The IT ministry has reiterated strict due-diligence obligations for VPN services and online intermediaries, cautioning that platforms enabling access to websites exposing personal data of Indians are violating national laws and risking user safety.
The Ministry of Electronics and Information Technology (MeitY) has issued a fresh advisory to virtual private network providers and online intermediaries, directing them to block access to websites that publish personal information of Indian citizens without consent. The warning follows concerns over platforms allegedly allowing users to retrieve sensitive details such as names, phone numbers, addresses and email IDs by simply entering an Indian mobile number.
According to the ministry, such websites pose serious threats to privacy and public safety and are operating in violation of Indian law. MeitY noted that some of these platforms remain accessible through VPN services, prompting the advisory to ensure intermediaries do not facilitate access to unlawful content.
Focus on due-diligence obligations
In its communication, the ministry reminded intermediaries of their responsibilities under the Information Technology Act, 2000 and the IT Rules, 2021. These regulations prohibit the hosting or transmission of content that infringes privacy, lacks lawful ownership, or threatens public order, national security or India’s sovereignty.
MeitY emphasised that VPN providers and intermediaries must take prompt and effective measures to prevent their services from being misused. This includes ensuring users are not able to access or share content that unlawfully exposes personal data or violates existing legal provisions.
Heightened enforcement message
The advisory underscores the seriousness of the issue, with the ministry reiterating that intermediaries must make reasonable efforts to block access to websites found to be operating illegally. Officials indicated that failure to act could attract regulatory consequences, as safeguarding citizens’ data has become a priority amid rising digital misuse.
The move also reflects the government’s broader push to strengthen online accountability, particularly as data leaks and unauthorised data aggregation become more sophisticated.
A continuing regulatory tussle
This is not the first instance of friction between VPN providers and Indian authorities. In 2023, several VPN companies had objected to cybersecurity directives issued by the Indian Computer Emergency Response Team, which introduced additional compliance and reporting requirements.
At the time, the government maintained that adherence was mandatory and warned that non-compliance could lead to service restrictions or suspension. The latest advisory signals that the ministry remains firm on enforcing digital governance rules, especially where user privacy and data protection are concerned.
As India continues to tighten its regulatory framework for online platforms, VPN providers and intermediaries are likely to face increased scrutiny over how their services are used and whether they meet the country’s evolving legal standards.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
