New CERT rules for crypto exchanges, VPN providers to come into effect. Here's how they'll impact

economictimes.indiatimes.com:

It covered aspects related to the timeframe for reporting cyber security incidents, maintenance of KYC and transaction information for crypto exchanges and wallets, maintenance of customer details by data centres, cloud services and VPN providers, and maintenance of logs in Indian jurisdiction. The directions in the circular dated April 28, will become effective in 60 days. The new directions are applicable to service providers, intermediaries such as social media platforms, corporate bodies, data centres and other organisations.

Did you Know?

From Pro Kabaddi League to IPL, blockchain-based applications have started making a buzz among sports enthusiasts and hardcore fans

CERT-In is the government-appointed nodal agency tasked with performing cybersecurity-related functions and has issued these directions under section 70B of the Information Technology Act, 2000.CERT said crypto exchanges and wallets must maintain know your customer (KYC) details and records of financial transactions for five years. All entities must mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days. In its new directions, CERT wants all entities to mandatorily report cyber incidents to it within 6 hours of noticing such incidents or being brought to notice about such incidents. The current rules have no time frame to report the incidents. Along with it, service providers must maintain information on customers for five years, including valid names, IPs, emails, services, contact details and more. Market experts said this directive would have multiple implications. The KYC requirement is broad and might impact the operations of cloud service providers, they add. This