“This is against everything we stand for,” Proton VPN exits India over new data law

The India VPN exodus continues as the law is getting enforced

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Swiss-based company behindProton VPNhave decided to shut off all its servers in India, which includes other services such as its Proton Drive, one of thebest cloud storageservices around.

This comes amid concerns over the new CERT-In regulations about to be enforced.

Proton is only the last of thebest VPNproviders exiting the country to safeguard its customers' privacy. In June, we sawExpressVPN’s exit from India,Surfshark’s pledge to remove its physical servers,Hide.me’s announcement to pull the plug, together with NordVPN last joining the exiting groupciting fears over freedom of speech.

Under India’s new law,VPNcompanies will be required to store users’ real names, IP addresses assigned to them, usage patterns and other identifying data for up to five years. They will also be required to hand this information over to authorities upon request.

Initially planned to come into force on June 28, the new legislation is about to be enforced on September 25.

Today, we’re removing our VPN servers in India to protect the privacy of our community due to India’s new surveillance law. However, we’ve rolled out smart routing servers to still give you an Indian IP address.Read @andyyen’s interview with @WSJ: https://t.co/5iIy1Di3mVSeptember 22, 2022

Smart Routing servers to get an India IP

Talking about its decision in ablog post, the provider said: “This is against everything we stand for.

“We have no intention of complying with this invasive mass surveillance law, leaving us no choice but to remove our VPN servers from Indian jurisdiction.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This doesn’t mean that people in India would not be able to enjoy the protection of its software, though. Quite the opposite, actually.

“While we are resisting the Indian government’s authoritarianism, we are still committed to serving Indian citizens,” Proton VPN spokesperson Matt Fossen told TechRadar Pro.

Users can still opt for one of the many secure international servers available across 64 countries. And, those in need of a secure connection via an IndiaIP address, can enjoy the security of itsSmart Routing network.

Any VPN with servers in India must now store activity logs on users>VPN virtual locations: what are they and are they secure?>Our pick of the best India VPN around right now

Similarly to other providers who have gonevirtual to protect the privacy of their users, Proton Smart Routing servers are physically based in Singapore. These are the same in terms of functionality, though, allowing users to get an Indian IP.

“If you live in India or used to connect to our India-based VPN servers from elsewhere,you can switch to these Smart Routing servers and use Proton VPN just as before,” assures the provider.

Therefore, while safely browsing the web locally, users in India will still have their data secured by a trulyno-logs VPNtype of service.

Why is India’s new data retention law controversial?

WhileIndia’s new data retention lawcomes as an effort to clamp down on cybercrime, its regulations have been sparking many concerns across the tech sector and privacy advocate groups.

“It’s going to have a chilling effect. I find it really sad that the world’s largest democracy is taking this path,” said Proton AG Chief Executive Andy Yen toThe Wall Street Journal, adding that the move will also expose activists and whistleblowers to dangers.

Worries that such intrusive regulations can easily be misused to foster mass surveillance and undermine citizens' civil liberties are not groundless, though. India is indeed infamous for itsbacksliding media freedomand the infamy of recordingmore internet shutdowns than any other countryin the world.

What’s more, VPN providers are just some of the companies subjected to the new CERT-In directives. Other services include data centers, cloud storage services, virtual private servers (VPS), and cryptocurrency exchanges.

The amount of stored private information will then be massive, throughout thousands of different companies. This opens not to a few doubts about new regulations' feasibility.

On this point, Head of Public Relations atNordVPNLaura Tyrylyte told TechRadar: “It is hard to imagine that all, especially small and medium enterprises, will have the proper means to ensure the security of such data.”

And it’s not just privacy worries. India’s new data law is believed to have a negative impact on its fast-growing IT sector too, perhaps translating into higher fees forIndia VPNusers overall.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats