India Orders Crypto Exchanges To Retain Customer Data For Five Years

The Computer Emergency Response Team (CERT-in) has issued a directive affecting the operation of cryptocurrency exchanges in India. The document is published on the authority’s website, but at the time of writing it is only available through the web archive.

CERT-in has mandated virtual asset service providers, VPN providers, and data centers to retain user information for five years. This is necessary to “ensure the cybersecurity of payments and financial markets for citizens, to protect their data, their fundamental rights and their economic freedom”.

These are customer names, contact details and other information collected in the course of performing the KYC procedure. Crypto exchanges and VPN providers must report any cyber incident within six hours of it occurring. They are also responsible for handing over the collected data to the authorities upon request.

“With respect to transaction records, the information must be stored in such a way that a single transaction can be reconstructed with the relevant elements, including […] information concerning the identity of the parties, IP addresses with timestamps and time zones, transaction identifier, public keys (or equivalent identifiers), corresponding addresses or accounts (or equivalent identifiers), nature and date of the transaction, and the amount transferred,” the document states.

CERT-in did not specify whether the rules only apply to platforms operating in India, or apply to foreign platforms.

Satvik Viswanathan, CEO of cryptocurrency exchange Unocoin, called the decision “a positive step towards regulation” in a comment to Indian Express. , the directive therefore does not concern us. […] the information will help prosecute tax evaders and crimes committed using cryptocurrencies,” he explained.

EarthID Vice President Sharath Chandra noted that the new requirement means an additional financial burden for trading platforms, given the volume of trades and the information needed to store them.

“This is an event that also signals that the government is moving towards regulation in one way or another. But we also need guidelines on data retention before we can move on to other aspects of regulation,” Chandra added.

Other experts have expressed concern about the CERT-in initiative. According to them, this will “sow fear among traders”.

“The government can ban access to decentralized exchanges, as well as global exchanges, and without a VPN, you can’t bypass them. It looks like the government is digging a grave for the crypto community,” said Hitesh Malviya, Founder of IBC Capital.

In recent years, statements by Indian authorities regarding cryptocurrency legislative initiatives range from a complete ban on digital currencies, even with criminal liability, to possible regulation as assets.

In January 2022, Prime Minister Narendra Modi called for the development of a unified approach in forming a regulatory framework for the crypto industry.

Recall that in April, India introduced a 30% tax on profits from cryptocurrency transactions and a controversial 1% commission under TDS.

Previously, the Department of Finance determined that when calculating taxes, merchants would not be able to offset losses from one digital asset against profits from another.

We want to give thanks to the author of this write-up for this remarkable content

India Orders Crypto Exchanges To Retain Customer Data For Five Years

You can find our social media profiles and other pages that are related to them.