Meta description: India's new cybersecurity rules for security cameras reshape the market. As CP PLUS emerges as a forerunner in STQC compliance, Chinese and gray-market brands face hurdles.
As India is beginning to implement sweeping cybersecurity rules for surveillance cameras that see some industry players scratching their heads, the country's largest manufacturer by volume, CP PLUS, is confident the changes will benefit the industry at large.
CP PLUS, which operates one of the world's largest security camera factories, in Kapada, Andhra Pradesh, predicts steady growth in India—spurred by a trend toward domestic brands. It sees itself ready for “a paradigm shift” in a highly competitive market where quality, authenticity and cybersecurity will matter more than ever.
What you need to know about STQC and IoT SCS
The new rules, introduced by the Ministry of Electronics and Information Technology (MeitY), mandate that all security cameras sold in India meet Bureau of Indian Standards (BIS) safety requirements and undergo Essential Requirements (ER) testing by the Standardization Testing and Quality Certification (STQC) authority. Even though the STQC rules don’t state it explicitly, analogue cameras are not affected, as the regulations apply to features that only network-connected devices have.
Under the certificate scheme, dubbed IoT SCS, the STQC can effectively ban IP cameras from the market that have cyber vulnerabilities such as exposed debug ports (e.g., UART, Telnet), and allow for insecure firmware updates and unencrypted data transmission—something that Chinese-made cameras, including those by big brands, usually have.
In lab testing at STQC, manufacturers must demonstrate features like secure boot, digitally signed firmware and end-to-end encryption of stored and transmitted video data, as well as compliance with updated safety standards tested in separate BIS labs. There’s some coordination between the testing bodies to reduce redundancies, but essentially two separate applications are required.
Each STQC application can include up to 10 models, as long as they are technically similar enough, including the same sensors, chipsets and firmware.
Aside from preventing cyber-insecure cameras from being sold in India, however, the new rules also seek to strengthen “Made-in-India” manufacturing, or, as Aditya Khemka, Managing Director at CP PLUS, put it, the government “wants to have players who can feed the India market.”
Under the new rules, manufacturers must prove that at least 25 percent—and eventually 45 percent from FY 2026-27 onwards—of their products' components, assembly and intellectual property are sourced or executed within India.
The government “will give more privileges to the people who will use more local components,” Khemka said.
CP PLUS is well-positioned in this regard—its first STQC-compliant devices entered the market in March, making the company one of the first to achieve this feat.
Made-in-India as a challenge
The new rules will force smaller players to scramble to boost their domestic capabilities and supply chain links. Some challenges, however, apply to all manufacturers.
India is highly dependent on other countries when it comes to key components, such as image sensors and chipsets, for which it has virtually no domestic manufacturing. Import data from up to November last year show that nearly all camera chipsets that entered the country came from China.
While the new rules might not close India's R&D gap overnight, they should at least lay a solid foundation for ambitious companies and push out gray market firms, as well as those that cut corners.
“Many of the known gray market suppliers were also approaching the STQC,” Khemka said. “But what they’re doing is sourcing their products from outside the country. That’s why the STQC introduced a new requirement: After verifying all 30 checkpoints under the Essential Requirements, they would conduct a factory visit.”
This factory audit includes a comprehensive assessment of every stage of the manufacturing process—from the initial quality inspection of incoming components to the final product assembly.
“The real issue lies with gray market operators and those who simply import products, stick their own label on them and sell them,” Khemka added. “They are the ones who will face challenges. But manufacturers with their own local facilities will benefit from this move, and that’s the key point.”
‘Transition period’
CP PLUS, with its massive Kadapa side, considers itself significantly ahead of the curve, but company officials acknowledged that the STQC testing process, initially projected to take two months for each application, remains complex and demanding for both manufacturers and certifying authorities.
“This is a transition period,” noted Anup Nair, President, CP PLUS, as he emphasized that the evolving nature of the certification process has presented unforeseen challenges.
“There have been several issues that even STQC officials were not previously aware of, and now they’re working to rectify them,” Nair said. “It’s an evolutionary process, one that’s essential for setting higher standards, but not without its initial hurdles.”
CP PLUS officials further explained that, while the intent behind STQC certification is commendable—ensuring transparency, quality and adherence to ‘Make in India’ policies—the process demands a high level of preparedness, documentation and real-time compliance from manufacturers.
“It's not just a checklist,” Nair added. “It’s a paradigm shift in how we define authenticity and indigenous capability in surveillance manufacturing.”
Shifts in the market
As the industry adapts, CP PLUS believes its long-standing commitment to domestic production, deep-rooted infrastructure and stringent internal quality controls will continue to position it as a front-runner in achieving and upholding these evolving standards.
CP PLUS “will try to grab maximum market share, as much as possible,” Khemka said, highlighting the great opportunities that are expected to arise as unorganized and foreign brands—especially those who aren't willing to address cybersecurity vulnerabilities—will find themselves squeezed out.
Eventually, it can be expected that the Indian government will entice all security camera companies who want to sell in the country to produce there as well. The full value chain of camera manufacturing is supposed to be in place.
“It's a sweet spot for us,” Khemka said, adding that the large scale of CP PLUS’ operation, and the name recognition that comes with it, give the company the edge.
“In the Indian market … the love and the affection which we have as CP PLUS is much more than any other brand. But it’s also the kind of network, the kind of service, the kind of touch points which we provide in the market, no other brand has it as of now,” Khemka said. “If you ask any person what surveillance brands they know in India, you will find that CP PLUS has become a synonym to CCTV in households across the country.”
Meanwhile, CP PLUS predicts across-the-board growth in the Indian market, from government-run smart city projects and infrastructure upgrades to the end user market, where “people are also getting aware,” as Nair put it.
“When we started the sale of [entry-level] ezyKam home security cameras, we didn't think that we will producing these cameras in such numbers,” he explained. “Those cameras are very fast moving in the market. Every household is now going for these cameras. There is a big boom about to come.”
Higher standards, broader appeal
The fact that the new regulations affect all product is expected to boost the maturity of the Indian market and manufacturing landscape as a whole.
Aside from CP PLUS, domestic brands Prama and Sparsh also operate large-scale manufacturing sites in India. Prama formerly had a technology partnership with Hikvision.
“Whatever you're buying from Amazon also, it needs to pass through the STQC. It will definitely strengthen our cybersecurity, our standard stock,” Nair said. “It will completely change the market.”
CP PLUS hopes it will also help translate its strong stance in India to foreign markets, for example in the middle east or Vietnam, where the government recently introduced similarly broad cybersecurity rules. In Vietnam, specifically, the aim was to push Chinese firms out. In India, that was not the expressed aim, but it is to be expected.
“Overall, the new rules are good for the industry. All the unorganized players will be out, and all the professional players, all the quality products, will be in the market,” Nair said.
Conclusion
It remains to be seen whether India’s enormous undertaking of testing all camera models, including the ones that have been in the market for years, will proceed as smoothly as CP PLUS hopes it will, and yield the predicted results.
The sheer amount of testing that has to be done and that companies have to apply for and accommodate, is a potential bottleneck, as is the quest to ensure that manufacturers stick to the rules once they have required the initial certificate.
Even if India seeks to close the R&D gap, manufacturers will continue to rely on foreign sensors and chipsets, for now at least.
As long as “Made-in-India” cameras have a Chinese (or Taiwanese, or Korean) brain and eye, domestic manufacturing is still more assembly than invention and innovation.