India ask VPN providers to collect data on users

The Computer Emergency Response Team (CERT-In), India’s cybersecurity body, would encourage government agencies, enterprises, service providers, data centers, and intermediaries to report cyber events within six hours.
“To effectively fight cybercrime, all companies and enterprises must mandatorily report cyber incidents to IndianCERT New CyberSecurity directions for a SafeAndTrusted Internet issued under Sec 70b of IT Act,” Rajeev Chandrasekhar, Union minister of state for electronics and IT said.
Cloud and VPN companies will also be required to register their consumers via CERT-In. Custodial wallets, exchanges, virtual asset providers, cloud providers, and even VPN providers will be required to preserve client records (KYC) and financial transaction data for a period of five years. For 180 days, service providers will keep logs of their systems.
This defeats the point of utilising a VPN and produces data honeypots that might be exploited for spying or stolen.

If you would like to contact us send an email at: [email protected]