(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


The UK's proposed measures for court orders to suspend IP addresses and domain names

2025-05

The UK's proposed measures for court orders to suspend IP addresses and domain names April 8, 2025

A while back, I wrote about the Crime and Policing bill, and powers in relation to SIM farms.

Today, I’m writing about another part of the bill, this time about the proposed measures for court orders to suspend IP addresses and domain names, following an application from the police, HMRC, FCA, or the Gambling Commission.

As a reminder, this is a bill, going through Parliament at the moment, so it is not currently law, may not become law, and if it does become law may have changed in the interim.

I am working from Schedule 12 of the bill as introduced.

Perhaps I’m being grumpy, or daft, but quite a lot of this doesn’t seem to make much sense to me.

Suspension orders

An IP address suspension order is an order requiring a “specified IP address provider” to prevent access to a specified IP address for a period (of no more than 12 months) set out in a court order.

A domain name suspension order is much the same as an IP address suspension order, in that it is an order which can be imposed on a specified Internet domain registry, or a specified registrar, to prevent access to a specified internet domain name for a period (of no more than 12 months) set out in a court order.

I am not sure what “prevent access to a domain name” means in this context. It feels like clumsy wording. Block the ability for a third party to retrieve information associated with the domain name?

If a suspension order specifies a period less than 12 months, the court can extend it, as long as the conditions for granting the order are still met, up to those 12 months.

An “IP address”

“IP address” is defined as “an internet protocol address”.

An “IP address provider”

An “IP address provider” is a person (“P”) that allocates IP addresses, where those IP addresses have been allocated to P by another person for the purpose of onward allocation.

Because the orders can be imposed only on providers which allocate IP addresses, as opposed to routing them, I don’t think that these orders can be used more broadly, to compel (other, non-allocating) ISPs to stop routing traffic to the specified IP address(es).

An “Internet domain registry”

An “internet domain registry” is a person that both:

maintains a relevant register of internet domain names, and operates a computer program or server that forms part of the system that enables the names included in the register to access internet protocol addresses or other information by means of the internet.

I am not sure what the distinction is between “computer program” and “server” here, or whether there is indeed a difference.

I also unclear what “enables the names included in the register to access internet protocol addresses” means. I wonder if this is a mistake, as the names do not “access IP addresses”. Perhaps it should reference “end-users” or something like that?

Am I missing something here?

Circumstances in which a judge may grant a suspension order

A judge may grant a suspension order if they consider that there are reasonable grounds to believe that all of the following are true:

the IP address / domain name is being used for the purposes of serious crime

one or more of these are true: a UK person is using the IP address / domain name for the purposes of serious crime a UK person is, or will be, a victim of the serious crime for the purposes of which the IP address / domain name is being used the IP address / domain name is being used for the purposes of serious crime connected with unlicensed gambling the IP address is allocated to a device located in the United Kingdom / the domain name is hosted on a device located in the United Kingdom

it is necessary and proportionate to prevent access to the IP address / domain name to prevent it being used for the purposes of serious crime

either or both access to the IP address / domain name will not be prevented unless a suspension order is made, or if access to the IP address / domain name is prevented otherwise than in accordance with a suspension order, there will be serious prejudice to the prevention, restriction or disruption of the serious crime for the purposes of which the IP address / domain name is being used



I think that “the domain name is hosted on a device located in the United Kingdom” means that the authoritative DNS server is physically located on a machine in the UK. As opposed to the problem website being hosted on a machine in the UK.

An overseas focus?

The framework provides for the service of these orders on providers in the UK and providers not in the UK, although quite how many providers outside the UK would comply with a UK court order, I’m not sure.

The explanatory notes (121) are more optimistic:

The overwhelming majority of entities that allocate IP addresses and domain names are situated in foreign jurisdictions. In these cases, overseas providers do not always recognise informal requests from investigative agencies and it is not practical to have voluntary relationships with international providers in the same way that cooperative arrangements work domestically. Many relevant overseas organisations require court orders before they will suspend IP addresses or domain names.

I guess that I’m a bit surprised that the “overwhelming majority of entities that allocate IP addresses” are overseas, but I am interpreting this as the majority of scam sites etc. are hosted with overseas providers. For domain names, this makes more sense to me.

The government’s consultation response said:

Multiple respondents also argued that this power may assist the UK to work more effectively with overseas law enforcement agencies by bringing the UK’s standards in-line with international precedent allowing for the use of Mutual Legal Assistance Treaty requests (MLATs) and other international requests.

So perhaps it really is intended to focus on overseas providers.
[END]

[1] URL: https://decoded.legal/blog/2025/04/the-uks-proposed-measures-for-court-orders-to-suspend-ip-addresses-and-domain-names/
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.