Crypto Asset Reforms: From Wild West to Well-Regulated India

[Shivangi and Nimish are students at National Law University Jodhpur.]

Crypto-assets are digital records secured by cryptographic signatures and maintained on a consensus-driven distributed ledger technology (DLT). Though barely a decade old, crypto-assets have rapidly emerged as a significant force in India’s financial ecosystem, despite the absence of a coherent legal framework. 

According to a September 2021 NASSCOM report on India’s “crypto-tech” industry, retail investors here have funneled nearly USD 6.6 billion into crypto-assets, a figure projected to swell to USD 15.6 billion by 2030. It has given rise to over 230 indigenous start-ups, with forecasts suggesting it could create a close to 800,000 employment opportunities and deliver nearly USD 184 billion in combined investment and efficiency benefits by 2030.

Yet, for all this dynamism, India’s legal framework remains unsettled. The juxtaposition of explosive growth and regulatory uncertainty underscores an urgent need to map out a coherent, fit for purpose rules. 

The current patchwork approach (neither recognizing crypto-assets as legal tender nor banning them outright, coupled with a flat 30% tax on gains) leaves investors and service providers in limbo. This is because there is no clear licensure process, many Indian crypto exchanges have either delayed registration or opened foreign subsidiaries hurting the onshore tax revenues and discouraging local innovation. As Economic Affairs Secretary Ajay Seth observed, “these assets don’t believe in borders,” so unilateral crackdowns only drive activity offshore. 

A coherent regime would clarify that crypto-assets are tradable property and not currency, license legitimate operators and allow regulators to concentrate on market abuse rather than blanket prohibition.

Accordingly, we will first survey the existing international practices of European Union (EU) and United Kingdom (UK) on the issue and then draw on international best practices to propose a robust and India-centric regulatory blueprint. 

Regulatory Developments in EU

The EU now uses a two-tier framework where crypto-assets that qualify as transferable security under Article 4(44) of Directive 2014/65/EU of the European Parliament on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (MiFID II) (e.g. tokenized shares or bonds) are treated as securities and fall under existing markets rules for securities. In other words, if the financial instrument looks and behaves like a stock or bond, it is not re-invented as a ‘crypto’ but simply follows the same rules as other securities. 

However, all other crypto-assets are being brought under Regulation (EU) 2023/1114 of the European Parliament and the Council of 31 May 2023 on markets in crypto-assets (MiCA) Regulation (effective mid-2024). This splits these tokens into three categories i.e. money tokens (E-Money Tokens (EMTs) stablecoins pegged 1:1 to a single fiat), asset-referenced tokens (ART) (tokens referencing multiple assets), and all other ‘crypto-assets'. Importantly, MiCA excludes non-fungible tokens (NFT) and any tokens that are already covered as MiFID-II financial instruments. 

Additionally under this, both token issuers and service providers face rigorous, securities-style obligations wherein issuers of ARTs and EMTs must obtain authorization and meet governance, reserve-asset, and disclosure standards. This includes robust risk management frameworks, minimum collateral requirements, and publication of standardized “white papers” detailing token economics, rights, and risks. Crypto-asset service providers (CASPs), the EU’s term for exchanges, custodians, wallet providers, trading venues, advisors, and portfolio managers, must be licensed by a national regulator. Once authorized, CASPs may offer a defined suite of services: custody/administration, operation of trading platforms, spot exchanges of crypto for fiat or other tokens, order execution, investment advice, portfolio management, and transfers. 

Capital and conduct rules mirror MiFID II in which CASPs need minimum capital buffers, fit-and-proper management, and conflict-of-interest policies. They must implement strong Anti-money Laundering/Combating the Financing of Terrorism (AML/CFT) risks controls and consumer-protection measures, including transparent fee disclosures. Custody requirements make crypto custody a standalone regulated activity. Custodians must legally and operationally segregate client assets, maintain detailed custody policies, and carry strict liability for any loss of keys or tokens shifting the burden of proof onto them to demonstrate the absence of negligence. Outsourcing even offshore to third-party custodians is tightly controlled: liability cannot be delegated, and regulators must have full supervisory access.

In parallel, the EU’s DLT (effective March 2023) creates a temporary and experimental framework for tokenized financial instruments that already qualify under MiFID II. It authorizes two new infrastructure types i.e. (a) DLT multilateral trading facilities for listing and trading tokenized securities, and (b) DLT settlement systems for on-chain post-trade processes. These pilots are still subject to core investor-protection rules like keeping order books transparent, upholding conduct standards and ensuring that the settlement is final yet benefit from faster approvals to foster innovation. Although this is limited in scope and duration, it offers a clear roadmap for integrating blockchain technology into regulated markets, serving as a valuable model for India’s own tokenization ambitions. 

Regulatory Developments in UK

In April-May 2025, the HM Treasury of the UK published a draft legislation under Financial Services and Markets Act specifically for crypto-assets and the FCA released a discussion paper (DP25/1) on crypto-activities. Together, these proposals define new regulated activities such as trading custody and stablecoin issuance and create  two core asset categories i.e. ‘qualified crypto-assets’  which are fungible and transferable and ‘qualifying stablecoins’ which are fiat-referenced tokens designed to hold stable value.

By labelling these as “specified investments,” both categories fall under the UK’s “authorized-only” regime. This means that you cannot run a platform or issue one of these tokens unless you’ve obtained explicit approval and meet all regulatory requirements. This setup parallels the EU’s distinction between asset-referenced tokens and other assets. However, this is with a UK twist because, while the UK and the EU both originally operated under the same MiFID II framework, after Brexit, the UK retained MiFID’s core standards in domestic law but now manages its own ‘on-shored’ version under the Financial Services and Markets Act. 

On the consumer protection front, FCA has signaled several strict measures such as the DP25/1 which seeks to ban retail credit purchase of crypto-assets (for example, blocking credit-card or e-money credit-line purchases of cryptocurrencies). This follows an FCA warning that crypto is high-risk and investors must be ready to lose their entire investment. In 2025, it even proposed banning the use of credit cards for buying crypto to prevent people from piling debt onto risky bets. Stablecoins issued by regulated firms are expected to be exempted from credit bans, reflecting a view that fiat-backed tokens with strong reserves may be lower risk. The crypto-assets will be scrutinized for lending/borrowing and staking products for suitability and transparency.

Beyond these classifications and consumer safeguards, the UK reforms address the full lifecycle of crypto-assets i.e.; 

1. Custody and safeguarding:  Any firms offering crypto custody must segregate client assets, maintain auditable records of private-key custody, and face strict liability for any losses unless they prove adherence to rigorous security standards. 

2. Trading infrastructure: Crypto-asset trading venues termed as crypto asset trading platforms will be licensed under existing exchange rules, ensuring orderly trading, transparency of order books, and AML/CFT compliance.

3. Intermediary conduct: All crypto intermediaries, whether dealing as principal, agent or arranger will follow the same conduct, capital and disclosure rules that currently govern securities firms. This mirrors IOSCO’s recommendations 1 and 4 on common standards and full disclosure for trading venues and their operators. 

Hence, by harmonizing asset definitions, custody requirements, platform licensing, and intermediary conduct under a single regime, the UK model ensures comprehensive oversight from issuance and safekeeping to trading and consumer protection, while preserving the ability to innovate within a clear legal boundary.

The Way Forward: Key Issues and Solutions for India 

Central to any Indian framework must be clear token classification. This can be done by regulating the tokens that grant ownership, profit-sharing, or governance rights as securities under SEBI’s prospectus, disclosure, and trading rules. Additionally, fiat- or asset-backed stablecoins warrant their own category regulated by the RBI as e-money, with uncollateralized variants prohibited as systemic risks.

Meanwhile, purely utility or gaming tokens can fall under consumer-protection and AML/CFT laws. Statutory definitions mirroring international models (MiCA’s EMT/ART and MiFID’s transferable-security concepts) would prevent loopholes and regulatory arbitrage.

Second is custody and safeguarding of crypto-assets. Custodians, whether exchanges or wallet providers should be required to segregate client holdings, maintain auditable ledgers, deploy multi-signature key management and cold-storage protocols, and undergo periodic security audits. They should bear strict liability for any losses (unless they can demonstrate robust security controls) and meet minimum capital or insurance requirements. Such measures, drawn from EU MiCA custody rules, would protect investors and reduce fraud.

Likewise, every crypto-asset service provider from exchanges and brokers to advisors and portfolio managers must obtain authorization from a designated regulator (e.g., SEBI for securities-like tokens, RBI for payment services). Ongoing KYC/AML supervision, capital-adequacy standards, cybersecurity safeguards, fair-order execution protocols, and client-fund segregation rules are essential. Prohibiting self-approval of promotions (as the UK has done) would close existing AML/CFT gaps and curb wash trading, insider deals, and platform insolvencies.

A fourth pillar should be explicit rules around DLT networks themselves, as all crypto-asset transactions are recorded and validated on these ledgers, and custody and trading ultimately depend on the underlying ledger architecture. Now, DLT itself is of different types. India should foster distributed‐ledger innovation under robust oversight this is because by this government can ensure regulated control over the market participants. 

According to the OECD Business and Finance Policy Papers, Number 75, there are 3 types of DLT i.e., private permissioned, public permissionless and public permissioned. Private permissioned is accessible only to authorized participants and are centralized but have enhanced security against AML/ CFT risks. Public permissionless chains are open to all but higher illicit-finance risks, and public permissioned systems are wherein anyone can transact permitted assets, but participants must be whitelisted under KYC/AML/CFT controls.

Under a sandbox or DLT pilot regime mirroring the EU’s tokenized‐securities experiment, private permissioned ledgers could support regulated use cases such as tokenized government bonds or a digital-rupee pilot. Meanwhile, when public permissionless networks underpin regulated activities (e.g. trading security-like tokens), only authorized operators should run nodes, and all transfers must comply with travel-rule KYC. For India, a public permissioned model best balances inclusion and control: SEBI would oversee security-token networks, and RBI would govern digital-currency chains, ensuring centralized vetting of participants without stifling blockchain’s transformative potential.

Finally, a multi-agency regulatory architecture with SEBI, RBI, and sectoral regulators (IRDAI, PFRDA) each overseeing different aspects of crypto-asset activity, coordinated by an inter-ministerial committee. This can be done by building the policies on real data that is investor surveys and public feedback. By tackling these five pillars i.e. classification, custody, service-provider licensing, DLT standards, and coordinated governance, India can move from a patchwork of uncertainty to a clear, innovation-friendly framework that protects investors without choking off growth.