According to the new governing law, failing to satisfy the expectations of the Ministry of Electronics and IT might result in a year in prison. Companies must also keep track of and preserve user details long after a user has discontinued his or her service subscription.
The directive does not apply only to VPN services. Both data centres and cloud service providers are included in the same category. Companies will be required to preserve client information even after a subscription or account has been cancelled. In any event, CERT-in will force enterprises to report "unauthorised access to social media accounts" by their users.
The new regulations are likely to take effect 60 days after they are passed, which means they might take effect on July 27, 2022.
For the end-user, this means reduced privacy and probably more expenses. If data was logged, it would be easy to track your browsing and download history. Meanwhile, paid VPN services may increase their subscription prices to cover the costs of the new storage servers they must now employ.