India has moved to effectively block the sale of several foreign-made CCTV cameras since April, after enforcing stricter certification rules under the Standardisation Testing and Quality Certification Directorate framework. The new rules require all surveillance equipment sold in the country to obtain mandatory approval before entering the market, a requirement that has impacted products manufactured by Chinese companies, including Hikvision and Dahua Technology, along with cameras supplied by TP-Link that have not received certification.
The government’s decision is part of a broader effort to strengthen cybersecurity standards for internet-connected devices that could potentially be exploited for surveillance or hacking. Authorities have reportedly declined certification for several products from these firms and for devices that rely on Chinese-origin chipsets. Without clearance from the certification body, such products cannot legally be sold in India.
Security Concerns Drive Regulatory Shift
Officials say the updated rules focus on preventing surveillance devices from becoming entry points for cyber attacks. Manufacturers must now demonstrate that their cameras do not contain hardcoded login credentials or hidden backdoors that could be exploited by hackers.
The regulations also require companies to provide secure firmware systems and reliable update mechanisms. Devices must encrypt communications using robust security protocols and include safeguards to prevent both hardware and software tampering. These measures are designed to reduce the risk of unauthorised access to networks connected to surveillance cameras.
Government data had earlier revealed that roughly one million cameras installed across public institutions in India were supplied by Chinese companies. Authorities expressed concern that such devices could potentially transmit video data to servers located outside the country, raising questions about data security and surveillance risks.
Global Conflicts Highlight Surveillance Vulnerabilities
Recent geopolitical conflicts have further intensified scrutiny of consumer surveillance equipment. Research released by Tel Aviv-based cybersecurity firm Check Point Software Technologies documented hundreds of hacking attempts targeting consumer security cameras across the Middle East during the recent conflict between Iran and the United States.
According to the research, Iranian military forces attempted to exploit civilian cameras to identify targets, plan missile and drone strikes, and assess damage after attacks against locations including Israel, Qatar, and Cyprus. Reports have also suggested that the Israeli military accessed a large number of traffic cameras in Tehran to monitor activity in the Iranian capital.
In the ongoing conflict between Russia and Ukraine, both sides have accused each other of hacking civilian surveillance cameras to track troop movements and guide military strikes. Security experts believe similar threats could pose serious risks for India as well.
Indian authorities have already arrested several individuals in recent months over allegations of spying on sensitive installations, reinforcing concerns about surveillance infrastructure being misused.
International Pushback Against Chinese Surveillance Tech
India’s restrictions reflect a wider global trend of increased scrutiny over Chinese surveillance technology. In 2022, the United States banned the sale of equipment manufactured by Hikvision and Dahua over national security concerns. Similar restrictions have been introduced by the United Kingdom and Australia.
Testing requirements for CCTV devices supplied to government agencies in India had already been introduced in June 2024. These standards require tamper-resistant enclosures, strong malware detection capabilities, and encrypted communication systems.
Manufacturers must also run specialised software tools to analyse their source code and submit reports to government laboratories. If companies use proprietary communication protocols instead of standard technologies such as Wi-Fi, authorities can demand access to the source code to examine potential vulnerabilities.
The framework also allows Indian officials to conduct inspections of manufacturing facilities abroad to identify possible cybersecurity risks. With the latest rules now extended to all surveillance equipment sold in the country, the government aims to strengthen the security of India’s rapidly expanding surveillance network.