support@psrcompliance.com +91 87961 04190 WhatsApp

Blog Details

BIS ER-01 & STQC Certification for CCTV Cameras: New Compliance Rules Explained (2026)
BIS

Sat, Jul 18 2026

Raju Karn

BIS ER-01 & STQC Certification for CCTV Cameras: New Compliance Rules Explained (2026)

There was a time when CCTV cameras were viewed as simple surveillance devices. Businesses primarily focused on image quality, storage capacity, night vision, and durability while choosing a camera. Compliance requirements were equally straightforward, with manufacturers only needing to ensure that their products met basic electrical safety standards before entering the Indian market. However, the rapid adoption of IP-based cameras has completely changed the landscape. Modern CCTV cameras are connected devices that communicate over networks, store sensitive information, receive software updates, and can even be accessed remotely. This transformation has made cybersecurity just as important as electrical safety.

Recognizing the growing security risks associated with internet-connected surveillance devices, the Government of India has significantly strengthened the compliance framework for CCTV cameras. Selling or installing IP cameras without meeting the latest cybersecurity requirements is no longer an option. Businesses that manufacture, import, distribute, or install CCTV cameras must now comply with BIS Essential Requirements (ER-01) and obtain STQC cybersecurity certification, while also planning for the migration of their existing BIS licences to IS/IEC 62368-1:2023. Companies that ignore these changes risk losing their ability to legally sell products in one of the world's fastest-growing surveillance markets.

The Short Version

If you are looking for the simplest explanation, here it is: IP-based CCTV cameras without BIS ER-01 compliance and STQC cybersecurity certification can no longer be legally sold or installed in India. The Ministry of Electronics and Information Technology (MeitY) has ended the relaxation period that previously allowed businesses to clear existing inventory, making cybersecurity compliance a mandatory part of the Compulsory Registration Scheme (CRS).

This means manufacturers, importers, distributors, dealers, and system integrators cannot rely solely on the older BIS electrical safety certification. Every applicable CCTV camera must now satisfy both electrical safety requirements and cybersecurity requirements before entering the Indian market. In addition, businesses holding existing BIS licences under older standards must also prepare for migration to IS/IEC 62368-1:2023 before the applicable deadline.

Key Highlights

  • BIS ER-01 compliance is mandatory for IP-based CCTV cameras.
  • STQC certification is required to verify cybersecurity compliance.
  • The relaxation period for non-compliant cameras has ended.
  • Existing BIS licences must migrate to IS/IEC 62368-1:2023 before 1 November 2028.
  • Non-compliant products may no longer be legally sold in India.

How We Got Here

A few years ago, BIS compliance for CCTV cameras was primarily focused on electrical safety. Products were tested under IS 13252, ensuring that they met essential safety requirements related to insulation, electrical shock protection, overheating, and fire hazards. While these tests were important, they did not evaluate whether a connected camera could resist cyberattacks, protect user data, or prevent unauthorized access. As CCTV systems became smarter and increasingly connected to the internet, this gap in the compliance framework became more apparent.

Security researchers around the world repeatedly discovered serious vulnerabilities in low-cost IP cameras. Many devices contained hardcoded passwords, outdated firmware, insecure communication protocols, or hidden backdoors that allowed unauthorized access within minutes. Since these cameras are commonly installed in homes, offices, factories, hospitals, schools, and government buildings, a compromised device could expose sensitive video feeds and even become an entry point into an organization's network. These growing cybersecurity concerns prompted the Government of India to strengthen the regulatory framework and introduce mandatory cybersecurity requirements for internet-connected CCTV cameras.

What Actually Changed?

The biggest change is that BIS certification for CCTV cameras is no longer limited to electrical safety alone. Earlier, manufacturers mainly focused on obtaining CRS registration under IS 13252, which evaluated product safety from an electrical perspective. Today, that approach is no longer sufficient. Every applicable IP-based CCTV camera must also comply with mandatory cybersecurity requirements designed to protect users against hacking, unauthorized access, and software vulnerabilities.

The revised compliance framework introduces two important components that every manufacturer and importer should understand. The Essential Requirements (ER-01) define the cybersecurity measures that CCTV cameras must satisfy, including secure firmware updates, encrypted communication, protection against tampering, and the elimination of hardcoded credentials. Compliance with these requirements is verified through STQC certification, which confirms that the product has successfully passed cybersecurity testing at an approved laboratory. Together with BIS CRS registration, these requirements now form a single compliance pathway for selling IP cameras in India.

Understanding the New Compliance Framework

RequirementPurpose
BIS CRS RegistrationConfirms compliance with applicable BIS safety standards.
ER-01 (Essential Requirements)Defines mandatory cybersecurity requirements for IP-based CCTV cameras.
STQC CertificationVerifies compliance with ER-01 through testing at an approved laboratory.
IS/IEC 62368-1:2023New BIS safety standard replacing older standards for applicable electronic products.

Think of it this way: ER-01 provides the cybersecurity requirements, STQC verifies whether those requirements have been met, and BIS CRS registration brings everything together before the product can be legally sold in India.

Timeline of Regulatory Changes

The current compliance framework did not appear overnight. It has been introduced gradually over the last few years, giving manufacturers time to upgrade their products and certification processes before full enforcement.

YearRegulatory Development
2023Government begins developing cybersecurity-focused Essential Requirements (ER-01) for IP-based CCTV cameras.
April 2024MeitY brings CCTV cameras under the Compulsory Registration Order (CRO).
2024–2025Transition period allows businesses to clear existing non-compliant inventory.
2026Relaxation period ends. Only BIS ER-01 and STQC-certified CCTV cameras can be legally sold.

The timeline clearly shows that the industry was given several years to prepare for these changes. However, many businesses delayed upgrading their compliance strategy, assuming the implementation timeline would be extended again. With the relaxation period now over, companies that have not completed the required certifications may face product launch delays, supply chain disruptions, and restrictions on selling their CCTV cameras in the Indian market.

There's a Second Deadline You Cannot Ignore

Just as many businesses were beginning to understand the new ER-01 and STQC cybersecurity requirements, another major compliance update arrived. MeitY has also introduced the migration to IS/IEC 62368-1:2023, the latest safety standard for audio, video, information, and communication technology equipment. This standard replaces the older IS 13252 (Part 1):2010 for applicable products under the BIS Compulsory Registration Scheme (CRS), including network-based CCTV cameras.

Unlike ER-01 and STQC, which focus on cybersecurity, IS/IEC 62368-1:2023 deals with product safety, construction, electrical protection, and hazard-based engineering principles. These are two separate requirements that work together rather than replacing one another. Businesses that complete cybersecurity certification but ignore the migration to the new BIS safety standard may still face compliance issues when their existing licences reach the end of the transition period.

Understanding the Two Compliance Requirements

RequirementPurposeStatus
ER-01 Essential RequirementsDefines mandatory cybersecurity requirements for IP-based CCTV cameras.Mandatory
STQC CertificationVerifies compliance with ER-01 through testing by an approved laboratory.Mandatory
IS/IEC 62368-1:2023Latest BIS safety standard replacing older electrical safety standards.Migration Required

Important: ER-01, STQC, and IS/IEC 62368-1:2023 are not alternatives. Manufacturers and importers must comply with all applicable requirements to continue selling CCTV cameras legally in India.

Why This Matters More Than a Normal Compliance Update

Most regulatory changes involve updating documentation or submitting revised applications. However, the new CCTV compliance framework goes much further because it affects both product safety and cybersecurity. Internet-connected cameras are now considered critical devices capable of collecting sensitive information, making them potential targets for cyberattacks. As a result, compliance is no longer limited to preventing electrical hazards—it also focuses on protecting networks, user data, and national cybersecurity.

The impact extends beyond manufacturers. Every business involved in the CCTV supply chain, including importers, distributors, dealers, system integrators, and even organizations procuring surveillance systems, must ensure that products meet the latest BIS and cybersecurity requirements. Purchasing or installing a non-compliant camera can lead to legal, operational, and commercial risks that were largely absent under the earlier compliance framework.

Why Businesses Should Take This Seriously

  • The relaxation period for non-compliant cameras has ended.
  • Cybersecurity compliance is now mandatory under the BIS CRS framework.
  • Existing BIS licences must migrate to IS/IEC 62368-1:2023 before 1 November 2028.
  • Non-compliant products may face restrictions on manufacturing, import, sale, or installation.
  • Delayed compliance can affect product launches, supply chains, and customer confidence.

Who Is Affected by the New Rules?

A common misconception is that these regulations apply only to imported CCTV cameras. In reality, the requirements apply equally to Indian manufacturers, foreign manufacturers, importers, brand owners, distributors, dealers, and system integrators dealing with IP-based CCTV cameras. Whether a product is manufactured in India or imported from another country, it must comply with the applicable BIS safety and cybersecurity requirements before being supplied to customers.

The responsibility also extends to organizations purchasing CCTV systems for commercial or institutional use. Government departments, hospitals, schools, factories, corporate offices, residential projects, and infrastructure developers should verify the compliance status of surveillance equipment before procurement. Requesting valid BIS registration details and STQC certification can help buyers avoid future legal or operational issues.

Businesses That Should Review Their Compliance Immediately

Business TypeCompliance Responsibility
ManufacturersObtain BIS CRS, ER-01 compliance, and STQC certification.
ImportersEnsure imported products meet all applicable BIS requirements.
Brand OwnersVerify products are certified before market launch.
Distributors & DealersSell only compliant CCTV cameras.
System IntegratorsInstall certified surveillance equipment.
Institutional BuyersVerify BIS registration and STQC certification before procurement.

The Business Impact of Delayed Compliance

Delaying compliance is no longer simply a regulatory risk—it can directly affect business operations and revenue. A manufacturer may complete production, an importer may receive shipments, and a dealer may secure customer orders, but without the required certifications, those products cannot be legally supplied in the market. This can result in postponed deliveries, cancelled purchase orders, and damage to long-standing customer relationships.

Businesses that prepare early are far more likely to avoid these disruptions. By integrating compliance into product development, procurement, and launch planning, companies can reduce certification delays, maintain uninterrupted supply chains, and build greater trust with customers and business partners.

Possible Consequences of Non-Compliance

  • Delay in product launches.
  • Import and customs clearance issues.
  • Cancellation of government or institutional tenders.
  • Marketplace and distributor restrictions.
  • Loss of customer confidence.
  • Increased compliance costs due to urgent testing and documentation.
  • Business disruption caused by expired or non-compliant BIS licences.

Planning compliance today is far less expensive than dealing with product recalls, cancelled orders, or interrupted market access tomorrow.

Practical Compliance Checklist

  • Review your complete CCTV product portfolio.
  • Identify which models already have BIS CRS registration.
  • Verify whether each product complies with ER-01 Essential Requirements.
  • Obtain STQC certification for applicable IP-based cameras.
  • Check whether your existing BIS licence is still under the old standard.
  • Plan migration to IS/IEC 62368-1:2023 well before 1 November 2028.
  • Maintain updated technical documents, firmware records, and test reports.
  • Coordinate early with BIS-recognized and STQC-approved laboratories.
  • Verify supplier compliance before importing or purchasing products.

Why Early Compliance Is a Business Advantage

Many companies view compliance only as a legal obligation, but businesses that complete certification early often gain a competitive advantage. Government buyers, corporate clients, infrastructure projects, and institutional customers increasingly prefer suppliers that can demonstrate complete regulatory compliance. Having the necessary certifications in place before competitors can improve bidding opportunities, strengthen dealer confidence, and reduce delays during procurement discussions.

Early compliance also gives manufacturers enough time to address testing observations, update product documentation, and complete licence migration without disrupting production schedules. Rather than treating BIS, ER-01, and STQC requirements as last-minute formalities, businesses should integrate compliance into their product development and market-entry strategy. Companies that do so are more likely to maintain uninterrupted sales while building a stronger reputation in India's increasingly regulated electronics market.

Need BIS ER-01 & STQC Certification for CCTV Cameras?

Ensure your CCTV cameras comply with the latest BIS CRS, ER-01, STQC cybersecurity requirements, and IS/IEC 62368-1:2023 migration guidelines. PSR Compliance assists manufacturers and importers with end-to-end BIS certification, documentation, testing coordination, and licence migration.

📞 Call: +91 8796104190
📧 Email: support@psrcompliance.com

Frequently Asked Questions (FAQs)

1. Is ER-01 certification mandatory for CCTV cameras in India?

Yes. Applicable IP-based CCTV cameras must comply with the ER-01 Essential Requirements and obtain STQC certification as part of the BIS CRS compliance framework.

2. What is STQC certification for CCTV cameras?

STQC certification verifies that a CCTV camera complies with the cybersecurity requirements specified under ER-01 through testing at an approved laboratory.

3. Does an existing BIS CRS licence automatically cover ER-01 compliance?

No. BIS CRS registration for electrical safety and ER-01 cybersecurity compliance are separate requirements. Products must satisfy both where applicable.

4. What is IS/IEC 62368-1:2023?

IS/IEC 62368-1:2023 is the latest BIS safety standard for audio, video, information, and communication technology equipment, replacing older safety standards for applicable products.

5. By when must manufacturers migrate to IS/IEC 62368-1:2023?

For applicable products, existing BIS licences must migrate to IS/IEC 62368-1:2023 before 1 November 2028.

6. Who needs BIS ER-01 and STQC certification?

Manufacturers, importers, brand owners, and businesses selling applicable IP-based CCTV cameras in India must comply with the prescribed BIS and cybersecurity requirements.

7. How can PSR Compliance help with CCTV camera certification?

PSR Compliance assists with BIS CRS registration, ER-01 compliance, STQC certification, documentation, laboratory coordination, licence migration, and complete regulatory consultancy for CCTV cameras.

Contact Us

Start a New Case? Contact
Our Experts

Just send us your questions or concerns by starting a new case &
we will give you the help you need. Start Here...

Have a Question?

+91-8796104190
  • Monday - Saturday:
  • 10AM - 7PM
  • Sunday & Public Holidays (Closed)
Request a Call Back
Call Now WhatsApp