The Computer Emergency Response Team (CERT-in) has issued a directive affecting the operation of cryptocurrency exchanges in India. The document has been published on the website of the competent institution, but is only accessible from the web archive at the time of writing.

CERT required virtual asset service providers, VPN providers, and data centers to retain user information for five years. This is necessary to “provide citizens with cybersecurity in the area of ​​payments and financial markets, protecting their data, fundamental rights and economic freedom”.

We are talking about customers’ names, contact information and other information collected as part of the execution. KYC-procedures. Crypto exchanges and VPN providers must report any cyber incident within six hours of their occurrence. They are also instructed to hand over the collected data to the authorities upon request.

“Concerning transaction records, information should be kept in such a way that a single transaction can be reconstructed, together with the relevant elements, including. […] information on the identity of the parties, IP addresses with timestamp and time zone, transaction ID, public keys (or equivalent identifiers), associated addresses or accounts (or equivalent identifiers), nature and date of the transaction and the amount transferred , – it says in the document.

CERT-in did not specify whether the rules would only apply to platforms operating in India or to foreign platforms.

Satvik Vishwanathan, CEO of the Unocoin cryptocurrency exchange, described the decision as “a positive step towards regulation” in a comment to the Indian Express.

“From the very beginning we kept data on all our users, so the directive does not concern us. […] “The information will help prosecute tax evaders and crimes committed using cryptocurrency.”

EarthID vice president Sharath Chandra said the new requirement means an additional financial burden on trading platforms, given the volume of transactions and the information needed to store them.

“This event also signals that the government is somehow moving towards regulation. But we also need guidance on data retention before we move on to other aspects of regulation,” Chandra added.

Other experts have expressed concerns about the CERT-in initiative. According to them, it will “sow fear among the merchants”.

“The government can ban access to decentralized exchanges and global exchanges, and you cannot bypass them without a VPN. “The government seems to be digging a grave for the crypto community,” said Hitesh Malviya, founder of IBC Capital.

In recent years, disclosures by Indian authorities regarding legal initiatives related to cryptocurrencies have ranged from a complete ban of digital currencies even with criminal liability to possible regulation as assets.

In January 2022, Prime Minister Narendra Modi called for the development of a unified approach to establishing a regulatory framework for the crypto industry.

Recall that in April, India introduced a 30% tax on profits from cryptocurrency transactions and a controversial 1% fee under TDS.

Earlier, the Ministry of Finance determined that when calculating taxes, traders cannot recoup losses on one digital asset with profits on another.