India Draws a Hard Regulatory Line for Crypto, Forcing the Industry Into Full Financial Surveillance

India has taken one of its most decisive steps yet toward reshaping the cryptocurrency landscape, formally pulling the entire sector under the country’s anti–money laundering regime. Through its Financial Intelligence Unit, FIU-IND, the government now treats all virtual digital asset service providers as reporting entities under the Prevention of Money Laundering Act, a move that places crypto platforms on the same regulatory footing as banks and other traditional financial institutions.

The decision applies broadly and without geographic exception. Any exchange, wallet provider or crypto platform serving Indian users, whether headquartered domestically or operating offshore, must now register with FIU-IND to remain legally active. Platforms that fail to comply face not only monetary penalties but also potential criminal liability. According to official data, enforcement actions have already resulted in fines totaling 28 crore rupees during the 2024–25 fiscal year, underscoring that the rules are not merely symbolic.

At the heart of the new framework is a sweeping expansion of know-your-customer obligations. Exchanges are required to implement live selfie verification to confirm a user’s physical presence, with motion-based checks designed to counter spoofing and deepfake technology. Platforms must also collect detailed geo-location information at the point of account creation, including IP address, date and time. Bank account verification through a so-called penny-drop process is mandatory, alongside the submission of a government-issued photo ID in addition to the user’s Permanent Account Number.

These measures reflect a broader shift in regulatory philosophy. Indian authorities are no longer attempting to accommodate crypto as a lightly supervised innovation sector. Instead, the industry is being folded into a compliance architecture built for systemic risk management, traceability and law enforcement oversight. As one regulatory notification makes clear, crypto intermediaries are now expected to meet “the same compliance standards as banks and other regulated financial institutions.”

Perhaps the most controversial element of the new rules is the effective prohibition on anonymity-enhancing tools. Transactions involving mixers, tumblers, privacy tokens or similar mechanisms are barred, and exchanges are explicitly forbidden from facilitating such activity. Certain initial coin offerings and token sales also fall under heightened scrutiny, further narrowing the space for experimental or privacy-oriented crypto projects within the Indian market.

The regulations also impose strict obligations around monitoring and reporting. Platforms must retain customer identity and transaction data for a minimum of five years, with longer retention required if an investigation is ongoing. Suspicious Transaction Reports must be filed with FIU-IND when red flags emerge, particularly in cases involving high-risk clients such as politically exposed persons, users from jurisdictions on the Financial Action Task Force’s grey or black lists, or non-profit organizations.

For India, the message is clear. The government is not banning cryptocurrency outright, but it is signaling that participation in the market now comes with the full weight of financial surveillance. For crypto firms, the choice is equally stark: adapt to a heavily regulated environment or exit one of the world’s largest and fastest-growing digital asset markets.