The Indian Computer Emergency Response Team (CERT-In) has provided a three-month extension to VPN service providers to comply with new rules that require them to store user data for at least five years, after several VPN providers recently announced plans to remove local servers in India.
September 25 is the new compliance date for micro, small and medium enterprises. Other businesses, which don’t provide VPN or cloud services, will have to comply with the earlier deadline of June 27.
The Ministry of Electronics and Information Technology said that the extension will “enable the industry to build the capacity required for the implementation of the cyber security directions”. Earlier this month, VPN providers including ExpressVPN, NordVPN, and SurfShark, decided to remove their servers in India.
CERT-In directions mandated service providers to keep records of every information and communication technology (ICT) transaction for a minimum of 180 days. They require service providers to maintain the personal information of subscribers for five years or longer, which can be demanded by CERT-In in case of a cybersecurity incident.
Last month, Rajeev Chandrashekhar, Minister of State for Electronics and Information and Technology, said, “If you’re a VPN that wants to hide and be anonymous about those who use VPNs and you don’t want to go by these rules, then if you want to pull out (from the country), frankly, that is the only opportunity you will have. You will have to pull out,” he said.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
