*

India imposes new software, hardware testing rules for all

CCTVs

*

Firms say they face disruption due to high scrutiny, slow

approvals

*

India worried about Chinese spying via CCTVs, govt

official says

*

Industry warns of impact amid soaring demand for security

cameras

By Aditya Kalra

NEW DELHI, May 28 (Reuters) - Global makers of

surveillance gear have clashed with Indian regulators in recent

weeks over contentious new security rules that require

manufacturers of CCTV cameras to submit hardware, software and

source code for assessment in government labs, official

documents and company emails show.

The security-testing policy has sparked industry warnings of

supply disruptions and added to a string of disputes between

Prime Minister Narendra Modi's administration and foreign

companies over regulatory issues and what some perceive as

protectionism.

New Delhi's approach is driven in part by its alarm about

China's sophisticated surveillance capabilities, according to a

top Indian official involved in the policymaking. In 2021,

Modi's then-junior IT minister told parliament that 1 million

cameras in government institutions were from Chinese companies

and there were vulnerabilities with video data transferred to

servers abroad.

Under the new requirements applicable from April,

manufacturers such as China's Hikvision, Xiaomi ( XIACF )

and Dahua, South Korea's Hanwha, and

Motorola Solutions ( MSI ) of the U.S. must submit cameras for

testing by Indian government labs before they can sell them in

the world's most populous nation. The policy applies to all

internet-connected CCTV models made or imported since April 9.

"There's always an espionage risk," Gulshan Rai, India's

cybersecurity chief from 2015 to 2019, told Reuters. "Anyone can

operate and control internet-connected CCTV cameras sitting in

an adverse location. They need to be robust and secure."

Indian officials met on April 3 with executives of 17

foreign and domestic makers of surveillance gear, including

Hanwha, Motorola, Bosch, Honeywell ( HON ) and Xiaomi ( XIACF ), where many of the

manufacturers said they weren't ready to meet the certification

rules and lobbied unsuccessfully for a delay, according to the

official minutes.

In rejecting the request, the government said India's policy

"addresses a genuine security issue" and must be enforced, the

minutes show.

India said in December the CCTV rules, which do not single

out any country by name, aimed to "enhance the quality and

cybersecurity of surveillance systems in the country."

This report is based on a Reuters review of dozens of

documents, including records of meetings and emails between

manufacturers and Indian IT ministry officials, and interviews

with six people familiar with India's drive to scrutinize the

technology. The interactions haven't been previously reported.

Insufficient testing capacity, drawn-out factory inspections

and government scrutiny of sensitive source code were among key

issues camera makers said had delayed approvals and risked

disrupting unspecified infrastructure and commercial projects.

"Millions of dollars will be lost from the industry, sending

tremors through the market," Ajay Dubey, Hanwha's director for

South Asia, told India's IT ministry in an email on April 9.

The IT ministry and most of the companies identified by

Reuters didn't respond to requests for comment about the

discussions and the impact of the testing policy. The ministry

told the executives on April 3 that it may consider accrediting

more testing labs.

Millions of CCTV cameras have been installed across Indian

cities, offices and residential complexes in recent years to

enhance security monitoring. New Delhi has more than 250,000

cameras, according to official data, mostly mounted on poles in

key locations.

The rapid take-up is set to bolster India's surveillance

camera market to $7 billion by 2030, from $3.5 billion last

year, Counterpoint Research analyst Varun Gupta told Reuters.

China's Hikvision and Dahua account for 30% of the market,

while India's CP Plus has a 48% share, Gupta said, adding that

some 80% of all CCTV components are from China.

Hanwha, Motorola Solutions ( MSI ) and Britain's Norden

Communication told officials by email in April that just a

fraction of the industry's 6,000 camera models had approvals

under the new rules.

CHINA CONCERN

The U.S. in 2022 banned sales of Hikvision and Dahua equipment,

citing national security risks. Britain and Australia have also

restricted China-made devices.

Likewise, with CCTV cameras, India "has to ensure there are

checks on what is used in these devices, what chips are going

in," the senior Indian official told Reuters. "China is part of

the concern."

China's state security laws require organizations to

cooperate with intelligence work.

Reuters reported this month that unexplained communications

equipment had been found in some Chinese solar power inverters

by U.S. experts who examined the products.

Since 2020, when Indian and Chinese forces clashed at their

border, India has banned dozens of Chinese-owned apps, including

TikTok, on national security grounds. India also tightened

foreign investment rules for countries with which it shares a

land border.

The remote detonation of pagers in Lebanon last year, which

Reuters reported was executed by Israeli operatives targeting

Hezbollah, further galvanized Indian concerns about the

potential abuse of tech devices and the need to quickly enforce

testing of CCTV equipment, the senior Indian official said.

The camera-testing rules don't contain a clause about land

borders.

But last month, China's Xiaomi ( XIACF ) said that when it applied for

testing of CCTV devices, Indian officials told the company the

assessment couldn't proceed because "internal guidelines"

required Xiaomi ( XIACF ) to supply more registration details of two of

its China-based contract manufacturers.

"The testing lab indicated that this requirement applies to

applications originating from countries that share a land border

with India," the company wrote in an April 24 email to the

Indian agency that oversees lab testing.

Xiaomi ( XIACF ) didn't respond to Reuters queries, and the IT

ministry didn't address questions about the company's account.

China's foreign ministry told Reuters it opposes the

"generalization of the concept of national security to smear and

suppress Chinese companies," and hoped India would provide a

non-discriminatory environment for Chinese firms.

LAB TESTING, FACTORY VISITS

While CCTV equipment supplied to India's government has had

to undergo testing since June 2024, the widening of the rules to

all devices has raised the stakes.

The public sector accounts for 27% of CCTV demand in India,

and enterprise clients, industry, hospitality firms and homes

the remaining 73%, according to Counterpoint.

The rules require CCTV cameras to have tamper-proof

enclosures, strong malware detection and encryption.

Companies need to run software tools to test source code and

provide reports to government labs, two camera industry

executives said.

The rules allow labs to ask for source code if companies are

using proprietary communication protocols in devices, rather

than standard ones like Wi-Fi. They also enable Indian officials

to visit device makers abroad and inspect facilities for cyber

vulnerabilities.

The Indian unit of China's Infinova told IT

ministry officials last month the requirements were creating

challenges.

"Expectations such as source code sharing, retesting post

firmware upgrades, and multiple factory audits significantly

impact internal timelines," Infinova sales executive Sumeet

Chanana said in an email on April 10. Infinova didn't respond to

Reuters questions.

The same day, Sanjeev Gulati, India director for

Taiwan-based Vivotek, warned Indian officials that

"All ongoing projects will go on halt." He told Reuters this

month that Vivotek had submitted product applications and hoped

"to get clearance soon."

The body that examines surveillance gear is India's

Standardization Testing and Quality Certification Directorate,

which comes under the IT ministry. The agency has 15 labs that

can review 28 applications concurrently, according to data on

its website that was removed after Reuters sent questions. Each

application can include up to 10 models.

As of May 28, 342 applications for hundreds of models from

various manufacturers were pending, official data showed. Of

those, 237 were classified as new, with 142 lodged since the

April 9 deadline.

Testing had been completed on 35 of those applications,

including just one from a foreign company.

India's CP Plus told Reuters it had received clearance for

its flagship cameras but several more models were awaiting

certification.

Bosch said it too had submitted devices for testing, but

asked that Indian authorities "allow business continuity" for

those products until the process is completed.

When Reuters visited New Delhi's bustling Nehru Place

electronics market last week, shelves were stacked with popular

CCTV cameras from Hikvision, Dahua and CP Plus.

But Sagar Sharma said revenue at his CCTV retail shop had

plunged about 50% this month from April because of the slow pace

of government approvals for security cameras.

"It is not possible right now to cater to big orders," he

said. "We have to survive with the stock we have."