Notebookcheck Logo
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Indian government mandates VPN providers to store user logs for up to five years

Running a VPN service in India just got a whole lot trickier (image via Unsplash)
Running a VPN service in India just got a whole lot trickier (image via Unsplash)
A new directive by CERT (Computer Emergency Response Team) significantly changes how VPN services will operate in India. Companies will now be forced to store a treasure trove of user data, including email/IP addresses, names, contact numbers and addresses for up to five years, even after a user has terminated their service.

Back in 2021, the Indian government proposed a law that would ban VPNs in their entirety. Nothing seemingly came of it for a while, but now, a milder, more terrifying version of the bill has resurfaced. It essentially mandates all VPN providers to log and store data generated by Indian users for five years. It rit rings the death knell for "no log" VPN providers, who will now be forced to invest in extra storage servers, lest they lose the ability to do business in India.

The complete directive on can be found on the official CERT (Computer Emergency Response Team) website. It directs providers of virtual private networks, virtual private servers and cloud service providers to keep a log of a plethora of data, including the user's names, IP address/email address used during registration, a verified address/contact number, and a "purpose for hiring service". Providers will be required to hold on to the said data even after users terminate their contract with the company.

Essentially, getting a VPN subscription in India will soon be as cumbersome as getting a SIM card due to the sheer amount of paperwork involved. Entrackr has heard from Nord VPN that it could cease its Indian operations entirely due to the directive. Any provider who refuses to comply with the CERT's directive faces up to a year of imprisonment. It'll be interesting to see how commercial VPN providers respond to this directive.

In the meanwhile, one can always create their own VPN server from scratch. While the process is cumbersome and requires quite a bit of command-line work, there are several excellent tutorials out there that walk you through the process, such as this one on the Linus Tech Tips forum. Do note that it, too, requires a monthly subscription, but that is mostly on par with what one would pay for a VPN anyway.

Read all 3 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Anil Ganti
Anil Ganti - Senior Tech Writer - 979 articles published on Notebookcheck since 2019
I've been an avid PC gamer since the age of 8. My passion for gaming eventually pushed me towards general tech, and I got my first writing gig at the age of 19. I have a degree in mechanical engineering and have worked in the manufacturing industry and a few other publications like Wccftech before joining Notebookcheck in November 2019. I cover a variety of topics including smartphones, gaming, and computer hardware.
contact me via: @AnilGanti, LinkedIn
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2022 05 > Indian government mandates VPN providers to store user logs for up to five years
Anil Ganti, 2022-05- 6 (Update: 2022-05- 6)