The Indian government is preparing a new legal framework to regulate virtual private network (VPN) providers, aiming to address compliance failures under the 2022 rules. The proposed law may require VPN companies to establish offices in India and appoint local compliance officers. It could also impose penalties, including jail terms for local employees, if companies do not follow government directives, according to The Indian Express and medianama.com.
Two senior government officials explained that the new framework would largely mirror the compliance obligations imposed on major social media companies under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The government has observed that users have been bypassing content blocks using VPNs, and the 2022 Cert-In directives mandating VPN providers to store usage data have failed as many companies refused to comply. The officials emphasized the need for a full-fledged law to ensure VPN providers have local points of contact for regulatory enforcement.
This move reflects growing concerns in India over unrestricted access to blocked apps, websites, and online content via VPNs. The government’s efforts to regulate digital intermediaries have intensified following similar compliance frameworks for social media platforms. The new law would strengthen the government’s ability to enforce content restrictions and align VPN providers with existing digital media regulations, marking a significant step in India’s internet governance landscape.
The government’s plan to introduce this legislation follows the ineffective implementation of the 2022 rules and aims to close regulatory gaps. The proposed law’s details are expected to be finalized soon, with officials highlighting the urgency to prevent VPN companies from facilitating access to blocked content without accountability.