In response to the recent directions given by the Centre, ExpressVPN on Thursday announced that it has removed its virtual private network (VPN) servers in India. The Government of India recently made it mandatory for VPN service providers to keep user data for at least five years and share records with authorities when required.
The British Virgin Islands-based company said that the directions, which were given by India's Computer Emergency Response Team (CERT-In) and will come into force starting June 27, were "incompatible with the purpose of VPNs" and "overreaching".
Hence, ExpressVPN will no longer have its Indian-based VPN servers. Users will, however, still be able to connect to VPN servers that will give them Indian IP addresses and connect to the internet as if they were located in India, the company said in a blog post.
The "virtual" India VPN servers will be physically located not in the country and will instead be available in Singapore and the UK, the company said.
It also added, "As for Internet users based in India, they can use ExpressVPN confident that their online traffic is not being logged or stored, and that it's not being monitored by their government."
ExpressVPN further said that the law is "incompatible with the purpose of VPNs, which are designed to keep users' online activity private."
"We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it," it explained.
The service provider also assured that it would never collect logs of user activity, including browsing history, traffic destination, data content, or DNS queries. The company also stated that it never stored connection logs, including the logs of IP addresses, outgoing VPN IP addresses, connection timestamps, or session durations.
Apart from ExpressVPN, NordVPN parent Nord Security, Surfshark, and ProtonVPN had raised concerns over the Indian government's directive.