If you’ve ever typed a website address into your browser, you’ve used a domain. Just like every country has its own dialing code, it also has its own domain extension—India’s is .in. These domains are used by businesses, individuals, and organisations to create a local online presence.
Now starting August 1, anyone registering or renewing a .in domain with MotherHost—a major web hosting provider and domain registrar—will have to complete a Know Your Customer (KYC) process.
This change follows an update to the Registrar Accreditation Agreement (RAA) issued by the National Internet Exchange of India (NIXI), the body that manages the .in domain registry.
Experts say this is an unnecessary layer of red tape that could hurt India’s digital economy. What was once a simple process of buying or renewing a domain name will now require document uploads, government verification, and, for many, a lot more time.
While the official aim is to make domain ownership traceable and prevent misuse, critics argue that it will create hurdles for small businesses, individual users, and especially foreign companies that want to enter the Indian market.
What’s the new mandate?
MotherHost has started notifying its customers about the changes which were first brought up in 2022 but they were only voluntary at the time. Under the new rules, anyone who owns or wants to register a .in domain must first verify their identity. For Indian users, this means going through DigiLocker, the government’s digital document platform, and submitting IDs such as Aadhaar, PAN, passport, voter ID, or a driving license.
Foreign users face an even more complex process. They will need to provide a passport, a letter from an Indian embassy or mission, recent tax documents, and proof of a business link or clear purpose in India. Without completing this verification, no new domain registrations or renewals will be processed.
Although NIXI says the rule is meant to curb cyber abuse, experts warn it could have the opposite effect: deterring legitimate users while doing little to stop bad actors.
Regulatory overreach
Independent security technologist Karan Saini believes the new KYC rule hands NIXI—and by extension, the government—greater control over the Indian internet. While it’s being pitched as a step toward cybersecurity or preventing intellectual property abuse, he argues that it won’t really fix the problem.
“There are already well-established ways to take down offending content,” Saini told BOOM. “Most registrars and hosting providers cooperate with lawful requests. Adding KYC to the mix doesn’t solve anything.”
Pranesh Prakash, co-founder of the Centre for Internet and Society, went a step further, calling the mandate a serious privacy violation. “This strips away any possibility of anonymity when registering domain names,” he said.
Under the Supreme Court’s Puttaswamy judgment, he explained, any measure that infringes on privacy must pass the tests of legality, necessity, and proportionality—“and this doesn’t. There’s no clear legal backing, no proof it’s the least harmful way to achieve its aim, and no evidence that it’s even necessary.”
Prakash also pointed out that the government hasn’t shown concrete examples where the lack of KYC for .in domains caused a law enforcement problem. “If there were cases where criminals couldn’t be traced because of this, we could at least have a real debate. But that hasn’t been demonstrated,” he said.
He also questioned how the policy could be enforced. “If I log into my registrar and buy multiple domains, one of them being .in, how will they enforce this restriction only for that domain?”
Impact on India’s digital economy
The bigger worry is how this could hit India’s digital economy. Saini expects the rule to hurt new registrations, at least initially. “Demand will drop at first,” he said. “We may even see services pop up that let businesses lease domains from Indian entities to bypass this requirement. But the sales of premium .in domains will almost certainly take a hit.”
He warned that registrars might even put existing domains on hold while they scramble to build the tech needed to handle e-KYC. “This policy has been rolled out almost overnight,” Saini said. “That kind of sudden shift could lead to consumer rights violations if registrars aren’t ready.”
Prakash added that India is squandering a unique advantage. “.in is globally valuable—many English words end with ‘in,’ which could have been used creatively for branding,” he said. “Instead of promoting it, policies like this are driving people away,” said Prakash, who himself is considering giving up his own .in domain despite having prepaid for several years, if the KYC requirement applies at renewal.
For him, this isn’t just about bureaucracy—it’s about trust. “These steps don’t build confidence in the registry,” he said. “They push both Indian and foreign users away.”
And this isn’t how other countries have handled their domain names. Nations have turned their domains into success stories: .tv (Tuvalu) has become synonymous with video streaming, .me (Montenegro) is widely used for personal branding, and .ai (Anguilla) has ridden the artificial intelligence boom. India, experts argue, is doing the opposite—making .in harder, not easier, to adopt.