Quick Take
- MeitY has warned VPN providers that enabling access to blocked betting platforms risks Section 79 safe-harbour protections.
- The advisory specifically names Polymarket and cites the PROG Act, 2025, which bans all real-money gaming in India.
- Users are bypassing blocks via VPNs and converting rupees to USDC and other stablecoins to transact on banned platforms.
The Ministry of Electronics and Information Technology’s Cyber Laws Division has issued a formal advisory directing VPN service providers and online intermediaries to stop enabling access to blocked online betting and prediction market platforms — including Polymarket. MeitY warns VPN firms that failure to comply could result in the loss of safe-harbour protections under Section 79 of the Information Technology Act and exposure to legal action under the Bharatiya Nyaya Sanhita, 2023, and applicable online gaming laws.
The advisory, dated April 25, 2026, notes that users are circumventing government-imposed blocks by routing traffic through VPN services and converting Indian rupees into virtual digital assets — including USD Coin (USDC) and other stablecoins — to participate in platforms that are prohibited under Indian law. The legal basis cited is the Promotion and Regulation of Online Gaming Act, 2025 (PROG Act), which expressly bans all forms of online real-money gaming. The Indian government has blocked over 8,376 illegal gambling and betting websites as of March 28, 2026.
StartupFeed Insight
This advisory is the most significant VPN-specific regulatory action India has issued since the CERT-In VPN logging rules of 2022, and it arrives with a harder legal threat: loss of Section 79 safe harbour. For Indian VPN providers — NordVPN, ExpressVPN, Surfshark, and domestic players like Atlas VPN — this is not an abstract warning. Section 79 is the liability shield that prevents intermediaries from being prosecuted for what users do on their networks. Strip that protection and you expose the company to criminal liability for every blocked site a subscriber accesses.
The crypto angle is equally important: MeitY is now on record that stablecoin-enabled access to banned platforms is a violation, not a grey area. This sets the regulatory table for a formal coordination between MeitY, the RBI, and FIU-India on cross-platform USDC monitoring. Fintech founders building payment rails, wallets, or stablecoin on/off ramps in India should treat this advisory as a direct signal: regulators are watching the crypto-to-VPN-to-betting pipeline, and the next action will likely target the payment layer, not just the access layer. — StartupFeed Desk
What Exactly Did the MeitY Advisory Say?
The advisory from MeitY’s Cyber Laws Division made four specific directions to VPN providers and intermediaries.
First, VPN providers must make reasonable efforts not to host, store, or permit access to unlawful platforms, including Polymarket and similar services blocked under Section 69A of the IT Act. Second, intermediaries are reminded of their due diligence obligations under the IT Rules, 2021 — which require that their platforms not be used to transmit information that violates Indian law. Third, VPN firms must provide information or assistance to government agencies for investigative, protective, or cybersecurity activities within the timelines stipulated by law. Fourth, and most critically, non-compliance may result in the loss of the Section 79 exemption — the foundational safe-harbour provision that protects intermediaries from liability for third-party content.
“Any non-compliance by the intermediaries with the statutory due diligence obligations may result in loss of exemption provided under section 79 of the IT Act and exposure to consequential legal action under applicable laws.”
— MeitY advisory, dated April 25, 2026
What Does MeitY Warns VPN Firms Mean for Safe-Harbour Protections?
Section 79 of the IT Act is the single most important legal provision for every digital intermediary operating in India — from WhatsApp and Google to small VPN providers. It shields companies from criminal or civil liability for content transmitted by users, provided the intermediary meets certain due diligence conditions. MeitY’s advisory is a warning that enabling access to blocked platforms could qualify as a failure of due diligence, triggering loss of that shield.
| Legal Provision | What It Does | MeitY’s Threat |
|---|---|---|
| Section 79, IT Act | Safe-harbour protection for intermediaries — shields them from liability for user content | Non-compliance with VPN advisory may result in loss of this protection |
| Section 69A, IT Act | Empowers government to block online content in the interest of public order, sovereignty, etc. | Legal basis used to block Polymarket and 8,376+ betting sites |
| IT Rules, 2021 | Due diligence obligations for intermediaries, including VPN providers | VPN firms must not facilitate transmission of information violating Indian law |
| PROG Act, 2025 | Prohibits all online real-money gaming in India | Foundation for classifying Polymarket and prediction markets as illegal |
| Bharatiya Nyaya Sanhita, 2023 | India’s revised criminal code replacing the IPC | Cited as applicable law for potential criminal exposure of non-compliant VPN firms |
Why Is Polymarket Specifically Named in the MeitY Advisory?
Polymarket is a US-based cryptocurrency prediction market where users bet on the outcomes of real-world events — elections, sporting results, economic indicators — using USDC. It is officially blocked in India under Section 69A. The platform has nonetheless seen sustained Indian user traffic, primarily via VPN access and crypto wallets that bypass rupee-denominated payment blocks.
IT Secretary S. Krishnan had flagged Polymarket and rival Kalshi on April 22, 2026, describing the enforcement challenge as a “whack-a-mole” problem — platforms resurface through mirror websites, alternate domains, and encrypted access routes even after formal blocking. The April 25 advisory escalates that concern from monitoring to formal legal warning, extending accountability from the platforms themselves to the VPN infrastructure enabling access.
About India’s Online Betting and RMG Regulatory Landscape
India’s Promotion and Regulation of Online Gaming Act, 2025 (PROG Act) banned all forms of online real-money gaming following years of patchwork state-level regulations. As of March 28, 2026, the central government has blocked more than 8,376 illegal gambling and betting websites. Despite these blocks, traffic data suggests major offshore platforms including 1xbet and Parimatch continue to record hundreds of thousands of monthly visits from India via VPN access and mirror sites. The RBI’s MuleHunter.AI tool — currently being integrated with I4C data — is separately targeting the financial transaction layer used to move funds to offshore betting accounts.
What Should VPN Providers Operating in India Do Now?
MeitY has not prescribed a specific technical compliance mechanism in the advisory, but the implication is clear: VPN providers must implement some form of destination filtering to block access to sites on India’s Section 69A blocklist. This is technically complex — VPNs are designed to obscure destination traffic — and raises fundamental questions about whether a VPN that complies with MeitY’s directive can still credibly market itself as a privacy tool.
For domestic VPN providers, the Section 79 threat is existential. For international providers without Indian legal entities, enforcement is harder but not impossible: MeitY can direct app stores to delist non-compliant VPN applications from India, a mechanism it has used before. VPN providers with Indian operations should seek immediate legal counsel on their compliance posture in light of the advisory’s explicit threat to safe-harbour protections.
What’s Next
Watch for two follow-on actions: a potential MeitY direction to Google Play and the Apple App Store to delist VPN applications that do not implement blocklist filtering, and a formal RBI or FIU-India circular targeting USDC and stablecoin on/off ramp providers that enable transactions on blocked platforms. The VPN advisory is the access-layer action; the payment-layer action is the logical next step. Will India’s broader framework produce a workable compliance standard for VPN providers — or will the “whack-a-mole” enforcement dynamic that IT Secretary Krishnan described simply shift the problem to new technical workarounds?
Frequently Asked Questions
What has MeitY warned VPN providers about?
MeitY warns VPN firms to stop enabling user access to blocked online betting and prediction market platforms, including Polymarket, which is banned in India under Section 69A of the IT Act. The advisory states that VPN providers facilitating such access may lose their safe-harbour protections under Section 79 of the IT Act and face legal action under the Bharatiya Nyaya Sanhita, 2023, and online gaming laws.
Is using a VPN to access betting sites illegal in India?
VPNs themselves are not illegal in India. However, using a VPN to access platforms that have been blocked by the government under Section 69A of the IT Act — including Polymarket and other betting sites — violates Indian law. MeitY’s advisory targets VPN providers and intermediaries that enable such access, not individual users directly, though transacting on banned platforms using stablecoins would expose users to financial regulatory risk.
What is the PROG Act, 2025?
The Promotion and Regulation of Online Gaming Act, 2025 (PROG Act) is India’s central law that expressly prohibits all forms of online real-money gaming. It replaced a fragmented landscape of state-level gambling laws and became the primary legal basis for the government’s blocking of over 8,376 betting and gambling websites as of March 2026. Any VPN provider or intermediary that directly or indirectly enables access to platforms violating the PROG Act is considered in breach of its due diligence obligations.
Written by Harshvardhan jain. Published: April 29, 2026. Updated: April 29, 2026. Have a tip? Write to us at editorial@startupfeed.in.
