India’s Ministry of Electronics and Information Technology has issued a direct order to VPN service providers: block access to banned betting platforms like Polymarket, or face the loss of safe harbour protections under Indian law. This represents a significant escalation in the government’s grip on illegal gambling and prediction markets, forcing intermediaries into an uncomfortable position between user privacy and regulatory compliance.
Key Takeaways
- MeitY ordered VPN providers to make reasonable efforts to block banned betting platforms including Polymarket or risk losing legal safe harbour status.
- The Promotion and Regulation of Online Gaming Act, 2025 outlawed real money gaming in all forms across India.
- VPN providers are bound by due diligence obligations under IT Rules 2021 requiring them to prevent access to unlawful content.
- Polymarket, an American cryptocurrency-based prediction market, is officially banned and blocked in India.
- This crackdown is part of a broader government effort to eliminate illegal betting and opinion trading platforms.
What India’s VPN Directive Actually Means
The Ministry of Electronics and Information Technology has required VPN service providers and other intermediaries to make reasonable efforts to prevent access to unlawful betting and prediction market platforms. This is not a suggestion. Under the IT Rules 2021, VPN providers are already bound by due diligence obligations that prohibit them from hosting, storing, or permitting access to content that violates Indian law. The new advisory transforms that abstract legal duty into a concrete enforcement target: block Polymarket and similar platforms, or lose the safe harbour protections that shield intermediaries from liability for user-generated content.
What makes this directive particularly aggressive is its scope. VPN providers operate globally but are being asked to enforce India-specific content restrictions. The challenge is immediate: a VPN’s fundamental function is to obscure user location and enable access across borders. Being ordered to restrict access based on geographic origin directly conflicts with the core value proposition VPN users seek. Yet the threat is real—lose safe harbour status, and a VPN provider becomes liable for every user action conducted through its network.
The Polymarket Ban and Broader Gaming Crackdown
Polymarket is an American cryptocurrency-based prediction market where users bet on future outcomes of elections, geopolitical events, and other binary events. In India, it is banned outright. The government’s action flows from The Promotion and Regulation of Online Gaming Act, 2025, which outlawed real money gaming in any form. This is not limited to sports betting or casino-style games—it explicitly encompasses prediction markets and opinion trading platforms, which the Indian government views as illegal gambling masked by different terminology.
The timing matters. India’s broader crackdown on real money gaming reflects both a public health concern and a revenue protection motive—the government wants to ensure gambling tax revenue flows through licensed, regulated channels, not through offshore platforms accessible via VPN. Polymarket’s prohibition of its own users from using VPNs or similar circumvention tools (classified as violations under Section 2.1.4 of its Terms of Service) shows that even the platform itself acknowledges the geographic enforcement game. Yet millions of users worldwide still access restricted content through VPNs, and India’s government has decided VPN providers should be the enforcement arm.
Safe Harbour Protections and the Compliance Trap
Safe harbour protections under Indian law shield intermediaries from liability when they host or transmit third-party content, provided they follow due diligence rules. The threat to withdraw these protections is leverage—it forces VPN providers to choose between their business model and compliance. Without safe harbour status, a VPN provider could theoretically be held liable for any illegal activity conducted by its users, a liability exposure that is economically unsustainable.
The problem is enforcement. How does a VPN provider make reasonable efforts to block access to Polymarket without compromising its core function? VPNs encrypt traffic and obscure user location—the very mechanisms that prevent ISPs and governments from seeing what users do online. A VPN that inspects traffic to identify Polymarket access is a VPN that has fundamentally broken its encryption model. The directive essentially asks VPN providers to perform content filtering, which contradicts their entire value proposition. This creates a practical and philosophical tension that the advisory does not resolve.
What This Means for Global VPN Users and Digital Sovereignty
India’s directive signals a broader shift in how governments approach digital intermediaries. Rather than blocking platforms directly (which India already does through ISP-level filters), the government is now conscripting VPN providers into the enforcement apparatus. This approach has ripple effects beyond India. If VPN providers comply, they set a precedent that governments can demand content filtering based on local law, eroding the global nature of the internet. If they refuse, they risk losing safe harbour protections in a massive market.
The directive also highlights a fundamental conflict between privacy and regulation. Users rely on VPNs precisely to access content their governments restrict. Forcing VPN providers to enforce local bans transforms them from privacy tools into surveillance infrastructure. It is a subtle but profound shift that could reshape how VPN providers operate globally, not just in India.
Can VPN Providers Actually Comply?
Technically, blocking a specific website is straightforward—VPN providers can maintain a blocklist and prevent traffic to Polymarket’s IP addresses and domain names. But this approach is easily circumvented through proxy services, DNS changes, or IP rotation. A determined user will find a way around a blocklist. The question becomes: what level of effort constitutes reasonable efforts? The advisory does not define this threshold, leaving VPN providers in legal ambiguity. Do they need to block only direct access, or also proxies and mirrors? Do they need to monitor and update blocklists continuously? The lack of clarity is intentional—it keeps VPN providers in a state of compliance uncertainty, which favors government enforcement.
FAQ
What happens to VPN providers that don’t comply with India’s order?
They risk losing safe harbour protections under the IT Rules 2021, which shield intermediaries from liability for user-generated content. Without these protections, VPN providers become legally liable for illegal activities conducted through their networks, an exposure that is economically unsustainable.
Is Polymarket the only platform affected by this order?
No. The directive applies to all banned betting and prediction market platforms. Polymarket is the most prominent example, but any platform enabling real money gaming or opinion trading that is prohibited under Indian law falls within the scope.
Can users still access Polymarket in India through a VPN?
Technically yes, if the VPN provider does not comply with the advisory. But as compliance increases, access will become more difficult. Users who do access banned platforms through non-compliant VPNs assume the risk that their activity violates Indian law.
India’s VPN directive represents a new frontier in digital regulation: conscripting private intermediaries to enforce government bans. It is not a technical solution—it is a legal and economic one. By threatening safe harbour status, the government forces VPN providers to choose between their business model and compliance. The outcome will determine whether VPNs remain tools for global access or become localized enforcement infrastructure. For users, regulators, and VPN providers alike, this is a defining moment in the battle over digital sovereignty.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
