/
/
Are VPNS Banned in India?

Are VPNs Banned in India? India VPN Laws Explained (2026)

The current legal status, CERT-In logging rules, Telegram blocks and what Indian VPN users should understand

15-minute read
Dark cyber-security illustration of India with VPN privacy, network protection and blocked online access
India has not imposed a blanket ban on ordinary VPN use, but VPN providers operate under strict cyber-security and due-diligence rules.

Are VPNs banned in India? No—not as a blanket rule for ordinary users. India has not introduced a general national law that makes VPN apps illegal to download, install or use for normal privacy, security, remote-work or public-Wi-Fi protection.

The confusion comes from three different issues being mixed together. First, CERT-In requires VPN service providers and similar infrastructure providers to keep specified customer information for five years or longer. Second, the government can block particular websites, apps or online services under Indian law. Third, a 2026 MeitY advisory warned VPN providers and intermediaries about facilitating access to illegal and blocked online betting and prediction-market platforms.

So the accurate answer is: VPNs are legal to use in India, but VPN providers are regulated and VPNs cannot be used as a shield for unlawful activity. For a country-specific provider overview, see our guide to VPNs for India.

Current verdict

Not banned, but regulated. Ordinary VPN use remains lawful in India, while providers face data-retention and due-diligence duties. Using a VPN does not make fraud, hacking, illegal betting, piracy or access to prohibited services lawful.

Users

No blanket VPN ban

There is no general national rule that criminalises ordinary VPN use by an individual simply because the person connects through a VPN.

Providers

CERT-In logging duties apply

VPN service providers must retain specific customer and IP-related information for five years or longer under CERT-In’s 2022 directions.

Misuse

Illegal activity stays illegal

A VPN does not legalise fraud, hacking, illegal betting, cybercrime, copyright infringement or deliberate access to services blocked under law.

Blocks

Apps and websites can be blocked

India can restrict public access to specific information, websites or apps. That is different from banning VPN technology itself.

Is VPN Legal in India in 2026?

Yes, ordinary VPN use is legal in India. The better way to describe India’s position is not “VPN ban”, but “VPN regulation”. A person using a VPN for safer public Wi-Fi, privacy, remote work, research or secure access to a company network is not automatically breaking the law merely because a VPN is involved.

The important limit is what the VPN is used for. If the underlying activity is unlawful, the VPN does not fix that. A VPN may hide or change an IP address from a website, but it does not remove legal duties relating to fraud, cybercrime, illegal gambling, unauthorised access, prohibited content, copyright infringement or compliance with valid blocking orders.

Question Current status What it means
Can individuals use VPNs in India? There is no blanket national ban on ordinary VPN use for privacy, security or remote access.
Are VPN companies unregulated? Regulated CERT-In directions require VPN service providers to collect and retain specified subscriber information.
Can India block apps and websites? Yes, in specified cases Section 69A allows blocking of public access to information through computer resources under listed grounds and safeguards.
Can a VPN be used for illegal betting or prediction markets? High risk MeitY has warned VPN providers and intermediaries against facilitating access to illegal and blocked betting or prediction-market platforms.
Are corporate VPNs banned? Business VPNs remain a normal part of secure remote access, but organisations must still comply with cyber-security and legal obligations.
Are no-log VPNs affected? Yes, if operating within scope The CERT-In retention requirement conflicts with strict no-log models, which is why some providers removed physical Indian servers.

What Do India’s CERT-In VPN Rules Say?

The key Indian VPN rule is found in the CERT-In Cyber Security Directions dated 28 April 2022. CERT-In is India’s national cyber incident response agency under the Information Technology Act, 2000. Its directions apply to several categories of service providers, including data centres, virtual private server providers, cloud service providers and VPN service providers.

The rule most often associated with VPNs requires those providers to register and retain accurate subscriber or customer information for five years or longer after cancellation or withdrawal of the service.

Information VPN providers must retain

  • validated names of subscribers or customers hiring the services;
  • the period of hire, including dates;
  • IP addresses allotted to or being used by members;
  • email address, IP address and timestamp used at registration or onboarding;
  • the purpose for hiring the service;
  • validated address and contact numbers;
  • ownership pattern of subscribers or customers hiring the services.

Important distinction: CERT-In did not ban VPNs. It imposed data-retention and cyber-incident cooperation duties on providers. That is why the rule created a major privacy controversy without making the ordinary act of connecting to a VPN illegal.

VPN Users vs VPN Providers: Who Do the Rules Target?

Most confusion comes from treating provider rules as user bans. The CERT-In VPN data-retention direction is aimed at providers that supply VPN services and related infrastructure. It tells those providers what customer information must be registered and how long that information must be retained.

An ordinary user opening a VPN app is not the same as a VPN provider operating servers, onboarding customers and responding to lawful information requests. That is why an individual user can generally use a VPN lawfully while the company behind the VPN may still face compliance obligations.

Does India require every VPN user to keep logs?

No. The CERT-In record-keeping requirement is written for providers, not individual users keeping personal records of their own browsing.

Can authorities request information?

Yes. Covered entities can be required to provide information or assistance for cyber incident response, prevention, investigation or lawful compliance.

Why did some providers leave India?

Some privacy-first VPN companies removed physical Indian servers because the retention requirement conflicted with strict no-log promises.

Are virtual India servers the same legally?

A virtual location may give users an Indian IP address without hosting the physical server in India, but users should still read each provider’s jurisdiction and privacy disclosures.

Did the Telegram Block Mean VPNs Were Banned?

No. The Telegram incident was a temporary block of a specific messaging platform, not a national VPN ban. In June 2026, India temporarily blocked Telegram until 22 June in connection with alleged exam fraud around the NEET re-examination. Telegram challenged the order, but a Delhi court rejected its bid to overturn the temporary block on 19 June.

The block mattered for VPN search demand because many users looked for ways to keep accessing Telegram. Reports from the same week said VPN registrations and rival messaging-app downloads increased after the restriction. That surge does not mean VPNs became illegal; it means a platform block created stronger demand for circumvention tools.

Legal caution: there is a difference between using a VPN for general privacy and using a VPN specifically to bypass a valid government block. Readers who need a wider legal overview should check whether using a VPN to unblock websites is legal before assuming a VPN changes the rules. The article should explain the legal status, the risk and the distinction between VPN technology and the activity performed through it.

Can You Use a VPN to Access Blocked Websites in India?

This is the highest-risk part of the topic. India can issue directions for blocking public access to information through a computer resource under Section 69A of the Information Technology Act, 2000. The blocking framework is aimed at access to specific information, websites, apps or services under defined grounds such as sovereignty and integrity of India, defence, security of the state, friendly relations with foreign states, public order or prevention of incitement to certain offences.

That does not equal a blanket ban on VPNs. It means a particular website, service, URL, app or category of information may be blocked even while VPN software itself remains lawful. For broader context, see our explainer on why websites get blocked.

MeitY’s 2026 VPN advisory on betting and prediction markets

In April 2026, MeitY issued an advisory to VPN service providers and intermediaries about illegal and blocked online betting and prediction-market platforms. The advisory said certain users were misusing VPN services to access blocked platforms and warned intermediaries, including VPN service providers, about due-diligence obligations under the IT Act and IT Rules.

That advisory is important because it shows how Indian policy may treat VPN misuse. It does not say every VPN app is banned. It says VPN providers and intermediaries must make reasonable efforts not to facilitate access to unlawful or blocked platforms.

Restrictive networks and obfuscation

On some restrictive networks, normal VPN traffic may be throttled, filtered or easier to identify. Obfuscation is designed to make VPN traffic look less like standard VPN traffic, but it should not be treated as permission to bypass a lawful block. For the technical background, read our guide to how obfuscated VPN servers work.

Privacy use

Protecting traffic on public Wi-Fi, reducing IP exposure and securing remote work are normal VPN use cases.

Circumvention risk

Using a VPN to access a blocked or unlawful service can create legal and account-level risk depending on the service and the order.

Provider duties

VPN companies may need to preserve subscriber records, respond to lawful requests and avoid facilitating unlawful access.

No immunity

A VPN may hide the user’s IP from a website, but it does not provide immunity from investigation or liability for illegal conduct.

Why Did Some VPN Companies Remove Indian Servers?

After the CERT-In directions were issued, several VPN providers objected to the five-year customer-information requirement because it conflicted with their no-log marketing and technical operating models. Some responded by removing physical servers from India while continuing to offer Indian IP addresses through virtual locations hosted elsewhere.

This is another reason searchers ask whether VPNs are banned in India. The answer is still no. A provider removing servers because it does not want to comply with a logging rule is not the same as the government banning VPN users. It is a business response to a regulatory environment.

India VPN Law Timeline: From CERT-In Rules to the Telegram Block

28 April 2022

CERT-In issues cyber-security directions

The directions introduce cyber-incident reporting duties, 180-day system log retention for many entities and five-year customer-information retention for VPN, VPS, cloud and data-centre providers.

2022 onward

Privacy-focused providers reassess Indian servers

Some VPN providers remove physical Indian servers or shift to virtual India locations in response to the retention requirements.

April 2026

MeitY issues VPN and intermediary advisory

The advisory warns about VPN and intermediary facilitation of access to illegal and blocked online betting and prediction-market platforms.

16 June 2026

India temporarily blocks Telegram

Telegram is temporarily restricted until 22 June over alleged NEET-related exam fraud, creating new public interest in VPN access and online blocks.

19 June 2026

Delhi court rejects Telegram’s appeal

Reuters reported that Telegram lost its bid to overturn the temporary blocking order, with the court finding the government’s action legal and reasonable in the exam-fraud context.

21 June 2026

Current position

VPNs remain lawful for ordinary use in India, but providers operate under significant compliance duties and blocked-service circumvention remains risky.

What Indian VPN Users Should Do Now

For ordinary users, the practical position is simple: use a VPN for legitimate privacy and security purposes, but do not assume it gives permission to access unlawful or blocked services. If your goal is lawful access and privacy rather than evading illegal services, compare VPNs for accessing blocked websites with the same legal caution in mind.

  • Use VPNs for lawful privacy, public-Wi-Fi protection, remote work and secure access to business systems.
  • Do not rely on a VPN to access illegal betting, fraud, hacking, piracy or other prohibited services.
  • Check whether a VPN provider operates physical Indian servers or only virtual Indian locations.
  • Read the provider’s India-specific privacy and logging disclosures instead of relying only on generic “no logs” claims.
  • Remember that a website, school, employer, platform or payment provider may still enforce its own access rules.

Common Myths About a VPN Ban in India

Myth: India has banned all VPNs.
Reality: India has not imposed a blanket VPN ban. It regulates VPN providers and can block specific online services.
Myth: Using a VPN is automatically a crime.
Reality: Ordinary VPN use is generally lawful. The legal risk depends on the activity, not the VPN label alone.
Myth: CERT-In banned no-log VPNs.
Reality: CERT-In imposed retention duties on providers. Some no-log providers chose to remove Indian infrastructure rather than comply.
Myth: A VPN makes blocked websites legal.
Reality: A VPN does not cancel a blocking order or legal prohibition. Circumventing restrictions can still be risky.
Myth: Telegram being blocked means VPNs are next.
Reality: The Telegram block was a temporary platform-specific action. It increased VPN interest, but it was not a VPN ban.
Myth: VPN providers never have to share data.
Reality: Covered providers may have data-retention and lawful cooperation duties, especially where cyber incidents or prohibited services are involved.

Frequently Asked Questions

Are VPNs banned in India?

No. India has not imposed a blanket national ban on VPN software or ordinary VPN use. The more accurate position is that VPN providers are regulated and certain online services may be blocked.

Is using a VPN illegal in India?

Using a VPN is not illegal by itself. Using a VPN for unlawful activity, fraud, hacking, illegal betting, piracy or deliberate access to prohibited services can still create legal risk.

Do CERT-In VPN rules apply to me as a normal user?

The five-year customer-information retention requirement is directed at VPN service providers and similar infrastructure providers. A normal user is not required to keep those provider records personally.

What data must VPN providers keep in India?

CERT-In’s directions require covered providers to keep accurate customer details such as validated names, period of hire, allotted IPs, registration email and IP timestamp, purpose, validated address, contact numbers and ownership patterns for five years or longer.

Can I use a VPN to access Telegram in India?

The Telegram block created a spike in VPN interest, but using a VPN to get around a government blocking order can carry risk. The safer explanation is that VPN technology is not banned, but bypassing a block may be a separate legal issue.

Are corporate VPNs legal in India?

Yes. Corporate VPNs are commonly used for secure remote access. Companies should still comply with cyber-security, data-retention, incident-reporting and lawful information-request obligations that apply to them.

Why do some VPNs no longer have Indian servers?

Some providers removed physical Indian servers because the CERT-In data-retention requirement conflicted with their no-log operating model. Some still provide virtual Indian IP addresses through servers located outside India.

Can the government track VPN use in India?

A VPN can hide activity from some networks and websites, but it is not invisibility. Providers, payment records, device data, platform records and lawful requests can still become relevant in investigations.

Sources Used for This India VPN Law Explainer

This article separates ordinary VPN use, provider duties, blocking powers and the Telegram incident by relying on official Indian legal and cyber-security sources, plus current reporting for the June 2026 Telegram block.

Martin Needs, cybersecurity reviewer

Reviewed by Martin Needs

Director at NeedSec LTD and Lead Technical Assessor for FindCheapVPNs. Martin reviews VPN protocol, privacy, security and regulatory claims against primary legislation, official guidance and practical network-security considerations.