India is pushing ahead with its new cybersecurity rules that will require cloud service providers and VPN operators to keep their customer names and their IP addresses despite many players threatening to leave the world’s second-largest internet market because of the new rules.
Indian Computer Emergency Response Team (CERTIN) refined on Wednesday that “service providers, resellers, data centres, legal entities, virtual private server (VPS) providers, cloud service providers, VPN service providers, virtual asset service providers, virtual asset exchange providers, custodial wallet providers and government organizations” must follow a directive called Cyber Security Directions, which was made public late last month.
The new cybersecurity rules will require cloud service providers and VPN operators to maintain the names of their customers and their IP addresses despite many firms threatening to leave the world’s second-largest internet market over the new guidelines that require firms to report security incidents and data breaches within six hours of discovering such incidents.
Rajiv Chandrasekhar, India’s junior information technology minister, told reporters today that six hours was enough for companies – and India was “very generous” – to report security incidents, as any further delay could result in the loss of attackers who act very quickly.
“If you look at priorities around the world – and realize that cybersecurity is a very complex issue where situational awareness of multiple incidents allows us to understand the great power behind it – accurate, timely and mandatory reporting is an absolutely essential part of the ability of CERT and the government to keep the Internet secure at all times,” he said.
Several VPN providers have raised concerns about India’s new cybersecurity regulations. NordVPN, one of the most popular VPN operators, has previously stated that it “may remove” its services from India if “there are no other options.”
“The new Indian VPN regulations are an assault on privacy and threaten to put citizens under a microscope of surveillance. We remain committed to our no-logs policy,” said ProtonVPN
Other service providers, including ExpressVPN and ProtonVPN, also shared their concerns, adding that they may not comply.