The Government of India has implemented a new IT regulation requiring virtual private network (VPN) providers to collect substantial user data and keep it for at least five years. CERT-in, the Computer Emergency Response Team, issued the order. Data centres and cryptocurrency exchanges are also covered by the new rules. Beginning in late June 2022, the new policy will take effect.

VPN providers will be required to maintain customer data even if the user deletes their account or cancels their subscription. Companies will be required to keep track of user names, IP addresses, usage patterns, and other personally identifying data. Fake mobile apps, data breaches, unauthorised access to social media accounts, and other vulnerabilities have been requested by CERT-in.

Railway Minister Ashwini Vaishnaw
Indian IT Minister Ashwini VaishnawIANS

Why do users prefer VPNs?

The most important reason to use a VPN is to hide your IP address. It allows clients to avoid website trackers that collect data and track their position. Paid VPN has a no-logging policy and works on RAM-only servers, ensuring complete secrecy. VPN businesses will be required to retain servers that allow them to log in user data and store it for five years or longer as a result of the new change. Companies will incur increased costs as a result of switching to storage servers, and user privacy will no longer be a primary feature of these services.

virtual private network
virtual private networkTwitter

How will it affect users?

VPN providers will be forced to switch to storage servers if the new change is implemented, which will allow them to log in user data and store it for at least five years. Companies will incur increased expenditures as a result of switching to storage servers.

This means less privacy and possibly more fees for the end-user. It would be possible to follow your surfing and download history if data was logged. Meanwhile, paid VPN firms may raise subscription prices to cover the costs of the new storage servers they must now use.

"Our team is investigating the new directive recently passed by the Indian government and exploring the best course of action. There are still at least two months left until the law comes into effect, so right now nothing has changed in the way we operate. We can ensure that we are and will stand to our principles and protect user privacy," Nord VPN, one of the providers, said in response to the new law.