STQC Certification and CCTV

 STQC Certification and CCTV

CCTV is everywhere now, in metro stations, campuses, warehouses, and housing societies. With that spread comes a tougher question: can you trust what’s on the pole? The government wants a clear “yes”, which is why it’s pushing the market towards standardized, secure-by-design products. The big lever is STQC security certification. It’s not a nice-to-have anymore; it’s the new gate. Manufacturers, integrators, buyers, everyone’s playbook changes in 2025.

STQC, short for Standardization Testing and Quality Certification, is overseen by the Ministry of Electronics and IT (MeitY). Think of it as a seal that says, “This device was built properly and hardened against common attacks.” For surveillance, that covers cameras, DVRs, and NVRs. It looks at product quality, cybersecurity controls, and how data is handled. In other words: fewer soft spots, fewer nasty surprises once the kit goes live.

The Mandatory Requirement

Two dates matter. First, in June 2024, government buyers started insisting on STQC-aligned equipment. Only STQC-certified CCTV products are meant to be sold and integrated in India. No carve-outs for OEMs or import labels. No “we’ll update it later”. If it isn’t certified, it shouldn’t be on the invoice. Simple as that.

As of April 9, 2025, STQC certification is mandatory for all CCTV cameras manufactured, imported, or sold in India. 

·        Government Procurement: Mandatory since June 6, 2024. Any "Made in India" CCTV procured for government projects must strictly adhere to STQC-certified standards.

·        General Market: All IP-based CCTV cameras must comply by the April 2025 deadline to remain legally available for sale.

·        Full Enforcement: From April 1, 2026, no sale of non-compliant CCTV cameras will be allowed, as the previous transition relaxations have been formally withdrawn

Why STQC is mandatory for CCTV?
The Ministry of Electronics and IT (MeitY) made STQC (Standardisation Testing and Quality Certification) mandatory for CCTV systems to ensure:
🔹 Quality & Safety: Cameras must work well and be safe for public use.
🔹 No Spying Risk: To avoid hidden risks like data leaks or spying through poor-quality or foreign-controlled cameras.
🔹 Trusted Performance: STQC checks that the camera meets Indian government standards before it’s used in sensitive places.

✅ STQC = Government-approved safety and quality check for CCTV.

Key Requirements for STQC Certification

This mandate pulls the industry toward “secure by default”. Expect the following to show up in specs and test reports:

·        Secure boot and firmware verification so tampered code can’t sneak in.

·        No default or hardcoded passwords; each device has its own credentials.

·        TLS 1.2+ is a modern way to encrypt streams and management communications.

·        Access restrictions that are quite specific for local and remote logins, together with roles and logs.

·        BIS safety compliance (IS 13252 / IEC 60950-1) where applicable.

·        Chinese-origin OEMs are not eligible for STQC certification.

·        Independent testing at STQC-recognized labs, with proper documentation.

Yes, it’s technical. But it’s also practical. Locked ports. Signed updates. Patch paths that don’t open new holes. That’s how fleets stay healthy.

Who Needs to Comply with This Mandate?

Short answer: the entire chain.

·        Manufacturers, Indian and international, are bringing models to market.

·        OEM partners and importers are rebranding or expanding their ranges.

·        Distributors, retailers, and system integrators are selling or installing systems.

·        Buyers in public projects, smart cities, critical infrastructure, and enterprise.

If you touch CCTV in India, compliance isn’t an afterthought. It’s part of the offer.

What Happens If You Don’t Comply?

Doors close. Non-STQC products become out of bounds for sale and use. You risk being tossed out of tenders. Licenses and approvals can be questioned. Private buyers, especially corporate security teams, will quietly pass. And the reputational hit from a failed audit? That lingers. Why roll the dice when the rules are crystal clear?

Benefits of Using STQC-Certified CCTV Products

In short, here’s what that certification delivers in everyday operations.

·        Stronger cybersecurity out of the box; fewer field incidents, fewer emergency call-outs.

·        Buyer confidence, procurement checks get easier, especially in regulated sectors.

·        Policy alignment with Make in India and Atmanirbhar Bharat priorities.

·        Lower legal and operational risk, plus a smoother path through audits and renewals.

Certification Process for Manufacturers

To obtain the STQC Certificate for CCTV, companies must follow a structured procedure: 

1.   Technical Construction File (TCF): Submit a dossier detailing architecture, firmware versions with hash values, and Bill of Materials (BoM) down to the SoC level.

2.   Lab Testing: Samples are sent to BIS-approved or STQC-recognized labs for functional and cybersecurity stress tests.

3.   Factory Audit: STQC authorities may inspect manufacturing facilities to verify quality control and secure engineering processes.

4.   Labeling: Certified products must display: “This CCTV camera complies with Essential Requirement(s) for Security” on their packaging.

Essential Security Requirements (ER 01:2024)

The Standardisation Testing and Quality Certification (STQC) Directorate validates cameras against Essential Requirements (ER). These are not optional features but mandatory engineering controls: 

·        No Hardcoded Passwords: Each device must have unique credentials; "admin/admin" defaults are prohibited.

·        Secure Boot & Firmware: The camera verifies its own software integrity every time it starts up. Only cryptographically signed firmware can run, so nobody can inject malicious code.

·        Encryption: Mandatory use of TLS 1.2+ for streaming and management data to prevent interception.

·        Physical Security: Requirements for tamper-resistant enclosures and locked physical ports (like UART or JTAG).

·        Data Sovereignty: Prevents sensitive surveillance data from being transmitted to unauthorized foreign servers. Manufacturer debugging interfaces must be shut down before the camera leaves the factory. Open debug ports are one of the most common entry points for hackers.

·        Vulnerability disclosure policy – Brands must maintain a formal process for reporting and patching security flaws. This means ongoing accountability, not just a one-time test.

·        Supply chain transparency – Manufacturers must declare the origin of chipsets, PCBs, and processors. Think of it like ingredient labelling on food; now the government checks where your camera's brain comes from.

Impact of Non-Compliance

Failure to meet these standards results in significant market restrictions:

·        License Cancellation: Existing BIS licenses may be suspended or cancelled.

·        Customs Delays: Imported units lacking certification are often stalled at ports.

·        Tender Disqualification: Non-compliant brands are excluded from lucrative smart city and public infrastructure projects

How to Verify a Specific Model

Certification is awarded at the model level, not just the brand level. You can verify a specific camera by: 

1.   Checking the Packaging: Look for the mandatory text: "This CCTV camera complies with Essential Requirement(s) for Security".

2.   Official Portal: Visit the STQC Certified Products List and search by manufacturer name or certificate number.

Understanding BIS ER Approval

Until recently, a CCTV camera only needed to pass a basic electrical safety test (IS 13252) to be sold in India. That test checked whether the camera was safe to plug in: protection against electric shock, insulation, and fire hazards. That's it.

Alongside STQC, BIS ER (Bureau of Indian Standards – Electronics Registration) approval is another essential regulatory requirement for electronic surveillance equipment sold in India. 

The BIS ER approval indicate strengthens trust among distributors, channel partners, and enterprise buyers who prioritize regulatory compliance during vendor evaluation.

What BIS ER Approval Ensures

·        Conformity to Indian safety standards

·        Electrical safety compliance

·        Product testing through recognized labs

·        Mandatory registration before market sale

Key Aspects of BIS-ER-01 Certification

·        Objective: Adds a mandatory cybersecurity layer to existing electrical safety standards for IP cameras and security equipment.

·        Mandatory Status: Essential for legal sale or import of surveillance products in India.

·        Testing Focus: Evaluates debug interfaces, password complexity, and access controls.

·        Deadline/Timeline: The deadline for implementation was April 9, 2025.

·        Application: Often involves collaboration with BIS-designated labs for testing and submission through official channel

BIS guidelines are listed below to comply with the Essential Requirements for CCTV Cameras. 

While some of it may sound complicated, not to worry, we are here to simplify it for you.  Email us or call us – we are happy to discuss and guide you 

·        Existing licensees of ‘CCTV Cameras’ as per IS 13252 (Part 1) : 2010/ IEC 60950-1 : 2005 

o   Existing licensees of CCTV Cameras shall apply online through the “Apply for Standard Revision/ Amendment/ Essential Requirement” module along with test report for ER: 01.

o   Applicable Fees: 

§  Inclusion test report: INR 30,000/- + applicable taxes per test report 

§  Additional test report: INR 20,000/- + applicable taxes per test report 

o   All non-compliant models shall be deleted from the scope of License and registration shall be liable for cancellation after 09 April 2025.  

·        New Applicants of CCTV Cameras: 

o   Applications for CCTV Cameras may be submitted along with test report for ER: 01 in addition to test report as per IS 13252 (Part 1): 2010. 

o   Processing of Applications without test report for ER: 01 shall be permitted only upto 09 April 2025. 

o   In case of above point no. 3 (B) (ii), a declaration from the applicant will also be required to submit that they will implement the revised Standard by 09 April 2025. 

o   Beyond 09 April 2025, above point no. 3 (B) (ii) will not be valid and registration will not be granted to such applications which are not complying with ER: 01 

·        Change in Scope of License:

o   Inclusion applications for CCTV Cameras may be submitted along with test report for ER: 01 in addition to test report as per IS 13252 (Part 1): 2010. 

o   Processing of Applications without test report for ER: 01 shall be permitted only upto 09 April 2025. 

o   In case of above point no. 3 (C) (ii), a declaration from the applicant will also be required to submit that they will implement the revised Standard by 09 April 2025. 

o   Beyond 09 April 2025, above point no. 3 (C) (ii) will not be valid and registration will not be granted to such applications which are not complying with ER: 01. 

o   Existing Licensees shall not use the Inclusion module to apply for implementation of Essential requirements of registered models. Instead, they may use the module as already mentioned in 3 (A)(i). 

·        Models complying with the above Order may display the following on the packaging: “This CCTV camera complies with Essential Requirement(s) for Security”.  

·        Provision for generating Test Request for ER for Security of CCTV– ER: 01 has been made live on BIS Portal. 

STQC vs BIS ER – Which One Do You Need?
In today’s regulatory environment, certifications are not just about compliance—they’re about trust, credibility, and market access. Two certifications that often create confusion are STQC (Standardisation Testing & Quality Certification) and BIS ER (Bureau of Indian Standards – Essential Requirements). While both deal with product quality and safety, their application areas and target customers differ significantly.

STQC (Standardisation Testing & Quality Certification)
 • Primary Customers: Government departments, PSUs, and organizations working on e-Governance, IT infrastructure, and software/hardware systems.
 • Focus: IT systems, biometric devices, smart cards, e-sign, and other digital infrastructure components.
 • Why It’s Needed: Many government tenders and projects mandate STQC certification to ensure reliability, interoperability, and adherence to national security/quality standards.

BIS-ER ( Bureau of Indian Standards – Essential Requirements)
 • Primary Customers: Private manufacturers, importers, and businesses selling electronic/IT products in the Indian market.
 • Focus: Consumer electronics, IT equipment, household gadgets, and other electronic products listed under the Compulsory Registration Scheme (CRS).
 • Why It’s Needed: BIS ER is mandatory for commercial sale in India—without it, businesses cannot legally sell or market their products.

In simple terms
 • Government Projects → STQC Certification (trust + compliance in IT/e-governance ecosystem).
 • Market Access (Retail/Commercial) → BIS ER Certification (legally required for selling electronic products in India).

From Today onwards (April 1, 2026): what changes

The government gave the industry time to prepare. New BIS licences without ER-01 compliance stopped being issued from April 9, 2025. Brands that didn't get certified could sell existing warehouse stock for a while, but that grace period is now over.

From April 1, 2026, selling a non-compliant camera in India carries fines of up to 10× the product's value and up to 2 years in prison. BIS is already raiding warehouses.

Existing cameras already installed in your home or office are unaffected. The rule targets new sales, not existing use. And analog cameras are exempt; this applies only to IP (network-connected) cameras.

Sensitivity vs Threshold

Sensitivity vs Threshold 

In video surveillance, sensitivity determines the smallest motion a camera can detect, while threshold defines the magnitude of that motion needed to trigger an event. A higher sensitivity setting allows the camera to register even minor movements, whereas a higher threshold makes it harder to trigger an event, requiring a more significant amount of motion to activate the motion detection. You often adjust these together to reduce false alarms from things like light changes while still capturing real events like a person or vehicle.

Sensitivity measures how responsive a system is to a stimulus, while the threshold is the minimum stimulus energy or change required to trigger a response, with sensitivity being the reciprocal of the threshold. In simpler terms, a high sensitivity means a low threshold and the system responds to small or subtle changes, whereas a low sensitivity implies a high threshold, requiring a significant change to elicit a reaction. 

Sensitivity

·        Definition: The ability of a system or person to detect a stimulus or respond to a change.

·        What it is: The ease with which a camera detects motion. 

·        Measurement: It is often defined as the inverse of the threshold. 

·        Function:  A high sensitivity means a system is more responsive and can detect very weak or small signals/changes.

·        How it works: A higher sensitivity value means the camera's motion detection algorithm is more "tuned in" to changes in pixels, allowing it to pick up on smaller or fainter movements.

·        Effect: A high sensitivity can lead to more alerts, as it's more likely to trigger from small, irrelevant movements. 

·        Example: A person with high sensitivity to noise might hear a faint sound that others don't. 

Threshold

·        Definition: The minimum level of stimulus energy, intensity, or change that is needed to activate a system or produce a detectable response.

·        What it is: The minimum amount of movement required to trigger a motion event.

·        Measurement: The specific level of input that is just enough to cause a reaction. 

·        Function: A low threshold means the system is easily triggered, while a high threshold requires a greater stimulus for a response.

·        How it works: It sets the bar for how much of a motion pixel change must occur before an alert is generated.

·        Effect: A higher threshold makes the system less likely to trigger, while a lower threshold will trigger the event more easily.

·        Example: A security camera's motion threshold determines the minimum amount of pixel change required to trigger an alarm. 

Relationship in Practice

·        Sensitivity and Threshold are Inversely Related: 

When sensitivity is high, the threshold is low, meaning less stimulus is needed for a response. Conversely, when sensitivity is low, the threshold is high, requiring a stronger stimulus to get a reaction. 

·        Adjusting for Performance: 

In tasks like motion detection, you adjust these settings together.

ü  Low sensitivity (high threshold): Reduces false alarms but may miss actual events. 

ü  High sensitivity (low threshold): Detects more subtle changes but increases the risk of false alerts.

Balancing Sensitivity and Threshold

·        Reduce False Alarms: You can use a combination of a higher threshold and moderate sensitivity to avoid triggering events from non-threatening movements (like swaying branches). 

·        Capture Key Events: You might use high sensitivity with a higher threshold to ensure you don't miss real events while still filtering out minor disturbances. 

Threshold value

As you mentioned the threshold value is a number in % and is the amount of pixels that is covered by the object relative the total amount of pixels in the picture. Let’s say that a person cover 15% of the total amount of pixels. Then the threshold value is 15%. For the system to detect that person the threshold level must be set to a lower value than 15%, let´s say 10%. Now, if something covers more than 10% of the pixels in the field of view the system will acknowledge that as an object of interest. But, that information will solely not trigger the system for motion detection… Therefore, we need a second parameter called Sensibility value.

Sensibility value

Sensibility is a parameter connected to if the object is moving slowly or fast. If the object is moving at all or if it is moving slowly or fast is determined from more mathematical calculations during a certain time interval. Let´s say that at time=1 the calculation gives the first threshold value. A specific time later at time=2 the second calculation gives the next threshold value and after time=3 it gives the third threshold value. If all these threshold values are the same the object is not moving and the system will not generate a motion trigg to start a recording of a video. But, if it is a difference between the threshold values something is happening with the object and it gets interesting. If the differences between the threshold values are small the object is probably moving slow. If the difference is big the object is probably moving fast. Let´s say that the system calculates a sensibility value that is between 0 and 100. A value of 0 means no change in motion, completely still. A value of 100 means t that the object is moving very fast. In Netcam system the Sensibility can be set to; very high – normal – very low. If you want to detect an object that moves very slowly you need to set the Sensibility to very high. Small changes in the sensibility value should be recognized as important and tell the system that here is something important going on. If the object is moving fast the sensibility value is high and it will also be recognized by the system as important. Well, why not always set the Sensibility to very high because then we will never miss a moving object? That is the million dollar question. If you set the Sensibility to very high it will detect everything and you will have a lot of false alarms! If you set the Sensibility to very low you will most likely never get a false alarm, but you will never get the moving object of interest either. Setting the Sensibility correct needs quite often some testing since it is very dependent of the situation.

‘Sensitivity’ is specified by most camera manufacturers using the ISO 12232 methodology. When using this saturation-based method, a higher ISO value means that it takes less light for the image to reach saturation but does not define how sensitive a sensor is to light (i.e., how many electrons are generated per incident photon) relative to the sensor noise.

ISO 12232 was established to give people an idea how a digital sensor compared to film speed, however it was never intended to give a full range of sensor performance. High-speed cameras are used in applications that demand good performance in low-light environments, which can not be determined by the ISO spec. To achieve a higher ISO rating the display settings of an image can be manipulated, such as by reducing the bit depth or full-well capacity. These specific changes make the image appear brighter but have an adverse effect on image quality and performance.

Consider the following limitations with the ISO 12232 specification when using it to compare high-speed cameras:

·        ISO 12232 does not account for noise performance. Instead, meaningful sensor qualities like Temporal Dark Noise (aka Read Noise) and Absolute Sensitivity Threshold, which indicates how well the sensor can identify detail from noise, are key attributes to discerning low light performance of the camera.

·        ISO is easily manipulated with added gain, which lowers Signal-to-Noise Ratio (SNR) and lowers Dynamic Range (DR). This trade-off gets masked because SNR and DR are not always reported, particularly not in relation to ISO. 

·        The rounding factor – Because ISO is based on film speed, manufacturers are instructed to round up to the closest defined ISO value above what was measured. This can inflate the value by up to 1/3 F-stop and is one reason it is not possible to get accurate photon level measurements with ISO as the basis for sensitivity.

·        The light source used for measuring ISO can be Tungsten or Daylight, and a monochrome camera using a Tungsten source will have a much higher spec when an IR filter is not used. Many applications do not have scattered or reflected light matching the spectrum of tungsten or daylight sources. Instead, it is best practice to use Spectral Responsivity plots (or QE curves) to determine how many electrons are generated relative to the number of incident photons across the visible and NIR spectrum. Spectral response curves are provided for all Phantom cameras.

Ultimately, there are too many unknowns to rely on the ISO 12232 specification when comparing sensitivity or any aspect of image quality. Vision Research has moved away from ISO as the way to spec sensitivity in favor of the EMVA 1288 standard, providing customers a full set of sensor parameters to evaluate the camera’s imaging performance.