Explorer

CERT-In Extends Deadline For VPN Firms To Comply With Its Mandate Of Storing User Details

CERT-In has announced a new deadline of September 25 to comply with the new directive that makes it mandatory for VPN brands in India to collect and store extensive user data for at least five years.

In a short breather for virtual private network (VPN) companies in India, the Indian Computer Emergency Response Team (CERT-In) has announced a new deadline of September 25 to comply with the new directive that makes it mandatory for VPN brands in India to collect and store extensive user data for at least five years, citing objectives like fighting cybercrime and invoking the country's integrity and sovereignty.

Also read: Will New CERT-In Rules Affect Users And VPN Players? Here's What NordVPN And Experts Say

The country's nodal agency that deals with cyber security threats, hacking and phishing had in April announced a deadline of June 28 (today) to comply with the new deadline of cybersecurity directives for VPNs, MSMEs and data centres. Data centres, VPS providers, cloud service providers and VPN service providers are also given additional time for implementation of mechanisms relating to validation aspects of subscribers/customers' details, said CERT-In.

Also read: After ExpressVPN, Surfshark Shuts Down Servers In India In Response To New Rules

"...The matter has been considered by CERT-In and it has been decided to provide extension till 25 September, 2022 to Micro, Small and Medium Enterprises (MSMEs) in order to enable them to build capacity required for the implementation of the Cyber Security Directions. In addition, Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers are also provided with additional time till 25 September, 2022 for implementation of mechanisms relating to the validation aspects of the of subscribers/customers details," CERT-In said in a statement.

Read more: NordVPN Meshnet Launched: Know How It Lets Users Connect Directly To Other Devices

The mandate for VPN companies includes maintaining all consumer's details, the purpose behind using the VPN services and the faux and original IP addresses and the decision is likely to hurt VPN companies as maintaining privacy is the key USP. The new CERT-In rules come into effect next month. Even as the government-appointed nodal agency's directive is aimed at strengthening the country's cyber security it raises a pertinent question of privacy as VPN companies cater to users who want to conceal their identity.

The announcement has led to leading VPN companies like NordVPN and ExpressVPN shutting their servers from India.

Top Headlines

iPhone 18 Pro Max Coming With Big Battery Bump? This Leak Might Make You Happy
iPhone 18 Pro Max Coming With Big Battery Bump? This Leak Might Make You Happy
WhatsApp Explains Username Feature As Government Raises Fraud Concerns
WhatsApp Explains Username Feature As Government Raises Fraud Concerns
After WhatsApp, Government May Question Telegram, Signal Over Username Feature
After WhatsApp, Government May Question Telegram, Signal Over Username Feature
iPhone 17 For Rs 22,000 Less This Week, But Should You Wait For iPhone 18?
iPhone 17 For Rs 22,000 Less This Week, But Should You Wait For iPhone 18?

Videos

Amarnath Yatra 2026: Registration Rush Swells as Pilgrims Face Long Waits at Jammu and Srinagar Camps
Ram Mandir Probe: SIT Intensifies Ayodhya Land Deal Investigation Ahead of July 15 Report Deadline
Amarnath Yatra 2026: Second Pilgrim Convoy Leaves Jammu Amid Tight Security, Registration Rush Grows
Mumbai Manhole Tragedy: 60-Year-Old Dies After Falling into Open Drain; BMC Faces Questions Over Safety Lapses
Bihar Politics: Tejashwi Yadav Targets Government Over Bharat Tiwari Encounter; Bahujan Mahapanchayat Postponed

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget