India Has New KYC Requirements For Crypto Businesses

India May Discuss Crypto Bill In Coming Parliament Session

Crypto regulations are all the rage in 2022, and while India is yet to roll out its regulations for the nascent market, it has applied new rules to the market in recent times. In its latest directives, the government now requires crypto service providers to store customer data for five years.

Details Of The Latest Directives

India has launched a new division under its Ministry of Electronics, and Information Technology called the Computer Emergency Response Team (CERT-in). The division is to serve as the country’s foremost authority on cybersecurity and cybercrime. 

The agency, on Thursday, set new policies requiring digital asset service providers and VPN providers to store customer data for five years. Crypto firm, Bitinning founder Kashif Raza, disclosed that some of the data covered by the directive include customers’ names, ownership patterns, and contact information. The agency’s directions read: 

“The virtual asset service providers, virtual asset exchange providers, and custodian wallet  providers (as  defined  by the Ministry of  Finance  from  time  to time) shall mandatorily maintain all information obtained as part of Know Your  Customer (KYC) and records of financial transactions for a period of five years so as to ensure cyber security in the area of payments and financial markets for citizens while protecting their data, fundamental rights, and economic freedom in view of the growth of virtual assets.”

CERT-in also requires crypto businesses to report incidents to the agency within 6 hours, requiring service providers to submit customer data on request. The directives read, “When required by order/direction of CERT-In, for the purposes of cyber incident response, protective and preventive actions related to cyber incidents, the service provider/intermediary/data center/body corporate is mandated to take action or provide information or any such assistance to CERT-In.”


While some industry participants feel this is a move toward regulating the developing market, this seems unlikely, going by the finance minister Nirmala Sitharaman’s statements on Wednesday. Sitharaman had revealed that the country was in no hurry to create comprehensive regulations for the asset class, stating that the government needed to ensure it had all the right information to create informed regulations.

New Rules Raise Privacy Concerns And Further Threaten India’s Crypto Activity

It has been noted that the new rules, which take effect from June 22, similar to the EU’s proposed TFR regulation, disproportionately affect crypto businesses with a focus on privacy. As a result, these firms may be forced to cease operations.

While the agency says it is out to protect citizens, the new data requirements have unsurprisingly raised privacy concerns. As some citizens do not appreciate the oversight it gives the government over the private lives of Indians. 

Maybe even more worrisome is how this might affect crypto trading activity in the country. As previously reported by ZyCrypto, the Indian crypto market has already seen a decline in trading activity following the country’s steep tax laws on the market.