Virtual private network (VPN) provider Surfshark on Tuesday announced that it is shutting down its servers in India as a response to the government’s directive that made it mandatory for VPN service providers to record and keep logs of users for 180 days and collect and keep customer data for five years. Last week, ExpressVPN pulled its VPN servers in the country in response to the government’s order. The Netherlands-based company said it operated under a strict “no log” policy, so the new requirements by the government go against its “core ethos.”
Surfshark said that its physical servers in India would be shut down before the new law comes into power. The company decided to introduce its virtual Indian servers instead of the physical servers in the country that will be located in Singapore and London. The virtual servers will have an Indian IP to provide the same functionality without being physically located in the country.
The move by Surfshark is similar to ExpressVPN, which removed its VPN servers in India last week and started offering virtual Indian servers to its users.
“Virtual servers are functionally identical to physical ones – the main difference is that they’re not located in the stated country. They still provide the same functionality,” Surfshark said.
The company also underlined that its users in India who do not use Indian servers would not notice any differences.
“A VPN is an online privacy tool, and Surfshark was founded to make it as easy to use for the common users as possible. The infrastructure that Surfshark runs on has been configured in a way that respects the privacy of our users, and we will not compromise our values – or our technical base,” said Gytis Malinauskas, Head of Legal at Surfshark, in a prepared statement.
Surfshark also said it would continue to closely “monitor the government’s attempts to limit Internet freedom and encourage discussions intended to persuade the government to hear the arguments of the tech industry.”
The company mentioned that VPN service providers leaving the country were bad for the IT sector.
Citing its internal data, Surfshark said that since 2004, 14.9 billion accounts had been leaked online — of which 254.9 million are users from India.
“Taking such radical action that highly impacts the privacy of millions of people in India will most likely be counterproductive and strongly damage the sector’s growth. Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide,” the company noted.
India’s Computer Emergency Response Team (CERT-In) passed the order requiring VPN service providers to keep a log of their users for at least five years and share them with authorities when required. It will come into force from June 27.
Shortly after the government’s order became public, various VPN service providers expressed their dissent. NordVPN parent Nord Security was among the first to hint at removing its servers from the country if no other options are provided.
Affiliate links may be automatically generated – see our ethics statement for details.