India's New CCTV Regulations: What You Need to Know About Internet-Connected Cameras
Overview of India's New CCTV Regulations
New Delhi: India has implemented stricter regulations regarding the sale and use of internet-connected CCTV cameras, requiring them to be certified by the government to meet security and quality standards. This initiative aims to tackle cybersecurity threats and mitigate risks associated with unverified surveillance devices.
The Ministry of Electronics and Information Technology (MeitY) has outlined these requirements, mandating that internet-enabled CCTV cameras must pass testing and certification under the Standardisation Testing and Quality Certification (STQC) framework before they can be marketed in India.
This new regulation raises an important question: What will be the fate of existing home CCTV systems? This article will clarify the new rules and their potential impact on households, businesses, and offices.
Details of the New STQC Regulations
According to the new Essential Requirements established by MeitY and enforced through STQC, all internet-enabled CCTV cameras sold in India must obtain government certification prior to being sold.
Key stipulations include:
- Disclosure of the country of origin for key components, such as the system-on-chip (SoC) and firmware.
- Submission of hardware, software, and, in certain cases, source code for cybersecurity evaluation in government labs.
- Assessment of potential vulnerabilities, including risks related to remote access and data transfer.
The government has reportedly declined to certify CCTV products utilizing Chinese-origin chipsets or firmware, effectively barring major Chinese brands like Hikvision, Dahua Technology, and TP-Link from introducing new internet-connected camera models in India.
In contrast, over 500 CCTV models from compliant Indian and foreign manufacturers have already received STQC approval and are permitted for sale.
Impact on Existing CCTV Systems
The new regulations primarily target the future sale and certification of internet-connected CCTV cameras. Currently, there is no nationwide mandate requiring the removal of existing cameras installed in homes, businesses, or private offices.
Experts in the industry suggest that privately installed systems, including those with foreign components, are unlikely to face immediate issues unless they are connected to sensitive networks or fall under specific regulatory scrutiny in the future. Non-internet-connected cameras or systems not integrated into larger networks generally do not fall under these certification requirements.
However, it is anticipated that uncertified Chinese-origin internet-connected CCTV systems may gradually be phased out through voluntary upgrades, lender stipulations, and integration into secure city-level surveillance frameworks.
Reasons Behind India's New Regulations
This policy arises from longstanding concerns in New Delhi regarding the potential for Chinese-linked surveillance equipment to be used for espionage, unauthorized remote access, or covert data transfers.
In 2021, the government informed Parliament that approximately one million CCTV cameras installed in government facilities and public-sector sites were sourced from Chinese companies, underscoring the extent of reliance on such equipment. Recently, central agencies have initiated nationwide audits of CCTV networks in major cities, prompted by security investigations into possible foreign-linked espionage activities and fears of hostile entities accessing camera feeds remotely.
From the perspective of domestic manufacturers, this shift is expected to benefit Indian surveillance brands that already utilize non-Chinese chipsets and have obtained STQC certification. Nonetheless, analysts caution that certified systems may be more expensive, posing affordability challenges for small businesses, housing societies, and individual consumers.