Virtual private network provider ExpressVPN has announced it will remove its servers from India. The Indian government recently updated guidelines requiring VPN service providers to save user data for a period of five years.
According to VPN providers, the guidelines issued by the Indian Computer Emergency Response Team (CERT-In) violate users’ privacy rights and violate international law.
ExpressVPN has removed its Indian-based VPN servers following the recent introduction of a law that requires VPN providers to store user data for at least five years, the company announced in a blog post.
ExpressVPN has slammed the new guidelines as “overreaching” and “opening up the door to abuse”. The company said it wouldn’t participate in “government’s attempts to limit internet freedom”.
“We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it,” the company added.
What is the directive from the Indian government?
The directive issued by the government mandates VPN providers to maintain the following data as part of the know your customer (KYC) policy for a period of five years –
- Validated name of subscriber
- Period of hire
- IPs allotted to the subscriber
- Email address, IP address and time stamp used at the time of registration.
- Purpose of hiring services
- Validated address and contact numbers
- Ownership pattern of the subscribers
Users will still be able to use Indian IP addresses
In relief to users, ExpressVPN has said that this will have no impact on the ability of users outside India to connect to Indian IP addresses. The company is using “virtual” Indian servers that are physically located in Singapore and the UK.
The company has claimed that there will be a minimal difference and users will be able to choose from India (via Singapore) and India (via UK) servers.
This will also have no impact on Indian users looking to connect to foreign servers.
“As for internet users based in India, they can use ExpressVPN confident that their online traffic is not being logged or stored, and that it’s not being monitored by their government,” the company said.
ExpressVPN may not be the only company to exit India
ExpressVPN is likely the first among many VPN service providers to exit the Indian market. Companies like NordVPN and PureVPN have already said that it is not possible to comply with the government’s guidelines that come into effect from June 27 and are contemplating removing their servers from the country.