India’s decision to effectively block the internet-connected CCTV cameras using Chinese-origin components from April 2026 is not merely a regulatory intervention but a product of growing concerns over who controls the hardware, software, and data flows that underpin India’s surveillance architecture. It reflects an evolving approach in how the country understands technological sovereignty, supply chain security, and national resilience in an increasingly contested digital environment.
The CCTV Revision in India
Under the revised certification requirements administered through the Standardisation Testing and Quality Certification (STQC) framework, CCTV manufacturers must disclose the origin of critical components, undergo cybersecurity testing, and demonstrate protection against unauthorised remote access. Products relying on Chinese-origin chipsets or firmware are reportedly being denied certification, preventing their sale in India’s rapidly expanding surveillance market. At one level, the policy is about cameras, and at another, it is about a fundamental challenge in national security policymaking: should the government wait for a major security incident before addressing known vulnerabilities embedded within critical technologies?
For years, Chinese surveillance giants such as Hikvision and Dahua occupied one-third of the Indian market. Their products became ubiquitous across residential complexes, educational institutions, industrial facilities, transportation networks, and public infrastructure due to their affordability and scale. Yet concerns surrounding these firms have not emerged suddenly. Several governments have imposed restrictions on Chinese surveillance equipment over national security concerns. In 2022, the United States Federal Communications Commission prohibited new authorizations for equipment produced by Hikvision and Dahua, citing unacceptable risks to national security. Similar concerns have driven restrictions in the United Kingdom, which removed Chinese surveillance equipment from sensitive government sites, Australia, which initiated the removal of Hikvision and Dahua cameras from government departments and defense facilities; and Canada, which has since prohibited the use of Hikvision products in federal institutions and ordered the company to cease operations in the country.
Navigating the Strategic Concern
The issue is not simply where a camera is manufactured. The strategic concern lies in understanding who controls the software, firmware, update mechanisms, and data pathways embedded within connected devices. Unlike conventional infrastructure, internet-connected surveillance systems continuously collect and process information. Cameras positioned in government buildings, airports, industrial facilities, logistics hubs, and urban spaces generate a constant stream of data about physical environments, movement patterns, operational routines, and critical infrastructure. If compromised, such systems could provide valuable intelligence to hostile actors without a soldier crossing the border. The concern is therefore less about surveillance devices themselves and more about their potential use as vectors for intelligence gathering and strategic espionage.
Modern conflict no longer unfolds solely through military confrontation. States now compete through cyber operations, information manipulation, digital espionage, and attacks on critical infrastructure. Surveillance technologies occupy a unique position within this ecosystem because they connect the digital world directly to the physical one.
India’s CCTV decision should therefore be understood in a larger pattern of strategic derisking from Chinese technology dependencies. The country has already taken significant steps in response to technology-related security concerns. In 2020, India banned 59 Chinese mobile applications, including TikTok and WeChat, citing concerns relating to national security and public order. The rationale behind this logic is becoming increasingly clear– technologies cannot be evaluated solely on price, convenience, or market share; they must also be assessed through the lens of national resilience.
Why Do States Often Wait for a Crisis Before Acting?
Cybersecurity investments have only taken place after major breaches. The CCTV restrictions suggest that policymakers are addressing these vulnerabilities before they mature into security incidents. However, these measures could also increase costs or disrupt markets. But market efficiency and strategic resilience are not always aligned, where the state has to determine the balance when critical infrastructure is involved.
The CCTV ban, therefore, highlights a larger transformation. National security can no longer be understood solely through territorial or military capability; it also involves technologies. For instance, cloud infrastructure, telecommunications networks, data flow, and software that power everyday life are simultaneously economic assets and strategic instruments. In this scenario, policymakers must adopt a preventive mindset. The relevant question is no longer whether a vulnerability has already been exploited. The more important question is – what if it is exploited tomorrow?
The practical path forward for India is not just simply to ban high-risk CCTV but to build a trusted surveillance ecosystem. This means diversifying the supply chain towards Taiwanese, Japanese, South Korean, and domestic manufacturers, investing in indigenous chip design and firmware development, and encouraging public procurement of trusted products. Countries such as the United States have restricted Chinese surveillance vendors while relying on a mix of domestic producers and allied country supplies rather than a single source. India’s emerging ecosystem, including companies such as CP Plus, Matrix, Sparsh, and Prama, demonstrates that reducing dependence requires industrial policy, certification standards, and long-term investment, not just import restrictions.