BENGALURU: The British Virgin Island-based ExpressVPN has removed its servers from India, saying it will continue to fight to keep users connected to the open and free internet with privacy and security.

India’s Computer Emergency Response Team (CERT-In) recently proposed a new data law, under which, virtual private network (VPN) providers have to store users’ names and usage patterns. “Under India’s new VPN rule, which is set to come into effect on June 27, 2022, companies will be required to store users’ real names, IP addresses assigned to them, usage patterns, and other identifying data,” the VPN operator said in a blog post.

“As countries’ data retention laws shift, we frequently find ourselves adjusting our infrastructure to best protect our users’ privacy and security. In this case, that has meant ending operations in India,” it added. Many companies have raised concerns about the new cybersecurity norms, but the government said these details are to fight cybercrime.

According to CERT-In’s directive, in case of any cybersecurity incidents, it has to be reported to the agency within six hours.