Industry Faces Jolt as MeitY Declines Further Extension on CCTV Certification Deadline
As a result of the 9th April 2025 deadline set by IoT System Certification Scheme (IoTSCS) for network cameras and video recorders, based on compliance with the Essential Requirements (ERs) by STQC only 4 brands (manufacturers) can manufacture, stock and sell networked cameras in India. Will they be able to meet the demand!
In an era where surveillance technology plays a critical role in national security, public safety, and private enterprise, India has taken a decisive step toward standardizing the quality and security of closed-circuit television (CCTV) systems. The Standardization Testing and Quality Certification (STQC) Directorate, operating under the Ministry of Electronics and Information Technology (MeitY), has mandated STQC certification for all CCTV cameras and video recorders sold or deployed in India. This move, rooted in the Electronics and Information Technology Goods (Requirements for Compulsory Registration) Order, 2021, has been aiming to address growing concerns over cybersecurity vulnerabilities, substandard hardware, and the risks posed by unregulated surveillance devices. By April 9, 2025, all CCTV devices had to comply with the Essential Requirements (ER) framework, a set of stringent security and quality benchmarks designed to safeguard India’s digital and physical infrastructure.
The Current Situation
As per information available on the STQC website only a handful of camera models by four manufacturers / brands – Samriddhi Automation Pvt. Ltd. (Sparsh) – 27 camera models, Prama India Private Limited (PRAMA) – 6 models, Aditya Infotech Ltd. (CP PLUS) – 5 camera models, and Matrix Comsec Pvt. Ltd. (MATRIX) – 23 camera models are approved under the IoT System Certification Scheme (IoTSCS) for network cameras, based on compliance with the Essential Requirements (ERs). The approved chipsets (SoCs) used by these manufacturers are from Ambarella (U.S.), Novatek (Taiwan), and Innofusion (Singapore). However, in order to remain competitive, even these brands may still well be relying on other Chinese components, and support from suppliers located in that country.
Several Chinese manufacturers and a substantial number of small and medium-scale Indian businesses that depend heavily on Chinese components are now facing a period of heightened uncertainty. This follows the Ministry of Electronics and Information Technology (MeitY)’s recent decision to deny any further extensions for compliance with mandatory certification requirements for CCTV products.
The move, aimed at enhancing national cybersecurity and standardization, comes as a significant blow to the industry—especially considering that over 80% of India’s surveillance products are currently reliant on Chinese hardware and software. Industry experts warn that this policy shift could cause major disruptions across the demand-supply chain, particularly affecting budget-focused players.
Smaller CCTV brands and operators, many of whom cater to cost-sensitive markets such as small businesses, residential communities, and rural areas, may find it challenging to swiftly align with the stringent certification mandates. Developing new, compliant products will require substantial investments in R&D, testing, and infrastructure, which many in this segment are ill-prepared for.
This development is also expected to fuel market consolidation, with larger, better-funded companies better positioned to adapt and capitalize on the changing regulatory landscape. Meanwhile, smaller players may face the risk of business closure, increased operational costs, or may be forced to exit the market entirely—raising broader concerns about affordability, accessibility, and the survival of India’s unorganized and semi-organized CCTV manufacturing sector.
This development is also expected to fuel market consolidation, with larger, better-funded companies better positioned to adapt and capitalize on the changing regulatory landscape.
The industry is now at a critical juncture, and calls for balanced regulation, transitional support, and inclusive policymaking are growing louder, particularly from associations like APSA, FAIITA, AKESSIA, SSSA, ESAI and other stakeholder groups who advocate for a more phased and collaborative implementation strategy.
In the above move, there are notably some prominent “Non Chinese” global brands such as Axis (Sweden), Hanwha (South Korea), Vivotek (Taiwan), Honeywell (USA), and Bosch (USA), i-Pro (Japan), Pelco (USA), CBC/GANZ (Japan), VICON (USA) that have been selling their networked cameras and other video surveillance equipment in the Indian market, and especially for top government projects, such as prisons, defence and top government establishments, airports, and even the new parliament house building are currently absent from the approved list. It remains unclear whether these companies have not yet applied for certification or if their applications are still under review or were not approved.
Update to the BIS Compulsory Registration Order (CRO)
In a follow-up gazette notification dated April 9, 2024, the government extended the scope of the Bureau of Indian Standards (BIS) CRO scheme. The amendment mandates compliance with:
- IS 13252 Safety Standards for all CCTV models, including IP Bullet, Dome, and PTZ cameras.
- Essential Requirements (ER) related to cybersecurity.
Originally set for October 9, 2024, the compliance deadline was extended to April 9, 2025, providing manufacturers with additional time to align their products with both safety and cybersecurity protocols.
The push for mandatory certification stems from the increasing reliance on surveillance systems across sectors, including government facilities, critical infrastructure, and private establishments. However, the proliferation of low-cost, uncertified CCTV cameras—many of which lack basic security features—has exposed vulnerabilities that could be exploited for cyberattacks, data breaches, or even espionage. Incidents of unauthorized access to surveillance networks, misuse of footage, and hardware failures have underscored the urgent need for regulatory intervention. The STQC certification framework addresses these challenges by ensuring that every device meets rigorous standards for cybersecurity, electrical safety, and operational reliability.
At the core of the STQC mandate is the Essential Requirements (ERs) for CCTV cameras notified as part of the Public Procurement Order (PPO) in the Gazette of India (EXTRAORDINARY, PART II—Section 3—Sub-section (ii) dated 7th March, 2024, at Sr. No. 1062) issued by the Ministry of Electronics and Information Technology (MeitY).
As per industry sources perhaps this entire move started from a big requirement of video surveillance at railway stations and trains from the Indian Railways in 2018, came up with a proposal of installing 8,000 CCTV cameras. However, the bidders had to comply with the IoT System Certification Scheme. And, very interestingly, the bidders included names such as HFCL, L&T, , Mahendra Defence, and public sector companies such as TCIL, BEL and BECIL.
The Essential Requirements (ER: 01) framework, which outlines specific security protocols for CCTV devices. Cybersecurity remains a top priority, with devices required to resist common threats such as malware, brute-force attacks, and unauthorized access. Manufacturers must implement secure communication protocols, ensuring that all data transmitted by the camera is encrypted using Transport Layer Security (TLS) protocols. This prevents interception or tampering during transmission, a critical safeguard for sensitive footage.
Firmware security is another key focus area; updates must be cryptographically signed to prevent malicious actors from injecting unauthorized code. Devices must also avoid hardcoded credentials, a common vulnerability in low-cost cameras that allows hackers to gain administrative access effortlessly. Additionally, advanced memory protections like Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are mandated to mitigate buffer overflow attacks, a tactic often used to exploit software flaws.
Hardware integrity is equally scrutinized under STQC guidelines. Cameras must feature tamper-resistant designs to prevent physical manipulation, such as unauthorized disassembly or component replacement. Secure boot mechanisms ensure that only authenticated firmware can run on the device, blocking attempts to install malicious software during startup. Cryptographic keys and certificates, essential for encrypting data and authenticating devices, must be securely stored within the hardware to prevent extraction by attackers. These measures collectively ensure that CCTV systems are resilient against both digital and physical threats.
Electrical safety is another pillar of the certification process. Devices must comply with international standards such as IS 13252 (Part 1): 2010 and IEC 60950-1: 2005, which govern aspects like insulation, overheating prevention, and resistance to environmental stressors. These standards are particularly critical in India, where fluctuating power supplies and extreme weather conditions can strain electronic components. By adhering to these norms, manufacturers reduce the risk of hardware malfunctions that could compromise surveillance operations or pose safety hazards.
The certification process itself is a multi-stage endeavor designed to leave no room for oversight. Manufacturers begin by submitting an application detailing the scope of certification, including the specific models and their intended use cases. Independent STQC-approved laboratories then conduct testing, evaluating everything from software vulnerabilities to hardware durability. Devices are supposed to withstand simulated cyberattacks, stress tests, and firmware analyses to identify weaknesses. Simultaneously, manufacturing facilities are audited to verify adherence to quality control protocols, ensuring that production lines consistently meet STQC standards. Only after these assessments are completed and reviewed by STQC officials is certification granted.
As of the latest updates (February 2025), 14 private laboratories have been empaneled under the STQC scheme for CCTV testing, as per the official list published on the STQC website. These labs are authorized to assess CCTV devices against the “Essential Requirements for Security of CCTV,” mandated by the Bureau of Indian Standards (BIS) under the Public Procurement Order (PPO)
Supply chain transparency is a non-negotiable requirement under the STQC framework. Manufacturers must demonstrate that their components are sourced from trusted suppliers, with detailed documentation tracing the origin of critical parts like image sensors, processors, and memory modules. Counterfeit components, a pervasive issue in the electronics industry, are strictly prohibited. Also, keeping the sensitivity of India- China relationship in view, as well as America’s NDAA provisions targeting Chinese CCTV manufacturers over national security concerns, there is a growing bias against critical CCTV camera components which have origins in China, such as the SOC (Chip Set).
Critical component of modern IP CCTV Cameras
In CCTV cameras, a System on Chip (SoC) is an integrated circuit that consolidates all critical components required for video capture, processing, encoding, and connectivity into a single chip. It serves as the “brain” of the camera, handling tasks from image processing to cybersecurity, and is essential for modern surveillance systems
Key Components of a CCTV Camera SoC:
- Image Signal Processor (ISP): It enhances raw image data from the camera sensor by adjusting exposure, white balance, noise reduction, and color correction.
- Video Encoding Module: It compresses video using standards like H.264, H.265, or AV1 to reduce bandwidth and storage needs.
- Central Processing Unit (CPU): It manages general operations, firmware execution, and communication with peripherals.
- Memory Interfaces: It Integrates RAM and storage controllers for temporary data processing and video buffering.
- Connectivity Modules: It includes Ethernet, Wi-Fi, or 4G/5G interfaces for data transmission.
- AI Accelerators (Optional): It Enables edge-based analytics like facial recognition, motion detection, and anomaly identification.
Why securing the SOC is vital
In an era of escalating cybersecurity threats—particularly in safeguarding national critical infrastructure such as power grids, transportation hubs, and government facilities—the integrity and protection of the System on Chip (SoC) in surveillance cameras have become paramount. As the core processing unit responsible for video capture, encryption, and network communication, the SoC serves as the first line of defense against sophisticated cyberattacks. Its security directly impacts a camera’s ability to prevent unauthorized access, data breaches, and potential exploitation by malicious actors. Ensuring robust SoC safeguards, including secure boot protocols, hardware-based encryption, and tamper-resistant designs, is no longer optional but a critical necessity to protect sensitive systems from evolving threats like firmware hijacking, zero-day vulnerabilities, and supply chain compromises.
Companies must also implement risk management policies to address potential supply chain disruptions or compromises, further fortifying the integrity of the final product.
Opportunities and threats
For businesses, the STQC mandate presents both opportunities and challenges. On one hand, certification enhances consumer trust, as buyers can be confident in the security and durability of certified devices. It also positions Indian manufacturers to compete globally, as STQC standards align with international benchmarks like those set by the International Electrotechnical Commission (IEC). Government procurement policies further incentivize compliance; uncertified devices are ineligible for public projects, a significant market segment. However, the path to certification is fraught with hurdles, particularly for small and medium-sized enterprises (SMEs). The costs of testing, facility upgrades, and documentation can strain limited budgets, potentially forcing smaller players out of the market. Larger firms, better equipped to absorb these expenses, may consolidate their dominance, leading to reduced competition and innovation.
The April 2025 deadline adds urgency to these challenges. Distributors and retailers must phase out non-compliant stock, a process that could disrupt supply chains and inflate prices. Consumers, too, may face higher costs as manufacturers pass compliance-related expenses onto the market. However, the long-term benefits—reduced cybercrime, fewer hardware failures, and enhanced national security—outweigh these short-term pains. To ease the transition, stakeholders have proposed measures like phased implementation timelines, subsidies for SMEs, and tiered certification levels based on a device’s application. For instance, cameras used in high-security government facilities could be held to stricter standards than those deployed in residential settings.
The STQC certification framework represents a paradigm shift in India’s approach to surveillance technology. By prioritizing security and quality, it addresses critical gaps in the existing market while aligning with global best practices. However, its success hinges on balanced implementation that supports both regulatory goals and industry growth. Collaborative efforts between the government, manufacturers, and cybersecurity experts will be essential to refine standards, address emerging threats, and foster innovation. As India moves toward a digitally secure future, STQC-certified CCTV systems will serve as a cornerstone of its surveillance infrastructure, safeguarding not just data and devices, but the nation’s collective security.
Industry concerns
The Asian Professional Security Association (APSA) India Chapter through it’s President, Dr. Deepankur Mittal has submitted a formal request to the Ministry of Electronics and Information Technology (MeitY) to reconsider the mandatory implementation of STQC certification for CCTV products in addition to the existing BIS requirements. While supporting the government’s objective of ensuring security and quality, APSA raised concerns about the financial and operational burden this dual compliance places on small and medium manufacturers, OEMs, and retailers—particularly in the retail and semi-urban sectors. The letter highlights potential consequences including market shrinkage, reduced CCTV adoption, job losses, and a possible surge in grey-market imports. It is also concerned about a “Monopoly Formation” – Market consolidation by a few large players.
APSA has recommended a more inclusive approach through phased implementation, unified certification, financial support for MSMEs, and stakeholder consultations to protect the broader security ecosystem while maintaining national security goals.
Similarly other security and IT industry associations such as the Mumbai based Federation of All India Information Technology Associations (FAIITA), in a recent letter, sought the intervention of Union Minister for Information Technology Ashwini Vaishnaw and warned that the new STQC requirement puts over 1,000 MSME units in the CCTV manufacturing sector at risk of closure, and with that the livelihoods of more than 4,00,000 individuals are hanging in the balance.
Representatives of these and other associations met in New Delhi recently to discuss the outcome of this certification deadline and held a press conference to lodge their protest with the government.
Dr. Deepankur Mittal in a well worded letter written to the government states: While STQC is vital for high-alert zones, government installations, and critical infrastructure, enforcing it across the entire retail and private sector could have unintended consequences – Security will become unaffordable for small businesses and households; Retailers and SMEs-especially in semi-urban and rural areas-will no longer be able to access budget-friendly options; and, general adoption of CCTV will drop, creating larger surveillance blind spots in cities and towns.
He further states that there is a high risk of a black market emerging for uncertified and illegally imported cameras, undermining both safety and security aspects, as well as, Indian manufacturing.
In a letter available with SECURITY UPDATE he urges the government to allow: Single-window clearance combining BIS and STQC to avoid redundancy; Phased implementation beginning with high-security zones and government projects; Financial assistance or subsidies to help MSMEs transition smoothly; Extended compliance timelines to allow for adaptation without disruption; Stakeholder consultations with APSA and other associations to draft a more inclusive and pragmatic roadmap.
The Chennai based Electronic Association of India states that: The cost of STQC certification depends on the number of camera models. Base Camera Certification costs ₹5 Lakhs per model and an additional camera of the same series will cost another ₹50,000 per camera. The time required to get certified is 3 to 6 months and the validity of this certification is for 3 years only, rRenewable with the same process. This is not viable for small importers, assemblers and manufacturers who do not sell in large quantities, thereby impacting the business.
ESAI further predicts that importers and distributors are used to a credit-based business model as Chinese OEMs provided long credit periods and the national distributors extended these terms to local dealers and installers.
Now, the handful of STQC approved Indian OEMs (with lack of competition) may move as per a strict payment cycle and state-wise distributors will be pushed to fund their own inventory and manage their cash flows efficiently. They also may have to absorb interest costs of financial institutions, while allowing little or no credit to their channel partners, system integrators and installers, thereby edging out the financially weak from the supply chain, and while also pushing up the cost of CCTV cameras.
Interestingly, ESAI also states that the good news is that STQC is not mandatory for analog HD cameras, so businesses selling analog HD can continue operations as usual. But cautions that analog systems are phasing out slowly as IP Cameras are the future standard. It encourages everyone to go for STQC certification.
In summation, while the STQC mandate reflects a forward-looking approach to strengthening the integrity and security of surveillance infrastructure, its broad implementation requires careful calibration. It is vital to strike a balance between raising standards and ensuring accessibility, especially for small and medium enterprises that form the backbone of India’s CCTV industry. A phased rollout, unified compliance mechanisms, and stakeholder engagement—such as those suggested by APSA—can help mitigate disruptions while preserving the policy’s core objectives. With thoughtful execution, India can lead the way in creating a surveillance ecosystem that is secure, inclusive, and resilient.
While the STQC mandate reflects a forward-looking approach to strengthening the integrity and security of surveillance infrastructure, its broad implementation requires careful calibration. It is vital to strike a balance between raising standards and ensuring accessibility, especially for small and medium enterprises that form the backbone of India’s CCTV industry
Next Steps
Given the challenges faced by CCTV manufacturers and suppliers in complying with the Essential Requirements (ER) framework deadline, the ministry may need to reassess the necessity of extending the timeline. This consideration is often driven by industry appeals, stakeholder input, or practical compliance hurdles. With India’s monthly CCTV consumption estimated at over 3 million units and a market growth rate exceeding 10% annually, the current pool of approved suppliers is insufficient to meet demand. If the deadline remains unchanged, significant supply shortages could emerge, leading to price surges and delays in critical surveillance projects.
