Surfshark announced on Tuesday that it will shut down its servers in India in response to new laws that require VPN providers to store customer logs for up to six months. Under the directive, VPN providers are obligated to store user data, such as names, IP addresses used, emails, and contact numbers.
Surfshark did not provide an exact date when it will officially pull its servers from India. However, the company said it will take place before the laws come into effect on June 27. Until then, users will still be able to access its servers in India.
Surfshark is the second major VPN provider to announce that it will cease operating servers in India. Last week, ExpressVPN announced it had removed its servers from the country.
Surfshark Will Introduce Virtual Indian Servers
In a blog post, Surfshark reiterated its no-logs policy, adding that the new requirement goes against its “the core ethos.” Complying with the new rules would require Surfshark to make changes to the configuration of its technical infrastructure, the company said.
To replace the servers it is planning to shut down, Surfshark said it will introduce virtual Indian servers. While these servers will disguise traffic data to appear as though it is originating from India, the servers will be physically located in Singapore and London.
According to Surfshark, these virtual Indian servers will function identically to the physical servers they will replace. Users will be able to connect to the servers as usual and get Indian IP addresses.
What Is India’s New Law All About?
The new rules, which were announced by the Indian Computer Emergency Response Team (CERT-In) on April 28, 2022, aims to combat cybercrime and improve the country’s cybersecurity defenses.
This directive lists a set of requirements for VPN providers, which includes keeping user logs for a minimum of 180 years and maintaining other customer data for up to five years.
VPN providers are required to collect customer data such as validated names, addresses, and contact numbers, period of hire, IP addresses used, email address and IP address provided at the time of registration, the purpose of using the service, and ownership pattern.
Speaking at an event in May, Indian Minister Rajeev Chandrasekhar said VPN providers will have to comply with the law in order to continue their operations in the country.
“If you don’t have the logs, start maintaining the logs. If you are a VPN that wants to hide and be anonymous about those who use VPNs to do business in India and do not want to go by these rules, then frankly pull out of India. That is the only opportunity you have,” Chandrasekhar said.
Surfshark Warns of Damage to India’s IT Sector
Surfshark noted that the decision of VPN providers to leave India would affect the growth of the country’s “burgeoning” IT sector.
According to Surfshark, since 2004, up to 254.9 million Indian internet service accounts have experienced a data breach, and 18 out of 100 Indians have had their personal information leaked online.
By taking away access to strong VPNs, the Indian government would put the privacy of millions of people at risk, the company said.
“Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide,” Surfshark warned.
A VPN is an indispensable tool in the highly monitored online environment. VPNs offer a secure, anonymous browsing experience by hiding users’ IP addresses and encrypting their traffic data. It also allows users to access geo-restricted content and bypass online censorship.