India has rolled out stringent new rules mandating all manufacturers of internet-connected CCTV cameras—whether domestic or foreign—to submit their hardware, software, and source code for security assessments in Indian government labs before selling their products in the country. The mandate, applicable to all cameras manufactured or imported after April 9, 2025, marks a sweeping overhaul of surveillance gear regulations, with a direct impact on Chinese giants Hikvision, Xiaomi, and Dahua.
The directive stems from mounting concerns over potential Chinese espionage through surveillance infrastructure. In 2021, then Minister of State for Communications and IT, Sanjay Dhotre, warned Parliament that approximately 10 lakh CCTV cameras deployed across various Indian government institutions were of Chinese origin and posed a national security risk. Fears that these cameras could relay sensitive footage to Chinese servers have since amplified calls for decisive action.
“There is always an espionage risk. Anyone can operate and control internet-connected CCTV cameras sitting in an adverse location,” said Gulshan Rai, India’s former cybersecurity chief (2015–2019), speaking to Reuters. “They need to be robust and secure.”
Despite industry pushback, the Indian government has refused to backtrack. On April 13, top Indian officials met with executives from 17 major surveillance gear manufacturers—including Hanwha, Motorola, Bosch, Honeywell, and Xiaomi. The manufacturers pleaded for delayed implementation, citing concerns about insufficient testing capacity, commercial disruption, and confidentiality risks over source code disclosure.
But the government held firm, asserting that the policy addresses a “genuine security issue” and applies uniformly, not targeting any specific country. Officials emphasized that the rules are designed to uplift the cybersecurity standards of all surveillance systems across India.
Ajay Dubey, Hanwha’s Director for South Asia, warned that “millions of dollars will be lost from the industry, sending tremors through the market.” Manufacturers have expressed grave concerns over prolonged approval delays, disruption to infrastructure rollouts, and the possibility of invasive factory inspections.
Under the new norms, CCTV manufacturers must now ensure their devices feature tamper-proof enclosures, high-grade malware detection systems, and robust encryption protocols. Devices using proprietary communication protocols—such as non-standard network interfaces—are subject to even stricter scrutiny, including mandatory disclosure of sensitive source code.
A critical clause in the new policy allows Indian cybersecurity authorities to conduct physical inspections of manufacturing units abroad, empowering them to directly assess vulnerabilities and compliance at source. This unprecedented step signals a no-compromise approach to tech sovereignty and hardware integrity.
Until now, only surveillance gear procured by the Indian government underwent security assessment. The updated regulations now cover all CCTV cameras—public and private—ushering in a new era of comprehensive surveillance governance.
The Indian surveillance market is projected to surge to $7 billion by 2030, from $3.5 billion in 2024, according to Counterpoint Research analyst Varun Gupta. The sector is currently dominated by China’s Hikvision and Dahua, which hold about 30 per cent market share, while India’s own CP Plus leads with 48 per cent. Roughly 27 per cent of CCTV demand arises from the public sector, with 73 per cent stemming from enterprise clients, hospitality firms, and residential users.
Delhi alone is home to over 250,000 CCTV cameras—a testament to the ubiquity of surveillance technology in India’s urban fabric.
Comments