India Includes Crypto Businesses in New Rules for Cyber Security
The move is seen as a positive step that gives clarity to the crypto industry on several fronts.
India named the country's Computer Emergency Response Team (CERT) as the national agency for cyber security, including the crypto industry, in a move that clarifies which agency has the authority over suspicious or illicit activities in the sector.
The move requires crypto businesses, such as virtual asset service providers, to keep know-your-customer (KYC) information and records of financial transactions for five years “to ensure cyber security in the area of payments and financial markets for citizens while protecting their data, fundamental rights and economic freedom in view of the growth of virtual assets.”
While the industry views the announcement as a soft step toward regulation before crypto-specific legislation is enacted, the government has not suggested the move is a step toward regulation. A similar, but much stronger, move was the rule to tax crypto businesses before crypto-specific legislation, announced in February. At the time, a senior finance ministry official said “just because it is taxed does not make it legal.”
India’s crypto legislation remains in cold storage with the government seeking global consensus and Indian Finance Minister Nirmala Sitharaman noting the potential of crypto and blockchain as well as the safety concerns around it.
“Blockchain itself is so full of potential not just in the payment arena, but also in very many others," she said last week. "Our intention is in no way to hurt this (cryptocurrency or blockchain)." However, she added that "it also can be manipulated for not so desirable ends, whether it is on money laundering or whether it is on leading towards financing terror.”
This is the first time the government has made it clear that the data needs to be maintained for a period of five years. KYC processes and data will need to be aligned to the guidelines of three entities: the Reserve Bank Of India (RBI), Securities and Exchange Board of India (SEBI) and Department of Telecom (DoT).
Crypto businesses also need to appoint a point of contact for CERT, a unit of the Ministry of Electronics and Information Technology, to have an open channel of communication regarding these new rules.
Speaking at a public forum on Friday, Sitharaman sought “collective global action” for effective regulation of this dynamic technology.
“If there is impatience outside in the world saying what are you doing about crypto? I can understand the impatience but I'm sorry, that's how it is going to be," she said at a recent fireside chat at Stanford University. "It will have to take its time for all of us to be sure that at least with the given available information, we are taking a discerned decision. It can't be rushed.”
Read more: Making Sense of India’s New Crypto Rules
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.