The field of best VPN providers shutting down their Indian servers is getting crowded, with NordVPN being the latest to join the pool of existing providers.
Following ExpressVPN’s departure from India, Surfshark’s promise to remove its physical servers, and Hide.me’s announcement yesterday to shut down, the Panama-based provider confirmed its commitment to protecting its customers’ privacy.
“As advocates of digital privacy and security, we are concerned about the potential effect this regulation could have on people’s data,” said NordVPN’s head of public relations Laura Tyrylyte.
“So we can no longer maintain servers in India.”
Expected to take effect in approximately two weeks, India’s new CERT-In guidelines will force VPN companies to retain user data for up to five years. This will include sensitive information such as IP addresses, real names and usage patterns. Providers will also have to share this information with authorities when necessary.
“In the past, similar regulations were typically introduced by authoritarian governments to gain more control over their citizens. If democracies follow suit, this has the potential to affect people’s privacy as well as their freedom of expression,” Laura Tyrylyte, from NordVPN told us.
What about NordVPN users in India?
Like Hide.me, NordVPN has not released any plans to introduce virtual servers as an alternative option for users who want to browse safely with an Indian IP location.
This means NordVPN subscribers based in the country will have to choose one of their servers available outside Indian borders. The provider currently has over 5,500 fast and reliable servers in 60 countries – some of which are located in neighboring areas such as Thailand, Vietnam and Indonesia.
People in India will be able to protect their anonymity and circumvent any restrictions as usual. However, they may want to enable the NordVPN split tunnel option to exclude VPN protection from those apps that require a local IP to grant access.
NordVPN’s Indian servers will remain active until June 26, the day before the CERT-In regulations take effect. “To ensure our users are aware of this decision, we will be sending notifications with the full information through the NordVPN app starting June 20th,” said Tyrylyte.
Why is India’s new data retention law controversial?
While India’s new data retention law is an attempt to fight cybercrime, its regulations have raised many concerns across the tech industry and privacy advocacy groups.
due to a retrograde media freedom (opens in new tab) and the infamy of recording more internet shutdowns than any other country (opens in new tab) experts are concerned that such intrusive regulations could easily be misused to promote mass surveillance and undermine citizens’ civil liberties.
Additionally, VPN providers are just some of the companies that will have to comply with the new CERT-In directives. Other services include data centers, cloud storage services, virtual private servers (VPS) and cryptocurrency exchanges.
The amount of private information stored will then be enormous, across thousands of different companies. This raises not a few doubts about the feasibility of new regulations. On this point, Laura Tyrylyte of NordVPN said, “It’s hard to imagine that everyone, especially small and medium-sized businesses, will have the proper means to ensure the security of this data.”
And it’s not just privacy concerns. India’s new data law is also believed to have a negative impact on its rapidly growing IT sector, perhaps translating into higher fees for India’s VPN users in general.