In April 2022, the Indian government introduced a new law requiring VPNs to collect and store user data for a minimum of five years. Unsurprisingly, this directive is raising a lot of questions: Are VPNs safe to use in India? How will VPNs respond to the new law?
The main problem with this law is that it strikes at the core of what virtual private networks (VPNs) do: protect user privacy. If VPN companies agree to comply with this order, it will mean that your personal data and browsing history can be made available to the Indian government upon request.
- India’s new VPN data law requires all VPNs to collect and store customer data for at least five years.
- It’s likely many VPNs will close their servers in India rather than comply, leaving users to use virtual servers instead or servers in neighboring countries.
- If you need a trustworthy VPN for India, ExpressVPN is your best bet, with RAM-based servers and a host of security features to keep you anonymous.
In this post, we’ll unpack the new logging law and help you know which VPN is safe for India. However, let’s start by understanding the undercurrents of this new logging policy and what set it in motion.
VPNs are perfectly legal to use in India, although the government has made user data collection mandatory. For optimal security and safety, use a VPN with obfuscated servers, a strict no-logs policy, a kill switch and leak protection. We recommend ExpressVPN since it checks all those boxes.
The Indian police can’t track live, encrypted VPN use. However, they can reach out to your ISP or VPN provider for your traffic logs. That’s why it’s important to use a logless VPN.
A VPN may be required to keep logs depending on the country they’re operating in. For instance, the Indian government has recently enacted a law that requires all VPNs to keep extensive customer data, including names, addresses and ownership patterns.
The 2021 VPN Ban in India
The Indian government has long been at odds with VPNs because they help people access banned sites. In September 2021, India’s parliamentary standing committee on home affairs urged the government to ban VPNs permanently.
In their report, the panel observed that cybercriminals often use VPNs to bypass restrictions and access the dark web. However, they failed to take into account the millions of Indians, including corporations, who use VPNs for perfectly legal purposes.
Fortunately, the government did not enforce a blanket ban on VPNs. However, it seems the Narendra Modi-led government did take another suggestion from the committee: to strengthen the surveillance and tracking of VPN use.
Eight months after the recommendation from the parliamentary committee, the government announced a new policy requiring VPNs to store extensive user data.
The 2022 VPN Data Logging Law
The new VPN data logging law in India requires that all VPN companies log and store the following data for at least five years:
- User name, email address and phone number
- The subscriber’s purpose for using the VPN service
- The IP address the customer used to sign up and the IP addresses allotted by the VPN service
- The timestamps, subscription pattern, duration and usage patterns of the customer
VPN providers are required to submit these logs to the Computer Emergency Response Team (CERT-In) upon request. In addition, VPNs must report cyber incidents, including spoofing, phishing attacks, data leaks, data breaches and unauthorized access to social media accounts.
If a VPN service refuses to comply, the government reserves the right to take punitive measures, ranging from fines and bans to prison time.
Aside from VPN companies, data centers, cloud service providers and crypto exchanges are also expected to collect user data and comply with the regulations. The Indian government expects all providers to enforce this new law by the end of June 2022.
Are VPNs Legal in India?
At the time of writing, VPNs are legal in India. The Indian government has not placed an outright ban on VPNs. However, with a new law forcing VPN services to log user data, there’s no telling when the government might crack down on VPNs.
VPN Response to the Logging Law
As expected, VPN service providers are not taking kindly to the new logging law. All of the services we received responses from are sticking to their guns: not collecting logs, waiting to see what will happen when the deadline for enforcement arrives.
If the Indian government doesn’t change their hardline stance, VPN providers will have a tough choice to make. It’s likely that most VPNs (trusted ones, at least) will remove their physical servers from the country to avoid having to comply, like many have already done in Russia and China.
We contacted our best VPN providers to learn the course of action they intend to take. Here are a few of their responses:
”We are keeping a close eye on the situation as it evolves, but want to be clear that ExpressVPN is fully committed to protecting our users’ privacy, including through never logging user activity, and will adjust our operations and infrastructure to preserve this principle if and when necessary. As a company focused on protecting privacy and freedom of expression online, ExpressVPN will continue to fight to keep users connected to the open and free internet, no matter where they are located.”
Read our full ExpressVPN review to see why it’s a trustworthy VPN for India.
“At the moment, our team is familiarizing with the new directive, recently passed by the Indian government and exploring the best course of action. As there are still at least two months left until the law comes into effect, we are currently operating as usual. We are committed to protecting the privacy of our customers; therefore, we may remove our servers from India if no other solution is found.”
Read our full NordVPN review to see why it’s a trustworthy VPN for India.
“Surfshark has a strict no-logs policy, which means that we don’t collect or share our customer browsing data or any usage information. Moreover, we operate only with RAM-only servers, which means that at this moment, even technically, we would not be able to comply with the logging requirements. We are still investigating the new regulations and its implications for us, but the overall aim is to continue providing no-logs services to all of our users.”
Read our full Surfshark review to see why it’s a trustworthy VPN for India.
“This is a massive overreach on behalf of a so-called democratic government. Not only are the requirements dangerous, most are impossible to implement for a privacy-oriented service such as Windscribe. Nothing changes for Windscribe. We will continue offering our free and paid services for anyone who wants them, in any country, as we don’t collect the country of origin when someone registers for our service. In many cases, registration itself is optional.”
Read our full Windscribe review to see why it’s a trustworthy free VPN for India.
The Indian Government Takes a Hardline Stance
On May 18, 2022, the Indian government organized a press conference to release an FAQ document answering questions about the new logging law. In that conference, the government also doubled down on the law.
Rajeev Chandrasekhar, minister of state for electronics and IT, told service providers that if they don’t want to keep logs, India is “not a good place to do business.”
He further stated: “If you don’t have the logs, start maintaining the logs. If you’re a VPN that wants to hide and be anonymous about those who use VPNs who want to do business in India and you don’t want to apply, you don’t want to go by these rules, then if you want to pull out, frankly, that is the only opportunity you have. You have to pull out.”
We will be updating our best VPN for India article after the law goes into effect, and we see how VPN companies respond to the new law.
Is a VPN Safe to Use in India?
Using VPNs in India is safe for now. The government has not banned VPNs, so you won’t be breaking any laws when you use one. The only thing you need to make sure of is to not use servers located in India; otherwise the VPN will be forced to log your data.
Keep in mind: the best VPNs would rather close their Indian servers rather than log your data.
Additionally, we recommend using a VPN that has solid encryption and obfuscation features, especially if you’re using it to access blocked sites.
Which VPN Is Safe in India?
Overall, ExpressVPN is the safest VPN for India. This best-in-class VPN service has obfuscated servers to ensure that the Indian government can’t detect your VPN use. You also get a kill switch and DNS leak protection to ensure your internet traffic doesn’t leak.
Currently, ExpressVPN has two servers in Chennai and Mumbai, and even if the VPN leaves India, you can count on servers in 93 other countries. This includes servers in countries that share borders with India, such as Myanmar, Pakistan, Bhutan and Bangladesh.
ExpressVPN’s only downside is that it’s expensive, especially on the monthly plan. If you’re tight on funds, you can opt for the relatively cheaper NordVPN or Surfshark, VPNs that also pack a punch when it comes to security features. If you need a free VPN for India, Windscribe is an excellent choice.
Final Thoughts: India’s VPN User Data Collection Law
India has enacted a new law to force virtual private networks to collect customer information. This move has drawn ire from the public, and VPN service providers have vowed to pack out of the country if the government doesn’t rescind its decision.
The directive is bound to be difficult to implement because most top VPN services run RAM-only servers. It’s no surprise that VPN providers have adopted a “wait and see” approach. In the meantime, ExpressVPN remains the best VPN to access the internet in India, owing to its excellent security features.
What are your thoughts about India’s internet freedom landscape? Do you agree with how VPNs are reacting to the new logging law? Will you use a VPN if it logs your data? Share your thoughts with us in the comments section below, and as always, thanks for reading.