The Ministry of Electronics and Information Technology of India has laid out directives for virtual private network (VPN) providers and all cryptocurrency exchanges in the country, to retrieve and store crucial private data of customers and store up for a period of five years.
This information was passed through the Indian Computer Emergency Response Team (CERT-in) on Thursday. This directive is targeted toward ensuring the safety of crypto platform users and investors alike while complying with laid down standards. CERT-in intends to adjust its response time to emergency cyber theft (within six hours) and tighten its cyber security as well as mete out the adequate sanction against prevailing scammers.
Crypto exchanges with operations in India like Binance, will be expected to obtain know-your-customers (KYC) data ranging from customers’ biodata, ownership patterns, and many other transaction information.
Scams and any other illicit transaction is advised to be reported within six hours of their occurrence. The retrieved data which will be cataloged in the system will be required to trace and monitor such suspected illegal activities on the exchange platform.
Challenges Might Sprout With CERT-in New Directives
While this may be a constructive move, it is perceived that this might also cause a hike in the cost of compliance for many of the crypto exchanges. Many data centers, VPN providers, and exchanges that had not been collecting KYC data may be out of business. Some might likely shut down as the directive is scheduled to take a full course in June unless the government decides to extend it.
With the already published guideline for crypto publicity in the country introduced by the Advertising Standard Council of India (ASCI), India has been putting tactful structures in place to safeguard its citizens against the risk involved with trading crypto.
This new directive and the verdict for non-compliance have been quoted under Section 70B (7) of the IT Act. Any of the concerned stakeholders which fails to provide the CERT-in requested information will be made to serve a prison penalty of one year.
Many crypto firms have raised their skepticism about the amount of data requested by CERT-in. Their skepticism is on the premise that the data requested exposes the customers and deprives them of their preference to do business in private.