Indian VPN Companies Ordered To Collect And Store User Data For At Least 5 Years


VPN providers will be required to collect and turn over user data that includes IP addresses assigned to users. The Indian government has passed a law that now demands all VPN service providers to keep a record of their users for five years. This new rule, although necessary from a security point of view, violates the basic tenets of a VPN, and has rendered them pointless for a number of users.


  • VPNs are used by individuals and businesses to encrypt their online presence and online activities.
  • The new national directive applies not only to VPN companies, but to cloud service providers, data centres, and crypto exchanges, as well to collect specific, extensive customer data and hold onto it for at least five years.
  • Most commonly, this is used to transcend geopolitical boundaries and access content on the internet that is restricted in certain areas.
  • For long, VPNs have been essential for users who wanted to maintain their online privacy.
  • VPNs are also used by corporate agencies to allow their employees to remotely log in to their work systems, without having to risk any sort of compromises that would put them in jeopardy.
  • The core feature of a VPN is that the websites you visit are delinked from your IP address. India has never had any legislation that outright banned VPNs.
  • However, if VPN service providers do not comply with the directive, they will be rendered illegal as a byproduct.
  • VPNs or virtual proxy networks allow users to stay free of website trackers that can keep track of data like a user’s location. Paid VPN services and even some good free ones, often offer a no-logging policy.
  • This allows users to have full privacy as the services themselves operate on RAM-only servers, preventing any storage of user-data beyond a standard temporary scale.


  • Several antisocial elements have used VPNs to disguise themselves and their locations so that they could post inflammatory statements and comments that would stoke communal fires in a society.
  • With the advent of digital banking and cryptocurrency, money laundering has become very sophisticated and extremely difficult to crack down on. VPNs further complicate the issue.
  • There are legitimate ways of sharing and consuming goods that are protected by intellectual property rights, and then there’s piracy.
  • Certain pieces of content often get prohibited from the public domain for their potential to incite communal tension. VPNs, however, allowed users to not only consume such content but also for it to be shared.

When can you expect the change?

The new laws are expected to come into action from 60 days of being issued, which means they could kick in from July 27, 2022.

If the new change is implemented, companies will be forced to switch to storage servers, which will allow them to log in user-data and store it for the set term of at least five years. Switching to storage servers will also mean higher costs for the companies. For the end-user, this translates to lesser privacy and perhaps, higher costs. With data being logged, it would be possible to track your browsing and download history. Meanwhile, paid VPN services may increase cost of subscription plans to cover expenses of the new storage servers that they must now use.


Please enter your comment!
Please enter your name here