Surfshark says tata to India; will shut VPN servers in response to data law

New Delhi: Surfshark has become the second VPN service provider to make an exit from India, following the introduction of the new data law, the Netherlands based announced in a blog post. Prior to Surfshark, ExpressVPN had announced winding up its operations in the country in response to the new rules that have made it mandatory for VPN providers to collect and store data of users for at least five years. The new rules, which were announced by CERT-In on April 28, will come into effect starting June 27, 2022. 

Surfshark said that it proudly operates under a strict “no logs" policy, so such new requirements go against the core ethos of the VPN provider. “The infrastructure that Surfshark runs on has been configured in a way that respects the privacy of our users and we will not compromise our values – or our technical base.”  

Surfshark also pointed out VPN is an online privacy tool, and it was founded to make it as easy to use for the common users as possible. The company will be shutting down its physical servers in India before the new law comes into act. Also Read: RBI MPC Updates: OTP no longer needed for auto-debits up to Rs 15,000 via cards, UPI

What is the new data law? 

India’s cybersecurity nodal agency’s rules also make it mandatory for VPN providers to share the information with the law enforcement agencies if required. The company have been asked to store user data such as subscribers' names, allotted IPs, IP addresses of users, email addresses, contact numbers, and ownership patterns. Also Read: Home loan borrowers rejoice! RBI increases housing loan limit by 100%

In the blog post, the company said that “in response to the new Indian data regulation laws, Surfshark is shutting down its servers in India. The new laws require VPN providers to record and keep customers’ logs for 180 days as well as collect and keep excessive customer data for five years.”