India's internet has become more restrictive in recent years. The CERT-In Directive of April 2022 requires VPN providers operating in India to log user data for 5 years — a sweeping requirement that prompted ExpressVPN, NordVPN, ProtonVPN, and most major VPNs to remove their Indian servers rather than comply. GhostShield doesn't operate servers inside India; our Mumbai exit is technically a partner-operated relay that doesn't carry the CERT-In compliance burden.
India blocks 200+ Chinese apps (most prominently TikTok, since 2020), enforces site blocks under the IT Act, and increasingly conducts regional internet shutdowns — most frequently in Jammu and Kashmir, the Northeast, and during civil unrest. The Online Gaming Rules of 2023 add another layer for users accessing online gambling and fantasy sports.
For Indian users, the practical needs are: TikTok access (blocked), Tor-resistant VPN traffic in regions with active surveillance, geographic content unblocking, and protection from the patchy public-WiFi quality at airports, cafés, and railway stations.
International Privacy Standards
Internet freedom varies significantly by country. Organizations like Freedom House track global internet freedom annually, while the EU's GDPR has set new standards for data protection worldwide. Reporters Without Borders monitors press freedom and digital access restrictions globally.
A VPN helps you maintain consistent privacy protections regardless of which country you're browsing from, ensuring your data stays encrypted and your activity stays private.
The privacy landscape in India
The CERT-In Directive of April 2022 is India's most aggressive piece of VPN legislation. It requires any VPN operating inside India to log: customer name, billing address, contact details, IP address assigned to the customer, period for which IP was assigned, validation of IP address ownership, and purpose of use. The retention period is 5 years.
Most reputable VPNs responded by removing their Indian server infrastructure. The handful that comply (mostly Indian-domestic VPNs) effectively can't offer the privacy of a no-logs service. GhostShield's approach is to maintain a Mumbai exit through a partner who doesn't carry the CERT-In compliance burden directly.
At the ISP level, Reliance Jio, Airtel, BSNL, and Vodafone Idea operate under the IT Act 2000 with content blocking enforced through DNS and URL filtering. The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules 2009 give the government authority to issue blocking orders to ISPs — the blocked-site list now includes 200+ apps and thousands of URLs.
India's domestic intelligence (IB) and signals-intelligence (NTRO) operate without significant oversight. There's no equivalent of FISA or the IPA — surveillance authority comes from broad reading of the IT Act and the Telegraph Act 1885.
Top reasons people use a VPN in India
TikTok access is the most common motivation — India banned TikTok in June 2020 alongside 200+ other Chinese apps. Indian creators with millions of pre-ban followers still use VPNs to maintain accounts; Indian users access TikTok content via VPNs to non-restricted countries.
Streaming flexibility is the second use case — Netflix India has a different catalogue than Netflix US (much larger Bollywood and regional content; smaller Western library). Hotstar's premium content varies by region. A VPN unlocks any region.
Privacy from the CERT-In Directive is the third — the 2022 rule means data on Indian VPN servers may be logged. Using a VPN provider that doesn't operate inside India sidesteps this entirely.
Protection during regional shutdowns is the fourth — India leads the world in deliberate internet shutdowns. A VPN doesn't help with a complete shutdown but works when specific apps or sites are blocked while general internet remains accessible.