CERT-In’s New VPN Rules To Not Be Applicable To Corporate Networks: Report

CERT-In’s New VPN Rules To Not Be Applicable To Corporate Networks: Report

SUMMARY

The recent government mandate directing VPN providers to collect and store their customer data might not be applicable to enterprise or corporate VPNs, as per an ET report

According to Tejasi Panjiar, Capstone Fellow, Internet Freedom Foundation, this clarification doesn’t change the concerns around the mandate for public VPNs to collect and store data

Talking about the impact the new govt mandate rules can have on VPN service providers, Laura Tyrylyte, head of public relations at Nord Security, said “it is safe to say that some impact is expected”

The Indian government’s recent mandate directing virtual private network (VPN) providers to collect and store their customer data for five years or more might not be applicable to enterprise or corporate VPNs.

The Computer Emergency Response Team (CERT-In), which issued the new directions, is likely to put out a list of clarifications to its April 28 mandate and say that the directive to store customer information applies only to those VPNs that offer services to general internet subscribers, according to ET.

“For the purpose of this direction, VPN Service provider refers to an entity that provides “Internet proxy like services” through the use of VPN technologies, standard or proprietary, to general Internet subscribers/users,” CERT-In reportedly said in its FAQ document that has not been made public yet and was exclusively accessed by the publication.

As per the new directions, VPN service providers, data centres, Virtual Private Server (VPS) providers and cloud service providers will have to collect and hold data pertaining to validated names of subscribers/customers hiring the services, period of hire including dates, IPs allotted to/being used by the members, email addresses, IP addresses and time-stamps used at the time of registration/on-boarding and more.

Following this, a few VPN service providers said they would exit India rather than following such a mandate that threatens the basic foundation of VPN. NordVPN has already said that it would exit India if no other options are available.

A large number of experts have also raised questions around the legality of the new rules in the absence of a robust data protection law in the country.

According to Tejasi Panjiar, Capstone Fellow, Internet Freedom Foundation, the clarification doesn’t change the ongoing concern around the mandate for public VPNs to collect and store data.

Public VPN Providers’ Take On the New Directions 

“We are still looking into the new law to better understand what’s required, but from what it seems, we would require to make fundamental changes within our infrastructure, our policies and our values,” said Laura Tyrylyte, head of public relations at Nord Security, earlier this week. “It is difficult to see such a scenario coming to life.

Talking about the impact the new government rules can have on VPN service providers, given India is one of the major VPN markets, Tyrylyte told Inc42 that while it is still a bit too early to predict the amount of impact the mandate would have on NordVPN, “it is safe to say that some impact is expected”. 

“Companies that will decide to remove their servers, will have to look for other means to meet the requirements of customers who used those servers,” she added.

Earlier, Gytis Malinauskas, head of legal department at Surfshark, said that the company was trying to understand the new regulations and their implications, but the overall aim is to continue providing no-logs services to all of its users.

Malinauskas also highlighted the technical challenges which the new rules will raise. 

VPN Market In India

India is one of the largest VPN markets in the world. In the past few years, the VPN usage has grown significantly in the country. VPN installs exploded to a staggering 348.7 Mn in H1 2021, representing a growth of 671% over 2020, as per an Atlas VPN report

The report said that the increase can be attributed to the rapidly evolving digital ecosystem in the country, as India’s internet user base grew at a rate of 24% each year on average from 2015 through 2020.

India was the second-largest market for VPN, with 45% of internet usage happening through VPN, according to the Global VPN Usage Report 2020.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

CERT-In’s New VPN Rules To Not Be Applicable To Corporate Networks: Report-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

CERT-In’s New VPN Rules To Not Be Applicable To Corporate Networks: Report-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

CERT-In’s New VPN Rules To Not Be Applicable To Corporate Networks: Report-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

CERT-In’s New VPN Rules To Not Be Applicable To Corporate Networks: Report-Inc42 Media
CERT-In’s New VPN Rules To Not Be Applicable To Corporate Networks: Report-Inc42 Media
You’re in Good company