Why does HIOX require KYC or eKYC for domain registrations?

HIOX requires KYC (including mobile OTP and Aadhaar-based verification) for domain registrations to comply with evolving legal, regulatory, and contractual obligations, and to prevent misuse of domains for cyber crime.

This approach is supported by multiple layers:

Intermediary & Safe-Harbor Compliance:

Under the Information Technology Act and applicable Intermediary Rules, intermediaries must exercise due diligence and take reasonable steps to prevent unlawful use of their services.

Implementing KYC strengthens HIOX s due-diligence framework and supports continued eligibility for safe-harbor protections.

Registrar and registry agreements:

Domain registrar and registry agreements require registrars to:

• Maintain accurate and verifiable registrant information
• Prevent anonymous or fraudulent registrations
• Cooperate with law-enforcement and regulatory authorities
• KYC is the most effective mechanism to meet these contractual obligations.

In the final judgment of Dabur India Ltd. v. Ashok Kumar & Ors. (Delhi High Court, Dec 2025), the Court explicitly recorded HIOX Softwares Pvt. Ltd. s response to the Ministry of Electronics and Information Technology (MeitY), noting that HIOX had adopted mobile OTP and Aadhaar verification for domain registrations and had stated that both Indian and foreign Domain Name Registrars (DNRs) ought to follow mandatory KYC processes.

This acknowledgment places robust KYC as an accepted and responsible industry practice in the context of preventing domain-based cyber fraud.

MeitY and Regulatory Expectations:

MeitY has repeatedly emphasized the need for stronger identity verification to curb cyber crime, phishing, and impersonation. KYC aligns HIOX s operations with these regulatory expectations and future policy direction.

Accordingly, HIOX s KYC requirement is not arbitrary. It is a security-driven, compliance-oriented measure grounded in judicial acknowledgment, registrar obligations, intermediary due diligence, and MeitY-led policy direction, and is increasingly becoming the industry standard for responsible domain registration.

How this faq is helpful: