All VPN services running servers in India must now comply with a new data law that has now officially come into effect.

Under the new CERT-In regulations, security software companies are legally required to store user data – such as IP addresses, real names and usage patterns – for up to five years. They will also be required to hand over this information to authorities upon request.