- India reportedly working on new VPN regulations
- Companies may be forced to establish an office in the country
- VPNs found a solution to previous restrictions
India is working on an expansive new legal framework to crack down on virtual private networks (VPNs), with proposals that would include mandatory local offices, designated compliance officers and even prison sentences for non-compliance.
According to The Indian Express, the upcoming rules aim to make VPN providers legally responsible when citizens use their tools to circumvent government-mandated content blocks.
“Over the past few months, we have observed that users are able to bypass online content, accounts and services that have been blocked by the government for various reasons by using VPN services,” an unnamed senior government official told reporters.
This new set of rules is also seen as necessary, officials acknowledged, as the controversial data retention law enforced in 2022 by India’s Computer Emergency Response Team (CERT-In) has proven ineffective.
The directive legally requires VPN companies, data centers and cloud providers to record sensitive user information, including real names, verified IP addresses and usage patterns, for up to five years, and hand it over to authorities upon request.
Yet major VPN companies, including ExpressVPN, NordVPN, Hide.me, Surfshark, and Proton VPN, have found an easy way to avoid compliance: remove their physical servers from the country.
“They simply refused to comply. So the need for a full-fledged law arises,” the senior official told The Indian Express.
What are the challenges for Indian VPN users?
Beyond encrypting user data to enhance privacy and security, virtual private networks (VPNs) spoof IP addresses, allowing users to bypass local state-mandated geographic restrictions.
This capability has become critical for local Internet users. Last month, India saw a massive surge in VPN downloads after the government temporarily blocked messaging app Telegram over concerns about exam cheating.
Weeks earlier, the Ministry of Electronics and Information Technology (MeitY) ordered VPN companies to actively block access to decentralized prediction platform Polymarket, threatening legal sanctions if they refused.
The proposed framework aims to give New Delhi the legal means to force VPN providers to enforce these content bans on behalf of the government. Digital rights groups frequently criticize India’s aggressive approach to censorship; according to data trackers, the country consistently leads the world in government-enforced internet shutdowns.
While specific details of the draft framework remain scarce, the leaked proposals suggest that offshore VPN companies will be required to establish a physical presence in India and appoint local compliance officers to act as direct liaisons with the government.
Criminal penalties for non-compliance are also on the table, including potential jail time for local employees if an order is ignored.
However, serious questions remain about how authorities plan to enforce these rules. For many global VPN providers, simply keeping their physical servers outside Indian borders was previously enough to bypass local jurisdiction.
Premium, strict no-logs services are also unlikely to fundamentally change their server infrastructure to comply with New Delhi’s demands – especially after resisting a similar ultimatum four years ago.
Dr. Pete Membery, Director of Research at ExpressVPN, recalled the company’s decision in 2022 to become the first major provider to remove its physical servers from India, confirming that its position remains unchanged.
“We will evaluate when a proposal is released,” Matériaux told TechRadar, adding that “ExpressVPN will continue to work hard to keep users connected to an open and free Internet, no matter where they are.”
A Surfshark spokesperson also said the company remains committed to respecting the privacy of its users.
TechRadar has reached out to India’s Ministry of Electronics and Information Technology (MeitY) and CERT-In for further clarification on the draft framework and the expected implementation timeline. Neither agency responded before publication.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!




