CERT-In issued guidelines mandating VPS, VPN intermediaries, and data centres to collect users' data for five years.
The Indian Computer Emergency Response Team (CERT-In) is an office within the Ministry of Electronics and Information Technology.
The mandate also requires these companies to report cyber incidents within six hours.
They are also asked to keep track and maintain users' records even after one cancels the subscription.
VPN hides user identity and encrypts their data while also giving access to an IP in a country of your choice.
VPN users are unhappy about CERT-In's recent directive to VPNs to retain Know-Your-Customer (KYC) information.
Source: Indian Express