The new data law was notified by the Indian Computer Emergency Response Team (CERT-In), and is intended to help fight cybercrime. Under the rules, companies will be required to store users’ real names, IP addresses assigned to them, usage patterns, and other identifying data. The companies must maintain logs of user data for a rolling period of 180 days; five years in some cases. Service providers have 60 days from June 27 to comply.
The first salvo has been fired in the fight between the Indian government and VPN service providers over the new IT rules requiring them to maintain logs of customer data — ExpressVPN announced on Thursday that it was shutting down its Indian servers.
Recommended ArticlesView All
Delhi fails to get a mayor for third time — What's the issue and what happens next
Feb 6, 2023 IST4 Min(s) Read
India opposes Hindustan Zinc's buyout of Vedanta's global zinc assets: Exclusive
Feb 6, 2023 IST2 Min(s) Read
Vodafone-Idea Saga — Three parents but none to love
Feb 6, 2023 IST6 Min(s) Read
World Cancer Day 2023: Early detection is crucial for reducing the global burden
Feb 4, 2023 IST5 Min(s) Read
"With a recent data law introduced in India requiring all VPN providers to store user information for at least five years, ExpressVPN has made the very straightforward decision to remove our Indian-based VPN servers.
The new rules — effective from June 27 — require VPN service providers, among others, to maintain logs of user data for a rolling period of 180 days; five years in some cases. Service providers have 60 days from June 27 to comply, and Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar and ruled out any extension on this front.
ExpressVPN has called the new rules "overreaching" and said it opens up a window for potential abuse. "ExpressVPN refuses to participate in the Indian government’s attempts to limit internet freedom ... we will continue to fight to keep users connected to the open and free internet with privacy and security, no matter where they are located. We will never collect logs of user activity or connection logs," the VPN provider said.
ExpressVPN said this move will not disrupt service to its Indian users.
"Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India. These 'virtual' India servers will instead be physically located in Singapore and the UK," ExpressVPN said in a blog post.
ExpressVPN has become the first VPN service provider to take tangible action ever since the new rules were announced in April. Nord VPN has threatened to exit India, while Surfshark said it is considering all options and legal remedies before taking a decision.
"Internet users based in India ... can use ExpressVPN confident that their online traffic is not being logged or stored, and that it’s not being monitored by their government," the company added.
The new data law was notified by the Indian Computer Emergency Response Team (CERT-In), and is intended to help fight cybercrime. Under the rules, companies will be required to store users’ real names, IP addresses assigned to them, usage patterns, and other identifying data.
(Edited by : Abhishek Jha)