Delhi High Court Grants Dynamic+ Injunction To ‘Dabur’; Calls For Strict KYC & Banking Reforms To Combat Cyber Fraud

The Court directed that the DNRs are now required to disclose comprehensive registrant data, including contact details and payment information, within 72 hours of a request from law enforcement or parties with a legitimate interest.

​The Bench of Justice Pratibha M Singh observed, “It is a settled position in law in India that registration of an infringing domain name would not be permissible as there is every likelihood that the same could lead to diversion of users from the genuine website to the infringing one…Thus, the non-implementation of steps to prevent trademark infringement coupled with various means and methods adopted by the DNRs to maximize their revenues would actually lead to non-grant of safe harbour protection in respect of the said DNRs. Further, as is clear from the screenshots extracted hereinabove, the DNRs continue to promote alternative infringing domain names, several of which are clearly prima facie infringing the trademarks of the Plaintiffs. In such a situation, not only shall the concerned DNRs lose the safe harbour protection, the said DNRs would be liable to be treated as infringers against whom reliefs would be liable to be claimed. Accordingly, such DNRs in an appropriate case could be held to be liable to pay monetary damages as well.”

Advocate Anirudh Bakhru appeared on behalf of the Plaintiff, whereas Senior Advocates Darpan Wadhwa and C.M. Lall appeared for the Defendants.

Facts of the case

The present suit was filed under Section 20 of the Code of Civil Procedure, 1908 (“Code”) read with Section 27 of the Trademarks Act, 1999, filed by the Plaintiff - Dabur India Limited, seeking, inter alia, permanent injunction and damages in respect of infringement of its various intellectual properties, including the trademark “DABUR”, copyright in the labels and packaging of its various products, passing off and unfair competition.

The suit was part of a batch of matters relating to domain names being registered by unknown third parties infringing trademark rights of various brand owners and implementation of Court orders by different concerned entities, including the DNRs.

The Plaintiff has also preferred an application under Order XXXIX Rule 1 & 2 read with Section 151 of the Code seeking, inter alia, an ad-interim ex parte injunction restraining various websites/entities engaged in infringement of Plaintiff’s copyright, trademarks, etc.

A batch of commercial suits filed by various trademark owners, seeking injunctions against the systemic misuse of their brands through fraudulent domain name registrations. Unknown entities were found to be registering domain names that incorporated well-known trademarks to host websites that mimicked official corporate pages, used deceptive logos, and offered fake job opportunities, dealerships, or franchises. These websites enticed the public into making digital payments into untraceable bank accounts, which were often opened using fictitious KYC documents and emptied before legal action could be initiated.

Contention of the Parties

Contentions of the Plaintiffs

It was submitted that though the status of the DNRs is that of intermediaries, the intermediaries are also benefiting by offering a full range of domain names consisting of the Plaintiff’s mark. If such a range of domain names is permitted to be offered, as held in the same would constitute trademark use and, therefore, the DNRs are not merely intermediaries but they do owe responsibility as well, it was stated. It was also submitted that Section 79(2)(c) of the IT Act read with Rule 3(1)(b)(iv) of the Intermediary Rules, 2021 mandates that an intermediary is required to undertake due diligence in order to ensure that Intellectual Property rights are not infringed. Thus, failure of the DNRs to undertake due diligence as mandated would make them liable to forego the safe harbour protection.

Contentions of the ICANN- Internet Corporation on Assigned names and numbers

It was submitted that the relationship of ICANN with the Registry Operators, and DNRs is governed by the respective agreements which exist between the said parties. It was also submitted that ICANN merely receives data from the Registry Operators and DNRs. The ultimate control mostly exists with the DNRs, and some powers are also vested with the Registry Operators. ICANN itself does not have any privity of contract with the Registrants, and all policies of ICANN are implemented through the Registry Operators and DNRs.

Contentions of GoDaddy

It was submitted that the DNRs provide the privacy protection features in compliance with their agreements with the Registry Operators and ICANN. The same is also necessary to meet the obligations under the GDPR. In response to the Court’s query as to whether the said feature is mandatory or optional, it was submitted that the same is a bundled feature with no additional charges to the Registrant. It was also submitted that it is not the DNRs but the Registry Operators and ICANN which can decide how to proceed with privacy protection features. It was also submitted that the ISPs or DNRs cannot be expected to presumptively maintain a check in respect of well-known marks.

Observations of the Court

Common issues arising in the batch matters were: (a) Investigation of financial frauds and role of banks, (b) Assistance from Banks to Law Enforcement Agencies, (c) Mismatch of payment details – Beneficiary Bank Account, Name Look-Up Facility, (d) Enforcement of orders - appointment of Grievance Officers by DNRs, and (e) Privacy Protect feature.

The Court held, “Moreover, the failure of DNRs to comply with Court orders would necessitate stringent measures to be taken, including blocking of their services in India that may be ordered by Courts, as where there is consistent violation of IP rights along with attempts to defraud innocent public of their hard earned monies and also assist in commission of offences, the same would have a significant impact upon the society at large, leading to disrupting the public order…Offering of privacy by default to registrants is one of the reasons for proliferation of illegal domain names. Thus, unless and until a registrant requests for privacy protect, the same should not be offered as a default mechanism…The Government and various institutions including Central Government, State Governments, Autonomous Institutions, Judicial Bodies, Tribunals, Income Tax Department, GST Department and Critical Bodies such as Army, Navy, Airforce, ISRO, Atomic Research Bodies, etc. ought to create their own list of names that can be misused so that such domain names can be placed in the reserved list.”

Directions given by the Court

Directions to DNRs and Registry Operators

The Court directed, “The DNRs and Registry Operators shall, henceforth, not resort to masking of details of the registrants, administrative contact and technical contact on a default basis as an ‘opt-out’ system. At the time of registration of the domain names, a specific option shall be provided for the Registrant and it is only if the said Registrant chooses for privacy protection, that the said service shall be offered as a value added service upon payment of additional charges. The additional charges shall not be made a part of the default package for registration of domain names…(ii) Whenever any entity or individual having legitimate interest, law enforcement agencies (LEAs) or the Courts, request for disclosure of data relating to any infringing or unlawful domain name, the following data shall be disclosed by the concerned DNR as soon as possible but not later than 72 hours in terms of the Intermediaries Guidelines 2021”

The Court ended the practice of default "masking" of registrant details, ruling that privacy protection must be an optional, paid value-added service rather than a default "opt-out" setting. To prevent further fraud, the Court mandated that injuncted domain names be permanently blocked from re-registration and, in some cases, transferred to the trademark owner. Furthermore, DNRs must implement strict KYC verification in line with CERT-In norms, appoint local Grievance Officers, and refrain from promoting or suggesting alternative infringing domain names. Notably, the Court warned that non-compliance or the active promotion of infringing variations would result in the loss of "Safe Harbour" protection under Section 79 of the IT Act and could lead to a total block of the DNR’s services in India under Section 69A.

Directions to the Government i.e. MeitY and MHA

The Court directed, “The Government shall hold a stake holder consultation with all DNRs and Registry Operators offering services in India and explore the possibility of putting in place a framework similar to the one used by NIXI by all DNRs for the purpose of domain name registration. (b) Consider nomination of a nodal agency such as NIXI as the data repository agency for India with which all the Registry Operators and the DNRs would maintain details related to Registrants on a periodic basis so that the said details are made available to the Courts, LEAs and the governmental authorities for the purpose of enforcement of orders of Courts and for preventing misuse. Alternatively, DNRs shall be directed to localize the data in India for easy access. Irrespective of the decision, it is made clear that processing of personal information would be strictly in terms of the DPDP Act and applicable Rules.”

The Court also said that in case a DNR or Registry Operator, which does not comply with the orders of the Courts or with request from LEAs, the offering of services of such DNRs or Registry Operator be blocked by MeitY and DoT under Section 69A of the Information Technology Act, 2000 read with Information Technology (Procedure and Safeguard for Blocking for Access of Information by Public) Rules, 2009.

Directions to Banks

“All banks shall mandatorily implement the ‘Beneficiary Bank Account Name Lookup’ facility in terms of the RBI circular dated 30th December, 2024 for all online payments including payment by UPI through applications such as Google Pay, Paytm, etc…All banks shall also abide by the Standard Operating Procedures dated 31st May, 2024 issued by Central Economic Intelligence Bureau for processing and responding to requests received from LEAs.”, it was ordered.

The Court also granted dynamic + injunction, and said, “The dynamic + injunction would apply under the following circumstances: (i) Wherever the brand/trademark appears as it is in the domain name; Wherever brand/trademark appears with a prefix or suffix which could lead to confusion; (iii) Wherever the brand/trademark appears as an alphanumeric variation…(xvii) Whenever there is a legitimate Registrant who opposes the suspension of the domain name, if the same is communicated by the said Registrant to the concerned DNR, the DNR may then ask the IP owner to obtain a Court order.”

Accordingly, the Court disposed of the applications and listed the suit for further proceedings before the bench of IPD.

Cause Title: Dabur India Limited v. Ashok Kumar and Ors [Neutral Citation: 2025:DHC:11862]

Appearances:

Plaintiff: Advocates Anirudh Bakhru, Ankur Chhibber, Prabhu Tandon, Avijit Sharma, Kripa Pandit, Christopher Thomas, Bhanu Gupta, Archita Mahlawat, and Sazid Rayeen

Defendants: Senior Advocates Darpan Wadhwa, C.M. Lall, Advocates Yashvardhan Singh, Geetanjali Viswanathan, Yash Raj, Kruttika Vijay, Aishwarya Kane, Alipak Banerjee, Shweta Sahu, Parva Khare, Brijesh Ujjainwal, Pradyumn Sharma, Shivani Chaudhary, Mohd. Kamran, K.G. Gopalakrishnan, Kunwar Raj Singh, Nisha Mohandas, Apoorv Kurup, Kirti Dadheech, Akshay Goel, Shivam Narang, Lalit Kashyap, Shubhendu Anand, Piyush M. Dwivedi, Kushal Gupta, Mohd Umar, Prashant Prakash, Lakahmi Kruttika Vijay, Ateev Kumar Mathur, Amol Sharma, Sarfaraz Khan, Abdul Wahid, Rajesh Kumar Gautam, Deepanjal Choudhary, Sanjay Gupta, Tanmay Garg, Aman Siwasiya, Varun Pathak, Thejesh Rajendran, Tanuj Sharma, Vinay Yadav, Ansh Kalra, Divyanshu, Kamna Behrani, Susmit Pushkar, Ananya Mehan, Nirupam Lodha, Kshitij Parashar, Vanshika Thapliyal, Likivi K Jakhalu, Dinesh Sharma, Srinivasa Rao, Deepak Gogia, Aadhar Nautiyal and Shivangi Kohli.

Click here to read/download the Judgment