Virtual private network (VPN) company ExpressVPN has removed its VPN servers in India to not comply with the government’s directions on keeping user data for at least five years and sharing it with authorities when requested. The move is the first by a VPN service provider to respond to the order that India’s Computer Emergency Response Team (CERT-In) passed in late April and is coming into force from June 27. However, other VPN players also raised concerns over the directions shortly after their announcement.
Here are the 10 important points to explain the removal of ExpressVPN servers from India.
- “With a recent data law introduced in India requiring all VPN providers to store user information for at least five years, ExpressVPN has made the very straightforward decision to remove our Indian-based VPN servers,” the British Virgin Islands-headquartered company said in a blog post released on Thursday.
- ExpressVPN will offer “virtual” India servers to its users to connect as a result of the update.
- The virtual servers will use Indian IP addresses to provide Internet access as if they were located in India, the company said. This means that users outside India will continue to be able to access India-specific content using the VPN service.
- However, the virtual VPN servers will not be located in India and will be based in Singapore and the UK. Users will be able to access the virtual India servers by selecting the VPN server location ‘India (via Singapore)’ or ‘India (via UK)’.
- ExpressVPN has been operating its ‘India (via UK)’ server location for several years. The company also said that virtual locations are used to provide “faster, more reliable connections” to users.
- Users are practically not likely to get any noticeable difference in the experience.
- ExpressVPN said it would never collect logs of user activity and store connection logs of its users.
- The government ordered VPN service providers to keep user logs for at least five years and share them with authorities when required. It also directed service providers to “mandatorily enable logs” of their systems and maintain them securely for a rolling period of 180 days.
- ExpressVPN and other VPN companies expressed concerns over the government order.
- NordVPN parent Nord Security also hinted to remove its servers from India if no other options are given.