A government official said that companies offering virtual private network or cloud services in India will be held liable if they do not comply with the government’s cybersecurity policy, which mandates them to collect as well as maintain extensive and accurate data of their consumers for five years.
A government official said, “While there is no mandatory need for these companies to inform the Union ministry of electronics and information technology (MeitY) about complying with the directives, they may face charges if failed to provide information regarding a particular case if sought by the Centre.”
Recently, Union Minister of State for Electronics and IT Rajeev Chandrasekhar said that the companies must comply with the laws of the land or they can exit the Indian market. The government said the information will only be sought on a case-to-case basis, therefore not violating citizens’ right to privacy.
One of the leading cloud service providers ExpressVPN has already announced that it is shutting its servers in India, becoming one of the first companies to do so, after the Indian Computer Emergency Response Team (CERT-In) on April 28 issued directives that require additional compliances.
The directives state that all cloud service providers and VPN providers will be required to maintain a series of extensive customer information for at least five years, even after “any cancellation or withdrawal of the registration” by a customer. The information includes validated names, address and contact number of customers, period of subscription, email address and IPs being used and purpose for using services, among others.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
