Indian Authorities Mandate Crypto Exchanges to Store Customers’ Data for Five Years – crypto.news

India’s Computer Emergency Response Team (CERT-In) has made it compulsory for all bitcoin (BTC) trading venues and crypto exchanges in the country to actively collect and store the personal data of all customers for five years. The authorities claim the directive is aimed at ensuring prompt response during cyber attacks.

Increased Government Surveillance 

The Indian government under the provisions of the country’s Information Technology Act, (IT Act 2000), has given the Computer Emergency Team (CERT-In) the go-ahead to carry out certain functions, including collection, analysis, and dissemination of information on cyber incidents, implement emergency measures for handling cyber security incidents and more, to strengthen country’s cybersecurity and promote a safe and trusted internet. 

Against the foregoing, the Indian Computer Emergency Response Team, which is under the Ministry of Electronics and Information Technology, has issued a fresh directive mandating entities such as cryptocurrency market, exchanges, virtual private network providers, data centers, corporate bodies, and others, to collect and store users’ personal information for up to five years.

The authorities claim the new measure will make it easier for the relevant agencies to carry out investigations and respond promptly during times of cyber security emergencies.

“Various instances of cyber incidents and cyber security incidents have been and continue to be reported from time to time and in order to coordinate response activities, as well as emergency measures with respect to cybersecurity incidents, the requisite information is either sometimes not found available or readily not available with service providers/data centers/body corporate and the said primary information is essential to carry out the analysis, investigation, and coordination as per the process of law,” reads a section of the directive.

No Escape Route for Crypto Tax Evaders 

What’s more, the directive mandates all crypto exchanges, data centers, and even government agencies to report cyber incidents such as unauthorized access to IT systems, phishing attacks, data leaks, and others, to CERT-In within six hours of noticing such incidents. 

With the new directive, all data centers, cloud service providers, virtual asset service providers, and others, are required to register all information of their customers, including their real names, IP addresses, email addresses, valid contact addresses, and phone numbers, as well as their crypto ownership patterns. 

“The virtual asset service providers, virtual asset exchange providers, and custodian wallet providers(as defined by the Ministry of Finance from time to time) shall maintain all information obtained as part of know-your-customer (KYC) and records of financial transactions for a period of five years so as to ensure cyber security in the area of payments and financial markets for citizens while protecting their data, fundamental rights, and economic freedom in view of the growth of virtual assets,” the authorities added.

While the authorities have made it clear that the latest measures are aimed at boosting cyber security in the country, the directive would also make it harder for Indians to evade paying the recently introduced exorbitant crypto taxes, which have already triggered a steep decline in India’s crypto trading volume. 

In related news, crypto.news  reported in April 2022, that Coinbase has suspended its crypto payments services in India barely 72 hours after announcing the launch of its crypto trading services in the region.

Source: https://crypto.news/indian-authorities-crypto-exchange-customers-data-five-years/