Days after ExpressVPN removed its India servers, virtual private network (VPN) service provider Surfshark announced that it is shutting down its servers in the country, the company said in a release on Tuesday.
The VPN company said that the company's physical servers will be shut down before June 27 -- the day when the directions come into force. In its place, the company will introduce virtual Indian servers, which will be located in Singapore and London.
Justifying the action, Gytis Malinauskas, Head of Legal at Surfshark said, “Surfshark proudly operates under a strict “no logs'' policy, so such new requirements go against the core ethos of the company."
He continued, "The infrastructure that Surfshark runs on has been configured in a way that respects the privacy of our users, and we will not compromise our values – or our technical base.”
Earlier Moneycontrol had reported that Surfshark, Windscribe and NordVPN may voluntarily remove or be forced to remove their Indian servers because of the April 29 cybersecurity-related directions of the Indian Computer Emergency Response Team (CERT-In).
VPN service providers have criticised the April 29 directions due to its requirements of maintaining logs of customers including names, and IP addresses for a period of five years.
Users won't notice difference with virtual servers
Following the removal of Indian servers, Surfshark said that users from the country won't notice any differences in their service while using the virutal servers located in London or Singapore. "They will still be able to connect to whichever server outside the country they please," the company said.
Surfshark explained that virtual servers were functionally identical to physical ones – with the main difference being that they would not be located in the country. "They still provide the same functionality – in this case, getting an Indian IP," it added.
Meanwhile, Surfshark said that it will encourage discussions intended to persuade the government to hear the arguments of the tech industry.
Government unfazed
Last week, after ExpressVPN announced its exit from the country, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar reiterated the Union government’s unwavering stance on the April 29 directions of CERT-In.
In a statement to Moneycontrol, Chandrasekhar said, “The cybersecurity directions were issued by the Government of India as part of our policy goals of safety and trust in the Internet in India.”
He continued, “Reporting cyber security incidents and ability of all platforms to produce logs and details related to cybersecurity incidents, when required in investigations, is essential to achieving our policies of safety and trust and are non-negotiable and essential.”
Will removal of servers put VPNs outside ambit of CERT-In directions?
It is unlikely that ExpressVPN, Surfshark or other service providers who have removed or may remove their India servers in the future, will be outside the ambit of the CERT-In directions.
That is because, in the FAQs on the directions that was released in May, CERT-In had clarified that the directions "are applicable to any entity whatsoever, in the matter of cyber incidents and cyber security incidents". In another FAQ on whether the directions are applicable to service providers who are not located in India but are catering to Indian users, CERT-In had reiterated the same
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
