One of the departments of the Ministry of Information Technology of India has issued a directive that obliges all crypto exchanges operating in India to store personal and operational data of users for 5 years. The regulator’s guidance also applies VPN service providers as well as “online digital exchangers.”
The initiator of this innovation is a unit of the Ministry of Information Technology called the “Computer Emergency Rapid Response Team” (CERT-in). The department experts have concluded that the long-term storage of a wide range of user data will allow crypto companies to become “more secure”, as well as increase the detection rate of digital crimes through close cooperation with law enforcement agencies.
In relation to VPN service providers, the department has introduced an additional requirement. The ministry has ordered companies of this kind to report any “cyber incident” that occurs on their network. A signal of suspicious activity, the message says, should be received by CERT-in specialists within 6 hours from the moment it occurs.