July 4, 2026

India’s government is drafting a new legal framework that would force virtual private network providers to establish a physical presence in the country. Appoint compliance officers. Face jail time for local staff who fail to follow orders. The move targets the growing use of VPNs to dodge official internet restrictions.

Officials have watched users slip past blocks on apps, websites and services. The frustration boiled over after recent actions against platforms like Telegram. A senior government official told The Indian Express that VPNs “defeat the purpose” of blocking orders. The 2022 CERT-In directives on data retention simply didn’t work. Providers refused to comply and pulled their servers instead.

So authorities now eye something bigger. The proposed rules would mirror obligations placed on social media giants under the 2021 intermediary guidelines. Local offices. Designated officers to handle government requests. Records that let investigators trace activity. Penalties that include prison terms up to three years for non-compliant employees.

Failed Attempts and Rising Blocks

The 2022 CERT-In rules required VPN operators, cloud providers and virtual private server hosts to collect names, email addresses, IP addresses and usage details. Keep them for five years. Report incidents within six hours. Maintain logs for 180 days. Privacy-focused companies balked. ExpressVPN, NordVPN, Surfshark, Proton VPN and others removed physical servers from India. They shifted to virtual infrastructure based in places like Singapore. Users kept connecting. But the government lost easy access to data.

That standoff left New Delhi with few tools. Meanwhile content blocking exploded. The government issued more than 24,000 orders in 2025. Nearly double the previous year. Many targeted social media posts on X, according to MediaNama.

Recent events sharpened the focus. When authorities blocked Telegram temporarily in June 2026 to stop exam cheating, VPN downloads surged. Proton VPN General Manager David Peterson reported daily registrations from India jumped more than 120%. Similar spikes followed orders against betting sites like Polymarket. MeitY told VPN providers they must make “reasonable efforts” to block access or risk losing safe harbour protections, TechRadar reported in April.

But, enforcement proved tricky. Offshore providers argued their no-logs policies made compliance impossible without gutting their business model. Windscribe went further back in 2022. It said the rules were stricter than those in China or Russia. “It’s highly unfortunate that India decided to go down this route while being the ‘biggest democracy in the world.’”

Local actions added pressure. In Jammu and Kashmir, authorities banned VPN use for two months in several districts starting late 2025. Police acted against over 130 people for having VPN apps on their phones. Some faced detention. Experts called the orders disproportionate and legally questionable. They warned of added strain on residents already under tight digital controls.

And the pattern continues. Blocks on sites leaking personal data. Directives to stop access to unlawful content. Each time, a slice of users turns to VPNs. The government sees this as undermining sovereignty, public order and law enforcement.

Providers that once operated servers in India now route traffic from abroad. This protects user privacy but leaves Indian authorities without direct leverage. The new framework aims to change that by demanding a local footprint. Compliance officers who must respond to directives. Liability that could extend to executives if blocks get bypassed.

Critics worry about the privacy fallout. No-logs VPNs exist precisely because users want protection from surveillance. Forcing data retention or local presence could drive reputable providers out completely. Others might comply but at the cost of user trust. Smaller or local VPNs could fill the gap. Yet they might offer weaker security.

Dr. Pete Membrey of ExpressVPN told TechRadar in the latest report that his company remains committed to privacy. It won’t store logs that could identify users. A Surfshark spokesperson echoed similar resistance.

Still, the government pushes forward. A senior official quoted in NDTV said the goal isn’t monitoring ordinary citizens. It’s giving agencies tools to trace cybercrime, ransomware and unlawful activity hidden behind VPNs. “There has been rampant abuse of VPN services.”

Questions linger on implementation. How exactly would foreign companies be compelled to open Indian offices? What happens if they ignore the law? Jurisdictional overlaps between MeitY, CERT-In, DoT and TRAI already complicate matters. TRAI earlier declined to regulate app-level VPNs, saying they fall under IT rules.

The timing feels deliberate. India’s digital economy grows fast. So does its appetite for control over online speech and access. More than a billion internet users. Widespread smartphone adoption. Content moderation battles on social platforms. VPNs sit at the intersection of privacy rights, national security and regulatory power.

If the framework passes, it could set a precedent for other nations grappling with similar issues. Authoritarian regimes already restrict VPNs. Democracies usually hesitate. India now tests a middle path. Stronger rules without an outright ban. But the line between the two blurs when compliance becomes this demanding.

Users already adapt. They switch providers. Download apps before blocks hit. Use multiple tools. The cat-and-mouse game intensifies. And each new regulation risks pushing more activity underground or toward less trustworthy services.

Industry insiders watch closely. Global VPN firms must decide whether to fight, comply or exit the market. Indian businesses that rely on secure remote access or international connectivity face uncertainty. Privacy advocates warn of eroded digital rights. Law enforcement sees a chance to close loopholes.

No legislation has been tabled yet. Details could shift. But the direction is clear. After years of partial measures and provider pushback, New Delhi wants real accountability from the companies that enable encrypted tunnels across its borders. The question is whether that accountability will come at too high a price for privacy and innovation.

India Prepares Sweeping VPN Rules to Curb Bypass of Content Blocks first appeared on Web and IT News.

Leave a Reply

Your email address will not be published. Required fields are marked *