Did you know non-certified CCTV cameras are now illegal to sell in India? Discover the latest 2026 MeitY, BIS, and STQC rules to keep your business safe and compliant.
Imagine this: You recently spent lakhs of rupees installing a brand-new IP CCTV camera system across your manufacturing unit in Jaipur. You sleep peacefully, thinking your business is secure. But a month later, you find out your camera feed was hacked because the devices had hardcoded default passwords and a hidden backdoor transmitting data overseas.
Worse still, an inspector informs you that the cameras you just bought are now technically illegal to sell or install in India.
This isn’t a hypothetical nightmare; it’s the new reality. As of April 1, 2026, the Indian surveillance market has undergone its biggest transformation in history. The days of importing cheap, unsecured, and uncertified CCTV cameras are officially over.
Whether you are a business owner, a system integrator, or a manufacturer, understanding the Government rules for CCTV certification in India is no longer optional—it is a legal necessity.
Let’s dive deep into what these new regulations mean, how they impact you, and the steps you must take to stay compliant.
Why Did the Indian Government Step In? The Shift from “Safety” to “Cybersecurity”
For years, the surveillance industry in India operated in a largely unregulated grey area. While cameras needed basic electrical safety checks, there were zero checks on their digital safety.
By 2021, intelligence reports revealed that nearly one million cameras installed in sensitive government institutions were sourced from foreign manufacturers, raising massive concerns about data transmission to servers outside India. Furthermore, with the Indian CCTV market projected to reach a staggering $5.75 billion by 2026, the country was sitting on a ticking cybersecurity time bomb.
To fix this, the Ministry of Electronics and Information Technology (MeitY) stepped in. They shifted the focus from mere “hardware safety” to stringent “cybersecurity,” ensuring that every camera installed in the country acts as a shield, not a spy.
“By enforcing hardware transparency, vulnerability testing, and independent government validation, the framework ensures CCTV systems are secure by design to build trust for both public and private users.” > — Industry Expert insight on the recent STQC mandate.
The Big Three: Understanding BIS, MeitY, and STQC
To grasp the new government rules, you need to understand the three pillars of India’s regulatory framework:
1. MeitY (Ministry of Electronics and Information Technology)
MeitY is the overarching policy-maker. They introduced the Essential Requirements (ER:01) for the security of CCTV cameras. Think of MeitY as the architect who drew the blueprint for India’s surveillance security.
2. BIS (Bureau of Indian Standards)
Under the Compulsory Registration Scheme (CRS), BIS acts as the enforcer. No electronic product notified under CRS can be sold in India without a BIS registration number. Now, getting a BIS mark for a CCTV camera isn’t just about passing an electrical test; it requires passing the MeitY security test first.
3. STQC (Standardisation Testing and Quality Certification)
STQC is the government’s premier testing laboratory directorate. Before a camera can get BIS approval, it must be rigorously tested in an STQC-accredited lab to ensure it isn’t easily hackable.
Essential Requirements (ER:01): The New Cybersecurity Standard
So, what exactly is the government testing for? In March 2024, the government published the “Essential Requirements for Security of CCTV” (ER:01). After a transition period that ended on March 31, 2026, these are now strictly enforced.
If a camera does not meet these 5 core mandates, it is illegal to sell:
- No Shared Default Passwords: The era of typing “admin” as the username and “12345” as the password is over. Every device must have unique login credentials out of the box.
- Encrypted Communication: All data flowing between the camera, the NVR (Network Video Recorder), and the cloud must be heavily encrypted.
- Secure Firmware Updates: Manufacturers must provide a secure, authenticated pathway to issue software patches to counter future cyber threats.
- Hardware Tamper Resistance: The printed circuit board (PCB) and system-on-chip (SoC) are inspected to ensure there are no hidden hardware backdoors.
- Data Deletion Rights: Users must be able to securely erase stored footage and personal data.
Quick Comparison: Old Market vs. New Regulated Market
| Feature | Pre-April 2026 (Unregulated) | Post-April 2026 (Regulated) |
|---|---|---|
| Testing Focus | Basic Electrical Safety | Deep Cybersecurity & Anti-hacking |
| Passwords | Universal defaults (Easy to hack) | Forced unique credentials |
| Data Protection | Often unencrypted | 100% Encrypted transmission |
| Imported Stock | Unrestricted “grey market” sales | Banned unless ER-compliant & BIS marked |
| Public Procurement | Lowest bidder wins | “Make in India” preferred; STQC required |
The April 1, 2026 Deadline: What Happens Now?
The government gave the industry ample time to clear old, non-compliant inventory. That grace period expired on March 31, 2026.
Here is exactly how the landscape looks today:
- For Manufacturers & Importers: You cannot manufacture or import any network-connected camera (IP cameras, PoE cameras, cloud systems) without prior STQC testing and BIS registration.
- For Distributors & Installers: Selling non-compliant leftover stock is now a criminal offense. Government projects will instantly reject installations without proper compliance documentation.
- For End-Users & Businesses: If your cameras were installed before April 1, 2026, you do not need to rip them out immediately. However, any new expansions, replacements, or upgrades must utilize certified cameras.
Severe Penalties Under the BIS Act, 2016
This isn’t a rule the government is taking lightly. Violating the BIS CRS mandate carries heavy consequences:
- Criminal Liability: Up to two years in prison for individuals knowingly selling uncertified goods.
- Heavy Fines: Starting at ₹5 lakhs for a first offense.
- Seizure of Goods: Authorities have the power to raid warehouses and destroy non-compliant camera stock without compensation.
The “Make in India” Push and Public Procurement (PPP-MII)
If you deal with government contracts, railways, defense, or smart city projects, pay close attention to the Public Procurement (Preference to Make in India) Order.
The government has completely restricted departments from buying CCTV equipment that fails to meet STQC certification. Furthermore, to combat the dominance of foreign surveillance giants (particularly Chinese brands), the policy heavily favors local manufacturers.
If a CCTV brand uses uncertified foreign chipsets or fails the vulnerability assessment for unauthorized remote access, it is automatically disqualified from Indian public procurement tenders. This has led to a massive boom for domestic brands who have invested in localized R&D and secure firmware.
Expert Tips: How to Verify if Your CCTV Camera is Compliant
Are you planning to buy a new CCTV system for your office or home? Don’t rely purely on a salesperson’s word. Use this quick checklist to protect yourself:
- Look for the R-Number: Check the camera’s packaging or physical label. A compliant camera will proudly display a BIS RC number (e.g.,
R-XXXXXXXX). - Verify Online: Don’t just trust a printed logo. Go to the official
bis.gov.inCRS portal and type in the registration number to see if the license is currently active and belongs to that specific model. - Ask for the ER Declaration: Demand that your system integrator or supplier provides a formal compliance guarantee stating the camera meets “MeitY ER:01” standards.
- Avoid Unbelievably Cheap Deals: If a dealer is offering IP cameras at a shockingly low price, it is highly likely they are trying to dump illegal, uncertified grey-market stock.
Conclusion: A Safer, Secure Surveillance Ecosystem
The sweeping government rules for CCTV certification in India might seem like a massive hurdle for the industry, but they are a massive victory for consumer privacy and national security.
We are moving away from an era where cheap cameras secretly leaked our data, stepping into a new paradigm where “surveillance” actually means “security.” By insisting on STQC and BIS-certified products, you aren’t just complying with the law—you are locking the digital front door of your business.
Don’t wait for a data breach or a regulatory fine. Audit your upcoming surveillance procurements today, partner with certified vendors, and ensure your security systems are genuinely secure.
