Implications of India's new VPN rules
Context:
India’s cyber security watchdog Computer Emergency Response Team (CERT-In) had issued a new set of rules for the VPN companies to store personal data of the users. Amidst strong pushback from various concerns, central government had told the companies to either comply with the rules or exit from India.
What are the new sets of rules?
- Storage of Information: VPN companies are advised to store the personal information of the users, like, name, email-id, phone number and IP address for a period of 5 years.
- Mandate for other data service provider: Apart from VPN companies, new sets of rules have also mandated data centers, virtual service network providers and cloud service providers to record and maintain similar data in the form of KYC.
- Mandate for virtual asset providers: Virtual asset service providers, virtual asset exchange providers and custodian wallet providers have the obligations to record same set of data for the same period of time along with financial transactional records.