Indias Draft Digital India Act Proposed Domain Oversight

India’s proposed Digital India Act (DIA), currently in draft form as of 2025, represents an ambitious overhaul of the country’s digital governance framework. Intended to replace the decades-old Information Technology Act of 2000, the DIA seeks to modernize regulatory approaches to reflect the current realities of India’s rapidly expanding digital economy. One of the notable features of the draft is its proposed oversight mechanism for domain name registration and management. This development marks a significant shift in how the Indian government conceptualizes control over digital identifiers and positions itself in the global domain name ecosystem. If implemented, the DIA’s domain provisions would reshape the legal responsibilities of registrars, influence dispute resolution processes, and expand the role of government in the domain infrastructure.

Under the existing regime, India’s domain name environment operates largely in alignment with global norms established by the Internet Corporation for Assigned Names and Numbers (ICANN). The National Internet Exchange of India (NIXI), through its subsidiary INRegistry, manages the .IN country-code top-level domain (ccTLD). Registration policies, accreditation of registrars, and dispute resolution for .IN domains are currently handled through frameworks that mirror ICANN’s multistakeholder principles, albeit with localized adjustments. Disputes are addressed through the INDRP (IN Dispute Resolution Policy), a variant of the Uniform Domain-Name Dispute-Resolution Policy (UDRP). Beyond the .IN space, Indian users and entities also engage heavily in registering generic top-level domains such as .com, .org, and .net, which are governed by international registrar policies and contractually regulated by ICANN.

The draft Digital India Act introduces a new vision, proposing centralized oversight of domain registration services operating within India or targeting Indian users. According to preliminary versions of the draft and public consultations, the government aims to designate a regulatory authority with powers to supervise domain registrars and enforce compliance with Indian laws on cybersecurity, content regulation, consumer protection, and data sovereignty. This oversight would likely extend to both Indian and foreign registrars operating in the Indian market, creating a potential requirement for local licensing or registration. The policy rationale centers on national security, digital trust, and user grievance redressal—areas where the government believes self-regulation and international mechanisms have proved insufficient.

A key feature of the proposed oversight regime is the mandatory verification of registrant identity for all domain names registered through Indian registrars or targeting Indian audiences. This goes beyond the existing WHOIS requirements, which have been diluted globally due to data protection concerns such as the GDPR. The DIA would potentially require registrars to verify registrant information using official government-issued credentials, such as Aadhaar or PAN cards, and to maintain verified records in real time. This provision aligns with India’s broader digital public infrastructure strategy, but it also raises significant questions about privacy, security, and the proportionality of state surveillance.

Another significant component is the proposed requirement for real-time content takedown and domain suspension capabilities. The draft law envisions granting regulatory authorities or notified intermediaries the power to suspend or block access to domain names associated with illegal content, misinformation, or threats to public order. While existing Indian law under Section 69A of the IT Act already provides for blocking of websites, the DIA would streamline this process and bring domain registrars directly into the compliance chain. Registrars would be obligated to respond swiftly to government orders and implement technical mechanisms for domain-level interventions. This may lead to increased operational burdens for registrars and a chilling effect on speech if implemented without adequate procedural safeguards.

In terms of dispute resolution, the draft DIA hints at establishing an Indian-specific alternative dispute resolution (ADR) mechanism for domain name conflicts, potentially replacing or supplementing the INDRP. This system would be housed within a domestic regulatory framework, possibly under the jurisdiction of the proposed Digital India Authority. It could integrate domain disputes with other digital grievances, such as data protection violations or platform moderation decisions. While the objective is to provide faster and more localized dispute resolution, there are concerns about due process, lack of technical expertise, and conflicts with ICANN-mandated dispute resolution mechanisms for gTLDs.

The draft DIA also introduces the concept of a compliance audit regime for registrars. Registrars would be required to submit regular compliance reports, undergo technical audits, and ensure that their platforms implement secure protocols for DNS resolution, data storage, and registrar lock mechanisms. Non-compliance could attract penalties, revocation of license, or even criminal liability for executives in severe cases. This is part of a broader trend in the DIA to introduce criminal accountability across various digital service providers, a provision that has drawn concern from the tech industry and civil liberties advocates alike.

Importantly, the DIA’s approach to domain oversight does not exist in isolation. It is part of a broader legislative movement in India that includes the Digital Personal Data Protection Act, the Telecom Bill, and amendments to intermediary and e-commerce rules. These laws collectively seek to centralize digital regulation under unified frameworks, often favoring executive control over judicial oversight. As a result, the domain name industry in India may find itself subject to a complex web of overlapping compliance mandates, especially where domain activity intersects with user-generated content, e-commerce, and encrypted communication services.

The international implications of the DIA’s domain oversight provisions are also significant. Global registrars may be required to establish a local presence or partner with Indian entities to continue serving Indian customers. Domain investors, particularly those engaged in secondary markets, could see enhanced scrutiny of high-value domains linked to Indian trademarks, public figures, or culturally sensitive terms. Moreover, there is a risk of regulatory divergence from ICANN’s global multistakeholder model, which could contribute to the growing trend of internet fragmentation, where national rules override uniform global standards.

At the time of writing, the draft Digital India Act remains under consultation, with stakeholder feedback actively solicited by the Ministry of Electronics and Information Technology (MeitY). However, the direction is clear: the Indian government seeks a more assertive role in managing and regulating domain name infrastructure. For registrars, domain investors, civil society, and global internet governance bodies, the DIA represents both a challenge and an opportunity. It offers the promise of stronger accountability and national cybersecurity resilience, but it also raises fundamental questions about proportionality, due process, and the future of global interoperability. As the policy solidifies, stakeholders will need to carefully assess how India’s evolving digital architecture reshapes the role and responsibilities of those who operate at the core of the internet’s addressing system.

India’s proposed Digital India Act (DIA), currently in draft form as of 2025, represents an ambitious overhaul of the country’s digital governance framework. Intended to replace the decades-old Information Technology Act of 2000, the DIA seeks to modernize regulatory approaches to reflect the current realities of India’s rapidly expanding digital economy. One of the notable…