• India has enforced “Essential Requirements” (ERs) for all CCTV cameras to boost privacy and security.
• The ERs cover various aspects around hardware, software, supply chains and design. These norms are stringent and are on par with international regulations.
• Till February, only five brands had made some of their models compliant with these norms.
• These norms have the potential to negatively impact Chinese players and smaller local brands. Smart camera brands are more affected and may have to make significant changes to their portfolios or localize supply chains to become compliant.

India’s CCTV market is large and growing. But as deployment increases, so does the risk of misuse and data breaches, making it essential to strengthen safeguards and regulations. With this in mind, India’s government brought new norms last year to address concerns related to privacy and security. However, this has caused some upheaval in the country’s CCTV market.

These norms are called the Essential Requirements (ERs) and were initially introduced to ensure the security of CCTV systems procured by government bodies. The scope of these ERs was then extended to all CCTV cameras sold in India and they are now part of the government’s Standardization Testing and Quality Certification (STQC) norms for CCTVs. The last date for compliance was initially in October 2024 and was later extended to April 9, 2025.

India’s ‘Essential Requirements’ for CCTV Players

Sources: India’s Ministry of Electronics and Information Technology, Counterpoint Research

The government has introduced four important considerations in the ERs to focus on security mechanisms within the CCTV device. These parameters require secure software with an anti-rollback mechanism, TEE/SE/TPM enablement, supply chain risk assessment, unique keys and secure key injection, credential/backdoor audits and more.

Current progress

These changes have already caused some turbulence in India’s CCTV market. As of February 29, 2025, only five players — CP Plus, Prama, Matrix, Sparsh and Qubo — had made some of their models compliant with the latest norms. Out of these, only two had registered their analog CCTV models, while Qubo was the only one to get its smart cameras licensed. The norms exempt analog cameras from April 1, 2025, onwards, but the market is shifting rapidly towards IP cameras which already make up more than two-thirds of the overall market.

The impact may be huge if other players do not comply. In a space led by CP Plus, Hikvision and Matrix, Chinese brands like Hikvision, Tapo and Xiaomi may have to either adjust their portfolios and localize supply chains or exit the market altogether.

Analyst takes

• Government procurement for public infrastructure forms 30%-35% of the overall demand for CCTVs in the country. The government procurement norms currently require OEMs to use a certain amount of locally made components, effectively minimizing the use of Chinese components. These norms also require software stacks to be localized and hosted on servers within India. Hence, it makes sense for OEMs to use the same products for both government and general customers.

• The Digital Personal Data Protection Act, 2023, recognizes an individual’s right to privacy as well as the needs of law enforcement agencies when processing personal digital data. Although this Act does not bar cross-border transfer of personal digital data, the government may restrict this in the coming time. In the event of this happening, the abovementioned government procurement norms for software may also apply to the overall market. The storage of data on Indian servers will also create opportunities for domestic companies to replace foreign-based platforms like Tuya and other Chinese-origin platforms.

• The ERs require OEMs to assess the whole supply chain and ensure the components are from trusted sources. This will lead to OEMs opting for localized manufacturing to provide better visibility of their supply chains and to meet the norms.

• While compliance with the ERs will enhance data security and supply chain resilience, it is also expected to increase CCTV prices. The higher costs can be either recouped by increasing the price of the product or following a subscription-based model. The Indian market is not receptive to a subscription model, hence we anticipate an increase in prices.

• Chinese players may find it difficult to get licenses as their supply chains are still heavily based out of China. Small players will also be impacted as mapping their full supply chains would be an uphill task. While this could lead to short-term consolidation and a temporary dip in shipments, it sets the stage for a more secure and transparent ecosystem. For other companies, it will likely result in a shift towards trusted foreign suppliers like Realtek and Novatek for chipsets, and other local vendors for other parts.

• In the long run, a combination of these regulations may elevate domestic players like Sparsh and Matrix. The ER framework is likely a precursor to broader IoT regulations that will reduce security risks in products sold in India. Such regulations are already in discussions under the Indian Telecom Security Assurance Requirements (ITSAR), which include categories like smart cameras and smart meters.