Several VPN services are considering moving operations out of India following ExpressVPN’s announcement this week that it plans to remove servers from the country considering new and controversial cybersecurity rules.
The Indian government updated section 70B of the IT Act, 2000 to add several measures in April 2022. Service providers, intermediaries, data centers, companies, and government organizations have six hours to report a range of intrusions to CERT-IN, an agency tasked with organizing the government’s response to computer intrusions.
The new rules, which take effect in June, caused outrage among tech companies across the globe. Many argued the rules would be cumbersome and provide hackers with readily available pools of data to steal from.
The rules were heavily criticized by VPN companies that make a point of not storing the kind of user data now required by the new rules in India. If you don’t have logs, start collecting/storing them. If companies are not willing to follow the rule, then they are free to leave – Cabinet Minister Chandrasekhar said
ExpressVPN released a blog post explaining that it will remove its Indian-based VPN servers in response to the new rules.
The company said users in India will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were in India through virtual servers physically located in Singapore and the UK.
Under India’s new VPN rule, which is set to come into effect on June 27, 2022, companies will be required to store users’ real names, IP addresses assigned to them, usage patterns, and other identifying data, and will never collect logs of user activity, including no logging of browsing history, traffic destination, data content, or DNS queries the company said.
Like ExpressVPN other providers like Nord VPN, Proton VPN, and Surfshark VPN are ready to pull the plug if required.