Press "Enter" to skip to content

CERT-In vs VPNs: Centre unfazed, says directions are ‘essential’ and ‘non-negotiable’ – Moneycontrol

Union Minister Rajeev Chandrasekhar.

Minister of State for Electronics and Information Technology Rajeev Chandrasekhar reiterated the Union government’s unwavering stance on the April 29 directions of the Indian Computer Emergency Response Team (CERT-In) and termed it as ‘essential’ and ‘non-negotiable’.

Earlier in the day, virtual private network (VPN) service provider ExpressVPN removed its servers from the country citing the directions. The British Islands-incorporated VPN termed the directions as “incompatible with the purpose of VPNs, which are designed to keep users’ online activity private”.

ALSO READ: Exclusive: Surfshark in discussion with Indian lawyers, may challenge validity of CERT-In directions

In a statement to Moneycontrol, Chandrasekhar said, “The cybersecurity directions were issued by the Government of India as part of our policy goals of safety and trust in the Internet in India.”

He continued, “Reporting cyber security incidents and ability of all platforms to produce logs and details related to cybersecurity  incidents, when required in investigations, is essential to achieving our policies of safety and trust and are non-negotiable and essential.”

This is the second time that Chandrasekhar has directly addressed VPN service providers who have criticised the directions due to its requirements of maintaining logs of customers including names, IP addresses for a period of five years.

Virtual private network service providers such as NordVPN had said that they may pull their servers from the country due to the directions. Surfshark had said that they were exploring the possibility of legal recourse against it.

Earlier, as a response to these criticisms, Chandrasekhar at a press conference, which was organised to release FAQs on the CERT-In directions, had said that VPN service providers were free to terminate their businesses in the country if they do not comply with the directions.

However, it is not just VPN service providers who are irked due to the requirements of the directions. On May 26, industry associations and lobby groups representing major tech companies across the world wrote to CERT-In, requesting it to stop its implementation. They said that the directions may have “significant adverse impact on organisations that operate in India”.

They cited that directions such as adhering to India-based time servers of National Physical Laboratory, reporting cybersecurity incidents within six hours, logging requirements were “onerous” in nature and will “make it more difficult for companies to do business in India.”