- India is reportedly working on new VPN regulations
- Companies may be forced to establish an office in the country
- VPNs found a solution to previous limitations
India is working on an expansive new legal framework to crack down on virtual private networks (VPNs), with proposals reportedly including mandatory local offices, designated compliance officers and even jail terms for non-compliance.
According to The Indian Express, the upcoming rules aim to make VPN providers legally liable when citizens use their tools to bypass government-mandated content blocks.
“In the past few months, we have observed that users are able to bypass content, accounts and online services that have been blocked by the government for various reasons by using VPN services,” an anonymous senior official told reporters.
This new set of rules is also seen as necessary, officials admitted, as the controversial data retention law enforced in 2022 by the Indian Computer Emergency Response Service (CERT-In) has proved unsuccessful.
The directive legally requires VPN companies, data centers and cloud providers to log sensitive user information – including real names, verified IP addresses and usage patterns – for up to five years and hand it over to authorities upon request.
Still, major VPN companies, including ExpressVPN, NordVPN, Hide.me, Surfshark, and Proton VPN, found a simple way to avoid compliance — by removing their physical servers from the country.
“They have simply refused to comply. So the need for a full-fledged law is felt,” the senior official told The Indian Express.
What’s at stake for India’s VPN users?
In addition to encrypting user data to increase privacy and security, virtual private networks (VPNs) spoof IP addresses, allowing users to bypass local, state-enforced geo-restrictions.
This capability has become critical for local Internet users. Last month, India saw a massive surge in VPN downloads after the government temporarily blocked messaging app Telegram over concerns about exam cheating.
Just weeks earlier, the Ministry of Electronics and Information Technology (MeitY) ordered VPN companies to actively block access to the decentralized prediction platform Polymarket, threatening legal consequences if they refused.
The proposed framework aims to give New Delhi the necessary legal teeth to compel VPN providers to enforce these content bans on the government’s behalf. Digital rights groups often criticize India’s aggressive approach to censorship; according to data trackers, the country consistently leads the world in government-imposed internet shutdowns.
While specific details of the draft regulations remain scarce, leaked proposals suggest that offshore VPN companies will be required to establish a physical corporate presence in India and appoint local compliance officers to act as direct government liaisons.
Criminal penalties for non-compliance are also on the table, including potential jail terms for local employees if an order is ignored.
However, serious questions remain about how the authorities plan to enforce these rules. For many global VPN providers, keeping their physical servers outside Indian borders has previously been enough to bypass local jurisdiction.
Premium, strict no-logs services are also unlikely to fundamentally change their server infrastructure to comply with New Delhi’s demands — especially after resisting a similar ultimatum four years ago.
Dr. Pete Membrey, Chief Research Officer at ExpressVPN, pointed back to the company’s 2022 decision to become the first major provider to pull its physical servers from India, confirming that its stance remains.
“We will evaluate when a proposal is published,” Membrey told TechRadar, adding that “ExpressVPN will continue to work hard to keep users connected to the open and free internet wherever they are.”
A Surfshark spokesperson also said the company remains committed to maintaining the privacy of its users.
TechRadar reached out to India’s Ministry of Electronics and Information Technology (MeitY) and CERT-In for further clarification on the draft guidelines and an expected timeline for enforcement. Neither agency responded prior to publication.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!



