Business Standard

Cert-In extends deadline for VPN cybersecurity norms till Sept 25

CERT-In directions, released on April 28, mandate service providers to keep records of every information and communication technology (ICT) transaction for a minimum of 180 days

The use of VPNs did not re­main confined to business applications.

The new deadline comes after VPN providers, including ExpressVPN, NordVPN, and SurfShark, earlier this month decided to remove their servers in India.

Sourabh Lele New Delhi
India’s Computer Emergency Response Team (CERT-In) has extended until September 25 the deadline to comply with its cyber security norms for Virtual Private Network (VPN) and cloud services, responding after foreign providers said they will remove their servers in the country.

September 25 is the new compliance date for micro, small and medium enterprises (MSMEs). Other businesses, which don’t provide VPN or cloud services, will have to comply with the earlier deadline of June 27.

The September 25 extension will “enable the industry to build the capacity required for the implementation of the cyber security directions,” said the Ministry of

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Jun 28 2022 | 9:54 PM IST

Explore News

To read the full story, subscribe to BS Premium now, at just Rs 249/ month.

Key stories on are available only to BS Premium subscribers.

Register to