🗞️ Why in News From April 1, 2026, India’s mandatory BIS/STQC certification for IP-connected CCTV cameras came into force, effectively barring Hikvision, Dahua, and TP-Link — the dominant Chinese brands — from the Indian market. The policy completes a two-year compliance window that began with MeitY’s Essential Requirements (ER) norms in April 2024. With 507 certified models and a Rs 7,000 crore/year market now dominated by domestic and Western brands (>80% domestic share), this is India’s most consequential hardware security intervention since the Trusted Telecom Portal (2022) that excluded Huawei and ZTE from 5G rollout.

The Editorial’s Frame — Selective Sovereignty

The Indian Express editorial uses the CCTV mandate not as a story about cameras, but as a diagnostic for India’s broader hardware security architecture. Its argument: India’s hardware security policy has been reactive, selective, and incomplete — driven more by geopolitical optics and immediate security breaches than by a coherent framework for digital sovereignty.

The pattern:

  • 2020: Banning 267 Chinese mobile apps (TikTok, PUBG, etc.) after Galwan Valley clash
  • 2022: Trusted Telecom Portal — effective exclusion of Huawei/ZTE from 5G without a formal ban
  • 2026: CCTV certification mandate — effective ban on Hikvision/Dahua through certification standard
  • Proposed: Router certification, smart meter BIS requirements

All of these are reactive interventions at the consumer/infrastructure layer. None address the component layer — the semiconductors, batteries, rare earth magnets, and display panels that go into “Indian” manufactured products.

The Critical Infrastructure Vulnerability

The Safe City Paradox

India’s Safe City Mission — a Rs 7,000+ crore investment in surveillance cameras across 8 cities, funded through the Nirbhaya Fund — was overwhelmingly installed using Hikvision and Dahua equipment. The surveillance infrastructure of Delhi, Mumbai, Kolkata, Chennai, Bengaluru, Hyderabad, Ahmedabad, and Lucknow that is supposed to keep citizens safe was hardware that India’s own intelligence community now characterises as a potential Chinese government access point.

The editorial asks: If the same risk logic that now bans new Hikvision sales applies, what is the status of the millions of already-installed Hikvision cameras? There is no mandatory replacement programme. The ban on new sales coexists with continued operation of potentially compromised existing infrastructure.

The SoC Declaration Requirement — A Good Start, Not an End

The ER norms’ requirement that manufacturers declare the country of origin of the System-on-Chip (SoC) embedded in each camera is the most technically significant requirement. It forces transparency about the most critical component.

But the editorial identifies three limitations:

  1. Self-declaration, not independent verification: Manufacturers declare SoC origin. There is no mandatory independent testing of SoC firmware to verify the declaration is accurate and that no undisclosed functionality exists.

  2. Supply chain depth: SoC country-of-origin does not capture sub-component origin. A non-Chinese SoC fabricated at TSMC (Taiwan) using Chinese-origin rare earth materials in a Chinese OSAT facility — is that “non-Chinese”? The supply chain is deeper than the SoC declaration captures.

  3. Legacy device gap: Existing installed cameras (130 million+) are not subject to the new certification. The most operationally sensitive deployments (government buildings, police control rooms, Safe City cameras) are the legacy fleet — now the most urgent security risk.

The Broader Hardware Sovereignty Question

What India Cannot Yet Make

The CCTV mandate works because India now has domestic alternatives (CP Plus, Bosch India) and Western compliant brands (Axis, Avigilon). The certification requirement can be met.

But extend the logic to other hardware categories:

  • Smartphones: India assembles but does not manufacture the display panels (predominantly Korean), the camera sensors (Sony, Samsung), or the wireless modems (Qualcomm). The “Made in India iPhone” is assembled in India from Chinese, Korean, and Taiwanese components.
  • Defence electronics: India’s indigenously “designed” defence systems routinely use Chinese-origin components in supply chains. The radar system on an Indian-built naval vessel may use Chinese-origin ICs (integrated circuits) three tiers down the supply chain.
  • Telecom equipment: While Huawei/ZTE are excluded from 5G at the RAN (Radio Access Network) level, the backhaul, fronthaul, and power systems of Indian telecom towers continue to use Chinese components.

The Indian Express editorial’s challenge: India cannot apply the CCTV security logic comprehensively without first building the domestic manufacturing capability that creates genuine alternatives. In the interim, selective hardware security interventions are better than none — but they should not be confused with a coherent doctrine.

What a Coherent Hardware Security Doctrine Looks Like

The editorial argues India needs a Trusted Hardware Framework (THF) — analogous to the Trusted Telecom Portal but broader — structured around:

Tier 1 — Absolute exclusion: Hardware in classified government, military, nuclear, and critical infrastructure where compromised hardware would be catastrophic (currently addressed ad hoc).

Tier 2 — Certification with SoC + firmware audit: Hardware in public-facing surveillance, law enforcement, and power grid infrastructure — the CCTV mandate extended to all IoT infrastructure in these categories, with independent firmware auditing rather than self-declaration.

Tier 3 — Transparency disclosure: Consumer hardware — disclosures about component origin without mandatory exclusion, allowing informed consumer choice.

Tier 4 — Domestic preference in government procurement: Preferential procurement for domestically manufactured hardware, driving demand for Indian manufacturing investment.

Why This Matters Now

The Trusted Telecom Portal + CCTV mandate together show that India can build functional hardware security regimes. The question is whether these remain ad hoc responses or become the foundation of a systematic policy.

The geopolitical window: The global decoupling from Chinese hardware supply chains is accelerating. India has a window to position its electronics manufacturing (Make in India, PLI scheme) as the non-China alternative for governments and companies looking to diversify. Coherent, internationally legible hardware security policy — like the CCTV certification standard — signals to global partners that Indian-made hardware meets security standards, not just competitive price standards.

UPSC Relevance

Prelims: STQC; BIS ER norms; MeitY; Trusted Telecom Portal; SoC; 507 certified models; CP Plus; Safe City Mission; Hikvision Chinese government stake (41.86%). Mains GS-3: “India’s hardware supply chain security — evaluate the coherence and completeness of India’s interventions from the Trusted Telecom Portal (2022) to the CCTV certification mandate (2026).” Mains GS-2: “Digital sovereignty as a dimension of national security — can India achieve hardware independence given its deep integration into Chinese supply chains?” Interview: “India bans Chinese cameras on security grounds but assembles Chinese-component smartphones. Is this inconsistent, or is there a principled distinction?”

📌 Facts Corner — Knowledgepedia

India’s Hardware Security Architecture (2020-2026):

  • 2020: Ban on 267 Chinese apps (TikTok, PUBG, etc.) post-Galwan — software layer
  • 2022: Trusted Telecom Portal (DoT) — excluded Huawei/ZTE from 5G RAN — network hardware layer
  • 2024: MeitY ER norms for CCTV (effective April 2026) — surveillance hardware layer
  • Proposed: BIS certification for routers, smart meters — IoT hardware layer

CCTV Market Data (April 2026):

  • Market size: ~Rs 7,000 crore/year
  • Installed base: 130+ million cameras — 3rd largest globally (after China and USA)
  • Domestic market share: >80% (was ~20% in 2020)
  • Certified models (April 2026): 507
  • Key domestic player: CP Plus (Aditya Infotech, Delhi)
  • International compliant: Axis Communications (Sweden), Avigilon (Motorola, USA)

Chinese CCTV Brands — Ban Context:

  • Hikvision: Chinese government stake 41.86%; world’s largest CCTV maker
  • Dahua: Zhejiang Dahua Technology; world’s 2nd largest
  • Global bans: USA (FCC 2022), UK (2022 government buildings), Australia (2023 government buildings)
  • China’s National Intelligence Law 2017: Companies must assist state intelligence — backdoor legal basis

India’s Critical Infrastructure Exposure:

  • Safe City Mission: 8 cities; predominantly Hikvision/Dahua equipment installed
  • Nirbhaya Fund: Source of Safe City financing
  • No mandatory replacement programme for legacy Chinese cameras

Other Relevant Facts:

  • SoC (System-on-Chip): Integrates CPU, GPU, network controller, memory interface on one chip — the “brain” of a smart camera
  • HiSilicon: Huawei’s chip division; makes SoCs used in Hikvision/Dahua cameras — key reason these cameras fail the certification standard
  • PLI (Production Linked Incentive) for telecom/networking products: Designed to create domestic manufacturing of routers, switches, and access points

Sources: Indian Express, MeitY, PIB, GKToday