Last Updated:
Government Issues Directive to VPN Providers Over Data Security Breaches
This directive is part of India’s ongoing campaign for enhanced data accountability. Representational image
The Ministry of Electronics and Information Technology (MeitY) has officially mandated Virtual Private Network (VPN) service providers and online intermediaries to immediately restrict access to websites identified as leaking personal information of Indian citizens. This critical action highlights the government’s heightened urgency to protect digital privacy and counter the rising threats of identity theft and financial fraud, which are increasingly attributed to data breaches.
In its advisory issued on December 11, MeitY pointed fingers at specific platforms, such as proxyearth.org and leakdata.org, which allegedly operate in breach of Indian law by exposing sensitive personal information—including names, mobile numbers, and addresses—accessible merely by inputting an Indian mobile number. The ministry emphasized that this unauthorized disclosure poses a serious risk, facilitating scams and endangering user safety.
A significant aspect of the advisory is the spotlight on VPN services. The ministry clarified that, despite efforts by Internet Service Providers (ISPs) to block these malicious sites, they often remain reachable via VPNs, necessitating direct intervention from the providers themselves. The directive serves as a reminder to all intermediaries—including VPN providers, cloud service suppliers, and social media platforms—of their responsibilities under the Information Technology (IT) Act, 2000, and the IT Rules, 2021. These regulations require immediate and effective actions to prevent unlawful or privacy-violating content from being hosted or shared.
Top Videos
Billionaire Romesh Wadhwani Warns Of AI Bubble, With Right Strategy India Can Dominate Tech Revolution
Why Only 1 In 5 AI Professionals In India Are Women | Watch
Amazon Stock Price At Record High After $38 Billion Computing Deal With OpenAI | Watch
Hamas Accused Israel Of Delaying Aid To Gaza, Says May Affect Hostage Release | Gaza Aid | N18G
DeepSeek Vs OpenAI | Microsoft And Openai Probe Unauthorized Data Access Linked To Deepseek Ai |N18G
Crucially, the government has warned that non-compliance with this directive could lead to significant legal consequences. Companies that fail to adhere risk losing the safe-harbor protections typically afforded under Section 79 of the IT Act, which generally protects them from liabilities related to third-party content. The forfeiture of this protection could expose intermediaries to legal repercussions outlined in the IT Act and the newly enacted Bharatiya Nyaya Sanhita, 2023.
This initiative is part of a broader and increasingly rigorous framework in India aimed at ensuring data accountability. It follows a controversial 2022 regulation by the Indian Computer Emergency Response Team (CERT-In), which mandated VPN providers to maintain verified customer data for five years, leading many major global VPN services to withdraw their physical servers from the Indian market. The latest advisory solidifies the stance that all entities within the Indian digital environment, irrespective of their operational models, must proactively ensure compliance with national data security and privacy protocols.
Click here to add News18 as your preferred news source on Google.
December 13, 2025, 06:42 IST
