After ExpressVPN, Surfshark said it is moving its servers out of India in response to the new Indian data rules that require VPN providers to record and keep customers’ logs for 180 days as well as collect and keep excessive customer data for five years.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
“The infrastructure that Surfshark runs on has been configured in a way that respects the privacy of our users and we will not compromise our values – or our technical base,” the company said in a release.
Once the new regulations come into effect, the company will introduce its virtual Indian servers, which will be physically located in Singapore and London. Till the new law is in place, users will be able to connect to servers in India as usual.
Virtual servers are functionally identical to physical ones, the main difference is that they are not located in the stated country. They still provide the same functionality, in this case, getting an Indian IP. Users in India who don’t use Indian servers will not notice any differences and will still be able to connect to whichever server outside the country they please, according to Surfshark.
The company is also concerned that the new measures do not provide the cybersecurity that India needs. Collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to more breaches nationwide, Surfshark noted.