Resources › CA MCQ Practice
3 Jul 2026POLITY3 questions

24,000 Blocking Orders and the Tunnel Around Them: India Moves on VPNs

UPSC-standard MCQs with explanations, trap analysis, and approach guide. Answer after the test — not before.

1

Easy

1

Medium

1

Hard

Practice this set

3 questions · full analysis after submission · no sign-up required

Article summary

Officials confirmed on 3 July 2026 that India is developing a legal framework to regulate virtual private network providers, four years after a CERT-In directive requiring five-year retention of subscriber data was met not with compliance but with departure. The proposed framework would require VPN operators to establish physical offices in India, appoint resident compliance officers as government liaisons, retain subscriber records — names, addresses, contact details and IP addresses — for five years, and would expose non-compliant personnel to criminal penalties including imprisonment. The obligations mirror those already applying to significant social media intermediaries under the IT Rules, 2021. The enforcement problem the framework addresses is concrete: the government issued more than 24,000 content-blocking orders in 2025, up from more than 12,000 in 2024, and VPN traffic is precisely what allows users to route around them. When Telegram was briefly blocked before a NEET-UG retest, Proton VPN reported a 120 per cent spike in daily sign-ups from India. The 2022 experience is the reason officials are now considering a physical-presence requirement: after the original deadline was extended from June to September 2022, Proton VPN, NordVPN, ExpressVPN and Surfshark relocated servers out of India rather than store subscriber data, and Proton has publicly said it does not intend to comply this time either.

What this tests

recallTests whether you read the article and retained key facts.
1Q
applicationTests whether you can apply the concept to a new scenario.
1Q
analysisTests whether you can reason across multiple related facts.
1Q

Sample questions — answers revealed after test

POLITYRecallEasy

Q1. With reference to the constitutional framework governing data retention mandates in India, which one of the following statements is correct?

AJustice K.S. Puttaswamy v. Union of India (2017) held that informational privacy is not protected under Article 21, leaving retention mandates unconstrained.
BThe 2022 CERT-In directions were issued under Section 69A of the IT Act, 2000, which supplies the data retention power.
CPuttaswamy (2017) recognised informational privacy under Article 21 and laid down a proportionality standard — legality, legitimate aim, necessity and proportionality — which any mandatory retention framework must satisfy.
DSection 69A of the IT Act, 2000 was struck down in Shreya Singhal v. Union of India (2015).
Answer revealed after you submit the test
POLITYApplicationMedium

Q2. The government issued more than 24,000 content-blocking orders in 2025, up from more than 12,000 in 2024, and is now moving to regulate VPN providers. Which one of the following best explains the connection between the two?

AA VPN routes traffic through an encrypted tunnel to a provider-operated server, so the user's internet service provider cannot see the destination — which defeats network-level blocking and makes the growing body of blocking orders unenforceable against users who employ one.
BVPNs increase the volume of traffic on Indian networks, which is why the number of blocking orders has risen.
CVPN providers are themselves the publishers of the content being blocked, so regulating them addresses the source.
DBlocking orders are addressed to VPN providers rather than to internet service providers, so their compliance is legally required.
Answer revealed after you submit the test
POLITYAnalysisHard

Q3. Consider the following statements: 1. The 2022 CERT-In directions required five-year retention of subscriber data, and the compliance deadline was extended from June to 25 September 2022. 2. Several major VPN providers, including Proton VPN, NordVPN, ExpressVPN and Surfshark, relocated servers out of India rather than comply with those directions. 3. Because those providers withdrew their servers, Indian users were left unable to access VPN services, which is why a fresh regulatory proposal became necessary. Which of the statements given above are correct?

A1 only
B1 and 2 only
C2 and 3 only
D1, 2 and 3
Answer revealed after you submit the test