India Eyes Tough VPN Regulations: Offshore Firms May Face Localization and Criminal Penalties
July 3, 2026
India is weighing a broad legal framework to regulate VPN providers, potentially forcing offshore firms to establish a local presence, appoint compliance officers, and face criminal penalties for non-compliance.
Leaked proposals emphasize that offshore VPN companies would need a physical presence in India and local compliance officers to coordinate with authorities.
This push sits within India's longer history of government internet restrictions and ongoing tensions between censorship efforts and digital rights concerns.
Industry voices like ExpressVPN and Surfshark say they remain committed to user privacy and connectivity, even as some providers have pulled servers from India under regulatory pressure.
MeitY and CERT-In have not publicly clarified the draft framework or its enforcement timeline, and major providers have traditionally resisted localization by keeping servers outside India.
The rules would hold VPN providers legally liable when users bypass mandated content blocks, aiming to strengthen enforcement beyond the 2022 data retention regime.
Current evasion tactics—such as removing physical servers from India—have undermined enforcement, prompting calls for a more stringent, formal law.
Criminal penalties could extend to local employees for non-compliance, potentially including prison terms.
Summary based on 1 source
Get a daily email with more Tech stories
Source

TechRadar • Jul 3, 2026
India weighs stricter VPN regulations to stop users from bypassing internet blocks