India orders crypto exchanges to retain client data for five years

The Computer Emergency Response Team (CERT-In) released a directive affecting the operation of cryptocurrency exchanges in India. The document is posted on the agency’s site, but at the time of writing is available only via the web archive.

\n\n\n\n

CERT-In requires virtual asset service providers, VPN providers and data centers to retain user information for five years. This is to “ensure cybersecurity in the payments and financial markets for citizens, protect their data, fundamental rights and economic freedom”.

\n\n\n\n

It concerns client names, their contact and other information collected under KYC-procedures. Crypto exchanges and VPN providers must report any cyber incident within six hours of its occurrence. They are also required to hand over the collected data to authorities on demand.

\n\n\n\n

“With regard to transaction records, the information must be stored in such a way that a single operation can be reconstructed together with the relevant elements, including […] information relating to the identification of the parties, the IP address with timestamps and time zones, the transaction identifier, public keys (or equivalent identifiers), corresponding addresses or accounts (or equivalent identifiers), the nature and date of the transaction, and the converted amount,” the document states.

\n\n\n\n

CERT-In did not specify whether the rules would apply only to platforms operating in India or would extend to foreign ones.

\n\n\n\n

Satvik Vishwanathan, chief executive of the cryptocurrency exchange Unocoin, told Indian Express that the move was “a positive step toward regulation”.

\n\n\n\n

“We have stored data about all our users from the outset, so the directive does not affect us. … the information will help prosecute in court those who evade taxes and crimes committed using cryptocurrency,” he explained.

\n\n\n\n

Sharat Chandra, vice president of EarthID, noted that the new requirement means additional financial burden on trading platforms, given the volume of trades and the data to be stored.

\n\n\n\n

“This development also signals that the government is moving, in a sense, toward regulation. But we also need guidance on data retention, and only then can we move on to other regulatory aspects,” added Chandra.

\n\n\n\n

Other experts expressed concerns about the CERT-In initiative. They say it will sow fear among traders.

\n\n\n\n

“The government could ban access to decentralized exchanges as well as to global exchanges, and without VPN you will not be able to bypass them. It looks like the government is digging a grave for the crypto community,” said Hitesh Malviya, founder of IBC Capital.

\n\n\n\n

Over the years, India’s authorities’ statements on crypto regulation have swung from a full ban on digital currencies, even with criminal liability, to possible regulation as assets.

\n\n\n\n

In January 2022, Prime Minister Narendra Modi called for a unified approach to shaping the regulatory framework for the crypto industry.

\n\n\n\n

In April, India introduced a 30% tax on profits from crypto transactions and the controversial 1% levy under TDS.

\n\n\n\n

Earlier the Finance Ministry ruled, that when calculating taxes traders will not be able to offset losses in one digital asset with profits in another.

\n\n\n\n

Subscribe to ForkLog’s channel on YouTube!