New Delhi: The Government of India is working on a comprehensive legal framework to regulate Virtual Private Network services more strictly. Under the proposed law, VPN providers may be required to establish a local office in India and appoint a compliance officer to coordinate with government authorities.
Local Office Requirement Proposed
According to government sources, the Centre’s primary concern is that VPN services are increasingly being used to bypass restrictions on apps, websites and online content blocked within India. Officials believe this undermines the effectiveness of government-issued content blocking orders.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The proposed legislation could require VPN companies to maintain a registered presence in India and appoint an authorised compliance officer responsible for responding to government directives, legal notices and grievance requests.
Officials are also considering penal provisions, including possible imprisonment for local employees in cases of non-compliance.
2022 CERT-In Rules Revisited
In 2022, the Indian Computer Emergency Response Team directed VPN providers to retain customer information, including names, email addresses, contact numbers, IP addresses and other details, for five years.
However, the government believes the directive did not achieve the intended outcome, as several major VPN companies chose to withdraw their physical servers from India instead of complying.
Following the 2022 directive, major VPN providers including Proton VPN, NordVPN, ExpressVPN and Surfshark removed their physical servers from India and began routing Indian users’ traffic through servers located in other countries.
VPN Enforcement Challenge
VPN services allow users to conceal their real IP addresses by routing internet traffic through servers located outside their country. This enables users to browse anonymously and access digital content that may be geo-blocked or restricted within India.
Government officials say the number of content-blocking orders issued in India has increased significantly in recent years, making VPN-based circumvention a growing regulatory concern.
Officials believe requiring VPN providers to establish a local presence would make it easier to issue enforceable directions to restrict access to prohibited online content. At present, the absence of local representatives for many foreign VPN companies makes regulatory enforcement difficult.
The proposed legal framework is still under discussion, and the government has not yet made an official announcement. If enacted, the law could significantly tighten compliance obligations for VPN service providers operating in India.
