India cracks down on privacy-first VPNs with demand to store logs for 5 years

No-log VPNs may find themselves unwelcome in India, when and if a directive that has recently been published by the country’s cybersecurity agency comes into effect.

The document released by the Indian Computer Emergency Response Team (CERT) late last month states that Virtual Private Network (VPN) service providers on par with data centers, cloud service providers, and Virtual Private Server (VPS) providers will have to keep a long list of user data for at least 5 years, even after users cancel their subscription for good.

The logs that VPN providers will have to store after the directive enters into force late July include:

  • Users' names, addresses and phone numbers
  • Period of use
  • IPs that VPNs assign users
  • Users' email and IP addresses, as well as the information on when exactly they signed up to the service (time stamp)
  • Purpose of use
  • Ownership pattern

India's Ministry of Electronics & IT claims that by tightening its grip on VPN and other online services providers it wants to improve cyber security. The ministry says the new legislation is aimed at closing the "gaps" that are "causing hindrance in incident analysis" and should "enhance overall cyber security posture and ensure safe & trusted Internet in the country".

In case of non-compliance with the provisions of the directive, providers risk facing repercussions under India’s Information Technology Act. The relevant article of the Act envisions that those who run foul of the law could face up to 1 year in jail or a fine to the tune of 100,000 rupees ($1,300), or both.

The new law is bound to deal a blow to the operations of "anonymous" VPNs that abide by a strict no-logging policy. Either they will have to cave in to the demands, and start operating storage servers which means less privacy for the end user, or be forced to migrate to a gray zone or cease their operations in India altogether. Moreover, the new requirements can rack up costs of VPN services for Indian customers, since the vendors will have to either rent or own storage servers to keep logs.

For its part, AdGuard does not keep any logs, this would run contrary to the company values. Therefore, we will not be able to comply with the demands of this law. We are constantly monitoring the situation and thinking about possible solutions. If we are left with no choice, we will be forced to reconsider the presence of our servers in this region.

By downloading the comments you agree the terms and policies
Hey Google, we've fixed it for you: AdGuard will block Topics to make Google Privacy Sandbox truly private
The new Google privacy initiative — the Privacy Sandbox — will fail to fulfill its declared goal, that is to offer more privacy to users while benefiting advertisers. The Topics API, set to replace cookies, is to blame. Read to learn why we will be blocking it.
The best for your friends — and for you: AdGuard VPN referral program
Along with the release of AdGuard VPN Browser extension v1.1.7, our referral program is now available. With it, your friend will start using this useful service and you both get 1 GB of protected traffic for free in addition to the standard 3 GB.
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device