The Union Minister of State for IT submitted an update in the Lok Sabha on March 25, 2026, detailing major reforms in India’s network security and the statutory protection of the digital ecosystem.
Central to these reforms is the notification of mandatory Essential Requirements (ERs) for CCTV systems, which requires clear documentation of the origin of critical hardware like System-on-Chip (SoC) and mandatory testing against unauthorised remote access at accredited labs.
To enforce compliance, all government departments are now strictly restricted from purchasing CCTV equipment that does not meet these certified criteria. Strategically, the government has also leveraged the National Security Directive on Trusted Sources and the Telecommunication Act, 2023 to ensure that only verified equipment is deployed in critical national networks.
Strategic Measures and Supply Chain Transparency
CCTV Security: 507 models of CCTV cameras have already been certified under the new ERs; hardware must undergo rigorous vulnerability testing to prevent data breaches.
Supply Chain Integrity: In July 2025, CERT-In issued updated technical guidelines for Bill of Materials (BOM) covering AI, Quantum Computing, and Cryptography to enhance supply chain transparency.
Enforcement Actions: Under Section 69A of the IT Act, 2000, the government has blocked 652 mobile applications citing data security concerns and malpractice.
Institutional Audit: CERT-In has empanelled 237 security auditing organizations to monitor the implementation of information security best practices across government entities.
What is a "Bill of Materials (BOM)" in Cybersecurity? A Bill of Materials (BOM) in cybersecurity is a comprehensive list of all software and hardware components, including third-party libraries and chips like System-on-Chip (SoC), that make up a digital device. It acts as a catalyst for supply chain transparency by allowing organisations to track exactly where every component originated and identify specific vulnerabilities in the hardware or software layers. This mechanism manifests as a transition from "blind procurement" to "verified inventory," where every element of a surveillance or network system is documented and auditable. Implementing BOM requirements is a primary lever for MeitY to benchmark a trajectory of secure manufacturing and de-risk national infrastructure from embedded spyware or malicious backdoors.
Policy Relevance: Transitioning to Verified Infrastructure
Standardises the Architecture for Surveillance Privacy: By mandating ERs for CCTVs, the government establishes a formal baseline where public surveillance data is protected from unauthorised remote access by foreign entities.
Systemically Addresses the Hardware Security Gap: The mandatory documentation of SoC origin enforces a higher degree of transparency in the supply chain, facilitating a shift toward self-reliance in critical components and trusted manufacturing partners.
Fortifies Critical Telecom Networks: Continuous enforcement of the National Security Directive on Trusted Sourcesensures that 5G and future 6G rollouts are insulated from non-vetted or high-risk equipment.
Catalyzes a Shift in Supply Chain Governance: The expansion of BOM guidelines to include Artificial Intelligence and Quantum Computing functions as a strategic safeguard to secure India against emerging next-generation technological threats.
Anchors India’s Standing in Data Sovereignty: The combination of the DPDP Act, 2022 and the Telecommunication Act, 2023 provides the necessary legal teeth to penalise data malpractice and prevent unauthorised network intrusion.
Relevant Question for Policy Stakeholders: What specific fiscal incentives are being institutionalised to support domestic CCTV manufacturers in meeting the high costs of accredited lab testing?
Follow the Full News Here: Government strengthens legal framework for network security
