We have co-authored the India Chapter in the 7th edition of Virtual Currency Regulation Review, published by Lexology In-Depth here.

The Virtual Currency Regulation Review offers a comparative analysis of the legal and regulatory frameworks governing virtual assets across multiple jurisdictions. The India chapter offers insights into the evolving regulatory framework, enforcement trends, and strategic considerations for businesses operating in the digital asset and Web3 ecosystem in India.

Introduction

The regulation of virtual currencies such as cryptocurrencies in India has been marked by a checkered and contentious history, represented through a series of shifting policies, judicial intervention and evolving perspectives.

India’s financial services regulator, the Reserve Bank of India (RBI) has consistently expressed concerns around the risks associated with virtual currencies or cryptocurrencies and has advocated for an absolute ban.^1&2 The RBI has stated that unchecked use of cryptocurrencies could destabilise the country’s monetary and fiscal stability.³ In April 2018, the RBI issued a directive requiring banks and other regulated entities to refrain from dealing in virtual currencies or providing services that facilitate dealing in virtual currencies (RBI Directive).⁴ This RBI Directive effectively barred Indian residents from using fiat currency to buy or sell cryptocurrencies or virtual digital assets (VDA(s)), creating widespread uncertainty in the cryptocurrency industry.

The RBI Directive was later challenged before the Supreme Court of India (India’s Apex Court) and in a landmark judgement,⁵ the Apex Court set aside the RBI Directive, finding it to be violative of the fundamental right of the cryptocurrency/VDA service providers to carry on their business. The Court also criticised the RBI’s actions as ‘disproportionate’, noting that the regulator had failed to demonstrate any actual harm suffered by its regulated entities due to their dealings with cryptocurrency/VDA service providers.⁶

Since this judgement, the Indian Government has made several attempts to introduce a legislation to regulate cryptocurrencies, but no comprehensive framework has been tabled before the Indian Parliament to date. Resultantly, India’s regulatory framework for cryptocurrencies continues to lack clarity, leaving the industry and stakeholders in a state of flux.

Year in review

The Indian Government’s approach has evolved following the Apex Court’s judgement. Recognising the growing adoption of VDAs and their underlying blockchain technology, India shifted its focus from an outright ban to creating a regulatory framework. This change was evident when the Indian Government introduced significant changes to the tax regime in 2022⁷ coupled with the inclusion of VDA transactions under the ambit of the Prevention of Money Laundering Act, 2002 (PMLA), which is India’s primary legislative framework to combat money laundering.⁸

Towards the end of 2022, discussions around a Central Bank Digital Currency (CBDC) commonly also referred to as ‘digital rupee’ gained traction, with the RBI aggressively rolling out pilot programmes for the issuance and use of CBDC.⁹ This highlighted the RBI’s preference for a state-backed digital solution over decentralised private cryptocurrencies, which the Indian Government and the RBI often criticised for their potential to undermine monetary stability, facilitate illicit activities and for lacking consumer protection safeguards.

Unlike cryptocurrencies, the CBDC is a legal tender backed by the RBI.¹⁰ It seeks to address some of the key features that attract users to cryptocurrencies, such as faster transactions and reduced reliance on physical currency, while maintaining oversight and control over the fund flow. CBDC also aligns with India’s broader goals of enhancing financial inclusion, reducing transaction costs, and creating a more transparent economy. Promoting the CBDC appears to be a strategic initiative by the RBI to address the risks associated with unregulated cryptocurrencies, offering a regulated alternative that blends the advantages of blockchain technology with government oversight.

Legal and regulatory framework

India presently lacks a comprehensive regulatory framework for VDAs such as cryptocurrencies. While there have been attempts in the past to introduce legislations (such as the Banning of Cryptocurrency & Regulation of Official Digital Currency Bill, 2019¹¹ (2019 Crypto Bill) and the Cryptocurrency and Regulation of Official Digital Currency Bill, 2021¹² (2021 Crypto Bill)) which proposed to ban all private cryptocurrencies in India and put in place a facilitative framework for creation of an official digital currency issued by the RBI, both the 2019 Crypto Bill as well as the 2021 Crypto Bill have not been tabled before the Indian Parliament, as on date.

That said, over the years certain existing laws have been amended to regulate certain activities or provision of any services related to VDAs. Additionally, certain guidelines surrounding VDAs and VDA services have also been issued by the Indian Government. These include: (1) AML & CFT Guidelines for Reporting Entities providing services related to VDAs with an aim to combat financial terrorism and money laundering activities;¹³ (2) amendments to the (Indian) income tax regime to provide for taxation on income earned from the transfer of VDAs;¹⁴ (3) disclosure requirements for companies regarding trade and investments in VDAs;¹⁵ (4) guidelines for reporting of cyber incidents by entities dealing in cryptocurrency;¹⁶ and (5) guidelines for advertising/promotion of VDAs and related services.¹⁷

Securities and investment laws

The Securities and Exchange Board of India Act, 1992

The Securities and Exchange Board of India Act, 1992 (SEBI Act), primarily governs the regulation of securities markets in India, granting the Securities and Exchange Board of India (SEBI) the authority to oversee market intermediaries, prevent market manipulation and protect investors. The SEBI Act does not explicitly address cryptocurrencies or VDAs, as they fall outside the traditional framework of ‘securities’.¹⁸ VDAs with their decentralised and digital nature do not neatly align with the definition of ‘securities’ under the SEBI Act, which is focused on traditional financial instruments like stocks, debentures, bonds or derivatives.

That said SEBI has been from time to time engaging in discussions about how VDAs, especially in the form of initial coin offerings (ICOs) or tokenised assets, might intersect with existing securities laws of the country, in the absence of specific regulations for VDAs. While SEBI is not directly responsible for regulating VDAs, it could play a key role if the Indian Government decides to classify VDAs as ‘securities’. In such a case, SEBI could have the authority to regulate the issuance, trading and investor protection mechanisms surrounding VDAs.

Recently, SEBI proposed to establish a multi-regulator framework to oversee VDA activities, recognising the complex and cross-jurisdictional nature of this emerging asset class. Given the interplay between securities, commodities and payment systems within the VDA ecosystem, SEBI’s proposal advocates for a coordinated approach among key regulators, including the RBI and the Insurance Regulatory and Development Authority of India (IRDAI), to ensure comprehensive oversight. This initiative again marks a significant step towards developing a cohesive and robust regulatory architecture for India’s digital asset landscape.

Banking and money transmission

The Payment and Settlement Systems Act, 2007 (PSS Act) regulates the operation of ‘payment systems’ in India. A payment system has been defined under the PSS Act as a system that enables payment to be affected between a payer and a beneficiary and involves clearing, payment or settlement service or all of them.¹⁹ A ‘system provider’ has been defined under the PSS Act as a person who operates an authorised payment system.²⁰

A combined reading of the definitions of a ‘payment system’ and a ‘system provider’ suggests that an authorised system provider can operate a payment system, and such system: (1) enables payments to be effected between a payer and a beneficiary; and (2) involves clearing, payment or settlement service or all of them.

Accordingly, a system could be considered a payment system if it involves either or all of the following services: (1) clearing, (2) payment or (3) settlement, to enable a payment between a payer and a beneficiary. While the terms ‘clearing’ or ‘payment’ have not been defined under the PSS Act, the term ‘settlement’²¹ is defined to contemplate settlement of securities, foreign exchange or derivatives or other transactions which involve payment obligations.

As per the PSS Act, any entity that proposes to operate a payment system requires an authorisation from the RBI.²² Therefore, if the entity engaged in VDA business also engages in the facilitation, collection, clearing or settlement of payments in any manner, it may be considered to be a payment aggregator operating a payment system, which is subject to an license/authorisation requirement under the PSS Act.

Exchange Control Laws

India is an exchange-control jurisdiction. The Foreign Exchange Management Act, 1999, along with the relevant regulations/ notifications/ directions issued thereunder (collectively, FEMA) issued by the RBI govern the inflow and outflow of foreign exchange to and from the country. Presently, cryptocurrency or VDA is not specifically envisaged under FEMA.

Under FEMA, a transaction involving an Indian resident user transacting with a non-resident user can be undertaken without any regulatory approval provided it falls within the categories of capital account transactions and current account transactions.

Capital account transactions²³ are transactions that alter the assets or liabilities outside India of any person resident in India. FEMA recognises certain transactions as permissible capital account transactions, such as acquisition or sale of shares, acquisition of immoveable property, foreign currency loans, issuance of guarantees etc. However, if a transaction does not fall within one of the recognised categories of permitted transactions under FEMA, it may be permitted only with the general or special permission of the RBI.

Current account transactions²⁴ are transactions that do not qualify as a capital account transaction and includes transactions that are in the nature of payments due in connection with foreign trade or other current business or services. All current account transactions are freely permitted except for certain specified categories of transactions, which are either prohibited or require prior approval or are freely permitted subject to certain limits.

Transactions involving purchase or sale of VDAs between a user resident in India and a user resident outside India are not currently recognised under FEMA. Therefore, until the Indian law gives an explicit recognition to VDAs under FEMA, the uncertainty around the classification of transactions involving VDAs will continue to exist.

Anti-money laundering

The most significant step towards virtual currency or VDA regulation in India came when the Ministry of Finance, Government of India issued a notification categorising entities that enable: (1) exchange between VDAs and fiat currencies; (2) exchange between one or more forms of VDAs; (3) transfer of VDAs; (4) safekeeping or administration of VDAs or instruments enabling control over VDAs; and (5) participation in and provision of financial services related to an issuer’s offer and sale of a VDAs; (collectively, VDASP), as ‘reporting entities’ for the purposes of the PMLA.²⁵

The PMLA is central to India’s framework for Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT). It aims at mitigating financial crime risks and ensuring alignment with global AML/CFT standards. As a result of this categorisation, VDASP entities are now statutorily required to ensure compliance with Chapter IV of the PMLA and the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 (PML Rules), which, inter alia, include the following.

• Identity verification/client due diligence.²⁶ VDASPs are now statutorily required to verify the identity of its clients/users and their beneficial owners.
• On-going and enhanced due diligence.²⁷ VDASPs are required to exercise ongoing due diligence with respect to their business relationship with every client, including reviewing due diligence measures when there is suspicion of money laundering, terrorist financing or doubts about the identity of their clients. Additionally, VDASPs will also be required to undertake enhanced due diligence prior to commencement of certain specified transactions.
• Maintain records.²⁸ VDASPs are to maintain physical copies of updated client identification records, including account files and business correspondence relating to their clients. Additionally, VDASPs are also required to preserve transaction records in a manner which enables statutory authorities to reconstruct individual transactions.
• Appoint a principal officer and designate a director. VDASPs are required to appoint a principal officer and designate a director, who will be responsible for the VDASP’s overall compliance with the PMLA and PML Rules. Details such as name, designation, contact number, email id and address of the principal officer and designated director will also need to be notified to the Financial Intelligence Unit – India (FIU-IND), which is a central national agency set up by the Government of India.
• Register with the FIU-IND and reporting requirements. VDASPs will need to report details of all transactions, including suspicious transactions with FIU-IND within the timelines prescribed under the PML Rules. Reporting requirements are contingent upon VDASPs registering themselves as ‘reporting entities’ with FIU-IND.

FIU-IND

In absence of a comprehensive regulatory framework for the virtual currency/VDA industry in India, the FIU-IND has emerged as a de-facto regulator, primarily tasked with monitoring compliance under the PMLA and the PML Rules. VDASPs including VDA exchanges are mandated to register with FIU-IND and adhere to AML and CFT requirements. While this arrangement ensures certain degree of oversight, particularly with respect to AML and CFT related compliances, it underscores the pressing need for a dedicated and holistic legislative framework to address issues such as investor protection, market stability and the promotion of innovation in the cryptocurrency sector.

Following the notification issued by the Ministry of Finance, Government of India, which categorised VDASPs as ‘reporting entities’ for the purposes of the PMLA, the FIU-IND reached out to various virtual currency/VDA exchanges (through emails) requiring them to register as a ‘reporting entity’. This action of the FIU-IND was subsequently followed by FIU-IND’s release of the AML and CFT Guidelines for VDASPs.²⁹

AML & CFT Guidelines of the FIU-IND

As a part of the outreach to the VDA industry, the FIU-IND released the AML & CFT Guidelines for VDASPs (FIU Guidelines).³⁰ These FIU Guidelines set out the steps and measures that VDASPs are expected to follow to identify and curb money laundering, terrorist financing or proliferation financial activities. Interestingly, some of the provisions of these FIU Guidelines go beyond the scheme of the PMLA. Certain additional obligations contained under the FIU Guidelines, include the following.

• Adoption of employee screening procedures and trainings.³¹ VDASPs are required to put in place adequate screening procedures when hiring employees. Further, role specific trainings and instruction manuals in respect of client on-boarding, KYC, client due-diligence, sanctions screening, record keeping and transaction processing are to be undertaken or provided.
• Sanctions screening.³² Sanctions screening will have to be conducted both at the time of onboarding as well as at the time of transfer of VDAs. As a part of the screening process, VDASPs are required to apply directives for implementing United Nations Security Council Resolutions relating to suppression and combatting of terrorism, terrorist financing and proliferation of weapons of mass destruction and its financing and other related directives (including directives issued under the Unlawful Activities (Prevention) Act 1967 and the Weapons of Mass Destruction and Delivery System (Prohibition of Unlawful Activities) Act, 2005).
• Counterparty due diligence.³³ VDASPs enabling transfer of VDA held by their client in the wallet hosted by such VDASPs, to a wallet hosted by another VDASP, are required to carry out counterparty due diligence of such other VDASP before transmitting any information to such counterparty VDASP.
• Travel rule.³⁴ The FIU Guidelines state that all transactions related to transfer/exchange of VDAs will be considered as wire transfers and VDASPs will be required to include accurate originator and beneficiary information, on wire transfers and related messages. In this regard, the originator and beneficiary VDASPs will be required to obtain and hold accurate originator and beneficiary information (including, originator PAN, name, account number and address and beneficiary name and account number).
• Restriction on tip-off.³⁵ VDASPs, including their directors, officers and employees, must not disclose or tip-off to their client that a suspicious transaction report or related information is being reported to the FIU-IND.

Countries like the United States of America, the European Union, and Singapore have already implemented stringent AML and CFT frameworks for VDASPs, requiring them to adhere to licensing requirements, conduct ongoing monitoring, and report suspicious activities to relevant authorities. India’s move to bring VDASPs under similar obligations strengthens its financial integrity while mitigating the risks of money laundering, terror financing, and illicit activities. This harmonisation with international practices is likely to ensure that India remains aligned with global regulatory trends, fostering trust among investors, enhancing cross-border cooperation and creating a safer environment for innovation and growth in the digital asset space.

Regulation of exchanges

Regulation of miners

Regulation of issuers and sponsors

Criminal and civil fraud and enforcement

The legal framework for addressing virtual currency/VDA fraud currently relies on existing statutes, as India does not have a comprehensive regulatory regime for VDAs yet.

Fraudulent activities involving virtual currency/VDA, such as ponzi schemes, phishing and unauthorised trading platforms, can be prosecuted under provisions of the Bharatiya Nyaya Sanhita, 2023 (BNS), which replaces the Indian Penal Code, 1860. BNS provides for provisions dealing with cheating (Section 318) and criminal breach of trust (Section 316). These provisions allow law enforcement agencies to prosecute VDA related scams where deceit, misrepresentation or breach of trust is involved.

Additionally, offences under Section 66C and Section 66D of the Information Technology Act, 2000 (IT Act), such as identity theft, hacking and cyber fraud, can also be invoked for crimes involving VDAs or virtual currencies.

The PMLA also empowers the Enforcement Directorate (ED) to investigate and prosecute cases of money laundering. Notably, the Ministry of Finance’s notification bringing VDASPs under the ambit of the PMLA has strengthened enforcement of financial crimes.

On the civil side, VDA or virtual currency related frauds can be addressed through remedies under the Consumer Protection Act, 2019. Aggrieved parties may also pursue contractual claims in civil courts, seeking damages, restitution, or injunctions where VDA or cryptocurrency transactions involve breach of contract or fiduciary duties.

Tax

In 2022, the Finance Act, 2022 introduced key amendments to the Income Tax Act, 1961 (ITA) which were aimed at creating a tax framework for cryptocurrencies and VDAs. These amendments provide clarity on the taxation of VDAs.

The amendment formally recognised VDAs as an asset class and defined the term under Section 2 (47A) of the ITA to mean any information or code or number or token (not being Indian currency or foreign currency), generated through cryptographic means or otherwise, by whatever name called, providing a digital representation of value exchanged with or without consideration, with the promise or representation of having inherent value, or functions as a store of value or a unit of account including its use in any financial transaction or investment, but not limited to investment scheme and which can be transferred, stored or traded electronically.³⁶

The above definition of VDAs under the ITA also includes non-fungible tokens (NFTs) or other tokens of a similar nature and any other digital assets that may be notified by the Indian Government in the future.

The amendments further stipulate that income arising from the transfer of VDAs is subject to a tax rate of 30 per cent. This income is classified under the head ‘Income from Other Sources’ and is taxed without the benefit of deductions, except for the cost of acquisition. Importantly, this taxation applies regardless of whether the VDA is held as a long-term or short-term asset, effectively removing the previous distinction between short-term and long-term capital gains.

Special considerations

Outlook and conclusions

Looking ahead, the regulation of VDAs or virtual currencies in India is poised to evolve as the Government continues to assess global developments and balance innovation with financial security. Officials, including those from the Ministry of Finance and the RBI have time and again emphasised on the need for a comprehensive regulatory framework to address the challenges posed by digital assets, particularly in terms of financial stability and consumer protection. At the G20 summit in 2023, India has advocated for a unified global approach to crypto regulation, highlighting the importance of international cooperation to prevent illicit activities and ensure that cryptocurrencies do not undermine traditional financial systems.

While acknowledging the need for tailoring regulations to specific circumstances, the following broad principles were emphasised and agreed upon by most of the G20 nations: (1) swift implementation of the Crypto-Asset Reporting Framework (CARF) and amendments to the ‘Common Reporting Standards’(CRS); and (2) provision for the reporting of tax information on transactions in cryptoassets in a standardised manner, with a view to automatically exchanging such information with the jurisdictions of residence of taxpayers on an annual basis.

As the Indian Government continues to engage in bilateral and multilateral discussions, including those within the Financial Stability Board (FSB) and the Standard Setting Bodies (SSB), India’s approach is likely to incorporate lessons from other jurisdictions, such as the European Union and the United States of America, which have taken proactive steps in regulating VDAs or cryptocurrencies. This ongoing dialogue, alongside domestic legal and tax reforms, signals that India is moving toward a more structured and cohesive approach to cryptocurrency regulation, aiming for a balance between fostering innovation and ensuring financial integrity.

Endnotes:

1. ^RBI Press Release dated 24 December 2013 bearing reference no. 2013-2014/1261, accessible here.
2. ^Media Report, accessible here.
3. ^Media Report, accessible here.
4. ^RBI Circular dated April 06, 2018 bearing reference o. RBI/2017-18/154, accessible here.
5. ^Internet and Mobile Association of India vs. Reserve Bank of India, Writ Petition (Civil) No. 528 of 2018.
6. ^ibid.
7. ^The Finance Act, 2022.
8. ^Notification dated 7 March 2023 issued by the Department of Revenue, Ministry of Finance, Government of India, accessible here.
9. ^Press Release dated December 12, 2022 issued by the Ministry of Finance, accessible here.
10. ^Concept Note on Central Bank Digital Currency issued by the RBI on 7 October 2022, accessible here.
11. ^Copy of the 2019 Crypto Bill is not available in the public domain.
12. ^Copy of the 2021 Crypto Bill is not available in the public domain.
13. ^AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets issued by the Financial Intelligence Unit (FIU), accessible here.
14. ^Amendments made to the (Indian) Income Tax Act, 1961 by the Finance Act, 2022.
15. ^Notification dated 24 March 2021 issued by the Ministry of Corporate Affairs, Government of India, accessible here.
16. ^Notification dated 28 April 2022 bearing reference no. 20(3)/2022-CERT-In issued by the Ministry of Electronics and Information Technology (MeitY), Government of India.
17. ^Guidelines for advertising of Virtual Digital Assets and linked services issued by the Advertising Standards Counsel of India, accessible here.
18. ^The term ‘securities’ has been defined under section 2 of the Securities Contracts (Regulation) Act, 1956.
19. ^Section 2 (i) of the Payment and Settlement Systems Act, 2007.
20. ^Section 2 (q) of the Payment and Settlement Systems Act, 2007.
21. ^Section 2 (n) of the Payment and Settlement Systems Act, 2007.
22. ^Section 4 of the Payment and Settlement Systems Act, 2007.
23. ^Section 2 (e) of the Foreign Exchange Management Act, 1999.
24. ^Section 2 (j) of the Foreign Exchange Management Act, 1999.
25. ^Notification dated 7 March 2023 issued by the Department of Revenue, Ministry of Finance, Government of India, accessible here.
26. ^Section 11A of the Prevention of Money-Laundering Act, 2002 read with Rule 9 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.
27. ^Section 12AA of the Prevention of Money-Laundering Act, 2002.
28. ^Section 12 of the Prevention of Money-Laundering Act, 2002 read with Rule 3 of the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005.
29. ^Notification dated 7 March 2023, issued by the Department of Revenue, Ministry of Finance, Government of India, accessible here
30. ^AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets, issued by the FIU-IND, accessible here.
31. ^Paragraph 5.5 of the AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets issued by the FIU-IND.
32. ^Paragraph 5.5 read with paragraph 5.10 of the AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets issued by the FIU-IND.
33. ^Paragraph 5.11 of the AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets issued by the FIU-IND.
34. ^Paragraph 11.3 of the AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets issued by the FIU-IND.
35. ^Paragraph 7 of the AML & CFT Guidelines For Reporting Entities Providing Services Related To Virtual Digital Assets issued by the FIU-IND.
36. ^Section 2 (47A) of the Income Tax Act, 1961.