The Indian government has chosen to delay its new privacy regulations for cloud service providers, data centres, and VPN providers by an additional three months. According to a recent update from the Indian Computer Emergency Response Team (CERT-In), the new guidelines’ deadline is September 25. In this context, it is important to know about the upcoming new VPN rules.
Firstly, what is VPN?
The term “Virtual Private Network,” or VPN, refers to a chance to create a secure network connection when utilising a public network.
VPNs mask the user’s online identity and encrypt internet traffic. Third parties will find it more challenging to monitor internet activity and steal data as a result. Real-time encryption takes place.
VPNs conceal the user’s IP address, enabling network traffic to be routed through specifically set-up remote servers managed by the VPN host.
In other words, if a user is using a VPN to browse the internet, the VPN server is now the source of the data. The websites the user sees and the data sent and received online are not visible to Internet Service Providers (ISPs) or any outside parties.
New VPN regulations:
- New guidelines from the Union Ministry of Electronics and Information Technology require VPN providers to keep records of their users’ names, email addresses, phone numbers, and IP addresses for five years.
- They will also need to submit information about their usage habits, why they are using the services, and many other things.
- In addition to data centres, virtual service network providers, and VPN firms, cloud service providers have been ordered to collect and maintain comparable data.
- Additionally, entities must notify CERT-In of any cyber security incidents within six hours of becoming aware of them.
Why new rules are needed?
With the help of these regulations, the nation’s internet will be safe and dependable while also improving overall cyber security.
It was mentioned that “gaps” in how the Indian Computer Emergency Response Team (CERT-In), which serves as a defence against cyberattacks, assesses internet threats have resulted in cyber incidents. There are new standards for reporting.
A legislative standing committee requested the ministry to use internet service providers to prohibit VPNs in a report to the Rajya Sabha in 2021.
Customers must go through a rigorous KYC process and specify their usage goals when signing up for a VPN. With the new regulations, the government will essentially have access to user personal information, making the usage of VPNs inappropriate.
Many VPN service providers are thinking about the effects of the new regulations, and some have even threatened to stop offering service in the nation. One of the biggest VPN companies in the world, NordVPN, has announced that it is relocating its servers outside of the nation in reaction to CERT-In requirements. ExpressVPN and Surfshark, two additional companies, announced that they will stop operating physical servers in India and instead provide service to Indian customers via virtual servers based in Singapore and the UK.