The use of virtual private networks (VPNs) is completely legal in India, although the government has recently made it mandatory for providers to collect user data. To ensure optimal security and protection, it is recommended to use a VPN with obfuscated servers, a strict no-logs policy, an automatic switch, and protection against leaks. On September 25th, the Indian government will be implementing a new law that will hinder the effectiveness of VPNs. This law requires VPN providers to collect customer information and provide it to a special government team upon request.
As a result, many VPN providers have chosen to shut down their servers in India rather than violate their security standards. This new regulation has potential implications for users in India and millions of VPN users around the world. ExpressVPN, based in the British Virgin Islands; Private Internet Access, based in the United States; and Surfshark VPN, based in Lithuania, have all removed their servers from India in an attempt to protect the privacy of their users. These companies have stated that they will never collect logs of user activity, including browsing history, traffic destination, data content, or DNS queries.
The Indian IT Emergency Response Team (CERT) has said that the new rules will apply to VPN providers starting September 25th. Major VPN services have shut down their service in India as there is no way to comply with this law without violating their own privacy protection standards. ExpressVPN has refused to participate in the Indian government's attempts to limit Internet freedom. For those who need an India-based IP address, ExpressVPN offers virtual server locations “India” (via Singapore) or “India” (via the United Kingdom).
Other VPN services may also offer virtual server locations outside of India for users who want to use an Indian IP address.