NordVPN Announces Tuesday It Will Remove Servers India On the recent cyber security directive of the Indian Computer Emergency Response Team (CERT-In).
Panama-based NordVPN joins Surfshark and ExpressVPN in removing their servers from the country following an April 28 directive from India’s cyber agency, which seeks additional compliance requirements for all VPN providers whose users are in the country.
“As one of the industry leaders, we follow strict privacy policies, which means we do not collect or store customer data. No-logging features are embedded in our server architecture and at the core of our principles and standards,” a NordVPN spokesperson said in a statement.
“In addition, we are committed to protecting the privacy of our customers. Therefore, we are no longer able to have servers in India,” the company said.
The new cyber security norms have allowed VPN service providers to store information such as names, email IDs, contact numbers and IP addresses (among other things) of their customers in data centers and cloud service providers as well for a period of five years. Told.
CERT-In later issued a set of clarifications, stating that the rules for maintaining customer logs would not apply to enterprise and corporate virtual private networks (VPNs).
Earlier this month, ExpressVPN announced that it had removed its India servers from the country, citing CERT-in norms “incompatible with the purpose of VPNs,” which are designed to keep users’ online activity private. Huh.
Surfshark later announced the closure of its servers in the country.
Another player, ProtonVPN, said in a tweet that the new CERT-in criteria “are an attack on privacy, and it will continue to maintain its no-logs policy”.
“The new Indian VPN rules are an attack on #privacy and threaten to put citizens under a microscope of surveillance. We remain committed to our no-logs policy and advise all people using our servers in India to follow these guidelines,” it had tweeted.
The Internet Freedom Foundation (IFF) called on CERT-In to recall “Guidelines on Information Security Practices issued on 28 April which come into force on 27 June”.
“These instructions are vague. They undermine user privacy and information security, contrary to the mandate of CERT,” the IFF had tweeted.
“At the outset we note that non-compliance of these instructions issued under section 70B carries potential criminal liability for imprisonment. Therefore, there is a need to pay more attention to who they apply to; what are the compliance demands ; and their link to cyber security,” it added.
The directives apply to “all service providers, intermediaries, data centres, bodies corporate and government organisations”.
read all breaking news , today’s fresh news watch top videos And live TV Here.