Yes, using a VPN is legal in Maryland, provided it is not employed to conceal illegal activities. The state does not impose outright bans on VPN usage, aligning with federal standards under the Computer Fraud and Abuse Act (CFAA). However, Maryland’s 2026 cybersecurity compliance framework, overseen by the Maryland Cybersecurity Council, mandates that businesses using VPNs for remote access must implement multi-factor authentication (MFA) and adhere to NIST SP 800-63B guidelines. Personal use remains unrestricted unless tied to fraudulent or prohibited conduct, such as bypassing geo-restrictions to access copyrighted content.
Key Regulations for Using a VPN in Maryland
- Prohibition of Illicit Activities: VPNs cannot be used to engage in hacking, identity theft, or other cybercrimes under Maryland’s Computer Misuse and Abuse Prevention Act (Md. Code Ann., Crim. Law § 3-302). Violations may trigger felony charges.
- Business Compliance Mandates: Entities operating in Maryland must ensure VPNs comply with the Maryland Personal Information Protection Act (PIPA), requiring encryption of transmitted data and annual risk assessments for third-party VPN providers.
- Data Retention Restrictions: Under the Maryland Electronic Surveillance Act (Md. Code Ann., Cts. & Jud. Proc. § 10-4A-01), ISPs and VPN providers must retain logs for 90 days if subpoenaed, limiting anonymity for users engaging in illicit conduct.