NordVPN said that VPN companies will not be able to guarantee privacy for their users under the new rules, hence it will remove its server on June 26
Similar regulations were typically introduced by authoritarian governments in the past in order to gain more control over their citizens: NordVPN to Inc42
After ExpressVPN and Surfshark, NordVPN is the third major player in the space to announce the removal of servers from India
NordVPN has decided to remove all its physical servers from India, making it the third major virtual private network (VPN) provider after ExpressVPN and Surfshark to do so.
The company will shut its servers on June 26, a day before the Indian Computer Emergency Response Team’s (CERT-In’s) new directives for VPN players come into effect.
“…a VPN company with servers in India may no longer be able to guarantee privacy for its users. In light of this, NordVPN has made the decision to remove all its servers from India. The servers will be removed on the 26 June, 2022,” the company said in a statement to Inc42.
“…we are committed to protecting the privacy of our customers. Therefore, we are no longer able to keep servers in India…In order to ensure that our users are aware of this decision, we will send notifications with the full information via the NordVPN app starting 20 June,” it added.
Lashing out at the government’s new directives, NordVPN spokesperson Laura Tyrylyte said that similar regulations were typically introduced by authoritarian governments in the past in order to gain more control over their citizens.
“If democracies follow the same path, it has the potential to affect people’s privacy as well as their freedom of speech. One way or another, this law will likely have a negative impact on people’s privacy and digital security,” Tyrylyte added.
NordVPN said that the new directives move would lead to a huge spurt in stored private data across thousands of smaller companies, and small and medium enterprises may not have the proper means to ensure security of such data.
What Are The New Rules?
In April this year, CERT-In issued an order mandating all private VPNs, cloud service providers and other allied organisations to collect user data and store them for five years or more.
Internet activists slammed the directives, saying that the new rules have the potential to enable state-sponsored mass surveillance, commercial profiling and censorship. Afterwards, CERT-In clarified its stance on the matter saying enterprise and corporate VPNs would be exempt from maintaining customer logs.
However, VPN companies continue to leave the country in droves, refusing to comply with the new mandates. On the other hand, the Centre too has refused to change its stance, asking VPN players to either follow the rules or terminate their businesses in the country.
According to a report, India is the second-largest VPN market in the world, accounting for 45% of internet usage routed through VPNs.