CERT becomes the national cybersecurity agency
The move gives CERT, a unit of the Ministry of Electronics and Information Technology, authority over suspicious bodies and illegal activity in the crypto industry. The government has made it mandatory for crypto businesses such as Virtual Asset Service Providers (VASPs) to keep and retain know-your-customer (KYC) records of financial transactions for five years. The 18-year-old agency aims to “ensure cybersecurity in the area of payments and financial markets for citizens while protecting their data, fundamental rights and economic freedom given the growth of virtual assets”.
This is the first time the government has explicitly mentioned KYC data maintenance. The Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI) and Department of Telecom (DoT) will all have standards for KYC processes and data.
To establish an open communication channel on these new rules, crypto firms are also required to designate a point of contact for CERT.
India set to regulate crypto
Looking on the ground, crypto investors nationwide are eagerly awaiting a clear set of regulations. Although the appointment of CERT as the national agency for cybersecurity seems like a small step towards regulating the crypto sector, the government does not see it as a step towards regulation. A milestone that caught the world’s attention was the imposition of a 30% tax on profits from crypto investments. However, a senior Finance Ministry official said taxation does not legalize crypto investing in India.
Recently, while interacting with students and professors at Stanford University in California, India’s Minister of Finance, Nirmala Sitharaman, mentioned that the government cannot rush the crypto regulatory process. She added:
“There’s impatience out there to say what you’re doing about crypto… I understand the impatience, but I’m sorry, that’s how it’s going to be.”