Will VPNs Be Banned in India Under the New VPN Policy?

The Indian government’s Computer Emergency Response Team (CERT-In) agency released a new guideline in the final week of April that would radically alter how we utilize VPNs in the nation. The policy takes effect 60 days after it is announced, on June 28. If you’ve heard about India’s new VPN policy and aren’t sure what it means, we’ve got you covered. We’ve covered all you need to know about India’s new VPN policy and how it will affect you in this post.

India’s New VPN Policy Explained (2022)

What is India’s New VPN Policy?

According to the Computer Emergency Response Team (CERT-In), India’s new VPN regulation intends to strengthen the country’s cybercrime monitoring mechanism. It entails keeping and collecting personal data from VPN users in India, such as names, IP addresses, physical addresses, phone numbers, and more. In the next part, we’ll lay out all of the data gathering rules for VPN firms.

What is India Asking VPN Companies to Save?

VPN firms should store the following user data, according to CERT- directions. In’s These regulations affect not just VPN providers, but also data centers, virtual private server providers, and cloud service providers.

Data logging – Logging should be required for a duration of 180 days.
Data localization – Logs should be kept in India.
Save the following client information for five years:
Names of subscribers/customers who have hired the services that have been verified
Hire period, including dates
IP addresses assigned to and used by members
At the moment of registration / onboarding, the email address, IP address, and time stamp were utilised.
Why are you hiring services?
Validated contact information and addresses
Subscriber/customer ownership patterns when employing services

Apart from these features, VPN providers are required to notify cyber events within six hours of becoming aware of the breach. They’re also told to sync system clocks with the National Informatics Centre’s (NIC) or National Physical Laboratory’s (NPL) Network Time Protocol (NTP) servers, or with NTP servers traceable to these NTP servers.

How Did VPN Companies React to the Order?

Leading VPN providers have published statements in the last few days expressing their views on India’s VPN policy. Here are the official statements in brief:

“ProtonVPN is watching the situation, but we remain dedicated to our no-logs policy and protecting our users’ privacy,” said the company. Matt Fossen, spokesman told Wired.

“We only utilize RAM-only servers, which automatically erase user-related data,” says Surfshark. “We’re still looking at the new rule and its consequences for us, but our overarching goal is to continue to provide no-logs services to all of our users,” said Gytis Malinauskas of Surfs hark.

“Our staff is examining the new directive and determining the best course of action,” says Nord VPN. If there are no other options, we may withdraw our servers from India,” Laura Tyrylyte of Nord Security told Wired.

Why is the Indian Government Doing This?

The Indian government defends its policy as a move to boost the country’s cybersecurity. The directives intended to “address various gaps causing difficulty in event analysis” while dealing with cyber incidents, according to the government’s press statement.

“Vpns were used in the majority of the frauds.” We’re only asking that you maintain the documents for five years, not that you hand them over to us. Keep the records; any law enforcement agency can request them if necessary. That, I believe, is a reasonable request. It’s a natural progression. All the countries are moving in that direction… Police has the right to ask the criminal to remove the mask or not – same is the case here,” a senior government official was quoted as saying by the Economic Times.

Will India Entirely Ban VPNs?

No, not just now. VPN firms having servers in India are subject to the new legislation. Because of the directive’s invasive character, VPN companies having servers in India are considering shutting down their operations in the country. That does not rule out the possibility of using the service. According to the current rules, you should still be able to connect to the same VPN provider’s servers in other countries. It’s unclear whether the government intends to target that path as well in the future.

Furthermore, privacy-focused VPNs are designed with a no-logs policy in mind and employ RAM-only servers, making log collection technically impossible. They will have to rethink their infrastructure to comply with the new law and function in the nation, putting consumers’ privacy at risk in the process. We don’t believe most VPN companies would be prepared to make such modifications to continue operating in the nation because anonymity is a significant selling element for most VPNs.

What’s Changing for VPN Users in India?

Let’s look at three different scenarios to see what’s changing for an ordinary VPN user in India. Firms that comply with the new VPN regulation, organizations who refuse to comply despite having servers, and companies that do not have a server in India or opt to shut down servers in the nation are all included.

Companies That Comply with the New Policy

If a VPN service chooses to follow the new policy, it must collect and keep logs for 180 days in the country. It should also keep the user’s personal data for a period of five years. When the policy takes effect next month, keep a watch on your VPN provider’s position on it.

Companies That Won’t Comply with the Directive Despite Having Indian Servers

If a VPN provider continues to operate as usual after June 28 without adhering to the rules, it may face penalties under section 70B(7) of the Information Technology Act of 2000. According to the statute, this is punishable by a year in prison, a fine of up to one lakh rupees, or both.

Related Posts

Government Alerts About Potential Google Chrome Vulnerability That Could Allow You to Be Hacked

Introduction In recent developments, the government has issued a stern warning concerning a critical vulnerability in Google Chrome that could potentially lead to users getting hacked. This…

Truecaller’s AI Can Now Answer Calls with Your Own Voice: Here’s How

Truecaller, a popular app known for identifying spam calls and providing caller ID services, has recently introduced a groundbreaking feature: the ability for its AI to answer…

WhatsApp Could Soon Let You Generate AI-Powered Profile Pictures: Check Details

In the ever-evolving landscape of digital communication, WhatsApp is poised to revolutionize user experience with the introduction of AI-powered profile picture generation. This groundbreaking feature promises to…

Best AI Tools For Coding in 2024 (Free and Paid)

Coding is a talent and an art form that calls for both technical know-how and original problem-solving. AI has a great deal of potential to simplify code…

WhatsApp on iOS activates passkey support: Here’s how to configure it.

Last year, WhatsApp began supporting passkeys on Android devices. On iOS, WhatsApp is currently rolling out passkey functionality. You must have an iPhone 8 or later model…

Airchat: New audio-based social media app is here.. to stay or just 2 mins of fame?

Newly popular, invite-only social networking app Airchat is all the rage. It is the creation of Brian Norgard, a co-founder of Tinder, and Naval Ravikant, the founder…

Leave a Reply

Your email address will not be published. Required fields are marked *