CERT-In extends new privacy rules for VPN providers to September 25

CERT-In extends new privacy rules for VPN providers to September 25

The Indian Computer Emergency Response Team (CERT-In) has given Virtual Private Network (VPN) providers and cloud service operators an extension of three months to comply with its newly drafted VPN rules. This comes as VPN providers such as SurfShark, NordVPN, and ExpressVPN removed their India servers citing a threat to the anonymity and privacy of users.


However, the deadline now has been extended to September 25, the Ministry of Electronics & IT (MeitY) said in a press statement.


On April 26, CERT-In had asked VPN service providers to maintain for five years or longer details such as the validated names of their customers, the period for which they hired the service, the IP addresses allotted to these users, the email addresses, the IP addresses and the time stamps used at the time of registration of the customers. It also wants VPN service providers to maintain data such as the purpose for which the customers used their services, their validated addresses and contact numbers, and the ownership pattern of the customers.

The ministry’s cyber-arm in an order stated that it is extending the timeline for implementation of these Cyber Security Directions upon several requests of micro, small and medium enterprises (MSMEs). It also received multiple requests from VPN, Data Centres, Virtual Private Server (VPS) providers,  and Cloud Service providers.



Best of Express Premium

Meanwhile, the government is fixed on its stance on the new VPN rules. CERT-In has in its April 26 directive also said that these details are necessary to prevent incitement or commission of any “cognisable offence using computer resources or for the handling of any cyber incident” which may lead to any disturbance in the ..

Support the originator by clicking the read the rest link below.