Deciphering the CERT-In policies for VPN service providers


A new policy from the Indian Computer Emergency Response Team (CERT-In) has instructed digital service providers to record and retain user logs for 180 days and store customer data such as their validated names, assigned IP addresses, email addresses, etc. for the purpose of Discontinuation of these services for a period of five years, among others. The policy applies to individual data center, virtual private server (VPS), cloud, and virtual private network (VPN) users, not enterprise users.

Industry players say the policy goes against their core business as they have a “no logs” policy. Also, storing data for five years comes with many additional costs that would require investments. In this context, and even before the directive is implemented, two global players – ExpressVPN and Surfshark – have announced plans to shut down their servers in India, with more likely to follow soon. Following the announcement, Surfshark said in a blog post that…

Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.