The Indian Computer Emergency Response Team (CERT-in) reportedly released a new directive, making it mandatory for crypto exchanges, VPN providers and data centers to store up to half a decade of user data.

Specifically, according to the freshly rolled out directive, crypto exchange entities functioning in India will need to keep a record of customers’ names, ownership patterns, contact information and various other data.

It is also obligatory for crypto exchanges and VPN services providers to report any cyber occurrence within the six-hour timeframe, along with transferring the collected information to the authorities upon order. 

“When required by order/direction of CERT-In, for the purposes of cyber incident response, protective and preventive actions related to cyber incidents, the service provider/intermediary/data center/body corporate is mandated to take action or provide information or any such assistance to CERT-In.”

The new directives will be officially enacted on June 22, which potentially force a variety of VPN service providers and privacy-centric crypto platforms to cease their operations. 

Per CERT-in, the new directives are reportedly issued with a primary goal of assisting them in handling cybercrimes within the six-hour timeframe. 

Nonetheless, the scope of information they are making mandatory for platforms to store and hand over has reportedly received controversial reactions related to privacy among users. 

“Our government wants to control the private life of the people and our constitution does not allow this but to be honest, no one in India is much conscious about personal data.”

However, a few crypto exchange owners expressed a positive attitude towards the development, claiming that it will help fast-tracking the prosecution of tax evaders.