Updated
Updated · TechRadar · Jul 3
India Weighs VPN Law Requiring Local Offices, 5-Year Data Logs and Prison Terms
Updated
Updated · TechRadar · Jul 3

India Weighs VPN Law Requiring Local Offices, 5-Year Data Logs and Prison Terms

3 articles · Updated · TechRadar · Jul 3

Summary

  • New Delhi is drafting rules that would force VPN providers to set up local offices, appoint compliance officers and face criminal penalties if they ignore government blocking orders.
  • The push follows officials' admission that CERT-In's 2022 regime—requiring VPNs to retain names, IP addresses and usage data for five years—failed after major providers pulled physical servers from India.
  • Authorities want to make VPN companies legally liable when users bypass state content bans, a pressure point highlighted by a recent surge in VPN downloads after India temporarily blocked Telegram and ordered firms to block Polymarket.
  • ExpressVPN and Surfshark signaled they still prioritize user privacy, while enforcement remains uncertain because offshore providers can continue operating without infrastructure inside India.
  • The proposal would deepen India's already hard-line internet controls, a policy critics say aligns with the country's repeated lead in government-imposed internet shutdowns.

Insights

Can India police the global internet when top VPNs operate entirely beyond its borders?
With VPNs now using un-loggable RAM servers, is India’s data demand technically impossible to meet?

India’s Proposed 2026 VPN Law: Tighter Controls, User Impact, and Legal Challenges

Overview

India is moving toward a much stricter VPN law by 2026, building on the 2022 Cert-In directive that required VPN providers to keep user data like names, emails, contact numbers, and IP addresses for five years. This rule led to strong opposition from major VPN companies, who responded by removing their servers from India and rerouting user traffic through other countries. The government's push for tighter control is driven by concerns over online anonymity and the ability of VPNs to bypass censorship, setting the stage for ongoing tension between privacy advocates and regulatory authorities.

...