wordpress blog stats
Connect with us

Hi, what are you looking for?

VPN providers undeterred by minister’s ultimatum to comply or leave India

Many popular VPNs had made it clear that they will not comply.

“The government has very clearly said repeatedly on all issues relating to rule-making: there is no opportunity for somebody to say, we will not follow the laws and rules of India. If you don’t have the logs, start maintaining the logs. If you’re a VPN that wants to hide and be anonymous about those who use VPNs and you don’t want to go by these rules, then if you want to pull out (from the country), frankly, that is the only opportunity you have. You have to pull out,” the Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said on May 18 while releasing the FAQs document on the new cybersecurity directive.

Chandrasekhar’s comments come after VPN providers objected to the cybersecurity directive’s requirement to maintain detailed information on customers such as their names, contact details, the purpose of usage, IP address, etc. Many of the popular VPN providers made it clear that they will not comply with the new privacy-invasive directions either because it is technically not feasible for them to or because they will pull out of the country to avoid compliance. Windscribe even criticised the rules for being more stringent than those of “dictatorships” like China and Russia.

“You have an obligation to know who’s using your VPN infrastructure, who’s using your cloud, who’s using a data centre. Why do you have an obligation to know it? If there is a detected cyber incident or cyber breach from one of the people using your VPN or your cloud or your data centre, it is your obligation to produce data. Now, you can’t at that point stand and say no, but it’s our rule that we will not maintain logs. If you don’t maintain all logs, this is not a good place to do business,” Chandrasekhar remarked.

What have VPN companies said in response to Chandrasekhar’s comments?

  • Surfshark might legally challenge the directive: Gytis Malinauskas, Head of Legal at Surfshark, said: “As the new regulation goes against the nature of the VPNs industry – which seeks to protect users’ privacy – we remain committed to providing no-logs services to our users, including those living in India. Currently, we are investigating the new regulation with Indian lawyers before deciding on the best course of action. Surfshark is considering all the options, including the possibility of challenging the validity of this new regulation. Overall, making such a radical action that highly impacts the privacy of millions of Indians without robust data protection mechanisms will most likely turn out to be counterproductive and strongly damage the sector’s growth in the country.”
  • Windscribe will not compromise privacy for ridiculous requirements from one country: “Windscribe does not collect or store the origin country of any customer. We have no idea where a person is from when they use our service, so Rajeev Chandrasekhar’s requirements are impossible to implement. Our service is free and available to anyone. We will not compromise the privacy of all our users to comply with these ridiculous requirements originating from a single country.”
  • Mullvad says it’s impossible: “It is impossible for a privacy-focused VPN to legally operate in India under that laws.”
  • Nord VPN still exploring options: “We are still exploring the best course of action and will update you ASAP on the NordVPN decision.”

What is the new cybersecurity directive?

The new cybersecurity directive was issued by the Indian government’s Computer Emergency Response Team (CERT-In) on April 28 and covers aspects related to the timeframe for reporting cybersecurity incidents, synchronisation of system clocks, maintenance of logs, maintenance of KYC and transaction information for crypto exchanges, and maintenance of detailed customer information for VPN, cloud service, data centre providers. Cybersecurity and privacy experts, VPN providers, and tech companies have all criticised the directive for a long list of reasons.

The FAQs document clarified that corporate and enterprise VPNs are not subject to the directive, but the document failed to clarify one of the most important questions: does the government want VPN providers to maintain logs of their users’ web activity?

Also Read:

Advertisement. Scroll to continue reading.

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ