India Warns VPNs Over Banned Betting Sites Access

India's MeitY Puts VPN Providers on Notice

India's Ministry of Electronics and Information Technology (MeitY) has issued a formal advisory to VPN service providers and online intermediaries, warning them that facilitating access to banned betting and prediction platforms could cost them critical legal protections. The advisory specifically calls out platforms like Polymarket, which Indian authorities classify as illegal betting or prediction services, and signals that the government is watching how VPNs are being used to circumvent domestic prohibitions.

The core of MeitY's warning centers on Section 79 of India's Information Technology Act, which grants intermediaries, including VPN providers, a "safe harbor" from legal liability for content transmitted through their services. That protection, however, is conditional. It requires intermediaries to exercise due diligence and comply with government directives. MeitY is now making clear that providers who knowingly allow users to reach blocked platforms risk losing that shield entirely.

What Section 79 Safe Harbor Actually Means

Safe harbor provisions are a foundational concept in internet law around the world. They allow platforms, networks, and service providers to operate without being held responsible for every action taken by their users, as long as those providers follow certain rules and respond appropriately to legal notices.

In India's case, Section 79 of the IT Act is what prevents a VPN provider from being prosecuted simply because one of its users visited a restricted website. The moment a provider is deemed to have failed its due diligence obligations, that protection evaporates. MeitY's advisory is essentially a warning shot: continue operating without adequate controls, and you may find yourself legally exposed.

The advisory also flags that users have been combining VPNs with stablecoins to bypass both the content restrictions and the financial monitoring that would otherwise flag transactions to banned platforms. This dual-layer circumvention appears to have prompted the government's more aggressive posture.

The Broader Tension: Privacy Tools vs. Government Enforcement

VPNs exist in a complicated legal and ethical space in many countries. They serve entirely legitimate purposes, protecting journalists, activists, remote workers, and ordinary users from surveillance and data exposure. At the same time, any tool that can obscure a user's online activity can also be used to reach content that a government has decided to block.

India has been tightening its rules around VPN providers for several years. In 2022, the country's Computer Emergency Response Team (CERT-In) introduced mandatory data retention requirements for VPN providers, requiring them to log user activity and store it for five years. Several major providers responded by pulling their physical servers from India rather than comply. MeitY's latest advisory continues that regulatory trajectory, pushing providers toward greater accountability for what their infrastructure enables.

This creates a genuine dilemma for providers. Operating in India means complying with rules that are, by design, in tension with the privacy promises that VPNs are built around. Refusing to comply means exiting the market entirely or operating under significantly elevated legal risk.

The precedent this sets matters beyond India's borders. Governments in other jurisdictions watching this space may see MeitY's approach as a workable model: rather than banning VPNs outright, use existing intermediary liability frameworks to pressure providers into policing their own users.

What This Means For You

If you are a VPN user in India, MeitY's advisory is not a direct warning to you as an individual. It is addressed to providers. However, the downstream effects are real. Providers who choose to comply may begin restricting access to certain categories of sites, logging more user data, or exiting the Indian market altogether. Users who rely on VPNs for legitimate privacy purposes may find their options narrowing.

For users who are accessing platforms that Indian law classifies as illegal betting services, the legal risk sits primarily with them, not just with the VPN provider. Using a VPN does not grant legal immunity from domestic law, and MeitY's advisory reinforces that the government views VPN-assisted access to banned platforms as a compliance failure across the entire chain.

The advisory is also a reminder that the legal status of VPN use varies significantly by country and by use case. What is a protected privacy tool in one context can become a liability in another, depending on what you are using it for and where you are located.

Key Takeaways

• MeitY has warned VPN providers that facilitating access to banned betting platforms could result in the loss of safe harbor protections under India's IT Act.
• Safe harbor under Section 79 is conditional on due diligence; it is not an automatic shield for all providers.
• India's approach reflects a broader regulatory trend of using intermediary liability frameworks to pressure VPN providers rather than banning them outright.
• VPN users in India should understand that using a VPN to access content banned under Indian law carries personal legal risk, regardless of the provider's own compliance status.
• If you use a VPN for legitimate privacy purposes, monitor how your provider responds to regulatory pressure in the markets where you operate.

Governments increasingly understand that controlling access to VPNs directly is difficult. Controlling the providers through legal liability frameworks is considerably more achievable, and India's latest move demonstrates exactly how that pressure gets applied. For anyone using or operating VPN services in regulated markets, staying informed about the legal environment is no longer optional.