India's alarm over Chinese spying rocks the surveillance industry

TimesLIVE

5 days ago

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require manufacturers of CCTV cameras to submit hardware, software and source code for assessment in government labs, official documents and company emails show.
The security-testing policy has sparked industry warnings of supply disruptions and added to a string of disputes between Prime Minister Narendra Modi's administration and foreign companies over regulatory issues and what some perceive as protectionism.
New Delhi's approach is driven in part by its alarm about China's sophisticated surveillance capabilities, according to a top Indian official involved in the policymaking. In 2021, Modi's then-junior IT minister told parliament a million cameras in government institutions were from Chinese companies and there were vulnerabilities with video data transferred to servers abroad.
Under the new requirements applicable from April, manufacturers such as China's Hikvision, Xiaomi and Dahua, South Korea's Hanwha and Motorola Solutions of the US must submit cameras for testing by Indian government labs before they can sell them in the world's most populous nation. The policy applies to all internet connected CCTV models made or imported since April 9.
'There's always an espionage risk,' Gulshan Rai, India's cybersecurity chief from 2015 to 2019, told Reuters. 'Anyone can operate and control internet-connected CCTV cameras in an adverse location. They need to be robust and secure.'
Indian officials met on April 3 with executives of 17 foreign and domestic makers of surveillance gear, including Hanwha, Motorola, Bosch, Honeywell and Xiaomi, where many of the manufacturers said they weren't ready to meet the certification rules and lobbied unsuccessfully for a delay, according to the official minutes.
In rejecting the request, the government said India's policy 'addresses a genuine security issue' and must be enforced, the minutes show.
India said in December the CCTV rules, which do not single out any country by name, aimed to 'enhance the quality and cybersecurity of surveillance systems in the country'.
This report is based on a Reuters review of dozens of documents, including records of meetings and emails between manufacturers and Indian IT ministry officials, and interviews with six people familiar with India's drive to scrutinise the technology. The interactions haven't been previously reported.
Insufficient testing capacity, drawn-out factory inspections and government scrutiny of sensitive source code were among key issues camera makers said had delayed approvals and risked disrupting unspecified infrastructure and commercial projects.
'Millions of dollars will be lost from the industry, sending tremors through the market,' Ajay Dubey, Hanwha's director for South Asia, told India's IT ministry in an email on April 9.
The IT ministry and most of the companies identified by Reuters didn't respond to requests for comment about the discussions and the impact of the testing policy. The ministry told the executives on April 3 it may consider accrediting more testing labs.
Millions of CCTV cameras have been installed in Indian cities, offices and residential complexes in recent years to enhance security monitoring. New Delhi has more than 250,000 cameras, according to official data, mostly mounted on poles in key locations.
The rapid take-up is set to bolster India's surveillance camera market to $7bn (R125.5bn) by 2030, from $3.5bn (R62.75bn) last year, said Counterpoint Research analyst Varun Gupta.
China's Hikvision and Dahua account for 30% of the market, while India's CP Plus has a 48% share, Gupta said, adding about 80% of CCTV components are from China.
Hanwha, Motorola Solutions and Britain's Norden Communication told officials by email in April that just a fraction of the industry's 6,000 camera models had approvals under the new rules.
The US in 2022 banned sales of Hikvision and Dahua equipment, citing national security risks. Britain and Australia have also restricted China-made devices.
Likewise, with CCTV cameras, India 'has to ensure there are checks on what is used in these devices, what chips are going in', the senior Indian official told Reuters. 'China is part of the concern.'
China's state security laws require organisations to co-operate with intelligence work. Reuters reported this month that unexplained communications equipment had been found in some Chinese solar power inverters by US experts who examined the products. Since 2020, when Indian and Chinese forces clashed at their border, India has banned dozens of Chinese-owned apps, including TikTok, on national security grounds. India also tightened foreign investment rules for countries with which it shares a land border. The remote detonation of pagers in Lebanon last year, which Reuters reported was executed by Israeli operatives targeting Hezbollah, further galvanised Indian concerns about the potential abuse of tech devices and the need to quickly enforce testing of CCTV equipment, the senior Indian official said.
The camera-testing rules don't contain a clause about land borders.
Last month, China's Xiaomi said when it applied for testing of CCTV devices, Indian officials told the company the assessment couldn't proceed because 'internal guidelines' required Xiaomi to supply more registration details of two of its China-based contract manufacturers.
'The testing lab indicated this requirement applies to applications originating from countries that share a land border with India,' the company wrote in an April 24 email to the Indian agency that oversees lab testing.
Xiaomi didn't respond to queries and the IT ministry didn't address questions about the company's account.
China's foreign ministry told Reuters it opposes the 'generalisation of the concept of national security to smear and suppress Chinese companies' and hoped India would provide a non-discriminatory environment for Chinese firms.
While CCTV equipment supplied to India's government has had to undergo testing since June 2024, the widening of the rules to all devices has raised the stakes.
The public sector accounts for 27% of CCTV demand in India and enterprise clients, industry, hospitality firms and homes, the remaining 73%, according to Counterpoint.
The rules require CCTV cameras to have tamper-proof enclosures, strong malware detection and encryption.
Companies need to run software tools to test source code and provide reports to government labs, two camera industry executives said.
The rules allow labs to ask for source code if companies are using proprietary communication protocols in devices, rather than standard ones such as Wi-Fi. They also enable Indian officials to visit device makers abroad and inspect facilities for cyber vulnerabilities.
The Indian unit of China's Infinova told IT ministry officials last month the requirements were creating challenges.
'Expectations such as source code sharing, retesting post firmware upgrades and multiple factory audits significantly affect internal timelines,' Infinova sales executive Sumeet Chanana said in an email on April 10. Infinova didn't respond to questions.
The same day, Sanjeev Gulati, India director for Taiwan-based Vivotek, warned Indian officials 'All ongoing projects will go on halt'. He told Reuters this month Vivotek had submitted product applications and hoped 'to get clearance soon'.
The body that examines surveillance gear is India's Standardisation Testing and Quality Certification Directorate, which comes under the IT ministry. The agency has 15 labs that can review 28 applications concurrently, according to data on its website that was removed after Reuters sent questions. Each application can include up to 10 models.
By May 28, 342 applications for hundreds of models from various manufacturers were pending, official data showed. Of those, 237 were classified as new, with 142 lodged since the April 9 deadline.
Testing had been completed on 35 of those applications, including just one from a foreign company.
India's CP Plus told Reuters it had received clearance for its flagship cameras but several more models were awaiting certification.
Bosch said it also submitted devices for testing, but asked that Indian authorities 'allow business continuity' for those products until the process is completed.
When Reuters visited New Delhi's bustling Nehru Place electronics market last week, shelves were stacked with popular CCTV cameras from Hikvision, Dahua and CP Plus.
But Sagar Sharma said revenue at his CCTV retail shop had plunged about 50% this month from April because of the slow pace of government approvals for security cameras.
'It is not possible now to cater to big orders,' he said. 'We have to survive with the stock we have.'