Last year, a report was submitted to the government asking authorities to detect and permanently ban VPN services in India. However, the suggested move was not implemented, which came as a sigh of relief for the VPN companies. Instead, the Indian government has now announced a new policy that mandates VPN providers in the country to collect, log and store user data including names, phone numbers and even IP addresses . Let’s take a look at the details below.
New Policy Details for VPN Providers in India
India’s Ministry of Electronics and Information Technology (MeitY) and CERT-In recently announced a new policy for VPN providers in India through an official memorandum. The policy aims to give more power to CERT-In, which is responsible for monitoring cyber crimes in the country.
“In dealing with cyber incidents and interacting with the constituency, CERT-In has identified certain gaps hindering incident analysis,Government of India said in a statement. Citing this issue and to help the emergency response team with cybercrime analysis, this new policy will be effective from 27th June,
Under this policy, VPN providers will be required to log and store user information such as their names, email addresses and phone numbers for at least five years. Companies also have to store the IP addresses held by customers. allotted and whom they signed up to, as well as other details such as their purpose of using the VPN services and their “proprietary pattern”.
Apart from this, the new policy also Requires different ISPs and data centers to maintain proper logs of their systems over a rolling 180-day period. Furthermore, this extends to cryptocurrency exchange platforms and requires them to maintain transaction and customer records for five years.
With these steps, the government aims to deter cybercriminals from using VPN services for malicious activities. However, this would also mean that the online activities of all VPN users would now be logged and stored in a database for the government to access at any time. While this may curb cyber attacks, this new policy also keeps user personal information out in the open. Hence, now it will be difficult for VPN companies to promote their services with privacy as a key feature.
There is a chance that many VPN companies will object to the new policy but the government warns that “Failure or non-compliance to furnish information may invite punitive action.” So, what do you think about the new VPN policy in India? Do you think this is the right step to prevent cyber attacks in the country? Let us know your thoughts in the comments below.