India's Drive for Cryptocurrency: Cybersecurity Sets the Bar for Trust
India has introduced a requirement for all cryptocurrency exchanges, custodians, and intermediaries to complete mandatory cybersecurity assessments, as ordered by the Financial Intelligence Unit of India (FIU-IND). This initiative, designed to strengthen digital security and combat money laundering, will take effect in September 2025. The new regulation mandates that virtual
At present, around 55 companies have registered under the VDA regulatory regime in India, offering services such as exchanges, custodial solutions, and other financial operations. These businesses are now required to meet stricter security measures, including conducting penetration tests, encrypting user information, and ensuring the safe handling of private keys. This regulation comes as the country sees a surge in cyber offenses related to cryptocurrencies, which now account for roughly 20-25% of all digital crimes. Cybercriminals often use darknet platforms, privacy-centric coins, and mixing tools to hide illicit funds, making investigations more difficult.
Leaders in the industry have generally supported the new policy, noting its potential to enhance user confidence and bring Indian crypto operations in line with international security standards. Avinash Shekhar, CEO of Pi42, pointed out that robust security is fundamental for an industry grounded in user trust. Edul Patel, CEO of Mudrex, stated that the regulation represents a major advance in investor protection and the development of a stable crypto environment. The mandate follows several high-profile security breaches at major exchanges in 2024 and 2025, which exposed significant security gaps.
The audit procedure involves more than simply meeting technical requirements; it serves as a thorough evaluation of an exchange’s digital defenses. Platforms must provide comprehensive reports to regulators, demonstrating adherence to strict security guidelines. Non-compliance may result in denial, suspension, or cancellation of registration by FIU-IND. Additionally, the directive replaces the former "Fit & Proper" certificate with the "Partner Accreditation for Compliance & Trust" (PACT) certificate, which focuses more narrowly on compliance criteria. However, industry specialists believe that further clarification from FIU is needed to ensure uniform adoption of the new certification throughout the sector.
This regulatory update brings India’s approach more in line with global practices, as countries like the United States, European Union, and Japan also increase oversight over digital currencies. These initiatives are intended to curb illegal financial flows, boost transparency, and address the risks tied to decentralized finance. India’s policy resembles international strategies that integrate cryptocurrencies into mainstream finance with safeguards for investors. For instance, the EU’s Markets in Crypto-Assets (MiCA) law and Japan’s requirement for exchange insurance reflect similar security and compliance goals.
However, there are still hurdles to implementation. The expense of meeting compliance standards could weigh heavily on smaller providers, possibly accelerating industry consolidation. Experts caution that high costs and a lack of cybersecurity experts may impede the rollout of these requirements. Furthermore, unclear rules regarding decentralized exchanges and the connection between VDAs and conventional finance could delay the directive’s full effectiveness.
As India continues to shape its regulatory environment, the focus on cybersecurity reviews demonstrates a broader effort to balance innovation with risk management. The government’s ongoing projects—such as piloting the Digital Rupee and expanding blockchain applications in public services—highlight its commitment to a secure and compliant digital financial landscape. With international investors monitoring these developments, India’s evolving regulatory framework could become a template for other developing markets as they address the challenges of crypto regulation.
