Update June 13: Private Internet Access ( PIA ) also stops offering its service from India. After Surfshark and ExpressVPN, PIA is also closing its physical servers. Replacing them with virtual Indian servers will also allow PIA users to continue using an Indian IP address.
Virtual Private Network (VPN) services Surfshark and ExpressVPN are closing their VPN servers in India. They are doing this after the introduction of a new law that states that VPN services must store user data.
The new law will come into effect on June 27. At the end of April it was already announced that the law was coming. VPN providers were then given two months to comply with the new requirements. This week ExpressVPN has indicated not to do this and to stop its servers in India. Surfshark followed suit a few days later.
Indian law requirements
The law requires all online service providers to keep logs of their IT systems. They must keep these logs for 180 days within India. They must also be handed over if requested by the Indian Computer Emergency Response Team (CERT-In). The CERT-In is part of the Ministry of Electronics and Information Technology and aims to tackle cybercrime more firmly.
The requirements for VPS providers, data centres, cloud services and VPN providers go even further. These services must retain the following data for five years or more after the termination of a subscription:
The real, validated name of the user. Time the subscription ran, including date of start and termination. The original IP address of the user. The email address, IP address and time stamp at the time