5 min readNew DelhiUpdated: Jul 3, 2026 09:44 AM IST
The Centre is working on an expansive legal framework to curtail virtual private network (VPN) providers that could require them to establish a local India presence and appoint key personnel to serve as a liaison with the government, The Indian Express has learnt.
This comes after a controversial directive in 2022 by the Indian Computer Emergency Response Team (Cert-In) which required VPN service providers to store a vast amount of customer data, including their names, email IDs, contact numbers and IP addresses.
However, a new legal framework is now being seen as necessary due to an implicit acknowledgement that the 2022 directives may not have been able to yield satisfactory results. The primary concern that the government has is that VPNs are being increasingly used by people to get around the blocking of apps and online content.
The new framework could require VPN operators to establish offices in India and hire compliance officers who can address grievances raised by the government, two senior government officials told The Indian Express. Penal consequences, including jail terms for local employees, are also being considered in case of non-compliance, it is understood. Much of these requirements and penalties are also present for large social media companies under India’s Information Technology (IT) Rules, 2021.
“In the last few months, we have been observing that users are able to bypass content, accounts and online services that have been blocked by the government on various grounds by using VPN services. The 2022 Cert-In directives that required VPN providers to store some usage data have not managed to rein in these companies as they have simply refused to comply. So, the need for a full-fledged law is being felt,” a senior government official said, requesting anonymity.
Queries sent to the Ministry of Electronics and IT did not elicit a response until publication.
VPN services allow users to mask their IP addresses and browse the Internet via servers located elsewhere, making it appear like the traffic is coming from a different jurisdiction, while hiding the original location. India’s censorship orders typically require companies to geo-block content within the country’s jurisdiction, so, by using a VPN server located in the US, for instance, people can visit content that has been blocked here. They are also a way to anonymously browse the web, and are largely seen as a privacy-enhancing service.
Story continues below this ad
Why VPN?
VPN services allow users to mask their IP addresses and browse the Internet via servers located elsewhere. So, users can browse the web anonymously and also visit content that has been blocked in India by using a VPN server located outside the country.
India has stepped up its content blocking ecosystem in recent years, with over 24,000 orders issued in 2025, up from the over 12,000 orders it had issued in 2024, The Indian Express had earlier reported.
Another official said the need for having local points of contact for VPN companies is being felt so that the government can direct these services to not allow access to content that is being blocked, as such services “otherwise defeat the purpose”.
For instance, when the Centre temporarily blocked Telegram ahead of the NEET-UG retest last month, David Peterson, general manager at Proton VPN, a major VPN provider, said that daily registrations for the service from India jumped by more than 120%. Peterson’s post on X and his account were both blocked in India after he shared this information.
The 2022 Cert-In directive required VPN service providers along with data centres and cloud service providers, to store information such as names, email IDs, contact numbers and IP addresses (among other things) of their customers for a period of five years. In response, VPN operators like Proton VPN, NordVPN, ExpressVPN and Surfshark, had removed their servers physically located in India and had started routing traffic coming from India via Singapore.
Story continues below this ad
“We have no intention of complying with this invasive mass surveillance law, leaving us no choice but to remove our VPN servers from Indian jurisdiction,” Proton VPN had said at the time.

