- VPN providers in India ordered to block access to illegal websites
- MeitY's application aims to protect the personal data of Indian citizens.
- Obligations could clash with the operation of log-free VPN services
VPN providers operating in India have been ordered to block access to websites that illegally reveal personal data of citizens, following a notice from India's Ministry of Electronics and Information Technology (MeitY).
The directive, issued on December 11, warns that these websites “pose a significant risk to Indian users.”
Authorities highlighted several specific sites that allegedly reveal sensitive personal data, including full names, addresses, mobile phone numbers and email addresses. According to the advisory, these platforms remain accessible to users who connect through a virtual private network (VPN).
Under the IT Act 2000 and IT Rules 2021, VPN providers must “make reasonable efforts” to prevent access to websites that operate in violation of the law. The directive also explicitly reminds providers of their obligation to assist authorities by providing information necessary to verify identities or investigate cybercrimes.
What does this mean for VPN users?
While MeitY's application aims to protect the personal data of Indian citizens, it fundamentally conflicts with the way the best VPN apps work.
Privacy-first providers operate under a strict no-logging policy. This means that the service does not collect any identifiable information about what users do online when they connect to the VPN.
TechRadar has contacted several popular VPN providers to clarify whether and how they intend to meet these obligations, and we will update this page when we receive a response.
Many companies, including NordVPN, Proton VPN, ExpressVPN, and Surfshark, decided to remove their physical servers from India in 2022. This move was a direct reaction to CERT-In rules requiring VPN and security software providers to store user data (such as IP addresses, real names, and usage patterns) and hand it over to authorities upon request.
Unsurprisingly, the industry considered these requirements to be incompatible with the primary purpose of a VPN.
The latest notice threatens to revive the debate between protecting user anonymity and law enforcement's need to access data to fight crime. However, if the industry's response three years ago is any indication, we expect most VPN companies to prioritize their privacy promises to users and refuse to collect or share data with anyone, including the police.
We test and review VPN services in the context of legal recreational uses. For example: 1. Access a service from another country (subject to the terms and conditions of that service). 2. Protect your online security and strengthen your online privacy when you are abroad. We do not support or condone using a VPN service to break the law or conduct illegal activities. Future Publishing does not endorse or approve the consumption of paid pirated content.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
