Virtual asset service providers include cryptocurrency exchanges. 
Special 
Virtual asset service providers include cryptocurrency exchanges. In a circular sent out of Friday, the Ministry of Electronics and Information Technology has made it compulsory for all virtual asset service providers to store KYC details and transaction records of their users for a period of five years.
Virtual asset service providers include cryptocurrency exchanges.
Experts welcomed this move and envision that this would help in clamping down of cybercrime. Sharat Chandra, crypto expert, and VP, Research and Strategy, EarthID, told Business Today,
“The recent financial transaction data storage directives, issued by the Ministry of Electronics and IT, to virtual digital asset service providers and custodian wallet providers augur well for investors and the crypto industry. The cybersecurity guidelines will ensure that citizens' data and fundamental rights are protected.”
Chandra also believes that this is a part of the government’s “measured approach” to crypto, as previously claimed by Finance Minister Nirmala Sitharaman. He said, “The government is gradually laying the groundwork for legislation as part of its publicly stated "measured approach" to crypto.”
But the industry has its reservations about this new compliance requirement. Anshul Dhir COO and co-founder of EasyFi Network, a Web3 project, thinks that the time period of five years is a very long period of time to store the records. He explained his reservations to Business Today by saying, “I think this request from the government of India is extraordinary when it comes to the preservation of data for long, five years. So, I believe they have to completely change their business models if they want to comply with the new rules.”
Similar concerns are shared by The Dialogue, a Think Tank discoursing on Data Privacy. Saikat Datta, Strategic Advisor of the Think Tank told Business Today, “The latest notification from CERT-IN is an important one, but could end up having a negative impact. Globally, we have learnt from experience that cybersecurity is a shared responsibility. This order form CERT-IN could divide the public and private sectors, with the public sectors being privileged, while the private sector’s concerns not being taken into account.”
Copyright©2025 Living Media India Limited. For reprint rights: Syndications Today
