Author: Aditya Kalra
NEW DELHI (Reuters) – In recent weeks, global manufacturers of surveillance equipment have clashed with Indian regulators, a controversial new security rules that require CCTV camera manufacturers to submit hardware, software and source code in government labs, official documents and company emails for evaluation to be conducted.
The security testing policy has sparked industry warnings and has added a series of controversies between Prime Minister Narendra Modi's government and foreign companies over regulatory issues and disputes that some believe are protectionism.
According to a senior Indian official involved in the decision-making, New Delhi’s approach was driven in part by alerts from China’s complex surveillance capabilities. In 2021, Modi's then IT minister told parliament that 1 million cameras in government agencies were from Chinese companies and had vulnerabilities and video data had been transferred to servers abroad.
Manufacturers such as Chinese Hikvision, Xiaomi and Dawawa, South Korea's Hanwa and U.S. Motorola Solutions must submit cameras for testing in Indian government labs before they can sell them in the world's most despicable countries, according to new requirements that apply in April. This policy applies to all Internet-connected CCTV models made or imported since April 9.
“There is always a risk of spying,” Gulshan Rai, head of cybersecurity in India from 2015 to 2019, told Reuters. “Anyone can operate and control CCTV cameras connected to the Internet in an unfavorable location. They need to be solid and secure.”
According to official meeting minutes, Indian officials conducted a surveillance on April 3 with 17 foreign and home manufacturers' executives, including Hanwha, Motorola, Bosch, Honeywell and Siaomi, with many manufacturers saying they were not ready to comply with the certification rules and delayed the delay unsuccessfully.
The minutes show that the government said in rejecting the request that India's policy “solves a real security issue” and must be implemented.
India said in December that CCTV rules did not select any country by any country, aiming to “improve the quality of the country's surveillance system and cybersecurity”.
The report is based on a Reuters review of dozens of documents, including minutes of meetings and email records between manufacturers and Indian IT ministry officials, and interviewed six people familiar with India's careful study of the technology. Interactions have not been reported before.
The camera manufacturer said the testing capability was insufficient, and the proposed factory inspection and government review of sensitive source code was the camera manufacturer said delayed approval and had the potential to undermine unspecified infrastructure and commercial projects.
Hanwha South Asia Director Ajay Dubey told the Indian IT department in an April 9 email on April 9 that “millions of dollars will be lost from the industry, spreading tremors through the market.”
The IT department and most companies identified by Reuters did not respond to requests for comment on the impact of discussion and testing policies. The ministry told executives on April 3 that it could consider accrediting more testing labs.
Millions of CCTV cameras have been installed in Indian cities, offices and residential complexes in recent years to enhance security surveillance. According to official data, New Delhi has more than 250,000 cameras installed mainly on telephone poles in key locations.
Varun Gupta, a research analyst at Counterpoint, told Reuters that the rapid acquisition will increase India's surveillance camera market to $7 billion by 2030.
Gupta said China's Hikvision and Dahua account for 30% of the market, while India's CP Plus accounts for 48% of the market, adding that about 80% of all CCTV components are from China.
Hanwha, Motorola Solutions and the UK's Norden Communication told officials via email in April that only a small fraction of the industry's 6,000 camera models were obtained under the new rules.
China cares
In 2022, the United States banned the sale of Hikvision and Dahua equipment, citing national security risks. The UK and Australia also restricted equipment made in China.
Similarly, India's India must ensure that the progress of the content used in these devices, chips, is checked,” a senior Indian official told Reuters. “China is part of the focus. ”
China's National Security Law requires cooperation in organizing and intelligence work.
Reuters reported this month that U.S. experts who studied the product found unexplained communication devices in some Chinese solar inverters.
India has banned dozens of Chinese-owned apps, including Tiktok, on the national security field, when Indian and Chinese forces clashed at their borders since 2020. India has also tightened foreign investment rules for countries with which it shares its land borders.
The senior Indian official said the distant explosion of a pager in Lebanon last year was reported by Reuters, which was carried out by Israeli agents targeting Hezbollah, further sparked India's concerns about potential abuse of technology equipment and the need to quickly perform testing of CCTV equipment.
The camera testing rules do not contain terms regarding land boundaries.
But last month, Xiaomi, China said Indian officials told the company that the assessment could not be carried out because “internal guidelines” require Xiaomi to provide more registration details based on Chinese contract manufacturers, so the company was unable to perform the assessment.
“The test lab shows that this requirement applies to applications from countries with land borders with India,” the company wrote in an email to the Indian agency that oversees the lab's testing on April 24.
Xiaomi did not answer Reuters' questions, and the IT department did not resolve the issue with the company's account.
The Chinese Foreign Ministry told Reuters it opposed “national security concepts smear and suppress the concept of Chinese companies” and hopes that India will provide a non-discriminatory environment for Chinese companies.
Laboratory testing, factory visits
CCTV equipment provided to the Indian government has had to be tested since June 2024, but the rules for all devices have expanded the bet.
According to CounterPoint, the public sector accounts for 27% of India’s CCTV demand, with 73% of corporate customers, industries, hotel companies and homes remaining.
Rules require CCTV cameras to have a tamper-proof shell, powerful malware detection and encryption.
The company needs to run software tools to test the source code and provide reports to government laboratories, two camera industry leaders said.
The rule allows labs to ask for source code if the company uses a proprietary communication protocol in the device, rather than a standard communication protocol like Wi-Fi. They also enable Indian officials to visit equipment manufacturers abroad and check the facilities for cyber vulnerabilities.
The Indian unit of Infinova, China's British British, told officials last month that the requirements were posing challenges.
“Expectations such as source code sharing, retesting firmware upgrades and multiple factory audits will have a significant impact on the internal timeline,” Infinova sales director Sumeet Chanana said in an April 10 email.
On the same day, Taiwan-based Vivotek India director Sanjeev Gulati warned Indian officials that “all ongoing projects will be stopped.” He told Reuters this month that Vivotek had submitted a product application and hoped to get a license “as soon as possible.”
The agency that inspects surveillance equipment is the Standardized Testing and Quality Certification Bureau of India, which belongs to the IT department. The agency has 15 labs that can review 28 applications simultaneously and are deleted after issues are posted based on data on its website. Each application can contain up to 10 models.
Official data shows that as of May 28, 342 applications from hundreds of models from various manufacturers are pending as of May 28. Of these, 237 were classified as new, and 142 were classified as new since the April 9 deadline.
The test has completed 35 of the applications, including one from a foreign company.
India's CP Plus told Reuters it received approval for its flagship camera, but several other models are awaiting certification.
Bosch said it has also submitted testing equipment but requires Indian authorities to “allow these products to allow business continuity” until the process is completed.
When Reuters visited New Delhi's bustling Nehru Plaza electronics market last week, popular CCTV cameras from Hikvision, Dahua and CP Plus were piled on the shelves.
But Sagar Sharma said revenue from his CCTV retail store has fallen by about 50% this month since the month due to slow government approval of security cameras.
“It's impossible to cater to big orders right now,” he said. “We have to survive with the stocks we own.”
(Report by Aditya Kalra; other reports by Shivangi Acharya and Anushree Fadnavis in New Delhi, Munsif Vengattil in Bangalore and Brenda Goh in Shanghai; Editors by David Crawsaw)
