Very soon the Indian crypto exchanges operating in India will have to store customer data for 5 years of tenure. The order has been issued by the Indian Ministry of Electronics and Information Technology on Thursday. According to the mandate, all the existing crypto exchanges, virtual private network (VPN) providers, data centers, trading platforms, and virtual asset marketplaces will have to store a wide range of customer databases for up to five years.
The customer database will include the customer’s name, ownership patterns, contact information, and other data based on the provided KYC documents to the operating platforms. Moreover, the new directive will come into immediate effect after 60 days from the date of issuance of the notice.
The Ministry of Electronics and Information Technology under the Indian Central Government has appointed the “Indian Computer Emergency Response Team (CERT-In)” as the national agency to address cyber security. The CERT-In team will go to look into the following listed matters:
- collection, analysis, and circulating of information on cyber incidents;
- Forecast and alerts of cyber security incidents
- emergency measures for handling cyber security incidents
- issuing guidelines, advisories, vulnerability notes, and whitepapers relating to information security practices, procedures, prevention, response and
- reporting of cyber incidents
- such other functions relating to cyber security
Directives for Indian Crypto Exchanges
According to subsection (6) of section 70B of IT Act 2000, the CERT-In team is empowered and has been given full rights to call in the service providers, data centers, and corporate bodies and direct them to carry out the activities legalized under the above-mentioned section.
Also, it is suggested to report any security breach or cyber incident within 6 hours after the occurrence on the platforms of any VPN providers, intermediaries, or data centers to the CERT-In. However, the newly issued orders might force VPN service providers and other private organizations that do not collect user data to quit India.
It is no doubt that the new data collection directives for the trading platforms are an aggressive approach by the Indian government. The imposed 30% tax deduction law and 1% TDS at source has displeasure all the investors across the industry. The hashtag #reducecryptotax has been created to awake the Indian Finance Ministry and look into the mounting percentage of enforced tax.