The Indian government has ordered VPN providers to log and hand over user data in an attempt to fight growing cybercrime rates.

The new measures are said to provide the Indian Computer Emergency Response Team, which deals with cyber threats, with more authority and better means to deal with cybercrime.

The new regulations will force VPN providers to both log and hand over information like:

• Name, email address, phone number, and other contact details of their customers;
• The reason why a customer is using a VPN service;
• Both the user’s original IP address, and the IP address assigned to the user by the VPN service;
• The websites they visit and services they use through the VPN;
• User “ownership patterns”.

Existing Indian legislation also requires local Internet Service Providers and data centers to keep logs of all of their systems for a 180-day period. Cryptocurrency exchange platforms are also supposed to carefully store every record of their transactions.

While the official reason for all of these measures is to fight cybercrime, this is also seen as a gross invasion of user privacy.

Most leading VPN providers, including Surfshark, ExpressVPN, and ProtonVPN have already addressed the new Indian legislation, stating they will not comply or do anything that could potentially compromise their clients’ privacy. However, if the Indian authorities keep enforcing the new rules, the country could follow the Russian scenario and end up banning most VPNs from operating in the country.