10 Golam Sovan Lane, Kolkata-700016
perfect computer logo

Is VPN Legal in India 2023?

After the order of CERT, many VPN companies have shut down their servers in India. Leading VPN providers, Surfshark, NordVPN and ExpressVPN, withdrew their servers from india. The Indian Government has also banned the use of VPN and Cloud services by it's employees.

Virtual Private Network (VPN) technology allows users to create a secure connection to another network over the internet. It is often used to access blocked websites, protect privacy, and encrypt internet traffic.

In India, the use of VPNs has long been a topic of debate, with many wondering whether or not it is legal to use a VPN in the country. In this blog post, we will explore the legality of VPNs in India and examine the various restrictions and limitations placed on their use.

In India, VPNs are generally legal to use. However, the government does place some restrictions on their use.

According to the Indian government's Information Technology Act, 2000, it is legal to use a VPN as long as it is not used for illegal activities such as hacking, distributing illegal content, or committing cybercrime.

There have been instances where the Indian government has blocked certain VPNs and proxy websites in order to prevent access to specific content. For example, in 2017, the government blocked several VPNs and proxy websites in an effort to curb the spread of false news and rumors on social media.

Despite these restrictions, VPNs are still widely used in India for a variety of purposes, including accessing blocked websites, protecting personal privacy, and securing internet connections.

It is important to note that while VPNs are legal in India, they should be used with caution. It is always a good idea to research and choose a reputable VPN provider that respects your privacy and follows industry-standard protocols for security.

All this debate whether it is legal to use a VPN in India started after the government of India ordered through a directive by Cyber Agency Computer Emergency Response Team (CERT-In) dated April 28. According to AtlasVPN's global index, India ranks among the top 20 countries in VPN adoption with 270 million users. Here's why VPN service providers are upset, what the new rules say, do they make using VPNs illegal in India and more.

Why people use VPN?

VPNs are still widely used in India for a variety of purposes. Many people use VPNs to access blocked websites and bypass internet censorship. In India, there are a number of websites and online platforms that are blocked by the government for various reasons. These include websites that contain illegal or inappropriate content, as well as websites that are seen as a threat to national security or public order. VPNs allow users to bypass these blocks and access the content they want to see.

Another reason why people use VPNs in India is to protect their privacy. In recent years, there has been a growing concern about online privacy and the amount of personal data that is collected by companies and government agencies. VPNs allow users to encrypt their internet traffic, making it difficult for anyone to monitor or track their online activities. This is especially useful for people who are concerned about their privacy and want to protect themselves from cyber threats such as hacking and identity theft.

In addition to these benefits, VPNs are also useful for securing internet connections. When using a public WiFi hotspot, for example, it is important to be aware of the risks associated with using an unsecured connection. VPNs allow users to create a secure connection to the internet, protecting them from potential cyber threats such as man-in-the-middle attacks and malicious software.

Despite the many benefits of VPNs, it is important to use them with caution. Not all VPNs are created equal, and it is important to choose a reputable provider that follows industry-standard protocols for security and privacy. It is also important to be aware of the laws and regulations that govern the use of VPNs in India, and to use them only for legal purposes.

What exactly does the new VPN rule say?

Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer duration as mandated by the law after any cancellation or withdrawal of the registration as the case may be:

* Validated names of subscribers/customers hiring the services

* Period of hire including dates

* IPs allotted to / being used by the members

* Email address and IP address and time stamp used at the time of registration / on-boarding

* Purpose for hiring services

* Validated address and contact numbers

* Ownership pattern of the subscribers / customers hiring services

The new directions apply to "all service providers, intermediaries, data centres, corporate and government organizations". CERT-In, however, clarified on May 12 that the rules of maintaining customer logs would apply only for individual VPN customers and not to enterprise or corporate VPNs.

That means that a VPN company with servers in India may no longer be able to guarantee privacy for its users. The sole purpose of using a VPN will be destroyed. Many VPN companies have objected to these new laws but the Government of India stands firm on its decision. The Indian Government have asked the VPN companies to either follow rules or leave India.

At a recent press conference on the Cert-In guidelines, Chandrasekhar told reporters that the government would adopt a “zero-tolerance” policy on anonymity being a cover for online crimes, and that production of evidence was an “unambiguous obligation" on VPN service providers, social media intermediaries, and instant messaging platforms.

What VPN companies say about this?

NordVPN published a blog on 20 June, 2022 about the company’s stand on the new VPN rules. It says “Many major VPN providers adhere to strict privacy policies, which means that they don't collect or store customer data. No-logging features are usually embedded in their server architecture, and it would be complicated for providers to change it. Moreover, a reliable VPN company wouldn't agree to such a requirement for ethical and reputational reasons. So the passing of this law would mean that many premium VPN services would no longer be able to keep servers or even operate in India.

As a result, on June 26, 2022 NordVPN will shut down its servers operating in India. However, apart from this, NordVPN services will operate as usual in the country.” NordVPN’s decision follows similar directions taken by ExpressVPN and SurfShark, both of which have removed servers in the country. It’s unclear how popular VPN services are in India, but on their sites the aforementioned firms say they are used by millions of users worldwide.

Top VPN companies shuts down servers in India

Many top VPN companies have announced that they will be shutting down their servers in India. Last week, leading virtual private network providers, Surfshark, NordVPN and ExpressVPN, withdrew their servers from india. The VPNs have alleged that cybersecurity directives issued on 28 april 2022 by the indian computer emergency response team would render their privacy-oriented business model meaningless, as they require them to log details of all the persons who access their servers.

Does this mean that these VPN service providers will not serve users in India?

NordVPN in the blog published on 20 June, 2022 says “NordVPN services will operate as usual in the country”. ExpressVPN said that its users will still be able to use the service to connect to servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India. “These “virtual” India servers will instead be physically located in Singapore and the UK,” said ExpressVPN. Surfshark said the same thing, “After the new regulations come into effect, we’ll introduce our virtual Indian servers – which will be physically located in Singapore and London. Users will be able to find them in our regular list of servers,” the company said.
Virtual servers function identical to physical ones. The only difference is the server is not located in the stated country. However, it will provide the VPN user with an Indian IP address and will look like the user is connecting to the internet from India.

India Government bans VPN and Cloud services for employees

The Indian government has banned employees from using VPN services like NordVPN, ExpressVPN etc. The mandate came days after ExpressVPN, Surfshark and NordVPN said they would stop offering their services in the country following a directive by the Indian Computer Emergency Response Team (Cert-In) regulating the VPN companies.

The directive also urges government employees not to save “any internal, restricted or confidential government data files on any non-government cloud service such as Google Drive or Dropbox.”

“In order to sensitize the government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled,” NIC said in an internal document, titled Cyber Security Guidelines for Government Employees. Economic Times has reviewed a copy of the document.

“All government employees, including temporary, contractual/outsourced resources are required to strictly adhere to the guidelines mentioned in this document. Any non-compliance may be acted upon by the respective CISOs/Department heads,” according to the internal document.

Will it make VPN illegal in India?

No, the new rules do not make using VPNs illegal in India. There is no ban on them for the local people but it restricts its employees from using VPN services and cloud storages. The government has introduced some restrictions for users and more compliance rules for VPN companies. The government wants to regulate the use of VPNs. This, as per the government, has been done to fight cybercrime and in the interest of national security.

India was the third most cyber-attacked country in the Asia Pacific, according to IBM Security’s Threat Intelligence Index, 2022. The Ministry for Electronics and Information Technology stated that there were more than 1.6 million cyber security incidents reported in India as of February 2022, in response to a question in the Lok Sabha. A secure cyberspace is critical to India’s aspiration to be a $1 trillion digital economy. However, the country cannot achieve this objective without carefully crafting cyber security rules that respond to the evolving needs of an emerging technology sector.


In conclusion, VPNs are legal in India as long as they are not used for illegal activities. They are a useful tool for accessing blocked websites, protecting personal privacy, and securing internet connections. However, it is important to choose a reputable provider and use VPNs with caution in order to ensure that they are used in a legal and responsible manner.

I hope this article increased your knowledge about the new VPN rules in India. Do share your love by subscribing to our newsletter and sharing the article with your friends and family.

Also, If you need any kind of desktop, laptop, or printer repair services in Kolkata or Howrah, then you can contact us. We will take care of everything. We offer home service to our customers at no extra cost. One our qualified engineer will visit your home/office and repair your laptop then and there. We have helped many customers and have a reputed name in the repair business. Do give us a call if you are interested.