STQC Certification and CCTV

 STQC Certification and CCTV

CCTV is everywhere now, in metro stations, campuses, warehouses, and housing societies. With that spread comes a tougher question: can you trust what’s on the pole? The government wants a clear “yes”, which is why it’s pushing the market towards standardized, secure-by-design products. The big lever is STQC security certification. It’s not a nice-to-have anymore; it’s the new gate. Manufacturers, integrators, buyers, everyone’s playbook changes in 2025.

STQC, short for Standardization Testing and Quality Certification, is overseen by the Ministry of Electronics and IT (MeitY). Think of it as a seal that says, “This device was built properly and hardened against common attacks.” For surveillance, that covers cameras, DVRs, and NVRs. It looks at product quality, cybersecurity controls, and how data is handled. In other words: fewer soft spots, fewer nasty surprises once the kit goes live.

The Mandatory Requirement

Two dates matter. First, in June 2024, government buyers started insisting on STQC-aligned equipment. Only STQC-certified CCTV products are meant to be sold and integrated in India. No carve-outs for OEMs or import labels. No “we’ll update it later”. If it isn’t certified, it shouldn’t be on the invoice. Simple as that.

As of April 9, 2025, STQC certification is mandatory for all CCTV cameras manufactured, imported, or sold in India. 

·        Government Procurement: Mandatory since June 6, 2024. Any "Made in India" CCTV procured for government projects must strictly adhere to STQC-certified standards.

·        General Market: All IP-based CCTV cameras must comply by the April 2025 deadline to remain legally available for sale.

·        Full Enforcement: From April 1, 2026, no sale of non-compliant CCTV cameras will be allowed, as the previous transition relaxations have been formally withdrawn

Why STQC is mandatory for CCTV?
The Ministry of Electronics and IT (MeitY) made STQC (Standardisation Testing and Quality Certification) mandatory for CCTV systems to ensure:
🔹 Quality & Safety: Cameras must work well and be safe for public use.
🔹 No Spying Risk: To avoid hidden risks like data leaks or spying through poor-quality or foreign-controlled cameras.
🔹 Trusted Performance: STQC checks that the camera meets Indian government standards before it’s used in sensitive places.

✅ STQC = Government-approved safety and quality check for CCTV.

Key Requirements for STQC Certification

This mandate pulls the industry toward “secure by default”. Expect the following to show up in specs and test reports:

·        Secure boot and firmware verification so tampered code can’t sneak in.

·        No default or hardcoded passwords; each device has its own credentials.

·        TLS 1.2+ is a modern way to encrypt streams and management communications.

·        Access restrictions that are quite specific for local and remote logins, together with roles and logs.

·        BIS safety compliance (IS 13252 / IEC 60950-1) where applicable.

·        Chinese-origin OEMs are not eligible for STQC certification.

·        Independent testing at STQC-recognized labs, with proper documentation.

Yes, it’s technical. But it’s also practical. Locked ports. Signed updates. Patch paths that don’t open new holes. That’s how fleets stay healthy.

Who Needs to Comply with This Mandate?

Short answer: the entire chain.

·        Manufacturers, Indian and international, are bringing models to market.

·        OEM partners and importers are rebranding or expanding their ranges.

·        Distributors, retailers, and system integrators are selling or installing systems.

·        Buyers in public projects, smart cities, critical infrastructure, and enterprise.

If you touch CCTV in India, compliance isn’t an afterthought. It’s part of the offer.

What Happens If You Don’t Comply?

Doors close. Non-STQC products become out of bounds for sale and use. You risk being tossed out of tenders. Licenses and approvals can be questioned. Private buyers, especially corporate security teams, will quietly pass. And the reputational hit from a failed audit? That lingers. Why roll the dice when the rules are crystal clear?

Benefits of Using STQC-Certified CCTV Products

In short, here’s what that certification delivers in everyday operations.

·        Stronger cybersecurity out of the box; fewer field incidents, fewer emergency call-outs.

·        Buyer confidence, procurement checks get easier, especially in regulated sectors.

·        Policy alignment with Make in India and Atmanirbhar Bharat priorities.

·        Lower legal and operational risk, plus a smoother path through audits and renewals.

Certification Process for Manufacturers

To obtain the STQC Certificate for CCTV, companies must follow a structured procedure: 

1.   Technical Construction File (TCF): Submit a dossier detailing architecture, firmware versions with hash values, and Bill of Materials (BoM) down to the SoC level.

2.   Lab Testing: Samples are sent to BIS-approved or STQC-recognized labs for functional and cybersecurity stress tests.

3.   Factory Audit: STQC authorities may inspect manufacturing facilities to verify quality control and secure engineering processes.

4.   Labeling: Certified products must display: “This CCTV camera complies with Essential Requirement(s) for Security” on their packaging.

Essential Security Requirements (ER 01:2024)

The Standardisation Testing and Quality Certification (STQC) Directorate validates cameras against Essential Requirements (ER). These are not optional features but mandatory engineering controls: 

·        No Hardcoded Passwords: Each device must have unique credentials; "admin/admin" defaults are prohibited.

·        Secure Boot & Firmware: The camera verifies its own software integrity every time it starts up. Only cryptographically signed firmware can run, so nobody can inject malicious code.

·        Encryption: Mandatory use of TLS 1.2+ for streaming and management data to prevent interception.

·        Physical Security: Requirements for tamper-resistant enclosures and locked physical ports (like UART or JTAG).

·        Data Sovereignty: Prevents sensitive surveillance data from being transmitted to unauthorized foreign servers. Manufacturer debugging interfaces must be shut down before the camera leaves the factory. Open debug ports are one of the most common entry points for hackers.

·        Vulnerability disclosure policy – Brands must maintain a formal process for reporting and patching security flaws. This means ongoing accountability, not just a one-time test.

·        Supply chain transparency – Manufacturers must declare the origin of chipsets, PCBs, and processors. Think of it like ingredient labelling on food; now the government checks where your camera's brain comes from.

Impact of Non-Compliance

Failure to meet these standards results in significant market restrictions:

·        License Cancellation: Existing BIS licenses may be suspended or cancelled.

·        Customs Delays: Imported units lacking certification are often stalled at ports.

·        Tender Disqualification: Non-compliant brands are excluded from lucrative smart city and public infrastructure projects

How to Verify a Specific Model

Certification is awarded at the model level, not just the brand level. You can verify a specific camera by: 

1.   Checking the Packaging: Look for the mandatory text: "This CCTV camera complies with Essential Requirement(s) for Security".

2.   Official Portal: Visit the STQC Certified Products List and search by manufacturer name or certificate number.

Understanding BIS ER Approval

Until recently, a CCTV camera only needed to pass a basic electrical safety test (IS 13252) to be sold in India. That test checked whether the camera was safe to plug in: protection against electric shock, insulation, and fire hazards. That's it.

Alongside STQC, BIS ER (Bureau of Indian Standards – Electronics Registration) approval is another essential regulatory requirement for electronic surveillance equipment sold in India. 

The BIS ER approval indicate strengthens trust among distributors, channel partners, and enterprise buyers who prioritize regulatory compliance during vendor evaluation.

What BIS ER Approval Ensures

·        Conformity to Indian safety standards

·        Electrical safety compliance

·        Product testing through recognized labs

·        Mandatory registration before market sale

Key Aspects of BIS-ER-01 Certification

·        Objective: Adds a mandatory cybersecurity layer to existing electrical safety standards for IP cameras and security equipment.

·        Mandatory Status: Essential for legal sale or import of surveillance products in India.

·        Testing Focus: Evaluates debug interfaces, password complexity, and access controls.

·        Deadline/Timeline: The deadline for implementation was April 9, 2025.

·        Application: Often involves collaboration with BIS-designated labs for testing and submission through official channel

BIS guidelines are listed below to comply with the Essential Requirements for CCTV Cameras. 

While some of it may sound complicated, not to worry, we are here to simplify it for you.  Email us or call us – we are happy to discuss and guide you 

·        Existing licensees of ‘CCTV Cameras’ as per IS 13252 (Part 1) : 2010/ IEC 60950-1 : 2005 

o   Existing licensees of CCTV Cameras shall apply online through the “Apply for Standard Revision/ Amendment/ Essential Requirement” module along with test report for ER: 01.

o   Applicable Fees: 

§  Inclusion test report: INR 30,000/- + applicable taxes per test report 

§  Additional test report: INR 20,000/- + applicable taxes per test report 

o   All non-compliant models shall be deleted from the scope of License and registration shall be liable for cancellation after 09 April 2025.  

·        New Applicants of CCTV Cameras: 

o   Applications for CCTV Cameras may be submitted along with test report for ER: 01 in addition to test report as per IS 13252 (Part 1): 2010. 

o   Processing of Applications without test report for ER: 01 shall be permitted only upto 09 April 2025. 

o   In case of above point no. 3 (B) (ii), a declaration from the applicant will also be required to submit that they will implement the revised Standard by 09 April 2025. 

o   Beyond 09 April 2025, above point no. 3 (B) (ii) will not be valid and registration will not be granted to such applications which are not complying with ER: 01 

·        Change in Scope of License:

o   Inclusion applications for CCTV Cameras may be submitted along with test report for ER: 01 in addition to test report as per IS 13252 (Part 1): 2010. 

o   Processing of Applications without test report for ER: 01 shall be permitted only upto 09 April 2025. 

o   In case of above point no. 3 (C) (ii), a declaration from the applicant will also be required to submit that they will implement the revised Standard by 09 April 2025. 

o   Beyond 09 April 2025, above point no. 3 (C) (ii) will not be valid and registration will not be granted to such applications which are not complying with ER: 01. 

o   Existing Licensees shall not use the Inclusion module to apply for implementation of Essential requirements of registered models. Instead, they may use the module as already mentioned in 3 (A)(i). 

·        Models complying with the above Order may display the following on the packaging: “This CCTV camera complies with Essential Requirement(s) for Security”.  

·        Provision for generating Test Request for ER for Security of CCTV– ER: 01 has been made live on BIS Portal. 

STQC vs BIS ER – Which One Do You Need?
In today’s regulatory environment, certifications are not just about compliance—they’re about trust, credibility, and market access. Two certifications that often create confusion are STQC (Standardisation Testing & Quality Certification) and BIS ER (Bureau of Indian Standards – Essential Requirements). While both deal with product quality and safety, their application areas and target customers differ significantly.

STQC (Standardisation Testing & Quality Certification)
 • Primary Customers: Government departments, PSUs, and organizations working on e-Governance, IT infrastructure, and software/hardware systems.
 • Focus: IT systems, biometric devices, smart cards, e-sign, and other digital infrastructure components.
 • Why It’s Needed: Many government tenders and projects mandate STQC certification to ensure reliability, interoperability, and adherence to national security/quality standards.

BIS-ER ( Bureau of Indian Standards – Essential Requirements)
 • Primary Customers: Private manufacturers, importers, and businesses selling electronic/IT products in the Indian market.
 • Focus: Consumer electronics, IT equipment, household gadgets, and other electronic products listed under the Compulsory Registration Scheme (CRS).
 • Why It’s Needed: BIS ER is mandatory for commercial sale in India—without it, businesses cannot legally sell or market their products.

In simple terms
 • Government Projects → STQC Certification (trust + compliance in IT/e-governance ecosystem).
 • Market Access (Retail/Commercial) → BIS ER Certification (legally required for selling electronic products in India).

From Today onwards (April 1, 2026): what changes

The government gave the industry time to prepare. New BIS licences without ER-01 compliance stopped being issued from April 9, 2025. Brands that didn't get certified could sell existing warehouse stock for a while, but that grace period is now over.

From April 1, 2026, selling a non-compliant camera in India carries fines of up to 10× the product's value and up to 2 years in prison. BIS is already raiding warehouses.

Existing cameras already installed in your home or office are unaffected. The rule targets new sales, not existing use. And analog cameras are exempt; this applies only to IP (network-connected) cameras.