- VPN providers in India ordered to block access to illegal websites
- MeitY’s request aims to protect the personal data of Indian citizens
- Commitments can conflict with how no-log VPN services work
VPN providers operating in India have been asked to block access to websites that illegally reveal citizens’ personal information following a directive from India’s Ministry of Electronics and Information Technology (MeitY).
The directive, which was issued on December 11, warns that these sites “pose a significant risk to Indian users.”
Authorities highlighted several specific websites that allegedly reveal sensitive personal data, including full names, addresses, mobile numbers and email addresses. According to the guidance, these platforms remain accessible to users connecting via a virtual private network (VPN).
Under the IT Act 2000 and the IT Rules 2021, VPN providers must “make reasonable efforts” to prevent access to websites operating in violation of the law. The directive also explicitly reminds providers of their obligation to assist authorities by providing information necessary to verify identities or investigate cybercrime.
What does this mean for VPN users?
While MeitY’s request aims to protect the personal data of Indian citizens, it fundamentally conflicts with the way the best VPN apps work.
Privacy-first providers operate under a strict no-logs policy. This means that the service does not collect any identifiable information about what users do online when connected to the VPN.
TechRadar has contacted several popular VPN providers to clarify whether and how they intend to comply with these obligations, and we will update this page when we receive a response.
Many companies, including NordVPN, Proton VPN, ExpressVPN and Surfshark, decided to remove their physical servers from India back in 2022. This move was a direct response to the CERT-In regulations, which require VPN and security software providers to store user data – such as IP addresses, real names and usage patterns – and hand it over to authorities upon request.
Not surprisingly, these requirements were considered incompatible with the core purpose of a VPN by the industry.
The latest advisory threatens to reignite the debate between protecting user anonymity and law enforcement’s need for data access to fight crime. But if the industry’s response three years ago is any indication, we expect most VPN companies to prioritize their privacy promises to users and refuse to collect or share data with anyone – including the police.
We test and review VPN services for legitimate recreational use. For example: 1. Accessing a Service from another country (subject to the terms and conditions of that Service). 2. Protecting your online security and enhancing your online privacy when you are abroad. We do not support or condone the use of a VPN service to break the law or carry out illegal activities. Consumption of paid pirated content is neither endorsed nor endorsed by Future Publishing.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
