The Indian Computer Emergency Response Team which falls under the Ministry of Electronics and Information Technology issued a new directive forcing crypto exchanges, virtual private network providers and data centres to store a wide range of user data for up to five years.
Crypto exchanges operating in India will be required to store customers’ names, ownership patterns, contact information and various other data. Crypto exchanges and VPN services providers are also required to report any cyber incident within six hours of its occurrence and must hand over the collected data to the authorities upon order.
The new directives will come into force on June 22, which may force many VPN service providers and privacy-focused crypto platforms that don’t collect or store critical user data to shut their operations.
CERT-in claims the new directives are intended to help them take action against cyber crimes within six hours, however, the range of data they are asking platforms to store and hand over has raised eyebrows owing to privacy concerns among users.
