India has moved to tighten regulations on internet-connected CCTV cameras and related surveillance equipment, particularly those associated with Chinese manufacturers such as Hikvision and Dahua Technology, as well as certain products from TP-Link.
Effective April 1, all CCTV devices must comply with stricter certification requirements under the government’s Standardisation Testing and Quality Certification (STQC) framework. Products that do not obtain this mandatory approval will not be permitted for sale in the Indian market.
According to Section 5 of Gazette Notification S.O. 1119(E), issued under the Public Procurement (Preference to Make in India) Order (PPP-MII), security testing reports for CCTV and Video Surveillance Systems (VSS) must be issued by the STQC Directorate or an agency authorised by the Ministry of Electronics and Information Technology (MeitY).
The STQC certification remains valid for three years from the date of issuance. As part of the compliance process, certifications are being granted under the IoT System Certification Scheme (IoTSCS), ensuring that products meet the prescribed standards.
The move is part of a broader push to strengthen cybersecurity, as internet-connected surveillance systems are increasingly seen as potential entry points for cyber threats or unauthorised access.
Reports indicate that certification is being denied to some products, particularly those using Chinese-origin chipsets. This has effectively restricted their entry into the Indian market.
Under the revised norms, CCTV systems must meet key security requirements, including the removal of hardcoded passwords and hidden backdoors, secure software update mechanisms, encryption of data transmission, and safeguards against tampering with both hardware and software.
Security concerns surrounding such devices have been raised earlier as well. In 2021, the government informed Parliament that nearly one million cameras installed across government institutions were sourced from Chinese companies, raising concerns over possible data transmission to servers located outside India.
The new regulations aim to reduce cyber security risks and ensure that surveillance infrastructure across the country remains secure and reliable.
👉 Click here to read the latest Gujarat news on TheLiveAhmedabad.com