India Servers out, can you still use Express VPN

• ExpressVPN has removed its servers from India, becoming the first major virtual private network (VPN) provider to do so in the aftermath of the recent cybersecurity rules introduced by the country’s cybersecurity agency.

Why has ExpressVPN removed its servers in India?

• The introduction of the new cybersecurity rules by the Indian Computer Emergency Response Team (CERT-In).
• The VPN providers have no other option but to leave or follow rules.
  • While ExpressVPN is the first to pull its services from India, other VPN providers like NordVPN have also taken a similar stance.

What are India’s new VPN norms?

• The guidelines require VPN service providers along with data centres and cloud service providers, to store information such as names, e-mail IDs, contact numbers, and IP addresses (among other things) of their customers for a period of five years.
• These details are required to fight cybercrime.
  • The industry argues that privacy is the main selling points of VPN services, and such a move would be in breach of the privacy cover provided by VPN platforms.

Concerns related to Rules

• The cybersecurity rules are “broad” and “overreaching”.
  • It opens up the window for potential abuse.
• The damage done by potential misuse of this kind of law outweighs any benefit that lawmakers claim would come from it.
• The rules go against the working of VPNs which provides privacy.

What happens to Indian users of ExpressVPN?

• Indian users of ExpressVPN will still be able to use its service via “virtual” India servers located in Singapore and the UK.

Prelims Takeaway

• VPN and servers
• Guidelines for VPNs by CERT-in
• CERT-In