Saturday, March 15, 2025

Now NordVPN to remove servers from India over new CERT-In data norms

Date:

Share post:

spot_img

New Delhi, June 14 (IANS) Leading virtual private network (VPN) service provider NordVPN on Tuesday announced it will remove servers from India over a recent cybersecurity directive from the Indian Computer Emergency Response Team (CERT-In).

Panama-based NordVPN joins Surfshark and ExpressVPN in removing its servers from the country over the April 28 directive from India’s cyber agency that seeks additional compliance requirements for all VPN providers whose users are in the country.

“As one of the industry leaders, we adhere to strict privacy policies, which means we don’t collect or store customer data. No-logging features are embedded in our server architecture and are at the core of our principles and standards,” a NordVPN spokesperson said in a statement.

“Moreover, we are committed to protecting the privacy of our customers. Therefore, we are no longer able to keep servers in India,” the company added.

The new cybersecurity norms asked VPN service providers along with data centres and cloud service providers, to store information such as names, email IDs, contact numbers, and IP addresses (among other things) of their customers for a period of five years.

CERT-In later issued a set of clarifications, stating that the rules of maintaining customer logs will not apply to enterprise and corporate virtual private networks (VPNs).

Earlier this month, ExpressVPN announced it has removed its India servers from the country, terming the CERT-In norms as “incompatible with the purpose of VPNs, which are designed to keep users’ online activity private”.

Surfshark later announced to shut down its servers in the country.

Another player Proton VPN said in a tweet that the new CERT-In norms are “an assault on privacy, and that it will continue maintaining its no-log policy”.

“The new Indian VPN regulations are an assault on #privacy and threaten to put citizens under a microscope of surveillance. We remain committed to our no-logs policy and recommend everyone using our servers in India to follow these guidelines,” it had tweeted.

Internet Freedom Foundation (IFF) had called on CERT-In to recall “Directions on Information Security Practices issued on April 28 that go into effect on June 27”.

“These directions are vague. They undermine user privacy and information security, contrary to CERT’s mandate,” the IFF had tweeted.

“At the outset we note that non-compliance of these directions issued under Section 70B carry a potential criminal liability for imprisonment. Hence, there needs to be greater care on, who they apply; what are the compliance demands; and their link to cyber security,” it added.

The directions apply to “all service providers, intermediaries, data centers, body corporate and government organizations”.

spot_img

Related articles

Three suspects arrested in Moga Shiv Sena leader’s murder case

New Delhi, March 15: A joint operation by CIA Moga and CIA Malout resulted in three suspects connected...

India denounces Pak’s ‘fanatical mindset’, says ranting on Kashmir won’t justify cross-border terror

United Nations, March 15: Denouncing Pakistan’s “fanatical mindset”, India’s Permanent Representative P Harish has told Islamabad that ranting...

Injured Neymar ruled out of Brazil World Cup qualifiers

Rio de Janeiro, March 15: Veteran forward Neymar will miss Brazil's World Cup qualifiers against Colombia and Argentina...

Jharkhand: Clashes erupt during Holi procession; shops, vehicles set ablaze

Giridih, March 15: Several people were injured, and multiple shops and vehicles were set on fire after a...