Company Registration
NGO Registration
Virtual business address
Startup Registration
Shop Act Registration
Annual Compliance
Income tax Filing
Trade License Registration
BIS Registration main
CDSCO Registration
Star Rating Certification
WPC Registration
Brand Registration
Legal Metrology Certification
PESO certification
Factory License Registration
Fire NOC
AERB Certification
PSARA License
Fssai License
RCMC Certification
Import Export Registration
China Food Export
RNI Certification
NSIC Registration
ISO Certification Main
US FDA
ICEGATE Registration Main
CPCB Approval
EIA Environment
CPCB/SPCB
E-Waste Management
Plastic Waste Management
Sat, Jul 18 2026
Raju Karn
There was a time when CCTV cameras were viewed as simple surveillance devices. Businesses primarily focused on image quality, storage capacity, night vision, and durability while choosing a camera. Compliance requirements were equally straightforward, with manufacturers only needing to ensure that their products met basic electrical safety standards before entering the Indian market. However, the rapid adoption of IP-based cameras has completely changed the landscape. Modern CCTV cameras are connected devices that communicate over networks, store sensitive information, receive software updates, and can even be accessed remotely. This transformation has made cybersecurity just as important as electrical safety.
Recognizing the growing security risks associated with internet-connected surveillance devices, the Government of India has significantly strengthened the compliance framework for CCTV cameras. Selling or installing IP cameras without meeting the latest cybersecurity requirements is no longer an option. Businesses that manufacture, import, distribute, or install CCTV cameras must now comply with BIS Essential Requirements (ER-01) and obtain STQC cybersecurity certification, while also planning for the migration of their existing BIS licences to IS/IEC 62368-1:2023. Companies that ignore these changes risk losing their ability to legally sell products in one of the world's fastest-growing surveillance markets.
If you are looking for the simplest explanation, here it is: IP-based CCTV cameras without BIS ER-01 compliance and STQC cybersecurity certification can no longer be legally sold or installed in India. The Ministry of Electronics and Information Technology (MeitY) has ended the relaxation period that previously allowed businesses to clear existing inventory, making cybersecurity compliance a mandatory part of the Compulsory Registration Scheme (CRS).
This means manufacturers, importers, distributors, dealers, and system integrators cannot rely solely on the older BIS electrical safety certification. Every applicable CCTV camera must now satisfy both electrical safety requirements and cybersecurity requirements before entering the Indian market. In addition, businesses holding existing BIS licences under older standards must also prepare for migration to IS/IEC 62368-1:2023 before the applicable deadline.
A few years ago, BIS compliance for CCTV cameras was primarily focused on electrical safety. Products were tested under IS 13252, ensuring that they met essential safety requirements related to insulation, electrical shock protection, overheating, and fire hazards. While these tests were important, they did not evaluate whether a connected camera could resist cyberattacks, protect user data, or prevent unauthorized access. As CCTV systems became smarter and increasingly connected to the internet, this gap in the compliance framework became more apparent.
Security researchers around the world repeatedly discovered serious vulnerabilities in low-cost IP cameras. Many devices contained hardcoded passwords, outdated firmware, insecure communication protocols, or hidden backdoors that allowed unauthorized access within minutes. Since these cameras are commonly installed in homes, offices, factories, hospitals, schools, and government buildings, a compromised device could expose sensitive video feeds and even become an entry point into an organization's network. These growing cybersecurity concerns prompted the Government of India to strengthen the regulatory framework and introduce mandatory cybersecurity requirements for internet-connected CCTV cameras.
The biggest change is that BIS certification for CCTV cameras is no longer limited to electrical safety alone. Earlier, manufacturers mainly focused on obtaining CRS registration under IS 13252, which evaluated product safety from an electrical perspective. Today, that approach is no longer sufficient. Every applicable IP-based CCTV camera must also comply with mandatory cybersecurity requirements designed to protect users against hacking, unauthorized access, and software vulnerabilities.
The revised compliance framework introduces two important components that every manufacturer and importer should understand. The Essential Requirements (ER-01) define the cybersecurity measures that CCTV cameras must satisfy, including secure firmware updates, encrypted communication, protection against tampering, and the elimination of hardcoded credentials. Compliance with these requirements is verified through STQC certification, which confirms that the product has successfully passed cybersecurity testing at an approved laboratory. Together with BIS CRS registration, these requirements now form a single compliance pathway for selling IP cameras in India.
Think of it this way: ER-01 provides the cybersecurity requirements, STQC verifies whether those requirements have been met, and BIS CRS registration brings everything together before the product can be legally sold in India.
The current compliance framework did not appear overnight. It has been introduced gradually over the last few years, giving manufacturers time to upgrade their products and certification processes before full enforcement.
The timeline clearly shows that the industry was given several years to prepare for these changes. However, many businesses delayed upgrading their compliance strategy, assuming the implementation timeline would be extended again. With the relaxation period now over, companies that have not completed the required certifications may face product launch delays, supply chain disruptions, and restrictions on selling their CCTV cameras in the Indian market.
Just as many businesses were beginning to understand the new ER-01 and STQC cybersecurity requirements, another major compliance update arrived. MeitY has also introduced the migration to IS/IEC 62368-1:2023, the latest safety standard for audio, video, information, and communication technology equipment. This standard replaces the older IS 13252 (Part 1):2010 for applicable products under the BIS Compulsory Registration Scheme (CRS), including network-based CCTV cameras.
Unlike ER-01 and STQC, which focus on cybersecurity, IS/IEC 62368-1:2023 deals with product safety, construction, electrical protection, and hazard-based engineering principles. These are two separate requirements that work together rather than replacing one another. Businesses that complete cybersecurity certification but ignore the migration to the new BIS safety standard may still face compliance issues when their existing licences reach the end of the transition period.
Important: ER-01, STQC, and IS/IEC 62368-1:2023 are not alternatives. Manufacturers and importers must comply with all applicable requirements to continue selling CCTV cameras legally in India.
Most regulatory changes involve updating documentation or submitting revised applications. However, the new CCTV compliance framework goes much further because it affects both product safety and cybersecurity. Internet-connected cameras are now considered critical devices capable of collecting sensitive information, making them potential targets for cyberattacks. As a result, compliance is no longer limited to preventing electrical hazards—it also focuses on protecting networks, user data, and national cybersecurity.
The impact extends beyond manufacturers. Every business involved in the CCTV supply chain, including importers, distributors, dealers, system integrators, and even organizations procuring surveillance systems, must ensure that products meet the latest BIS and cybersecurity requirements. Purchasing or installing a non-compliant camera can lead to legal, operational, and commercial risks that were largely absent under the earlier compliance framework.
A common misconception is that these regulations apply only to imported CCTV cameras. In reality, the requirements apply equally to Indian manufacturers, foreign manufacturers, importers, brand owners, distributors, dealers, and system integrators dealing with IP-based CCTV cameras. Whether a product is manufactured in India or imported from another country, it must comply with the applicable BIS safety and cybersecurity requirements before being supplied to customers.
The responsibility also extends to organizations purchasing CCTV systems for commercial or institutional use. Government departments, hospitals, schools, factories, corporate offices, residential projects, and infrastructure developers should verify the compliance status of surveillance equipment before procurement. Requesting valid BIS registration details and STQC certification can help buyers avoid future legal or operational issues.
Delaying compliance is no longer simply a regulatory risk—it can directly affect business operations and revenue. A manufacturer may complete production, an importer may receive shipments, and a dealer may secure customer orders, but without the required certifications, those products cannot be legally supplied in the market. This can result in postponed deliveries, cancelled purchase orders, and damage to long-standing customer relationships.
Businesses that prepare early are far more likely to avoid these disruptions. By integrating compliance into product development, procurement, and launch planning, companies can reduce certification delays, maintain uninterrupted supply chains, and build greater trust with customers and business partners.
Planning compliance today is far less expensive than dealing with product recalls, cancelled orders, or interrupted market access tomorrow.
Many companies view compliance only as a legal obligation, but businesses that complete certification early often gain a competitive advantage. Government buyers, corporate clients, infrastructure projects, and institutional customers increasingly prefer suppliers that can demonstrate complete regulatory compliance. Having the necessary certifications in place before competitors can improve bidding opportunities, strengthen dealer confidence, and reduce delays during procurement discussions.
Early compliance also gives manufacturers enough time to address testing observations, update product documentation, and complete licence migration without disrupting production schedules. Rather than treating BIS, ER-01, and STQC requirements as last-minute formalities, businesses should integrate compliance into their product development and market-entry strategy. Companies that do so are more likely to maintain uninterrupted sales while building a stronger reputation in India's increasingly regulated electronics market.
Ensure your CCTV cameras comply with the latest BIS CRS, ER-01, STQC cybersecurity requirements, and IS/IEC 62368-1:2023 migration guidelines. PSR Compliance assists manufacturers and importers with end-to-end BIS certification, documentation, testing coordination, and licence migration.
📞 Call: +91 8796104190📧 Email: support@psrcompliance.com
Yes. Applicable IP-based CCTV cameras must comply with the ER-01 Essential Requirements and obtain STQC certification as part of the BIS CRS compliance framework.
STQC certification verifies that a CCTV camera complies with the cybersecurity requirements specified under ER-01 through testing at an approved laboratory.
No. BIS CRS registration for electrical safety and ER-01 cybersecurity compliance are separate requirements. Products must satisfy both where applicable.
IS/IEC 62368-1:2023 is the latest BIS safety standard for audio, video, information, and communication technology equipment, replacing older safety standards for applicable products.
For applicable products, existing BIS licences must migrate to IS/IEC 62368-1:2023 before 1 November 2028.
Manufacturers, importers, brand owners, and businesses selling applicable IP-based CCTV cameras in India must comply with the prescribed BIS and cybersecurity requirements.
PSR Compliance assists with BIS CRS registration, ER-01 compliance, STQC certification, documentation, laboratory coordination, licence migration, and complete regulatory consultancy for CCTV cameras.
Book your free consultation with our specialists today.
PSR Assistant