Explained: Why ExpressVPN pulled its servers from India, and what happens to users now
ExpressVPN has pulled its servers from India, becoming the first major virtual private network (VPN) provider to do so following recent cybersecurity rules introduced by the country’s cybersecurity agency. The rules require VPN providers to store user data for a period of five years. ExpressVPN has stated that it “refuses to participate in the Indian government’s attempts to limit internet freedom”.
Why did ExpressVPN remove its servers in India?
In a blog post, the British Virgin Islands-based company said that with the introduction of the new cybersecurity rules by India’s Computer Emergency Response Team (CERT-In), it had made a “decision very easy to delete our India-based VPN”. servers”. While ExpressVPN is the first to withdraw its services from India, other VPN providers like NordVPN have also taken a similar stance.
The company’s decision comes after Minister of State for Electronics and Information and Technology Rajeev Chandrashekhar warned VPN companies that if they do not meet the standards, they are free to leave the country. Last month, he said, “If you’re a VPN who wants to hide and remain anonymous about who is using VPNs and you don’t want to abide by these rules, then if you want to get out (of the country), frankly , this is the only opportunity you will have. You will have to withdraw.
What are India’s new VPN standards?
The guidelines, published by CERT-In on April 26, required VPN service providers as well as data centers and cloud service providers to store information such as names, email IDs, contact numbers and the IP addresses (among others) of their customers for a period of five years. The government said it wanted these details to fight cybercrime, but the industry argues that privacy is the main selling point of VPN services, and such a move would be in violation of the privacy blanket provided by VPN platforms.
The best of Express Premium
ExpressVPN described the cybersecurity rules as “broad” and “exaggerated”.
“The law is also too broad and so broad that it opens the door to potential abuse. We believe the harm from potential misuse of this type of law far outweighs any benefit lawmakers claim to derive from it,” ExpressVPN said.
He added that while CERT-In’s rules are intended to combat cybercrime, they are “inconsistent with the purpose of VPNs, which are designed to keep users’ online activity private.”
So what happens to Indian ExpressVPN users?
Indian users of ExpressVPN will still be able to use its service through “virtual” Indian servers located in Singapore and the UK.
“We will never collect user activity logs, including browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, which means that there are no IP address logs, outbound VPN IP addresses, connection timestamps, or session durations,” the company said.