The Indian domain space is undergoing a transformation—and not necessarily for the better.
From August 1, 2025, anyone registering or renewing a .in domain must complete a full KYC (Know Your Customer) process. This is no minor change—it’s a sweeping policy shift that’s turning what was once a fast, frictionless process into a compliance-heavy exercise.
The new rules come under updated guidelines from NIXI (National Internet Exchange of India), the organization that governs India’s .in domain registry. But while the stated goal is to reduce abuse and improve traceability, domain experts are raising alarms that the cure might be worse than the disease.
What’s Changing?
One of India’s prominent registrars, MotherHost, has started notifying customers that KYC is now a non-negotiable step for all .in domain transactions.
Here’s what it means in practice:
- Indian users will need to verify their identity through DigiLocker, using documents like Aadhaar, PAN, or driving licenses.
- Foreign users will have to provide a passport, embassy-issued letters, recent tax filings, and proof of business intent in India.
In short, everyone—regardless of location or scale—will need to prove who they are just to register or renew a .in domain.
Not Everyone Is Convinced
Critics argue that these requirements may create more problems than they solve. Cybersecurity researcher Karan Saini notes that domain misuse can already be addressed through existing legal channels.
“Most registrars comply with takedown requests. Forcing every user through a KYC process feels like adding bureaucracy without solving the real issues,” Saini told BOOM.
Digital policy expert Pranesh Prakash echoes that sentiment—but takes it further. He calls the move a violation of privacy rights, with little legal justification under India’s constitutional framework.
“There’s no clear data to support this. The government hasn’t shown that lack of KYC was even causing problems in the first place,” Prakash said.
A Barrier for Global Players
If you’re a startup based outside India eyeing the .in extension for branding or expansion, this new policy could be a dealbreaker.
Foreign registrants face a far more complex journey. Proof of identity, tax documents, and embassy paperwork will now be prerequisites for simply buying a domain. This could discourage international players from adopting the .in extension, particularly when alternatives like .ai or .io remain far more accessible.
Could This Stall India’s Digital Momentum?
The Indian digital economy has grown rapidly over the last decade—and domain names have played a quiet but powerful role in that journey. From solopreneurs to unicorns, .in domains have become part of the startup fabric.
But this new requirement may put a damper on that growth. Industry watchers expect an immediate dip in .in domain registrations, with many users potentially looking for ways around the mandate—including leasing from KYC-cleared entities or abandoning the extension altogether.
Worse still, registrars may not be technically prepared for the rollout, potentially leading to delays, disruptions, or even renewals being put on hold.
A Branding Play, Missed?
From a domain investor’s perspective, .in holds incredible potential for creative and global branding: Log.in, Plug.in, Cash.in—the possibilities are endless.
Yet, instead of capitalizing on its inherent brandability, India appears to be making .in harder to access at a time when other countries are doing the opposite:
- .ai (Anguilla) is booming in the AI sector
- .tv (Tuvalu) became the go-to for video platforms
- .me (Montenegro) turned personal branding into a domain asset
India’s domain policy, however, could have the unintended consequence of pushing both local and global users toward more flexible alternatives.
Final Take: A Step Too Far?
At GoDomainers, we believe domain infrastructure should enable creativity, commerce, and accessibility. While protecting digital assets is important, regulations must be balanced, evidence-based, and designed to empower, not restrict.
Unfortunately, this KYC requirement feels like a case of regulatory overreach—a solution in search of a problem.
As global founders race toward leaner, faster, more brandable identities, .in risks becoming the extension they leave behind.