Digital business in India: overview

by Suneeth Katarki, Namita Viswanath, Shrutika Umarji and Sangeet Sindan, IndusLaw
A Q&A guide to digital business in India.
The Q&A gives a high level overview of matters relating to regulations and regulatory bodies for doing business online, setting up an online business, electronic contracts and signatures, data retention requirements, security of online transactions and personal data, licensing of domain names, jurisdiction and governing law, advertising, tax, liability for content online, insurance, and proposals for reform.
To compare answers across multiple jurisdictions, visit the Digital Business Country Q&A tool.
This Q&A is part of the global guide to digital business law. For a full list of jurisdictional Q&As visit www.practicallaw.com/digital-business-guide.

Regulatory overview

1. What are the relevant regulations for doing business online (for business-to-business and business-to-customer)?
The key laws and regulations governing e-commerce in India are as follows:

General laws on e-commerce

The main laws on e-commerce are the:
  • Indian Contract Act 1872 (Contract Act): general provisions on formation of contract.
  • Information Technology Act 2000 (ITA): recognises the conclusion of electronic contracts.
  • Copyright Act 1957 and Trade Marks Act 1999: govern the protection of copyrights and trade marks and provide for remedies and protection against infringement.
  • Consumer Protection Act 1986: protects customers from malpractice by product or service providers (see Question 42Reform).
  • Civil Procedure Code 1908: general provisions relating to civil proceedings.
  • Indian Evidence Act 1872: general provisions for the admissibility of evidence in court proceedings.

Laws relating to online payment

Common online payment methods are net banking, credit cards, debit cards, mobile banking and online wallets.
The primary law governing online payments is the Payment and Settlement Systems Act 2007 (PSSA) and the Payment and Settlement Systems Regulations 2008 made under that Act. The PSSA governs payment systems. Operators of payment systems must be authorised by the Reserve Bank of India (RBI). The RBI has issued the following (among others) notifications relating to online modes of payment:
  • Security issues and risk mitigation measures related to card not present (CNP) transactions.
  • Master Circular on policy guidelines on issuance and operation of pre-paid payment instruments in India.
  • Master Circular on mobile banking transactions in India-operative guidelines for banks.
  • Directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries.

Privacy laws

The key laws on personal data are:
  • ITA (see above, General laws).
  • Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (Data Protection Rules).
  • Information Technology (Intermediaries Guidelines) Rules 2011 (Intermediary Guidelines) made under the ITA, which require every e-commerce website (intermediary) to publish a privacy policy.

Other guidelines

In addition to the above, sector-specific regulators have issued guidelines including:
  • Cyber Security Framework in Banks (RBI/2015-16/418 DBS.CO/CSITE/BC.11/ 33.01.001/2015-16, dated 2 June 2016), which stipulates the minimum standard of cyber security/resilience framework at banks.
  • Cyber Security and Cyber Resilience Framework of National Commodity Derivatives Exchanges, dated 29 March 2016 and Cyber Security and Cyber Resilience Framework of Stock Exchanges, Clearing Corporations and Depositories, dated 6 July 2016.
  • Guidelines on Insurance E-commerce (IRDA/INT/GDL/ECM/055/03/2017, dated 9 March 2017) issued by the Insurance Regulatory and Development Authority.

Foreign direct investment and foreign exchange

Foreign investments in India are regulated by the Foreign Exchange Management Act 1999 (FEMA), regulations made under it and the Foreign Direct Investment Policy (FDI Policy). The FDI Policy regulates investments on a sectoral basis, allowing investments into these sectors either by an ‘automatic route’ or a ‘Government route’. Sectors falling within the ‘automatic route’ can receive foreign investments without any prior government approval, while investments into sectors falling within the ‘Government route’ require prior permission from the Government of India. The relevant sector for a digital business varies based on the nature and model of the digital business. Under the FDI Policy, e-commerce is defined as buying and selling of goods and services including digital products over digital and electronic networks. Under the FDI Policy, foreign investment in (B2B) e-commerce is permitted 100% under the automatic route (that is, it does not need prior government approval). However, e-commerce entities with foreign investment cannot engage in B2C e-commerce.
Also, 100% foreign investment is permitted under the automatic route in a marketplace model of e-commerce where an information technology platform on a digital network acts as a facilitator between buyer and seller.
A manufacturer is permitted to sell products manufactured in India, including through e-commerce, without government approval.

2. What legislative bodies are responsible for passing legislation in this area? What regulatory and industry bodies are responsible for passing regulations and codes in this area?
Parliament has the power to make laws relating to telecommunications and information technology.
Currently, there is no standalone authority regulating all aspects of digital business. Some of the regulatory bodies which make regulations governing different aspects of digital business are the:
  • Department of Telecommunications (DOT) and the Telecom Regulatory Authority of India (TRAI): for laws governing internet and telecommunication.
  • RBI: for online payment and settlement.
  • RBI and Department of Industrial Policy and Promotion: for foreign investment.
  • Ministry of Electronics and Information Technology: personal data protection and privacy.

Setting up a business online

3. What are the common steps a company must take to set up an existing/new business online?
Various registrations and approvals are required for digital businesses, from the incorporation stage to rolling out the business.
The Ministry of Company Affairs has simplified the process of incorporating a company. Applications can be made for reservation of a name, incorporation of a new company, Director Identification Number, Permanent Account Number (PAN) and Tax Deduction Account Number through a single form known as SPICe (simplified proforma for incorporating company electronically) which can be used for a maximum of seven subscribers to the Memorandum of Association of the proposed company.
Once the company is incorporated, the following types of registration are typically required (although these vary depending on the type of business):
  • Professional tax registration.
  • Service tax registration.
  • Registering with the Employees’ Provident Fund Organisation if 20 or more persons are employed (Employees’ Provident Funds & Miscellaneous Provisions Act 1952).
  • Registering the office establishment under the respective state’s Shops and Commercial Establishment Act.
  • Registering with the Employees’ State Insurance Corporation under the Employees’ State Insurance Act 1948.
  • Registration of domain names for launching a website of the company.
  • Registration as Other Service Providers with Telecom Enforcement, Resource and Monitoring, (part of the Department of Telecommunications), if the digital business entity runs any call centre providing backend services.

4. What are the relevant types of parties that an online business can expect to contract with?
The nature of agreements required depends on the business model of the company. Broadly, the following categories of agreements are required for operating a digital business:
  • Technology licence or assignment agreements if the technology is not owned by the entity.
  • Web development, mobile application development and software development agreements to launch a front layer (user interface layer).
  • If the digital business is engaged in a marketplace model, agreements with vendors who list their products or services on the platform.
  • Agreements with payment system participants, including banks, payment gateway service providers or e-wallet service providers.
  • Online terms and conditions: with respect to end-customers, a digital business needs terms of use, privacy, acceptable use, intellectual property rights policies and any other policies relating to access to a website/platform.
  • Agreements relating to software-as-a-service, infrastructure-as-a-service, platform-as-a-service, depending on the structure and business requirements.
  • Search engine optimisation agreements.
  • Hosting services or co-location service agreement.
  • Online marketing agreement.

5. What are the procedures for developing and distributing an app?
An app for a digital business can be developed by an entity through internal resources or through professional developers. With respect to distribution, information technology companies across the globe provide online stores/consoles through which an app can be distributed. A digital business provider must agree and comply with the terms and conditions of these providers.
The owner/operator of the app would be considered as an intermediary under the ITA and as such required to comply with the Intermediary Guidelines issued by the Ministry of Electronics and Information Technology. (see Question 38 and Question 39).

Running a business online

Electronic contracts

6. Is it possible to form a contract electronically? If so, what are the requirements for electronic contract formation? Please comment on the enforceability of click-wrap, browse-wrap and shrink-wrap contracts.
The ITA (see Question 1, General laws) recognises contracts formed electronically. However, the general principles of formation of contracts are set out in the Contract Act. An agreement is legally binding if there is a valid offer and acceptance, consideration, the object is lawful, and the parties are competent to contract. The same principles are applicable to electronic contracts.
In B2C models, electronic contracts are generally standard form contracts. Such contracts offer consumers little or no bargaining power and hence could be considered unreasonable and against public policy under the Contract Act. It is therefore important that the terms of such contracts are reasonable and not onerous or one-sided.
An instrument will not be accepted by the Indian courts as evidence unless it is duly stamped. To be chargeable with stamp duty an instrument must be executed, in other words, signed. Hence, a view may be taken that electronic contracts which do not contain electronic signatures are not executed and need not be stamped.
In relation to enforceability of electronic contracts, some points to note are:
  • Click-wrap contracts are displayed at the time of installation of a software package and require users to show consent by clicking an “I agree” button or similar, by which action the contract is concluded by the user and is binding on the parties.
  • In a browse-wrap contract the terms are typically located on the website but are connected to the main page by a hyperlink. The user must click the hyperlink to access the terms of the contract. In this case, the enforceability of a contract depends on how it has been communicated to the user. If constructive notice of a browse-wrap contract has been provided and the user consents, the contract is binding.
  • A shrink-wrap contract is one whose terms and conditions can only be read and accepted once a user “opens” the product. A disclaimer is typically made on the product that by tearing the cover or the wrap, the buyer is bound by the licence agreement. The binding nature of such agreements is debatable considering the fact that terms of contracts are not accessible upfront to the end consumers.
  • Under sections 65A (special provisions as to evidence relating to electronic record) and 65B (admissibility of electronic records) of the Indian Evidence Act 1872, electronic records are admissible as evidence in court. The Supreme Court stated that both technological conditions and specified certification conditions must be satisfied for the electronic record to be admissible (Anvar P.V v P.K. Basheer (2014)).

7. What laws govern contracting on the internet?
The principal governing laws for e-commerce contracts are the:
  • Contract Act.
  • ITA.
  • Sale of Goods Act 1930.
  • Specific Relief Act 1963.
  • Consumer Protection Act 1986.
  • Civil Procedure Code 1908.
  • Indian Evidence Act 1872.

8. Are there any limitations in relation to electronic contracts?
The limitations of electronic contracts include:
  • Jurisdiction: if the purchasers or service recipients and sellers or service providers belong to different jurisdictions, determining the jurisdiction of matters arising under electronic contracts is a challenge. Agreeing to an exclusive jurisdiction for dispute adjudication may not be enforceable if the provision of exclusive jurisdiction conflicts with the principles of determining the court’s jurisdiction under the Code of Civil Procedure 1908. In such cases, the Indian courts can strike down such provisions.
  • Enforceability: if the essentials of a valid contract are not present, the contract may not be binding or enforceable. Also, despite the global nature of digital business, an electronic contract structure for a particular country may not be enforceable in other jurisdictions.
  • Consumer protection: electronic contracts contain very strict terms and conditions and usually a consumer is not in a position to bargain (see Question 6). In such instances, the courts can strike out the provisions of the contract if consumer interest is jeopardised.
  • Protection of intellectual property rights: protection against infringement could be difficult due to the restricted scope of enforceability of electronic contracts in different jurisdictions.
Any contract for the sale or conveyance of immovable property or any interest in such property belongs to a class of documents which by law cannot be concluded electronically (First Schedule, ITA).

9. Are there any data retention requirements in relation to the personal data collected and processed via electronic contracting?
Sensitive Personal Information must not be retained for longer than is required (rule 5(4), Data Protection Rules). However, there is no definition of a reasonable retention time in the Data Protection Rules and a digital business can retain the data for as long as is necessary for the required lawful purpose under the terms of its privacy policy.

10. Are there any trusted site accreditations available?
Generally, websites use a Hyper Text Transfer Protocol Secure (HTTPS) for authentication and credibility of a website. The most popular is the Secure Socket Layer (SSL) certificate, which can be obtained through appropriate vendors.

11. What remedies are available for breach of an electronic contract?
Remedies for breach of an electronic contract can be contractual and/or statutory.
The Contract Act provides for compensation for loss or damage caused by a breach and liquidated damages if specifically provided for in the contract. Indemnification against loss caused by the conduct of the promisor or any third party can be provided in the contract. Remedies can also be granted under the following statutes in the relevant circumstances:
  • Sale of Goods Act 1930: remedies are available to both the seller and buyer for breach of contract (for sales of goods but not services). For example, an unpaid seller has the right, among others, of lien and re-sale of the goods for non-payment and the buyer can sue the seller for non-delivery of the goods and breach of warranty.
  • Specific Relief Act 1963: relief includes recovering possession of property, specific performance of contract, rescission of contract and injunction in certain specific cases.
  • Consumer Protection Act 1986: provides the following remedies to a consumer:
    • return or replacement of defective goods;
    • refund of the paid amount in certain cases; and
    • award of compensation for loss or damage or injury suffered.

E-signatures

12. Does the law recognise e-signatures? To what extent and when are e-signatures used in electronic contracting? Are they required in most transactions, or very few?
If legally required, any document can be authenticated by digital signature affixed in a manner prescribed by the Central Government (section 5, ITA).
Further, section 10A of the ITA recognises contracts formed through offer and acceptance by electronic forms or by means of electronic records.

Applicable legislation

The Ministry of Electronics and Information Technology has prescribed a procedure for authentication through electronic signature under the Electronic Signature or Electronic Authentication Technique and Procedure Rules 2015 (ESEATPR) and Digital Signature (End Entity) Rules 2015 (DSER). The ESEATPR prescribes the procedure of authenticating any electronic record by using Aadhaar e-KYC services. The DSER stipulates, among other things, the procedures for creating, authenticating and verifying digital and xml signatures, and the standards of such digital and xml signatures.

Definition of e-signatures

An electronic signature is defined as the authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule to the ITA and includes a digital signature (section 2(1)(ta), ITA).
A digital signature is defined in section 2(1)(p) of the ITA read with section 3 and 3A but in practice digital signatures have only been recognised by the Government of India under the ESEATPR (passed under the Second Schedule to the ITA) and DSER (under Section 87 of the ITA).
Section 67A of the Indian Evidence Act 1872 recognises electronic documents signed with a secured electronic signature, but where the electronic signature is not secure, the authenticity of the signature needs to be proved.

Use of e-signatures

Digital signatures are widely used in forms and documents submitted to government authorities. The ESEATPR and DSER prescribe the standards and procedures for authenticating electronic records filed with public authorities. However, in a transaction between two private parties or individuals, the use of an electronic signature is optional. The parties can sign the signature page and exchange it by e-mail, for practical convenience.
Where electronic contracts contain terms of use of a website, digital business entities frequently adopt a click-wrap format (see Question 6) by means of which a user can expressly give consent to the electronic contract

13. Are there any limitations on the use of e-signatures?
There are no specific limitations on the use of e-signatures but where the Central Government prescribes any procedure for the authentication of electronic records through e-signature, that procedure must be followed. For example, the ESEATPR prescribes the procedure for authentication of electronic records by affixing an e-signature.

Implications of running a business online

Cyber security/privacy protection/data protection

14. Are there any laws that regulate the collection or use of personal data? To whom do the data protection laws apply?
The Data Protection Rules recognise two categories of personal data:
  • Personal information.
  • Sensitive personal data or information.
Personal information is information that relates to a natural person, which when combined with other information is capable of identifying the person (Rule 2(i), Data Protection Rules).
Sensitive personal data or information includes:
  • Passwords.
  • Financial information such as bank account or credit or debit card or other payment instrument details.
  • Physical, physiological and mental health condition data.
  • Sexual orientation.
  • Medical records and history.
  • Biometric information.
The data protection requirements and compliance are higher in relation to sensitive personal data (see Question 16).
The responsibility for compliance with data protection lies with the entity which collects or receives the data. The entity must provide a privacy policy on its website containing the following points:
  • Clear and easily accessible statements of its practices and policies.
  • Types of personal information or sensitive personal data or information to be collected.
  • Purpose and usage of collection.
  • Disclosure of the information in accordance with the law.
  • Reasonable security practices and procedures provided under the Data Protection Rules.
The entity must obtain the owner’s consent for collecting, storing and processing the data.
Unlawful disclosure of personal information by an intermediary or contractual party resulting in wrongful gain or wrongful loss can incur a term of imprisonment of up to three years or a fine of up to INR500,000 or both (section 72A, ITA).
Any authority or entity empowered under the ITA for collecting, processing and storing personal information which contravenes the provisions of the ITA or the Data Protection Rules is liable for a term of imprisonment of up to two years or a fine of up to INR100,000 or both.
Sector specific regulators have also issued certain guidelines applicable to a particular business sector, such as:
  • Cyber Security Framework in Banks (RBI/2015-16/418 DBS.CO/CSITE/BC.11/ 33.01.001/2015-16, dated 2 June 2016), which stipulates the minimum standard of cyber security/resilience framework for banks.
  • Cyber Security and Cyber Resilience Framework of National Commodity Derivatives Exchanges, dated 29 March 2016 and Cyber Security and Cyber Resilience Framework of Stock Exchanges, Clearing Corporation and Depositories, dated 6 July 2016.
  • Guidelines on Insurance E-commerce (IRDA/INT/GDL/ECM/055/03/2017, dated 9 March 2017) issued by the Insurance Regulatory and Development Authority.

15. What data is regulated?
Personal information and sensitive personal data or information of an end-customer is regulated (see Question 14). Business information is typically governed through contractual obligations such as non-disclosure agreements.

16. Are there any limitations on collecting or using personal data? Are there any specific limitations on storage of personal data in the cloud?
The Data Protection Rules set out the following limitations on the collection, processing and storage of sensitive personal data (see Question 14):
  • Information must only be collected and used for lawful purposes connected with the business of the entity and should not be retained for any longer than is required for the purpose.
  • The entity must keep the information secure and address any grievance from the provider regarding its storage.
  • Where information is transferred to a third party, the entity must ensure that the third party follows the level of security required under the Data Protection Rules.
  • The provider of the information must be made aware of the fact of collection, the purpose of collection, the intended recipient and the name and address of the agency collecting it.
  • The provider must be given an option not to provide the information, however, in that case the entity may choose not to provide services or goods.
  • The provider has the right to review the information provided.
For digital business relating to banking, the RBI has issued guidelines on the storage of data in the cloud based in India. Further, cloud service providers providing services to the Government of India are separately regulated by the government’s rules and regulations.

17. Is the use of cookies allowed? If so, what conditions apply to their use that impact system design?
The use of cookies is not regulated by Indian laws, however, it can be governed through contractual terms and conditions or the policies of the service provider.

18. What measures must be taken by companies or the internet providers to guarantee the security of internet transactions?
Contracting companies must, among others:
  • Be certified with the International Standard IS/ISO/IEC 27001 on Information Technology – Security Techniques – Information Security Management System.
  • Conduct a periodic audit of the network security system.
  • Install certain security system for distributed denial of service attack, black hole filtering, firewalls (software as well as hardware) and server level scanning.
  • Have an internal protocol for handling and dealing with security.
If an e-commerce website knowingly fails to protect customers’ sensitive personal information, resulting in a wrongful gain or loss, it is liable to imprisonment for a term up to three years or a fine of up to INR500,000 or both (section 72A, ITA).
Generally, if an intermediary (such as an e-commerce website) fails to implement a secure data protection mechanism prescribed under the Data Protection Rules, it can incur a fine of up to INR25,000 (section 45, ITA).
In addition to the above, the RBI requires “two factor authentication” for CNP transactions (payment through credit cards) and adopting the Payment Card Industry Data Security Standard for online payments.

19. Is the use of encryption required or prohibited in any circumstances?
In the business sector, encryption requirements vary in accordance with the guidelines issued by the respective sector regulator. For example, the RBI prescribes 128-bit as minimum level of encryption for banking transactions. The Securities Exchange Board of India has prescribed 64- or 128-bit encryption level for confidentiality and integrity of the data. However, the Department of Telecommunication has mandated under the Unified Licence Agreement that telecom service providers do not have to use bulk encryption equipment in the telecom network.

20. Can government bodies access or compel disclosure of personal data in certain circumstances?
The Government of India and any other specified government body is empowered under the Data Protection Rules to instruct intermediaries holding or controlling personal data to disclose it to them. The government agencies can also instruct intermediaries to obtain information including sensitive personal data or information, for verifying identity or for preventing, detecting, investigating, prosecuting or punishing offences, including cyber incidents.

21. Are there any regulations in relation to electronic payments?
The PSSA (see Question 1) is the primary law governing the payment system in India together with the various rules, regulations and circulars issued by the RBI. Any intermediary wanting to set up a payment system must apply to the RBI for registration. See Question 1, Laws relating to online payment for the relevant laws and regulations applicable to electronic payments.

22. If the site is aimed at children, are there any specific rules or guidance that apply?
Children under the age of 18 cannot make valid electronic contracts and websites targeting children should appropriately state that any underage person must subscribe to the products or services through a guardian aged over 18 and who is contracting on their behalf.
The publication and transmission of materials depicting children in an obscene, indecent or sexually explicit manner is an offence (section 67B, ITA). The Supreme Court has directed the Government of India to take serious and positive steps to get rid of child sexual abuse materials (Kamlesh Vasvani v Union of India (2013)). Accordingly, the government has ordered all intermediaries to subscribe to the list of dynamically updated websites/URLs maintained by the Internet Watch Foundation.

Linking

23. Are there any limitations on linking to a third party website and other practices such as framing, caching, spidering and the use of metatags?
While the mere acts of linking, framing or caching are not unlawful under Indian law, these acts can lead to civil and criminal sanctions if they either direct or expose a computer or computer network to any virus, Trojan, spam or other form of malicious code (sections 43 and 66, ITA) or if they direct or expose the user to obscene content (section 67, ITA and section 292, Indian Penal Code 1860).
Unauthorised linking or framing or server-level caching for providing unauthorised offline content can be considered as copyright infringement since they violate the copyright owner’s rights of publication and adaptation. Similarly, the unauthorised use of metatags can constitute trade mark infringement or passing off if it causes sufficient confusion about the source of a product or service.
The Madras High Court in Consim Info Pvt Ltd v Google India Pvt Ltd (2012) and the Bombay High Court in People Interactive (I) Pvt Ltd v Gaurav Jerry (2014) have passed orders which recognise meta-tagging as an act of trade mark infringement.

Domain names

24. What regulations are there in relation to licensing of domain names?
While there is no express statutory protection in India for domain names, the rights of a trade mark owner in domain names have been granted a degree of protection. The principles contained in ICANN’s Uniform Domain Name Disputes Resolution (UDNDR) Policy 1999 and the rules framed by the World Intellectual Property Organization in relation to domain name registration are followed by trade mark registries in India in the event of any claim made by a trade mark owner against a domain name. The trade mark registrar also has the right to refuse registration of a domain name, if he believes the trade mark of another person may be infringed. Licensing of a domain name by the registered owner is governed by the provisions of the Trade Marks Act 1999.
The country code Top Level Domain (ccTLD) .in is available for registration by any individual, company, firm or other organisation, whether resident in India or overseas. The .in ccTLD is operated by the National Internet Exchange of India, a Central Government body. Any person registering on this ccTLD will be subject to Indian laws and is responsible for ensuring the webpage’s security, reliability and operational stability.

25. Do domain names confer any additional rights (in relation to trade marks or passing off) beyond the rights that are vested in domain names?
The close association between a domain name and a trade mark right has been recognised by the Supreme Court (Satyam Infoway Ltd v Sifynet Solutions Pvt Ltd (2004)). The court held that where a domain name is used in connection with a business, it must be necessary for allowing the business name to be recognised as a trade mark. Therefore, domain names that are capable of distinguishing the goods or services made available to potential internet users have the same characteristics as trade marks and can be registered and protected as trade marks at the national and international levels. Consequently, if any person registers or seeks to register a domain name with the intent to cause confusion with a trade mark, a claim of infringement or passing off can be made. This ruling is very similar to the requirements of rule 4(a) of the UDNDR Policy of ICANN, under which a trade mark owner can raise a domain name dispute against an alleged infringer.
There is no express statutory protection for mere domain names, nor does a domain name by itself create any proprietary rights for the registered owner. The registration of a domain name is, prima facie, governed by the contract between the domain name owner and the domain registry.

26. What restrictions apply to the selection of a business name, and what is the procedure for obtaining one?
A business in India can be structured in any of the following forms:
  • Company.
  • Limited liability partnership.
  • Partnership firm.
  • Sole proprietorship.
The names for businesses are governed by statutory requirements. Further, if the business name or any brand created by it is required to be protected as a trade mark, the provisions of the Trade Marks Act 1999 will apply. Broadly, the requirements to be satisfied for registration of a business name under the Companies Act 2013 are:
  • Its use must not be prohibited under the Emblems and Names (Prevention and Improper Use) Act 1950.
  • It cannot contain the name of a registered trade mark or a trade mark that is the subject of an application for registration unless evidence of the consent of the owner or applicant for registration is submitted.
  • It cannot include any word or words that are offensive to any section of the public and must not be scandalous or obscene.
  • It must not be identical with or too nearly resemble the name of a limited liability partnership.
  • It should be of a distinctive character (that is, capable of distinguishing the goods or services of one person from those of another).
In addition, to be capable of registration a trade mark must not:
  • Be devoid of any distinctive character.
  • Consist exclusively of marks or indications which designate the kind, quality, quantity, intended purpose, value, geographical origin or the time of production of the goods or services.
  • Consist exclusively of marks or indications which have become customary in the current language or in trade practice.
  • Be of such nature as to deceive the public or cause confusion.
  • Contain any matter likely to hurt any religious group.
  • Comprise or contain any scandalous or obscene matter.
  • Be prohibited under the Emblems and Names (Prevention of Improper Use) Act 1950.
  • Consist exclusively of the shape of goods which:
  • results from the nature of the goods themselves;
  • is necessary to obtain a technical result; or
  • gives substantial value to the goods.
For registration of a business as a company or limited liability partnership, the business owner must first submit an application for reservation of a name. This application can be rejected by the Registrar if the proposed name does not fulfil all the requirements described above, in which event the business owner must resubmit an application for a different business name.

Jurisdiction and governing law

27. What rules do the courts apply to determine the jurisdiction for internet transactions (or disputes)?
The ITA applies to the whole of India and is extra-territorial in its application in that any offence committed outside India by any person irrespective of nationality can be punished if the act or conduct constituting the offence involves a computer, computer system or computer network located in India.
An aggrieved person can file a suit for compensation for wrongs to person or goods in the following territories (Code of Civil Procedure 1908):
  • In the jurisdiction of the court where the wrong was committed by the defendant.
  • Defendant’s place of residence.
  • Defendant’s place of business or work.
  • Where the wrong was committed within the jurisdiction of one court and the defendant resides or carries on business in the jurisdiction of another court, the claimant can choose either.
In other cases, the claimant can start proceedings in the court where the defendant resides at the start of the suit or where the defendant carries on business or works, otherwise the action can be started where the cause of action arises or partially arises.
For copyright infringement (section 62(2), Copyright Act 1957) and trade mark infringement (section 134(2), Trade Marks Act 1999), the claimant’s place of residence determines territorial jurisdiction.
The jurisdiction of internet