As India cements its position as a global hub for technology and innovation, the Internet of Things (IoT) has emerged as a major force in the country. To further boost the domestic IoT sector, India has established new certifications for IoT products – hoping to increase local production and limit Chinese dominance.

Recognizing both the potential and the vulnerabilities of IoT, India has introduced stringent regulations and certifications to ensure secure, reliable, and domestically produced IoT devices. Developers must navigate an evolving legal landscape designed to secure the growing network of connected devices.

The assortment of regulations and certifications are aimed to protect consumers while also strengthening the nation’s tech industry. Here, I’ll give an overview of the current patchwork of legislation and why this matters for IoT developers.

The Nabto Real Time Communication plaform for IoT

Ready to talk to our IoT experts to see what we can do??

Book a consultation today and get help with tech support, business inquiries, and other IoT queries. We are happy to help. Talk to you soon.

Current legislation

India’s regulatory framework for IoT is built on the foundation of the Information Technology (IT) Act, 2000, which governs data protection, cybersecurity, and electronic transactions. Over the years, additional rules have been introduced to address emerging technological challenges:

SPDI Rules (2011): Mandates that companies adopt reasonable security practices for handling sensitive personal data.

CERT-In Rules (2013): Establishes the Indian Computer Emergency Response Team (CERT-In) as the national nodal agency for cybersecurity incident reporting and emergency response.

Protected Systems Rules (2018): Prescribes additional security requirements for critical computer resources.

Intermediaries Rules (2021): Requires intermediaries to implement security measures and report incidents to CERT-In.

Code of Practice (2023): Specific advisory guidelines aimed at securing consumer IoT devices.

Code of Practice for Securing Consumer IoT Devices

Now, let’s take a closer look at how the Code of Practice lays out practical steps for enhancing IoT security. Its full name is the Code of Practice for Securing Consumer IoT Devices (TEC 31318:2021), and it provides technical guidelines to ensure IoT device security. It aligns with global standards like ETSI EN 303 645, a European benchmark for IoT security, which puts India’s regulations on par with international best practices.

The Code of Practice for Securing Consumer IoT Devices – often referred to as the TEC Code of Practice – emphasizes “Security by Design,” urging manufacturers to integrate strong security features during development. The guidelines call for IoT developers to implement secure practices such as requiring unique passwords for each device and securely storing sensitive security parameters.

The guidelines also mandate timely and secure software updates to address vulnerabilities and enhance product reliability. Protecting sensitive user data is a priority, with strict requirements for securely storing security parameters.

These measures aim to strengthen India’s IoT ecosystem against cyber threats. By adopting these measures, developers can enhance device resilience against cyberattacks while adhering to internationally recognized best practices.

Made in India Regulations for CCTV

In March 2024, India’s Ministry of Electronics and Information Technology (MeitY) introduced Essential Requirements (ER) for CCTV and video surveillance systems under the “Made in India” initiative. These regulations aim to address cybersecurity concerns, particularly in critical applications like public safety and infrastructure monitoring.

A key aspect of the ER guidelines is mandatory certification by the Standardisation Testing & Quality Certification (STQC) Directorate. This certification ensures that CCTV systems meet rigorous standards for functionality, reliability, and data security.

While no single law mandates STQC certification for all IoT devices, the certification process is heavily influenced by the Code of Practice and ER guidelines. The regulations promote a more secure IoT ecosystem by encouraging the production of secure devices domestically. This reduces reliance on foreign imports, supports national security, and fosters innovation within India’s tech industry. The push for mandatory certification and secure domestic production also strengthens India’s economy by fostering local innovation and creating a self-sustaining tech industry.

Why This Matters for IoT Developers

The introduction of these certifications presents a significant opportunity for IoT developers of CCTV systems in India. With demand for surveillance systems surging across public, private, and industrial sectors, adherence to the new guidelines is essential for developers who are aiming to access this growing market.

These certifications offer several key benefits for developers:

  • Enhancing product credibility: Certification by the STQC Directorate builds consumer trust by demonstrating that devices meet high standards for security and quality. In an era when data breaches and privacy concerns dominate headlines, compliance is a critical differentiator.
  • Driving innovation: The focus on system integrity, secure data storage, and encryption encourages developers to innovate in their designs, ensuring that products are robust against emerging cybersecurity threats.
  • Unlocking market opportunities: By meeting the essential requirements, developers can tap into government and enterprise-level contracts, which increasingly prioritize secure and domestically produced IoT devices.
  • Reducing dependence on imports: The guidelines align with India’s broader goal of reducing reliance on foreign technology, fostering a robust domestic supply chain that benefits local developers and manufacturers.

Securing India’s IoT Future

The rapid adoption of IoT devices in critical applications, such as CCTVs, has increased the risk of cyberattacks and system vulnerabilities. India’s push for IoT certifications is a proactive step to address these risks by enforcing high security standards and fostering local innovation.

For IoT developers, these regulations present an opportunity to enhance product reliability, access new markets, and support India’s goal of technological self-reliance. In a security-conscious market, compliance will be key to staying competitive.

Read our other resources

We’ve published a range of resources for our community, including

Want to learn more about P2P IoT?

Please visit the:
P2P IoT Academy

Deep dive Into our documentation?

Please visit the:
Nabto Platform Overview

Try our demo for Video Surveillance?

Please visit the:
Nabto Edge
Video Cam Demo

Looking for other Great posts?

###

Image depicting the browser-to-browser communication protocol WebRTC
WebRTC’s One-to-One Design: A Short History of Real-Time Communication

Web Real-Time Communication (WebRTC) has transformed how people connect online, powering everything from video calls [...]

24
Jun
What Is Scalable Video Coding? A Guide to SVC for WebRTC

If you’ve worked on real-time streaming applications, you know how hard it is to maintain [...]

11
Jun
Image depicting a TURN server functioning in video streaming through WebRTC
What Is a TURN Server? Ensuring Reliable WebRTC Connections

Real-time communication is now a core feature of many web-based applications, from video calls and [...]

02
Jun