Here’s Why Major VPN Companies Are Withdrawing Their Servers From India


According to a source, major virtual private network (VPN) companies are relocating their servers from India in order to protest the new policy, which they claim threatens user privacy. According to the country's Computer Emergency Response Team (CERT), the new laws will apply to VPN companies beginning September 25 and would force VPN companies to gather IP addresses, customer names, and email addresses of users.


The data acquired by VPN users must be kept for at least five years and turned over to CERT-In on demand in order for the agency to decrease gaps in reacting to cybersecurity incidents.


According to The Wall Street Journal, the withdrawing VPN businesses and internet-rights groups argue that gathering such data jeopardizes their users' privacy and limits online speech. According to digital advocacy groups, the government's requirements are excessive and more akin to those imposed in China or Russia than in democracies.


According to the study, Panama City-based NordVPN, which has already stopped running its servers from India, such restrictions are "usually adopted by authoritarian governments in order to establish more control over their citizens."

Major VPN providers that have ceased operations in India

Other VPN service providers that have ceased operations in India in recent months include Private Internet Access and IPVanish from the United States, ExpressVPN from the British Virgin Islands, TunnelBear from Canada, and Surfshark from Lithuania.


According to Surfshark, VPN providers leaving India are bad for the country's expanding IT sector. According to Surfshark data, 14.9 billion accounts have been leaked since 2004, the year data breaches became common, with 254.9 million of them belonging to Indian customers. To put this in context, 18 out of every 100 Indians had their personal contact information compromised.


What do the new CERT-In requirements for VPN companies say?

Meanwhile, earlier in May, India's nodal agency CERT-In, which deals with cyber security threats, hacking, and phishing, requested that VPN service providers in the country collect and store extensive user data for at least five years, citing goals such as combating cybercrime and preserving the country's integrity and sovereignty.