ExpressVPN Removes Its Servers From India

Virtual private network (VPN) service provider ExpressVPN on Thursday said it has withdrawn its servers from India as it is not possible for it to comply with the new CERT-in directive, which mandates the storage of user data for five years. Is. However, the company said in a blog that it will continue to serve Indian customers through its servers located in Singapore and the UK.

Analysts and legal experts said the company cannot be penalized for not complying with Indian laws by continuing to serve Indian customers through its servers in Singapore and the UK. Currently also there are many VPNs which are located outside India but provide services to Indian customers. Such customers require an internet connection and their identities are concealed using a VPN connection, meaning their IP address cannot be tracked. In such cases, if users are visiting sites banned by the government, it becomes difficult to track them.

To check such practices, the Indian Computer Emergency Response Team (CERT-In) on April 28 had come up with a directive that asked all VPNs, cloud service providers, government and private agencies, intermediaries, data centers to store users’ data. It was mandatory to store Such as real names, IP addresses assigned to them, usage patterns and other identifying data for a period of five years. Apart from storing data, CERT-In also asked to compulsorily report incidents of cyber security breaches within six hours of notice. These instructions will come into effect from June 27.

However, these instructions do not apply to VPNs such as AT&T, BT, Verizon, etc. that serve enterprise customers as they already maintain such logs. The instructions are aimed at VPNs that serve retail customers.

The VPN provider said in a blog, “With the recently introduced data law in India requiring all VPN providers to store user information for at least five years, ExpressVPN has replaced our Indian-based VPN servers. It’s a very straightforward decision to remove.” The company further said that its users will still be able to connect to VPN servers (located in Singapore and the UK) which will give them Indian IP addresses and allow them to access the Internet as if they were located in India.

“As the data retention laws of countries change, we often find ourselves adjusting our infrastructure to best protect the privacy and security of our users. In this case, this means ending operations in India. Laws is too broad and so pervasive as to open the window for potential abuse. We believe that the damage caused by the potential abuse of such a law far outweighs any benefit that lawmakers claim it would bring, said ExpressVPN.

However, the government had insisted that the new CERT-in directive has to be followed by all and if anyone does not want to follow the rules, they are free to move out of the country.