The Indian government is preparing a new legal framework to regulate virtual private network (VPN) providers, which could require them to set up offices in India and appoint local compliance officers, The Indian Express reported.

The move comes as the Centre grows concerned that users are using VPNs to access apps, websites and online content blocked in India. The proposed framework may also include penalties, such as jail terms for local employees, if VPN companies fail to comply with government directives, the report said.

Government says existing rules have fallen short: Two senior government officials said that the proposed framework would largely mirror the compliance obligations already imposed on major social media companies under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

“In the last few months, we have been observing that users are able to bypass content, accounts and online services that have been blocked by the government on various grounds using VPN services. The 2022 Cert-In directives requiring VPN providers to store certain usage data have failed to rein in these companies, as they have simply refused to comply. So, the need for a full-fledged law is being felt,” a senior government official told The Indian Express.

Another official said that the government wants VPN companies to have local points of contact so authorities can direct them not to facilitate access to content blocked in India, saying such services otherwise “defeat the purpose” of blocking orders.

The move comes as India’s online blocking regime has expanded significantly. The government issued more than 24,000 content-blocking orders in 2025, nearly double the 12,000 orders issued in 2024.

How the 2022 CERT-In rules led to a standoff: The latest proposal also reflects the government’s dissatisfaction with the cybersecurity directions issued by the Indian Computer Emergency Response Team (CERT-In) in April 2022. Those rules required VPN providers, cloud service providers and virtual private server operators to collect and retain customer details, including names, contact information, IP addresses, purpose of use and service duration, for at least five years after the subscription ended. They also required covered entities in India to maintain system logs for 180 days and to report cybersecurity incidents to CERT-In within six hours.

The rules triggered widespread opposition from privacy-focused VPN providers because they conflicted with their “no-logs” business model. Companies including Proton VPN, NordVPN, ExpressVPN, Surfshark, Windscribe and Mullvad publicly opposed the requirements, with several saying they would either withdraw their infrastructure from India or refuse to comply. Windscribe went further, calling the rules more restrictive than those in authoritarian states.

“China and Russia have less stringent requirements for VPNs, and those are…


Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

 

 

Categorized in:

Blog,

Last Update: July 3, 2026