India: VPNs That Refuse to Log Customer Data Should Leave the Country

pcmag.com:

The Indian government is telling VPN services to comply with a new policy that requires them to collect data on users or exit the country’s market.  

“If you don’t maintain logs, this is not a good place to do business,” said Rajeev Chandrasekhar, Minister of State for Electronics and IT.

Chandrasekhar made the statement to clarify new rules India adopted last month that intend to help the country respond to cybersecurity incidents. The regulations will essentially require a wide range of internet services to collect and turn over data on users whenever Indian authorities demand the information. 

The new rules also cover VPNs, and demand they log and store information about their Indian users, including the IP addresses allotted to them, along with their name and contact information. The IP address data, in particular, could be used to map out a user's web activities when combined with data from other web services.

On Wednesday, the Indian Computer Emergency Response Team published an FAQ(Opens in a new window) that clarifies that the new policy applies “to any entity whatsoever,” even foreign companies. "Any service provider offering services to the users in the country needs to enable and maintain logs and records of financial transactions in Indian jurisdiction," the document adds.

On the same day, Chandrasekhar also held a press briefing(Opens in a new window) about the rules, where he said: “There is no opportunity for somebody to say we will not follow the laws and rules of India.”

“If you don’t have the logs, start maintaining the logs. If you’re a VPN that wants to hide and be anonymous about those who use VPNs who want to do business in India and you don’t want to apply, you don’t want to go by these rules,