On April 28, 2022, India has published a new directive in which the government demands an end to online anonymity. It is specified that services such as cryptocurrency exchange platforms (after having recently legalized their use) or even VPNs are now forced to keep their customers’ data.
This directive poses serious problems for VPN services
India continues to implement its new cybersecurity rules. The government will force cloud providers and VPN operators to keep the names of their customers, their IP addresses and related data “to the knowledge of the client and its financial transactions”. Companies that do not wish to comply with this new rule are invited to withdraw from the world’s second largest web market. This data must be kept for five years. This directive will come into force on June 27, 2022.
US companies ‘mistakenly’ hire North Korean developers
This is a blow for the VPN services present in India. The latter offer their customers to make them completely invisible thanks to the “no logs”. In other words, the firm does not collect information about those who use its services and can therefore, in theory, neither use nor transmit them. This feature, so appreciated by VPN users, will become obsolete in a few weeks, within the country which presents itself as the “largest democracy in the world”.
India steps up censorship
Soon, several VPN providers raised concerns about India’s new cybersecurity rules. NordVPN, one of the most popular VPN operators in the world, said it could withdraw its services from the market. Other providers, including ExpressVPN and ProtonVPN, have also raised concerns. The second specifies that India’s new VPN regulations are an attack on privacy and threaten to put citizens under a surveillance microscope. We will stick to our privacy policy”.
These new restrictions will cause serious problems for Indians who are restricted online. The government increase its censorship and takes a new step towards the establishment of an authoritarian and repressive regime. According to Rajeev Chandrasekhar, India’s IT minister, there will be no public consultation on these rules. India also has no plans to backtrack on a new rule that requires companies to report incidents of security breaches (like data breaches) within six hours of noticing them.