There could be penalties if they do not comply. "It needs to be seen how the government responds to this once the directions become operational. Some legal experts believe that if a VPN service targets Indian consumers, they will have to abide by the directions. Entities, which do not have a physical presence in India, but offering services in the country also need to designate a point of contact to liaise with CERT-In.īut Top VPN companies say that logging sensitive user data would go against the nature of their services, which are designed to protect user privacy.Īlso Read | Tech companies have a few queries on CERT-In’s cybersecurity rules In an FAQ released on May 18, CERT-In said that the directives are applicable to all entities, regardless if they have a base in India, in case of cyber security incidents. The directive from Indian Computer Emergency Response Team (CERT-In), India’s top cybersecurity agency, is set to take effect at the end of June. The CERT-In directives issued on April 28 mandate VPN companies, among others, to mandatorily maintain basic information about customers and subscribers, including names, IPs allotted, email addresses, purpose of hiring the services and more.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |