Using your favorite VPN in India may soon be impossible thanks to new regulations that will require VPN providers to collect and store a wide range of customer data for a period of five years.
As reported by ENTRACKR, the Computer Emergency Response Team (CERT-in), which is under the control of the country's Ministry of Electronics and Information Technology, has published a new set of directives in order to "coordinate the activities of response, as well as emergency measures". in relation to cybersecurity incidents.
VPN providers are not the only companies that will be required to store customer data, as the guidelines also apply to data centers, cryptocurrency exchanges, and virtual private server (VPS) providers. .
Starting in June this year, companies in these sectors will be required to register customer names, customer ownership patterns, customer contact details, and the reason they bought their services in the first place.
Improving the response to cyber incidents has a cost
The new CERT-in-order appears to be aimed at ensuring that the government agency can respond to all types of cyber incidents within six hours of their discovery. While the command itself may be well-intentioned, the range of data that CERT-in asks organizations to store and provide on demand is quite unusual.
CERT-in requires organizations to report data breaches, fake mobile apps, attacks on server infrastructure, and even unauthorized access to a user's social media accounts. Additionally, companies that fail to provide the necessary information are subject to Section 70B(7) of the IT Act, which can result in up to a year in prison.
Another hiccup in the Indian government's plan is that most VPNs have a "no logs policy" or at least only temporarily retain user data. Due to the new cert-in guidelines, many VPN providers and other IT companies could stop doing business in India as they can no longer legally operate in the country.
The new guidelines will go into effect at the end of June, unless the compliance window is extended, which may very well be the case. Until then, however, consumers and businesses in the country should pick one of the best Indian VPNs while they can.
Via ENTRACKR