Bad news today for Indian VPN users as three of the world's top VPN providers have announced that they will be shutting down all of their Indian servers.
The news comes in the wake of the recent announcement from the Indian authorities of a new directive which requires VPN companies operating in the country to store user data and make it available to the authorities there.
VPNs checking out of India
The biggest name to close down its Indian servers is our Editor's Pick for Best VPN right now, ExpressVPN.
In announcing the move, ExpressVPN described the new directive as “overreaching and so broad as to open up the window for potential abuse.”
They went on to say, “we believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it” before stating categorically that “ExpressVPN refuses to participate in the Indian government's attempts to limit internet freedom.”
The next VPN to make a move to shut down its Indian servers was Surfshark VPN, and they were similarly critical in announcing their decision.
Surfshark noted that “VPN suppliers leaving India isn't good for its burgeoning IT sector.”
They highlighted their own research, which suggests that “18 out of every 100 Indians had their personal contact details breached” before going on to say that “collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide.”
Most recently, VPNCity has today joined the exodus from India.
What is the directive causing all the trouble?
As we reported back in April, the Indian Government's Computer Emergency Response Team, known as CERT-in, announced a new directive which would require all VPNs to keep expansive logs on all of their users for a minimum of five years.
The data they would be required to collect includes records of users' names, their physical address, their phone number, their real IP Address, time stamps, their user data, and numerous other bits of personally identifiable data.
There has been widespread criticism of the new directive.
The Internet Freedom Foundation (IFF) put out a strong statement calling this directive a serious privacy violation, and there were warnings that VPN companies and other data processors would choose to exit the country rather than comply with the requirements.
The Indian authorities were robust in their response.
As we reported last month, Indian Minister of State for Electronics and Information Technology Rajeev Chandrasekhar defended the new rules and threatened VPN companies that failed to comply that “they will not be welcome to operate in the country.”
With the deadline for the new directive coming into force on the 27th June, it is now clear that the worst-case scenarios predicted by many are coming to pass and we are seeing an exodus of VPN companies from India.
ExpressVPN, Surfshark VPN, and VPNCity are the first to make such an announcement, but they are unlikely to be the last, and we expect more statements from major VPNs in the coming days.
What can VPN users in India do now?
So, what now for VPN users in India, and indeed internet users more generally?
With the advent of this new directive, there are even more reasons why Indian internet users should be using a VPN to keep their data and their online activity private.
Well, it's not all bad news. The first point to make is that while VPNs are withdrawing their Indian servers, internet users will still be able to access and use all of the above VPNs while inside India.
The only difference is that physical servers located in India will no longer be available.
For some VPN providers such as VPNCity, this will mean users in India need to connect to servers in another country.
But others, including ExpressVPN and Surfshark VPN will be switching to virtual Indian servers instead. These servers will be physically located elsewhere. In the case of both ExpressVPN and Surfshark VPN, they will be in either the UK or Singapore.
However, they will mimic an Indian server, give users an Indian IP Address and do everything a server physically in India would do, but without the legal requirement to store user data.
While virtual servers can sometimes be a bit slower, the reality is that for most Indian VPN users, it will be next to impossible to tell the difference between these new virtual servers and the old physical ones.
In a nutshell, what this development means is that the Indian government will get all the downsides of its new directive (exodus of companies, damage to the country's IT sector) with none of the benefits since Indian internet users can still use VPNs to keep their data private as normal.