Licentium

Licensing Hub

India

India has no single VDA licence. Providers register with FIU-IND under the PMLA, and the Income-tax Act 2025 adds a 30% tax, 1% withholding and crypto transaction reporting from April 2026.

Available licences

FIU-IND Registration as VDA Reporting Entity (PMLA)

Mandatory registration with the Financial Intelligence Unit: India under the Prevention of Money-laundering Act, following the Ministry of Finance notification of 7 March 2023. Applies to providers carrying on covered VDA activities for or on behalf of another person as a business: fiat/VDA exchange, VDA/VDA exchange, transfer, safekeeping/administration, instruments enabling control, and issuer-offer-related financial services. Registration requires service description, corporate structure, significant beneficial owners, incorporation documents, annual returns, financial statements, GST/income-tax returns, VDA TDS filings, counterparty contracts, AML/CFT controls, cyber-security audit certification, and an in-person FIU meeting with a live AML/CFT systems walkthrough (KYC, transaction monitoring, blockchain analysis, travel rule, sanctions). Failure to register can attract action under PMLA.

Income-Tax VDA / Crypto-Asset Reporting and TDS (Income-tax Act, 2025)

Income-tax Act, 2025 framework applicable from 1 April 2026. Income from transfer of a VDA is taxed at 30% with no deductions other than cost of acquisition; losses cannot be set off or carried forward. A 1% withholding tax (TDS) applies to consideration for transfer of a VDA, subject to thresholds (INR 50,000 for specified individuals/HUFs; INR 10,000 in other cases). A prescribed reporting entity in respect of a crypto-asset must furnish prescribed information on crypto-asset transactions; the government may prescribe registration, due-diligence and information-maintenance requirements.

SEBI Securities-Market Pathway for Tokenised Securities

Indian securities law defines securities broadly to include shares, scrips, stocks, bonds, debentures, marketable securities, derivatives, collective investment scheme units, mutual fund units, government securities and declared securities. A tokenised share, bond, debenture, fund unit, collective investment scheme interest, derivative, yield token or pooled investment token may be a security even on a blockchain. Securities-market intermediaries cannot buy, sell or deal in securities without SEBI registration. FIU registration does not authorize securities issuance, trading, investment advice, portfolio management, collective investment schemes, mutual fund activity or derivatives activity.

MCA Schedule III Corporate Disclosures

Indian companies that trade or invest in cryptocurrency or virtual currency must make financial-statement disclosures under the amended Schedule III framework, including profit or loss on cryptocurrency or virtual-currency transactions, the amount held at the reporting date and deposits or advances received for crypto trading or investment.

Detailed overview

India: PMLA / FIU-IND Registration, Income-Tax and VDA Compliance

Regulators

India does not currently have a single crypto regulator or a comprehensive prudential licence for all virtual digital asset businesses.

The Financial Intelligence Unit - India is the key authority for anti-money laundering and counter-terrorist financing registration and reporting by virtual digital asset service providers. The Ministry of Finance and Department of Revenue administer the PMLA notification framework. The Income Tax Department and CBDT administer taxation and withholding. RBI is relevant for banks, payment systems, currency, CBDC and regulated financial entities. SEBI is relevant where a token or product is a security or securities-market product. The Ministry of Corporate Affairs is relevant for company financial-statement disclosures.

India should be treated as a compliance-registration jurisdiction rather than a general crypto-licensing jurisdiction.

Official parliamentary materials state that VDAs and crypto assets are currently unregulated in India. This means there is no comprehensive prudential crypto licensing statute. It does not mean that crypto businesses are outside Indian law.

The main legal regimes currently applicable are the Prevention of Money-laundering Act, FIU-IND registration and AML/CFT guidance, Income-tax Act taxation and withholding, crypto-asset transaction reporting, company financial-statement disclosure, and sectoral laws such as securities, payments, information technology, cyber-security, consumer and data-protection laws where relevant.

Virtual digital assets

For current income-tax purposes, a virtual digital asset includes information, code, number or token generated through cryptographic means or otherwise that provides a digital representation of value, is exchanged with or without consideration, carries the promise or representation of inherent value, functions as a store of value or unit of account, and can be transferred, stored or traded electronically.

The definition also includes NFTs and other specified digital assets. The Income-tax Act, 2025 separately refers to crypto-assets relying on cryptographically secured distributed ledger or similar technology.

PMLA and FIU-IND perimeter

The Ministry of Finance notification dated 7 March 2023 brings specified VDA activities into the PMLA framework when carried out for or on behalf of another natural or legal person in the course of business.

Covered activities are exchange between virtual digital assets and fiat currencies, exchange between one or more forms of virtual digital assets, transfer of virtual digital assets, safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets, and participation in or provision of financial services related to an issuer’s offer and sale of a virtual digital asset.

A centralised exchange, crypto-fiat on-ramp, crypto off-ramp, crypto-to-crypto exchange, OTC desk, hosted wallet, custodian, private-key control service, transfer service, token-sale platform or issuer-offer support provider is likely to fall within the PMLA perimeter where it performs these services for customers as a business.

A pure software provider or non-custodial wallet developer requires separate analysis. The decisive question is whether the provider actually exchanges, transfers, safeguards, administers, controls instruments enabling control, or provides issuer-offer-related financial services for another person.

FIU-IND registration

VDA service providers carrying on covered activities must register with FIU-IND as reporting entities.

FIU registration is a prerequisite for covered VDA service providers. FIU-IND’s 2025 registration circular states that failure to register is non-compliance and can attract action under PMLA.

The registration process is substantive. FIU expects information on the nature of services, corporate structure, significant beneficial owners, incorporation documents, annual returns, financial statements, GST registration and returns, income-tax returns, VDA TDS filings, contracts with domestic and international VDA counterparties, AML/CFT controls, law-enforcement declarations and cyber-security audit certification.

The Designated Director and Principal Officer must attend an in-person FIU meeting. The applicant must also provide a live walkthrough of its AML/CFT systems, including KYC, transaction monitoring, blockchain analysis, travel rule and sanctions screening.

FIU may deny or cancel registration where the provider does not fulfil PMLA obligations.

AML and CFT obligations

A VDA reporting entity must maintain transaction records, client identity records, beneficial-owner identity records, account files and business correspondence.

Transaction records must be retained for at least five years from the transaction date. Client identity records and related files must be retained for at least five years from closure of the business relationship or account.

A VDA reporting entity must appoint a Designated Director and Principal Officer. These roles must be separate. Changes must be communicated to FIU-IND within the required period.

Customer due diligence must be completed before onboarding clients or wallets. Wallets must not be anonymous, pseudonymous or fictitious. The reporting entity must identify and verify beneficial owners and must conduct periodic re-KYC.

Enhanced due diligence is required before specified transactions. This includes identity verification, examination of ownership and financial position, source-of-funds recording and recording the purpose of the transaction. Where the client fails to provide required information, the transaction must not be allowed.

Reporting

FIU-IND guidance requires monthly reporting by the 15th day of the succeeding month.

Suspicious transaction reports must be filed promptly once the Principal Officer is satisfied that the transaction is suspicious. FIU guidance states that reporting must occur not later than seven working days from that satisfaction. Attempted suspicious transactions are also covered.

A VDA service provider should maintain transaction monitoring, blockchain analytics, suspicious-activity escalation, sanctions screening, audit trails, employee training and reporting controls.

Travel rule and unhosted wallets

FIU-IND guidance applies travel-rule style controls to VDA transfers.

Originating VDA service providers must obtain and hold required and accurate originator and beneficiary information and transmit it immediately and securely to the beneficiary service provider or financial institution.

Required information includes originator identifying details such as PAN or national identity number, originator name, originator account or wallet address, physical address or date and place of birth, beneficiary name and beneficiary account or wallet address.

Beneficiary-side providers must obtain and hold originator information.

Transfers to and from unhosted wallets are treated as high risk where one side of the transfer involves an obliged entity. A VDA service provider should identify unhosted wallet flows, apply risk-based controls, monitor missing information, screen sanctions lists and maintain escalation procedures.

Offshore platforms

Offshore status does not eliminate Indian compliance exposure where a platform provides VDA services to Indian clients or maintains operations connected to India.

FIU-IND’s official Binance order summary states that Binance was treated as a VDA service provider and reporting entity, continued providing services to Indian clients and maintained operations in India without discharging PMLA obligations. FIU imposed a penalty of INR 18.82 crore.

The Binance page is an official enforcement summary, but FIU expressly states that the summary has no legal significance and is not precedent. It should be treated as an enforcement indicator, not as binding authority.

Taxation

The Income-tax Act, 2025 applies from 1 April 2026.

Income from transfer of a virtual digital asset is taxed at 30 percent. No deduction is allowed other than cost of acquisition. Loss from transfer of a virtual digital asset cannot be set off or carried forward.

A 1 percent withholding tax applies to consideration for transfer of a virtual digital asset, subject to statutory thresholds. No deduction is required where aggregate consideration does not exceed INR 50,000 for specified individuals or Hindu undivided families, or INR 10,000 in other cases.

Crypto-asset reporting

The Income-tax Act, 2025 creates a crypto-asset transaction reporting framework.

A prescribed reporting entity in respect of a crypto-asset must furnish information on crypto-asset transactions in the prescribed statement. The government may prescribe registration, transaction information, due diligence and information-maintenance requirements for crypto-asset users or owners.

A VDA exchange, broker, custodian or platform should build tax reporting, withholding, customer-data, transaction-reconciliation and audit systems separately from FIU reporting.

Banking and payment rails

RBI does not currently operate a general crypto licence.

Banks and regulated financial entities remain sensitive counterparties for crypto platforms. Official parliamentary materials note that RBI has advised regulated entities to conduct customer due diligence for virtual-currency transactions in accordance with KYC, AML, CFT and PMLA standards.

FIU registration does not compel banks, payment gateways, card providers, UPI participants or other payment providers to support VDA activity. A platform should analyze banking, payment aggregation, merchant settlement, remittance, prepaid instrument, foreign-exchange and stable-value arrangements separately.

CBDC

India’s central bank digital currency is distinct from private virtual digital assets.

FIU-IND guidance treats CBDCs as outside the VDA analysis because they are digital forms of fiat currency.

A provider dealing only with RBI-issued digital rupee functionality should analyze RBI, payment, banking, KYC, AML and technology requirements for that role. A provider dealing with both CBDC and private cryptoassets must analyze each activity separately.

Securities tokens

Tokenised securities require separate SEBI and securities-law analysis.

Indian securities law defines securities broadly. It includes shares, scrips, stocks, bonds, debentures, other marketable securities, derivatives, collective investment scheme units, mutual fund units, government securities, declared securities and rights or interests in securities.

A tokenised share, bond, debenture, fund unit, collective investment scheme interest, derivative, yield token, pooled investment token or other marketable investment instrument may be a security even if represented on a blockchain.

Securities-market intermediaries cannot buy, sell or deal in securities without SEBI registration where the activity is within the securities-market intermediary perimeter.

FIU registration does not authorize securities issuance, securities trading, investment advice, portfolio management, collective investment schemes, mutual fund activity or derivatives activity.

Corporate disclosures

Indian companies that trade or invest in cryptocurrency or virtual currency must make financial-statement disclosures under the amended Schedule III framework.

The disclosures include profit or loss on cryptocurrency or virtual-currency transactions, the amount held at the reporting date, and deposits or advances from any person for trading or investing in cryptocurrency or virtual currency.

A company operating a crypto business or holding crypto on balance sheet should coordinate accounting, audit, company-law disclosure, tax reporting and FIU compliance.

Regulatory outlook

India’s current framework combines FIU registration and AML/CFT supervision, income-tax and withholding rules, crypto-asset transaction reporting, company financial-statement disclosure, RBI-related banking and payment-rail constraints, and SEBI analysis for securities tokens.

New entrants should not assume that India is unregulated because there is no single crypto licence. They should map their VDA activities, Indian nexus, FIU registration status, PMLA controls, travel-rule capability, tax withholding, crypto-asset reporting, bank/payment rails, CBDC treatment, securities-token exposure, cyber obligations and company-law disclosures before launching.

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started