India Weighs Stricter Vpn Regulations To Stop Users From Bypassing Internet Blocks
- India is reportedly working on new VPN regulations
- Companies could be forced to establish an office in the country
- VPNs found workaround to previous restrictions
India is working on an expansive new legal framework to clamp down on virtual private networks (VPNs), with proposals reportedly including mandatory local offices, designated compliance officers, and even prison terms for non-compliance.
According to The Indian Express, the upcoming rules aim to make VPN providers legally liable when citizens use their tools to circumvent government-mandated content blocks.
"In the last few months, we have been observing that users are able to bypass content, accounts, and online services that have been blocked by the government on various grounds by using VPN services," an anonymous senior government official told reporters.
This new set of rules is also seen as necessary, officials admitted, as the controversial data retention law enforced in 2022 by the Indian Computer Emergency Response Team (CERT-In) has proved to be unsuccessful.
The directive legally requires VPN firms, data centers, and cloud providers to log sensitive user information — including real names, verified IP addresses, and usage patterns — for up to five years, and surrender it to authorities upon request.
Yet, major VPN companies, including the likes of ExpressVPN, NordVPN, Hide.me, Surfshark, and Proton VPN, found a simple way to avoid compliance — removing their physical servers from the country.
"They have simply refused to comply. So, the need for a full-fledged law is being felt," the senior official told The Indian Express.
What's at stake for India's VPN users?
Beyond encrypting user data to boost privacy and security, virtual private networks (VPNs) spoof IP addresses, allowing users to bypass local, state-enforced geo-restrictions.
This capability has become critical for local internet users. Last month, India experienced a massive spike in VPN downloads after the government temporarily blocked the messaging app Telegram due to concerns over exam fraud.
Just weeks earlier, the Ministry of Electronics and Information Technology (MeitY) ordered VPN firms to actively block access to the decentralized prediction platform Polymarket, threatening legal repercussions if they refused.
The proposed framework aims to hand New Delhi the necessary legal teeth to force VPN providers into enforcing these content bans on the government's behalf. Digital rights groups frequently criticize India's aggressive approach to censorship; according to data trackers, the country consistently leads the world in government-imposed internet shutdowns.
While specific details of the draft framework remain scarce, leaked proposals suggest that offshore VPN companies will be required to establish a physical corporate presence in India and appoint local compliance officers to act as direct government liaisons.
Criminal penalties for non-compliance are also on the table, including potential prison sentences for local employees if an order is ignored.
However, serious questions remain over how authorities plan to enforce these rules. For many global VPN providers, simply keeping their physical servers outside of Indian borders has previously been enough to circumvent local jurisdiction.
It is also unlikely that premium, strict no-logs services will fundamentally alter their server infrastructure to comply with New Delhi's demands — especially after resisting a similar ultimatum four years ago.
Dr. Pete Membrey, Chief Research Officer at ExpressVPN, pointed back to the company's 2022 decision to become the first major provider to pull its physical servers from India, confirming that its stance remains.
"We’ll evaluate when a proposal is published," Membrey told TechRadar, adding that "ExpressVPN will continue to work hard to keep users connected to the open and free internet, no matter where they are located."
A Surfshark spokesperson also said that the company remains committed to upholding the privacy of its users.
TechRadar reached out to India's Ministry of Electronics and Information Technology (MeitY) and CERT-In for further clarification on the draft framework and an expected enforcement timeline. Neither agency responded prior to publication.
Popular Products
-
Smart Real-Time Weather & Time Displa...$31.99$21.78 -
Electric Washable Heated Pad with Adj...$43.99$29.78 -
4G GPS Vehicle Tracker$37.99$25.78 -
GPS Tracker with Magnet - 2G$23.99$15.78 -
Smart Water Leak Detector$377.99$263.78