Last year, a report was submitted to the government asking authorities to find and permanently ban VPN services in India. However, the proposed steps were not implemented, which was a sigh of relief for VPN companies. Instead, the Indian government announced a new policy requiring VPN providers in the country to collect, record and store user data, including names, phone numbers and even IP addresses. Let’s find out more below. 
New policy details for Indian VPN providers
The Ministry of Electronics and Information Technology (MeitY) and CERT-In recently announced a new policy for VPN providers in India through an official memo . The policy aims to give more powers to CERT-In, which is responsible for monitoring cybercrime in the country.
“In the course of handling the cyber incident and interacting with stakeholders, CERT-In identified certain gaps that impeded incident analysis, ” the Indian government said in a statement. To cite this issue and assist emergency response teams in analyzing cybercrime, this new policy will go into effect on June 27th .
Under this policy, VPN providers will be required to log and store user information such as name, email address, and phone number for at least five years . Companies must also store details such as the IP address assigned to a customer and the IP address used to sign up, as well as the intended use and “ownership pattern” of the VPN service.
Apart from these, the new policy also mandates various ISPs and data centers to maintain proper logs of their systems for 180 consecutive days . Furthermore, the regulation also applies to virtual currency exchange platforms, requiring them to maintain transaction and customer records for five years.
With these measures, the government aims to prevent cybercriminals from using VPN services for malicious activities. However, this also means that all VPN users’ online activities are logged and stored in a database for government access at any time. While it may ultimately curb cyberattacks, the new policy also exposes users’ personal information. Therefore, it is currently difficult for VPN companies to promote their services with privacy as a key feature.
While many VPN companies may object to the new policy, the government has warned that “failure to provide information or comply may result in punitive action.” So, what do you think about India’s new VPN policy? Do you think it is the right move to curb cyberattacks in the country? Let us know your thoughts in the comments section below.
![How to set up a Raspberry Pi web server in 2021 [Guide]](https://i0.wp.com/pcmanabu.com/wp-content/uploads/2019/10/web-server-02-309x198.png?w=1200&resize=1200,0&ssl=1)
