This practice guide provides a practical overview of the emerging legal framework regulating cryptoassets in India and covers requirements relating to anti-money laundering and cyber incident reporting, regulations governing cryptoasset promotion, legal treatment of smart contracts, and provides insights into the proposed legal reform in this rapidly evolving space.
1. Are cryptoassets (including, for example, cryptocurrencies, stablecoins and non-fungible tokens) defined and, if so, what are the major elements?
At present, India does not have a dedicated law or regulation that governs cryptoassets. However, the term ‘virtual digital assets’ (VDAs) has been broadly defined under Section 2 (47A) of the (Indian) Income Tax Act, 1961 (Income Tax Act) (which is the central legislation on income tax in India), to mean “any information or code or number or token (not being Indian currency or foreign currency), generated through cryptographic means or otherwise, by whatever name called, providing a digital representation of value exchanged with or without consideration, with the promise or representation of having inherent value, or functions as a store of value or a unit of account including its use in any financial transaction or investment, but not limited to investment scheme; and which can be transferred, stored or traded electronically.”
The definition of VDAs under the Income Tax Act also includes non-fungible tokens (NFTs) or other tokens of a similar nature and any other digital assets that may be notified by the Government in the future.
2 . What are the major laws/regulations specifically related to cryptoassets?
In India, there is no dedicated law that regulates cryptoassets. That said, there have been proposals in the past to introduce legislation (namely, the Banning of Cryptocurrency & Regulation of Official Digital Currency Bill, 2019 (2019 Crypto Bill) and the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 (2021 Crypto Bill)) to ban all private cryptocurrencies in India and put in place a facilitative framework for creation of an official digital currency issued by the Reserve Bank of India (RBI). However, both the 2019 Crypto Bill as well as the 2021 Crypto Bill have not, to date, been tabled before the Indian Parliament.
Having said that, certain existing laws have been amended to regulate activities or provision of any services related to VDAs. These include:
- Prevention of Money Laundering Act, 2002 (PMLA) and Prevention of Money Laundering (Maintenance of Records Rules), 2005 (PML Rules) read with Financial Intelligence Unit – India’s (FIU-IND) Anti-Money Laundering (AML) and Countering Financing of Terrorism (CFT) Guidelines. The PMLA is the core legislative framework in India to combat money laundering activities. The PMLA read with the PML Rules impose obligations on ‘reporting entities’ to verify the identity of their clients, maintain records and furnish information to the FIU-IND, amongst other things. The Ministry of Finance issued a notification dated March 07, 2023 (PMLA Notification) pursuant to which it has categorised VDA service providers as ‘reporting entity(ies)’. As a result, VDA service providers are now required to fulfil the key obligations of a ‘reporting entity’ envisaged under the PMLA and the PML Rules. See Question 6, below, for further information.
- CERT-In (Indian Computer Emergency Response Team) Guidelines. CERT-In is a national nodal agency established under the Information Technology Act, 2000 (IT Act) to deal with cyber security incidents. On April 28, 2022, CERT-In issued certain directions to service providers, intermediaries, bodies corporate, virtual asset service providers, virtual asset exchange providers, custodian wallet providers etc., relating to information security practices, procedures, prevention, response and reporting of cyber incidents for a “safe & trusted internet”. Apart from mandating the reporting of certain specified cyber incidents to CERT-In, these directions also require service providers, intermediaries and bodies corporate to mandatorily maintain and retain logs of all their information and communications technology systems for a rolling period of 180 days within India. Subsequently, clarifications to these directions were issued by CERT-In by way of frequently asked questions on May 18, 2022 (FAQs). These FAQs clarified that the information and communications technology systems logs can be stored outside India as long as a copy is retained within India.
- Advertising Standards Council of India (ASCI) Advertising Guidelines (ASCI Guidelines). On February 23, 2022, ASCI issued guidelines for advertising and promotion of VDAs and related services which are applicable to all VDA related advertisements released on or after April 01, 2022. The ASCI Guidelines require advertisers and media owners to ensure that any earlier advertisements that are in non-compliance with these guidelines do not appear in the public domain after April 15, 2022. The ASCI Guidelines, amongst other things, prescribe certain disclaimer related requirements for all advertisements for VDA products and VDA exchanges, or for featuring VDAs, which vary depending on the medium of advertisement. The following disclaimer is to be used for all such advertisements: “Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions.” This disclaimer is to be made in a manner that it is prominent and unmissable by an average consumer and also be in the dominant language of the advertisement, meeting the minimum requirements laid down under the ASCI Guidelines. Depending on the medium of the advertisement (print or static, video, audio, social media posts, etc.) the disclaimer will vary. For celebrities or prominent personalities who appear in VDA advertisements, the ASCI Guidelines prescribe for requisite due diligence to be undertaken for statements and claims made in such advertisements, to ensure that the consumer is not misled.
- Amendment to the Income Tax Act. The Government of India, through the Finance Act, 2022, amended the Income Tax Act to include the concept of VDAs (which, as highlighted in Question 1 above, includes NFTs). By virtue of this amendment, any income earned from the transfer of VDAs has been taxed at a flat rate of 30%. By way of another amendment to the Income Tax Act, the Finance Act, 2022 also introduced 1% withholding (at 1% of the consideration payable) on a person responsible for paying to any resident any sum by way of consideration for transfer of a VDA, with effect from July 01, 2022.
- Schedule III of the Companies Act, 2013. The Ministry of Corporate Affairs, through its notification dated March 24, 2021, mandated all companies to disclose details regarding their trade or investments in cryptocurrencies or virtual currencies in its financial statements from April 01, 2021. These details include disclosing any profit or loss made on transactions involving cryptocurrencies or virtual currencies, amount of cryptocurrencies or virtual currencies held, and any deposits or advances from any person for the purpose of trading or investing in cryptocurrencies or virtual currencies.
3 . How are different types of cryptoassets regulated?
Indian law does not currently draw any distinction between different types of cryptoassets.
4 . Is there an authorisation/licensing regime applicable to cryptoasset issuers/providers/exchanges and, if so, what are the requirements?
At present, there is no authorisation or licensing regime for cryptoasset issuers, providers or exchanges in India. That said, pursuant to the PMLA Notification, VDA service providers are now required to register themselves with the FIU-IND as ‘reporting entities’ under the PMLA. This entails the requirement of VDA service providers to, amongst other things, undertake enhanced due diligence prior to the commencement of any transaction, maintain records of transactions for a period of five years from the date of transaction, report suspicious transactions to the FIU-IND, and so on. See Question 6, below, for further information.
5 . Is the promotion of cryptoassets to consumers or investors regulated and, if so, how?
The promotion of cryptoassets to investors is not regulated in India, hence there is no requirement to publish white papers or provide other information for such financial promotion. That said, the promotion of cryptoassets (and any services provided in relation to cryptoassets) to consumers in the form of promotional advertisements is regulated in India by the ASCI Guidelines (see Question 2, above).
6 . What anti-money laundering requirements apply to cryptoassets?
The PMLA Notification brought entities engaged in the following activities within the purview of the PMLA:
- exchanging VDAs with fiat currencies;
- exchanging one VDA with another VDA;
- transferring VDAs between two persons or legal entities;
- safekeeping or administrating VDAs or instruments enabling control over VDAs; and
- participating and providing financial services related to an offer and sale of a VDA.
Consequently, cryptocurrency exchanges dealing in VDAs are now likely to be categorised as a ‘reporting entity’ under the PMLA. Under the PML Rules, a reporting entity is required to make the necessary disclosures and reporting to the authorities to aid measures designed to prevent money laundering and comply with the provisions of the PMLA. Some of the key obligations applicable to reporting entities include, amongst others:
- undertaking know-your-customer (KYC) checks;
- conducting due diligence of customers;
- maintaining records of transactions undertaken by customers with or through the reporting entity; and
- monitoring customers’ transactions.
Additionally, it is also pertinent to note that FIU-IND has, on March 10, 2023, issued certain AML & CFT Guidelines for ‘reporting entities’ providing services related to virtual digital assets (FIU Guidelines). These FIU Guidelines inter alia set out the steps that such regulated entities are expected to implement to discourage and to identify money laundering, terrorist financing or proliferation financial activities. Recently (on December 28, 2023), the Ministry of Finance issued a press release to clarify that the FIU Guidelines are also applicable to offshore crypto exchanges providing services in the Indian market. The FIU-IND has also issued compliance show cause notices to several offshore crypto exchanges that are allegedly not complying with the PMLA and has written to the Ministry of Electronics and Information Technology to block their URLs in India. Such action has been taken for alleged non-compliance with the PMLA.
7 . How is the ownership of cryptoassets defined or regulated?
As stated above, the legal and regulatory landscape in India pertaining to cryptoassets is limited. In the absence of specific legislation that delves into the nature of cryptoassets (i.e., whether a cryptoasset qualifies as a good, a service etc.), related aspects thereto, such as ownership, assignment, securitisation and licensing requirements (if any) also remain unsettled.
8 . How are Decentralised Autonomous Organisations (DAOs) treated?
India does not have any legal or regulatory regime that specifically governs and/or regulates DAOs.
9 . Are there any particular laws or rules which apply in the event of the crypto bankruptcy or insolvency?
Currently, the consolidated legislation pertaining to insolvency and bankruptcy in India (the Insolvency and Bankruptcy Code, 2016 (IBC)) captures two kinds of debts, namely financial debts (i.e., debt disbursed against the consideration for the time value of money including money borrowed against payment of interest, any amount raised under any transaction having the commercial effect of a borrowing) and operational debts (i.e., debt/claim for payment of dues arising out of the provision of goods and services).
In the absence of any legal or regulatory clarity regarding the nature of cryptoassets, the provisions and processes for insolvency, generating recoveries and other remedies captured under the IBC may not be applicable to any transactions involving cryptoassets. That said, a specific categorisation or recognition of the nature of cryptoassets by the Indian legislature may be followed by incorporation of suitable provisions or clarifications in the IBC and its applicability to cryptoassets. For instance, in the event cryptoassets are classified or identified as ‘goods’, any debt or claim arising out of or relating to cryptoassets may be considered to be an ‘operational debt’ under the IBC and accordingly the relevant provisions contained therein may be applicable.
Additionally, it may also be relevant to consider the lack of proper regulation over entities such as cryptocurrency exchanges in relation to the services provided by such entities, which also includes acting as a custodian for cryptoassets for their customers/users. Despite such exchanges following self-regulatory mechanisms, and having in place extensive grievance redressal mechanisms, the lack of stringent legal recognition of these exchanges and specific legal remedies puts the funds and cryptoassets of such users in a precarious position in the event such exchanges are faced with bankruptcy.
10 . Is a smart contract enforceable as a legal contract?
In India, the legality and enforceability of a contract is primarily governed under the Indian Contract Act, 1872 (ICA). The ICA, amongst other things, identifies the essentials of a valid and legally enforceable contract (under Section 10 of the ICA), which includes a legitimate offer, proper acceptance, free consent of the contracting parties, lawful consideration and a lawful objective. Further, the IT Act, and amendments made to it have also bestowed legal validity to contracts that are formulated and expressed in electronic forms or by means of electronic records. Further, in Trimex International Fze v. Vedanta Aluminium Limited, the Hon’ble Supreme Court of India ruled on the validity of an unregistered and unsigned contract discussed by email, confirming the legal enforceability of contract via email.
Hence, it can be said that smart contracts in relation to cryptoassets executed between two freely consenting persons competent to enter into contractual relationships for a lawful object and lawful consideration are legally enforceable in India.
However, with regard to the consideration in such smart contracts, it may be pertinent to note that the ICA prescribes essentials of lawful consideration, which are, it is not forbidden by law, it does not undermine the requirements of any law if permitted, it is not fraudulent or involving injury to an individual or property, and it is not immoral or opposed to public policy. So, in the event there is any legislative intervention in the future deeming cryptoassets or certain kinds of cryptoassets to be illegal, it could consequently make smart contracts for such transactions illegal and therefore unenforceable.
11 . What recourse does a victim of crypto fraud have?
The substantive and procedural criminal laws in India do not specifically carve out provisions in relation to crypto frauds. That said, victims of crypto fraud have taken recourse under existing offences that have been defined under the Indian Penal Code, 1860 (IPC) (the substantive legislation in India pertaining to criminal offences), read with the relevant provisions of the IT Act. For instance, recently a person who was lured into a crypto investment scam lost INR 43 lakh. Based on the complaint made by that person and a subsequent inquiry into the matter, the police authorities registered the case as an offence of cheating under the IPC along with supporting provisions under the IT Act.
12 . Are there any other ongoing legal or regulatory consultations or other legal frameworks in the pipeline relating to cryptoassets?
India’s presidency at the recently held G20 summit has, amongst other things, focused on taking active steps towards establishing a global consensus with respect to regulating cryptoassets. Prior to the summit, and in the absence of specific legislation at the domestic level, the finance minister had recognised the need for immediate attention to cryptoassets from the G20 nations, stressing that the response must ensure potential benefits are not lost while safeguarding economies from harm. At the summit, while acknowledging the need for tailoring regulations to specific circumstances, the following broad principles were emphasised and agreed upon by most of the G20 nations.
- Swift implementation of the Crypto-Asset Reporting Framework (CARF) and amendments to the ‘Common Reporting Standards’(CRS). CARF, developed in light of the rapid growth of the cryptoasset market and pursuant to a mandate from the G20, provides for the reporting of tax information on transactions in cryptoassets in a standardised manner, with a view to automatically exchanging such information with the jurisdictions of residence of taxpayers on an annual basis. So now, crypto transactions undertaken by Indians on foreign-domiciled crypto exchanges will also come under the purview of the automatic exchange of information protocol under CARF, and as such it will no longer be possible to hide or conceal such crypto transactions. Similarly, under the amended CRS, requiring more tax transparency with respect to financial accounts held abroad, it would become next to impossible for Indians not to disclose their foreign bank accounts and asset holdings abroad to the tax authorities.
- International Monetary Fund (IMF)-Financial Stability Board (FSB) synthesis report. The report will provide a broad roadmap which can subsequently be considered for adoption by the G20 nations. The roadmap to be endorsed by the G20 would incorporate the agreed workplans of the Financial Stability Board (FSB) and Standard Setting Bodies (SSB) on regulatory issues, as well as other work of the international organisations under one umbrella for ease of reference, allowing the G20 nations to articulate their priorities cohesively and with a clear, monitorable framework. The goal of having a global and common roadmap would be to help countries put in place an agreed minimum policy standard for cryptoassets which, would aim to:
- safeguard nations’ macroeconomic, financial stability and financial integrity;
- provide for appropriate investor/user awareness, education and protections; and
- facilitate development of the underlying technology and encourage innovations in the financial sector.
The roadmap would allow for flexibility of actions to be taken forward and already taken by the most suitable expert bodies, in accordance with their mandates, governance and reporting processes, facilitating coordination on financial stability and macro-financial-related aspects of the sector.