India Eyes Tough VPN Regulations: Offshore Firms May Face Localization and Criminal Penalties

July 3, 2026
India Eyes Tough VPN Regulations: Offshore Firms May Face Localization and Criminal Penalties
  • India is weighing a broad legal framework to regulate VPN providers, potentially forcing offshore firms to establish a local presence, appoint compliance officers, and face criminal penalties for non-compliance.

  • Leaked proposals emphasize that offshore VPN companies would need a physical presence in India and local compliance officers to coordinate with authorities.

  • This push sits within India's longer history of government internet restrictions and ongoing tensions between censorship efforts and digital rights concerns.

  • Industry voices like ExpressVPN and Surfshark say they remain committed to user privacy and connectivity, even as some providers have pulled servers from India under regulatory pressure.

  • MeitY and CERT-In have not publicly clarified the draft framework or its enforcement timeline, and major providers have traditionally resisted localization by keeping servers outside India.

  • The rules would hold VPN providers legally liable when users bypass mandated content blocks, aiming to strengthen enforcement beyond the 2022 data retention regime.

  • Current evasion tactics—such as removing physical servers from India—have undermined enforcement, prompting calls for a more stringent, formal law.

  • Criminal penalties could extend to local employees for non-compliance, potentially including prison terms.

Summary based on 1 source


Get a daily email with more Tech stories

More Stories