Notebookcheck Logo

Indian government mandates VPN providers to store user logs for up to five years

Running a VPN service in India just got a whole lot trickier (image via Unsplash)
Running a VPN service in India just got a whole lot trickier (image via Unsplash)
A new directive by CERT (Computer Emergency Response Team) significantly changes how VPN services will operate in India. Companies will now be forced to store a treasure trove of user data, including email/IP addresses, names, contact numbers and addresses for up to five years, even after a user has terminated their service.

Back in 2021, the Indian government proposed a law that would ban VPNs in their entirety. Nothing seemingly came of it for a while, but now, a milder, more terrifying version of the bill has resurfaced. It essentially mandates all VPN providers to log and store data generated by Indian users for five years. It rit rings the death knell for "no log" VPN providers, who will now be forced to invest in extra storage servers, lest they lose the ability to do business in India.

The complete directive on can be found on the official CERT (Computer Emergency Response Team) website. It directs providers of virtual private networks, virtual private servers and cloud service providers to keep a log of a plethora of data, including the user's names, IP address/email address used during registration, a verified address/contact number, and a "purpose for hiring service". Providers will be required to hold on to the said data even after users terminate their contract with the company.

Essentially, getting a VPN subscription in India will soon be as cumbersome as getting a SIM card due to the sheer amount of paperwork involved. Entrackr has heard from Nord VPN that it could cease its Indian operations entirely due to the directive. Any provider who refuses to comply with the CERT's directive faces up to a year of imprisonment. It'll be interesting to see how commercial VPN providers respond to this directive.

In the meanwhile, one can always create their own VPN server from scratch. While the process is cumbersome and requires quite a bit of command-line work, there are several excellent tutorials out there that walk you through the process, such as this one on the Linus Tech Tips forum. Do note that it, too, requires a monthly subscription, but that is mostly on par with what one would pay for a VPN anyway.

Read all 3 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Mail Logo
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2022 05 > Indian government mandates VPN providers to store user logs for up to five years
Anil Ganti, 2022-05- 6 (Update: 2022-05- 6)