The action is in response to a government mandate on storing information about customers to boost cybersecurity.

Gagandeep Kaur, Contributing Editor

June 10, 2022

3 Min Read
VPN providers remove servers from India to protest new rules

Several virtual private network (VPN) providers, including Surfshark and ExpressVPN, have removed their physical servers from India in response to a government mandate on storing information about customers to boost cybersecurity.

NordVPN has also threatened to remove its infrastructure from the country unless the mandate is reversed.

The new directive issued by the Indian Computer Emergency Response Team (Cert-In) requires that from June 27 onwards, VPN and cloud service providers must hold customers' names, email addresses, IP addresses, financial transactions and know-your-customer (KYC) checks for a period of five years. The VPN providers claim this compromises the privacy of their customers.

"Collect and store customer data? NO! We value people's privacy – that's why we stand against India's new data regulation law. We'll shut down our physical Indian servers. Still, you'll be able to connect to virtual servers through Singapore and London – check our server list," says a tweet by Surfshark.

A statement by ExpressVPN says, "The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it."

Surfshark said, "Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector's growth in the country. Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide."

Figure 1: The new directive requires that from June 27 onwards, VPN and cloud service providers must hold customers' names, email addresses, IP addresses, financial transactions and KYC checks for five years. (Source: Per Bengston/Alamy Stock Photo) The new directive requires that from June 27 onwards, VPN and cloud service providers must hold customers' names, email addresses, IP addresses, financial transactions and KYC checks for five years.
(Source: Per Bengston/Alamy Stock Photo)

A VPN allows a user to hide their IP address and encrypt browsing history, thus preventing Internet service providers (ISPs) and governments from tracking the online activities of the user.

The outbreak of COVID-19 led to a massive increase in the use of VPNs by enterprises in India, as employees started to access company data while working from home. By using a VPN, they were able to access company information remotely in a secure fashion.

India emerged as one of the top users as the penetration rate grew from just 3% in 2020, to more than 25% in the first half of 2021, according to the Atlas VPN report. VPN installs hit 348.7 million in the first half of 2021, recording a growth of 671% over 2020.

Related posts:

— Gagandeep Kaur, contributing editor, special to Light Reading

About the Author(s)

Gagandeep Kaur

Contributing Editor

With more than a decade of experience, Gagandeep Kaur Sodhi has worked for the most prominent Indian communications industry publications including Dataquest, Business Standard, The Times of India, and Voice&Data, as well as for Light Reading. Delhi-based Kaur, who has knowledge of and covers a broad range of telecom industry developments, regularly interacts with the senior management of companies in India's telecom sector and has been directly responsible for delegate and speaker acquisition for prominent events such as Mobile Broadband Summit, 4G World India, and Next Generation Packet Transport Network.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like