Cybersecurity audits are now compulsory for cryptocurrency companies in India.
The Indian government has taken a significant step towards regulating the cryptocurrency industry by mandating cybersecurity audits for exchanges, custodians, and intermediaries. This move comes in response to the rising incidents of cryptocurrency crimes, which account for nearly 20-25% of all cybercrime cases in the country.
The audits, overseen by the Indian Computer Emergency Response Team (CERT-In) under the IT ministry, will focus on the protection of 'private keys' and how they are stored. The audits are seen as a positive step by industry voices, following recent crypto thefts.
According to a report by the Indian Parliament's Standing Committee on Home Affairs, titled "Cyber Crime - Ramifications, Protection and Prevention", there has been an increasing exploitation of cryptocurrencies in financial frauds, money laundering, ransomware attacks, and human trafficking.
VDA firms, already covered under the Prevention of Money Laundering Act (PMLA), are expected to meet compliance standards similar to banks. The new requirement is tied to registration with the Financial Intelligence Unit (FIU), India's anti-money laundering agency. The FIU retains the power to deny or cancel registrations if firms fail to meet anti-money laundering requirements.
Interestingly, a study by Mudrex, one of India's largest crypto investment platforms, found that 93% of respondents support regulation in the crypto industry. The study also revealed that of the respondents, 56% want full investor-protection frameworks, 24% prefer lighter oversight to encourage innovation, and 13% favor regulation limited to taxation.
Purushottam Anand, Advocate and Founder of Crypto Legal, mentioned that the FIU has replaced the "Fit & Proper" certificate with a new accreditation called "Partner Accreditation for Compliance & Trust" (PACT).
Currently, around 55 entities are involved in crypto trading, custody, and related services in India. The audits are likely triggered by these thefts, as stated by Harshal Bhuta, a partner at CA firm P. R. Bhuta & Co.
However, there are no publicly available sources that identify specific security firms or experts appointed by the Indian government to conduct these cybersecurity audits of cryptocurrency markets, custodians, or intermediaries. India maintains partial oversight of the crypto sector but has not established a full regulatory framework or disclosed details about security auditors for these entities.
The FIU has asked VDA service providers to ensure immediate action in response to a letter dated September 15, 2025. The government's move towards regulating the cryptocurrency industry is a step towards ensuring the safety and security of investors and the overall financial system in India.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Comcast Introduces Sports-Oriented Video Bundle in Preparation for the World Cup Tournament
- Is Maruti's reign over the SUV market being challenged by Mahindra's aggressive move to snatch the top spot?
- Social Security Administration Abandons Plan for Electronic Payments: Important Information for Recipients of Benefits
