India shakes up CCTV industry by mandating scrutiny of China-made CCTVs’ hardware and software, changes enforced to counter Chinese spying through these cameras
India has mandated the manufacturers of the surveillance gear to submit hardware, software, and source code of CCTV cameras for security assessment in Indian government labs before selling their products in the country. This stems from India’s concerns regarding the possible threat of Chinese surveillance through the CCTV cameras and their parts supplied by Chinese manufacturers.
The new rules apply to all internet-connected CCTV cameras manufactured or imported after 9th April, as reported by Reuters. The decision will mostly impact Chinese manufacturers such as Hikvision, Xiaomi, and Dahua, which dominate the Indian surveillance market.
In 2021, the then Minister of State for Communications and IT, Sanjay Dhotre flagged the danger of Chinese surveillance through CCTV cameras. Dhotre said in the Parliament that around 10 lakh CCTV cameras in various government institutions were from Chinese manufacturers and therefore posed a risk of data being passed on to Chinese servers.
Gulshan Rai, who was India’s cybersecurity chief between 2015 and 2019 told Reuters, “There is always an espionage risk. Anyone can operate and control internet-connected CCTV cameras sitting in an adverse location. They need to be robust and secure”.
CCTV manufacturers voice their reservations about the new policy
On 13th April, Indian officials reportedly met with the executives of 17 foreign and domestic manufacturers of surveillance gear, including Hanwha, Motorola, Bosch, Honeywell and Xiaomi. In the meeting, the manufacturers conveyed their reservations regarding the new certification rules and requested the government to delay the implementation of the rules. However, the government rejected their request citing that the policy “addresses a genuine security issue” and therefore it must be enforced. The government clarified that the rules do not single out any country and intend to improve the quality of cybersecurity of surveillance systems in the country.
The CCTV manufacturers raised several issues, including delayed approvals, and disruptions in infrastructure and commercial projects. They mentioned insufficient testing capacity, prolonged factory inspections and government scrutiny of sensitive source code. “Millions of dollars will be lost from the industry, sending tremors through the market,” Ajay Dubey, Hanwha’s director for South Asia, reportedly told the IT ministry.
Millions of CCTV cameras have been installed across Indian cities with Delhi alone having over 250,000 cameras. Counterpoint Research analyst Varun Gupta told Reuters that India’s surveillance market is set to be worth $7 billion by 2030, compared to $3.5 billion last year. He said that China’s Hikvision and Dahua account for 30% of the market while India’s CP Plus has a 48% share in the market. About 27% of the CCTV demand in the country comes from the public sector while the remaining 73% demand comes from enterprise clients, industry, hospitality firms and domestic users.
New rules empower officials to inspect facilities
CCTV equipment supplied to the Indian government have been undergoing security assessment since 2024, but under the new rules, all devices have been covered. The new rules require the CCTV cameras to have tamper-proof enclosures, strong malware detection and encryption. The companies will have to run software tools to test source code and provide reports to government labs. If companies are using proprietary communication protocols in devices, rather than standard ones like Wi-Fi, then, as per the new rules, the labs can ask for source code. The rules also empower Indian officials to visit device makers abroad and inspect facilities for cyber vulnerabilities.
News