In April 2022, the Indian government introduced a new law requiring VPNs to collect and store user data for a minimum of five years. Unsurprisingly, this directive is raising a lot of questions: Are VPNs safe to use in India? How will VPNs respond to the new law?
The main problem with this law is that it strikes at the core of what virtual private networks (VPNs) do: protect user privacy. If VPN companies agree to comply with this order, it will mean that your personal data and browsing history can be made available to the Indian government upon request.
- India’s new VPN data law requires all VPNs to collect and store customer data for at least five years.
- It’s likely many VPNs will close their servers in India rather than comply, leaving users to use virtual servers instead or servers in neighboring countries.
- If you need a trustworthy VPN for India, ExpressVPN is your best bet, with RAM-based servers and a host of security features to keep you anonymous. The VPN decided on June 2, 2022, to remove its physical servers from India and offer users Indian IP addresses via a virtual server instead.
In this post, we’ll unpack the new logging law and help you know which VPN is safe for India. However, let’s start by understanding the undercurrents of this new logging policy and what set it in motion.
ExpressVPN announced it was removing its physical servers from India and offering users Indian IP addresses via a virtual server option instead, which won’t compromise user privacy.
Updated to include NordVPN and Ivacy as VPN providers that have shut down their servers in India.
VPNs are perfectly legal to use in India, although the government has made user data collection mandatory. For optimal security and safety, use a VPN with obfuscated servers, a strict no-logs policy, a kill switch and leak protection. We recommend ExpressVPN since it checks all those boxes.
The Indian police can’t track live, encrypted VPN use. However, they can reach out to your ISP or VPN provider for your traffic logs. That’s why it’s important to use a logless VPN.
A VPN may be required to keep logs depending on the country they’re operating in. For instance, the Indian government has recently enacted a law that requires all VPNs to keep extensive customer data, including names, addresses and ownership patterns.
The 2021 VPN Ban in India
The Indian government has long been at odds with VPNs because they help people access banned sites. In September 2021, India’s parliamentary standing committee on home affairs urged the government to ban VPNs permanently.
In their report, the panel observed that cybercriminals often use VPNs to bypass restrictions and access the dark web. However, they failed to take into account the millions of Indians, including corporations, who use VPNs for perfectly legal purposes.
Fortunately, the government did not enforce a blanket ban on VPNs. However, it seems the Narendra Modi-led government did take another suggestion from the committee: to strengthen the surveillance and tracking of VPN use.
Eight months after the recommendation from the parliamentary committee, the government announced a new policy requiring VPNs to store extensive user data.
The 2022 VPN Data Logging Law
The new VPN data logging law in India requires that all VPN companies log and store the following data for at least five years:
- User name, email address and phone number
- The subscriber’s purpose for using the VPN service
- The IP address the customer used to sign up and the IP addresses allotted by the VPN service
- The timestamps, subscription pattern, duration and usage patterns of the customer
VPN providers are required to submit these logs to the Computer Emergency Response Team (CERT-In) upon request. In addition, VPNs must report cyber incidents, including spoofing, phishing attacks, data leaks, data breaches and unauthorized access to social media accounts.
If a VPN service refuses to comply, the government reserves the right to take punitive measures, ranging from fines and bans to prison time.
Aside from VPN companies, data centers, cloud service providers and crypto exchanges are also expected to collect user data and comply with the regulations. The Indian government expects all providers to enforce this new law by the end of June 2022.
Are VPNs Legal in India?
At the time of writing, VPNs are legal in India. The Indian government has not placed an outright ban on VPNs. However, with a new law forcing VPN services to log user data, there’s no telling when the government might crack down on VPNs.
VPN Response to the Logging Law
As expected, VPN service providers are not taking kindly to the new logging law. All of the services we received responses from are sticking to their guns: not collecting logs, waiting to see what will happen when the deadline for enforcement arrives.
If the Indian government doesn’t change their hardline stance, VPN providers will have a tough choice to make. Many VPNs — including ExpressVPN, NordVPN and Ivacy — have already begun shutting down their physical servers in the country to avoid having to comply, like many have already done in Russia and China.
We contacted our best VPN providers to learn the course of action they intend to take. Here are a few of their responses:
On June 2, 2022, ExpressVPN announced it was removing its physical severs from India. Instead, users can access an Indian IP address with ExpressVPN via a virtual server, which will have a physical base in Singapore or the United Kingdom.
Read our full ExpressVPN review to see why it’s a trustworthy VPN for India.
NordVPN removed its servers from India on June 26, 2022, due to the new Indian laws.
As one of the industry leaders, we adhere to strict privacy policies, which means we don’t collect or store customer data. No-logging features are embedded in our server architecture and are at the core of our principles and standards. Moreover, we are committed to protecting the privacy of our customers. Therefore, we are no longer able to keep servers in India.Laura Tyrylyte, head of public relations at NordVPN Tweet This
Read our full NordVPN review to see why it’s a trustworthy VPN for India.
“Surfshark has a strict no-logs policy, which means that we don’t collect or share our customer browsing data or any usage information. Moreover, we operate only with RAM-only servers, which means that at this moment, even technically, we would not be able to comply with the logging requirements. We are still investigating the new regulations and its implications for us, but the overall aim is to continue providing no-logs services to all of our users.”Tweet This
Read our full Surfshark review to see why it’s a trustworthy VPN for India.
“This is a massive overreach on behalf of a so-called democratic government. Not only are the requirements dangerous, most are impossible to implement for a privacy-oriented service such as Windscribe. Nothing changes for Windscribe. We will continue offering our free and paid services for anyone who wants them, in any country, as we don’t collect the country of origin when someone registers for our service. In many cases, registration itself is optional.”Tweet This
Read our full Windscribe review to see why it’s a trustworthy free VPN for India.
The Indian Government Takes a Hardline Stance
On May 18, 2022, the Indian government organized a press conference to release an FAQ document answering questions about the new logging law. In that conference, the government also doubled down on the law.
Rajeev Chandrasekhar, minister of state for electronics and IT, told service providers that if they don’t want to keep logs, India is “not a good place to do business.”
He further stated: “If you don’t have the logs, start maintaining the logs. If you’re a VPN that wants to hide and be anonymous about those who use VPNs who want to do business in India and you don’t want to apply, you don’t want to go by these rules, then if you want to pull out, frankly, that is the only opportunity you have. You have to pull out.”
We will be updating our best VPN for India article after the law goes into effect, and we see how VPN companies respond to the new law.
Is a VPN Safe to Use in India?
Using VPNs in India is safe for now. The government has not banned VPNs, so you won’t be breaking any laws when you use one. The only thing you need to make sure of is to not use servers located in India; otherwise the VPN will be forced to log your data.
Keep in mind: the best VPNs would rather close their Indian servers rather than log your data.
Additionally, we recommend using a VPN that has solid encryption and obfuscation features, especially if you’re using it to access blocked sites.
Which VPN Is Safe in India?
Overall, ExpressVPN is the safest VPN for India. This best-in-class VPN service has obfuscated servers to ensure that the Indian government can’t detect your VPN use. You also get a kill switch and DNS leak protection to ensure your internet traffic doesn’t leak.
ExpressVPN used to have two servers in Chennai and Mumbai, but now the virtual server for India will have a physical base in Singapore or the United Kingdom.
In addition to that, ExpressVPN users can count on servers in 93 other countries. This includes servers in countries that share borders with India, such as Myanmar, Pakistan, Bhutan and Bangladesh.
ExpressVPN’s only downside is that it’s expensive, especially on the monthly plan. If you’re tight on funds, you can opt for the relatively cheaper NordVPN or Surfshark, VPNs that also pack a punch when it comes to security features. If you need a free VPN for India, Windscribe is an excellent choice.
Final Thoughts: India’s VPN User Data Collection Law
India has enacted a new law to force virtual private networks to collect customer information. This move has drawn ire from the public, and VPN service providers have vowed to pack out of the country if the government doesn’t rescind its decision.
The directive is bound to be difficult to implement because most top VPN services run RAM-only servers. It’s no surprise that VPN providers have adopted a “wait and see” approach. In the meantime, ExpressVPN remains the best VPN to access the internet in India, owing to its excellent security features and virtual server option.
What are your thoughts about India’s internet freedom landscape? Do you agree with how VPNs are reacting to the new logging law? Will you use a VPN if it logs your data? Share your thoughts with us in the comments section below, and as always, thanks for reading.