ARTICLE AD BOX
India’s considering new, tougher rules for VPN providers. If the plan moves forward, VPN companies would need to set up an office in India and name someone to answer for compliance with Indian law.
Nothing’s official yet, but sources say the government wants to keep a closer watch on VPN activity. Why? Basically, VPNs let people reroute their internet traffic through servers outside the country. That makes it harder for officials to see what users are really up to. This push for more accountability isn’t just about VPNs—it’s part of a bigger effort to regulate all kinds of digital services in India.
Lots of people use VPNs to stay private online, work remotely, or protect themselves on public Wi-Fi. But the government’s worried about the same tech helping people sidestep bans on certain websites or apps.
This isn’t coming out of nowhere. In 2022, the cybersecurity agency CERT-In told VPN companies, data centers, and cloud services they had to keep customer records for at least five years—even after people left. That means names, IP addresses, contact info, reasons for using the service, and so on.
CERT-In also wanted companies to name an official contact in India and keep local system logs for at least 180 days.
Now, these new guidelines could take things even further. They want VPN companies to follow stricter rules, more like those for bigger digital platforms. Requiring a local office or a compliance officer would give authorities someone on the ground to reach out to when they need info or decide to enforce the law.
This is a tough debate. Businesses count on VPNs for secure operations and remote access. Journalists and researchers rely on them for privacy and safety. Regulators, though, point out that VPNs can make it harder to catch criminals or track down people breaking digital laws.
After CERT-In’s 2022 rules, some global VPNs warned that saving user data goes totally against their promise not to keep logs. A few even pulled their physical servers from India, though their virtual options still work for Indian customers.
If these new rules take effect, VPN users in India could see some real changes. Companies might have to hire local staff, reply to more official requests, and deal with extra reporting. Still, there’s nothing at this point that suggests VPNs will get banned.
The real test for VPN companies is whether they can stick to their no-logs privacy policy while also following India’s rules. If the government demands even more data or tighter local oversight, some providers might just rethink their entire strategy here.
Everything remains up in the air until the government actually releases the new rules. For now, everyone’s playing by the current CERT-In guidelines and IT laws.
This whole story sums up a bigger issue in tech regulation: how do you keep things safe and legal, without killing privacy? Whatever India ends up deciding is going to matter—a lot. Tech companies, privacy advocates, businesses, and millions of users are all watching closely.




English (US) ·