India's Fake Website Crackdown Sparks Global Internet Governance Debate as GoDaddy Challenges New Rules

India's effort to shut down fake websites and brand impersonation has led to a legal dispute with GoDaddy and other domain registrars. Learn how new privacy rules, domain restrictions, and concerns about cybercrime might change global internet governance.

Raja Awais Ali

7/3/20265 min read

India's crackdown on fake websites has sparked a global debate on internet governance as GoDaddy raises concerns about the new rules.

GoDaddy, the largest domain registrar in the world, is worried that India's efforts to combat fake websites and online brand impersonation could change internet governance beyond its borders. This could impact millions of legitimate businesses globally.

The issue arose as India increased its fight against cyber fraud and websites that misuse the names of established brands. With the rapid growth of smartphones and affordable internet, India has become one of the largest digital markets. However, this growth has also seen a rise in online scams, fake e-commerce sites, and brand impersonation.

Indian government data shows that authorities received around 2.4 million complaints about cyber fraud last year, leading to estimated financial losses of $2.4 billion. Cybercrime is now seen not just as a tech issue but a significant economic and social challenge for India's digital economy.

In 2019, many companies began approaching Indian courts, claiming that fraudulent websites were using their trademarks and logos to trick consumers and sell fake franchises.

More than twenty major companies, including Amazon, McDonald's, Microsoft, Xiaomi, and Colgate-Palmolive, participated in these legal actions. They argued that websites using variations of their names were damaging customer trust and hurting their brand reputations, leading to significant financial losses.

In December 2025, the Delhi High Court made a groundbreaking ruling that ordered the blocking of more than 1,100 fake websites associated with brand impersonation and online fraud. The most controversial part was not the blocking itself but the broader directives for domain registrars and internet companies.

The court ruled that domain registrars could no longer provide privacy protection services for free by default. If someone claimed to have a "legitimate interest," registrars must disclose domain ownership information within 72 hours.

The court also said that registrations using variations of trademarked or famous brand names should be limited to prevent future fraudulent websites.

These directives quickly met resistance from GoDaddy and other global domain registrars.

GoDaddy, with annual revenue of about $5 billion and management of around 80 million domain names, considers India its most important emerging market. This legal development is particularly significant for the company.

GoDaddy contends that removing default privacy protections could expose millions of legitimate business owners and others to risks by making their personal information publicly accessible. This increase in exposure could lead to more harassment, stalking, identity theft, and phishing attacks. GoDaddy believes that not every domain owner should be seen as a potential criminal and that sacrificing privacy won't stop cybercrime.

The company argues that the domain name system is global, and the Delhi court's ruling could push registrars to enforce India-specific rules worldwide.

GoDaddy also cautioned that if India sets a precedent for domain registrars to follow local trademark and disclosure rules globally, other countries might do the same, dividing the internet into different regulatory areas.

Another major worry for GoDaddy is the court's requirement to provide ownership details to anyone claiming a "legitimate interest." The company says this term lacks a clear definition and raises important questions. How should a private registrar determine if a request is real? Who decides if an applicant has a valid claim to personal information? GoDaddy believes these decisions should be handled by courts and law enforcement, not private firms.

GoDaddy's appeal documents reportedly span over 5,121 pages, warning that these measures could destabilize the domain registration market and push some companies to cut back or leave India altogether.

GoDaddy is not the only company challenging the ruling.

Namecheap, based in Arizona, and Hosting Concepts, based in the Netherlands, have also filed appeals against the Delhi High Court decision, revealing wider concerns in the domain registration industry about the ruling’s implications.

The court defended its stance by describing fraudulent websites as "engines for large-scale deception."

The court stated that privacy protection services have often shielded malicious actors, making it challenging for law enforcement and victims to identify those behind fraudulent sites.

For this reason, the court argued that privacy protection should be an optional paid service, not a standard feature included for all domain owners.

Despite the ruling standing, GoDaddy's website continues to promote "free privacy protection forever," a service that keeps customers' personal details out of public WHOIS records.

GoDaddy argues that weakening privacy protections could conflict with India's own data protection laws and the European Union's General Data Protection Regulation, or GDPR.

The GDPR strongly supports "privacy by default," meaning personal information should be protected unless it must be disclosed by law.

Internet governance expert Farzaneh Badii criticized the Delhi ruling, pointing out that Europe reduced public access to domain ownership records due to abuse, harassment, and phishing attacks.

Badii noted that reduced privacy protections would likely impact journalists, activists, small business owners, and everyday citizens more than professional cybercriminals, who typically have other methods to hide their identities.

The Indian government has a different perspective on the issue.

Home Minister Amit Shah stated that someone becomes a victim of cybercrime every 37 seconds in India and warned of a potential national crisis if stronger action is not taken.

Reports indicate that India's Ministry of Electronics and Information Technology submitted a 59-page document to the court, outlining concerns over domain abuse and weak verification processes in domain registrations.

Meanwhile, the Ministry of Home Affairs argued that registration data should be easily accessible for investigations since cybercriminals often use fake identities and foreign services to evade capture.

The government's stance reflects ongoing tensions between Prime Minister Narendra Modi's administration and major global tech companies over content control and digital governance.

In recent years,New Delhi has criticized companies like Meta, X, Google, and Telegram for not fully complying with Indian laws and national security concerns regarding online content.

A notable case involved McDonald's.

The company pursued action against around 110 websites that allegedly misused its branding and trademarks to promote fake franchise opportunities and collect money from potential investors.

After the court ordered actions against these sites, GoDaddy raised concerns about broader restrictions on trademark variations.

GoDaddy argued that "McDonald" is not just a corporate trademark; it's also a historical Scottish surname meaning "son of the world ruler."

According to GoDaddy, banning all variations of such a term could give exclusive ownership over a common historical expression.

The company also raised worries about trademark abbreviations.

For example, protecting "HUL," related to Unilever's Indian subsidiary, could accidentally affect about 118 English words that share the same letters, including words like "Hulk" and "Moghul."

GoDaddy believes it's almost impossible to identify English words that do not overlap with existing trademarks, which makes broad restrictions hard to enforce fairly.

Attention is now on July 16, when a larger bench of judges will hear the appeals from GoDaddy and other registrars.

The outcome of this case could have implications far beyond India.

This goes beyond a simple legal battle between a government and technology companies. It has grown into a broader discussion about the future of internet governance.

Governments want stronger tools to fight cybercrime and online fraud, while privacy advocates warn against sacrificing civil rights and the internet's open nature for security.

The challenge for policymakers worldwide is to find a sustainable balance between digital safety and personal privacy.

The decision made in this case could influence how that balance is defined for years and shape the future of the global internet.

Stay informed with the latest national and international news.

© 2026. All rights reserved.