VPN Services: Follow rules or leave India: MoS Rajeev Chandrasekhar to VPN service providers

[ad_1]

New Delhi: Virtual Private Network (VPN) service providers that do not adhere to the latest cyber-security guidelines issued by the Indian Computer Emergency Response Team (Cert-In) are “free to leave India” if they do not comply with the rules, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said on Wednesday.

Chandrasekhar was speaking at the release of the Frequently Answered Questions (FAQs) on the Cert-In guidelines, which were issued on April 28.

VPN service providers must follow the law of the land while operating in the country, he said.

“If you don’t have the logs, start maintaining the logs. If you are a VPN that wants to hide and be anonymous about those who use VPNs to do business in India and do not want to go by these rules, then frankly pull out of India. That is the only opportunity you have,” Chandrasekhar said.

The set of directives and guidelines apply to all companies and enterprises operating in India. These include prompt reporting of cyber-security breaches and maintaining customer data, among others.

Apart from enterprises, VPN service providers were asked to maintain a log of their customers, with details such as their names and the purpose for which the VPN service was used.

Discover the stories of your interest



Some VPN service providers had said that they would not comply with the directives and would instead choose to stop their services in India if they were forced to follow the directives.

Chandrasekhar also said that VPN service providers, data centre operators, cloud service providers, and enterprises had an obligation to know who was using their infrastructure so that if there was an incident of a cyber breach from their side, these service providers would be obliged to make available the relevant data to Cert-In.

“At that point, you cannot say that it is our internal rule that we do not maintain log. If you do not maintain logs, then this is not a good place to do business,” he said.

In the FAQs released on Wednesday, Cert-In said that depending on the sector in which the organization was functioning, logs of firewall, intrusion prevention system, web, database, proxy servers, critical system event, and others must be maintained.

ET has reported previously that enterprise and corporate VPN service providers have, however, been exempt from the requirement of maintaining and reporting these logs.

ET had earlier also reported that the government would, while seeking such data from these service providers follow the right administrative or legal process.

Though it is not necessary for VPN service providers to store the log data in India, such data must be produced by them if asked by Cert-In, according to the FAQ. The directives will be applicable 60 days from April 28, when they were first put out.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.

[ad_2]

Source link

https://businesstantra.in/folder