India has tightened its digital security framework, mandating stricter compliance for telecom equipment, CCTV systems and data protection, amid heightened concerns over vulnerabilities in surveillance infrastructure and emerging espionage risks flagged by recent investigations.

The move comes against the backdrop of long-standing concerns over the widespread use of imported CCTV equipment -particularly from Chinese manufacturers-in critical and public surveillance networks. These concerns have sharpened after security agencies recently stumbled upon Pakistan-linked espionage modules operating within India, raising fresh questions about potential exploitation of unsecured surveillance systems.

Global precedents have also underscored the risks. Security experts have pointed to instances such as Israel’s reported targeting of Iranian leadership, where infiltration of urban surveillance networks, including traffic cameras, enabled real-time tracking of high-value targets.

Against this backdrop, the govt has notified mandatory Essential Requirements (ERs) for CCTV systems in the Indian market. The rules require disclosure of the origin of critical hardware components such as system-on-chip (SoC), testing against vulnerabilities that allow unauthorised remote access, and certification through accredited labs. So far, 507 CCTV models have been certified under these norms.

Govt departments have been barred from procuring CCTV equipment that does not meet these standards, with ministries advised to secure existing video surveillance networks against breaches..

At a broader level, the legal backbone has been strengthened through the Telecommunication Act, 2023 and the Digital Personal Data Protection Act, 2022. The earlier National Security Directive on Trusted Sources (2021) mandates procurement of telecom equipment only from approved vendors. The govt also informed Parliament that 652 mobile applications have been blocked under Section 69A of the IT Act over data security concerns.

Cybersecurity oversight has been expanded through the National Cyber Coordination Centre (NCCC), while CERT-In has empanelled 237 auditing organisations and issued updated guidelines, including supply chain transparency norms. Officials said it emphasized the growing importance of securing interconnected digital infrastructures.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!