Government employees banned from using VPNs in India

Authorities react to VPN providers' exodus from the country

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

In the latest chapter of India’s ongoing battle against online privacy software, government employees are now barred from using third-partyVPNservices.

The new directive came following the decision of some of thebest VPNsto shut down their Indian servers amidprivacy concerns over new data law. So far,ExpressVPN,SurfsharkandNordVPNhave all announced they will physically leave the country before CERT-in directives come into force on June 27.

The Indian government is also urging employees to avoid storing any internal or confidential information on non-governmentcloud servicessuch asGoogleDrive and Dropbox. The use of external mobile app-based scanner like CamScanner - which was actually banned in 2020 - is strongly discouraged, too.

“By following uniform cyber security guidelines in government offices across the country, the security posture of the government can be improved,” wrote the National Informatics Centre (NIC) in an internal documentreviewed by The Economic Times.

“All government employees, including temporary, contractual/outsourced resources are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads,” the new directive adds.

ExpressVPN removes VPN servers in India. Users will still be able to connect to VPN server locations that will give them Indian IP addresses. Read more: https://t.co/JpCWXW1DcbJune 2, 2022

Why are VPNs leaving India?

Cybersecurity experts and privacy advocates have been raising many concerns over new India’s data lawsince it was announced on April 28.

Expected to come into force on June 27, Indian Computer Emergency Response Team (CERT-In) will force VPN andVPSproviders, data centers, cloud storage services, and cryptocurrency exchanges to keep in store sensitive users' data for up to five years and share these with authorities upon request.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Even though the new law comes as an attempt to curb an increasing cybercrime rate - India was the third most affected nation for data breaches worldwide in 2021 - VPN providers believe that these regulations go against the actual security software infrastructure.

Short for virtual private network, a VPN is a piece of software meant to protect people’s online privacy and anonymity. How? By masking their realIP addressand securing all the data in transit inside anencrypted tunnel.

That’s why ExpressVPN wrote in ablog postthat CERT-In new directives are “incompatible with the purpose of VPNs.”

Moreover, a strict no-log policy is a standard feature among themost private VPNservices. This guarantees that none of users' sensitive data can be stored, leaked or shared.

AsHide.meexplained when announcing its decision topull the plug on its Indian servers, India’s new data retention law “makes operating a zero-log VPN impossible”.

Despite the backlash, Indian authorities seem to remain firm to their decision to carry on and implement the new directives at the end of the month. On this point, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar stated that providers that do not wish to comply with the rules are “free to leave India”.At the same time, Head of PR at Nord Security Laura Tyrell told us: “One way or another, it will have a negative impact on people’s privacy and digital security.”

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics