Proton VPN, a popular virtual private network provider, has removed its physical servers from India in response to the new CERT-In guidelines for such service providers to maintain user logs for five years.
In a statement to ET, the Switzerland-based company has called the new guidelines, which came into effect at the end of June, “highly regressive and represent a significant increase in government intrusion into people’s private lives”.
“Proton has no intention of ever complying with this or any other mass surveillance law. Quite the opposite, we are proud to invest in technology that bypasses surveillance and censorship and provides private access for all users to a free internet,” said Andy Yen, founder and CEO of Proton.
However, the VPN service will continue to be available to users in India, and to those requiring an Indian IP address.
“We could not in good conscience simply pull out of India and leave people cut off. That’s why we have put our money where our mouth is and put in place new protections for Indian users,” Edward Stone, communications lead at Proton AG, told ET.
The new protection includes “smart routing” servers, based in Singapore, which allow users to connect to Indian IP addresses from a remote server. This will help users access Indian internet securely, but from servers physically located outside the jurisdiction of the Indian government, and therefore not be subject to the logging rules, the company said in a press release.
Proton VPN has surpassed 1,700 VPN servers worldwide in India. The company said it has a strict no-logs policy, and has also removed servers from Hong Kong, Belarus and Myanmar in a bid to defend secure internet access, raising more than $1 million for causes that protect privacy and freedom.
Proton has also confirmed to ET that its other products, including Proton Mail and Proton Calendar, will continue to be available for users in India.
The CERT-In guidelines have asked internet proxy companies and consumer-facing VPN providers operating in India to collect and store sensitive user data, including IP address, names, contact information, time stamps and usage patterns for five years.
The development follows the exit of other VPN providers including ExpressVPN, Surfshark, and NordVPN. All three have only removed their physical servers from India, without disrupting the service.