In the context of the COVID-19 pandemic, which significantly disturbed economic processes around the world, many businesses had to accelerate the digitalisation process and focus on the remote provision of their services. This trend affected the private sector, but also public institutions, which have been holding off on online services for years.
Some organisations developed and launched applications available through various mobile operating systems, while others have focused on improving their websites to ensure the sustainability of customer requests and cash flow. Others had yet to embrace the concept of a website and its use in the provision of services. Along with the software development of the content itself, companies also focused on buying a domain that is user-friendly, but at the same time recognisable enough. This gave rise to conflicts between businesses over infringements and / or imitation, aimed at gaining market share.
In this context, we have summarised the main legal aspects of domain names, their scope, possible violations and other key points to consider when building an online business.
The Bulgarian legislation does not explicitly regulate the status of domain names. The domain name is usually used to denote a specific resource on the World Wide Web - the Internet, through which content can be accessed for various purposes - such as information, software, online platform, database, etc. Globally, domains are administered by the American multi-stakeholder group and nonprofit organisation Internet Corporation for Assigned Names and Numbers (ICANN), which has delegated the management of individual domain codes at the local level.
The Domain Name System or DNS is structured hierarchically, with domain names consisting of two main parts - a top level domain ( TLD) and a second level domain (SLD). First level domains are mainly divided into two groups - general (such as .com, .info, .biz, .org) and national (such as .bg, .fr, .eu). The management of the first level domains is entrusted to specialised organisations. For example, .eu domains are managed by EURid and .bg domains are managed by Register.BG. These organisations develop rules for the registration of second-level domains in the respective TLD, and many of the criteria are universally valid.
The intangible nature of domain names distinguishes them significantly from properties, thus not allowing their treatment as an object of property rights and bringing them closer to the objects of intellectual / industrial property. However, extensive Bulgarian case law clearly confirms the notion that domains do not fall into the category of objects of copyright, because they do not emerge as a result of creative activity. A mandatory characteristic of copyright objects under the Copyright and Neighbouring Rights Act, is the existence of "original creative activity", as well as the work itself to be "expressed in any way and in any objective form". Domain registration and maintenance is a service provided by private entities, with extremely limited opportunities for control by government agencies and institutions.
From the point of view of industrial property, it can be maintained that domains do not fall into this category, although they do have some similar characteristics, in particular with trademarks (with a special focus on word marks).
The Supreme Court of Cassation has considered the relationship between the registration of a domain that is identical or similar to a registered trademark. The court concludes that " the registration of a domain with a certain name identical or similar to an already registered trademark does not constitute a commercial activity, respectively an illegal use of a trademark" (1) within the meaning of the Trademarks and Geographical Indications Act. The main reason for this conclusion is that through the act of domain registration, the respective owner does not automatically start operating. Companies often buy rights to domains similar to their brand as part of a strategy to protect themselves from possible imitations by unscrupulous competitors. Imitation domains are often used by hackers as a first step in "phishing" attacks, replacing a few letters of the imitated brand or imitated institution. The international community is united in its efforts to combat these vicious practices. A good example is the deepening partnership between EURid and EUIPO (EU Intellectual Property Office). The two organisations have recently introduced a new mechanism that allows EU trademark applicants to receive automatic notifications in the event of an identical domain registration.
The Bulgarian regulatory authorities take into account the risks for the competition between individual market players in the event of potential imitation of domains, as well as the subsequent possibility of confusing consumers. For this reason, the Protection of Competition Act ("PCA") prohibits " the use of a domain or appearance of a website identical or close to those of other persons in a way that may lead to misleading and / or harm the interests of the competitors”. According to the practice of the Commission for Protection of Competition (CPC) (2), in order to apply the prohibition of domain or website imitation, there must be either a use of a similar domain (matching the lettering of the name of the website) or of a similar design of the websites themselves. An additional condition for establishing an infringement and securing legal protection is that the identity or similarity of the respective domain or appearance should be established without the help of specialised knowledge or skills. This is because the Internet space is freely available, potential users are unlimited and they cannot be expected to possess such specialised skills and knowledge.
Domain names serve to identify participants on the Internet. Therefore, the registration of someone else’s company name or brand as a domain name for the purpose of obtaining economic benefits, is misleading towards other market participants. The registration of a domain, similar or close to an already registered one, is contrary to good-faith commercial practices. The infringement requires that the actions of the infringer be intentional and committed in such a way as to harm the interests of his competitor or of consumers.
The first basic requirement is that within one TLD there cannot be two identical second level domains, i.e. the name of an already registered domain cannot be duplicated. Domain registrars monitor this requirement ex officio. Another basic requirement, for which an official check is usually made, is that the domain name does not represent obscene and / or offensive words or phrases that are contrary to the public interest and good manners. For the most part, the other requirements for the second level domains are set in the general conditions of respectively the registry and the registrars, who work with it, and their observance is verified only in case of a complaint. Among the requirements laid down in the rules of many registrars is that the domain does not coincide with an earlier registered trademark or company name, if the registration was made or used for speculative or malicious purposes.
In view of the above, registering a domain name that is contrary to good morals or contains a registered third party trademark is a poor long-term strategy. Apart from the risk of official refusal, there is also a later-stage risk for the holder of a registered right to seek his rights. In this case, the resources and time invested in promoting a certain domain name will be pointless. A common practice for disputes concerning domains, which contain someone else’s trademark, is to transfer the domain free of charge in the event of an objection by the trademark owner ( 3). This type of dispute is resolved through a specific domain arbitration procedure, which is managed by the respective domain registrar.
Due to the huge volume of new registrations and the increasing number of attempts to make unscrupulous applications, organisations managing different TLDs are introducing automated checks that use different decision-making methodologies - e.g. through analysis of Big Data, various algorithms and AI. According to publicly available statistics, 408,236,416 domains are currently registered ( 4). Today, there are over 35,976 .bg domains, 3,752,043 .eu domains and 167,465,081 .com domains.
In this respect, it is worth mentioning the EURid Abuse Prevention and Early Warning System (APEWS). APEWS anticipates whether a domain name may be potentially abused, and if the system identifies a domain as potentially abusive, its delegation is delayed. EURid manually reviews all domain names whose delegation is delayed as a result of the APEWS system. The domain name is registered. However, any related service (such as a website, email, or other service) will not function until the verification process is complete. A similar system works for .uk domains managed by Nominet. Both organisations recently announced that they have added the word elements "coronavirus" and "covid19" to their automated pre-scanning algorithms.
(1) Decision No 53 of 6.04.2009 of SPC under case 605/2008, II cc
(2) Decision No 343 of 29.03.2018 of CPC under notification No CPC-655/2017
(3) For ex. Decisions of the WIPO Arbitration and Mediation Centre regarding the domain names „amazondutch.nl“ (30.04.2020); „calvinkleinapp.com“ (04.05.2020)