• India has included cryptocurrency businesses in its new cyber security rules

  • The move is viewed as a positive step that provides clarity to the crypto industry on a number of fronts.

    In a move that clarifies which agency has authority over suspicious or illicit activities in the sector, India named the country’s Computer Emergency Response Team (CERT) as the national agency for cyber security, including the crypto industry.

    The new rule requires crypto businesses, such as virtual asset service providers, to keep know-your-customer (KYC) information and financial transaction records for five years in order to “ensure cyber security in the area of payments and financial markets for citizens while protecting their data, fundamental rights, and economic freedom in light of the growth of virtual assets.”

    While the industry sees the announcement as a soft step toward regulation before crypto-specific legislation is enacted, the government has made no such claim. The rule to tax crypto businesses before crypto-specific legislation, announced in February, was a similar, but much stronger, move. A senior finance ministry official stated at the time that “just because it is taxed does not make it legal.”

    India’s crypto legislation is still in the works, with the government seeking global agreement and Indian Finance Minister Nirmala Sitharaman noting the potential of crypto and blockchain, as well as safety concerns.

    “Blockchain itself is so rich in potential, not just in the payment arena, but in a plethora of others.” “Last week, she stated. “We have no intention of harming this (cryptocurrency or blockchain).” She did, however, add that “It can also be manipulated for less desirable purposes, such as money laundering or facilitating the financing of terrorism.”

    This is the first time the government has stated that the data must be kept for a period of five years. KYC processes and data must conform to the guidelines of three organizations: the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), and the Department of Telecom (DoT).

    To maintain an open channel of communication regarding these new rules, crypto businesses must appoint a point of contact for CERT, a unit of the Ministry of Electronics and Information Technology.

    Sitharaman called for “collective global action” to effectively regulate this dynamic technology at a public forum on Friday.

    “If there is impatience in the world saying, ‘What are you doing about cryptocurrency?’ I understand your frustration, but that’s how it’s going to be “She stated this during a recent fireside chat at Stanford University. “It will take some time for all of us to be certain that, at the very least, we are making an informed decision based on the information we have at our disposal. It cannot be hurried.”

    What's your reaction?