India's new VPN Policy Delayed by Three Months
Early June, India’s Computer Emergency Response Team CERT-In and the Ministry of Electronics and Information Technology MeitY had decided to implement the new cybersecurity regulations, the same rules which caused a huge uproar amongst VPN providers.
These regulations were meant for VPNs and cloud storage service providers and required them to store all user-centric data like validated names, emails, usage patterns and IP addresses of subscribers on their servers for a period of five years. . They were also required to share this data with regulatory and law enforcement agencies during investigations, which is against the no-logs policy of VPN providers around the globe.
The new regulations were set to be initiated from June 27, but CERT-In said that it received requests for the extension of timelines for the implementation of the rules by micro, small and medium enterprises (MSMEs) also from VPNs, data centers and cloud service providers to provide more time for settling in the new system.
CERT-In believes the extension will help MSMEs to build capacity required for the implementation of the new rules. So keeping in mind this the new regulations will now take effect from September 25 giving the aforementioned bit more time to comply with the rules.
Meanwhile, many providers have already exited the scene and the rest contemplating shutting down their physical servers. Some providers like ExpressVPN and SurfShark VPN will still be providing services by using virtual servers and since these servers are not physically present in India they'll get a pass from the Indian jurisdiction and continue with their no-logs policy.
India represents the second-largest population for VPN usage, time will tell if these rules really help in the enhancement of cyber security or will it succumb to the privacy concerns of users.