The intellectual property portfolio of many companies forms an important and valuable part of their assets. Within the last few decades, there has been recognition of this by lenders and a shift in their acceptance of using IP to form the basis of security, or as part of a package of security.

Although IP assets are valuable, they are intangible assets. Particular challenges are therefore presented regarding the security package. So, in transactions where the IP is of significant value, careful consideration is required as to what, where, when and how security interests over that IP can be created. This is particularly so when security is being taken over domain names because of the uncertainty surrounding its nature and the lack of a system for registering that security.

Domain names often have material commercial significance. The owner of a business will expect to be able to deal with them – buy, sell, offer them as security to a lender. But the law has not fully caught up with commercial practice. The analysis of the legal nature of these rights, and the extent of dealing with them, is still a developing area. The heart of the problem is a lack of a register of domain names which operates to give notice to third parties of rights in relation to those domain names.

What is a domain name?

A domain name is the web address or part of the URL that appears in the search bar of a web browser. It is a string of characters that directs a user to a particular area of space sitting on a server which may or may not contain further information. A domain name is not an intellectual property right (IPR) of itself. The uncertainty surrounding the legal nature of domain names in the UK will be explored further in this article.

Despite not being an IPR, a domain name (and often the large domain name portfolios that a business may own) has substantial value to the business. Owning a domain name allows a business to use that domain name for its business activities and host a website from that domain to the exclusion of all others. Once you own a particular domain name, nobody else can host a website from it for the duration of its registration. Domains are categorised broadly as follows:

• Generic Top-Level Domains (gTLDs) – gTLDs include .com, .net, .inc and the new Brand TLDs (for example, .redbull, .apple, and .ferrari).
• Country-code Top-Level Domains (ccTLDs) – ccTLDs are, for example, .co.uk, .es, .fr, .de etc. for each country.

Domains are registered on a "first come, first served" basis. Once you "reserve" the domain, you are the "owner" of that domain indefinitely provided you continue to pay the renewal fee.

If the particular domain incorporates a business's brand (a registered or unregistered trade mark) then that domain will be of considerable value to the brand owner. This value can lead to problems for a brand owner, for example, cybersquatting, where cyber squatters purchase and "squat" on domain names similar or identical to brands owned by businesses with a view to selling them at a profit or disrupting the business in question.

However, some valuable domain names are not trade marks. Generic domain names (such as hotels.com and insurance.com) have become increasingly popular and valuable in recent years.

Domain terminology – the 3 Rs

Registry

A registry is the authority which manages the registration of all domain names in a specific top level domain (TLD). It keeps an authoritative master database of all such registration data and maintains a zone file that describes the domain name space for which that particular registry is responsible. Nominet UK is the official registry for .uk domain names.

Registrar

Registrars are organisations accredited by The Internet Corporation for Assigned Names and Numbers (ICANN) and certified by the registries to sell domain names. They are bound by the Registrar Accreditation Agreement (RAA) with ICANN, and by their agreements with the registries.

The RAA sets out responsibilities for a registrar, which include the following:

• maintaining WHOIS data; WHOIS (pronounced as "who is") is an internet record listing that identifies who owns a domain and provides relevant contact information
• submitting data to registries
• facilitating public WHOIS queries
• ensuring domain name registrants' details are escrowed
• complying with RAA conditions relating to the conclusion of the domain name registration period.

To reserve a domain name in a gTLD, a domain name registrant must register it with an ICANN-accredited registrar. The registrar will check if the domain name is available and create a WHOIS record with the domain name registrant's information. It is also possible to register domain names through a registrar's resellers.

Registrant

A domain name registrant is the person or organisation who has registered the domain name. To do so, the domain name registrant will usually apply online to a domain registrar or one of their resellers.

The domain name registrant is bound by the terms and conditions of a licence, entered into with the registrar with which it registers its domain name. The licence will impose requirements on the registrant to, for example:

• adhere to a certain code of conduct
• indemnify the registrar and registry against any legal or civil action taken as a result of use of the domain name
• pay registration fees promptly
• submit accurate data and update this promptly as and when circumstances change.

Initial considerations when taking security over a domain name

At an early stage, a lender should conduct the necessary due diligence in relation to the domain name and evaluate its marketability and value, independent from the registrant company and in conjunction with the goodwill and other IPRs of the company.

During the due diligence process, the lender should require the registrant to furnish a detailed schedule of all its related IP assets. This will enable the lender to decide whether it wishes to take security over those assets as well as the domain name.

If the IP will form a significant part of the lender's security package, it should commission an independent IP audit from a specialist. The audit should corroborate the details of the schedule of related IP assets received from the registrant and confirm whether there are any assets that are merely licensed, rather than owned, by the registrant. If any IP assets are licensed to the registrant, rather than owned, this would significantly impact the resale value of the security package, should the lender need to realise the security.

The due diligence exercise should also focus on uncovering any issues relating to the ownership, validity, use, infringement and renewal of the domain name and any other associated IPRs over which the lender may wish to take security.

Difficulties of taking security over a domain name

There are two fundamental problems with taking security over a domain name:

• no system for registering security over a domain name
• uncertainty over the nature of a domain name.

It is worth noting that in practice, these issues may be avoided. First, due to the nature of domain names, it is unlikely that there will be numerous competing interests surrounding a particular domain name registration.

Secondly, there are tried and tested practical workarounds and alternatives to taking security, that produce, in effect, the same results as a mortgage or charge. These should give a lender some peace of mind when taking security over a domain name.

No system for registering security over a domain name

There is no system for registering a security interest over a domain name. Nominet (the .uk Registry), for example, states that it will not record or be bound by mortgage-like security.

The absence of a security register to allow for perfection of a security interest over a domain name poses questions, particularly regarding the priorities situation surrounding a domain name. Crucially, a lender who holds an equitable charge over a domain name as a form of security risks having its claim defeated by the interest of a bona fide third party purchaser for value who subsequently acquires the domain name from the registrant in ignorance of the charge.

Uncertainty over nature of a domain name

It is uncertain whether domain names are properly characterised as property rights or pure contractual rights. The current legal position in the UK is unclear. There is no express UK authority on whether registration of a domain name gives rise to property rights and no statute regulating this matter.

In practice, however, the relationship between registries in the UK (and many other countries) and a domain name holder is entirely contractual. The terms and conditions of Nominet UK specifically state that it does not consider domain names to be property. This adds an additional complication in terms of the rights of the lender where an equitable charge is granted.

Alternatives to taking a mortgage or charge over a domain name

In light of the questions over priority and the nature of domain names, a lender should be cautious about relying solely on an equitable charge over a domain name. Instead, a lender should consider the following alternatives to taking a charge or mortgage over a domain name:

Legal assignment by way of security

A lender could take a legal assignment by way of security of the domain name from the registrant. An assignment will be effective as a legal assignment if it complies with the requirements of s136 of the Law of Property Act 1925 (LPA 1925).

The assignment should allow the registrant to nominate the IP address to which the domain name points and should also contain a provision for transfer back of the domain name to the registrant when the registrant discharges its debt. Notice of the assignment should be served on the relevant registry in the same way that the registry would be notified of an absolute assignment on the sale of a domain name.

The lender will also need to grant a licence for the use of the domain name to the registrant/borrower. This should allow the borrower to continue to use the domain name/IP address during the term of the loan within clearly defined parameters that do not damage or diminish the value of the domain name.

Equitable assignment by way of security

Alternatively, the lender and registrant could enter into an equitable assignment by way of security. If an assignment does not comply with the requirements of section 136 of the LPA 1925 then it will take effect as an equitable assignment.

One of the requirements of s136 is that the assignment must be notified in writing to the third party against whom the assignor could enforce the assigned rights, in the case of a domain name, the registry. A common way of taking an equitable assignment of a domain name is to comply with all the requirements of s136 except for the notice requirement.

However, a lender will want to be able to "upgrade" the assignment to a legal assignment if it needs to enforce its security. Therefore, a lender may require the registrant to sign a notice of assignment and deliver it to the lender as a condition precedent to drawdown.

Alternatively, a lender may take a power of attorney from the registrant to enable the lender to complete the notice of assignment and serve it on the registry. Either way, the lender should ensure that the loan agreement provides that on an event of default under the loan agreement such as non-payment or an insolvency event, the lender will be entitled to enforce its security by serving notice on the relevant registry.

As noted above, a lender holding the benefit of an equitable assignment by way of security is vulnerable. It may have its claim defeated by a bona fide purchaser for value without notice of the lender's interest

Note that before considering taking a legal or equitable assignment by way of security of a domain name, a lender should carefully check the terms upon which the relevant domain name is granted for any anti-assignment provisions. This is because a registry is unlikely to be bound by any purported assignment if the terms of its agreement with the registrant include an anti-assignment provision.

Possession of the keys to a domain name

In addition to putting in place a legal or equitable assignment between the lender and registrant, it is vital that the lender takes possession of the "keys" to the domain name. The "keys" are the authorisation codes to unlock and transfer the domain name. It is crucial that constructive control of the keys is given to the lender before or at the time the assignment by way of security is given.

Practical steps a lender can take to take constructive control of the keys to a domain name include the following:

• Requiring the registrant to give the online domain name account details and passwords to the lender.
• If permitted under the existing terms and conditions between the registry and the registrant, ensuring that the registrant details, including any associated administrative, billing and technical details, have been changed to the lender's account. These details should be changed at the time a legal assignment by way of security is taken or, if an equitable assignment has been taken, effected by notice to the registrar after an event of default and on enforcement of the equitable assignment.
• Requiring the registrant to give evidence to the lender that proves that the registrant has notified the registry of the registration of the lender as the registered holder. This could be achieved by requiring a written acknowledgment of the notice from the registry. The acknowledgement should be obtained as a condition precedent to drawdown of the loan, in the case of a legal assignment. Alternatively, in the case of an equitable assignment, the notice and acknowledgment process would be effected on enforcement.

Taking security over a bundle of rights associated with a domain name

A domain name, by itself, may be of limited value without other intrinsically associated IP rights and assets. Likewise, if a lender takes security over a domain name without taking security over those other rights and assets, that security may be of limited value.

Therefore, a lender should also consider, in addition to taking security over the domain name, taking security over those associated rights. This should ensure that on enforcement, the lender can realise the true value of the domain name.

Key examples of associated rights that might comprise part of the bundle over which a lender takes security are the following:

• The trade mark contained in the domain name.
• Any goodwill of the business relating to the domain name.

A lender should be aware of the practicalities of taking security over these additional IPRs. For example, when taking security over copyright (which, in the UK, is not registerable and arises automatically when certain criteria are met), it would be prudent for a lender to carry out a search at Companies House to determine whether there is any pre-existing security over that copyright. Patents and trade marks, however, are registered IPRs so when taking security over them, a lender should carry out a search at the IPO, as well as at Companies House, to uncover any existing security interests.

To protect the value of its security, a lender should also require a borrower to give representations concerning its ownership and the absence of any infringements, or likely infringements, of the relevant IP rights. Again, this will be particularly important in the context of copyright, since determination of copyright ownership and the existence of any other interests in copyright (for example, licences) are not readily accessible due to the lack of a centralised register.

A lender should also require a borrower to give undertakings in relation to the relevant IP rights. IP-related undertakings a lender may want to consider would relate to the maintenance of rights in the IP by paying renewal fees, licence fees and outgoings so that IP rights do not lapse and a waiver of moral rights by the authors of any materials subject to copyright.

If the registrant operates a multi-jurisdiction IP portfolio, a lender should take care to ensure that corresponding security over the relevant IP rights is obtained in other relevant overseas jurisdictions. This is particularly important given the cross-border nature of domain names.

Documentary considerations for an assignment by way of security of a domain name

Any purported assignment by way of security of a domain name should be by way of written contract. This security document should also, if necessary, create security over the IP rights and assets associated with that domain name. The terms of the security document should clearly set out the obligations of the registrant and the rights of the lender, particularly in the event of the registrant's default under the terms of the loan agreement.

Key terms of a security document creating an assignment by way of security over a domain name and security, its associated IP rights and assets include the following:

• The description of the assets over which security is taken should include the domain name and all associated IP rights and all assets.
• A clear contractual right for the lender to access and control the domain name so that it may effectively enforce its security.
• Specific representations and warranties from the registrant such as the following: that the registrant is the current registered owner of the domain name and has the right and authority to assign the domain name; that there are no third party rights over the domain name, and no disputed or claimed third party rights; and that the registrant has complied fully with the terms of the original registration agreement in respect of the domain name and with any subsequent formalities (for example, any renewals of registration that might be required).
• Specific undertakings from the registrant such as the following: that, following the assignment by way of security, the registrant will cease any use of the domain name that falls outside the scope of use set out in the licence between the registrant and the registrar; to safeguard and maintain present and future rights in the domain name; not to transfer the domain name to a third party, not to create security over the domain name without the prior written consent of the lender (a negative pledge to prevent third parties from subsequently seeking to obtain security over the same domain name without the lender's prior consent).
• The rights of the lender to effectively exercise remedies upon default by the registrant.

Looking abroad, and potentially forward?

It may be of interest to consider the legal position on domain names in other jurisdictions.

US perspective

Similar to the UK, there is disagreement over the precise legal nature of domain names in the US. However, in the US, there have been several, albeit conflicting, court judgements and official opinions on this issue.

In Network Solutions, Inc. v. Umbro Int’l, Inc. (2000), the Supreme Court of Virginia held that a domain name is not property. The registrant of a domain name receives merely a conditional contractual right to use the registered domain name for the duration of the registrations and consequently, has no rights against the wider world.

However, this decision does not square neatly with the decision in Kremen v. Cohen, 337 F. 3d 1024 (9th Cir. 2003), where it was decided that domain names are indeed property, subject to conversion. This view is supported in the Anti-cybersquatting Consumer Protection Act (ACPA) which authorises in rem civil action against a domain name. This therefore suggests that a domain name is a form of intangible property.

The official view of the American Bankruptcy Institute straddles a middle ground between the two earlier judicial decisions, stating that domain names can be characterised as either general intangibles or conditional contractual rights. However, regardless of their characterisation, domain names ultimately embody property rights that have value, and security interests can be perfected in them under Article 9 of the Uniform Commercial Code (UCC).

In practice, the position taken in the US is that domain names fall under the definition of "general intangibles" under Article 9 of the UCC, since they are not specifically excluded from that definition.

It is essential to perfect a holder's security interest in a general intangible. To do so, the lender must file the proper financing statement in the relevant state's UCC filing office, typically where the registrant is organised.

However, this security interest is of limited use if there is the presence of an anti-assignment provision. In such a case, the lender, despite having security over the domain name, will not be able to enforce his interest pursuant to Section 9-408(d)(6) of the UCC, effectively leaving him empty-handed.

A potential workaround to this situation is achieved by putting the debtor in bankruptcy. The Bankruptcy Code allows a bankruptcy trustee to assume and sell a debtor's contract, despite the presence of any anti-assignment clauses. It therefore follows that the lender can sell the domain name contract and claim the proceeds from the sale, due to its position of bankruptcy trustee (Straffi v. State of New Jersey (In re Chris Don, Inc.).

Canadian perspective

In Canada, legally, domain names are seen as intangible personal property (Tucows.com Co. v. Lojas Renner S.A). The only route to perfection of the security is by registering it via the Ontario's Personal Property Security Registration System (PPSA).

Maintaining practical control in the form of constructive possession, however, does not provide legal protection under the PPSA. Pursuant to the PPSA, only investment property, not intangible personal property such as domain names can be constructively controlled.

It has been queried why a secured creditor of a domain name, having done everything necessary and reasonably practicable to put itself in a position where it is able to dispose of the domain name without needing further consent of the original owner, should not be construed as having constructive control and why this should not be a valid method of perfection.

Find out more

To discuss the issues raised in this article in more detail, please reach out to a member of our Banking & Finance team.

A version of this article originally appeared on the Practical Law website in September 2020.