India plans new law for VPN providers after 2022 rules failed
India is preparing a new legal framework to regulate VPN providers, potentially requiring local offices and compliance officers. This follows the failure of previous 2022 cybersecurity directives to secure compliance.

The Indian government is reportedly developing a new regulatory framework for Virtual Private Network (VPN) providers, which could mandate the establishment of local offices and the appointment of compliance officers. This development, reported by The Indian Express, stems from concerns that VPN services are being used to bypass government-imposed content blocks.
The proposed regulations may also include penalties, including potential jail sentences for local employees, if VPN companies fail to adhere to government directives. Officials cited the ineffectiveness of the 2022 CERT-In directives, which required VPN providers to store certain user data, as a primary reason for the need for a more comprehensive law.
Several privacy-focused VPN providers had previously opposed the 2022 rules, stating they conflicted with their no-logs policies. Companies like Proton VPN and NordVPN resisted compliance, leading some to withdraw their servers from India or serve users from external locations. The government aims to create local contact points to ensure compliance with content blocking orders.
The intensified focus on VPN regulation follows Telegram's temporary blocking in June 2026 amid an investigation into exam paper leaks. During that period, VPN usage in India saw a significant increase as users sought to circumvent the ban. This new legislative push represents India's strongest effort to date to bring VPN providers under its direct regulatory and enforcement umbrella.