Cert-In extends deadline for VPN cybersecurity norms till Sept 25

CERT-In directions, released on April 28, mandate service providers to keep records of every information and communication technology (ICT) transaction for a minimum of 180 days

India’s Computer Emergency Response Team (CERT-In) has extended until September 25 the deadline to comply with its cyber security norms for Virtual Private Network (VPN) and cloud services, responding after foreign providers said they will remove their servers in the country.

September 25 is the new compliance date for micro, small and medium enterprises (MSMEs). Other businesses, which don’t provide VPN or cloud services, will have to comply with the earlier deadline of June 27.

The September 25 extension will “enable the industry to build the capacity required for the implementation of the cyber security directions,” said the Ministry of