The Indian Computer Emergency Response Team (CERT-In) has given a breather to the providers of virtual private network (VPN) service in the country. The cyber agency has granted them another three months to comply with its new rules.
What is in the new rules?
The new cybersecurity norms have asked VPN service providers along with data centres and cloud service providers to store information such as names, email IDs, contact numbers, and IP addresses (among other things) of their customers for five years.
- The rules, issued on April 28, were slated to kick into effect on June 26, sixty days after they were issued.
- In an order issued on June 27, CERT noted that MSME sought “reasonable time for generating capacity building required for implementation of these Directions”.
- Also, additional time has been sought as well for implementation of mechanism for validation of subscribers/customers by Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers.
What is a VPN?
- A VPN is a service that protects users online by preventing their IP address from being tracked by websites, law enforcement agencies, cybercriminals and others.
- Corporate employees are the most frequent VPN users, mainly for securely accessing company networks.
India has over 270 million VPN users, about 20% of the country’s population, who use them to access company networks securely, remain anonymous, access geo-restricted content, stay safe on public Wi-Fi networks, and get around internet curbs, among other things.
Note: The new rules do not make using VPNs illegal in India. There is no ban on them.
Which countries have banned VPNs?
- Currently, a handful of governments either regulate or outright ban VPNs.
- These include China, Belarus, Iraq, North Korea, Oman, Russia, and the UAE.
- Other countries have internet censorship laws, which make using a VPN risky.
- CERT-IN, or the Indian Computer Emergency Response Team, is a government-approved organization for upholding information technology (IT) security.
- It was initiated in 2004 by the Department of Information Technology for implementing the provisions of the 2008 Information Technology Amendment Act.
- CERT-In is an organization that functions under the Ministry of Electronics and Information Technology.