Back in May, India’s CERT (Computer Emergency Response Team) and the Ministry of Electronics and Information Technology (MeitY) came up with new cybersecurity policies that required VPN providers to store user data, and these were set to go live on June 27. However, after much backlash, CERT-In has decided to delay the new VPN policy by three months. Here are the details to know.
CERT-in has now announced that the new VPN policy will now come into effect, starting September 25, thus, giving VPN providers more time to comply with the new rules.
CERT-In extends timelines for enforcement of Cyber Security Directions till 25 September, 2022 for MSMEs and for the validation aspects of subscribers/customers details.For details visit https://t.co/Biq8LVAvwrhttps://t.co/WF4mJv3jO4— CERT-In (@IndianCERT) June 28, 2022
To refresh your memory, the new policy requires VPN providers and more to store user data like their names, IP addresses, email addresses, and phone numbers for at least five years. This is meant to curb cyber attacks. However, is clearly against the main purpose of these services, which is to provide users with a privacy-focused experience.
