India’s Tightened Crypto Norms: Push to Align Financial Integrity with Digital Privacy

India has introduced stricter compliance norms for cryptocurrency exchanges, marking a significant step toward balancing financial integrity with digital privacy. The Financial Intelligence Unit (FIU-IND) recently updated its guidelines, classifying crypto exchanges as Virtual Digital Asset (VDA) providers and requiring them to adopt institution-grade security and custody standards. 

Under the new rules, exchanges must implement enhanced Know Your Customer (KYC) procedures, including live selfie verification, government-issued ID checks, mobile number authentication, and logging of IP addresses, device details, and geolocation data. A “penny-drop” mechanism has also been mandated to confirm bank account ownership, while high-risk clients will need to refresh their KYC details every six months. 

The FIU has further directed exchanges to publish clear compliance policies on their platforms and conduct annual risk assessments proportionate to their size and operations. These measures are designed to curb money laundering, fraud, and illicit financial flows, while ensuring transparency in digital asset transactions. 

Crucially, the tightened norms are aligned with India’s Digital Personal Data Protection Act (DPDP), 2023, which sets out obligations for data fiduciaries and rights for individuals. Industry experts argue that the DPDP framework compels crypto platforms to adopt privacy-by-design principles, selective disclosure mechanisms, and auditable custody frameworks. According to Hilal Ahmad Lone, Chief Information Security Officer at Liminal Custody, the DPDP makes it clear that handling sensitive data without bank-grade controls is no longer acceptable, pushing exchanges toward hardened key management and continuous monitoring. 

India’s crypto market continues to expand despite regulatory uncertainty, with estimates suggesting 119 million traders and investors in 2025 and projections of a USD 15 billion market by 2035. Major exchanges such as Binance and KuCoin have already registered with FIU-IND, with Binance paying USD 2.25 million to settle past non-compliance issues. At least 49 exchanges are now registered, signalling growing institutional acceptance of the new regime. 

📰 Mini Headlines 

―――――――――――――――――――――――――――――― 

• UK Government and ICO Sign MoU to Raise Data Protection Standards 

The UK Government and the Information Commissioner’s Office (ICO) signed a Memorandum of Understanding (MoU) to strengthen cooperation on data protection. The agreement follows several high-profile government data breaches in 2025 that undermined public trust. The MoU sets out 17 commitments, including improving security in public services, ensuring transparency, and aligning with the UK GDPR and Data Protection Act 2018. It also supports the government’s plan to digitally transform services while safeguarding citizens’ information.

Data Protection Standards 

Read More → https://www.ukauthority.com/articles/government-and-ico-sign-mou-to-raise-data-protection-standards  

• Google Gemini Integrates Personal Data for Enhanced AI Responses 

Google has launched Gemini’s “Personal Intelligence” feature. It allows the AI to securely access user data across Gmail, Google Photos, YouTube, and Search history. The integration allows Gemini to deliver context-aware responses, such as summarising emails, retrieving photos, or tailoring recommendations. Google claims the system uses encryption, differential privacy, and user controls to protect sensitive information. Analysts note that Gemini 3, developed by Google DeepMind, represents a leap in multimodal reasoning, combining text, images, audio, and code.  

Artificial Intelligence  

Read More →  https://www.scworld.com/brief/google-gemini-integrates-personal-data-for-enhanced-ai-responses   

•  Hong Kong Privacy Watchdog Warns Over Grok Chatbot 

The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong has issued a warning about Elon Musk’s Grok chatbot, citing risks of generating indecent or harmful content. Regulators stressed that AI systems must comply with local privacy and decency laws, particularly when handling sensitive user inputs. The PCPD reminded users that providing personal data to AI chatbots must comply with the Personal Data (Privacy) Ordinance (PDPO) and its Data Protection Principles. Authorities are contacting Grok’s operators to assess safeguards, stressing that AI developers must implement monitoring and transparency to prevent malicious use. 

Grok Chatbot 

Read More  https://www.mlex.com/mlex/technology/articles/2431022/hong-kong-privacy-watchdog-warns-over-grok-chatbot-s-use-to-generate-indecent-content