Recently, CERT-IN, the Indian Computer Emergency Response Team has released new rules and norms which they need to implement as soon as possible. Previously, these new norms were supposed to be implemented by June 27 but now finally CERTI-in has given another 3 months breather to them and the same must be implemented by 25th Sept.
The Indian government passes a new law requiring VPNs to collect and store user data for at least five years. It is applied not only on VPNs but to cloud service providers, data centers, and crypto exchanges, with extensive crypto data f the user has deleted their accounts or canceled their subscription.
Companies will have to store their user names, IP addresses, information, usage patterns, and access to their social media accounts. And those who don’t comply could face up to a year in prison.
These are the following rules:
- All VPN providers must maintain the customer details such as email id, name, contact numbers, and IP address for five continuous years. This rule is applicable to even others such as data centers and cloud service providers.
- This data is supposed to be shared with the government whenever asked.
- These new norms will be effective on 25th September 2022
- They also need to maintain a log of all information and communication technology systems for the period of 180 days.
These are the following details that must be maintained by VPN and data centers.
- Validated name of subscribers
- IP address
- The purpose behind hiring services
- Address
- Contact numbers
- Email address
- Ownership pattern of the subscribers
Also Read: Top 10 best & Secure VPN services in 2022
The cyber domain has postponed these new rules for all micro, small and medium enterprises. While All the VPN providers are asked to maintain the user profile for at least five years or longer and must submit to CERT-in whenever asked in case of cybercrime. However, VPN providers have sent a letter to CERT-in and Electronics and IT dept. voiced their concerns regarding these rules as these will breach the basic fundamental nature of the service providers and that is obvious, nobody would want others to get their personal information saved.
Listening to this, many VPN service providers such as Nord VPN, and Express VPN said they will be removed their servers from India. Many of the leading VPN service provider companies are upset due to the new norms and are ready to ban their servers in India. According to the database, India ranks among the top 20 countries in VPN users accounting for 270 million users.
One of the company spokesperson said that “we do not store the user’s data and this is against the user’s privacy policies. Logging features are not there in the server architecture and are also committed to the privacy policy. Therefore, we are not able to keep servers in India, the company said further.”
Also Visit: After India, USA Wants to crack down on VPN service providers!
