India’s aggressive efforts to combat the proliferation of fake websites impersonating major brands are raising alarms among global domain registrars, who warn that new court-mandated measures could undermine internet privacy and create unintended consequences for legitimate businesses worldwide.
Per Reuters, the world’s biggest internet domain seller, GoDaddy, has mounted a strong legal challenge against directives issued by a New Delhi court that it says rewrite the rules of internet governance, potentially exposing users to greater risks while attempting to address a serious problem of online deception.
Soaring smartphone and internet use has coincided with a worsening problem of online fraud in India, the world’s most populous nation. It is a key challenge for Prime Minister Narendra Modi’s government, which last year received 2.4 million complaints of alleged cyber fraud amounting to $2.4 billion.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Starting in 2019, lawsuits were brought by dozens of Indian and global firms — Amazon against fake shopping sites trading on its name and McDonald’s complaining against bogus sites offering franchises. In December, an Indian court blocked more than 1,100 such websites.
The New Delhi judge, however, went further, ordering sweeping new measures that tech experts say have rewritten rules of internet governance: domain sellers should not offer buyers free privacy protection by default, the buyer’s details should be released to anyone with a “legitimate interest” within 72 hours, and website addresses that are variations of protected brand names must be prohibited.
U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court. It argues the ruling will affect legitimate businesses that have names similar to big brands.
Stopping privacy-by-default features, GoDaddy said, will result in public disclosure of the names, addresses, phone numbers, and emails of legitimate website owners, exposing them to “foreseeable privacy and security risks” such as stalking and harassment.
As domain names operate globally, not locally, the order could force GoDaddy to regulate website addresses across the world, it said.
On the court’s order imposing a 72-hour deadline on companies to provide registration details to anyone with “legitimate interest,” GoDaddy argues it has no wherewithal to assess who has a legitimate interest or not.
The “commercially destabilizing” directives may force domain name companies to “exit India,” said one of GoDaddy’s appeal documents that ran into 5,121 pages.
“Engines for large scale deception,” the December ruling noted about the fake websites.
One of the 14 measures outlined by the court said masking a domain buyer’s registration details should now be offered as a payable service, as the feature acts “as a cloak” to hide the identity of rogue operators.
Despite the court order, which remains in force, GoDaddy’s website still promotes its offering as one that includes “free privacy protection forever… we redact your name, address, phone number and email” from the public directory.
GoDaddy argues that diluting the privacy feature will run contrary to India’s data protection law and the European Union’s GDPR law, which mandates a “privacy by default” approach.
Farzaneh Badii, a New York-based researcher on internet governance, criticized the New Delhi ruling, noting that Europe redacted such details because publishing them had been abused by harassment and targeted phishing.
“The people exposed will be journalists, activists, small business owners, and private individuals. The brand impersonators will not,” she said.
In cases like the one brought by McDonald’s, the company sought action against 110 websites like mcdonaldsfranchiseindia.com, with some using its Golden Arches logo and selling fake franchises for “huge sums of money.”
After blocking those, GoDaddy says the court’s additional bar on offering alphanumeric variations of a trademark once it is protected, like McDonald’s, will act like “blanket injunctions,” which are difficult to implement.
The word “McDonald” is of Scottish origin and derived from a name meaning “son of the world ruler,” GoDaddy said, adding that an injunction against using it will effectively “confer a monopoly” over a common name with linguistic and historical meaning.
Reuters found domains like mcdonalds-india-franchise.com were still available on GoDaddy India for around $10. The U.S. giant also submitted research compiled from Merriam-Webster’s website to argue that safeguarding variations of a protected trademark like “HUL”, Unilever’s Indian unit, could overlap with 118 English words that contain the string, like “hulk” and “moghul.”
It is “virtually impossible to register a domain name containing an English word that does not overlap with a registered trademark,” GoDaddy says.
Government and Industry Perspectives
Modi’s Home Minister, Amit Shah, said this year that one person falls prey to cybercrime every 37 seconds in India, and a lack of action risks turning the menace into a “national crisis.”
While the sweeping December directives were issued by a court, they followed government submissions, documents showed.
An unreported 59-page IT ministry document from 2023, contained in GoDaddy’s latest appeal papers, revealed New Delhi conveyed to the judge it was concerned about the “issue of domain name abuse” and “lack of stringent verification.”
The home ministry, tasked with handling cybercrime, told the judge registration details “should be readily (made) available” for investigations.
That stand is in line with Modi’s bitter disagreements and spats with global technology giants in recent years. New Delhi has repeatedly criticized companies like Meta, X, Google, and Telegram, and even taken some of them to court, for not doing enough to police content it sees as against national interests.
The judges will hear the appeals on July 16.
Global Ramifications of Local Rules
With an annual revenue of $5 billion, GoDaddy manages 80 million domains and serves over 20 million users. In 2024, company executives said India was its biggest region in the emerging market space.
GoDaddy rivals, Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also challenged the New Delhi ruling, court records show.
The legal dispute embroiling GoDaddy and others was triggered by more than 20 companies that sought the court’s intervention against fake websites damaging their brand. These included Amazon, McDonald’s, Microsoft, Xiaomi, and Colgate-Palmolive.
Deborah O’Neill, a senator from the ruling Labor Party who made the whistleblower allegations against KPMG public in March, said the “unethical” culture exposed by successive scandals needed to be disrupted. She warned the firms would “fight tooth and nail” to keep their existing structures, “because it is in their financial interest to do so”.
Barbara Pocock, a Greens senator who has campaigned for tougher regulation of the sector, said the government already knew what the solutions were from its previous inquiries, and called for urgent action.
“Labor needs to put an end to the Big Four’s special treatment and regulate them like other Australian businesses,” she said in a statement.



