comscore Govt extends deadline of new rules for VPN service providers in India
News

Indian govt extends deadline for new rules governing VPN service providers

Many prominent VPN service providers have already decided to shut shop in India, in reaction to the latest directives by the Indian govt

VPN services

The Indian government has provided some temporary relief to Virtual Private Network (VPN) providers in the country. The Indian Computer Emergency Response Team (CERT-In), the govt agency responsible for cybersecurity in the country has offered an extension of three months to VPN providers in the country to comply with the government’s latest rules. Also Read - EPFO pension scheme holders' data exposed online, claims security researcher

Both Ministry of Electronics and IT (MeitY) and CERT-In have received requests to extend the deadline for implementation of these Cyber Security Directions. Also Read - Indian govt banned 348 mobile apps, some Chinese, that were sending user data to other countries

CERT-In has decided to provide an extension till 25 September 2022 to Micro, Small, and Medium Enterprises (MSMEs) in order to enable them to build the capacity required for the implementation of the Cyber Security Directions. Also Read - Indian govt to make tech giants pay publishers for news and original content

Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers, and Virtual Private Network Service (VPN Service) providers have been given additional time till 25 September 2022 for implementation of the mechanisms announced by CERT-In.

Many prominent VPN service providers have already decided to shut shop in India, in reaction to the latest directives by the Indian govt. The names include ExpressVPN and SurfShark.

What are the new directives for VPN service providers?

According to the Directions under subsection (6) of section 70B of the Information Technology Act, 2000 CERT-In had asked VPN service providers to fall in line with the new laws. The govt has asked Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers to register certain information of users which must be maintained by them for a period of 5 years or longer duration.

This is the data set that VPN service providers will need to maintain:

a. Validated names of subscribers/customers hiring the services
b. Period of hire including dates
c. IPs allotted to / being used by the members
d. Email address and IP address and time stamp used at the time of
registration / on-boarding
e. Purpose for hiring services
f. Validated address and contact numbers
g. Ownership pattern of the subscribers/customers hiring services

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: June 28, 2022 4:54 PM IST
  • Updated Date: June 28, 2022 6:17 PM IST



new arrivals in india