India's cybersecurity censor, the Computer Emergency Response Team (CERT-In), will require cloud and VPN providers to register their users. Custodial wallets, exchange, virtual asset providers, cloud providers and even VPN providers will have to
keep records of their customers (KYC) and records of financial transactions for five years. Service providers will maintain logs of their systems for 180 days.
This would defeat the purpose of using a VPN and creates honeypots of data that could be
misused for surveillance or stolen.
CERT-In are claiming that the new requirements will improve the overall cybersecurity posture and ensure a safe and trusted internet in India.