On the 27th June 2022, new legislation in India will become active which mandates all VPN providers (and also cloud services and cryptocurrency exchanges) to log at least 5 years of activity.
Under sub-section (6) of section 70B of the InformationTechnology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet VPN providers are legally obligated to:
“Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer duration as mandated by the law after any cancellation or withdrawal of the registration as the case may be:
a. Validated names of subscribers/customers hiring the services
b. Period of hire including dates
c. IPs allotted to / being used by the members
d. Email address and IP address and time stamp used at the time of registration / on-boarding
e. Purpose for hiring services
f. Validated address and contact numbers
g. Ownership pattern of the subscribers / customers hiring services“
As Rajeev Chandrasekhar, Minister of State for Electronics and IT, stated in a press conference to clarify the legislation rules and logging requirements:
“If you don’t have the logs, start maintaining the logs. If you’re a VPN that wants to hide and be anonymous about those who use VPNs who want to do business in India and you don’t want to apply, you don’t want to go by these rules, then if you want to pull out, frankly, that is the only opportunity you have. You have to pull out,”
VPNCity has offered servers in India since the 8th August 2019 and as we stand by our commitment to privacy and security, VPNCity will be removing our servers in India.
Customers in India are welcome to use our service, however VPNCity will not be offering servers in the Indian region.