 869 and Cartier International AG v. British Sky Broadcasting (supra), held that the applicant was not obligated to return to court for an order with respect to every single IP address of the infringing URLs already determined by the Court. The Court held as under: issue a dynamic injunction given that such an access to the flagrantly infringing online does not require the defendants to block additional FIOLs which have not been included in the main injunction. It only requires the defendants to block additional domain names, URLs and/or IP addresses that provide access to the same websites which are the subject of the main injunction and which I have found constitute FIOLs (see [19] - [29] above). Therefore, the dynamic injunction merely blocks new means of accessing the same infringing websites, rather than blocking new infringing websites that have not been included in the main injunction.

39 In fact, under the dynamic injunction applied for in the present case, the plaintiffs would be required to show in its affidavit that the new FQDNs provide access to the same FIOLs which are the subject of the main injunction before the defendants would be required to block the new FQDNs (see [6] above)

42. In relation to S 193DB(3)(d) of the Copyright Act, ie, the effectiveness of the proposed order, the dynamic injunction was necessary to ensure that the main injunction operated effectively to reduce further harm to the plaintiffs. This is due to the ease and speed at which circumventive measures may be taken by owners and operators of FIOLs to evade the main injunction, through for instance changing the primary domain name of the FIOL. Without a continuing obligation to block additional domain names, URLs and/or IP addresses upon being informed of such sites, it is unlikely that there would be effective disabling of access to the 53 (emphasis supplied)

99. Though the dynamic injunction was issued by the Singapore High Court under the provisions of Section 193 DDA of the Singapore Copyright Act, and no similar procedure exists in India, yet in order to meet the ends of justice and to address the menace of piracy, this Court in exercise of its inherent power under Section 151 CPC permits the plaintiffs to implead the mirror/redirect/alphanumeric websites under Order I Rule 10 CPC as these websites merely provide access to the same websites which are the subject of the main injunction.

100. It is desirable that the Court is freed from constantly monitoring and adjudicating the issue of mirror/redirect/alphanumeric websites and also that the plaintiffs are not burdened with filing fresh suits. However, it is not disputed that given the wide ramifications of site-wide blocking orders, there has to be judicial scrutiny of such directions and that ISPs ought not to be tasked with the role of arbiters, contrary to their strictly passive and neutral role as intermediaries.

101. Consequently, along with the Order I Rule 10 application for impleadment, the plaintiffs shall file an affidavit confirming that the newly impleaded website is a mirror/redirect/alphanumeric website with sufficient supporting evidence. On being satisfied that the impugned website is indeed a mirror/redirect/alphanumeric website of injuncted Rogue Website(s) and merely provides new means of accessing the same primary infringing website, the Joint Registrar shall issue directions to ISPs to disable access in India to such mirror/redirect/alphanumeric websites in terms of the orders passed.

102. It is pertinent to mention that this Court has delegated its power to the learned Joint Registrar for passing such orders under Section 7 of the Delhi High Court Act, 1966 read with Chapter II, Rule 3(61) read with Rule 6 of the Delhi High Court (Original Side) Rules 2018. The said provisions are reproduced hereinbelow: - The powers of the Court, including the power to impose costs in relation to the following matters, may be exercised by the registrar: (61) Such other application, as by these Rules are directed to be so disposed of by the other matter, which in accordance with orders or directions issued by Court, is required to be dealt with by the Registrar.

6. Delegation of the Registrar's Power - The Chief Justice and his companion Judges may assign or delegate to a Joint Registrar, Deputy Registrar or to any officer, any functions required by these Rules to be exercised by the Registrar.

103. In the event, any person is aggrieved by any order passed by the Registrar, the remedy for appeal is provided and may be availed of under Rule 5 of Chapter II of the Delhi High Court (Original Side) Rules, 2018 reproduced hereinbelow: - Any persons aggrieved by any order made by the within fifteen days of such order, appeal against the same to the Judge in Chambers. The appeal shall be in the form of a petition bearing court fees

259. This has also been extended to works, which are yet to come into existence in Universal City Studios LLC. v. Dotmovies.baby., CS(COMM) 514/2023 (order dated 9th August, 2023) by grant of a Dynamic + injunction. The relevant portion of the said order reads as under: country or another may not, however be sufficient to protect copyright owners. There is an imminent need to evolve a global consensus in this regard inasmuch as despite ISPs blocking these websites, the said websites can be accessed through VPN servers, and other methods to which the long arm of the law cannot extend etc.

17. Any injunction granted by a Court of law ought to be effective in nature. The injunction ought to also not merely extend to content which is past content created prior to the filing of the suit but also to content which may be generated on a day-to-day basis by the Plaintiffs. Thus, though, in a usual case for copyright infringement, the Court firstly identifies the work, determines the Copyright of the Plaintiff in the said work, and thereafter grants an injunction, owing to the nature of the malafide, there is a need to pass injunctions which are also dynamic qua the Plaintiff as well, as it is seen that upon any film or series being released, they may be immediately uploaded on the rogue websites, causing immediate monetary loss. Copyright in future works comes into existence immediately upon the work being created, and Plaintiffs cannot be forced to approach the Court for each and every film or series that is produced in the future, to secure an injunction against piracy.

19. As innovation in technology continues, remedies to be granted also ought to be calibrated by Courts. This is not to say that in every case, an injunction qua future works can be granted. Such grant of an injunction would depend on the fact situation that arises and is placed before the Court.

20. In the facts and circumstances as set out above, an ex parte ad interim injunction is granted restraining the Defendants, who are all rogue websites, from in any manner streaming, reproducing, distributing, making available to the public and/or communicating to the public any copyrighted content of the Plaintiffs including future works of the Plaintiffs, in which ownership of copyright is undisputed, through their websites identified in the suit or any mirror/redirect websites or alphanumeric variations thereof including those websites which are associated with the Defendants' websites either based on the name, branding, identity or even source of content. To keep pace with the dynamic nature of the infringement that is undertaken by hydra-headed websites, this Court they are created, to ensure that no irreparable loss is caused to the authors and owners of copyrighted works, as there is an imminent possibility of works being uploaded on rogue websites or their newer versions immediately upon the films/shows/series etc. The Plaintiffs are permitted to implead any mirror/redirect/alphanumberic variations of the websites identified in the suit as Defendants Nos. 1 to 16 including those websites which are associated with the Defendants Nos. 1 to 16, either based on the name, branding, identity or even source of content, by filing an application for impleadment under Order I Rule 10 CPC in the event such websites merely provide new means of accessing the same primary infringing websites that have been injuncted. The Plaintiffs are at liberty to file such an impleadment application based on their copyrighted works, including future works, when the need so arises. Upon filing such application before the Registrar along with an affidavit with sufficient supporting evidence seeking extension of the injunction to such websites, to protect the content of the Plaintiffs, including future works, the injunction shall become operational against the said websites and qua such works. If there is any work in respect of which there is any dispute as to ownership of copyright, an application may be moved by the affected party before the Court, to seek clarification.

260. It would also be relevant to note that based on the above decisions, this Court in Burger King Corpn. (supra)17, one of the suits in the batch, has relied on the above orders to grant reliefs to the Plaintiff. The said order has also been relied by the DNRs in respect of the directions for blocking that were passed to NIXI. The relevant portion of the said order reads as under: considering the nature of this mater, the Court has perused the screen shots of the websites i.e. Documents nchises could result in large scale fraudulent payments of money to the operators of these websites. Such websites are noted to surface frequently and periodically. Additionally, the deceptive nature of their operations extends beyond mere trade mark infringement, raising concerns about consumer safety and ethical business practices.

14. In light of these circumstances, considering the order to safeguard both the integrity of the market and the welfare of consumers, the said websites and their operators are restrained from using the said domain names or any other domain names which bear the mark Burger King Corpn. v. Swapnil Patil, CS(Comm)303/2022 (decided on 4th December, 2023)

15. In addition, if any other domain names/websites offering fake franchises are noticed/ discovered by the Plaintiff is free to file an affidavit along with the application for impleadment under Order I Rule 10 CPC. The Plaintiff is permitted to implead any mirror/redirect/alphanumeric variations of the websites identified in the suit as Defendant websites which are associated with the Defendants either based on the name, branding, identity etc., by filing the application. The Joint Registrar may examine the documents filed with the same and direct extension of the injunction orders to the said domain names as well. MEITY/DoT shall, upon receiving of any information in respect of fake franchises/websites shall immediately issue blocking orders in respect of the said websites.

16. The above-mentioned two domain name websites shall also be blocked by MEITY and the Internet Service Providers (hereinafter, ISPs) shall give effect to these orders. National Internet Exchange of India (hereinafter, NIXI) shall give effect to this order immediately and block/suspend the said domain names.

17. Further, GoDaddy.com LLC shall lock/suspend the domain name www.burgerkingfoodindia.com and www.burgerkingfranchiseindia.co.in. They shall also provide the details of the registrants within one week, including the payment details, if any, which are ava

261. In the above background, the nature of the relief that is to be granted, deserves to be considered. Insofar as the Plaintiffs are concerned, they have prayed for relief, in effect, seeking injunction against existing infringing domain names as also blocking of registration of future domain names addition, reliefs are sought against the Registry Operators from allowing the infringing domain names to resolve into websites. The prayer is also made for transfer of the domain names and for implementation of locking and blocking of the domain names. It is argued that trademarks, which are protected by the Court, ought to be also given the services of being included into the trademark clearing house so that notice of any new infringing registration, can be received.

262. In these very suits, it is seen that there are multiple domain names being added during the pendency of these suits. For example, in the case of CS(Comm) 373/2020 titled ITC vs. Ashok Kumar & Anr., 286 domain names have been added. The numbers of domain names added in some of the matters during the pendency of the suit are set out below:

263. A perusal of the infringing domain names would show that the DNRs are permitting registration of well-known marks, famous marks, global brands, names of corporate house names to be registered, thereby, resulting in misuse. It is a matter of fact that the same rule cannot be applied for all categories of marks. The relief, therefore, would have to be moulded depending upon the nature and character of the mark.

264. There are various categories of trademarks that are being sought to be protected in these commercial suits including invented and fanciful marks, descriptive marks which have acquired a secondary meaning, as also dictionary words which have been arbitrarily adopted and have become well known trade marks. The nature of protection to be awarded to the different categories of marks is not the same. At the highest end of the spectrum are invented fanciful and arbitrary marks which deserves a high level of protection. The other kinds of marks may require greater scrutiny before injunctions are granted. Accordingly, depending upon the nature of the marks, the relief would have to be moulded.

265. However, insofar as the disclosure of registrant details and related data is concerned, there can be no doubt that the process requires to be streamlined and immediate access to the said details is made available. In the opinion of this Court, the broader enforcement of law needs to be given primacy in these cases where there is apparent illegality in registration of the domain names which consists of well-known trademarks or brand names. Infringing domain names deserve to be restrained. Insofar as future registrations are concerned, well-known trademarks deserve to be protected. For the said purpose, DNRs can be directed to access the list of well-known trademarks from Controller CGPDTM and add the said marks into a blocking/Reserved list. Technological solutions would have to be given effect to by DNRs to ensure that the relief is effective. If, however, any genuine Registrant, who wishes to criticize the Plaintiff or its business, seeks a claim for a specific domain name, such a dispute would have to be resolved in a Court of Law.

266. Further, insofar as privacy aspects and disclosure of personal details of Registrants is concerned, the relevant agreement between ICANN and DNRs as also the Registry and the DNRs recognizes that if a person with legitimate interest approaches the DNR, the said data can be disclosed. The same would now be governed by the applicable laws, which in terms of domain names registered in India would be the DPDP Act. It is, thus, held that whenever details are sought by any IP owner or by any LEA on behalf of the IP owners or upon occurrence of cyber fraud, the same constitutes legitimate interest and the Registry Operators and the DNRs, which may be having the data, ought to mandatorily disclose the same.

SUMMARY AND CONCLUSIONS

267. In the age of technology and internet, domain names/websites form the online soul of a business, and their distinctive character has to be protected. Repeated cases of cyber fraud, cyber terrorism, and other forms of online fraudulent activity traces back to registration of infringing domain names. Misuse of domain names and website content deserves to be dealt with stringent action as, in addition to infringing the interest of the owner of the mark/brand, it also endangers the larger public interest. Such stringent action would be required to be taken by or against various parties to maintain the integrity of the domain name system. Such parties include: a. Domain Name Registrants Person registering the domain name; b. Domain Name Registrars (DNRs) Entity enabling the registration of the domain name; c. Domain Name Registry Operator The Registry under which the DNR operates; d. ICANN Internet Corporation on Assigned Names and Numbers the overall regulator of the domain name system; e. Banks where the bank accounts are opened by infringers; f. Reserve Bank of India Banking regulator which had to take steps to curb fraudulent activities through banking channels; g. Telecom Service Providers Companies which provide SIM cards and associated telecom services; h. MeitY and DoT Ministries which oversee the access to the internet in India and also regulate the internet/telecom service providers; i. Law Enforcement Agencies Police and other investigating agencies.

268. One of the major issues that was common in these matters was the lack of safeguards at certain key junctures in the financial transaction system which enabled unscrupulous entities to defraud innocent persons by opening fake bank accounts, passing off as the actual brands/companies. The act of fraudulently collecting money by setting up infringing websites and fake bank accounts has become prolific. One of the root causes for the same was lack of customer knowledge as to who is the recipient of the payment being made. The bank account is usually in the name of an individual who is collecting money by posing as a well-known corporate house/business. This is now sought to be cured by the RBI during the course of these litigations, under directions from this Court, by mandating the. It is imperative for all banks, including both private and public sector banks, to implement this facility especially in the case of online payments using the UPI system through payment apps such as Google Pay, Paytm, etc. In the case of RTGS and NEFT the said facility of knowing the to have already been implemented. If the name of the beneficiary becomes visible, the customers could exercise caution and the same may also act as a warning if there is a mismatch in the name of the account holder from the business they seek to impersonate.

269. In addition to the above, another difficulty faced by the Law LEA of co-operation from the banks. This issue has also been resolved pursuant to the directions of this Court, whereby the Central Intelligence and Economic Bureau issued the Standard Operating Procedure dated 31st May, 2024 for processing of requests from LEAs by the banks. The same has also been rd June,

2025. Thus, it is now mandatory for all banks to cooperate with LEAs in terms of the SOP dated 31st May, 2024 as issued by Central Intelligence and Economic Bureau.

270. The financial frauds by passing off as reputed brands and corporate houses is a direct consequence of the availability and use of fraudulent and fake domain names. The domain name system operates in a pyramidical structure of hierarchy with the inclusion of ICANN at the top, followed by the Registry Operators, the DNRs and the Registrants. Each of the said entities have a specific role in the domain name system which is governed by the set of agreements drafted by ICANN, such as the Registrar Accreditation Agreements, the Registry-Registrar Agreements, etc.

271. Several significant obligations have been imposed upon the Registry Operators and DNRs under the ICANN Agreements to ensure that registration of a domain name does not violate the rights of a third party. The Registry -laws, and the codes of conduct. They are required to operate the WHOIS services in the format prescribed in Specification 4, along with observing reserved names listed in Specification 5. They are obligated to take reasonable steps to investigate and respond to requests from law-enforcement or governmental bodies regarding illegal conduct involving their TLDs. They must additionally implement Rights Protection Mechanisms under Specification 7, including use of the Trademark Clearinghouse database, which alerts both registrants and trademark owners when a domain identical to a recorded trademark is sought to be registered, enabling early detection of potential trademark conflicts.

272. The DNRs ought to submit registered-name data to the Registry Operator, provide public query-based access to essential WHOIS/RDDS with applicable laws and governmental regulations, avoid registering reserved names, verify and periodically re-verify Registrant contact information, investigate inaccuracies, and act promptly against DNS abuse or illegal activity. They ought to face termination of the accreditation agreement if a orders, or if ICANN determines that the DNRs engaged in bad-faith trademark-conflicting registrations. Additionally, they are obliged to follow phone formats, and verifying email or telephone numbers through tool-based authentication, and must suspend or terminate domain names where registrants wilfully provide inaccurate information and fail to correct it within 15 days.

273. The DNRs play a critical role in maintaining the integrity of the domain names/website system and in preventing misuse of the same. However, the privacy protect feature extended by DNRs to registrants is acting as a cloak to hide the identity of those perpetrating illegal and unlawful acts on the internet. This is further exacerbated by the failure of the DNRs to collect proper information of the Registrants, since, even where the privacy protection has not been provided/availed, the information with the DNRs is entirely insufficient to identify the Registrants.

274. Most DNRs in the present batch of matters to not have any proper contact details of the concerned Registrants including name, address, mobile number, etc. Even the email addresses which are used sometimes could be through unauthorized and banned email service providers. Although, the ICANN agreements, as also the NIXI Agreements, mandate collection of several contact details of the Registrant and verification of the same, as on date, the only requirement sought by DNRs for registering a domain name is an email address, which is grossly insufficient to prevent cyber fraud, cybercrime and misuse of domain names. Thus, it is necessary to mandate that all DNRs offering their services in India shall collect the details of the Registrants and perform a e-KYC verification in the manner in which NIXI already mandates in India. It is noted that the Registrar Accreditation Agreements with ICANN also mandate collection of email address and mobile number, and verification of the same by means of OTP under Clause 1(f) of the RDDS Accuracy Program Specification. The MHA also supports the reflection of administrative contact details, payment information, IP addresses, SSL certificate provider details and KYC details in the WHOIS database.

275. It is also clear from the changes in the privacy policy of ICANN that by taking blanket cover under the provisions of GDPR. The applicable privacy law would govern the relevant considerations in each case, and accordingly, the data collected from Registrants in India would be governed in terms of the DPDP Act and its allied Rules.

276. Further, implementation of orders passed by Courts by DNRs is crucial for preventing misuse as also for maintaining law and order. However, many DNRs do not have offices in India. Some of the servers could also be located abroad. Whenever an infringing domain name is found, one of the most challenging aspect is to serve the domain name registrar and enforcement of the order of the Court. Even IP owners find it challenging to obtain basic details of the Registrant. Moreover, the LEAs have a challenging responsibility in preventing cyber frauds on the internet and hence they require cooperation from banks, financial institutions, DNRs, domain name registries as also IP owners.

277. The Intermediary Rules, 2021 mandate appointment of Grievance Officers by all intermediaries. All DNRs who offer their domain names registration or ancillary services ought to appoint Grievance Officers who are located in India and publish their email addresses, mobile numbers and other contact details so that they can be contacted for the purpose of obtaining relevant information of the Registrant as also for implementing orders passed by Courts and to provide information to LEAs.

278. In these set of cases, all three stake holders/custodian of internet domain name system, namely, ICANN, Registry Operators and DNRs have been heard. It is clear that all DNRs have a mandate to implement orders passed by Courts and cannot insist upon orders from local Courts of countries where they are located for disclosure of information or suspending a domain name etc.

279. Accordingly, service of DNRs, Registries Operators and other intermediaries, if done through email on the details of the relevant Grievance Officer ought to be sufficient service for compliance with the requirement under the law. Furthermore, service on Registrants through the email address provided to the DNRs would also be sufficient, as in most cases, correct postal addresses are not available.

280. Further, the agreements that are entered into between ICANN, Registry Operators and DNRs would show that DNRs and Registry Operators have the competence and technological wherewithal to prevent registration of domain names of well-known marks and reputed brands, if the competent Court directs. Some of the Registries such as Registry Services LLC offer services such as Global Block and Global Block +, in support with the Brand Safety Alliance LLC (a GoDaddy group company), which establish this position. The Registry Operators also have the capability of implementing the Status Codes, which would result in similar effect as intended by the Court through its directions for blocking/suspending/locking the infringing website. Many DNRs and other intermediaries do not merely offer domain name registration services, but they also provide add-on services, auction services, alternative domain names, etc. The various services provided by the DNRs through which significant revenue is also generated are:

(i) Offering domain names with varying extensions/suffixes of well-known brands, marks on premium rates.

(ii) are sold at exorbitant prices.

(iii) Some Registry Operators offer services of blocking of domain names as premium services for which payments would have to be made by the respective IP owners.

(iv) By offering marketing and Search Engine Optimization services to promote websites/domain names including even illegal and fraudulent websites/domain names consisting of third-party mark.

(v) By putting infringing domain names in the common pool so that revenues can be earned repeatedly, though said domain names have been declared to be infringing.

(vi) By adopting discriminatory practices in respect of entities and marks with whom they have special arrangements.

(vii) By offering after market services in domain name

(viii) By operating domain name auction services whereby, the DNRs promote buying and selling of domain names as a way of investment. In effect this promotes monetising of the domain names even where the same violates the rights of third parties.

(ix) By providing brokerage services for assisting a new Registrant wishing to obtain an already registered domain name, purchase the same and transfer it to the new Registrant.

(x) A number of the DNRs also provide webhosting, marketing, and other support services to infringing domain names, thereby garnering substantive revenues. However, these facts are not usually disclosed to the Court.

(xi) By not implementing technologies, which are available with them for ensuring that well known marks and registered trade marks are not misused to prevent cyber fraud, only with a view to maximise revenues. The above services not only generate revenue of the DNRs and Registry Operators but also help persons with illegal and unlawful motives to register domain names which are similar to well-known marks, brands, house-marks, etc. Such DNRs may, therefore, not merely be considered as intermediaries but as complicit in actively enabling infringement.

281. It is a settled position in law in India that registration of an infringing domain name would not be permissible as there is every likelihood that the same could lead to diversion of users from the genuine website to the infringing one.

282. Thus, the non-implementation of steps to prevent trademark infringement coupled with various means and methods adopted by the DNRs to maximize their revenues would actually lead to non-grant of safe harbour protection in respect of the said DNRs. Further, as is clear from the screenshots extracted hereinabove, the DNRs continue to promote alternative infringing domain names, several of which are clearly prima facie infringing the trademarks of the Plaintiffs. In such a situation, not only shall the concerned DNRs lose the safe harbour protection, the said DNRs would be liable to be treated as infringers against whom reliefs would be liable to be claimed. Accordingly, such DNRs in an appropriate case could be held to be liable to pay monetary damages as well.

283. Moreover, the failure of DNRs to comply with Court orders would necessitate stringent measures to be taken, including blocking of their services in India that may be ordered by Courts, as where there is consistent violation of IP rights along with attempts to defraud innocent public of their hard earned monies and also assist in commission of offences, the same would have a significant impact upon the society at large, leading to disrupting the public order.

284. Offering of privacy by default to registrants is one of the reasons for proliferation of illegal domain names. Thus, unless and until a registrant requests for privacy protect, the same should not be offered as a default mechanism.

285. The Government and various institutions including Central Government, State Governments, Autonomous Institutions, Judicial Bodies, Tribunals, Income Tax Department, GST Department and Critical Bodies such as Army, Navy, Airforce, ISRO, Atomic Research Bodies, etc. ought to create their own list of names that can be misused so that such domain names can be placed in the reserved list.

286. In all these suits where about 1132 infringing domain names have been impugned, barring one or two domain names, no bonafide registrant come forward claiming legitimate right to use the infringing domain names. This itself shows that the infringing domain names are being proliferated only for unlawful and illegal purposes. Thus, there is an urgent necessity for directions to passed to ensure the trust of the consumers as also the interest of businesses is protected, and no party is permitted to commit frauds due to failure of sufficient safeguards in the system.

VIII. DIRECTIONS:

287. Under these circumstances, considering the above mentioned discussion the following directions are issued:

(i) The DNRs and Registry Operators shall, henceforth, not resort to masking of details of the registrants, administrative contact and of registration of the domain names, a specific option shall be provided for the Registrant and it is only if the said Registrant chooses for privacy protection, that the said service shall be offered as a value added service upon payment of additional charges. The additional charges shall not be made a part of the default package for registration of domain names.

(ii) Whenever any entity or individual having legitimate interest, law enforcement agencies (LEAs) or the Courts, request for disclosure of data relating to any infringing or unlawful domain name, the following data shall be disclosed by the concerned DNR as soon as possible but not later than 72 hours in terms of the Intermediaries Guidelines 2021: (a) Name of the Registrant; (b) Administrative contact;

(c) Technical contact;

(d) Addresses of the above mentioned persons/entities;

(e) Mobile numbers of the above mentioned persons/entities; (f) Email address of the above mentioned persons/entities; (g) Any payment related information such as details of credit card, debit card, UPI number, payment platform identities, bank account details, etc., which may be available with the DNR; (h) Details of any value added services such as hosting of website, brokerage, or any other services offered by the DNR or by Registry concerned.

(iii) If any particular domain name is restrained by an order of injunction or has been found to be used for illegitimate and unlawful purposes, the said domain name shall remain permanently blocked and shall not be put in a common pool in order to disable re-registration of the same very domain name by other DNRs. The appropriate steps in this regard shall be taken by the concerned Registry Operator to ensure that all DNRs having an agreement uniformly give effect to the said direction.

(iv) In the case of trademarks/brands, which are well-known or are invented, arbitrary or fanciful marks, which have attained reputation/goodwill in India, if a Court of Law directs that there would be an injunction on making available the infringing domain name with different extensions or mirror/redirect/alphanumeric variations, the same shall be given effect to by the DNRs and no alternate domain name shall be made available in respect of such brands and marks.

(v) Upon an injunction being issued by the Court in respect of any domain name and the same being communicated to the DNRs, the DNRs shall ensure that no alternative domain name is promoted or being suggested to a prospective Registrant. Any promotion of alternative domain names of an injuncted domain name would disentitle the concerned DNR for safe harbour protection under Section 79 of the IT Act.

(vi) In respect of descriptive and generic marks, the restraining/injunction orders would be qua the specific domain name and any extension of restraining/injunction order for other infringing domain names would be with the intervention of the Joint Registrar before whom the application under Order I Rule 10 of Code of Civil Procedure, 1908 along with affidavit shall be filed and the injunction would be extended. Where any party is aggrieved by the order of the Joint Single Judge.

(vii) Upon orders being passed by a Court, the infringing domain name shall be transferred to the Plaintiff/trademark owner/brand owner, upon payment of usual charges.

(viii) Search engines and DNRs shall not provide any promotion or marketing or optimization services to infringing and unlawful domain names.

(ix) All DNRs offering services in India shall appoint Grievance Officers within a period of one month from today failing which they would be held as non-compliant DNRs.

(x) be henceforth sufficient service for Court orders and any DNRs who insist upon services through MLAT or through other modes of services shall be held to be non-compliant DNRs.

(xi) In appropriate cases where an entity has repeatedly not complied with orders of the Court, and in the opinion of the Court it is a case where the interest of society at large is being adversely affected, such as cases of frauds, the Court may direct the appropriate authority to block access to the said entity under Section 69A of the Information Technology Act, 2000 read with.

(xii) All Registry Operators having valid agreements with ICANN shall take appropriate steps to implement the Trademark Clearing House services and make the same available to all brand owners & registered proprietors of trade marks.

(xiii) All DNRs offering services in India or to customers in India shall undertake verification of Registrant's details at the time of registration and periodic verification of the same. The verification shall be done in terms of KYC requirements mentioned in Circular No. 20(3)/2022- CERT-In dated 28th April, 2022 issued by Indian Computer Emergency Response Team. This is in line with the NIXI Accreditation Agreement.

(xiv) All DNRs who are enabling registration of domain names which are administered by NIXI as a Registry Operator shall comply and provide requisite registration data to NIXI within one month of this judgment and also update the same on a monthly basis.

(xv) The following directions are issued to MeitY, MHA and other relevant

Government authorities: (a) The Government shall hold a stake holder consultation with all DNRs and Registry Operators offering services in India and explore the possibility of putting in place a framework similar to the one used by NIXI by all DNRs for the purpose of domain name registration. (b) Consider nomination of a nodal agency such as NIXI as the data repository agency for India with which all the Registry Operators and the DNRs would maintain details related to Registrants on a periodic basis so that the said details are made available to the Courts, LEAs and the governmental authorities for the purpose of enforcement of orders of Courts and for preventing misuse. Alternatively, DNRs shall be directed to localize the data in India for easy access. Irrespective of the decision, it is made clear that processing of personal information would be strictly in terms of the DPDP Act and applicable Rules.

(c) In case of a DNR or Registry Operator, which does not comply with the orders of the Courts or with request from LEAs, the offering of services of such DNRs or Registry Operator be blocked by MeitY and DoT under Section 69A of the Information Technology Act, 2000 read with.

(d) MeitY along with NIXI shall coordinate with ICANN to enable brand owners in India to avail of TMCH facilities on reasonable terms and conditions so that they can receive notifications whenever any conflicting /infringing domain names are proposed to be registered by any third parties across the globe.

(xvi) The CGPDTM could also consider publishing the list of well-known marks along with the official and authentic website details of the trademark owners so that if any consumer or user wishes to verify the authentic website, the same would be made possible through the website of the Intellectual Property Office. The same shall also act as sufficient notice to all potential Registrants as to the actual websites of the well-known marks/brands. (C)

(xvii) The dynamic + injunction would apply under the following circumstances:

(i) Wherever the brand/trademark appears as it is in the domain name;

(ii) Wherever brand/trademark appears with a prefix or suffix which could lead to confusion;

(iii) Wherever the brand/trademark appears as an alphanumeric variation.

(xvii) Whenever there is a legitimate Registrant who opposes the suspension of the domain name, if the same is communicated by the said Registrant to the concerned DNR, the DNR may then ask the IP owner to obtain a Court order.

(D) Directions to Banks

(xviii) All banks shall mandatorily implement the facility in terms of the RBI circular dated 30th December, 2024 for all online payments including payment by UPI through applications such as Google Pay, Paytm, etc.

(xix) All banks shall also abide by the Standard Operating Procedures dated

31st May, 2024 issued by Central Economic Intelligence Bureau for processing and responding to requests received from LEAs.

RELIEFS IN THE PRESENT APPLICATION

288. Coming to the facts of the present suit, the Plaintiffs pray for protection Plaintiffs also enjoy enormous goodwill in these marks. It is relevant to note synonymous with e-commerce and online retail services in India and globally. The Plaintiffs have maintained their position by being ranked as the top-most valuable brand in the world in the Brand Finance Global 500 report in 2019 and 2020. Details of the registrations are set out in paragraph 22 of the plaint and not repeated here for the sake of brevity.

289. Initially, an ex-parte ad-interim injunction was granted by the Court vide order dated 26th May, 2022 qua the initial batch of infringing domain names. The same was extended to another domain name, www.storeamazon.co.in (Defendant No. 21), vide order dated 2nd June, 2022. However, despite taking steps to serve the Rogue Defendants, the service reports indicate that the said Defendants have either left their given addresses or provided non-existent contact details. None of the Rogue Defendants have entered appearance or filed written statements. The Court has also perused the screenshots of the infringing websites placed on record, some of which have already been reproduced above.

290. In the opinion of the Court, considering the detailed discussion of the proceedings in the suit, the goodwill and reputation of the Plaintiffs as also the welldomain names and websites have been used in a manner so as to deceive the general public, who are often enticed into transferring money under the guise the impugned domain names and online platforms were being used in a manner calculated to mislead and deceive unsuspecting users into believing that they were dealing with the Plaintiffs or their authorised affiliates. The Rogue Defendants have collected monies from members of the public under this false pretext, as evidenced by complaints received by the Plaintiffs, including a legal notice from one Mr. Murshid Ali who was duped of INR 1,60,000/-. Therefore, it is clear that the activities of the Defendants are causing financial lo goodwill and reputation.

291. In the present case, the Defendants have adopted the Plaintiffs marks AMAZON and Amazon.in as a prominent part of their domain names (e.g., amazonbuys.in, estoreamazon.in, storeamazon.co.in) without any authorization or connection to the Plaintiff. The test for determining infringement is whether the impugned mark so nearly resembles the registered mark that it is likely to deceive or cause confusion.18 Applying the principles laid down by the Supreme Court, it is evident that the essential features of the dilute the deceptive similarity but rather enhances the confusion by creating a false impression of a commercial association with the Plaintiffs, particularly specific program. Accordingly, the Kaviraj Pandit Durga Dutt Sharma v. Navaratna Pharmaceuticals Laboratories, 1964 SCC OnLine SC rights.

292. Applying the aforesaid tests, it is clear that the domain names used by the Defendants are identical and highly likely to deceive the public into believing that they are owned by or affiliated with the Plaintiffs. Moreover, the marks of the Plaintiffs are distinctively known and deserve to be accorded protection, not just to protect the proprietary interests of the Plaintiffs but also to safeguard the public interest, as gullible consumers are being enticed into paying large sums of money under the guise of fake franchise registration fees. For ease of reference one of the said screenshots are as under:

293. As regards the relief to be granted, the Court notes that the present suit was initially filed against rogue websites amazonbuys.in and estoreamazon.in. However, during the pendency of the suit, the Plaintiffs identified additional infringing websites such as storeamazon.co.in, necessitating further applications for impleadment. This demonstrates the hydra-headed nature of trademarks crop up mere days after the previous ones are blocked. In Universal City Studios LLC v. Dotmovies.baby, 2023:DHC:5637, this Court recognized the need for a Dynamic+ Injunction to curb such rampant malpractice without placing an undue burden on the judicial system to adjudicate upon every new mirror/redirect website as also websites hosting/displaying infringing content. Accordingly, in the present suit, given that the rogue websites in the present case are not merely infringing trademark business or affiliates, this is a fit case for the grant of a Dynamic+ Injunction. All the DNRs impleaded in the suit to also comply with the directions issued by the Court from time to time. Therefore, a Dynamic+ interim injunction is granted against all the identified infringing domains which are extracted as under:

1. amazonbuys.in GoDaddy LLC No

2. Estoreamazon. in GoDaddy LLC N/A

3. storeamazon.co.i n GoDaddy LLC No

294. Accordingly, the interim injunctions granted vide orders dated 26th May, 2022 and 2nd June, 2022 and any other subsequent extension orders are made absolute during the pendency of the suit. Furthermore, to ensure effective protection, a Dynamic+ Injunction is granted in the following terms: i. An interim injunction is granted restraining Defendant Nos. 1 to 3, Defendant No. 21, and all subsequently impleaded rogue defendants, and such other infringing domain names which are discovered during the course of the proceedings consisting of the mark AMAZON as also the persons/entities associated with the said domain names including owners, partners, proprietors, officers, servants, employees, and all others in capacity of principal or agent acting for and on their behalf, or anyone claiming through, by or under them, from using the said infringing domain names for hosting any websites or for undertaking any activities as may passing off of such domain names/websites as being connected with the Plaintiffs in any manner whatsoever; ii. An interim injunction is granted restraining the Defendants and such other infringing domain names which are discovered during the course of the proceedings consisting of the mark AMAZON as also the persons/entities associated with the said domain names including owners, partners, proprietors, officers, servants, employees, and all others in capacity of principal or agent acting for and on their behalf, or anyone claiming through, by or under them, from, in any manner copying, reproducing, hosting, storing, making available, communicating and publishing or facilitating the same on their websites or on any other websites or online locations owned or operated by them, in any Content (including the artistic work in the Amazon logos and website layout) or collecting any monies/funds from iii. An interim injunction is granted directing the Domain Name Registrars (DNRs) of the infringing domain names and such other infringing domain names which are discovered during the course of the proceedings, consisting of the mark AMAZON including their Grievance Officers or anyone acting on their behalf, to lock and suspend access to the domain names as also websites operating thereunder. If the websites under the infringing domain names are not being hosted by the DNRs or their related companies, the injunction order shall stand extended to the website hosting companies to take down the websites operating under the infringing domain names; iv. An order of interim injunction is issued directing DoT and MeitY to issue a notification calling upon the various internet and telecom service providers registered under it to block access to the websites operating under the infringing domain names or such other websites that may subsequently be notified by the Plaintiffs on Affidavits to be infringing of its exclusive

295. The Department of Telecommunications (DoT) and MeitY shall continue to ensure that the infringing websites/domain names identified in the said orders, as well as any future domains notified under the Dynamic+ mechanism, remain blocked.

296. However, it is clarified that in respect of the present suit, the interim k or common law rights. Accordingly, any genuine third-party registrants who are operating bona fide businesses not subject to the present injunction orders. It is further clarified that the ong as they are used in conjunction with bona fide ma goods/services), would not be prohibited by this injunction.

297. The application is disposed of in the above terms. I.A. 8520/2022 & I.A. 12855/2022

298. I.A. 8520/2022 has been filed by the Plaintiff seeking exemption under Section 80 of the Code of Civil Procedure, 1908 from issuing notice to Defendant Nos. 18 & 19 i.e., DoT and MeitY, respectively.

299. Considering that various directions have already been issued, from time to time, to the said Defendants in respect of the infringing domain names, the said application is now infructuous.

300. Accordingly, I.A. 8520/2022 is disposed of as being infructuous.

301. Insofar as I.A. 12855/2022 is concerned, the said application has been filed by the Defendant No. 8 Godaddy.com LLC seeking deletion from the array of parties.

302. The Court has considered the said application, since the Defendant NO. 8 was the DNR with whom the infringing websites had been registered, at this stage, the Court is not inclined to entertain the present application as the said Defendant would have a crucial role to play in the further suit proceedings and the Plaintiff may have further claims to make against the said DNR. Defendant no.8, at this stage would continue to be a necessary and proper party.

303. Accordingly, I.A. 12855/2022 is disposed of.

304. List before the Roster Bench of the IPD, for further proceedings on 28th January, 2026. dj/dk/kk/Rahul/msh