New cybersecurity regulations that required VPN providers to store user data were developed back in May by India's CERT (Computer Emergency Response Team) and the Ministry of Electronics and Information Technology (MeitY), and they were scheduled to take effect on June 27. However, CERT-In has chosen to postpone the new VPN policy for three months in response to strong criticism. Here are the details.
India's VPN Policy Extension
CERT-In extends timelines for enforcement of Cyber Security Directions till 25 September, 2022 for MSMEs and for the validation aspects of subscribers/customers details.
— CERT-In (@IndianCERT) June 28, 2022
For details visit https://t.co/Biq8LVAvwrhttps://t.co/WF4mJv3jO4
“MeitY and CERT-In are in receipt of requests for the extension of timelines for implementation of these Cyber Security Directions of 28th April 2022 in respect of Micro, Small, and Medium Enterprises (MSMEs). Further, additional time has been sought for the implementation of a mechanism for validation of subscribers/customers by Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers, and Virtual Private Network Service (VPN Service) providers.”
This follows opposition to the decision from a number of VPN providers. For those who are unaware, ExpressVPN and SurfShark VPN recently announced that they would remove their servers from India as a result of the new VPN regulations. However, they will both continue to function for Indian users via virtual servers located in India.
In case you forgot, the new regulation mandates that VPN service providers and others keep user information like names, IP addresses, email addresses, and phone numbers for at least five years. The goal of this is to reduce cyberattacks. However, it is obviously contrary to the main objective of these services, which is to give users an experience that focuses on privacy.
ISPs and data centers must additionally keep accurate logs of their systems for a rolling 180-day period. More information regarding the new policy is available here.
Given that it has drawn negative attention, it is unclear whether this extension is a one-time event or will continue. When there are updates, we'll let you know more specifics. So pay attention. Also, let us know what you think about the latest development in the comments section.