scorecardresearch
Proton VPN gets out of India due to govt's new cybersecurity rules, Nord and others left earlier

Proton VPN gets out of India due to govt's new cybersecurity rules, Nord and others left earlier

Earlier, Nord Security and British Virgin Islands-based ExpressVPN also decided to shut their systems in India to protest against the government's new cybersecurity rules. 

Story highlights
  • The new cybersecurity rules were supposed to be enforced on June 28.
  • The CERT-In then extended the deadline to September 25.
  • The rule mandates companies to store India users' data locally.

Swiss internet company Proton, better known for providing virtual-private-network services, is removing its servers from India to "protect" users' privacy. The company decided to shut down servers in the country to protest against upcoming cybersecurity rules, which mandate VPN operators to store Indian users' data locally. Proton is among the major VPN service providers in India and globally. Earlier, Nord Security and British Virgin Islands-based ExpressVPN also decided to shut their systems to protest against the government's new rules.

However, Proton, like its competitors, clarified that users in India will still be able to use its service, and they are rolling out "smart routing servers" to give them an Indian IP address. In a tweet, the company said, "Today, we're removing our VPN servers in India to protect the privacy of our community due to India's new surveillance law. However, we've rolled out smart routing servers to still give you an Indian IP address."

In an interview with The Wall Street Journal, Proton AG Chief Executive Andy Yen said that the new cybersecurity rules by CERT-IN, a department with the Ministry of Electronics and Information Technology "will undermine internet freedom and endanger activists and whistleblowers, who often use VPNs to protect their identities from the government."

He added, "It's going to have a chilling effect. I find it really sad that the world's largest democracy is taking this path."

The new cybersecurity rules were supposed to be enforced on June 28. The CERT-In then extended the deadline to September 25. However, companies have found a way to avoid the new norms. Since VPNs are operated on the internet, many companies don't even need to have servers in India. These companies are shutting down services in India to dodge local laws.

As per new rules, VPN operators will need to store users' data such as names, email IDs, contact numbers, and IP addresses for five years. Moreover, companies may be required to share data with the government when asked. The government argues that rules are integral to national security since VPNs allow users to be anonymous on the web.