India Delays New VPN Policy For 3 Months

New cybersecurity regulations that required VPN providers to store user data were developed back in May by India's CERT (Computer Emergency Response Team) and the Ministry of Electronics and Information Technology (MeitY), and they were scheduled to take effect on June 27. However, CERT-In has chosen to postpone the new VPN policy for three months in response to strong criticism. Here are the details.

India's VPN Policy Extension

Now that the new VPN policy will take effect on September 25, according to CERT-in, VPN providers will have more time to comply with the new regulations. 


This follows opposition to the decision from a number of VPN providers. For those who are unaware, ExpressVPN and SurfShark VPN recently announced that they would remove their servers from India as a result of the new VPN regulations. However, they will both continue to function for Indian users via virtual servers located in India.

In case you forgot, the new regulation mandates that VPN service providers and others keep user information like names, IP addresses, email addresses, and phone numbers for at least five years. The goal of this is to reduce cyberattacks. However, it is obviously contrary to the main objective of these services, which is to give users an experience that focuses on privacy. 

ISPs and data centers must additionally keep accurate logs of their systems for a rolling 180-day period. More information regarding the new policy is available here.

Given that it has drawn negative attention, it is unclear whether this extension is a one-time event or will continue. When there are updates, we'll let you know more specifics. So pay attention. Also, let us know what you think about the latest development in the comments section. 

Post a Comment

Previous Post Next Post