Deadline to comply with India's new VPN rules extended

By OneIndia Staff Correspondent

Updated: Tuesday, June 28, 2022, 18:22 [IST]

Add as a preferred source on Google

New Delhi, Jun 28: The Computer Emergency Response Team (CERT-In) has extended the deadline for the new cyber security directives that mandate virtual private network providers to store customer data for up to five years, giving them and micro, small & medium enterprises (MSMEs) time until September 25 to implement the rules.

"Also, additional time has been sought as well for implementation of mechanism for validation of subscribers/customers by Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers," CERT said in its notification.

It added that the "requirement relating to the aspects of registration and maintenance of validated names of subscribers/customers hiring the services and validated address and contact numbers by Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers...will become effective on 25th September, 2022".

The Indian Computer Emergency Response Team (CERT-In) serves as the national agency for performing various functions in the area of cyber security in the country as per provisions of section 70B of the IT Act, 2000. CERT-In continuously analyses cyber threats and handles cyber incidents tracked and reported to it. CERT-In issued directions relating to information security practices in exercise of powers bestowed u/s 70B(6) of the Information Technology Act to promote Open, Safe & Trusted and Accountable Internet in the country on 28 April, 2022.

Subsequently, in response to general queries received by CERT-In, a set of Frequently Asked Questions (FAQs) document was also released by Union minister for electronics and information technology Rajeev Chandrasekhar on 18 May, 2022 to enable better understanding of various stakeholders as well as to promote Open, Safe & Trusted and Accountable Internet in the country.

MeitY and CERT-In are in receipt of requests for the extension of timelines for implementation of these Cyber Security Directions of 28th April, 2022 in respect of Micro, Small and Medium Enterprises (MSMEs). Further, additional time has been sought for implementation of mechanism for validation of subscribers/customers by Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers.

The matter has been considered by CERT-In and it has been decided to provide extension till 25 September, 2022 to Micro, Small and Medium Enterprises (MSMEs) in order to enable them to build capacity required for the implementation of the Cyber Security Directions. In addition, Data Centres, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers are also provided with additional time till 25 September, 2022 for implementation of mechanisms relating to the validation aspects of the of subscribers/customers details.