WhatsApp Channel Join Now
Telegram Group Join Now
| Relevance: GS-II Govt Policies & Regulation; GS-III Cyber Security & Communication Networks | Source: Government policy reports, July 2026 |
Hiding Your Tracks: Why the Government Wants Stricter Rules for VPNs
1 · What exactly happened?
| The Indian Government is working on tough new rules for Virtual Private Network (VPN) companies. Under these proposed rules, VPN firms might have to set up a physical office in India, hire local compliance officers to answer to the police, and could even face jail time if they don’t follow the law.
Why now? VPNs allow people to hide their internet location and access blocked websites. The government feels that its older 2022 CERT-In rule (which asked companies to store user data) wasn’t enough to control them, so they are pushing for a stronger legal net. |
2 · The big debate: Security vs. Privacy
| How does a VPN work? It hides your real internet address (IP) and bounces your connection through a server in another country. This gives you anonymity. But here is the problem: the same tool that protects a whistleblower’s privacy can also help a cybercriminal hide from the police. |
|
The New Plan
Holding them accountable
The government wants local offices and officers who can be questioned. This is very similar to the IT Rules of 2021, which forced big social media companies to have officers in India.
|
The Security Threat
Anonymity helps criminals
Fraudsters use VPNs to run scams, bypass blocked sites, and spread illegal content without being traced. The police want a reliable way to track them down.
|
|
The 2022 Lesson
The rule that backfired
In 2022, CERT-In asked VPNs to keep user data for 5 years and report cyber attacks within 6 hours. Instead of agreeing, many top VPNs simply packed up and moved their servers out of India.
|
Finding a Balance
Target criminals, not everyone
Experts suggest the government shouldn’t track every innocent citizen. Instead, they should use legal treaties to target specific suspects while respecting the new Data Protection law.
|
- The Privacy Angle: VPNs protect ordinary users from being tracked by corporations or hackers. Forcing VPNs to keep logs directly clashes with their “no-log” promise and might violate the Right to Privacy (declared a fundamental right in the Puttaswamy case, 2017).
- Recent Crackdown: In April 2026, the government (MeitY) ordered VPNs to actively block banned gambling and betting websites, no matter where their servers are located.
- The Great Exit: After the strict 2022 rules, big players like ExpressVPN and NordVPN removed their physical servers from India. They now route Indian users through “virtual servers” located in countries like Singapore or the UK, keeping data out of Indian police reach.
- The Global Picture: Countries like China, Russia, and the UAE heavily restrict or completely ban VPNs. India hasn’t banned them, but is rapidly tightening the leash.
| UPSC Prelims Quick Facts | ||||||||||||
|
| MCQ Practice Question |
Q. With reference to cyber security regulation in India, consider the following statements:
Which of the statements given above is/are correct? |
Answer: (a) 1 and 2 only
|
Start Yours at Ajmal IAS – with Mentorship StrategyDisciplineClarityResults that Drives Success
Your dream deserves this moment — begin it here.





