ExpressVPN Removes VPN Servers in India in Response to Data Demands

Colin Thierry Colin Thierry

ExpressVPN announced on Thursday its decision to remove Indian-based VPN servers in response to a recent law introduced in India requiring VPN providers to store user data information for at least five years.

Instead, ExpressVPN will use virtual India servers that are physically located in Singapore and the UK for users still looking to have an Indian IP address. So, if anyone wants to connect to an Indian server, they must simply select the VPN server location “India (via Singapore)” or “India (via UK).”

Under India’s new VPN rule (set to come into effect on June 27), companies will be required to store users’ real names, IP addresses assigned to them, usage patterns, and other sensitive identifying data.

This new law was initiated by India’s Computer Emergency Response Team (CERT-In) and was intended to help fight cybercrime. According to ExpressVPN, this law is incompatible with the purpose of VPNs, which are designed to keep private users’ online activity.

“The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it,” ExpressVPN said in its announcement. “ExpressVPN refuses to participate in the Indian government’s attempts to limit internet freedom. As a company focused on protecting privacy and freedom of expression online, we will continue to fight to keep users connected to the open and free internet with privacy and security, no matter where they are located.”

The VPN provider added that it will never collect logs of user activity, including browsing history, traffic destination, data content, DNS queries, or connection logs.

Ultimately, ExpressVPN clarified that it does not “store or collect any data that could identify an individual and their online activity.” The company outlines all of this in its Privacy Policy.

“Not only is it our policy that we would not accept logging, but we have also specifically designed our VPN servers to not be able to log, including by running in RAM,” ExpressVPN said. “Data centers are unlikely to be able to accommodate this policy and our server architecture under this new regulation, and thus we will move forward without physical servers in India.”

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.