India forces VPN providers to share data

VPN providers shut down their servers. India has introduced data retention for 5 years. Anyone who refuses goes to jail.

Since 10. Among other things, providers of VPN services in India must collect personal data from their users and store it for at least five years in case of inquiries from the authorities. The Indian CERT (Indian Computer Emergency Response Team) issued this back in May. If the data is not saved or passed on, the operators of the VPN servers in India face up to one year imprisonment.

As a result, several companies have already announced the withdrawal of their VPN servers from India.

CERT is subject to the in India Ministry of Technology

VPN providers must provide specific names, addresses, telephone numbers, email addresses, their IP addresses and a detailed list of how their service is used . The reason given by CERT was that this was the only way to coordinate emergency measures should incidents occur that affect IT security in India. The CERT is subordinate there to the Ministry of Electronics and Information Technology.

Regulation also applies to data centers and crypto trading places

In addition to VPN services, comparable data must also be stored permanently by data center operators, cloud providers and crypto trading platforms. The KYC principle applies in India. This obliges crypto providers to check the identity of their customers in detail. In addition, data centers etc. have been obliged to create log files in order to save them since last Monday.

Storage is allegedly not provided by several providers

The VPN industry has now reacted to India’s push. ExpressVPN writes on its own blog that it refuses to endanger users’ data. Because the servers run in RAM mode, the creation of usage data is neither intended nor possible. Using virtual servers, websites can still be fooled into thinking they have an Indian IP address. However, the corresponding VPN servers are located in Singapore and Great Britain. They are therefore not subject to the new legislation.

The competitor PureVPN has also opted for virtual servers in Singapore. In its revised FAQs, Mullvad states that it is only subject to Swedish jurisdiction and not that of any other country. The decisive factor, however, is the fact that Mullvad does not maintain any VPN servers in India. We asked other VPN companies how they intend to deal with this problem from now on. Update: announced on 10. It was already known in June that the servers in India had been terminated.

Lars Sobiraj started in 2000 to work as a career changer for various computer magazines. 2006 numerous other online magazines were added in addition to He is the founder of In addition, Ghandy, as he calls himself in the scene, has been teaching participants at various universities and training institutions since 2006, how the internet works.


Related Articles

Back to top button