India is taking strong action against VPN firms. IT Ministry has instructed VPN firms to store users’ data for five years or longer. The Indian government introduced new cybersecurity rules earlier this month. The new government order will force VPN firms to collect and store users’ data for at least five years. Further, the Indian government said it will launch a crackdown against VPN operators who do not obey guidelines.
The minister of state for electronics and IT Rajeev Chandrasekhar warned VPN firms who aren’t willing to comply with the new guidelines. Chandrasekhar said VPN service providers who do not follow the new guidelines will have no choice but to exit India. Notably, NordVPN is already prepping to remove its servers from the country. The VPN service provider does not want to store and collect its users’ data.
A firm or entity with good intentions knows that a safe and reliable internet is a useful tool, Chandrasekhar said. He was releasing FAQs on the new guidelines on reporting cyber breach cases. Further, he went on to insist on storing users’ data for at least five years. Chandrasekhar suggested virtual private servers, data center companies, and VPN firms should follow these guidelines. Most of these VPN firms charge fees for their service. However, there’s no dearth of free VPN service providers online.
VPN Service Providers Can Either Comply With Rules Or Exit India
To recap, a free VPN service provider leaked users’ personal information last year. Now, the Indian government isn’t giving VPN firms a choice. So, these firms have to follow the new guidelines unless it is ready to exit the country. The IT minister reiterated this in a PTI report (via NSBB News). Chandrasekhar warned the VPN firm to start maintaining the logs if they don’t have them. Further, he addressed companies that do want to remain anonymous. Chandrasekhar said firms that want to hide, will eventually have to pull out of India.
So, VPN firms that do not comply with the new guidelines have to exit India. Also, the CERT-In is urging VPN firms to keep details about their clients. For instance, they should store information such as clients’ names, addresses, and even contact numbers. Moreover, the CERT-In says VPN providers should keep their email addresses, subscription period, and IP addresses. Also, it now requires them to store the client’s reason for using its VPN service. These new guidelines will take effect starting from June 2022.
VPN services use remote servers. So, they enable users to hide their locations while accessing the internet. The internet service providers don’t have access to these users’ search history. These programs are particularly popular among ethical hackers and investigative journalists. VPN services allow them to access websites that have been blocked in their countries.