Using your favorite VPN in India may soon be impossible thanks to new regulations that will require VPN providers to collect and store a wide range of customer data for a period of five years.
As reported by COACHComputer Emergency Response Team (CERT-in), which is under the control of the country’s Ministry of Electronics and Information Technology, has issued a new set of instructions with the aim of ” coordinate response activities as well as emergency cybersecurity measures”. incidents.
VPN providers aren’t the only companies that will be required to store customer data, as the guidelines also apply to data centers, cryptocurrency exchanges and virtual private server (VPS) providers.
From June this year, companies in these sectors will be required to register client names, client ownership patterns, client contact details and the reason they purchased their services in the first place.
Improving the response to cyber incidents has a cost
The new CERT-in order appears to be aimed at ensuring that the government agency can respond to all kinds of cyber incidents within six hours of their discovery. While the command itself may be well-intentioned, the range of data CERT-in asks organizations to store and provide upon request is quite unusual.
CERT-in requires organizations to report data breaches, fake mobile apps, attacks on server infrastructure, and even unauthorized access to a user’s social media accounts. Additionally, companies that fail to provide the necessary information are subject to Section 70B(7) of the IT Act, which can result in up to one year in prison.
Another hiccup in the Indian government’s plan is that most VPNs have a “no-logs policy” or, at the very least, only temporarily retain user data. Due to the new CERT-in guidelines, many VPN providers and other IT companies could potentially stop doing business in India as they can no longer legally operate in the country.
The new guidelines will come into effect at the end of June, unless the compliance window is extended, which could very well be the case. Until then though, consumers and businesses in the country should choose one of the best Indian VPNs while they still can.