Surfshark became the second major virtual private network (VPN) service to shut down its servers in India, following ExpressVPN, in reaction to India’s new cybersecurity policy, which mandates VPNs to preserve customer data for five years.
“In response to the new Indian data regulation laws, Surfshark is shutting down its servers in India. The new laws require VPN providers to record and keep customers’ logs for 180 days as well as collect and keep excessive customer data for five years,” the company said in a blog post on Tuesday. “Surfshark proudly operates under a strict ‘no logs’ policy, so such new requirements go against the core ethos of the company”.
Prior to Surfshark, ExpressVPN had relocated its servers from India when the Indian Computer Emergency Response Team issued a cybersecurity directive (CERT-In). This may not be the last, since NordVPN, another VPN provider, is considering shutting down its India servers. Before the new law takes effect on June 27, Surfshark said its physical servers in India will be taken down. The corporation will introduce “virtual” Indian servers when the rules take effect, which will be physically situated in Singapore and London.
“VPN suppliers leaving India isn’t good for its burgeoning IT sector. Surfshark’s data shows that since 2004, the year data breaches became widespread, 14.9B accounts have been leaked and a striking 254.9M of them belong to users from India,” the company said.