The National Internet Exchange of India (NIXI) has issued a new compliance advisory directing registrars to tighten WHOIS accuracy checks for all .IN domain registrations and renewals, marking one of the most assertive enforcement moves the Indian namespace has seen in recent years.
The advisory — distributed within the past 48 hours — sits firmly inside India’s broader digital trust-and-safety push, where stricter verification rules are rolling out across telecom, fintech, online marketplaces, and now domain infrastructure. For .IN registrars, this means less “collect whatever the user enters” and more “verify that the user actually exists.”
What NIXI Now Requires
NIXI’s advisory outlines a set of mandatory steps registrars must implement immediately:
1. Aggressive Registrant Verification
Registrars must validate the following with greater scrutiny:
- Registrant name
- Complete physical address
- Valid email ID
- Active phone number
Automated checks aren’t enough. NIXI emphasizes human review, documentation-based verification, and follow-ups for suspicious, incomplete, or mismatched data.
2. Mandatory Action on Inaccurate WHOIS
If a registrant provides invalid or unverifiable data, the registrar must:
- Notify the user
- Request updated information
- Suspend the domain if no valid data is provided within the allowed window
This mirrors global accuracy enforcement patterns but with a distinctly India-first compliance edge.
3. Evidence Logs for Audits
Registrars must now maintain proof of verification, including call logs, email validations, KYC-style documents, or any traceable confirmation method.
NIXI has signaled that random and scheduled audits will follow.
4. Additional Checks for High-Risk Domains
Registrars are asked to apply deeper verification for domains that fall under:
- Financial services
- Government keyword categories
- User-generated-content platforms
- High-traffic or high-abuse verticals
This is meant to fast-track traceability for potential cybercrime investigations.
Why This Enforcement Wave Is Happening
India has experienced a steep rise in phishing, impersonation attacks, and scam sites built on disposable or low-accuracy domain registrations. With .IN usage booming among MSMEs, solo entrepreneurs, and digital-first businesses, regulators want to ensure identity integrity at the root layer.
Three forces are driving this shift:
- Cybercrime escalation across fintech, gaming, ecommerce, and social apps
- International pressure to maintain a clean, verifiable ccTLD
- Government-level priority on digital trust frameworks and user protection
NIXI’s move aligns with the Ministry of Electronics & IT’s growing emphasis on traceability, accountability, and verified ownership in online operations.
Impact on Registrars
Registrars will bear the largest operational burden:
- More manual reviews
- More documentation requests
- More customer follow-ups
- More domain suspensions
- And stricter audit exposure
Still, many industry watchers say this could elevate .IN’s global credibility, especially among enterprises that previously avoided the extension due to lax verification norms.
Impact on Domain Investors & End-Users
For domain investors:
Expect increased verification checks, especially if portfolio identities or privacy shields are used. Clean WHOIS data will become mandatory.
For regular end-users:
Registrants may receive more “please verify” messages post-registration or renewal. Beyond that, daily usage remains unchanged.
For the ecosystem:
Cleaner WHOIS data, smoother abuse reporting, and higher trust in the .IN namespace.
NIXI’s advisory signals a new compliance era for .IN. Stronger verification, stricter audits, and faster action on inaccurate WHOIS records put India’s country-code domain firmly on the path toward a more secure and trustworthy digital identity framework.
