Indian IT Ministry directs crypto exchanges to store user data for 5 years

Indian Computer Emergency Response Team, CERT-in, which is under the Ministry of Electronics and Information Technology issued a new directive Thursday. It required crypto exchanges, virtual private networks (VPN) providers and data centres to store a variety of user data for up five years.

The new directive will require crypto exchanges in India to store customer names, ownership patterns, and other data.

The official directive stated that both VPN service providers and crypto exchanges must report any cyber incidents within six hours of their occurrence. They also have to hand over all collected data to authorities on request. According to the official directive:

“When required by order/direction of CERT-In, for the purposes of cyber incident response, protective and preventive actions related to cyber incidents, the service provider/intermediary/data center/body corporate is mandated to take action or provide information or any such assistance to CERT-In.”

These new directives will be in effect on June 22nd. This could force privacy-focused crypto platforms and VPN service providers to close their doors.

Related: Brain Drain: India’s Crypto Tax Forces budding crypto projects into action

CERT-in claims that the new directives will help them take action against cyber crime within six hours. However, privacy concerns have raised questions about the data they ask platforms to store and give over. One user wrote:

“Our government wants control over the private lives of the people, and our constitution doesn’t allow for this. But to be fair, no one in India cares about personal data.”

Some crypto exchange owners were happy with the move, stating that it would help to prosecute tax evaders. Cointelegraph was told by Sathvik Vishwanath, CEO of Unocoin.

“This is a great move that will help crypto players have clarity about the data they will be storing.” This data could be used to prosecute tax evaders as well as any other crimes that are committed using crypto.

It is unclear at this time whether the new rules will apply to only Indian crypto exchanges or foreign exchanges that offer their services to Indians. It could, however, be applicable to all platforms if it is compared to the previous crypto directives.

These new data collection guidelines come at a moment when India’s regressive crypto tax policy has already caused a sharp decline in trading volume as well as user activity on Indian crypto-exchanges.