GoDaddy, the world’s largest internet domain registrar, has launched a legal challenge against a Delhi High Court order that requires domain providers to remove default privacy protections and adopt stricter measures against fraudulent websites. The company argues that the ruling could expose legitimate website owners to privacy risks while creating far-reaching consequences for internet governance.
The dispute comes as India intensifies efforts to combat cybercrime. Rapid growth in smartphone and internet use has been accompanied by a sharp rise in online fraud. Government data shows authorities received around 2.4 million complaints of alleged cyber fraud last year, involving losses estimated at $2.4 billion. The issue has become a major concern for Prime Minister Narendra Modi’s administration.
The court case originated from lawsuits filed since 2019 by more than 20 Indian and international companies seeking action against fraudulent websites that impersonated their brands. Companies including Amazon, McDonald’s, Microsoft, Xiaomi and Colgate-Palmolive argued that fake websites were misleading customers and damaging their reputations. In December, the Delhi High Court ordered the blocking of more than 1,100 such websites.
The court also introduced broader directives affecting domain registrars. It ordered companies to stop offering privacy protection as a default feature, disclose domain registration details to anyone with a “legitimate interest” within 72 hours, and prevent the registration of website addresses resembling protected brand names.
GoDaddy has appealed those directives before a larger bench of the Delhi High Court. According to court filings reviewed by Reuters, the company argues that removing privacy-by-default protections would publicly expose the names, addresses, phone numbers and email addresses of legitimate website owners, increasing the risk of harassment, stalking and other security threats.
The company also questioned how domain registrars could determine who qualifies as having a “legitimate interest” in requesting customer information within the court’s specified deadline.
GoDaddy said the measures could force domain registrars to regulate website names on a global scale because internet domains operate internationally rather than within individual countries. The company warned that the directives could become commercially disruptive and even prompt some domain service providers to reconsider operating in India.
GoDaddy, which manages about 80 million domain names and serves more than 20 million customers worldwide, has identified India as one of its most important emerging markets. Rival registrars Namecheap and Hosting Concepts have also challenged the ruling, according to court records.
Internet governance experts have also raised concerns. Farzaneh Badii, a New York-based researcher, said privacy protections exist because publicly available registration details have previously been misused for harassment and phishing attacks. She warned that journalists, activists, small businesses and private individuals could be among those most affected.
Indian authorities maintain that greater transparency is necessary to investigate cybercrime. Court documents show the government argued that easier access to domain registration information would help tackle website abuse and online fraud more effectively. The case is expected to shape how India balances online privacy with efforts to combat digital crime.
