New Delhi | January 3, 2026 | As cyber fraud rapidly evolves in scale and sophistication, the Indian judiciary is moving beyond reactive enforcement towards system-level intervention. A recent ruling by the Delhi High Court in Dabur India Limited v Ashok Kumar marks a doctrinal shift in judicial thinking on online fraud. Authored by Justice Prathiba M. Singh, the judgment makes it clear that when fraud is systemic, remedies must be systemic as well.
The court was confronted with evidence showing how fraudulent domain names are routinely used to run fake websites, sham investment portals, bogus distributorships, franchise offers and recruitment drives. Through these platforms, unsuspecting citizens are induced to pay “processing fees”, “security deposits” or “initial investments”, often amounting to lakhs of rupees—after which the websites vanish without a trace.
Breaking out of the ‘whack-a-mole’ trap
The High Court acknowledged that issuing injunctions limited to specific domain names creates a “whack-a-mole” situation: shut down one domain and another surfaces almost instantly with minor spelling or suffix variations. To address this structural weakness, the court endorsed dynamic and extended injunctions—orders that apply not only to existing infringing domains but also to future mirror and variant domains that replicate the same deceptive characteristics.
The court underlined that traditional, case-by-case remedies are no longer adequate in the digital fraud ecosystem. Where the architecture of fraud is based on rapid replication and replacement, judicial tools must evolve to match that reality.
Digital arrest scams and misuse of State identity
The judgment also takes note of so-called “digital arrest” scams, in which fraudsters impersonate law enforcement agencies or courts through deceptively named websites. The court observed that registering domain names incorporating terms such as “Government of India”, “Supreme Court of India” or “Delhi High Court” is not merely an intellectual property violation—it strikes at national sovereignty and public trust. Such domains lend false legitimacy to coercive tactics used to extort money from citizens.
Tightening the safe harbour: Registrar accountability
A key aspect of the ruling is its rejection of the long-standing assumption that Domain Name Registrars (DNRs) function as neutral intermediaries. The court held that where registrars continue to permit registrations based on minimal verification, masked identities or demonstrably false details—despite recurring misuse—they cannot claim safe harbour protection.
In appropriate cases, the court said, DNRs may be treated as infringers and held liable for monetary damages. Significantly, the court directed that all DNRs offering services in India must implement mandatory e-KYC, on lines already followed by the National Internet Exchange of India (NIXI), and disclose information about rogue registrants to investigating authorities within 72 hours of a request.
Distinguishing earlier Supreme Court precedents
In their defence, registrars relied on judgments of the Supreme Court of India in Shreya Singhal and Visaka Industries. The High Court, however, distinguished those rulings, noting that they dealt with isolated instances of IP infringement. The present case, by contrast, involved widespread public fraud, significant economic harm and facilitation of criminal activity—factors that directly implicate public order and justify stronger intervention.
Dynamic due diligence: A shifting legal standard
One of the judgment’s most important doctrinal contributions is its rejection of static compliance. The court implicitly recognised that due diligence cannot be a frozen checklist; it is a dynamic obligation that must evolve with changing technologies, risks and patterns of misuse. Legacy design choices, the court suggested, cannot be indefinitely defended once harm becomes foreseeable and preventable.
Implications for banks and other digital gatekeepers
The court’s reasoning has implications beyond domain registrars. Just as registrars control the creation of online identities, banks control beneficiary and payee relationships. In this context, the judgment strengthens the case for heightened preventive responsibility across digital gatekeepers. Following judicial intervention, the Reserve Bank of India has moved towards implementing beneficiary name lookup across payment systems—a step aimed at reducing fraud at the last critical point before irreversible loss occurs.
A decisive turn in the fight for digital trust
Taken together, the ruling reflects a judiciary no longer content with merely responding after harm has occurred. Instead, it signals a shift towards design-level reform and structural remedies. The message is unambiguous: when harm is predictable and prevention is possible, design choices themselves fall within the scope of legal accountability. In the broader battle against cyber fraud, this judgment marks a decisive moment in the defence of digital trust.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
