India says VPN firms unwilling to comply with new rules ‘will have to pull out’
#1
Written by Manish Singh

Published: May 18, 2022



India is pushing ahead with its new cybersecurity rules that will require cloud service providers and VPN operators to maintain names of their customers and their IP addresses and suggested firms unwilling to comply to pull out of the world’s second largest internet market.

The Indian Computer Emergency Response Team clarified (PDF) on Wednesday that “virtual private server (VPS) providers, cloud service providers, VPN service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organisations” shall follow the directive, called Cyber Security Directions, that requires them to store customers’ names, email addresses, IP addresses, know your customer records, financial transactions for a period of five years.

The new rules, which were unveiled late last month and go into effect late June, won’t be applicable to corporate and enterprise VPNs, the government agency clarified.

Several VPN providers have expressed worries about India’s new cybersecurity rules. NordVPN, one of the most popular VPN operators, said earlier that it may remove its services from India if “no other options are left.”

Other service providers, including ExpressVPN and ProtonVPN, have also shared their concerns. “The new Indian VPN regulations are an assault on privacy and threaten to put citizens under a microscope of surveillance. We remain committed to our no-logs policy,” said ProtonVPN.

Rajeev Chandrasekhar, the junior IT minister of India, said that VPN providers who wish to conceal who uses their services “will have to pull out.” He also said that there won’t be any public consultation on these rules.

New Delhi is also not relaxing a new rule that mandates firms to report incidents of security lapses such as data breaches within six hours of noticing such cases.

Chandrasekhar said that India was being “very generous” in giving firms six hours of time to report security incidents, pointing to nations such as Indonesia and Singapore that he said had stricter requirements.

“If you look at precedence all around the world — and understand that cybersecurity is a very complex issue, where situational awareness of multiple incidents allow us to understand the larger force behind it — reporting accurately, on time, and mandatorily is an absolute essential part of the ability of CERT and the government to ensure that the internet is always safe,” he said.

Earlier this month, New Delhi-based digital rights advocacy group Internet Freedom Foundation said the new directions were vague and undermined user privacy and information security, “contrary to CERT’s mandate.”



https://techcrunch.com/2022/05/18/india-...-concerns/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Does Europe have the guts to stand up against a Cartel 'Fascist Coup'? nikita1 0 1,541 Sep 10, 2024, 13:19 pm
Last Post: nikita1
  What the farmers’ revolution in India says about Big Ag in the US and worldwide Resurgence 1 7,334 Feb 15, 2024, 12:44 pm
Last Post: chermisty
  Rut Roh, Raggy! Elon Musk Appearing Increasingly Wacked Out CaptButler 6 4,337 Jan 08, 2024, 13:03 pm
Last Post: CaptButler
  COVID-19 pandemic leads to surge in superbug infections, EU agency says Resurgence 0 6,694 Nov 18, 2022, 14:26 pm
Last Post: Resurgence
  Ukraine blowing up bridges near Belarusian border, Minsk says Resurgence 0 6,582 Nov 17, 2022, 13:21 pm
Last Post: Resurgence



Users browsing this thread: 2 Guest(s)