Key Takeaways:
- India’s new VPN data law requires all VPNs to collect and store customer data for at least five years.
- It’s likely many VPNs will close their servers in India rather than comply, leaving users to use virtual servers instead or servers in neighboring countries.
- If you need a trustworthy VPN for India, ExpressVPN is your best bet, with RAM-based servers and a host of security features to keep you anonymous. The VPN decided on June 2, 2022, to remove its physical servers from India and offer users Indian IP addresses via a virtual server instead.
In this post, we’ll unpack the new logging law and help you know which VPN is safe for India. However, let’s start by understanding the undercurrents of this new logging policy and what set it in motion.
The 2021 VPN Ban in India
The Indian government has long been at odds with VPNs because they help people access banned sites. In September 2021, India’s parliamentary standing committee on home affairs urged the government to ban VPNs permanently.
In their report, the panel observed that cybercriminals often use VPNs to bypass restrictions and access the dark web. However, they failed to take into account the millions of Indians, including corporations, who use VPNs for perfectly legal purposes.
Fortunately, the government did not enforce a blanket ban on VPNs. However, it seems the Narendra Modi-led government did take another suggestion from the committee: to strengthen the surveillance and tracking of VPN use.
Eight months after the recommendation from the parliamentary committee, the government announced a new policy requiring VPNs to store extensive user data.
The 2022 VPN Data Logging Law
The new VPN data logging law in India requires that all VPN companies log and store the following data for at least five years:
- User name, email address and phone number
- The subscriber’s purpose for using the VPN service
- The IP address the customer used to sign up and the IP addresses allotted by the VPN service
- The timestamps, subscription pattern, duration and usage patterns of the customer
VPN providers are required to submit these logs to the Computer Emergency Response Team (CERT-In) upon request. In addition, VPNs must report cyber incidents, including spoofing, phishing attacks, data leaks, data breaches and unauthorized access to social media accounts.
If a VPN service refuses to comply, the government reserves the right to take punitive measures, ranging from fines and bans to prison time.
Aside from VPN companies, data centers, cloud service providers and crypto exchanges are also expected to collect user data and comply with the regulations. The Indian government expects all providers to enforce this new law by the end of June 2022.
Are VPNs Legal in India?
At the time of writing, VPNs are legal in India. The Indian government has not placed an outright ban on VPNs. However, with a new law forcing VPN services to log user data, there’s no telling when the government might crack down on VPNs.
VPN Response to the Logging Law
As expected, VPN service providers are not taking kindly to the new logging law. All of the services we received responses from are sticking to their guns: not collecting logs, waiting to see what will happen when the deadline for enforcement arrives.
If the Indian government doesn’t change their hardline stance, VPN providers will have a tough choice to make. Many VPNs — including ExpressVPN, NordVPN and Ivacy — have already begun shutting down their physical servers in the country to avoid having to comply, like many have already done in Russia and China.
We contacted our best VPN providers to learn the course of action they intend to take. Here are a few of their responses:
ExpressVPN
On June 2, 2022, ExpressVPN announced it was removing its physical severs from India. Instead, users can access an Indian IP address with ExpressVPN via a virtual server, which will have a physical base in Singapore or the United Kingdom.
NordVPN
NordVPN removed its servers from India on June 26, 2022, due to the new Indian laws.
Laura Tyrylyte, head of public relations at NordVPN Tweet This
Read our full NordVPN review to see why it’s a trustworthy VPN for India.
Surfshark
Read our full Surfshark review to see why it’s a trustworthy VPN for India.
Windscribe
Read our full Windscribe review to see why it’s a trustworthy free VPN for India.
The Indian Government Takes a Hardline Stance
On May 18, 2022, the Indian government organized a press conference to release an FAQ document answering questions about the new logging law. In that conference, the government also doubled down on the law.
Rajeev Chandrasekhar, minister of state for electronics and IT, told service providers that if they don’t want to keep logs, India is “not a good place to do business.”
He further stated: “If you don’t have the logs, start maintaining the logs. If you’re a VPN that wants to hide and be anonymous about those who use VPNs who want to do business in India and you don’t want to apply, you don’t want to go by these rules, then if you want to pull out, frankly, that is the only opportunity you have. You have to pull out.”
We will be updating our best VPN for India article after the law goes into effect, and we see how VPN companies respond to the new law.
Is a VPN Safe to Use in India?
Using VPNs in India is safe for now. The government has not banned VPNs, so you won’t be breaking any laws when you use one. The only thing you need to make sure of is to not use servers located in India; otherwise the VPN will be forced to log your data.
Keep in mind: the best VPNs would rather close their Indian servers rather than log your data.
Additionally, we recommend using a VPN that has solid encryption and obfuscation features, especially if you’re using it to access blocked sites.
Which VPN Is Safe in India?
Overall, ExpressVPN is the safest VPN for India. This best-in-class VPN service has obfuscated servers to ensure that the Indian government can’t detect your VPN use. You also get a kill switch and DNS leak protection to ensure your internet traffic doesn’t leak.
ExpressVPN used to have two servers in Chennai and Mumbai, but now the virtual server for India will have a physical base in Singapore or the United Kingdom.
In addition to that, ExpressVPN users can count on servers in 93 other countries. This includes servers in countries that share borders with India, such as Myanmar, Pakistan, Bhutan and Bangladesh.
ExpressVPN’s only downside is that it’s expensive, especially on the monthly plan. If you’re tight on funds, you can opt for the relatively cheaper NordVPN or Surfshark, VPNs that also pack a punch when it comes to security features. If you need a free VPN for India, Windscribe is an excellent choice.
Final Thoughts: India’s VPN User Data Collection Law
India has enacted a new law to force virtual private networks to collect customer information. This move has drawn ire from the public, and VPN service providers have vowed to pack out of the country if the government doesn’t rescind its decision.
The directive is bound to be difficult to implement because most top VPN services run RAM-only servers. It’s no surprise that VPN providers have adopted a “wait and see” approach. In the meantime, ExpressVPN remains the best VPN to access the internet in India, owing to its excellent security features and virtual server option.
What are your thoughts about India’s internet freedom landscape? Do you agree with how VPNs are reacting to the new logging law? Will you use a VPN if it logs your data? Share your thoughts with us in the comments section below, and as always, thanks for reading.
