India's cybersecurity censor, the Computer Emergency Response Team (CERT-In), will require cloud and VPN providers to register their users. Custodial wallets, exchange, virtual asset providers, cloud providers and even VPN providers will have to
keep records of their customers (KYC) and records of financial transactions for five years. Service providers will maintain logs of their systems for 180 days.
This would defeat the purpose of using a VPN and creates honeypots of data that could be
misused for surveillance or stolen.
CERT-In are claiming that the new requirements will improve the overall cybersecurity posture and ensure a safe and trusted internet in India.
Update: VPN Providers Threaten to Quit India
6th May 2022. See article from wired.com
VPN companies are squaring up for a fight
with the Indian government over new rules designed to change how they operate in the country. On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data204and maintain it for five years or
more204under a new national directive. VPN providers have two months to accede to the rules and start collecting data.
There's a worry other, more liberal governments will follow the Indian-Chinese
model, too. Attacks on end-to-end encryption are commonplace in the UK, while the US joined India, the UK, Japan, Australia, and New Zealand in signing an international statement asking for backdoor access that would subvert encryption standards.
Read the full
article from wired.com