The Indian government is giving VPN and cloud service providers an additional three months to comply with the logging requirement. The new rules would officially apply from Monday. By delaying the entry into force for three months, India wants to give companies more time to comply with the new rules.
That writes the American tech site TechCrunch.
India announces strict logging rules
In late April, India said new legislation for VPN and VPS providers, data centres and cloud service providers was on the way. The government demanded that these companies keep logs of their systems from June 27. They had to register, among other things, who used their services, the start and end dates of a subscription, the original IP address of users, email addresses, contact details, financial transactions and account cancellation dates.
The Indian government demands that the above data be kept for five years after the termination of an account. The log files of the computer systems must be kept for 180 days in India. If necessary, this data should be handed over to the Indian Computer Emergency Response Team (CERT-In). Finally, tech companies are required to report a serious security problem, cyber attack, data breach or data theft within six hours.
After the decision, one VPN provider after another announced the removal of their location servers in India. It started with ExpressVPN, followed by Surfshark and Private Internet Access (PIA).
Tech companies fear ‘weakening cybersecurity and online privacy’
According to TechCrunch, CERT-In announced Monday evening that the enforcement of the logging rules will be