India has decided to ban internet-connected CCTV cameras and related hardware from Chinese manufacturers, including Hikvision, Dahua Technology. CCTVs from TP-Link has also been impacted by the decision. From April 1, new certification requirements under the Standardisation Testing and Quality Certification (STQC) framework come into effect. Under these rules, all CCTV products must receive necessary approval before they can be sold in India.
The move is part of a broader government push to tighten security standards for connected devices, as these products are increasingly being seen as potential surveillance tools prone to hacking.
Authorities in India are reportedly refusing to grant certification to products from these firms, as well as devices that use Chinese-origin chipsets. Without STQC clearance, such products are effectively barred from the Indian market.
What the new security requirements focus on
The new certification requirements aim to ensure that CCTV cameras do not expose users’ networks to cyber threats. The rules require that devices do not contain hardcoded credentials or hidden backdoors. They must also include secure firmware and update mechanisms, protect communications using strong encryption, and prevent tampering at both hardware and software levels.
In 2021, the government informed Parliament that around one million cameras installed in government institutions were from Chinese companies. Officials also raised concerns about potential vulnerabilities and video data being transferred to servers located abroad.
More recently, during the Iran–US war, Tel Aviv-based security firm Check Point released research describing hundreds of hacking attempts targeting consumer-grade security cameras across the Middle East. Many of these attempts were reportedly timed around Iran’s missile and drone strikes on targets that included Israel, Qatar and Cyprus.
According to the research, Iran’s military tried to use civilian surveillance cameras to spot targets, plan strikes or assess damage during attacks carried out in response to US and Israeli bombings in the region.
There are also reports suggesting that the Israeli military had accessed “nearly all” traffic cameras in Iran’s capital, Tehran, and, in partnership with the Central Intelligence Agency, used them to target the air strike that killed Ali Khamenei, Iran’s supreme leader.
In addition, Russia and Ukraine have also accused each other of hacking consumer surveillance cameras to track troop movements and guide strikes.
These threats are considered real and could emerge as a security challenge for India as well. In recent months, authorities in India have also arrested several people accused of spying on sensitive installations.
Global scrutiny of Chinese surveillance equipment
India is not the only country introducing stricter regulations for CCTV devices. Millions of CCTV cameras have been installed across Indian cities, offices and residential complexes to improve security monitoring. According to official data, New Delhi alone has more than 2,50,000 cameras, most of them mounted on poles in key locations.
In 2022, the United States banned sales of Hikvision and Dahua equipment, citing national security concerns. The United Kingdom and Australia have also imposed restrictions on Chinese-made surveillance devices.
CCTV equipment supplied to India’s government has already been required to undergo testing since June 2024. The rules require devices to include tamper-proof enclosures, strong malware detection systems and encryption.
Manufacturers must also run software tools to test source code and provide reports to government laboratories. Authorities can request source code access if companies use proprietary communication protocols instead of standard technologies such as Wi-Fi.
The rules also allow Indian officials to visit manufacturers abroad and inspect facilities for potential cyber vulnerabilities, Reuters reported. With the latest changes, the government now aims to expand these requirements to cover all such devices sold in the country.
The rules do not impact local manufacturers.
