NordVPN removes servers from India over cyber security directive

NordVPN, a virtual private network (VPN) service provider, will remove servers from India over a recent cyber security directive from the Indian Computer Emergency Response Team (CERT-In).
VPN for PC customersEarlier, Surfshark and ExpressVPN announced the removal of servers from India over the April 28 directive from India’s cyber agency that seeks additional compliance requirements for all VPN providers whose users are in the country.

“We adhere to strict privacy policies, which means we don’t collect or store customer data. No-logging features are embedded in our server architecture and are at the core of our principles and standards,” a NordVPN spokesperson said in a statement.

“Moreover, we are committed to protecting the privacy of our customers. Therefore, we are no longer able to keep servers in India.”

The new cybersecurity norms asked VPN service providers along with data centers and cloud service providers, to store information such as names, email IDs, contact numbers, and IP addresses (among other things) of their customers for a period of five years.

CERT-In later issued a set of clarifications, stating that the rules of maintaining customer logs will not apply to enterprise and corporate virtual private networks (VPNs).

Earlier this month, ExpressVPN announced it removed its India servers from the country, terming the CERT-In norms as incompatible with the purpose of VPNs, which are designed to keep users’ online activity private.

Surfshark also announced to shut down its servers in the country.

Proton VPN said in a tweet that the new CERT-In norms are an assault on privacy, and that it will continue maintaining its no-log policy.

Internet Freedom Foundation (IFF) called on CERT-In to recall directions on information security practices issued on April 28 that go into effect on June 27.