Government personnel in India can no longer use virtual private network (VPN) services provided by a third party. This is the most recent development in India’s continuous assault against internet privacy software.

The new guideline was issued in response to the choice made by some of the finest VPNs to shut down their servers in India out of concern for users’ privacy in light of the new data law. To this point, ExpressVPN, Surfshark, and NordVPN have all announced that they will physically depart the country before implementing CERT-in directives on June 27.

The Indian government is also encouraging its employees to refrain from keeping any internal or private information on cloud platforms that are not affiliated with the government, such as Google Drive and Dropbox. It is also strongly recommended that you do not utilize an external mobile app-based scanner such as CamScanner, which was made illegal in 2020.

Why are VPNs leaving India?

Since it was revealed on April 28, cybersecurity professionals and privacy advocates have been voicing several concerns regarding the new data law that India has implemented.

The Indian Computer Emergency Response Team (CERT-In) is drafting new regulations that are scheduled to go into effect on June 27, 2018. These regulations will require VPN and VPS providers, data centers, cloud storage services, and cryptocurrency exchanges to store sensitive user data for up to five years and share it with the appropriate authorities upon their request.

Even though the new law attempts to curb an increasing rate of cybercrime – India was the third most affected nation for data breaches worldwide in 2021 – VPN providers believe that these regulations go against the security software infrastructure. This is despite the fact that the new law comes as part of an attempt to curb an increasing rate of cybercrime.

VPN is a piece of software that helps users maintain their anonymity and privacy while they are connected to the internet. How? By hiding their true IP address and encrypting all of the data that is being transmitted over a tunnel, you can protect their privacy.

Because of this, ExpressVPN stated in a blog post that the new directions issued by CERT-Un are “incompatible with the objective of VPNs.”

In addition, most private virtual private network (VPN) services all adhere to a tight no-log policy. This is a standard feature. This ensures that none of the sensitive data pertaining to the users can be retained, divulged, or shared in any way.

As hiding.me said when it announced its plan to pull the plug on its Indian servers, India’s new data retention law “makes operating a zero-log VPN unfeasible,” hence the company made a choice to shut down its Indian operations.

In spite of the pushback, the authorities in India appear to be unwavering in their determination to proceed with their plan to put the new guidelines into effect at the end of the month. Rajeev Chandrasekhar, the Minister of State for Electronics and Information Technology, made this statement regarding this topic: “providers that do not desire to comply with the rules are free to leave India.” At the same time, Laura Tyrell, the Head of PR at Nord Security, informed us that it will, in some way or another, negatively impact the privacy and digital security of individuals.