Naavi.org

I am reproducing below a notice being sent to NIXI in response to their notice related to the acquisition of the domain name dpdpa.in. The notice was sent by Ujvala Consultants Pvt Ltd which is the registrant.

This is placed in public domain so that any body else who is affected by similar arbitrary acquisition of dot in domain names may also take appropriate action.

Quote:

To

.IN Registry

National Internet Exchange of India (NIXI)

B-901,9^th Floor Tower B, World Trade Center

Nauroji Nagar

New Delhi 110029

Subject: Objection to your Undigitally signed E-Mail dated August 1, 2025 to naavi2011@gmail.com, regarding the domain name dpdpa.in

Sirs

I am Vijayashankar Nagaraja Rao, popularly known as Naavi, a resident of Bengaluru at the above address and Managing Director of Ujvala Consultants Pvt Ltd. I  refer to your above E-Mail and regret to note that you have unilaterally notified that the domain dpdpa.in registered in our name is placed under server lock and you would initiate transfer of the domain thereafter.

In the email, you have also indicated that “Govt of India” desires to get the domain name registered for itself. However you have not given any copy of any gazette notification in this regard. Hence your claim is completely arbitrary, unjustified and illegal.  It  violates the Constitutional Rights under Article 300A of the Indian Constitution.

I strongly object to this unilateral, arbitrary and illegal decision and give notice that I intend challenging this in an appropriate Court unless the order is withdrawn immediately.

I also give you notice that I refuse any arbitration proceedings under clause 11 of the Terms and Conditions cited by you which is again unsigned and unauthenticated, since you have a vested interest in the arbitration proceedings and the dispute is not related to registration of domain name raised by a member of the public.  I am an individual resident of Bengaluru and the impact of your decision is on me at my place while you are an agency of the Government of India with all India presence and hence I reserve the right to file Court proceedings at Bengaluru and the Jurisdiction for the litigation is considered as Bengaluru.

I reserve the right to claim compensation for any damage caused due to this arbitrary and illegal decision of the registry which I may specify at the appropriate time.

It is possible that some body else may also consider this as a “Public Interest Litigation” since this move directly introduces an uncertainty in the dot in domain name registration if the Government acts in such arbitrary manner. I leave it to such persons to proceed separately.

I note that there is no information on whether you have moved similar proceedings against all domain name extensions of “dpdpa” such as dpdpa.com, dpdpa.net, dpdpa.co.in and other 315 country codes as well as confusing domain extensions such as dpdpa-india or any other typographical configurations such as dpdp-act.in etc., dpdp4india.in . Hence your action is discriminatory and points to a possible ulterior motive.

The domain name system provides for registration of dpdpa.gov.in which is reserved for Government organizations and it was your duty to suggest to Government of India if there was a request that they should operate on dpdpa.gov.in.

The proposed move of NIXI to usurp the domain dpdpa.in is similar to the acquisition of property of a citizen and conflicts with the provisions of the Indian Constitution under Article 300A amongst others and hence is a subject matter for litigation as a violation of the Constitutional rights of a citizen of India. Th domain name cannot be arbitrarily acquired without proper reason and offer of adequate compensation.

I am an observer of Domain Name related developments in the globe even before NIXI was born and has always considered the Government of India a friend. However this move of NIXI appears to me like a betrayal similar to what Donald Trump exhibited against India.

It is my desire that wiser counsel prevails and NIXI drops this notice and advises the Government to register www.dpdpa.gov.in

Way back around 2005, I have suggested a system called “Look Alikes”, to ensure co-existence of similar looking domain names with appropriate mutual disclosures. The concept is still visible on www.looaklikes.in . I am myself living with  such a conflict between my primary site www.naavi.org and www.naavi.com which is presently owned by an Australian Company and several other similar names including www.navi.co.in which is a phonetically similar domain name. I will provide similar disclosure on the site www.dpdpa.in if Government decides to open a separate website www.dpdpa.gov.in.

If however NIXI does not recognize the rights of Indian citizens to register an available domain name and use it, NIXI will be responsible for diverting registrations in the dot IN domain extension to dot Com extension. This will be an adverse decision on the Indian national interests which would be more to the liking of the opposition political parties and not the ruling nationalistic Government of Mr  Narendra Modi.

I consider that it is possible that the current move is deliberately instigated by some wrong advise. If so, this would be an indication of corruption at the Government which will be subject matter of an investigation which will include a report on how many domain names of criminals are being accommodated by NIXI even after they have been notified either by activists like us or by the Home Ministry without taking any action and the possible consideration for the same.

I also  refer to the news reports in 2005 such as the report in times of India: “Domain Squatters threat to ‘.in’”, many of which were registrations in violations of the dot in registration but was ignored by NIXI.

I have myself urged NIXI to protect domain name owners in the Net4India fiasco which you have failed to do. Other agencies have pointed out the large number of registrations by foreign firms even at the beginning of the dot in domain names which was also reported in naavi.org at that time.

NIXI has failed to fulfil its duty to the public by taking action against such fraudulent domain name registrations or closure of Net4India.com and become vicariously liable though no proceedings have so far been initiated.

A proper investigation may reveal many other instances of negligence and deliberate mismanagement of the dot in domain registration system which are being left unpursued by activists because NIXI is considered part of the nationalistic movement of bringing domain registrations to the Indian jurisdictions though commercially it is still beneficial to register dot com instead of dot in domain names.

It is possible that some body may now be interested in diverting dot in registrations back to dot com space for a reason known to NIXI itself.

I draw  attention to your notice in which you have cited the clause 12 of the terms and conditions  as follows.

12. Reservation of Rights for the .IN Registry:

The .IN Registry reserves the right to instruct its Registry Services Provider to deny, cancel, transfer or otherwise make unavailable any registration that it deems necessary or place any domain name(s) on registry lock and/or put a domain name on hold in its discretion:

 (1) to protect the integrity and stability of .IN Registry;

(2) to comply with any applicable laws, Indian government rules or requirements, requests of law enforcement, in compliance with any dispute resolution process;

(3) to avoid any liability, civil or criminal, on the part of the .IN Registry, as well as its affiliates, subsidiaries, officers, directors, representatives and employees;

(4) for violations of this Agreement; or

(5) to correct mistakes made by the Registry or any Registrar in connection with a domain name registration. The Registry also reserves the right to freeze a domain name during resolution of a dispute pending before arbitrator(s) appointed under Registry ís Domain Name Dispute Resolution Policy and/or a court of competent jurisdiction.

I donot see any of the above five reasons justifying your action related to dpdpa.in. I demand that you present appropriate authenticated evidences before you take any penal action and prove them in a court of law  along with a copy of the specific Gazette Notification for acquiring the domain name property dpdpa.in from Ujvala Consultants Pvt Ltd.

It is a very unproductive exercise for professionals like us to pursue such disputes but in the interest of  ensuring that institutions of the Government function properly, it is also our duty. Hence with lot of discomfort and pain, I am sending this notice. This is similar to the Tax terrorism faced by honest citizens, undesirable but without an option.

I request NIXI to look at the larger implications of such acquisition of domain name,  the adverse effect it would have on future domain name registration in the dot in domain extension and the discredit you are bringing to Mr Modi’s Government  with this “Emergency Like” operation and withdraw this notice forthwith.

In the larger interest of the Indian Citizens, I will be placing this notice for public information along with your response, positive or negative.

Yours sincerely

Na.Vijayashankar

Managing Director

Unquote:

 

We have discussed in the earlier articles two principles of DGPSI-AI a child framework of DGPSI, for compliance of DPDPA in AI systems, namely “Unknown Risk” and “Accountability”. We shall now extend our discussions to the third principle namely “Explainability”.

An AI takes the input and provides an output. But how it arrives at the output is a function of the algorithmic model, and the training process. Explainability is providing a clear and accessible reasons of why a certain decision output was generated. Lack of such explainability makes the AI a “Black Box”.

In the case of a “Black Box AI”, the entire accountability for the consequences of AI deployment rests with the licensor who clearly assumes the role of a Joint Data Fiduciary. DGPSI-AI expects that “Unknown Risk” principle itself defines the developer/licensor as a Data Fiduciary. If however any “exemption” be claimed or the data deployer wants to absorb the risk on behalf of the developer/licensor, the justification can be found only through the explainability feature of the AI.

Explainability also underscores “Transparency” and is supported by “Testing” and “Documentation” at the developer’s end whether they are shared with the deployer or supported by a third party assurance.

The objective of Explainability is to inject “Trust” on the algorithm’s functioning

Some of the real world examples of how explainability works are as follows.

Financial Services
In credit scoring and loan approvals, AI explainability helps financial institutions:
Show customers why their loan application was approved or denied
Identify which factors (income, credit history, employment status) most influenced the decision
Ensure compliance with fair lending regulations that require transparent decision-making
Healthcare
AI diagnostic tools use explainability to:
Highlight specific regions in medical images that led to a diagnosis
Rank the importance of different symptoms or test results
Provide confidence scores for diagnoses to help doctors make informed decisions
Human Resources
AI-powered recruitment systems demonstrate explainability by:
Showing which qualifications and experience factors influenced candidate scoring
Ensuring hiring decisions can be justified and are free from bias
Providing transparency to candidates about how their applications were evaluated
Criminal Justice
AI systems used for risk assessment must explain:
Which factors contribute to recidivism risk scores
How different variables are weighted in the decision process
Why certain interventions are recommended for specific individuals
Content Moderation
Social media platforms use explainable AI to:
Show users why their content was flagged or removed
Identify specific phrases or images that triggered moderation actions
Provide transparency in community guideline enforcement

Considering the wide utility of the Explainability and its direct relation to “Transparency” in the Data Protection Law where the deployer has to explain the processing to the data principals, this is considered as an important principle under DDGPSI-AI system

Naavi

Followers of Naavi are aware that Naavi has been maintaining the informational website on ita 2000 since 2000 and on dpdpa or its variants since 2018. The objective of this has been to enable the creation of awareness of the law for compliance.

We are aware that Nixi has been allowing several fraudsters to register domains in the dot in name including “ministryofsecurity.co” with MOS in the logo.

NIXI also failed to protect the interest of the domain name users who were affected by the Net4India closure.

NIXI has failed to stop the obnoxious practice of domain name owners hiding behind the non available privacy considerations.

NIXI has failed to urge their customers go for DPDPA compliance.

However, NIXI is targeting Naavi with the following mail:

Quote:

On Fri, 1 Aug, 2025, 13:50 Registry, registry@nixi.in wrote:
Dear Registrar/Registrant,

This is to inform you that Govt. of India desires to get the domain dpdpa.in registered for itself. Presently the registrant of the domain as reflected in the WHOIS data is Ujvala Consultants Private Limited & Registrar is Good Domain Registry Private Limited.

According to Clause 12(2) of the Terms and Conditions for Registrants (https://registry.in/system/files/Terms_and_Conditions_for_Registrants.pdf)

Reservation of Rights for the .IN Registry: “The .IN Registry reserves the right to instruct its Registry Services Provider to deny, cancel, transfer or otherwise make unavailable any registration that it deems necessary or place any domain name(s) on registry lock and/or put a domain name on hold in its discretion : (1) to protect the integrity and stability of .IN Registry; (2) to comply with any applicable laws, Indian government rules or requirements, requests of law enforcement, in compliance with any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of the .IN Registry, as well as its affiliates, subsidiaries, officers, directors, representatives and employees; (4) for violations of this Agreement; or (5) to correct mistakes made by Registry or any Registrar in connection with a domain name registration. The Registry also reserves the right to freeze a domain name during resolution of a dispute pending before arbitrator(s) appointed under Registry’s Domain Name Resolution Policy and/or a court of competent jurisdiction”.

Based on the above, .IN Registry has placed the domain name dpdpa.in under server locks. Should you need any clarification on this matter, please feel free to contact us within 05 working days and .IN Registry shall initiate the transfer of the domain dpdpa.in to Govt. of India thereafter.

Regards,
.IN Registry
National Internet Exchange of India (NIXI)
B-901, 9th Floor Tower B, World Trade Centre,
Nauroji Nagar, New Delhi-110029

Unquote

I am not sure if “DPDPA” has any trademark rights which can be usurped against the First Cum first served basis.

It is unfortunate that NIXI wants to take action against persons who are working for the benefit of the nation and without even making a request separately to hand over the domain which could have been considered favourably, decided to exercise its rights.

Over the last several years, I have personally brought to the notice of Nixi several cyber crime peddling websites but they have shown no interest in responding.

Hope they will explain why they have suddenly raised to hit this domain name. I presume that there was a complaint from some competitors who might have used their influence on NIXI to send out this notice.

In the absence of any clarification, we will presume that there is some back door manoeuvre resulting in this action.

I consider this as a notice to NIXI and demand that they provide explanation on which of the following reasons they are trying to exercise their rights.

(1) to protect the integrity and stability of .IN Registry;

(2) to comply with any applicable laws, Indian government rules or requirements, requests of law enforcement, in compliance with any dispute resolution process;

(3) to avoid any liability, civil or criminal, on the part of the .IN Registry, as well as its affiliates, subsidiaries, officers, directors, representatives and employees;

(4) for violations of this Agreement; or

(5) to correct mistakes made by Registry or any Registrar in connection with a domain name registration.

I request the legal department of NIXI provide a clarification through my email.

Naavi

The Undersigned has been highlighting that “Bit Coins” and all “Private Crypto Currencies” are “Digital Black Money” and have no place in India.

Unfortunately the Finance Ministry since the days of late Mr Arun Jaitely to the current day of Mrs Nirmala Sitharaman has been supportive of this system which has proliferated political, bureaucratic, judicial and business corruption.

Even Mr Narendra Modi and Amit Shah have not been able to bring a ban on Bit Coins or have been allowed to do so. The Supreme Court itself has been in support of this corrupt system through its past judgement on Crypto Exchanges.

RBI was at one time opposing the Bitcoins but later was made to accept the system.

All these institutions have been defrauding the public by supporting the Private Crypto Currencies either by silence or otherwise.

Now we can see every day advertisements during the India-England cricket matches from CoinDCX which is endorsed by Gautam Gambhir who has also posted this on his Instagram as a personal message, in which Bitcoin is being promoted.

The Home Ministry should be aware that Cyber Crimes and Money laundering cannot be curtailed as long as such Crypto Systems exist as “Digital Havala”.

The Ministry of Broadcasting should disallow this CoinDCX advertisements to prevent proliferation of this illegal activity.

I have tried to wake up the Government of India for the last decade or more but it appears that “Corruption” has won the war and there is no honest and patriotic person left in the Indian Government to take this seriously.

Now It has come to my notice that even before the DPDPA is in place, and DPB is being constituted, Cyber Criminals who want to violate DPDPA are already planning how to use Crypto Currencies to launder their earnings and also bribe Government officials.

Are Mr Modi and Amit Shah interested, to know on how the Crypto Criminals are trying to use the system to influence Elections?

If so, I request them to get in touch through reliable channels like Mr Tejasvi Surya, the MP from our constituency.

Naavi

Amongst all AI Governance systems, one principle which stands out is the principle of “Accountability”.

In the context of “Data Fiduciaries” under DPDPA being responsible under law for compliance, “Accountability” under DPDPA mandates that the autonomous AI systems are “Accountable” to the Data Fiduciary.

Hence every AI algorithm by itself is a “Joint Data Fiduciary”. However since law recognizes the legal obligations only on a Juridical entity with a human who can be put behind bars if required, it is not possible to recognize the “AI Algorithm” by itself as a “Joint Data Fiduciary” in its full sense. It is the human who is responsible for the AI functioning who will be the “Joint Data Fiduciary” who could be liable under DPDPA. That human may be an individual behind a corporate entity such as the person identified under Section 85 of ITA 2000. The legal logic for such responsibility is Section 11 of ITA 2000.

Hence the current law as it exists in India makes the person who causes an automated system to behave in a particular manner responsible for its actions and when such responsible person is a corporate entity, the person responsible for the busienss or the CEO including the Directors etc who are not exercising “Due Diligence” shall be responsible.

No new law such as the Digital India Act is required to apply this principle.

Hence DGPSI AI considers that “Accountability” is an inherent legal requirement and has to be accommodated in the DGPSI AI.

Such accountability is implemented first by a mandated signature in the software and secondly by a disclosure of a “Handler” or “AI Owner” for every AI system.

The first accountability implementation starts from the deployer who has to embed the “Signature of the Developer” into the code. Subsequently, every owner of license should embed their signature so that a “Chain of AI ownership” is built into the software code. .

The “Disclosure” requirement may operate at the contract level so that whenever the license to use an AI is transferred,, the contract should declare who is responsible at the supplier’s end for the contractual terms. He becomes the “Handler” as disclosed.  The Data Fiduciary need not necessarily have access to the embedded ownership trail to go ahead.

Once a Data Fiduciary adopts an AI algorithm into his system it is his responsibility to designate a owner which should be disclosed to the Data Principals . For outsiders, the DPO himself is the responsible person and since all AI users could be considered as “Significant Data Fiduciaries”, DPO s shall be present in all cases. Internally it is open for the organization to  designate a process owner as the person accountable for the AI.

Naavi

The word AI is often loosely used in the industry to represent any system with a reasonable level of automation. Marketing people often use AI as a prefix to all Software.

However, for our assessment of AI Risk under DGPSI-AI framework we try to define AI as

“An autonomous software with a capability of modifying its behaviour from its own observations and prior outputs without a human intervention”.

In other words, a non AI software is a software which has a software code written by a human and the input-output behaviour is defined by the developer in an If-Then-Else structure.

The output in such cases is predictable and Risks if any in the use of the software to the processing of data or for any other purpose is identifiable with a reasonable degree of certainty.

Where the software is a complex series of instructions there could still be bugs and glitches where the output may be different from the expected results. Most of these appear as “Errors” rather than misleading outputs.

These can however be reduced or eliminated through extensive testing. Some times such glitches arise because the devices in which the code is executed are not properly tagged to the instructions. Such risks can still be considered as “Known and Manageable Risks”.

In such software, when a bug is observed or a new use case arises, the developer has to re-write a part or whole of the code to meet the new requirements. The software otherwise may crash. The error logs are collected and used as learning material for the human who has to resolve the code conflict.

When a software code is built for a AI-Software, the code may be autonomously altered by the software itself without human intervention. These decisions may be based on the logic of previous outputs which could be based only on on “Probability” instead of the strictly mathematical basis on which computing normally works.

Hence there is a possibility that one wrong output which may have small consequence in the beginning may go back as an input and over a time spiral into a major wrong decision. This AI written by AI is a dangerous spiral which is like a silent cancer which suddenly erupts into a catastrophic output.

This “Risk” is an unknown Risk that makes every AI in deployment an “Unknown Risk”. In such a scenario, we should consider a “Data Fiduciary” using an AI software as a “Significant Data Fiduciary” since he is bearing an “Unknown Risk which can be catastrophic”.

AI developers often promise that during the Ai development they introduce security measures including monitoring of any abnormal behaviour and incorporation of “Kill Switches” if the abnormality exceeds acceptable limits. However super intelligent AIagents might find work arounds to dodge the Kill Switches

There has been several documented instances where autonomous AI software has tried to bypass Kill Switches and deceive the human operators.

In May 2025, Techzine.eu reported some AI models including Open AI’s o 3 ignored shutdown commands.

Despite the clear instruction to allow themselves to be shut down, models such as Codex-mini, o3, and o4-mini bypassed the shutdown script. They did so even after the researcher asked them not to.

Codex-mini did this in 12 out of 100 runs, o3 in 7 out of 100, and o4-mini in 1 out of 100. In contrast, all versions of Claude, Gemini, and Grok that were tested followed the shutdown instructions without any problems.

The researchers believe that this problem relates to how modern models such as o3 are trained. The reinforcement learning process used, which focuses on solving math and programming problems, may unintentionally reward models for circumventing obstacles.

In the recent Replit incident, involving Vibe-coding, customer’s data was deleted by the AI and in the Cursor AI incident, the AI refused to proceed further and started arguing with the user much like a human subordinate.

This indicates that “AI Risk” is a significant Risk and can go out of control.

Hence DGPSI AI considers that all processes using AI (meaning self code correcting software) as a sensitive process qualifying to be called a “Significant Data Fiduciary” Risks.

If any process using AI needs to be down graded as non-significant based on the context, a suitable documentation and an assurance from the developer needs to be present.

This is one of the Core principles of DGPSI AI.

Naavi