India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers

The Indian government recently passed a new law that mandates all internet service providers to collect and store user data for the past five years.

As per the press release of the Indian Computer Emergency Response Team (CERT-In, under the Information Technology Act 2000 provisions of sub-section (6) of section 70B, the agency will collect information from service providers including VPNs, data centers, intermediaries, and body corporate. 

All VPN service providers, VPS (virtual private server) providers, cloud service providers, Know Your Customer (KYC) norms, and practices used by virtual asset service providers, custodian wallet service providers, and virtual asset exchange providers will have to follow the new directives that come into effect on June 27th, 2022.

The new law, according to the press release, aims to fill the gaps that cause hindrance in incident analysis and ensure “safe & trusted Internet in the country.”

What Information Will be Collected?

The new directions cover various aspects of synchronizing ICT system clocks, maintaining ICT system logs, mandatory reporting of cyber incidents within six hours, and providing subscriber/customer registration details.

Furthermore, the agency noted that service providers would collect records of financial transactions for a period of 5 years to offer

Read More: